Security envelopes using LC Server
Hi All,
Adobe Acrobat 8.0 supports creation of security envelopes (http://www.adobe.com/designcenter/acrobat/articles/acr8at_secureenv.html).
I wanted to know if we can achieve the same using LC Server?
Thanks.
Regards,
Jayakumar
Thanks.
If that is the case please let me know if the following mapping between RE webservice and RE browser UI is correct.
enabledFormFillIn - Basic form fill-in
enabledFormDataImportExport - Import and Export form data
enabledSubmitStandalone - Submit outside web browser
enabledOnlineForms - Database and web service connectivity
enabledDynamicFormFields - Add, delete and change form fields
enabledDynamicFormPages - Create pages from templates
enabledBarcodeDecoding - 2D bar decoding
enabledDigitalSignatures - Digital signatures
enabledComments - Commenting
enabledCommentsOnline - online commenting
enabledEmbeddedFiles - Embedded file attachments
This will help decide the correct WS call.
Regards,
JK
Similar Messages
-
Security solution with Identity server for SOX compliance
Hi all,
Has anybody used Identity Server as security solution to achieve SOX compliance? i want to know general view, opinions , experiance of ppl while implementing such solution.
Just a little background of SOX: It is Created by US Congress in the wake of corporate scandals like Enron in 2001 and 2002.it is an attempts to tighten controls over corporate financial reporting and transparency.
I am basically interested in implementing security solutions using Identity server for SOX compliance. Section 404 of this act deals with internal controls, which essentially requires organizations to provide following facilities -
1. User Identification, authorization and access
2. User control of user accounts
3. Central identification and access rights/permissions management
4. Violation and security activity report
Has anybody developed such solution? What are your general experiance, problems , issues etc? Please share your view....Just too quick to draw conclusion: See below FAQ
If you are not in the same AS container, let me know. Jerry
Copy from J2EE agent FAQ
Question - Is it possible to install a J2EE 2.1agent and Identity Server on the same instance of the application server ?
Installing the IS60SP1/IS61 server and J2EE 2.1 policy agent on the sameninstance of Application server is not a supported configuration. We do support the 21 J2EE agent and IS installed on different instances of the application server. So, users can install theJ2EE 2.1 agent on a one instance of the application server and install IS on a different instance of the apps server. -
How to use security roles in Weblogic server?
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari.You should read the security information in the Servlet 2.2 specification
that WL 5.1 implements:
http://java.sun.com/products/servlet/download.html
Chapter 11 deals with declarative and programmatic security, and includes a
section on roles:
11.4 Roles
A role is an abstract logical grouping of users that is defined by the
Application Developer or
Assembler. When the application is deployed, these roles are mapped by a
Deployer to security
identities, such as principals or groups, in the runtime environment.
A servlet container enforces declarative or programmatic security for the
principal associated with
an incoming request based on the security attributes of that calling
principal. For example,
1. When a deployer has mapped a security role to a user group in the
operational environment. The
user group to which the calling principal belongs is retrieved from its
security attributes. If the
principal's user group matches the user group in the operational environment
that the security
role has been mapped to, the principal is in the security role.
2. When a deployer has mapped a security role to a principal name in a
security policy domain, the
principal name of the calling principal is retrieved from its security
attributes. If the principal is
the same as the principal to which the security role was mapped, the calling
principal is in the
security role.
Cameron Purdy
http://www.tangosol.com
"Hari" <[email protected]> wrote in message
news:[email protected]..
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari. -
Use Lion Server to set up security in Web Sharing
Can I use Lion Server to set up security in Web Sharing?
I want a password prompt to appear when someone comes to look at my Web Sharing files.
I have tried to do this manually in Snow Leopard and Lion, and am considering buying Lion Server just for this one purpose.
Does the admin GUI in Lion Server have an option that allows you to set up a password prompt for folks that look at my Web Sharing files?
THanks.
macMiracles do happen.
Because I just bought Lion Server, I was able to get a guy from the Apple Server support group on the phone, for a long time, and he helped me set this up using the Server app and the Server Admin app.
Now I have a password prompt on my Web Sharing files.
It's an incredible relief to have this working.
Thanks for the responses. -
Current Security Context Not Trusted When Using Linked Server From ABAP
Hello,
I am experiencing a head-scratcher of a problem when trying to use a Linked Server connection to query a remote SQL Server database from our R/3 system. We have had this working just fine for some time, but after migrating to new hardware and upgrading OS, DBMS, and R/3, now we are running into problems.
The target database is a named instance on SQL Server 2000 SP3, Windows 2000 Server. The original source R/3 system was 4.7x2.00, also on SQL Server 2000 (SP4), Windows 2000 Server. I had been using a Linked Server defined via SQL Enterprise Manager (actually defined when the source was on SQL Server 7), which called an alias defined with the Client Network Utility that pointed to the remote named instance. This alias and Linked Server worked great for several years.
Now we have migrated our R/3 system onto new hardware, running Windows Server 2003 SP1 and SQL Server 2005 SP1. The application itself has been upgraded to ECC 6.0. I performed the migration with a homogeneous system copy, and everything has worked just fine. I redefined the Linked Server on the new SQL 2005 installation, this time avoiding the alias and referencing the remote named instance directly, and it tests out just fine using queries from SQL Management Studio. It also tests fine with OSQL called from the R/3 server console, both when logged on as SAPServiceSID with a trusted connection, and with a SQL login as the schema owner (i.e., 'sid' in lowercase). From outside of R/3, I cannot make it fail. It works perfectly.
That all changes when I try to use the Linked Server within an ABAP application, however. The basic code in use is
EXEC SQL.
SET XACT_ABORT ON
DELETE FROM [SERVER\INSTANCE].DATABASE.dbo.TABLE
ENDEXEC.
The only thing different about this code from that before the upgrade/migration is the reference to [SERVER\INSTANCE] which previously used the alias of just SERVER.
The program short dumps with runtime error DBIF_DSQL2_SQL_ERROR, exception CX_SY_NATIVE_SQL_ERROR. The database error code is 15274, and the error text is "Access to the remote server is denied because the current security context is not trusted."
I have set the "trustworthy" property on the R/3 database, I have ensured SAPServiceSID is a member of the sysadmin SQL role, I've even made it a member of the local Administrators group on both source and target servers, and I've done the same with the SQL Server service account (it uses a domain account). I have configured the Distributed Transaction Coordinator on the source (Win2003) system per Microsoft KB 839279 (this fixed problems with remote queries coming the other way from the SQL2000 system), and I've upgraded the system stored procedures on the target (SQL2000) system according to MS KB 906954. I also tried making the schema user a member of the sysadmin role, but naturally that was disastrous, resulting in an instant R/3 crash (don't try this in production!), so I set it back the way it was (default).
What's really strange is no matter how I try this from outside the R/3 system, it works perfectly, but from within R/3 it does not. A search of SAP Notes, SDN forums, SAPFANS, Microsoft's KnowledgeBase, and MSDN Forums has not yielded quite the same problem (although that did lead me to learning about the "trustworthy" database property).
Any insight someone could offer on this thorny problem would be most appreciated.
Best regards,
MattGood news! We have got it to work. However, we did it in something of
a backwards way, and I'm sure you'll laugh when you see how it was done. Also, the solution depends upon the fact that the remote server is still using SQL Server 2000, and so doesn't have quite so many restrictions placed upon it for distributed transactions and Linked Servers as SQL Server 2005 now does.
At the heart of the solution is the fact that the Linked Server coming FROM the remote server TO our SAP system works fine. Finally, coupled with the knowledge that using DBCON on the SAP side to the remote server also does actually provide a connection (see Notes 323151 and 738371), we set up a roundabout way of achieving our goal. In essence, from ABAP, we set up the DBCON connection to the remote server, at which point all the Native SQL commands execute in the context of the remote server. From within that connection, we
reference the tables in SAP via the Linked Server defined on the remote
server, as if SAP were the remote server, selecting data from SAP and inserting it into the remote (but apparently local to this connection) tables.
So, to spell it out, we define a Linked Server on the remote server pointing back to the SAP server as SAPSERV, with a SQL login mapping defined on the remote system pointing back to a SQL login in the SAP database. We also define a connection to the remote server from SAP using DBCON, using that remote SQL login for authentication.
Then, in our ABAP code, we simply do something along the lines of
exec sql.
set connection 'REMOTE'
endexec.
exec sql.
connect to 'REMOTE'
endexec.
exec sql.
insert into REMOTE_TABLE
select * from SAPSERV.SID.sid.SAP_TABLE
endexec.
exec sql.
commit
endexec.
exec sql.
disconnect 'REMOTE'
endexec.
This is, of course, a test program, but it demonstrated that it worked,
and we were able to see that entries were appropriately deleted and inserted in the remote server's table. The actual program for use is a little more complex, in that there are about four different operations at different times, and we had to resolve the fact that the temp table SAP_TABLE was being held in a lock by our program, resulting in a deadly embrace, but our developer was able to work that out, and all is now well.
I don't know if this solution will have applicability to any other customers, but it works for us, for now.
SAPSERV, REMOTE, REMOTE_TABLE, and SAP_TABLE are, of course, placeholder names, not the actual server or table names, so as not to confuse anyone.
Best regards,
Matt -
[Using SharePoint 2013 Enterprise SP1]
I would like to use SQL Server credentials in a Secure Store Target Application, and
this page makes it look like it's possible but when I attempt to use the new Target Application ID as authentication for a Data Connection in Dashboard Designer, I get a generic "Unable to access data source" with no error logged in SQL Server
logs.
I am able to use a Target Application with AD credentials to access the SQL db without a problem. Suggestions?Hi,
1. Make sure that the credential is set to
Secure Store Target Application. Navigate to the Central Administration. Click on the
Application Management. Click on the Manage Service Applications. Click on the
Secure Store Service Application. Select the application ID and from the ECB menu click on the
Set Credentials. Enter the Credential Owner, Windows User Name and the
Windows Password.
2. Make sure that in the Dashboard Designer “Use a stored account” is selected in the “Authentication” and the proper application ID is mentioned.
Please refer to the link below for more information:
http://www.c-sharpcorner.com/Blogs/14527/unable-to-access-data-source-the-secure-store-target-applic.aspx
Regards,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] .
Rebecca Tu
TechNet Community Support -
BI Publisher Using BI Server Security
I have setup BI Publisher to use BI Server security which works well, I can even see the Admin Tab ;-)
My problem is that I can no longer access the Security>Roles and Permissions Tab. I get a HTTP 500 error.
Has anyone else come across this problem?
Thanks,
Matti managed to resolve with the help of this thread
Re: BI publisher security mged by OBIEE can't access role (500 internal err
Basically the SA System is the key. -
Using integrated security to access SQL Server database
Hi,
Currently we are using username/password combination to log in to a SQL Server database. These varaiables are defined as environment variables.
For security reasons we now want to use integrated security of the SQL Server database. This way the connection will be with the NTUser the Nodemanager has been started with.
Can this be done in Fort�?I do not think there is a way to pass the NT user's security authentication over to the DB in UDS.
ka -
After I have done a last Apple Updated on my computer, can't anymore validate or submit apps usign Xcode, everytime I received this message: "An SSL error has occured and a secure connection to the server cannot be made"
Any ideas?I had this happen a while ago too when I switched development machines, but I was able to submit it from a friend's house, so I'm pretty sure it is my ISP but this should not be a problem. I am trying to push out another update and I'm having the same problem again. I would be very happy if there was a permanent solution to this problem.
-
Invalid security error when invoking secure webservice using SAML tokens
I have deployed a JAX-WS webservice using a stateless session bean to wl 10.3.2 that uses a custom policy. The service deploys fine, but weblogic returns an HTTP error 500 with a SOAP fault. The fault states wsse:InvalidSecurity. The webservice security policy reqires SAML holder of key assertions and attributes. I have tried everything from running weblogic with Metro 1.5 to configuring SAML Identity Asserter Providers, etc with no luck. I even tried using the built in SAML 2.0 assymetric holder of key policy. What am I doing wrong? The XML of interest is attached.
Thanks;
-Dave.
*[Sample message from client]*
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing">https://localhost:7002/NHINAdapterDocQuerySecured/AdapterDocQuerySecured</To>
<Action xmlns="http://www.w3.org/2005/08/addressing">urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryRequestMessage</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:fec656f8-a2be-4129-8412-34d9453e7cb2</MessageID>
<wsse:Security S:mustUnderstand="1">
<wsu:Timestamp xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_1">
<wsu:Created>2010-02-24T21:38:56Z</wsu:Created>
<wsu:Expires>2010-02-24T21:43:56Z</wsu:Expires>
</wsu:Timestamp>
<saml2:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="96cdfb70-91a3-4baf-9da1-3ff07d249926" IssueInstant="2010-02-24T21:38:56.671Z" Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">UID=kskagerb*DoD</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml2:SubjectConfirmationData>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>iwGksKFK2ZYDxftMa093TajW7V9TwHW7NiyT6bJ2p38zBwpehwMJ1ZO9V0hFihcz/BZ2MvQ1WA1l0KhUBSR/bMiu6WmZ0bJPjvXx41ewGw5YzTL2RbT1U2XXBHtPHjbkH5jqK5zk67F/NM26v+hw0fSZiqM1BAFp9F73hMHsNrc=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</saml2:SubjectConfirmationData>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:AuthnStatement AuthnInstant="2009-04-16T13:15:39.000Z" SessionIndex="987">
<saml2:SubjectLocality Address="158.147.185.168" DNSName="cs.myharris.net"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Karl S Skagerberg</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">InternalTest2</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.4.349</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:nhin:names:saml:homeCommunityId">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.4.349</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
<saml2:AttributeValue>
<hl7:Role xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="307969004" codeSystem="2.16.840.1.113883.6.96" codeSystemName="SNOMED_CT" displayName="Public Health" xsi:type="hl7:CE"/>
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
<saml2:AttributeValue>
<hl7:PurposeForUse xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="TREATMENT" codeSystem="2.16.840.1.113883.3.18.7.1" codeSystemName="nhin-purpose" displayName="Use or disclosure of Psychotherapy Notes" xsi:type="hl7:CE"/>
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">500000000^^^&1.1&ISO</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthzDecisionStatement Decision="Permit" Resource="https://158.147.185.168:8181/SamlReceiveService/SamlProcessWS">
<saml2:Action Namespace="urn:nhin:names:hl7:rbac:4.00:operation">EXECUTE</saml2:Action>
<saml2:Evidence>
<saml2:Assertion ID="40df7c0a-ff3e-4b26-baeb-f2910f6d05a9" IssueInstant="2009-04-16T13:10:39.093Z" Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=Harris,O=HITS,L=Melbourne,ST=FL,C=US</saml2:Issuer>
<saml2:Conditions NotBefore="2009-04-16T13:10:39.093Z" NotOnOrAfter="2010-12-31T12:00:00.000Z"/>
<saml2:AttributeStatement>
<saml2:Attribute Name="AccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Claim-Ref-1234</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="InstanceAccessConsentPolicy" NameFormat="http://www.hhs.gov/healthit/nhin">
<saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Claim-Instance-1</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2:Evidence>
</saml2:AuthzDecisionStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#96cdfb70-91a3-4baf-9da1-3ff07d249926">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>VnukKqb4Bt1KWDKfy8SDfk1Hp2s=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>DUwjh/H3XSfUG250rTlLdihstDXY1+qkY9GaY81Iu7Ag4MgoGvGBrGjZOJ7YnssPdrqUGiURxf6k
IBH7vaeXk24XvXP3F85WP9nBm+2M4BvGTplgOmAo0yuwze+90FvwILzFNmmX/tvy3QKTDHlh1rEx
/Jqfm6q/56WW1suAbRY=</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>iwGksKFK2ZYDxftMa093TajW7V9TwHW7NiyT6bJ2p38zBwpehwMJ1ZO9V0hFihcz/BZ2MvQ1WA1l
0KhUBSR/bMiu6WmZ0bJPjvXx41ewGw5YzTL2RbT1U2XXBHtPHjbkH5jqK5zk67F/NM26v+hw0fSZ
iqM1BAFp9F73hMHsNrc=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
</saml2:Assertion>
<ds:Signature xmlns:ns17="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns16="http://www.w3.org/2003/05/soap-envelope" Id="_2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>oo99UrPhAcwla4Qbkdd9jAPn0cE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>ds4vqts8uCdJcNGo0uTPzId5UBX+GVrdztQPv823c1Zy9ZZGSfQC/GsBPM/EMbFInDPFsyT4e1QYZMCzmqLYnifWHlDQJb7oMJBokafavAqZda1B55Zzh3TSm6BqKWtB/DX17d6rLx/HPiLNZ9qsBfuGn3aTlUCpNsYA8ObBtp8=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">96cdfb70-91a3-4baf-9da1-3ff07d249926</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body>
<ns3:AdhocQueryRequest xmlns:ns2="urn:gov:hhs:fha:nhinc:gateway:samltokendata" xmlns:ns3="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" xmlns:ns4="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0" xmlns:ns5="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" xmlns:ns6="urn:oasis:names:tc:ebxml-regrep:xsd:lcm:3.0" maxResults="-1" startIndex="0" federated="false">
<ns3:ResponseOption returnComposedObjects="true" returnType="LeafClass"/>
<ns4:AdhocQuery home="urn:oid:2.16.840.1.113883.4.349" id="urn:uuid:14d4debf-8f97-4251-9a74-a90016b0af0d">
<ns4:Slot name="$XDSDocumentEntryStatus">
<ns4:ValueList>
<ns4:Value>('urn:oasis:names:tc:ebxml-regrep:StatusType:Approved')</ns4:Value>
</ns4:ValueList>
</ns4:Slot>
<ns4:Slot name="$XDSDocumentEntryPatientId">
<ns4:ValueList>
<ns4:Value>'1012581676V377802^^^&2.16.840.1.113883.4.349&ISO'</ns4:Value>
</ns4:ValueList>
</ns4:Slot>
</ns4:AdhocQuery>
</ns3:AdhocQueryRequest>
</S:Body>
</S:Envelope>
*[Response from server:]*
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>weblogic.xml.crypto.api.MarshalException: weblogic.xml.dom.marshal.MarshalException: Failed to unmarshal {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}SecurityTokenReference, no SecurityTokenReference factory found for {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier ValueType: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>
*[webservice WSDL]*
<?xml version="1.0" encoding="UTF-8"?>
<!--
Adapter Document Query WSDL
-->
<definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:tns="urn:gov:hhs:fha:nhinc:adapterdocquerysecured"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:query="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0"
xmlns:plnk="http://docs.oasis-open.org/wsbpel/2.0/plnktype"
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:wsaws="http://www.w3.org/2005/08/addressing"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:sc="http://schemas.sun.com/2006/03/wss/server"
xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:vprop="http://docs.oasis-open.org/wsbpel/2.0/varprop"
xmlns:sxnmp="http://www.sun.com/wsbpel/2.0/process/executable/SUNExtension/NMProperty"
name="AdapterDocQuerySecured"
targetNamespace="urn:gov:hhs:fha:nhinc:adapterdocquerysecured">
<documentation>Adapter Document Query</documentation>
<types>
<xsd:schema>
<xsd:import namespace="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0"
schemaLocation="../schemas/ebRS/query.xsd"/>
<xsd:import namespace="urn:gov:hhs:fha:nhinc:gateway:samltokendata"
schemaLocation="../schemas/nhinc/gateway/SamlTokenData.xsd"/>
</xsd:schema>
</types>
<message name="RespondingGateway_CrossGatewayQueryRequestMessage">
<part name="body"
element="query:AdhocQueryRequest"/>
</message>
<message name="RespondingGateway_CrossGatewayQueryResponseMessage">
<part name="body"
element="query:AdhocQueryResponse"/>
</message>
<portType name="AdapterDocQuerySecuredPortType">
<operation name="RespondingGateway_CrossGatewayQuery">
<input name="RespondingGateway_CrossGatewayQueryRequest"
message="tns:RespondingGateway_CrossGatewayQueryRequestMessage"
wsaw:Action="urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryRequestMessage"/>
<output name="RespondingGateway_CrossGatewayQueryResponse"
message="tns:RespondingGateway_CrossGatewayQueryResponseMessage"
wsaw:Action="urn:gov:hhs:fha:nhinc:adapterdocquerysecured:RespondingGateway_CrossGatewayQueryResponseMessage"/>
</operation>
</portType>
<binding name="AdapterDocQuerySecuredBindingSoap11" type="tns:AdapterDocQuerySecuredPortType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_SoapPolicy"/>
<operation name="RespondingGateway_CrossGatewayQuery">
<soap:operation soapAction="urn:RespondingGateway_CrossGatewayQuery"/>
<input name="RespondingGateway_CrossGatewayQueryRequest">
<soap:body use="literal"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_Soap_Input_Policy"/>
</input>
<output name="RespondingGateway_CrossGatewayQueryResponse">
<soap:body use="literal"/>
<wsp:PolicyReference URI="#RespondingGateway_Query_Binding_Soap_Output_Policy"/>
</output>
</operation>
</binding>
<service name="AdapterDocQuerySecured">
<port name="AdapterDocQuerySecuredPortSoap11"
binding="tns:AdapterDocQuerySecuredBindingSoap11">
<soap:address
location="https://localhost:7002/NHINAdapterDocQuerySecured" />
</port>
</service>
<!-- Define action property on each receiving message -->
<vprop:property name="action" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:action"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>action</vprop:query>
</vprop:propertyAlias>
<!-- Define resource property on each receiving message -->
<vprop:property name="resource" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:resource"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>resource</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseRoleCode property on each receiving message -->
<vprop:property name="purposeForUseRoleCode" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseRoleCode"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseRoleCode</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseCodeSystem property on each receiving message -->
<vprop:property name="purposeForUseCodeSystem" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseCodeSystem"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseCodeSystem</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseCodeSystemName property on each receiving message -->
<vprop:property name="purposeForUseCodeSystemName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseCodeSystemName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseCodeSystemName</vprop:query>
</vprop:propertyAlias>
<!-- Define purposeForUseDisplayName property on each receiving message -->
<vprop:property name="purposeForUseDisplayName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:purposeForUseDisplayName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>purposeForUseDisplayName</vprop:query>
</vprop:propertyAlias>
<!-- Define userFirstName property on each receiving message -->
<vprop:property name="userFirstName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userFirstName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userFirstName</vprop:query>
</vprop:propertyAlias>
<!-- Define userMiddleName property on each receiving message -->
<vprop:property name="userMiddleName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userMiddleName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userMiddleName</vprop:query>
</vprop:propertyAlias>
<!-- Define userLastName property on each receiving message -->
<vprop:property name="userLastName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userLastName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userLastName</vprop:query>
</vprop:propertyAlias>
<!-- Define userName property on each receiving message -->
<vprop:property name="userName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userName</vprop:query>
</vprop:propertyAlias>
<!-- Define userOrganization property on each receiving message -->
<vprop:property name="userOrganization" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userOrganization"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userOrganization</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCode property on each receiving message -->
<vprop:property name="userRoleCode" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCode"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCode</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCodeSystem property on each receiving message -->
<vprop:property name="userRoleCodeSystem" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeSystem"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeSystem</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCodeSystemName property on each receiving message -->
<vprop:property name="userRoleCodeSystemName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeSystemName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeSystemName</vprop:query>
</vprop:propertyAlias>
<!-- Define userRoleCodeDisplayName property on each receiving message -->
<vprop:property name="userRoleCodeDisplayName" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:userRoleCodeDisplayName"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>userRoleCodeDisplayName</vprop:query>
</vprop:propertyAlias>
<!-- Define expirationDate property on each receiving message -->
<vprop:property name="expirationDate" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:expirationDate"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>expirationDate</vprop:query>
</vprop:propertyAlias>
<!-- Define signDate property on each receiving message -->
<vprop:property name="signDate" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:signDate"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>signDate</vprop:query>
</vprop:propertyAlias>
<!-- Define contentReference property on each receiving message -->
<vprop:property name="contentReference" type="xsd:string"/>
<vprop:propertyAlias propertyName="tns:contentReference"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>contentReference</vprop:query>
</vprop:propertyAlias>
<!-- Define content property on each receiving message -->
<vprop:property name="content" type="xsd:base64Binary"/>
<vprop:propertyAlias propertyName="tns:content"
messageType="tns:RespondingGateway_CrossGatewayQueryRequestMessage" part="body"
sxnmp:nmProperty="org.glassfish.openesb.outbound.custom.properties">
<vprop:query>content</vprop:query>
</vprop:propertyAlias>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_SoapPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/>
<sc:KeyStore wspp:visibility="private"
aliasSelector="gov.hhs.fha.nhinc.callback.KeyStoreServerAliasSelector"
callbackHandler="gov.hhs.fha.nhinc.callback.KeyStoreCallbackHandler"/>
<sc:TrustStore wspp:visibility="private"
callbackHandler="gov.hhs.fha.nhinc.callback.TrustStoreCallbackHandler"/>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken>
<wsp:Policy>
<sp:RequireClientCertificate/>
</wsp:Policy>
</sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens>
<wsp:Policy>
<sp:SamlToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssSamlV20Token11/>
</wsp:Policy>
</sp:SamlToken>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
</sp:Wss11>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_Soap_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="RespondingGateway_Query_Binding_Soap_Output_Policy">
<wsp:ExactlyOne>
<wsp:All>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<plnk:partnerLinkType name="AdapterDocQuerySecured">
<!-- A partner link type is automatically generated when a new port type is added.
Partner link types are used by BPEL processes. In a BPEL process, a partner
link represents the interaction between the BPEL process and a partner service.
Each partner link is associated with a partner link type. A partner link type
characterizes the conversational relationship between two services. The
partner link type can have one or two roles.-->
<plnk:role name="AdapterDocQuerySecuredPortTypeRole"
portType="tns:AdapterDocQuerySecuredPortType"/>
</plnk:partnerLinkType>
</definitions>
Edited by: dvazquez1027 on Feb 25, 2010 5:10 PM
Edited by: dvazquez1027 on Feb 25, 2010 5:22 PMHi
yes, I had the same issue and I found a solution.
You need to request a patch for BUG 9212862 (already corrected in WLS 10.3.3) and do the follwing:
javax.xml.ws.BindingProvider provider = (javax.xml.ws.BindingProvider)port;
java.util.Map context = provider.getRequestContext();
context.put(weblogic.wsee.jaxrpc.WLStub.POLICY_COMPATIBILITY_PREFERENCE, weblogic.wsee.jaxrpc.WLStub.POLICY_COMPATIBILITY_MSFT);
This will cause the SecurityMessageArchitect class of WLS to not send the SecurityTokenReference in the Soap security header.
Please note that is evidently a non-comformity to the specs of microsoft:
Please give a look at
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf (8.3 Signing Tokens)
and also at:
http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf
(3.4 Identifying and Referencing Security Tokens)
A SAML key identifier reference MUST be used for all (local and remote) references to SAML 1.1
assertions. [...]
All conformant implementations MUST be able to process SAML assertion references occurring in a
<wsse:Security> header or in a header element other than a signature to acquire the corresponding
assertion. A conformant implementation MUST be able to process any such reference independent of the
confirmation method of the referenced assertion.
It follows that the .NET 3.5 is a non conformat implementation: I would gladly know which is the position of Microsoft on that.
ciao
carlo -
Invoking secured service using BPEL partner link - basic authentication
HI,
We are invoking a secured service using partner link. The below property is defined in bpel.xml (basicHeaders property is created on partnerlink)
<property name="basicHeaders">credentials</property>
My concern is how the basicusername and basicpassword is sent to the secured webservice?
is it sent in the calling uri ?
I don't think it will be sent under soap header..
Please anyone confirm.
Thanks
PhaniHi
I am having trouble making the BPEL and Systinet to work together. I have Systinet and BPEL installed separately on 2 different servers. I deployed my web services and registered them in UDDI. I created a new BPEL process and added a partner link to refer to one of the web service I have registered in UDDI. When I create the partner link, it is forcing me to give the wsdl and it also gives an error message " There are no partner link types defined in current wsdl. Do you want create that will by default create partner link type for you?". If I say "NO' then deployment fails. If I say "Yes", then it creates a new wsdl file on the local server etc and gives "<Faulthttp://schemas.xmlsoap.org/soap/envelope/>
<faultcode>soapenv:Server.userException</faultcode>
<faultstring>com.oracle.bpel.client.delivery.ReceiveTimeOutException: Waiting for response has timed out. The conversation id is 75164a0815ea471a:-3be8c246:117cc377894:-537b. Please check the process instance for detail.</faultstring>". Any help is appreciated. -
PI 7.11: Cannot connect to server using message server:...
Hello Guys,
we make the Application Management for a Customer PI System.
Scenario:
- the SAP Gui Connection to the ABAP Stack is routed via SAPRouter and Works fine.
SAP Gui -> our SAP Router -> VPN Box from Customer -> Firewall Customer -> ABAP Stack PI System
- WebAccess its working fine, the Customer use Webdispatcher on every PI Server...
Browser -> VPN Box from Customer -> Firewall Customer -> Java Stack (Port: 5xx00 btw. 81xx (Webdispatcher))
Problem:
Our Problem ist, we can not proceed the Integration Builder or the ESB, the Java Web Start works fine and open the Logon Screen Correctly -> but i fill the Logon Screen with my User name and Password and press Logon come the follwing Error:
"Cannot connect to server using message server: ms://<hostname>.<domain>:8134/P4"
In the Details from the Error Message:
"<hostname>.<domain>:53404 Reason: com.sap.engine.services.rmi_p4.P4IOException:
Cannot open connection to host: <IP-Adress of Central Instance> and Port: 53404"
The Customer says, the Firewall is open with the IP Adresses and P4 Port but i dont think so...
Can everybody help me, or have tips for me! I have checked a lot of OSS Messages (PI High Availabilty etc... its all correct on the System)
Sorry for my bad English
Best Regards,
MarkusHi Markus,
did you check if the browser is using a proxy? (In this case your scenario unfortunately won't work).
P4-port should generally be routed via a proxy (described in the help.sap.com), but within the PI-Tools(JNLP) the proxy-usage is not implemented. There is even a SAP-note that describes how to check the JavaWebStart-Proxyconfiguration, but this won't help either.
If there is a proxy defined in the browser everything is working fine till you pass the logon-screen but even with the correct "javaws"-settings you won't be able to go on.
(This problem is pretty bad if you do have developers and the SAP-servers seperated because of security issues. I'm hoping that this malfunction will be solved with upcoming patches.)
Solution: Establish a connection without any proxy in between.
E.g.: a terminal server in the same network
It would be helpful to find more people with the same problem to force a fix from SAP for that.
If anyone else is having problems with this, please add a comment to this thread.
Best regards
Christian -
When I try to log on to my DC it says "The security database on the server does not have a computer account for this workstation trust relationship". It won't let me log on. I installed another server server 2012r2 (its virtual )
and I can get to ADSI edit.
I think what happened was I had a pc that could not connect without unplugging the network cable. So I found this fix
FIX: “The security database on the server does not have a computer account for this workstation trust relationship”2032011
I’ve seen a lot of solutions, or suggestions rather, with regard to the error in the title of this post. In my experience, the problem can almost always be resolved without extra domain add/removes and reboots, which is the most prevalent solution I have
seen around. Usually, this issue is due to a mismatch between attributes of the computer account in Active Directory and those values on the system itself. Here are the steps I take to fix this issue when it crops up:
Open up Active Directory Users & Computers pointed to the domain the computer account resides in
From the “View” pull-down menu, make sure that “Advanced Features” is checked
Navigate to the part of your organizational unit (OU) structure where the computer account for this server resides
Open the Properties for the computer object
Choose the “Attribute Editor” tab on the Properties dialog box
Check the Attributes dNSHostName & servicePrincipalName – anywhere that a fully qualified hostname is specified (e.g. myserver.mydomainname.com), make sure that the entry matches the hostname
you have configured when you go here on your server: Start -> Computer -> Right-Click, Properties -> Change Settings (under “Computer name, domain… settings”) -> Full Computer Name
As an example, for a fictitious W2K8 R2 server whose Full Computer Name is “srv1.mydomainname.com”, these attribute/value pairs should be in Active Directory:
dNSHostName:
srv1.mydomainname.com
servicePrincipalName:
HOST/SRV1
HOST/srv1.mydomainname.com
RestrictedKrbHost/SRV1
RestrictedKrbHost/srv1.mydomainname.com
TERMSRV/SRV1
TERMSRV/srv1.mydomainname.com"
Not reading it carefully I add a computer with the same name as the pc having the issue and followed the above. The problem is that I did not notice that the spn did not want the name of my server (serv1) but the name of the trouble
pc.
dcdiag output
PS C:\Users\administrator.TOM> dcdiag.exe
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
***Error: DC3 is not a Directory Server. Must specify /s:<Directory Server> or /n:<Naming Context> or nothing to
use the local machine.
ERROR: Could not find home server.
PS C:\Users\administrator.TOM> dcdiag.exe /s:DC2
Directory Server Diagnosis
Performing initial setup:
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\DC2
Starting test: Connectivity
The host 9e0dca7a-d017-445a-b354-adee5ff53d48._msdcs.TOM could not be resolved to an IP address. Check the DN
server, DHCP, server name, etc.
Neither the the server name (DC2.TOM) nor the Guid DNS name (9e0dca7a-d017-445a-b354-adee5ff53d48._msdcs.TOM)
could be resolved by DNS. Check that the server is up and is registered correctly with the DNS server.
Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
......................... DC2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site\DC2
Skipping all tests, because server DC2 is not responding to directory service requests.
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : TOM
Starting test: CheckSDRefDom
......................... TOM passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... TOM passed test CrossRefValidation
Running enterprise tests on : TOM
Starting test: LocatorCheck
......................... TOM passed test LocatorCheck
Starting test: Intersite
......................... TOM passed test Intersite
PS C:\Users\administrator.TOM> regsvr32 schmmgmt.dll
PS C:\Users\administrator.TOM> netdig /fix
netdig : The term 'netdig' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ netdig /fix
+ ~~~~~~
+ CategoryInfo : ObjectNotFound: (netdig:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\administrator.TOM> Setup /PrepareSchema
Setup : The term 'Setup' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ Setup /PrepareSchema
+ ~~~~~
+ CategoryInfo : ObjectNotFound: (Setup:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\administrator.TOM> netdiag /test
netdiag : The term 'netdiag' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ netdiag /test
+ ~~~~~~~
+ CategoryInfo : ObjectNotFound: (netdiag:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\administrator.TOM> nslooup
nslooup : The term 'nslooup' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ nslooup
+ ~~~~~~~
+ CategoryInfo : ObjectNotFound: (nslooup:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\administrator.TOM>Ok fixed.
At a elevated cmd prompt run ;
C:\Users\administrator.TOM>setspn -x
As you can see the DC serv1 had duplicate SPNs.
Checking domain DC=TOM
Processing entry 1
HOST/serv1.TOM is registered on these accounts:
CN=SERV1,OU=Domain Controllers,DC=TOM
CN=C00049,CN=Computers,DC=TOM
{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/TOWN-HBWJ29ZOQC is registered on these ac
counts:
CN=Administrator,CN=Users,DC=TOM
CN=TOWN-HBWJ29ZOQC,CN=Computers,DC=TOM
{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/town-hbwj29zoqc.TOM is registered on thes
e accounts:
CN=Administrator,CN=Users,DC=TOM
CN=TOWN-HBWJ29ZOQC,CN=Computers,DC=TOM
RestrictedKrbHost/serv1 is registered on these accounts:
CN=C00049,CN=Computers,DC=TOM
CN=SERV1,OU=Domain Controllers,DC=TOM
RestrictedKrbHost/serv1.TOM is registered on these accounts:
CN=C00049,CN=Computers,DC=TOM
CN=SERV1,OU=Domain Controllers,DC=TOM
found 5 groups of duplicate SPNs.
Went to the computers OU and changed computer c00049 to the correct SPN. Now I have a new issues, I'll start a new thread. -
Failure to send email using gmail server
I am using gmail account and I use thunderbird to download all the emails and to compose my emails. Now I'm trying to write a java application that will send out emails. Since I'm still in school I am using gmail account for the class project.
One t hing I noticed is that in my thunderbird I use secure connection using TLS. How should I incorporate that here in the java code. Is that why I'm getting the exception. Anyone knows any other smtp server using which I could submit my assignment.
Here is my code:
package com.imagework.email;
import java.util.Properties;
import javax.mail.Authenticator;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
public class SendMailUsingAuthentication {
private static final String SMTP_HOST_NAME = "smpt.gmail.com";
private static final String SMTP_PORT = "587";
private static final String SMTP_AUTH_USER = "[email protected]";
private static final String SMTP_AUTH_PWD = "abcde";
private static final String emailMsgTxt = "email message text";
private static final String emailSubjectTxt = "email subject";
private static final String emailFromAddress = "[email protected]";
// Add List of Email address to who email needs to be sent to separated by comma
private static final String[] emailList = { "[email protected]" };
public static void main(String args[]) throws Exception {
SendMailUsingAuthentication smtpMailSender = new SendMailUsingAuthentication();
smtpMailSender.postMail(emailList, emailSubjectTxt, emailMsgTxt,
emailFromAddress);
System.out.println("Sucessfully Sent mail to All Users");
public void postMail(String recipients[], String subject, String message,
String from) throws MessagingException {
boolean debug = true;
Properties props = new Properties();
props.put("mail.smtp.host", SMTP_HOST_NAME);
props.put("mail.smtp.auth", "true");
props.put("mail.debug", "true");
props.put("mail.smtp.user", SMTP_AUTH_USER);
props.put("mail.smtp.password", SMTP_AUTH_PWD);
props.put("mail.smtp.port", SMTP_PORT );
Authenticator auth = new SMTPAuthenticator();
Session session = Session.getDefaultInstance(props, auth);
session.setDebug(debug);
Message msg = new MimeMessage(session);
InternetAddress addressFrom = new InternetAddress(from);
msg.setFrom(addressFrom);
InternetAddress[] addressTo = new InternetAddress[recipients.length];
for (int i = 0; i < recipients.length; i++) {
addressTo[i] = new InternetAddress(recipients);
msg.setRecipients(Message.RecipientType.TO, addressTo);
// Setting the Subject and Content Type
msg.setSubject(subject);
msg.setContent(message, "text/plain");
// Transport trans = session.getTransport();
// trans.connect(SMTP_HOST_NAME, SMTP_PORT , SMTP_AUTH_USER, SMTP_AUTH_PWD);
// trans.send(msg);
Transport.send(msg);
* SimpleAuthenticator is used to do simple authentication when the SMTP
* server requires it.
private class SMTPAuthenticator extends javax.mail.Authenticator {
public PasswordAuthentication getPasswordAuthentication() {
String username = SMTP_AUTH_USER;
String password = SMTP_AUTH_PWD;
return new PasswordAuthentication(username, password);
The error I get is given in detail:
DEBUG: JavaMail version 1.3.1
DEBUG: java.io.FileNotFoundException: C:\Program Files\Java\j2re1.4.2_06\lib\javamail.providers (The system cannot find the file specified)
DEBUG: !anyLoaded
DEBUG: not loading resource: /META-INF/javamail.providers
DEBUG: successfully loaded resource: /META-INF/javamail.default.providers
DEBUG: Tables of loaded providers
DEBUG: Providers Listed By Class Name: {com.sun.mail.smtp.SMTPTransport=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc], com.sun.mail.imap.IMAPStore=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc], com.sun.mail.pop3.POP3Store=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc]}
DEBUG: Providers Listed By Protocol: {imap=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc], pop3=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc], smtp=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]}
DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
DEBUG: !anyLoaded
DEBUG: not loading resource: /META-INF/javamail.address.map
DEBUG: java.io.FileNotFoundException: C:\Program Files\Java\j2re1.4.2_06\lib\javamail.address.map (The system cannot find the file specified)
DEBUG: setDebug: JavaMail version 1.3.1
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "smpt.gmail.com", port 587
javax.mail.SendFailedException: Sending failed;
nested exception is:
class javax.mail.MessagingException: Unknown SMTP host: smpt.gmail.com;
nested exception is:
java.net.UnknownHostException: smpt.gmail.com
at javax.mail.Transport.send0(Transport.java:218)
at javax.mail.Transport.send(Transport.java:80)
at com.imagework.email.SendMailUsingAuthentication.postMail(SendMailUsingAuthentication.java:70)
at com.imagework.email.SendMailUsingAuthentication.main(SendMailUsingAuthentication.java:29)
Exception in thread "main" All suggestions are welcome!
- RogerHere is working code. I followed the instructions here, which, though it
does not even mention SMTP, still works with SMTP:
http://www.javaworld.com/javatips/jw-javatip115.html
Look for the xxxxx occurances and substiture with your credentials :
* Created on Feb 21, 2005
import java.security.Security;
import java.util.Properties;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
public class GoogleTest {
private static final String SMTP_HOST_NAME = "smtp.gmail.com";
private static final String SMTP_PORT = "465";
private static final String emailMsgTxt = "Test Message Contents";
private static final String emailSubjectTxt = "A test from gmail";
private static final String emailFromAddress = "[email protected]";
private static final String SSL_FACTORY = "javax.net.ssl.SSLSocketFactory";
private static final String[] sendTo = { "[email protected]"};
public static void main(String args[]) throws Exception {
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
new GoogleTest().sendSSLMessage(sendTo, emailSubjectTxt,
emailMsgTxt, emailFromAddress);
System.out.println("Sucessfully Sent mail to All Users");
public void sendSSLMessage(String recipients[], String subject,
String message, String from) throws MessagingException {
boolean debug = true;
Properties props = new Properties();
props.put("mail.smtp.host", SMTP_HOST_NAME);
props.put("mail.smtp.auth", "true");
props.put("mail.debug", "true");
props.put("mail.smtp.port", SMTP_PORT);
props.put("mail.smtp.socketFactory.port", SMTP_PORT);
props.put("mail.smtp.socketFactory.class", SSL_FACTORY);
props.put("mail.smtp.socketFactory.fallback", "false");
Session session = Session.getDefaultInstance(props,
new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("xxxxxx", "xxxxxx");
session.setDebug(debug);
Message msg = new MimeMessage(session);
InternetAddress addressFrom = new InternetAddress(from);
msg.setFrom(addressFrom);
InternetAddress[] addressTo = new InternetAddress[recipients.length];
for (int i = 0; i < recipients.length; i++) {
addressTo[i] = new InternetAddress(recipients);
msg.setRecipients(Message.RecipientType.TO, addressTo);
// Setting the Subject and Content Type
msg.setSubject(subject);
msg.setContent(message, "text/plain");
Transport.send(msg);
[i] -
Create A/R Invoice and Its Incoming Payment using DI Server
Hi Everyone,
I need to create an A/R Invoice and its payment in a sigle transaction using DI Server. The problem is that I don't know the DocEntry that will be assigned to the invoice in order to set it in the SOP message for creating the incoming payment.
I guess the SOAP message should look like:
<?xml version="1.0" encoding="UTF-16"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header>
<SessionID>F46EDCE6-3F79-1F9F-1D1E-DC6226D04FA7</SessionID>
</env:Header>
<env:Body>
<dis:AddObject xmlns:dis="http://www.sap.com/SBO/DIS" CommandID="Add invoice">
<BOM>
<BO>
<AdmInfo>
<Object>oInvoices</Object>
</AdmInfo>
<Documents>
<row>
<DocDate>20040707</DocDate>
<DocDueDate>20040707</DocDueDate>
<CardCode>BP</CardCode>
</row>
</Documents>
<Document_Lines>
<row>
<ItemCode>Item1</ItemCode>
<Quantity>3</Quantity>
<TaxCode>My Tax</TaxCode>
</row>
</Document_Lines>
</BO>
</BOM>
</dis:AddObject>
<dis:AddObject xmlns:dis="http://www.sap.com/SBO/DIS" CommandID="Add Incoming Payment">
<BOM>
<BO>
<AdmInfo>
<Object>oIncomingPayments</Object>
</AdmInfo>
<Payments>
<row>
<CardCode>BP</CardCode>
<DocTypte>rCustomer</DocTypte>
</row>
<Payments>
<Payments_Invoices>
<row>
<DocEntry>???</DocEntry> <---- ???
<InvoiceType>it_Invoice</InvoiceType>
<SumApplied>100</SumApplied>
</row>
</Payments_Invoices>
</BO>
</BOM>
</dis:AddObject>
</env:Body>
</env:Envelope>
Any help?Dear Hugo Moreno,
You could use the GetNewObjectCode Method of the Company Object to retrieves the key of the last added record.
Please refer to SDK DI API help for this method.
Best Regards
Jane Jing
SAP Business One Forums team
Maybe you are looking for
-
Reader 9.3.3 installs every time I start up my PC
I'm on Windows XP Professional, v 5.1.2600, Service Pack 2. A while back I tried downloading and installing Adobe Reader 9.3.3 as an update to the old Reader I had. It never installed properly -- constant error messages, and it somehow wiped out the
-
I have just bought a Panasonic GH4 and now LR4 won't support my RAW files. What steps do I need to take Do I need to Purchase LR5 and the latest Versions Or can I just download it for free What do I need to do with all my files in LR4 and how do I Tr
-
Images from 2nd local site won't display in Firefox
I'm including images from one local website on another local website, and they display fine with Internet Explorer but not with Firefox. I can see the images' "outlines" in Firefox. In other words, a rectangle the same size as each image appears. Whe
-
How to update a jscrollpane as new tables are added?
Following is the code of a search form which searches the address based on some search criteria and places the result in the form of table on the panel p3 which has scrollpane sp1. every time the user searches the address a new table adds to the pane
-
Hi everyone, I tried to package a simple JSP in a JAR but it doesn't seem o work correctly. I was wondering if you have to create a manifest file (like we do to package JavaBeans) or something like that. If anyone already tried that his (or her) advi