Security propagation

Similar Messages

• Weblogic Security Propagation

  Hi,
  I am trying to propagate Custom principal from thick client to WLS server 8.1 sp3. I use Authenticate.authenticate() at client side login module (jar at client side is weblogi.jar; i have my own Authentication provider at the server domain) and everything works fine. But once the user does a logout and re-login (application does not exit) the old security attribute inside the subject get propagated again not the new one.
  I don't have access to main thread which means Security.runAs is not vaiable for me.
  options i tired :
  1) subject.getPrincipals().clear; subject = null;
  2) weblogic.security.authenticatePushSubject system property, in which case, first call after login propagated the correct Subject amd from the next call onwards it went back to the old Subject.
  3) Authenticate.logout() in the logout of my LoginModule
  nothing works.
  is there any other way to ensure that old Subject is removed and new subject is pushed to the stack.
  Any known solution to this?
  thanks in advance
  Raj

  solved it.
  used SwingUtils.invokelater() at client side to make sure that login happens in event queue +
  weblogic.security.authenticatePushSubject to true +
  clearing all contexts and principals at logout
  made sure that new subject is available for further calls.
  only worry is , when bea is going to deprecate the weblogic.security.authenticatePushSubject property....
  sorry for disturbing busy minds
  thanks
  Raj

• Servlet and EJB on different machine: Security propagation

  Hi all,
  I have an application, where my servlets and EJBS are deployed on the same machine.So
  when in my servlet a user need to authenticate himself, security credentials are
  propagated to the EJB automatically.I'd like to know in the case where the components
  are on different machine if I need to put the credential in my InitialContext
  when my servlet calls my EJB or if it is also done automatically.
  Cheers
  romain

  Say your stub is in a jar called stub.jar.
  You need to put that stub somewhere that it can be reached through a protocol for which Java has a URL type - so you can put it on a shared file system and use a file URL or behind an http server and use an http URL.
  Let's use http - put stub.jar at the docroot of a web server.
  Then, when you start your SERVER code, include this VM parameter:
  -Djava.rmi.server.codebase="http://<serveraddress>stub.jar"
  Now your client will be able to use http to load the stub file out of stub.jar through http.
  If you do use a file URL, make sure the shared directory you put your jar in is not on the client's classpath.

• Yet another security propagation issue

  Hiya,
  I'm using WLS 8.1SP4, on windows (dev env).
  I'm using forms based auth.
  I login with user "cadmin". The debugger shows
  the subject from weblogic.security.Security.getCurrentSubject()
  has only the WLUserImpl "cadmin", and some WLGroupImpl's, as expected. There is no mention of user "weblogic" in the Subject instance.
  When I do:
  new InitialContext()
  and then attempt to call a method on a stateful EJB configured only for access by cadmin, I get the following stack trace. It occurs whether I try Security.runAs() or just directly in original calling thread.
  <--snip-->
       java.rmi.RemoteException: EJB Exception:; nested exception is:
       java.rmi.RemoteException: No such user weblogic
       at weblogic.ejb20.internal.BaseEJBObject.postInvoke(BaseEJBObject.java:254)
       at ima.security.AuthorisationSessionManagerBean_pirxps_EOImpl.joinGroup(AuthorisationSessionManagerBean_pirxps_EOImpl.java:270)
       at ima.admin.security.RemoteAuthorisationOperations.joinGroup(RemoteAuthorisationOperations.java:461)
       at ima.admin.facade.UserFacade$1.run(UserFacade.java:344)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
       at weblogic.security.Security.runAs(Security.java:41)
  <--snip-->
  From the debugger in the ejb business method, the call:
  _sessionContext.getCallerPrincipal().getName();
  returns user "weblogic"
  The thing that most confuses me is the "cannot find user weblogic" - the subject reported by Security.getCurrentSubject() was "cadmin" - a user for which the ejb is configured to accept.
  One more item possibly of relevance: the servlet is in a separate war to the ear that the EJBs are in. This same ejb and other ejbs are successfully being invoked however.
  Thanks in advance for any pointers here,
  Regards,
  Hugh Madden
  Message was edited by hughmadden at Feb 17, 2005 3:35 AM
  Message was edited by hughmadden at Feb 17, 2005 3:43 AM

  http://www.coolermaster.com/products/product.php?language=en&act=detail&tbcate=22&id=2543
  I use the above Cooler Master PSU, zero issues. Has 4 pci-e connectors, so it's ready for quad sli if I ever want to go that route with my P6n Diamond. Has lots of different connection options, highly rated PSU. Not all Cooler Master PSUs underperform, just have to know what you're buying. The above supply also has 2 8 pin connectors so for instance when my GTX 295 arrives I'll have no trouble (card uses 6/8 pin). Reviews also can be helpful.

• Exchange 2010 SP3 UR9 OWA users cannot open mail items

  We recently had users reporting unable to open items in OWA.  Issue is confirmed across all CAS servers.
  Issue started while on Exchange 2010 SP3 UR8v2, we upgraded to Exchange Server 2010 SP3 UR9 during troubleshooting.
  3 AD Site DAG, multi-role servers
  So far we have done the following to troubleshoot:
  * Check security propagation for account permissions.
  * Check security on all virtual directories.
  * Check permissions on web.config
  * Re-run PrepareAD
  * Uninstall and reinstall CAS role
  Please review the errors below and let me know if you have any words of wisdom on this issue.  Thanks!
  Errors:
  Request
  Url: https://domain.com:443/owa/forms/premium/SubPageEventHandler.aspx?ae=Item&a=Preview&t=IPM.Conversation&id=CID.K5jy5dmxQru9sRoituQBvQ%3d%3d.LgAAAAD5wKVzMPRWToarE%2bpbowlJAQAqvhe3P6jjT4tregHxbY2pANbZjrf2AAAB.1DEA1tmOt%2fIAAAAAiIUWAAAAAAA%3d&calist=&canary=BV_LDf9RIkOwB1AREM0QuJ6gLZ_9QNIIWwpFOZKWH-iRvFnaQLhvOrQQBEkvAoafNX8eyWt3pOI.&SP=1&pfmk=M46%3a1427993956363&subpage=ReadConversation.ascx
  User: user
  EX Address: /o=company/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=user
  SMTP Address: [email protected]
  OWA version: 14.3.235.1
  Mailbox server: server.domain.com
  Exception
  Exception type: System.UriFormatException
  Exception message: Invalid URI: The format of the URI could not be determined.
  Call stack
  System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind)
  Microsoft.Exchange.Security.RightsManagement.DrmClientUtils.GetServiceLocation(SafeRightsManagementSessionHandle sessionHandle, ServiceType serviceType, ServiceLocation serviceLocation, String issuanceLicense)
  Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.GetOnPremiseRmsServerUri()
  Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.GetRmsServerActiveCryptoMode()
  Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.DrmEnvironment.InitializeEnvironment()
  Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.Initialize()
  Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.InitializeIfNeeded()
  Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.get_IRMConfig()
  Microsoft.Exchange.Clients.Owa.Core.UserContext.get_IsIrmEnabled()
  Microsoft.Exchange.Clients.Owa.Premium.ConversationUtilities.LoadConversation(UserContext userContext, OwaStoreObjectId owaConversationId, PropertyDefinition[] requestedProperties)
  Microsoft.Exchange.Clients.Owa.Premium.ReadConversation.OnLoad(EventArgs e)
  System.Web.UI.Control.LoadRecursive()
  System.Web.UI.Control.LoadRecursive()
  System.Web.UI.Control.LoadRecursive()
  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  Request
  Url: https://domain.com:443/owa/forms/premium/SubPageContainer.aspx?ae=Item&a=Open&t=IPM.Note&id=RgAAAAD5wKVzMPRWToarE%2bpbowlJBwAqvhe3P6jjT4tregHxbY2pANbZjrf4AACsvITjR9r%2fQaXcC90BhfOwAI8oXwgBAAAJ&pspid=_1427993955843_521407833&subpage=ReadMessage.ascx
  User: user
  EX Address: /o=company/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=user
  SMTP Address: [email protected]
  OWA version: 14.3.235.1
  Mailbox server: server.domain.com
  Exception
  Exception type: System.UriFormatException
  Exception message: Invalid URI: The format of the URI could not be determined.
  Call stack
  System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind)
  Microsoft.Exchange.Security.RightsManagement.DrmClientUtils.GetServiceLocation(SafeRightsManagementSessionHandle sessionHandle, ServiceType serviceType, ServiceLocation serviceLocation, String issuanceLicense)
  Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.GetOnPremiseRmsServerUri()
  Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.GetRmsServerActiveCryptoMode()
  Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.DrmEnvironment.InitializeEnvironment()
  Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.Initialize()
  Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.InitializeIfNeeded()
  Microsoft.Exchange.Data.Storage.RightsManagement.RmsClientManager.get_IRMConfig()
  Microsoft.Exchange.Clients.Owa.Core.UserContext.get_IsIrmEnabled()
  Microsoft.Exchange.Clients.Owa.Premium.ReadMessage.AddIrmMessageToInfobar()
  Microsoft.Exchange.Clients.Owa.Premium.ReadMessage.AddMessagesToInfobar()
  Microsoft.Exchange.Clients.Owa.Premium.ReadMessage.OnLoad(EventArgs e)
  System.Web.UI.Control.LoadRecursive()
  System.Web.UI.Control.LoadRecursive()
  System.Web.UI.Control.LoadRecursive()
  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

  Hi Noel,
  Base on my search, it may be due to IRM feature been enabled for OWA.
  I recommend you use the following command to check if the value of IRMEnabled parameter is true:
  Get-OWAVirtualDirectory – Identity “servername\owa (default web site)” |FL name,IRMEnabled
  If the value is true, you can use "Set-OWAVirtualDirectory" cmdlt to change it to false, and check if any helps.
  Best regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Niko Cheng
  TechNet Community Support

• Migrating Jolt 1.2 to Jolt 8.0 question

  Hi.
  I have environment with Tuxedo 6 and WebLogic 5.1 communicating via Jolt
  1.2. I want to migrate the system to Tuxedo 8, WebLogic 7, and Jolt 8. Do I
  have to chage any code, or configuration related to Jolt to make the
  application work with Jolt 8 after migration.
  Thanks in advance,
  Tinnapat

  From our Jolt Engineer:
  "Configuration on Tuxedo side doesn't change if the new features
  (security propagation) is not used. Configuration on WLS 7.0, uses an
  xml file now - different from WLS 5.1. So, the configuration for Jolt
  also would be different. The client code changes slightly - only in
  respect to how you get the connection to the Jolt servers - see the Jolt
  example in Tuxedo."
  Tinnapat Chaipanich wrote:
  >
  Hi.
  I have environment with Tuxedo 6 and WebLogic 5.1 communicating via Jolt
  1.2. I want to migrate the system to Tuxedo 8, WebLogic 7, and Jolt 8. Do I
  have to chage any code, or configuration related to Jolt to make the
  application work with Jolt 8 after migration.
  Thanks in advance,
  Tinnapat

• How does Webservices and EJB's differ?

  I have to call some of the api's from the remote application.I just wanted to know which would be better approach to call those methods?Should i do with EJB or webservices?

  The main advantage of using webservices is to decouple the client and endpoint as much as
  possible. This gives you the flexibility of coding the client with a variety of technologies, not
  just Java. It is also a better choice if the client is being developed by either another organization
  or is running outside your firewall.
  However, with loose coupling comes some disadvantages. The development model is
  a bit more complex than using Remote EJB. It is also more difficult to portably
  support transaction and security propagation.
  --ken                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

• JMS BC & BPEL Transaction Scope

  Hi,
  I'm trying to use Open ESB with BPEL SE JMS BC and HTTP BC to create a store and forward layer in a integration architecture. The idea is that messages that are used to update a slow external system (or one that is often down) are put in a JMS queue and then the JMS BC picks them up and passes them to a BPEL process via NMR. The BPEL process then calls the external system. If the external system is down, or some other system related error occurs, then I want the transaction to roll back andthe message remain on the queue to be retried later.
  My issue is that when the JMS BC picks up the message, it sends it to BPEL via NMR and as soon as it gets the "Done" response, it commits the associated XA transaction and the message is permanently off the JMS queue. But the "done" response is sent by the BPEL SE as soon as it gets the message, as opposed to only once it has called the external system successfully. This breaks the model as any failures are not retried... Is there a way around this? Am I doing something wrong? How can I get the transaction context to span the entire call flow from JMS BC to BPEL and back with failures resulting in the message remaining in the JMS queue to be retried later
  Thanks
  Paul

  Paul,
  The reason for the current behavior of BPEL SE (sending DONE as soon as reeve completes) is by design to support asynchronous message communications and long running processes. We do not want to keep the transaction open for the life of process instance as the transaction may timeout (for long running processes). If you want to override this behavior you can do so by setting the Business Process as Atomic (Atomic attribute of business process as true), but the effect of this would be that all the operations in bpel engine and also outbound invocations would use the same (received) transaction context. Note that some of these features are still under development. I understand that this still might not solve your use case where the best solution would be reties. This work is underway and should be available in next release.
  Just to give you heads up; retry support is being provided as part of Systemic Qualities initiative which is underway and is targeted to provide support like wire qualities (throttling/reties), fault and security propagation among others across open-esb components. The particular solution to you interest would be wire quality initiative. Once implemented this would allow configurable number of reties a specified intervals.
  Regards,
  Malkit

• Become our FIRST Microsoft TechNet Windows Server Guru of 2014!!

  Happy New Year!
  Time for a fresh start!
  We're looking for the first Gurus of 2014!!
  This is your chance to make your mark on the Microsoft developer community.
  All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something
  you had to solve for your own day's work today.
  Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!
  This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!
  HOW TO WIN
  1) Please copy over your Microsoft technical solutions and revelations to
  TechNet Wiki.
  2) Add a link to it on
  THIS WIKI COMPETITION PAGE (so we know you've contributed)
  3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.
  If you win, we will sing your praises in blogs and forums, similar to the
  weekly contributor awards. Once "on our radar" and making your mark, you will probably be
  interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!
  Winning this award in your favoured technology will help us learn the active members in each community.
  Feel free to ask any questions below.
  More about TechNet Guru Awards
  Thanks in advance!
  Pete Laker
  #PEJL
  Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over to the one and only
  TechNet Wiki, for future generations to benefit from! You'll never get archived again!
  If you are a member of any user groups, please make sure you list them in the
  Microsoft User Groups Portal. Microsoft are trying to help promote your groups, and collating them here is the first step.

  Up to 12 articles and 3 days to go!
  AdminSDHolder, protected groups and Security propagator
  by Mr X
  How
  to deactivate Schema Objects in Active Directory by Mr
  X
  How to get the list of deactivated Schema Objects in Active Directory using Powershell by Mr
  X
  10 Common Problems Causing Group Policy To Not Apply by
  Joseph Moody
  Keyboard Shortcuts and Commands - Server by Santhosh
  Sivarajan
  Keyboard Shortcuts and Commands
  - Active Directory by Santhosh
  Sivarajan
  How to get the number of computers per Windows Operating System
  in an Active Directory domain using Powershell by Mr
  X
  Building Your First Domain Controller On Windows 2012R2 by
  Brad Held
  Active Directory: Ambiguous Name Resolution by
  Richard Mueller
  Implementing Dynamic Access Control 2012R2 by
  Brad Held
  Migrating from a 2003 DC,DHCP to 2012R2 by
  Brad Held
  Disadvantages in Hyper-V snapshotting by Mr
  X
  Ed Price, Power BI & SQL Server Customer Program Manager (Blog,
  Small Basic,
  Wiki Ninjas,
  Wiki)
  Answer an interesting question?
  Create a wiki article about it!

• SSO with AD error:An error has occurred propagating the security context...

  Hi.
  On Windows 2003, I have installed BOXI Edge 3.1 with SAP Integration Kit. My primary and only use of the SAPIK will be for retrieving SAP data for BOXI reports. I DO NOT want to use SAP Authentication. For BOXI, I want to set up only AD Authentication, but because the web.xml files change with the installation of the SAPIK, I have not been successful at setting up AD Authentication. I have modified the web.xml files so that they look like the original web.xml files (without SAPIK).
  The AD groups are imported successfully into BOXI. The members of those groups are imported successfully, too. But when a user attempts to login, they get error: An error has occurred propagating the security context between the security server and the client.
  I have tried nearly everything to clear this error and there are no Kerberos errors in Wireshark logs on the BOXI server.
  Help!
  Thank you!
  Luis
  PS - I asked this question in the SAP Integration Kit forum, and they suggested I ask here, I guess because in the end it may have nothing to do with the SAPIK...

  Thanks, Tim, for your willingness to help.
  The problem is resolved.
  I noticed in the Local Security Policy that the right "Log on as a service" displayed only the service account user ID, without the domain identifier - where I expected it to show as "DOMAIN\svcaccount", it only showed "svaccount".
  I stopped the Tomcat and SIA services, I removed "svaccount" from the list in "Log on as a service", I reset the account information in the Tomcat and SIA services as "DOMAIN\svcaccount" and saw that change reflected in "Log on as a service" and now AD Authentication works beautifully.
  My guess is that it must have been using the local account and not the domain account for running the services.
  Next task: SSO...
  Wish me luck!
  Thanks!
  Luis

• Security Data Propagation

  Hi
  Since propagation tool doesnt propagate some of the security data (like global roles etc for more details http://download.oracle.com/docs/cd/E13155_01/wlp/docs103/prodOps/propToolAdvanced.html#wp1054464 ).
  We would like to use the import/export options in the WLS console to migrate from one domain to another domain the embedded ldap data.
  Questions:
  can we use this options for migrating global roles. But this options will also move other data in embedded ldap associated with visitor roles etc. So can we use both the ldap migration option and propagation tool? In the ldap migration option there is no way to select to move only the global roles.
  Is there a possibility of inconsistency between the ldap data after the migration and using propagation tool
  Any ideas?

  Hi!
  calling 'new IntialContext()' should pass the authenticated user automatically to the
  initial context request. You could also pass the parameters like listed below:
  Principal princ = request.getUserPrincipal();
  Properties prop = new Properties();
  prop.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
  prop.put(Context.PROVIDER_URL, "t3://host:port");
  prop.put(Context.SECURITY_PRINCIPAL, princ.getName());
  prop.put(Context.SECURITY_CREDENTIALS, ((weblogic.security.acl.User)princ).getCredential(princ));
  new InitialContext(prop);
  Make sure, that your realm implements the getCredential() method (this is not the case in WLS examples).
  regards,
  przemek
  sudarson schrieb:
  Realm based basic or form authentication, so that whenever user asks for anything
  under some directory(or context), login page/dialog box will be shown.
  Regards,
  Sudarson
  "Amar Pratap" <[email protected]> wrote:
  What kind of authentication ur using in the Servet/JSP?
  "sudarson" <[email protected]> wrote in message
  news:3c5e65a9$[email protected]..
  Hi All,
  If I use realm to enter ceratin web application then will the securitycontext
  (what ever credential user will provide)propagate thru the session? And
  if I
  call a ejb from any of the servlet or jsp, will the same security rolewill be
  used to determine the authorization level ?
  If yes, how should I create the context in that case ? Or Should Iuse
  new IntialContext()with out environment property hashtable ?
  Any suggestion is welcome.
  TIA,
  Sudarson
  Przemyslaw Rychlewski . . . . . . Pixelpark AG
  Senior IT-Developer . . . . . . . Systems & Technology
  mailto:[email protected] . http://www.pixelpark.com/
  Tel.:++49.30.5058.1812. . . . . . Rotherstr. 8
  Fax.:++49.30.5058.1600. . . . . . 10783 Berlin

• Propagation of security between appplications and servers

  It appears that WebLogic propagates security between applications and
  domains using a cookie. So as long as all applications use the same
  cookie id (JSESSIONID) then a single sign-on is enabled between
  applications.
  Is it correct this would apply to propagation between portal and
  non-portal applications in the same clustered environment?
  In a different vein, is there a way of propagating security
  information between different servers or different clusters?
  Say, for example, server1 (or cluster1) allows a user to sign-in and
  presents a page with a link to server2 (or cluster2). We would like to
  be able to propagate transparently the security information gathered
  at the sign-in on server1 to the application on server2.
  I'm assuming the cookie placed in the browser from server1 would not
  be passed to server2. Is there a way, programmatically or otherwise,
  to enable this to occur in a secure way?

  try this...as a test..
  take a simple Contact ejb (as simple as you can make it, just a name and email address). In the ejb-jar.xml set up a role, for example, user, and restrict the access to only this role for all methods.
  try to access the ejb from a jsp, and you should get the login form identified in your web.xml file.
  make sure that the ejb is noted in the web.xml file, also.
  this should work...
  no try this...identify a role in your web.xml file, (user, for example) and restrict the access to the a particular jsp which is not calling the ejb. IF you navigate to this jsp, you should get the login prompt...
  this should work....
  now the tough part
  in your application.xml create a role with the same name, user. By doing this, you have created a global role, and connect the two together.
  Now point your browser to the restricted jsp with no calls to the ejb...you should get the login, so login in.
  now navigate to your jsp which is unrestricted, but calls the restricted ejb...
  there should now be no login prompt.
  This should work.

• Security Context Propagation between Managed Servers

            I'm using WLS 8.1 SP2. I have one domain, two managed servers, each on a separate
            hardware server. Each managed server hosts a different web application. I want
            to authenticate to Web App "A" and be able to invoke Web App "B" (from "A") without
            having to re-authenticate. Is this possible via configuration and, if so, how?
            Thanks.
            

  Frank,
  You do not have to do anything to propagate identity between the two
  containers. As long as the user is authenticating first..
  There have been a number of issues with the propagation, so be sure to stay up
  on the service packs.
  HTH.
  Frank wrote:
  How do you propagate security context information from Servlet to
  EJBs? I have an web app that uses the container's FORM based authentication.
  The servlet resource then calls a session EJB (w/ security contraints
  setup). The webapp and the ejbs are bundled into one EAR.
  Thanks!--
  Tom Mitchell
  [email protected]
  Very Current Stoneham, MA Weather
  http://www.tom.org

• I keep getting an "SSL has not propagated yet" message on secure websites

  On any secure website, I get a message in Firefox warning "SSL has not propagated yet." Nothing seems to be affected, I can still access the sites (this one for example), but the message keeps popping up.
  This all started this morning when 11.0 was installed, I went back to 10.0 but that did not resolve the problem.

  Did you check your security software (firewall)?
  A possible cause is security software (firewall) that blocks or restricts Firefox or the plugin-container process without informing you, possibly after detecting changes (update) to the Firefox program.
  S
  Remove all rules for Firefox and the plugin-container from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process and the updater process.
  See:
  *https://support.mozilla.org/kb/Server+not+found
  *https://support.mozilla.org/kb/Firewalls

• Security Principal propagation from Web Server to App Server

  How would I propagate a customer Principal from weblogic Web Server
  to a Weblogic App Server?
  For e.g this is what I want to do.
  1. User logs in via a login page with UserId and password.
  2. After a user is authenticated successfully, I want to fetch
  some user credentials like groups he belongs to, his status etc.
  basically his profile info (stored in oracle db). I want to store
  this as part of a security principal object. How do I let the weblogic
  web server know about this principal?
  3. I want the Weblogic Servlet container to recognize this principal
  and whenever any servlet calls a ejb, the web server should send
  this custom principal to the weblogic app server so that the ejb
  container can identify it.
  4. In the ejb, I should be able to do sessionContext.getPrincipal()
  that will return my custom principal object, which would give the
  ejb access to the credentials of the logged on user.
  Has anyone done this? This is urgent. Can anyone pls shed some
  light on this.

  Hi,
  Basically you need to install the loadbalancer plugin on the web server and then configure the loadbalancer.xml in the config folder. You need to turn the httpsrouting to true. Then all will work fine for HTTPS and HTTPS
  for HTTPS on web server and HTTP on app server, you need to turn the httpsrouting to false.
  Regards,
  Abrar