Security solution with Identity server for SOX compliance

Similar Messages

• Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1

  Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
  Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
  2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
  e in ap_table
  2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
  y (com.sun.am.policy.agents.accessDeniedURL) specified
  2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
  d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
  nied (20)
  2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
  d access to http://xx.xx.xx.net:8080/.
  2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
  s denied to testuser1
  We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
  Any suggestions would be of great help.
  Thanks,
  Sunil.

  From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
  information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.crypto.provider.IBMJCE
  security.provider.3=com.ibm.jsse.IBMJSSEProvider
  security.provider.4=com.ibm.security.cert.IBMCertPath
  security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
  Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

• RBAC with Identity Server

  Right now I'm writing my final thesis.
  I have developed a model for role-based access control and now I'm conducting a short evaulation of Identity Server to see how well it handles my model.
  It's obvious Identity Server is highly expandable to suit the most needs anyone can have, BUT with some/much effort in developing plug-ins.
  Have I missed something here? Where do I configure which rights a role has got?
  Does anyone know of any documents describing RBAC with Identity Server or is RBAC just a nice buzz-word for the White papers?
  best regards,
  Peter

  Two ways to enforce the permissions:
  Policy Agents
  ssoToken Properties
  from:
  http://docs.sun.com/source/816-6774-10/prog_sso.html#wp36428
  A policy agent polices the web container on which a protected resource lives by enforcing a user�s assigned policies. They are an integral part of the cross-domain SSO functionality. Two types of policy agents are supported by Identity Server: the web agent and the J2EE/Java agent. The web agent enforces URL-based policy while the J2EE/Java agent enforces J2EE-based security and policy. Both types are available for installation separately from Identity Server and can be downloaded. Additional information can be found in the Sun ONE Identity Server Web Policy Agents Guide and J2EE Policy Agents Guide . General information on the Policy Service can be found in Chapter 7, "Policy Service," of this manual:
  http://docs.sun.com/source/816-6774-10/prog_policy.html#wp27085
  ssoToken Property
  Access the session object called ssoToken that contains Role and Service for the logged in user.
  from
  http://docs.sun.com/source/816-6774-10/prog_sso.html#wp36428
  /* get the sso token from http request */
  SSOToken ssoToken = SSOTokenManager.getInstance().createSSOToken(request);
  String appValue = ssoToken.getProperty(appPropertyName);
  more:
  http://docs.sun.com/source/816-6774-10/prog_intro.html#wp19687
  david.

• Proxy Server 3.6 with Identity Server 5.1!

  Hi All,
  I'm doing a Proof of Concept on integrating Identity Server 5.1 with proxy server 3.6. The proxy server is configured as a reverse proxy for another web server (since the web server is not supported by agent pack).
  I've configured the reverse proxy and add the agent to the proxy. However, each time after auth. in the Identity server and return back to the reverse proxy, it'll go to http://rproxy.domain.com/.domain.com not http://rproxy.domain.com.
  Moreover, even the user session is invalid, the user can go to the reverse proxy without re-auth even I've disable all the cache in the proxy server.
  Is it possible to use reverse proxy with identity server? If yes, how to config?
  Thanks
  Clive Chan

  Hi Clive Chan,
  i am also have the same problem, can you tell me which patch have you add to solve the problem?
  Thanks a lot!
  Angus

• I need a request code for offline activation. Because i cannot connect with adobe server for online activation. But I receive "The request code is invalid." by generate answer code.

  I need a request code for offline activation. Because i cannot connect with adobe server for online activation. But I receive "The request code is invalid." by generate answer code.

  Dear Anubha,
  I hope these windows illustrate what I am facing.
  The above window shows the prompt that the software requires activation.
  The version is 8.1.0.
  This next window is the point where I select activation by phone.
  This final window shows that the "response code" is not returned.  I get an
  "Activation Number" instead.
  Steven
  On Tue, Jan 27, 2015 at 10:50 PM, Anubha Goel <[email protected]>

• Is there a multi-authoring solution with RH Server apart from RH client?

  Greetings:
  Is Adobe looking to price itself out of the HAT market?
  Just got the pricing on RH Server 8 ($2000) and then another $1000 per RH 8 client (as I write this I am still verifying the pricing, because they first told me each user will need a full RH Server 8 license, meaning $10K for 5 authors). For five authors, that's $7000 (unless its $10,000 ;-), and about 99% overkill on the multi-authoring side, since we only need one RH 8 client for management and publishing, and a simple WYSIWYG for additional authors is all that is needed, and indeed the learning curve for RH versus a WYSIWYG makes this paying a lot of money for a huge training burden & support headache. Is this for real?
  I'm researching HAT's and I've got the same or better featured server/multi-author scenario going with HelpServer for $4000 (unlimited additional authors), Doc-To-Help Enterprise for a mere $1500 (also unlimited authors), and Flare complete with Feedback Server and 5 X-Edit author/users for less than $3500, not including support packages. Considering the fact that there is virtually nothing RH does the others don't, and quite a bit the others do that RH does not, I have to wonder -- why is there no simple to learn, inexpensive to buy WYSIWYG (something like Contribute) for multi-authoring in RH Server?
  Since it's all HTML, we could in fact go with Contribute, but direct changes would not be reflected back in the RH client files. That's about the only thing that would have to be automated beyond a Contribute-like WYSIWYG, or what am I missing?
  Just occurred to me, could have Contribute users make changes to RH shared directory, then they could be published from there. Hmmmn.
  Anyone have a workaround or other solution here?
  Shame, shame, Adobe.
  regards,
  Steven
  "I am but an egg."
  --Stranger in a Strange Land

  Hi Steven
  Dems the breaks I suppose. One way past it would be to have one RoboHelp Server license and one RoboHelp Office license. Then have the other authors simply use Microsoft Word to maintain their content. The person that uses the RoboHelp Office (Client part) could then import and link the Word documents managed by the other authors. If you worked that way you would only be looking at a total outlay of $3,000 instead of $7,000. But I suspect that you might get a better deal than $7,000 if you worked with Sales.
  Keep in mind that RoboHelp Server relies upon the content created by RoboHelp. There is no "limited WYSIWYG editor". All it does is provide reporting as well as project merging. There is nothing about it that lends itself to a simple WYSIWYG editor that provides a window into the server content.
  I cannot speak to the other tools you cited. Maybe they do work in that manner and maybe they don't. And maybe you are misunderstanding the actual capabilities. I cannot say.
  Additionally, it's helpful to keep in mind that the way RoboHelp works today was initially designed and maintained by the folks now known as MadCap. Because of that, I'd be surprised to find that the MadCap products operate in a totally different manner. Maybe they do. Adobe acquired the product by virtue of acquiring macromedia. So they didn't design the way it works. Although they have enhanced it. I see no reason to shame Adobe.
  Can you expound on your claim that " there is virtually nothing RH does the others don't, and quite a bit  the others do that RH does not". What ios the "quite a bit" that others are doing that RoboHelp isn't? RoboHelp seems fairly competitive with its feature set to me.
  Cheers... Rick
  Helpful and Handy Links
  RoboHelp Wish Form/Bug Reporting Form
  Begin learning RoboHelp HTML 7 or 8 within the day - $24.95!
  Adobe Certified RoboHelp HTML Training
  SorcerStone Blog
  RoboHelp eBooks

• Does URL Policy Agent of SunONE Web Server 6.1 works with Identity Server 6

  Hi,
  I'm using URL Policy Agent of SunONE Web Server 6.1, and using Identity Server 6.1 to configure policy to access web resource such as http://myweb.org.cn/test/*
  After configyration, I try to access the resources http://myweb.org.cn/test/test.html
  The redirection is ok, the IS login appear, but after login successfully, it still tell me that I don't have permission to view this web page.
  Is this because of URL policy agent don't support IS 6.1?
  Many thanks,

  Can anybody help me with the steps to generate core for this issue.. I followed the steps as said in http://blogs.sun.com/meena/entry/troubleshooting_server_crashes_enabling_core but I don't see any core generated when server crashes..
  Setup Info:
  - OS is RHEL 4.0
  - Sun ONE Web Server 6.1SP7
  - Policy Agent 2.2

• Client Security Solution with TPM

  Hi,
  after upgrading the z61p from XP to Vista I am not able to get the client security solution (css) up and running.
  I always get amessage form css on the screen that an error occurred during connecting the TPM on this computer (sorry, I'm using the german language versions, therefore my translation might not be exactly the same what you get from the english version).
  The message-box shows the additional hint, that the problem might be caused by the firewall or an antivirussoftware (both are actually disabled).
  What I tried out already:
  - delete and reactivate the TPM before installing css
  - delete TPM (without reactivation) and install css
  - connected to my domain, and not connected
  - firewall disabled and enabled
  - antivirus running and stopped
  Has anybody an idea what else I can do to get the css with the password-manager up to work??
  Regards - Rudolf

  Nop.
  I'm a little bit frustrated by Lenovo, because of the poor support.
  The notebook is excellent, but the support .....
  In other newgroups if the members are not able to answer or solve the problem the supplier/moderator does.
  Here it seems to be different.

• Client Security Solution with fingerprint disable

  I received a X201 with Win7 64-bits and I installed the fingerprint software version 5.9.4 and the Client Security Solution version 8.30.0031.00.
  The fingerprint software is working perfectly, but the CSS is with the fingerprint configuration disabled.
  Could you advice me in what is wrong?
  Regards

  hey hiratapqd,
  hard to say what had happen, but could you uninstall both softwares then install the fingerprint software first then install the client security solution.
  curious to know, was any software installed before this happen ?
  WW Social Media
  Important Note: If you need help, post your question in the forum, and include your system type, model number and OS. Do not post your serial number.
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
  Follow @LenovoForums on Twitter!
  Have you checked out the Community Knowledgebase yet?!
  How to send a private message? --> Check out this article.

• Can't create a new account at ePrintCenter - trouble with the server for 2 weeks.

  Hi. I'm trying to create an account at ePrintCenter and all the time getting mesage 'Возникла проблема с сервером. Проблема будет устранена в ближайшее время. Приносим извинения за неудобства.' (A trouble with the server, wait, bla bla bla). When will it be fixed?

  For those who are experiencing ongoing issues with their web services, you can attempt to try the following steps that may help resolve your problems.
  1.) Completely shut down your printer and restart it
  2.) If you have prints that have not printed, log into ePrint Center (or create an account if you do not have one) and then look for your printer status. If printer status is green but you still have pending jobs, delete the pending jobs one at a time (Starting with the oldest first). There may be a print job stuck in the queue that further restricts other jobs from completing.
  a. If option 1 or 2 above still doesn’t work, removing web services and re-adding web services will cause the printer to reattach to the cloud.
  b. Please note that if you attempt option 3, you will get a new eprint email address (and lose your custom one with no ability to get it back) furthermore, you will need to re-add your printer back to your ePC account.
  I am an HP employee

• Use of Sun One Identity Server for SAML

  Hi all,
  I want to use Sun One Identity Server as the asserting server and SAP WAS 6.40 as the trusting server. Can any one help me with from where and what patch of Sun One Identity Server i'll have to download and how to make the connectivity of Sun One Identity Server with SAP WAS 6.40.
  Thank you very much.

  Well, it's in the Agent's installation guide, section "Read me first", "Setting Fully Qualified Domain Name". :)

• Why am I getting an error "Unable to establish a secure connection with (mail server)"? And what can I do?

  I'm trying to set up email on my Firefox OS Flame (OS is Boot2Gecko 2.0.0.0-prerelease) and getting an error:
  Unable to establish a secure connection with mail.velociraptor.info
  I'm on Dreamhost, the certificate belongs to `*.dreamhost.com` but I'm not even sure this is a certificate error, and if it is, how I'd go about fixing it. I found the Certificate Manger, but I don't know how to download the certificate and add it, and I don't know if this is even the problem.

  If this is a self-signed certificate or one where the CA is not trusted on FFOS, you will get this error.
  There is currently no proper user interface for adding certificates. You could have a look at the method described at this page: http://www.pending.io/add-cacert-root-certificate-to-firefox-os/
  There are also several bugs open regarding this problem, e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=874346. They have additional information that could help you to find out, if this is the problem you are seeing.

• Snow Leopard Server with Lion Server for APNS

  Hello Everyone,
  I'm wanting to keep my Snow Leopard Server (Xserve) setup in place its working great, and cant afford to have any down time on the company network. What I would like to do is setup up an additional Mac Mini with Lion server to handel just the APNS. Is this possiable.
  I would be running all of the services, mail, OD, addressbook, caladar, on the Snow leopard server but want to use Lion Server to push out and manage some Lion clients, and iPhone with a second server has anyone done this, can this setup work?
  Thanks!
  Robert

  Hi Robert
  "Can you provide the basics for setup?"
  Apart from making sure DNS is configured correctly - as always - there's not much else you need to know. Server has to be configured as an OD Master. It does work with the default self-signed certificate although Apple do recommend you purchase one from a CA such as Verisign. I mention Verisign because it's trusted by the US Government. Once you've got your push notification certificate from Apple, enable the relevant option in the Server App. From there create the enrolment profile and key in the relevant url in your IOS device. The rest is fairly obvious. If DNS is not properly configured for your network this part probably will fail.
  "Can this all be completed in server admin, or the new server.app?"
  AFAIK Server Admin is not involved with APNS.
  "Did you just bind Lion Server too Snow Leopard Server, connect to another OD, or replica?"
  This was on a publicly accessible server that was its own OD Master. Provided things are configured correctly I can't see why it can't work with an environment that's behind NAT.
  "What do I setup after this?"
  Apart from making sure DNS is configured properly as well as the tip regarding trusted certificates I can't think of anything else? From what I've seen MDM in Lion Server is very good and what's more quick on the devices I tested. I only tested IOS devices and testing was done 'over the air.' You can still use the ICPU assuming you kept a copy of the download?
  HTH?
  Tony

• Product enhancement for SOX compliance to allow multiple email addresses

  Currently SBO version 8.8 oly allows a single email address for each contact to synchronize with Outlook.
  Contacts routinely have multiple email addresses which should all be enabled to synchronize with Outlook. by limiting to a single address in the contact record, the activities in the contact records will be missing critical history which may be requred for legal requirements onder Sarbanes Oxley and other legal reporting requirments for document retention requirements.
  Section 302 of the Sarbanes-Oxley Act requires the CEO and CFO of a public company to personally certify and attest to the accuracy of their company's financial statements contained in periodic reports. Section 404 requires auditors to certify the underlying controls and processes that companies use to reach financial results. Both sections require proof that a company's reported financial information can be relied on - and require companies to invest in procedures that ensure information is recorded and managed in a trustworthy manner, including email. As an organization's dependence on electronic mail continues to grow, the mismanagement of email provides a growing target for litigators and regulators. Companies must ensure that records in digital form are managed with the same care and attention as records in paper form.
  Business records must be protected at all times from unauthorized tampering and deletion, more so when a company is involved in audits, investigations, litigation or other formal proceedings. It is therefore of primary importance to copy and archive data before a user has a chance to manipulate it or delete it. Companies must ensure that directors, management and accounting personnel in particular, are informed of their obligation to preserve business records

  you are correct, the only way to be able to send to multiple addresses for the same person in a group is to create one card per email address, with a code for the name as in john doe1, john doe2, or play with prefix, suffix or middle name fields to differentiate each card. to date there is no other way around this issue.
  hope this helps.

• Connect with different server for debugging

  hi to all,
  is it possible to connect to a different server for debugging? this is to share the development environment !!
  please advise.

  Hi,
  Thanks for your question
  You can create SharePoint 2013 project in your Visual studio 2013 without installing SharePoint on your local machine.
  Please follow below steps : Go to the server where SharePoint 2013 is installed and follow steps from 1 to 3
  Go to Run and type "regedit"
  Navigate towards HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office
  Right click on 15.0 and click Export. Save the exported file
  Now go to your machine where sharepoint is not installed and follow below steps:
  Now open Registry on your machine
  Import the 15 directory which was exported from SharePoint server
  Open Powershell
  Run this command
  Set-ItemProperty -Path "HKLM:\Software\Microsoft\Shared Tools\web server extensions\15.0\" -Name "Location" -Value "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\"
  Now open visual studio 2013 and you will be able to create SharePoint 2013 project without error.
  I hope this is helpful to you. If this works, Please mark it as Answered.
  Regards,
  Dharmendra Singh (MCPD-EA | MCTS)
  Blog : http://sharepoint-community.net/profile/DharmendraSingh