Server Side Trust

Similar Messages

• Scheduling web intelligence reports from SAP EP Portal : Server Side Trust

  Hello,
  We have set-up SSO between SAP EP 701, SAP BI 701 and Business Object XI 3.1  to allow users to access reports without having to sign-on again as explained here :
  /people/ingo.hilgefort/blog/2008/09/19/businessobjects-and-sap--configure-sap-authentication
  But, we have recently been contacted by some users because when scheduling Webi Report from a link within the portal they have the following errors :
  u201CA database error occured. The database error text is: Unable to connect to SAP BW server System received an expired SSO ticket. (WIS 10901) u201D
  The user told us that he doesn't encounter the error when :
  Login in directly to the BO Infoview (without SSO from the SAP Enterprise Portal.)
  The first Webi scheduling is succesful from the portal (I suppose because the portal token is still valid)
  I understand that we also have to configure the Server Side Trust between BO Enterprise server and the SAP BI7 backend as explained here , but I do not really understand its purpose
  https://websmp106.sap-ag.de/~sapidb/011000358700001646962008E/XI3-1_BIP_SAP_INSTALL_EN.pdf
  I've found a similar discussions here ;
  Issue with SAP Single Sign-On and Scheduling Reports
  I still have some questions :
  If we configure the Server Side Trust between BO Enterprise server and the SAP BI7 backend .
  The Portal Logon ticket will remain an issue at some point of time , does it mean tha the WeBi report job sheduling should not be perfromed from the SAP EP Portal ?
  We haven't configured the Server Side Trust , yet the users told us that they are able to schedule webi report directly from the BO Infoview ? How is it posible ?
  Thank you in advance for your help.
  Regards.

  Thank you Mr Hilgefort for your detailled explanations.
  I now have to provide some explanations to my managers, and to be honest , there are still some points that
  are unclear to me, and it would be extremely helpful if could confirm (or not) the follwoing points.
  When scheduing Webi report from the sap portal, we're getting SSO errors.
  SAP provide the follwoing note explaining how to extend the validity of the J2EE token (Portal token), but this is not a long term solution, at certain point of time the ticket will expire. Webi shceduling should not be perfromed from the Portal.
  Sap note 1352127 - Scheduled Webi report fails with: A database error occurred. The database error text is: Unable to connect to SAP BW server System received an expired SSO ticket
  Webi Scheduling should be performed from BO Infoview. SNC should be configured between BO server and SAP BI7.0 backend.
  We should Configure Server SNC as explained in the BusinessObjects XI Integration for SAP Solutions Installation and Administration Guide at Chapter "Configuring SAP for server-side trust". (1341043)
  The SAP Portal is not involved here and is not an option even with the configuration of SNC/Server side trust.
  thank you for your patience.
  Best Regards.

• Server-side Trust with CryptoLib &/or 3rd party tool

  I have a new installtion:
  > BOE XI 3.1 SP2 (Solaris)
  > SAP Integration Kit
  Intend to enable server-side trust / SNC betw BOE and BW.
  Separately, BASIS just installed/config'd new standard tool (Quest's Vintela) on BW for SSO from SAP GUI clients to BW.  I notice some parms (such as snc/gssapi_lib) now are configured to Quest/Vintela libraries on BW.
  Possible to have both Vintela and CryptoLib co-exist/co-active on BW?  ... or is best approach (even forced / only approach) is to standardize on one? ... likely install Vintela on BOE and use Vintela for BOE-to-BW SNC?
  thx, Clay

  Hi Clay,
  I believe you're right, that they can't co-exist for use as SNC libraries.  I really don't have a complete understanding of how this all works, but I believe they can co-exist if the sapcrytolib is used for RFC that is not using SNC.  Maybe someone else can confirm, deny, or expand on that?
  Even though we (Quest) donu2019t always know the exact configuration options for each application that supports SNC, as a certified SNC interface it should always be possible to get things working in a fully supported manner.  If you would like to work with me on this directly I would be happy to help.  You can find my e-mail address under my business card.
  Thanks!
  Kyle

• Server Side Trust - Server Group

  Hi,
  One of the steps to create publications / server side trust (as per SAP Press BO and BW Integ book) is to create a Server Group and add certain services to it. It says that the Destination and Publication Job Server should be added. I dont have them - will that be a problem?
  Thanks

  Hi,
  They dont seem to exist so I am guessing I will have to create them myself?
  Could you or someone please confirm that the following selections should be made when creating the servers:
  DESTINATION JOB SERVER - Service Category: Core Services, Service: Destination Delivery Scheduling Service
  PUBLICATION JOB SERVER - Service Category: Core Services, Service: Publication Scheduling Service
  Also, do I need to include any of the additional services when creating the servers?
  Many Thanks
  Edited by: Leo on Apr 20, 2011 10:03 AM

• Configure SAP for server-side trust

  Hi all,
  I am installing BusinessObejcts XI integration for SAP Solution. I need configure SAP for server-side trust. I have read BussinessObjects XI Integration for SAP Solution Installation Guide. In chapter 6, It introduce how to configure SAP Server-Side trust. But I don't understand how to configure SAP for server-side trust, specially configure SAP Cryptographic. Would you please to give me more detailed explanation?
  Please advise,
  Duypm

  Hi Duypm,
  the SAP server side configuration is part of the Installation Guide Chapter 6. It starts on Page 94.
  If you unclear about this and what SNC configuration means for the SAP server make sure you talk to the administrator for the SAP system. You need administrative rights for the SAP system and the system will have to be restarted as outlined in the installation guide
  Ingo

• Server Side Trust and Webi Report Scheduling via Portal

  Hello,
  I have opened a similar  thread about Server Side Trust and webintelligence reporting through the portal a few months ago.
  At the time, we had some complaints about users that were getting SSO errors after 8 hours when scheduling WeBi Report through the SAP Portal.
  Basically, the users connect to the Portal and then FROM the Portal, to a BOI view pointing to the Infoview.
  Then, after investigatinon, it was my understanding that the WebI Reports should be scheduled through an Infoview token and not a portal token. In concrete terms Server Side Trust had to be implemented between the SAP BW Backend and the BOE 3.1 Server.
  And after that the users who wanted to schedule WebI reports should connect to the Infoview directly (using their SAP BW credentials) to generate an Infoview Token.
  Scheduling Webi reports from the Portal will not be solved by implementing Server Side Trust, since it is only a matter of time before the  the Portal token expires ( 8 hour by default).
  Now, I have configured the server side Trust between our BOE 3.1 SP2 and our BW 701 system, SNC configuration, PSE generation, exchange of certificats , etc ...
  I did some scheduling tests connecting directly to the BO Infoview and it works.
  But of course, now I am being told by the users that this solution is not acceptable.
  The Portal being the entry point of our Infrastructure, they don't want to connect to the Infoview to schedule their reports.
  So I opened a SAP customer call to try to have an official and clear statement from SAP but I never obtained it.
  I had a look at my SAP BO courses but I am still confused
  For example according to SAP BO100 , server side trust should be implemented when ;
  "BOE client session authenticated using Single sign on using SAP token
  (Enterprise Portal) and SAP reports are being scheduled at a future point in
  time (after token expiry date)."
  Anyone can help me to clear my mind ?
  Thank you
  Best Regards

  Hi,
  first of all lets separate the UI portion from the technical portion.
  on the technical side:
  yes for scheduling the Web Intelligence document you will need Server side trust
  on the UI side:
  - scheduling is part of InfoView
  - scheduling is part of the KM integration with the portal
  if that is not accepted from a UI point of view from the user you can create your own application to schedule documents using the SDK.
  ingo

• SNC server side trust based on kerberos - is it possible ?

  Hi all,
  We're trying to make this scenario work:
  Existing SAP system uses ntlm sso in the sapgui.
  We're now in the process of deploying BOE in the company.
  We're using sso with winad to infoview which works
  We're trying to configure server side trust between SAP and BOE due to requirement of 'multipass burst' functionality
  This causes a conflict between sso in the gui and the dll used for setting up SNC server side trust.
  I've tried to figure out how to use the kerberos dll gx64krb5.dll on the SAP server to enable both sso solution in gui and server side trust between SAP and BOE, but I cannot generate the SNC PSE in the SAP trust manager.
  I've not been able to find threads/info in sap notes on how to set SNC PSE using kerberos dll - is it possible.
  Can we have both sapgui sso to SAP and server side trust bewteen SAP and BOE ?
  TIA.
  Torben

  Dear Torben and Ingo,
  For your question: "Can we have both sapgui sso to SAP and server side trust bewteen SAP and BOE ?"
  Have you done implementing those? Because we already have client SNC (between SAP GUI and SAP BW) using Kerberos SSP (since SAP Crypto can only be used for Server SNC).
  And now we're going to implement server SNC (between SAP BW and BOE) using SAP Crypto.
  Is it possible to have these 2 together? Because some of the settings in RZ10 will overlap between the two like below. And if we continue with server side trust between SAP BW and BOE, settings for Client SNC will need to be overwritten and it will stop working.
  1. RZ10 setting
  Kerberos SSP (between SAP GUI and SAP BW)
  snc/gssapi_lib = D:\usr\sap\gx64krb5.dll
  snc/identity/as = p:SAPServiceSID(at)myorgunit.myorg.mycountry
  SAP Crypto (between SAP BW and BOE)
  snc/gssapi_lib =   $(DIR_INSTANCE)\exe\sapcrypto.dll
  snc/identity/as =   p: CN: mybwserver, OU: myorgunit, O: myorg, C: mycountry
  2.
  And also with client SNC using Kerberos SSP we need to tag each user in SU01 with SNC name, whereas this is not needed for server SNC. If i leave this SNC name on each BW user, will that make my server SNC between BW and BOE not working?
  3.
  Overlap in location of file named "ticket" between SAP
  Crypto and Kerberos SSP, which is to be copied to the same location
  below:
  <DRIVE>:\usr\sap\<SID>\<instance>\sec\ directory (on
  Windows).
  4.
  Overlap in environment variable named SECUDIR that points to the
  directory where the ticket resides.
  Is there any documentations that explain how to get these 2 SSO to run together?
  Thank you very much.
  Kind regards,
  aswin
  Edited by: Aswin Setyawan Margono on Jan 5, 2011 7:15 AM
  Edited by: Aswin Setyawan Margono on Jan 5, 2011 7:18 AM

• SAP SNC Server Side Trust Setup Problems

  Single Server BOE instalation of BOE 3.1 SP4 to Windows 2008 R2 machine
  Sap version 720 Patch level 7
  We have used kbase article 1500150 and 1396213 to run thorugh the configuration and testing and all has checked out.
  We are unable to have the "roles" returned when any "DN" value is entered in the SNC name entry in the entitlement systems tab.
  We have turned on RFC tracing and have run the JCO test  The RFC trace file is below followed by the JCO test information.  JCO test was run twice, once with each DN just to make sure.
  Please help
  =======================RFC TRACE===========================
  ERROR file opened at 20111116 174146 Eastern Standard Time, SAP-REL 720,0,93 RFC-VER 3  MT-SL
  T:3988 Error in program 'CMS': ======> SAP_CMINIT3 : rc=20 > Connect to SAP gateway failed
  Connect_PM  GWHOST=torsbid01.cpr.ca, GWSERV=sapgw00, SYSNR=00
  LOCATION    CPIC (TCP/IP) on local host with Unicode
  ERROR       GSS-API(maj): No credentials were supplied
              GSS-API(min): No credentials found for this name (not logged
              on) (USER
              name="p:CN=BOEDEV, OU=BOBJ, O=CPR, C=CA"
  TIME        Wed Nov 16 17:41:46 2011
  RELEASE     720
  COMPONENT   SNC (Secure Network Communication)
  VERSION     5
  RC          -4
  MODULE      sncxxall.c
  LINE        1439
  DETAIL      SncPAcquireCred
  SYSTEM CALL gss_acquire_cred
  COUNTER     55
  T:2800 Error in program 'CMS': ======> SAP_CMINIT3 : rc=20 > Connect to SAP gateway failed
  Connect_PM  GWHOST=torsbid01.cpr.ca, GWSERV=sapgw00, SYSNR=00
  LOCATION    CPIC (TCP/IP) on local host with Unicode
  ERROR       GSS-API(maj): No credentials were supplied
              GSS-API(min): No credentials found for this name (not logged
              on) (USER
              name="p:CN=BOEDEV, OU=BOBJ, O=CPR, C=CA"
  TIME        Wed Nov 16 17:41:46 2011
  RELEASE     720
  COMPONENT   SNC (Secure Network Communication)
  VERSION     5
  RC          -4
  MODULE      sncxxall.c
  LINE        1439
  DETAIL      SncPAcquireCred
  SYSTEM CALL gss_acquire_cred
  COUNTER     4
  T:4760 Error in program 'CMS': ======> SAP_CMINIT3 : rc=20 > Connect to SAP gateway failed
  Connect_PM  GWHOST=torsbid01.cpr.ca, GWSERV=sapgw00, SYSNR=00
  LOCATION    CPIC (TCP/IP) on local host with Unicode
  ERROR       GSS-API(maj): No credentials were supplied
              GSS-API(min): No credentials found for this name (not logged
              on) (USER
              name="p:CN=BOEDEV, OU=BOBJ, O=CPR, C=CA"
  TIME        Wed Nov 16 17:41:46 2011
  RELEASE     720
  COMPONENT   SNC (Secure Network Communication)
  VERSION     5
  RC          -4
  MODULE      sncxxall.c
  LINE        1439
  DETAIL      SncPAcquireCred
  SYSTEM CALL gss_acquire_cred
  COUNTER     3
  ========================JCO TEST=======================
  E:\BusinessObjects\javasdk\bin>java -classpath E:\BusinessObjects\Tomcat55\share
  d\lib\sapjco.jar com.sap.mw.jco.support.JRfcTest
             SAP JCo Client Test             *
                   Possible SAP JCo-Tests
                    1. RFC_SYSTEM_INFO
                    2. CONNECTION
                    3. PERFORMANCE
                    4. INHOMOGENEOUS STRUCTURE/TABLE
                   15. TRANSACTIONAL RFC
                   99. Exit
                 Your Choice....... :2
                        SAP JCo TEST - CONNECTION TEST
                        Send message and wait for ECHO/INFO
                 CONNECTION PARAMETERS:
                   Server is R/2, R/3 or External (2/3/F/E): 3
                   Use load balancing (Y/N)Y...............: Y
                   R/3 system name.........................: BIN
                   Message server..........................: binmain
                   Selected group..........................: PUBLIC
                   Working with SNC (Y/N)N.................: N
                 RFC-SPECIFIC PARAMETERS:
                   Working with ABAP debugger (Y/N)N.......: N
                   Use SAPGUI (Y/N)N.......................: N
                   RFC trace (Y/N)N........................: N
                   JCo trace level (0-10)..................: 0
                 SAP LOGON DATA:
                   Client..................................: 000
                   UserID..................................: SAPCPIC
                   Password................................: XXXXXX
                   Language (E)............................: E
                 #Calls of this JCo Test...................: 1
                 Do You Want To Test With These Parameters (Y/N).. :N
                 CONNECTION PARAMETERS:
                   Server is R/2, R/3 or External (2/3/F/E): [3] :3
                   Use load balancing (Y/N)Y...............: [Y] :N
                   Host name of an application server......: [binmain] :torsbid01.
  cpr.ca
                   System number...........................: [53] :00
                   Working with SNC (Y/N)N.................: [N] :Y
                   SNC Library Name........................: [C:\Program Files\SEC
  UDE\SECUDE for R3\secude.dll] :E:\SAP\Crypto\sapcrypto.dll
                   SNC name of partner program.............: [s:sample@hs0335] :p:
  CN=BOEDEV, OU=BOBJ, O=CPR, C=CA
                 RFC-SPECIFIC PARAMETERS:
                   Working with ABAP debugger (Y/N)N.......: [N] :N
                   Use SAPGUI (Y/N)N.......................: [N] :Y
                   Automatically invisible SAPGUI (Y/N)N...: [N] :Y
                   RFC trace (Y/N)N........................: [N] :Y
                   JCo trace level (0-10)..................: [0] :10
                 SAP LOGON DATA:
                   Client..................................: [000] :200
                   UserID..................................: [SAPCPIC] :Crystal
                   Password................................: [******] :Welcome1
                   Language (E)............................: [E] :
                 #Calls of this JCo Test...................: [1] :
                 Do You Want To Test With These Parameters (Y/N).. :y
  >>>>>>>>>>>>>>>> SAP JCo TEST - CONNECTION TEST >>>>>>>>>>>>>>>>
  main [18:02:41:758]: [JAV-LAYER] INFO: JCo version is 2.1.10 (2011-05-10)
  main [18:02:41:758]: [JAV-LAYER] JCO.setProperty("jco.trace_level", "10")
  main [18:02:41:758]: [JNI-LAYER] RFC.nativeSetTraceLevel()                with r
  c = RFC_OK   leave, [SUCCESS]
  main [18:02:41:758]: [JAV-LAYER] JCO.setProperty("jco.trace_path", ".")
  Stack trace of call to JCO.setProperty("jco.trace_path", ".")
          at com.sap.mw.jco.JCO.setProperty(JCO.java:554)
          at com.sap.mw.jco.JCO.setTracePath(JCO.java:791)
          at com.sap.mw.jco.support.JRfcTest.correctProperties(JRfcTest.java:1047)
          at com.sap.mw.jco.support.JRfcTest.initCall(JRfcTest.java:1074)
          at com.sap.mw.jco.support.JRfcTest.runConnectionTest(JRfcTest.java:737)
          at com.sap.mw.jco.support.JRfcTest.main(JRfcTest.java:203)
  E:\BusinessObjects\javasdk\bin>java -classpath E:\BusinessObjects\Tomcat55\share
  d\lib\sapjco.jar com.sap.mw.jco.support.JRfcTest
             SAP JCo Client Test             *
                   Possible SAP JCo-Tests
                    1. RFC_SYSTEM_INFO
                    2. CONNECTION
                    3. PERFORMANCE
                    4. INHOMOGENEOUS STRUCTURE/TABLE
                   15. TRANSACTIONAL RFC
                   99. Exit
                 Your Choice....... :2
                        SAP JCo TEST - CONNECTION TEST
                        Send message and wait for ECHO/INFO
                 CONNECTION PARAMETERS:
                   Server is R/2, R/3 or External (2/3/F/E): 3
                   Use load balancing (Y/N)Y...............: Y
                   R/3 system name.........................: BIN
                   Message server..........................: binmain
                   Selected group..........................: PUBLIC
                   Working with SNC (Y/N)N.................: N
                 RFC-SPECIFIC PARAMETERS:
                   Working with ABAP debugger (Y/N)N.......: N
                   Use SAPGUI (Y/N)N.......................: N
                   RFC trace (Y/N)N........................: N
                   JCo trace level (0-10)..................: 0
                 SAP LOGON DATA:
                   Client..................................: 000
                   UserID..................................: SAPCPIC
                   Password................................: XXXXXX
                   Language (E)............................: E
                 #Calls of this JCo Test...................: 1
                 Do You Want To Test With These Parameters (Y/N).. :n
                 CONNECTION PARAMETERS:
                   Server is R/2, R/3 or External (2/3/F/E): [3] :3
                   Use load balancing (Y/N)Y...............: [Y] :N
                   Host name of an application server......: [binmain] :torsbid01.
  cpr.ca
                   System number...........................: [53] :00
                   Working with SNC (Y/N)N.................: [N] :Y
                   SNC Library Name........................: [C:\Program Files\SEC
  UDE\SECUDE for R3\secude.dll] :E:\SAP\Crypto\sapcrypto.dll
                   SNC name of partner program.............: [s:sample@hs0335] :p:
  CN=BOEDEVSERVER, OU=BOBJ, O=CPR, C=CA
                 RFC-SPECIFIC PARAMETERS:
                   Working with ABAP debugger (Y/N)N.......: [N] :N
                   Use SAPGUI (Y/N)N.......................: [N] :Y
                   Automatically invisible SAPGUI (Y/N)N...: [N] :Y
                   RFC trace (Y/N)N........................: [N] :Y
                   JCo trace level (0-10)..................: [0] :10
                 SAP LOGON DATA:
                   Client..................................: [000] :200
                   UserID..................................: [SAPCPIC] :Crystal
                   Password................................: [******] :Welcome1
                   Language (E)............................: [E] :
                 #Calls of this JCo Test...................: [1] :
                 Do You Want To Test With These Parameters (Y/N).. :y
  >>>>>>>>>>>>>>>> SAP JCo TEST - CONNECTION TEST >>>>>>>>>>>>>>>>
  main [18:04:58:041]: [JAV-LAYER] INFO: JCo version is 2.1.10 (2011-05-10)
  main [18:04:58:041]: [JAV-LAYER] JCO.setProperty("jco.trace_level", "10")
  main [18:04:58:041]: [JNI-LAYER] RFC.nativeSetTraceLevel()                with r
  c = RFC_OK   leave, [SUCCESS]
  main [18:04:58:041]: [JAV-LAYER] JCO.setProperty("jco.trace_path", ".")
  Stack trace of call to JCO.setProperty("jco.trace_path", ".")
          at com.sap.mw.jco.JCO.setProperty(JCO.java:554)
          at com.sap.mw.jco.JCO.setTracePath(JCO.java:791)
          at com.sap.mw.jco.support.JRfcTest.correctProperties(JRfcTest.java:1047)
          at com.sap.mw.jco.support.JRfcTest.initCall(JRfcTest.java:1074)
          at com.sap.mw.jco.support.JRfcTest.runConnectionTest(JRfcTest.java:737)
          at com.sap.mw.jco.support.JRfcTest.main(JRfcTest.java:203)
  E:\BusinessObjects\javasdk\bin>
  Edited by: Joseph Borojevic on Nov 17, 2011 12:07 AM

  The error in the logs:  u201CNo credentials found for this name (not logged on)u201Du201D  usually is a  problem with case.
  We used the sapgenpse get_my_name command and found that the id being referenced was being pulled incorrectly with wrong case. 
  The problem was the ID we logged into the remote sesison into the windows server with. 
  That ID is the ID that the commands are run under.
  The sapgenpse seclogin u2013p BOESERVER.pse command takes the ID of the user you are logged into the session with. 
  We re-ran the command when logged in with the user with the correct case and it worked

• HOWTO: Setting up Server-Side Authentication with SSL

  This howto covers the configuration of server-side SSL authentication for both Net8 and IIOP (JServer) connections. It documents the steps required to set up an SSL encrypted connection; it does not cover certificate authentication.
  It is worthwhile noting that although the setup of SSL requires the installation of certificates, these certificates do not have to be current, only valid. For some reason, in order to enable SSL connections, it is necessary to set up valid certificate file on the server whether you intend to use certificate authentication or not.
  NOTE: I have been unable to determine whether or not the above statement is entirely correct. If anyone can confirm or disprove it, please let me know.
  The steps described below must all be carried out from the same logon account. They have been tested on both 816 and 817 databases, but will probably work for all versions, including 9i (unless there have been some drastic changes in 9i that I'm not aware of).
  1. Log on to the database server with an administrative login.
  Configure the database and listener to run under the current login account (Control Panel -> Services). It is not necessary to restart these services at this time.
  2. Create an Oracle wallet and set up the required certificates
  (i) Open the Oracle Wallet Manager:
  Start -> Programs -> [Oracle Home] -> Network Administration -> Wallet Manager
  (ii) Create a new wallet (Wallet -> New).
  (iii) When prompted, elect to generate a certificate request.
  (iv) On the request form, the only field that matters is the Common Name. Enter the fully qualified domain name (FQDN) of the database server (i.e. the name with which the database server will be referenced by clients).
  (v) Export the certificate request to file (Operations -> Export Certificate Request).
  (vi) Obtain a valid server certificate from an authorised signing authority. It will also be necessary to download the signing authoritys publicly available trusted root certificate. Certificates can be obtained from Verisign (http://www.verisign.com/)
  (vii) Install the trusted root certificate obtained in (vi) into the wallet (Operations -> Import Trusted Certificate). Either paste the contents of the certificate file, or browse to the file on the file system.
  (viii) Install the server certificate obtained in (vi) into the wallet (Operations -> Import User Certificate). Either paste the contents of the certificate file, or browse to the file on the file system.
  (ix) Save the wallet (Wallet -> Save). The wallet will be saved to the [user home]\Oracle\Wallets directory.
  3. Configure the listener for SSL.
  (i) Open the Oracle Net8 Assistant:
  Start -> Programs -> [Oracle Home] -> Network Administration -> Net8 Assistant
  (ii) Select Net8 Configuration -> Local -> Profile.
  (iii) From the drop-down list at right, select Oracle Advanced Security. Select the SSL tab.
  (iv) Select the Server radio button.
  (v) In the wallet directory field, enter the location of the wallet created in step 2, e.g. C:\WINNT\Profiles\oracleuser\ORACLE\WALLET
  (vi) Uncheck the Require Client Authentication checkbox.
  (vii) Select Net8 Configuration -> Listeners -> [listener name].
  (viii) Add a new address:
  Protocol: TCP/IP with SSL
  Host: [database server FQDN] (e.g. oraserver)
  Port: 2484
  (ix) Add a second new address:
  Protocol: TCP/IP with SSL
  Host: [database server FQDN] (e.g. oraserver)
  Port: 2482
  Check the Dedicate this endpoint to IIOP connections checkbox.
  (x) Save the Net8 configuration (File p Save Network Configuration).
  (xi) Restart the listener service.
  4. Configure the database to accept SSL connections.
  (i) Open the database inti.ora file (\admin\[SID]\pfile\init.ora or equivalent).
  (ii) At the bottom of the file, uncomment the line that reads
  mts_dispatchers = "(PROTOCOL=TCPS)(PRE=oracle.aurora.server.SGiopServer)"
  (iii) Save the file and restart the database service.
  5. Test the SSL confi guration using the Net8 Assistant.
  (i) Open the Oracle Net8 Assistant.
  (ii) Select Net8 Configuration -> Local -> Service Naming.
  (iii) Add a new net service (Edit p Create).
  Net service name: [SID].auth (e.g. iasdb.auth)
  Protocol: TCP/IP with SSL
  Host: [database server] (e.g. oraserver)
  Port: 2484
  Service Name/SID: [SID] (e.g. iasdb.orion.internal)
  Note: at the end of the net service configuration, click Finish, not Test. The test can hang if run from the wizard.
  (iv) Test the connection (Command -> Test Service). If the only error to appear is username/password denied, the test has succeeded.
  null

  Dear Alex,
  Thank you for reaching the Small Business Support Community.
  I would first suggest you to uncheck the "Perfect Forward Secrecy" setting on the RVS4000 and if see if there is some similar setting enabled, then disable it, on the other side.  If still the same thing happens, then go to RVS4000, VPN Advanced settings, and disable the "Aggressive Mode" so it becomes "Main mode" and use the same on the other end of the tunnel.
  Just in case and as a VPN configuration guide, below is a document called "IPSec VPN setup" if it helps somehow;
  http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=587
  Besides my suggestions I would advise you to contact your ISP to make sure there is no IPSec traffic restrictions and/or if there is something in particular they require to make this happen and please do not hesitate to reach me back if there is any further assistance I may help you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• Save editable pdf on server side

  Hiii Friends ,
  I have create editable pdf . Can I save this pdf on server side.
  Thanks

  Hiii Paul ,
  I have an another question. As I told ,I have PDF form created in Adobe LiveCycle Designer.
  I put on Submit button connect to my server URL .
  Now when I access this form , on web-server , It give warning each time
  Acrobat is attempting to connect my server url.
  If you trust the side , choose allow
  Can I block this warning message.
  Thanks

• Http Authentication server side

  I searched the internet and this forum a lot without finding a non commercial solution to this common scenario.
  Inside an active directory based intranet I would like to authenticate the users who access a java web application running on Tomcat.
  The requisites to meet are:
  - the users connect with IE6 and they are authenticated with their login credentials using Kerberos.
  - the application needs to know the name of the user.
  The web application will run with a specific windows account. Is there a way to perform a task using the credentials of the authenticated user ?
  What I'm looking for is an implementation of the following scenario: User John connects to the web application and besides other tasks, read/writes files from a directory where only John has permissions to do (as configured through windows acl).
  Thanks for any help.
  Filippo

  So far as I know, to do this you would have to run the server side of HTTP Negotiate (SPNEGO) in Tomcat. This protocol uses HTTP Authorization exchanges to carry out the GSS-API exchange that allows Tomcat to trust the browser user's identity. In this context the GSS-API mechanism would be Kerberos (or NTLM if Kerberos failed). The browser (if HTTP Negotiate capable, like IE) would send Kerberos credentials to the server during the context exchange, thereby achieving what you want.
  I believe this is what commercial products like Vintela and IT Practice do.
  Question to the Sun developers: SE6 supports the client side of HTTP Negotiate (so a Java client can talk to e.g. IIS). Are there any plans to support the server side? The case of IE/Windows workstations accessing Java web servers/servlet engines is a much more common requirement than "the other way round".
  Thanks,
  Alec

• Server Side SSL

  Hi,
  I'm trying to create a JSP than use the SSL technology,
  I create the certificate and configurates the web server,
  is needed write some additiona code in the server side (JSP) ???

  you have to set some policies,i.e some system properties, using
  System.setProperty(). Let's take below lines of code, usually placed in the top lines of code..... and as global variables in the JSP page.
  System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
            java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
            System.setProperty("javax.net.debug","all");
  And you need to set trust store for the own keystore, if it is trusted. and if you have anonymous class for that, no need to set this property.
  try... now the jsp works out....
  all the best

• Server side signature

  Is there a LC process example where a signature is applied to a PDF "server side", with a configured HSM?
  Thanks

  I am not aware of any examples that illustrate signing a PDF with a credential stored on an HSM.  What are you looking for, to see it work, or the required configuration settings to allow for LiveCycle to communicate with an HSM?  The required configuration will vary depending on which HSM you are using (nCipher, SafeNe)t, and the configuration of the HSM itself.
  From an example point of view, there is nothing to see, meaning you pass a PDF into a process and it is returned signed.  You can't tell if the signature was produced via a credential on an HSM or a credential stored in the trust store.
  Steve

• Error while saving a workflow via sharepoint designer: Server-side activities have been updated. You need to restart SharePoint Designer to use the updated version of activities.

  While saving a workflow using SharePoint designer on a SharePoint site, I get the following error: 
  Server-side activities have been updated. You need to restart SharePoint Designer to use the updated version of activities.
  Steps to recreate error:
  Login to the WFE server hosting IIS and workflow manager, open SharePoint Designer 2013 and login to a SharePoint site.
  Access the list using SharePoint Designer 2013, in the workflow section, click new workflow. 
  In the new workflow dialog, enter workflow details, click save (see screenshot below).
  Error message is displayed as below:
  After restarting SharePoint Designer, the saved workflow is not seen in the site/workflows or list/workflow section.
  Workaround
  When the above steps are repeated while accessing the site via SPD from any other box besides the WFE/Workflow manager host server, the error is not encountered and its possible to save/publish workflows.
  Notes
  Workflow Manager 1.0 is installed.
  The site has been registered with Workflow manager using Register-SPWorkflowService
  cmdlet.
  Any clue on why is this happening?

  Hi Vivek,
  Please close your SharePoint Designer application, clear/delete the cached files and folders under the following directories from your server installed SharePoint Designer, then check results again.
  <user profile>\appdata\roaming\microsoft\SharePoint Designer\ProxyAssemblyCache
  <user profile>\appdata\local\microsoft\websitecache\<sitename>
  http://www.andreasthumfart.com/2013/08/sharepoint-designer-2013-server-side-activities-have-been-updated/
  Thanks
  We are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How could I clear all my data(bookmarks) on Mozilla server side in new version of Sync (Firefox Account)?)

  Problem is the same as https://support.mozilla.org/en-US/questions/1000745?esab=a&as=aaq
  Also, there was no solution has been given in discussion.
  So, problem that noone could delete all data which have been synced with new Firefox account services.
  I've disconnected all my devices from previous (old) firefox sync system (which worked perfectly on several devices), after that i gone on link https://account.services.mozilla.com/ and deleted all my sensitive data.
  After I've created firefox account in new firefox sync system ( https://accounts.firefox.com ), and all my data (bookmarks exactly) now present in browser twice.

  I have a problem with over 12,000 unwanted bookmarks in my 4 PCs (all standard Mozilla bookmarks that have been replicated). So if I would like to purge my server side data. If I do this by deleting my Sync account can I re-use my same email address to re-open a "new" Sync account?