SSL between ITS and LDAP
Hello:
I have a ITS 6.20 patchlevel 22 with Linux Red Hat Enterprise 4. I have configured the service PAS to access to the Employee Self-Service of the ITS via LDAP.
I want to configure SSL between my ITS and the LDAP, but I read in note 456666 that it is only possible for Microsoft Windows and my ITS is Linux.
Is it correct?
Regards,
Felipe Sánchez
Hi,
~ldapport=636
636 is normally the secure port or the LDAP SSL port, but this depends on the directory server and additionaly things also.
Therefore I advise you to use example or SDK coding from your directory server or vendor. Normally things like certificate exchange / key exchange and configuration needed to ensure the secure configuration.
All these things are vendor dependend steps and therefore SAP has no documentation about it,e.g. Novell directory server has a SDK with example coding for SSL connections. This coding in combination with SAPs PAS SDK can be used to build a shared library with LDAP SSL.
regards,
-markus
Similar Messages
-
Difference between ITS and WAS server
difference between ITS and WAS server
Hello Pradeep,
The ITS is the Internet Transaction Server. WAS is Web Application Server. I'm not sure how to compare the two because the WAS from Basis 6.40 and higher includes the ITS. I think the question you wanted to ask is the difference between the Standalone ITS and the Integrated ITS???
The Standalone ITS is installed on a web server (IIS or Apache usually). It could also include another server that we call the AGate.
The Integrated ITS comes with the WAS Basis 6.40 and higher. Therefore not needing a separate web server.
There is also a note that lists some differences of the two.
Edgar -
SSL between XI and a business partner
Has anyone gotten SSL between XI and an external business partner up and running? I would like to have a short discussion with someone who has been successful. I am trying to send messages out from XI that require XI to be active. Please don't direct me to the documentation because we have read it and it has not been very helpful.
regards,
ChrisHello Richard,
I can't see we have been successful but we are close. Here are the steps:
1. HTTPS service needs to be active (Tx: SMICM)
2. You need to load the SSL certificate key in your XI system (Tx: STRUST)
3. You will need to create an RFC (type G)pointing to your target server. Then select the SSL (acitve) and the private key you want to use (you will need one RFC destination by server key).
4. Use your RFC destination in your HTTP Adapter:
on the HTTP adapter don't select URL address but select RFC destination.
I hope this will help.
PLease don't heistate to ask if you need more detail.
Mustapha -
Difference between ITS and Web Application Server
Hi All,
What is ITS server. Can anyone explain me the difference between ITS and WAS(Web Application Server)
Thanks
HarpreetHi Harpreet:
ITS is basically the tool that allow you to use SAP via http. Theres lots of info about <a href="http://help.sap.com/saphelp_nw04/helpdata/en/0d/654d356560054ce10000009b38f889/frameset.htm">ITS</a> or <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/5f/0ef441ad7bc417e10000000a155106/frameset.htm">WebAS with Integrated ITS</a>
The ITS is a standalone application connected to R3 via RFC connection, In the SAP WebAS the ITS is integrated to the system.
Hope this help!
Juan
PS: Please reward with points if helpful -
We are implementing ESS MSS on 4.7 , ITS 4.7 with EP 6.0
Can some one point me as to how to configure the SSO between these various landscapes. I Think we would require SSO between EP and ITS for ESS in MSS services.
regards
Sam
Message was edited by:
sameer chilamaHi Sameer,
All the information you are looking for is in the help.sap.com
http://help.sap.com/saphelp_nw04/helpdata/en/89/6eb8e1af2f11d5993700508b6b8b11/frameset.htm
This help guide is really very clear and thorough.
Regards
Daniel -
Difference between ITS and web dynpro abap
Hi Experts.
Can any explain me what is the main difference between EWT/ ITS and web dynpro abap. Basically i am going to developed some existing EWT in webdynpro ABAP , so i want to know what are the advantage of WD ABAP over ITS .
Thanks in Advance.
SatyaClosing thread, thanks for your help.
Thanks,
Satya -
SSL between NSAPI and WLS with custom certificate and RequireSSLHostMatch=true fails
I am trying to use SSL for communication between NSAPI and WebLogic
server (server authentication at the NSAPI).
Therefore, a custom server certificate is installed on WLS, containing this
server's hostname. The NSAPI is configured (RequireSSLHostMatch=true) to
check the hostname contained in the certificate against the WebLogicHost
parameter in the "obj.conf" file. The corresponding TrustedCAFile is installed
for NSAPI.
The SSL setup seems to work ok, but when matching the hostname, it seems like
NSAPI is trying to do a string-match against the numeric IP of the WebLogicHost,
not on the hostname as configured in the WebLogicHost parameter.
The relevant entry in the "obj.conf" file:
<Object name="weblogic" ppath="*">
Service fn=wl-proxy WebLogicHost=btsun2a.muc \
WebLogicPort=7162 \
Debug=ALL \
SecureProxy=ON \
TrustedCAFile=/home/qx13604/wls61/config/testdomain/TC_RootServer_PEM_Class0.pem
RequireSSLHostMatch=true
</Object>
I am using WLS6.1 with NSAPI (both Solaris). The content of "wlproxy.log" is as
follows.
Any ideas?
Content of "wlproxy.log":
Thu Oct 11 12:30:22 2001 INFO: SSL is configured
Thu Oct 11 12:30:22 2001 INFO: Initializing SSL library
Thu Oct 11 12:30:22 2001 Loaded 1 trusted CA's
Thu Oct 11 12:30:22 2001 INFO: Successfully initialized SSL
Thu Oct 11 12:30:22 2001 INFO: SSL configured successfully
Thu Oct 11 12:30:22 2001 ....relFile.../index.jsp...
Thu Oct 11 12:30:22 2001 URI=[index.jsp]
Thu Oct 11 12:30:22 2001 Initializing lastIndex=0 for a list of length=1
Thu Oct 11 12:30:22 2001 attempt #0 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #1 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #2 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #3 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #4 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 attempt #5 out of a max of 5
Thu Oct 11 12:30:22 2001 general list: trying connect to '160.50.106.101'/7162/7162
at line 1156 for '/index.jsp'
Thu Oct 11 12:30:22 2001 New SSL URL: match = 1 oid = 22
Thu Oct 11 12:30:22 2001 Going to check the general server list
Thu Oct 11 12:30:22 2001 WLS info : 160.50.106.101:7162 recycled? 0
Thu Oct 11 12:30:22 2001 Hdrs from Client:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept]=[image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs from Client:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[connection]=[Keep-Alive]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[user-agent]=[Mozilla/4.72 [de]C-CCK-MCD
(WinNT; U)]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[host]=[btsun1a.muc:99]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept]=[image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-encoding]=[gzip]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-language]=[de,en]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[accept-charset]=[iso-8859-1,*,utf-8]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-WebLogic-Force-Cookie]=[true]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Client-IP]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[X-Forwarded-For]=[160.50.136.171]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated]=[wwws/ns-homeV417/docs/index.jsp]
Thu Oct 11 12:30:22 2001 Hdrs to WLS:[Proxy-Path-Translated-Base]=[wwws/ns-homeV417/docs]
Thu Oct 11 12:30:22 2001 INFO: sysSend 52
Thu Oct 11 12:30:22 2001 Partial read socket
Thu Oct 11 12:30:22 2001 INFO: SSLWrite sent 0
Thu Oct 11 12:30:22 2001 INFO: Host (btsun2a.muc) doesn't match (160.50.106.101),
validation failed
Thu Oct 11 12:30:22 2001 ERROR: SSLWrite failed
Thu Oct 11 12:30:22 2001 SEND failed (ret=-1) at 549 of file URL.cpp
Thu Oct 11 12:30:22 2001 *******Exception type [WRITE_ERROR] raised at line 550
of URL.cpp
Thu Oct 11 12:30:22 2001 got exception in sendRequest phase: WRITE_ERROR [os error=0,
line 550 of URL.cpp]: at line 944
Thu Oct 11 12:30:22 2001 INFO: Closing SSL context
Thu Oct 11 12:30:22 2001 INFO: sysSend 14
Thu Oct 11 12:30:22 2001 Failing over after sendRequest exception
Thu Oct 11 12:30:22 2001 request [index.jsp] processed ..................I tried some other case and configured a certificate containing
the numeric IP as hostname. The authentication works fine then,
but it wouldn't be nice to hard-code the IP in the certificate
(btw. the WebLogicHost parameter is still given as DNS name, not
as IP address).
Has anyone got a solution for this?
"Wolfgang Jodl" <[email protected]> wrote:
>
I am trying to use SSL for communication between NSAPI and WebLogic
server (server authentication at the NSAPI).
Therefore, a custom server certificate is installed on WLS, containing
this
server's hostname. The NSAPI is configured (RequireSSLHostMatch=true)
to
check the hostname contained in the certificate against the WebLogicHost
parameter in the "obj.conf" file. The corresponding TrustedCAFile is
installed
for NSAPI.
The SSL setup seems to work ok, but when matching the hostname, it seems
like
NSAPI is trying to do a string-match against the numeric IP of the WebLogicHost,
not on the hostname as configured in the WebLogicHost parameter.
The relevant entry in the "obj.conf" file:
<Object name="weblogic" ppath="*">
Service fn=wl-proxy WebLogicHost=btsun2a.muc \
WebLogicPort=7162 \
Debug=ALL \
SecureProxy=ON \
TrustedCAFile=/home/qx13604/wls61/config/testdomain/TC_RootServer_PEM_Class0.pem
RequireSSLHostMatch=true
</Object>
I am using WLS6.1 with NSAPI (both Solaris). The content of "wlproxy.log"
is as
follows.
Any ideas? -
SSL Between Weblogic and IBM MQ
Dear All,
I would like to know the SSL configuration steps between Weblogic and MQ Communication.
The existing setup is, To put message in MQ, We are using MQ Java API directly. To get message from MQ, We are using JMS API with binding file.
Now, we are in a position to enable SSL in those communication between Weblogic and MQ. Here Weblogic is Treated as Client & MQ is treated as Server. If any one throw some light here would be greatful for us to enable 2-way SSL.
In High Level, Initially we planned for One-Way SSL like below,
1. Create the Trust Store in MQ Server
gsk7capicmd -keydb -create -db "/var/mqm/qmgrs/WLMQTest/ssl/WLMQTest.kdb" -pw serverpass -type cms -expire 365 -stash -fips
2. Create Self-Signed Certificate Initially for MQ Server
gsk7capicmd -cert -create -db "/var/mqm/qmgrs/WLMQTest/ssl/WLMQTest.kdb" -pw serverpass -label ibmwebspheremqwlmqtest -dn "CN=WLMQTest,O=,C=" -expire 365 -fips -sigalg sha1
gsk7capicmd -cert -extract -db "/var/mqm/qmgrs/WLMQTest/ssl/WLMQTest.kdb" -pw serverpass -label ibmwebspheremqwlmqtest -target "/var/mqm/qmgrs/WLMQTest/ssl/*WLMQTest.crt*" -format ascii -fips
3. Create the Key Store in Weblogic Server
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048
4. Copy the Public SSL Server Certificate to the Weblogic Server
Copied the WLMQTest.crt from MQ Server into a directory under Weblogic Server Domain
The below command list the content of the keystore.jks
keytool -list -keystore keystore.jks
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
mydomain, Dec 26, 2011, PrivateKeyEntry,
Certificate fingerprint (MD5): E7:B6:4C:02:A7:DE:A3:66:27:66:38:A1:87:DF:8F:0F
And tried to import the WLMQTest.crt
keytool -import -alias mydomain -file WLMQTest.crt -keystore keystore.jks -storepass serverpass
We got the error like below,
keytool error: java.lang.Exception: Public keys in reply and keystore don't match
5. Configuring the Channels.
Please advice, Is it a right way? Positively expected your valuable comments
Edited by: user10094300 on Dec 26, 2011 1:17 AMCheck this:
http://www.ibm.com/developerworks/websphere/library/techarticles/0510_fehners/0510_fehners.html -
2 way sync between AddressBook and LDAP
Hi there. I'm looking for something that will help me do a 2-way sync between an Addressbook and an LDAP server. I've been playing with ABxLDAP/Addressbook4LDAP, and that seems to populate addressbook contacts into an LDAP server (a unidirectional sync). However, I want to do a full 2-way sync (changes made in the ldap server are synced to my local addressbook entries and vice versa).
Does anyone know of any apps to do that?
Thanks.Thanks for the info.
I've only seen info about Snow Leopard syncing (and it doesn't really specify 2 way) to Exchange (which is not LDAP)
Addressbookserver (www.addressbookserver.com) is also not LDAP.
I really need this to work (2 way sync) with an LDAP server.
Thanks. -
Connection Error between ITS and SAP: R/3 system
Dear All,
Recently we have migrated our Backend SAP: R/3 Servers to AIX/Oracle platform. The server landscape is running on two application servers and one central instance with load balancing.
We have changed all RFC destinations from the SAP:R/3 and ITS side and tested the connection.
We are not able to login to backend SAP:R/3 server through ITS.
The following error appears
"Fatal Error!
The ITS failed to handle this request
The HTMLBusiness interpreter failed to interpret the template.
The internal error message is:
0x2101: Interpreter: The specified input file does not exist."
What other changes from ITS side we have to look into or check?
Regards
saikat180965Hi saikat180965,
Might be the problem is being caused by missing templates. Please have a look in the ITS traces to get more information about the missing file.
Regards,
Dieter -
Connectivity between OSB and LDAP
Hi All
We have a requirement to connect to LDAP from OSB (not for retrieving security related information) for querying business information like users, user groups and geographical hierarchy etc. I know there is no Adapter to use for integrating LDAP with OSB. Please suggest some implementation technique for this approach.
Thanks
VishwanathWhich LDAP are you using ? If you are using OID you have a Ldapcleint.jar on the OID server, you can use that to connect.
If you are using openldsp you using the open source ldap jar files for the same.
Sample Code :-
import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;
import oracle.ldap.util.jndi.*;
import oracle.ldap.util.*;
import java.io.*;
public class NickNameSearch {
public static void main(String[] args)
throws Exception
InitialLdapContext ctx = ConnectionUtil.getDefaultDirCtx( args[0],
args[1], args[2],args[3]);
RootOracleContext roc=new RootOracleContext(ctx);
Subscriber sub = null;
sub = roc.getSubscriber(ctx, Util.IDTYPE_DEFAULT, null, null) ;
PropertySetCollection psc = sub.getProperties(ctx,
Subscriber.USER_NAMING_PROPERTIES, null);
String nickNameAttribute = null;
try
nickNameAttribute = (String) psc.getPropertySet(0).getProperty(Subscriber.USER_NAMING_ATTR_SIMPLE).getValue(0);
catch (Exception e)
// unable to retrieve the attribute name
System.exit(0);
System.out.println("Nickname attribute: " + nickNameAttribute);
// Retrieve user using simple name, guid or DN
User user = sub.getUser(ctx, Util.IDTYPE_SIMPLE,"orcladmin", null);
System.out.println("user DN: " + user.getDN(ctx)); }
// Retrieve nickname value using User object
psc = user.getProperties(ctx, new String[]{ nickNameAttribute });
String nickName = null;
try
nickName = (String) psc.getPropertySet(0).getProperty(nickNameAttribute).getValue(0);
catch (Exception e)
// unable to retrieve the attribute value
System.exit(0);
System.out.println("Nickname : " + nickName);
Using the Java API Extensions to JNDI -
WebLogic SAML 1.1 & Apache as proxy & SSL between browser and Apache
Hi,
I'm trying to configure SAML 1.1 to work with WebLogic Server 10.3.
Here is a short description of the configuration
- Browser connects to Apache front end with ssl https://myserver:444/...
- Apache proxies requests to WebLogic Server instances in http. In the following example one of the WLS instances is listening on the port 555 on myserver.
During the SAML 1.1 requests the following url appears:
https://myserver:444/mysamlits?RPID=rp_00001&TARGET=http://myserver:555/myapp
Here http://myserver:555/myapp is the backend server listening address. Instead it should be the frontend server address instead:
https://myserver:444/mysamlits?RPID=rp_00001&TARGET=https://myserver:444/myapp
Problem:
Despite of all My efforts, WLS picks up the backend protocol and port and puts them in the TARGET. I can't find how to set up WebLogic Server to supply the frontend address as TARGET, so I'm asking help here.
Details:
I try to describe the setup in more detail below.
I have NOT installed mod_wl to Apache because My intention is to employ Apache to simulate a hardware load balancer (HLB).
I have appended the following lines to Apache httpd.conf:
# Added so that we can set the "WL-Proxy-SSL: true"
# HTTP header which tells a back-end WebLogic Server
# that requests are being proxied through a front-end
# SSL load-balancer or proxy server.
<IfModule headers_module>
RequestHeader set WL-Proxy-SSL true
</IfModule>
I have also verified that the header WL-Proxy-SSL is present in requests arriving at the backend WebLogic Server.
On the WebLogic Server side I have
- Frontend Host: myserver
- Frontend HTTP Port:0
- Frontend HTTPS Port:444
I have also tried setting WebLogic Plugin Enabled:true.
Regards,
Kari
Edited by: 858107 on May 11, 2011 10:00 PM: Removed a duplicated subject line.I was mistaken. TARGET can very well be the backend address. The actual problem was that the browser was getting redirected to the backend address.
That was fixed by resetting the frontend settings:
Frontend Host: <empty>
Frontend HTTP Port:0
Frontend HTTPS Port:0
Kari -
SSL between JNDI and AD - certificate chain
Hi,
I am trying to connect my active directory via SSL with the samples from the tutorial. Can anybody tell me, how I can export a certificate from AD (self-signed), so that I can import it with keytool? Or better, how to build that required certificate chain.
Thanks a lot
Falko BraunIf you are using AD as your Certificate Authority you can go to
http://servername/certserv
which is the web interface for certificates.
If you want the AD servers certificate, in the certificates snapin in MMC you can right click on the servers personal certificate -all tasks->export and export it.
Hope this helps.
G
Hi,
I am trying to connect my active directory via SSL
with the samples from the tutorial. Can anybody tell
me, how I can export a certificate from AD
(self-signed), so that I can import it with keytool?
Or better, how to build that required certificate
chain.
Thanks a lot
Falko Braun -
Difference between UME and LDAP users
Hi,
I am facing a strange problem. In my Webdynpro application, I am accessing the portal user properties using the normal user management APIs. IUser object. On my local server, all the users are UME users and it runs fine.
When I deployed my application on the central server which creates LDAP users by default, the code bombs saying the user is not authorized. When I recreate the user in UME, it is fine again. Are there APIs which I can use which work for both the user stores?
Thanks in advance,
KiranHi Kiran,
I User object works for both the cases. Just try the below code.
<%@ page import = "com.sap.security.api.IUser" %>
private void getUser() {
user = compRequest.getUser();
userId = user.getUniqueID();
userName = user.getUniqueName();
It worked for me for getting the users from LDAP.
Regards,
Santhosh -
In EM Cloud control 12c, How to enable SSL between agent and OMS?
As title. Thanks!
Did you checkout MOS note 12c Cloud Control Security: How to Secure a 12c Agent from Console / Command Line? [ID 1390222.1] ?
Regards
Rob
http://oemgc.wordpress.com
Maybe you are looking for
-
Mac won't start (Kernel Panics)
Hello, My mac won't start up. It turns on, gets as far as the spinning circle and apple logo then a dark screen comes down with a Kernel Panic message. This occurred roughly three months ago and I ended up taking the mac into the regent street store
-
My macbook wont run. what do I do?
when i open it up, all it does is stay at a black screen. then i turn on the power button and it does nothing. I know it is charged because when i cloes it, the light turns on. which usually only happens when i have it open. a couple days ago i got i
-
My iPad 1 has become very sluggish, why and how to fix?
My iPad 1 has become very sluggish. Even typing often has small delays in showing letters. It seems variable, alas, so no obvious app or condition is implicated. I have closed all apps and done a cold restart but that does not help. I have the latest
-
I know it's a simple question, but i had ¡Movie '08 and I bought the latest version, and it's really different, so I don't know, if i have like 150 photos (it's an stop-motion) how can I put the same duration? And do the chroma key effect? And I don'
-
ESS Training Event and management
Hi, I have deployed ESS. I don't find Training Tab on our ESS screen and i found that the tab is attached separately . Can anyone explain in details about this...! Regards Vijay