SSL communication with IBM Tivoli 5.2
Hi,
I have downloaded the free version of the IBM Tivoli 5.22 directory server. Its installed great and I can connect and query the sample data using port 389.
I am working on enabling SSL communication with the same.
I referred to
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc/am60_install33.html
Followed the steps provided to enable SSL communication, it gave me errors saying that the password for the key database file was incorrect.
Has anyone try to connect to the IBM Tivoli Directory server via SSL, is there a way to do it in the same way as we set up ssl with Active Directory.
Any help in this regard would be great,
Regards
Zoharat
Hey ,
I got SSL enalbed on the Tivoli server. I follwed the instructions availabe on the IBM site to set up the GSKIT and create the key database , the certificates and also the setting up the server to use them. I used self signed certificates.
For setting up the server I used the command line utilities.
The ldapsearch command always failed it kept saying bad password. So I took the certificate file that created added it to the cacerts of the java client and then communicated with the server on port 636.
It worked great.
Regards
Zoharat
Similar Messages
-
EM integration with IBM Tivoli TEC?
Hi. Has anyone integrated EM 9/10 with IBM's Tivoli TEC enterprise alerting/monitoring/ticketing system? We use EM for our Oracle monitoring, etc, but need to pass our alerts to our corporate call centre with uses Tivoli to manage the rest of the enterprise.
I assume we need to exploit the snmp messaging in some way, but if anyone has any experience of this and/or could point me in the direction of any documentation/case studied I'd be very grateful...
Thanks for you time,
Adrian.I created a trigger on the table where the events enter OMS (SMP_VDE_EVENT_TARGET_DETAILS) and let that trigger call a procedure i created in c that puts the alert in the syslog.
Then we have the tec logfileadapter report that back.
In 10g it should be much simpler. You can create a shellscript that will run when the event triggers; In the shell you have a number of env vars, which you can use. -
Oracle Apex - SSO with IBM Tivoli Access Manager WebSeal - filters out Files with Server Error 500
Hi,
We are using IBM Tivoli Access Manager for SSO to authenticate users to access our APEX application. The authentication works but...
When the application is being accessed with the WebSeal JS/CSS files are randomly not loaded and show up with either HTTP 400 or HTTP 500 error in the FF Toolbar Console. Of course without certain CSS / JS files the application can't be used by the user.
If the application is accessed without WebSeal all files are loaded successful.
Our set up:
There are two APEX Applications using the WebSeal - the first one apparently works
Apex Listener on Tomcat7.0
Apex 4.2.6
We tried all kind of different WebSeal configurations but nothing worked so far.
I found the following:
interactive report problem with SSO
==> Does anyone know how to use mapping tables and does it help?
Interactive report javascript error due to proxy
==> The solution is for EPG but we use Tomcat as Listener so the solution does not apply
Does anyone know how to configure the WebSeal ?
ThanksI have same issue with Apex 4.2.6 and Webseal, but only on Mobile Application. Desktop Application is ok.
I have raise a SR on supportweb, but SR engineer tell me it's may be the Webseal issue, they can't reproduce it with Oracle Access Manger.
It's really a tough issue. -
Integration with IBM TAM and OIM
Hi all,
We are making proposal to a customer for OIM.
One of their requirements are logging in OIM through their current SSO(ibm TAM).
Is it possible with product function?
Or do we have to develop something?
Can anyone share insight on this?
Thanks in advance.
dongsu
[email protected]FYI,
Enabling Oracle Identity Manager to Work With IBM Tivoli Access Manager
Configuring SSO Providers for Oracle Identity Manager - 11g Release 2 (11.1.2) -
Hi
Does anyone have any idea how to integrate SAP BI with IBM Tivoli.
Our client wants to monitor all the error and alerts to be sent to IBM tivoli.
IBM tivoli will be the central server to monitor SAP related errors and alerts.
If anyone knows any info on this, please share it
Regards
Anniehi,
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/6f0a64d0-0a01-0010-e78b-e44b6da56b52
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/ad84a55a-0601-0010-749b-85476a9033a5
/people/ingo.dressler/blog/2005/09/06/sap-cua-in-an-tivoli-identity-manager-environment
IBM Tivoli
Ramesh -
Configuring PI SSL for communicating with third-party web services
Hi,
I'm trying to load a COMODO certificate into a J2EE environment running in NetWeaver 7 (no enhancement packs), in order to connect to an external web service using SSL
I have been looking at this reference:
http://help.sap.com/saphelp_nw70/helpdata/en/a0/a5d13f83a14d21e10000000a1550b0/frameset.htm
and in this document (and many others i've read) it talks about requiring a server key pair to support SSL.
http://help.sap.com/saphelp_nw70/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
My question is - is there a way to use the self-signed root CA certificates instead of having to generate CSRs and sign certs? I ask this because it seems completely impractical to have to generate key pairs for each SAP installation that is required to access a third-party web service.
Furthermore, the SSL connection may only be for the web service and I'd rather not have to ask that the entire J2EE server is switched to SSL in order to make this secure connection. I've recently discovered the AXIS framework for the SOAP adaptor however I'm not familiar with it and can't identify whether you could use this for the SSL handshake and avoid having to a) generate certificate key pairs and b) switch your J2EE server to SSL
Does anyone have experience connecting to a third-party service using VeriSign, COMODO or Thawte certificates and can clear this up for me?
Regards,
JohnDid you resolve your issue?
I´m posting some comments that maybe can help newer administrators facing similar doubts.
I´m using NW PI 7.1 EHP1 also and some interfaces were developed for using an external site providing web services through SSL (HTTPS) connection.
As in browser navigation, secure sites protected with SSL has a certificate emited by a international CA. We didn´t perceive the "handshake" in the most of cases because normally the web browser has a group of trusted CAs loaded on its certificate store.
With SAP PI and its WAS Java a similar procedure occurs with a small difference. The WAS Java didn´t have the trusted CAs loaded on KeyStorage. So, when the adapter tries to establishing a connection with an HTTPS site (it is a background process) a "handshake" is required to accepting the certificate and produces a error.
We completes the handshake importing the entire certificate chain (you can upload the site´s certificate to your browser and export it as file) on Keytore under the Trusted CAs view.
Hope this can help someone. It´s an "easy" part of SSL communication.
Now I´m trying to configure the inverse: Some third party consuming the PI web services using SSL. I have an additional component on inbound/ incoming connections that is the SAP Web Dispatcher.
The Help.sap.com is the reference but as always its a little difficult to find the (sequential) path following the links (go ahead, go ahead, go ahead, go back, go back, go ahead)...
Regards,
Rodrigo Aoki -
SSL connectivity for IBM WebSphere MQ to integrate with XI
Any information of SSL connectivity for IBM WebSphere MQ to integrate with XI???
Ravi,
Have you gone thru this SAP Note - 912314 - SSL support for IBM Websphere MQ/ MQ Series
raj.
[Give Support|http://www.sapfeedingknowledge.com/show_your_support|I'm Working here for Global cause] -
SSL communication issue with JDK 1.6.0_19
Hi,
I am facing issue with JDK 1.6.0_19. I have a Java client which communicate with the Server in SSL communication.so, It is able to communicate properly with the JDK <=1.6.0_18 version.But I got handling exception: javax.net.ssl.SSLException: HelloRequest followed by an unexpected handshake message exception when the client is trying to communicate with the server in JDK 1.6.0_19.
We are using mutual authentication.The client and the server both have the signed certificate.The client certificate has to be validated by the server to establish the connection.
I have seen in forum that it is a renegotiation issue.So, if I enable the renegotiation flag by -Dsun.security.ssl.allowUnsafeRenegotiation=true it's working fine.But enabling renegotiation itself is a vulnerability.So, I can't enable renegotiation.
I am using httpclient 4.0 and JSSE in client side and IIS in the server side for this SSL connection.
I am not sure which side client or server initiating the renegotiation?
Please help me out.
I have tried Openssl command from console.
The command is : openssl s_client -connect X.X.X:443 -CAfile "xxxxx" -cert "xxxxxxxx" -key "xxxxxxxxxx" -state -verify 20 here is the output:
Loading 'screen' into random state - done
CONNECTED(00000748)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
xxxxxxxxxxx.................
verify return:1
xxxxxxxxxxx.................
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
Certificate chain
xxxxxxxxxxx.................
Server certificate
-----BEGIN CERTIFICATE-----
xxxxxxxxxxx.................
-----END CERTIFICATE-----
xxxxxxxxxxx.................
No client certificate CA names sent
SSL handshake has read 1839 bytes and written 392 bytes
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: xxxxxxxxxxx
Session-ID-ctx:
Master-Key: xxxxxxxxxxx
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1275564626
Timeout : 300 (sec)
Verify return code: 0 (ok)
read:errno=10054If you see the console output you can see that two statement is missing those are :
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 write client certificate ASo, I like to know if this is any clue which is asking for renegotiation.Thank you for your response.
Yes I have set the particular proerty SSLAlwaysNegoClientCert to True and it is able to establish the ssl conneciton without initiating renegotiation from IIS server side.The property has to be set the metabase.xml file.
Thank you very much once again.
Edited by: arpitak on Jun 23, 2010 2:10 AM -
Hi community,
I am trying to integrate Cisco Unified Presence 8.6.1.10000-34 with IBM Lotus Notes 8.5.2 with the integrated Sametime Client version 8.0.2 via the Cisco Plugins 8.6.1.1185.
Phone control is working fine, whereas the presence status is not shown (= no handset symbol next to the Sametime user). When I look in the preferences of the plugin, I can see that the plugin has connected successfully to the CUCM (8.6.2.20000-2),whereas the connection to the CUPS has not been established.
The user id as well as the password are all the same on all systems. Here is a description of what I have configured via the ciscocfg.exe tool:
Feature Control:
- Enable Phone Status -> checked
- Enable Dial Using Cisco IP Communicator -> unchecked (not required)
- Enable Control Desk Phone -> checked
- Default Mode -> Control Desk Phone
Control Desk Phone Settings:
- Voicemail Pilot Number -> left blank (no voicemail)
- Cisco Unified Communications Manager
- Servers -> IP address of CUCM
- Read Only -> unchecked
- Use as Default CUCM -> checked
- Synchronize Credentials -> checked
- Use Sametime Credentials -> checked
Use Secure Connection: -> not required
LDAP Phone Attributes: -> not required
Phone Status Settings:
- Cisco Unified Presence Servers -> IP address of CUPS
- Read Only -> unchecked
- Synchronize Credentials -> checked
- Use Sametime Credentials -> checked
- Sametime User ID Mapping
- Use Business Card Attribute -> MailAddress
- Remove Domain -> checked
- Display Off-Hook Status Only -> unchecked
At the moment I don't see an error in the configuration, but maybe I am wrong. Could anyone please tell me what the error could be?
Thanks a lot in advance!
Kind regards,
IgorHi all,
here are some additions to my above post:
Servers and clients used:
1x CUCM 8.6.2.20000-2
1x CUPS 8.6.1.10000-34
1x IBM Lotus Domino Messaging Express Server 8.5.2
1x Sametime Entry Server 8.5.2 (on top of the Domino server)
2x IBM Lotus Notes 8.5.2 with integrated Sametime 8.0.2
2x Cisco Phone Control and Presence with Lotus Sametime (PCAP) 8.6.1.1185
2x Cisco Unified Personal Communicator 8.5.5.19839
Setup:
- CUCM, CUPS and CUPC are working fine, i.e. Desk Phone control via CUPC, as well as availability and presence status are working without issues
- IBM Lotus Domino server is the LDAP Directory, the Sametime Entry Server is installed on top of the Domino server and uses the Domino Directory
- User ID and password on CUCM/CUPS match the ShortName field and password in Domino
- The PCAP plug-in has been manually deployed to both Notes clients with the following configuration:
- Enable Phone Status -> active
- Desk Phone Control -> active
- no credential synchronization for CUCM and CUPS, i.e. every user must fill the user details himself
- Sametime User ID Mapping is implemented via the LDAP Attribute uid (which is equal to the user id in CUCM)
- LDAP configuration filled in with details of the Domino server
Phone Control is working fine, also the connection to the LDAP server (Domino) is fine. However, when I type in the credentials for the CUPS server login, I can see (in Troubleshooting pane) that the user (pparker) is connected to the CUPS server for a short period of time and then gets disconnected. After that no connection is possible to the CUPS server, i.e. status is always disconnected.
I have collected the Tomcat (EPASSoap00010.log and security00010.log) logs via RTMT and compared them to the logs from the PCAP plugin. The relevant time period is from 15:14 to 15:17. In the Tomcat logs I can see that the authentication is successful (see attached files), however in the log of PCAP plugin I can see the following messages:
2012/02/03 15:14:35.281 WARNUNG Credential is rejected. Nothing to retry ::class.method=com.cisco.sametime.phonestatus.cup.CUPPresenceWatcher.answerChallenge() ::thread=CT_CALLBACK.1 ::loggername=com.cisco.sametime.phonestatus.cup
2012/02/03 15:14:35.281 WARNUNG #### Connection rejected presence server ::class.method=com.cisco.sametime.phonestatus.cup.CUPPresenceWatcher.onPresenceServerConnectionRejected() ::thread=CT_CALLBACK.1 ::loggername=com.cisco.sametime.phonestatus.cup
2012/02/03 15:14:35.281 WARNUNG Credential is rejected. Nothing to retry ::class.method=com.cisco.sametime.phonestatus.cup.CUPPresenceWatcher.answerChallenge() ::thread=CT_CALLBACK.2 ::loggername=com.cisco.sametime.phonestatus.cup
2012/02/03 15:14:35.281 WARNUNG #### Connection rejected presence server ::class.method=com.cisco.sametime.phonestatus.cup.CUPPresenceWatcher.onPresenceServerConnectionRejected() ::thread=CT_CALLBACK.2 ::loggername=com.cisco.sametime.phonestatus.cup
I don't understand why the connection is rejected although the Sametime Internal ID and CUPS User ID match. Does anyone know what the issue could be?
All posts are very much appreciated!
Thanks a lot in advance!
Kind regards,
Igor -
SSL Passphrases with Nginx and Systemd
I'm currently looking to migrate one of my systems to Arch Linux with Nginx powering my web stack. For my site I use a wildcard SSL certificate for communication, and of course my SSL key is passphrased.
While finishing up the last things on the system last night, I came around to actually putting the real cert on the system and starting Nginx. To my surprise Nginx failed. Using `journal -xn` I found that it was requesting the SSL key's passphrase via stdin which wasn't being sent to me, and thus would just fail.
How are people using SSL passphrases with systemd? I saw some work-around suggestions for Apache in relation to the PasswordAgent, are there any for Nginx? I'm starting to think that I'm just going to need to disable the systemd service for nginx and write my own init script.
I've taken a look at the systemd documentation, and there seemed to be plenty of theoretical / philosophical information about the PasswordAgent but nothing specific about how you add support to a service that needs it. It's possible I just missed the relevant article.
Any information will be greatly helpful.
Cheers!
-TimThank you for the suggestion, I'm not sure how I missed this patch.
I'd like to avoid having to compile nginx from source. I suppose I should probably open a bug report on the project to allow this to be a core feature.
Cheers!
-Tim -
Portal Integration with IBM TDS
Hello,
We are running on EP 6 on NW04 SP15, AIX, ORacle 9.2.0.6.
And trying to integrate the UME with the IBM tivoli directory server.
We have done the configuration in the Portal in ume configuration using
our custom configuration file for directory server type "other"
When we try to access the schema, with the server type = other, we get error for that. Another unique notice is when we select the server type as "ADS" it shows us the schema of IBM Tivoli Directory server.
We are not able to search the users which are created on the TDS.
Thanks.
ChetanThe error we are facing is "Unwilling to perform, error code:53"
The XMl File looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_siemens_writeable_db.xml#7 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) -->
<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">
<dataSources>
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="account">
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
<principal type="team" />
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</responsibleFor>
<notResponsibleFor/>
<attributeMapping />
<privateSection/>
</dataSource>
<dataSource id="CORP_LDAP"
className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principal type="account"/>
<principal type="user"/>
<principal type="group"/>
</homeFor>
<notHomeFor>
<principal type="account">
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
</notHomeFor>
<responsibleFor>
<principal type="account">
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="j_user"/>
<attribute name="logonalias"/>
<attribute name="j_password"/>
<attribute name="userid"/>
</attributes>
</nameSpace>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname" populateInitially="true"/>
<attribute name="displayname" populateInitially="true"/>
<attribute name="lastname" populateInitially="true"/>
<attribute name="fax"/>
<attribute name="email"/>
<attribute name="title"/>
<attribute name="department"/>
<attribute name="description"/>
<attribute name="mobile"/>
<attribute name="telephone"/>
<attribute name="streetaddress"/>
<attribute name="uniquename" populateInitially="true"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER"/>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="group">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="displayname" populateInitially="true"/>
<attribute name="description" populateInitially="true"/>
<attribute name="uniquename"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attributes>
<attribute name="dn"/>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
</responsibleFor>
<attributeMapping>
<principals>
<principal type="account">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="j_user">
<physicalAttribute name="uid"/>
</attribute>
<attribute name="logonalias">
<physicalAttribute name="uid"/>
</attribute>
<attribute name="j_password">
<physicalAttribute name="userpassword"/>
</attribute>
<attribute name="userid">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="user">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="firstname">
<physicalAttribute name="givenname"/>
</attribute>
<attribute name="displayname">
<physicalAttribute name="displayname"/>
</attribute>
<attribute name="lastname">
<physicalAttribute name="sn"/>
</attribute>
<attribute name="fax">
<physicalAttribute name="facsimiletelephonenumber"/>
</attribute>
<attribute name="uniquename">
<physicalAttribute name="uid"/>
</attribute>
<attribute name="loginid">
<physicalAttribute name="null"/>
</attribute>
<attribute name="email">
<physicalAttribute name="mail"/>
</attribute>
<attribute name="mobile">
<physicalAttribute name="mobile"/>
</attribute>
<attribute name="telephone">
<physicalAttribute name="telephonenumber"/>
</attribute>
<attribute name="department">
<physicalAttribute name="ou"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="streetaddress">
<physicalAttribute name="postaladdress"/>
</attribute>
<attribute name="pobox">
<physicalAttribute name="postofficebox"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="$usermapping$">
<attributes>
<attribute name="REFERENCE_SYSTEM_USER">
<physicalAttribute name="sapusername"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
<principal type="group">
<nameSpaces>
<nameSpace name="com.sap.security.core.usermanagement">
<attributes>
<attribute name="displayname">
<physicalAttribute name="ou"/>
</attribute>
<attribute name="description">
<physicalAttribute name="description"/>
</attribute>
<attribute name="uniquename" populateInitially="true">
<physicalAttribute name="cn"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.usermanagement.relation">
<attributes>
<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
<physicalAttribute name="member"/>
</attribute>
<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
<nameSpace name="com.sap.security.core.bridge">
<attributes>
<attribute name="dn">
<physicalAttribute name="null"/>
</attribute>
</attributes>
</nameSpace>
</nameSpaces>
</principal>
</principals>
</attributeMapping>
<privateSection>
<ume.ldap.access.server_type>IBM-Tivoli</ume.ldap.access.server_type>
<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
<ume.ldap.access.objectclass.user>inetOrgPerson</ume.ldap.access.objectclass.user>
<ume.ldap.access.auxiliary_objectclass.user>organizationalPerson,person</ume.ldap.access.auxiliary_objectclass.user>
<ume.ldap.access.objectclass.uacc>inetOrgPerson</ume.ldap.access.objectclass.uacc>
<ume.ldap.access.auxiliary_objectclass.uacc>organizationalPerson,person</ume.ldap.access.auxiliary_objectclass.uacc>
<ume.ldap.access.objectclass.grup>groupofnames</ume.ldap.access.objectclass.grup>
<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
<ume.ldap.access.auxiliary_naming_attribute.user>uid</ume.ldap.access.auxiliary_naming_attribute.user>
<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
<ume.ldap.access.auxiliary_naming_attribute.uacc>uid</ume.ldap.access.auxiliary_naming_attribute.uacc>
<ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>
<ume.ldap.default_group_member.enabled>true</ume.ldap.default_group_member.enabled>
<ume.ldap.default_group_member>cn=DUMMY_MEMBER_FOR_UME</ume.ldap.default_group_member>
</privateSection>
</dataSource>
</dataSources> -
Changing from non-ssl to ssl communication in OAM
I have installed the Identity server and webpass on linux, I initially set them up for non ssl communication between them and the configuration/policy store & the user store. Now I must change that to use SSL. I have not configured them yet. how would I make this change without reinstalling?
When I try to set the configuration data location with SSL checked I get the following error
The files requires for SSL connection are missing.Hi Andy,
Note 740034.1 on My Oracle Support describes how to do this. After performing those steps, I would also verify that you do not have any remaining Open Mode directory profiles being used (in the Identity System Console/System Configuration/Directory Profiles).
Regards,
Colin -
Why do you need to enable http communication with Basic authentication with Exchange Admin IP?
The pre-reqs for the Exchange Admin IP say you have to make a few changes on your Exchange server (2010 on prem in my case). I have a few questions about those pre-reqs and I'm not able to find documentation online to help:
Why does http communication with basic authentication for the powershell virtual directory in IIS need to be enabled? In the IP you still specify to connect over an SSL connection. The concern is what is being sent over unencrypted and what impacts are
there to the security of the Exchange server.
What role does the IP connect to (MBX/CAS/HT)? I'm not an Exchange guy so I don't know which roles install the PowerShell virtual directory.
Are there any technet pages or white papers that talk about the MS developed IPs in any more detail than basic config?
I appreciate any help anyone can offer. Thanks!
-RajYeah I find this perplexing as well. I'm guessing it has something to do with Opalis origins perhaps.
Would be good to understand why. -
CF & MS-SQL SSL communication?
I'm looking to do SSL communication between our CFMX8 server and MS-SQL 2005 server using the built in SQL SSL encryption.
I wanted to do some testing prior to enabling the features to see it in a broken connection state so when I got it working I knew I was actually encrypting. So I added ";EncryptionMethod=SSL" to the end of the connection string inside of the neo-datasource.xml file to force SSL connection from the CFMX8 side but I had not enabled SSL on the server side. What I expected to see was an SSL connection failure message because EncryptionMethod=SSL means the system will require SSL from the JDBC side and fail if not available. Well it connected right through with no issues... I've found a couple articles online talking about this and at this point I'm not even sure if CFMX8 supports SSL JDBC communications or not...
I've done a bunch of research and I've come up with nothing so far, and I know from looking at the CFAdmin that it's not a checkbox in there. Any assistance would be wonderful.I just came across this. From this article I see CFMX9 supportsSSL MS-SQL encryption, but we're running CFMX8 still. EncryptionMethod=SSL is what I have in the connection string area too...
http://help.adobe.com/en_US/ColdFusion/9.0/Admin/WS50260aa90e50c24b-32f8955c122c2720693-7f ff.html -
HTTP Communication with iSoft eCommerce Suite
Hello,
I am trying to establish an SSL communication link with a business partner that is running the iSoft eCommerce Suite. The business partner receives and transmits data using an AS2 engine. Unfortunately, the business partner has yet to configure a communication link using SSL. Is there anyone out there that has successfully setup a HTTPS communication link with a partner that uses iSoft eCommerce Suite? Is a third party adapter required for this type of scenario? If so, on whose system is the adapter required?
Thanks in advance,
JackHi Samba,
I'd suggest better raise it in he ADF forum.
However, this should be possible by calling the Arbortext functions on click of ADF form buttons. Or you may send the information to a placeholder (JMS, File, DB etc.) from where Arbortext can pick that information.
Regards,
Neeraj Sehgal
Maybe you are looking for
-
How to get Public Key Remainder?
Hi Friends.. Sorry, i have a little doubt regarding the Public Key Remainder.. What is Public Key Remainder used for?.. is it a part of Public Key?.. How to get it from Public Key, especially in Java? As far as i know that the Public Key is construct
-
Acrobat PDF Printing Press Issues....
I have a pdf with more than 150 pages in High Resolution, I want to convert it to pdf presss quality, so when I print this High Resolution pdf by going to pdf printer and setting its quality as a press quality, then its simply starts processing and a
-
Need clarification on exact size/amount of Artic Silver to apply on AMD64 3000+
I am installing the OEM HSF on my AMD64 3000+ winchester CPU using Artic Silver and I need a bit of clarification about the size/amount of the Artic Silver blob that I need to put on the CPU heat spreader. EDIT - I'm reading the Artic Silver instruct
-
how do i create a slideshow out of a photo book? It's easy in iPhoto, how does it work in aperture?
-
Recommend security method for CB21AG clients
I am looking for recommendations of the strongest/most secure encryption and authenication method to use to secure clients that are using CB21AG client adapters and ADU software. EAP-TLS is not an option as we currently do not have PKI in place. EAP-