TrueSuite Access Manager on Portege M700-13P

Every time I start up my new Portege M700 this program claims that the drivers are not installed for the fingerprint scanner and tries t install them again. TrueSuite Access Manager Installer starts and then it asks me to restart my PC. EVERY time. I am currently ignoring this but it bugs me.
I can login with the fingerprint scanner which suggests that the message is bogus.
Anyone recommend a way to resolve this?
I am tempted to remove the device from the hardware manager and uninstall the software, then restart, reinstall the software then redetect the hardware...
Anyone got a better idea before I waste my time?
Cheers,
Rob.

OK that didn't work... Here is the step by step what happened...
Downloaded latest update to Truesuite from Toshiba site.
Uninstalled the software - revmoed the hardware item from the list in the device manager then restarted.
Got a message - New hardware (all good so far). I clicked to installed drivers.
The Truesuite Access Manager program started up to install (? that's odd...)
Machine claimed all installed ok and offered a restart.
Restarted and the fingerprint scanner not enabled for logging in (OK it might to be logged in once to get it started).
Immediately got a message - New hardware (Damn it!!!)
Waited for full startup sequence to complete... it takes ages thanks to all manner of preloaded stuff.
Clicked to install new hardware - back to the same thing. It reinstalls the truesuite software again and again and again every restart...
This is stupid.
Anyone got any idea what is going to make this work?

Similar Messages

  • Unable to open Database: TrueSuite Access Manager

    Every time I attempt to register fingerprints in the TrueSuite Access Manager, I receive an error that states that it failed to open the specific database.

    Hi there, I have the same problem on a Portege R500, short history:
    1. Vista was installed with BIOS and HDD password + fingerprint - worked fine
    2. Installed XP with the recovery image, re-formatting the HDD
    3. The BIOS and HDD fingerprint was accepted (!) - i.e. he remembered the fingerprints on the board
    4. But the Windows welcome screen showed "please wait"
    5. New installation of actual version of True Suite Software did not help
    6. When running the Access Manager and trying to record new fingerprints, it shows "error: database not found"
    7. Another observation: clicking delete fingerprint reveals a fingerprint with a scrambled name, it can't be deleted
    8. Ignoring the fingerprint reader works (on BIOS, HDD and Windows logon)
    9. I believe it would have been better to delete the BIOS and HDD fingerprint in Vista before installing XP. Now there is an inconsistency between the fingerprints on the board and in the Software database - does that help?
    Thanks for keep working on it,
    Regards

  • Portege m700 Tablet Extended Desktop Problem

    I've looked all over and can't find a good answer to this, so I figured I'd better check with the source!  I have a Toshiba Portege m700 tablet PC, which has an LCD monitor connected using the digital cable.
    I have the external monitor set as my primary, with the notebook monitor set as the secondary, providing extra desktop real estate to the right of the first monitor.
    The problem is that when I use the touchscreen, the mouse controls are only active on the primary monitor (the external one).  What I'd like to do is have the external monitor be primary, the notebook monitor be secondary, and be able to drag items to the notebook and use ink, or onenote, or other touchscreen apps on there.  I want the touchscreen to control ONLY the secondary (notebook) monitor.  Is this possible?
    It seems like there should be some way to just instruct the computer to map the touchscreen to the secondary monitor instead of always just mapping to the primary.
    However, if there is not, what I did experiment with is having the notebook as primary and the external as secondary, and then using some sort of multimonitor software to manage the taskbar and such to create the illusion of the external monitor being primary.  The problem here is that while the notebook is 1280 x 800 resolution, the external monitor is capable of 1280 x 1024, but when set as secondary will go no higher than 1280 x 800.  Is there a way to force the external monitor to run in 1280 x 1024 if I'm using it as the secondary?
     Is this something for which I need an updated graphics driver?  I tried to get a newer version of the Intel GMA, but it actually removed all extended desktop options for me, so I rolled it back.  The version it's running is 6.14.10.4837.
    Thank you in advance for anyone pointing me to any driver updates, configuration directions, or external software that can effectively manage all these options of extended desktop, screen resolution, and what monitor is assigned to touchscreen control!

    I've just tested the "Extended Desktop for Tablet PC" powertoy, and that doesn't solve this problem.  With the tablet set as the secondary monitor, when I move the window onto that screen, it just recurses the image over itself, which isn't really useful.
    No one has any other ideas about this?

  • Portege M700 crashes after upgrading to Windows 7 32bit

    Dear All,
    My portege M700 laptop has for the most part performed reliably.
    However, it used to be very sluggish resuming from sleep after a few wake-sleep iterations, taking >5min.
    I have now installed Windows 7 32-bit, which is working very well. There are no longer any problems with resuming from sleep. However, about 1-2 times per day now I get a message that Explorer has crashed and must restart. About once per week, the system locks up entirely with a windows blue screen (kernel fault). Most times, in the few seconds around the time the screen freezes, I hear the fan switch on at full speed (much faster than it ever normally runs) and the case becomes quite warm.
    I have installed the latest Windows 7 32-bit drivers from the Toshiba UK website.
    Can anyone help me diagnose the cause of these crashes?
    Many thanks,
    Chris.

    I changed the windows 7 power management settings for the fan to "keep coolest". In normal use, I can feel a slow slightly warm airflow. There's no fluff. All that looks fine.
    My suspicion is that something is making the kernel go into a loop (I suspect a driver fault) and that this makes the CPU get hot, and the fan kicks in as it should...
    Any other ideas for some specific diagnostic tests to try would be appreciated. The Toshiba "PC Diagnostics" tool passes everything except the network which reports as follows:
    [Diagnostic Results]
    NETWORK TEST (1) DONE PASS (Intel(R) 82566MM Gigabit Network Connection)
    NETWORK TEST (2) DONE PASS (Intel(R) Wireless WiFi Link 4965AGN)
    NETWORK TEST (3) DONE FAIL (Cisco AnyConnect VPN Virtual Miniport Adapter for Windows)
    NETWORK TEST (4) DONE PASS (VirtualBox Host-Only Ethernet Adapter)
    NETWORK TEST (5) DONE FAIL (Shrew Soft Virtual Adapter)
    C.

  • Toshiba Portege M700-S7003X startup problem

    I have a Toshiba Portege M700-S7003X (Part#PPM70U-03M01J; Serial#38084271H). Few days ago while I was working on the notebook suddenly a message showed up to restart the computer for some update purpose. However, when I tried to restart seems to me the computer is crashed. Right now whenever I try to startup it shows up messages: Safe Mode; Safe Mode with Networking; Safe Mode with Command Prompt; Last known Good config that Start windows normally. However, I tried with every option and at every case gets a quick blue screen which doesn't let me really see what's been said and then restarts.
    I would highly appreciate if anyone suggest me the possible ways to solve the problems.
    Thanks!!

    ***STOP: 0X000000ED (0X86D55030, 0X80000003, 0X00000000, 0X00000000)
    Bug Check 0xED: UNMOUNTABLE_BOOT_VOLUME
    That's a good sign. It usually means the hard drive contains some corrupt files and can be repaired, but it's not easy.
    You should boot to the Recovery Console and try to resurrect the hard drive by running chkdsk /r. See KB297185.
    Unless you have access to a Windows XP installation CD, you will need the downloadable Setup boot floppies. And you may need a PA3109U-3FDD USB Floppy Disk Drive.
    -Jerry

  • Portege M700 - how to activate the fingerprint login

    Hi everyone.
    I've had my M700 for about three months now. I always knew there was a fingerprint login but just recently, I wanted to get it activated.
    Does anyone know how to activate the fingerprint login? I've tried searching for hardware and going through Program Files but nothing...
    Thanks.

    Hi
    Do you have preinstalled program called True Suite Access Manager.
    Its fingerprint software. You should find it in the Toshiba Utilities folder!

  • Can not configure Access Manager

    Hi all,
    1. I istalled Sun java messaging server 6.
    2. I edit amsamplesilent to prepare amsamplesilent.my:
    # cd /opt/SUNWam/bin
    #mv amsamplesilent amsamplesilent.my
    3. I configure Access Manager:
    #./amconfig -s amsamplesilent.my but get the following error:
    # ./amconfig amsamplesilent.my
    Usage: amconfig -s <silentinputfile>
    ./amconfig: Sourcing ./amutils
    ln: cannot create /opt/SUNWam/lib/jaxrpc-spi.jar: File exists
    chown: jaxrpc-spi.jar: No such file or directory
    full install
    ./amdsconfig: Sourcing ./amutils
    LD_LIBRARY_PATH is --- /usr/lib/mps/secv1:/usr/lib/mps/secv1:/usr/lib/mps/secv1:/opt/SUNWam/lib:/opt/SUNWam/ldaplib/ldapsdk
    CLASSPATH is --- /opt/SUNWam/locale:/etc/opt/SUNWam/config:/opt/SUNWam/lib:/opt/SUNWam/lib/am_services.jar:/opt/SUNWam/lib/ldapjdk.jar:/usr/share/lib/mps/secv1/jss3.jar:/opt/SUNWam/lib/am_sdk.jar
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    sleep 3
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    sleep 4
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    sleep 5
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    sleep 6
    ERROR : Loading of Access Manager schema into the Directory failed
    Starting the tag swapping of the install.ldif and installExisting.ldif
    ROOT_SUFFIX is dc=iplanet,dc=com
    People_NM_ROOT_SUFFIX is People_dc=iplanet_dc=com
    SERVER_HOST sample.red.iplanet.com
    DIRECTORY_SERVER sample.red.iplanet.com
    DIRECTORY_PORT 389
    USER_NAMING_ATTR uid
    ORG_NAMING_ATTR o
    CONSOLE_DEPLOY_URI /amconsole
    ORG_OBJECT_CLASS sunismanagedorganization
    RS_RDN iplanet
    USER_OBJECT_CLASS inetorgperson
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    sleep 3
    ERROR : Configuring/Loading of the default DIT in the Directory Server failed
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    sleep 3
    Warning : Plugins and Indexes already exist.
    ./amsvcconfig: Sourcing ./amutils
    LD_LIBRARY_PATH is --- /usr/lib/mps/secv1:/usr/lib/mps/secv1:/usr/lib/mps/secv1:/opt/SUNWam/lib:/opt/SUNWam/ldaplib/ldapsdk
    CLASSPATH is --- /opt/SUNWam/locale:/etc/opt/SUNWam/config:/opt/SUNWam/lib:/opt/SUNWam/lib/am_services.jar:/opt/SUNWam/lib/ldapjdk.jar:/usr/share/lib/mps/secv1/jss3.jar:/opt/SUNWam/lib/am_sdk.jar
    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    Loading service schema XML files ...
    Info 112: Entering ldapAuthenticate method!
    Error 15: Cannot authenticate user.
    LDAP authentication failed.
    Error 9: Operation failed: Error 15: Cannot authenticate user.
    Error occured while loading: /etc/opt/SUNWam/config/ums/ums.xml
    ./amws61config: Sourcing ./amutils
    /opt/SUNWam/console.war: No such file or directory
    current web app is applications
    copying files from sunwamconsdk
    Swapping tag swap in index.html files ...
    Making amconsole.war
    Successfully done making warfile ...
    Deploying from /opt/SUNWam/web-src/applications (/opt/SUNWam/amconsole.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/applications for /amconsole
    wdeploy deploy -u /amconsole -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/applications /opt/SUNWam/amconsole.war
    [wdeploy] The war file name is /opt/SUNWam/amconsole.war
    [wdeploy] Fatal error in parsing XML file ..Premature end of file.
    [wdeploy] (-1, -1) in file null
    [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
    Failed deploying /amconsole
    /opt/SUNWam/services.war: No such file or directory
    current web app is services
    Swapping tag swap in index.html files ...
    Making amserver.war
    Successfully done making warfile ...
    Deploying from /opt/SUNWam/web-src/services (/opt/SUNWam/amserver.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/services for /amserver
    wdeploy deploy -u /amserver -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/services /opt/SUNWam/amserver.war
    [wdeploy] The war file name is /opt/SUNWam/amserver.war
    [wdeploy] Fatal error in parsing XML file ..Premature end of file.
    [wdeploy] (-1, -1) in file null
    [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
    Failed deploying /amserver
    /opt/SUNWam/password.war: No such file or directory
    current web app is password
    Swapping tag swap in index.html files ...
    Making ampassword.war
    Successfully done making warfile ...
    Deploying from /opt/SUNWam/web-src/password (/opt/SUNWam/ampassword.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/password for /ampassword
    wdeploy deploy -u /ampassword -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/password /opt/SUNWam/ampassword.war
    [wdeploy] The war file name is /opt/SUNWam/ampassword.war
    [wdeploy] Fatal error in parsing XML file ..Premature end of file.
    [wdeploy] (-1, -1) in file null
    [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
    Failed deploying /ampassword
    /opt/SUNWam/introduction.war: No such file or directory
    current web app is common
    Swapping tag swap in index.html files ...
    Making amcommon.war
    Successfully done making warfile ...
    Deploying from /opt/SUNWam/web-src/common (/opt/SUNWam/amcommon.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/common for /amcommon
    wdeploy deploy -u /amcommon -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/common /opt/SUNWam/amcommon.war
    [wdeploy] The war file name is /opt/SUNWam/amcommon.war
    [wdeploy] Fatal error in parsing XML file ..Premature end of file.
    [wdeploy] (-1, -1) in file null
    [wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
    Failed deploying /amcommon
    Checking if Web Server is already configed with Access Manager
    Configuring Web Server
    Mime type: 'type=text/vnd.wap.wml' already exists: Skipping ....
    Mime type: 'type=image/vnd.wap.wbmp' already exists: Skipping ....
    I tried again but I still get this error.
    Any Ideas for this problem?
    Thanks.

    ldap_simple_bind: Can't connect to the LDAP server - No route to host
    i would consider this a fatal error.
    The system cannot locate where your Directory Server is. "no route to host" means that it's trying to get to the host, but your networking isn't set up correctly, and it doesn't find any route to get to the specified host.

  • Can not login access manager

    mail server version is JES messaging Server 6 2005Q4 :
    My Access Manager:http://hostname:8080/amserver
    last week, i login access manager, under the web label or configuration label�F
    in "ldap" item�Ci add new dc=xx,dc=xx,dc=xx�C
    then save configuration.
    but after that i can not login access manager.
    when i user admin login,it print:"
    Authentication failed".
    what should i do to restore access manage?
    thanks!

    javatoall wrote:
    Hi,
    I login Access Manager, access sample "realm" -> Authentication->
    Advance Properties -> User profiles and then I choiced "Dynamic with user Alias".
    Then I only configure JDBC authentication with mysql database that I don't used ldapservice.
    When I created a one new user in MySQL, I can login into web application that i security as "sample.war" successfull but new user don't right access resource that i protected before.
    When i login access manager with amdmin user, I can not find user that i has been created it in MySQL database. t
    When the users are created through the dynamic profile, the default cn/sn are set to "default" , after creation you need to login to amconsole as amadmin and change/add proper values for these attributes.
    Alternatively you can set the protected resource's policy subject to Authenticated users. This will work but not sure will meet your requirement
    >
    When i login access manager console with new user, it login successful, and view Profile of new user that I has been created.
    Can you tell me How to manage new user that I has been new in MySQL by Access manager console ?
    I want to configure access proteced resourse for that user. How to configure that ?
    read above use the authenticated users subject
    Thank for every help.
    VinhND.

  • UWC/CE 6.3 and Access Manager 7.1 SSO sometimes fails (seems like a bug)

    PREAMBULA: I started writing this post thinking that our AM SSO setup was at fault in some step. As I was gathering data, checking the doc-links and config files and finally sniffed the servers for HTTP dialogs, I grew pretty sure there's a bug in UWC/CE, AM SDK or Web Server Policy Agent, whatever implements the AM SSO session checking.
    In short, as written below, our "sunmail" server can POST a broken cookie to AM server, if the cookie originally contained a "plus" character. The "plus" is replaced by a "space", invalidating the session check. As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here. I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
    Is there some known bug or workaround that matches this description?
    Nevertheless, for completeness' sake I kept the description of our setup. Maybe it's at fault after all :)
    We have an installation of JCS5 with the latest patches as of early July 2008. And as the subject implies, we have problems with AM SSO in UWC/CE web-interface. I have reported them before, then they seemed fixed (not occuring for several tests in a row), but as time has shown, something wrong is still there.
    So I'll try to go into deeper detail now, as we've may have overlooked some nuance... Then again, as my sniffer research below shows, this may be an engine bug and these setup details are irrelevant.
    Our setup is split into several Solaris 10 full-root zones hosted on several servers, some of the components are enroute to HA (perhaps we made some mistakes on this part of the way?)
    So, we have the following software stack:
    1) two MMR Directory Servers (DSEE 6.3 = DSEE 6.2 from JCS5 + 125278-07__DSEE_6.3__x86x64 + 125277-07__DSEE_6.3__x86_sol9 patches) working in zones on two different servers. Except for one time when a manually forced ZFS rollback corrupted one of the server instances, no problems here.
    2) two zones with Directory Proxy Servers (6.3, exact versions as above) running at port 389 provide the clients with an illusion that they have a stable Directory Server, even if one of the actual servers is currently rebooting ;)
    These DPS zones are hosted on two different servers as well and are primarily used by LDAP clients (JCS components) running in other zones on the same respective servers.
    3) A zone with Sun Web Server 7.0U1 and Access Manager 7.1 (+ 126357-01__AM71_x86 patch) and Delegated Admin 6.4-4.01 (from JCS5 + 121582-18__COMMCLI64__x86 patch).
    At the moment there is one such zone (named "cos-psam-01.domain.ru" in the logs below), but we expect(-ed) it to become two similar zones as per AM HA setup.
    Zones listed in (1-3) use private IP numbers, they belong in our internal DMZ.
    Zones listed in (4-5) below use public (routed) IP numbers, they belong in our external DMZ.
    4) A zone with Sun Web Server 7.0U1 used primarily as a reverse-proxy server (optionally with a load-balancer libpassthrough.so plugin) successfully used for other hosted projects. One of its configurations now passes connections from an externally routed IP address published as "psam.domain.ru" to "cos-psam-01.domain.ru", per AM HA setup, so HTTP clients believe they work with an Access Manager instance. This zone has a backend interface with a private IP address to communicate with the actual AM instance.
    In AM configuration (both LDAP and file-based) we have configured a site ID with the publicly known name and mentioned both names (psam and cos-psam-01) in organization's realm/dns aliases.
    5) A zone with the rest of the Sun Java Communications Suite 5, as in Messaging Server 6.3 (6.3-6.03 64-bit: ci-5.0-1.03_solx86_x64__Messaging_Server_6.3-2 + patch 126480-09__MSG63__x86-64), UWC/CE 6.3 (from JCS5 + 122794-17__UWC63-4.01_core__x86), Instant Messaging 7.2 (from JCS5 + 118790-29__IM72__x86-1 + 118787-28__IM72__x86-2), Calendar Server 6.3 (from JCS5 + 121658-28__iCS63__x86). The web-components (UWC/CE, IM, /httpbind) are deployed in a Sun Web Server 7.0U1 as well.
    This zone is named "sunmail.domain.ru" and has a routed IP address for direct external access to its servicess.
    The AM SDK part is also patched (126357-01__AM71_x86); it points to the load-balancer name ("psam.domain.ru") as an actual AM server.
    # imsimta version
    Sun Java(tm) System Messaging Server 6.3-6.03 (built Mar 14 2008; 64bit)
    libimta.so 6.3-6.03 (built 17:15:08, Mar 14 2008; 64bit)
    SunOS sunmail 5.10 Generic_127112-07 i86pc i386 i86pc
    While setting up this server set we tried to use AM SSO as the user login method, but it works unreliably.
    "Unreliably" means that while most of the time entering a correct uid and password in Access Manager login page ("http://psam.domain.ru/amserver/UI/Login") does redirect a user back to "http://sunmail.domain.ru/uwc/auth" along with a new cookie, and the user is redirected again to his or her mailbox, sometimes the user receives the UWC/CE login page. Entering the same uid and password here does log him in, but it breaks the whole point of SSO and only increases the end-user routine required to log in :\
    We have also seen the "missing mail tab" problem - if the users point the browser to any hostname different from "sunmail.domain.ru" (i.e. www.mail.domain.ru which is equivalent in DNS), they have only the Address book, Calendar and Options tabs; no webmail. So far this is resolved by Policy Agent forcing The One name of the server.
    Here's the configuration we did specifically for AM SSO:
    1) in AMConfig.properties of "sunmail" and "cos-psam-01" we set up
    com.iplanet.am.cookie.encode=false
    am.encryption.pwd=<the same value>
    all hostname-related parameters point to "psam.domain.ru"
    2) in AMConfig.properties of "cos-psam-01" a number of FQDN equivalence entries are added (so it does not redirect to a server hostname unknown to visitors):
    com.sun.identity.server.fqdnMap[publicname-or-ip]=psam.domain.ru
    com.sun.identity.server.fqdnMap[cos-psam-01.domain.ru]=cos-psam-01.domain.ru
    3) in "msg.conf" on "sunmail" (entries added via configutil):
    local.webmail.sso.amcookiename = iPlanetDirectoryPro
    local.webmail.sso.amnamingurl = http://psam.domain.ru:80/amserver/namingservice
    local.webmail.sso.singlesignoff = yes
    local.webmail.sso.uwcenabled = 1
    service.http.ipsecurity = no
    (perhaps some more options are required? Looking for confirmation about: local.webmail.sso.uwclogouturl local.webmail.sso.uwccontexturi local.webmail.sso.uwchome service.http.allowadminproxy )
    4) Configured Web Policy Agent for Sun Web Server, so that users without an AM session are required to get one. Set up per [http://msg.wikidoc.info/index.php/AM_redirection_using_Policy_Agent], except that com.sun.am.policy.agents.config.notenforced_list points to the many names our server can go known by.
    5) Updated the logout URL in /opt/SUNWuwc/webmail/main.js:
    --- main.js.orig        Sat Jan 26 07:52:09 2008
    +++ main.js     Mon Jul 21 01:06:29 2008
    @@ -667,7 +667,8 @@
    function cleanup() {
       if(laurel)
    -      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
    +//      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
    +      top.window.location =  "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
       else
           exec('logout', '', 'exit()')
    @@ -1707,7 +1708,8 @@
       if(lg) {
             url = document.location.href
             url = url.substr(0,url.indexOf('webmail'))
    -        uwcurl = url + 'base/UWCMain?op=logout'        
    +//      uwcurl = url + 'base/UWCMain?op=logout'        
    +        uwcurl = "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
       exit()
    }6) Calendar SSO - per docs...
    According to ngrep sniffing,
    1) the browser goes to "http://sunmail.domain.ru/uwc/auth" without any cookies
    2) receives a redirect and goes to "http://psam.domain.ru/amserver/UI/Login?gotoOnFail=http://sunmail.domain.ru:80/uwc&goto=http%3A%2F%2Fsunmail.domain.ru%3A80%2Fuwc%2Fauth"; sends no cookies either.
    3) The first response from the "psam" server (as redirected from "cos-psam-01") sets a few cookies while rendering the login page:
    Set-cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; Path=/
    Set-cookie: AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
    Set-cookie: amlbcookie=02; Domain=.domain.ru; Path=/
    4) The browser requests the login page resources (javascripts, images, etc) using these cookies, as in this header line:
    Cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; amlbcookie=02
    5) The browser POSTs the login request to "/amserver/UI/Login" and receives a redirection to http://sunmail.domain.ru:80/uwc/auth
    Set-cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
    Set-cookie: AMAuthCookie=LOGOUT; Domain=.domain.ru; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
    6) The browser requests "http://sunmail.domain.ru/uwc/auth" using the newly set cookie (looks like the old one to me though):
    Cookie: amlbcookie=02; iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#
    7) The "sunmail" web-server checks the AM session validity with the same "psam.domain.ru". It sends a series of POSTs to /amserver/namingservice:
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <RequestSet vers="1.0" svcid="com.iplanet.am.naming" reqid="685">
    <Request><![CDATA[
    <NamingRequest vers="1.0" reqid="324" sessid="AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#">
    <GetNamingProfile>
    </GetNamingProfile>
    </NamingRequest>]]>
    </Request>
    </RequestSet>(receives a large XML list of different Access Manager configuration parameters and URLs)
    ...then a double-request to /amserver/sessionservice:
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <RequestSet vers="1.0" svcid="Session" reqid="686">
    <Request><![CDATA[
    <SessionRequest vers="1.0" reqid="678">
    <GetSession reset="true">
    <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
    </GetSession>
    </SessionRequest>]]>
    </Request>
    <Request><![CDATA[
    <SessionRequest vers="1.0" reqid="679">
    <AddSessionListener>
    <URL>http://sunmail.domain.ru:80/UpdateAgentCacheServlet?shortcircuit=false</URL>
    <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
    </AddSessionListener>
    </SessionRequest>]]>
    </Request>
    </RequestSet>As a result it receives an XML with a lot of user-specific information (the username, LDAP DN, preferred locale, auth module used, etc.)
    !!!*** Now, the problem part ***!!!
    8) And then "sunmail" POSTs a broken cookie to "psam" (note the space in mid-text, where the "plus" sign was previously). As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here.
    I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. I looked over the large XML responses to the two previous requests, whenever they mention the session cookie value, the "plus" is there.
    For the most detail I can provide, I'll even paste the whole HTTP packet:
    POST /amserver/sessionservice HTTP/1.1
    Proxy-agent: Sun-Java-System-Web-Server/7.0
    Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#;amlbcookie=null
    Content-type: text/xml;charset=UTF-8
    Content-length: 336
    Cache-control: no-cache
    Pragma: no-cache
    User-agent: Java/1.5.0_09
    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
    Host: cos-psam-01.domain.ru
    Client-ip: 194.xxx.xxx.xxx
    Via: 1.1 https-weblb.domain.ru
    Connection: keep-alive
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <RequestSet vers="1.0" svcid="session" reqid="258">
    <Request><![CDATA[<SessionRequest vers="1.0" reqid="254">
    <GetSession reset="true">
    <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</SessionID>
    </GetSession>
    </SessionRequest>]]></Request>
    </RequestSet> The server's error response is apparent:
    HTTP/1.1 200 OK
    Server: Sun-Java-System-Web-Server/7.0
    Date: Thu, 31 Jul 2008 05:49:50 GMT
    Content-type: text/html
    Transfer-encoding: chunked
    19b
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <ResponseSet vers="1.0" svcid="session" reqid="258">
    <Response><![CDATA[<SessionResponse vers="1.0" reqid="254">
    <GetSession>
    <Exception>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=# Invalid session ID
    AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</Exception>
    </GetSession>
    </SessionResponse>]]></Response>
    </ResponseSet>On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
    For reference, here's a working final request-response (one with a good cookie, as received by the load-balancer web-server). Request looks a bit different:
    POST /amserver/sessionservice HTTP/1.1
    Cookie: iPlanetDirectoryPro=AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#;amlbcookie=null
    Content-Type: text/xml;charset=UTF-8
    Content-Length: 379
    Cache-Control: no-cache
    Pragma: no-cache
    User-Agent: Java/1.5.0_09
    Host: psam.domain.ru
    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
    Connection: keep-alive
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <RequestSet vers="1.0" svcid="session" reqid="281">
    <Request><![CDATA[<SessionRequest vers="1.0" reqid="277">
    <SetProperty>
    <SessionID>AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#</SessionID>
    <Property name="uwcstatus" value="active"></Property>
    </SetProperty>
    </SessionRequest>]]></Request>
    </RequestSet> ...and the response is OK:
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <ResponseSet vers="1.0" svcid="session" reqid="281">
    <Response><![CDATA[<SessionResponse vers="1.0" reqid="277">
    <SetProperty>
    <OK></OK>
    </SetProperty>
    </SessionResponse>]]></Response>
    </ResponseSet>

    There have been a few reports of the same behaviour with other customers - specifically with the handling of the encoding of "+" characters to " ". It relates to how cookie encoding/decoding is performed (as you have already observed).
    The solution for these customers was the following:
    => AM server/client side:
    Ensure that com.iplanet.am.cookie.encode=false in AMConfig.properties and AMAgent.properties on all systems.
    => AM client (UWC) side:
    - Set <property name="encodeCookies" value="false"/> in /var/opt/SUNWuwc/WEB-INF/sun-web.xml. This will prevent UWC from trying to urldecode the cookie it receives and therefore stops it turning the + into a space e.g.
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'file:///net/wajra.india.sun.com/export/share/dtd/sun-web-app_2_3-1.dtd'>
    <sun-web-app>
       <property name="encodeCookies" value="false"/>
       <session-config>
          <session-manager/>
       </session-config>
       <jsp-config/>
    <property name="allowLinking" value="true" />
    </sun-web-app>Regards,
    Shane.

  • How do I connect to internet with vz access manager for iphone 4S?

    I have VZ Access Manager on my laptop and want to use it to connect to internet on my new iphone 4S.  How do I do this?

    If you can set up an Ad Hoc wireless network from your laptop, you could use it that way. Once again VZ Access Manager will not enter into the sharing part.
    Plug these search terms into Google:
    set up an ad hoc network
    You'll find lots of instructions.
    Best of luck.

  • Problem with second instance of access manager

    Well, after sorting out things with the first install of access manager, I went on to install a second instance on a different host (it's required for delegated admin..)
    Here are the options I used on install:
    Access Manager: Administration (1 of 6)
    Administrator User ID: amAdmin
    Administrator Password [] {"<" goes back, "!" exits}:
    Retype Password [] {"<" goes back, "!" exits}:
    LDAP User ID: amldapuser
    LDAP Password [] {"<" goes back, "!" exits}:
    Retype Password [] {"<" goes back, "!" exits}:
    Password Encryption Key [gFoe4t8UlUW3wEApngAY3S8bCQFVMlGk] {"<" goes back,
    "!" exits}: weW5jtopMLQsODiBZDp+hlEp1/CtbiXX
    Install type (Realm/Legacy) Mode [Legacy] {"<" goes back, "!" exits}:
    Access Manager: Web Container (2 of 6)
    1. Sun Java System Application Server
    2. Sun Java System Web Server
    Select the container to deploy the component and hit enter key [2] {"<" goes
    back, "!" exits}
    Access Manager: Sun Java System Web Server (3 of 6)
    Host Name [zone2.corenode.com] {"<" goes back, "!" exits}:
    Web Server Instance Directory [opt/SUNWwbsvr/https-zone2.corenode.com] {"<"
    goes back, "!" exits}:
    Web Server Port [80] {"<" goes back, "!" exits}:
    Document Root Directory [opt/SUNWwbsvr/docs] {"<" goes back, "!" exits}:
    Secure Server Instance Port [No] {"<" goes back, "!" exits}:
    Access Manager: Web Container for running Access Manager Services(4 of 6)
    Host Name [zone2.corenode.com] {"<" goes back, "!" exits}:
    Services Deployment URI [amserver] {"<" goes back, "!" exits}:
    Common Domain Deployment URI [amcommon] {"<" goes back, "!" exits}:
    Cookie Domain(Assure it is not a top level domain) [.corenode.com] {"<" goes
    back, "!" exits}:
    Administration Console [Yes] {"<" goes back, "!" exits}:
    Console Deployment URI [amconsole] {"<" goes back, "!" exits}:
    Password Deployment URI [ampassword] {"<" goes back, "!" exits}:
    Access Manager: Directory Server Information (5 of 6)
    Directory Server Host [] {"<" goes back, "!" exits}: zone1.corenode.com
    Directory Server Port [] {"<" goes back, "!" exits}: 389
    Directory Root Suffix [dc=corenode,dc=com] {"<" goes back, "!" exits}:
    Directory Manager DN [cn=Directory Manager] {"<" goes back, "!" exits}:
    Directory Manager Password [] {"<" goes back, "!" exits}:
    Access Manager: Directory Server Information (6 of 6)
    Is Directory Server provisioned with user data [No] {"<" goes back, "!"
    exits}? Yes
    Organization Marker Object Class [sunISManagedOrganization] {"<" goes back,
    "!" exits}:
    Organization Naming Attribute [o] {"<" goes back, "!" exits}:
    User Marker Object Class [inetorgperson] {"<" goes back, "!" exits}:
    User Naming Attribute [uid] {"<" goes back, "!" exits}:
    Yes, I am using the same key as was used on host1 for access manager. Yes, access manager on host 1 is quite functional right now. Yes, that directory server works. Now I'm really stumped on what to do! Everything in JES seems to work great except access manager, the exceptions it throws really don't help any at all in troubleshooting.
    Any ideas?

    More info from error logs:
    # pwd
    /var/opt/SUNWam/debug
    # tail -200 amAuth
    04/12/2006 09:56:47:127 AM HST: Thread[main,5,main]
    ERROR: AuthD failed to get auth session
    04/12/2006 09:56:47:165 AM HST: Thread[main,5,main]
    ERROR: AuthD init()
    com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
    at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:709)
    at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
    at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
    at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
    at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
    at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
    at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
    at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
    at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
    at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
    at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
    at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
    # tail -200 amSession
    04/12/2006 09:56:47:098 AM HST: Thread[main,5,main]
    ERROR: SessionService.SessionService(): Initialization Failed
    com.iplanet.services.naming.ServerEntryNotFoundException: Cannot find server ID.
    at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:350)
    at com.iplanet.dpro.session.service.SessionService.<init>(SessionService.java:1540)
    at com.iplanet.dpro.session.service.SessionService.getSessionService(SessionService.java:382)
    at com.sun.identity.authentication.service.AuthD.getSS(AuthD.java:685)
    at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:706)
    at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
    at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
    at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
    at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
    at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
    at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
    at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
    at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
    at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
    at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
    at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
    04/12/2006 09:56:47:126 AM HST: Thread[main,5,main]
    ERROR: Error creating service session
    java.lang.NullPointerException
    at com.iplanet.dpro.session.service.SessionService.generateEncryptedID(SessionService.java:588)
    at com.iplanet.dpro.session.service.SessionService.generateSessionId(SessionService.java:612)
    at com.iplanet.dpro.session.service.SessionService.newInternalSession(SessionService.java:557)
    at com.iplanet.dpro.session.service.SessionService.getServiceSession(SessionService.java:501)
    at com.iplanet.dpro.session.service.SessionService.getAuthenticationSession(SessionService.java:408)
    at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:706)
    at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
    at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
    at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
    at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
    at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
    at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
    at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
    at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
    at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
    at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
    at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
    #

  • How to connect Portege M700 to TV using VGA port?

    I bought a VGA to S-video/audio adapter and connected it to my VGA port and to the TV.
    Nothing happened.
    In control panel.... no other display/external display was detected.
    The only postings I have come across use a port emulator or something.
    I have the Portege M700 preinstalled with Vista Business tablet.
    Any ideas would be most welcome.
    Thanks

    Thanks for answering.
    I used an adapter which plugs into the VGA port on my M700 and allows either audio/display or S-video to connect to it. That is what I used, trying to connect via S-video or scart... and I'm afraid it did not work for me ;-(
    It is a VGA to S-video/audio convertor.
    Here is thye ebay link to the adapter I bought for this:
    http://cgi.ebay.co.uk/VGA-to-TV-Converter-S-Video-RCA-Out-Cable-Adapter-UK_W0QQitemZ120343643231QQihZ002QQcategoryZ41993QQ tcZphotoQQcmdZViewItemQQ_trksidZp1742.m153.l1262
    I may be doing something stoopid... I hope I am but it worries me that if it works for you, there must be something wrong with my notebook :-(
    The graphics adapter shows "single display" and the multiple display option is not available there.
    I am confused as my old laptop used to work just fine.
    I am wondering if there is something I need to activate, but there is nothing in the bios setup or control panel.
    I just physically connected them and then clicked on the "connect to external display" as well as checking the graphics options.
    Perhaps the cable is the wrong one ?
    Message was edited by: cinnamongirl
    Also, when I use FN + F5, nothing happens. No windows come up.

  • Too  Slow - Domino 6.5.4  with access manager agent 2.2 ?

    I don't know how to tune Domino 6.5.4 with access manager agent 2.2?
    I think AMAgent.properties is not good for SSO.
    Please help me to tune it.
    # $Id: AMAgent.properties,v 1.103 2005/09/19 22:08:34 madan Exp $
    # Copyright ? 2002 Sun Microsystems, Inc. All rights reserved.
    # U.S. Government Rights - Commercial software. Government users are
    # subject to the Sun Microsystems, Inc. standard license agreement and
    # applicable provisions of the FAR and its supplements. Use is subject to
    # license terms. Sun, Sun Microsystems, the Sun logo and Sun ONE are
    # trademarks or registered trademarks of Sun Microsystems, Inc. in the
    # U.S. and other countries.
    # Copyright ? 2002 Sun Microsystems, Inc. Tous droits r&#38303;erv&#38303;.
    # Droits du gouvernement am&#38302;icain, utlisateurs gouvernmentaux - logiciel
    # commercial. Les utilisateurs gouvernmentaux sont soumis au contrat de
    # licence standard de Sun Microsystems, Inc., ainsi qu aux dispositions en
    # vigueur de la FAR [ (Federal Acquisition Regulations) et des suppl&#38297;ents
    # ? celles-ci.
    # Distribu? par des licences qui en restreignent l'utilisation. Sun, Sun
    # Microsystems, le logo Sun et Sun ONE sont des marques de fabrique ou des
    # marques d&#38300;os&#38289;s de Sun Microsystems, Inc. aux Etats-Unis et dans
    # d'autres pays.
    # The syntax of this file is that of a standard Java properties file,
    # see the documentation for the java.util.Properties.load method for a
    # complete description. (CAVEAT: The SDK in the parser does not currently
    # support any backslash escapes except for wrapping long lines.)
    # All property names in this file are case-sensitive.
    # NOTE: The value of a property that is specified multiple times is not
    # defined.
    # WARNING: The contents of this file are classified as an UNSTABLE
    # interface by Sun Microsystems, Inc. As such, they are subject to
    # significant, incompatible changes in any future release of the
    # software.
    # The name of the cookie passed between the Access Manager
    # and the SDK.
    # WARNING: Changing this property without making the corresponding change
    # to the Access Manager will disable the SDK.
    com.sun.am.cookie.name = iPlanetDirectoryPro
    # The URL for the Access Manager Naming service.
    com.sun.am.naming.url = http://sportal.yjy.dqyt.petrochina:80/amserver/namingservice
    # The URL of the login page on the Access Manager.
    com.sun.am.policy.am.login.url = http://sportal.yjy.dqyt.petrochina:80/amserver/UI/Login
    # Name of the file to use for logging messages.
    com.sun.am.policy.agents.config.local.log.file = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAgent
    # This property is used for Log Rotation. The value of the property specifies
    # whether the agent deployed on the server supports the feature of not. If set
    # to false all log messages are written to the same file.
    com.sun.am.policy.agents.config.local.log.rotate = true
    # Name of the Access Manager log file to use for logging messages to
    # Access Manager.
    # Just the name of the file is needed. The directory of the file
    # is determined by settings configured on the Access Manager.
    com.sun.am.policy.agents.config.remote.log = amAuthLog.Dominoad.yjy.dqyt.petrochina.80
    # Set the logging level for the specified logging categories.
    # The format of the values is
    #     <ModuleName>[:<Level>][,<ModuleName>[:<Level>]]*
    # The currently used module names are: AuthService, NamingService,
    # PolicyService, SessionService, PolicyEngine, ServiceEngine,
    # Notification, PolicyAgent, RemoteLog and all.
    # The all module can be used to set the logging level for all currently
    # none logging modules. This will also establish the default level for
    # all subsequently created modules.
    # The meaning of the 'Level' value is described below:
    #     0     Disable logging from specified module*
    #     1     Log error messages
    #     2     Log warning and error messages
    #     3     Log info, warning, and error messages
    #     4     Log debug, info, warning, and error messages
    #     5     Like level 4, but with even more debugging messages
    # 128     log url access to log file on AM server.
    # 256     log url access to log file on local machine.
    # If level is omitted, then the logging module will be created with
    # the default logging level, which is the logging level associated with
    # the 'all' module.
    # for level of 128 and 256, you must also specify a logAccessType.
    # *Even if the level is set to zero, some messages may be produced for
    # a module if they are logged with the special level value of 'always'.
    com.sun.am.log.level =
    # The org, username and password for Agent to login to AM.
    com.sun.am.policy.am.username = UrlAccessAgent
    com.sun.am.policy.am.password = LYnKyOIgdWt404ivWY6HPQ==
    # Name of the directory containing the certificate databases for SSL.
    com.sun.am.sslcert.dir = c:/Sun/Access_Manager/Agents/2.2/domino/cert
    # Set this property if the certificate databases in the directory specified
    # by the previous property have a prefix.
    com.sun.am.certdb.prefix =
    # Should agent trust all server certificates when Access Manager
    # is running SSL?
    # Possible values are true or false.
    com.sun.am.trust_server_certs = true
    # Should the policy SDK use the Access Manager notification
    # mechanism to maintain the consistency of its internal cache? If the value
    # is false, then a polling mechanism is used to maintain cache consistency.
    # Possible values are true or false.
    com.sun.am.notification.enable = true
    # URL to which notification messages should be sent if notification is
    # enabled, see previous property.
    com.sun.am.notification.url = http://Dominoad.yjy.dqyt.petrochina:80/amagent/UpdateAgentCacheServlet?shortcircuit=false
    # This property determines whether URL string case sensitivity is
    # obeyed during policy evaluation
    com.sun.am.policy.am.url_comparison.case_ignore = true
    # This property determines the amount of time (in minutes) an entry
    # remains valid after it has been added to the cache. The default
    # value for this property is 3 minutes.
    com.sun.am.policy.am.polling.interval=3
    # This property allows the user to configure the User Id parameter passed
    # by the session information from the access manager. The value of User
    # Id will be used by the agent to set the value of REMOTE_USER server
    # variable. By default this parameter is set to "UserToken"
    com.sun.am.policy.am.userid.param=UserToken
    # Profile attributes fetch mode
    # String attribute mode to specify if additional user profile attributes should
    # be introduced into the request. Possible values are:
    # NONE - no additional user profile attributes will be introduced.
    # HTTP_HEADER - additional user profile attributes will be introduced into
    # HTTP header.
    # HTTP_COOKIE - additional user profile attributes will be introduced through
    # cookies.
    # If not within these values, it will be considered as NONE.
    com.sun.am.policy.agents.config.profile.attribute.fetch.mode=NONE
    # The user profile attributes to be added to the HTTP header. The
    # specification is of the format ldap_attribute_name|http_header_name[,...].
    # ldap_attribute_name is the attribute in data store to be fetched and
    # http_header_name is the name of the header to which the value needs
    # to be assigned.
    # NOTE: In most cases, in a destination application where a "http_header_name"
    # shows up as a request header, it will be prefixed by HTTP_, and all
    # lower case letters will become upper case, and any - will become _;
    # For example, "common-name" would become "HTTP_COMMON_NAME"
    com.sun.am.policy.agents.config.profile.attribute.map=cn|common-name,ou|organizational-unit,o|organization,mail|email,employeenumber|employee-
    number,c|country
    # Session attributes mode
    # String attribute mode to specify if additional user session attributes should
    # be introduced into the request. Possible values are:
    # NONE - no additional user session attributes will be introduced.
    # HTTP_HEADER - additional user session attributes will be introduced into HTTP header.
    # HTTP_COOKIE - additional user session attributes will be introduced through cookies.
    # If not within these values, it will be considered as NONE.
    com.sun.am.policy.agents.config.session.attribute.fetch.mode=NONE
    # The session attributes to be added to the HTTP header. The specification is
    # of the format session_attribute_name|http_header_name[,...].
    # session_attribute_name is the attribute in session to be fetched and
    # http_header_name is the name of the header to which the value needs to be
    # assigned.
    # NOTE: In most cases, in a destination application where a "http_header_name"
    # shows up as a request header, it will be prefixed by HTTP_, and all
    # lower case letters will become upper case, and any - will become _;
    # For example, "common-name" would become "HTTP_COMMON_NAME"
    com.sun.am.policy.agents.config.session.attribute.map=
    # Response Attribute Fetch Mode
    # String attribute mode to specify if additional user response attributes should
    # be introduced into the request. Possible values are:
    # NONE - no additional user response attributes will be introduced.
    # HTTP_HEADER - additional user response attributes will be introduced into
    # HTTP header.
    # HTTP_COOKIE - additional user response attributes will be introduced through
    # cookies.
    # If not within these values, it will be considered as NONE.
    com.sun.am.policy.agents.config.response.attribute.fetch.mode=NONE
    # The response attributes to be added to the HTTP header. The specification is
    # of the format response_attribute_name|http_header_name[,...].
    # response_attribute_name is the attribute in policy response to be fetched and
    # http_header_name is the name of the header to which the value needs to be
    # assigned.
    # NOTE: In most cases, in a destination application where a "http_header_name"
    # shows up as a request header, it will be prefixed by HTTP_, and all
    # lower case letters will become upper case, and any - will become _;
    # For example, "common-name" would become "HTTP_COMMON_NAME"
    com.sun.am.policy.agents.config.response.attribute.map=
    # The cookie name used in iAS for sticky load balancing
    com.sun.am.policy.am.lb.cookie.name = GX_jst
    # indicate where a load balancer is used for Access Manager
    # services.
    # true | false
    com.sun.am.load_balancer.enable = false
    ####Agent Configuration####
    # this is for product versioning, please do not modify it
    com.sun.am.policy.agents.config.version=2.2
    # Set the url access logging level. the choices are
    # LOG_NONE - do not log user access to url
    # LOG_DENY - log url access that was denied.
    # LOG_ALLOW - log url access that was allowed.
    # LOG_BOTH - log url access that was allowed or denied.
    com.sun.am.policy.agents.config.audit.accesstype = LOG_DENY
    # Agent prefix
    com.sun.am.policy.agents.config.agenturi.prefix = http://Dominoad.yjy.dqyt.petrochina:80/amagent
    # Locale setting.
    com.sun.am.policy.agents.config.locale = en_US
    # The unique identifier for this agent instance.
    com.sun.am.policy.agents.config.instance.name = unused
    # Do SSO only
    # Boolean attribute to indicate whether the agent will just enforce user
    # authentication (SSO) without enforcing policies (authorization)
    com.sun.am.policy.agents.config.do_sso_only = true
    # The URL of the access denied page. If no value is specified, then
    # the agent will return an HTTP status of 403 (Forbidden).
    com.sun.am.policy.agents.config.accessdenied.url =
    # This property indicates if FQDN checking is enabled or not.
    com.sun.am.policy.agents.config.fqdn.check.enable = true
    # Default FQDN is the fully qualified hostname that the users should use
    # in order to access resources on this web server instance. This is a
    # required configuration value without which the Web server may not
    # startup correctly.
    # The primary purpose of specifying this property is to ensure that if
    # the users try to access protected resources on this web server
    # instance without specifying the FQDN in the browser URL, the Agent
    # can take corrective action and redirect the user to the URL that
    # contains the correct FQDN.
    # This property is set during the agent installation and need not be
    # modified unless absolutely necessary to accommodate deployment
    # requirements.
    # WARNING: Invalid value for this property can result in the Web Server
    # becoming unusable or the resources becoming inaccessible.
    # See also: com.sun.am.policy.agents.config.fqdn.check.enable,
    # com.sun.am.policy.agents.config.fqdn.map
    com.sun.am.policy.agents.config.fqdn.default = Dominoad.yjy.dqyt.petrochina
    # The FQDN Map is a simple map that enables the Agent to take corrective
    # action in the case where the users may have typed in an incorrect URL
    # such as by specifying partial hostname or using an IP address to
    # access protected resources. It redirects the browser to the URL
    # with fully qualified domain name so that cookies related to the domain
    # are received by the agents.
    # The format for this property is:
    # com.sun.am.policy.agents.config.fqdn.map = [invalid_hostname|valid_hostname][,...]
    # This property can also be used so that the agents use the name specified
    # in this map instead of the web server's actual name. This can be
    # accomplished by doing the following.
    # Say you want your server to be addressed as xyz.hostname.com whereas the
    # actual name of the server is abc.hostname.com. The browsers only knows
    # xyz.hostname.com and you have specified polices using xyz.hostname.com at
    # the Access Manager policy console, in this file set the mapping as
    # com.sun.am.policy.agents.fqdn.map = valid|xyz.hostname.com
    # Another example is if you have multiple virtual servers say rst.hostname.com,
    # uvw.hostname.com and xyz.hostname.com pointing to the same actual server
    # abc.hostname.com and each of the virtual servers have their own policies
    # defined, then the fqdnMap should be defined as follows:
    # com.sun.am.policy.agents.fqdn.map = valid1|rst.hostname.com,valid2|uvw.hostname.com,valid3|xyz.hostname.com
    # WARNING: Invalid value for this property can result in the Web Server
    # becoming unusable or the resources becoming inaccessible.
    com.sun.am.policy.agents.config.fqdn.map =
    # Cookie Reset
    # This property must be set to true, if this agent needs to
    # reset cookies in the response before redirecting to
    # Access Manager for Authentication.
    # By default this is set to false.
    # Example : com.sun.am.policy.agents.config.cookie.reset.enable=true
    com.sun.am.policy.agents.config.cookie.reset.enable=false
    # This property gives the comma separated list of Cookies, that
    # need to be included in the Redirect Response to Access Manager.
    # This property is used only if the Cookie Reset feature is enabled.
    # The Cookie details need to be specified in the following Format
    # name[=value][;Domain=value]
    # If "Domain" is not specified, then the default agent domain is
    # used to set the Cookie.
    # Example : com.sun.am.policy.agents.config.cookie.reset.list=LtpaToken,
    # token=value;Domain=subdomain.domain.com
    com.sun.am.policy.agents.config.cookie.reset.list=
    # This property gives the space separated list of domains in
    # which cookies have to be set in a CDSSO scenario. This property
    # is used only if CDSSO is enabled.
    # If this property is left blank then the fully qualified cookie
    # domain for the agent server will be used for setting the cookie
    # domain. In such case it is a host cookie instead of a domain cookie.
    # Example : com.sun.am.policy.agents.config.cookie.domain.list=.sun.com .iplanet.com
    com.sun.am.policy.agents.config.cookie.domain.list=
    # user id returned if accessing global allow page and not authenticated
    com.sun.am.policy.agents.config.anonymous_user=anonymous
    # Enable/Disable REMOTE_USER processing for anonymous users
    # true | false
    com.sun.am.policy.agents.config.anonymous_user.enable=false
    # Not enforced list is the list of URLs for which no authentication is
    # required. Wildcards can be used to define a pattern of URLs.
    # The URLs specified may not contain any query parameters.
    # Each service have their own not enforced list. The service name is suffixed
    # after "# com.sun.am.policy.agents.notenforcedList." to specify a list
    # for a particular service. SPACE is the separator between the URL.
    com.sun.am.policy.agents.config.notenforced_list = http://dominoad.yjy.dqyt.petrochina/*.nsf http://dominoad.yjy.dqyt.petrochina/teamroom.nsf/TROutline.gif?
    OpenImageResource http://dominoad.yjy.dqyt.petrochina/icons/*.gif
    # Boolean attribute to indicate whether the above list is a not enforced list
    # or an enforced list; When the value is true, the list means enforced list,
    # or in other words, the whole web site is open/accessible without
    # authentication except for those URLs in the list.
    com.sun.am.policy.agents.config.notenforced_list.invert = false
    # Not enforced client IP address list is a list of client IP addresses.
    # No authentication and authorization are required for the requests coming
    # from these client IP addresses. The IP address must be in the form of
    # eg: 192.168.12.2 1.1.1.1
    com.sun.am.policy.agents.config.notenforced_client_ip_list =
    # Enable POST data preservation; By default it is set to false
    com.sun.am.policy.agents.config.postdata.preserve.enable = false
    # POST data preservation : POST cache entry lifetime in minutes,
    # After the specified interval, the entry will be dropped
    com.sun.am.policy.agents.config.postcache.entry.lifetime = 10
    # Cross-Domain Single Sign On URL
    # Is CDSSO enabled.
    com.sun.am.policy.agents.config.cdsso.enable=false
    # This is the URL the user will be redirected to for authentication
    # in a CDSSO Scenario.
    com.sun.am.policy.agents.config.cdcservlet.url =
    # Enable/Disable client IP address validation. This validate
    # will check if the subsequent browser requests come from the
    # same ip address that the SSO token is initially issued against
    com.sun.am.policy.agents.config.client_ip_validation.enable = false
    # Below properties are used to define cookie prefix and cookie max age
    com.sun.am.policy.agents.config.profile.attribute.cookie.prefix = HTTP_
    com.sun.am.policy.agents.config.profile.attribute.cookie.maxage = 300
    # Logout URL - application's Logout URL.
    # This URL is not enforced by policy.
    # if set, agent will intercept this URL and destroy the user's session,
    # if any. The application's logout URL will be allowed whether or not
    # the session destroy is successful.
    com.sun.am.policy.agents.config.logout.url=
    #http://sportal.yjy.dqyt.petrochina/amserver/UI/Logout
    # Any cookies to be reset upon logout in the same format as cookie_reset_list
    com.sun.am.policy.agents.config.logout.cookie.reset.list =
    # By default, when a policy decision for a resource is needed,
    # agent gets and caches the policy decision of the resource and
    # all resource from the root of the resource down, from the Access Manager.
    # For example, if the resource is http://host/a/b/c, the the root of the
    # resource is http://host/. This is because more resources from the
    # same path are likely to be accessed subsequently.
    # However this may take a long time the first time if there
    # are many many policies defined under the root resource.
    # To have agent get and cache the policy decision for the resource only,
    # set the following property to false.
    com.sun.am.policy.am.fetch_from_root_resource = true
    # Whether to get the client's hostname through DNS reverse lookup for use
    # in policy evaluation.
    # It is true by default, if the property does not exist or if it is
    # any value other than false.
    com.sun.am.policy.agents.config.get_client_host_name = false
    # The following property is to enable native encoding of
    # ldap header attributes forwarded by agents. If set to true
    # agent will encode the ldap header value in the default
    # encoding of OS locale. If set to false ldap header values
    # will be encoded in UTF-8
    com.sun.am.policy.agents.config.convert_mbyte.enable = false
    #When the not enforced list or policy has a wildcard '*' character, agent
    #strips the path info from the request URI and uses the resulting request
    #URI to check against the not enforced list or policy instead of the entire
    #request URI, in order to prevent someone from getting access to any URI by
    #simply appending the matching pattern in the policy or not enforced list.
    #For example, if the not enforced list has the value http://host/*.gif,
    #stripping the path info from the request URI will prevent someone from
    #getting access to http://host/index.html by using the URL http://host/index.html?hack.gif.
    #However when a web server (for exmample apache) is configured to be a reverse
    #proxy server for a J2EE application server, path info is interpreted in a different
    #manner since it maps to a resource on the proxy instead of the app server.
    #This prevents the not enforced list or policy from being applied to part of
    #the URI below the app serverpath if there is a wildcard character. For example,
    #if the not enforced list has value http://host/webapp/servcontext/* and the
    #request URL is http://host/webapp/servcontext/example.jsp the path info
    #is /servcontext/example.jsp and the resulting request URL with path info stripped
    #is http://host/webapp, which will not match the not enforced list. By setting the
    #following property to true, the path info will not be stripped from the request URL
    #even if there is a wild character in the not enforced list or policy.
    #Be aware though that if this is set to true there should be nothing following the
    #wildcard character '*' in the not enforced list or policy, or the
    #security loophole described above may occur.
    com.sun.am.policy.agents.config.ignore_path_info = false
    # Override the request url given by the web server with
    # the protocol, host or port of the agent's uri specified in
    # the com.sun.am.policy.agents.agenturiprefix property.
    # These may be needed if the agent is sitting behind a ssl off-loader,
    # load balancer, or proxy, and either the protocol (HTTP scheme),
    # hostname, or port of the machine in front of agent which users go through
    # is different from the agent's protocol, host or port.
    com.sun.am.policy.agents.config.override_protocol =
    com.sun.am.policy.agents.config.override_host =
    com.sun.am.policy.agents.config.override_port =
    # Override the notification url in the same way as other request urls.
    # Set this to true if any one of the override properties above is true,
    # and if the notification url is coming through the proxy or load balancer
    # in the same way as other request url's.
    com.sun.am.policy.agents.config.override_notification.url =
    # The following property defines how long to wait in attempting
    # to connect to an Access Manager AUTH server.
    # The default value is 2 seconds. This value needs to be increased
    # when receiving the error "unable to find active Access Manager Auth server"
    com.sun.am.policy.agents.config.connection_timeout =
    # Time in milliseconds the agent will wait to receive the
    # response from Access Manager. After the timeout, the connection
    # will be drop.
    # A value of 0 means that the agent will wait until receiving the response.
    # WARNING: Invalid value for this property can result in
    # the resources becoming inaccessible.
    com.sun.am.receive_timeout = 0
    # The three following properties are for IIS6 agent only.
    # The two first properties allow to set a username and password that will be
    # used by the authentication filter to pass the Windows challenge when the Basic
    # Authentication option is selected in Microsoft IIS 6.0. The authentication
    # filter is named amiis6auth.dll and is located in
    # Agent_installation_directory/iis6/bin. It must be installed manually on
    # the web site ("ISAPI Filters" tab in the properties of the web site).
    # It must also be uninstalled manually when unintalling the agent.
    # The last property defines the full path for the authentication filter log file.
    com.sun.am.policy.agents.config.iis6.basicAuthentication.username =
    com.sun.am.policy.agents.config.iis6.basicAuthentication.password =
    com.sun.am.policy.agents.config.iis6.basicAuthentication.logFile = c:/Sun/Access_Manager/Agents/2.2/debug/C__Lotus_Domino/amAuthFilter

    Hi,
    I installed opensso (so Sun Java(TM) System Access Manager 7.5) and the agent for Domino 6.5.4 and I have the message in logs "amAgent"
    2007-07-11 18:40:16.119 Error 1708:3dbcf768 PolicyAgent: render_response(): Entered.
    I have the box to identify but it doesnot connect me on my opensso server.
    It still identify with Domino's server
    Thanks for your response
    Thomas

  • How to change LDAP server setting in Access Manager 6.2

    Hi,
    We have initially set authentication as a SunONE Directory Server 5.1 (master DS1) in Sun Java System Access Manager 6.2. In both /etc/opt/SUNWam/config/serverconfig.xml
    /etc/opt/SUNWam/config/AMConfig.properties
    conf files, DS1 was set initially. Also on console's Service Configuration ->LDAP->Primary LDAP Server was set as "DS1"
    Now the problem is that I am not able to change the DS1 to the other master "DS2". I set DS2 in both above conf files and also the Service Configuration page as Primary LDAP Server. I restarted the server. When I stopped the DS1, I couldn't login access manager console with any user. It looks like it is still trying to get authentication from DS1.
    Does anybody know what I am missing here?
    Regards,

    After hopeless tries, I finally made it work;) The trick was actually updating the sunKeyValue attribute of the entry:
    "dn:ou=default,ou=OrganizationConfig,ou=1.0,ou=iPlanetAMAuthLDAPService,ou=ser
    vices,dc=company,dc=com" in one of the master DS I have.
    Even though I set DS2 and loadBalancer hosts in all conf files and in Primary LDAP conf in amconsole's Service Configuration, it just didn't work until I inserted loadBalancer host in sunKeyValue attribute.
    Hope it helps to someone....
    -Bora

  • Setting up Access Manager and Directory Server for Failover.

    I'm setting up 2 Access Managers AM1,AM2 and 2 Directory Servers DS1 and DS2 for failover. I've connected AM1 and AM2 to DS1. Suffixes of DS1 is replicated to DS2. Any change made to AM1 is replicated to AM2 as expected. I just patched AM1 with Access Manager patch 1 and the version information for AM1 shows 7.1 126359-01. I followed the same procedure to patch AM2 but AM2 still shows ver 7.1.
    How do I make sure both Access Managers are patched to the same version?
    I'm able to authenticate to one IIS6 site and authentication is passed on to Outlook Web Access on AM1 but when I shut down AM1 to test failover to AM2 OWA prompts me again for password. How do I resolve this?
    On AM1 http://host.domain/amserver/UI/Login?realm=sso successfully logs in but the same on AM2 gives Warning that "You have already logged in. Do you want to log out and then login to a different organization?"
    Please help !!!

    I'll answer what bits I can:
    Q: AM showing the same version?
    A: No idea on this one. I would have expected the operation you described to have produced the right answer. Check that neither your application server nor your web browser are caching old pages (ctrl-F5 in my browser)
    Q: How do I resolve re-authentication on failover?
    A: The AM documentation includes a deployment example that covers pretty closely what it is you are trying to achieve:
    http://docs.sun.com/app/docs/doc/820-2278
    Specifically, the problem you are describing is related to session failover. The sessions are stored in a local DB so when you failover the backup server does not store the same information and hence requires a reauthentication. The section of the above doc that deals with this is here:
    http://docs.sun.com/app/docs/doc/820-2278/gdsre?l=en&a=view
    Q: "You have already logged in" warning
    A: No idea. Sorry.
    R

Maybe you are looking for