Unable to Access SSL WebVPN Login Page
I am unable to access the SSL WebVPN login html page. I tried using FF, Chrome, and IE via https://24.43.XXX.XXX. All I get is "Page cannot be displayed". I am stumped here, any help would be greatly appreciated.
PLAN-FW# show run
: Saved
ASA Version 9.1(1)
hostname PLAN-FW
domain-name intranet.example.com
enable password s9HtiQv6kkqqiJhc encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
ip local pool VPN-Clients 192.168.5.2-192.168.5.220 mask 255.255.255.0
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 24.43.XXX.XXX 255.255.255.252
interface GigabitEthernet0/1
channel-group 1 mode active
no nameif
no security-level
no ip address
interface GigabitEthernet0/2
channel-group 1 mode active
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif Management
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Port-channel1
nameif DR-01
security-level 100
ip address 10.0.0.1 255.255.255.252
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 4.2.2.2
domain-name intranet.example.com
object network obj-internet
subnet 0.0.0.0 0.0.0.0
object network obj-vlan100
subnet 10.0.100.0 255.255.254.0
object network NETWORK_OBJ_192.168.5.0_24
subnet 192.168.5.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu DR-01 1500
mtu Management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-713.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (DR-01,outside) source static any any destination static NETWORK_OBJ_192.168.5.0_24 NETWORK_OBJ_192.168.5.0_24 no-proxy-arp route-lookup
object network obj-vlan100
nat (DR-01,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 24.43.XXX.XXX 1
route DR-01 10.0.0.0 255.255.255.252 10.0.0.2 1
route DR-01 10.0.100.0 255.255.254.0 10.0.0.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 Management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint SELF-TP
enrollment self
fqdn intranet.example.com
subject-name CN=intranet.example.com
keypair myrsakey
crl configure
crypto ca trustpool policy
crypto ca certificate chain SELF-TP
certificate 4fb08954
30820203 3082016c a0030201 0202044f b0895430 0d06092a 864886f7 0d010105
05003046 311e301c 06035504 03131569 6e747261 6e65742e 70656c61 74726f6e
2e636f6d 31243022 06092a86 4886f70d 01090216 15696e74 72616e65 742e7065
6c617472 6f6e2e63 6f6d301e 170d3134 31323136 31313237 32315a17 0d323431
32313331 31323732 315a3046 311e301c 06035504 03131569 6e747261 6e65742e
70656c61 74726f6e 2e636f6d 31243022 06092a86 4886f70d 01090216 15696e74
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint SELF-TP
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point SELF-TP outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
anyconnect profiles Example_Intranet_client_profile disk0:/Example_Intranet_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy "GroupPolicy_Example Intranet" internal
group-policy "GroupPolicy_Example Intranet" attributes
wins-server none
dns-server value 8.8.8.8 4.2.2.2
vpn-tunnel-protocol ikev2 ssl-client
default-domain value intranet.example.com
webvpn
anyconnect profiles value Example_Intranet_client_profile type user
username test1 password GxmPkeumVbHvz58J encrypted privilege 15
username test2 password t.GxS9C3hRYHni61 encrypted
username test3 password M9Szy/s33Cm6Crby encrypted
username test4 password hMXxQZTu8agZnzki encrypted
tunnel-group "Example Intranet" type remote-access
tunnel-group "Example Intranet" general-attributes
address-pool VPN-Clients
default-group-policy "GroupPolicy_Example Intranet"
tunnel-group "Example Intranet" webvpn-attributes
group-alias "Example Intranet" enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 10
subscribe-to-alert-group configuration periodic monthly 10
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4976c27fbf11ae4589d27b4f16107a41
: end
Directory of disk0:/
10 drwx 4096 08:15:36 Sep 19 2014 log
20 drwx 4096 08:16:04 Sep 19 2014 crypto_archive
21 drwx 4096 08:16:12 Sep 19 2014 coredumpinfo
114 -rwx 37416960 08:24:28 Sep 19 2014 asa911-smp-k8.bin
115 -rwx 18097844 08:26:28 Sep 19 2014 asdm-713.bin
116 -rwx 69318656 08:27:50 Sep 19 2014 asacx-5500x-boot-9.1.1-1-RelWithDebInfo.x86_64.img
117 -rwx 12998641 08:47:34 Sep 19 2014 csd_3.5.2008-k9.pkg
118 drwx 4096 08:47:36 Sep 19 2014 sdesktop
119 -rwx 6487517 08:47:38 Sep 19 2014 anyconnect-macosx-i386-2.5.2014-k9.pkg
120 -rwx 6689498 08:47:40 Sep 19 2014 anyconnect-linux-2.5.2014-k9.pkg
121 -rwx 4678691 08:47:42 Sep 19 2014 anyconnect-win-2.5.2014-k9.pkg
122 -rwx 200 14:26:42 Dec 08 2014 upgrade_startup_errors_201412081426.log
129 -rwx 338 11:59:35 Dec 16 2014 Example_Intranet_client_profile.xml
8238202880 bytes total (4860497920 bytes free)
Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(3)
Compiled on Wed 28-Nov-12 11:15 PST by builders
System image file is "disk0:/asa911-smp-k8.bin"
Config file at boot was "startup-config"
PLAN-FW up 5 days 5 hours
Hardware: ASA5515, 8192 MB RAM, CPU Clarkdale 3059 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-T020
IPSec microcode : CNPx-MC-IPSEC-MAIN-0022
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 100 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5515 Security Plus license.
Hi Nathan,
Are you using Ikev2 to connect. If not then can you please remove the following command and then try again:
no crypto ikev2 enable outside client-services port 443
Thanks
Jeet Kumar
Similar Messages
-
Limit access to Apex login page
Hi,
We are deploying an application to our users. I need to limit access to Apex login page f?p=4550 to some predefined Ip adresses. Any ideas on this?
Best regards,
Onur.How exactly the APEX engine forces a '404' to be returned, I am not entirely sure. Perhaps it sends back the Response with the Header Status set to 404 ?Yes, with this process on the login page.
begin
if not #OWNER#.wwv_flow_security.ip_check then
#OWNER#.wwv_flow.g_unrecoverable_error := true;
sys.owa_util.status_line(404, 'Page Not Found');
sys.owa_util.http_header_close;
end if;
end;Scott -
How to enable https or SSL for login page only?
Hi,
My application is runnnin in iPlanet web server 4.1 version.
how to make my login page only secured (SSL)?
previously we have done https enable for the whole application. but client specifically wants for login page only, not for the whole application. how can i make SSL for login page only in iPlanet 4.1.
I searched through iPlanet console, but i didn't get any option such.
i found one more thing console,i.e., "encrypt on or off". if i put encrypt "on" means, it will be for the whole application? How can i make it for login page only.
Do i need to do any code changes for that?
i tried through web.xml security constraints tags, but it is not working and taking that file as we are doing everything in servlet.properties and rules.properties files.
can anybody help me in this regard?
Regards,
ChanduYou specify SSL in web.xml of your application. So, in that case other web applications in same server would not be affected.
<security-constraint>
<web-resource-collection>
<web-resource-name>myresources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>Following link will help you to setup SSL in tomcat:
[http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/|http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/]
Thanks,
Mrityunjoy -
How to edit webvpn login page with 7.2 version in ASA5510?
Dear guys,
As a solution for business, I have deployed webvpn with 7.2 version in ASA5510(Version 8.0 cannot be used in this case). Could you share some experiences in customizating login page of webvpn manually(not use ASDM)? for example, if I want to add some system tips or links in login page, how to do?
Appreciate your kindly help and suggestion.
Best Regards,
David WuCustomizing login page of webvpn with 7.2 version of ASA is easy to be done and the following Url contains the dcument for customizing the webvpn login page for ASA version 7.2:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/webvpn.html#wp1031868
This document contains the step-by-step procedure for customizing the login page. -
Not able to access the portal login page and idenetity console page
Hi all.
I installed PS 6.1 on a new Solaris 8 Box. DNS is not configured for this box.
I use netscape browser on the solaris boz to test my installation - everything is fine
issue:
When i tried to access the amconsole or amserver/UI/Login application, it bombs with the following exception.
but i can see the default webserver page (or any static html for that matter).
any clue?
10/28/2003 03:22:22:776 PM EET: Thread[Thread-195,5,main]
ERROR: Exception occured
java.lang.Exception: Service URL not found:session
at com.iplanet.services.naming.WebtopNaming.getServiceURL(WebtopNaming.java:180)
at com.iplanet.dpro.session.Session.getSessionServiceURL(Session.java:686)
at com.iplanet.dpro.session.Session.getSessionServiceURL(Session.java:668)
at com.iplanet.dpro.session.Session.getSession(Session.java:540)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:73)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:280)
at com.sun.identity.authentication.service.AuthUtils.getOrigLoginURL(AuthUtils.java:1546)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:253)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:783)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:434)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:312)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:282)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletRunner.java:919)
at com.iplanet.server.http.servlet.WebApplication.service(WebApplication.java:1061)
at com.iplanet.server.http.servlet.NSServletRunner.ServiceWebApp(NSServletRunner.java:981)I am facing the same problem. I am using Custom Authentication module. When I access the login page for this custom authentication module I got this error. I have DNS entry and added the IP Adress in the host file too. Anyone tell us, what could be the problem?
-
Cant access router's login page
my macbook cant access the router's login page,but i cant access the internet through this wifi
here is some info i think may be useful
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 80:e6:50:00:a0:c6
inet6 fe80::82e6:50ff:fe00:a0c6%en0 prefixlen 64 scopeid 0x4
inet 192.168.2.101 netmask 0xffffff00 broadcast 192.168.2.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 72:00:04:91:16:20
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 72:00:04:91:16:21
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 82:e6:50:00:cc:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
nd6 options=1<PERFORMNUD>
media: <unknown type>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:e6:50:00:a0:c6
media: autoselect
status: inactive
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.2.1 UGSc 28 0 en0
127 localhost UCS 0 0 lo0
localhost localhost UH 34 2643545 lo0
169.254 link#4 UCS 1 0 en0
169.254.71.63 74:2f:68:73:6d:e UHLSW 0 0 en0 281
192.168.2 link#4 UCS 2 0 en0
192.168.2.1 94:c:6d:30:49:de UHLWIir 29 178 en0 1029
192.168.2.101 localhost UHS 0 0 lo0
192.168.2.102 74:2f:68:73:6d:e UHLWI 0 0 en0 290
If some people cant help I'll really appreciate.What I did was a hard reset... (hold reset for 10 or 30 seconds then while holding, unplug unit then release reset button. After 10 more seconds, plug unit back in.)
Between that and using the TFTP program, I was able to get back into my management screen. You will have to reconfigure your router after that. Be sure, if you have a dedicated ip on your computer, you temporarily set it to obtain everything automatically incase your set ip doesnt correspond to the default settings for your router. Then once everything is back up, you can change you ip settings on your PC back to what you had, if any. -
Unable to access SOA suite start page from remote browser.
I have Oracle SOA Suite 10.1.3 and Oracle 10g AS 10.1.2 installed on a Windows 2000 machine.
I am able to access the default start page of the 10.1.2 AS from the local and remote machine using the following URLs
Http:\\hostname:7777\
Http:\\hostname:80\
Also, I am unable to access the SOA Suite 10.1.3 start page, bpel console etc - from the host machine using Http:\\hostname:8888\
However from a remote machine browser I am not able to connect to the start page of SOA suite only. Http:\\hostname:8888\.
Is there some settings which allow only local host access to the SOA suite pages?.
All the hosts are on the same intranet, there is no firewall. Also i have Msft loopback adapter installed on the server host machine.
Appreciate all suggestions.
ThanksI suppose you're using DHCP and hope you have followed the steps in the Installation Guide. With DHCP it is always a bit tricky to access the server. You should check your /WINNT/system32/drivers/etc/hosts file. If the hostname you're using during install is not in it then adding it will help.
--olaf -
Unable to change the default login page
I would to change the default login page (to /content/ethz_ch/Login)
I configured tha page by "Day CQ Login Selector Authentication Handler":
In ./launchpad/config/com/day/cq/auth/impl/LoginSelectorHandler.config I see
auth.loginselector.defaultloginpage="/content/ethz_ch/Login"
as expected.
I then configured a page (/content/ethz_ch/de/auth_test.html) with a closed user group and left the login page field blank.
Instead on the newly defined login page I am redirected to
https://..../system/sling/cqform/defaultlogin.html?resource=%2Fcontent%2Fethz_ch%2Fde%2Fauth_test.html&$$login$$=%24%24login%24%24
Any idea on what I am doing wrong?Try 1 & 2 if does not work please file a daycare for further assistance.
1. In "Day CQ Login Selector Authentication Handler" for path info add an empty row then verify.
2. Delete the existing entry for "Day CQ Login Selector Authentication Handler" , Configure your custom at repository level & verify -
Unable to access E-Recruiting Start Pages Externally
Hello,
Im hoping for some assistance with an E-Recruiting issue (standalone system; Version 3.0). We are currently only able to access the start pages while inside of our network, and receive a page cannot be displayed message while outside of our network. This is with the exception of the candidate registration page. We can successfully register, and then pass on to the main E-Recruiting start page for an external candidate.
The hrrcf_start_int bsp/service is used to call the start page for registered internal candidates, recruiters, and administrators (different view for each). The hrrcf_start_ext bsp/service is used to call the start page for registered external candidates. And, the hrrcf_cand_reg bsp/service is used to access the external candidate registration page.
The URLs for the start pages were created using program RCF_GENERATE_URLS. We are requiring all traffic be routed through our WebDispatcher, and all traffic be HTTPS, so the URLs start out with https://recruiting.... Our E-Recruiting system is actually careers, but again, we want all traffic to go through our WebDispatcher, which is recruiting.
We have created external aliases in transaction SICF for all three URLs, and using the alias, I can successfully login to all pages within our network. When I test the external aliases within SICF, I get an internal error (The user is not assigned a candidate or an employee) for the hrrcf_start_int and hrrcf_start_ext services. When I test the external alias for hrrcf_cand_reg, it is successful.
When I test the hrrcf_start_int service within SICF, I get the logon page, but after logging on, I get message Name of logical port&&lp_named is invalid. When I test the hrrcf_cand_reg service, it is successful.
When I test the hrrcf_start_int and hrrcf_start_ext BSPs in SE80, I receive an Internet Explorer cannot display page message. The same is true for the hrrcf_cand_reg. However, it is trying to access http://recruiting instead of https://recruiting. I can see that URL address in the application.do Controller, but have no idea where to change it, because it is greyed out (any help with this would be appreciated as well.)
We have created internal users using program RCF_CREATE_USER, and when I look at transaction BP, I see that it is creating a business partner for each user.
We have had SAP tell us that it is not a WebDispatcher issue, and we have also confirmed that it is not a firewall issue.
It seems interesting to me that we can only get to the one page that does not first require authentication. If anyone has any information that would be helpful, I would appreciate your time.
Sorry for such a long message, but I was just trying to be as clear as possible.
Thank you,
Leeanna TravisHello Leeanna,
quite a lot of topics and doing remote analysis for netwok issues is difficult.
Some ideas:
- starting hrrcf_start_ext / hrrcf_start_int via SICF or SE80 will never be successful as these applications need parameters. The message you got when testing startpage from SICF is classical for invalid startpage Id
- if you do not reach pages from outside, check network traffic / access rights in firewalls. Usually the sap server name cannot be resolved through a dns for an outside call as you companies dns is not visible for internet users. You will need a relay.
- check that full qualified server name is set on the server
- check eeb infrastructure that it allows the access protocoll. If ICF service says http but firewall only allows https you won't get a responde. Sometime switching protocolls within the request produces problems.
- WebDispacher is known for eating parameters / url parts. Try to get your hands on the traces of the requests which really reach the server.
- if possible supply some more information on release & support package level. E.g. there is a support package which has an error that if you activate 'do not show https warning' in an icf service it does not only hide the warning but the whole logon screen :o(
Hope that helps, if not just reply - perhaps w/ focus on one special point.
Best Regards
Roman Weise -
ESS IView access to ERP - login page displayed and not access possible
Hello Colleagues,
we have to setup Employee Self-Service (ESS) Portal as well ERP.
All required steps seems to be performed but we still facing one access issue.
If I try to enter the Link My Employees under SAP Portal > Employess Self-Service > Travel and Expenses it get an web login (ITS) from the ERP system and not direct access to the service. In addition I am not able to login with defined user an password.
If I try the to enter the service directly (test service) at transaction SICF on the ERP (ECC) System itself it works fine as well with defined user and password.
If both IE Browser Windows are open, then I am able to see the service (empty table) unter My Employees at portal after click again under Link SAP Portal > Employess Self-Service > Travel and Expenses > My Employees.
So I think the general connectivity works fine but some thing still wrong with maybe IView access/permissions/roles?
Any Ideas?
Many thanks in advance!
Regards,
JochenThis means that your Single sign on is not working correctly.
Things to check:
1. From Portal System Administration - for the system object created for connecting to the backend system - try to perform the connection tests and make sure they pass.
2. Access your portal with a Fully Qualified Domain Name (for example: myportal..mysubdomain.mydomain:port/irj/portal instead of just myportal:port/irj/portal) - this should most likely resolve your issue - since you see the error only for WD4A applications.
3. Make sure that the host name you have configured in the portal system and the host name with which you access your portal are in the same domain.
Also, check the SSO related profile parameters in the backend system:
login/accept_sso2_ticket=1
login/accept_sso2_ticket=0
login/password_change_for_SSO=0
Thanks,
Shanti -
Am not able to get the Access manager 7- login page
I have installed Access Manager and configured it was worked. but i did the Policy agent cofiguration for Access Manager after that i couldn't login to Access manager ie /amserver while on trying http://localhost:8080/amserver/UI/Login
am getting the following error
exception
javax.servlet.ServletException
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:300)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
java.security.AccessController.doPrivileged(Native Method)
com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
root cause
java.lang.NoClassDefFoundError
com.sun.identity.authentication.server.AuthContextLocal.(AuthContextLocal.java:140)
com.sun.identity.authentication.service.LoginState.createAuthContext(LoginState.java:1121)
com.sun.identity.authentication.service.AuthUtils.getAuthContext(AuthUtils.java:310)
com.sun.identity.authentication.service.AuthUtils.getAuthContext(AuthUtils.java:250)
com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:325)
com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
javax.servlet.http.HttpServlet.service(HttpServlet.java:747)
javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
sun.reflect.GeneratedMethodAccessor115.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
java.security.AccessController.doPrivileged(Native Method)
com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
please any do some need full to solve this problem
regards
vimalraj.sGuys,
This is a common problem that I have noticed when policy agent is installed on the same DAS (Domain Admin Server of Sun java Application Server) instance where access manager is installed.
Best solution is to deploy your application on a different DAS and configure / install policy agent for the new DAS.
If web server is used for Access Manager, Deploy your application on a different instance.
Alternatively, follow these instructions.
Assume that you have policy agent binary installed on /opt/SUNWam/policyagent/ j2ee_agents/am_as81_agent.
When policy agent is configured, it creates a new configuration folder named agent_001.
1. Login to DAS and remove the class path changes done by the policy agent installer.
These are the class path to remove:
/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/lib/agent.jar
/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/lib/amclientsdk.jar
/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/locale
/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/agent_001/config
2. Add these to the class path to the end of the class path suffix. NOT AT THE START
/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/lib/agent.jar
/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/lib/locale
3. Insert amclientsdk.jar to the classpath. Insert this before agent.jar but after am_*.jar files (am_sdk.jar,am_services.jar,am_sso_provider.jar,am_logging.jar )
4. open amConfig.properties . Add this line to the bottom of the file.
com.sun.identity.agents.config.location=/opt/SUNWam/ policyagent /j2ee_agents/am_as81_agent/agent_001/config/AMAgent.properties
Above line points to the policy agent configuration file.
5. last but not the least:
a. Make sure that an agent is created in Access manager with the same name and password as the one that you gave when installing policy agent.
b. Set property com.sun.identity.agents.config.filter.mode = SSO_ONLY in AMAgent.properties. This will help initial testing of the configuration.
c. Above configuration is for Unix. But shouldwork for other OS as well.
Best of Luck
KK -
Unable to access gmail ("The web page isn't redirecting properly" message appears after I try
a strange email arrived via gmail. opened page info>permissions. clicked block cookies. now i cant access my gmail account. visited http://mail.google.com/support, reopened page info>permissions, set cookies back to default (Allow)...per bkennelly post 2/2/10...apparently that no longer resolves this issue. any suggestions are appeciated.
Tnanks!Clear the cache and the cookies from sites that cause problems.
"Clear the Cache":
*Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
"Remove Cookies" from sites causing problems:
*Tools > Options > Privacy > Cookies: "Show Cookies"
*http://kb.mozillazine.org/Cookies
*http://kb.mozillazine.org/The_page_is_not_redirecting_properly -
Unable to access Unity 5 web page
This is pertaining to a new install. I can access the admin page locally from the server but not from anywhere else on the network. If I browse to the following page, it times out:
http://10.X.X.X/Web/SA
I'm not quite sure what's missing because it works at other sites.As a solution you can reset the IIS. In order to reset the IIS on the Cisco Unity Server, open the command prompt on the Cisco Unity server and issue the iisreset command. This makes the IIS stop for a period of time. When the IIS re-starts, you are able to access Cisco Unity from the web interface.
http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_tech_note09186a00801651f9.shtml -
Plez help me to find where my main f/b page is. All I can get is notifications. Can't access profile, news feed, chat, pics & a page of favorites.
If the removing account and redownloading did not work, I will briefly tell you something that happened to me.
I am not stating that your issue is in anyway related, but thought it worth mentioning.
Suddenly I could not access Facebook or the Yahoo account associated with it.
In my case it turned out to be a malicious act by a hacker, or whatever it is called. Somehow he blocked me from getting into either account. I later found out that my FB and Yahoo pages had been defaced and I was clicking away, etc.,etc., Finally, I had to go to a store, with a strong firewall/router and only then was able to delete the accounts.
After that I was able to create new accounts.
The best of luck to you.
'REQUIRE ASSISTANCE' -
Unable to access e-bay home page
able to access watch list and rest of site, but not home page
Hello:
You might want to verify whether the 'shared_servers' database parameter has been configured appropriately.
http://download.oracle.com/docs/cd/E14373_01/install.32/e13366/db_install.htm#CHDGDHDE
varad
Maybe you are looking for
-
HT204266 how do I remove a user from app store
The app store will not allow me to update my apps without updating a user that was the previous owner of the laptop. How do I remove this person from the computer etc.
-
Confirmed quantity is less than open quantity in sales order
when i create a sales order the Cumm ATP quantity was less than the amount specified in the sales order, i checked my stock and i have enough stock yet my delivery quantity is less than my sales order quantity and if i maually try to increase the amo
-
Dvd drive not seen in boot camp
I just installed Windows 8.1 in Boot Camp. However, windows does not seen the internal DVD drive. It is not even in Device Manager. I have installed the latest Apple drivers. Any help would be appreciated.
-
How to stop after first loop operation over?
Hi friends. How to stop after first loop operation over? I have a loop operation in module pool program. After first loop over I want to stop. I used the STOP keyword, but it is going to dump. Thanking you. Regards, Subash
-
What happened to the 17" Macbook Pro?
I have been using the 17" Macbook Pro since they were created and they have suddenly dissapeared, do they still exist?