Ways to implement secure channel scp02

Hi,
What are the possible ways of implementing establishing an SCP02 secure channel between the applet and an off-card application. (aside from GP System's Secure Channel class)?
thanks in advance for your help.

Similar Messages

Secure channel

I am trying to implement secure channel. I am using a sample code posted by sir Shane Farmer.
package test;
import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import org.globalplatform.GPSystem;
import org.globalplatform.SecureChannel;
* @author shane
public class TestSecureChannel extends Applet {
    private final static byte INS_INIT_UPDATE = 0x50;
    private final static byte INS_EXT_AUTH = (byte) 0x82;
    private TestSecureChannel() {
        // empty
    public static void install(byte bArray[], short bOffset, byte bLength) throws ISOException {
        new TestSecureChannel().register();
    public void process(APDU apdu) throws ISOException {
        if (selectingApplet()) {
            return;
        byte[] buffer = apdu.getBuffer();
        byte cla = buffer[ISO7816.OFFSET_CLA];
        byte ins = buffer[ISO7816.OFFSET_INS];
        SecureChannel sc = GPSystem.getSecureChannel();
        if ((byte) (cla & 0x80) == 0x80) {
            switch (ins) {
                case INS_INIT_UPDATE:
                case INS_EXT_AUTH:
                    apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA, sc.processSecurity(apdu));
                    return;
                default:
                    // fall through
        switch (ins) {
            case (byte) 0x01:
                buffer[0] = sc.getSecurityLevel();
                apdu.setOutgoingAndSend((short) 0, (short) 1);
                break;
            default:
                ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
}but when i tried get the security level i got error
cm> /card
--Waiting for card...
ATR=3B 9F 95 80 1F C3 80 31 A0 73 BE 21 13 67 03 10    ;......1.s.!.g..
    00 02 03 30 96 6B                                  ...0.k
ATR: T=0, T=15, FI=9/DI=5 (32clk/etu), X=?/U=AB, Hist=8031A073BE21136703100002033096
=> 00 A4 04 00 07 A0 00 00 00 03 00 00 00             .............
(33734 usec)
<= 6F 60 84 08 A0 00 00 00 03 00 00 00 A5 54 73 4A    o`...........TsJ
    06 07 2A 86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48    ..*.H..k.`...*.H
    86 FC 6B 02 02 01 01 63 09 06 07 2A 86 48 86 FC    ..k....c...*.H..
    6B 03 64 0B 06 09 2A 86 48 86 FC 6B 04 02 15 65    k.d...*.H..k...e
    0B 06 09 2B 85 10 86 48 64 02 01 01 66 0C 06 0A    ...+...Hd...f...
    2B 06 01 04 01 2A 02 6E 01 02 9F 6E 01 01 9F 65    +....*.n...n...e
    01 FE 90 00                                        ....
Status: No Error
cm> /send 00A4040000
=> 00 A4 04 00 00                                     .....
(30689 usec)
<= 6F 60 84 08 A0 00 00 00 03 00 00 00 A5 54 73 4A    o`...........TsJ
    06 07 2A 86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48    ..*.H..k.`...*.H
    86 FC 6B 02 02 01 01 63 09 06 07 2A 86 48 86 FC    ..k....c...*.H..
    6B 03 64 0B 06 09 2A 86 48 86 FC 6B 04 02 15 65    k.d...*.H..k...e
    0B 06 09 2B 85 10 86 48 64 02 01 01 66 0C 06 0A    ...+...Hd...f...
    2B 06 01 04 01 2A 02 6E 01 02 9F 6E 01 01 9F 65    +....*.n...n...e
    01 FE 90 00                                        ....
Status: No Error
cm> /send 00a4040008A000000003000000
=> 00 A4 04 00 08 A0 00 00 00 03 00 00 00             .............
(32625 usec)
<= 6F 60 84 08 A0 00 00 00 03 00 00 00 A5 54 73 4A    o`...........TsJ
    06 07 2A 86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48    ..*.H..k.`...*.H
    86 FC 6B 02 02 01 01 63 09 06 07 2A 86 48 86 FC    ..k....c...*.H..
    6B 03 64 0B 06 09 2A 86 48 86 FC 6B 04 02 15 65    k.d...*.H..k...e
    0B 06 09 2B 85 10 86 48 64 02 01 01 66 0C 06 0A    ...+...Hd...f...
    2B 06 01 04 01 2A 02 6E 01 02 9F 6E 01 01 9F 65    +....*.n...n...e
    01 FE 90 00                                        ....
Status: No Error
cm> /send 8050000008B5255216B9038BBD00
=> 80 50 00 00 08 B5 25 52 16 B9 03 8B BD 00          .P....%R......
(19587 usec)
<= 00 00 00 00 20 11 00 05 00 00 FF 02 00 26 B1 0A    .... ........&..
    A0 5E 3F 2C CD 2A 15 63 32 CD A4 1F 90 00          .^?,.*.c2.....
Status: No Error
cm> /send 8482000010AE7B8687E8CAB7225B4FED305529EA64
=> 84 82 00 00 10 AE 7B 86 87 E8 CA B7 22 5B 4F ED    ......{....."[O.
    30 55 29 EA 64                                     0U).d
(31568 usec)
<= 90 00                                              ..
Status: No Error
cm> /send 0801000000
=> 08 01 00 00 00                                     .....
(6197 usec)
<= 6E 00                                              n.
Status: CLA value not supported
cm> /send 8001000000
=> 80 01 00 00 00                                     .....
(7206 usec)
<= 6D 00                                              m.
Status: INS value not supported
cm> /send 8001000008010203040102030400
=> 80 01 00 00 08 01 02 03 04 01 02 03 04 00          ..............
(9423 usec)
<= 6D 00                                              m.
Status: INS value not supportedAny suggestions plz ...
Regards
Umer
Edited by: Muhammad Umer on Oct 22, 2011 1:35 PM

Hello,
I will be loading SCP keys to my aplet. Then i want to open secure channel with those keys.
In this case, do I have to write my own init update and ext auth functions ?
unfortunately there isnt any method to activate apllet own keys before calling processSecurity method
something like;
sc.setmykeys(,AC,MAC,ENC).
sc.processSecurity();
so is there any way to do it, or i need to write my own init update ext auth.
thank you in advance

Implementing secure print in solaris 10

Hi Team,
We have planned to implement secure print in solaris 10 for xerox printer 5230 which will support to secure print
And i have checked cups server there's no option like printing secure print,same we implemented secure print in windows side and its working fine.
Refer URL for secure print in windows side : http://www.ubc.ca/okanagan/itservices/service-catalogue/computers-printers/printcopy/secureprinting.html
Objective : Printer needs to ask password if any thing print given from solaris server or workstation.?
is ther any way to implement secure print in solaris 10?
Please suggest me solution with your valuable post?
Regards
Sreekanth

Thanks for your suggestion.
I dont have clear picture about centerware and surely i will start study on this,
Clarify me some doubts:
is centreware having option to implement secure print now the users are giving print on normal basis & its production system?
if i install centreware on this production any effect on the print services?

WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. --- System.Security.Authentication.AuthenticationException: The remote

I know there are loads of posts with same issue and most of them were related to proxy and connectivity .
This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.
server is configured on http port 80
ERROR
Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid
according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS
I've checked proxy server connectivity. I'm able browse following site from WSUS server
http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8
I did telnet proxy server on the particular port (8080) and that is also fine.
I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?
Any tips appreciated !
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM

Hi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.
Your reply ("SSL is enabled/configured, and the certificate being used is invalid
(or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.
I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.
My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and
proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).
Any other hints where I can prove them it's a sure shot problem from their side.
Thanks again !!
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM

Different ways to implement OM Module

Hi All,
I am new to this, Please let me know all the 5 different ways to implement OM and PA module in HCM

Basics of OM
OM is mainly used to perform numerous business and human resources processes. As the first step an organizational plan is created. The organizational plan is a functional structure representing the enterprise. In OM, the current organizational plan can be created and additional organizational plans are created as archives (this provides a clear picture of the organization at any point in time:past, present or future). Organizational Management is the basis for additional Human Resources components and functions as well as for SAP Business Workflow.
OM is installed before Personnel Development(PD), Recruitment, Compensation Management (CM/ECM), Workflow, Time Management, Security, ESS/MSS etc. OM structure provides the foundation for these modules and streamlines business processes. For example MSS setup can be such that the manager will be able to view only the details of those working under him/her - the details of persons working under the manager are picked up from OM. Similarly data from OM is used when WF has to route the work of approving the leave of an employee to his/her manager.
OM is based on the objects and their relationships. Jobs, tasks, positions, etc are the objects. These objects are created in OM. The relationship between various objects is also stored in OM.
Transaction codes
PPOM - Change org Unit
PO03 - Maintain Jobs
P013 - Maintain Position
PO10 - Maintain Organizational Unit
PP01 - Maintain Plan Data (menu-guided)
PP02 - Maintain Plan Data (Open)
PP03 - Maintain Plan Data (Event-guided)
PP05 - Number Ranges
PP06 - Number Ranges Maintenance HR Data
PP07 - Tasks/Descriptions
PP69 - Choose Text for Organizational Unit
PP90 - Setup Organization
PP01 - Change Cost Center Assignment
PP02 - Display Cost Center Assignment
PP03 - Change Reporting Structure
PP04 - Display Reporting Structure
PP05 - Change Object indicators (O/S)
PP06 - Change Object indicators OS
PPOA - Display Menu Interface (with dyn.)
PPOC - Create Organizational Unit
PPOM - Maintain Organizational Plan
PPOS - Display Organizational Plan
PQ01 - Events for Work Center
PQ02 - Events for Training Program
PQ03 - Events for Job
PQ04 - Events for Business Event Type
PQ06 - Local Events
PQ07 - Resource Events
PQ08 - Events for External Person
PQ09 - Events for Business Event Group
PQ10 - Events for Organizational Unit
PQ11 - Events for Qualification
PQ12 - Resource Type Events
PQ13 - Events for Position
PQ14 - Events for Task
PQ15 - Events for Company
PSO5 - PD : Administration Tool
PSOA - Work Center Reporting
PSOC - Job Reporting
PSOG - Org Mgmt General Reporting
PSO1 - Tools Integration PA-PD
PSOO - Organizational Unit Reporting
PSOS - Position Reporting
PSOT - Task Reporting
Configuration steps apart from steps which were given by Teja
IMGPersonnel management Organizational management  Basic settings  Maintain number ranges  set up number assignment for all plan versions
Maintain object type:
IMGPersonnel management  Organizational management  Basic settings  Data model enhancement  maintain object type
Maintain infotypes
IMGPersonnel management Organizational management  Basic settings  Data model enhancementu2014infotype maintenance  maintain infotypes
Relationaship maintenance:
IMGPersonnel management Organisational management  Basic settings  Data model enhancement  Relationship maintenance  maintain relationships
Maintain evaluation paths:
IMGPersonnel management Organisational management  Basic settings Maintain evaluation paths
Maintain personnel actions:
IMGPersonnel management Organisational management  Basic settings Maintain personnel actions
Activate inheritance of account assignment features
IMGPersonnel management Organisational management  Basic settings Activate inheritance of account assignment features
Setup integration with Personnel Administration
IMGPersonnel management Organisational management  Basic settings Integration  Setup integration with PA
Transfer data from Pa
IMGPersonnel management Organisational management  Basic settings integration  transfer data from PA
Perepare integration with Pa
MGPersonnel management Organisational management  Basic settings integration Prepare integration with PA
Transfer data to PA
IMGPersonnel management Organisational management  Basic settings integration Transfer data to PA
Check integration consistency
IMGPersonnel management Organisational management  Basic settings integration Check integration consistency

Best way to implement FREE purchase?

Hi,
I have purchases that are free for logged in users. What's the best way to implement a no-payment solution? Would having the payment fields hidden and COD auto-selected if the amount field is 0.00 a good idea? Is there a better way anyone has implemented this? And how about security flaws?

Hi
Here is an article about "no cost" orders
COD payment method will not work for zero value orders , you will need to use the Free payment method described
in this article http://kb.worldsecuresystems.com/893/bc_893.html
Hope this helps!

Using SSH as a secure channel for other programs

Hi,
I'm wondering if it's possible to use an SSH connection as a generic secure channel for other programs. I want to write a server-client program where I can open up an SSH channel first and then have the server and client communicate over it. If there is some other way to communicate via a secure channel and using SSH-like users and keys that would be great too.

fukawi2 wrote:
Basu wrote:It's a simple message exchange system.
I've been looking into this... Best solution I've found is AMQP / RabbitMQ.
(I hate reinventing the wheel)
Well, reinventing the wheel can teach you a great deal IMO. That usally how I get to learn how stuff works

Implementing Security For ADF Pages when integrated with Oracle APPS

Hi,
Can anyone please let me know the solution to the below problem ?
I have an ADF application that is deployed on a weblogic server. An URL is generated to access the ADF Pages.
I have created one more simple jsp (Launch.jsp) which redirects to this URL on page load.
I am using Oracle APPS where:
->I registered a form function referring to Launch.jsp
->I am referring form function in a responsibility , attaching that to a menu
->When the valid oracle user logs in, I am sending all oracle apps environment variables (User id , Responsibility id, application id ) for that session
What my issue is :
->The URL along with the parameters that I am sending from the Launch.jsp to the ADF Page is visible to the user. So, even if the Oracle APPS user has not logged in, anybody who knows the URL can access the ADF Pages.
->So, Is there any way to implement the security so as, even if anyone knows the URL of the ADF Page cannot access the ADF Pages without the valid user being logged-in through the Oracle APPS.
I am using Jdeveloper 11g.
Please let me know if you need anymore details.
Thanks in advance,
Kavitha

Please help me out if anyone has a solution to this problem.
Thanks,
Kavitha

"Could not establish trust relationship for the SSL/TLS secure channel"

During the configuration of DUET_E , when calling the DUET Application from SharePoint, the following error is shown :
"Could not establish trust relationship for the SSL/TLS secure channel with authority 'MYSAPNW702SERVER:8001'"
I have already seen the Post :
Error in DUET Configuration at SSL
This mentions the error, but does not provide any answers on resolution.
The DUET_E troublshooting guide suggests that the SAP Standard SSL Certificate is added to SharePoint Central Admin > Security > Manage Trusts
This has also been done.
We are using the Standard SAP SSL Self signed certificate - not one signed by an external CA.
Can anyone provide any guidance ?
Thanks in advance.

Hi Min,
reading through your first post the problem might be the CN of the certificate. If you used the Wizard or the default way to create a self signed certicate, it is probably created with the CN server.domain (the fully qualified name of the server).
However, when you created the BDC models the URLs pointing to the WSDL is probably only the servername (at least that is what I would assume after seeing your error message).
Because of that SharePoint calls the SAP Duet server with the severname, but the certificate presented by the SAP system is not the servername, but the fully qualified servername. Because of that -- although SharePoint trusts the certificate -- the URL and certificate do not match and you get the error "Could not establish trust relationship for the SSL/TLS secure channel with authority 'MYSAPNW702SERVER:8001"
If that is the case you have two options:
1) you go to STRUST and create a new SSL certificate that has a CN of only the servername. Then you export this certificate and trust it in SharePoint
2) or -- and this is the way I would recommend -- you try to adjust the URL used in the BDC model. Usually you get only the servername (and not the fully qualified DNS name) when you have not specified the profile parameter icm/host_name_full. Which URL is currently used when you start transaction SAML2 or SOAMANAGER? If you have not yet set icm/host_name_full, then give this a try.
Regards,
Holger.

Could not establish trust relationship for the SSL/TLS secure channel with authority

Hello everyone, I need to establish a connection between my HTTPS WCF hosted in Windows Azure Web Role and my Windows Store App Client. The service is actually exposed for testing purposes using a self-signed certificate.
I have installed the certificate in Personal and Trusted Root Certification Authorities in Current User and Local Manchine.
In the Windows Store App, I create the service reference pointing to the cloud https service, then edit the manifest and create a new declaration to Add a New Certificate, I checked Exclusive Trust and Auto select, pointing to Root storage name and
my self-signed certificate.cer.
The result is the following exception in the IntelliTrace stack:
Exception:Caught: "The remote certificate is invalid according to the validation procedure." (System.Security.Authentication.AuthenticationException)
A System.Security.Authentication.AuthenticationException was caught: "The remote certificate is invalid according to the validation procedure."
Time: 19/01/2015 04:42:33 p. m.
Thread:Worker Thread[17080]
Exception:Thrown: "Could not establish trust relationship for the SSL/TLS secure channel with authority 'appchallengewhi.cloudapp.net'." (System.ServiceModel.Security.SecurityNegotiationException)
A System.ServiceModel.Security.SecurityNegotiationException was thrown: "Could not establish trust relationship for the SSL/TLS secure channel with authority 'appchallengewhi.cloudapp.net'."
Time: 19/01/2015 04:42:34 p. m.
Thread:Worker Thread[17080]
Appreciate any help, to solve this with the approach of WCF Service Reference in Windows Store App.
Note:
If I call the HTTPS service using a Console App it works very good using the following the code:
ChannelFactory<IAgentService> factory = new ChannelFactory<IAgentService>("basicHttpBinding_IAgentService");
ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, error) => true;
IAgentService wcfProxy = factory.CreateChannel();
Thanks in advance,
RC

Maybe not implemented.
https://social.msdn.microsoft.com/Forums/windowsapps/en-US/2dab2818-8f4c-4474-a7a1-db2cbfb40d40/accepting-client-certificate-for-https-connections?forum=winappswithcsharp

BlazeDS amf-polling on secure channel

I tried using blazeDS amf-polling via https, and it doesnt work. amf (remote object) works through securechannel, but amf-polling does not. Is there a way to make amf-polling work on https?

Hi,
Here's my scenario.
On click of a button, I'm making a remote call (secure-amf) which gives me a status code[the secure-amf works as expected]
based on this status code, I'm polling to get a value. The polling happens at the secure channel.
The polling however doesn't happen. I see the error "(ERROR_INTERNET_UNABLE_TO_CACHE_FILE)" in IEWatch.
I can see that there are no logs from the polling class. Any help on this would be appreciated.
Here's my code;
consumer = new Consumer();
producer = new Producer();
url = ExternalInterface.call("window.location.href.toString");
isSecure = URLUtil.isHttpsURL(url);
var channelSet:ChannelSet = null;
if(isSecure)
     channelSet = new ChannelSet();
     channelSet = new ChannelSet();
     var httpsChannel: SecureAMFChannel= new SecureAMFChannel("secure-amf-poll", hostUrl + "/" +         getContextRoot(applicationUrl) + "/messagebroker/amfsecurepoll" );
     httpsChannel.pollingEnabled = true;
     httpsChannel.pollingInterval = 1000;
     channelSet.addChannel(httpsChannel);
consumer.channelSet = channelSet;
producer.channelSet = channelSet;
consumer.destination = "myDestination"
producer.destination = "myDestination";
consumer.addEventListener(MessageEvent.MESSAGE, messageHandler);
consumer.addEventListener(MessageFaultEvent.FAULT, faultHandler);
consumer.subscribe();
in messaging-config.xml I've the following entries;
<adapters>
        <adapter-definition id="ReportExecutionStatusAdapter" class="com.xyz.parameterservice.adapter.impl.FlexMessagingAdapter"/>
</adapters>
<destination id="myDestination">
<adapter ref="ReportExecutionStatusAdapter"/>
<properties>
<server>
<message-time-to-live>0</message-time-to-live>
           </server>
       </properties>
<channels>
            <channel ref="secure-amf-poll"/>
            <channel ref="my-amf-poll"/>
</channels>
</destination>
Any help is greatly appreciated.
Thanks
Abdul

Event Structures-best way to implement this UI?

I am trying to write a VI to control & read data from 4 different "channels" (each measuring a DUT) at once. I have written all the VI's for initializing instruments, communicating with the devices (VISA, GPIB), setting bias, reading data, etc...that has all completed. I just need to write the overall program with the user interface to allow the user to control these 4 channels & display the measured data.....as it turns out, this is the tricky part! My head is spinning from trying to figure out how to handle all the possible events.
Basically for each channel, I want the user to be able to
-enable/disable it for measurement (e.g. if there is no device loaded in Ch.3, we don't want to measure Ch.3..maybe disable/grey everything)
-set bias conditions (only if channel enabled). Allow user to change bias "in real-time" by increment/decrementing (e.g. incrementing from 5.00 V to 5.01 V, for example).
-turn biasing on/off (again, only if channel is enabled)
Also, I want each channel to display its measured data (e.g current, temperature reading)..every second or so. No graphs or anything fancy (for now! ), just numeric indicator.
Honestly, this all sounds so simple but I'm having trouble figuring out the best way to implement this, due to the fact that 1) there are multiple channels needing to be monitored for events 2) large number of user events that could occur (seems like at least 4 per channel - enabling/disabling, turning bias on/off, incrementing/decrementing bias values, etc ), Also the if a channel IS enabled, i want to be continously reading/displaying the data. What is the best way to handle this? Should i have 4 separate while loops, each with an event structure to handle events for that particular channel..or will that give me grief somewhre?
Also, I have another nagging question. Pretty much all the examples I see re: Event Structures and booleans involve latched booleans, eg. buttons that are just pressed once and pop back up...e.g. buttons you press to tell it to complete a task (e.g. "Acquire Data" or "Stop") , and once it's pressed it's over and reset. In my case, some of the booleans would not be latched...e.g. the "Enable Ch.2" button would be 'TRUE" as long as i want Ch. 2 to be read....does that make sense? Then, say hours later, if i did want to disable that channel, i would change it to "FALSE" and while that would be an "value change", the new value would not be "TRUE"..does that make sense? So not sure if that would be dealt with the same way in an Event Structure.
Hope this all makes sense and many thanks in advance for any help!!!

You're halfway there. I'd say the best solution is a producer/consumer structure, the event structure is used to generate queued commands to the consumer loop.
All data is handled in the consumer loop, where you among other things have an array of clusters of channel/instrument settings. (I usually have several cluster, one for test data, one for instrument settings, one for general settings and so on)
The event structure can have a 1 sec timeout, in which you queue up a Measure command.
In the consumer, in the measure state you loop through your instruments and if enabled you measure them and update their indicators.
The general (smart) way to setup the queue is with a cluster containing 2 elements, a typedef'd Command and a variant.
This way you can send data with the command in any form which is then interpreted in the consumer.
If, e.g. you press the Enable button on a channel, you can enqueue Enable and the channel number.
/Y
LabVIEW 8.2 - 2014
"Only dead fish swim downstream" - "My life for Kudos!" - "Dumb people repeat old mistakes - smart ones create new ones."
G# - Free award winning reference based OOP for LV

Methodology for implementing SECURITY on Oracle Applications 11

Hi,
I wonder if anyone could indicate me any documentation that brings the best-practices in implementing SECURITY (users-profiles)on OA11.
For example, a step-by-step methodology:
* Identify your users
* Define the user-profiles
* Match each user profile level with its affect on the way applications run.
* Match the user profile option with its description.
* etc...
This is URGENT!!!!
I would be THANKFUL for any indication!
If possible, please copy the [email protected] e-mail address.
Cheers
Chris

Hi Jail,
What release of Oracle Apps are you running 11.5.x (provide us with the value of x). dcmctl is available only on latest releases of Application Server viz., 10g and not available in iAS 10222 RP4.
I believe your iAS version should be anywhere below 10222 RP4, reason you couldnt find dcmctl.
For changing the ports, there are two options.
1. Update s_webport value to the new port number in the context file ($APPL_TOP/admin) and run autoconfig.
2. Update the new value manually in the following files:
a. httpd.conf
b. $COMMON_TOP/admin/portal/<sid>_<hostname>/aplogon.html
c. context file
Prefered method is option 1, since if you run autoconfig in the future without changing the value in the context file, all the configuration files will reflect the old value.
cheers,
Ram.

How to determine Secure Channel key set index or version within applet

Hi,
Is there any way to determine from within the applet the used key set index or key set version?
The ProviderSecurityDomain object does not contain such a property to my understanding.
b.r.
Fabe

No there is not. There are API's to ask the security domain to do crypto operations using the current secure channel session keys and GP says that the security domain needs to be aware of what keys to use for this.
The key information is not exposed to the applet as it is not generally required and for security reasons.
Cheers,
Shane

Implementing security for a webservice

Hi,
I am working on a services app development project where our app/service is going to serve some consumer application requests in the form of JMS or webservice requests. Please let me know what is the best solution to implement security in this scenario? I am looking for answers pertaining to authentication( validating the user/ client app) and authorization(whether the client can make this request).
Please dont give me the links from java site , unless they are very lucid. Please ... I am looking for straight forward answers in this forum.
( I am a microsoft guy moved into J2EE and honestly, i never felt comfortable with the documentation in Sun site to be simple or easily understandable. [no offense intended to j2ee evangelists :) ] )

I would start with SSL for this and build in application authorization via a handshake listener, provided the SSLSocket is exposed. But you're going to have to look at Java documentation for that, there's no point in me giving you my own version of what it says when it's already documented. I have to say that if you think you're going to get a reliable answer that doesn't cite or quote from official Java documentation, you have very strange expectations, and frankly a very strange way of doing your job.

Ways to implement secure channel scp02

Similar Messages

Maybe you are looking for