Web forward proxy cache authentication

Similar Messages

• Mac OS X Server Forward Proxy(Web Caching)...setup a website for the proxy???

  My office is a Mac environment with a couple of windows pcs. To save on bandwidth i would like to setup a Mac OS X Snow leopard server with a web caching proxy, forward proxy. I read this link from apple
  Server Admin 10.6 Help: Configuring Web Service Proxy Settings
  i understand that to set this up i must enable it on my Mac Server and also on the clients(end user) web browser. What i don't understand is this part:
  "When setting up a forward proxy, make sure you create and enable a  website for the proxy. You might want to disable logging                      on the proxy site or configure the site to record  its access log in a separate file from your other sites’ access logs.  The                      site does not need to be on port 80 but setting up  web clients is easier if its browsers use port 80 by default."
  Create and enable a website for the proxy??? I don't understand, why do i need a website for web caching? Shouldn't the settings in the web browser direct the http requests to the mac server and it does the rest, what has a website got to do with it and what type of website?How?
  Please help, thank you in advance

  SL Server

• Publish Sharepoint 2013 via Web Application Proxy and Kerberos Authentication

  This is similar to
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/66c23aae-8774-4257-b9f9-b796e69b0318/action?threadDisplayName=publishing-sharepoint-2010-using-web-application-proxy
  However I have tried his resolution to no avail.
  I am trying to publish a SharePoint 2013 website via web application proxy. SharePoint 2013 is using negotiate (Kerberos) as its authentication provider. When trying to browse to the site externally via the WAP I get an http error 500 internal server error.
  In the web application proxy's event viewer I find the following two entries every time I try to browse the site.
  event ID 13019
  level: warning
  Web Application Proxy cannot retrieve a Kerberos ticket on behalf of the user because of the following general API error: No credentials are available in the security package
  (0x8009030e).
  Details:
  Transaction ID: {5672be45-a4b8-0005-58ff-7256b8a4cf01}
  Session ID: {5672be45-a4b8-0000-3909-7356b8a4cf01}
  Published Application Name: sharepoint
  Published Application ID: ****
  Published Application External URL: https://sharepoint.domain.com
  Published Backend URL: https://sharepoint.domain.com
  User: [email protected]
  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; NOKIA; Lumia 920) like Gecko
  Device ID: <Not Applicable>
  Token State: OK
  Cookie State: NotFound
  Client Request URL:
  https://sharepoint.domain.com/home?authToken=****client-request-id=****
  Backend Request URL: <Not Applicable>
  Preauthentication Flow: PreAuthBrowser
  Backend Server Authentication Mode: WIA
  State Machine State: BackendRequestProcessing_Pending
  Response Code to Client: <Not Applicable>
  Response Message to Client: <Not Applicable>
  Client Certificate Issuer: <Not Found>"
  And
  event ID 12027
  level: error
  Web Application Proxy encountered an unexpected error while processing the request.
  Error: No credentials are available in the security package
  (0x8009030e).
  Details:
  Transaction ID: ****
  Session ID: ****
  Published Application Name: Sharepoint
  Published Application ID: ****
  Published Application External URL: https://sharepoint.domain.com/
  Published Backend URL: https://sharepoint.domain.com/
  User: [email protected]
  User-Agent: Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; NOKIA; Lumia 920) like Gecko
  Device ID: <Not Applicable>
  Token State: OK
  Cookie State: NotFound
  Client Request URL:
  https://gateway.dcsch.co.uk/home?authToken=****client-request-id=****
  Backend Request URL: <Not Applicable>
  Preauthentication Flow: PreAuthBrowser
  Backend Server Authentication Mode: WIA
  State Machine State: OuOfOrderFEHeadersWriting
  Response Code to Client: 500
  Response Message to Client: <Not Applicable>
  Client Certificate Issuer: <Not Found>"
  I have tried everything I have seen in many posts and the one linked above but cannot get this working. It does work fine internally.

  And within the next 10 minutes I found this
  http://technet.microsoft.com/en-us/library/dn308246.aspx#Kerberos
  Needed to set up delegation to ANY service in the Web application proxy

• Caching forwarding proxy

  Dear reader,
  Since Forefront TMG is eol. What must I use as a forwarding proxy to maintain website blocklists etc on windows 2012r2?
  best regards,
  Ruud Boersma
  MCITP Enterprise administrator

  Hi,
  I don't know why and IMHO the Web Application Proxy in WS 2012 R2 has only very limited functionalities compared with Forefront TMG and UAG!
  regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3276?GPP=MarcGrote

• How do i change proxy settings so it doesnt keep asking me "authentication req. The proxy web2.ucsd.edu is requesting a username and password. The site says: ucsd Squid Proxy-cache"?

  I changed my proxy setting to access a restricted school website. I don't know how to change it back to normal settings! Every time i'm browsing internet, Authentication Required windows pop up like 4-7 times a day! randomly! it says "the proxy web2.ucsd.edu:3128 is requesting a username and password. The site says: UCSD Squid proxy-cache". and makes me put in username and password every time. sooo annoying. how do i make the setting go back to default??

  1. Open firefox
  2. Go to "Tools" tab
  3. Go to "Options"
  4. Click on "Advanced"
  5. Open "Network" tab
  6. Click on "Settings"
  7. Select "No Proxy"
  8. Click "OK"

• Forward Proxy Authentication SAP Webservice Framework HELP!

  Hi,
  i have built as WS Client using the SAP Standalone Proxy. The client will utilize a forward proxy to access my Webservice. Unfortunately the documentation does only give information how to set the proxy address and port:
  port._setProperty"javax.xml.rpc.http.proxyhost","proxy");
  port._setProperty("javax.xml.rpc.http.proxyport","8080");
  The is no hint how to set a proxy user and password? Does anybody know the answer to my question here?
  Cheers,
  Heiko

  Hi Heiko,
  Get SecurityProtocol as described <a href="http://help.sap.com/saphelp_nw04/helpdata/en/ab/c955e2e2d24a888127f211f2d5043f/frameset.htm">here</a> .
  Use methid <i>public void addHeader(String key, String value)</i> to add HTTP header:
  String authString = "username" + ":" + "password";
  String auth = "Basic " + new sun.misc.BASE64Encoder().encode(authString.getBytes());
  securityProtocol.addHeader("Proxy-Authorization", auth);
  Best regards, Maksim Rashchynski.

• 2012 R2 Web Application Proxy returns 400 (Bad Request) for Kerberos IIS App

  I've gone through all of the step-by-step examples for publishing applications with the Web App Proxy and I'm getting HTTP 400 when I try to publish an IIS Kerberos application. I'm using ADFS pre-authentication.
  The application is SharePoint but I CAN NOT change the authentication method to claims based auth...it has to be windows integrated. I've double checked all of the SPN's and delegation. I get the 400 returned once the user has been authenticated and is forwarded
  to the app url with the AUTHTOKEN?=blahblahblah query string. I've installed the ADFS certificate on the proxy and set it to be the external SSL certificate for the application.
  PLEASE DONT JUST TELL ME TO POST THIS IN THE GENEVA FORUM FOR ADFS.
  The event log has an exception that looks like this:
  Web Application Proxy received a nonvalid edge token signature.
  Error: Edge Token signature mismatch. edgeTokenHelper.ValidateTokenSignature failed: Verifying token with signature public key failed
  Received token: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkY4NmgzYlFJbEk0NzZ5Y25HNlBHb1NSNDJ4byJ9.eyJhdWQiOiJ1cm46QXBwUHJveHk6Y29tIiwiaXNzIjoiaHR0cDovL3N0cy5zb3N3ZWV0c29zb2Z0LmNvbS9hZGZzL3NlcnZpY2VzL3RydXN0IiwiaWF0IjoxMzk2NDY2NDQ2LCJleHAiOjEzOTY0NzAwNDYsInJlbHlpbmdwYXJ0eXRydXN0aWQiOiI3N2Y3OTQzYi1kOGI4LWUzMTEtODBiYy0wMDE1NWQ1MWY0OWMiLCJ1cG4iOiJqdGFkbWluQHNvc3dlZXRzb3NvZnQuY29tIiwiY2xpZW50cmVxaWQiOiJlZTA1MDU3ZS00ZTliLTAwMDAtZDkwNS0wNWVlOWI0ZWNmMDEiLCJhdXRoX3RpbWUiOiIyMDE0LTA0LTAyVDE5OjEwOjM2Ljc1NVoiLCJhdXRobWV0aG9kIjoidXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQiLCJ2ZXIiOiIxLjAifQ.E1SqDU1Q2qh00Bt1n1UsBHJrf2kxWh8mN0j03QJTGPQ6vtrkncun017idy2BgB8NzQBVhPQAhfQb3F_lRAAWnpHjwaCuTjeL-pi1-ntVax37TQqQxqg0PVND8OpWxd7rTECObp6KnHBSkgHdaC6ntJ4WzE-QV6afUOyKQrIXil9qF_ybX8IOvMorvGllQB4enR3ZD6KMZBZwzLSl0iueKvZC8TqacRL_Kdvhn2AmutqFVw4wbZILhTsQFRSl86tEp-PCSJ_yLHcxTgqmKWVpEVC0Jo00hJe1MH7P1QMoJISdFY3-4tkuUykpgSNSSlEqZ9EwVdN--4aGE3QlqdL1vA
  Details:
  Transaction ID: {ee05057e-4e9b-0000-da05-05ee9b4ecf01}
  Session ID: {ee05057e-4e9b-0000-d905-05ee9b4ecf01}
  Published Application Name: FIM Portal
  Published Application ID: 48db8de3-96e7-18b6-06d8-5cb6df999b6c
  Published Application External URL:
  https://portal.sosweetsosoft.com/IdentityManagement/
  Published Backend URL:
  https://portal.sosweetsosoft.com/IdentityManagement/
  User: <Unknown>
  User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
  Device ID: <Not Applicable>
  Token State: Invalid
  Cookie State: NotFound
  Client Request URL:
  https://portal.sosweetsosoft.com/identitymanagement?authToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkY4NmgzYlFJbEk0NzZ5Y25HNlBHb1NSNDJ4byJ9.eyJhdWQiOiJ1cm46QXBwUHJveHk6Y29tIiwiaXNzIjoiaHR0cDovL3N0cy5zb3N3ZWV0c29zb2Z0LmNvbS9hZGZzL3NlcnZpY2VzL3RydXN0IiwiaWF0IjoxMzk2NDY2NDQ2LCJleHAiOjEzOTY0NzAwNDYsInJlbHlpbmdwYXJ0eXRydXN0aWQiOiI3N2Y3OTQzYi1kOGI4LWUzMTEtODBiYy0wMDE1NWQ1MWY0OWMiLCJ1cG4iOiJqdGFkbWluQHNvc3dlZXRzb3NvZnQuY29tIiwiY2xpZW50cmVxaWQiOiJlZTA1MDU3ZS00ZTliLTAwMDAtZDkwNS0wNWVlOWI0ZWNmMDEiLCJhdXRoX3RpbWUiOiIyMDE0LTA0LTAyVDE5OjEwOjM2Ljc1NVoiLCJhdXRobWV0aG9kIjoidXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQiLCJ2ZXIiOiIxLjAifQ.E1SqDU1Q2qh00Bt1n1UsBHJrf2kxWh8mN0j03QJTGPQ6vtrkncun017idy2BgB8NzQBVhPQAhfQb3F_lRAAWnpHjwaCuTjeL-pi1-ntVax37TQqQxqg0PVND8OpWxd7rTECObp6KnHBSkgHdaC6ntJ4WzE-QV6afUOyKQrIXil9qF_ybX8IOvMorvGllQB4enR3ZD6KMZBZwzLSl0iueKvZC8TqacRL_Kdvhn2AmutqFVw4wbZILhTsQFRSl86tEp-PCSJ_yLHcxTgqmKWVpEVC0Jo00hJe1MH7P1QMoJISdFY3-4tkuUykpgSNSSlEqZ9EwVdN--4aGE3QlqdL1vA&client-request-id=ee05057e-4e9b-0000-d905-05ee9b4ecf01
  Backend Request URL: <Not Applicable>
  Preauthentication Flow: PreAuthBrowser
  Backend Server Authentication Mode:
  State Machine State: Idle
  Response Code to Client: <Not Applicable>
  Response Message to Client: <Not Applicable>
  Client Certificate Issuer: <Not Found>

  Hi,
  I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
  Thanks for your understanding and support.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Web Application Proxy and IIS

  I setup the Web Application Proxy role on Server 2012 R2 a while back and published a few applications. Everything worked great. A few months later I deployed DirectAccess on the same server. Once again, everything worked great.
  All of a sudden users started stating that they were receiving an "Internet Information Services" page while they were clicking links on the intranet. Clicking the refresh button in their browser would resolve the problem. It was puzzling. Eventually
  I figured it out. It was only mobile users having the issue. They were taking their laptops home, clicking HTTP links on our SharePoint site (which were not deployed via Web Application Proxy), which was then hitting the Web Application Proxy server's
  port 80 over HTTP (not HTTPS). Then the page was being cached by IE on their laptop/tablet. When they returned to the office the cached page was opening which is why hitting refresh resolved the issue.
  I understand that one of the issues is the wrong link on the intranet (HTTP vs HTTPS). We'll have these corrected. But the real problem is that they were hitting IIS on our Web Application Proxy server. Why is IIS installed? It's not required by WAP
  and I never installed it... Was it installed as part of DirectAccess? And most importantly, will I break anything by forwarding HTTP to HTTPS within IIS using URL rewrite? Will it affect DirectAccess? Our NLS is not on the DA server.
  Once again, this server is only used for WAP and DA. Nothing else. Any input is greatly appreciated. Thanks!

  Hi Cormang,
  Yes, IIS is a part of DirectAccess.
  Windows Server 2012 combines the DirectAccess feature and the RRAS role service into a new unified server role. This new Remote Access server role allows for centralized administration, configuration, and monitoring of both DirectAccess and VPN-based remote
  access services.
  When we try to remove the IIS, we will get the message below,
  I have tried to disable the IIS server on my DirectAccess server. DirectAccess client still works properly. Therefore, it seems that the IIS is not necessary to DirectAccess.
  Best Regards.
  Steven Lee
  TechNet Community Support

• Web Application Proxy and Safari

  Morning, all.
  I've installed and configured the new Windows Server 2012 R2 AD FS and Web Application Proxy, and I've run into some strange problems. I had some initial problems getting it to work, the documentation is a bit thin, but I now have Sharepoint and Webmail
  published to the Internet.
  I'm using x.509 Certificate Authentication for Extranet.
  In IE on a Windows 8.1 Surface Pro everything works. I can log in using ether a softcert or a SmartCard.
  On my OS X Mac I can log in using Chrome, but Safari won't work.
  Same thing on my iPad running iOS 7.0.4, Safari won't work. Interestingly enough, on my 7.0.4 iPhone it DOES work. Even more interestingly, I CAN Workplace Join the iPad using the URL https://<adfs fqdn>/enrollmentserver/otaprofile but
  I can't authenticate using the URL https://<adfs fqdn>/adfs/ls/IdpInitiatedSignon.aspx.
  I get to select my certificate, but after that I'm getting this error message: "Safari cannot open the page because too many redirects occurred." In the Event log on the AD FS server I'm getting this:
  Encountered error during federation passive request. 
  Additional Data 
  Protocol Name: 
  Saml 
  Relying Party: 
  http://<adfs fqdn>/adfs/services/trust 
  Exception details: 
  Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '0' seconds. Contact your administrator for details.
     at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.UpdateLoopDetectionCookie(WrappedHttpListenerContext context)
     at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.SendSignInResponse(SamlContext context, MSISSignInResponse response)
     at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
     at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
  Since it does work on an iPhone running the same browser, and Workplace Join does work on the iPad even if nothing else does I'm thinking there's some UserAgent voodoo going on in parts of the Web Application Proxy. It's no big deal that Safari in OS X doesn't
  work, we can always run Chrome, but the iPad is a major problem and a total deal breaker if I can't fix it.
  I would appreciate some good advice.

  Hi,
  As both IE and Chrome work, I think it’s more a client side issue.
  Maybe you need to clear you browser cache and cookies.
  This also worth a try:
  http://stackoverflow.com/questions/2640030/adfs-v2-0-error-msis7042-the-same-client-browser-session-has-made-6-request
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Hope this helps.

• APEX Web Services Proxy Settings

  So I have been experimenting with Web Services and I see to have a problem whenever I go through a Proxy Server; I keep getting the error below for the same request that works when I am not using a Proxy Server.
  ORA-06502: PL/SQL: numeric or value error: character string buffer too small
  ORA-06512: at "APEX_040000.WWV_FLOW_WEB_SERVICES", line 959
  ORA-31011: XML parsing failed
  ORA-19202: Error occurred in XML processing
  LPX-00202: could not open "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" (error 101) Error at line 1I am thinking that perhaps its because the Proxy Server I am using requires authentication; however, I cannot seem to find a provision for username/password when editing the definition.
  Home > Application Builder > Application > Shared Components > Edit ApplicationAny ideas?
  Regards,
  Phiri

  Hi Phiri,
  the web services call will be made by the database server, so authentication isn't just an issue for APEX, but you would give the host running the database server access.
  APEX itself only supports the simple proxy case just to provide the basic functionality.
  Depending on which web server you use to host APEX, you might be able to let that host pass your proxy attributes with the request (e.g. when using OHS, you could put the values into PlsqlCGIEnvironmentList), though I'm not sure whether they are forwarded for web service requests automatically or if you have to build your own process to extract the value from the CGI environment and add it to the web service call.
  Another option could be to start building the process in your own process right away. The database has the API-package UTL_HTTP which can be used to perform the proxy authentication (utl_http.set_authentication with for_proxy => true)
  Have a look on these pages:
  - example for a request including proxy and authentication (with the little change to be "for proxy") http://www.oracle.com/technology/sample_code/tech/pl_sql/htdocs/x/Utl_Http_Package_Enhancements/Cr_Using_Utl_Http.htm
  - a nice overview on the package methods: http://psoug.org/reference/utl_http.html
  -Udo

• ADFS 3.0 - Web Application Proxy configuration Issue

  Hi All,
  We are in the process of implementing ADFS 3.0 published to the internet for o365 Federation purposes.
  The setup consists of the following
  - 2 x windows 2012 R2 running ADFS 3.0 ( only one server presently installed and configured though)
  - 2 x Windows 2012 R2 Running Web Application Proxy (  only one server presently installed and configured though ).
  There is an F5 Big-IP load-balancer for both internal and external interfaces and it has been configured after a lot of issues with the SNI part on the F5.
  So, in short the setup is now a single server hosting ADFS 3.0 using SQL and a single WAP server, however the traffic to these servers are still going through the LB.
  Now the issue is that i cannot complete the installation/configuration of the Web Application Proxy server. There is  a firewall in between our DMZ and the internal network. I can reach the internal services via the following url and telnet on port 443
  to the federation service as well. (ports for 443 and 80) are opened to internal network on the load balancer ip . I can reach https://fs.domain.com/adfs/ls/idpinitiatedsignon.aspx and federationmetadata/2007-06/federationmetadata.xml location as well
  from the Web APplication proxy server without any issues or certificate prompts at all.
  When i do the configuration for WAP, i use the same account which was used as a service account for the ADFS service internally. If i use a local admin account, it errors out with another message stating the connection was closed.
  The certificate on the internal server along with its private key was exported and has been imported on the WAP server . This is not internal CA, instead we are using DIGICERT SSL with SAN Names for enterprise registration and work folders. Hence the CA Chain
  issue is ruled out and also this is not a wild card certificate.
  When the wizard starts configuring, it does establish the trust with the federation service which is shown up in the event viewer with  EventID 391 within 15 seconds i get another event id 422 which states that it cannot retrieve the proxy configuration
  and eventid 276 on the Federation server which states the authentication failure. this continues until the servers stops to try configuring the wizard. 
  I have read all the available threads on the 3.0 WAP installation /configuraiton problem and tried all the steps possible but i am still stuck with this issue.
  There is one more part that i noticed on the ADFS server, that the self signed services for the token-encrypting and token decrypting are self-signed certificates. Also, in the certificates it was showing up as not trusted. and i installed them to the TRUSTED
  ROOT CERTIFICATION STORE after wich i cannot see any private key showing up when viewing the certificate which means i cannot get the MANAGE PRIVATE keys option when right clicking on the cert to assign read permissions for the ADFS service account.
  Should i assign the same SSL sertificate (SAN based for enterpriseregistration & Workfolders) to the token-encrypting and token-decrypting services in ADFS console or should i leave them as self signed ? I did read that self-signed is not recommended for
  production environment ? If not the same certificate what are the requirements for the certificate ?
  I am not sure what I am missing in the configuration that is causing this issue. The WAP servers are not part of the domain and have also ensured the time synchronization between the domain machine as well.
  The service name is fs.domain.com on both the internal and external DNS ( we have domain.com as a zone in DNS internally as well ). I am able to Authenticate inside and from the WAP server when accessing the link.
  Could it be a Load Balancer Configuration ? [i will try eliminating this from the configuration]
  Let me know if there are any options that i can try to resolve this and get the configuration working.
  Cheers,

  Does the load balancer pass the certificate session through to the ADFS server or are you offloading SSL. SSL offload does not work with WAP/ADFS integration (at least at the time of writing it does not).
  Can you try through the load balancer with SSL pass through turned off please.
  Also as ADFS 3.0 (Server 2012 R2) uses Server Name Indication (SNI) then any health checks that run on the load balancer must support this, so if they do not then you need to use TCP 443 checks for a listening port, as doing a standard HTTPS check will fail,
  and if the load balancer fails its checks whilst you are configuring ADFS that might be a reason why it has gone offline for you (error 442 is to do with failure to swap client certificates between WAP and ADFS).
  Finally, check the June update to Server 2012 R2 (http://support.microsoft.com/kb/2964735) as that has fixed some certificate issues with multiple servers for WAP and ADFS when you don't have the
  2012 R2 AD schema in place.
  Brian Reid
  Exchange MVP and Exchange and  Office 365 Certified Master
  www.c7solutions.com
  Brian Reid C7 Solutions Ltd (www.c7solutions.com)

• Web Service Proxy client to invoke a Web service on SSL (Jdev 10.1.3.1)

  Hi,
  I have to develope a Web Service proxy client to invoke a web service on SSL. First I'm testing with OC4J 10.1.3.1 and JDEV 10.1.3.1 and did this:
  1) Developed a basic PL/SQL Web Service with JDEV and publish on my standalone OC4J.
  2) Made a test with a browser, it worked OK
  3) Generated a proxy client from JDev 10.1.3.1 to invoke web service, it worked OK
  --- Now make it work on SSL----
  4) Then, added SSL configuration to oc4j , generated a certificate with keytool (updated server.xml, secure-web-site.xml), and shutting down and starting the OC4j instance.
  5) Import the certificate to JAVA_HOME/jre/lib/security/cacerts
  6) Test web service from browser on https and worked OK.
  7) When tried to modified proxy client (generated in step 3) to make it work on SSL, I realized that just changing the END_POINT to the new url (https) it worked!
  Questions----
  1.- By default the proxy client generated from JDEV 10.1.3.1 knows how to deal with SSL conections?
  2.- If I dont have previously the server certificate to import it into JAVA keystore (cacerts) how could I ,from proxy client code, capture it and import it before the validation occurs... because if the certificate is not in keystore , the program fails.
  Thanks in advance
  J.

  Hi,
  Could you please provide me with the steps necessary to create a web service proxy client through JDeveloper or any other mechanism when 2 way SSL (requiring client authentication) is enabled.
  Thanks a lot in advance
  Nilesh

• Web Service Proxy error: "No operation found using soap keys"

  I'm trying to use the new tools, and having a little trouble. Not many results when searching for this error message.
  I have developed and deployed a new Java web service proxy using the outside-in approach according to the [help docs|http://help.sap.com/saphelp_nwpi71/helpdata/EN/46/7f2fef88190ad3e10000000a11466f/frameset.htm] (PI 7.1 SP07, NWDS 7.1 CE SP09 PAT0000). Started with a Service interface in ESR, then generated a java bean skeleton into a new EJB project in NWDS, then wrote business logic and deployed.
  When I test the web service (with 3 different SOAP test clients) I get the same error, below:
       <faultstring>com.sap.engine.services.webservices.espbase.server.additions.exceptions.ProcessException:
  No operation found using soap keys [], [spmat_jdbc_receiver_proxy]. InterfaceMapping Object class:
  com.sap.engine.services.webservices.espbase.mappings.InterfaceMapping mappings: {BindingQName=
  {urn:nexeninc:pi:ll:spmat:100}SI_I_Sync_SPMAT_JDBC_Receiver_ProxyBinding, BindingType=Soap, PortTypeQName=
  {urn:nexeninc:pi:ll:spmat:100}SI_I_Sync_SPMAT_JDBC_Receiver_Proxy, JAXWSInterface=true, InterfaceMappingID=-
  27e4d529:127632b5c52:-7ebb}.</faultstring>
  My service endpoint interface looks like this (unimportant lines removed):
  package nexeninc.pi.ll.spmat._100;
  @javax.jws.WebService(name = "SI_I_Sync_SPMAT_JDBC_Receiver_Proxy", targetNamespace = "urn:nexeninc:pi:ll:spmat:100")
  @javax.jws.soap.SOAPBinding(parameterStyle = javax.jws.soap.SOAPBinding.ParameterStyle.BARE, style = javax.jws.soap.SOAPBinding.Style.DOCUMENT, use = javax.jws.soap.SOAPBinding.Use.LITERAL)
  public interface SIISyncSPMATJDBCReceiverProxy {
    @javax.jws.WebMethod(operationName = "SI_I_Sync_SPMAT_JDBC_Receiver_Proxy", action = "http://sap.com/xi/WebService/soap1.1")
    @javax.jws.WebResult(name = "spmat_jdbc_receiver_proxy_response", targetNamespace = "", partName = "spmat_jdbc_receiver_proxy_response")
    public generated.SpmatJdbcReceiverProxyResponse siISyncSPMATJDBCReceiverProxy(@javax.jws.WebParam(name = "spmat_jdbc_receiver_proxy", targetNamespace = "", partName = "spmat_jdbc_receiver_proxy") generated.SpmatJdbcReceiverProxy spmat_jdbc_receiver_proxy);

  (continued from above post)
  And my implementation bean looks like this (unimportant lines removed):
  package nexeninc.pi.ll.spmat._100;
  @SessionHandlingDT(enableSession = false)
  @AuthenticationDT(authenticationLevel = AuthenticationEnumsAuthenticationLevel.BASIC)
  @TransportGuaranteeDT(level = TransportGuaranteeEnumsLevel.NONE)
  @WebService(serviceName = "SI_I_Sync_SPMAT_JDBC_Receiver_Proxy_Service", portName
  = "SI_I_Sync_SPMAT_JDBC_Receiver_Proxy_Port", endpointInterface
  = "nexeninc.pi.ll.spmat._100.SIISyncSPMATJDBCReceiverProxy", targetNamespace = "urn:nexeninc:pi:ll:spmat:100", wsdlLocation
  = "META-
  INF/wsdl/nexeninc/pi/ll/spmat/_100/SI_I_Sync_SPMAT_JDBC_Receiver_Proxy/SI_I_Sync_SPMAT_JDBC_Receiver_Proxy.wsdl")
  @Stateless
  public class SIISyncSPMATJDBCReceiverProxyImplBean {
       @RelMessagingNW05DTOperation(enableWSRM = false)
       public generated.SpmatJdbcReceiverProxyResponse siISyncSPMATJDBCReceiverProxy(
                 generated.SpmatJdbcReceiverProxy spmat_jdbc_receiver_proxy) {
            System.out.println("Starting siISyncSPMATJDBCReceiverProxy.");
  When we first created the new endpoint in NWA, we tried asigning a new name for both "Service Endpoint Name" and "In New Service", and we received this error.
  We then deleted the endpoint and created another new one, setting "Service Endpoint Name" to match the portName in the implementation bean: "SI_I_Sync_SPMAT_JDBC_Receiver_Proxy_Port", but that didn't work either. The only option we enabled in the endpoint was HTTP authentication: User ID/Password.
  My ejb-j2ee-engine.xml and application-j2ee-engine.xml are both empty (but they exist).
  I am new to EJBs and JAX-WS so hopefully it's something simple. All help appreciated!
  Apologies for the long (and wide) post.
  - Rob

• Calling web service with basic authentication from EP "unauthorized"

  Hello,
  I need to call a .NET web service with basic authentication on the IIS from my portal application (no http proxy between portal and IIS). But always I get the following exception:
  <b>com.sap.engine. services.webservices.jaxm.soap.accessor. NestedSOAPException:
  Problem in server response: [Unauthorized].</b>
  I'm using the following code for calling the .NET web service:
  <b>...</b><i>Licence_GetList lParameter = new Licence_GetList();
  lParameter.setStatus(CEnvironment.TransformStatus_WebService(search));
  ILicenceManager lLicMan = (ILicenceManager) PortalRuntime.getRuntimeResources().getService("LicenceManager");
  ILicenceManager lLicManSecure = lLicMan.getSecurisedServiceConnection(request.getUser());
  Licence_GetListResponse lGetListResponse = lLicManSecure.Licence_GetList(lParameter);</i><b>...</b>
  I've also configured a http system in the portal system landscape using the following parameters:
  <i>Authentication Method : Basic Authentication
  Authentication Type : Server
  User Mapping Type : admin,user</i>
  The user mapping is also personalized for this system!
  What's wrong? Please help! This is really urgent!
  Kind Regards
  Joerg Loechner

  Hello Renjith,
  here is a small cutout of my "portapp.xml";
  <services>
    <service alias="LicenceManager" name="LicenceManager">
      <service-config>
        <property name="className" value="de.camelotidpro.
               pct.xi.scm.webservice.LicenceManager"/>
        <property name="startup" value="false"/>
        <property name="WebEnable" value="false"/>
        <property name="WebProxy" value="true"/>
        <property name="SecurityZone" value="de.camelotidpro.
               pct.xi.scm.webservice.LicenceManager/
                 DefaultSecurity"/>
      </service-config>
      <service-profile>
        <property name="SystemAlias" value="LicMan_NET"/
      </service-profile>
    </service>
  </services>
  I'm using a http system created in the system landscape (alias LicMan_NET). But it seems that this system is not used by the web service call (No error, even if I delete this system!). The code used to call this web service can be found at the top of this threat...
  Regards
  Joerg Loechner

• Publishing CRM 2011 on Web Applicaiton Proxy Using Kerberos Constrained Delegation

  Hello,
  Couldn't find a sub category that seemed suitable for this discussion so I just dropped it in Windows Server 2012 General.
  So to summarize...
  Web Application Proxy (WAP) on 2012r2, ADFS on 2012r2, and CRM 2011 RU11 is on 2008r2.
  WAP has a pass through rule setup for the ADFS site and a preauth rule setup for the CRM site.  All SPNs and delegation are setup in AD.
  Setup is 1 WAP, 1 NIC, 1 ADFS server and 1 CRM server.
  I have successfully publish my CRM 2011 site on Web application proxy and am successfully doing Kerberos Constrained Delegation.  I am also doing Client certificate authentication on the ADFS server which works fine.  I am doing this over 49443
  just fine.
  Try to access the CRM site, WAP redirects me to ADFS as expect, Client certificate auth happens at the ADFS server,  I am redirected back to my CRM site with my authToken so pre authentication can happen successfully.  KCD ensues after just fine
  and i am reverse proxied back to the CRM site.
  Here in lies the problem though...
  When i am reversed proxied back to the CRM site, i receive the standard "An error has occurred Try this action again.... yada yada yada" message with the Try Again or Close button.  If i click try again, i am able to access the site with no
  problem and the solution works great!  This obviously is not acceptable though.
  The error URL looks like the following (changed it for obvious reasons)
  https://crmsite.contoso.com/ORG1/_common/error/errorhandler.aspx?BackUri=https%3a%2f%2fadfs.contoso.com%2fadfs%2fls%3fversion%3d1.0%26action%3dsignin%26realm%3durn%253AAppProxy%253Acom%26appRealm%3d63ce68f1-3de4-e411-9412-005056a67a8d%26returnUrl%3dhttps%253A%252F%252Fcrmsite.contoso.com%252F%26client-request-id%3d4A1A0958-76F3-0000-5D91-1C4AF376D001&ErrorCode=&Parm0=%0d%0a%0d%0aError%20Details%3a%20An%20unhandled%20exception%20occurred%20during%20the%20execution%20of%20the%20current%20web%20request.%20Please%20review%20the%20stack%20trace%20for%20more%20information%20about%20the%20error%20and%20where%20it%20originated%20in%20the%20code.&RequestUri=%2fdefault.aspx
  The error that correlates to this in CRM is
  Event code: 3005
  Event message: An unhandled exception has occurred.
  Little bit further down
  Exception information:
      Exception type: InvalidOperationException
      Exception message: CRM Parameter Filter - Invalid parameter 'AuthMethod=CertificateAuthentication' in Request.Form on page /default.aspx
  If anybody has any insight or experience publishing CRM on WAP using KCD and has run into this issue, help would be greatly appreciated.
  Also to head of this question, we can not do an IFD setup.  There is a custom developed solution which resides on top of the CRM installation that is not claims friendly.
  Thanks!
  Jonathan

  Hi,
  Please check if anyone of the links below is helpful:
  http://blogs.msdn.com/b/javaller/archive/2014/01/13/publishing-crm-internet-facing-deployment-using-web-application-proxy-and.aspx
  http://blogs.technet.com/b/dynamicspts/archive/2014/10/03/using-web-application-proxy-to-publish-dynamics-crm-2013-to-the-internet.aspx
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]