WebAuth logout.html

Hi,
I have the following systems in place:
5508 WLC - 7.4.100.00
NAC Guest Server - 2.1.0
I have setup an SSID with external Webauth, which is pointing to the login page on the NAC.
All works fine but I cannot use the logout page which is customized on the NAC. I always get the internal default logout.html of the WLC and I cannot customize that.
Every customization which I have done to the logout.html (then uploaded it on the WLC) will not be recognized.
Is there a way to customize that logout.html?
Thanks
Stefan

No direct solution I'm afraid. The only thing I can think of is to use ISE instead, which does allow you to customise all the things you're interested in.

Similar Messages

Problems with customized logout.html

First question...
Should the <FORM action> in the customized logout.html be set to itself (logout.html) or the default logout page https://1.1.1.1/logout.html
Assuming the second option... after I click submit on logout.html it takes me to https://1.1.1.1/logout.html which then displays a message:
To complete the log off process and to prevent access to unauthorized users, you must
close all browser windows and exit the browser application.
Is it possible to change this mesage?
Thanks,

You can download the bundle from here and look at the this tar file:
WLC Authentication with Customized Logout Page
This is an example custom webauth bundle when authentication is in use. After successful login, the customized 'logout.html' page comes up. After unsuccessful login, the customized failed.html comes up. These pages will not be seen unless the user has popups enabled in the browser. This bundle goes on the WLC itself. It contains an Acceptable Use Policy (aup.html) and graphic (yourlogo.jpg) besides the base 'login.html'.
logout/login.tar
http://software.cisco.com/download/release.html?mdfid=282600534&softwareid=282791507&release=1.0.2&relind=AVAILABLE&rellifecycle=&reltype=latest
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****

How to retrieve the webauth-bundle on WLC

Hi all,
I can see the web auth bundle:
(Cisco Controller) show custom-web webauth-bundle
box-bottom.gif
              box-left.gif
                          image.gif
                                        login.html
                                                  logo.gif
                                                          logout.html
Now I want to download the web bundle( box-buttom.gif, box-left.gif...logo.gif,logout.gif) to my PC. Is it possible, if so, how?

Not completley related but might help??
https://supportforums.cisco.com/message/3263628#3263628
Please rate this response thanks

Cisco 5760 WebAuth "Consent Success Page"

I've downloaded the WebAuth bundle from cisco.com and uploaded to a Cisco 5760 software version 3.6
It is all functioning correctly, except one aspect.
After the user reads the AUP and clicks the submit button they are sent to a "Consent Success Page" that reads "Thanks for Accepting our Consent" and will redirect to the ios configured redirectURL after 5 seconds.
Has anyone come across this? Can anyone advise how I customise this "Consent Success Page"? It doesn't appear to load the success.html page that I've configured below.
parameter-map type webauth global
type webconsent
virtual-ip ipv4 1.1.1.1
max-http-conns 100
intercept-https-enable
parameter-map type webauth PublicWiFi
type consent
consent email
redirect on-success http://bbc.co.uk
custom-page login device flash://consent/pub/consent.html
custom-page success device flash://consent/pub/success.html
custom-page failure device flash://consent/pub/failed.html
custom-page login expired device flash://consent/pub/logout.html
logout-window-disabled

May be the bug CSCup67821 with no workaround

Web Auth logout windows shows IP address as URL vs DNS

We are using Web Auth with DNS name which works fine. We did notice however that upon successful login that the logout popup page displays the logut url with the IP address and not the DNS.
Is this a bug?
Runnig WCS 4.2.62.0 WLC 4.2.112.0

See steps below. It might be clearer this way.
Guest user gets an IP address via DHCP with DNS information.
Guest user goes to website www.cisco.com
Guest User is redirected to Web auth page https://webauth.xyz.com/login.html?redirect=www.cisc.com/
Guest User logs in
Guest User receives POPUP page indicating successfull login and is reminded to either minimize this window or remember the URL to retrieve this window to logout.
It is here the the URL indicates the IP address http://1.1.1.1/logout.html and not the DNS name http://webauth.xyz.com/logout.html

OAM 11g Webgate 10g customized SSO logout page

As stated in the title, I am using OAM 11g and Webgate 10g. I am trying to create a customized SSO logout page but am confused on a few parts. First off, in http://docs.oracle.com/cd/E17904_01/doc.1111/e15478/logout.htm#CHDHFGJC , it states the following step for their logout.html:
Logic in logout.html redirect to the OAM Server. For example:
http://myoamserverhost:port/oam/server/logout?end_url=http://my.site.com/
welcome.htmlMy question is if this is truely required? Or is there a way to have OAM invalidate the session and do its internal part of the logout procedures without needing to force the user to redirect to the OAM server's logout URL (eg: it automatically recognizes that the Webgate URL is "...../logout.html" and handles it properly). From talking to colleagues it sounds like this should be possible, and I see some mentions of it in the above documentation, but this appears to be 11g OAM and 11g Webgate behavior. At the same time though, the line "Logout is initiated when an application causes the invocation of the logout.html file configured for any registered OAM 10g Webgate." Leads me to believe that it can work with 10g webgate as well.
Or, is there a way to have multiple valid logout pages on the OAM server? (There is currently a customized logout page that we cannot modify, and does not meet all the requirements we have for look/feel)
Thank you
Edited by: mBaldwin on Apr 12, 2013 10:30 AM

Bump Any ideas?

Logout does not work in OIM after enabling OAM SSO

We have installed a webgate to protect xlWebApp in OIM. Once the SSO is enabled, the logout does not work in the OIM user interface. How to solve this issue?
Metalink has a solution where we need to add document.location="http://host:port/access/oblix/lang/en-us/logout.html"; in xlWebApp\tiles\tjspLogoffTiles.jsp. This is the logout URL of OAM. Is there any other way so we can have a logout page in the OIM application/server itself?
Thanks.

Kevin,
I did what you suggested and initially it looked like it is working but there is slight issue. When I click Logout, it redirects to the logout screen. After logging out when I try to access xlWebApp it prompts for the login (i am using basic authentication). If I cancel it and again try to access xlWebApp, it lets me in without any prompt. This issue is in IE only but not in Firefox. Not sure what's the issue.
Btw, to make the logout screen work, I had to unprotect the following with None Authentication:
- /xlWebApp/pages/logout.html (logout page)
- /xlWebApp/images
- /xlWebApp/css/Xellerate.css
- /xlWebApp/css/style.css
Thanks.
Edited by: user504421 on Mar 16, 2009 9:52 AM
Edited by: user504421 on Mar 16, 2009 10:00 AM
Edited by: user504421 on Mar 16, 2009 10:01 AM

Logout works fine on Local Machine but not on Server

I have the following code in my backing bean:
      ExternalContext external =
        FacesContext.getCurrentInstance().getExternalContext();
      HttpSession session = (HttpSession) external.getSession(false);
      session.invalidate();
     // redirect using response because logout is a HTML page
      HttpServletResponse response =
        (HttpServletResponse) external.getResponse();
      response.sendRedirect("../logout.html");The problem is that this works fine on my local machine http://localhost:8888/my-context-root
but on the Server clicking on the Logout link gives Page cannot be displayed.
The protocol is https://ip-address:port/my-context-root and on the local machine it's http
Is it the https thats causing the problem ?
I also tried using:
external.redirect("../logout.html"); but this also didn't help.

The URL for Login is
https://ip address:port/my-context-root/restricted/home.facesWhen the logout link is clicked the same URL is rendered.
Backing bean is
public class HomeBackingBean
public String logout()
    try
      ExternalContext external =
        FacesContext.getCurrentInstance().getExternalContext();
      HttpSession session = (HttpSession) external.getSession(false);
      session.invalidate();
      //FacesContext.getCurrentInstance().responseComplete();
      Utility.logDebug("Session invalidated, trying to redirect to logout.html");
      // redirect using response because logout is a HTML page
      HttpServletResponse response =
        (HttpServletResponse) external.getResponse();
     response.sendRedirect("../logout.html");
    catch (IOException ioEx)
      Utility.logDebug("Failed to logout due to IOException");
    return null;
}The exit.jsp is :
<%@ taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
<%@ taglib uri="http://myfaces.apache.org/trinidad" prefix="tr"%>
<h:form>
    <tr:commandLink styleClass="logout" text="Logout"
                    action="#{homeBean.logout}"/>
</h:form>The server log says:
07/31 23:42:19 DEBUG [com.eds.send.common.Utility] Session invalidated, trying to redirect to logout.html
07/31 23:42:19 DEBUG [com.sun.faces.application.NavigationHandlerImpl] No navigation rule found for outcome nulland viewId /r
estricted/home.faces Explicitly remain on the current view
07/31 23:42:19 DEBUG [com.sun.faces.lifecycle.InvokeApplicationPhase] Exiting InvokeApplicationsPhase
07/31 23:42:19 DEBUG [com.sun.faces.el.ValueBindingImpl] getValue(ref=restricted$home)
07/31 23:42:19 DEBUG [com.sun.faces.application.ApplicationImpl] Couldn't find a factory for restricted$home
07/31 23:42:19 DEBUG [com.sun.faces.el.VariableResolverImpl] resolveVariable: Resolved variable:null
07/31 23:42:19 DEBUG [com.sun.faces.el.ValueBindingImpl] getValue Result:null
07/31 23:42:19 DEBUG [com.sun.faces.el.ValueBindingImpl] getValue(ref=restricted$home)

Logout navigation Bar related

Hi,
I want when i click on nevigation bar logout link. my logout time should go into the database.
Eg if I login at 1 'o clock and made logout at 2'o clock then logout time should go into the table.
user login detail is already into the table like serialno,userid,logintime,date,username and so on. i have to just enter the logout time and status in table.this is my table in which login details enter.
CREATE TABLE "USER_RECORD"
   (     "SERIAL" NUMBER NOT NULL ENABLE,
     "USER_ID" NUMBER,
     "LOGIN_TIME" VARCHAR2(20) NOT NULL ENABLE,
     "DTE" DATE,
     "LOGOUT_TIME" VARCHAR2(20),
     "STATUS" VARCHAR2(1),
     "USRNAME" VARCHAR2(50),
      CONSTRAINT "USER_RECORD_PK" PRIMARY KEY ("SERIAL") ENABLE
   )i have done this by creating the logout button and written process there and its working.
i want to do same task with nevigation bar logout link
Please help me if it possible
i am sending you the code which i written to do the entry of user logout.
declare
t varchar2(50);
BEGIN
select to_char(cast(systimestamp at time zone 'Asia/Calcutta' as date),' hh24:mi:ss') into t from dual;
UPDATE USER_RECORD
SET LOGOUT_TIME = t,STATUS ='Y'
WHERE SERIAL = (SELECT MAX(SERIAL) FROM USER_RECORD WHERE USER_ID = :P50_USER_NAME);
END;Thanks & Regards
Nisha
Edited by: Nisha Rani on Aug 18, 2010 12:16 AM

For this you may have to create a Logout Page. Much like what happens in Apex itself, when you logout you land on a Logout page not the Login page.
Check this out.
http://dgielis.blogspot.com/2007/07/oracle-apex-behind-scenes-logout.html
Regards,

Wired WebAuth with NAC Guest Server

Hi,
I am trying to get wired WebAuth working with NAC Guest Server. In the switch_login.html file example, what should be changed for this line:
ngsOptions.actionUrl = https://1.1.1.1/;
Should this be an IP address on the switch? Shoul I have this pointing to the success.html page like this:
ngsOptions.actionUrl = "https://1.1.1.1/success.html";
When I log on, and accept the AUP, my browser just sits there trying to access Https://1.1.1.1/?redirect-url=blah blah blah
Thanks,
Peter

FYI,
In my case I WAS getting the switch_login.html web page being displayed, but after entering credentials and submitting the Acceptable Use Policy page, I did NOT 'see' any radius traffic between the switch (C2960S 12.2(55)SE3) and the ACS 5.3 radius server?!.
I used the sample .html docs that you can find on the NAC Guest Server in the 'samples' folder on that server. I used WCP app to copy them to my PC/laptop before modifying where relevant and copying to flash on switch and to the wireless 'hotspot' folders on the NGS.
I went through the following document in url below line by line, paragraph by paragraph and found that I had left out the following command in the configuration:
aaa authentication login default group radius
see doc at:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_1.99/WebAuth/WebAuth_Dep_Guide.html#wp392553
So I added it in and I am now seeing the radius debug traffic being redirected to the ACS by the switch when a user submits the credentials.
aaa new-model
aaa authentication login default group radius
aaa authentication login VTY-USER-LOGIN local
aaa authentication dot1x default group radius
aaa authorization console
aaa authorization exec EXEC-LOCAL local
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting auth-proxy default start-stop group radius
aaa accounting dot1x default start-stop group radius
with debug radius enabled:
Feb 1 13:36:09 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/4, changed state to down
TEST-802.1X#
Feb 1 13:36:10 PST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/4, changed state to down
TEST-802.1X#
Feb 1 13:36:18 PST: %AUTHMGR-5-START: Starting 'dot1x' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
TEST-802.1X#
Feb 1 13:36:20 PST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/4, changed state to up
Feb 1 13:36:21 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/4, changed state to up
TEST-802.1X#
Feb 1 13:36:27 PST: %DOT1X-5-FAIL: Authentication failed for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID
Feb 1 13:36:27 PST: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-5-START: Starting 'mab' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27.367 PST: RADIUS/ENCODE(0000058E):Orig. component type = DOT1X
Feb 1 13:36:27.367 PST: RADIUS(0000058E): Config NAS IP: 10.167.64.74
Feb 1 13:36:27.367 PST: RADIUS/ENCODE(0000058E): acct_session_id: 1421
Feb 1 13:36:27.367 PST: RADIUS(0000058E): sending
Feb 1 13:36:27.367 PST: RADIUS(0000058E): Send Access-Request to 10.167.77.70:1645 id 1645/14, len 211
Feb 1 13:36:27.372 PST: RADIUS: authenticator 2E F0 62 2D 43 D9 7D 2A - 7C 88 0A 52 B9 6E 78 A8
Feb 1 13:36:27.372 PST: RADIUS: User-Name           [1]   14 "848f69f0fcc7"
Feb 1 13:36:27.372 PST: RADIUS: User-Password       [2]   18 *
Feb 1 13:36:27.372 PST: RADIUS: Service-Type        [6]   6   Call Check                [10]
Feb 1 13:36:27.372 PST: RADIUS: Framed-MTU          [12] 6   1500
Feb 1 13:36:27.372 PST: RADIUS: Called-Station-Id   [30] 19 "20-37-06-C8-68-84"
Feb 1 13:36:27.372 PST: RADIUS: Calling-Station-Id [31] 19 "84-8F-69-F0-FC-C7"
Feb 1 13:36:27.372 PST: RADIUS: Message-Authenticato[80] 18
Feb 1 13:36:27.372 PST: RADIUS:   11 20 B4 9A B6 E2 56 30 AC EC 43 CD 17 13 3E 14             [ V0C>]
Feb 1 13:36:27.372 PST: RADIUS: EAP-Key-Name        [102] 2   *
Feb 1 13:36:27.372 PST: RADIUS: Vendor, Cisco       [26] 49
Feb 1 13:36:27.372 PST: RADIUS:   Cisco AVpair       [1]   43 "audit-session-id=0AA7404A0000054E16335518"
Feb 1 13:36:27.372 PST: RADIUS: NAS-Port-Type       [61] 6   Ethernet                  [15]
Feb 1 13:36:27.372 PST: RADIUS: NAS-Port            [5]   6   50104
Feb 1 13:36:27.372 PST: RADIUS: NAS-Port-Id         [87] 22 "GigabitEthernet1/0/4"
Feb 1 13:36:27.372 PST: RADIUS: NAS-IP-Address      [4]   6   10.167.64.74
Feb 1 13:36:27.372 PST: RADIUS(0000058E): Started 5 sec timeout
Feb 1 13:36:27.377 PST: RADIUS: Received from id 1645/14 10.167.77.70:1645, Access-Reject, len 38
Feb 1 13:36:27.377 PST: RADIUS: authenticator 68 CE 3D C8 C3 BC B2 69 - DB 33 F5 C0 FF 30 D6 33
Feb 1 13:36:27.377 PST: RADIUS: Message-Authenticato[80] 18
Feb 1 13:36:27.377 PST: RADIUS:   82 3D 31 0A C7 A2 E0 62 D5 B7 6B 26 B8 A0 0B 46            [ =1bk&F]
Feb 1 13:36:27.377 PST: RADIUS(0000058E): Received from id 1645/14
Feb 1 13:36:27 PST: %MAB-5-FAIL: Authentication failed for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-5-START: Starting 'webauth' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-7-RESULT: Authentication result 'success' from 'webauth' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27 PST: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
Feb 1 13:36:27.933 PST: RADIUS/ENCODE(0000058E):Orig. component type = DOT1X
Feb 1 13:36:27.933 PST: RADIUS(0000058E): Config NAS IP: 10.167.64.74
Feb 1 13:36:27.933 PST: RADIUS(0000058E): sending
Feb 1 13:36:27.933 PST: RADIUS(0000058E): Send Accounting-Request to 10.167.77.70:1646 id 1646/151, len 100
Feb 1 13:36:27.933 PST: RADIUS: authenticator D0 F0 04 F3 A5 08 90 BE - A9 07 8D 32 1B 0E 93 AC
Feb 1 13:36:27.933 PST: RADIUS: Acct-Session-Id     [44] 10 "0000058D"
Feb 1 13:36:27.933 PST: RADIUS: Framed-IP-Address   [8]   6   10.167.72.52
Feb 1 13:36:27.933 PST: RADIUS: Acct-Authentic      [45] 6   RADIUS                    [1]
Feb 1 13:36:27.933 PST: RADIUS: Acct-Status-Type    [40] 6   Start                     [1]
Feb 1 13:36:27.933 PST: RADIUS: NAS-Port-Type       [61] 6   Ethernet                  [15]
Feb 1 13:36:27.933 PST: RADIUS: NAS-Port            [5]   6   50104
Feb 1 13:36:27.933 PST: RADIUS: NAS-Port-Id         [87] 22 "GigabitEthernet1/0/4"
Feb 1 13:36:27.933 PST: RADIUS: Service-Type        [6]   6   Framed                    [2]
Feb 1 13:36:27.933 PST: RADIUS: NAS-IP-Address      [4]   6   10.167.64.74
Feb 1 13:36:27.933 PST: RADIUS: Acct-Delay-Time     [41] 6   0
TEST-802.1X#
Feb 1 13:36:27.938 PST: RADIUS(0000058E): Started 5 sec timeout
Feb 1 13:36:27.938 PST: RADIUS: Received from id 1646/151 10.167.77.70:1646, Accounting-response, len 20
Feb 1 13:36:27.938 PST: RADIUS: authenticator C2 DC 8D C7 B1 35 67 D9 - 28 2B 56 E4 4A 1E AD 65
At this point the user enters the credentials on the switch_login.html page and the clicks Submit on the Acceptable Use Policy splash page.
TEST-802.1X#
Feb 1 13:36:41.413 PST: RADIUS/ENCODE(0000058F):Orig. component type = AUTH_PROXY
Feb 1 13:36:41.413 PST: RADIUS(0000058F): Config NAS IP: 10.167.64.74
Feb 1 13:36:41.413 PST: RADIUS/ENCODE(0000058F): acct_session_id: 1422
Feb 1 13:36:41.413 PST: RADIUS(0000058F): sending
Feb 1 13:36:41.413 PST: RADIUS(0000058F): Send Access-Request to 10.167.77.70:1645 id 1645/15, len 176
Feb 1 13:36:41.413 PST: RADIUS: authenticator 6D 34 7E D6 34 B5 CB AC - 09 1F AC 5A 34 97 7D 6B
Feb 1 13:36:41.413 PST: RADIUS: User-Name           [1]   11 "testuser1"
Feb 1 13:36:41.413 PST: RADIUS: User-Password       [2]   18 *
Feb 1 13:36:41.413 PST: RADIUS: Calling-Station-Id [31] 14 "ip|G
Feb 1 13:36:41.413 PST: RADIUS: Service-Type        [6]   6   Outbound                  [5]
Feb 1 13:36:41.413 PST: RADIUS: Message-Authenticato[80] 18
Feb 1 13:36:41.413 PST: RADIUS:   F8 4D 85 64 05 5E C9 1D D8 11 B2 A3 1A 3A 76 E0             [ Md^:v]
Feb 1 13:36:41.413 PST: RADIUS: Vendor, Cisco       [26] 49
Feb 1 13:36:41.418 PST: RADIUS:   Cisco AVpair       [1]   43 "audit-session-id=0AA7404A0000054E16335518"
Feb 1 13:36:41.418 PST: RADIUS: NAS-Port-Type       [61] 6   Ethernet                  [15]
Feb 1 13:36:41.418 PST: RADIUS: NAS-Port            [5]   6   50104
Feb 1 13:36:41.418 PST: RADIUS: NAS-Port-Id         [87] 22 "GigabitEthernet1/0/4"
Feb 1 13:36:41.418 PST: RADIUS: NAS-IP-Address      [4]   6   10.167.64.74
Feb 1 13:36:41.418 PST: RADIUS(0000058F): Started 5 sec timeout
Feb 1 13:36:41.424 PST: RADIUS: Received from id 1645/15 10.167.77.70:1645, Access-Accept, len 173
Feb 1 13:36:41.424 PST: RADIUS: authenticator 28 48 DE B5 1A 0A 71 5A - 3B 8B 7A 12 FB EA 01 58
Feb 1 13:36:41.424 PST: RADIUS: User-Name           [1]   11 "testuser1"
Feb 1 13:36:41.424 PST: RADIUS: Class               [25] 28
Feb 1 13:36:41.424 PST: RADIUS:   43 41 43 53 3A 78 62 63 2D 61 63 73 2F 31 31 36 [CACS:xbc-acs/116]
Feb 1 13:36:41.424 PST: RADIUS:   34 37 33 32 33 39 2F 31 36 36        [ 473239/166]
Feb 1 13:36:41.424 PST: RADIUS: Session-Timeout     [27] 6   3600
Feb 1 13:36:41.424 PST: RADIUS: Termination-Action [29] 6   1
Feb 1 13:36:41.424 PST: RADIUS: Message-Authenticato[80] 18
Feb 1 13:36:41.424 PST: RADIUS:   10 80 26 5D 02 C5 15 0C A8 16 AA 35 14 C9 4F 14              [ &]5O]
Feb 1 13:36:41.424 PST: RADIUS: Vendor, Cisco       [26] 19
Feb 1 13:36:41.429 PST: RADIUS:   Cisco AVpair       [1]   13 "priv-lvl=15"
Feb 1 13:36:41.429 PST: RADIUS: Vendor, Cisco       [26] 65
Feb 1 13:36:41.429 PST: RADIUS:   Cisco AVpair       [1]   59 "ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-GuestACL-4eefc9a0"
Feb 1 13:36:41.429 PST: RADIUS(0000058F): Received from id 1645/15
Feb 1 13:36:41.439 PST: RADIUS/ENCODE(0000058F):Orig. component type = AUTH_PROXY
Feb 1 13:36:41.439 PST: RADIUS(0000058F): Config NAS IP: 10.167.64.74
Feb 1 13:36:41.439 PST: RADIUS(0000058F): sending
Feb 1 13:36:41.439 PST: RADIUS/ENCODE(00000000):Orig. component type = INVALID
Feb 1 13:36:41.444 PST: RADIUS(00000000): Config NAS IP: 10.167.64.74
Feb 1 13:36:41.444 PST: RADIUS(00000000): sending
Feb 1 13:36:41.450 PST: RADIUS(0000058F): Send Accounting-Request to 10.167.77.70:1646 id 1646/152, len 119
Feb 1 13:36:41.450 PST: RADIUS: authenticator 23 E3 DA C3 06 5B 37 20 - 67 E2 96 C5 90 1C 71 33
Feb 1 13:36:41.450 PST: RADIUS: Acct-Session-Id     [44] 10 "0000058E"
Feb 1 13:36:41.450 PST: RADIUS: Calling-Station-Id [31] 14 "10.167.72.52"
Feb 1 13:36:41.450 PST: RADIUS: User-Name           [1]   11 "testuser1"
Feb 1 13:36:41.450 PST: RADIUS: Acct-Authentic      [45] 6   RADIUS                    [1]
Feb 1 13:36:41.455 PST: RADIUS: Acct-Status-Type    [40] 6   Start                     [1]
Feb 1 13:36:41.455 PST: RADIUS: NAS-Port-Type       [61] 6   Ethernet                  [15]
Feb 1 13:36:41.455 PST: RADIUS: NAS-Port            [5]   6   50104
Feb 1 13:36:41.455 PST: RADIUS: NAS-Port-Id         [87] 22 "GigabitEthernet1/0/4"
Feb 1 13:36:41.455 PST: RADIUS: Service-Type        [6]   6   Outbound                  [5]
Feb 1 13:36:41.455 PST: RADIUS: NAS-IP-Address      [4]   6   10.167.64.74
Feb 1 13:36:41.455 PST: RADIUS: Acct-Delay-Time     [41] 6   0
Feb 1 13:36:41.455 PST: RADIUS(0000058F): Started 5 sec timeout
Feb 1 13:36:41.455 PST: RADIUS(00000000): Send Access-Request to 10.167.77.70:1645 id 1645/16, len 137
Feb 1 13:36:41.455 PST: RADIUS: authenticator 02 B0 50 47 EE CC FB 54 - 2A B6 14 23 63 86 DE 18
Feb 1 13:36:41.455 PST: RADIUS: NAS-IP-Address      [4]   6   10.167.64.74
Feb 1 13:36:41.455 PST: RADIUS: User-Name           [1]   31 "#ACSACL#-IP-GuestACL-4eefc9a0"
Feb 1 13:36:41.455 PST: RADIUS: Vendor, Cisco       [26] 32
Feb 1 13:36:41.455 PST: RADIUS:   Cisco AVpair       [1]   26 "aaa:service=ip_admission"
Feb 1 13:36:41.455 PST: RADIUS: Vendor, Cisco       [26] 30
Feb 1 13:36:41.455 PST: RADIUS:   Cisco AVpair       [1]   24 "aaa:event=acl-download"
Feb 1 13:36:41.455 PST: RADIUS: Message-Authenticato[80] 18
Feb 1 13:36:41.455 PST: RADIUS:   15 EC 10 E7 2F 67 33 DD BC B5 AE 11 E3 C3 19 E1               [ /g3]
Feb 1 13:36:41.455 PST: RADIUS(00000000): Started 5 sec timeout
Feb 1 13:36:41.455 PST: RADIUS: Received from id 1646/152 10.167.77.70:1646, Accounting-response, len 20
Feb 1 13:36:41.455 PST: RADIUS: authenticator AB 0F 81 95 71 A9 61 E0 - 5B B5 D3 2E 8D A2 68 98
Feb 1 13:36:41.460 PST: RADIUS: Received from id 1645/16 10.167.77.70:1645, Access-Accept, len 560
Feb 1 13:36:41.460 PST: RADIUS: authenticator 64 53 94 79 CF CD 05 B0 - ED 12 5C 5B A0 AB 4F FA
Feb 1 13:36:41.460 PST: RADIUS: User-Name           [1]   31 "#ACSACL#-IP-GuestACL-4eefc9a0"
Feb 1 13:36:41.460 PST: RADIUS: Class               [25] 28
Feb 1 13:36:41.460 PST: RADIUS:   43 41 43 53 3A 78 62 63 2D 61 63 73 2F 31 31 36 [CACS:xbc-acs/116]
Feb 1 13:36:41.460 PST: RADIUS:   34 37 33 32 33 39 2F 31 36 38        [ 473239/168]
Feb 1 13:36:41.460 PST: RADIUS: Message-Authenticato[80] 18
Feb 1 13:36:41.460 PST: RADIUS:   A1 E6 37 EB 60 3A 28 35 92 56 C5 A9 27 7D 2C E9         [ 7`:(5V'},]
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco       [26] 38
Feb 1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   32 "ip:inacl#1=remark **Allow DHCP"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco       [26] 57
Feb 1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   51 "ip:inacl#2=permit udp any eq bootpc any eq bootps"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco       [26] 37
Feb 1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   31 "ip:inacl#3=remark **Allow DNS"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco       [26] 47
Feb 1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   41 "ip:inacl#4=permit udp any any eq domain"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco       [26] 61
Feb 1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   55 "ip:inacl#5=remark **Deny access to Corporate Networks"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco       [26] 53
Feb 1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   47 "ip:inacl#6=deny ip any 10.0.0.0 0.255.255.255"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco       [26] 45
Feb 1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   39 "ip:inacl#7=remark **Permit icmp pings"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco       [26] 38
Feb 1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   32 "ip:inacl#8=permit icmp any any"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco       [26] 50
TEST-802.1X#
Feb 1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   44 "ip:inacl#9=remark **Permit everything else"
Feb 1 13:36:41.460 PST: RADIUS: Vendor, Cisco       [26] 37
Feb 1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   31 "ip:inacl#10=permit ip any any"
Feb 1 13:36:41.465 PST: RADIUS(00000000): Received from id 1645/16
TEST-802.1X#
TEST-802.1X#
TEST-802.1X#
interface config looks like:
interface GigabitEthernet1/0/4
description **User/IPphone/Guest
switchport access vlan 702
switchport mode access
switchport voice vlan 704
ip access-group PRE-AUTH in
srr-queue bandwidth share 1 30 35 5
queue-set 2
priority-queue out
authentication event fail action next-method
authentication event server dead action authorize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab webauth
authentication priority dot1x mab webauth
authentication port-control auto
authentication fallback WEB_AUTH_PROFILE
mab
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 3
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

3850 web interface slow to load, especially for webauth

Hi all,
Got a cat 3850 switch acting also as a wireless controller. Running 3.6.0E One thing that I've noticed is that loading the web interface to configure it is terribly slow. Also for guest authentication, it takes a long time for the web page to load. Tried IE and firefox with same results.
Thoughts?

Hey thanks for the reply Rasika. Yes, I'm aware that the GUI isn't quite there yet. However for the webauth, I would expect it to be somewhat fast. The webauth file is custom, but small.
Here's the contents of the flash directory and some config:
3850#sh start | inc webauth
aaa authentication login webauth_local local
service-template webauth-global-inactive
parameter-map type webauth global
parameter-map type webauth guest_web
type webauth
custom-page login device flash:/webauth/webauth_login.html
custom-page success device flash:/webauth/webauth_success.html
custom-page failure device flash:/webauth/webauth_failure.html
custom-page login expired device flash:/webauth/webauth_expired.html
security web-auth authentication-list webauth_local
security web-auth authentication-list webauth_local
3850#sh flash:
-#- --length-- ---------date/time--------- path
2    2097152 Oct 24 2014 20:58:23.0000000000 +00:00 nvram_config
3     742912 Oct 20 2014 19:16:56.0000000000 +00:00 webauth.tar
4       4096 Oct 20 2014 19:16:58.0000000000 +00:00 webauth
5       4096 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/css
6       2098 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/css/signin.css
7         96 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/css/starter-template.css
8       4096 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist
9       4096 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/css
10      19791 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/css/bootstrap-theme.css
11      17706 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/css/bootstrap-theme.min.css
12     126432 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/css/bootstrap.css
13     102897 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/css/bootstrap.min.css
14       4096 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/fonts
15      20290 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/fonts/glyphicons-halflings-regular.eot
16      62850 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/fonts/glyphicons-halflings-regular.svg
17      41236 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/fonts/glyphicons-halflings-regular.ttf
18      23292 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/fonts/glyphicons-halflings-regular.woff
19       4096 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/js
20      58327 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/js/bootstrap.js
21      27748 Oct 20 2014 19:16:57.0000000000 +00:00 webauth/dist/js/bootstrap.min.js
22       4096 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/img
23      98601 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/img/web_auth_background_blur.jpg
24        174 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/img/web_auth_close.png
25      30325 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/img/web_auth_onloklogo.jpg
26       5768 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/img/web_auth_onlok_logo.png
27        251 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/img/web_auth_open.png
28       4096 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js
29       3861 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/affix.js
30       2582 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/alert.js
31       3048 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/button.js
32       6445 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/carousel.js
33       5228 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/collapse.js
34       4484 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/dropdown.js
35       2636 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/html5shiv.min.js
36        694 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/ie10-viewport-bug-workaround.js
37       6975 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/modal.js
38       3488 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/popover.js
39       4377 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/respond.min.js
40       4622 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/scrollspy.js
41       3413 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/tab.js
42      11908 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/tooltip.js
43       1964 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/js/transition.js
44       1334 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/webauth_expired.html
45       1618 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/webauth_failure.html
46       1932 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/webauth_login.html
47       1641 Oct 20 2014 19:16:58.0000000000 +00:00 webauth/webauth_success.html
48      10445 Oct 28 2014 19:03:11.0000000000 +00:00 wnweb.tgz
49   82672260 Oct 19 2014 06:29:54.0000000000 +00:00 cat3k_caa-base.SPA.03.06.00E.pkg
50    6601404 Oct 19 2014 06:29:54.0000000000 +00:00 cat3k_caa-drivers.SPA.03.06.00E.pkg
51       1235 Oct 19 2014 06:29:59.0000000000 +00:00 packages.conf
52       1156 Oct 19 2014 06:43:36.0000000000 +00:00 vlan.dat
53   33747948 Oct 19 2014 06:29:54.0000000000 +00:00 cat3k_caa-infra.SPA.03.06.00E.pkg
54       4096 Dec 27 2013 03:17:04.0000000000 +00:00 mnt
55       4096 Dec 27 2013 03:17:04.0000000000 +00:00 mnt/images
56       4096 Dec 27 2013 03:17:09.0000000000 +00:00 mnt/images/ap.bak
57         40 Dec 05 2013 18:36:37.0000000000 +00:00 mnt/images/ap.bak/ap1g2.md5
58   11612160 Dec 05 2013 18:36:37.0000000000 +00:00 mnt/images/ap.bak/ap1g2
59         40 Dec 05 2013 18:36:37.0000000000 +00:00 mnt/images/ap.bak/ap3g1.md5
60   10475520 Dec 05 2013 18:36:38.0000000000 +00:00 mnt/images/ap.bak/ap3g1
61         40 Dec 05 2013 18:36:37.0000000000 +00:00 mnt/images/ap.bak/ap3g2.md5
62   13670400 Dec 05 2013 18:36:37.0000000000 +00:00 mnt/images/ap.bak/ap3g2
63         40 Dec 05 2013 18:36:37.0000000000 +00:00 mnt/images/ap.bak/c1140.md5
64   10321920 Dec 05 2013 18:36:37.0000000000 +00:00 mnt/images/ap.bak/c1140
65         11 Dec 05 2013 18:36:37.0000000000 +00:00 mnt/images/ap.bak/version.info
66   42769724 Oct 19 2014 06:29:54.0000000000 +00:00 cat3k_caa-iosd-universalk9.SPA.152-2.E.pkg
67       4096 Oct 19 2014 06:42:45.0000000000 +00:00 dc_profile_dir
68     169223 Oct 19 2014 06:42:45.0000000000 +00:00 dc_profile_dir/dc_default_profiles.txt
69     169223 Oct 19 2014 06:42:45.0000000000 +00:00 dc_profile_dir/dc_default_profiles.txt.bkp
70   25711500 Oct 19 2014 06:29:54.0000000000 +00:00 cat3k_caa-platform.SPA.03.06.00E.pkg
71   98462528 Oct 19 2014 06:29:55.0000000000 +00:00 cat3k_caa-wcm.SPA.10.2.102.0.pkg
1196404736 bytes available (343171072 bytes used)

Logout user session

Hi,
I have Cisco Controller 5508 and NAC Guest, users login through web authentication after successful login, popup screen displayed for logout, most of the users close this webpage and they are not able to logout.
Is there anyway i can logout user from session from controller,
thanks

issue: closing webauth logout popup window doesn't terminate the webauth session for that user.
Admin expecting to have the webauth session to terminate as soon as they close logout popup. So that the same user can logon using the same credentials on different pc/device. currently using one session per user. Until 7.3.x.x WLC does nothing when logout popup is closed. By adming, it is hard to chase the MAC address of that user to manually remove the client.
[it is possible to achieve what you're trying, if WLC has the ability to list the client(s) using the username, again if multiple clients are shown how does we pin point the specific one. in this case with one user per session then yes something like this may work - WLC>show client detail ]
Bottomline: Have seen most hotspot vendor software logsout the user as soon as the logout popup closed, only way to get the logout popup back is by login again, it is a geniune ask.
I've created an internal enchancement for this issue. Please open a TAC case(also, see is any config options on wlc/wcs address this) to get the bug info by providing this link. And involve your AM to drive the same.

Error 500 with .htaccess and +FollowSymlinks

Hi, I'm doing a website for a community of gamers and I have one .htaccess on the root folder of the website that cointains parameters to allow using friendly urls. The content of the .htacces is this:
RewriteEngine On
Options +FollowSymLinks
RewriteBase /~doodom/doomhispano/
Rewriterule ^administracion/$ ?administracion
Rewriterule ^articulos.html$ ?articulos
Rewriterule ^descargas.html$ ?descargas
Rewriterule ^foro/$ ?foro
Rewriterule ^foro/(.*)/(.*)/(.*)/(.*).html$ ?foro&cat=$1&sub=$2&thr=$3&title=$4
Rewriterule ^foro/(.*)/(.*)/$ ?foro&cat=$1&sub=$2
Rewriterule ^foro/(.*)/$ ?foro&cat=$1
Rewriterule ^juegos.html$ ?juegos
Rewriterule ^logout.html$ logout.php
Rewriterule ^noticias/$ ./ [R]
Rewriterule ^noticias/(.*)/(.*).html$ ?noticias&id=$1&title=$2
Rewriterule ^noticias/archivo(.*).html$ ?offset=$1
Rewriterule ^perfil/$ ./ [R]
Rewriterule ^perfil/(.*).html$ ?perfil=$1
Rewriterule ^preferencias.html$ ?preferencias
Rewriterule ^registro.html$ ?registro
The problem is that Apache delivers an Error 500 and I don't know why. It always happen when I have uncommented this line:
Options +FollowSymLinks
If I comment it the website loads correctly, but the friendly urls don't work at all.
I also paste the content of my /etc/httpd/conf/httpd.conf
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "/var/log/httpd/foo_log"
# with ServerRoot set to "/etc/httpd" will be interpreted by the
# server as "/etc/httpd//var/log/httpd/foo_log".
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk. If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "/etc/httpd"
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#Listen 12.34.56.78:80
Listen 81
# Dynamic Shared Object (DSO) Support
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
# Example:
# LoadModule foo_module modules/mod_foo.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule dumpio_module modules/mod_dumpio.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module modules/libphp5.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User http
Group http
</IfModule>
</IfModule>
# 'Main' server configuration
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. [email protected]
ServerAdmin [email protected]
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
# If your host doesn't have a registered DNS name, enter its IP address here.
#ServerName www.example.com:80
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "/srv/http"
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
# First, we configure the "default" to be a very restrictive set of
# features.
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# This should be changed to whatever you set DocumentRoot to.
<Directory "/srv/http">
Options Indexes FollowSymLinks
AllowOverride none
Order allow,deny
Allow from all
</Directory>
<Directory "/home/*/public_html">
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
Options Indexes FollowSymLinks
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
Allow from all
</Directory>
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog "/var/log/httpd/error_log"
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
<IfModule log_config_module>
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
CustomLog "/var/log/httpd/access_log" common
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog "/var/log/httpd/access_log" combined
</IfModule>
<IfModule alias_module>
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"
</IfModule>
<IfModule cgid_module>
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#Scriptsock /var/run/httpd/cgisock
</IfModule>
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/srv/http/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
DefaultType text/plain
<IfModule mime_module>
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
TypesConfig conf/mime.types
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#AddType application/x-gzip .tgz
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
# Filters allow you to process content before it is sent to the client.
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#MIMEMagicFile conf/magic
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
#EnableMMAP off
#EnableSendfile off
# Supplemental configuration
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
Include conf/extra/httpd-autoindex.conf
# Language settings
Include conf/extra/httpd-languages.conf
# User home directories
Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# Various default settings
Include conf/extra/httpd-default.conf
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
# PHP 5
Include conf/extra/php5_module.conf
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
And if I check the error_log I can see the following:
[Tue Jun 02 23:32:39 2009] [alert] [client xx.xx.xx.xx] /home/doodom/public_html/doomhispano/.htaccess: Options not allowed here
Why does this happen? Any ideas?
I've searched all along the Internet, I have tried it out everything but still nothing.
Thanks in advance for your help.
Last edited by [DoodoM] (2009-06-02 19:48:42)

Uhm... what's an /etc/httpd/conf/httpd.conf?
If I had that error, I'd look into /etc/apache/sites* and see if for the site changing follow-symlinks and everything is allowed.
Then again, that's not an arch server, so you might be better of ignoring me (if your... stuff... is all that different. Me did my server strange chaos admin method like )
Edit: wah, now I've been confusing myself, that huge config file is a mess in my eyes - are you sure you're supposed to change stuff in there? What folder is your htaccess in? Most I saw look about like that in there...:
<Directory "??????">
Options Indexes FollowSymLinks
AllowOverride none
Order allow,deny
Allow from all
</Directory>
Which isn't a thaaat good for using .htaccess.
Last edited by whoops (2009-06-02 20:01:58)

Portal Logoff

Hi,
I have portal 10.1.4
I am using dynamic page. I have header and footer portlets and in between I have created a dynamic page with the contents as follows
<iframe name = "myframe"
src="http://128.222.112.36:8882/Login-ViewController-context-root/faces/listUsers.jsp?_id7=<ORACLE>begin htp.p(portal.WWCTX_API.get_user); end;</ORACLE>"
width="980"
height="500"
scrolling = "yes"
frameborder="0">
</iframe>
as you see, I am using a IFRAME. With-in IFRAME src link runs the application. In short my app runs between Header and Footer portlets.
PROBLEM: I created a Logout html link on one of my Jsp page. It logsout the user to Single Sign On page. But, since I am using IFRAME, that single sign on login page shows up between Header and Footer portlets. Thats not good. Bcoz, if user logs-in again, then on success, it shows 2 Headers on top and 2 footers at the bottom.
How can I force the link to Log-of entirely from portal, so that it does not show the SSO page within Header and Footer ?? any idea
thanks,
pp

have you tried to redirect users after logout to another page (with no headers / footers) ?

Java.lang.AbstractMethodError: javax.servlet.jsp.JspFactory.getJspApplicati

Hi,
I have an application which is executing properly in jboss 3.2.5 but as we are trying to upgrade the jboss version i am getting above mentioned error.
The application is deployed in jboss as an ear file and the ear contains one jar file that has been removed from the ear and still i am getting this error.
I am posting the full stack trace over here.
ERROR [[jsp]] Servlet.service() for servlet jsp threw exception
java.lang.AbstractMethodError: javax.servlet.jsp.JspFactory.getJspApplicationContext(Ljavax/servlet/ServletContext;)Ljavax/servlet/jsp/JspApplicationContext;
        at org.apache.jsp.Jsp.Common.logout_jsp._jspInit(logout_jsp.java:22)
        at org.apache.jasper.runtime.HttpJspBase.init(HttpJspBase.java:52)
        at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:158)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:328)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:336)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at clime.messadmin.filter.MessAdminFilter.doFilter(MessAdminFilter.java:104)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
        at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
        at java.lang.Thread.run(Thread.java:595)It is happening in logout.jsp, but all other main jsp's are working properly ( login.jsp etc ).
I am posting the jsp code over here.
<html>
<head>
       <script language="JavaScript">
     function init() {
       window.history.forward(1);
   </script>
</head>
<body onLoad="init();" >
<%@ page language="java" %>
<%@ page isThreadSafe="true" %>
    <%
     session.invalidate();
     response.sendRedirect("../../logout.html");
%>
</body>
</html>Please guide me to solve the issue.

evnafets wrote:
My guess would be that you have some of the servlet classes deployed with your application.
Yes.
Any jar files that contain the javax.servlet.* packages should NOT be part of a web application, but are intended to be on the server.
First up all there is no such jar files.
Common candidates:
servlet.jar
servlet-api.jar
j2ee.jar
All those jars are in lib directory of my app server. I have jsp-api and servlet-api.jar as i am using embedded tomcat 6 in jboss appsever.
Check the WEB-INF/lib directory of your web application to see that there are none of those there.
Nothing similar deployed in your ear file?I have extracted my application ear , jar and war then when i checked i found one jar file inside the war but in that no servlet*.jarr files. It is my application oriented files only. I have deleted this ar files and then i executedi am getting same error. Is there any way to find out the exact issue ????.
Regards
Rasa

WebAuth logout.html

Similar Messages

Maybe you are looking for