WEBVPN auth TACACS+ proxy to external ODBC

Hi Cisco,
We have successfully setup a Cisco ASA hosting SSLVPN portal for login which then points to TACACS+ ACS v3.0 for authentication.
For an easier login account management within the IT department, we want to now proxy the authentication from TACACS to an external SQL db ODBC as this existing database server is currently storing all existing login username and password for other internal products and services, hence reducing multiple login accounts for one user.
For example, works similar to RADIUS:
u/n: [email protected]
p/w: cisco
TACACS receives the username, searches for policy/attributes according to the username in the TACACS, strips the @mydomain.com and sends it to ODBC connector "SQL db" for usnername "cisco" and p/w cisco authentication.
If we can produce a solution using ODBC to connect from TACAC to SQL server we are only to manage the one server for login account (external SQL Server), instead of having to manage multiple platform; TACACS for login and also another SQL db.
Please assist with a URL or suggestions on setting up TACACS+ to integrate with SQL db server.
I hope it makes sense.
Thanks again
Peter

Hi Cisco,
I have finally found the solution. Thanks to Cisco.com as always.
If any one is using the same set, here are the links FYI:
ACS v3.0
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007dec4.html#1835
External ODBC Authentication
http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/exatu_wp.pdf
Thanks

Similar Messages

Basic auth in proxy server breaks managed server form auth

Hi,
I have a proxy server configured in front of 2 managed servers.
The managed servers have secure pages and are using form auth and the
proxy server is working properly. In other words, I point my browser
at the proxy and I end up being services by one of the managed servers.
If I attempt to access a secure page via the proxy I am sent to the form
login page via the proxy.
Now for the problem:
If I configure the proxy server to use basic auth, and secure all
pages in the proxy, I must provide my userid/password to the proxy
server (this is working fine) before I can get to one of the managed
servers. I can get to the welcome page of the managed server (which is
not secure) There is a link to a secure page on the welcome page. When
I click on the link to the secure page, I am sent to the form auth by
the managed server. I authenticate, but I can never see the secure
page. I end up being redirected to the form login page endlessly.
Both the proxy server and the managed server are usign the default
JSESSIONID.
Here is a section of the web.xml for the proxy server:
<servlet>
<servlet-name>HttpClusterServlet</servlet-name>
<servlet-class>weblogic.servlet.proxy.HttpClusterServlet</servlet-class>
<init-param>
<param-name>WebLogicCluster</param-name>
<param-value>${ProxyConfig}</param-value>
</init-param>
<init-param>
<param-name>SecureProxy</param-name>
<param-value>ON</param-value>
</init-param>
<init-param>
<param-name>Debug</param-name>
<param-value>ON</param-value>
</init-param>
<init-param>
<param-name>DebugConfigInfo</param-name>
<param-value>ON</param-value>
</init-param>
<init-param>
<param-name>CookieName</param-name>
<param-value>JSESSIONID</param-value>
</init-param>
<init-param>
<param-name>CookieName</param-name>
<param-value>wlauthcookie_</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>gcmgui/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>applauncher/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>ssoadmin/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>default/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>domainadmin/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>gsc/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>psr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>broadcastclient/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>nra/*</url-pattern>
</servlet-mapping>
Here is the proxy debug:
<Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
/applauncher/jsp/AppLaunche
r.jsp HTTP/1.1
<Fri Jul 11 14:40:07 EDT 2003>: Found cookie: Sf4VoFtpQwG]dTNEh9Yq
<Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
-213061352!10
.68.10.87!1080!10443
<Fri Jul 11 14:40:07 EDT 2003>: Remove idle for '30' secs:
ProxyConnection(isSec
ureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: Create connection:
ProxyConnection(isSecureProxy
=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
<Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
image/jpeg,
image/pjpeg, application/vnd.ms-excel, application/msword,
application/vnd.ms-po
werpoint, */*
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
<Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
MSIE 6.0; W
indows NT 4.0; H010818)
<Fri Jul 11 14:40:07 EDT 2003>: Host: localhost:18002
<Fri Jul 11 14:40:07 EDT 2003>: Connection: Keep-Alive
<Fri Jul 11 14:40:07 EDT 2003>: Cookie:
JSESSIONID=1PEosMJQ9ZJrewjj1t5nZfNtYe1e5
pWYbjyBGvZ1ExEY8YoueKTG!-213061352!NONE;
wlauthcookie_=Sf4VoFtpQwG]dTNEh9Yq
<Fri Jul 11 14:40:07 EDT 2003>: Authorization: Basic
cmFwcGVsYmE6b3V0Mmx1bmNo
<Fri Jul 11 14:40:07 EDT 2003>: HTTP/1.1 302 Moved Temporarily
<Fri Jul 11 14:40:07 EDT 2003>: Out-bound headers:
<Fri Jul 11 14:40:07 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:07 GMT
<Fri Jul 11 14:40:07 EDT 2003>: Location:
https://localhost:18002/applauncher/un
restricted/jsp/FormLogin.jsp
<Fri Jul 11 14:40:07 EDT 2003>: Server: WebLogic WebLogic Server 8.1
Thu Mar 20
23:06:05 PST 2003 246620
<Fri Jul 11 14:40:07 EDT 2003>: Transfer-Encoding: Chunked
<Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
/applauncher/unrestricted/j
sp/FormLogin.jsp HTTP/1.1
<Fri Jul 11 14:40:07 EDT 2003>: Found cookie: UZ]OrXsBP6uEEa[0veSz
<Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
-213061352!10
.68.10.87!1080!10443
<Fri Jul 11 14:40:07 EDT 2003>: Requeue connection:
ProxyConnection(isSecureProx
y=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: Recycle connection:
ProxyConnection(isSecureProx
y=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
<Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
image/jpeg,
image/pjpeg, application/vnd.ms-excel, application/msword,
application/vnd.ms-po
werpoint, */*
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
<Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
MSIE 6.0; W
indows NT 4.0; H010818)
<Fri Jul 11 14:40:08 EDT 2003>: Host: localhost:18002
<Fri Jul 11 14:40:08 EDT 2003>: Connection: Keep-Alive
<Fri Jul 11 14:40:08 EDT 2003>: Authorization: Basic
cmFwcGVsYmE6b3V0Mmx1bmNo
<Fri Jul 11 14:40:08 EDT 2003>: Cookie:
JSESSIONID=1PEHvo1gQIbwOMuVsU9pJnnvlGBSP
74ZUcSHwazE7domCL8UlVA2!-937872307; wlauthcookie_=UZ]OrXsBP6uEEa[0veSz
<Fri Jul 11 14:40:08 EDT 2003>: HTTP/1.1 200 OK
<Fri Jul 11 14:40:08 EDT 2003>: Out-bound headers:
<Fri Jul 11 14:40:08 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:08 GMT
<Fri Jul 11 14:40:08 EDT 2003>: Server: WebLogic WebLogic Server 8.1
Thu Mar 20
23:06:05 PST 2003 246620
<Fri Jul 11 14:40:08 EDT 2003>: Content-Length: 4238
<Fri Jul 11 14:40:08 EDT 2003>: Set-Cookie:
JSESSIONID=1PEIxJ21oT5H3Z2ilQjPqpq1V
kdOhEnNbbz9wviTtTTZj6IBp29b!-213061352!NONE; path=/
<Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:08 EDT 2003>: Requeue connection:
ProxyConnection(isSecureProx
y=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:44 EDT 2003>: Trigger remove idle for '35' secs:
ProxyConnecti
on(isSecureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
Thanks,
Rob

I typically have used Apache Commons HttpClient for anything but trivial URL connections, and especially when combining both basic auth and proxy auth. When you use it, be aware of the "preemptive authentication" flag. One server I worked with didn't send the correct parameters back on particular requests, so I had to turn on this flag to get it to work.

HTTP Basic Auth and Proxy Auth

Hi,
i have a problem with the authentication against a proxy server and against a content provider. At first I have to authenticate against the proxy to get "free internet". The next step is to authenticate against the content provider to get a html or xml file.
The following source code runs very good in Eclipse, i.e. as JUnitTest. But If I execute the same code within a weblogic server, I will get an error (not authenticated). I believe I get this message from the content provider and not from the proxy because If I test this code within the weblogic server and with no authentication (i.e. google needs no authentication), I will get a valide xml/html file.
StringBuffer sb = new StringBuffer();
          SimpleAuthenticator simple = new SimpleAuthenticator("joeuser","a.b.C.D"); //from openbook
          Authenticator.setDefault(simple);
          String strUrl = "http://www.rahul.net/joeuser/";
          URL url = null;
          try {
               url = new URL(strUrl);
          } catch (MalformedURLException e) {
               // TODO Auto-generated catch block
               e.printStackTrace();
          URLConnection conn = null;
          InetSocketAddress addr = new InetSocketAddress("proxy.domain",8080);
          Proxy proxy = new Proxy(Proxy.Type.HTTP, addr);
          try {
               conn = url.openConnection(proxy);
          } catch (IOException e) {
               // TODO Auto-generated catch block
               e.printStackTrace();
          String proxyStr = "username" + ":" + "passwordl";
          String encoded = new String(Base64.encodeBase64(proxyStr.getBytes()));
          conn.setRequestProperty("Proxy-Authorization", "Basic " + encoded);
          // get http status code which is located in header field 0
          String status = conn.getHeaderField(0);
          if (status.contains("200")) {
               BufferedReader in = null;
               try {
                    in = new BufferedReader(new InputStreamReader(conn.getInputStream(),
                              "ISO-8859-1"));
                    String inputLine;
                    while ((inputLine = in.readLine()) != null) {
                         sb.append(inputLine);
                    in.close();
               } catch (UnsupportedEncodingException e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
               } catch (IOException e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
          else {
               System.out.println("Error");
          System.out.println(sb.toString());
public class SimpleAuthenticator
extends Authenticator
     private String username,
     password;
     public SimpleAuthenticator(String username,String password)
          this.username = username;
          this.password = password;
     protected PasswordAuthentication getPasswordAuthentication()
          return new PasswordAuthentication(
                    username,password.toCharArray());
Does somebody know a solution? I need the authentication against proxy and content provider in "one application".
Thank you very much,
André

I typically have used Apache Commons HttpClient for anything but trivial URL connections, and especially when combining both basic auth and proxy auth. When you use it, be aware of the "preemptive authentication" flag. One server I worked with didn't send the correct parameters back on particular requests, so I had to turn on this flag to get it to work.

Error at creating Client Proxy of external webservice (WSDL)

Hi Experts,
I try to create a Client Proxy Object out of an external webservice. Here is the WSDL URL:
[http://www.webservicex.net/CurrencyConvertor.asmx?wsdl]
I try to create it with this URL and then I get the error message
Not implemented
Exception of class CX_SIDL_INTERNAL_ERROR
I found two other threads with a similar problem:
cunsuming external webservice in ABAP
Problem while consuming external webservice
But there is no solution that worked for me. In the first thread it is mentioned, that the code between
<wsdl:binding name="XXXXHttpGet" type="tns:XXXHttpGet">
and it's closing brackets should be removed in a local file. I tried that and was able to create a client proxy object out of this local wsdl-file. But then I called the webservice with the folling coding for testing:
report z_currency_converter.
data: convert type ref to zzzco_currency_convertor_soap.
try.
    create object convert
exporting
    logical_port_name = 'Z_LP'
catch cx_ai_system_fault .
endtry.
   data: output type zzzconversion_rate_soap_out .
   data: input type zzzconversion_rate_soap_in .
   input-from_currency = 'EUR'.
   input-to_currency = 'USD'.
try.
call method convert->conversion_rate
exporting
    input = input
importing
    output = output
catch cx_ai_system_fault .
catch cx_ai_application_fault .
endtry.
write output-conversion_rate_result.
The same code worked fine in another system. In this "older" system could also create a client proxy, I think because it has a newer Support Pack version.
SAP says the following:
The problem is that this WSDL uses two bindings different from SOAP
binding which is not in conformance with Basic Profile 1.1 -
http://www.ws-i.org/Profiles/BasicProfile-1.1.html#WSDLBINDINGS .
I looked in the document, but I do not know where the problem in the WSDL file exactly is. What have I to change? Or can somebody give me the URL of a free webservice, that you used for creating a client proxy with a new support pack standing? In the "old" system there is not yet the SOAMANAGER but in the one where it doesn't work.
I hope you have an idea.
Thanks a lot in advance!
Best Regards,
Ingmar

I think it is the problem of version.U need to ask SAP to release some patch levels to correct it.
Regards
Snehasish

Web auth with proxy

I want the automatic redirection to the login page work when a proxy is configured in the IE parameters.
I used the command "config network web-auth-port 8080", but when I open IE, I'm not redirected to the login page (the DNS request works).
When I do a "telnet www.google.com 8080" and then "get http", I get the page.
Any idee?

In my experience it does not work with a proxy. If you disable the proxy you will get the login and then get redirected, which will then fail until you enable the proxy settings. WLC will try to resolve the homepage of that user, which of course will fail since it doesn't know of the proxy. You will have to either use a term and condition on a custom WebAuth page or implement a content filter application like WebSense.

Acs & 802.1x & external db (odbc)

Hello
I'm evaluating 802.1x authentication per eap-tls with ACS-Server (4.0). The authentication have to be done with an external odbc database (- we cannot use AD/windows database for this project). The certs on the server and on the client are ok. The SQL-Server returns OK. BUT: the authentication fails with "certificate name or binary comparison failed". In the auth.log file there are entries like:
AUTH 01/09/2007 14:40:05 I 1554 3440 pvAuthenticateUser: authenticate 'host/pcqj1c.sitest.net' against ODBCACS
AUTH 01/09/2007 14:40:05 I 0376 3440 External DB [ODBCAuthDll.dll]: FindUser start for user [host/pcqj1c.sitest.net]
AUTH 01/09/2007 14:40:05 I 0376 3440 External DB [ODBCAuthDll.dll]: Authentication OK for user [host/pcqj1c.sitest.net]
AUTH 01/09/2007 14:40:06 I 0897 3440 AuthenProcessResponse: process response for 'host/pcqj1c.sitest.net'
AUTH 01/09/2007 14:40:06 E 0361 3440 EAP: TLS: No match between name in certificate and user account
The CN in the clients cert is "pcqj1c.sitest.net"
Can anybody help ?
regards
Roland

I am in a installation with 802.1x.
I have install a Cisco ACS and cisco 2950 Switch and I am authorizating users via MS-CHAPv2 against the Cisco ACS
ACS is validating users against a Microsoft Active directory.
I have the following problem: When user logs in, it takes between 45 to 90 seg to log the user and change the vlan.
I have install Windows XP Service Pack 2 and patches:
xp-kb817778-x86-esn
xp-kb826942-x86-esn
I have change the switch software to the latest release.
How can I reduce this delay? Any idea?

ABAP server proxy-External Debugging

I have a server ABAP proxy implementation in a R/3 where i m sending message from XI,
I want to debug the the ABAP Proxy using External debugging (http breakpoint),
Pls tell me if it is mandatory to:
1. login in R/3 (for debugging) using the same user, which is used by XI proxy adapter,
2. the user should be a dialogue user.
Is it OK to use this debugging in a production environment ?

Hi,
1. login in R/3 (for debugging) using the same user, which is used by XI proxy adapter,
A. Its not like that you will have login details like user name and password for R/3 and also for XI
2. the user should be a dialogue user.
A. No i dont think so.
Is it OK to use this debugging in a production environment ?
A.Never do this. If something goes wrong in production system entire business will stop.But i dont thing you have production system details like username and password.
Please reward points if it helps
Thanks
Vikranth

Calling external Web Service: PI is looking for a logical port and proxy.

Hi,
My scenario is ECC Proxy -> PI -> External Webservice (WS adapter).
the Web service adapter fails with the error message:
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- 
- <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="">
<SAP:Category>XIServer</SAP:Category>
<SAP:Code area="INTERNAL">WS_ADAPTER_SYS_ERROR</SAP:Code>
<SAP:P1 />
<SAP:P2 />
<SAP:P3 />
<SAP:P4 />
<SAP:AdditionalText />
<SAP:Stack>System error while calling Web service adapter: Error when initializing SOAP client application: 'error_text'</SAP:Stack>
<SAP:Retry>M</SAP:Retry>
</SAP:Error>
When I debug the message processing, it is looking for a port in table SSRVRTCONFIG, finds it(entry created automatically when WS adapter and the corresponding receiver agreement is activated in ID.
Then the program looks for an entry in "SRT_CFG_CLI_ASGN" for a proxy and logical port combination and errors out.
to be able to call an external web service, do we need a proxy to be created? I tried to create but the proxy creation fails because the external WSDL has some unsupported tags.
Also do we need to do any other configuration in SOAMANAGER? I am assuming not because the Web service is external.
Any help would be appreciated.
Thanks
Vijay

I already checked that note and made sure that the points mentioned are met. I have a trace set up on the target system and would know if the call reaches them and then fails in authorization. Right now the call doesnt even reach the target system and also from debugging I know that the program is looking for a proxy and then fails.

JRE with an external proxy

I'm hoping there is someone who can give some information on using JRE (with IE plugin) with an external proxy server.
We use a web proxy service that is hosted externally and only receives web requests on port 8080. Our IE browser is configured with a PAC (automatic configuration script) file that lists two external addressses and one internal proxy address all on port 8080.
I am trying to access an externally hosted web site (with lots of Java applets) from our corporate network and this fails when using an external proxy service.
Using JRE 1.4.2 we did a network trace and can see a request going to the external proxy on port 8080 but whatever the response is or what the JRE receives back, it doesn't like it and tries the next proxy address in the list and fails to connect.
In the JRE console, I see the following text when the connection fails (real addresses replaced)
Ping the proxy server <external proxy IP #1> on port 8,080
Proxy server <external proxy IP #1> on port 8,080 can not be reached
Ping the proxy server <external proxy IP #2> on port 8,080
Proxy server <external proxy IP #2> on port 8,080 can not be reached
Ping the proxy server <internal proxy IP > on port -1
Proxy server <internal proxy IP > on port -1 can not be reached
Does anyone know what the 'Ping the proxy server' is trying to do to detect the external proxy server? Whatever it is, it doesn't like the external ones and only works with the internal one. I'm assuming this is not a simple ICMP ping as the network trace shows a TCP request on port 8080 going to the external proxy and nothing coming back. I would like to know if it could be something the external proxy is blocking (so I could ask the supplier to change). I've looked at a good trace just using the internal proxy but can't see what type of response JRE accepts.
Later versions of JRE have the same issue except they resolve the last proxy (the internal one) correctly and still won't use the external proxies.
If there is anyone who can advise me on this or point me in the direction of some documention I would be very grateful.
-Steve

aseemfromnyc wrote:
is it possible to stream the contents of the hard drive to the hdtv witht the hard drive
Yes, add them to iTunes. The fact that they are on an external doesn't stop them from being in iTunes.
If necessary, create a separate library which you just use when you have the external connected.
Alternatively, if you have an iPhone or iPad you could check out an App like Air Video, which displays video that isn't in iTunes on your device. I think you can then use Airplay to get it onto your ATV.

Outlook anywhere wont automatically switch externally

Hey guys, i have a lab here of Exchange 2010 and Exchange 2013, ive set internel auth to NTLM and External to Basic, IIS auth to both, but i have my autodiscover records both internal and external, DNs is split brain, so all namespaces are the same. Now
when the client is external the OA settings dont automatically switch to basic, the continue to keep the internal settings, does anyone know what would cause this? I'm also using TMG to publish.
Thanks in advance.

Hi,
Firstly, I’d like to explain, Outlook Exchange Proxy Settings dialog box always displays the internal host name as the Proxy server in an Exchange Server 2013 environment:
http://support.microsoft.com/kb/2754898/en-US
Thus, I’d like to confirm the following information:
Is the client mailbox located in Exchange 2013 or 2010?
Can the client successfully connect to Exchange server?
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support

Fail to go through Proxy in weblogic contained code

Hey,
I am having trouble getting through our proxy server for outgoing connections. The idea is for my application to send some data to an external server and get a response, then proceed. However I always get stuck on a 407 weblogic.net.http.HttpUnauthorizedException: Proxy or Server Authentication Required
I then started looking around and tried to implement the following changes:
I found the info here:
http://forums.bea.com/thread.jspa?threadID=300006176
http://e-docs.bea.com/wls/docs81/javadocs/weblogic/common/ProxyAuthenticator.html
Basically I implemented an implementation of the interface weblogic.common.ProxyAuthenticator. Then I added a system property at the startup method of the webserver (which is either version 9 or 10, depending on which testenvironment).
public synchronized void start(boolean initial) throws ServerException {
// only start if not started yet
if (started) {
return;
Properties props = System.getProperties();
props.setProperty(ProxyAuthenticator.AUTHENTICATOR_PROPERTY, MyAuthenticator.class.getName());
System.setProperty( "java.protocol.handler.pkgs", "weblogic.net" ); //don't know if I need this, if it doesn't help it probably won't hurt either.
System.setProperties(props);
MyAuthenticator is the name of the ProxyAuthenticator implementing class. This class is in the same package as the Server.java class.
I'd expect the server to at least try something however... Upon debugging the code and attempting to connect to an URL I still get the 407 errormessage. And setting breakpoints either at the MyAuthenticator constructor or in the method "public String[] getLoginAndPassword() {" teaches me that the application never gets inside the MyAuthenticator class. So I obviously no instance of it gets created. There's also not a single error or exception thrown in the weblogic server console that would point to a problem with the property or implemented class.
I'd love some insights on this issue. I pretty much tried the angles that prestented themselves to no avail.
Thanks in advance,
Thomas

I have no idea what that class is used for. I've never heard of it before.
What are you using to make your connection? Commons HttpClient? You have to set certain parameters when you're going through a proxy.
The following is a block of code I use when using both basic auth and proxy auth at the same time.
if ((getUserName() != null) && (getPassword() != null))
Credentials credentials =
new UsernamePasswordCredentials(getUserName(), getPassword());
httpClient.getState().setCredentials(AuthScope.ANY, credentials);
httpClient.getParams().setAuthenticationPreemptive(true);
if ((getProxyUserName() != null) && !getProxyUserName().equals("") &&
(getProxyPassword() != null) && !getProxyPassword().equals(""))
httpClient.getHostConfiguration().
setProxy(getProxyHost(), getProxyPort());
String usePassword = getProxyPassword();
Credentials proxyCreds =
new UsernamePasswordCredentials(getProxyUserName(),
getProxyPassword());
httpClient.getState().setProxyCredentials(
new AuthScope(getProxyHost(), getProxyPort(),
AuthScope.ANY_REALM), proxyCreds);

Problems with the Proxy Programme--Please help

Hi All,
I have written a simple proxy server in the form of a servlet. I changed the proxy config of my browser to connect to this servlet hosted on the default context(http://localhost:8080) of the Tomcat 5.0.25 . Well , this servlet internally connects to the proxy of the corporate LAN . The logic that I have applied is as follows. The servlet gets the request from the client (ie the browser in this case) , extracts the headers and contents from the request, sets them to a new request that it forms and finally send this new request to the proxy. When the proxy responds, the servlet collects the response headers and contents adn writes them in its response. To sum up , this servlet transparently carries the requests and responses between the client(browser) and the corporate LAN proxy. Now the problem is this. Let's say , now I am accessing http://www.google.com.The browser sends a request to my servlet with the following headers as they are extracted by my servlet.
ProxyServer:::>posting request
ProxyServer:::>headerValue::> headerName = accept : headerValue=*/*
ProxyServer:::>headerValue::> headerName = referer : headerValue=http://www.google.com/
ProxyServer:::>headerValue::> headerName = accept-language : headerValue=en-us
ProxyServer:::>headerValue::> headerName = proxy-connection : headerValue=Keep-Alive
ProxyServer:::>headerValue::> headerName = user-agent : headerValue=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; UB1.4_IE6.0_SP1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
ProxyServer:::>headerValue::> headerName = host : headerValue=www.google.com
ProxyServer:::>headerValue::> headerName = cookie : headerValue=PREF=ID=1be27c0a74f198ca:TM=1082058853:LM=1082058853:S=bu6ORrygzm8AUkm8
ProxyServer:::>postRequest
I set these headers into a new connection opened to the proxy and post a fresh request to the proxy,which, in turn responds with the following headers.
ProxyServer:::>posted request successfully
ProxyServer:::>writing response
ProxyServer:::>writeResponse-->headerName = Proxy-Connection : headerValue = [close]
ProxyServer:::>writeResponse-->headerName = Content-Length : headerValue = [257]
ProxyServer:::>writeResponse-->headerName = Date : headerValue = [Tue, 13 Jul 2004 14:01:40 GMT]
ProxyServer:::>writeResponse-->headerName = Content-Type : headerValue = [text/html]
ProxyServer:::>writeResponse-->headerName = Server : headerValue = [NetCache appliance (NetApp/5.5R2)]
ProxyServer:::>writeResponse-->headerName = Proxy-Authenticate : headerValue = [Basic realm="Charlotte - napxyclt2"]
ProxyServer:::>writeResponse-->headerName = null : headerValue = [HTTP/1.1 407 Proxy Authentication Required]
ProxyServer:::>writeResponse exiting
ProxyServer:::>wrote response successfully
I write these headers back to the client. According to what I was thinking, the client ie the browser would open a new dialog box asking for username/password owing to the presence of the "Proxy-Authenticate " header. But it does not happen that way. Rather the browser stops responsding and displays a blank page. Does anyone know why it happens this way? I am pasting the server prog below for everybody's reference.
package server.proxy;
//import all servlet related classes
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
import java.io.*;
import java.net.*;
import server.resources.*;
//My Proxy server --->Currently it is very simplea and relies on
//other proxy servers of an already connected network.
public class ProxyServer extends HttpServlet
//stores the resource bundle
private ServerResBundle resBundle = null;
//checks for the mode of operation
private boolean proxySet = false;
private String proxy = null;
//storing the original System out/err etc
private PrintStream sysOutOrig = null;
private PrintStream sysErrOrig = null;
private InputStream sysInOrig = null;
//initialise certain features that are required later
public void init() throws ServletException
try
//initialise the resource bundle
this.initResBundle();
System.out.println("ProxyServer:::>res bundle init");
//set the mode of operation
this.setMode();
System.out.println("ProxyServer:::>mode set");
//set the system out and err --System.setOut etc
this.setSystemOutErr();
System.out.println("ProxyServer:::>in/out/err set");
}//End try
catch(Exception e)
System.out.println("Exception in init..."+(e.getMessage()));
throw new ServletException(e);
}//Edn
catch(Throwable e)
System.out.println("Irrecoverable Error...");
throw new ServletException(e);
}//End
}//End init
//method to init the resource bundle;
private void initResBundle()
this.resBundle = ServerResBundle.getBundle();
}//End
//method to set the mode of the server--proxy or direct
private void setMode()
//read the target proxy property from the bundle and
//if it is set,take that URL
String temp = (String)(this.resBundle.getResource(ResKeys.PROXY_SERVER));
if ( (temp != null) && (temp.length() > 0) )
this.proxySet = true;
this.proxy = temp;
temp = null;
}//End
}//End
//method to set the system out and err etc
private void setSystemOutErr() throws Exception
//keep a copy of the original system out and error
this.sysOutOrig = System.out;
this.sysErrOrig = System.err;
try
//read the options adn if they are set, take the values directly
String newOutStr = (String)(this.resBundle.getResource(ResKeys.SYSTEM_OUT));
String newErrStr = (String)(this.resBundle.getResource(ResKeys.SYSTEM_ERR));
if ((newOutStr != null) && (newOutStr.length() > 0))
System.setOut(new PrintStream(new FileOutputStream(new File(newOutStr),true),true));
}//End if
if ((newErrStr != null) && (newErrStr.length() > 0))
System.setErr(new PrintStream(new FileOutputStream(new File(newErrStr),true),true));
}//End if
}//End
catch(Exception e)
//restore the stuff
System.setOut(this.sysOutOrig);
System.setErr(this.sysErrOrig);
}//End
}//End
//this is where the proxy functionalities will be embedded
public void service(HttpServletRequest req,HttpServletResponse resp)
throws ServletException,java.io.IOException
//conenction URL
URL target = null;
//conenction to the remote object
URLConnection targetConn = null;
//stores the OOS and the OIS
ObjectOutputStream oos = null;
ObjectInputStream ois = null;
try
//check for the mode of operation
if (proxySet)
URLConnection objects go through two phases: first they are created, then they are connected.
After being created, and before being connected, various options can be specified
(e.g., doInput and UseCaches). After connecting, it is an error to try to set them.
Operations that depend on being connected, like getContentLength, will implicitly perform the connection,
if necessary.
//for the URL to the proxy
target=new URL(this.proxy);
//conenct to the proxy
targetConn = target.openConnection();
//set the details of the connectuon
targetConn.setDoInput(true);
targetConn.setDoOutput(true);
targetConn.setUseCaches(false);
// If true, this URL is being examined in a context in which it makes sense to allow user interactions such as popping up an authentication dialog. If false, then no user interaction is allowed
targetConn.setAllowUserInteraction(true);
//connect to the remote object
// targetConn.connect();//call this only when all the request properties are set
System.out.println("ProxyServer:::>posting request");
//post the received request to the URL
this.postRequest(targetConn,req);
System.out.println("ProxyServer:::>posted request successfully");
System.out.println("ProxyServer:::>writing response");
//receive the response
//write the received response to the client
this.writeResponse(targetConn,resp);
System.out.println("ProxyServer:::>wrote response successfully");
}//End if
else
//currently this functionality is not supported
throw new ServletException(
(String)(this.resBundle.getResource(ResKeys.ERR_FUNC_NOTSUPPORTED)));
}//End
}//End try
catch(Exception e)
if(e instanceof ServletException)
throw (ServletException)e;
}//End
if (e instanceof IOException)
throw (IOException)e;
}//End
//wrap it up in ServletException
throw new ServletException(e);
}//End
}//End
//method to write the response back to the client
private void writeResponse(URLConnection targetConn,HttpServletResponse resp)
throws ServletException
//get all the header fields from the response connection and set them to the
//response of the servlet
Map headerFields = null;
Iterator headerFieldEntries = null;
Map.Entry header = null;
//stores the input stream to the conn
BufferedReader brConn = null;
//stores the writer to the response
PrintWriter prResp = null;
//checks if the proxy authentication needed or not
boolean proxyAuthReqd = false;
try
//juste ensuring that the proxy authentication is reset
proxyAuthReqd = false;
if( (targetConn != null) && (resp != null) )
//Returns an unmodifiable Map of the header fields.
//The Map keys are Strings that represent the response-header field names.
//Each Map value is an unmodifiable List of Strings that represents the corresponding
//field values
headerFields = targetConn.getHeaderFields();
//Returns a set view of the mappings contained in this map
Set temp = headerFields.entrySet();
//Returns an iterator over the elements in this set
headerFieldEntries = temp.iterator();
if (headerFieldEntries != null)
while (headerFieldEntries.hasNext())
Object tempHeader = headerFieldEntries.next();
if (tempHeader instanceof Map.Entry)
header = (Map.Entry)tempHeader;
Object headerName = header.getKey();
Object headerValue=header.getValue();
System.out.println("ProxyServer:::>writeResponse-->headerName = "+headerName+" : headerValue = "+headerValue);
//do not select the key-value pair if both the key adn the value are null
if ( ( headerName == null) && (headerValue == null) )
continue;
}//Enmd
if (headerValue != null)
List headerValList = null;
if (headerValue instanceof List)
headerValList = (List)headerValue;
}//End
if(headerValList != null)
for (int i=0;i<headerValList.size();i++)
Object headerValueStr = headerValList.get(i);
if (headerValueStr instanceof String)
//note that the header-key can not be null for addHeader
//I have made this temporary provision to make the programme work.
resp.addHeader(( (headerName==null)? ("null_header"+i) :(String)headerName),
(String)headerValueStr);
//check if the proxy authentication required or not
if (((String)headerValueStr).
indexOf(resp.SC_PROXY_AUTHENTICATION_REQUIRED+"") != -1)
System.out.println("ProxyServer:::>writeResponse-->proxy auth needed");
//proxy authentication is needed
proxyAuthReqd = true;
}//End
}//Ednd of
else if (headerValueStr == null)
resp.addHeader(( (headerName==null)? null :(String)headerName),
null);
}//End
}//End for
}//End if
}//End if
}//End
}//End while
}//End if
//get the writer to the client
prResp = resp.getWriter();
System.out.println("ProxyServer:::>writeResponse-->proxyAuthReqd="+proxyAuthReqd);
//juste test a simple header
System.out.println("Proxy-Authenticate = "+(resp.containsHeader("Proxy-Authenticate")));
//if the proxy asks you for authentication,pass on the same to the client
//from whom you have received the request.When this flag is true,the connection
//is closed by the remotehost adn hence any attempt to open in input steram
//results in an error ie IOException
if (!proxyAuthReqd)
//now get the content adn write it to the response too
brConn = new BufferedReader(new InputStreamReader(
targetConn.getInputStream()));
String tempStr = null;
while ((tempStr = brConn.readLine())!=null)
prResp.println(tempStr);
}//End while
//close the connections
brConn.close();
}//End if
else
prResp.println("Proxy Authentication needed...");
}//End
//close the streams
prResp.flush();
prResp.close();
}//End if
System.out.println("ProxyServer:::>writeResponse exiting\n");
}//End try
catch(Exception e)
throw new ServletException(e);
}//End
}//End
//method to post request to the internet
private void postRequest(URLConnection targetConn,HttpServletRequest req)
throws ServletException
//extract the header parameters and the body content from the incoming request
//and set them to the new connection
Enumeration reqHeaders = null;
//reads the incoming request's content
BufferedReader brReqRd = null;
PrintWriter prResWt = null;
//stores temp header names and values
String headerName = null;
String headerValue = null;
try
if( (targetConn != null) && (req != null) )
reqHeaders = req.getHeaderNames();
//extract a header adn set it to the new connection
while (reqHeaders.hasMoreElements())
headerName = (String)(reqHeaders.nextElement());
headerValue = req.getHeader(headerName);
targetConn.setRequestProperty(headerName,headerValue);
System.out.println("ProxyServer:::>headerValue::> headerName = "+headerName+" : headerValue="+headerValue);
}//End
System.out.println("ProxyServer:::>postRequest\n");
//establis the actual connection
//calling this method bfore the above loop results in IllegalStateException
targetConn.connect();
//NOTE : try reading from and writing into OIS and OOS respectively
//now read the contents and write them to the connection
// brReqRd = req.getReader(); //this hangs for some reason
brReqRd = new BufferedReader(new InputStreamReader(req.getInputStream()));
System.out.println("Got the reader..brReqRd = "+brReqRd);
if (brReqRd != null)
String temp = null;
//establish the printwriter
// prResWt = new PrintWriter(targetConn.getOutputStream(),true);
prResWt = new PrintWriter(targetConn.getOutputStream());
System.out.println("trying to read in a loop from brReqRd.. ready="+(brReqRd.ready()));
while( (brReqRd.ready()) && ((temp=brReqRd.readLine()) != null) )
System.out.println("In while::>temp = "+temp);
prResWt.println(temp);
}//Emd while
//close the streams adn go back
brReqRd.close();
prResWt.flush();
prResWt.close();
}//End
}//End outer if
System.out.println("ProxyServer:::>postRequest exiting\n");
}//End try
catch(Exception e)
throw new ServletException(e);
}//End
}//End
}//End

Hi serlank ,
Thanks for your reply. Well , I initially I thought of not pasting the code,as it was too long. But I could not help it,as I thought I must show in code what I exactly meant. That's why I followed a description of my problem with the code. You could probably have copied the code and pasted it in one of your favourite editors to take a look at it. Did you,by any chance, try to read it on the browser? And as regards reposting the same message, I can say that I did it as I felt the subject was not quite appropriate in the first posting and I was not sure as to how I could delete/alter the posting. I am not asking for a code-fix,but some suggestions from some one who might ever have come across such a thing.Anyway, lemme know if you have any idea on it. Thanks...

Error in soap header when use webservice consumer proxy

Hi all,
I create a webservice consumer proxy to external server. the webservice provider is .Net and it required a message level security.
The soap message should include a soap header, like this:
<SOAP-ENV:Header>
<m:AuthHeader xmlns:m="http://tempuri.org/">
<m:Username>test1</m:Username>
<m:Password>test</m:Password>
</m:AuthHeader>
</SOAP-ENV:Header>
I have found many information from here. Now I used IF_WSPROTOCOL_WS_HEADER in my program, like this:
REPORT zws_jp_test01.
DATA: lo_zws_jp_co_service_soap TYPE REF TO zws_jp_co_service_soap .
DATA: lo_fault TYPE REF TO cx_ai_system_fault.
DATA: lo_appl_fault TYPE REF TO cx_ai_application_fault.
TRY.
    CREATE OBJECT lo_zws_jp_co_service_soap
      EXPORTING
        logical_port_name = 'ZWS_JP_LP4'.
CATCH cx_ai_system_fault INTO lo_fault.
    MESSAGE lo_fault TYPE 'I'.
ENDTRY.
DATA: output TYPE zws_jp_create_job_ad_soap_out .
DATA: input TYPE zws_jp_create_job_ad_soap_in .
DATA: lr_ws_header TYPE REF TO if_wsprotocol_ws_header.
DATA: lv_name TYPE string,
      lv_namespace TYPE string.
DATA l_xstring TYPE xstring.
DATA l_string TYPE string.
DATA: ixml TYPE REF TO if_ixml,
     xml_document TYPE REF TO if_ixml_document,
     xml_root TYPE REF TO if_ixml_element,
     xml_element TYPE REF TO if_ixml_element,
     xml_node TYPE REF TO if_ixml_node.
lr_ws_header ?= lo_zws_jp_co_service_soap->get_protocol(
                                           if_wsprotocol=>ws_header ).
CONCATENATE
'<SOAP-ENV:Header>'
    '<m:AuthHeader xmlns:m="http://tempuri.org/">'
      '<m:Username>test1</m:Username>'
      '<m:Password>test</m:Password>'
    '</m:AuthHeader>'
'</SOAP-ENV:Header>'
INTO l_string.
l_xstring = cl_proxy_service=>cstring2xstring( l_string ).
CALL FUNCTION 'SDIXML_XML_TO_DOM'
EXPORTING
    xml           = l_xstring
IMPORTING
    document      = xml_document
EXCEPTIONS
    invalid_input = 1
    OTHERS        = 2.
IF sy-subrc = 0 AND NOT xml_document IS INITIAL.
xml_root = xml_document->get_root_element( ).
xml_element ?= xml_root->get_first_child( ).
WHILE NOT xml_element IS INITIAL.
    lv_name = xml_element->get_name( ).
    lv_namespace = xml_element->get_namespace_uri( ).
    lr_ws_header->set_request_header(
        name            = lv_name
        namespace       = lv_namespace
        dom             = xml_element
        must_understand = SPACE
    xml_element ?= xml_element->get_next( ).
ENDWHILE.
ENDIF.
input-job_ad-id = 0.
input-job_ad_text-id = 0.
input-job_ad-publish_location = 1.
TRY.
    CALL METHOD lo_zws_jp_co_service_soap->create_job_ad
      EXPORTING
        input = input
      IMPORTING
        output = output.
CATCH cx_ai_system_fault INTO lo_fault .
    MESSAGE lo_fault TYPE 'I'.
CATCH cx_ai_application_fault INTO lo_appl_fault.
    MESSAGE lo_appl_fault TYPE 'I'.
    WRITE: output-create_job_ad_result-id.
ENDTRY.
But there is error when I run this program. the error is "SoapFaultCode:1"
In tcode ST11, I see this log:
E SOAP_RUNTIME 20100624004837.9280000 : CL_SOAP_RUNTIME_CLIENT
->EXEC_PROCESSING SOAP Fault Exception caught: : SOAP header To
was not understood.
btw the release is 701.
Any one can navigate me to solved the problem?

Hi,
I have the same problem as you did before and I posted my code in this [thread|Change SOAP Header: Consuming Webservice;.
In order to to solve your problem, I need to know what is the header that you want to add into the header, what is WSDL, and have you try testing that web service using other tool such as SOAPUI or XMLSPY and what is the result of testing tool?
Regards,
Chaiphon

Unable to activate internal and external urls at the same time

Hi,
We have Configured EBS R12 in DMZ setup as described in Figure F-9 of metalink note 380490.1 ,Option 2.4: Using Reverse Proxy with no External Web Tier.
refering to 726953.1 Case History: Implementing a Reverse Proxy Alone in the DMZ Configuration - R12.
but Not able to activate internal and external urls at the same time in this configuration. Only the node where last autoconfig was run getting activated as web node.
When trying to accees the url of the other node it gets redirected to the url (where autoconfig is last run).and for this error observed is Error Code:502 Proxy Error.The specified Secure Sockets Layer (SSL) port is not allowed.(12204).
For both external and internal services are UP.opmn status is live no error.
Using Apache as reverse proxy.
EXTERNAL Reverse proxy settings:
s_login_page http://LONWEB01.process.com:81/OA_HTML/AppsLogin
<TIER_DB oa_var="s_isDB">NO</TIER_DB>
<TIER_ADMIN oa_var="s_isAdmin">NO</TIER_ADMIN>
<TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
<TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
<TIER_NODE oa_var="s_isConc">NO</TIER_NODE>
<TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
<TIER_NODEDEV oa_var="s_isConcDev">NO</TIER_NODEDEV>
<TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
INTERNAL Middle Tier settings:
s_login_page http://stprojapp01.test.com:8005/OA_HTML/AppsLogin
<TIER_DB oa_var="s_isDB">NO</TIER_DB>
<TIER_ADMIN oa_var="s_isAdmin">YES</TIER_ADMIN>
<TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
<TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
<TIER_NODE oa_var="s_isConc">YES</TIER_NODE>
<TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
<TIER_NODEDEV oa_var="s_isConcDev">YES</TIER_NODEDEV>
<TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
Are we missing anything....
Thanks & Regards

Hi,
Finally it's resolved...Following is the solution thought to share in the forum:
The configuration of the E-Business Suite environment for DMZ requires profile options hierarchy type to be set
to SERVRESP.
To change the profile options hierarchy type values to SERVRESP, execute the following SQL script as
shown below:
sqlplus / @/patch/115/sql/txkChangeProfH.sql SERVRESP
After successfully completing the above sql script, run Autoconfig in all nodes to complete the profile options configuration.
It's resolved after doing this..

LEAP Radius proxy with PEAPv0

I'm doing a lab using Cisco ACS 4.1 LEAP Proxy RADIUS External User Databaser, and works fine but I don't understand why. So, I don't know if it's a stable solution.
I have the following scenario:
WinXP SP2
PEAPv0 (EAP-MSCHAPv2)
|
v
Cisco 3640
802.1x Wired Port Access Control
|
v
Cisco ACS 4.1
External User Database
LEAP Proxy RADIUS
|
v
Freeradius 2.0.1
MS-CHAPv1 user + MPPE MS Extension
I'm using the native WinXP SP2 802.1x supplicant client (EAP-MSCHAPv2), to link a Cisco 3640 FE port protected by dot1x. The IOS is configured to authenticate with a Cisco ACS 4.1, where I'm created a user that use as External User Database a LEAP Proxy RADIUS, with destination a Freeradius in the Backend.
Then, I configured the Freeradius to authenticate the user using MSCHAPv1 (+ MS-CHAP-MPPE-Keys with the use_mppe parameter option set in the config). And it works!
So, my question are:
1) Does the Cisco ACS LEAP Proxy RADIUS feature work also with PEAPv0?
3) Does the ACS internally translate the MSCHAPv2 challenge response to a MSCHAPv1 challenge response? Are they compatible?
2) Is this a stable solution?
Regards
FP

Thanks four your reply, but I'm sure the ACS can internaylly translate the challenges, because my lab works. Please remember, my WinXP is configured to use MSCHAPv2, and my Freeradius is configured to use MSCHAPv1. The only restrinctions they have, are that the Freeradius have to send the MS-CHAP-MPPE-Keys, and the Cisco ACS has to be configured to use LEAP Proxy RADIUS as External Database User.
Another interesting test I did, was modify in the freeradius response the MS-CHAP-MPPE-Keys (changing the rlm_mschap module). Normally it's composed by 8 bytes from LM-Password (a hash of the plain password) and 16 bytes from NT-Password (another hash of the plain password). Changing with zeros the LM-Password portion, the authentication still works! But changing one byte of the NT-Password portion, the authentication fails... so, only the NT-Password is needed to proxy MSCHAPv2 to MSCHAPv1..
My problem is, that my backend RADIUS only support MSCHAPv2, and I need to put the Cisco ACS in the Frontend. So, the question is, is teorically possible to proxy MSCHAPv1 to MSCHAPv2? If it's possible, probably I will use a Freeradius to work as a proxy between them...

WEBVPN auth TACACS+ proxy to external ODBC

Similar Messages

Maybe you are looking for