Search Results

Search found 22633 results on 906 pages for 'service accounts'.

Page 60/906 | < Previous Page | 56 57 58 59 60 61 62 63 64 65 66 67  | Next Page >

  • Expire windows user (license) after some time according to first login instead of a solid expiration date

    - by smhnaji
    In a project, we have lots of Windows user that have bought licenses for 1 month, 2 month,... 1 year and so... CURRENT SITUATION (WHAT I DON'T WANT): When users are created and added to the OS, a solid expiration date is given. WHAT I WANT: Users' expiration date should be calculated automatically after first login. The user might not need his account right when purchases the license. In another words: When a license is purchased at Jan 1, he should use the license until Feb 1. No matter whether he really logs in or not. He cannot come Feb 5 and begin using his license because that has expired then. What I want is that when he comes at Feb 5 and begins using, the license update until March 5. Environment: Windows Server 2012

    Read the article

  • Windows7: Gaining administrator rights in CLI without being prompted for password

    - by liori
    Hello, I am trying to write a script which includes disk defragmentation as one of its steps. defrag needs administrative rights to work. I tried to use runas /user:Administrator, but it always asked me for password (even though there isn't one set). The script needs to run unattended for a long time, and it needs to be started from standard user account (it is actually being run by cygwin), so I'd like to get rid of that prompt. Is this possible? Thanks,

    Read the article

  • Exim, hot to route local mail to other adress

    - by kheraud
    I have setuped an Exim4 server on my debian wheezy server. This mail server only sends mail coming from localhost. The purpose is sending mail for my website. I have cron tasks and other services generating mails for root user. These mails are not stored in /var/mail as before, but sent by exim to [email protected]. I try to make exim send mails for root to [email protected] rather than [email protected]. I tried adding a .forward in /root with [email protected] as content. I tried also changing /etc/aliases with root: [email protected]. The fact is that routing works for root@localhost but not for root which is resolved as [email protected] I tested how routing is resolved with exim -bt : root@srv02:~# exim -bt root@localhost R: system_aliases for root@localhost R: dnslookup for [email protected] [email protected] <-- root@localhost router = dnslookup, transport = remote_smtp host gmail-smtp-in.l.google.com [173.194.67.27] MX=5 host alt1.gmail-smtp-in.l.google.com [74.125.143.27] MX=10 host alt2.gmail-smtp-in.l.google.com [74.125.25.27] MX=20 host alt3.gmail-smtp-in.l.google.com [173.194.64.27] MX=30 host alt4.gmail-smtp-in.l.google.com [74.125.142.27] MX=40 root@srv02:~# exim -bt root R: dnslookup for [email protected] [email protected] router = dnslookup, transport = remote_smtp host aspmx.l.google.com [173.194.78.27] MX=1 host alt1.aspmx.l.google.com [74.125.143.27] MX=5 host alt2.aspmx.l.google.com [74.125.25.27] MX=5 host alt4.aspmx.l.google.com [74.125.142.27] MX=10 host alt3.aspmx.l.google.com [173.194.64.27] MX=10 I bet this is a matter of how my server is configured (rather than how exim is configured). But to understand well I would like to have a solution for both : how to have root resolved as root@localhost ? how to have [email protected] routed to [email protected] ?

    Read the article

  • New AD user request form and workflow

    - by user66390
    I'm wondering if anyone is providing a solid solution for creating New Network User Account Request forms, and attaching workflows to them to automate account creation? I'm currently investigating a number of options, but am surprised that such a ubiquitous task hasn't been solved a dozen times over and thoroughly documented. Or at least isn't integrated into current off-the-shelf change management and ticketing systems. Ideally, I'd like for our current ticketing system, ServiceDesk+ to present a standard 'New User' form to department heads, which they can fill in with the required new user details. This triggers a workflow that submits the request as a ticket that can be reviewed and actioned. Actioning the ticket triggers a workflow that creates a user in AD with the details provided, and notifies the department head upon completion. All told, a pretty standard requirement that I'm sure most organizations have. What are other people doing to accomplish this? Edit: I should add, I'm more looking for "supported" methods. As is, I've submitted a number of scripted solutions, none of which have met with manager approval.

    Read the article

  • How to set an executable white list?

    - by izabera
    Under Linux, is it possible to set a white-list of executables for a certain group of users? I need them to be unable to use, for example, make, gcc and executables on removable disks. How can this be done? Edit, let me explain better. I'm dealing with a high school IT system, young geeks that (during the lessons) want to play, surf the net, damage those computer however they can. The major step to achieve this goal was to remove the system they're familiar with and install Ubuntu in all the computers. This actually works quite well, but recent events proved that this is not enough. I want to allow them to execute certain safe programs, like Open Office, and to deny any other program, whether it is preinstalled software, something they carry in usb drives, a downloaded program or a script they program on site. It's possible to remove the 'x' permission on any file on the pc, but of course it would be impractical. Furthermore, they would be able to run anything they download. I thought the best solution would be to make a white-list of safe programs and to deny anything else, but I don't really know how to do it. Any idea is helpful.

    Read the article

  • I cannot access my flickr account

    - by AtanuCSE
    I was using Google account to log in to my Flickr. After several days, I entered into the Flickr account and found out that Flickr is moving into only Yahoo login. So I tried the Google login and it shows This account is not connected with any Yahoo account. Sign up for new........ or use existing etc... Can't remember the exact words. So I provided my Yahoo mail credentials. Now every time it is giving me a brand new account, rather taking me to my previous Flickr account. I can view the previous account photos, but After going there, it treated me as a outsider. New account showing me that I've not uploaded any photo. What's wrong? How can I connect with my previous account?

    Read the article

  • How do I find out when and by whom a particular user was deleted in linux?

    - by executor21
    I've recently ran into a very odd occurrence on one system I'm using. For no apparent reason, my user account was deleted, although the home directory is still there. I have root access, so I can restore the account, but first, I want to know how this happened, and exactly when. Inspecting the root's .bash_history file and the "last" command gave nothing, and I'm (well, was) the only sudoer on the system. How would I know when this deletion happened? The distro is CentOS release 5.4 (Final), if that helps.

    Read the article

  • transparently set up Windows 7 as remote workstation

    - by Áxel
    Maybe is a very basic question, but I can't find the exact terms to Google for it and find the concrete answer to my doubt. Suppose we have several PCs in which individual employees work. One of them has an extremely powerful CPU, and it's very useful to use that computer to perform heavy computations, but go there and set up your task means its user has to stop working for a while. Is it possible to allow a secondary user account to remotly log in, for example via Remote Desktop, and work with a full user environment, while the main user keeps working under his user session? I've used remote desktop many times in the past, but it always blocked current user session, or even terminated it. Lots of thanks in advance guys.

    Read the article

  • Samba+Windows: Allow multiple connections by different users?

    - by rgoytacaz
    Hello there, I have a machine running Ubuntu with Samba that I use to share stuff with my family's Windows machines in our local network. Currently they access a share for movies/music/etc with one user. I want to connect them to another share as a different user (for example, user "goytacaz"). When I try connecting to this new share, Windows gives me "Error 1219" and complains about multiple connections by the same user. How do I get my machine to accept multiple connections by the same user?

    Read the article

  • Password not accepted when resuming from sleep

    - by Comrade
    My HP Pavilion dv-series notebook will not accept the user account password for the logged in user when resuming from sleep - message returned is Incorrect Password. Simply selecting the Switch User option reloads the login screen and allows me to log in as the same user with the same password that was originally rejected. And, yes I've tried it more than one (hundred) times in case you were thinking it's just a case of slippery fingers. Another interesting point is that it appears to be independent of the software running on the machine. Since the issue first appeared, I have done two clean installs where all HD partitions were wiped and new ones created during fresh installation of the OS. The first such clean install was of Ubuntu (Lucid) 10.04 amd-64, the second of Win 7 Pro 64 (from boxed disc and activated post install). Exactly the same symptoms, described above, are exhibited on both platforms. Have engaged in significant amount of Googling an come up empty so any ideas are welcome.

    Read the article

  • Lost user account for Windows Vista

    - by annelie
    Hello, I'm trying to help a friend who's lost her user account in Vista. I know there's supposed to be a way you can boot the computer from the vista installation disc and create an admin account you can later login with, but her installation disc is in Australia and her laptop in London. Is there any other way to get in? Or would it be better to try and access just the harddrive? She's mainly concerned with getting all her data off it. As for how she lost the account, I'll let her explain in her words. :) My computer basically got some virus and now is up sh*t creek. it told me i had this cryptic thingy majiggy was missing and then this fake virus told me i needed to scan my computer. SO i tried to do malware thing but it kept shutting my computer down. ANYWAY...now its it will only open up with 'launch startup repair' and has got rid of my settings for logging in and wants me to be 'other user' which i have no password or username for'...so basically im stuffed. This is Windows Vista by the way. Thanks, Annelie

    Read the article

  • Increase the number of concurrent users on Windows Server 2008

    - by gentlesea
    I have a Windows Server 2008 R2 running and I am able to connect to it using 2 different users via Remote Desktop Connection. Since a colleague and me are working on the server almost all the time and another colleague also wants to connect there is always the need to disconnect one user which is bad. Is there a possibility to increase the number of allowed users? On another server there are more than 2 users allowed. What is different there?

    Read the article

  • Increase the number of concurrent users on Windows Server 2008

    - by gentlesea
    I have a Windows Server 2008 R2 running and I am able to connect to it using 2 different users via Remote Desktop Connection. Since a colleague and me are working on the server almost all the time and another colleague also wants to connect there is always the need to disconnect one user which is bad. Is there a possibility to increase the number of allowed users? On another server there are more than 2 users allowed. What is different there?

    Read the article

  • How would I prevent users from logging in a PC while software is installing?

    - by user333121
    So I currently am looking for a solution to keeping users logged out while software is installing or activating a pop-up message that cannot be moved, closed, and is always on top, because sometimes when we deploy software to users (via SCCM), the parameters of the install require the user to be logged out for the duration of the installation. I've looked at trying to customize the group policy for account lockout but with no luck. Anyone know of any programs or scripts that do this? Thank you!

    Read the article

  • How can I disable the guest account on OSX Lion?

    - by Wezly
    I have 'disabled' the guest account on my macbook pro running Lion via System Preferences Users & Groups. However the guest account still seems to appear as an option to login at start up and when switching users. I have never used the guest account for anything, and I have tried a system restore but the guest user has returned as before. How can I get rid of it? Thanks. edit: I also just enabled and disabled the account again - but the guest option still appears at startup offering a safari only restart for a guest user.

    Read the article

  • How can I continue audio playback even after switching user?

    - by klyonrad
    I just tested it with iTunes; after switching the user account (only after logging into another account, to be precise) the audio playback from the account "A" stops. However iTunes continues playing in the background; which I realized after switching back to account "A". Very frustrating because it kind-of is a deal-breaker for me; the other person should be able to have some personalized settings; while it is still my computer, and the main account has all the music obviously. The ideal solution would be audio output continuing running while user still has the ability to manually pause it... EDIT: I tested a bit more: "Desktop" apps like VLC don't output sound but continue running; the stock Music.app in Metro pauses the music and continues playing when switching back.

    Read the article

  • one email have multiple open id , unable to retrive specific open id password?

    - by superUser
    I have multiple OPENID accouts refrencing same email address, now i forget one of my accout's password. and when i tried to recover my password then only one openid accout link sent to my mail address whereas i need another openid password reset link what i have to do?? although i m able to login through gmail, but i want to login through openid. i have mailed already? but no satisfactory answer?? how do i collect all open ID password reset link referencing same email address??

    Read the article

  • Multiple "setups" on windows 7

    - by Roberto
    I would like to create multiple setups on Windows, that is, when I'm working with my computer I have some programs opened, after that I would like to change the setup/user to the "gaming setup" where the previous setup would hibernate and the computer would have all the resources free for me to play. I could have opened multiple tabs on firefox on each setup and they would be there when I come back. I understand that windows' switch user would make the programs run when I'm with the other user and that's not what I want. So, is that possible?

    Read the article

  • When a new user is created on Centos 6, it takes a while (30 mins) before he can access his group folder

    - by Diepseun
    I created a new user and made it part of a certain group which has full access (777) to a folder. Checked the user in Samba, password the same as his Windows (XP) password, rebooted his desktop but he didn't have access to the folder. Checked the Samba group and config file and the user was defined as a member of the group. It didn't make sense and I then did something else for a while. When I tried again, without doing anything further about it, the user had access to the folder. I did restart the Samba server after my original changes. Thanks in advance.

    Read the article

  • Can I change the user that is the default choice in UAC?

    - by Will
    Windows 7 install. I RANU, so I have to hit the UAC every once in awhile. The problem is that it asks me to enter my password to elevate, but I need to enter the domain\username of the box admin (I'm on a domain) and the password. Instead of UAC popping up with my username entered and the caret in the password box, I'd like it to pop up with the domain\username of a different user, specifically the local admin account, entered. This would save me a click and some typing. Sue me, I'm lazy. Is this possible?

    Read the article

  • Securing credentials passed to web service

    - by Greg Smith
    I'm attempting to design a single sign on system for use in a distributed architecture. Specifically, I must provide a way for a client website (that is, a website on a different domain/server/network) to allow users to register accounts on my central system. So, when the user takes an action on a client website, and that action is deemed to require an account, the client will produce a page (on their site/domain) where the user can register for a new account by providing an email and password. The client must then send this information to a web service, which will register the account and return some session token type value. The client will need to hash the password before sending it across the wire, and the webservice will require https, but this doesn't feel like it's safe enough and I need some advice on how I can implement this in the most secure way possible. A few other bits of relevant information: Ideally we'd prefer not to share any code with the client We've considered just redirecting the user to a secure page on the same server as the webservice, but this is likely to be rejected for non-technical reasons. We almost certainaly need to salt the password before hashing and passing it over, but that requires the client to either a) generate the salt and communicate it to us, or b) come and ask us for the salt - both feel dirty. Any help or advice is most appreciated.

    Read the article

  • Problem with hadoop start-dfs.sh

    - by user288501
    I installed and configured hadoop on my Ubuntu 14.04 server, virtualized inside of hyper-v, however I am getting an issue when i run start-dfs.sh root@sUbuntu01:/var/log# start-dfs.sh 14/06/04 15:27:08 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable Starting namenodes on [OpenJDK 64-Bit Server VM warning: You have loaded library /usr/local/hadoop/lib/native/libhadoop.so.1.0.0 which might have disabled stack guard. The VM will try to fix the stack guard now. It's highly recommended that you fix the library with 'execstack -c <libfile>', or link it with '-z noexecstack'. localhost] sed: -e expression #1, char 6: unknown option to `s' -c: Unknown cipher type 'cd' localhost: Ubuntu 14.04 LTS localhost: starting namenode, logging to /usr/local/hadoop/logs/hadoop-root-namenode-sUbuntu01.out noexecstack'.: ssh: Could not resolve hostname noexecstack'.: Name or service not known '-z: ssh: Could not resolve hostname '-z: Name or service not known 'execstack: ssh: Could not resolve hostname 'execstack: Name or service not known disabled: ssh: Could not resolve hostname disabled: Name or service not known with: ssh: Could not resolve hostname with: Name or service not known have: ssh: Could not resolve hostname have: Name or service not known VM: ssh: Could not resolve hostname vm: Name or service not known stack: ssh: Could not resolve hostname stack: Name or service not known guard: ssh: Could not resolve hostname guard: Name or service not known fix: ssh: Could not resolve hostname fix: Name or service not known VM: ssh: Could not resolve hostname vm: Name or service not known the: ssh: Could not resolve hostname the: Name or service not known to: ssh: Could not resolve hostname to: Name or service not known warning:: ssh: Could not resolve hostname warning:: Name or service not known it: ssh: Could not resolve hostname it: Name or service not known now.: ssh: Could not resolve hostname now.: Name or service not known library: ssh: Could not resolve hostname library: Name or service not known will: ssh: Could not resolve hostname will: Name or service not known link: ssh: Could not resolve hostname link: Name or service not known or: ssh: Could not resolve hostname or: Name or service not known It's: ssh: Could not resolve hostname it's: Name or service not known <libfile>',: ssh: Could not resolve hostname <libfile>',: Name or service not known which: ssh: connect to host which port 22: Connection timed out have: ssh: connect to host have port 22: Connection timed out you: ssh: connect to host you port 22: Connection timed out try: ssh: connect to host try port 22: Connection timed out the: ssh: connect to host the port 22: Connection timed out highly: ssh: connect to host highly port 22: Connection timed out might: ssh: connect to host might port 22: Connection timed out loaded: ssh: connect to host loaded port 22: Connection timed out You: ssh: connect to host you port 22: Connection timed out guard.: ssh: connect to host guard. port 22: Connection timed out library: ssh: connect to host library port 22: Connection timed out Server: ssh: connect to host server port 22: Connection timed out fix: ssh: connect to host fix port 22: Connection timed out The: ssh: connect to host the port 22: Connection timed out recommended: ssh: connect to host recommended port 22: Connection timed out that: ssh: connect to host that port 22: Connection timed out stack: ssh: connect to host stack port 22: Connection timed out OpenJDK: ssh: connect to host openjdk port 22: Connection timed out 64-Bit: ssh: connect to host 64-bit port 22: Connection timed out with: ssh: connect to host with port 22: Connection timed out localhost: Ubuntu 14.04 LTS localhost: starting datanode, logging to /usr/local/hadoop/logs/hadoop-root-datanode-sUbuntu01.out localhost: OpenJDK 64-Bit Server VM warning: You have loaded library /usr/local/hadoop/lib/native/libhadoop.so.1.0.0 which might have disabled stack guard. The VM will try to fix the stack guard now. localhost: It's highly recommended that you fix the library with 'execstack -c <libfile>', or link it with '-z noexecstack'. Starting secondary namenodes [OpenJDK 64-Bit Server VM warning: You have loaded library /usr/local/hadoop/lib/native/libhadoop.so.1.0.0 which might have disabled stack guard. The VM will try to fix the stack guard now. It's highly recommended that you fix the library with 'execstack -c <libfile>', or link it with '-z noexecstack'. 0.0.0.0] sed: -e expression #1, char 6: unknown option to `s' warning:: ssh: Could not resolve hostname warning:: Name or service not known -c: Unknown cipher type 'cd' It's: ssh: Could not resolve hostname it's: Name or service not known 'execstack: ssh: Could not resolve hostname 'execstack: Name or service not known '-z: ssh: Could not resolve hostname '-z: Name or service not known 0.0.0.0: Ubuntu 14.04 LTS 0.0.0.0: starting secondarynamenode, logging to /usr/local/hadoop/logs/hadoop-root-secondarynamenode-sUbuntu01.out 0.0.0.0: OpenJDK 64-Bit Server VM warning: You have loaded library /usr/local/hadoop/lib/native/libhadoop.so.1.0.0 which might have disabled stack guard. The VM will try to fix the stack guard now. 0.0.0.0: It's highly recommended that you fix the library with 'execstack -c <libfile>', or link it with '-z noexecstack'. noexecstack'.: ssh: Could not resolve hostname noexecstack'.: Name or service not known <libfile>',: ssh: Could not resolve hostname <libfile>',: Name or service not known link: ssh: Could not resolve hostname link: No address associated with hostname it: ssh: Could not resolve hostname it: No address associated with hostname to: ssh: connect to host to port 22: Connection timed out or: ssh: connect to host or port 22: Connection timed out you: ssh: connect to host you port 22: Connection timed out guard.: ssh: connect to host guard. port 22: Connection timed out VM: ssh: connect to host vm port 22: Connection timed out stack: ssh: connect to host stack port 22: Connection timed out library: ssh: connect to host library port 22: Connection timed out Server: ssh: connect to host server port 22: Connection timed out might: ssh: connect to host might port 22: Connection timed out stack: ssh: connect to host stack port 22: Connection timed out You: ssh: connect to host you port 22: Connection timed out now.: ssh: connect to host now. port 22: Connection timed out disabled: ssh: connect to host disabled port 22: Connection timed out have: ssh: connect to host have port 22: Connection timed out will: ssh: connect to host will port 22: Connection timed out The: ssh: connect to host the port 22: Connection timed out have: ssh: connect to host have port 22: Connection timed out try: ssh: connect to host try port 22: Connection timed out the: ssh: connect to host the port 22: Connection timed out guard: ssh: connect to host guard port 22: Connection timed out the: ssh: connect to host the port 22: Connection timed out recommended: ssh: connect to host recommended port 22: Connection timed out with: ssh: connect to host with port 22: Connection timed out library: ssh: connect to host library port 22: Connection timed out 64-Bit: ssh: connect to host 64-bit port 22: Connection timed out fix: ssh: connect to host fix port 22: Connection timed out which: ssh: connect to host which port 22: Connection timed out VM: ssh: connect to host vm port 22: Connection timed out OpenJDK: ssh: connect to host openjdk port 22: Connection timed out fix: ssh: connect to host fix port 22: Connection timed out highly: ssh: connect to host highly port 22: Connection timed out that: ssh: connect to host that port 22: Connection timed out with: ssh: connect to host with port 22: Connection timed out loaded: ssh: connect to host loaded port 22: Connection timed out 14/06/04 15:36:02 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable Any advice?

    Read the article

  • How to deal with transport level security policy with OSB

    - by Jian Liang
    Recently, we received a use case for Oracle Service Bus (OSB) 11gPS4 to consume a Web Service which is secured by HTTP transport level security policy. The WSDL of the remote web service looks like following where the part marked in red shows the security policy: <?xml version='1.0' encoding='UTF-8'?> <definitions xmlns:wssutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="https://httpsbasicauth" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="https://httpsbasicauth" name="HttpsBasicAuthService"> <wsp:UsingPolicy wssutil:Required="true"/> <wsp:Policy wssutil:Id="WSHttpBinding_IPartyServicePortType_policy"> <wsp:ExactlyOne> <wsp:All> <ns1:TransportBinding xmlns:ns1="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <ns1:TransportToken> <wsp:Policy> <ns1:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </ns1:TransportToken> <ns1:AlgorithmSuite> <wsp:Policy> <ns1:Basic256/> </wsp:Policy> </ns1:AlgorithmSuite> <ns1:Layout> <wsp:Policy> <ns1:Strict/> </wsp:Policy> </ns1:Layout> </wsp:Policy> </ns1:TransportBinding> <ns2:UsingAddressing xmlns:ns2="http://www.w3.org/2006/05/addressing/wsdl"/> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <types> <xsd:schema> <xsd:import namespace="https://proxyhttpsbasicauth" schemaLocation="http://localhost:7001/WS/HttpsBasicAuthService?xsd=1"/> </xsd:schema> <xsd:schema> <xsd:import namespace="https://httpsbasicauth" schemaLocation="http://localhost:7001/WS/HttpsBasicAuthService?xsd=2"/> </xsd:schema> </types> <message name="echoString"> <part name="parameters" element="tns:echoString"/> </message> <message name="echoStringResponse"> <part name="parameters" element="tns:echoStringResponse"/> </message> <portType name="HttpsBasicAuth"> <operation name="echoString"> <input message="tns:echoString"/> <output message="tns:echoStringResponse"/> </operation> </portType> <binding name="HttpsBasicAuthSoapPortBinding" type="tns:HttpsBasicAuth"> <wsp:PolicyReference URI="#WSHttpBinding_IPartyServicePortType_policy"/> <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/> <operation name="echoString"> <soap:operation soapAction=""/> <input> <soap:body use="literal"/> </input> <output> <soap:body use="literal"/> </output> </operation> </binding> <service name="HttpsBasicAuthService"> <port name="HttpsBasicAuthSoapPort" binding="tns:HttpsBasicAuthSoapPortBinding"> <soap:address location="https://localhost:7002/WS/HttpsBasicAuthService"/> </port> </service> </definitions> The security assertion in the WSDL (marked in red) indicates that this is the HTTP transport level security policy which requires one way SSL with default authentication (aka. basic authenticate with username/password). Normally, there are two ways to handle web service security policy with OSB 11g: Use WebLogic 9.x policy Use OWSM Since OSB doesn’t support WebLogic 9.x WSSP transport level assertion (except for WS transport), when we tried to create the business service based on the imported WSDL, OSB complained with the following message: [OSB Kernel:398133]The service is based on WSDL with Web Services Security Policies that are not natively supported by Oracle Service Bus. Please select OWSM Policies - From OWSM Policy Store option and attach equivalent OWSM security policy. For the Business Service, either you can add the necessary client policies manually by clicking Add button or you can let Oracle Service Bus automatically pick and add compatible client policies by clicking Add Compatible button. Unfortunately, when tried with OWSM, we couldn’t find http_token_policy from OWSM since OSB PS4 doesn’t support OWSM http_token_policy. It seems that we ran into an unsupported situation that no appropriate policy can be used from both WebLogic and OWSM. As this security policy requires one way SSL with basic authentication at the transport level, a possible workaround is to meet the remote service's requirement at transport level without using web service policy. We can simply use OSB to establish SSL connection and provide username/password for authentication at the transport level to the remote web service. In this case, the business service within OSB will be transparent to the web service policy. However, we still need to deal with OSB console’s complaint related to unsupported security policy because the failure of WSDL validation prohibits OSB console to move forward. With the help from OSB Product Management team, we finally came up with the following solutions: Solution 1: OSB PS5 The good news is that the http_token_policy is made available in OSB PS5. With OSB PS5, you can simply add OWSM oracle/wss_http_token_over_ssl_client_policy to the business service. The simplest solution is to upgrade to OSB PS5 where the OWSM solution is provided out of the box. But if you are not in a position where upgrading is an immediate option, you might want to consider other two workaround solutions described below. Solution 2: Modifying WSDL This solution addresses OSB console’s complaint by removing the security policy from the imported WSDL within OSB. Without the security policy, OSB console allows the business service to be created based on modified WSDL.  Please bear in mind, modifying WSDL is done only for the OSB side via OSB console, no change is required on the remote Web Service. The main steps of this solution: Connect to OSB console import the remote WSDL into OSB remove security assertion (the red marked part) from the imported WSDL create a service account. In our sample, we simply take the user weblogic create the business service and check "Basic" for Authentication and select the created service account make sure that OSB consumes the web service via https. This solution requires modifying WSDL. It is suitable for any OSB version (10g or OSB 11g version) prior to PS5 without OWSM. However, modifying WSDL by hand is troublesome as it requires the user to remember that the original WSDL was edited.  It forces you to make the same edit each time you want to re-import the service WSDL when changes occur at the service level. This also prevents you from using UDDI to import WSDL.  Solution 3: Using original WSDL This solution keeps the WSDL intact and ignores the embedded policy by using OWSM. By design, OWSM doesn’t like WSDL with embedded security assertion. Since OWSM doesn’t provide the feature to explicitly ignore the embedded policy from a remote WSDL, in this solution, we use OWSM in a tricky way to ignore the embedded policy. Connect to OSB console import the remote WSDL into OSB create a service account create the business service in which check "Basic" for Authentication and select the created service account as the imported WSDL is intact, the OSB Kernel:398133 error is expected ignore this error message for the moment and navigate to the Policies Page of business service Select “From OWSM Policy Store” and click “Add” button, the list of policies will pop-up Here is the tricky part: select an arbitrary policy, and click “Cancel” Update and save By clicking “Cancel’ button, we didn’t add any OWSM policy to business service, but the embedded policy is ignored. Yes, this is tricky. According to Oracle OSB Product Manager, the future release of OWSM will add a button “None” which allows to ignore the embedded policy explicitly. This solution keeps the imported WSDL intact which is the big advantage over the solution 2. It is suitable for OSB 11g (version prior to PS5) domain with OWSM configured. This blog addressed the unsupported transport level web service security policy with OSB PS4. To summarize, if you are using OSB PS5 or in a position to upgrade to PS5, the recommendation is to use OWSM OOTB transport level security policy directly. With the release prior to 11g PS5, you can consider the solution 2 or 3 depending on if OWSM is configured.

    Read the article

< Previous Page | 56 57 58 59 60 61 62 63 64 65 66 67  | Next Page >