ADR 3.0 / multiple domains / Tomcat SSL

Similar Questions

• The band multiple @domaine used in user name on the integration of commercials with Cisco ISE?

  Hello

  How to remove multiple domain suffixes through ISE with AD user name used as an external identity Source. Username is used in [email protected] / * / format.

  Cisco ISE 1.2 patch introduced 4 Strip prefix or suffix @domaine Kingdom of the username through ISE with AD used as external identity Source. But the documentation is not updated for this feature. I am able to band 1 domain successfully suffix but following conditions listed in the list of suffixes fails to get stripped.

  Any thoughts on the same.

  Thanks Kumar

  In the ISE under Administration > identity management > external identity Sources

  Choose the Active Directory on the left, select your ad server and Advanced settings

  Under identity band of suffix, make sure prefixes band below: is selected (I know, it says prefix).

  In the list of Suffixes box, enter your list of domain suffixes to undress.  The separator character is a comma (,).

  

  If this does not solve your problem, then I fear that a call to TAC may be in order.

  UPDATE *.

  Spaces are significant characters.  The registration of domains, so as such:

  @domain.com, @domain.local, @testdomain.com

  END UPDATE *.

  Please rate useful messages and mark this question as answered if, in fact, does that answer your question.  Otherwise, feel free to post additional questions.

  Charles Moreton

  Post edited by: Charles Moreton

• Mapping of URLS with ADR 3.0.1 and Tomcat for several APEX databases

  Hello.

  I have ADR 3.0.1.177.18.02 installed with Tomcat 7.0.59 on a server named ah30.  It works well with APEX 4.2.6 in the data base SCREWS on this server.

  I also to be configured to work with a second database on server ah9 APEX, but I was not able to run again.

  
  

  Can someone help me with this issue?

  Were you successful with this type of configuration?

  Here's what I did.

  
  

  I have added the database.  ADR has created the data filed: home/oravis/ORDS/confs/ords/conf/ah9_db.xml.  The password is correct.

  Database file: /home/oravis/ORDS/confs/ords/conf/ah9_db.xml

  <? XML version = "1.0" encoding = "UTF-8" standalone = 'no '? >

  < ! DOCTYPE SYSTEM property "http://java.sun.com/dtd/properties.dtd" > ""

  Properties of <>

  < comment > saved on Sat Aug 01 15:11:21 PDT 2015 < / comment >

  < key = "db.hostname entry" > ah9.xxxx.com < / entry >

  < key = "db.password entry" > @xxxxxxxxxxxxxxxxxxxxxxxxxxxx < / entry >

  < key = "db.username entry" > APEX_PUBLIC_USER < / entry >

  < / properties >
  

  
  

  Use the following commands, I was able to create a new database connection and map the URL.

  Java $ [oravis@ah30 ADR] - jar ords.war map-url - type base-path /ah9 ah9_db

  August 1, 2015 18:06:13 oracle.dbtools.url.mapping.file.MapURL run

  INFO: Creating new mapping of: [base path, / ah9] to map to: [ah9_db].

  [oravis@ah30 NICO2277] $

  In the catalina.out log file, I find the following:

  Process of oracle.dbtools.url.mapping.file.FileURLMappings August 1, 2015 18:21:44

  WARNING: Could not find any target database corresponding to: ah9_db, null

  ADR has created the mapping file: /home/oravis/ORDS/confs/ords/url-mapping.xml

  <? XML version = "1.0" encoding = "UTF-8"? >

  <? XML version = "1.0" encoding = "UTF-8"? >

  " < pool-config xmlns =" http://xmlns.Oracle.com/Apex/pool-config "> "

  < chicken base-path = "" / ah9 "name ="ah9_db"updated =" 2015-08 - 02T 01: 06:13.941Z "/ >"

  < / pool-config >

  This URL gives me access to the APEX on ah30:

  http://ah30.xxxx.com:8080/ADR/f? p = 4550:1

  This URL must give access to APEX on ah9, but he Gets the error 404 of ADR. 

  http://ah30.xxxx.com:8080 / ADR ah9 f? p = 4550:1

  localhost_access_log says:

  [01/Aug / 2015:18:28:34-0700] "GET/ords/ah9/f? p = 4550:1 HTTP/1.1"404 11384

  I also tried to run ADR in stand-alone mode with URL mapping, but that no longer works.

  In an attempt to install separate that I was able to set up independent ADR to get at APEX on ah9, so I don't know the database will answer.

  Thank you

  Skip

  Skip - absolute salvation,

  Skip - absolute says:

  Anyway, nobody has responded to this topic until you.  It's surprising.

  I suggest you try later versions 2.x ADR.  I have had more success with the URL mapping using this version.

  I have not had an opportunity to deepen the problem, but I may be soon.  With my level of knowledge, I must rely on cookbook recipes provided by the documentation and other.  My only interest in ADR and Tomcat should connect the plumbing APEX can be used.  Sometimes my clients have DBA and system administrators who want to install APEX but get hung up a web listening port configuration, so I have to build my knowledge base in order to help.

  With a situation this week, where s/n a customer insists on a two-level facility, I see a few new questions, and I'll look for the time to post in this forum.

  Good luck to you and if you find answers, please share.

  The solution of mapping URLS of configuration of multiple databases with ADR has been described in the blog and the following thread:

  • Only ADR Install - Multiple DatabasesOracle is easy
  • Re: Help on installing several versions of APEX4.2 + and 5.0 in Oracle 12 c Multitenant DB APEX

  I was able to implement the mapping of the URL of ADR and multiple database feature using the version 2.0.10.

  Reference: http://docs.oracle.com/cd/E56351_01/doc.30/e56293/config.htm#CBDCHGDF (refer to ' Configuring multiple databases ')

  The URL mapping feature does not work in latest versions of ADR 3.0, this was confirmed by the following threads:

  • Re: ADR 3.0.1 on Weblogic for APEX and base mod_plsql as feature
  • Re: Problem in the configuration of the ADR.

  Kind regards

  Kiran

• How to deploy multiple domain internal IM

  Hi all

  I have a requirement to deploy several area internal to the server Cisco IM and presence. Let's say that there are 3 user group who are ready to connect to Cisco Jabber using 3 different internal domain. For example: [email protected] / * /, [email protected] / * /, [email protected] / * /.

  How to achieve this condition? How many server CUCM or IM & presence needed?

  Thank you.

  If you are running 10.5 +, single cluster, if you are running 9.x or below, 3 groups.

  Simply configure the flexible JID on your IM & P and if there are several areas, that will transform your IM & P in a multi-domain server.

  http://docwiki.Cisco.com/wiki/cups/IM%26P_FAQ#How_to_configure_flexible_JID_and_multi-domain_on_IM.26p.3f.3f

  I also suggest that search you for the above terms cisco.com preview more about it.

• Cisco VCS Lync Interworking with Lync Server/multiple domains

  Unfortunately I don't find any reference in the guides of deploymend, if it is possible to master several server/domains on a single VCSE lync. Is there a way to gather environments different lync with a vcs? For example, interoperability with clients a and b, which have completely separated from lync environments.

  We wanted to master it with VCSE, or is the Microsoft key option only avalible for VCS?

  Thanks for the reply.

  The Deployment Guide says you should use a VCS-control, not a VCS-Highway to serve as gateway of Lync.

  I don't think I have several B2BUAs connect to Lync on a single VCS - you would need to have a separate VCS for each Lync environment (IE, one for the customer) and another for client B and search rules appropriate to direct traffic areas in the right direction.

• Issue of multiple domains

  WebLogic version: 10.3.5.0.

  
  

  Hello

  
  

  I have two domains configured one called ClassicDomain and the other is mydomain. For some reason, ClassicDomain is the only one with the formsweb.cfg and default.env file, the other is not those. Is this normal and why? Thanks for your help.
  

  Hello

  If ClassicDomain have formsweb.cfg file and the default.env file you installed forms in this area. These filesa re related forms server.

• How to point multiple domain names on the published site?

  That may seem like a stupid question to some, but I'm a designer, not a web developer.

  I built a site using Muse, and it's recent concert at the familiesontheoutside.org. (No, I'm not trolling for traffic; I really need orientation.)

  My client purchased a long list of names of domain, all to be directed to the same site. However, I recently read something about statscrop.com on "canonical URL". I apparently don't have a high enough geek of note for much of the meaning of this, but I'm willing to learn...

  Is establishing a canonical URL SAME as just going to my client's domain provider and selecting all the areas that they bought the same DNS numbers?

  If not, then please tell me the best way to get all the same site pointed domain names, and I will try to understand the canonical URL another time.

  Thanks for any help.

  Hi Mate

  Remember all the NAME SERVERS on the Web site. Then add all the areas on the site so the DNS would be internally.

  Then you would use DOMAIN REDIRECTED to point all domains to the default domain.

  If you do this, then this is the best solution.

  See screenshot of how I have this set up on www.prettypollution.com.au > 06.20.2014 - 09.49.38 - BrettStockley library

  Brett Stockley

  Skype = brett.stockley

• Synchronization of password AD in an environment of multiple domains controller

  Do I have to install the connector to synchronize AD password on all domain controllers?

  You need to install on all domain controllers is because you never know that one will be be authentication of a user to. When the user changes the password it could come from any one of the domain controllers and each of them must be installed in order to capture the change and send on oim.

  -Kevin

• is it possible to implement TLS for ADR on Tomcat?

  We are migrating the earpiece of the APEX to ADR.

  The installation guide for ADR does not have too much information about SSL/TLS. It is obviously a task to be completed by the components surrounding ADR.

  We intend to deploy on Tomcat and Tomcat received instructions on how to enable TLS for her.

  From an architectural point of view, is it OK for TLS for ADR on Tomcat, or should we better before an Apache or NGINX?

  I'd rather have Tomcat do it, keeps it simple, but I was uncertain, because I read the following in the Tomcat SSL/TLS howto:

  "When running Tomcat mainly as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to set the main web server to manage users SSL connections".

  Thanks for sharing your experience and / or his opinions.

  Thomas

  Hi snmdla,

  snmdla wrote:

  I have two questions:

  • I was afraid that need us Oracle Advanced Security license to be able to configure TLS on SQL * Net, but this seems to be is no longer necessary 11 g on.
  • My question was on whether it's OK to implement TLS on the layer of the ADR (i.e. on the Tomcat site) and do without a reverse proxy: would you say it is also a good choice?

  The first question is in the article mentioned in the question only. For more clearance on licensing queries, you can contact My Oracle Support (MOS).

  For the second question: Reverse Proxy is more desirable and especially adopted option in web architecture. In addition to provide a layer of abstraction on top of your Web server, it offers more benefits and options to secure your web applications with the option of implementation directly to SSL/TLS on your Web server and expose your web server on the Internet. Having said this, like to say that it would be your decision whether to implement reverse proxy or not.

  Kind regards

  Kiran

• ADR (NO APEX) Active Directory SSO + OAUTH2 TOMCAT

  Hi ADR experts.

  I really hope that someone may be able to help.

  I have a Setup ADR 3.01 on Windows Server 2012 running like a tomcat webapp 7.

  I have a few services protected by OAUTH2.

  ADR + database of user stand-alone connection = perfectly works (json document returned).

  ADR + Tomcat Users.xml = works perfectly (returned json document).

  When I use ADR + waffle (negotiate) to access the services of ADR, I get the standard ADR 401 Unauthorized page...

  Tomcat is certainly properly authenticate and access to with the authenticated user.

  Newspapers are complete negotiating access token.

  I wonder if ADR is having a problem with a user name of prefix AREA?

  I can't seem to find much information on how to implement the ADR with AD SSO on tomcat, so do not know how people did there...

  Since the access localhost log:

  10.141.203.129 - testuser1 [10/Sep / 2015:18:12:39 + 0100] "GET /ords/service1/HTTP/1.1" 200 418 - WORK

  10.141.203.129 - DOMAIN\userxxx [10/Sep / 2015:18:19:51 + 0100] "GET" /ords/service1/HTTP/1.1, 401 , 11574 - FAILS

  Thanks for the links.

  It worked in the end.

  Post here incase someone else get the same question:

  When you assign a security role in ADR (Pl/Sql) - the group must match name including the domain prefix AD Group:

  for example

  Start
  ords. CREATE_ROLE ("DOMAIN\Domain users");
  () ords.create_privilege
  p_name-online "DOMAIN\Domain users."
  p_role_name-online "DOMAIN\Domain users."
  p_label-online "DOMAIN\Domain users."
  p_description => "DOMAIN\Domain users");
  commit;
  end;
  /

  Start
  () ords.create_privilege_mapping
  p_privilege_name-online "DOMAIN\Domain users."
  p_pattern => ' / app_uri / *');
  commit;
  end;
  /

  Thanks again.

• Configure YOUR for mutiple domains

  YOUR Version: 6.0.3.260

  Currently my TES method is only implemented for a single domain, is it possible to configure it to several areas so I can add other users?

  You can have a single domain by CM, so adding CMs more you get areas more to authenticate to. You can configure LDAP groups within a domain, but that's all.

  Support for multiple domain instance of CM is a feature that will be added to the point 6.2 of the product, at the request of coming out in a few months.

• Support for multiple Active Directory ACS 5.2

  Hello

  I couldn't find a way to add multiple domain controllers to Cisco ACS 5.2, all that he requires in the GUI of the ACS entered the domain name? We are limited to add the root DC /forest?

  I'm not a Microsoft Expert...

  I could not understand how ACS detects the DC through this simple entry? What is with the help of DNS?

  Comments are appreciated.

  Dumlu

  ACS 5 may be joined with a single domain right now. When GBA is joined to a domain, ACS can authenticate any user who belongs to this domain any domain controller in this domain. It relies on DNS resolution to find the appropriate domain controller.

  I think that what you are looking for is Multi domain authentication. If you do this, then you should have a two-way trust between the immediate area (the area which is a part of the ACS) ACS other areas. The ACS will send authentication to one of the domain controllers in its domain and it will then be forwarded to the other domain. It could be a child or a parallel domain, but it must have 2 path of trust between them.

  In other words, so that you may choose is to set up 2 separate domain controllers from different domains such as LDAP servers. In this case we do not need a way 2 trust and you can separately for each domain authentication request.

• Verification of CTS - MAN multiple capabilities of doman (forest) AD

  According to the release notes located here:

  http://www.Cisco.com/en/us/docs/Telepresence/cts_manager/1_8/release/ctm_rn1_8.html#wp72803

  It is said that CTS - MAN supports multiple Active Directory forests since 1.6.x.

  Maybe I'm paranoid, but I interpret this to mean can I implement field multiple "users" each having a totally different root.

  So I'd have an A (dc = DomainA, dc = com) domain user, another user in domain B (dc = DomainB, dc = com), and yet a user 3rd field C (dc = DomaineC, dc = com).

  I ask because I've deployed this dozens of time server, but I've never had a multiple domain (not subdomain, which is different) solution and I just make sure I'm covered.

  Unfortunately, no, this isn't what multiforest means about CTS-Manager. Domain is different from the forest in Microsoft jargon.

  You can configure CTS-Manager with several areas in the * same * forest simply by adding each area under the domain of the user container.  In this case, you have more than a forest.  For example:

  Forest: SOCIETE.com

  Domain name: us.company.com, eu.company.com, apac.company.com

  Default context: DC = company, DC = com

  Containers of user: DC = us, DC is company, DC = com, DC = EU, DC is company, DC = com, DC = apac, DC = company, DC = com

  If you want to specify the containers of users within each area, depending on the scenario above, then the configuration would be similar to below (according to the existing distribution of the AD, of course):

  User container: CN = Users, DC = us, DC is company, DC = com, CN is Users, DC = EU, DC is company, DC = com, CN = Usere, DC = apac, DC = company, DC = com

  I believe in the 1.7 documentation areas by peers, they are called:

  http://www.Cisco.com/en/us/partner/docs/Telepresence/cts_manager/1_7/Admin/ctm_cfg.html#wp1092434

  Caution: we met real problems of authentication using the scenario above, if set up under CTM for Exchange account does not have rights/permissions to access resources in other areas, particularly in large organizations.  However, the above may work.

  Multiforest, Microsoft supports two deployment methods - between forests and forest resources.  CTS-Manager, we support that the model of forest resource - in a forest, you have the resources Exchange (rooms) and the other you have a forest of authentication (users).  There are user accounts disabled in the Exchange resource forest associated with users in the forest of authentication.

  More information can be found here:

  http://TechNet.Microsoft.com/en-us/library/aa998031.aspx

  For the configuration of the CTM, the first of all and so by default and the second LDAP in CTM contains the forest of authentication server LDAP in CTM must contain the Exchange resource forest.  The Exchange Server that is configured in CTM must be the forest where, of course, Exchange is installed.  This should already be installed on the back-end of the client before deploying the CTS Manager.

• AD Login with the iPad with a domain Inter (Global Forest)

  Hello

  I have a problem with the iPad connection on with authentication AD with VCS. We have a forest with multiple domains. We can identify you with the Movi without problems. We can connect you with the Jabber iPad without problem.

  But if we create a special group with a Global Group with a special domain, you must connect with the movi user: domain\username, password and registration works very well. But if we try with the iPad as user domain\username and password, the ipad could not save. I have thin the Jabber for ipad have a problem with the string user domain\username and password. Could be that the problem with the software Client Jabber or BUG? If I change my ad as without the domain\\user Aboriginal group, the connection on the iPad works great, but I need for the Global AD the domain\\user.

  THX

  Please need a Feedback

  Hello.  Looks like you can be hitting-

  CSCub38436

  The fix is enter the 9.3 and hoping its release targeting some time in April.  I hope this helps.

  VR

  Patrick

• ADR - box connection missing after installation

  Hello

  I installed ADR 3.0.1 in Tomcat 7. When I try and start the home page, I get the attached screen (i.e. - no connection textfields). Has anyone ever seen this before and how solve it?

  PS - I renamed the file ords.war in apex.war

  Kind regards

  David

  Hello

  I managed to get a solution to this by replacing the version of Firefox, I had on my machine (10.0.5) with the last 41.0.2

  Kind regards

  David