Possible bug in Anyconnect with smart card on linux

Similar Questions

• See 5.1.2 problem with smart cards - reader to not see Office.

  Hi all

  We try to roll an office linked Clone pool that is used by our service accounts and as such, they need to be able to use for banking smart cards. We have installed all the necessary software on the machine of model (GemSafe Gemalto) and also one of our Thin Clients (Wyse V10L or C10LE) connected to the model directly via RDP with the card reader chip attached to ensure that different drivers installed correctly and all is well, the virtual machine is able to see the smart card reader.

  The problem comes when spread us these machines up to the pool, the smart card reader is not detected at all. We tried to connect from the Client light view or via RDP directly to one of the linked Clone desktops and both meet the same problem, that is, the drive is not seen at all. If we plug/unplug the drive of the Wyse terminal we see it be detected in the log of the events on the Client itself.

  Can what tools or newspapers we use side view or VMware to solve this problem?

  To confirm, in the settings to connect to the server by smart card authentication is set to optional. In Global political USB access is set to allowed.

  If need more information please ask and I will be happy to provide it.

  Thanks in advance.

  Right, we got to the bottom of it... and I am kicking myself!

  There is a GPO side configuration of the active computer. Administrative Templates/Windows components/Remote Desktop Services / Remote Desktop Session Host / Device and resource Redirection - do not allow redirection of card device chip.

  GRRRR!

• Possible BUG: af:query with several LOVs throws bitIndex exception

  Hi all
  
  I use the af:query for the search component and I get constantly "bitIndex < 0:-1 error" when searching on a LOV (by typing the value in the part of the LOV not using inputtext does not popup LOV).
  
  Installation program:
  
  I use Jdev 11.1.2.1 with JDEVADF_11.1.2.1.0_GENERIC_110907.2314.6081.
  
  Using the schema HR, I created the entity departments and a Department display object based on the entity.
  
  I created 2 objects of basis for the LOVs SQL view (not from entities not):
  
  1. view LOV departments - select * from departments
  2 view of the LOV locations - select * from places
  
  The two views of Lov were created using the wizard with all the default values.
  
  In my opinion main departments (based on the entity), I created 2 LOVs for LocationId and for DepartmentId.
  
  The LOV for DepartmentId returns 2 attributes, DepartmentId and DepartmentName both are mapped to the corresponding attributes in the main view of Department. (I did using the popup "Edit the list of values", in the section 'List return values').
  
  Finally, I dragged the "all searchable attributes" from the control panel of data to a test page, creating a group of ADF query with table
  
  The error:
  
  I type a valid service id in the LOV DepartmentId within the research section and I get the "bitIndex < 0:-1 error.» No results are returned.
  
  When the server running with - Djbo.debugoutput = console I see the following error messages:
  
  CtrlAttrs < JUCtrlValueBinding > < setInputValue > [18415]: exception caching: oracle.jbo.AttrValException: Houston-27019: the get method for attribute "DepartmentName" in the PREMISESof VIEW_USAGE_internal_vci_def_values is not resolved.
  < DCBindingContainer > < cacheException > [18416] * updated BindingContainer cache EXCEPTION: oracle.jbo.AttrValException
  < DCBindingContainer > < cacheException > [18417] java.lang.IndexOutOfBoundsException: bitIndex < 0:-1
  at java.util.BitSet.get(BitSet.java:441)
  at oracle.jbo.server.ViewRowStorage.getAttributeInternal(ViewRowStorage.java:1823)
  at oracle.jbo.server.ViewRowImpl.getAttributeValue(ViewRowImpl.java:1962)
  at oracle.jbo.server.ViewRowImpl.getAttributeInternal(ViewRowImpl.java:824)
  at oracle.adf.model.bean.DCDataRow.getAttributeInternal(DCDataRow.java:366)
  at oracle.adf.model.bean.DCCriteriaValueRowImpl.getAttributeInternal(DCCriteriaValueRowImpl.java:241)
  at oracle.jbo.server.ViewRowImpl.getAttrInvokeAccessor(ViewRowImpl.java:906)
  at oracle.jbo.server.ViewRowImpl.getAttribute(ViewRowImpl.java:854)
  at oracle.jbo.uicli.binding.JUCtrlValueBinding.internalGetAttributeValueFromRow(JUCtrlValueBinding.java:1213)
  at oracle.jbo.uicli.binding.JUCtrlListBinding.setTargetAttrsFromLovRow(JUCtrlListBinding.java:2799)
  at oracle.jbo.uicli.binding.JUCtrlListBinding.setTargetAttrsFromLovRowAndUpdateMRU(JUCtrlListBinding.java:2712)
  at oracle.adfinternal.view.faces.model.binding.FacesCtrlLOVBinding.setInputValueInRow(FacesCtrlLOVBinding.java:1163)
  at oracle.jbo.uicli.binding.JUCtrlValueBinding.setInputValue(JUCtrlValueBinding.java:2926)
  at oracle.jbo.uicli.binding.JUCtrlValueBinding.setInputValue(JUCtrlValueBinding.java:2889)
  to oracle.adfinternal.view.faces.model.binding.FacesCtrlSearchBinding$ AdfCriterionValues.set (FacesCtrlSearchBinding.java:3589)
  at javax.el.ListELResolver.setValue(ListELResolver.java:240)
  at oracle.adfinternal.view.faces.model.AdfELResolver.setValue(AdfELResolver.java:162)
  at oracle.adfinternal.view.faces.model.AdfELResolverProxy.setValue(AdfELResolverProxy.java:71)
  at com.sun.faces.el.DemuxCompositeELResolver._setValue(DemuxCompositeELResolver.java:255)
  …
  
  Note:
  The search works as expected if I only have a LOV attached to the main view. (if I don't have the Department LOV attached as described above everything works fine)
  If both LOVs of DepartmentLOV and LocationsLOV return a single value, the departmnetId and the locationId, without mapping any additional return attributes research as planned as well.
  
  This is test case the simplest I could create to reproduce the error I see in our code.
  
  Here is a link to my test project: [http://www.2shared.com/file/QxZJDfax/bitIndexTest.html]
  
  Help, please
  
  I'm looking for workarounds / fixes.
  Any advice would be greatly appreciated.
  
  Thank you
  Sasha

  Hi Sasha,

  which seems related to the bug 12851501 - ARRAYINDEXOUTOFBOUNDSEXCEPTION LIFTING OF VIEWROWSTORAGE CLASS
  expected to be fixed in JDeveloper 11.1.2.2.0

  If you have access to My Oracle Support, there are here available patch (patch 12851501).

  Kind regards

  Didier.

• Example problem simple e-wallet with smart card real

  Hi people,
  
  I develop a javacard applet. Before loading and installation of this applet on our javacard, I tested this procedure with the example of electronic purse widely available on the internet. I think most guys should test this example you were the javacard beginner.
  
  I think that my problem here corresponds to the bones of chip instead of the applet code, but as not experienced in the world of javacard, I need your help.
  
  Here is the code of e-wallet (which is correctly compiled, converted, loaded and instantiated/installed on card)
  

  package companyname.sampleapplet;
  
  
  import javacard.framework.*;
  
  public class Epurse extends Applet {
    private short balance;
    public static final byte CLA = (byte)0x80;
    public static final byte insCredit = (byte)0xA1;
    public static final byte insDebit = (byte)0xA2;
    public static final byte insGetBalance = (byte)0xA3;
    public static final byte insSetPin = (byte)0xB1;
    public static final byte insGetAuth = (byte)0xB2;
    public static final byte insDelog = (byte)0xB3;
    
    OwnerPIN pin;
    
    public boolean select () {
      return (true);
    }
    
    public void deselect(){     
      pin.reset();
    } 
  
    public Epurse() {
      super();
      this.balance = 0;
      pin = new OwnerPIN((byte)3, (byte)8);
      pin.update( new byte[] {(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00}, (byte)0, (byte)4); //default PIN is 00 00 00 00
    }
  
    public static void install (byte [] bArray, short bOffset, byte bLength  ) throws ISOException {
      Epurse = new Epurse();
      s.register();
    }
  
    public void process(APDU apdu) throws ISOException{
      byte[] buffer = apdu.getBuffer();
      if (selectingApplet()) return;
      if(buffer[0]!=CLA) ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); 
      ISOException.throwIt(ISO7816.SW_FILE_INVALID);
    
      switch (buffer[ISO7816.OFFSET_INS]){
      case insCredit :
           if(pin.isValidated()) credit(apdu, buffer); 
           else 
            ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);
           break;
      case insDebit : 
           if(pin.isValidated()) 
             debit(apdu, buffer);
           else 
             ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);//6986
           break;
      case insGetBalance : 
           if(pin.isValidated()) 
             getbal(apdu, buffer); 
           else 
             ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);//6986
           break;
      case insGetAuth : 
           checkPIN(apdu, buffer);
           break;
      case insSetPin : 
           if(pin.isValidated()) 
             setPIN(apdu, buffer);
           else 
             ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);//6986
           break;
      case insDelog :
           pin.reset(); 
           break;     
      default:
           ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED);//6986
      }    
    }
  
    private void credit(APDU apdu, byte[] buffer ) {
      
    }
    private void debit(APDU apdu, byte[] buffer ) {
   
    }
    private void getbal(APDU apdu, byte[] buffer) {
    
    }
  
    private void checkPIN(APDU apdu, byte[] buffer){
      short Le = apdu.setIncomingAndReceive();
      byte[] data = new byte[Le];
      try{
        for (short i=0; i<Le; i++)
        {
          data[i] = buffer[(short)(i+ISO7816.OFFSET_CDATA)];
        }
        if (pin.check(data, (short)0, (byte)Le)) return;
        else 
       ISOException.throwIt(ISO7816.SW_RECORD_NOT_FOUND);//6A83 //6985->SW_CONDITIONS_NOT_SATISFIED
      } catch(NullPointerException e) {
          ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED); //6982
      } catch(ArrayIndexOutOfBoundsException a) {
          ISOException.throwIt(ISO7816.SW_FILE_FULL); //6A84
      }
    }
  
    private void setPIN(APDU apdu, byte[] buffer){
  
    }
  }

  My problem is:
  -applet SELECT command is executed successfully
  - BUT the command check pin (80 00 00 04 01 02 03 04 B2) fails (which it should ask the cmdlet to execute the checkPIN method) fails with the error code 6983 (authentication) blocked
  
  Edited: it seems to me that even I remove control PIN for this application of electronic wallet for every shipment of order pay-per-view, I always get this status word: * 6983 *.
  
  In your experience, what reason causes the card to return this status word?
  
  Can't wait to hear from you
  Best regards
  JDL

  Jean-Damien LEVIEL wrote:
  if(buffer[0]!=CLA) ISOException.throwIt (ISO7816.SW_CLA_NOT_SUPPORTED);
  ISOException.throwIt (ISO7816.SW_FILE_INVALID);

  This always throws an exception.

  Adriaan

• Possible bug in LabVIEW with help chart

  The attached VI reads a group of bytes as U8 from a file and writes the each other in a new file.  It does this by using the function array decimate.  It seems that there is a bug in LabVIEW.  If the '+ 0' is deleted from the code nothing but 0 is written to the file.  If you explore the table that will be written in the file it shows no null values, but the resulting file is always all zeros.  Addition of '+ 0' was a work around the issue.

  I'm under LabVIEW version 8.5.

  This looks similar to the LabVIEW 8.5 suspiciosly bug, we discussed quite earlier.

  Try placing a primitive 'always copy' (from the palette ' application control... control memory') until the file write and see if things improve. Good luck!

• possible bug: ListCollectionView.addAll with filter function

  Hello

  I wrote this post in the "General Discussion" Forum "LFex sdk", I also put it there.

  I think I found a bug in the flex SDK. I checked in JIRA and it seems it is not reported.
  This simple code raise an 'out of bouds exception' (flex SDK 4.1):

  var list: collection ArrayCollection = new ArrayCollection();

  list.filterFunction = filter;

  List.Refresh ();

  var items: ArrayList = new ArrayList ([1,2,3,4,5]);

  list.addAll (items);

  Function filter(obj:Object): Boolean {}

  var n: Number is obj in numbers;.

  return n < 2;

  }

  I checked the code in mx.collections.ListCollectionView and it's obvious: addAll called addAllAt. "addAllAt" launches a call loop on the list to add and calling the addItemAt for each element, but it increments the index arguments, even if the previous item has not really added (because of a restriction of the filter), and the "out of bounds exception occurs. In my opinion, addAllAt must be changed as as follows:

  current version:

  public function addAllAt (addList:IList, index: int):void {}

  var length: int = addList.length;

  for (var i: int = 0; i < length; i ++)

  {

  this.addItemAt (addList.getItemAt (i), I + index);

  }

  }

  proposed version:

  public function addAllAt (addList:IList, index: int):void {}

  var length: int = addList.length;

  for (var i: int = 0; i < length; i ++)

  {

  var to: int = I + index;

  if(at>Length) {}

  a = length;

  }

  this.addItemAt (addList.getItemAt (i), to);

  }

  }

  Should I open a bug? Or am I missing something?

  M1kal

  Fill out a bug report.

• KB931125 Rompt Web server authentication by smart card...

  Windows 2008 Enterprise SP2 IIS7

  The Web site is authenticated against AD with smart card.  Works great... until KB931125 is installed.  As soon as this update of root certificate is installed, all customers get 403.7 error.  I'm going back the VM to the snapshot before KB931125 was installed and everything works well again.  It don't seem to be a way to delete/cancel the damage inflicted by this update of root certificate.

  I found this post: http://msmvps.com/blogs/bradley/archive/2007/03/01/warning-problems-with-root-certificates-update-kb931125.aspx and cleaned on the certificates, but it is not always correct it.

  Please notify.

  It turns out that I'm not a not delete simply not enough of the root certificates.  It works now after the removal of about 1/2 of them.

• 8460p: keep the smart card reader attached, even if the card is removed

  HP EliteBook 8460p

  Win 7 Pro 64-bit

  When a smart card is inserted, you are able to see your smart card reader in Device Manager. When you remove your card chip, the chip card reader disappears in Device Manager. Is it possible to always keep the smart card reader attached?

  According to the BIOS version (F.22) will there is a fix where you can set the power state of the smart card reader:

  '- Fixes an issue where the setup of BIOS (F10) does not display the power of smart card Options once the system is restarted. -Fixes an issue where rebooting the system (reboot) is slow after the modem is turned off in the configuration of the BIOS (F10). »

  But this isn't the case to find.

  Any suggestions?

  Concerning

  F27 BIOS and the new card reader is needed to solve this problem.

  old player = v1.20

  new player = v1.21

  /paasen

• AnyConnect with certificate and without MS Certificate Server

  Hello community.

  Is it possible to use anyconnect with certificate, but without a MS. Certificate Server
  I think a certificate installed on the asa and the certificate installed on the laptop or mobile client-side. If the certificate of the client is able to connect.
  I heard that if you use the certificate for anyconnect that the asa do not ask for login credentials, the anyconnect can be connected without credentials. I don't like this behavior.
  Is it possible to use the certificate and the asa is still to ask credentials?

  Thanks in advance

  Sent by Cisco Support technique iPhone App

  Yes to both:
  -3rd party CA to issue certificates for the ASA and customers
  -You can use the authentication of the hybrid to use certificates and passwords (one-time or static)

  Sent by Cisco Support technique Android app

• Are you aware of a possible bug in the version 3.6.23? In the browser, for example, "two /" appears with the slash through the 'o'. Is this a known bug? Thank you

  Are you aware of a possible bug in the version 3.6.23? In the browser, for example, "two /" appears with the slash through the 'o'. Is this a known bug?

  When the same text is seen in another browser, it is displayed correctly as "two."

  The same question is displayed on another computer.

  Thank you.

  Sounds that you use a font that supports ligatures (Palatino?).

  • http://en.Wikipedia.org/wiki/Ligature_%28typography%29

• Possible bug: save the table with double and extended precision to the worksheet

  If one concatenates an array of double-precision and an array of precision extended with the 'build' vi table, then recorded using 'Write in a spreadsheet file' vi any digits to the right of the decimal are reset to zero in the saved file. Regardless of the entry of signifier of format (for example %.10f) to the vi 'Write in a spreadsheet file'.

  I'm on Vista Ultimate 32 bit and labview 9.0

  This is a possible bug that is easily circumvented by the conversion of a type before you incorporate arrar in a worksheet. Nevertheless, it's a bug and it cost me some time.

  Hi JL,.

  No, this is not a bug - it's a feature

  Well, if you'd look closer you would recognize the 'save to spreadsheet' as polymorphic VI. As this polymorphic VI does not support the EXTENSION numbers internally (it only supports DBL, I64, and String) LabVIEW selects the instance with more precision: I64 (I64 a 64 bits of precision, DBL that 53...). Your options are:

  -the value of the instance to use as the DBL (by right click and "Select type... »)

  -make a copy of this VI, save it under a different name and make support number of POST (not rework the polymorphic VI like you would break compatibility with other facilities of LV or future revisions)

• Users cannot use a smart card to log on a Server Terminal Services session on a computer that is running Windows Server 2008 R2 with SP1

  We have a Windows Server 2008 R2 with Sp1. There was the same exact problem in Windows Server 2008 (KB958596).

  When you use RDP or ICA (Citrix XenApp 6), smart card login prompt at random does not appear. When we close the RDP or ICA and make a new session of the guest of the smart card is here.

  Where can we get a fix, or a reg fix?

  Hotfix for Windows Server 2008 below...

  http://support.Microsoft.com/kb/958596

  In this scenario, users are unable to connect with their card chip and instead, he is invited for their usernames and passwords. If users don't provide these details, the Terminal Services session times out and disconnects.

  When this problem occurs, the option of smart card logon does not appear in the Terminal Services session. Users cannot connect by using their secret codes, and they must provide a user name and password. The option of smart card logon working again after that that they reconnect to the Terminal Services session one or more times

  Hello y2000max,

  Your windows server is beyond the scope of what is generally answered in these forums of consumers. I would recommend reposting among our public IT to Technet-Windows Server securityprofessionals. Thank you!

• Can I sign a document with my digital signature using professionals DC smart card?

  Can I sign a document with my digital signature using professionals DC smart card?

  You mean certificate on your smart card, right of signature? If the certificate on your smart card is designed to sign then the answer is "Yes, you can. CA that issued a certificate place some fields that can restrict its use, say, as well as encryption, only signature or authentication of the server only, etc. The certificate on your smart card doesn't have to be no restrictions to use incompatible with signature for you to be able to sign with her. You can simply try to connect your smart card and watch if Acrobat accepts the certificate for the signature.

• Using labview, how do I access the card chip with the smart card reader?

  Hi all

  I read some of the 2006 post, it helped me some what but I'm still stuck.  I can communicate with the card reader SCR335 until getting the list of card reader.  When I use the winscard.dll to get the status of the card, I get '6' which means nothing to me.  I'm including what I've done so far, but I still need to read the card chip.   I had also used two third-pary active X control but not anywhere either.  One of Priore and SCardX_Easy 1.  Thanks in advance.

  Peter N

  
  

• Error 1920 service smart card could not start. With the help of Windows 8

  We will try to install a CAC card on our computer to Windows 8. We have followed all the instructions so far, but continue to receive this error message when trying to install ActivClient: error 1920. (Scardsvr) smart card service failed to start. Make sure you have sufficient privledges to start system services.

  This is a new computer & I had not assigned to an administrator. I opened a window to run as administrator. We always get the same message! Help!

  wyosharonm,

  I met the same mistake during the installation of the drivers for a token PKI of Windows 8.

  I discovered the map service smart in the services of MMC has been set to disabled.

  I went it to autostart (haven't started yet manually it) and retried the installation and it seems to have done the trick.