RP/TUX 8.0 - Security context propagation (ISL -E) does not work
(Doc ID 769997.1)
Last updated on JANUARY 19, 2018
Applies to:Oracle Tuxedo / Tuxedo / 8.0
Information in this document applies to any platform
HP11/WLS 5.1 SP3 This was reproduced on W2K, but the target platform is HP-UX 11.00. Take a simpapp application example (either from WLE 5.1 T-engine or TUXEDO 8.0), and set TUXDIR runme --> works adapt provided ubb, replace simple_i.cpp and simplc.cpp adapt setenv according to setenv510.cmd (WLE 510) and setenv.cmd (TUXEDO 8.0) --> tmloadcf -y ubb pointing either to WLE 5.1 or TUXEDO 8.0 (application password = pa) tpusradd iiop tpusradd adminuser (password adminuser) tpusradd pa (password pabgrall) TOBJADDR points to //MARIA:2468 (ISL configured with -E) --> if simple_client -ORBid BEA_IIOP is run against WLE 5.1, it runs fine --> if simple_client -ORBid BEA_IIOP is run against TUXEDO 8.0, it fails with NO_PERMISSION --> if simple_client -ORBid BEA_IIOP is run against TUXEDO 8.0 and TOBJADDR points to port 2469 (see second ISL in UBB), it runs... --> simple_client -ORBid BEA_IIOP WLE 5.1 remote client and TUXEDO 8.0 server and TOBJADDR points to 2468 --> WORKS!!! WLS 5.1 SP3 with WLEC configured OK (works fine with WLE 5.1) --> fails with NO_PERMISSION if TUXEDO 8.0 server. WLS 5.1 configuration: weblogic.CORBA.connectionPool.simplepool=\ appaddrlist=//MARIA:2468,\ failoverlist=//MARIA:2468,\ minpoolsize=2,\ maxpoolsize=3,\ domainname=simpapp,\ username=adminuser,\ userpassword=adminuser,\ userrole=client,\ apppassword=pa,\ securitycontext=YES # PASSWORD PROTECTING SimpappWLEC weblogic.password.pa=pabgrall # following servlet is a normal simpappWLStoWLEthroughWLEC servlet --> adapt to default??? weblogic.httpd.register.SimpappWLEC=\ examples.wlec.servlets.simpapp.SimpappWLEC weblogic.allow.execute.weblogic.servlet.SimpappWLEC=pa # END of PASSWORD --> invoking this servlet will result in user/password prompting --> answer user=pa,pw=pabgrall, as was done in tpusr... --> works with WLE5.1 and fails with TUXEDO 8.0 What is not shown in the test case is that the customer is using RLI, and uses the get_attributes() function (outlined in simple_i.cpp) in the RLI, that fails with no SecurityAttribute set... what should happen: ISL -E ... -n //MARIA:2468 should work in TUXEDO 8.0 as with WLE 5.1, as documentation did not change..., and should not lead to NO_PERMISSION exception... It should also run with WLEC as a client for a trusted connection pool... In the TUXEDO 8 documentation this option is still documented (see TUXEDO command reference manual page 93 of 238) : ... [-E principal_ name] An optional parameter that indicates the identity of the principal that is required in order to establish a trusted connection pool. A trusted connection pool can only be established if a CORBA application is configured to require users to be authenticated. If a remote client application attempts to propagate per-request security information over a connection that is not part of a trusted connection pool, the accompanying propagated security information will be ignored.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document