10 Replies Latest reply on Nov 9, 2007 8:00 AM by 807574

    PDC Authentication and Java Apps(Netlet,NetFile,NetMail)

      Is it possible to configure the gateway to use PDC authentication and still be able to use the Netlet, NetFile and NetMail Java Apps. I'm using S1PS6.1+SRA.
        • 1. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
          Yes, Netlet apps are independent from portal login:
          e.g. Login uses LDAP and NetFile uses FTP credentials(stored in user profile)

          Alex :-)
          • 2. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
            Yes it is possible. In fact there is no problem if you use the JPI 1.3.1 and have enabled the client certificate based authentication in the gateway, but if you use the JPI 1.4 you have to configure it in order to be able to use your certificate because by default it does not know where to look for client certs and just throw out an exception. If somebody need more info about this take a look at:

            • 3. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
              I'm using PDC authentication, but client certificates are stored on smart cards, so I can't export certificates in order to install them in keystore.
              any other work around?
              • 4. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)

                we have the same requirement:
                We are using Certificates on smartcards AND want to use Netlet.
                Anyone solved this problem?
                Anyone knows whether this restriction will change in the future?

                Juergen Maihoefner
                • 5. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)

                  any progress on the netlet-problems?

                  - it is not usable with Internet Explorer and it's Java 1, because the
                  Browser dies when starting the netlet. This problem is new with
                  - it is not usable with smartcards.
                  - it is usable with software-bases certificate stores, but - at least with
                  our users - it is unreasonable to do this tricky configuration.

                  Are there any patches available?
                  What are the plans with the next release?

                  Thanks and Regards,
                  Juergen Maihoefner
                  • 6. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)

                    even with Software-based Certificate Stores, I was not able to make
                    the Certificate available to the JVM following the procedure in
                    http://docs.sun.com/source/817-5317/6-netlet_pdc.html .

                    I tried several browsers (IE, Mozilla) and several Certificate formats.

                    Anyone ever had success with this?

                    Juergen Maihoefner
                    • 7. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)

                      finally, I was able to give the JVM access to the certificate.
                      It seems the portal-documentation is not correct.

                      I have this parameters configured in the Java ControlPanel, field
                      "Java Runtime Parameters":

                      -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStorePassword=secret -Djavax.net.ssl.keyStore=C:/key/key.p12

                      Some differences to the values described in the portal documentation:
                      - the parameters starts with "-Dparam", not "Dparam".
                      - the correct parameter for type PKCS12 is "pkcs12", not "pkcs"
                      - you mustnot_ quote the filename.

                      Juergen Maihoefner
                      • 8. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
                        Hmmm, pity I cannot attach screen-prints !

                        Firstly, is there a troubleshooting guide 'Gathering Debug Data' for Portal-server similar to the one
                        for Webserver (see link below) ?


                        I have portal server and the gateway both installed on a machine called tomate (tomato) version 2005Q4
                        (version 6 that is to say) on Linux.

                        It works quite well, in fact. I have enabled PDC � client certificate based login with smart-cards.
                        It�s great we�re prompted for the password for the smart card and that�s it � we authenticate transparently.

                        However, I cannot get Netlet to work.
                        To simplify things I�m testing without the smart-cards and, therefore, using Certificates IN MY Browser and
                        ControlPanel -> Java -> Security.

                        Back in February, before I enabled PDC the Netlet worked fine with, for example, VNC but it doesn�t work with PDC.

                        I see the following chain of events:

                        1. Log into portal (well, SRA gateway) from my PC �

                        2. I�m prompted for the password to my Java Security store (which is blanks so I simply press ENTER).

                        3. I�m prompted to chose a certificate:

                        There�s a problem with the certificate of the sun Applet but I select execute, regardless:

                        Netlet window:

                        4. Netstat �an from a DOSBOX yields:

                        TCP LISTENING
                        TCP LISTENING

                        You can see FTP and, more importantly, my VNC listening on 35900.

                        5. I then launch VNC client and click �Connect�:

                        Portal server pop-up warning � I click on �OK�.

                        6. Going back to netstat:

                        TCP LISTENING
                        TCP ESTABLISHED

                        It looks like something has connected.

                        However, no bytes are transmitted:

                        LOG Files, etc

                        Looking at the Java debug window on my PC (I�ve attached the output BTW):

                        Problem1: Note that it says �Netlet running with JSSE: PDC Disabled�.

                        I would expect it to say PDC ENABLED, rather !

                        I�ve put the following line
                        into both:

                        and, also the file


                        I'm a bit paranoid so I edited both files.

                        From the file srapGateway.default:

                        7/2/07 12:08:56 PM CEST: Thread[Thread-101,5,main]
                        ERROR: Unable to encode the pdc cert info
                        7/2/07 12:08:56 PM CEST: Thread[Thread-101,5,main]
                        ERROR: SSOUtil: Unable to create SSOToken ->
                        com.iplanet.sso.SSOException: Service URL not found:session
                        at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:177)
                        at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:305)
                        at com.sun.portal.util.SSOUtil.getSSOTokenNoDecodeX(SSOUtil.java:106)
                        at com.sun.portal.util.SSOUtil.getSSOTokenNoDecode(SSOUtil.java:85)
                        at com.sun.portal.util.SSOUtil.getSSOToken(SSOUtil.java:58)
                        at com.sun.portal.rproxy.connectionhandler.Session.getUserSession(Session.java:2142)
                        at com.sun.portal.rproxy.connectionhandler.Session.processNextRequest(Session.java:1237)
                        at com.sun.portal.rproxy.server.RequestProcessor$1.run(RequestProcessor.java:53)
                        at com.sun.portal.util.ThreadPoolThread.run(GWThreadPool.java:109)

                        Q1. Do you know what I�m doing wrong ?

                        Q2. Do we have customers where PCD Netlet works with version 6 ?

                        Any help would, of course, be greatly appreciated.

                        Ta, Dave
                        • 9. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
                          I have not the solution to your problem here.
                          I can just answer to your request about a Sun Gathering Debug Data material for Portal Server.
                          It is available here: http://www.sun.com/service/gdd/index.xml

                          Doc: http://docs.sun.com/app/docs/doc/819-5489
                          Script: http://bigadmin.eng.sun.com/bigadmin/jsp/descFile.jsp?url=descAll/sun_gdd_ps6info

                          • 10. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
                            Hello and thanks for the response !

                            A note for the general public - the script can be found, externally, at the following link:


                            PS: Is there any way to copy images in this Forum (only tastful images, mind you) ?

                            Ta, Dave