This discussion is archived
10 Replies Latest reply: Nov 9, 2007 12:00 AM by 807574 RSS

PDC Authentication and Java Apps(Netlet,NetFile,NetMail)

807574 Newbie
Currently Being Moderated
Is it possible to configure the gateway to use PDC authentication and still be able to use the Netlet, NetFile and NetMail Java Apps. I'm using S1PS6.1+SRA.
  • 1. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
    807574 Newbie
    Currently Being Moderated
    Yes, Netlet apps are independent from portal login:
    e.g. Login uses LDAP and NetFile uses FTP credentials(stored in user profile)

    Cheers,
    Alex :-)
  • 2. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
    807574 Newbie
    Currently Being Moderated
    Yes it is possible. In fact there is no problem if you use the JPI 1.3.1 and have enabled the client certificate based authentication in the gateway, but if you use the JPI 1.4 you have to configure it in order to be able to use your certificate because by default it does not know where to look for client certs and just throw out an exception. If somebody need more info about this take a look at:

    http://forum.java.sun.com/thread.jsp?forum=2&thread=361995
    http://java.sun.com/j2se/1.4.1/docs/guide/security/jsse/JSSERefGuide.html#Customization
    http://java.sun.com/j2se/1.4.1/docs/tooldocs/tools.html#security
  • 3. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
    807574 Newbie
    Currently Being Moderated
    I'm using PDC authentication, but client certificates are stored on smart cards, so I can't export certificates in order to install them in keystore.
    any other work around?
  • 4. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
    807574 Newbie
    Currently Being Moderated
    Hello,

    we have the same requirement:
    We are using Certificates on smartcards AND want to use Netlet.
    Anyone solved this problem?
    Anyone knows whether this restriction will change in the future?

    Thanks,
    Juergen Maihoefner
  • 5. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
    807574 Newbie
    Currently Being Moderated
    Hello,

    any progress on the netlet-problems?

    Currently,
    - it is not usable with Internet Explorer and it's Java 1, because the
    Browser dies when starting the netlet. This problem is new with
    2004Q2.
    - it is not usable with smartcards.
    - it is usable with software-bases certificate stores, but - at least with
    our users - it is unreasonable to do this tricky configuration.

    Are there any patches available?
    What are the plans with the next release?

    Thanks and Regards,
    Juergen Maihoefner
  • 6. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
    807574 Newbie
    Currently Being Moderated
    Hello,

    even with Software-based Certificate Stores, I was not able to make
    the Certificate available to the JVM following the procedure in
    http://docs.sun.com/source/817-5317/6-netlet_pdc.html .

    I tried several browsers (IE, Mozilla) and several Certificate formats.

    Anyone ever had success with this?

    Regards,
    Juergen Maihoefner
  • 7. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
    807574 Newbie
    Currently Being Moderated
    Hello,

    finally, I was able to give the JVM access to the certificate.
    It seems the portal-documentation is not correct.

    I have this parameters configured in the Java ControlPanel, field
    "Java Runtime Parameters":

    -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStorePassword=secret -Djavax.net.ssl.keyStore=C:/key/key.p12

    Some differences to the values described in the portal documentation:
    - the parameters starts with "-Dparam", not "Dparam".
    - the correct parameter for type PKCS12 is "pkcs12", not "pkcs"
    - you mustnot_ quote the filename.

    Regards,
    Juergen Maihoefner
  • 8. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
    807574 Newbie
    Currently Being Moderated
    Hmmm, pity I cannot attach screen-prints !

    Firstly, is there a troubleshooting guide 'Gathering Debug Data' for Portal-server similar to the one
    for Webserver (see link below) ?

    http://docs.sun.com/app/docs/doc/820-0429


    I have portal server and the gateway both installed on a machine called tomate (tomato) version 2005Q4
    (version 6 that is to say) on Linux.

    It works quite well, in fact. I have enabled PDC � client certificate based login with smart-cards.
    It�s great we�re prompted for the password for the smart card and that�s it � we authenticate transparently.

    However, I cannot get Netlet to work.
    To simplify things I�m testing without the smart-cards and, therefore, using Certificates IN MY Browser and
    ControlPanel -> Java -> Security.

    Back in February, before I enabled PDC the Netlet worked fine with, for example, VNC but it doesn�t work with PDC.

    I see the following chain of events:

    1. Log into portal (well, SRA gateway) from my PC �

    2. I�m prompted for the password to my Java Security store (which is blanks so I simply press ENTER).

    3. I�m prompted to chose a certificate:


    There�s a problem with the certificate of the sun Applet but I select execute, regardless:

    Netlet window:

    4. Netstat �an from a DOSBOX yields:

    TCP 127.0.0.1:30021 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:35900 0.0.0.0:0 LISTENING


    You can see FTP and, more importantly, my VNC listening on 35900.

    5. I then launch VNC client and click �Connect�:


    Portal server pop-up warning � I click on �OK�.

    6. Going back to netstat:

    TCP 127.0.0.1:35900 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:35900 127.0.0.1:1090 ESTABLISHED

    It looks like something has connected.

    However, no bytes are transmitted:

    LOG Files, etc

    Looking at the Java debug window on my PC (I�ve attached the output BTW):

    Problem1: Note that it says �Netlet running with JSSE: PDC Disabled�.

    I would expect it to say PDC ENABLED, rather !

    I�ve put the following line
    com.iplanet.authentication.modules.cert.gwAuthEnable=yes
    into both:
    AMConfig.properties

    and, also the file

    AMConfig-default.properties

    I'm a bit paranoid so I edited both files.


    From the file srapGateway.default:

    7/2/07 12:08:56 PM CEST: Thread[Thread-101,5,main]
    ERROR: Unable to encode the pdc cert info
    7/2/07 12:08:56 PM CEST: Thread[Thread-101,5,main]
    ERROR: SSOUtil: Unable to create SSOToken ->
    com.iplanet.sso.SSOException: Service URL not found:session
    at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:177)
    at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:305)
    at com.sun.portal.util.SSOUtil.getSSOTokenNoDecodeX(SSOUtil.java:106)
    at com.sun.portal.util.SSOUtil.getSSOTokenNoDecode(SSOUtil.java:85)
    at com.sun.portal.util.SSOUtil.getSSOToken(SSOUtil.java:58)
    at com.sun.portal.rproxy.connectionhandler.Session.getUserSession(Session.java:2142)
    at com.sun.portal.rproxy.connectionhandler.Session.processNextRequest(Session.java:1237)
    at com.sun.portal.rproxy.server.RequestProcessor$1.run(RequestProcessor.java:53)
    at com.sun.portal.util.ThreadPoolThread.run(GWThreadPool.java:109)


    Q1. Do you know what I�m doing wrong ?

    Q2. Do we have customers where PCD Netlet works with version 6 ?

    Any help would, of course, be greatly appreciated.

    Ta, Dave
  • 9. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
    807574 Newbie
    Currently Being Moderated
    I have not the solution to your problem here.
    I can just answer to your request about a Sun Gathering Debug Data material for Portal Server.
    It is available here: http://www.sun.com/service/gdd/index.xml

    Doc: http://docs.sun.com/app/docs/doc/819-5489
    Script: http://bigadmin.eng.sun.com/bigadmin/jsp/descFile.jsp?url=descAll/sun_gdd_ps6info

    Guillaume
  • 10. Re: PDC Authentication and Java Apps(Netlet,NetFile,NetMail)
    807574 Newbie
    Currently Being Moderated
    Hello and thanks for the response !

    A note for the general public - the script can be found, externally, at the following link:

    http://www.sun.com/bigadmin/jsp/descFile.jsp?url=descAll/sun_gdd_ps6info

    PS: Is there any way to copy images in this Forum (only tastful images, mind you) ?

    Ta, Dave