Search Results

Search found 21 results on 1 pages for 'autodiscovery'.

Page 1/1 | 1 

• Autodiscovery for inclusion tags

  - by Ludwik Trammer

  The title may be a little confusing, but I don't know how else to call it. I would like to create a Django project with a large set of applications you could arbitrary turn on or off using INSTALLED_APPS option in settings.py (you would obviously also need to edit urls.py and run syncdb). After being turned on an app should be able to automatically: Register it's content in site-wide search. Luckily django-haystack has this built-in, so it's not a problem. Register cron jobs. django-cron does exactly that. Not a problem. Register a widget that should be displayed on the homepage. The homepage should include a list of boxes with widgets form different applications. I thought about inclusion tags, because you can put them anywhere on a page and they control both content and presentation. The problem is I don't know how to automatically get a list of inclusion tags provided by my applications, and display them one by one on a homepage. I need a way to register them somehow, and then display all registered tags.

  Read the article

• Attempting to ping RPC endpoint 6001/6004 (Exchange Information Store) on server on Exchange2010

  - by MadBoy

  I have Exchange 2010 in hosting setup like: TMG 2010 as load balancer Exchange 2010 x 2 (CAS,MAILBOX,HUB on each server) AD1, AD2 machines File witness All people currently connect thru OWA or POP3/SMTP and that works fine. The problem is autodiscovery doesn't work and RPC in terms of setting up Outlook doesn't work too. It doesn't work if I am connected with VPN or not. The thing is it used to work. Before reinstall of my machine 2 days ago I was able to get mails successfully thru Outlook that was set up using autodiscovery (but I was getting reports setting up of new clients wasn't working - so not sure why my outlook continued to work). I used https://www.testexchangeconnectivity.com to track it down and basically the message is more or less this: Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server autodiscover.domain.pl. The attempt to ping the endpoint failed. Additional Details The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process. I tried different solutions like disabling IP v6, followed couple of links and did all they proposed and it's still at the very same point: C:\Users\admin>netstat -a | find "6001" TCP 0.0.0.0:6001 EXCHANGE2:0 LISTENING TCP [::]:6001 EXCHANGE2:0 LISTENING C:\Users\admin>netstat -a | find "6002" C:\Users\admin>netstat -a | find "6003" C:\Users\admin>netstat -a | find "6004" I followed (and few others): http://helewix.com/blog/index.php/Microsoft-Solutions/2011/02/10/exchange-2010-how-to-open-ports-6001-6002-and-6004-on-your-server-for-telnet-to-work-and-rpc-to-be-able-to-connect-2 http://blogs.technet.com/b/exchange/archive/2008/06/20/3405633.aspx http://messagexchange.blogspot.com/2008/12/outlook-anywhere-failing-rpc-end-points.html Although most relate to Exchange 2007 and I have Exchange 2010 but there's not much things I can find on Exchange 2010 for the current problem. After applying all of those solutions error 6004 changed into error 6001 which doesn't bring me to my problems any closer. At this point even thou error was 6001 and 6004 was no more the 6004 port was still closed while 6001 stayed open. Attempting to ping RPC endpoint 6001 (Exchange Information Store) on server autodiscover.domain.pl. The attempt to ping the endpoint failed. Additional Details The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process. C:\Users\admin>netstat -a | find "6001" TCP 0.0.0.0:6001 EXCHANGE2:0 LISTENING TCP [::]:6001 EXCHANGE2:0 LISTENING C:\Users\admin>netstat -a | find "6002" C:\Users\admin>netstat -a | find "6003" C:\Users\admin>netstat -a | find "6004" So I reverted back to square one. I suspect it's a problem with TMG but really can't be sure. I tried multiple combinations but all fail.

  Read the article

• Exchange 2010 Autodiscover/OAB update issue

  - by bulldog5046

  Mid way through migration from 2003 to 2010 and with a few test users on 2010 i've noticed that the OAB is not being downloaded to outlook clients. I've checked the URL's are configured, addded both our CAS servers to the web based distribution list for the OAB and assigned the OAB to 2 mailbox databases we use but when i use outlook 'Test E-Mail AutoConfiguration' test i still see that the autodiscover says "OAB URL: Public Folder" even though i've now deselected the option. I've ran Test-OutlookWebServices to which i was getting an OAB error about no URL in the autodiscovery but having just re-ran it now appears fine, yey the autoconfigure test still does not. Does anyone have any idea why i'm getting this discrepency?

  Read the article

• How to suppress an unwanted external Autodiscover lookup?

  - by chris

  In a small network with Exchange 2007, when starting Outlook 2010 (and once in a while afterwards), users get a prompt to confirm that it's safe to get account configuration information from cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml (I could read in a couple of forums that there is a bug in cpanel, but that's beside the point.) I'm puzzled because I can't find any autodiscover DNS entries anywhere, neither internally nor externally. The only hint is that we use an external hosting company for our website and for one single email address, which runs on cpanel. So I guess that Outlook makes an external DNS query to test all entries? It reates a lot of confusion for the users and frankly I'm not too happy that the external hosting company gets contacted by all our users. How can I suppress this behavior? Thanks

  Read the article

• External DNS and IIS Webserver requirement for Outlook Anywhere 2007 ?

  - by Albert Widjaja

  Hi, I just would like some clarification about which External hostname / DNS entries that I need to publish in my external facing DNS server to enable Outlook Anywhere on my Exchange Server 2007 for external user: ExCAS01.domain.com - Exchange CAS A Record Autodiscover.domain.com - Autodiscover CNAME to the CAS Server above _autodiscover._tcp.domain.com - SRV type record and do I have to expect anything by typing this address in bowser "https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml" ? because i get request time out at the moment. here are the error log from https://testexchangeconnectivity.com: Host Excas01.domain.com couldn't be resolved in DNS Exception details: Message: The requested name is valid, but no data of the requested type was found Type: System.Net.Sockets.SocketException Stack trace: at System.Net.Dns.GetAddrInfo(String name) at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6) at System.Net.Dns.GetHostAddresses(String hostNameOrAddress) at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally() Host autodiscover.domain.com couldn't be resolved in DNS Exception details: Message: The requested name is valid, but no data of the requested type was found Type: System.Net.Sockets.SocketException Stack trace: at System.Net.Dns.GetAddrInfo(String name) at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6) at System.Net.Dns.GetHostAddresses(String hostNameOrAddress) at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally() Attempting to locate SRV record _autodiscover._tcp.domain.com in DNS. The Autodiscover SRV record wasn't found in DNS.

  Read the article

• Does Outlook continue to auto-discover account settings for already configured accounts? Can it be prevented?

  - by Oliver Salzburg

  fail2ban just locked me out of our website because something from my desktop was hammering port 443 on the server (which is not in use). I saw my IP also requesting "GET /autodiscover/autodiscover.xml HTTP/1.1", so I assume that's what's going on on port 443 as well. But I only have 1 email account configured in Outlook and it's working just fine. The account is for the address [email protected] and said server will answer for example.com, but that server is not our MX and it is also not configured as an Exchange server in my mail account. So, why is Outlook still trying to retrieve those auto-configuration settings?

  Read the article

• Outlook 2007/2010 autodiscovering old Exchange info

  - by Dan

  I currently have an Exchange setup as follows: two Exchange 2003 servers clustered together set up as the current mailbox stores, one Exchange 2003 setup as a frontend, one Exchange 2007 set up as a frontend (was set up for testing by my predecessor, never really used intentionally), and now four Exchange 2010 servers - two mailboxes in a DAG and two with Hub/CAS. Everything seems to be working fine with one exception - Outlook 2007/2010 clients are still autodiscovering the test 2007 frontend and not the 2010 CAS array. I know this because there's an expired cert on the 2007 box so the client displays a cert error when you attempt to autocreate the outlook profile. From what I've read, there is an SCP (Service Connection Point) in AD that is pointing to the old server and it is getting returned first, causing Outlook to try it first. How can I prevent Outlook from even attempting to connect to this 2007 box from now on? http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange-autodiscover.html When Outlook 2007 is installed on a domain joined workstation then the Outlook client will query Active Directory for the Autodiscover information. Active Directory will return a list of SCP’s and the Outlook client will automatically select the first SCP in this list. Using the information found in the SCP the Outlook client will contact the Client Access Server for its configuration information and the Outlook client will be configured automatically.

  Read the article

• How to use auto-discovery with iDRAC Enterprise?

  - by jwiz

  All I want to do is: have "auto discovery" enabled on my iDRAC enterprise at the factory rack the server, cable iDRAC to dhcp-enabled management network have the iDRAC DHCP, find the "Provisioning Server", and get updated with login credentials (for us to use with racadm, idrac webui, etc.) I don't need to do any configuring of the system, install OS, or anything else. I just want idrac to dhcp out of the box, and end up with an account that can be used to login. All the docs I can find on Dell's site refer to a "Provisioning Server", but I honestly can't tell if they have some reference product, or if they only have software that "integrates" with other vendor's existing management systems. I'd be happy to set up whatever is needed, I just can't find something that explicitly describes the process (only references to the fact that it is supported).

  Read the article

• Prevent Exchange Server from advertising itself on domain

  - by Justin Shin

  I'm in the middle of setting up an Exchange 2010 Server. Currently, we use a SaaS provider for Exchange 2007 services. Some (but not all) of my users have been reporting that they are receiving Outlook/Exchange login prompts to login to the new Exchange server. This is happening without any intervention on the client's machines. The Exchange server is a member of the domain and connects to the domain site remotely through a site-to-site VPN. What can I do to prevent these login prompts from appearing? Will shutting down the new server until it is time to switch resolve these issues? A little more info: I found that on one of the client computers, all of the settings for Outlook over HTTP had been changed (automatically) from webmail.provider.com to mail.company.com (the latter being the new server). This happened when I enabled Outlook Anywhere access on Exchange 2010. I changed the client's settings back, and everything was groovy. But, when I disabled Outlook Anywhere again, the logon prompt came back.

  Read the article

• Autodiscover service seems to reply with User Principal Name instead of email address

  - by Jeff McJunkin

  After this latest round of Windows updates (on 1/11/11, in fact) my Exchange 2007 server of course rebooted. This may have had the side effect of making any changes I'd inadvertently made take effect. Since then, the Autodiscover service in Exchange 2007 from Outlook 2007 seems to reply with the User Principal Name ([email protected] instead of [email protected]). I'm specifically seeing this from within the "Test Email AutoConfiguration" tool in Outlook (the UPN appears in the first text box labeled "E-mail") and when creating a new profile in Outlook. If I disregard the UPN and instead fill in my email address, Autodiscover works as expected and I can connect without issue. I've confirmed using ADSI Edit that the SMTP email address is properly set for my users. I even went a bit crazy and set the UPN to the email address using ADSI Edit. I've re-installed the Client Access role on the server in question. Exchange server is Server 2008, 64-bit of course. Clients are mostly XP 32-bit, though the issue happens from a Windows 7 machine as well.

  Read the article

• Prevent SSL certificate being returned for a specific domain

  - by jezmck

  Apologies for a long question: We've taken on a new client whose web hosting was previously on their in-house server which still has their Exchange/Outlook email. We now host their domain (and many others) on our server. They're complaining that they're getting errors in Outlook. I don't understand the AutoDiscover stuff at the root of the problem, but believe that I just need to stop the SSL certificate on our server being returned when requested at a particular domain: Yes it is, the issue lies with "{newclient}.com" being pointed to your server IP and that server has Port 443 open with an SSL certificate associated to it. So when Outlook/ActiveSync use autodiscover to find the mailbox settings it find your SSL (because 443 is open) and flags it as an error. The solution is to close 443 so its not discovered, Autodiscover will then proceed to mail.{newclient}.com via the MX / ServiceRecords and discover the correct SSL. I'm new here and there was no hand-over, so I don't know whether other currently hosted sites need to accept SSL connections, though I suspect some will, or may in future. This is a live server, so I can't risk trying loads of options in case I take the server offline! I feel like I should be adding something like the following to vhosts.conf. <VirtualHost *:443> ServerName {newclient}.com ServerAlias www.{newclient}.com SSLEngine Off SSLCertificateFile {NONE} SSLCertificateKeyFile {NONE} </VirtualHost> Apologies for the fact that I don't know enough about this subject to be able to ask the question more clearly!

  Read the article

• Exchange 2010 Internal Auto Discover Migrate away from current .local DNS name

  - by Bryan

  We have an Exchange 2010 Server, running within our Active Directory domain, with an internal hostname of server.example.local. The server is configured for Exchange anywhere, but currently has a self signed certificate with a name of server.example.local installed. Internally, clients connect and work fine, but externally, we are having certificate errors as you would expect. I'm about to purchase a UCC SSL Certificate to install on the server with all the relevant SANs on the certificate to correct this, but due to obvious problem obtaining a trusted cert with .local as a subject alternative name, I'm looking to configure clients on the internal network so that they don't use any reference to the .local hostname. I've configured our external DNS name for the server as exchange.example.com, and have created an CNAME for autodiscover.example.com which also (correctly) points to exchange.example.com. I've also configured internal DNS records for these two hostnames which point to the internal interface of the same server. I don't anticipate any problems here. I'm now trying to reconfigure Auto Discover internally, so that Outlook attempts to connect to exchange.example.com. I've followed the steps in KB940726 to prepare for this, and this appeared to work fine. No errors were generated and I was able to verify the CAS name in AD using ADSI edit. I've just tried testing this with a newly created test user account complete with a new Exchange mailbox, and Outlook 2007 connects fine on the internal network, but looking deeper in the Exchange profile, Outlook is still resolving the server name as server.example.local. Could it be the self signed cert, that is causing Outlook to display the server name as server.example.local, or is there still something wrong with my internal autodiscover configuration? Edit I've proven it isn't the certificate that is responsible for outlook returning server.example.local, by installing another self certified certificate with a name of test.example.com. When creating a new outlook profile, I get the mismatch error I'm expceting, but after accepting the cert, and finishing the config of the Outlook profile, again it still shows server.example.local as the server name. This means that if I were to purchase the UCC cert now, that external client would work fine, but internal clients would show a certificate name mismatch. Any ideas where to start diagnosing this?

  Read the article

• getting autodiscover URL from Exchange email address

  - by Anthony

  I'm starting with an address for an Exchange 2007 server: [email protected] And I attempted to send an autodiscover request, as documented at MSDN. I attempted to use the generic autodiscover address documented at the TechNet White Paper. So, using curl on PHP, I sent the following request: <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006"> <Request> <EMailAddress>[email protected]</EMailAddress> <AcceptableResponseSchema> http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a </AcceptableResponseSchema> </Request> </Autodiscover> to the following URL: https://domain.exchangeserver.org/autodiscover/autodiscover.xml But got no response, just an eventual timeout. I also tried: https://autodiscover.domain.exchangeserver.org/autodiscover/autodiscover.xml With the same result. Now, since my larger goal is to use Autodiscover with Exchange Web Services, and since all of the EWS URLs start with the same sub-domain as the Outlook Web Access address, I thought I'd give that a try: OWA: https://wmail.domain.exchangeserver.org So I tried: https://wmail.domain.exchangeserver.org/autodiscover/autodiscover.xml And sure enough, I got back the expected response. However, I only knew the OWA sub-domain because it's the server I have access to and that I'm using to test everything. I would not know it for sure or be able to guess it if this were a live app and the user was entering in their own Exchange email. I know that whatever generic autodiscover settings must be turned on, because I can enter: [email protected] into Apple Mail on Snow Leopard and it finds everything without trouble. So the question is... Should https://domain.exchangeserver.org/autodiscover/autodiscover.xml have worked, and I just missed a step when trying to connect to it? Or, Is there some trick (maybe involving pinging the email address?) that Apple Mail and other clients use to resolve the address to the OWA subdomain before sending the autodiscover request? Thanks to anyone who knows or can take a wild guess.

  Read the article

• Auto detect internal/external development environment

  - by zaf

  We use the following function to auto detect if we are on a machine internally or on a live server and then choose the appropriate configs for various components. function devIsLocal(){ $res=false; $http_host=$_SERVER['HTTP_HOST']; if($http_host=='localhost')$res=true; if($http_host=='127.0.0.1')$res=true; if(substr($http_host,-4)=='.lan')$res=true; if(strpos($http_host, '.')===false)$res=true; return($res); } As you can see it only relies on the HTTP_HOST value. Of course, if you have use virtual host locally like example.com then the function will be tricked. Are there any other ways to fool the function? and what other variables/places could we peek at to determine where we are?

  Read the article

• How do I get the displayname of the logged in user in EWS?

  - by tig

  Exchange Autodiscovery will give me the user's Display Name via the UserSettingName.UserDisplayName property. However, in cases where autodiscovery fails and connection needs to be done manually I can't figure out how to get the DisplayName. I tried this, but I just get the users' email address: _service = new ExchangeService(); _service.Credentials = new System.Net.NetworkCredential(exchangeSettings.EmailAddress, exchangeSettings.Password); _service.Url = new Uri(exchangeSettings.ExternalEwsUrl); NameResolutionCollection resolvedNames = _service.ResolveName(exchangeSettings.EmailAddress); exchangeSettings.UserDisplayName = resolvedNames.First().Mailbox.Name; Thanks

  Read the article

• Log rotation with automatic *.log file discovery

  - by Mikko Ohtamaa

  I am hosting several websites which each of run their own Python process and write *.log output files, but the directory structure is not standardized. Example: -rw-r--r-- 1 plone plone 125M 2012-08-29 11:35 ./x/var/log/instance-Z2.log -rw-r--r-- 1 plone plone 19M 2012-08-29 00:07 ./zope2.9/y/log/event.log -rw-r--r-- 1 plone plone 188M 2012-08-13 00:09 ./zope2.9/y/log/Z2.log -rw-r--r-- 1 plone plone 137M 2010-11-16 09:41 ./zope2.9/y/log/event.log I'd like to make log rotate autodiscovery these log files and run a log rotation on them, as opposite to manually type in every log file to logrotate conf. Does any existing tools offer this kind of log file discovery and rotation capabilities, without manually specifying each file? If not... then just write a shell script which generates the logrotate conf?

  Read the article

• My server appears to have been hacked+ scanssh run by zabbix is it normal?

  - by Niro

  I'm running a few EC2/Scalr instances with zabbix monitoring. I received complaints about one of my servers port scanning other servers. the logs show it is accessing port 22 on consecutive IP addresses. I looked at the processes list and saw scanssh is running under the user Zabbix. My question is- Is scanssh part of zabbix? Is it suppesd to run? I have active autodiscovery on zabbix but it is looking at another IP addresses and definately not port 20. Is it possible that something in the config of zabbix agent is controlling it and not the settings on zabbix server? What can I do to find out if zabbix is somehow misbehaving or it is a hacker? Any advice is highly appreciated.

  Read the article

• install lync 2010 client on home laptop

  - by user330026

  I have work laptop and lync is running there no problems. I installed vpn on my home laptop and outlook connected through vpn no problems. But when I install lync 2010 client and put the same settings as work version. It was on autodiscovery and I used the same userlogin it does not work. Is there any way to find out from my work laptop what configuration lync uses there and replicate it on home. I spend hours finding solutions and could not find anythigng. I can't ask IT. Anyone can advice anything, thanks

  Read the article

• How to create a Service Connection Point for Exchange (Manually)

  - by Ionoxx

  I'm being cautious here. Before I remove anything I want to be able to put it back. I'm having issues with a domain joined computer that is using SCP to get exchange autodiscovery information. It's getting information for the now unused internal Exchange through SCP even through the profile is using Office 365 on another domain. According to this conversation, I can simply remove the object from Active Directory Sites and Services. I want to know how to add back in should this create more problems, or if we reinstate the Exchange server. Right clicking on the parent "autodiscover" node doesn't allow me to create a Service Connection Point. Will simply running the cmdlet "Set-ClientAccessServer -identity servername -AutodiscoverServiceInternalUri url" be enough to recreate the object? Thank you!

  Read the article

• maintaining a growing, diverse codebase with continuous integration

  - by Nate

  I am in need of some help with philosophy and design of a continuous integration setup. Our current CI setup uses buildbot. When I started out designing it, I inherited (well, not strictly, as I was involved in its design a year earlier) a bespoke CI builder that was tailored to run the entire build at once, overnight. After a while, we decided that this was insufficient, and started exploring different CI frameworks, eventually choosing buildbot. One of my goals in transitioning to buildbot (besides getting to enjoy all the whiz-bang extras) was to overcome some of the inadequacies of our bespoke nightly builder. Humor me for a moment, and let me explain what I have inherited. The codebase for my company is almost 150 unique c++ Windows applications, each of which has dependencies on one or more of a dozen internal libraries (and many on 3rd party libraries as well). Some of these libraries are interdependent, and have depending applications that (while they have nothing to do with each other) have to be built with the same build of that library. Half of these applications and libraries are considered "legacy" and unportable, and must be built with several distinct configurations of the IBM compiler (for which I have written unique subclasses of Compile), and the other half are built with visual studio. The code for each compiler is stored in two separate Visual SourceSafe repositories (which I am simply handling using a bunch of ShellCommands, as there is no support for VSS). Our original nightly builder simply took down the source for everything, and built stuff in a certain order. There was no way to build only a single application, or pick a revision, or to group things. It would launched virtual machines to build a number of the applications. It wasn't very robust, it wasn't distributable. It wasn't terribly extensible. I wanted to be able to overcame all of these limitations in buildbot. The way I did this originally was to create entries for each of the applications we wanted to build (all 150ish of them), then create triggered schedulers that could build various applications as groups, and then subsume those groups under an overall nightly build scheduler. These could run on dedicated slaves (no more virtual machine chicanery), and if I wanted I could simply add new slaves. Now, if we want to do a full build out of schedule, it's one click, but we can also build just one application should we so desire. There are four weaknesses of this approach, however. One is our source tree's complex web of dependencies. In order to simplify config maintenace, all builders are generated from a large dictionary. The dependencies are retrieved and built in a not-terribly robust fashion (namely, keying off of certain things in my build-target dictionary). The second is that each build has between 15 and 21 build steps, which is hard to browse and look at in the web interface, and since there are around 150 columns, takes forever to load (think from 30 seconds to multiple minutes). Thirdly, we no longer have autodiscovery of build targets (although, as much as one of my coworkers harps on me about this, I don't see what it got us in the first place). Finally, aformentioned coworker likes to constantly bring up the fact that we can no longer perform a full build on our local machine (though I never saw what that got us, either, considering that it took three times as long as the distributed build; I think he is just paranoically phobic of ever breaking the build). Now, moving to new development, we are starting to use g++ and subversion (not porting the old repository, mind you - just for the new stuff). Also, we are starting to do more unit testing ("more" might give the wrong picture... it's more like any), and integration testing (using python). I'm having a hard time figuring out how to fit these into my existing configuration. So, where have I gone wrong philosophically here? How can I best proceed forward (with buildbot - it's the only piece of the puzzle I have license to work on) so that my configuration is actually maintainable? How do I address some of my design's weaknesses? What really works in terms of CI strategies for large, (possibly over-)complex codebases?

  Read the article

• Webcast Q&A: Demystifying External Authorization

  - by B Shashikumar

  Thanks to everyone who joined us on our webcast with SANS Institute on "Demystifying External Authorization". Also a special thanks to Tanya Baccam from SANS for sharing her experiences reviewing Oracle Entitlements Server. If you missed the webcast, you can catch a replay of the webcast here.  Here is a compilation of the slides that were used on today's webcast.  SANS Institute Product Review: Oracle Entitlements Server We have captured the Q&A from the webcast for those who couldn't attend. Q: Is Oracle ADF integrated with Oracle Entitlements Server (OES) ? A:  In Oracle Fusion Middleware 11g and later, Oracle ADF, Oracle WebCenter, Oracle SOA Suite and other middleware products are all built on Oracle Platform Security Services (OPSS). OPSS privodes many security functions like authentication, audit, credential stores, token validaiton, etc. OES is the authorization solution underlying OPSS. And OES 11g unifies different authorization mechanisms including Java2/ABAC/RBAC.  Q: Which portal frameworks support the use of OES policies for portal entitlement decisions? A:  Many portals including Oracle WebCenter 11g  run natively on top of OES. The authorization engine in WebCenter is OES. Besides, OES offers out of the box integration with Microsoft SharePoint. So SharePoint sites, sub sites, web parts, navigation items, document access control can all be secured with OES. Several other portals have also been secured with OES ex: IBM websphere portal Q:  How do we enforce Seperation of Duties (SoD) rules using OES (also how does that integrate with a product like OIA) ? A:  A product like OIM or OIA can be used to set up and govern SoD policies. OES enforces these policies at run time. Role mapping policies in OES can assign roles dynamically to users under certain conditions. So this makes it simple to enforce SoD policies inside an application at runtime. Q:  Our web application has objects like buttons, text fields, drop down lists etc. is there any ”autodiscovery” capability that allows me to use/see those web page objects so you can start building policies over those objects? or how does it work? A:  There ae few different options with OES. When you build an app, and make authorization calls with the app in the test environment, you can put OES in discovery mode and have OES register those authorization calls and decisions. Instead of doing  this after the fact, an application like Oracle iFlex has built-in UI controls where when the app is running, a script can intercept authorization calls and migrate those over to OES. And in Oracle ADF, a lot of resources are protected so pages, task flows and other resources be registered without OES knowing about them. Q: Does current Oracle Fusion application use OES ? The documentation does not seem to indicate it. A:  The current version of Fusion Apps is using a preview version of OES. Soon it will be repalced with OES 11g.  Q: Can OES secure mobile apps? A: Absolutely. Nowadays users are bringing their own devices such as a a smartphone or tablet to work. With the Oracle IDM platform, we can tie identity context into the access management stack. With OES we can make use of context to enforce authorization for users accessing apps from mobile devices. For example: we can take into account different elements like authentication scheme, location, device type etc and tie all that information into an authorization decision.  Q:  Does Oracle Entitlements Server (OES) have an ESAPI implementation? A:  OES is an authorization solution. ESAPI/OWASP is something we include in our platform security solution for all oracle products, not specifically in OES Q:  ESAPI has an authorization API. Can I use that API to access OES? A:  If the API supports an interface / sspi model that can be configured to invoke an external authz system through some mechanism then yes

  Read the article

1