Current position:  Home > Default > Access List and Conflict Resolution Problem!

Access List and Conflict Resolution Problem!

Time:November 30
Advertisement
My configuration for Allow and Deny is not allowing me to load images and CSS files through the gateway on a URLScraper channel.
I'm trying to figure out how to control access to resources using the Access List service, and I'm running into trouble. The Sun ONE Portal Server, Secure Remote Access 6.0 Administrator's Guide (Doc 816-6421-10) states:
Setting the Conflict Resolution Level
You can set the priority level for the dynamic attributes. If a user inherits multiple attribute templates, say from an organization and a role assignment, and there is a template conflict between the attributes in the two templates, the template with the highest priority is inherited. There are seven settings available ranging from Highest to Lowest.
See the Administration Guide, iPlanet Directory Server Access Management Edition for more details on conflict resolution.
Unfortunately the referenced Adminstration Guide for DSAME contains exactly 0 occurances of the word "conflict" in its 136 pages, so that reference was less than helpful. Chapter 17 of that document (Doc 816-5620-10) describes URL Policy Agent Attributes, which sheds some light on what the URL Deny and URL Allow settings mean. The key sentence is, "An empty Deny list will allow only those resources that are allowed by the Allow list."
So, I've set up my Access List services as follows:
o URL Deny is blank on all Access Lists
o URL Allow set as follows
---- isp
------- http://portal.acme.com/portal/* (company name changed to protect the guilty!)
---- acme.com organization
------- Conflict Resolution: Highest
------- http://portal.acme.com/portal/* (same as above)
---- Acme Customers Role - shared role for all Acme customers
------- Conflict Resolution: Medium
------- http://www.acme.com/*
------- http://support.acme.com/*
------- http://support2.acme.com/*
---- RoadRunner role - specific role for a specific customer
------- Conflict Resolution: Medium
------- http://roadrunnerinfo.acme.com/*
The Desktop services in each of the above two roles includes channels from the hosts in the URL Allow lists.
The behavior I'm seeing with this configuration is that the desktop channels include information from the scraped HTML, and the URLs are rewritten for the included images and CSS files and such. However, the gateway is denying access to the images referenced by the rewritten URL. That is, an image with a URL of https://portal.acme.com/http://roadrunnerinfo.acme.com/images/green.gif shows up as a broken image on the desktop. Attempting to access the URL to the image directly results in an "Access to this resource is denied !! Contact your administrator" error message.
If I set the conflict resolution on the acme.corp organization to Medium (or anything lower than the two role conflict resolution levels) results in the same error message as soon as the customer logs in (no desktop rendered). The same error occurs if I set the conflict resolution in the two roles to Highest (same as the top level organization), again with no desktop rendered on login.
If I put all the above referenced URLs in the acme.com organization Access List service, then I am successfully able to fetch all the resources (images, CSS, etc.) in the URLScraper HTML. Likewise if I put "*" in that Access List. However, this is less than ideal, as it would potentially allow other customers to view data that isn't theirs (Wile E. Coyote user should not be able to get to Road Runner data, and vice versa, and neither one of them should get at Acme private information!).
So, what am I doing wrong? Also, does anyone have any leads on where I can read up on how Access Lists and conflict resolution are supposed to work, since Sun neglected to include a valid reference in the Administrator's Guide, Portal Server 6.0 SRA?
Thanks!
-matt
Advertisement
Did you ever get anywhere with this. My experiments seem to inidicate that you cannot successfully combine Access and Deny directives, across roles or organizational defaults and a role.

Conflict resolution for a table with LOB column ...

-0001-11-30

Hi, I was hoping for some guidance or advice on how to handle conflict resolution for a table with a LOB column. Basically, I had intended to handle the conflict resolution using the MAXIMUM prebuilt update conflict handler. I also store the 'update'

Hot Synch Manager Settings (Conflict Resolution​)

2015-10-11

Hello, I synch an office desktop and a home desktop with one Palm Z22.  I have had a lot of problems with duplicate appointments !  How should I configure the Hot Sync Manager settings?  I have the conduits (calendar, note pad, etc. ) set on "synchon

Conflict resolution including the CRT DUMMYfor Add-On ST-SER rel.700_2007_1

2015-10-11

Dear all, Environment  #    32 bit win2k3, SAP   & Orc with 10.2.0.2.0 We are in process of applying suport packs for Solution manager 7.0,  SAPKITL25 is finished When applying SAPKITL26 with  SAPKB70015, SAPKA70015 I am gettign the following CRT is

Where do I set up rules for conflict resolution when syncing iTunes with Outlook?

2015-10-11

I just got an iPhone 5 and I'm coming from a Blackberry.  I've been syncing Outlook Calendar and Contacts to a portable device for over 10 years, even back in the day of the pocket pc and more recently the Blackberry.  My iPhone 5 syncs great and see

No Windows for conflict resolution in Isync

-0001-11-30

Hello, After a synchro with iSync, I see conflicts. When I try to resolve them. The resolve conflit app is launched but i have no windows. To be clear I have not the possibility to resolve conflict because the windows apps do not appears. But I have

How to do Conflict Resolution in Integration Directory - Urgent

-0001-11-30

Hi,      We are having a problem when trying to change some objects in the integration directory.   Error :         "The following objects have previous versions that are no longer active. Reciever Determination urn:sap-com:document:sap:idoc:messages

Site Priority Conflict Resolution

-0001-11-30

I'm using Oracle9i version 9.2.0.1.0 running in Windows Server 2003 I am testing Materialized View Replication ( 1 Master site and multiple materialized view site) for my Advanced Replication setup. To resolve conflict I employ Site Priority Conflict

Business conflict resolution in Streams

-0001-11-30

Hi Suppose we have 2 or more instances of some Oracle-based ERP system, the first one located at headquaters, the second one and others - in the regional branches. We need to have bidirectional syncronization for some of the system's business entitie

Rio system software conflict resolution

-0001-11-30

I noticed the following Conflict Resolution report when trying to start running a LabVIEW 2012 application on an NI-9074 cRIO. Errors were detected in the target log when connecting to the target: LabVIEW:  Failed to load shared library vxsntpc.out.

Merge/Refresh Workspace: Question concerning conflict resolution

-0001-11-30

hi! thank's so far for answering our last question,now another question popped up during developing :) we now have a state with our application where the user can select which objects to merge/refresh and finally commit these changes. if there have b

SQL Remote "conflict resolution"

-0001-11-30

We have a consolidated database with 5 remotes attached. Unfortunately we are getting cases where the consolidated database decides that it knows better and sends transactions to a remote, undoing updates that the remote has just sent. I can't even s

XSD Resolution problem - Unable to load Translation schemas

2015-10-11

Hi, I've run into a very strange kind of problem (not to say some are less strange then others). Let me explain the context of the situation. I've got a BPEL process calling two plsql packages on ORA database, one Java web service running on the same

EHP1 Upgarde Monitor screen resolution problem in a support message

2015-10-11

Hi Experts, We have recently upgraded our Solution manager to EHP1, iam facing a screen resolution problem with 15 inch monitors. Our key users have 15 inch monitors to their system and when they try to reply a support message under transaction data-

Xorg nvidia resolution problems with KDE

2015-10-11

I just installed Arch 2008.04-RC last night.  I configured xorg.conf using nvidia with the screen resolution set to "1440x900" which worked in both the X Windows and KDE 3.5.9.  I was trying to get xine working with Amarok.  At one point, I dele

DB Adapter JCA-12563, XSD Resolution problem

2015-10-11

Hi, I am using Oracle SOA Suit, 11.1.1.4 and I am getting error in my db adapter. Below is the SOA adapter logs. This is intermittent issue, and occurs If i test the process for some time. After reeploying the service, same does not happen for some t

Help in config. of Site priority conflict resolution method

2015-10-11

Hi, I am testing Materialized View Replication (one master site and one MV site) .To resolve conflict I employ Site Priority Conflict Resolution Method but I am not able to insert or update the records. I am getting transaction error while I insert o

How to query the conflict resolution actually implemente

2015-10-11

Hi all. Can anyone tell me an easy way to report the conflict resolution procedures that a replicated object has implemented? How do I know if a table has for example, site priority resolution and how it is done? In general, is there a script to repo

HD receiver/a​mp connected to non-HD TV - resolution problems?

2015-10-11

My 10 year old receiver/amp (non-HD of course) went belly up!  My current TV is not HD & I'm not ready to spend the money for an HDTV monitor at this time. If I buy a HD receiver/amp will I have resolution problems with the current TV?No, receiver/am

Syncing contacts conflict resolution

-0001-11-30

I had given up trying to sync my torch with my MAC. It causes me more trouble and I spend more time trying to correct all the errors than if I were to just manually enter the information twice (once on the phone, once on the computer). I decided to t