Title: How to Enable SSLFIPS For Use In Apps 10 Instances?Problem: An ITAR customer (USA based) with many internal security requirements wishes to configure and use SSLFIPS for secured communications within IFS user sessions. Can they activate SSLFIPS?Recreated in core: No errors encountered so far. Use of SSLFIPS has not yet been attempted.Recreated in customer environments: no Business Impact: customer needs to bring their IFS use into compliance with “STIG” (security policies)Importance: This ITAR customer must comply with governmental and internal security requirementsCase ID: LCS - G2346435 (none in Service Now)Request for R&D: Original question from IFS systems engineer reads as follows:“Customer has asked a security (STIG) question regarding MWS changes to ssl.conf:Is it possible to urgently get an answer to the following STIG related question if we get clarification it will help us to remove several STIG non compliances that we have:Can we turn on SSLFIPS? Oracle
It is informed that the Spring4Shell (CVE-2022-22965) vulnerability is actively being exploited in large numbers. We would like to know if the IFS systems are vulnerable to this exploit and if yes if mitigation measures have been taken.
Problem: Customer Derco (Lockheed Martin), an Apps 9 - UPD 16 customer, has applied patches of CVE-2021-44228 but noted afterwards how they still have vulnerabilitiesRecreated in Core: no - issue is environment specificRecreated in Customer Environment: yes - problem is specific to Derco - Lockheed Martin environmentsBusiness Impact: ITAR customer now has security audit findingsImportance: Potential for trouble with auditors and security exposure will grow the longer these vulnerabilities existCase ID: G2319565 (LCS)Request from R&D: WHAT CAN BE DONE REGARDING THE FOLLOWING VULNERABILITIES FOR APPS9 - UPD16 USERS WHICH HAVE ITAR REQUIREMENTS? A list of the customer’s internal audit findings follows:“Our scan show the vulnerability on IFS applicationI:\ifs\DEV9/mw_home/mws\inventory\featuresets\wls_server_12.2.1.4.0.xml foundHKLM\Software\Oracle\KEY_IFS_AS_20200408152712163 Key foundHKLM\Software\Oracle\KEY_IFS_AS_20200408165031939 Key foundHKLM\Software\Oracle\KEY_IFS_AS_20
I have a question about WEBSERVICES and Token : how it works, what is the process to achieve the value transported. For example : Indeed, we encounter the authentication problem Error 401--Unauthorized on the following webservice: https://assystem-test.ifs.cloud:48080/main/ifsapplications/projection/v1/TimeRegistrationHandling.svc Maybe the webservice uses a token to authenticate itself despite the use of a basic IFS Aurena login/password authentication. We used Postman to perform our requests (GET,POST,PUT). Can you please tell us what are the access parameters of this webservice as well as the descriptions of these different methods.
Is it possible to use both Single-sign on and Database Authentication at the same time for a user?If I look at the screenshot below I would expect I’m able to login via both SSO and Database Authentication. This is however not working.
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.