000027936 - KB-1515 Validating access to java.sun.com, required for ITIM Handler XML parsing

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027936
Applies ToAffected Versions: 4.X
IssueAfter sucessfully installing the ITIM Agent for use with ACM, the ITIM Handler needs to parse XML properties. In order for it to parse the XML properties it has to reference: http://java.sun.com/dtd/properties.dtd



One method to confirm that the configuration can sucessfully connect to the java website for that parsing to suceed, is as follows, understanding that the ITIM node in this case is java.sun.com.


Ensuring Access to java site:


Note for this test and the ITIM config to work, you must ensure access to http://java.sun.com/dtd/properties.dtd



On the appliance


1 Add an entry to /etc/hosts, that references the java.sun.com site, for local loopback. java.sun.com


2. Deploy the /dtd/properties.dtd on the jboss server. Do this by browsing (from another system that has internet access) to

http://java.sun.com/dtd/properties.dtd and get the contents of properties.dtd. Save it to a file named properties.dtd. Create a dtd folder off the web server root and copy the properties.dtd file there.



3. Make sure port 80 and 8445 are open in the firewall





Testing ability to parse required xml:


Once this is done, do the following:


1. Run this command:


telnet java.sun.com 80
Connected to java.sun.com (
Escape character is '^]'.


2. Then input these lines:

GET /dtd/properties.dtd HTTP/1.1

host: java.sun.com

<line feed>


The expected output would be the contents of the properties.dtd, and this is returned:


Copyright 2006 Sun Microsystems, Inc. All rights reserved.

<!-- DTD for properties -->

<!ELEMENT properties ( comment?, entry* ) >

<!ATTLIST properties version CDATA #FIXED "1.0">

<!ELEMENT comment (#PCDATA) >

<!ELEMENT entry (#PCDATA) >





As an example with a system that can almost ALWAYS be accessed, test this method by accessing Google.

This should return the Google index.html page:


telnet www.google.com 80

Connected to
www.google.com (
Escape character is '^]'.

GET /index.html HTTP/1.1


HTTP/1.1 200 OK
Date: Thu, 07 Jul 2011 15:56:08 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=adb1e7693860de6a:FF=0:TM=1310054168:LM=1310054168:S=svB1GZ3k_ODU4oLV; expires=Sat, 06-Jul-2013 15:56:08 GMT; path=/; domain=.google.com
Set-Cookie: NID=48=gugoEOKST-1KdC8zVcrn5Xv3Be1Hnv5FzUFcBV7TezlLMQ57wDvkJOgvIHeaCUVsONZjoH82CSoaKRFBmHprZaf_MMjcO_pLPHWt6IMRdmBQBvULCOk8wAHuWheH-FZ2; expires=Fri, 06-Jan-2012 15:56:08 GMT; path=/; domain=.google.com; HttpOnly
Server: gws
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked

<!doctype html><html><head><meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"><meta name="description" content="Search the world&#39;s information,








Note that work is currently underway to remove the handler's dependency on the access to http://java.sun.com/dtd/properties.dtd, however until this is implemented in the product, this access is required.