0

I'm currently having an issue with Kaplan University over their seminar software. Due to some changes a few months back I started to get No Such Service errors when I tried to access their seminars. All other aspects of the site work normally. They claim that they see no problem, despite me giving them the error message that's generated by the failed loading screen on the seminar.

Attached image 1 is the Seminar screen. I've transcribed the error here:

Main Seminar Error Message. Fig 1.

fms_onConnect | faultEvent: No Such Service KHESeminar.KHE.Seminar.Security with function fms_onConnect
Attempting to connect to: 
rtmp://seminar4.kaplan.edu/KUconcord/1504B/PS525/01/20151214_1930
Intialize connection...
User Interface Ready...
Initializing user interface base...
Intializing user interface...
Initializing Seminar version

Using Chrome's Inspect option I looked at the page and noted 2 identical alerts. They are attached here, but are also transcribed.

Mixed Content: The page at                       
'https://kucampus.kaplan.edu/Seminar/OpenSeminar?chatId=4176214' was loaded over HTTPS, but requested an insecure plugin data
'http://khseminar.com/crossdomain.xml'. This content should also be served over HTTPS.

Error Figure 2

Clicking the crossdomain.xml link led me to this page. Attached figure 3, but transcribed here:

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<cross-domain-policy>
  <site-control permitted-cross-domain-policies="all"/>
  <allow-http-request-headers-from domain="*" headers="*" secure="false"/>
  <allow-access-from domain="*" secure="false"/>
</cross-domain-policy>
Amut
  • 101
  • 1
  • Part 2 Clicking the http://khseminar.com/crossdomain.xml link led me to this page. Attached figure 3, but transcribed here: This XML file does not appear to have any style information associated with it. The document tree is shown below. [Error Figure 3][3] [3]: http://i.stack.imgur.com/fRpZP.png – Amut Dec 15 '15 at 05:44
  • Part 3 While trying to determine what's going on, I ran across a [2006 article][4] discussing a cross-domain Ajax exploit, they also discussed crossdomain.xml and reported that Adobe had a vulnerability. The hole that they showed looks practically identical to what is showing up on my Inspect Source of my seminar's code. [4]: http://shiflett.org/blog/2006/oct/the-crossdomain.xml-witch-hunt – Amut Dec 15 '15 at 05:45
  • I'd like to know if anyone can see if something's wrong in the crossdomain.xml code. I'm fairly new at coding at this level, my previous experience is with HTML and PHP4, and it was because of this issue that I just had a crash course in how policies work. I think I can handle the basics of anything anyone has to say. – Amut Dec 15 '15 at 05:46
  • The crossdomain is looking good, it basically says that it allows all connections from everywhere over both https and http, so it must be something else. I believe if there would be a problem with a crossdomain you would get a security error. A faultEvent usually means the content is really not there. – Philarmon Dec 15 '15 at 12:08
  • @Amut I think that your problem has nothing with the crossdomain.xml file and it's a connection problem to get the rtmp stream which is unavailable. – akmozo Dec 15 '15 at 13:07
  • @Philarmon Thank you for the pointer. Though there is a security mention in the seminar error page, I wasn't sure what Security with function fms_onConnect was related to. What I was noticing as I transcribed the errors is in the Chrome Inspect alerts the seminar was loaded over HTTPS but the insecure plugin sent over was over HTTP. But another question is whether the problem originates on my end or on Kaplan's end? Knowing that would help a lot for me to resolve the problem in some way. – Amut Dec 16 '15 at 22:15
  • @Akmozo Can you explain what the "rtmp stream" is? I'm interested in learning, but I want to be sure I'm finding the right acronym when I google it. – Amut Dec 16 '15 at 22:17

0 Answers0