IISProxy and Single-signon for EP6SP2

Similar Messages

• Single-signon for multiple sites or sub sites

  Does anyone know of some good articles/publications or suggestions for
  implementing a single signon for multiple very secure internet sites in
  weblogic type environments.
  For example, bank1 has a internet site and bank 2 has an internet site.
  Bank 2 has some cool features they want to offer bank1's customers. They
  agree but, bank1 wants to present bank2 as a tab or part of bank1 site.
  IN order to do this there are lots of fun things, but the things Im
  interested in are how to authenticate between them and handle timeouts.
  timeouts seem particularly tricky in that if I dont hit a page on bank2
  for a while, it could time out its session for the guy on bank1. Also if
  im in the bank2 section of the site, then bank1 could time me out as
  well.
  any ideas let me know.
  thanks
  Joel

  I've been informed ;-) that a pure Java solution is also available from
  Entegrity. So here are a couple of URLs for you to research
  anagrammatically:
  http://www.netegrity.com
  http://www.entegrity.com
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  Tangosol: How Weblogic applications are customized
  "Cameron Purdy" <[email protected]> wrote in message
  news:[email protected]...
  Netegrity?
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  Tangosol: How Weblogic applications are customized
  "Tim Funk" <[email protected]> wrote in message
  news:[email protected]...
  This is long winded and I tried to have this make sense, if it doesn't
  just mark this as read ...
  I am running into the same issue. Out of need, different applications
  need to be hosted on different boxes/JVM's/web applications. I am
  experimenting with a customer single sign on process which is
  independent of Java but lends itself nicely to it. Here is my thoughts:
  1) All applications need to run under the same domain. For example:
  foo.redrose.net, www.redrose.net, bar.redrose.net, app1.redrose.net
  all reside under redose.net.
  2) You have a database table (secure) that contains the following:
  user id, password, session id, last access time.
  3) This database table contains all of the valid sessions across the
  domain (in this exmaple .redrose.net)
  4) There is a daemon running which runs every ?? seconds that deletes
  any records older than ?? seconds/(or minutes/hours) in the
  database.
  5) There exist a cookie which is set to the domain level that contains
  the session id.
  6) The session id provides a way to obtain the id and password for the
  user to authenticate to the container. For example in WL5.1SP8 there
  exists: weblogic.servlet.security.ServletAuthentication.weak(...) to
  authenticate to your container. By using this you will get the
  capability of setting up your roles and ACLS etc in you web.xml and
  weblogic.xml to handle authorization.
  7) All requests to any applications participating in this philosophy
  must do the following for EVERY request (or appropriate):
  Even if you are logged authenticated to the container and authorized,
  you may have timed out or logged out of another application. So the
  database table must be checked to see if the session id exists. At the
  same time, you must also update the last access time to prevent timeout.
  8) If the user tries to access a different application which he has not
  authenticated to yet - the user will be forwarded to a servlet whichwill:
  a) Look for the cookie at the domain level
  b) If the cookie is found - get the UID and PWD from database
  b2) Present login form if cookie is invalid/not exists
  c) Authenticate to container
  d) Forward back to original page and let the container handle
  authorization since you have already authenticated.
  I use have encapsulated the database activity into 3 stored functions:
  1) isValidSession(session_id) - Returns null or the user id and pwd
  concatentated which will need split apart if needed
  2) makeSession(user_id, password) - Returns a new unique session id and
  creates the appropriate record
  3) cleanUpSessions() - Arguements not yet determined. This will delete
  any records older than a certain time. I would like to have the proc
  know what to delete without being given a parameter but time to the
  second level can be tricky for some DBMS's.
  There is a concern of storing the user id and password in the database
  but this can be eliminated with a good design to restrict access to the
  database table and using encrypted connections.
  Hope this helps. Hopefully - a similar philosphy will be adopted by an
  application container so I may not have to worry about this and I can go
  back programming business functionality.
  -Tim
  Joel Nylund wrote:
  Does anyone know of some good articles/publications or suggestions for
  implementing a single signon for multiple very secure internet sites
  in
  weblogic type environments.
  For example, bank1 has a internet site and bank 2 has an internetsite.
  Bank 2 has some cool features they want to offer bank1's customers.They
  agree but, bank1 wants to present bank2 as a tab or part of bank1site.
  IN order to do this there are lots of fun things, but the things Im
  interested in are how to authenticate between them and handletimeouts.
  >>>
  timeouts seem particularly tricky in that if I dont hit a page onbank2
  for a while, it could time out its session for the guy on bank1. Alsoif
  im in the bank2 section of the site, then bank1 could time me out as
  well.
  any ideas let me know.
  thanks
  Joel

• Forms and single signon

  Hi,
  I have two questions regarding forms9i and single signon:
  1. How do you identifiy which user is logged on from within forms?
  2. How do you get around menu security which is implemented using user roles if all users share a single schema?
  Thanks for your input.
  Regards
  Sajit Kalidas

  Check Get_Application_Property, using this procedure you can get the SSO username. Also depending on this user you then can enable your session roles.
  Cheers, Stefan

• Siebel Single SignOn

  Hi,
  I would like to know what options are available for providing Single Signon for Siebel? I know that Siebel can be intagrated with OAM for SSO. Can Siebel be integrated with Oracle Application Server Single Signon? If so what version and any links to information would be very helpful.
  Thanks

  Hi Marcus,
  You can use IISProxy in order to obtain Sigle Sign-on between Your Windows Network and the portal.
  http://help.sap.com/saphelp_nw04/helpdata/en/07/914e4f02a69f448aeee7263b2a9dc6/content.htm
  If you want more information about how to configure it, send me a email to [email protected]
  Regards.

• CrystalReports XI RDC causes a disfunction of Lotus Notes Single SignOn

  Our customer uses Lotus Notes. When he installed the CR RDC merge modul (XI Rel. II, SP6), the single signon for Lotus Notes doesn't work anymore. That means the customer has to type in username and password once more if he want's to use Lotus Notes. It seams that the single signon service is running.
  The registry key "ProviderOrder"="RDPNP,LanmanWorkstation,WebClient,npnotes" is correctly sorted (I found that in another forum). Any suggestions? TIA, F. Bartsch

  Hi Frank,
  Well there may be an issue with the RDC, but it seems that yourself and one other have just seemed to report it. We don't have any other information then that. I want to add my two-bits similar along the lines of what Don and Ludek was saying. Personally I would look at the runtime differences before and after the RDC stuff is installed. We have an application called modules, that takes a snap-shot of the runtime in memory for all applications currently running on the system. By running lotus before your RDC install creating a modules snap-shot, and after the install then you will see what the differences are. Perhaps this is just a difference in the COM files on the system.
  As for creating a support case, there is only so much we can do on the forums. Support cases allow you to engage an engineer directly to try trouble shooting and modules would probably be the first thing they would get you to do. If this does turn out to be an issue with our product then there is a process to get a refund on the case. However this is contingent on us determining that it is in deed our issue.
  You can find modules at https://smpdl.sap-ag.de/~sapidp/012002523100006252802008E/modules.zip
  Trevor

• Single Signon and Integration with Active Directory

  Hi,
  We have a requirement to integrate Active Directory with SAP and implement Single Signon solution. Our Active Directory is running on Windows 2003 and we are having systems 4.7 , ECC6.0 which run on Linux OS in our landscape.
  Can anyone of you help me by answering following questions
  1. Is there any need of any third party solution(tool) to integrate  Active Directory and SAP and activate single signon?
  2.Is there any difference in integration from SAP 4.7 and ECC6.0 of SAP on Linux OS with Active Directory ?
  3. If possible please share any documents or links on above issue.
  Suitable answers will be rewarded with points. Thanks in advance for your help
  Regards
  Murali

  > Thank you very much for providing me the link. But the document on link seem to be in German. Can you please let me know how to get English version of this document.
  I'm sorry, you'd have to ask Realtech for that document in English.
  Basically you can follow
  http://osdir.com/ml/encryption.kerberos.general/2004-11/msg00007.html
  Markus

• Single signon between JSP page and Net.Data page

  I am trying to setup a single signon between a JSP page hosted on a tomcat server, and a Net.Data page hosted on an IBM HTTP server. Both of these servers are running on an AS400. The JSP page (www.jsppage.com/menu) contains a link to the Net.Data page (www.netData.com/page2). In order to access www.jsppage.com/menu the user needs to login. Once this happens I want them to be able to go back and forth between the two pages without having to log in when they switch servers. Page navigation is handled through myServlet.java so that when a user clicks on a link the request is forwarded on to myServlet.java where the servlet determines where to redirect the user to. The servlet uses
  RequestDispatcher requestDispatcher = getServletContex().getRequestDispatcher(url);
  requestDispatcher.forward(request, response);
  to forward the user to the correct page. This works fine for the JSP pages but when I forward to www.netData.com/page2 I get an error telling me the address doesn't start with a /. I also need to send the user name and password for the net.data pages to avoid the second login window to popup.
  I understand that the requestDsipatcher.forward() method directs the browser to a page that is relative to the current root directory. If I try to use response.sendRedirect(url) I get sent to the right page but the signon window pops up. I would appreciate any help.

  I am trying to setup a single signon between a JSP
  page hosted on a tomcat server, and a Net.Data page
  hosted on an IBM HTTP server. Both of these servers
  are running on an AS400. The JSP page
  (www.jsppage.com/menu) contains a link to the Net.Data
  page (www.netData.com/page2). In order to access
  www.jsppage.com/menu the user needs to login. Once
  this happens I want them to be able to go back and
  forth between the two pages without having to log in
  when they switch servers. Page navigation is handled
  through myServlet.java so that when a user clicks on a
  link the request is forwarded on to myServlet.java
  where the servlet determines where to redirect the
  user to. The servlet uses
  RequestDispatcher requestDispatcher =
  getServletContex().getRequestDispatcher(url);
  requestDispatcher.forward(request, response);
  to forward the user to the correct page. This works
  fine for the JSP pages but when I forward to
  www.netData.com/page2 I get an error telling me the
  address doesn't start with a /. I also need to send
  the user name and password for the net.data pages to
  avoid the second login window to popup.
  I understand that the requestDsipatcher.forward()
  method directs the browser to a page that is relative
  to the current root directory. If I try to use
  response.sendRedirect(url) I get sent to the right
  page but the signon window pops up. I would
  appreciate any help.You can't do that without passing username and password.
  The servers keep track of the user by storing a cookie on the clients computer. The cookie is only valid for the domain that created it.
  So, to make this work you need to send the username and password as part of the sendRedirect. the forward() method won't work.
  What you could do is create some code on the .net machine that accepts username, password and target URL as input. Once it receives those parameters it should perform the .net login procedure and redirect to the correct page.
  In your servlet you should pass those parameters on to the .net machine and the user should get the correct page without ever seeing any login windows.
  Make sure to use https if you decide to follow this scheme since http will transmit the username/password in cleartext.
  /Christopher

• Using a Single Library for Entire Site and When to Use Subsites

  I'm hoping a discussion I am having with my coworkers can be solved.  We are trying to decide two things:
  Should the entire office be under a single site or should each division have their own site?  Our Office has 5 divisions that contain 17 Branches, one site for business functions and one top-level site for the entire office.
  Is it standard practice to create one huge library managed by metadata or should there be multiple libraries?  I tend to think one library will be too hard to manage with regard to metadata and site columns and that libraries should be based on business
  functions or subject domains (i.e., SOPs, Quality Documents, Business Documents, Technical Documents, etc).
  Currently, several workflows, libraries and lists have already been created under our business functions site.  In order to house everything under a single site, we would need to change the name of the site and move everything under it.  I'm not
  sure if changing the name of the existing site will cause problems.
  I group these two items together because they really seem related.  With everything under a single site, individual libraries, lists and workflows could get out of hand as everyone tries to manage their own division.  But then so would a single
  library for everyone.  The problem with more than one site is that data cannot flow freely between sites (via workflows) and search would be less effective so some are against separate sites.  So knowing one question may affect the answer for the
  other.
  Any thoughts on our library and site structure would be appreciated.  Thanks.

  As always the usual SharePoint consultant cop-out answer of 'it depends' is correct.
  Having said that there are certain trends that are quite relevant:
  It isn't common to use a single site collection for all sites. It can be done but it often leads to a state where you have a single monstrous site collection which is harder to backup, recover and maintain (see the boundaries and limits documents). The
  default behaviour in most cases is to have a central 'shared' site collection then one per <group> where Group is a team that works on the same content, has broadly the same area of interest and access. That might be one for HR, one for the Support team,
  one for the Sales team etc.
  In terms of libraries there's a wide variation. If there' no difference in views, security and metadata then keeping the library count down is generally a good thing. However using multiple libraries can make life easier and better for users by allowing
  more useful views, more secure by locking down libraries rather than using item level permissions (always a nightmare) and allowing more useful alerts and so on.
  SharePoint architecture is a science but it's a really, really hard one to formulate into If/Then rules. So, broadly answering your questions I would lean towards multiple site collections and I generally agree with you on point 2, although if there's only
  a small number of documents and simple structure then a single library might still make sense.

• Can you buy Creative Cloud for a single month? Or do you have to buy the membership which lasts a year? If so can you cancel the membership after a month and only pay for that month.

  Can you buy Creative Cloud for a single month? Or do you have to buy the membership which lasts a year? If so can you cancel the membership after 1 month and only pay for that month?
  Thanks

  Hello Tom,
  You may sign up for a free trial of creative cloud which you can check out here. Download a free trial or buy Adobe products | Adobe downloads
  You may either pay for a month to month membership or annual as listed here. Creative Cloud pricing and membership plans | Adobe Creative Cloud
  Let us know if this helps!
  Thank you,
  Jo-Marie

• Form:The user sees on the screen a single page, for the second page (and to fill it in) he will click a button "next page"!

  Hello, sorry for my english!
  I am currently creating a form. This form contains 20 pages. For more comfier to fill it in, I want it to be loaded 1 page to 1 page. The user sees on the screen a single page, for the second page (and to fill it in) he will click a button "next page"!
  Is it possible to do this with adobe acrobat pro?
  In the case of a negative answer, can Indesign do this?
  thank you.

  Technically it's possible to use a script to prevent someone from going to the next page unless they click a button, but I think it's a bad idea and very user un-friendly. You can add a button that will take someone to the next page, but don't try to restrict them from doing so themselves if they so wish.

• Can I get from iConnect financijal and statistic report for single Newsstand application ?

  I have problem to get full financial and statistic report for one single application?
  Is there a posibilty thay kind of report doesn/t exist?
  I can't belive...!

  Welcome to AppleWorks, a discontinued application. I'll try to get you to the iPad forum.

• Process single chq for Multiple Vendor Invoice and other Non-Vendor GL

  Hello Experts,
  Scenrio :
  In most of the cases, Vendors of our client have the same Banks as that of our client. our client provides facilty to thier Vendors by depositing chqs in thier account upon due date.
  Procedure :
  I want to process a manual transaction (with a single chq for intra-bank transfer). the total amt on chq would be the total of selection of several invoices & some other payable GLs.
  Query :
  which T-Code should i use & how do i proceed.

  Hi Hussein Merchant ,
  For your requirement you have to do single payment at F-53.There you need to select Other account check box at open item selection.Give the all open item vendor codes and get a cleared document number.
  Go to FCH5 and assign manual single check here
  May be this information is useful to you
  If you have any doubt feel free to ask
  Regards
  Surya

• Use single realm for multiple web applciation in sharepoint 2013 and adfs 2.0

  Use single realm for multiple web applciation in sharepoint 2013 and adfs 2.0
  Please help!!

  I dont think you can do this, because you have to name/url of the web application in realm. You have to add new realm for each web application.here is script to add another realm.
  Add-PSSnapin "Microsoft.SharePoint.PowerShell"
  $sts = Get-SPTrustedIdentityTokenIssuer | where {$_.Name -eq "ADFS2.0"}
  $uri = new-object System.Uri("http://url/")
  $sts.ProviderRealms.Add($uri, "urn:sharepoint:Name")
  $sts.Update();
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• Can we create a single bdc for raw materials , and for some other transacti

  hi
  can we create a single bdc for raw materials , and for some other transaction? how?

  Hi Jyothsna
  For one transaction you will have to build your bdc table according to the recording for that transaction and then call that transaction using the bdc table. For another transaction , you will again have to build the bdc table with the details of that transaction.
  You cannot call all at one shot.
  Cheers
  shivika

• SIngle reference for PXI 6509 Input and Output

  Hi ,
  I am using 96 channel PXI 6509 as a DIO, In this 96 channels i need to assign 1st port for input, 2nd port for output  and 4th and 5th for input so on. its is not a big deal using labview but labview creates seperate reference( Task in) for input and ouput.
  I need to have a single reference for both input and output ( like we have in NI DCpower for SMU)
  Can any one suggest me how i can achive this?
  Thanks and best regards,

  I would accomplish this with an Action Engine that handles all of your tasks.  Alternatively, make a class that handles all of the tasks.
  There are only two ways to tell somebody thanks: Kudos and Marked Solutions
  Unofficial Forum Rules and Guidelines