OBIEE 11G with Single Sign-On and Active Directory

Similar Messages

• Weblogic Single Sign On on Active Directory doesn't work

  Hello!
  Please help me to work out what my mistake is.
  I configured Weblogic for SSO on Active Directory using article, described on support.oracle.com.
  My krb5.ini file is
  [libdefaults]
  default_realm = DOMAIN.RU
  default_tkt_enctypes=des-cbc-crc
  default_tgs_enctypes=des-cbc-crc
  udp_preference_limit = 1
  [realms]
  DOMAIN.RU= {
  kdc=192.168.1.1
  admin_server = DC.DOMAIN.RU
  default_domain = DOMAIN.RU
  [domain_realm]
  .DOMAIN.RU= DOMAIN.RU
  DOMAIN.RU= DOMAIN.RU
  When I try to launch check by running kinit command I get following error
  C:\Users\testuser>kinit -k -t "C:\Oracle\Middleware\user_projects\domains\base_d
  main\test.keytab" HTTP/[email protected] -J-Dsun.security.krb5
  debug=true
  KinitOptions cache name is C:\Users\testuser\krb5cc_testuserPrincipal is HTTP/[email protected]
  Kinit using keytab
  Kinit keytab file name: C:\Oracle\Middleware\user_projects\domains\base_domin\test.keytab
  KeyTabInputStream, readName(): DOMAIN.RU
  KeyTabInputStream, readName(): HTTP
  KeyTabInputStream, readName(): test01.domain.ru
  KeyTab: load() entry length: 66; type: 1Added key: 1version: 5
  Ordering keys wrt default_tkt_enctypes list
  Config name: C:\Windows\krb5.ini
  default etypes for default_tkt_enctypes: 1.
  0: EncryptionKey: keyType=1 kvno=5 keyValue (hex dump)=
  0000: 79 02 0D 8A 19 29 67 E0
  Kinit realm name is DOMAIN.RU
  Creating KrbAsReq
  KrbKdcReq local addresses for test01 are:test01/192.168.1.2
  IPv4 address
  test01/ga80:0:0:0:te2e:3de1:crew:a409%11
  IPv6 address
  default etypes for default_tkt_enctypes: 1.
  KrbAsReq calling createMessage
  KrbAsReq in createMessage
  Kinit: sending as_req to realm DOMAIN.RUException: krb_error 0 Cannot get kdc for realm DOMAIN.RU No error
  KrbException: Cannot get kdc for realm DOMAIN.RU
  at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:168)
  at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:147)
  at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:298)
  at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:237)
  at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:107)
  Thank you!

  Hi,
  Refer this..
  http://help.sap.com/saphelp_crm52sp01/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
  Regards
  Nandha

• Active Directory, single sign-on and  SRM Users

  We are in the process of installing SRM 7.0. using the Classic Scenario. I am seeking clarification around the creation of users in that system given the following:
  - My Basis colleagues are in the process of implementing single sign-on using Active Directory for our SAP Portal, SAP Business Warehouse and SRM systems.
  - Single sign-on will not  at this point be used for our SAP ECC 6.0 system
  My questions are:
  1. If active directory is being used do we need to create actual users within the SRM system?
  2. If actual users in the SRM system are not required, does this have any impact on the creation of the Organizational structure in SRM from the SAP ECC HR hierarchy?
  Many Thanks

  Hi Claire,
  The Single Sign On work only if user exist on every systemes.
  For example :
  If you connect trough portal to access ECC and SRM, your user id must exist in ECC and SRM.
  For Active Directory you can synchronize your user table to AD by using LDAP option.
  The best way is to configure a CUA for ECC and SRM, use the UME of Portal on ECC and synchronize the CUA to Active Directory.
  Finally use the SSO certificate between Portal ECC and SRM.
  Regards,
  Gilles SEBBAG
  Sap Technical Consultant.

• Using multiple wireless networks with Single sign on?

  The university that I currently work for has switched from one wireless SSID to 2 separate SSIDs that separate the student users from the faculty/staff users. At this time only the Faculty Staff can log into STAFF and students can only log into STUDENT...
  I have a few laptop carts that were setup for student use and have single sign on configured for the STUDENT wireless connection. The laptops are on the university's domain so that students have access to the home drives.
  We run into problems when Faculty try to use a laptop to teach a class. They are unable to log in because their credentials are not authorized for the STUDENT wireless network. 
  So...Is it possible to setup 2 wireless profiles (STUDENT and STAFF) with single sign on and give the user an option to choose from?

  Hi,
  Based on your description, I would like to suggest you use Group Policy to configure Wireless Network Settings:
  Using Group Policy to Configure Wireless Network Settings
  http://technet.microsoft.com/en-us/magazine/gg266419.aspx
  Please follow the information from the link above to check the issue.
  If it doesn’t work, I recommend you initial a new thread in our Windows Server Forum for further assistance.
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?category=windowsserver
  Hope it helps.
  Regards,
  Blair Deng
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Changing of the standard port 1521 and afterward problems with Single Sign

  System / Host Environment
  Operating System: HP-UX 11i, Existing Oracle RDBMS Vers. 9.2 x, Listener on standard port 1521
  9iAS System Architecture: 9iAS Infrastructure and Middle tier (AS Instance) on the same machine
  Problem Environment:
  -Before and during the installation of 9iAS infrastructure the Listener of the existing Oracle RDBMS was stopped
  -The installation of 9iAS Infrastructure (db: IASDB) Version 9.0.2.0 works well
  -Afterwards the port 1521 of IASDB changed to 1525. For a detail description of IASB port changing please refer to Doc. ID: 211 929.1 AFTER CHANGE 'IASDB' LISTENER PORT
  -The installation of Patch Set 2 (Common Patch 2703110) follows (9iAS is now up to Release 9.0.2.2).
  -The Installation of 9iAS Middle tier (AS Instance) Version 9.0.3 follows
  Problem description:
  -During the installation of 9iAS Middle tier problems with Single Sign On occurs.
  The reason of this problems seems a communication problem between the Single Sign On login sequence and the IASDB. After a reset of the port changing (back to the standard port 1521) the installation of 9iAS Middle tier works well.
  Through this incorrect and problematic behaviour we have some notes and questions:
  -Well at first the description of the port changing in Doc. ID: 211 929.1 seems us incomplete. Some configuration still carry on the standard port 1521 and not the knew value of the port 1525.
  -So we want to know all configuration files and parts where we have to change the port value manually ?
  -What will happened to the Single Sign On function with this manually port changing. Does Single Sign On works later on correct or have we to change much more ?

  Currently, changing the listener port is not supported. It must stay on 1521. I believe this is to be fixed in a latter release (perhaps 9.0.4)

• Sum Aggregation Error in Physical & BMM Layer in OBIEE 11g with Essbase 11

  Hi everyone,
  I'm using OBIEE 11g with Essbase 11 as the data source. I'm using Sample Basic database from the Essbase as my data source. If I'm using the hierarchy for the measures (so I don't flatten the measures), and when I changed the aggregation in both physical and BMM layer from Aggregate_External to Sum, I can't create a report at all from the Answers.
  Does anyone encounter the same thing? Any ideas/solution about this? Please help.
  Thanks a lot!

  Hi Deepak,
  When I picked the "Basic - measure" alone, I got this error.
  Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P
  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 43113] Message returned from OBIS. [nQSError: 43119] Query Failed: [nQSError: 96002] Essbase Error: Unknown Member Basic - measure used in query (HY000)
  SQL Issued: SELECT 0 s_0, "Sample Basic"."Basic"."Basic - measure" s_1 FROM "Sample Basic".
  When I picked the "Gen1,Measures" alone from the measure dimension, I got this error:
  Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P
  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 43113] Message returned from OBIS. [nQSError: 43119] Query Failed: [nQSError: 46008] Internal error: File server\Query\Optimizer\ServiceInterfaceMgr\SIMDB\Src\SQOIMDXGeneratorGeneric.cpp, line 2610. (HY000)
  SQL Issued: SELECT 0 s_0, "Sample Basic"."Measures"."Gen1,Measures" s_1, SORTKEY("Sample Basic"."Measures"."Gen1,Measures") s_2 FROM "Sample Basic"
  But when I queried the dimensions one by one (only single dimension each), no error was shown.
  This only happens if I use Sum in the physical and BMM layer. If I use External_Aggregation, these errors do not happen. And if I flatten the measures, these errors also do not happen.

• Configuring JCo3 Connection Pool with single sign on on non SAP Java server

  Hi Everyone,
  i have configured a connection pool on JBoss as per JCo3 Documentation and is working great.
  Now I need help to configure this connection pool with single sign on so that RFc on SAP ECC systems are executed using end users credential rather than using single user name password used to configure JCo connection pool.
  On SAP Java stack I am sure its possible within Java WebDynpro    and i assume using JCA resource adapter. But what if we don't want to use SAP Java App server.
  Any help will be appreciated.
  Thanks,
  Divyakumar Jain

  Eason, 你好！
  I have exactly the same problem.  Did you find a solution to this problem?  If so, please let me know!

• Starting single sign-on and directory service

  i am trying to install oracle 9i infrastructure on my clean win2000 box with 2.4 GHz proc and 1GB RAM.
  i am getting falilure messages for the following:
  infrastructure instance configuration assistant: failed
  oracle 9i application server randomize password: failed
  single sign on configuration assistant: failed
  infrastructure mod-osso configuration assistant: failed
  OPMN configuration assistant: failed
  log file says:
  Configuration failed for IAS
  IAS Instance creation failed
  Configuration failed for JAZN
  JAZN configuration failed: unable to establish a directory context.
  Configuration succeeded for IASProperty
  Configuration failed for IAS
  Configuration failed for JAZN
  after which single sign-on and directory service dont start. which means no connectivity :(
  can somebody please guide me about how to avoid this failure in installation or how to manually start these after installation.
  it would be a great help
  ashish

  Hi,
  we're having exactly the same problem.
  Could you tell me what the problem is with the network ?
  You say configure it properly but what do you mean ?
  It's installed on a Windows 2000 Server machine, it's own DNS.
  Thanks,
  Yuri Arts

• Oracle Single Sign on and Oracle Internet Directory

  Hello Gurus,
  What is the relationship between Oracle Single Sign on and Oracle Internet Directory.
  To my understanding, OID is required to install SSO.
  If OID already exist, can we just install SSO and go on integrating it to existing OID.
  Great Thanks,
  vimal jain.
  [email protected]

  Hi Tim,
  I've been working on this and could reproduce the issue with anonymous binds. A fix will be ready in 4.2.1.
  So what I really need is the password used for login to pass to the is_member call.The P101_PASSWORD item does not save state. However, you can access the value during submit processing of the login page, for example in the post authentication function of your authentication scheme. People sometimes put code in there to query the user's groups (e.g. with apex_ldap.member_of2) and save them in an application. This item value can then be used in the authorization schemes.
  Regards,
  Christian

• Single Sign-on and PORTAL30 DAD

  What I've done:
  1) Setup up PORTAL30 DAD with Single Sign-on
  2) Created schema called JOHN with "hello world" procedure call TEST
  3) Grant execute on TEST to PORTAL30
  4) Goto http://<servername>/pls/portal30/john.test
  5) Receive "Procedure Doesn't Exist" error
  6) Change DAD from single sign-on to Basic authentication
  7) Repeat Step 4 with no problems

  Hi Derick,
  I want to make our discussion into 2 parts
  1) Sign on
  2) Viewing data based on the Heirarchy
  1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
  2) We can make the second point possible in two ways One is with providing restriction at universe level
  and the other one is through the use of flash variables.
  Using flash variables:
  The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
  I hope this is what you ar looking for....
  If so i have more points to acheive such scenario.
  Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
  Regards,
  AnjaniKumar C.A.

• Single sign on and TimeMachine?

  I finally sorted out a typo with my AFP server that was interferring with single sign on for clients, only to find that it appears TimeMachine still requires a username and password to do network backups. Is this true, or am I missing something? I was hoping single sign on would solve my user password issues around expiry time, but now I'm starting to fear that's not the case.
  May have to look for an easier to manage agent based solution of some sort. Any suggestions (that aren't Retrospect)?

  bump?

• Single Sign-On and Data Visibility Rights

  Hello,
  I was wondering whether anyone has any best practices for implementing single sign on and user identification with Excelsius.
  More specifically, I need to interrogate user role, and limit certain data visibility based on that role.
  For example, a sales rep may only see certain data for their own territories, but the regional and national managers can see more.
  With the emphasis in improving enterprise integration with the new version coming up, I'm also wondering if there are any improvements included for this aspect.
  Thanks in advance.
  Derick

  Hi Derick,
  I want to make our discussion into 2 parts
  1) Sign on
  2) Viewing data based on the Heirarchy
  1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
  2) We can make the second point possible in two ways One is with providing restriction at universe level
  and the other one is through the use of flash variables.
  Using flash variables:
  The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
  I hope this is what you ar looking for....
  If so i have more points to acheive such scenario.
  Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
  Regards,
  AnjaniKumar C.A.

• Single Sign-On and session information

  I have an Oracle Portal application with many Java Web Applications. I wish to
  provide Single Sign-On to this applications. I know how to configure Single
  Sign-On and how to get the user login in Java. I want to store session
  information such as: User First and Last Name, User Social Security Number. I
  want to get this information from the database after authentication, store it
  in session and then access this information from all my applications.

  Are you familiarized with sys_context function?
  Hope this is useful help.
  BR,
  Marcos

• OBIEE 11G with MySql Issue Hierarchy is not working..

  Hi,
  i am using the OBIEE 11G with MySQL DB. i have sucessfully created the RPD. i created the Hierarchy in the RPD. this is the scerario i have created.
  i have only one data column created_at. by using this column i create 3 more logical logical columns, which are Year,Month Name,Week and created Hierarchy by taking the these columns only.
  when i am viewing the result by taking the hierarchy it throwing the error systax error"ou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version".
  but we selecting the year column it successfully nagvigating to the month level data but when selecting the Hierarchy directly it is unable to navigate from year to month.
  please provide me the solution for this as soon as possbile i have an urgent requirement on this.
  Thanks,
  Yogi.

  Hi,
  Thanks for you post..
  My Requriement is that we no need to create new columns we need to necessary columns in BMM layer only and we need to use them in Hierarchy.
  Thanks,
  Yogi.

• The option 'Display Credit Balance with negative sign" was not activated.

  I've encountered with a huge problem after load opening balance.
  I forgot to tick the  option 'Display Credit Balance with negative sign"
  It makes my client's Chart of Account  uncommon such as credit balance in Cash Account, AR .....
  However, I've search the sap  note to solve it  as follow:
    Description of the bug::     
  When creating the company in the system the option 'Display Credit Balance with negative sign' was not activated.
  Once transactions were created in the system the functionality can not be changed.
  Limits of the query:     
  After running the update query, please restart SBO first and then   run the restore 'GL account and bp balances';
  otherwise, the cashed value of SBO will not be updated and restore function may not take effect.
  1. Meaning of  restart SBO => restart SBO Service Manager right?
  2. Please help me please to find "The restore G/L account and bp balances" form.  Where is it?;
  Thank you

  Hi,
  I would think that you are following the PEQ instructions for note 970813, correct?
  If this is the case and you are using 2007 then you will find the restorev in the top menu; Help -> Support Desk -> Restore. You will find the functions here. Please note that this should only be used on direct instruction from support or a note like in this case. A backup should also be taken before running restore.
  Regards,
  Jesper