Single Sign-On and Context Propogation

I would like to implement single sign-on to my Web Container and have
the LoginContext propogated to the EJB Container.
Can anyone point me to resources / documentation on this topic?
thanks,
tom~

How did you solve this ? Can you point to me the right resource ?
Thanx
[email protected] (Thomas Hunt) wrote:
I would like to implement single sign-on to my Web Container and have
the LoginContext propogated to the EJB Container.
Can anyone point me to resources / documentation on this topic?
thanks,
tom~

Similar Messages

  • Starting single sign-on and directory service

    i am trying to install oracle 9i infrastructure on my clean win2000 box with 2.4 GHz proc and 1GB RAM.
    i am getting falilure messages for the following:
    infrastructure instance configuration assistant: failed
    oracle 9i application server randomize password: failed
    single sign on configuration assistant: failed
    infrastructure mod-osso configuration assistant: failed
    OPMN configuration assistant: failed
    log file says:
    Configuration failed for IAS
    IAS Instance creation failed
    Configuration failed for JAZN
    JAZN configuration failed: unable to establish a directory context.
    Configuration succeeded for IASProperty
    Configuration failed for IAS
    Configuration failed for JAZN
    after which single sign-on and directory service dont start. which means no connectivity :(
    can somebody please guide me about how to avoid this failure in installation or how to manually start these after installation.
    it would be a great help
    ashish

    Hi,
    we're having exactly the same problem.
    Could you tell me what the problem is with the network ?
    You say configure it properly but what do you mean ?
    It's installed on a Windows 2000 Server machine, it's own DNS.
    Thanks,
    Yuri Arts

  • Oracle Single Sign on and Oracle Internet Directory

    Hello Gurus,
    What is the relationship between Oracle Single Sign on and Oracle Internet Directory.
    To my understanding, OID is required to install SSO.
    If OID already exist, can we just install SSO and go on integrating it to existing OID.
    Great Thanks,
    vimal jain.
    [email protected]

    Hi Tim,
    I've been working on this and could reproduce the issue with anonymous binds. A fix will be ready in 4.2.1.
    So what I really need is the password used for login to pass to the is_member call.The P101_PASSWORD item does not save state. However, you can access the value during submit processing of the login page, for example in the post authentication function of your authentication scheme. People sometimes put code in there to query the user's groups (e.g. with apex_ldap.member_of2) and save them in an application. This item value can then be used in the authorization schemes.
    Regards,
    Christian

  • Single Sign on and Protect URL step

    Hi,
    I have successfully installed Oracle Internet Directory, Identity Server, Web Pass, Policy manager, Access Server and WebGate (attached to Oracle HTTP Server from Oracle Management Infrastructure).
    My questions are:
    - How do I protect URL so the user will need to login to access certain URL?
    - How do I enable single sign on and test it?
    - What are the general steps involve to enable URL protection (so if the url is protected it will prompt for username and password) and single sign on using Oracle Internet Directory?
    Kindly help me if anyone know a solution or can point me to the right documentation. I have tried to read Oracle Access Manager - Access Administration Guide, but keep getting confused.
    Thanks.
    Regards,
    Alfonso

    Hi,
    You can follow Oracle Access Manager Integration Guide (10.1.4.0.1) B25347-01, chapter 4, to achieve this. This document will answer most of your questions.
    Regards,

  • Single Sign-On and Data Visibility Rights

    Hello,
    I was wondering whether anyone has any best practices for implementing single sign on and user identification with Excelsius.
    More specifically, I need to interrogate user role, and limit certain data visibility based on that role.
    For example, a sales rep may only see certain data for their own territories, but the regional and national managers can see more.
    With the emphasis in improving enterprise integration with the new version coming up, I'm also wondering if there are any improvements included for this aspect.
    Thanks in advance.
    Derick

    Hi Derick,
    I want to make our discussion into 2 parts
    1) Sign on
    2) Viewing data based on the Heirarchy
    1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
    2) We can make the second point possible in two ways One is with providing restriction at universe level
    and the other one is through the use of flash variables.
    Using flash variables:
    The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
    I hope this is what you ar looking for....
    If so i have more points to acheive such scenario.
    Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
    Regards,
    AnjaniKumar C.A.

  • Single Sign-On and session information

    I have an Oracle Portal application with many Java Web Applications. I wish to
    provide Single Sign-On to this applications. I know how to configure Single
    Sign-On and how to get the user login in Java. I want to store session
    information such as: User First and Last Name, User Social Security Number. I
    want to get this information from the database after authentication, store it
    in session and then access this information from all my applications.

    Are you familiarized with sys_context function?
    Hope this is useful help.
    BR,
    Marcos

  • OBIEE 11G with Single Sign-On and Active Directory

    Hi guys,
    Release Version: Oracle Business Intelligence 11.1.1.5.0
    Patch applied: 11.1.1.5.0 BP3 (Patch 13832750)
    OBIEE Server operating system: Windows Server 2008 SP2 (32-bits Operating System).
    We are trying to configure Single Sign-On according to TechNote_WNA_SSO_AD_V4.0.doc.
    Our krb5login.conf:
    com.sun.security.jgss.krb5.initiate {
    com.sun.security.auth.module.Krb5LoginModule required
    principal="[email protected]"
    keyTab=cgdkobi2.keytab
    useKeyTab=true
    storeKey=true
    debug=true
    com.sun.security.jgss.krb5.accept {
    com.sun.security.auth.module.Krb5LoginModule required
    principal="[email protected]"
    keyTab=cgdkobi2.keytab
    useKeyTab=true
    storeKey=true
    debug=true
    We generate de keytab file:
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.24\bin\ktab.exe -k cgdkobi2.keytab -a [email protected]
    Password for [email protected]:XXXXXXX
    Done!
    Service key for [email protected] is saved in cgdkobi2.keytab
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\kinit -k -t cgdkobi2.keytab cgdkobi2
    New ticket is stored in cache file C:\Users\cgdkobi2\krb5cc_cgdkobi2
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\klist -k -t cgdkobi2.keytab
    Key tab: cgdkobi2.keytab, 1 entry found.
    [1] Service principal: [email protected]
    KVNO: 1
    Time stamp: Mar 15, 2013 10:34
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>klist
    Current LogonId is 0:0x406163f5
    Cached Tickets: (0)
    We re-start the services and logon into analytics web and SSO doesn't work but there's not an error. It runs successfully with and Active Directoy user and password. Seems like SSO wasn't enabled, but I checked is enabled.
    Any suggestion?
    Thanks in advanced

    Follow the posts : OBI 11.1.1.6.SSO and You are not currently signed in to Oracle BI Server" for OBIEE 11.1.1.6 SSO do the troubleshooting mentioned there.
    Also check your logs for error like the one below:
    [2012-03-09T16:42:36.000-05:00] [OBIPS] [NOTIFICATION:1] [] [saw.securitysubsystem.checkauthentication.runimpl] [ecid: 6c98b5cce1f24814:2a613331:135f95fbdff:-8000-0000000000005b7a,0:1:1] [tid: 5932] Authentication Failure.
    Odbc driver returned an error (SQLDriverConnectW).
    State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
    [nQSError: 43113] Message returned from OBIS.
    [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)[[
    If you are getting this when you login to OBIEE :      You are not currently signed in to Oracle BI Server"
    then you need to apply this patch : 13553428 QA:BLK:DELIVER TO CORP. OID LDAP USERS FAILED WITH IMPERSONATOR DOES'NT EXIST. 11.1.1.6.0 Generic Platform (American English) General Oracle BI Suite EE Apr 5, 2012 799.4 KB
    Let us know the updates. Hope this helps. Mark if it does.!
    Thanks,
    SVS

  • Difference between Federated single sign on  and just Single sign on

    Can anyone please give a clear definition of what is
    1. Federated Single sign on?
    2. Just Single Sign on ?
    As a security expert if you were to Architect security what will you suggest ?
    Lets take an example Landscape
    NW1(ABAP + JAVA)- system, NW-2(ABAP+JAVA)  system and EP( java only), LDAP
    I am having a hard time convincing the customer to have both CONSUMER AND PRODUCER PORTAL for Federated single sign on? is this a bad idea. Customer says just give me SSO(with just one portal acting as CONSUMER/PRODUCER).
    initial GOLIVE user load will be 700+ users.
    Edited by: Franklin Jayasim on Jul 16, 2010 7:52 PM
    Edited by: Franklin Jayasim on Jul 16, 2010 7:53 PM
    Edited by: Franklin Jayasim on Jul 16, 2010 7:57 PM
    Edited by: Franklin Jayasim on Jul 17, 2010 12:17 AM

    Hi  Denny Liao
    The project is going to have BI(NW) and ECC/SRM/HR(NW) and sepparate  portal ( EP - Java only )
    I thought that normal SSO will help in the intranetwork, what happens if the employee(user)  needs to work from home.
    What about the external vendors suppliers etc...?

  • How to integrate Single Sign-On and JSF?

    Hi all,
    We are going to develop a web application using Oracle technologies, including ADF and JSF.
    But we´ll need to secure our website using Oracle Identity Manager (Single Sign-On). I am having difficulties to find any resource explaining how to do that.
    Also, the IM (SSO) will run on a Oracle AS instance and our web app (ADF+JSF) will run on a separete OC4J instance, due to ADF version. Is this a problem?
    Thanks

    We too are in the process of implementing iStore with SSO features.
    And if you believe me it seems to me as nightmare.
    In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
    [email protected]
    regards and thanks in advance
    Vikas Deep

  • OAM 11g Single Sign-On and OAM 11g Cookies

    Hi all,
    I need to know following,
    is it possible to get the username and password from the OAM 11g + IIS Webgate cookies and forward the same to the application for further authentication? is there any way to decrypt the cookie and use the information in the application?
    Regards.

    Yes , you can get the user password ,but for that you will have to write a custom plugin , else it is not possible.
    Refer step number 9 in the blog Single Sign on with Oracle Access Manager: Creating a Custom Authentication Plugin

  • Active Directory, single sign-on and  SRM Users

    We are in the process of installing SRM 7.0. using the Classic Scenario. I am seeking clarification around the creation of users in that system given the following:
    - My Basis colleagues are in the process of implementing single sign-on using Active Directory for our SAP Portal, SAP Business Warehouse and SRM systems.
    - Single sign-on will not  at this point be used for our SAP ECC 6.0 system
    My questions are:
    1. If active directory is being used do we need to create actual users within the SRM system?
    2. If actual users in the SRM system are not required, does this have any impact on the creation of the Organizational structure in SRM from the SAP ECC HR hierarchy?
    Many Thanks

    Hi Claire,
    The Single Sign On work only if user exist on every systemes.
    For example :
    If you connect trough portal to access ECC and SRM, your user id must exist in ECC and SRM.
    For Active Directory you can synchronize your user table to AD by using LDAP option.
    The best way is to configure a CUA for ECC and SRM, use the UME of Portal on ECC and synchronize the CUA to Active Directory.
    Finally use the SSO certificate between Portal ECC and SRM.
    Regards,
    Gilles SEBBAG
    Sap Technical Consultant.

  • AnyConnect WebVPN Single Sign-on and Sharepoint 2013

    I know  that single sign-on is currently working and supported for Sharepoint 2010 on 9.0 and later code however is Sharepoint 2013 supported? I can't seem to find any documentation or any material on this. Any help on this would be fantastic.
    Thanks!

    I'd like to know if Sharepoint 2013 is supported at all with ASA 9.x clientless SSL VPN. We get this error message:

  • Authentication between Single Sign-On and Web based applications

    Hi everyone,
    I need to create a way in Portal 10g (10.1.2.0.2) that allow me to do the following:
    Once the user is logged on Portal (against Single Sign-On - SSO) he doesn't need to retype his username/password when he access a web based application throught the portal, in my case, an ASP application (not .NET, just ASP).
    I made a test creating a External Application in SSO and after publishing this portlet (external application) inside portal.
    It worked, BUT I was prompted to inform username/password to log on the aplication.
    So, the user end up entering his password twice.
    Does anybody know a way to acomplish this task?
    The documentation I'm researching is:
    Oracle Application Server Single Sign-On
    Administrator's Guide
    10g Release 2 (10.1.2)
    B14078-02
    Oracle Application Server Single Sign-On
    Security Guide
    10g Release 2 (10.1.2)
    B13999-03
    Thank you very much,
    Diogo Santos.

    have figured out how to secure any HTML, ASP, PHP, CFM, etc. web page again Portal / OID using the PDK toolkit.
    Using AJAX (Asynchronous JavaScript and XML) and one Oracle Stored Procedure just adding a simple Javascript call to any HTML, ASP, PHP, etc. web page can secure it via Oracle SSO (OID). Access to any secured web page will require that it to be linked from an authenticated Portal session or a page opened in an authenticated Portal session.
    This process can be easily modified to add in group security etc. This is just my starting point.
    1) Create a stored procedure
    # Make sure it has access to portal.wwctx_api.is_logged_on
    CREATE OR REPLACE PROCEDURE login_ajax_check (
    display_error IN number default NULL) AS
    BEGIN NULL;
    If portal.wwctx_api.is_logged_on = false then
    htp.prn('DENY');
    ELSE
    htp.prn('ALLOW');
    END IF;
    Exception when others then htp.p('DENY');
    END;
    2) Use this Javascript in any page you wish to secure.
    <-- Begin Paste Here -->
    <script>
    var allowgo=2
    function ajaxCallRemotePage(url)
    if (window.XMLHttpRequest)
    // Non-IE browsers
    req = new XMLHttpRequest();
    req.onreadystatechange = processStateChange;
    req.open("GET", url, false);
    req.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
    req.send(null);
    else if (window.ActiveXObject)
    // IE
    req = new ActiveXObject("Msxml2.XMLHTTP");
    req.onreadystatechange = processStateChange;
    req.open("GET", url, false);
    req.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
    req.send();
    else
    return; // Navigateur non compatible
    // process the return of the "ajaxCallRemotePage"
    function CheckPortal()
    ajaxCallRemotePage('[Your page calling the procedure from above]');
    function processStateChange()
    if (req.readyState == 4)
    if (req.status == 200)
    if (req.responseText.substring(0,4) == 'ALLO')
    allowgo = 0;
    else
    allowgo = 1;
    function doPage()
    if (allowgo==1)
    window.location='[Your login or error page]';
    CheckPortal();
    doPage();
    </script>
    <-- End Paste Here -->
    That's it!!! Super easy. It works great too.
    Larry Schenavar
    [email protected]

  • Single Sign-on and PORTAL30 DAD

    What I've done:
    1) Setup up PORTAL30 DAD with Single Sign-on
    2) Created schema called JOHN with "hello world" procedure call TEST
    3) Grant execute on TEST to PORTAL30
    4) Goto http://<servername>/pls/portal30/john.test
    5) Receive "Procedure Doesn't Exist" error
    6) Change DAD from single sign-on to Basic authentication
    7) Repeat Step 4 with no problems

    Hi Derick,
    I want to make our discussion into 2 parts
    1) Sign on
    2) Viewing data based on the Heirarchy
    1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
    2) We can make the second point possible in two ways One is with providing restriction at universe level
    and the other one is through the use of flash variables.
    Using flash variables:
    The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
    I hope this is what you ar looking for....
    If so i have more points to acheive such scenario.
    Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
    Regards,
    AnjaniKumar C.A.

  • Single Sign On and user security with IS

    We have installed Information Steward 4.1 SP1 Patch 1 with Data Services 4.1 SP1 Patch 2 on Information Platform Services 4.0 SP 5 patch 6.  The Information Steward system is installed on it's own server.  We are connecting IS to our SAP Netweaver 7.3 system. 
    I have set up Single Sign On using Windows AD authentication.  The connection to the SAP system uses a service account. 
    Because the SAP system has our payroll information on it, we want to restrict Information Steward users based on their SAP security profiles.  We don't want to have to maintain security settings in both SAP and Information Steward. 
    Does anyone know if there's a way to set up Single Sign On so it passes the user credentials from SAP to Information Steward?  Then restrict the users on Information Steward based on their SAP security settings?
    Any advice would be appreciated!

    Hi,
    You can use Windows AD or SAP Authentication and configure it with SSO. However this should be done in the BI/IPS plaftorm and not IS. See the BI admin guide (http://help.sap.com/bobip40) section "Authentication options in BI platform". Please let me know if that's what you wanted.
    thanks

Maybe you are looking for