Single Sign-on and external applications

Hi,
Someone might be able to point me in the right direction about this.
I have registered each of my applications as external applications within Oracle Portal in order to avail of single sign-on.
This is fine to a point, but registering applications in this way still requires the user to enter a username and password once in order to login to the application the first time they use it, even though they have already logged into the Portal. As long as the user doesn't log out of the application they can close their browser and when they come back to the application they are still logged in.
None of the applications I use are oracle partner applications.
My problem is that I want to avoid the user having to log in to the application the first time they use it.
Ideally they should login to Portal once and then any subsequent applications they access, they are automatically logged into them without having to enter a username and password.
Is there a way to do this or will I have to write a custom login for each application to circumnavigate this first time using the application login issue ?
Are there any docs that someone could point me at.
Many thanks,

Maria, I was experimenting with this last night, to answer your question, and I think a cool way of doing this would be the following:
Create a custom attribute called "App ID" - make this a NUMBER type. This is where the external application id will be stored.
Create a custom item type: "External Application"
You have two options for the base type: either "URL" or "<None>". If you pick URL, then you can have the item contain the URL for fapp_process_login, but this is not advisable because it will require the administrator to type in this long URL every time a new application is added.
If you select base type URL, you should use that URL to let the administrator provide a URL to the application's homepage, or a help page or something of that sort.
Edit the newly created item to set the Attribute and Procedure properties.
Add the "App ID" attribute - no default.
On the Procedure tab, add the following procedures (called as HTTP), each with the App ID passed as "p_app_id":
Login http://server.domain.com/pls/portal30_sso/portal30_sso.wwsso_app_admin.fapp_process_login
Edit http://server.domain.com/pls/portal30_sso/portal30_sso.wwsso_app_admin.edit_fappuser
That's it!
Add the new custom item type to a folder, and all the administrator needs to do is set the title, and App ID for the new item.
Excercise for the Reader
You will notice that clicking on the Edit link will take you to the login server when you are done editing the credentials. To avoid this, pass another parameter to the edit procedure - p_done_url, and set a value for that to point to the page that you want to go to after editing credentials.

Similar Messages

  • Single Sign-On and External Applications Portlet

    I would like to know how complicated would be to call an External Application with SSO (like Hotmail), outside the External Applications Portlet.
    We have defined around 10 external applications with SSO,they worked fine.
    but due to look&feel issues, we would like to put them in a content area , like items that when the user clicks, takes them to the external application and performs the single sign-on.
    Any advice will be appreciated.
    tks!!

    Maria, I was experimenting with this last night, to answer your question, and I think a cool way of doing this would be the following:
    Create a custom attribute called "App ID" - make this a NUMBER type. This is where the external application id will be stored.
    Create a custom item type: "External Application"
    You have two options for the base type: either "URL" or "<None>". If you pick URL, then you can have the item contain the URL for fapp_process_login, but this is not advisable because it will require the administrator to type in this long URL every time a new application is added.
    If you select base type URL, you should use that URL to let the administrator provide a URL to the application's homepage, or a help page or something of that sort.
    Edit the newly created item to set the Attribute and Procedure properties.
    Add the "App ID" attribute - no default.
    On the Procedure tab, add the following procedures (called as HTTP), each with the App ID passed as "p_app_id":
    Login http://server.domain.com/pls/portal30_sso/portal30_sso.wwsso_app_admin.fapp_process_login
    Edit http://server.domain.com/pls/portal30_sso/portal30_sso.wwsso_app_admin.edit_fappuser
    That's it!
    Add the new custom item type to a folder, and all the administrator needs to do is set the title, and App ID for the new item.
    Excercise for the Reader
    You will notice that clicking on the Edit link will take you to the login server when you are done editing the credentials. To avoid this, pass another parameter to the edit procedure - p_done_url, and set a value for that to point to the page that you want to go to after editing credentials.

  • Starting single sign-on and directory service

    i am trying to install oracle 9i infrastructure on my clean win2000 box with 2.4 GHz proc and 1GB RAM.
    i am getting falilure messages for the following:
    infrastructure instance configuration assistant: failed
    oracle 9i application server randomize password: failed
    single sign on configuration assistant: failed
    infrastructure mod-osso configuration assistant: failed
    OPMN configuration assistant: failed
    log file says:
    Configuration failed for IAS
    IAS Instance creation failed
    Configuration failed for JAZN
    JAZN configuration failed: unable to establish a directory context.
    Configuration succeeded for IASProperty
    Configuration failed for IAS
    Configuration failed for JAZN
    after which single sign-on and directory service dont start. which means no connectivity :(
    can somebody please guide me about how to avoid this failure in installation or how to manually start these after installation.
    it would be a great help
    ashish

    Hi,
    we're having exactly the same problem.
    Could you tell me what the problem is with the network ?
    You say configure it properly but what do you mean ?
    It's installed on a Windows 2000 Server machine, it's own DNS.
    Thanks,
    Yuri Arts

  • Oracle Single Sign on and Oracle Internet Directory

    Hello Gurus,
    What is the relationship between Oracle Single Sign on and Oracle Internet Directory.
    To my understanding, OID is required to install SSO.
    If OID already exist, can we just install SSO and go on integrating it to existing OID.
    Great Thanks,
    vimal jain.
    [email protected]

    Hi Tim,
    I've been working on this and could reproduce the issue with anonymous binds. A fix will be ready in 4.2.1.
    So what I really need is the password used for login to pass to the is_member call.The P101_PASSWORD item does not save state. However, you can access the value during submit processing of the login page, for example in the post authentication function of your authentication scheme. People sometimes put code in there to query the user's groups (e.g. with apex_ldap.member_of2) and save them in an application. This item value can then be used in the authorization schemes.
    Regards,
    Christian

  • Single Sign-On and session information

    I have an Oracle Portal application with many Java Web Applications. I wish to
    provide Single Sign-On to this applications. I know how to configure Single
    Sign-On and how to get the user login in Java. I want to store session
    information such as: User First and Last Name, User Social Security Number. I
    want to get this information from the database after authentication, store it
    in session and then access this information from all my applications.

    Are you familiarized with sys_context function?
    Hope this is useful help.
    BR,
    Marcos

  • Discussion on Blog: Single Sign On with External ID implemented in Ruby

    Hello,
    please use this Topic to discuss questions regarding the Blog <a href="/people/gregor.wolf3/blog/2006/09/30/single-sign-on-with-external-id-implemented-in-ruby">Single Sign On with External ID implemented in Ruby</a>.
    Regards
    Gregor

    Hi Gregor:
    As per your request, I am reposting my question in this forum..
    Your excellent blog Single Sign on with External ID Implemented in Ruby shows how you can generate a sso cookie with the external ID mapping with the X.509 certficate.
    In my scenario, the user has already logged into R/3 via SAPGUI (so no need for SNC here) and run an iView on the Portal - if I map an external ID in the table  VUSREXTID (type NT)  for each of my users then can I call the rfc SUSR_CHECK_LOGON_DATA by passing Auth_method = E and Auth_data = External ID and will this rfc return a SSO cookie?
    Thanks
    Venkat

  • Implementing Single Sign-On in J2SE Application

    I am developing a application which is going to do some Single Sign-On authentication.
    For those who do not know what Single Sign-On is: For user who have multiple usernames and password for different web site, Single Sign-On offers them a way to authenticate to these different site without the need to remember all those passwords. It takes over the authentication process, and authenticates to these web sites for the user. The usernames and passwords are stored in a database.
    I am going to develop such a program in Java. This program is going to fetch the web site which contains the login form. Find out what to send to the web server. Send the username and password stored for that web site and in return if authentication goes through the web site will send the web page to the Java program which when receive it will open it in a web browser.
    Does anyone have any idea how I can implement this Single Sign-On feature? I know there exist several applications for windows which offers such Single Sign-On and which works with Internet Explorer. So somehow I should be able to make such a feature for a Java application.

    Thanks for the reply
    Should I read the following from the document you sent in Section 4.5? I just wanna confirm..
    4.5 Configuring Custom SSO Environments
    For information about configuring Oracle Business Intelligence to participate in custom SSO environments (for example, setting up SSO using Active Directory or SiteMinder), see articles 1287479.1 and 1274953.1 on My Oracle Support at:
    https://support.oracle.com

  • Single Sign on and Protect URL step

    Hi,
    I have successfully installed Oracle Internet Directory, Identity Server, Web Pass, Policy manager, Access Server and WebGate (attached to Oracle HTTP Server from Oracle Management Infrastructure).
    My questions are:
    - How do I protect URL so the user will need to login to access certain URL?
    - How do I enable single sign on and test it?
    - What are the general steps involve to enable URL protection (so if the url is protected it will prompt for username and password) and single sign on using Oracle Internet Directory?
    Kindly help me if anyone know a solution or can point me to the right documentation. I have tried to read Oracle Access Manager - Access Administration Guide, but keep getting confused.
    Thanks.
    Regards,
    Alfonso

    Hi,
    You can follow Oracle Access Manager Integration Guide (10.1.4.0.1) B25347-01, chapter 4, to achieve this. This document will answer most of your questions.
    Regards,

  • Single Sign-On and Data Visibility Rights

    Hello,
    I was wondering whether anyone has any best practices for implementing single sign on and user identification with Excelsius.
    More specifically, I need to interrogate user role, and limit certain data visibility based on that role.
    For example, a sales rep may only see certain data for their own territories, but the regional and national managers can see more.
    With the emphasis in improving enterprise integration with the new version coming up, I'm also wondering if there are any improvements included for this aspect.
    Thanks in advance.
    Derick

    Hi Derick,
    I want to make our discussion into 2 parts
    1) Sign on
    2) Viewing data based on the Heirarchy
    1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
    2) We can make the second point possible in two ways One is with providing restriction at universe level
    and the other one is through the use of flash variables.
    Using flash variables:
    The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
    I hope this is what you ar looking for....
    If so i have more points to acheive such scenario.
    Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
    Regards,
    AnjaniKumar C.A.

  • Authentication between Single Sign-On and Web based applications

    Hi everyone,
    I need to create a way in Portal 10g (10.1.2.0.2) that allow me to do the following:
    Once the user is logged on Portal (against Single Sign-On - SSO) he doesn't need to retype his username/password when he access a web based application throught the portal, in my case, an ASP application (not .NET, just ASP).
    I made a test creating a External Application in SSO and after publishing this portlet (external application) inside portal.
    It worked, BUT I was prompted to inform username/password to log on the aplication.
    So, the user end up entering his password twice.
    Does anybody know a way to acomplish this task?
    The documentation I'm researching is:
    Oracle Application Server Single Sign-On
    Administrator's Guide
    10g Release 2 (10.1.2)
    B14078-02
    Oracle Application Server Single Sign-On
    Security Guide
    10g Release 2 (10.1.2)
    B13999-03
    Thank you very much,
    Diogo Santos.

    have figured out how to secure any HTML, ASP, PHP, CFM, etc. web page again Portal / OID using the PDK toolkit.
    Using AJAX (Asynchronous JavaScript and XML) and one Oracle Stored Procedure just adding a simple Javascript call to any HTML, ASP, PHP, etc. web page can secure it via Oracle SSO (OID). Access to any secured web page will require that it to be linked from an authenticated Portal session or a page opened in an authenticated Portal session.
    This process can be easily modified to add in group security etc. This is just my starting point.
    1) Create a stored procedure
    # Make sure it has access to portal.wwctx_api.is_logged_on
    CREATE OR REPLACE PROCEDURE login_ajax_check (
    display_error IN number default NULL) AS
    BEGIN NULL;
    If portal.wwctx_api.is_logged_on = false then
    htp.prn('DENY');
    ELSE
    htp.prn('ALLOW');
    END IF;
    Exception when others then htp.p('DENY');
    END;
    2) Use this Javascript in any page you wish to secure.
    <-- Begin Paste Here -->
    <script>
    var allowgo=2
    function ajaxCallRemotePage(url)
    if (window.XMLHttpRequest)
    // Non-IE browsers
    req = new XMLHttpRequest();
    req.onreadystatechange = processStateChange;
    req.open("GET", url, false);
    req.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
    req.send(null);
    else if (window.ActiveXObject)
    // IE
    req = new ActiveXObject("Msxml2.XMLHTTP");
    req.onreadystatechange = processStateChange;
    req.open("GET", url, false);
    req.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
    req.send();
    else
    return; // Navigateur non compatible
    // process the return of the "ajaxCallRemotePage"
    function CheckPortal()
    ajaxCallRemotePage('[Your page calling the procedure from above]');
    function processStateChange()
    if (req.readyState == 4)
    if (req.status == 200)
    if (req.responseText.substring(0,4) == 'ALLO')
    allowgo = 0;
    else
    allowgo = 1;
    function doPage()
    if (allowgo==1)
    window.location='[Your login or error page]';
    CheckPortal();
    doPage();
    </script>
    <-- End Paste Here -->
    That's it!!! Super easy. It works great too.
    Larry Schenavar
    [email protected]

  • Partner application single sign-on and Oc4j

    hello,
    I'm trying to test portal's partner application single sign-on, following the examples inside the "Oracle9 iAS Single Sign-On Application Developers Guide":
    With Tomcat as jsp engine everything works fine, but with Oc4j when I try to enter the protected jsp page i have this exception:
    oracle.security.sso.enabler.SSOEnablerException: java.lang.IllegalStateException: OutputStream already retrieved
         at SSOEnablerBean.getSSOUserInfo(SSOEnablerBean.java:153)
         at SSOEnablerJspBean.getSSOUserInfo(SSOEnablerJspBean.java:57)
         at /protetta.jsp._jspService(/protetta.jsp.java:37) (JSP page line 4)
    Any suggestion?
    Thanks in advance.

    I get the same problem with my partner application. It runs fine on JServer but I get the following problem on oc4j:
    oracle.security.sso.enabler.SSOEnablerException: java.lang.IllegalStateException: OutputStream already retrieved     
    at oracle.br.aerochain.sso.SSOEnablerBean.getSSOUserInfo(SSOEnablerBean.java, Compiled Code)     
    at oracle.br.aerochain.sso.SSOEnablerJspBean.getSSOUserInfo(SSOEnablerJspBean.java, Compiled Code)     
    at /jsp/papp.jsp._jspService(/jsp/papp.jsp.java, Compiled Code)     
    at com.orionserver[Oracle9iAS (9.0.2.0.0) Containers for J2EE].http.OrionHttpJspPage.service(OrionHttpJspPage.java, Compiled Code)     
    at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.HttpApplication.serviceJSP(HttpApplication.java, Compiled Code)     
    at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.JSPServlet.service(JSPServlet.java, Compiled Code)     
    at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java, Compiled Code)     
    at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java, Compiled Code)     
    at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java, Compiled Code)     at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.HttpRequestHandler.run(HttpRequestHandler.java, Compiled Code)     
    at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].util.ThreadPoolThread.run(ThreadPoolThread.java, Compiled Code)
    Did anyone get a solution for this?
    TIA

  • Single Sign On and Application with Web Services

    My Application Server is set as partner application for SSO so for example this address: http://myserver:80 is SSO enabled.
    I have two ADF applications on it with jspx pages and the ADF security is enabled on them. SSO works for these applications (for jspx files).
    I added a new application with a web service and deployed this new application. It is on the same application server as those two applications and its security provider in identity management, SSO enabled. Its address is something like:
    http://myserver:80/newWebService-Project1-context-root/MyWebService1SoapHttpPort
    So I expect to be unable to test web service, but I can and I am not prompted for user name and password.
    Regards
    Farbod

    Thank you.
    Yes I had cleared the cache and in these cases I always use a new browser also.
    I deployed a third application without declarative security options (ADF application, no security settings) and this application also didn't ask me for user information though it was under SSO.
    Regards
    Farbod

  • Single sign-on and custom DBLoginModule

    Hi,
    I need help in making sso work. I have Application Server version 10.1.3.1.0, I've developed application in JDeveloper 10.1.3.3. that uses form based login and when deployed to server I can normally login/logout. Now I want to enable single sign on, so I've changed security provider of javasso to the one I'm using in my application (oracle.sample.dbloginmodule.DBProcLM.DBProcOraDataSourceLoginModule) and started javasso, added my application to participating applications, and restarted the instance.
    When I try to access my application, login page of javasso is shown but I cannot login, always get incorrect username/password. The strange thing is that logs are empty, so i guess that dblogin module is never fired.
    Also I've changed my login method so it supports identity callback, like described in here .
    This Re: Custom Login Module and JavaSSO said that orion-application.xml of my application and javasso should be the same, I haven't figured out what should I do with javasso orion-application.xml and how sould it look like.
    this is orion-application.xml of my application
    <?xml version = '1.0' encoding = 'windows-1250'?>
    <orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd">
    <library path="./adf"></library>
    <jazn location="./jazn-data.xml" provider="XML"/>
        <data-sources path="./data-sources.xml"/>
    <jazn-loginconfig>
         <application>
              <name>secure-web-app</name>
              <login-modules>
                   <login-module>
                        <class>oracle.sample.dbloginmodule.DBProcLM.DBProcOraDataSourceLoginModule</class>
                        <control-flag>required</control-flag>
                        <options>
                             <option>
                                  <name>data_source_name</name>
                                  <value>jdbc/WMSPortalDS</value>
                             </option>
                             <option>
                                  <name>debug</name>
                                  <value>true</value>
                             </option>
                             <option>
                                  <name>plsql_procedure</name>
                                  <value>PK_SECURITY.GET_USER_AUTHENTICATION</value>
                             </option>
                             <option>
                                  <name>log_level</name>
                                  <value>ALL</value>
                             </option>
                        </options>
                   </login-module>
              </login-modules>
         </application>
    </jazn-loginconfig>        
    </orion-application>this is orion-application.xml of javasso
    <?xml version = '1.0' encoding = 'utf-8'?>
    <orion-application
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd"
        schema-major-version="10"
        schema-minor-version="0"
        component-classification="internal">
    <security-role-mapping name="{{PUBLIC}}">
        <group name="{{PUBLIC}}" />
    </security-role-mapping>
    <jazn provider="XML">
    </jazn>
    </orion-application>Please help, this is very urgent to me, all advices and guide lines are more than welcome.
    Thanks in advance,
    Tomislav.

    To be clear maybe someone will help.
    I have a cluster topology, with one application server and 3 oc4j instances.
    I've done following steps and without success, on my test instance:
    1. Deployed application with custom DBLogin (I'm using: oracle.sample.dbloginmodule.DBProcLM.DBProcOraDataSourceLoginModule)
    2. Sucessfully login / logout -> so I guess DBLogin is working fine
    3. Stopped the java sso application
    4. Changed the javasso Security Provider to my custom DBLogin with following parameters:
    class: oracle.sample.dbloginmodule.DBProcLM.DBProcOraDataSourceLoginModule
    data_source_name - jdbc/WMSPortalDS
    log_level - ALL
    plsql_procedure - PK_SECURITY.GET_USER_AUTHENTICATION
    debug - true
    5. Added Connection Pool and Data Source in javasso Administration -> JDBC -> tested connections and it was sucessful
    6. Started javasso application
    7. Then I went to Java SSO Configuration -> Participating applications -> checked my application
    8. Restarted instance
    9. Try to login -> invalid username / password
    In enerprise manager Log files -> javasso -> there are only messages regarding starting and stopping application
    Questions:
    1. orion-application.xml for javasso -> what exactly needs to be specified inside, currently I have following:
    <?xml version="1.0"?>
    <orion-application  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd"  deployment-version="10.1.3.1.0" default-data-source="jdbc/OracleDS" component-classification="internal"
      schema-major-version="10" schema-minor-version="0" >
            <web-module id="javasso-web" path="javasso-web.war" />
            <security-role-mapping name="{{PUBLIC}}">
                    <group name="{{PUBLIC}}" />
            </security-role-mapping>
            <persistence path="persistence" />
            <jazn provider="XML">
                    <property name="custom.loginmodule.provider" value="true" />
                    <property name="role.mapping.dynamic" value="true" />
            </jazn>
            <log>
                    <file path="application.log" />
            </log>
            <data-sources path="./data-sources.xml" />
    </orion-application>2. orion-application.xml for my application
    <?xml version="1.0"?>
    <orion-application  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd"  deployment-version="10.1.3.1.0" default-data-source="jdbc/OracleDS" see-parent-data-sources="false" component-classification="external"
      schema-major-version="10" schema-minor-version="0" >
            <web-module id="Portal" path="Portal.war" />
            <persistence path="persistence" />
            <library path="./adf" />
            <jazn provider="XML" location="jazn-data.xml" default-realm="jazn.com" >
                    <property name="custom.loginmodule.provider" value="true" />
                    <property name="role.mapping.dynamic" value="true" />
                    <jazn-web-app auth-method="CUSTOM_AUTH" />
            </jazn>
            <log>
                    <file path="application.log" />
            </log>
            <data-sources path="./data-sources.xml" />
    </orion-application>3. How to get any information into logs, I cannot find out what I'm doing wrong since there's no output in logs for javasso and my application.
    Please help, I'm really stuck and I have to resolve this as soon as possible.
    Thanks in advance,
    Tomislav.

  • Difference between Federated single sign on  and just Single sign on

    Can anyone please give a clear definition of what is
    1. Federated Single sign on?
    2. Just Single Sign on ?
    As a security expert if you were to Architect security what will you suggest ?
    Lets take an example Landscape
    NW1(ABAP + JAVA)- system, NW-2(ABAP+JAVA)  system and EP( java only), LDAP
    I am having a hard time convincing the customer to have both CONSUMER AND PRODUCER PORTAL for Federated single sign on? is this a bad idea. Customer says just give me SSO(with just one portal acting as CONSUMER/PRODUCER).
    initial GOLIVE user load will be 700+ users.
    Edited by: Franklin Jayasim on Jul 16, 2010 7:52 PM
    Edited by: Franklin Jayasim on Jul 16, 2010 7:53 PM
    Edited by: Franklin Jayasim on Jul 16, 2010 7:57 PM
    Edited by: Franklin Jayasim on Jul 17, 2010 12:17 AM

    Hi  Denny Liao
    The project is going to have BI(NW) and ECC/SRM/HR(NW) and sepparate  portal ( EP - Java only )
    I thought that normal SSO will help in the intranetwork, what happens if the employee(user)  needs to work from home.
    What about the external vendors suppliers etc...?

  • How to integrate Single Sign-On and JSF?

    Hi all,
    We are going to develop a web application using Oracle technologies, including ADF and JSF.
    But we´ll need to secure our website using Oracle Identity Manager (Single Sign-On). I am having difficulties to find any resource explaining how to do that.
    Also, the IM (SSO) will run on a Oracle AS instance and our web app (ADF+JSF) will run on a separete OC4J instance, due to ADF version. Is this a problem?
    Thanks

    We too are in the process of implementing iStore with SSO features.
    And if you believe me it seems to me as nightmare.
    In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
    [email protected]
    regards and thanks in advance
    Vikas Deep

Maybe you are looking for