Single Sign-On for OS X 10.8 Server/AD

Similar Messages

• How to use single sign-on  for BCC and Experience Manager

  Does anyone have experience in implementing single-sign-on for BCC and Endeca Experience manager for business users.

  With the older versions of Endeca commerce stack there is no OOTB support for this. However with Oracle Commerce 11, SSO with BCC and Experience Manager are out of the box. Oracle Commerce 11 is released today.

• Single Sign on for 2 Web Applications deployed on Web Logic Server

  We want to implement single sign on for our application.
  We want to deploy 2 applications(JSF/ADF) on web logic server say
  webapp1 and webapp2.
  If user already logged into webapp1 with valid userid and password and
  then he access the link for webapp2 he should not be asked to provide
  the credential details userid and password.
  How we can implement this
  1. If user credentials are maintained/authenticated against LDAP
  2. If user maintained/authenticated are from database

  you are in the wrong forum. This one is related to Oracle forms. Try the ADF-forum instead.

• Oracle Single Sign-On for perticular module ?

  hello people,
  I have implemented Single Sign-On for some of my jsp pages in different folders like finance, inventory, etc,. Am creating some test users and groups in OID. but the users in inventory group are able to login to finance module. can u please give me some suggestions on how to restrict this ? where to do the configurations ?
  thanks

  Hi,
  if it is a J2EE application, use J2EE roles - defined in web.xml - and map it to groups in OID through the orion-application.xml file. See the OC4J security guide which is a part of Oracle Application Server documentation on OTN
  Frank

• Single Sign On For CRM IC?

  I'm working on a project to implement Single Sign On for our company.  I currently have it working for all of our SAPGUI users via SNC (LDAP auth) and also our portal users (also via LDAP auth), and want to use it also for the CRM Interaction Center (Web client). 
  Has anyone successfully implemented a single sign on solution for the IC?  If so, reward points are waiting for someone who can guide me to documentation on how to set it up/configure.
  Thanks in advance for any help the forum can provide.

  Hi Wayne, a very good question based on the docs. <a href="http://help.sap.com/saphelp_crm40sr1/helpdata/en/99/39926a159f4a75bd7abeec9b49a040/frameset.htm">In the docs</a> it is stated that:
  <b>Integration Into Single Sign-On Environments</b>
      The application does not accept SAP logon tickets.
      The application does not accept X.509 digital certificates.
      When the IC agent user is integrated into the SAP Enterprise Portal, it is SSO enabled.
  I would guess, this means, there is an iview or something like this in the portal to start the WebClient wihtout requiering the user to authenticate again.
  regards,
  Patrick

• Using the Portal Single Sign-On for java applet clients

  Hi
  We have a task to build a java applet working within a portlet and comunicating to some session EJB(wrapped BC4J) running on the OC4J. The applet is presumably connecting to server via RMI. This connection should be restricted to some groups of portal users.
  When a user is entering the applet he is supposed to be already logged into the Portal.
  There is a lot of information on building custom secure portlets using only a pure HTML(same as JSP) client whith the help of the Portal Single Sign-On.
  But, is it possible to use the Single Sign-On for establishing a secure RMI connection from applet to OC4J without entering a password in the applet once more?
  Yuriy

  Perhaps you can write a small JSP page or PLSQL
  web procedure that will grab user name from
  the SSO Server (via SSOSDK/mod_osso)
  and invoke the applet with encrypted user name.
  The applet will receive the encrypted username
  and decrypt it to get the clear user name.
  This help to get Single Sign-On.
  To make sure that environment is secure, encrypted
  user name parameter should have random salt,
  user name, and time stamp to prevent replay attack.
  Applet must make sure that the encrypted users name
  time stamp set by the JSP/PLSQL page has value
  within a reasonable time limit like 5 minutes

• How to do single sign on for multiple webservices in flex application

  Hi Experts,
  I have created a flex application and using few webservices in that application. When I run the application its asking logon details for each and every webservice I used. However I want to do single sign On without providing logon details for each and every webservice.Please suggest me.
  Thanks and advance.

  Hi,
  if yout projects are deployed in their own Java EE context root then you have multiple applications, though logically you count them as one. Use OSSO or Oracle SSO (where OSSO should be fine since all deployments share the same instance)
  Frank

• Use single sign on for multiple portal domains

  Is it possible for a user to sign on once to a domain, and then be able to access other domains. What I'm trying to do is have one user registration page/login page, but use different portal server domains to present different sites, while at the same time having a type of single sign on, once a user has entered his credentials. Thus my registration process will create a new ldap user in an external directory, and i can then just point all the different domains to that External Ldap directory.

  I wouldn't recommend this because it would affect performance plus there are potential other issues like conflict that you would run into ..
  Everytime a user logs into a new session is created for him and this means a user might have multiple sessions on the server. The cookie that is also set is dependent on per portal domain so it might not work ..
  An alternative approach might be to have multiple roles and then customize the role for different views. You can modify the membership code in such a way that based on certain criteria you can assign him to a particular role, equivalent to your domain. However the problem could be if you want to provide delegated admin, currently the delegated admin is only at a domain level.

• Integrating AS 10.1.2 and AS 10.1.3 to use Single Sign-on for BI Publisher

  Hi Everyone
  I was trying to make the following demonstration scenario on the AS and the facilities that can afforded by Oracle to our company:
  Note: I have just one machine for demonstration with Win2003 Enterprise
  First of all, I need to build a portal for my company, this portal will be published to the web through port 80 opened by Microsoft ISA Firewall (ISA installed on different machine):
  1- Portal should be integrated with oracle forms and reports with single sign-on
  2- AS, should have single sign-on authentication to work on port 80 only.
  3- Portal should be integrated with BI Publisher 10.3
  For the objectives mentioned above i have done the following:
  1- install AS 10.1.2 (infra and mid-tier) on the same machine with default installation options (http port 7777 for infra and port 80 for MT). (objective 1 = done)
  2- to make sso works on port 80, i have used webcache as reverse proxy for sso, and it's done but i have error (WWC-41400), but it doesn't affect login on portal, and that is my first problem.
  3- To have BI Publisher to work and authenticate users using single sign-on on port 80 (from outside), I had to install AS 10.1.3 (http on port 7779) on the same machine mentioned above, and then deploy BI Publisher on it, and that was ok, but problem is how to make use of single sign-on to authenticate people listed in oracle internet directory of INFRA installation mentioned above to use BI Publisher on port 80 only.
  So, could anyone please guide me in problem 2 and 3.
  Thanks in advance.
  Anas

  a couple of parameters not configured inside the Tomcat files. Now the SSO is working.
  SNC is not required for sso in bi 4.0
  http://wiki.sdn.sap.com/wiki/display/BOBJ/BI4IntegrationintotheSAPEntreprisePortal+7.0.x
  http://wiki.sdn.sap.com/wiki/display/BOBJ/SetupofSAPSSOServiceinSAPBOBI4.0+CMC
  Best Regards

• How to Create Single Sign On for Yahoo

  hi,
  i know how to do SSO for SAP R/3 SYSTEM.
  i want to know how to connect yahoo system using SSO
  let me know procedure how to do that
  regards
  prakash

  Hi,
  Yahoo is already single sign on. You just login in home page and you can access your briefcase, photos, etc...
  you don't require to do anything special.
  If i didn't understand eloborate...
  --Ragu

• MS Outlook Integration with CRM & Single Sign-On for Mobile\Blackberry

  Hi,
  Weu2019re looking at implementing CRM and have some questions on whether SSO (Single Sign-On) is a requirement for integrating Outlook with CRM for access via Mobile\Blackberry devices or not. I've the following questions:
  - For integrating Outlook and Active Directory with CRM is SSO implementation a MUST?
  - Also, is it possible to integrate Outlook without Active Directory integration with SAP esp. CRM?
  Mandeep Virk

  We got this figured out a couple of months earlier. It's nto a requirement to have SSO enabled for MS Outlook integration w/ CRM for Mobile\Blackberry use.

• How can i configure firefox single sign-on for urls on citrix environment to affect all users

  Hello,
  i tried to configure single sign-on on firefox, which is published on our citrix environment and i tried to setup it as per this article "http://support.citrix.com/article/ctx120598" this method and it only applies for a single user, is there any way of doing the config to apply for any user which is loged via citrix session...?
  Thank you,
  Manoj.

  you can use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values for all users and profile folders.
  Place a local-settings.js file in the defaults\pref folder where also the channel-prefs.js file is located to specify using mozilla.cfg.
  pref("general.config.filename", "mozilla.cfg");
  pref("general.config.obscure_value", 0);
  These functions can be used in the mozilla.cfg file:
  defaultPref(); // set new default value
  pref(); // set pref, allow changes in current session
  lockPref(); // lock pref, disallow changes
  See:
  *http://kb.mozillazine.org/Locking_preferences
  *http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/

• Single-sign-on for Polestar

  Hello!
  I assigned the Polestar server URL to NW Portal, then I can't skip the logon screen at Polestar.
  The signle sign on problem can be solved for Crytal reports,Xcelsisu dashboard,but I have no clue about Polestar(Business Object Explorer).
  How can we skip the Polestar logon page or is it possible to hard code the userid,password,authentication in the Polestar BO server URL(ex.in below URL) ?
  http://<BO server>:<port number>/polestar/
  Appreciate your wisdom!
  Thanks & Regards,
  Lai Wei

  If you are using SAP as your primary ERP or BI solution, then simply install the SAP Integration Kit on your BOE XI 3.1 server where Polestar is running.  Then follow the instructions to enable the SSO authentication via SAP Auth.
  Then simply use your SAP user ID and password to login to the Polestar application.
  If you want to completely bypass the login screen, simply configure Single Sign-On it's alittle more complicated.
  Would need to know what your users are currently logging into(NT Auth, SAP Portal, Windows AD), then you would simply need to setup a trust relationship between the current login and your BOE...which is fully support for the above options listed.
  Most of this stuff would be in the BO Administration forum.

• Single Sign On for SAP - Integration wih AD

  Users often need both an SAP and Active Directory identity and password to work in their IT environment. However, these multiple identities and passwords create several problems: user confusion leading to decreased productivity, increased help desk costs and security breaches.
  For this purpose how can we extend Active Directory authentication for single sign-on to SAP?
  Regards,
  Majid Khan

  Hi,
  It seems that SAP SSO/IWA  based on Spnego Kerberos is what you want.
  Spnego Kerberos only works on a J2EE stack based system.
  The classical technique is so to implement it on a SAP portal and to use redirect applications to use the portal saplogon ticket to authenticate on abap systems.
  Check help.sap.com on the subject, you will get a lot of information.
  Regards,
  Olivier

• APEX 3.0 with Single Sign On for single application

  Hi All,
  I have been playing around with SSO (IAS 10.1.2) and an APEX application for the past couple of days and am still having problems.
  I have followed the instructions word for word in the various how to documents named in this forum and am now at the point where I successfully redirect to SSO login page > login using a username created in OID (which is the same username/password in my application) > then get redirected back to "http://<MY_SSO_HOST>:7777/sso/auth"..
  Some things about my instance:
  1. Oracle DB > 10g 10.1.2
  2. Oracle IAS > 10g 10.1.2 (different server to above)
  3. APEX 3.0 > trying to run SSO authentication against a single application rather than the whole APEX instance.
  4. I have (after a lot of grief - figured out that the DAD MUST be /pls/somedad and that the port number 80 must be defined in the SSO token regardless - those two little gems got me as far as I am..
  Now I know very little about SSO and am trying to evaluate it for my application (which uses a DB login/password and has to continue to do so for other reasons which I do not control). I am assuming there is some method of synchronizing the OID/SSO repository with my db accounts but haven't yet figured that one out.
  I cannot for the life of me see what's wrong here. Any ideas??

  Thanks Scott..
  Okay let me go through the responses here..
  ...login using a username created in OID (which is the same username/password in my application)
  My application overlays another Oracle application (old client server) which relies on physical database user accounts to perform its own internal grants etc. i.e. it uses where USER = blah all over the place.
  Therefore my application is currently using the internal authentication scheme DATABASE (using DAD to resolve the credentials). In attempting to use SSO I am assuming that SSO must in some way be synched with my database (otherwise how does it pass any password changes applied in SSO to the database?)
  Given that it's a base install (SSO) the only login I have there is the default orcladmin account. So I am trying to figure out how to get SSO to pass an acceptable login name/password to my application. My first attempt has been to create a user in OID that matches the DB login to see if SSO passes these on login - maybe I'm completely missing the point here??
  ...After login you get redirected to "http://<MY_SSO_HOST>:7777/sso/auth"? That's not right..
  I have created/registered the application as per the how to guide using <my app name>.<my host>:<port> and setting the success URL to http://<my host>:<port>/pls/<mydad>/<my schema>.<custom success proc>
  When I fire up my browser and go to http://<my host>/pls/<mydad>/f?p=9900:1 it sends me to the SSO login page. After entering my username and password I then end up with a HTTP 404 - not found page with the URL "http://<MY_SSO_HOST>:7777/sso/auth".
  ..You should think about getting to 10.2 at least, ..
  Agreed but when I tried to upgrade the other day it fell in a big heap - so I backed it out to 10.1 again.
  ..I think I know what you mean. You installed the SSO SDK in a schema local to one workspace..
  That is correct - had to do it as my instance has multiple applications and I want to check it works on this one before breaking anything else!
  ..No, that's not always the case. If you find that putting '80' in works in your configuration and leaving it out doesn't work then put it in..
  I tried initially without the 80 but it threw errors whenever I tried to connect (these errors were APEX ones not SSO). On an off chance I put the 80 in there and presto it worked (in the sense that it redirected me to SSO anyway).
  ..Your application's use of a DB login/password is incongruous with using a different authentication method -- SSO or any other...
  Given the constraints mentioned earlier (answer to first question above) I don't really have much choice. I have an Oracle application that uses DB accounts to authenticate users and authorize thier use of the app modules. What I need to do is 'wrap' and APEX application around this Oracle application to make it SOX compliant (it does not currently enforce password aging/structure etc.) So.. I was thinking that SSO might be the answer.
  If SSO (used with OID) can enforce password aging and policies my intent is to have SSO 'manage' the user passwords for my APEX app (and it's underlying Oracle application). Hence the question about synching SSO with the underlying DB accounts. I thought the whole point of SSO/OID was to allow various enterprise apps to have thier authentication layers 'managed' by SSO - again maybe I'm misinterpreting this..
  ..if your application is working now with a non-SSO authentication scheme, then it should continue to work the same with SSO because after authentication, APP_USER is FRED in both cases..
  Agreed - but how does SSO "know" to let a given user have access to that particular application?
  Paul