AnyConnect WebVPN Single Sign-on and Sharepoint 2013

Similar Messages

• Single Sign On and SharePoint Online. Why so much re-authentication?

  We are migrating to SharePoint Online 2013. Much of the organization is already on o365 for Exchange and Linq.
  Most clients are Windows 7 using IE 11.
  From what I understand there is an AD to ADFS sync and a custom SSO login page that accepts our enterprise user and passwords.
  Looking at this, a few dumb questions:
  http://technet.microsoft.com/en-us/library/hh852486.aspx
  In our organization, authenticating into our desktops and network does not automatically authenticate us into o365, Exchange, Linq or SharePoint Online.   Furthermore, Authetnicating into Exchange and Linq, does not automatically authenticate me
  into SharePoint Online.  I can create a map to SharePoint Document library while HTTP authenticated into SPO, but if reboot and log into our network and then Exchange/Linq and attempt to access that map the SPO library I get an error.  If I then
  authenticate into SPO, the map works again.
  These are all MS products and technologies.  Are these gaps in SSO normal and expected or are these limitation in our organization?
  What would it take to seamlessly have access to SPO resources automatically after authenticating into our AD network?
  Any chance MS SSO can work like a ChromeBook login, where all Google resource are automatically available without prompt for authentication?

  The problem is that the cookie/token for SPO expires. You need to periodically login there to renew it. Using a smart link to authenticate directly to SPO and get a persistent cookie will help:
  http://samhandle.no/2014/06/24/sharepoint-online-with-webdav-and-sso/
  You will still have to open SPO even with the above setup, but a lot less frequently. If you keep running into issues with mapped drives, refer to this article:
  http://support.microsoft.com/kb/2616712

• Install AD / SQL Server 2012 and SharePoint 2013 on a single server as Development Environment

  Hi All,
        I'm planning to prepare a SharePoint 2013 development environment. The current idea is to install Domain controller, SQL Server 2012 and SharePoint 2013 all on a single server. Even though this is for development purposes,
  would there be any limitations specially when it comes to SP 2013 functionalities according to your experience?
  Some articles i referred.
  http://sharepoint-tutorial.net/post/2012/07/18/install-sharepoint-2013-domain-controller.aspx
  http://social.technet.microsoft.com/Forums/en-US/f438c9a6-02e8-43d3-9963-7a0608f0b961/sharepoint2013-on-domain-controller
  Thanks,
  Dilip

  Hi
  i understand this is a sandbox environment but you should be able to install everything.
  http://sharepoint-tutorial.net/post/2012/07/18/install-sharepoint-2013-domain-controller.aspx
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Digital Signature and SharePoint 2013

  Dear Expert,
  My company has a plan to do digital signature and sharepoint 2013. Now, we focus for internal use that I know use AD CS. and in near future we use for external use. We plan to buy 3rd party certificate.
  My question
  1. How to implement this solution? Please suggest
  2. If I implemented AD CS, can we use public certificate in near future.
  3. Can we use public certificate with SharePoint 2013?
  Thank you

  Hi,
  Based on your description, my understanding is that you want to use Digital Signature in SharePoint Server 2013.
  You can use digital signatures in forms ,then use these forms in you SharePoint site.
  In InfoPath form ,you can change the form to allow signature here: File>Info>Advanced form options >Digital Signatures .You can choose to sign the whole form or a field .
  https://social.technet.microsoft.com/Forums/en-US/0ed54d57-d67d-41cd-bd1b-9e5a4be10d0c/use-of-digital-signature-in-sharepoint-2010?forum=sharepointcustomizationprevious
  besides, here is a similar post, you can take a look at:
  http://sharepoint.stackexchange.com/questions/78058/custom-digital-signatures-or-hash-on-list-items
  For more information about implemented AD CS, refer to the following link:
  http://technet.microsoft.com/en-us/library/hh831574.aspx
  Best Regards,
  Lisa Chen    
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]                                                   
  Lisa Chen
  TechNet Community Support

• Starting single sign-on and directory service

  i am trying to install oracle 9i infrastructure on my clean win2000 box with 2.4 GHz proc and 1GB RAM.
  i am getting falilure messages for the following:
  infrastructure instance configuration assistant: failed
  oracle 9i application server randomize password: failed
  single sign on configuration assistant: failed
  infrastructure mod-osso configuration assistant: failed
  OPMN configuration assistant: failed
  log file says:
  Configuration failed for IAS
  IAS Instance creation failed
  Configuration failed for JAZN
  JAZN configuration failed: unable to establish a directory context.
  Configuration succeeded for IASProperty
  Configuration failed for IAS
  Configuration failed for JAZN
  after which single sign-on and directory service dont start. which means no connectivity :(
  can somebody please guide me about how to avoid this failure in installation or how to manually start these after installation.
  it would be a great help
  ashish

  Hi,
  we're having exactly the same problem.
  Could you tell me what the problem is with the network ?
  You say configure it properly but what do you mean ?
  It's installed on a Windows 2000 Server machine, it's own DNS.
  Thanks,
  Yuri Arts

• Oracle Single Sign on and Oracle Internet Directory

  Hello Gurus,
  What is the relationship between Oracle Single Sign on and Oracle Internet Directory.
  To my understanding, OID is required to install SSO.
  If OID already exist, can we just install SSO and go on integrating it to existing OID.
  Great Thanks,
  vimal jain.
  [email protected]

  Hi Tim,
  I've been working on this and could reproduce the issue with anonymous binds. A fix will be ready in 4.2.1.
  So what I really need is the password used for login to pass to the is_member call.The P101_PASSWORD item does not save state. However, you can access the value during submit processing of the login page, for example in the post authentication function of your authentication scheme. People sometimes put code in there to query the user's groups (e.g. with apex_ldap.member_of2) and save them in an application. This item value can then be used in the authorization schemes.
  Regards,
  Christian

• Single Sign on and Protect URL step

  Hi,
  I have successfully installed Oracle Internet Directory, Identity Server, Web Pass, Policy manager, Access Server and WebGate (attached to Oracle HTTP Server from Oracle Management Infrastructure).
  My questions are:
  - How do I protect URL so the user will need to login to access certain URL?
  - How do I enable single sign on and test it?
  - What are the general steps involve to enable URL protection (so if the url is protected it will prompt for username and password) and single sign on using Oracle Internet Directory?
  Kindly help me if anyone know a solution or can point me to the right documentation. I have tried to read Oracle Access Manager - Access Administration Guide, but keep getting confused.
  Thanks.
  Regards,
  Alfonso

  Hi,
  You can follow Oracle Access Manager Integration Guide (10.1.4.0.1) B25347-01, chapter 4, to achieve this. This document will answer most of your questions.
  Regards,

• Single Sign-On and Data Visibility Rights

  Hello,
  I was wondering whether anyone has any best practices for implementing single sign on and user identification with Excelsius.
  More specifically, I need to interrogate user role, and limit certain data visibility based on that role.
  For example, a sales rep may only see certain data for their own territories, but the regional and national managers can see more.
  With the emphasis in improving enterprise integration with the new version coming up, I'm also wondering if there are any improvements included for this aspect.
  Thanks in advance.
  Derick

  Hi Derick,
  I want to make our discussion into 2 parts
  1) Sign on
  2) Viewing data based on the Heirarchy
  1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
  2) We can make the second point possible in two ways One is with providing restriction at universe level
  and the other one is through the use of flash variables.
  Using flash variables:
  The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
  I hope this is what you ar looking for....
  If so i have more points to acheive such scenario.
  Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
  Regards,
  AnjaniKumar C.A.

• Single Sign-On and session information

  I have an Oracle Portal application with many Java Web Applications. I wish to
  provide Single Sign-On to this applications. I know how to configure Single
  Sign-On and how to get the user login in Java. I want to store session
  information such as: User First and Last Name, User Social Security Number. I
  want to get this information from the database after authentication, store it
  in session and then access this information from all my applications.

  Are you familiarized with sys_context function?
  Hope this is useful help.
  BR,
  Marcos

• Sharepoint 2010 comsumer and Sharepoint 2013 is the provider

  The client has sharepoint 2010 as the consumer and 2013 as the provider for the service application "User profile service application"
  When the client clicks on My profile and  tries to change his picture we get an error mesage, when the logs were reviewed we see the below message
  Timestamp Process TID Area Category EventID Level Message Correlation 09/05/2014 10:17:46.17 w3wp.exe (XYZXYZXYZ:0x26E0) 0x5DEC SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://xxxxx/_layouts/SelectPicture2.aspx?Type=User&accountname=yyyyy&IsDlg=1)
  9f43fafd-1f9d-436b-9100-bbe66ed75e72 09/05/2014 10:17:46.18 w3wp.exe (XYZXYZXYZ:0x26E0) 0x5DEC SharePoint Foundation Logging Correlation Data xmnv Medium Site=/ 9f43fafd-1f9d-436b-9100-bbe66ed75e72 09/05/2014 10:17:46.20 w3wp.exe (XYZXYZXYZ:0x26E0) 0x5DEC
  SharePoint Portal Server Runtime 7pm5 High Url Path: "/_layouts/SelectPicture2.aspx" 9f43fafd-1f9d-436b-9100-bbe66ed75e72 09/05/2014 10:17:46.21 w3wp.exe (XYZXYZXYZ:0x26E0) 0x5DEC SharePoint Portal Server Runtime 7pma Exception Unhandled exception
  caught during execution of Microsoft.SharePoint.Portal.PageBase::ErrorHandler(). Exception information: Exception information: System.IO.FileNotFoundException: The Web application at http://my-sites/ could not be found. Verify that you have typed the URL correctly.
  If the URL should be serving existing content, the system administrator may need to add a new request URL mapping to the intended application. at Microsoft.SharePoint.SPSite..ctor(SPFarm farm, Uri requestUri, Boolean contextSite, SPUserToken userToken) at
  Microsoft.SharePoint.SPSite..ctor(String requestUrl) at Microsoft.SharePoint.Portal.WebControls.ProfileImagePicker.LoadPictureLibrary() at Microsoft.SharePoint.Portal.WebControls.ProfileImagePicker.<onload>b__0() at Microsoft.SharePoi... 9f43fafd-1f9d-436b-9100-bbe66ed75e72
  09/05/2014 10:17:46.21* w3wp.exe (XYZXYZXYZ:0x26E0) 0x5DEC SharePoint Portal Server Runtime 7pma Exception ...nt.SPSecurity.<>c__DisplayClass4.<runwithelevatedprivileges>b__2() at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated
  secureCode) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode) at Microsoft.SharePoint.Portal.WebControls.ProfileImagePicker.OnLoad(EventArgs
  ea) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean
  includeStagesBeforeAsyncPoi... 9f43fafd-1f9d-436b-9100-bbe66ed75e72 09/05/2014 10:17:46.21* w3wp.exe (XYZXYZXYZ:0x26E0) 0x5DEC SharePoint Portal Server Runtime 7pma Exception ...nt, Boolean includeStagesAfterAsyncPoint) System.IO.FileNotFoundException: The
  Web application at http://my-sites/ could not be found. Verify that you have typed the URL correctly. If the URL should be serving existing content, the system administrator may need to add a new request URL mapping to the intended application. at Microsoft.SharePoint.SPSite..ctor(SPFarm
  farm, Uri requestUri, Boolean contextSite, SPUserToken userToken) at Microsoft.SharePoint.SPSite..ctor(String requestUrl) at Microsoft.SharePoint.Portal.WebControls.ProfileImagePicker.LoadPictureLibrary() at Microsoft.SharePoint.Portal.WebControls.ProfileImagePicker.<onload>b__0()
  at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass4.<runwithelevatedprivileges>b__2() at Microsoft.SharePoint.Utilities.... 9f43fafd-1f9d-436b-9100-bbe66ed75e72 09/05/2014 10:17:46.21* w3wp.exe (XYZXYZXYZ:0x26E0) 0x5DEC SharePoint Portal Server
  Runtime 7pma Exception ...SecurityContext.RunAsProcess(CodeToRunElevated secureCode) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated
  secureCode) at Microsoft.SharePoint.Portal.WebControls.ProfileImagePicker.OnLoad(EventArgs ea) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive()
  at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) 9f43fafd-1f9d-436b-9100-bbe66ed75e72 09/05/2014 10:17:46.21
  w3wp.exe (XYZXYZXYZ:0x26E0) 0x5DEC SharePoint Server Unified Logging Service c91s Monitorable Watson bucket parameters: SharePoint Server 2010, ULSException14, 06d8f9f3 "sharepoint portal server", 0e00178d "14.0.6029.0", 1f65804a "microsoft.sharepoint",
  0e0017f9 "14.0.6137.0", 5136df43 "wed mar 06 00:16:35 2013", 000057b4 "000057b4", 00000077 "00000077", 4d150129 "filenotfoundexception", 37706d61 "7pma" 9f43fafd-1f9d-436b-9100-bbe66ed75e72 09/05/2014
  10:17:46.21 w3wp.exe (XYZXYZXYZ:0x26E0) 0x5DEC SharePoint Foundation Runtime tkau Unexpected System.IO.FileNotFoundException: The Web application at http://my-sites/ could not be found. Verify that you have typed the URL correctly. If the URL should be serving
  existing content, the system administrator may need to add a new request URL mapping to the intended application. at Microsoft.SharePoint.SPSite..ctor(SPFarm farm, Uri requestUri, Boolean contextSite, SPUserToken userToken) at Microsoft.SharePoint.SPSite..ctor(String
  requestUrl) at Microsoft.SharePoint.Portal.WebControls.ProfileImagePicker.LoadPictureLibrary() at Microsoft.SharePoint.Portal.WebControls.ProfileImagePicker.<onload>b__0() at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass4.<runwithelevatedprivileges>b__2()
  at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunEleva... 9f43fafd-1f9d-436b-9100-bbe66ed75e72 09/05/2014 10:17:46.21* w3wp.exe (XYZXYZXYZ:0x26E0) 0x5DEC SharePoint Foundation Runtime tkau Unexpected ...ted secureCode) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback
  secureCode, Object param) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode) at Microsoft.SharePoint.Portal.WebControls.ProfileImagePicker.OnLoad(EventArgs ea) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive()
  at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  9f43fafd-1f9d-436b-9100-bbe66ed75e72 09/05/2014 10:17:46.21 w3wp.exe (XYZXYZXYZ:0x26E0) 0x5DEC SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://xxxxx/_layouts/SelectPicture2.aspx?Type=User&accountname=yyyyy&IsDlg=1)).
  Execution Time=50.9131783692527 9f43fafd-1f9d-436b-9100-bbe66ed75e72 </runwithelevatedprivileges></onload></runwithelevatedprivileges></onload></runwithelevatedprivileges></onload>
  Checked the Alternative access mapping on the provider server and it looks good.
  what would cause this to happne and how can this be resolved
  Satyam

  Cameron,
  Thanks for taking the time to reply.
  Actually, it may not be related to compatibility. Let me explain in detail (As below)
  Client has 2 different environments SharePoint 2010 and SharePoint 2013.
  On SharePoint 2010 they have the web application-Site collections, however for My sites they use SharePoint 2013, where the trust (Root certificate and the STS ) was shared... Making the SP2010
  as the consumer and SP 2013 as the provider.
  When a user from SharePoint 2010, click on my profile the user is then taken to this page "edituserprofile.aspx"
  which still has the look and feel of sharepoint 2010, and under pictures when we choose the button "Choose Picture" we get the error message with the corelation ID, when checked the ULS logs we get the message (Mentioned in the first post and is
  also mentioned below)
  "Exception Unhandled exception caught during execution of Microsoft.SharePoint.Portal.PageBase::ErrorHandler().
  Exception information: Exception information: System.IO.FileNotFoundException: The Web application at http://my-sites/ could not be found. Verify that you have typed the URL correctly. If the URL should be serving existing content, the system administrator
  may need to add a new request URL mapping to the intended application. "
  I have checked the AAM and it looks good.
  When the user clicks on my profile on SP2010 environment , the user must be diverted to the sp2013 environment to update his information...correct ?
  Satyam.. 

• Difference between Sharepoint 2007 ,sharepoint server 2010 and sharepoint 2013

  Difference between Sharepoint 2007 ,sharepoint server 2010 and sharepoint 2013
  Saidireddy

  Hi
  your little question, could have a big big answer, or answers ;)
  To complete your question, ai will try
  Difference between Sharepoint 2007 ,sharepoint server 2010 and sharepoint 2013 and Office 365
  Isn't a simply an unique answer and deppends on your need , business needs, and you infrastructure. Depends also which type ( Foundation ( which is free ), Standard/ Enterprise )
  Depends on you to read, learn and ask , punctually about one issue/problem/request
  I recommend you to bing the net
  http://www.bing.com/search?q=sharepoint+2007+vs+2010+vs+2013&pc=MOZI&form=MOZSBR
  Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

• Migration steps for moss 2007 to sharepoint 2010 and sharepoint 2013

  Hi,
  I need to learn migration steps from moss 2007 to sharepoint 2010 and sharepoint 2013.Can any one please explain the step by step procedure for this.What are the migration tools available.Please reply.
  Regards,
  Praveen

  Hi Praveen,
  This link describes the process:
  http://www.winwire.com/moss-2007-to-sharepoint-2013-migration-using-database-attach-method/
  Some paid tools for migration:
  https://www.harepoint.com/Products/HarePoint-Content-Workflow-Migrator/Default.aspx?gclid=CM2l1v3m28MCFRVxvAodpq0AVA
  https://www.avepoint.com/sharepoint-migration-download/?gclid=CPK17_fm28MCFQ1xvAodekAA8w
  Thanks,
  Nadeem
  Please remember to up-vote or mark the reply as answer if you find it helpful.

• ADFS SSO and SharePoint 2013 on-premise Hybrid outbound search results from SharePoint Online - does it work?

  Hi, 
  I want to setup an outpund hybrid search for SharePoint 2013 on-premise to SharePoint Online.
  But I'm not shure if this works with ADFS SSO.
  Has somebody experience with this setup?
  Here's my guide which I'm going to use for this installation:
  Introduction
  In this post I'll show you how to get search results from your SharePoint Online in your SharePoint 2013 on-premise search center.
  Requirements
  User synchronisation ActiveDirectory to Office 365 with DirSync
  DirSync password sync or ADFS SSO
  SharePoint Online
  SharePoint 2013 on-premise
  Enterprise Search service
  SharePoint Online Management Shell
  Instructions
  All configuration will be done either in the Search Administration of the Central Administration or in the PowerShell console of your on-premise SharePoint 2013 server.
  Set up Sever to Server Trust
  Export certificates
  To create a server to server trust we need two certificates.
  [certificate name].pfx: In order to replace the STS certificate, the certificate is needed in Personal Information Exchange (PFX) format including the private key.
  [certificate name].cer: In order to set up a trust with Office 365 and Windows Azure ACS, the certificate is needed in CER Base64 format.
  First launch the Internet Information Services (IIS) Manager
  Select your SharePoint web server and double-click Server Certificates
  In the Actions pane, click Create Self-Signed Certificate
  Enter a name for the certificate and save it with OK
  To export the new certificate in the Pfx format select it and click Export in the Actions pane
  Fill the fields and click OK Export to: C:\[certificate
  name].pfx Password: [password]
  Also we need to export the certificate in the CER Base64 format. For that purpose make a right-click on the certificate select it and click on View...
  Click the Details tab and then click Copy to File
  On the Welcome to the Certificate Export Wizard page, click Next
  On the Export Private Key page, click Next
  On the Export File Format page, click Base-64 encoded X.509 (.CER), and then click Next.
  As file name enter C:\[certificate
  name].cer and then click Next
  Finish the export
  Import the new STS (SharePoint Token Service) certificate
  Let's update the certificate on the STS. Configure and run the PowerShell script below on your SharePoint server.
  if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
  # set the cerficates paths and password
  $PfxCertPath = "c:\[certificate name].pfx"
  $PfxCertPassword = "[password]"
  $X64CertPath = "c:\[certificate name].cer"
  # get the encrypted pfx certificate object
  $PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
  # import it
  Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $PfxCert
  Type Yes when prompted with the following message.
  You are about to change the signing certificate for the Security Token Service. Changing the certificate to an invalid, inaccessible or non-existent certificate will cause your SharePoint installation to stop functioning. Refer
  to the following article for instructions on how to change this certificate: http://go.microsoft.com/fwlink/?LinkID=178475. Are you
  sure, you want to continue?
  Restart IIS so STS picks up the new certificate.
  & iisreset
  & net stop SPTimerV4
  & net start SPTimerV4
  Now validate the certificate replacement by running several PowerShell commands and compare their outputs.
  # set the cerficates paths and password
  $PfxCertPath = "c:\[certificate name].pfx"
  $PfxCertPassword = "[password]"
  # get the encrypted pfx certificate object
  New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
  # compare the output above with this output
  (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
  [/code]
  ## Establish the server to server trust
  [code lang="ps"]
  if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
  Import-Module MSOnline
  Import-Module MSOnlineExtended
  # set the cerficates paths and password
  $PfxCertPath = "c:\[certificate name].pfx"
  $PfxCertPassword = "[password]"
  $X64CertPath = "c:\[certificate name].cer"
  # set the onpremise domain that you added to Office 365
  $SPCN = "sharepoint.domain.com"
  # your onpremise SharePoint site url
  $SPSite="http://sharepoint"
  # don't change this value
  $SPOAppID="00000003-0000-0ff1-ce00-000000000000"
  # get the encrypted pfx certificate object
  $PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
  # get the raw data
  $PfxCertBin = $PfxCert.GetRawCertData()
  # create a new certificate object
  $X64Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
  # import the base 64 encoded certificate
  $X64Cert.Import($X64CertPath)
  # get the raw data
  $X64CertBin = $X64Cert.GetRawCertData()
  # save base 64 string in variable
  $CredValue = [System.Convert]::ToBase64String($X64CertBin)
  # connect to office 3656
  Connect-MsolService
  # register the on-premise STS as service principal in Office 365
  # add a new service principal
  New-MsolServicePrincipalCredential -AppPrincipalId $SPOAppID -Type asymmetric -Usage Verify -Value $CredValue
  $MsolServicePrincipal = Get-MsolServicePrincipal -AppPrincipalId $SPOAppID
  $SPServicePrincipalNames = $MsolServicePrincipal.ServicePrincipalNames
  $SPServicePrincipalNames.Add("$SPOAppID/$SPCN")
  Set-MsolServicePrincipal -AppPrincipalId $SPOAppID -ServicePrincipalNames $SPServicePrincipalNames
  # get the online name identifier
  $MsolCompanyInformationID = (Get-MsolCompanyInformation).ObjectID
  $MsolServicePrincipalID = (Get-MsolServicePrincipal -ServicePrincipalName $SPOAppID).ObjectID
  $MsolNameIdentifier = "$MsolServicePrincipalID@$MsolCompanyInformationID"
  # establish the trust from on-premise with ACS (Azure Control Service)
  # add a new authenticatio realm
  $SPSite = Get-SPSite $SPSite
  $SPAppPrincipal = Register-SPAppPrincipal -site $SPSite.rootweb -nameIdentifier $MsolNameIdentifier -displayName "SharePoint Online"
  Set-SPAuthenticationRealm -realm $MsolServicePrincipalID
  # register the ACS application proxy and token issuer
  New-SPAzureAccessControlServiceApplicationProxy -Name "ACS" -MetadataServiceEndpointUri "https://accounts.accesscontrol.windows.net/metadata/json/1/" -DefaultProxyGroup
  New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://accounts.accesscontrol.windows.net/metadata/json/1/" -IsTrustBroker -Name "ACS"
  Add a new result source
  To get search results from SharePoint Online we have to add a new result source. Run the following script in a PowerShell ISE session on your SharePoint 2013 on-premise server. Don't forget to update the settings region
  if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
  # region settings
  $RemoteSharePointUrl = "http://[example].sharepoint.com"
  $ResultSourceName = "SharePoint Online"
  $QueryTransform = "{searchTerms}"
  $Provier = "SharePoint-Remoteanbieter"
  # region settings end
  $SPEnterpriseSearchServiceApplication = Get-SPEnterpriseSearchServiceApplication
  $FederationManager = New-Object Microsoft.Office.Server.Search.Administration.Query.FederationManager($SPEnterpriseSearchServiceApplication)
  $SPEnterpriseSearchOwner = Get-SPEnterpriseSearchOwner -Level Ssa
  $ResultSource = $FederationManager.GetSourceByName($ResultSourceName, $SPEnterpriseSearchOwner)
  if(!$ResultSource){
  Write-Host "Result source does not exist. Creating..."
  $ResultSource = $FederationManager.CreateSource($SPEnterpriseSearchOwner)
  $ResultSource.Name = $ResultSourceName
  $ResultSource.ProviderId = $FederationManager.ListProviders()[$Provier].Id
  $ResultSource.ConnectionUrlTemplate = $RemoteSharePointUrl
  $ResultSource.CreateQueryTransform($QueryTransform)
  $ResultSource.Commit()
  Add a new query rule
  In the Search Administration click on Query Rules
  Select Local SharePoint as Result Source
  Click New Query Rule
  Enter a Rule name f.g. Search results from SharePoint Online
  Expand the Context section
  Under Query is performed on these sources click on Add Source
  Select your SharePoint Online result source
  In the Query Conditions section click on Remove Condition
  In the Actions section click on Add Result Block
  As title enter Results for "{subjectTerms}" from SharePoint Online
  In the Search this Source dropdown select your SharePoint Online result source
  Select 3 in the Items dropdown
  Expand the Settings section and select "More" link goes to the following URL
  In the box below enter this Url https://[example].sharepoint.com/search/pages/results.aspx?k={subjectTerms}
  Select This block is always shown above core results and click the OK button
  Save the new query rule

  Hi  Janik,
  According to your description, my understanding is that you want to display hybrid search results in SharePoint Server 2013.
  For achieving your demand, please have a look at the article:
  http://technet.microsoft.com/en-us/library/dn197173(v=office.15).aspx
  If you are using single sign-on (SSO) authentication, it is important to test hybrid Search functionality by using federated user accounts. Native Office 365 user accounts and Active Directory Domain Services
  (AD DS) accounts that are not federated are not recognized by both directory services. Therefore, they cannot authenticate using SSO, and cannot be granted permissions to resources in both deployments. For more information, see Accounts
  needed for hybrid configuration and testing.
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• OBIEE 11G with Single Sign-On and Active Directory

  Hi guys,
  Release Version: Oracle Business Intelligence 11.1.1.5.0
  Patch applied: 11.1.1.5.0 BP3 (Patch 13832750)
  OBIEE Server operating system: Windows Server 2008 SP2 (32-bits Operating System).
  We are trying to configure Single Sign-On according to TechNote_WNA_SSO_AD_V4.0.doc.
  Our krb5login.conf:
  com.sun.security.jgss.krb5.initiate {
  com.sun.security.auth.module.Krb5LoginModule required
  principal="[email protected]"
  keyTab=cgdkobi2.keytab
  useKeyTab=true
  storeKey=true
  debug=true
  com.sun.security.jgss.krb5.accept {
  com.sun.security.auth.module.Krb5LoginModule required
  principal="[email protected]"
  keyTab=cgdkobi2.keytab
  useKeyTab=true
  storeKey=true
  debug=true
  We generate de keytab file:
  C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.24\bin\ktab.exe -k cgdkobi2.keytab -a [email protected]
  Password for [email protected]:XXXXXXX
  Done!
  Service key for [email protected] is saved in cgdkobi2.keytab
  C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\kinit -k -t cgdkobi2.keytab cgdkobi2
  New ticket is stored in cache file C:\Users\cgdkobi2\krb5cc_cgdkobi2
  C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\klist -k -t cgdkobi2.keytab
  Key tab: cgdkobi2.keytab, 1 entry found.
  [1] Service principal: [email protected]
  KVNO: 1
  Time stamp: Mar 15, 2013 10:34
  C:\OracleBI11g\user_projects\domains\bifoundation_domain>klist
  Current LogonId is 0:0x406163f5
  Cached Tickets: (0)
  We re-start the services and logon into analytics web and SSO doesn't work but there's not an error. It runs successfully with and Active Directoy user and password. Seems like SSO wasn't enabled, but I checked is enabled.
  Any suggestion?
  Thanks in advanced

  Follow the posts : OBI 11.1.1.6.SSO and You are not currently signed in to Oracle BI Server" for OBIEE 11.1.1.6 SSO do the troubleshooting mentioned there.
  Also check your logs for error like the one below:
  [2012-03-09T16:42:36.000-05:00] [OBIPS] [NOTIFICATION:1] [] [saw.securitysubsystem.checkauthentication.runimpl] [ecid: 6c98b5cce1f24814:2a613331:135f95fbdff:-8000-0000000000005b7a,0:1:1] [tid: 5932] Authentication Failure.
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)[[
  If you are getting this when you login to OBIEE :      You are not currently signed in to Oracle BI Server"
  then you need to apply this patch : 13553428 QA:BLK:DELIVER TO CORP. OID LDAP USERS FAILED WITH IMPERSONATOR DOES'NT EXIST. 11.1.1.6.0 Generic Platform (American English) General Oracle BI Suite EE Apr 5, 2012 799.4 KB
  Let us know the updates. Hope this helps. Mark if it does.!
  Thanks,
  SVS

• Difference between Federated single sign on  and just Single sign on

  Can anyone please give a clear definition of what is
  1. Federated Single sign on?
  2. Just Single Sign on ?
  As a security expert if you were to Architect security what will you suggest ?
  Lets take an example Landscape
  NW1(ABAP + JAVA)- system, NW-2(ABAP+JAVA)  system and EP( java only), LDAP
  I am having a hard time convincing the customer to have both CONSUMER AND PRODUCER PORTAL for Federated single sign on? is this a bad idea. Customer says just give me SSO(with just one portal acting as CONSUMER/PRODUCER).
  initial GOLIVE user load will be 700+ users.
  Edited by: Franklin Jayasim on Jul 16, 2010 7:52 PM
  Edited by: Franklin Jayasim on Jul 16, 2010 7:53 PM
  Edited by: Franklin Jayasim on Jul 16, 2010 7:57 PM
  Edited by: Franklin Jayasim on Jul 17, 2010 12:17 AM

  Hi  Denny Liao
  The project is going to have BI(NW) and ECC/SRM/HR(NW) and sepparate  portal ( EP - Java only )
  I thought that normal SSO will help in the intranetwork, what happens if the employee(user)  needs to work from home.
  What about the external vendors suppliers etc...?