Authentication across multiple applications

Similar Messages

• Authentication Across Multiple Web Applications (Revisited)

            Its been an ongoing battle, but I've made some insight into this situation. The problem stands as it seems impossible to authenticate against one web application deployed as a WAR archive and have that authentication carry across to another web application with the same security constraints. I've been told by BEA that, quote:
            "It seems to me that we are violating section 11.6 of the servlet 2.2 spec which talks about webapps"
            I've also been told that this is fixed in WLS 6.0, reference issue #38732.
            For those of us building production environments using 5.1 instead of 6.0 XML based configuration, this does NOT solve our problem.
            I've dug further into the bowels of 5.1 and found that if you manually set the realm name in the login-config of the security constraint in the web.xml file in each WAR deployment as such:
                 <login-config>
                      <auth-method> [whichever method] </auth-method>
                      <realm-name>WebLogic Server</realm-name>
                 </login-config>
            Authentication will carry across web applications. However, I've noted that the session management then becomes unpredictable. For example:
            I log into the application TESTAPP1 which contains a protected servlet that outputs the session ID and attempts to get the authenticated principal name from the "_wl_authuser_" session variable. Upon first load of the page (after the login dialog box), the session is null [can be fixed with .getSession(true) call instead] and the "_wl_authuser_" object does not exist. Reload the page and the session appears as well as the "_wl_authuser_" object. Strange.
            I then move to TESTAPP2, which does not prompt me for authentication but also is missing the session in the same manner. Upon browser reload, the session is created with a different ID and the "_wl_authuser_" object is now available with the appropriate principal name.
            Upon moving back to TESTAPP1, I am not prompted for authentication however, I am assigned yet another session ID after browser reload, different from the first.
            So it seems that although authentication is carried across web applications, the session IDs as you move from TESTAPP1 to TESTAPP2 change, and then change again but not back to the original when going back to TESTAPP1.
            This is a particular problem since we are using Vignette's V5 as our main client and tracking sessions through V5 - this would quickly become unmanageable if a single page view access three or four different application components with three or four different session ids.
            I'm wondering if we can expect the same behavior from WLS 6.0?
            Ideally, I'd like to see WebLogic use a single session ID to track users across multiple web applications but still have session independence between applications. So if I store something in session in TESTAPP1, its not available in TESTAPP2. Does this outline the behaviour in WLS 6.0? Can anyone verify this?
            Some food for thought. Thanks!
            ./Chris
            Senior Systems Anaylst
            MassMutual Financial Group
            

  Hello! I am searching an answer to this question too!!!
  Did you get some news regarding this item?
  Regards,
  C.M.

• User Account Authentication across multiple Solaris servers - Best Practice

  Hi,
  I am new to Solaris admin and would like to know the best practice/setup for authenticating user accounts across multiple solaris servers.
  Currently we have 20 - 30 Solaris 8 & 10 servers which each have their own user accounts setup. I am planning to replace these with a similar number of Solaris 10 servers and would like to centralise the user accounts and their authentication.
  I would be grateful for any suggestions on the best setup and any links to tutorials.
  Thanks
  Jools

  i would suggest LDAP + kerberos, LDAP for name lookups and krb5 for auth. provides secure auth + extensable directory for users and other apps if needed. plus, it provides a decent spring board to add other unix plats into the mix since this will support any unix/linux/bsd plat. you could integrate this design with a windows AD env if you want as well.
  [http://www.sun.com/bigadmin/features/articles/kerberos_s10.jsp] sol + ldap+ AD
  [http://docs.lucidinteractive.ca/index.php/Solaris_LDAP_client_with_OpenLDAP_server] sol + ldap (openldap)
  [http://aput.net/~jheiss/krbldap/howto.html] sol + ldap + krb5
  now these links are all using some diff means, however they should give you some ideas as to whats out there. sol 10 comes with suns ldap server and you can use the krb5 server which comes with it as well. many many diff ways to do this. many many more links out there as welll. these are just a few.

• Syncing Forms Across Multiple Application Server Servers?

  Hi Guys,
  I was hoping someone could point me in the right direction. We recently brought up multiple servers running Application Server 10.1.2.3 for High Availability of our forms and reports. My question is, is there a way to keep the forms files synced? With IIS for example, I have written a batch file that will go check for modifications on a source server and then sync any destination servers that are out of sync. However with Application Server, you cannot simply copy files over because if they are in use they are locked.
  Would anyone happen to know of any kind of solution for keeping multiple Application Servers synced?

  What we do is use a Load balancer with Multiple App severs. To keep the forms correct we take one out at a time off peak and update and do this round robin until they match.
  Best Regards
  mseberg

• Reporting across multiple applications

  I'm currently evaluating solutions for integrating heterogenous datasources in university/college legacy applications.
  Our applications are all based on Oracle databases, but we have little knowledge and access to the inner structure of these
  databases. And the databases themselves are old, and have been the victim of constant extensions.. thus there are plenty inconsistencies,
  duplicates and the likes. We also have some commercial applications like SAP, that we'd like to integrate.
  Our primary goal is to generate reports using data from multiple datasources and integrate these reports in our new JSP/Coocoon based portal.
       Now I've been looking at Discoverer and Repors for this.
       - What are the requirements for these tools, only OAS or do they require (or recommend) a datawarehouse solution?
       - How are the possibilities for quering multiple datasources and then merging the results as simple as
       possible with these tools? Can I define queries into the source databases/applications as "fetchable information slices"
       and then let the end users go nuts combine/manipulate these as they wish in realtime?
       - Does these tools have any data cleansing possibilities? Eg. detecting inconsistensies?

  Hi Phani Kumar,
  You can report on multiple applications.
  If you are using EVDRE, then in the application cell, you just need to change the name of the application. You can have multiple EVDREs pointing to different applications.
  Another option is to use the EVGTS function, wherein the first parameter is the application name. You can hardcode the application name.
  Hope this helps.

• Dynamic Tab Template : Use Menu Navigation Across Multiple Applications

  Hi
  I have the following use case and would appreciate help.
  Our client has multiple applications which they need integrated into a single home page. I am using the dynamic tab template as my home page with multiple panel boxes containing application specific menus. I need to be able to create a tab from any application via the menu.
  My strategy is to use bounded task flows in the various applications, but I am not 100% sure on how to do it. The applications would also contain multiple task flows, so I would then need to be able to paramatise the task flows so that it can execute the correct flow case.
  Thanks.
  Leon.

  Hi Sireesha
  I can access the remote task flow from the menu using the action listener. When I use a managed bean to add a new tab using the task flow it fails with;
  <RegistrationConfigurator><handleError> Server Exception during PPR, #1
  java.lang.NullPointerException
  The managed bean method to add the tab and execute the task flow is;
  private void startActivity(String title, String taskid, boolean isNew) {
  try {
  if (isNew) {
  TabContext.getCurrentInstance().addTab(title, taskid);
  } else {
  TabContext.getCurrentInstance().addOrSelectTab(title, taskid);
  } catch (TabContext.TabOverflowException e) {
  System.out.println("");
  Where title is the tab title and taskid is the task id in format TaskFlowName.xml#TaskFlowID.
  Thanks.

• Load balancing across multiple application servers not working with JCo RFC

  We have a problem where inbound messages to the Mapping Runtime engine (ABAP -> J2EE) are not load balanced over application servers. However, load balancing does take place across server nodes within one application server.
  Our system comprises of the following:
  Central Instance (2 X server nodes)
  Database Instance
  2 X Dialog Instances (with 2 X server nodes each)
  The 1st application server that starts is usually the one that is used for inbound messaging.
  We have looked at the sap gateway configuration and have tried various options without much luck:
  i.e.: local gateways vs. one central gateway, load balancing type by changing parameter gw/reg_lb_level, see: http://help.sap.com/saphelp_nw70/helpdata/EN/bb/9f12f24b9b11d189750000e8322d00/frameset.htm
  Here are our release levels:
  SAP_ABA     700     0012     SAPKA70012
  SAP_BASIS     700     0012     SAPKB70012
  PI_BASIS     2005_1_700     0012     SAPKIPYJ7C
  ST-PI     2005_1_700     0005     SAPKITLQI5
  SAP_BW     700     0013     SAPKW70013
  ST-A/PI     01J_BCO700     0000          -
  Any help would be greatly appreciated.
  Many thanks

  Tim
  Did you follow the guide here:
  How to Scale Up SAP Exchange Infrastructure 3.0  
  Learn what the most likely scaled system architecture looks like, and read about a step by step procedure to install additional dialog instances. The guide also walks you through additional configuration steps and the application of Support Package Stacks.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/c3d9d710-0d01-0010-7486-9a51ab92b927
  We followed this guide for XI3.0 and PI7.0 and works successfully!

• How to share Global Page across multiple applications

  Hi,
  I have APEX 4.2 via pl/sql gateway, Oracle 11gr2 DB and using theme 24.
  I have about 40 applications in 1 workspace and I need to create a global page that is going to be the same for each app. One way of doing this is I can manually do the change 40 times but I'm looking for an easier way.
  If you look at the packaged app "Dynamic Sample" you would notice a left sidebar which acts like a menu. Basically I want to do the same but just image each item on the sidebar belongs to a separate application.
  I have app1 which has the login and left sidebar navigation. Each option on the sidebar list would call a page on app2 to app40 but I need to retain the sidebar when displaying the page from a different app.
  If I tried to imp a global page I get an error that the application ID is different.
  If I tried to copy the global page to another app it changes the type to a navigation form which prevents the list from coming up for every page on the app.
  Thanks in advance!

  kvsinfo wrote:
  Hi,
  I have APEX 4.2 via pl/sql gateway, Oracle 11gr2 DB and using theme 24.
  I have about 40 applications in 1 workspace and I need to create a global page that is going to be the same for each app. One way of doing this is I can manually do the change 40 times but I'm looking for an easier way.Does the page have to be secure? If not can you create a new application without a login, put the "global" page there, and link to it from the other applications? Is there another way to put a generic page somewhere you can get to it outside Apex?
  >
  If you look at the packaged app "Dynamic Sample" you would notice a left sidebar which acts like a menu. Basically I want to do the same but just image each item on the sidebar belongs to a separate application.
  I have app1 which has the login and left sidebar navigation. Each option on the sidebar list would call a page on app2 to app40 but I need to retain the sidebar when displaying the page from a different app.
  If I tried to imp a global page I get an error that the application ID is different.
  If I tried to copy the global page to another app it changes the type to a navigation form which prevents the list from coming up for every page on the app.
  Thanks in advance!

• Session state variables across multiple ApEx applications

  We have a suite of loosely integrate ApEx applications that all share a common authentication scheme. When you first log in we attempt to load a series of session state variables with temporary data to streamline various logging and authentication related activities for the life of the session.
  However, these session variables seem to disappear when you move from one application to another, so they are not truly tied to just the "session" which carries over across all applications, but the application from which the session state is set.
  What is the suggested way, keeping in mind that the data being held may have security related context, to preserve values during a session, but regardless of which ApEx application you are in.
  The method we are using to share the authentication is using a common "Cookie Name" from a common subscribed authentication scheme as suggested elsewhere on this site and seems to work very well outside of this specific issue.
  Thanks in advance,
  Barney

  Apologies for the delay getting back on this.
  My use of the word "disappear" was probably misleading. They were not visible from the second application. When setting "Session State" I was under the impression that it was setting it for the authenticated session, not for the specific application. (I am referring to the: apex_util.set/get_session_state).
  Your solution will work fine, as long as I know which application the user last authenticated against. However, it could be one of over 30 (and growing) different applications which would require me writing a program to go through every "p_flow" to try and find a valid value every time I need to reference the field.
  It would be really beneficial if you could store true Session variables which stay alive for the life of the authenticated session and is available to anything authenticated against that session id. This would streamline alot of cross-application program development.
  The "get/set_session_state" is a misleading as it is not a Session value, but an Application value. The Session exists across multiple applications, while this procedure does not.
  Thanks,
  Barney

• Can BPM maintain flow across different applications

  Hello,
  I have a requirement where I have to maintain the business flow across different applications(Siebel CRM, Oracle Financials and third party applications) with out the end user knowing.
  Is it possible with BPM to navigate users from one application to another application (CRM Application-> Third party Application -> Financials)? If there is a solution availabe with BPM or a different application please provide the same doc. Appreciate your help.
  Regards,
  Jay

  Hi,
  Yes. Oracle BPM can maintain a flow across multiple applications without the end user knowing. It is something it was built to do.
  First, applications like the ones you mentioned have an API (typically web service today but older applications exposed their API as Java POJOs, EJBs, COM, etc.). For Oracle BPM to access the applications, you need to expose the API in Oracle BPM's catalog. Customers that have a service bus expose the application APIs in the service bus and then Oracle BPM catalogs the service bus proxy services. Customers that do not have a service bus can expose the application APIs directly in Oracle BPM's catalog. Either way will work.
  Second, you'd design a process with a series of Interactive (human activities) and Automatic (activities that invoke the components that in turn invoke the APIs for your applications without human intervention). You'd add something called instance variables that carry the information throughout the life the process for each work item instance. Interactive activities are placed into roles with a name associated with them (e.g. CSR or Manager) so the work done in each activity is done by the right type of person. Interactive activities can be set up where the work item instance goes to a specific person instead of everyone in the role where the activity is located (e.g. send the instance to the CSR that talked to the customer last time).
  Third, at runtime as each work item instance is created (e.g. "Order 227") in the process the work item instance flows to one of the process's Interactive or Automatic activities. If it flows into an Interactive (human) activity, the end user assigned to the role where the activity is located clicks on an item in their web based Oracle BPM WorkSpace's inbox for the specific work item instance that they are interested in working on (again - perhaps "Order 227"). Once clicked by the end user, a UI presentation (either built using Oracle BPM's WYSIWYG presentation editor or a JSP) shows the work that needs to be done specifically by that end user. The UI presentation is already populated with the information gathered from a database or a previous API call from an Automatic activity. All this is done without end users having to cut out of one application and then paste into another application's screen - the right contextual information is sent to the right person at the right time. Once the end user finishes their manual task, the work might flow to an Automatic task that invokes another applicaiton's API automatically from the logic and variable information gathered in earlier activities in the process.
  All this is done without the end users knowing that they are flowing through multiple applications to get their work done.
  Hope this helps,
  Dan

• Deploying business rules across mutliple applications.

  Hi
  Please let me know is there way to deploy Datasync project ( Business Rules) across multiple applications at a single shot.
  Thanks

  As far as I know, contents of DataSync Projects are always scoped to a portal application. When we create EAR of portal app also, contents of datasync projects are within EAR file in addition to all other projects.
  BUT, we can share same Datasync Project across multiple portal applications. But for deployment, I doubt if you can deploy and access it like a Shared Module.
  Ravi Jegga

• Search across multiple folders in the Mail application...

  Is it possible to search across multiple folders using the Mail application in Windows 10?  I can't seem to find that option.
  Thanks in advance,
  M

  Hi Mapper99,
  If you mean the following search:
  You may click on the search icon on the top of the message list, then it will show out like the picture above, you could choose to search in the current folder, or you may choose All folders as listed.
  It is almost the same settings in Windows 8.1, you may follow this guide for the other options:
  Mail app for Windows
  Best regards
  Michael Shao
  TechNet Community Support

• Sharing portlets across multiple portal applications

  Hello all,
  I have a single enterprise application that consists of several portal web applications. Most of these portal web applications have common portlets within their codebase. Is it possible to share portlet code across multiple web applications?
  Thanks

  No, not possible, in the same way that sharing JSPs and Pageflows wouldn't be possible across multiple webapps. You can, however, have multiple portals within one Portal webapp, and then you could share portlets and portlet resources amongst those portals.
  George

• Sharing an iTunes Library across multiple user account and a network.

  Sharing an iTunes Music Library across multiple user accounts.
  Hello Everybody!
  Firstly, this was designed to be run in Mac OS X 10.4 Tiger. It will not work with earlier versions of Mac OS X! Sorry.
  Here's a handy tip for keeping your hard drive neat and tidy, it also saves space, what in effect will be done is an iTunes music library will be shared amongst multiple users on the same machine. There are advantages and disadvantages to using this method.
  • Firstly I think it might be worthwhile to state the advantages and disadvantages to using this approach.
  The advantages include:
  - Space will be saved, as no duplicate files will occur.
  - The administrator will be able to have complete control over the content of the iTunes library, this may be useful for restricting the content of the Library; particularly for example if computer is being used at and education institution, business or any other sort of institution where things such as explicit content would be less favorable.
  - The machine will not be slowed by the fact that every user has lots of files.
  The disadvantages to this system include.
  - The fact that the account storing the music will have to be logged in, and iTunes will have to be active in that account.
  - If the account housing the music is not active then nobody can use the iTunes library.
  - There is a certain degree of risk present when an administrator account must be continually active.
  - Fast User Switching must be enabled.
  Overview:
  A central account controls all music on the machine/network, this is achieved by storing iTunes files in a public location as opposed to in the user's directory. In effect the system will give all users across the machine/network access to the same music/files without the possibility of files 'doubling up' because two different users like the same types of music. This approach saves valuable disk space in this regard and may therefore prove to be useful in some situations.
  This is a hearty process to undertake, so only follow this tutorial if you're willing to go all the way to the end of it.
  Process:
  Step 1:
  Firstly, we need to organize the host library, I tidied mine up, removing excess playlists, random files, things like that. this will make thing a bit easier in the later stages of this process.
  Once the library is tidied up, move the entire "iTunes" folder from your Home directory to the "//localhost" directory (The Macintosh HD) and ensure that files are on the same level as the "Applications", "Users", "Library" and "System" directories; this will ensure that the files in the library are available to all users on the machine (this also works for networks)
  Optionally you can set the ownership of the folder to the 'administrator' account (the user who will be hosting the library.), you may also like to set the permissions of 'you can' to "Read & Write" (assuming that you are doing this through the user who will host the library); secondly you should set the "Owner" to the administrator who will be hosting the library and set their "access" to "Read & Write" (this will ensure that the administrator has full access to the folder). The final part of this step involves setting access for the "Others" tab to "Read Only" this will ensure that the other users can view but not modify the contents on the folder.
  Overview:
  So far we have done the following steps:
  1. Organized the host library.
  2. Placed the iTunes directory into a 'public' directory so that other users may use it. (this step is essential if you plan on sharing the library across multiple accounts on the same machine. NOTE: this step is only necessary if you are wanting to share you library across multiple accounts on the same machine, if you simply want to share the music across a network, use the iTunes sharing facility.
  3. set ownership and permissions for the iTunes music folder.
  Step 2:
  Currently the administrator is the only user who can use this library, however we will address this soon. In this step we will enable iTunes music sharing in the administrator's account, this will enable other users to access the files in the library.
  If you are not logged in as the administrator, do so; secondly, open iTunes and select "Preferences" from the "iTunes" menu, now click the "Sharing" tab, if "share my library on my local network" is not checked, the radio buttons below this will now become active, you may choose to share the entire libraries contents, or share only selected content.
  Sharing only selected content may be useful if their is explicit content in the library and minors use the network or machine that the library is connected to.
  If you have selected "share entire library" go to Step 3, if you have selected share "share selected playlists" read on.
  After clicking "share selected playlists" you must then select the playlists that you intend to share across your accounts and network. Once you have finished selecting the playlists, click "OK" to save the settings.
  Overview:
  In this step we:
  1. Enabled iTunes sharing in the administrator's account, now, users on the local network may access the iTunes library, however, users on the same machine may not.
  Step 3:
  Now we will enable users on the same machine to access the library on the machine. This is achieved by logging in as each user, opening iTunes, opening iTunes preferences, and clicking "look for shared music". now all users on the machine may also access the library that the administrator controls.
  This in effect will mean that the user will not need to use their user library, it will be provided to them via a pseudo network connection.
  As a secondary measure, I have chosen to write a generic login script that will move any content from the user's "Music/iTunes/iTunes Music" directory to the trash and then empties the user's trash.
  This is done through the use of an Automator Application: this application does the following actions.
  1. Uses the "Finder" action "Get Specified Finder Items"
  1a. The user's "~/Music/iTunes/iTunes Music" folder
  2. Uses the "Finder" action "Get Folder Contents"
  3. Uses the "Finder" action "Move to Trash"
  4. Uses the "Automator" action "Run AppleScript"
  4a. with the following:
  on run {input, parameters}
  tell application "Finder"
  empty trash
  end tell
  return input
  end run
  IMPORTANT: Once the script is adapted to the user account it must be set as a login item. in order to keep the script out of the way i have placed it in the user's "Library" directory, in "Application Support" under "iTunes".
  Overview:
  Here we:
  1. Enabled iTunes sharing in the user accounts on the host machine, in effect allowing all users of the machine to view a single iTunes library.
  2. (Optional) I have created a login application that will remove any content that has been added to user iTunes libraries, this in effect stops other users of the machine from adding music and files to iTunes.
  Step 4:
  If it is not already enabled, open system preferences and enable Fast User Switching in Accounts Options.
  Summary:
  We have shared a single iTunes library across multiple user account, while still allowing for network sharing. This method is designed to save space on machines, particularly those with smaller hard drives.
  I hope that this hint proves to be helpful and I hope everybody will give me feedback on my process.
  regards,
  Pete.
  iBook G4; 60GB Hard Drive, 512MB RAM, Airport Extreme   Mac OS X (10.4.6)   iWork & iLife '06, Adobe CS2, Final Cut Pro. Anything and Everything!!!

  how to share music between different accounts on a single computer

• Matching across multiple character sets

  Would like to know whether anyone has attempted matching across multiple character sets, for example, between English and Japanese: what are the pitfalls to avoid, what are the best practices, and what you would like to see from application/tools perspective as an ideal solution. thanks

  If you upgrade to Logic Pro, you'll get WaveBurner as part of the package which helps you do this, including tweaking your pauses between tracks, fades etc.
  If you have Toast, you can do it there too.
  If you don't have any 3rd. party software, the work around would be to assemble all your songs in order, end to end in a new Logic file, and listen to all your tracks and adjust the relative levels between songs, then bounce out the individual tracks which have volume changes with their new volume settings. Finally you could then use any burning app such as [SimplyBurns|http://bit.ly/c1oglP] to create CDs or bounce them out in Logic with the additional .mp3 option.
  Obviously it's important to listen to your material in order, in context, as some songs will be at the wrong subjective level depending on the tracks either side in the placement. This isn't really important in digital distribution where your material probably won't be listened to as a whole, but as individual downloads.