B0XI3.1 Infoview SSO using WindowsNT Authentication

Similar Messages

• Open document SSO using trusted authentication.

  Hi ,
  I have a issue,
  We configured trusted authentication with SSO and it is working fine.
  Now we want to configure open document SSO for trusted authentication.
  We are using Remote _ user method for trusted authentication.
  Any one please help me on this.
  Thanks for your help advance.
  Thanks & Regards,
  Collin.

  The same settings in the infoviewapp web.xml must be applied on the opendocument web.xml. Also you must be on XI 3.1 FP1 or higher. There is currently an Edge issue being investigated.
  Regards,
  Tim

• Problem with Open document SSO using websphere.

  Hi All,
  I have a issue,
  We configured AD SSO using websphere and its working fine but when we try to login to the open document SSO using websphere it prompting for login credentials.
  Is there any steps needed for configure open document SSO using websphere.
  We made all the changes in web.xml file for the Open Document ,same as in Infoview web.xml file.
  When we launch the Open Document, it prompts for the login screen, we get username and passwd fields we do not get the authentication drop down,if we give the AD credentials , we get "Enterprise Authentication error" .We feel the default authentication mode is taken as "Enterprise".
  We have made changes in the web.xml for open document to have authentication.dafault as "secWinAD", also ,for test purpose we made the authentication. visible as "true" but the changes were not taken, we have redeployed the war files.
  Any one please help on this.
  Environment Details-
  BOBJ XI R3.1 SP2
  Web Sphere 6.1.0.25  .
  Thank you in advance.
  Thanks & Regards,
  Bill.

  The same settings in the infoviewapp web.xml must be applied on the opendocument web.xml. Also you must be on XI 3.1 FP1 or higher. There is currently an Edge issue being investigated.
  Regards,
  Tim

• Java InfoView SSO

  Dear Experts, the SSO for .NET works fine with my setup except that the if i try to login from a user workstation, it prompts me for username/password while i have already enables "Enable Integrated Windows Authentication" in IE Advanced tab. I'm currently installing BO XI 3.1.
  I was not what else I could do to make it work.
  Another problem is that I'm trying to setup Java InfoView SSO and I find that all documents wants me to use Vintella. While I remember I never used Vintella in BO XI R2.
  please guide me from here.

  Does that mean (what you' re saying) that without Vintella, the Kerberos SSO will not work with Java InfoView?
  Exactly kerberos and vintela are the same thing in regards to java invoview they essentially allow java intoview to be set up the same way as IIS when doing integrated windows authentication.
  If I do http://server.domain.com/InfoViewApp/logon.aspx, I get "Network Error (dns_unresolved_hostname). Your requested host "server.domain.com" could not be resolved by DNS.
  This is your main problem both the hostname and FQDN URL's rely on the FQDN SPN (most of the time) You appear to have a DNS issue preventing that from being resolved. You can try adding the FQDN of the server to your local client host machine.
  The IP will not work unless you have also added an IP SPN to the account (which is not done by default)
  Working on the server indicates SSO is setup on IIS/web.xml/BO but Microsoft forces NTLM on the local machine so kerberos is not being tested in this case. You may need to open a case with the authentication team if unable to find the issue.
  Regards,
  Tim

• Implementing SSO using Microsoft IIS with OBIEE 10.1.3.3.2

  We are running OBIEE 10.1.3.3.2 on Windows 2003 server and want to impement Single-Sign-On (SSO) using Microsoft IIS. We set up the SSO according to chapter #8 of the deployment guide but it doesn't work :when opening the web login pages of the OBI application it still ask the user for authentication.
  Also, according to the installation guide the SSO feature is deployed when chosing "Advanced installation type" during the installation. This advanced installation type requires the Oracle Application server. We have not installed Oracle Application server in our environment, and we chose "Basic" installation.
  Is the SSO functionality available without Oracle Application server? What are the steps to setup SSO in our environment?

  Hi,
  I'm experiencing the same issue with IIS. Did you find any resolution in the meanwhile?
  Please let me know...
  Thanks a lot,
  GL

• Error When Trying to Schedule Webi report using SAP authentication

  Hii,
  We are trying to Schedule Webi report in CMC for Group of Users using SAP authentication(SSO) ,While Trying this we are geting error Unable to Connect to SAP BW server Incomplete Logon Data ..(IES 10901) .
  Authorization done at BI side and Its working properly.Users are able to login into BI Launchpad and View Report as per authorization
  Some Webi reports are created using BICS connection and some  are created using Universe Design Tool (.UNV) which are migrated from BO 3.1 to BO 4.0
  Server Status:
  BO server and Client Tools-:BO 4.0 SP6
  BW System-7.01
  Please refer attach Screen Shot

  Hi Rupesh,
  Please check the below note:
  Seems issue with SNC/STS settings.
  1798197 - Schedules fails with error "Database error: Unable to connect to SAP BW server Incomplete logon data.. (IES 10901)" in BI 4.0
  https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F64653D3030312669765F7361…

• Problem in configuring SSO using SAML for applications hosted on diff m/c

  Hi Techies,
  I am stuck in a weird problem for past month or so without any resolution. Not much help by googling. So I hope i get the answer from the mouth of the horses -
  I am trying to use SSO using the sample application appA and appB as stated in the tutorial of SSO by BEA.
  I am summarizing the problem below -
  Steps followed for Configuring SSO using SAML
  1. Created 2 domains on 2 seperate machines namely domainA and domainB
  2. Source appliction is deployed on domainA and the target application is deployed on domaninB
  The steps mentioned in the following tutorial has been followed-
  http://dev2dev.bea.com/pub/a/2006/12/sso-with-saml.html
  3. As mentioned in the tutorial the certificate is generated using keytool utility. The same certificate is copied
  to WEBLOGIC_HOME/server/lib of destination machine.
  4. The certificate was successfully registered on desitnation or host 2 but while activating the configuration
  changes(SSL client Ientity Alias and SSL Client Identity Pass Phrase) for Federation services the following error
  is thrown -
  " SAMLBeanUpdateListener: SAMLKeyManager.prepareUpdate() failed with exception:
  weblogic.descriptor.BeanUpdateRejectedException: SAML key Manage failed to validate key (SSL Client) configuration
  in the FederationServicesMBean, key alias: testalias "
  The interesting bit of the problem is that the same configuration works on 2 domains created on same machine. The
  problem only occurs when domains are created on seperate machines.
  Alterative to the problem: when the certificate is generated seperately for domainB and copied to
  WEBLOGIC_HOME/server/lib, it works. However, the certificate generated in domainA should have been copied.
  Note: I am using Weblogic portal 9.2.1
  Any quick replies will be much appreciated. Thanks.
  Edited by saurabh.agrawal at 02/06/2008 2:01 PM

  Hi François,
  You are right about the use of the NameID format. But the issue here is/was that OIF at SP is integrated with OAM, and the authenticated user at OIF-SP and OAM will be the Anonymous user rather than the user who was identified at the IdP even though the remaining attributes sent are for the IdP user. I think these attributes can be used by with OAM for authorization using custom authorization plug-ins but haven't tried that one out.
  As for the attribute sharing profile, it's this one - http://www.oasis-open.org/committees/download.php/18058/sstc-saml-x509-authn-attrib-profile-cd-02.pdf, although for the life of me, I cannot remember why I suggested this in the first place!
  -Vinod

• SSO not authorized: Authentication failed.

  Dear Experts,
  I made a homogeneous system copy of my BI 70 prod to quality. I followed the steps according to the docs. After the system copy I did applying new licenses( ABAP, Portal, J2ee) , deleting old portal abap certficates, creating them on both portal & abap, exchage the certificates. All done as per the docs
  Now the ABAP engine is trusting the portal. I mean I am able to login into portal.
  But Portal is not trusting the ABAP, I have issues with BEx tools.
  I did many times delete certficates, exchange them manually and using template installer.
  I also followed the Notes
  917950 - SAP NetWeaver 2004s: Setting Up BEx Web
  888687 - BEx Web Java: Analysis of communication/logon problems
  No use, Now I coming back to square one.
  Has anyone has special thoughts on this issue?
  Thanks for your time and help.
  MB

  I did many times delete certficates, exchange them manually and using template installer.
  I also followed the Notes
  917950 - SAP NetWeaver 2004s: Setting Up BEx Web
  888687 - BEx Web Java: Analysis of communication/logon problems
  support desktool as per
  note 937697
  SE38 ( RSPOR_SETUP ).... etc
  All are failing at one point.
  ================================================
  Status 12: Maintain User Assignment in Portal           System failure during call of function module RSWR_RFC_SERVICE_TEST
  This is the error message we are getting on the Java cluster log
  #1.#000255334607006B00000026003D500800044709864436FE#1204006139737#com.sap.engine.services.rfcengine##com.sap.engine.services.rfcengine.handleRequest#J2EE_GUEST#0####522996e0e43111dc9cb8000255334607#SAPEngine_Application_Thread[impl:3]_27##0#0#Error##Plain###java.lang.RuntimeException:
  call FM RSWR_PREEXECUTION_PROXY to ProgId BIQ_PORTAL_BIQ on host
  afgprd01 with SSO not authorized: Authentication failed.
  ===============================================
  No use, No use ....Now I coming back to square one.
  Has anyone has special thoughts on this issue?
  Thanks for your time and help.
  MB

• Different languages without using SAP authentication

  Hi folks,
  is it possible to leverage the language capabilities of BW in WebI through an Universe WITHOUT using SAP authentication (means having a fixed user in the underlaying BW connection and NOT SSO)??
  We are facing this requirement in a POC having Cognos as oponent and they can do this!
  Thanks and regards,
  Harald

  Hi Sebastian,
  yes I know, but this is then fix per connection. What I want is having one universe with one connection, BUT still leveraging the different language-texts from SAP BW... Is this possible or not? Until now I only see the possibility to create one universe for each language and this is not satisfiying the customer...
  Regards,
  Harald

• Designer takes several minutes for login using LDAP authentication

  We have a issue, when we tried to login to the designer using LDAP authentication it takes several minutes and using enterprise account we are able to login to the designer with in seconds.
  CMC and infoview all are working fine using LDAP authentication.
  We are using BOXIR2,
  FP 1.6.
  Thank You in Advance.
  Thanks & Regards,
  Collin.

  There have been several changes in LDAP since FP 1.6 but if infoview is ok then hopefully you aren't running into any of them. When logging into client tools the LDAP requests are sent to the LDAP server directly from the client. An issue like this would suggest there is a problem reaching the LDAP server from the client.
  Is LDAP SSL being used? If yes try disabling it, if no then you can packet scan the logon attempt on the client and filter the LDAP traffic to see how long it's taking for that communication.
  Regards,
  Tim

• MOBI SSO with trusted authentication and form based authentication

  Dear All,
  I am trying to configure Trusted authentication based SSO FOR MOBI, here are the details:
  - SAP BI 4.1 SP04
  - Trusted authentication with HTTP header configurred for BI Launchpad and working fine.
  Now to have SSO from Mobile, I plan to leverage the existing configuration of BI Launchpad and at Mobile level, I want to use authentication type as TRUSTED_AUTH_FORM, instead of TRUSTED_AUTH_BASIC, with the approach: Trusted authentication with HTTP header.
  And
  Provide our app users their X502 certs.
  1. Will the above approach work ??
  2. As per SAP NOTE: 2038165 - SSO using form based trusted auth gives with the SAP BI app for iOS gives error MOB00920 this does not work and is still under investigation from July last year ? So for any community member, has this been found working ??
  I would appreciate your valuable inputs.
  Regards,
  Sarvjot Singh

  Hi,
  According to your post, my understanding is that you want to know the difference of the SharePoint three type user authentications.
  Windows claims-based authentication uses your existing Windows authentication provider (Active Directory Domain Services [AD DS]) to validate the credentials of connecting clients. Use this authentication to allow AD DS-based accounts access to SharePoint
  resources. Authentication methods include NTLM, Kerberos, and Basic.
  Forms-based authentication can be used against credentials that are stored in an authentication provider that is available through the ASP.NET interface
  SAML token-based authentication in SharePoint 2013 requires coordination with administrators of a claims-based environment, whether it is your own internal environment or a partner environment.
  There is a good article contains all the SharePoint Authentications, including how they work and how to configure.
  http://sp77.blogspot.com/2014/02/authentication-in-sharepoint-2013_5.html#.VFcyQ_mUfkJ
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• ADF page with optional login using mod_osso authentication

  Using JDeveloper 10.1.3.2.0
  I am converting a pure jsp page into an ADF page. This page is not restricted but allows a user additional funtionality if they log into Portal. The original jsp used mod_osso authentication to allow a user to log in. Once the user's name was known from the login then the screen could save information specific to a user and if the user had to return later all they had to do was login in once again to get their personal information back. However it was not a requirement for any user to use this functionality.
  In converting to ADF however I can't figure out how to code the mod_osso call successfully. I created a command button and behind the button but the following code:
  public String commandButton_action() throws IOException {
  // Add event code here...
  String userName = getUserSSO();
  userLoginName.setValue(userName);
  return null;
  private String getUserSSO() throws IOException {
  String message = "";
  FacesContext fc = FacesContext.getCurrentInstance();
  ((HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse()).setContentType("text/html");
  String userSignon = (String)((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest()).getAttribute("USER_NAME");
  if(userSignon == null || userSignon.length() <= 0)
  userSignon = ((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest()).getRemoteUser();
  if(userSignon == null || userSignon.length() <= 0)
  ((HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse()).setHeader("Osso-Paranoid", "false");
  ((HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse()).sendError(499, "Oracle SSO");
  } else
  message = "found user name " + userSignon;
  return message;
  Could please comment on whether I am even on the right track or point me to some documentation on mod_osso authentication and ADF such that the authentication is optional? Currenlty I get "No Response from Web Application Server" when I attempt the above.
  Thanks,
  Cathy

  I added a call to FacesContext.getCurrentInstance().responseComplete(); right before the setHeader and sendError but that did not resolve my issue. Any advice on how to further trace down the issue?
  Thanks,
  Cathy

• Need to know about SSO using LDAP

  Hi Everyone,
  Thank you very much to help me to come out from my all problems i faced in the past.. I really appreciate your efforts and valuable time you have given to me. and I'm sure that You all will always help all newbies and help seekers like me in future too.. Thanks for your kind efforts..
  I am very new to ADF securities, I was thinking to built an Enterprise application with Multiple small sub application using ADF in JDev... No big deal but the My problem is i want use SSO for user authentication using LDAP.. But i really have no idea that where to start and how to start.. Which Softwares do i need to Download?
  For my all past problem there must be a sample example for help i found.. and learned a lot from that.. and also i tried a lot to find a little example for this as i required.. but I failed to find any example for SSO using LDAP(Like Oracle SSO)...
  So i need your guidance to get my solution...and i hope that as usual i'll get the right solution..
  Thanks
  Fizzz...

  Fizzz,
  Oracle SSO is part of Oracle Identity Management. You can find the download link [url http://www.oracle.com/technology/software/products/ias/htdocs/101310.html]here. It's "bigger than a breadbox," however - installing enough bits to get to Oracle SSO will ensue creating a new repository (aka database) together with a middle-tier app server instance for the SSO server. I'm not sure if there are any OBE's (Oracle by Example), but I do know there is an identity management forum.
  Best,
  John

• Detailed steps  to make SSO using OAM 11g

  Can anyone provide me detailed steps to configure SSO using OAM 11g.
  thanks

  Hi,
  Install webgates in OHS
  First you deploy the web application in web/application server
  1. Create user Identity Store
  2. Create authentication scheme.....and use identity store create above
  3. Create Authentication module
  3. Create Application Domain
  4. In application Domain Create Create Authentication and authorization policies
  5. Add the resource which you want to protect in Authentication & Authorization Policies
  6. Testing
  Regards
  Kumar
  Edited by: Kumar.kummathi on Sep 17, 2012 11:55 AM

• SSO using Windows Active Directory but without EP or Java stack

  Good morning and thank you in advance for your help.
  The question is:
  our environment includes windows domain with Active Directory, ECC 6.0 ABAP (DEV, QAS, PROD), BW 7.0 (DEV, QAS, PROD) only ABAP stack.
  I would like to know if we can enable SSO using only this configuration without introducing EP or Java stack.
  Best regards
  Max

  Hi Willi,
  It won't be that easy to understand each other... as my english is not that good either
  Most of the points introduced in the SAP help link are automatically performed by sapinst.
  Almost all my customers running on MS are not using an AV, and neither get into troubles...
  but no user ever connect on the SAP server, only admin, for maintenance purpose or SAP admin when needed...
  Internet explorer should not be used on a sever, MS itself says it should be uninstalled...
  Best regards
  SAP on SQL General Update for Customers & Partners April 2014
  10. Do Not Install SAPGUI on SAP Servers
  Windows Servers have the ability to run many desktop PC applications such as SAPGUI and Internet Explorer however it is strongly recommended not to install this software on SAP servers, particularly production servers.
  To improve reliability of an operating system it is recommended to install as few software packages as possible.  This will not only improve reliability and performance, but will also make debugging any issues considerably simpler
  “A server is a server, a PC is a PC”.  Customers are encouraged to restrict access to production servers by implementing Server Hardening Procedure. 
  SAP Servers should not be used as administration consoles and there should be no need to directly connect to a server. Almost all administration can be done remotely
  SAP on SQL General Update for Customers & Partners September 2013
  Internet Explorer (and any other non-essential software) should always be removed from every SAP DB or Application server. 
  The following command line removes IE from Windows 2008 R2, Windows 2012 and Windows 2012 R2:
  Open command prompt as an Administrator ->  dism /online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64