Configure portal to issue ticket (MYSAPPSSO2 cookie) for "higher" domain

Similar Messages

• Seeting cookies for different domain with port number

  Hi,
  I've been desperately trying to solve this for a few days now so thought i'd give up and ask.
  Basically, when a user logs into the website, the idea is for them to be automatically logged into the bulleting board. This is being done by setting a cookie(I won't go into detail as it's not relevent).
  The cookie is being created in one domain (.stage.csu.ac.uk) and needs to be used by another, .prospects.ac.uk. However, the board is on servername.prospects.ac.uk:81, which means that the cookie isn't being picked up.
  I've been tearing my hair out for days about this. I can't change the fact it's using port 81, and there's no other way of doing this log in.
  If ANYONE can help, I would not be able to say thanks enough.
  Sam.

  Perhaps you can call a jsp on the other server to set the cookie for you, for example by loading it in a hidden iframe?
  This has some maintainance issues because you need to provide a full url to the jsp on the other server, so if anything changes (port number for example) then this solution will break.

• How to clear cookies for a single domain?

  The new Developer Tools on IE 11 is terrible.
  Previously, we can clear session cookies for the current page or clear cookies for the whole domain (of the current page).  My page is now showing
  www.facebook.com and I am logged in to Facebook.  I click the Network icon followed by the Clear cookies icon.  Then I hit Enter in the Address box (note: not F5).  Fiddler2 shows that IE 11 is submitting lots
  of facebook.com cookies (act, c_ser, csm, p, presence, s, xs).
  According to
  http://msdn.microsoft.com/en-us/library/ie/dn255004(v=vs.85).aspx "Clear cookies ensures that all cookies related to the current domain are removed, so that you get the experience of loading the page for the first time."
  Are there any hidden configurations I must do to have Clear cookies to work?
  Thanks.
  PS: Chrome is so much more flexible.  Not only can I clear cookies for the domain of the current page, but also any or all domains which the current page loads via script.

  Hi,
  We just could clear the current domain through Clear cookies in the
  Network tab.
  It's recommended you post your question to the Internet Explorer Develop Center forum for further help.
  Internet Explorer Develop Center
  http://social.msdn.microsoft.com/Forums/ie/en-US/home?category=iedevelopment 
  Karen Hu
  TechNet Community Support

• I set cookie permissions for a domain to "Allow for session" and at a later time it has changed to "Allow first party only" and now allows persistent cookies.

  As it says above, I have cookies set to always ask. I go to a domain (i.e. google) and it asks and I allow for session only. Some time later it will change to "first party only" and start to allow persistent cookies for the domain.

  Hello,
  Many site issues can be caused by corrupt cookies or cache. In order to try to fix these problems, the first step is to clear both cookies and the cache.
  Note: ''This will temporarily log you out of all sites you're logged in to.''
  To clear cache and cookies do the following:
  #Click the menu button [[Image:New Fx Menu]], choose History, and then Clear Recent History....
  #Under "Time range to clear", select "Everything".
  #Now, click the arrow next to Details to toggle the Details list active.
  #From the details list, check ''Cache'' and ''Cookies'' and uncheck everything else.
  #Now click the ''Clear now'' button.
  Further information can be found in the [[Clear your cache, history and other personal information in Firefox]] article.
  Did this fix your problems? Please report back to us!
  Thank you.

• Configure PO document type for "High sea Sale"

  Dear sir,
  Pl. tell me step by step how can i configure new Document type of Purchase order for "High sea Sale" business senerio without GR.
  Thanks/
  Anurag

  Hi,
  In normal case, when you do GR w.r.t. a Normal PO then system updates Stock Quantity as well as Stock Value of Material.
  But in case of High Seas PO, you don't want GR to happen, you want to carry out LIV directly based on PO. So in this case there won't be Stock Quantity updation as well as Stock Value updation i.e. Expense Account will get psted during LIV against Vendor Account. So your High Seas PO should be account assigned PO.
  So to achieve this, create a separate document type for High Seas PO with allowed Item Category as Blank" i.e. Standard.
  Path: - SPRO > MM > Purchasing > Purchase Order > Define Document Types
  OME9 - Create an Account Assignment Category as "Z" (High Seas PO) by copying "K" and in the detailed screen of the same deactivate "Goods Receipt" indicator.
  Now create PO with this Document Type and Account Assignment Category "Z" and check under "Delivery" Tab Page, "Goods Receipt" indicator will be deactivated that means GR not required for this PO.

• Weblogic Sessions for different domains

  Hi
  I am developing a website that will be will be used in different countries. The code is going to be the same and this code will be deployed on one cluster of weblogic servers.
  For Eg. there will be a site abc.com.br and abc.com.mx. Both these are websites for different countries but will be served by the same application server.
  So, the same application server will service the request coming from both the websites. So the question that I have is whether Weblogic will treat these requests as seperate sessions or the same session.
  ie, will the weblogic server issue two JSESSIONID cookies for both these domains or will this be treated as a single session?
  Thanks in advance
  Tejas

  Hi,
  You can use "Cookie-Path" tag inside your "weblogic.xml" file to prevent any such thing: http://download.oracle.com/docs/cd/E15051_01/wls/docs103/webapp/weblogic_xml.html
  cookie-path
  Default Value: null
  Defines the session tracking cookie path.
  If not set, this attribute defaults to / (slash), where the browser sends cookies to all URLs served by WebLogic Server. You may set the path to a narrower mapping, to limit the request URLs to which the browser sends cookies.
  Still if you want to make sure that the Session Cookie Name should be different for Both the Applications (means other Than JSESSIONID) then you can use <cookie-name> tag inside the "weblogic.xml" file..... One best way of changing the cookiename is using "plan.xml" without changing anything physically in the application.
  Example: http://weblogic-wonders.com/weblogic/2009/12/16/updating-cookiename-using-plan-xml/

• Issuing Multiple MYSAPSSO2 tickets for Multiple Domains

  Hi,
  I am having a problem understanding the SAP documentation on how to go about issuing SAP login tickets in multiple domains. In the documentation it states that in order to do so, you require either a IRJ or the SAP ISAPI Web Filter installed in on a server in the target Domain. I have now setup the IIS_SSO.dll ISAPI filter in the domain I require the SSO ticket to be issued in however when I make a request to that webserver I do not see the MYSAPSSO2 cookie being created in my browser, I do see in the ISAPI logs that the request has been filtered and the portal username extracted and set to the configured HTTP Header, but no new Cookie created in the DOMAIN.
  Can anyone help? Has anyone done something like this before?
  Basically I have a portal in the domain <b>myportal.subdomain.domain.com</b> and an ITS in the domain <b>myits.domain.com</b>. With this configuration the MYSAPSSO2 cookie is not sent to the ITS server as it is in a Super Domain. So what I want is to configure the portal to issue a Cookie in the super domain (domain.com) rather then subdomain.domain.com. I thought I could do this with the parameter login.ticket_recieving_hosts in the usermanagment.properties file (EP5) and the IIS ISAPI filter to SSO (IIS_SSO.dll) configured on a website in the super domain (domain.com).
  Any help would be greatly appriciated.
  Simon.

  I believe we had to set the domain relax level (ume.logon.security.relax_domain.level) but needed to make sure this was secure since it changes the domain scope of cookies that are valid for the system.
  See the following:
  http://scn.sap.com/thread/1534863
  http://help.sap.com/saphelp_nw70ehp3/helpdata/en/5e/473d4124b08739e10000000a1550b0/frameset.htm
  Hope this helps.

• I have a National Lottery online account but for a while now i cannot access it from my MacBook. I can access it via other pc's and laptops and via my iphone. I have been on to the NL helpline and they say the issue is with cookies and my MacBook. Help!

  I have a National Lottery online account but for a while now i cannot access it from my MacBook. I can access it via other pc's and laptops and via my iphone. I have been on to the NL helpline and they say the issue is with cookies and my MacBook. Help!

  Hi Josh,
  Thanks for taking the time to contact us here a Novation for technical support. Lets continue to correspond via email so we can get your issue resolved.
  Thanks.
  Mike Towns

• ISSUE Sharepoint 2013 databases for reporting services on the second server SQL 2012

  Hello,
  I have server A: Operating system windows 2012 standard, SQL server 2012 standard
  instance: Sharepoint contains data for sharepint
  instance: Reporting should be contain databases for reporting
  Server B:
  Windows server 2012 standard contains installation Sharepoint 2013
  Sharepoint works (without reporting services), it is OK - databases are located on server A:
  My issue is:
  When I have installed reporting services on server B, I have already installed SQL server 2012 on server B, it works.
  I am able to create report in report builder adn place it in to sharepoint.
  But I would like to use only one full SQL machine on server A:
  When I reconfigure repoting settings on server A in central administration - manage service aplications,
  On the SQL server A in instance reporting , there is automatically created databases. It is no problem.
  But the first difference is, when I want to manage service aplication for reporting  in
  Provision Subscriptions and Alerts, there is information
  SQL Server Agent state cannot be determined
  When I want to create report in report builder, I have issue:
  server A-7380mw016\reporting it means server A with full SQL server:
  The Test of connection was successful
  Then I have clicked test connection
  I have recieved this screen with fail: Logon faild for user NT Authority\anonymous logon
  My account belongs to SQL admin on server A (A-7380mw016\reporting) I do not know it is not possible to create report, when it is possible to test connection in the first step and in the second step, there is problem...
  Please, can somebody help me?

  Hi,
  Since you are getting an Anonymous Logon error, it appears there may be a problem passing your credentials to the SQL Server Agent Service. This would indicate a Kerberos issue. See this thread for details:
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/46b7c773-6a77-435d-b471-cb9a6ec41c43/has-anyone-else-upgraded-reporting-services-to-denali-2012
  Microsoft Virtual Academy: Breakthrough Insights using SQL Server 2012 : Analysis Services and Credible, Consistent data (Module 2) - Configuring and Securing Complex BI Applications in a SharePoint 2010 Environment with Microsoft SQL Server 2012
  http://technet.microsoft.com/en-us/video/Video/hh858469
  Tips from the video:
  We are connecting to Reporting services using Kerberos when using Reporting Services in SharePoint integrated mode
  For the account using reporting services, we just need a dummy SPN. We go to Attribute editor tab in AD for RS account. And then we will be enabled with Delegation tab.
  In Delegation tab. I we are using claims to windows token, we need to use "Trust this user for delegation to specified services only"
  There you have 2 options: "Use Kerberos only": It means I only want to delegate in the situation where the service that is doing the delegation actually has the Kerberos ticket to start with
  "Use any authentication protocol" When we need protocol transition (like from NTLM to claims for intra farm communication)
  We need to delegate this to SQL server.
  Please check out these articles as well:
  How to configure SQL Reporting Services in SharePoint Server for Kerberos authentication
  http://support.microsoft.com/kb/2723587
  Configure Kerberos authentication (Office SharePoint Server)
  http://blogs.technet.com/b/mbiswas/archive/2009/07/10/configure-kerberos-authentication-office-sharepoint-server.aspx
  Thanks.
  Tracy Cai
  TechNet Community Support

• Issuing Ticket By an Employee in Travel Planning

  Hi All,
  We are Implementing Travel Module using EhP2 and have a requirement of allowing employee to Issue Tickets on thier own and also print E Ticket. I searched SAP help and found that in SAP we can configure the automatic Issuing of Tickets using queues and also that an employee can print the ticket using 'viewmytrip' site.
  I wish to know what configuration needs to be done for automatic Issuing of tickets and how can we get print the E ticket from SAP system
  Please let me know ASAP as this process will be a real show stopper for our project..
  Regards
  Stuck....

  Hello Stuck,
  Sorry for the delay. Please refer to the following information in help.sap.com:
  http://help.sap.com/erp2005_ehp_02/helpdata/en/e2/4905387ce5fd3ce1000000
  9b38f8cf/frameset.htm
  Issuing a Ticket  
  Prerequisites
  The ticket can only be issued once the travel plan has been booked (see
  Booking Travel Services).
  Use
  Automatic Ticket Issue
  Generally a booking made using SAP Travel Management will automatically
  be sent to a processing queue of the travel agency connected with the
  company, whereby the travel agency can see that the booking has been
  completed and the ticket is then issued. When completing this automatic
  queuing the booking is sent to the queue of the sales office that is set
  up with the processing type "Booking/Booking Modification in Customizing
  (see Customizing for Travel Planning under Master Data -> Control
  Parameters for Travel Planning -> Define Resubmission for Ticket Issue
  (queue) You should use a queue for an operating sales office, and not
  the queues for the virtual SAP Travel Planning sales office.
  Regards,
  Raynard

• ApplicationPoolException: JBO-30006: The cookie for session

  Hi
  Presently we are using the followings s/w for our product development:
  1.     JDeveloper 11g (11.1.1.0.2) - yet to migrate to JDev 11g R1 (11.1.1.1.0)
  2.     Weblogic 10.3.0
  3.     Target Browser Client is IE7 – and to extend to FF3+
  Now we have completed few of the modules and is in the process of moving to Customers Beta Env. During our testing we are getting some sort of JBO errors (server log) and the browser displays ‘Cancel or Retry’ message.
  A portion of error message from the stack trace has been pasted below
  oracle.jbo.common.ampool.ApplicationPoolException: JBO-30006: The cookie for session 0K5ZKVDL7wNcJ2qXTkQhjCQvq0sJSykgnV8P0WQMvNqdbF9QdThk!1335475191!1247101864354 and application 378381615_1_PcmsSysDataControl_$beandc$_ is not a valid handle for application pool, InternalDCAMs. The cookie may not be used to access this pool instance.
  at oracle.jbo.common.ampool.ApplicationPoolImpl.validateSessionCookieInPool(ApplicationPoolImpl.java:3496)
  at oracle.jbo.common.ampool.ApplicationPoolImpl.removeSessionCookie(ApplicationPoolImpl.java:769)
  at oracle.jbo.common.ampool.SessionCookieImpl.removeFromPool(SessionCookieImpl.java:609)
  at oracle.jbo.common.ampool.SessionCookieImpl.destroy(SessionCookieImpl.java:528)
  at oracle.jbo.common.ampool.SessionCookieImpl.timeout(SessionCookieImpl.java:586)
  at oracle.adf.model.bc4j.DCJboDataControl.releaseImmediateAMUnmanaged(DCJboDataControl.java:2414)
  at oracle.adf.model.bc4j.DCJboDataControl.releaseApplicationModule(DCJboDataControl.java:2324)
  The present scenario:
  1.     ADFModel1.jar - An ADF Model Project contains a set of views to be used across multiple Model projects by Importing Business Components.
  2.     ADFModel2.jar - This project uses ADFBC import from the above model project – ADFModel1.jar
  All the view implementations are available here as the Core Model
  3.     ADFModel3.jar - Imports ADFModel2.jar – used as a Customization layer (refer error message above - PcmsSysDataControl)
  4.     ViewController.war - Contains all the JSPX, Page Defs, Html, JS, CSS, Images
  Both ADFModel3.jar and ViewController projects are under a separate .jws (Application Workspace) and running as a separate application. Similar way all other applications have been modeled.
  Both ADFModel2 and ADFModel3 has the DataSource Names defined. Please help us to resolve this issue.
  If you need any more info, please let me know
  Krish

  have you ever solved the problem? I have a similar issue on Linux RedHat with a load-balanced cluster of Tomcat. The strange thing is that only one of the servlets always issues the problem. The incriminated app module is created with "Configuration.createRootApplicationModule..." and released at the end. I have a similar servlet that creates the same app module with the same command and has no problems.
  The ADF Team, what does it say about?
  Thanks

• Issue in SAP CPS for Job Interception

  Issue in SAP CPS for Job Interception
  Scenario:
  After triggering a Process Chain in BW and maintaining the Job Interception settings in SAPCPS(Redwood)
  (so that any job which triggers in BW by that Particular User is intercepted and not let it proceed further until the job is released in SAP CPS.)
  Issue:
  The Jobs are getting  into  Waiting status in SAP CPS(Redwood) even though there is no progress in loads in BW side. Also the Jobs are in Intercepted state even after releasing the Parent Job in SAP CPS(Redwood).
  Please let us know how  to go about it.

  Hi Ramesh,
  What you plan to do is called monitoring of process chains (ie. process chains not started from CPS) and this should be available in the latest version of CPS.
  This requires the interception of only the BI_PROCESS_TRIGGER process, just as you have configured now, and other than that the following prerequisites:
  SAP Note 1080558 describes the SP levels for the BW/BI releases
  XBP 2.0 or higher
  Redwood transport files must be loaded
  ProcessServerService.SAP.XBPVariant license key
  Maybe this helps,
  Anton.

• Portal display issue in Portal 7.3 version

  Hi Experts,
  We are using portal 7.3 vesion,one of the user getting portal disply issue,it is not appearing proper ess portal screen.
  we checked with other user,they will not getting the same issue,it is only one use faceing this issue.
  please let me know what is the root cause of the issue.
  Thank you in advance..
  Regards,
  Jyothi

  Hi All,
  pradyp:  sorry for the delay reply, yes they have adobe flash player in their systems.
  in google chrome and mozila, its looking good. actually we have two company users like A and B,A company user dont have this problem but B company some of the user( only mss role users) have this issue.
  Earier we have assigned  new theme with new logo to the B company users through rule collection.
  my understanding the problem arraised with new theme with new logo.am i right ?
  Could you please help me any one.
  Regards,
  Jyothi

• DNS/LDAP Issue for Trusted Domain

  Hi
  I'm trying to configure  Configuration Manager 2012 R2 Forest Discovery to a trusted domain.
  Objects from the trusted domain (users/computers) show up in the Collections, but when I check under Administration\Active Directory Forests I can see Discovery Status "Failed to connect using default account" and Publishing status "Cannot
  Contact LDAP Server".
  I've added the SCCM server to local admin at the trusted domain via GPO and have also created the system Management container.
  When I check the log ADForestDisc.log I get this error message:
  "Failed to connect to forest X. This can be because of disjoint DNS namespaces, network connectivity or server availibility issue. Error Information The specified forest does not exist or cannot be contacted."
  I have setup Conditional Forwarders in DNS in both domains.
  I have also read other forums about this issue and should have the answer:
  "This error occurs for all of the domains that you mentioned and is typical when SRV records for DCs in those remote domains cannot be found. Forest discovery relies on DNS name resolution of SRV records to locate a suitable DC to communicate with."
  "The site server performing the forest discovery must be able to resolve the SRV records for the DCs or root domain of the other forest."
  We are using Windows AD integrated DNS in both domains.
  I'm not so familiar with DNS configuration so I appreciate if someone could tell more specific how to fix this.
  Thanks in advance

  Hi
  Thank you for your answer. This issue is solved. I've missed to open some ports in the router/firewall between the LANs.
  The status under Active Directory Forests is Succeded now, but when I check under boundaries, I can only see the "Default-First-Site-Name" site for the first domain (same LAN as CM Server) and I can only see the IP address range for that LAN.
  I don't Think  this is a big issue, but shouldn't the site name and address range for the other LAN (where the trusted domain is) be automatically found to during forest Discovery when I've checked the options to create site and ip boundaries automatically?

• How to configure email Alerts in OEM Cloud 12c for Database Servers up/down

  Hi everybody,
  How to configure email Alerts in OEM Cloud 12c for Database Servers up/down status?
  Regards,
  Miguel Vega

  Hi Miguel Vega,
  Information regarding the notifications:
  ==============================
  Configuring notification rules in 12c is different from earlier releases.
  The concept and function of notification rules has been replaced with a two-tier system consisting of Incident Rules and Incident Rule Sets :
  1. Incident Rules: Operate at the lowest level granularity (on discrete events) and performs the same role as notification rules from earlier releases.
  By using incident rules, you can automate the response to incoming incidents and their updates.
  A rule contains a set of automated actions to be taken on specific events, incidents or problems.
  The actions taken are for example : sending e-mails, creating incidents, updating incidents, and creating tickets.
  2. Incident Rule Set: A rule set is a collection of rules that applies to a common set of objects, for example, targets, jobs, and templates.
  To help you to achieve the Notification Rules configuration, refer those notes :
  How To Configure Notification Rules in 12C Enterprise Manager Cloud Control ? Doc ID 1368036.1
  EM12c How to Add and Configure Email Addresses to EM Administrators and Update the Notification Schedule ?Doc ID 1368262.1
  EM12c How to Subscribe or Unsubscribe for Email Notification for an Incident Rule Set ?Doc ID 1389460.1
  EM 12c How to Configure Notifications for Job Executions ? Doc ID 1386816.1
  Best Regards,
  Venkat