Configure SSO with CAS for calendar
Hello
i try to configure SSO Calendar through communications servers trusted circle technology. I configure ics.conf :
sso.appid = "ics50"
sso.appprefix = "ssogrp1"
sso.cookiedomain = ".univ.fr"
sso.enable = "1"
sso.singlesignoff = "true"
sso.userdomain = ".univ.fr"
sso.ics50.url = "http://pipeau.univ.fr/socp/verifySSO.jsp?"
and then I restart Calendar. pipeau is my CAS/LDAP/tomcat server.
When I launch http://solaris.univ.fr (my calendar server) in my web browser,
there is no request to pipeau (http://pipeau.univ.fr/socp/verifySSO.jsp?) in order to find a valid cookie.
Thank for your help
hugo
I have others informations to give you
I have a correct cookie in my favorite web browser when I was authenticated.
.univ.fr||/||ssogrp1-ics50||SOT-zvAdApsYTyTibGDZud06UZIb3EzK5NQ8W9bOghQHaDzpMtmhiC||false||0
When I test my verifySSO.jsp with IP adress of my computer ( http://pipeau.univ.fr/socp/verifySSO.jsp?client=xxx.xxx.xxx.xxx), I get this :
fquid=my_login
authtype=plaintext
My calendar server doesn't seem to test if I am already logged with SSO.
Any ideas ?
Hugo
Similar Messages
-
How to configure sso with SSL step by step
Purpose
In this document, you can learn how to configure SSO with SSL. After user have certificate installed in browser, he can login without input username and password.
Overview
In this document we will demonstrate:
1. How to configure OHS support SSL
2. How to Register SSO with SSL
3. Configure SSO for certificates
Prerequisites
Before start this document, you should have:
1. Oracle AS 10g infrastructure installed (10.1.2)
2. OCA installed
Note:
1. “When you install Oracle infrastructure, please make sure you have select OCA.
2. How Certificate-Enabled Authentication Works:
a. The user tries to access a partner application.
b. The partner application redirects the user to the single sign-on server for authentication. As part of this redirection, the browser sends the user's certificate to the login URL of the server (2a). If it is able to verify the certificate, the server returns the user to the requested application.
c. The application delivers content. Users whose browsers are configured to prompt for a certificate-store password may only have to present this password once, depending upon how their browser is configured. If they log out and then attempt to access a partner application, the browser passes their certificate to the single sign-on server automatically. This means that they never really log out. To effectively log out, they must close the browser.
Enable SSL on the Single Sign-On Middle Tier
The following steps involve configuring the Oracle HTTP Server. Perform them on the single sign-on middle tier. In doing so, keep the following in mind:
l You must configure SSL on the computer where the single sign-on middle tier is running.
l You are configuring one-way SSL.
l You may enable SSL for simple network encryption; PKI authentication is not required. Note though that you must use a valid wallet and server certificate. The default wallet location is ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default.
1. Back up the opmn.xml file, found at ORACLE_HOME/opmn/conf
2. In opmn.xml, change the value for the start-mode parameter to ssl-enabled. This parameter appears in boldface in the xml tag immediately following.
<ias-component id="HTTP_Server">
<process-type id="HTTP_Server" module-id="OHS">
<module-data>
<category id="start-parameters">
<data id="start-mode" value="ssl-enabled"/>
</category>
</module-data>
<process-set id="HTTP_Server" numprocs="1"/>
</process-type>
</ias-component>
3. Update the distributed cluster management database with the change: ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct opmn
4. Reload the modified opmn configuration file:
ORACLE_HOME/opmn/bin/opmnctl reload
5. Keep a non-SSL port active. The External Applications portlet communicates with the single sign-on server over a non-SSL port. The HTTP port is enabled by default. If you have not disabled the port, this step requires no action.
6. Apply the rule mod_rewrite to SSL configuration. This step involves modifying the ssl.conf file on the middle-tier computer. The file is at ORACLE_HOME/Apache/Apache/conf. Back up the file before editing it.
Because the Oracle HTTP Server has to be available over both HTTP and HTTPS, the SSL host must be configured as a virtual host. Add the lines that follow to the SSL Virtual Hosts section of ssl.conf if they are not already there. These lines ensure that the single sign-on login module in OC4J_SECURITY is invoked when a user logs in to the SSL host.
<VirtualHost ssl_host:port>
RewriteEngine on
RewriteOptions inherit
</VirtualHost>
Save and close the file.
7. Update the distributed cluster management database with the changes:
ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct ohs
8. Restart the Oracle HTTP Server:
ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=HTTP_Server
ORACLE_HOME/opmn/bin/opmnctl startproc process-type=HTTP_Server
9. Verify that you have enabled the single sign-on middle tier for SSL by trying to access the OracleAS welcome page, using the format https://host:ssl_port.
Reconfigure the Identity Management Infrastructure Database
Change all references of http in single sign-on URLs to https within the identity management infrastructure database. When you change single sign-on URLs in the database, you must also change these URLs in the targets.xml file on the single sign-on middle tier. targets.xml is the configuration file for the various "targets" that Oracle Enterprise Manager monitors. One of these targets is OracleAS Single Sign-On.
1. Change Single Sign-On URLs
Run the ssocfg script, taking care to enter the command on the computer where the single sign-on middle tier is located. Use the following syntax:
UNIX:
$ORACLE_HOME/sso/bin/ssocfg.sh protocol host ssl_port
Windows:
%ORACLE_HOME%\sso\bin\ssocfg.bat protocol host ssl_port
In this case, protocol is https. (To change back to HTTP, use http.) The parameter host is the host name, or server name, of the Oracle HTTP listener for the single sign-on server.
Here is an example:
ssocfg.sh https login.acme.com 4443
2. Restart OC4J_SECURITY instance and verify the configuration
To determine the correct port number, examine the ssl.conf file. Port 4443 is the port number that the OracleAS installer assigns during installation.
If you run ssocfg successfully, the script returns a status 0. To confirm that you were successful, restart the OC4J_SECURITY instance:
ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
Then try logging in to the single sign-on server at its SSL address:
https://host:ssl_port/pls/orasso/
3. Back up the file targets.xml:
cp ORACLE_HOME/sysman/emd/targets.xml ORACLE_HOME/sysman/emd/targets.xml.backup
4. Open the file and find the target type oracle_sso_server. Within this target type, locate and edit the three attributes that you passed to ssocfg:
· HTTPMachine—the server host name
· HTTPPort—the server port number
· HTTPProtocol—the server protocol
If, for example, you run ssocfg like this:
ORACLE_HOME/sso/bin/ssocfg.sh http sso.mydomain.com:4443
Update the three attributes this way:
<Property NAME="HTTPMachine" VALUE="sso.mydomain.com"/>
<Property NAME="HTTPPort" VALUE="4443"/>
<Property NAME="HTTPProtocol" VALUE="HTTPS"/>
5.Save and close the file.
6. Reload the OracleAS console:
ORACLE_HOME/bin/emctl reload
7. Issue these two commands:
ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
Registering mod_osso
1. This command sequence that follows shows a mod_osso instance being reregistered with the single sign-on server.
$ORACLE_HOME/sso/bin/ssoreg.sh
-oracle_home_path $ORACLE_HOME
-config_mod_osso TRUE
-mod_osso_url https://myhost.mydomain.com:4443
2. Restarting the Oracle HTTP Server
After running ssoreg, restart the Oracle HTTP Server:
ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
Configuring the Single Sign-On System for Certificates
1. Configure policy.properties with the Default Authentication Plugin
Update the DefaultAuthLevel section of the policy.properties file with the correct authentication level for certificate sign-on. This file is at ORACLE_HOME/sso/conf. Set the default authentication level to this value:
DefaultAuthLevel = MediumHighSecurity
Then, in the Authentication plugins section, pair this authentication level with the default authentication plugin:
MediumHighSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOX509CertAuth
2. Restart the Single Sign-On Middle Tier
After configuring the server, restart the middle tier:
ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
Bringing the SSO Users to OCA User Certificate Request URL
The OCA server reduces the administrative and maintenance cost of provisioning a user certificate. The OCA server achieves this by authenticating users by using OracleAS SSO server authentication. All users who have an Oracle AS SSO server account can directly get a certificate by using the OCA user interface. This reduces the time normoally requidred to provision a certificate by a certificate authority.
The URL for the SSO certificate Request is:
https://<Oracle_HTTP_host>:<oca_ssl_port>/oca/sso_oca_link
You can configure OCA to provide the user certificate request interface URL to SSO server for display whenever SSO is not using a sertificate to authenticate a user. After the OracleAS SSO server authenticates a user, it then display the OCA screen enabling that user to request a certificate.
To link the OCA server to OracleAS SSO server, use the following command:
ocactl linksso
opmnctl stoproc type=oc4j instancename=oca
opmnctl startproc type=oc4j instancename=oca
You also can use ocactl unlinksso to unlink the OCA to SSO.I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
on a URL that looks like this :
http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
and gives the error :
( Forbidden
You don't have permisission to access /sso/auth on this server at port 7777)
when I manually change the URL to :
https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
the SSO works correctly.
The question is :
How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
Any ideas ?
Thanks in advance -
10g - how to configure sso with iis-
hi, experts, I have followed Oracle® Business Intelligence Enterprise Edition Deployment Guide to configure SSO with IIS.
but I always meet this message.
Not Logged In
You are not currently logged in to the Oracle BI Server.
If you have already logged in, your connection might have timed out, or a communications or server error may have occurred
what steps are missing?
how to check?hi, experts,
I checked C:\OracleBIData\web\log\sawlog0.log on the obi server (windows server 2003 standard).
at Thu Feb 17 14:48:46 2011 , I logined OBI on another machine (not via the browser on the obi server).
however, the log shows the login user is the administrator of the obiserver (obiserver\administrator ).
any setup on IIS are wrong? thank you very much!
=========================================================================================
Running job 'MinutelyMonitor' took 7422 milliseconds, 12.3% of job's frequency (60 seconds).
Type: Error
Severity: 40
Time: Thu Feb 17 14:48:46 2011
File: project/webodbcaccess/odbcconnectionimpl.cpp Line: 371
Properties: ConnId-1,1;ThreadID-1796
Location:
saw.odbc.connection.open
saw.connectionPool.getConnection
saw.subsystem.security.checkAuthenticationImpl
saw.threadPool
saw.threads
Odbc driver returned an error (SQLDriverConnectW).
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
[nQSError: 43001] Authentication failed for obiserver\administrator in repository Star: invalid user/password. (08004)
Type: Error
Severity: 42
Time: Thu Feb 17 14:48:46 2011
File: project/webconnect/connection.cpp Line: 276
Properties: ThreadID-1796
Location:
saw.connectionPool.getConnection
saw.subsystem.security.checkAuthenticationImpl
saw.threadPool
saw.threads
Authentication Failure.
Odbc driver returned an error (SQLDriverConnectW).
--------------------------------------- -
Problem in configuring SSO using SAML for applications hosted on diff m/c
Hi Techies,
I am stuck in a weird problem for past month or so without any resolution. Not much help by googling. So I hope i get the answer from the mouth of the horses -
I am trying to use SSO using the sample application appA and appB as stated in the tutorial of SSO by BEA.
I am summarizing the problem below -
Steps followed for Configuring SSO using SAML
1. Created 2 domains on 2 seperate machines namely domainA and domainB
2. Source appliction is deployed on domainA and the target application is deployed on domaninB
The steps mentioned in the following tutorial has been followed-
http://dev2dev.bea.com/pub/a/2006/12/sso-with-saml.html
3. As mentioned in the tutorial the certificate is generated using keytool utility. The same certificate is copied
to WEBLOGIC_HOME/server/lib of destination machine.
4. The certificate was successfully registered on desitnation or host 2 but while activating the configuration
changes(SSL client Ientity Alias and SSL Client Identity Pass Phrase) for Federation services the following error
is thrown -
" SAMLBeanUpdateListener: SAMLKeyManager.prepareUpdate() failed with exception:
weblogic.descriptor.BeanUpdateRejectedException: SAML key Manage failed to validate key (SSL Client) configuration
in the FederationServicesMBean, key alias: testalias "
The interesting bit of the problem is that the same configuration works on 2 domains created on same machine. The
problem only occurs when domains are created on seperate machines.
Alterative to the problem: when the certificate is generated seperately for domainB and copied to
WEBLOGIC_HOME/server/lib, it works. However, the certificate generated in domainA should have been copied.
Note: I am using Weblogic portal 9.2.1
Any quick replies will be much appreciated. Thanks.
Edited by saurabh.agrawal at 02/06/2008 2:01 PMHi François,
You are right about the use of the NameID format. But the issue here is/was that OIF at SP is integrated with OAM, and the authenticated user at OIF-SP and OAM will be the Anonymous user rather than the user who was identified at the IdP even though the remaining attributes sent are for the IdP user. I think these attributes can be used by with OAM for authorization using custom authorization plug-ins but haven't tried that one out.
As for the attribute sharing profile, it's this one - http://www.oasis-open.org/committees/download.php/18058/sstc-saml-x509-authn-attrib-profile-cd-02.pdf, although for the life of me, I cannot remember why I suggested this in the first place!
-Vinod -
SSO with Analysis for MS Excel?
Hi,
We are in the process of setting up our new BO4 environments and we will be integrating BO with the SAP Netweaver Portal, so our users will log on to the Portal and then open up a tab that will display the BI Launch Pad logging on to BO with SAP SSO into SAP BW.
This works great, but now some of our users will be using Analysis for Microsoft Excel and the question has come up, how do they authenticate to BO. Since they will have a user id in BW, but no password set since it is all SSO with logon tickets, how can they authenticate themself?
Thanks
JoshThanks for the quick reply.
I am using BI 4 SP02 Patch 16.
My requirement is when a user log in the BI launch pad using SAP authentication and opens a Workbook stored in BO repository Analysis prompts again to enter userid and password.
I need to achieve SSO at this level so that user only log in to BI Launch pad and should be able to log in Analysis tool for excel directly. Is this possible?
Regards,
Pulkit Khare -
Integrating CUPS with Exchange for Calendaring
Hi,
I have a query about the certificates work when integrating CUPS and Exchange for calendaring information.
I have a front-end exchange server with OWA installed and this is the one I'll use to connect CUPS to. However, the exchange server can only have one certificate and this certificate has the external name of the server - ie. owa.domain.com
Obviously my CUPS server will be connecting to the server internally but the internal name of the server is exchange.domain.local which doesn't match the certificate name therefore will give an error.
How do we get CUPS to accept the external certificate when connecting to the internal side of the server.
THanks,
NeilWe had the same problem, we ended up creating an internal DNS entry that used the external name to allow it to function correctly.
-
Problem during configuring SSO with APEX 4.1
Hello everybody,
I'm trying to configure my APEX application to use SSO, but I have big problems with ssosdk902.zip file.
During execution of the loadsdk.sql script it creates package "wwsec_sso_enabler" but APEX 4.1 wants to have "wwsec_sso_enabler_private". For me it a clear sign, that I'm using some old SSOSDK.
Can somebody tell me where to find the current "ssosdk"?
I'm using OAS10gR2 and the interesting thing is that in the DB schema ORASSO package "wwsec_sso_enabler_private" exists, but it doesn't helps me. It is at the other machine. I must have it on the same instance, where APEX is running.
It looks like packaging error by Oracle. Can somebody help me?
Thanks,
IankoHi Anton,
that's why I added the IF statement around the code block, to guarantee that it only runs if the URL contains auto-login data (i.e. P101_UNAME). Setting FSP_AFTER_LOGIN_URL to null avoids a loop when the login fails. If we keep FSP_AFTER_LOGIN_URL, the wwv_flow_custom_auth_std.login procedure will redirect to page 101 and the before header process will run again, re-executing wwv_flow_custom_auth_std.login , etc.
It might be clearer to put the before header code into the authentication itself. The invalid session procedure is the right place for that, but it's use is very sparsely documented yet.
I created a 2nd copy of your original application (22274), where I removed the before header process and added this invalid session procedure:
procedure autologon_on_invalid_session
is
v_user VARCHAR2(4000);
v_pass VARCHAR2(4000);
v_fsp_after_login_url VARCHAR2(4000) := :FSP_AFTER_LOGIN_URL;
v_user_pos pls_integer := instr(v_fsp_after_login_url, 'P101_UNAME:');
BEGIN
if apex_application.g_flow_step_id != 101 and v_user_pos > 0 then
v_user := substr(v_fsp_after_login_url, v_user_pos+11);
wwv_flow_custom_auth_std.login(
P_UNAME => v_user,
P_PASSWORD => v_pass,
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => :APP_ID||':1' );
apex_application.stop_apex_engine;
end if;
END;If the current page is not 101 (the login page) and the URL (which was copied into the deep link item) contains the autologin credentials, call login. The finall call to apex_application.stop_apex_engine stops Apex from continuing it's default invalid session handling, which is to redirect to the login page.
Regards,
Christian -
Managed System Configuration: SSO setup failed for Solution Manager 7.1 sp11
Hi Folks,
While doing Managed System Configuration for Soman system i am getting error in SSO Setup
Currently I am in
8. Configure Automatically :Single Sign On Setup
This is i am going for managed System (Solution Manager System Itself)
Below is error log..
SSO setup failed : a problem occured while attempting to add login modules for ticket authentication
Screen shot attached.
Found SID for SSO ACL entry : SMP
Found login.ticket_client for SSO ACL entry : 000
The Read entry permission on TicketKeystore/SAPLogonTicketKeypair-cert was given to sap.com/tc~webadministrator~solmandiag/servlet_jsp/smd/root/WEB-INF/lib/SetupLib.jar
The TicketKeystore/SAPLogonTicketKeypair-cert was succesfully read (619 bytes)
The SSO ticket Certificate <OU=J2EE,CN=SMP> has been successfully imported into ticket Keystore
SSO setup failed : a problem occured while attempting to add login modules for ticket authentication
SSO setup failed : error while updating login modules : Caller not authorized.; nested exception is:
java.lang.SecurityException: com.sap.engine.services.security.exceptions.BaseSecurityException: Caller not authorized.
at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:634)
at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:520)
at com.sap.engine.services.security.resource.ResourceContextImpl.checkPermission(ResourceContextImpl.java:45)
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:170)
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:158)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:63)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:225)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:336)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:201)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:137)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
The SSO ticket Certificate <CN=SMP> has been successfully imported into ticket Keystore
SSO setup failed : a problem occured while attempting to add login modules for ticket authentication
SSO setup failed : error while updating login modules : Caller not authorized.; nested exception is:
java.lang.SecurityException: com.sap.engine.services.security.exceptions.BaseSecurityException: Caller not authorized.
at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:634)
at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:520)
at com.sap.engine.services.security.resource.ResourceContextImpl.checkPermission(ResourceContextImpl.java:45)
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:170)
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:158)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:63)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:225)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:336)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:201)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:137)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Exception
java.rmi.RemoteException: Caller not authorized.; nested exception is:
java.lang.SecurityException: com.sap.engine.services.security.exceptions.BaseSecurityException: Caller not authorized.
at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:634)
at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:520)
at com.sap.engine.services.security.resource.ResourceContextImpl.checkPermission(ResourceContextImpl.java:45)
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:170)
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:158)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:63)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:225)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:336)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:201)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:137)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:160)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:63)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:225)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:336)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:201)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:137)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by: java.lang.SecurityException: com.sap.engine.services.security.exceptions.BaseSecurityException: Caller not authorized.
at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:634)
at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:520)
at com.sap.engine.services.security.resource.ResourceContextImpl.checkPermission(ResourceContextImpl.java:45)
at com.sap.engine.services.security.restriction.Restrictions.checkPermission(Restrictions.java:170)
at com.sap.engine.services.security.restriction.Restrictions.checkPermissionRemote(Restrictions.java:158)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImpl.getPolicyConfiguration(RemoteSecurityImpl.java:63)
at com.sap.engine.services.security.remoteimpl.RemoteSecurityImplp4_Skel.dispatch(RemoteSecurityImplp4_Skel.java:225)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:336)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:201)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:137)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
at com.sap.engine.services.security.exceptions.BaseSecurityException.writeReplace(BaseSecurityException.java:349)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:331)
at java.io.ObjectStreamClass.invokeWriteReplace(ObjectStreamClass.java:910)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1024)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1344)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1316)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1260)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1065)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:282)
at com.sap.engine.services.rmi_p4.DispatchImpl.throwException(DispatchImpl.java:147)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:338)
... 8 more
Regards,
SanHi Sandeep,
It seems authorization issue. Please check the below SAP Note :
1988642 - Warning 'caller not authorized' in Step 'Single Sign On Setup'
Hope this helps.
Thanks & Regards,
Nisha -
Need some help with method for calendar
Hi all,
I've got to design a claendar for college but I'm not allowed use any one the Java calendar classes so I've but up a number of methods to get the start days of months etc.
At the moment I'm trying to get a method working tha will loop around 12 times and assign the days in the month to a string array for printing later in another function but to test I'm printing to screen.
At the moment when I get the days to print on screen It shows me the days for Janurary similar to below 12 times and I've been looking at it so long I can't see the wood for the trees and I was just wondering if someone can point out when I'm going wrong here.
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31
The data for the start days and total number of days in a month are held in arrays in seperate methods as well.
With the following code I'm just getting the days for Jan to print out 12 times.
I thnik the the problem is with the first part of the while loop It does not appear to be looping throught the DaysIn and TopLeft arrays as if I manually change the value of the variable l = 1; I get the days for Feb to print out.
static int [] DaysIn (int y) // return correct day in month
int [] LDays = {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; // leap year.
int [] Days = {31, 28, 31, 30, 31, 31, 31, 30, 30, 31, 30, 31};
if (y%4==0 && (y%100!=0 || y%400==0)) // test if y is a leap year. y is gotten from print cal.
return LDays;
else
return Days;
static int [] TopLeft (int y) // find the starting position of the days in a month for printing
int [] k = StartDay(y);
int [] TopLeft = new int [12];
int t = 0;
while (t!=12)
TopLeft[t] = 1- k[t];
t++;
return TopLeft;
static String [] DispMonthDays(int y) // Method to supply the days of a month in grid form needs work.
int k = 0; // int to take the topleft value for each month
int DIM = 0; // int to take the total days in each month
String MonthD=""; // empty string
String [] MonthDay = new String [6];
int l= 0;
While(l!=12)
k = TopLeft(y)[l]; // Believe problem lies at these two lines
DIM = DaysIn(y)[l]; //
while (k != 42)
if (k < 1){MonthD = MonthD + " "+" "+" ";}
else if (k >=1 && k <=9){MonthD = MonthD + " "+ k +" ";}
else if (k >= 10 && k <= DIM){MonthD = MonthD + k + " ";}
else if(k > DIM){MonthD = MonthD +" ";}
k++;
MonthDay[0] = MonthD.substring(0,20);
MonthDay[1] = MonthD.substring(21,41);
MonthDay[2] = MonthD.substring(42,62);
MonthDay[3] = MonthD.substring(63,83);
MonthDay[4] = MonthD.substring(84,104);
MonthDay[5] = MonthD.substring(105,106);
l++;}
return MonthDay;
static void PrintCal(int y) // function to hand off year and print cal
int upstep=0;
int count=0;
while (count !=12)
while (upstep!=6)
System.out.print(DispMonthDays(y)[upstep]);System.out.println();
upstep++;
upstep=0;
count++;
}Any help greatly appreciatedGiven the previous valid comment here is my code again.
I'm running the code on the console
// Months of year
static final String [] MNames = {"January ", "February ", "March ",
"April ", "May ", "June ",
"July ", "August ", "September ",
"October ", "November ", "December "};
static int [] daysIn (int y) // see if y is a leap year and return correct day in month
int [] LDays = {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; // leap year.
int [] Days = {31, 28, 31, 30, 31, 31, 31, 30, 30, 31, 30, 31};
if (y%4==0 && (y%100!=0 || y%400==0)) // test if y is a leap year. y is gotten from printCal.
return LDays;
else
return Days;
static int [] startDay(int y) // Find First Day of a month
int [] z = daysIn(y);
int firstDay =((y-1900)*365 +(y-1901)/4)%7;
int x = 0;
int [] startDay = new int [12];
while (x!=12)
if (x==0)
{startDay[0] = firstDay; firstDay = (firstDay+z[0])%7;}
else
{startDay[x] = firstDay; firstDay = (firstDay+z[x])%7;}
x++;
return startDay;
static int [] topLeft (int y) // find the starting position of the days in a month for printing
int [] k = startDay(y);
int [] topLeft = new int [12];
int t = 0;
while (t!=12)
topLeft[t] = 1- k[t];
t++;
return topLeft;
static String [] dispMonthDays(int y) // Method to supply the days of a month in grid form needs work.
int k = 0; // int to take the topleft value for each month
int dim = 0; // int to take the total days in each month
String monthD=""; // empty string
String [] monthDay = new String [6]; // String Array to take the results of MonthD and be returned 12 tmes
int loopThrough= 0; // int variable to progress through the topLeft and daysIn arrays
while(loopThrough !=12)
k = topLeft(y)[loopThrought]; // Not being moved through as far as I can see
dim = daysIn(y)[loopThrough];
while (k != 42)
if (k < 1){monthD = monthD + " "+" "+" ";}
else if (k >=1 && k <=9){monthD = monthD + " "+ k +" ";}
else if (k >= 10 && k <= dim){monthD = monthD + k + " ";}
else if(k > dim){monthD = monthD +" ";}
k++;}
monthDay[0] = monthD.substring(0,20);
monthDay[1] = monthD.substring(21,41);
monthDay[2] = monthD.substring(42,62);
monthDay[3] = monthD.substring(63,83);
monthDay[4] = monthD.substring(84,104);
monthDay[5] = monthD.substring(105,106);
l++;
return monthDay;
static void printCal(int y) // function to hand off year and print cal amended for testing to see if dispMonthDays is working
int count=0;
int upstep=0; // int variable to return the monthDay
while (count !=12)
while (upstep!=6)
System.out.print(dispMonthDays(y)[upstep]);
upstep++;
upstep=0;
count++;
public static void main (String [] args)
Scanner input = new Scanner (System.in);
System.out.print("Enter a year: "); int year = input.nextInt();
printCal(year);
I still think the problem is with the first loop in dispMonthDays -
Changed Configuration paths with ConfigurationImpl for UIX CSS
Hi,
I want to change the default stylesheets for UIX components. therefore I read chapter 7 Customization and then chapter 10 Configuration of the help to JDeveloper (v. 9.0.2). I found out, that if I want to use my style sheets, I have to write a XSS file, what I did, and then include that to my application - somehow. I will not change the blaff.xss file, therefore I chose the way to instatiate a new ConfigurationImpl, change the path for the styles directory - as mentioned in chap. 10 - and registered it and... nothing. then I wanted to do following :
RenderingContext.setConfiguration(config); but that is not working, because the method setConfiguration() is not available.
my source snips:
*.xss:
<?xml version="1.0"?>
<styleSheetDocument xmlns="http://xmlns.oracle.com/uix/style">
<import href="blaf.xss"/>
<styleSheet>
<style selector=".OraTableCellText">
<property name="color">#222222</property>
<property name="vertical-align">top</property>
</style>
</styleSheet>
</styleSheetDocument>
my source snip for ConfigurationImpl:
ConfigurationImpl config = new ConfigurationImpl("myConfig");
config.putRelativeURI(Configuration.STYLES_DIRECTORY, "/public_html/styles/"); //it starts at the workingdirectory of the project, or?
config.register();
renderingcontext.setConfiguration(config);
thx a lot,
BritYou have to wait to call RenderingContext.setConfiguration() when you're about to render.
If you're using UIX XML, what you'll do is subclass UIXPageBroker and override
protected Configuration getConfiguration(
BajaContext context,
Page page)then tell UIX to use your page broker instead of UIXPageBroker.
If you're using UIX JSPs, wrap your page in a <uix:renderingContext> tag with the "id"
attribute set, then:
<uix:renderingContext id="rc">
<% rc.setConfiguration("myConfig"); %>
... rest of UIX content for your page in here ...
</uix:renderingContext>Note that you can set the configuration by name, rather than needing to refer
to the object directly.
9.0.3 will make this process simpler. Stay tuned. -
Configure OAS with dataguard for high availibility
Hi,
We use oracle application server to connect to 10g database. This prod db has a physical standby db. I am trying to do a failover test where I make the physical standby as primary and connect to that db from our application.
I change the dads.conf file to point to the physical db. but I get ORA-01033: ORACLE initialization or shutdown in progress Error-Code:1033 Error TimeStamp:Fri, 8 May 2009 21:57:55 GMT
but this physical db is up & open and in read write stage.
The db name is prod and prod_stby. is this because of the different names ??Hello,
I think you need to keep the infrastructure database names the same. Have you considered using the failover capabilities within 10gAS for your application servers? This is different from
Data Guard standby database option. Here is a good Metalink note on how to setup and configure 10g Application Server failover:
Understanding OracleAS 10g High Availability - A Roadmap- Metalink Note #412159.1
Cheers,
Ben -
Jabber for Windows SSO with CWMS
We've configured our WebEx Meetings Server 2.0 for SSO with ADFS 3.0 and it works in various browsers. The docs for Jabber for Windows say that it can do SSO to WebEx Meetings Server but there are no details in the configuration guide and I haven't been able to get it to work. After I turn on SSO, Jabber won't authenticate with the Meetings Server. All the guide says is
If you configure SSO with Cisco WebEx Meetings Server, Cisco Jabber can seamlessly integrate with the SSO environment. In this case, you do not need to specify credentials in order for users to authenticate with Cisco WebEx Meetings Server.
Any ideas?Hi Eric,
No specific configuration is done on CWMS for Jabber for Windows integration. All this is done on Jabber side. I would advise you to reach out to Jabber Clients community or open a TAC ticket with Jabber for Windows team.
-Dejan -
Error installation when configure OAM with FORMS 11Gr2 (SSO)
Hi
I try configure SSO with Forms 11gR2 (windows 2008).
1. Install RCU 11.1.1.5.0
2. Install and configure OID (ofm_idm_win_11.1.1.2 & patch ofm_idm_win_11.1.1.5)
3. Install OAM (ofm_iam_generic_11.1.1.5 & Patch 11.1.1.5.3 (13473393))
4. Integrate OAM & OID - After that i can logon to my oamconsole using OID (LDAP) identifier
5. Try install Forms 11gr2 ( ofm_frmrpts_win_11.1.2.0.0_64)
During installation, i complete information about my OID, then i put connect information to OAM and i get error.
OAMAdminServer - console
<2012-07-17 08:44:32 CEST> <Error> <oracle.oam.engine.remotereg> <OAM-30046> <agent validate mode failed. Agent does not exist. >
InstallLog
Welcome to OAM Remote Registration Tool!
Parameters passed to the registration tool are:
Mode: agentvalidate
Agent name: 120717084429_RREG_OSSO_VALIDATE
Enter your server address (http(s)://FQDN:port):Server Address: http://weblogic:7002
Enter admin username:Username: weblogic
Enter admin password: Enter admin password:Your validate request is being sent to the Admin server at: http://weblogic:7002
2012-07-17 08:44:33 oracle.security.am.engines.rreg.common.XMLValidationEventHandler handleEvent
SEVERE: Error occurred while parsing the XML file.Error message is: cvc-complex-type.2.4.d: Invalid content was found starting with element 'managedServerUrl'. No child element is expected at this point.
At Column:421
and At line number: 1
Error message is: cvc-complex-type.2.4.d: Invalid content was found starting with element 'managedServerUrl'. No child element is expected at this point.
At Column:421
and At line number: 1
The remote registration process did not succeed! Please find the specific error message below.
Error in unmarshal2012-07-17 08:44:34 oracle.security.am.engines.rreg.common.RequestResponseParser parseFromXMLString
SEVERE: Exception encountered: RemoteAgentRegistrationException. Specific exception:JAXBException.nulljavax.xml.bind.UnmarshalException
- with linked exception:
[org.xml.sax.SAXParseException: cvc-complex-type.2.4.d: Invalid content was found starting with element 'managedServerUrl'. No child element is expected at this point.]
2012-07-17 08:44:34 oracle.security.am.engines.rreg.client.RegClient main
SEVERE: Exception encountered: RemoteAgentRegistrationException. Specific exception:Error in unmarshalling operation! Please try again.oracle.security.am.engines.rreg.common.RemoteAgentRegistrationException: Error in unmarshalling operation! Please try again.
ling operation! Please try again.
resultset.getStatus() : false
Thanks in advice.
OscarHi,
This is a bug with OAM 11.1.1.5.x
The fix is to use OAM 11.1.2.x and you should be able to configure FR 11.1.2.x and connect to OID and OAM.
Regards,
noveaux_life -
SSO with KRB/ADS on Enterprise Portal 7
Dear All
while i am trying to configure SSO with KRB/ADS on Enterprise Portal 7 i am getting this on the trace file..completed the configuration through SpNego and when i try to log in its promting for user name password..
i have attched the trace file extract for your advice..
Regards
Buddhike
#1.5 #001CC45E6DA0008000000004000054FC00044F76844D9013#1213270351029#com.sap.engine.services.security.authentication.logincontext#
sap.com/com.sap.security.core.admin
#com.sap.engine.services.security.authentication.logincontext#Guest#0####3e642d50387311ddc2a0001cc45e6da0#Thread[Thread-110,5,SAPEngine_Application_Thread[impl:3]_Group]#
#0#0#Error#1#/System/Security/Authentication#Plain###
LOGIN.FAILED User:N/A Authentication Stack:com.sun.security.jgss.accept
*Login Module Flag Initialize Login Commit Abort Details*1. com.sun.security.auth.module.Krb5LoginModule OPTIONAL ok exception false null#
#1.5 #001CC45E6DA0006E00000029000054FC00044F76844D95C5#1213270351029#com.sap.engine.services.security.authentication.loginmodule.spnego.SPNegoLoginModule#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.loginmodule.spnego.SPNegoLoginModule#Guest#0####3e669e50387311dda053001cc45e6da0#SAPEngine_Application_Thread[impl:3]_2##0#0#Error##Java###Acquiring credentials for realm KEELLS.INT failed
[EXCEPTION]
#1#GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!) at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentialsInCurrentThread(ConfigurationHelper.java:236)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:29)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:337)
Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Access Denied. at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:297)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
... 9 more
Caused by: com.sap.engine.services.security.exceptions.BaseSecurityException: Internal server error. An error log with ID [001CC45E6DA0008000000001000054FC00044F76844D8A3F] is created. For more information contact your system administrator.
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:156)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:181)
... 23 moreHi,
please check if the options defined in the KRB5LoginModule are correct.
First of all check for the option prinicpal. Did you provide this option and also provided the correct value?
This error often occurs if you provided a wrong value for option prinicpal
Cheers -
SSO with ITS & Webenabling WEBGui
Hello,
We have configured SSO with R/3 system. It works fine.
The requirement is, we have to webenable R/3 system thru SAP GUI For Windows and SAP GUI For HTML.
We are able to do both on developement environment where both R/3 and portal has got the same host names.
But in the qa environment, we are able to webenable R/3 with SAP GUI For Windows and the SSO also works fine. But when we try to using SAP GUI For Html, it asks for the username and pwd again. Here the portal and R/3 has different host names.
Otherwise the settings in dev and test are exactly the same. Has anybody got a clue why is it not working?
Regards,
RukmaniHi all,
it is always good to start with a good checklist. Here is probably the best one: https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sso checklist.html
My suggestion is: do not skip even simple steps, sometimes problem appears there
Regards,
Pavol
Maybe you are looking for
-
Does any one have the same problem with their MacBook Pro i5 Intel Dual Core? If the computer goes to sleep (not the screen) and is asleep for a while, when I try to wake it up it doesn't respond. I have to power it downn and restart it and sometime
-
Some web pages are not loading on my Macbook pro, Safari,firefox,chrome,opera! Some web pages are loading pictures like thumbnails. Pls i need helpppppppppp!
-
Is it ok to use a torrent client for mac
I want to know that a torrent client is harmful for my macbook air(which is running on OS X MAVERICKS) I am bit afraid to download torrent books via a torrent client Please help me???? Thank you very much.......
-
Tecra M3 - black and white dots
Im problem with My Tecra M3, I get the Toshiba logo come up fine. Then a bunch of black and white dots, (its windows when has crashed and gives you option in safe mode) but you cant make out any of the text, I only know this because Ive delt with com
-
I can't see the virtual consoles in one x86_64 machine
Hi to everyone: I have one problem with my system: my graphical mode works fine, but when press Alt + (F1 ... F6); I can't see nothing: only one black screen and one blinking cursor (_) I'm using KDE 4.3.3-1 on xorg-server 1.7.1.901-2. Someone else w