Double login for application

Similar Messages

• SSO requires double login for partner application

  I'm having some trouble with SSO partner applications, when I login to a SSO protected application, the login works fine, but when I try to navigate to another application I'm presented with the login page again, the sso cookie seems to be working since clicking on the login button without entering the user credentials works. For example, I log in to portal and from there I navigate to a forms application that is on the same server and the same port (portal: https://apps.mydomain.com:4444/pls/portal --> forms: https://apps.mydomain.com/forms/frmservlet?config=app) I am presented with the login page and after clicking on the login button without entering any information everything works fine. This is happening for all the middle tiers that are connected to the same OID. Any ideas on what can be wrong on my configuration?

  Hi Andrey,
  The problem sounds really wierd.
  Can you check your SSO settings for your Portal ECC system? I mean, please check the User Management/Administration properties in your System Adminstration of Portal System that points to ECC.
  Regards
  <i><b>Raja Sekhar</b></i>

• Avoid double login for BSP iView

  Hello,
  I have installed a Netweaver 2004s Application Server + Portal. The user data source for the Portal is the ABAP System. I have created a portal page that contains a BSP iView. This BSP is created in the Application Server, and the portal page is assigned to a role.
  When I access the portal with a user with that role, I have to log in, but for seeing the content of the BSP there is a second login request. Both logins are the same user and password against the same user data source (ABAP system). Is there any way to avoid the second login request apart of SSO?
  Thanks in advance and best regards.
  Joaquin Sanchez.

  Same issue discussed & solved in below thread..
  Re: How to supress login pop up for a BSP iView?
  Let us know if you face any more issue..
  Raja T

• Double login page for oam console

  Hi All,
  I have installed OAM 11.1.1.5 and now trying to access OAM through OHS, i am getting double login page 1st OAM SSO page and after that OAM native page.
  installations details
  OAM 11.1.1.5
  OHS 11.1.1.5
  webgate 10g
  Please let me know how to fix this issue
  Regards
  A Abhinay

  Give the Success and failure URLs in Application Domain and Check where it is redirecting
  Thanks
  Kumar

• How to create sso login for webcenter application

  Hi,
  i have created a webcenter portal application with a login page.i have to create a sso login for that application .
  can anyone suggest me how to do?

  Hi.
  Do you have OAM as SSO?.
  The best way is to create a loginProxy page which proxies the user and password entered to OAM Login process (or the other SSO system).
  This post of JayJay will help you: http://jjzheng.blogspot.com/2013/10/non-programmatic-authentication-using.html
  Regards.

• One login for multiple applications

  Hi,
  I was using HTMLDB 1.6 and followed the following guidlines: one login multiple applications for one login to multiple applications. Basically I set the cookie name the same for both applications. It worked.
  Now I've upgraded to HTMLDB 2.0 and this doesn't work anymore. I need to login to each application. Any way around this?
  Thanks,
  Marty

  Scott
  I have an SQL report region that includes this column:
  decode((select count(*) from gr_agency_add f, gr_emp_add a where a.empid = g.userid and a.aid = f.aid and a.add_type = g.address_option), 0, '', '<a href="f?p=&APP_ID.:9:' || :APP_SESSION || '::::P9_GRID:' || g.GRID || ' target="_blank">') ||decode(trunc(length(g.topic)/30), 0 , g.topic || '</a>', substr(g.TOPIC,1,30)||'..') "Topic",
  With the
  target="_blank"
  of course I am opening page 9 in a new window. I never had a problem with this but today, in a demo to some executives, the new window apparently came up with the login page and not page 9. Would this be due to a browser setting? Unfortunately, I don't have much info about the laptop they were using.
  The demo was still a success!
  Bill

• Blocks in standalone applications which can be double clicked for changing parameters

  Can we have blocks in standalone applications which can be double clicked for changing parameters.
  something like an options/configure button which opens another window and helps us to change tha parameters  of that particular
  block.

  Well, you will need to program your application that way. Maybe I am not understanding this correctly but what parameters do you want to change in your standalone application?
  Adnan Zafar
  Certified LabVIEW Architect
  Coleman Technologies

• SSO for some SAP Apps, but forced login for the sensitive data application

  We have R/3 4.7 (Enterprise), with EP 6.0 and Web AS 6.40.  We have implemented Employee Self Service, as well as CRM, and some BW reports through EP 6.0.  We have a Broadvision Portal that is on top of EP 6.0.  In other words, the employees login to the Broadvision Portal, and authenticate against our Active Directory user store.  Then they will choose the SAP apps listed above, which go through the SAP Portal (EP 6.0)
  We want to allow SSO through EP when users choose either CRM, or BW reports, but we want to force a login when they choose ESS, since this data is more sensitive.  The problem we have had is that when we turn on SSO, it allows the user through for all 3 SAP apps.  My question is: How can we force a login for just ESS, but not for the other 2 apps.
  Thanks.

  Rick,
  I suppose, Eric meant Authentication Schemes ("authschemes") instead of security zones.
  An authentication scheme is essentially a pointer to a JAAS logon stacks on the J2EE Engine plus a frontend ("login screen"). Authentication schemes are assigned numbers ("priorities"), the higher the number the more trustworthy the authentication of the underlying JAAS stack is regarded.
  Example:
  Let's assume you use the default authscheme "uidpwdlogon" for all your iviews. It features a password-based or SAP logon ticket-based logon and is assigned a value of 20. All iviews that have this authscheme set in its "authscheme" property are accessible for you without any further authentication once you have passed this scheme (or any other authscheme with a priority <= 20).
  Now, you set one individual iview to use authscheme "certlogon", which requires an X.509 certificate and is valued "21". When accessing this iview, the portal will force a re-authentication (as 21>20).
  By configuring custom authschemes and JAAS logon stacks you can easily implement your scenario. Simply ensure that all your ESS iviews will be using an authscheme with a value greater that your default value.
  Regards,
  Dominik

• Error: 1056603 Unable to spawn process for application [AppName]

  Hi,
  After a fresh installation of Essbase Server (11.1.1.4), I'm experiencing the following error when attempting to perform basically any action on any Application (Start, Stop, Delete) through EAS:
  *Error: 1056603 Unable to spawn process for application [Demo]. Please ensure that adequate memory is available.*
  System memory seems abundant at around 5% usage with all relevant services started, but I even doubled it (since it's a VM) to 16Gb just to make sure, the issue persists.
  Having a look at the Essbase server log, I didn't find any additional info that could be helpful:
  [Thu Oct 11 15:07:03 2012]Local/ESSBASE0///2412/Info(1051160)
  Received Validate Login Session request
  [Thu Oct 11 15:07:03 2012]Local/ESSBASE0///2380/Info(1051001)
  Received client request: Get App and Database Status (from user [admin])
  [Thu Oct 11 15:07:03 2012]Local/ESSBASE0///568/Info(1051001)
  Received client request: MaxL: Execute (from user [admin])
  [Thu Oct 11 15:07:03 2012]Local/ESSBASE0///568/Error(1056603)
  Unable to spawn process for application [Demo]. Please ensure that adequate memory is available.
  [Thu Oct 11 15:07:03 2012]Local/ESSBASE0///568/Error(1054001)
  Cannot load application Demo with error number [1056603] - see server log file
  [Thu Oct 11 15:07:03 2012]Local/ESSBASE0///568/Warning(1051003)
  Error 1054001 processing request [MaxL: Execute] - disconnecting
  And when the Essbase service is started, essbase.log also seems to be pretty normal:
  [Thu Oct 11 15:18:13 2012]Local/ESSBASE0///2376/Info(1051001)
  Received client request: Logout (from user [admin])
  [Thu Oct 11 15:18:13 2012]Local/ESSBASE0///2376/Info(1051037)
  Logging out user [admin], active for 29 minutes
  [Thu Oct 11 15:18:19 2012]Local/ESSBASE0///1236/Info(1051243)
  Exclusive operation security file compaction started. This may take a while
  [Thu Oct 11 15:18:19 2012]Local/ESSBASE0///1236/Info(1051244)
  Security file compaction completed
  [Thu Oct 11 15:18:19 2012]Local/ESSBASE0///1236/Info(1051052)
  Essbase Server - finished
  [Thu Oct 11 15:18:23 2012]Local/ESSBASE0///2620/Info(1051283)
  Retrieving License Information Please Wait...
  [Thu Oct 11 15:18:23 2012]Local/ESSBASE0///2620/Info(1051286)
  License information retrieved.
  [Thu Oct 11 15:18:29 2012]Local/ESSBASE0///2620/Info(1051199)
  Single Sign-On Initialization Succeeded !
  [Thu Oct 11 15:18:29 2012]Local/ESSBASE0///2620/Info(1051232)
  Using English_UnitedStates.Latin1@Binary as the Essbase Locale
  [Thu Oct 11 15:18:34 2012]Local/ESSBASE0///2620/Info(1051134)
  External Authentication Module: [Single Sign-On] enabled
  [Thu Oct 11 15:18:34 2012]Local/ESSBASE0///2620/Info(1051051)
  Essbase Server - started
  [Thu Oct 11 15:18:34 2012]Local/ESSBASE0///2620/Info(1051243)
  Exclusive operation security file compaction started. This may take a while
  [Thu Oct 11 15:18:34 2012]Local/ESSBASE0///2620/Info(1051244)
  Security file compaction completed
  [Thu Oct 11 15:18:34 2012]Local/ESSBASE0///2620/Info(1051052)
  Essbase Server - finished
  [Thu Oct 11 15:18:34 2012]Local/ESSBASE0///2120/Info(1051283)
  Retrieving License Information Please Wait...
  [Thu Oct 11 15:18:34 2012]Local/ESSBASE0///2120/Info(1051286)
  License information retrieved.
  [Thu Oct 11 15:18:37 2012]Local/ESSBASE0///2120/Info(1051199)
  Single Sign-On Initialization Succeeded !
  [Thu Oct 11 15:18:37 2012]Local/ESSBASE0///2120/Info(1051232)
  Using English_UnitedStates.Latin1@Binary as the Essbase Locale
  Any ideas on what may be causing this?
  Thanks in advance!
  n

  Hi Nelson,
  Did you try increasing the Heap size for EAS ? Try the following and check if you still get the error -
  increase the Java heap settings in the EAS script on a Unix platform that was configured using the automatic deployment method, do the following:
  1. Navigate to the $HYPERION_HOME/deployments/{appserver}/bin directory.
  2. Edit the setCustomParamseas.sh(.bat) script.
  3. Modify or add the -Xms and -Xmx settings to the JAVA_OPTIONS variable. For example:
  +JAVA_OPTIONS="-Xms256m -Xmx1024m -DComponentName=eas -DcomponentId=1e3bf92b2d9bb0493bcd3380127b0ca49ee7f50 -Dsun.net.inetaddr.ttl=0 -DHYPERION_HOME=/usr/local/oracle/hyperion -Dhyperion.home=/usr/local/oracle/hyperion -DEAS_HOME=/usr/local/oracle/hyperion/products/Essbase/eas -DESS_ES_HOME=/usr/local/oracle/hyperion/products/Essbase/eas/server -DEAS_LOG_LEVEL=5000 -DEAS_LOG_LOCATION=/usr/local/oracle/hyperion/logs/eas/easserver.log -DCLIENT_SERVER_DIFF_MC=true -Dweblogic.j2ee.application.tmpDir=/usr/local/oracle/hyperion/deployments/temp -Djava.io.tmpdir=/usr/local/oracle/hyperion/tmp ${JAVA_OPTIONS} "+
  +*Note: For Tomcat deployments, the setting to modify is JAVA_OPTS:*+
  +*JAVA_OPTS="-Xms256m -Xmx1024m*+
  4. Stop and restart EAS for the setting to take effect.
  Hope it helps....
  KosuruS

• APEX SSO and Load balancing: Could not determine workspace for application

  We had a single HTTP Server serving APEX in a 10.2.0.2 database configured with SSO to be used by the developers. APEX has been registered as a partner application and the login url has been CA Siteminder protected so that the SM_USER details are forwarded in the header for the application to use for authorization. Everything is fine so far.
  Now we have added a HTTP Server on another host and have it all set up for APEX and its pointing to the same database. APEX_ADMIN access works as normal, but applications previously using SSO now get the following error after entering the URL.
  Expecting p_company or wwv_flow_company cookie to contain security group id of application owner.
  Error ERR-7620 Could not determine workspace for application ().
  Using HTTP Watch I find that the application is not even trying to redirect to the login page.
  What is wrong here?

  APEX has been registered as a partner application as described in
  http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
  In the meantime I found metalink document 368746.1 which describes the cause of this problem. Please read carefully what I wrote, it all works when the the new APEX web server is turned off in the server farm on the load balancer and directed through the original web server. When running regapp.sql the hostname in the listener token was using the virtual hostname. This works fine if the request comes from the original APEX server which proofs that there is nothing wrong with the installation and set up of SSO. When directing the request to the new APEX web server the APEX_ADMIN page still works only existing work spaces using SSO don't seems to work anymore resulting in a error as described in the subject.
  As for metalink document 368746.1 naming the causes of this error:
  - there are no duplicate entries in WWSEC_ENABLER_CONFIG_INFO$
  -LISTENER_TOKEN clearly works for requests coming from the first web server
  -theoretically the web server listener port could be changed from 7777, but port 80 needs to be maintained here as production is mimiced as far down as possible.
  Is there some cache table which can be cleared? How is it that the flows schema (apex engine) can not find the work space when the request comes from a new web server which can however access the APEX_ADMIN pages.
  anyone?

• ErrorERR-7621 while login to application

  HI, all
  I encountered below error when I try to login to one of our Apex application
  *"Error     ERR-7621 Could not determine workspace for application (:) on application accept.*
  *Expecting p_company or wwv_flow_company cookie to contain security group id of application own"*
  The application was exported from one 10g Oracle instance and import to another 11g instance,
  both are running Apex 4.1.0.00.32, the application was first developed in Apex 3.2 and we upgraded it to 4.1.
  I search through the whole forum and found some similar case, but all without an helpful answer on how to solve the problem.
  Is there anyone from the development team can help on this, as we have been using Apex develop quite some number of application,
  I am start to worry what will happen to our others application if we need to migrate the db.
  Thanks
  Vincent

  Hi,
  Based on the error, I see the apex is not able to associate, correct workspace id to the apex application which you are running.
  The cause i think here is, there may be same application number or alias in one of your workspaces of the apex instance.
  Please check whether you have same app id or an alias existing in one of your workspaces of the apex instance.
  You can check by  by running the below query as DBA or instance admin
  SELECT WORKSPACE,APPLICATION_ID,APPLICATION_NAME,ALIAS FROM APEX_APPLICATIONS
  or
  You can login to apex instance admin and manually look for all the apps in the workspaces.
  IF you see same app id in one of your workspaces, then create the app which you are running with new id and run the app and see.
  Hope it helps.
  Thnx
  MK

• No Authentication for application but need to be authorized for few pages

  Hi,
  I am new to the security concepts of APEX. Could you please assist me if my below requirement could be acheived, if so how?
  My application has 'No Login Authentication' schema selected which makes it open for any user, and this is as per our requirement. I have few pages which have to be accessed only by
  * Administrator
  * Higher Management team
  * Some pages where any enduser need to login (for instance, for posting any query, I would require to know the owner of the query for which I require the user to be authenticated and further have email communications)
  Any assistance in this regard is much appreciated.
  Thanks & regards,
  Anasuya

  Anasuya,
  You need to select an appropriate authentication scheme based on how you want to authenticate users and then make all pages "public" except for those that require authenticated access. For those authenticated pages, you can then assign authorization scheme to limit which authenticated users are authorized for each page.
  Scott

• Need help to create a login for maintenance of a single database in a multiple databases, single instance environment

  Hi,
  We are in the process of consolidating several databases on a single instance of SQL Server 2012.
  Databases are developed by outside vendors; they have to be able to install and support their databases but they shouldn't be able to do any thing with the other databases.
  When I tried to migrate the first database, the vendor told me that on the former server he used the sa account in some batch.
  On a previous thread
  https://social.technet.microsoft.com/Forums/sqlserver/en-US/dc1f802f-d8de-4e2b-87e5-ccb289593fb7/security-for-multiple-applications-on-a-single-sql-server-2012-instance?forum=sqlsecurity
  it was suggested to me that I create a login for each vendor and that this login should map a user in their respective databases.
  To test, I simulated the process in a test database:
  1 - I create the login and I scripted the command:
  USE [master]
  GO
  /* For security reasons the login is created disabled and with a random password. */
  /****** Object:  Login [M02_Test]    Script Date: 2014-12-02 16:23:58 ******/
  CREATE LOGIN [M02_Test] WITH PASSWORD=N'ÈS^y¡¶=Å€"+y¤j|úªhÖféÎЕœEu
  c', DEFAULT_DATABASE=[M02], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
  GO
  ALTER LOGIN [M02_Test] DISABLE
  GO
  2 - I create the user and scripted it
  USE [M02]
  GO
  /****** Object:  User [M02_Test]    Script Date: 2014-12-02 16:29:41 ******/
  CREATE USER [M02_Test] FOR LOGIN [M02_Test] WITH DEFAULT_SCHEMA=[dbo]
  GO
  Questions:
  What should we do with te scrambled password: is it saved as it was entered and should it be kept somewhere in a safe place?
  Would that do the job for the vendor who used sa before?
  Thanks for your advice

  I'm not sure why you would save the script. Why not create the login, in one way or another give the vendor the password. Keep the login disabled until needed.
  I don't recall exactly what we said last time, but it occurs to me that the application setup things on server level. Jobs is the prime thing that comes to mind, but there could be other things.
  Now, here is an important observation. As long as the vendor's application was alone on the server, that was OK, and it was OK to give the vendor sysadmin rights. In this situation this is less OK, and as we said, you should only give the vendor db_owner
  in the database.
  But the vendor will need to tell you what they do on server-level. They should know this - unless they sell their app as a "alone-on-a-server application". (And there are indeed such applications out there, even from Microsoft.) But there is a
  risk that they will bill you extra if you make their installation more difficult.
  Maybe you will have to give some vendors sysadmin for the installation, but in such case, you should ask them why they need it. If they don't, give them db_owner, and they will have to find out their hard way. (And you don't pay them for learning
  their own application.)
  Erland Sommarskog, SQL Server MVP, [email protected]

• How to restrict login for multiple users having same Role

  Our Web Application is deployed on Tomcat 5.5
  The requirement is ?
  There are roles in application like "operator", "admin"?
  There are multiple users created for each of the above role.
  When one user of "operator" role is logged in, then
  It should not allow to login for another user of "operator" role.
  Also, if user did not log out & application gets close, then
  It should not allow to login for another user of "operator" role.
  Also, it should not allow to login for multiple requests of same user
  (using another browser instance...)
  Is it possible using session object?
  But, using session object, it will create separate objects for different users,
  So here I will not be able to restrict session object creation rolewise.
  Also, how to retrieve these multiple session objects created for different users on server?
  If anyone is having the solution please reply as soon as possible,
  Thank you.

  To tell you the truth, this is a stupid requirement. It must be an extremely fragile application.
  In any case, you will have to write your stuff for that. Probably a filter that on login, logout, and session expiration checks, makes, or removes entries in a DB (using a synchronized resource to prevent race conditions) or possibly even simply in an application context object.

• "this computer is no longer authorized for applications that are installed

  "this computer is no longer authorized for applications that are installed on the ipad "name of ipad" Would you like to autoriize for items purchased from the itunes store?
  if you do not autorize ....
  Why am I getting this message I only have 1 computer the ipad connects to, it hasnt changed so why do I suddenly have to autorize it again????

  I've gotten the same issue now on my ipad.
  My mac mini is authorized. I only have ONE itunes account. I sync my original ipad today and I get this message. So i say sure authorize, even tho it is. Enter login and password, comes back with this computer is already authorized. I knew that but ok. hit ok. Up pops message that this computer is no longer authorized, blah blah blah. Ok ill try again. Authorize credentials entered. Get message that computer is already authorized. Itunes is most recent 10.2.1. Ipad is updated to 4.3.1.
  I deauthorized computer and reauthorized it. Still get loop.
  google for solutions, find lots of problems, no answers outside of reinstall itunes and it "might" work, but not for everyone. Not gonna do that yet.
  Figure Ill call, I mean its not that an old a device and its surely a bug in the software, I havent changed a single thing since I last synced and only tried got the sync message when i plugged it in to update the OS.
  /rant on Go through a gazillion voice prompts and question, finally get operator and he'll help me if i spend 80 or 30 bucks depending on the service program I want. Yah know thats just total #$%@.
  How about some customer service eh? How about posting a solution to the forums. If you dont have one, at least tell people that.
  I get the same bit of attitude when I walk in the apple store. Love the products, have been an apple user since the IIe, but I just want the products I bought from you, the software that I get from you, the music that I buy from you, the apps that I buy from you, etc etc to WORK with each other.
  /rant off
  has anyone seen a solution for this.