EP 7.0 SSO to BW 3.5 with SAPLOGONTICKET

Similar Messages

• SSO to Crystal enterprise eportfolio with SAPLOGONTICKET

  Hi
  We have setup Crystal Enterprise V10 to SAP Authentication and we are able to connect to Crystal eportfolio with SSO from EP6SP2 app integrator based iview without any problem, by giving R/3 userid, password via usermapping.
  We have loaded verify.der from EP6SP2 in SAP R/3 and SAPLOGONTICKETS are working fine with other ESS iviews.
  However for the Crystal eportfolio app integrator based iview if we change the logon method from UIDPW to SAPLOGONTICKET we are  getting the login screen from Crystal eportfolio prompting for userid/password. 
  We have loaded verify.der in SAP R/3 and SAPLOGONTICKETS are working fine with other ESS iviews.
  These are our settings on the app integrator based iview in EP6SP2:
  URL template:
  <System.protocol>://<System.server><System.uri>?<Authentication>
  URL template fraction for SSO2:
  MYSAPSSO2=<Request.SSO2Ticket>
  URL template fraction for usermapping:
  usr=<MappedUser>&pwd=<MappedPassword>&aut=secSAPR3
  Required instance profile parameters on R/3 were set correctly, and all servers are referred with their FQDN.
  Did we miss anything else that is specific to Crystal eportfolio? Has anyone successfully connected to Crystal eportfolio V10 from EP6SP2 using SAPLOGONTICKETS ? Appreciate if someone can share their experience.
  Thanks
  Nagesh

  Hi Ingo
  Thanks for your response.
  1. URL that I am calling from inside the 'App Integrator' iview to access Crystal eportfolio is:
  Name of the server:
  <hostname>.<domain>.com
  Protocol of target system:
  HTTP
  URI of Web Application:
  /crystal/enterprise10/sap/ePortfolio/en/logon.csp
  URL template fraction for Single Sign-on (SSO2):
  MYSAPSSO2=<Request.SSO2Ticket>
  2. URL of the Portal:
  http://<portal_hostname>.<domain>.com
  In both the above URLs, the <DNS domain> is same.
  3. Log on to standalone eportfolio works perfect with 'SAP' Authentication.  SAP User can logon to eportfolio directly from the browser using SAP userid/password.
  For the above iview when SYSTEM is changed to UIDPW logon method it works perfect, and Portal user can get into crystal eportfolio from the app integrator based iview without any problem.
  Once the logon method ( SYSTEM property) for the above iview is changed to SAPLOGONMETHOD single sign-on is not working anymore and the user receives Crystal eportfolio login screen.
  Question is:
  a)  Can logon.csp file from Crystal handle SSO cookie coming from Portals and authenticate the user against SAP R/3, and let the user login successfully ??
  b) Is the URL template fraction for single sign-on (SSO2) given above is corrrect/complete?
  c) On support.businessobjects.com website I found that  this is a known problem for Crystal 8.5 with Track/Problem ID: ADAPT00094464 and fix was given via CE8.5 Service Pack-I.  Since we are running Crystal V10 I assume that this has been taken care of in the new release.  Is it not true? or is there seperate service pack for V10 too..?  Please let me know.
  Thanks in advance.
  Nagesh Seemakurty

• SSO Enabling a custom application with OAM

  Hi All !
  Am a bit stuck on a problem and need some urgent help. Actually we are trying to launch some custom-built (J2EE/.NET) web applications from the Oracle Portal with SSO i.e. once the user logs into the portal he would not have to log-in again to the applications which would be launched from the portal home page.
  We have successfully integrated the Oracle Portal with the OAM SSO, but facing some problems with SSO enabling the custom applications. Any help on what should be the ideal integration architecture and approach for SSO enabling the apps with minimum amount of modification of the application code.
  The licenses are available for OID, OVD, OAM.
  Thanks in advance. Any views/comments/links to useful material appreciated.
  Cheers
  Soumak

  If your custom application uses its own database for Authentication, then you have to modify the login process for your application. i.e. you have to trust the OAM to have done the authentication and then create any custom cookie that your application might use in its landing page.
  I am assuming that your custom application have some way of tracking if the user has logged in or not. You can protect the Custom application URL within OAM and once the user has logged in you can then generate your custom application cookie.
  Even if you use OVD, you stil have to modify login process in your custom appliation to trust the third party to have done the authentication.
  Thanks
  Ram

• SSO Configuration : Dual Stack Installation with same SID

  Dear SDN users
  We upgraded our BW system to 2004s with  Java add-in installation. We used same SID for ABAP and Java stacks. I could not find a good document to configure SSO between ABAP and JAVA with same SID installation. I would appreciate if you can provide a link to the document or give me sequence of steps to be executed.
  I am aware of note 917950 and 888687.
  Thanks in Advance
  V Reddy

  Chetan
  We are done with upgrade. Currently we are using SSO with UIDPW. I would like to configure SSO using certificates..
  If I remember correctly instguides suggest to run template installer. I did use template installer but it fails in some steps as we have same SID for ABAP and Java. I manually configured all the steps using instructions from " SAP Nw2004s BEx WEb System Landscapes" published by Tobias Kaugmann. Still no luck.

• SSO to BSP using NTLM with application parameters

  Hi all,
  As part of the CRM activity, the customer's system sends out an email to a user with a link pointing to a bsp. Part of the url is the call id which the bsp needs to display.
  The customer does not wish for the users to input user/pass when accessing the bsp.
  According to documentation, NetWeaver supports only SAP logon tickets and X.509 SSO methods(http://help.sap.com/saphelp_nw04/helpdata/en/02/
  d4d53aa8a9324de10000000a114084/content.htm).
  Found this thread that suggest a workaround:
  BSP without logon?
  Seems like it should work, but ITS forwards to a static URL.
  Any ideas on how I can make sure that after the whole sso process is complete, the bsp will still remember which call-id it needs to display?
  Regards,
  Eric

  The goal is to have the changes made inside the bsp recorded to the logged in user. So one user for all is not applicable.
  After fiddlig around with the forwarding settings and the ITS, I managed to get this thing working. Almost.
  When I access the BSP url, it gets forwarded to and from the ITS and I get a SSO2 ticket. However, when it comes back from the ITS I get a http 404 error page. If I refresh that page, the BSP loads fine, with the transferred parameters and the correct user.
  Can't get my head around why it gives me a 404.
  Eric
  Message was edited by: Eric Labiner

• SSO protected Forms application fails with an OID error.

  Hello everyone,
  I have a fresh install of Oracle Application Server 10.1.2 on RedHat Enterprise Linux 4. No patches were installed yet.
  I've setup Forms to use the Single Sign-On server (SSO). Then created a user with a Resource Access Descriptor (RAD) in the Oracle Internet Directory (OID). I can successfully use the Forms application when I'm not using the SSO.
  However, problems arise when I set the Forms application to use SSO. Once I get authenticated, the application.log files fills up with the following lines:
  07/05/08 16:30:38 formsweb: In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
  07/05/08 16:30:38 formsweb: In doRequest method in ue.isNamingException
  07/05/08 16:30:38 formsweb: Redirecting to DAS to update the resviewer list
  07/05/08 16:30:38 formsweb: UserID is NULL redirecting to DAS
  07/05/08 16:30:38 formsweb: Forms Group DN"cn=Logical Application Group, orclApplicationCommonName=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635, cn=forms, cn=Products, cn=OracleContext"
  07/05/08 16:30:38 formsweb: The DAS URL generated: http://osielle.notarius.com:7777/oiddas/ui/oracle/ldap/das/mypage/AppCreateResourceInfo?resKey=testrtm&resType=oracleDB&resViewer=%22cn%3DLogical+Application+Group%2C+orclApplicationCommonName%3DformsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635%2C+cn%3Dforms%2C+cn%3DProducts%2C+cn%3DOracleContext%22&doneURL=http%3A%2F%2Fosielle.notarius.com%3A7778%2Fforms%2Ffrmservlet%3Fconfig%3Dtestrtm%26form%3Drtminit.fmx&cancelURL=http%3A%2F%2Fosielle.notarius.com
  While $ORACLE_HOME/ldap/log I see some new log files created which also contain erros. Such a log file is oidldapd01s3739.log and contains these lines:
  BEGIN
  2007/05/08:14:37:13 * ServerWorker (REG):7 * ConnID:194 * OpId:5235 * OpName:modify
  ERROR * gslsbzCheckDupAttrValinEntry : Normlztn failed for "cn=Logical Application Group, orclApplicationCommonName=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635, cn=forms, cn=Products, cn=OracleContext"
  END
  I've RTFM a lot about this but I still can't find a way to fix this. I've found some info in Metalink Note 360341.1 "In Getuserid Method: Caught Error When Logging Into Forms With SSO Enabled". Unfortunately, my formsweb.cfg file is already setup as the workaround that it proposes, so that doesn't help.
  It seems like the attribute "orclresourceviewers" does not get created when the RAD is generated? One of you (Sandeep I believe) suggested that it may have to do with a lack of an OID Index and that I should use catalog.sh to fix this. I unfortunately don't know how to proceed.
  I've also opened a TAR, but Oracle Support doesn't seem to understand what's going on.
  Any ideas anyone?
  Many thanks,
  David

  Hi everyone,
  Alright, I solved the problem. It seems like the OID is very very very picky with the formsweb.cfg syntax. Especially with the quotes: don't use them!
  For example, I had set the oid_formsid & formsid_group_dn values between double-quotes. Removing them fixed the error.
  Here's an RCS output from the modifications.
  [[email protected]] server {1008}$ rcsdiff formsweb.cfg
  ===================================================================
  RCS file: RCS/formsweb.cfg,v
  retrieving revision 1.10
  diff -r1.10 formsweb.cfg
  208c208
  < oid_formsid="formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635"
  oid_formsid=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635214,215c214
  < # formsid_group_dn=%GROUP_DN%
  < formsid_group_dn="cn=Logical Application Group, orclApplicationCommonName=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635, cn=Forms, cn=Products, cn=OracleContext"
  formsid_group_dn=cn=Logical Application Group, orclApplicationCommonName=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635, cn=forms, cn=Products, cn=OracleContextHTH,
  David

• SSO to Non SAP Systems with SAPSSOEXT

  Hello,
  i have a Problem with the SAPSSOext Librarys.
  I write a small Programm that uses this librarys, but it wont work. So i try to Use the example, but the Example also not works.
  I DO:
  - Download SAPSSOEXT_0-10002921.zip, unzip it and Put the DLLs into /windows/system32
  - Download SECULIB54_XXXX.sar, unsar it and Put the containing files into /windows/system32
  Then i open an Command Window an write the following line in the direktory where the samples are:
  ssosample -i ..     icket.txt -p SAPdefault
  And now i get the following error:
  C:     mpssosampleC>ssosample -i ..     icket.txt -p SAPdefault
  Content-type: text/html
  Content-length: 248
  h1. Error!
  Your request cou
  ld not be processed. The error message is:
  The mySAP.com logon ticket cou
  ldn't be verified. The standard error code is 5. The SSF error code is 22.>
  C: mpssosampleC>
  Did anybode make the example run? I didnt see my mistake :-(.
  In a Second try i look into a debugger to look where the problems are. I think i cant initialice the sapsecu.dll. But it pot it definitly in the windows32 folder.
  Any hint is welcome, best Regards,
  Patrick
  Message was edited by: Patrick Höfer

  Hi Patrick,
  my code which in fact worked (with the versions you have named) is as follows:
  package com.mysap.sso;
  import java.io.ByteArrayInputStream;
  import java.security.cert.CertificateFactory;
  * This class provides wrapper functionality for SSO2Ticket (SAP Logon Ticket) in Java.
  * @version 1.0 30.11.2000
  public class SSO2Ticket
      private static boolean initialized = false;
      public static String SECLIBRARY ;
      public static String SSO2TICKETLIBRARY = "sapssoext";
      static {
          SECLIBRARY = "sapsecu.dll";
          try {
              System.loadLibrary(SSO2TICKETLIBRARY); 
              System.out.println("Lib geladen.");
              if ( init(SECLIBRARY) ) {
                  System.out.println ("SSO2TICKET initialized successful !");
                  System.out.println ("version: "+getVersion());
              } else {
                  System.out.println ("Implementation of JNI mysapsso2 not loaded. ");
          } catch (Throwable e) {
              System.out.println ("Error during initialization of SSO2TICKETn");
          System.out.println("static beendet.n");
       * Initialization
       * @param seclib location of ssf-implemenation
       * @return true/false whether initailisation was ok
      private static native synchronized boolean init(String seclib);
       * Returns internal version.
       * @return version
      public static native synchronized String getVersion();
       * eval ticket
       * @param ticket        the ticket
       * @param pab           location of pab
       * @param pab_password  password for access the pab
       * @return [0] = (String)user, [1] = (String)sysid, [2] = (String)client , [3] = (byte[])certificate
      public static native synchronized Object [] evalLogonTicket(
                                                                  String ticket,
                                                                  String pab,
                                                                  String pab_password)
          throws Exception;
       * creates ticket.
       * @return the ticket
      public static void main(String[] args) throws Exception
          System.out.println("start SSO2TICKET main");
          System.out.println("-------------- test version --------------");
          String version =SSO2Ticket.getVersion();
          System.out.println(version);
          String ticket = "... to be filled with an base64 encoded run time ticket ...";
          try {
              Object o[] = evalLogonTicket(ticket, "c:\download\verify.pse", "");
              System.out.println("The User ID is:          " + (String)o[0]);
              System.out.println("Issuing System (Sysid) : " + (String)o[1]);
              System.out.println("Issuing System (Client): " + (String)o[2]);
              System.out.println("Certificate Bytes      : " + (byte[])o[3]);
              if (o[3] != null){
                      byte[] cert_ = (byte[]) o[3];
                      CertificateFactory cf = CertificateFactory.getInstance("X.509");
                      //X509Certificate cert = (X509Certificate)
                      cf.generateCertificate(new ByteArrayInputStream(cert_));
                   System.out.println(o[3]);
          } catch (Exception e) {
              System.out.println(e);
          } catch (Throwable te) {
                System.out.println(te);
  By <i>System.loadLibrary(SSO2TICKETLIBRARY)</i> sapssoext.dll will be loaded. By <i>init(SECLIBRARY)</i> the sapsecu.dll should be loaded (in fact by sapssoext.dll).
  Hope it helps (but I'm afraid that you have got more or less the same code at your site)
  Detlev

• SSO problem on Windows Mobile with WAS Java 7.0 and R/3 4.7

  We have a curious single sign-on problem with custom WM-app.
  The application is developed using WD Java and currently runs on WAS 7.0 SPS10. WAS makes calls to several RFC:s on 4.7 Enterprise and authentication is done using SSO.
  The enduser device is a handheld running Windows Mobile and the browser is a vendor (HHP) provided Mobile IE based HandHeldWeb. Because of the poor usability of the default login on handhelds we created a custom J2EE Web Application JSP which does the login to the WM-app.
  On a PC browser everything functions normally, but occasionally with the mobile device no data from R/3 is displayed. As if SSO didn't work. Sometimes, if transaction 1 doesn't work and the user comes out of it, then runs transaction 2 which makes an RFC call and then returns to transaction 1 it works. Sometimes..
  This problem does not occur on mobile device when the default login is used. And as stated previously, on a PC the custom login works fine.
  -Erno

  Hi,
  Currently SAP is selling the Software in Business Suite .
  If you are purchasing the SRM 7.0 .It will come as Business suite . It will contain
  1. SRM 7.0
  2.CRM
  3.PLM
  4.SCM
  5. ECC 6.0 wiht Eph 4
  When you are getting the ECC 6.0 in this package why to use  SAP R/3- 4.6C
  So better you upgrade both the SRM and R/3.
  I would like to know if SRM 7.0 and R/3 4.6C is compatible in first place.Will it work?
  It will work but in the long run you will get lot  of Problem.Since SRM 7.0 is Based on Webdynpro technology
  Regards
  G.Ganesh Kumar

• SSO for Enterprise Portal 6 with different Portal and R/3 userIDs

  Hi there,
  We are using SNC library for SAP GUI logon to R/3 and SPNEGO for Web access to EP. What works for us currently is:
  SSO from Windows logon to Portal using SPNego (LDAP as our datasource with AD)
  However once we are inside the portal, the SSO to R/3 using SNC is not working. I have my Portal user mapped to my R/3 user as they are different usernames.
  But, if i launch SAP GUI on its own i can SSO into R/3 no problem.
  So, i have 3 queries here!
  1) Why am i not able to SSO into R/3 once i have SSO into Portal?
  2) Is there any way around the high maintenance of the user mapping?
  3) I have read on SAP Help about "Using an LDAP Directory Attribute as the ABAP User ID" but this will still require user / administrator to maintain the R/3 password.
  Is it possible to disable the R/3 password and thus have no maintenance as the R/3 (ABAP) User ID will be stored in LDAP attribute?
  Hoping you can help...
  Thanks.

  Answers below:
  1)
  When you say "ITS" I assume you are referring to the Integrated ITS in NetWeaver, not the external ITS product ?
  Anyway, if you are referring to Integrated ITS, then surely you are using webgui, not SAP GUI. The webgui is accessed via browser and is not related to SNC or SAP GUI product. The SAP GUI product is a Windows application that uses SNC to authenticate to SAP systems.
  If you are logged onto portal, which is a J2EE application and trying to access webgui which is running on ABAP Engine, then this might not work becasue your SSO2 trust is not setup correctly. Do you see an error in work process log saying anything about why the SSO2 ticket is not accepted ? Also, if ABAP and JAVA are on same system and Java Engine was installed as an add-in, you might need to create new SSO2 certificates to avoid a clash, and change client number from 000 to something else so SSO2 tickets issued in J2EE engine are differentiated from SSO2 tickets issued by ABAP Engine, but they are still trusted through configuration in STRUSTSSO2 t-code.
  2)
  You need to use a different product, which is available from a SAP partner to do this. I am not allowed to mention third party products on this forum, so if you want to know more you will have to contact me offline via email.
  3)
  See answer to question 2.
  Thanks,
  Tim

• SSO configuration in BOBJ 4 with Active Directory

  Hi Experts,
  Our client wants to implement the BOBJ on AIX 7.1 box with oracle 11G and wants to configure the Active Directory authentication for the BOBJ.
  BI 7.0 is already implemented on AIX. I have searched a lot to find the relevant document for the same but unable to do but I found the doc for BOBJ on windows with AD but not sure if the method is similar for the AIX box, Could you please help me to find out the required doc and explain me what should be our approach to configure the same
  Also , Is it possible that if we configure the AD authentication for SAP BI and then used the SAP authentication in BOBJ side with importing the SAP role and BOBJ transports in SAP. Will BOBJ work for the user created in BI ?
  Kindly suggest.
  Regards
  Saurabh mishra

  Thanks Tim,
  Actually I haven't worked on the AD and LDAP side so can you please elaborate your sentence and can you also assist me with the guide required for this configuration or any other example document. I read the article on below link -
  http://sboblog.infotrust.dk/index.php/2010/05/21/active-directory-sso-on-sap-businessobjects-xi-3-1/
  but I believe that this will not applicable for me as we have BOBJ box on AIX.
  Regards
  Saurabh Mishra

• How to get the SSO user from PL/SQL with Windows native authen

  I connect to a 10g daabase using SSO through Windows Native Authentication wher the OID user mapps to a single Database user.
  I need to get the SSO user from pl/sql
  My fornt end is Portal & Forms

  Hmm, I see.
  Well your problem boils down to being in the database and needing to have access to web environment variables. The SSO sets specific variables in the environment but your stored procedure is not privy to them.
  Now having said that, note that the mod_plsql Web Toolkit has a utility for accessing cgi variables. For instance,
  owa_util.get_cgi_env('Osso-User-Dn')
  If your web application cannot capture the SSO info and pass it to the stored proc in a parameter, OWA may be the only way.
  Check out the Single Sign-On Developers Guide, specifically the part about developing statically protected PLSQL applications.
  Hope this helps.
  regards,
  tt

• WLC CT-5508-HA-K9 HA SSO or HA N+1 with Pi 1.2

  I will install tomorrow 2 new WLC5508, I noticed that references were different:
  AIR-CT5508-25-K9 with 50 more AP licence
  AIR-CT5508-HA-K9 without license (I guess)
  This mean I will have one primary controller with all licenses "AIR-CT5508-25-K9 +50" and the otherone  as backup "AIR-CT5508-HA-K9" when the primary turns out. I'm not sure to be right and if this functionality runs in V7.3 and V7.4 ?
  After having a long look in this forum I saw that plethora bugs are reported in V7.3 and also in 7.4...
  Last time I've installed these devices it was in version 7.2 which works pretty well but without HA.
  In second time what's make me afraid is that I'm not sure that Prime1.2 works fine with 5508 V7.4
  In this document, 5508 V7.4 seems to work only with Pi 1.3, problem is that my boss already bought Pi1.2 licenses!
  http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
  I found in a naother Excel document "CPI12_supported_device" that Pi1.2 runs with all version of WLC5508, so I'm wondering ...
  Thanks for your help,
  Jeremy

  7.4 MSE code will in fact require an update of Prime 1.2 to 1.3.0.20-
  It's pretty easy though and your licenses will still work from the Prime Infra side.
  Here's a link to upgrade PI to 1.3
  http://www.cisco.com/en/US/partner/docs/net_mgmt/prime/infrastructure/1.3/release/notes/cpi_rn_13.html#wp73605
  I personally would go ahead with the upgrade of both:::

• Apex With SSO not working

  When running htmldb 2.0.00.29 with SSO , we receive
  ORA-06550: line 2, column 1: PLS-00201: identifier 'WWSEC_SSO_ENABLER_PRIVATE.GENERATE_REDIRECT'
  must be declared ORA-06550: line 1, column 45: PL/SQL: Statement ignored
  Error Unable to run portal_sso_redirect procedure as schema: PL_USER with partner app name: people finder:mercator.hq.ccw.gov.uk:7779.
  During debugging the issue we found out that the ssosdk could not be installed into FLOWS_020000 correctly
  ( error like:
  @loadsdk.sql
  create table wwsec_enabler_config_info$ OF sec_enabler_config_type
  ORA-00955: name is already used by an existing object
  CREATE sequence wwsec_log_pk_seq increment BY 1
  ORA-00955: name is already used by an existing object
  and as followup error in regapp.sql
  ERROR: Error in registration. Please try again
  ORA-06508: PL/SQL: could not find program unit being called
  Now we created in a separate schema the ssosdk and run next steps of
  Note:353023.1 CONFIGURING AN APEX (HTMLDB) APPLICATION TO USE SSO:
  But bow same error like on starting up the issue.
  Question:
  Is it possible to install ssosdk in a separate schema and not into FLOWS_02xxx
  If yes, what are the steps differennt to the Note:353023.1
  thanks

  Hi Scot,
  Thank you for your response.
  This is what I did for the migration by following the thread in
  How can I recovery APEX application from a full database export?
  - Create new empty database with APEX installed.
  - Disable foreign key constraints in the FLOWS_030100 Schema
  - Truncate all tables in the FLOWS_030100 Schema
  - Perform user level imports of tables only with IGNORE = Y for FLOWS_030100 Schema
  - Enable the constraints.
  (everything seems intact including SSO SDK objects)
  To register with SSO, this is what I did;
  1. Load SSO SDK in FLOWS_030100 Schema anyway
  2. Register APEX as Partner in SSO
  ID: 1B914F48
  Token: F76K433U1B914F48
  Encryption Key: F76K433U1B914F48
  Login URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
  Single Sign-Off URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
  Login URL : http://<hotsname>:7778/pls/apex
  Success URL : http://<hotsname>:778/pls/apex/wwv_flow_custom_auth_sso.process_success
  Logout URL : http://<hotsname>:7778/pls/apex
  3. Run regapp.sql as FLOWS_030100
  SQL> @regapp.sql
  Partner Application Configuration
  4.
  Enter value for listener_token: HTML_DB:<hostname>:7778
  Enter value for site_id: 1B914F48
  Enter value for site_token: F76K433U1B914F48
  Enter value for login_url: http://<hostname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
  Enter value for encryption_key: C5EB92724C7C98B8
  Enter value for IP check : N
  4. Ensure wwv_flow_custom_auth_sso compile successfully and grant it to Public
  When I tested it, I did get the page of SSO login. But after logging in, it will just go to Page not found. Initially, I thought there's someting wrong with
  wwv_flow_custom_auth_sso.process_success but it did compile successfully and I have granted it to Public.
  Yong

• SSO and IIS 7.5

  Does anyone have advice on how to configure JBoss 7.1.1.Final to successfully enable SSO using IIS 7.5 with integrated windows authentication. This used to be a simple process on CCP 9.3.2 but I've had no luck configuring JBoss 7.1.1.Final to use the SSO. The logs just always say the "LoginId not found for SSO in HttpHeader".
  I've successfully setup the redirect from IIS using the isapi filter to connect to the CCP application but have not gotten any further.
  I believe the standalone-full.xml file needs to be altered in someway to enable the SSO, any ideas?

  Hi
  We have resolved this issue, this is a known bug with JBoss 7.1.1 where the headers aren't passed through correctly. TAC had provided us with a patched version of the JBoss JAR file to resolve this.

• SSO from portal to Java based web application not happening

  Hi,
  We are trying to configure SSO from SAP Enterprise portal with Java based
  web application(Solaris on SPARC 64 bit).
  Then we downloaded library files for "Solaris on SPARC 64 bit" from
  service market place from the path "Support Packages and Patches"
  Additional Components" SAPSSOEXT".
  We are successful in sending the portal side cookie to the application.
  But while loading the library files we get the following error
  INFO | jvm 1 | 2009/04/13 04:47:00 | java.lang.UnsatisfiedLinkError:
  /usr/local/blackboard/apps/tomcat/lib/libsapssoext.so: ld.so.1: java:
  fatal: /usr/local/blackboard/apps/tomcat/lib/libsapssoext.so: wrong ELF
  class: ELFCLASS64 (Possible cause: endianness mismatch)
  Can you please suggest us what went wrong in this whole process.
  But when i tried with the 32 bit library files i was able to load libsapssoext.so file but when I
  tried to initialize libsapsecu.so i got the below message
  java.lang.Exception: MySapInitialize failed: rc= 14
  Also do we require to take"SAPSECULIB" from Support Packages and Patches" ...>Additional Components" ...>SAPSECULIB" ...>SAPSECULIB 5.4  for this SSO activity.
  Please get back on this ASAP as we are nearing the golive date.
  regards
  Bharath

  hi,
  am facing similar issue... i.e.
  java.lang.Exception: MySapInitialize failed: rc= 14
          at com.mysap.sso.SSO2Ticket.init(Native Method)
          at com.mysap.sso.SSO2Ticket.<clinit>(SSO2Ticket.java:27)
          at org.apache.jsp.index_jsp._jspService(index_jsp.java:92)
          at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
          at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
          at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
          at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
          at java.lang.Thread.run(Thread.java:619)
  static beendet.
  java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0
  CustomeSSO: Object is null.
  pls. help me in resolving it.
  rgds,
  santosh malavade