Federation with MS

Similar Messages

• Need information for federation with lync online

  We have an online lync account and one lync on premises account. We are trying to federate the two domains to enable chat and presence sharing between the two.
  Online Lync client is [email protected] and lync on premises client is [email protected] We have updated the SRV records for ggnucfederation.com as follows to enable federation with lync online.
  _sipfederationtls._tcp.ggnucfederation.com --> sip.xmppspark.in
  An A record for sip.xmppspark.in has also been added in the DNS to point to lync edge server. However we notice that, when we add
  [email protected] from lync online, then no TLS handshake message is received at Lync edge server.
  Interestingly, if we modify the SRV record to 
  _sipfederationtls._tcp.ggnucfederation.com --> sip.ggnucfederation.com
  and correspondingly create A record for sip.ggnucfederation.com, then TLS handshake is initiated and done.
  What could we have possibly missed that is causing problem in the first case? Is it necessary to create the SRV record of type sip.<domainname>?
  As per my understanding, lync online should query the srv record to get the target machine for the sipfederationtls and accordingly initiate tls handshake with the host name specified in the srv record. Is there anything more to this?

  Not sure what you mean bu "Any other SRV record" above. The bottom line is that, On Prem deployment have an SRV (_sipfederationtls) record that resolve in to sip.domain.com (Access edge FQDN which is a A record) and Lync online deployment should
  also have a SRV record (_sipfederationtls) that resolve in to sip.domain.com (CNAME Record) which points to sipfed.online.lync.com (A record which ger created automatically)
  http://thamaraw.com
  Thanks Thamara for your replies!
  By 'any other SRV record' i meant, that I wish to make the srv record (_sipfederationtls._tcp.ggnucfederation.com) point to sip.xmppspark.in. The reason for this is that our certificates are by this CNAME i.e. sip.xmppspark.in. So there is any way I could
  achieve that?
  Interestingly, does this restriction only applies to lync 2013 and office 365? I mean, I was going through some other forums, for lync 2010, where I found that people were using access edge fqdn as the sip srv record which was not necessarily sip.domain.com. 

• Integrating Oracle Identity Federation with homegrown SSO solutions

  Hello,
  We are trying to integrate Oracle Identity Federation with a home grown SSO solution.
  The OIF FAQ document mentioned that Oracle provides programmatic interfaces to achieve this.
  But I did not find any javadocs / samples on how this can be done.
  Can anybody throw some insight into this..
  Thanks

  Hi Easwaran,
  You need to upload the SAML 2.0 IdP/SP metadata for the peers you want to federate with. OIF will verify the metadata and add the peers in its Circle of Trust as IdP or SP depending on the metadata upoaded. If the peer is going to play both IdP and SP roles, you need to upload both the metadata files.
  Similarly, in case you need to provide the peer your metadata, OIF makes this available at http(s)://host:port/fed/idp/metadatav20 (SAML 2.0 IdP metadata) or http(s)://host:port/fed/sp/metadatav20 (SAML 2.0 SP metadata) as required.
  -Vinod

• Lync Online Partner Federation with Microsoft

  Hi,
  Being a Microsoft partner InfoTech Pvt. Ltd (infotechgroup.com) I want to know the provisioning process to federate with Microsoft Organization.
  Please note that All Federation SRV records are published with our domain and we are already federated with Skype and other organization.
  Thanks in Advance
  SYED WASIL UDDIN Infrastructure Consultant/System Engineer Premier Systems (Pvt.) Ltd.

  I have configured the below settings, please advise are they enough for lync ms federation.
  SYED WASIL UDDIN Infrastructure Consultant/System Engineer Premier Systems (Pvt.) Ltd.

• Data Federator with BW 3.5

  Hi Experts,
  We are using Data Federator and connected to our Client BW 3.5 Oracle Data base directly.
  We were looking to connect to below Cube and Ods tables
  InfoProviders Table Names
  InfoCube ZSD_BILDP /BIC/EZSD_BILDP, /BIC/FZSD_BILDP
  ODS Object ZDP_O04 /BIC/AZDP_O0400
  ODS Object ZDP_O03 /BIC/AZDP_O0300
  ODS Object ZDP_O02 /BIC/AZDP_O0200
  ODS Object ZDP_O01 /BIC/AZDP_O0100
  But we are not able to see the above tables in Data Federator and all the tables we are seeing is
  SAPBIW.?22FBIO?22fsMAT_ITEM
  SAPBIW.?22FBIO?22fsMAT_PLANT
  Can you suggest how can I see the Cube and Ods Tables directly in DF Designer???
  P.S: I did worked with DF in BI 7.0 with my previous Client and it has got the RSDRI_DF_* Functional Modules in SE37, but to new Client we have requirement to use DF with BW3.5 which is becoming troublesome to get to Cube and Ods tables.

  Hi Ingo,
    Thanks for responding.
    We are directly connecting to BW Oracle Data Base and not the BW/BI integration as we don't have the DF* Functional
    Modules present in BW 3.5
  Find below couple of Connection Parameters using which I am connecting to BW from DF Designer.
  Data Source Type -- Oracle
  Defined resource -- jdbc.oracle.oracle10
  Host name        -- xxx.xx.xxx.xx(not specifying here due to security)
  Port             -- 1xxx
  SID              -- XXX
  Table types TABLE and VIEW
  Thanks,
  Suresh

• Horizontal Federation with Essbase

  Hi,
  I want to have a report in Answers that has essbase data alongside data from another SQL source. I went through the Oracle by example guide on how to do this (http://www.oracle.com/technology/obe/obe_bi/bi_ee_1013/fed_data/fed_data.html), however, when I try to put the two side by side on a report I am running into some issues. First, I tried to put a salary figure for a manager from sql next to budget data for the same manager from essbase.
  issue 1 - I made the salary aggregation 'sum' and no data showed up when I opened the report in answers.
  issue 2 - I made the salary aggregation ' none' and data showed up when I ran a report for manager - salary, which is great. However, when I try to do manager - salary - budget, I get an error that says 'Unable to navigate requested expression: Market.Gen2,Market. Please fix the metadata consistency warnings.'. Now the schema should be looking at Market.Sales Manager, I am not sure why it is referencing the Market.Gen2,Market.
  Could this be an issue with the Budget aggregation being sum and the salary measure being 'none'? However, I would like the salary to aggregate as a sum so why was I not getting data the first time through? I literally followed the OBE step by step, using a different cube with extremely similar dimensionality.
  Any help is much appreciated. Thanks,
  DQ

  You seem to be hitting several different issues here.
  First of all, I would go and check your BMM layer and how it maps to the physical representation of the cube. "Market.Gen2,Market" is a physical cube column and a dimensional level in a standard cube import whereas in your case it looks like it was renamed to "Market.Sales Manager" in the BMM layer (assumption from my side based on what you write here).
  Are your LTS set up correctly between the SQL data source and the cube in this area? I.e. do you have the respective matching column mappings for the market dimension?
  As for the aggregations. I'm not a fan of that specific OBE since it mixes aggregation rules for Essbase sources between the BMM and physical layer. The "why" is nicely summed up in this post from Venkat: http://oraclebizint.wordpress.com/2009/04/13/oracle-bi-ee-10134-and-essbase-connectivity-understanding-aggregations-part-4/
  Physical Layer: Aggr_External and BMM: SUM
  1. If a report requests data that exists directly in Essbase, then the MDX generated would go only against those intersections.
  2. If a report requests data that does not exist directly in Essbase, then the MDX fired would be pushed against the Essbase layer.
  The major difference in this scenario and the one above is >the fact that Aggregation is the fact that the aggregation in this case
  is done using the SUM function. So, this would generate wrong results if the outline contains Time Based properties like
  TBAverage, TBLast etc. This sometimes can vary based on the outlines.
  3. This supports relational calculation like concatenation etc. But the aggregation would happen only at the BI Server layer. The
  MDX fired would go against all the level-0 intersections. So, >this is generally not recommended. Also, the numbers produced
  might be wrong if you have lots of Label Only or Time Based properties in your outline.I'd go for SUM on both layers. Note that this will force a SUM of the cube though (no surprise) and depending on how and what your account members are calculating in the outline, this will also yield wrong numbers.
  Best advice is anyways to use federated data sources (SQL + MDX) only in specifically defined cases. Don't try to extend your cube outline with relational attributes and expect them to work across all measure dimensions in the same way. (I.e. don't assume that every account and/or scenario intersection will yield the correct value).

• Federation with Skype

  Hello,
  I wanted to enable Skype Federation for my Lync enterprise server. I did the provisionning request, and apparently everything worked fine because I received an email from Microsoft explaining that process was successful.\o/
  I tried then to communicate from my Lync client to a Skype account, but it never worked. I never received invitation from Skype nor Lync so users cannot see them.
  I of course enabled federation on the Lync web interface. I tried this too : http://blogs.4ward.it/lync-2013-and-skype-federation-how-to with no more result.
  My Lync client is a Lync client 2010, so I do not recognize the "add" button I saw on screenshots, but I guess it has no functionnal impact.... Did I miss something ? Is there is any possible reason why the "add buddy " requests be bloqued
  somewhere ? What can I try to monitor the phenomenon ?
  Thank you very much for your help!

  I add some debugging pieces of information....
  On my Edge , I can see the SIP requests comming from the Internet. I tried to add 2 fake user from my Skype client, and 1 existing user.
  The three requests have been catched in the log files, and they all report the same error:
  " $$begin_record
  Severity: warning
  Text: Routing error occured during inbound processing; check Result-Code field for more information
  Result-Code: 0xc3e93d79 SIPPROXY_E_EPROUTING_MSG_UNKNOWN_DOMAIN
  SIP-Start-Line: SUBSCRIBE sip:[email protected];transport=tls SIP/2.0
  SIP-Call-ID: 3e9971e69737@pm
  SIP-CSeq: 1 SUBSCRIBE
  Peer: federation.messenger.msn.com:53013
  $$end_record
  $$begin_record
  Severity: warning
  Text: The domain of the message is not configured and does not appear to belong to a federated partner
  Result-Code: 0xc3e93d79 SIPPROXY_E_EPROUTING_MSG_UNKNOWN_DOMAIN
  SIP-Start-Line: SUBSCRIBE sip:[email protected];transport=tls SIP/2.0
  SIP-Call-ID: 3e9971e69737@pm
  SIP-CSeq: 1 SUBSCRIBE
  Peer: federation.messenger.msn.com:53013
  Data: domain="i-tm.com"
  $$end_record "
  [email protected] is a real user in my Company. The public domain associated to my sip domain is
  i-tm.com. So I guess that [email protected] should be a valid user. But apparently, Edge Server does not recognized it. Maybe there is a confusion between local domain and public domain...
  What do you think ? Thank you for your help.

• SIP/2.0 480 temporary unavailable federating with Skype

  Lync 2013 trying to talk to Skype users using both outlook.com and msn.com are seeing this in the logs. Is this a problem at the
  MS side or the client side? If its a pic.lync.com problem what could it be? Federation has been enabled with the pic guys sip.clientsite.com the edge server public name is sip.clientsite.com.
  TL_INFO(TF_PROTOCOL) [EdgeServer]08D4.08F4::02/04/2014-11:38:52.444.00000A58 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265)) [1506311231] 
  Trace-Correlation-Id: 1506311231
  Instance-Id: 1B8AA8
  Direction: outgoing;source="external edge";destination="internal edge"
  Peer: lync2013pool.local:49476
  Message-Type: response
  Start-Line: SIP/2.0 480 temporary unavailable
  FROM: "Mark user"<sip:[email protected]>;tag=4d905fe173;epid=3e2026efe2
  TO: <sip:[email protected]>;tag=eg8xooh0
  CALL-ID: 9f551d7313e0486cbe204a8666ee9df0
  CSEQ: 1 INVITE
  Via: SIP/2.0/TLS 172.20.1.xxx:49476;branch=z9hG4bK93C79981.C17D7C9A7AABF9D5;branched=FALSE;ms-received-port=49476;ms-received-cid=3E2600,SIP/2.0/TLS 172.20.xxx.xxx:54034;received=172.20.1.xxx;ms-received-port=63663;ms-received-cid=5D400
  CONTENT-LENGTH: 0
  ms-diagnostics: 1035;reason="Previous hop public IM provider did not report diagnostic information";Domain="outlook.com";PeerServer="federation.messenger.msn.com";source="access.nccgroup.com"
  ms-edge-proxy-message-trust: ms-source-type=AuthorizedServer;ms-ep-fqdn=edge.clientsite.local;ms-source-verified-user=verified;ms-source-network=publiccloud;ms-remote-fqdn=federation.messenger.msn.com

  Hi,
  This work before or is a new deploy?
  Take a look on Provisioning Guide Skype-Lync
  http://www.microsoft.com/en-us/download/details.aspx?id=39071
  Please validated your Edge Deploy
  https://testconnectivity.microsoft.com/
  Did you install a public certificate on Edge Server?
  It may take a 7 days after you provisionig for the federation to work.
  Fernando Lugão Veltem
  MVP Lync Server
  **Ajude a melhorar o sistema de busca do fórum.Marque a(s) resposta(s) que foram úteis**

• Lync 2013 federation with Skype error: 'Reference error id 504 (Source ID 239)

  I have setup lync 2013, configured skype federation (http://www.techtroubleshoot.com/federate-lync-server-with-skype/) and also done Lync provisioning. Skype federation worked for a few days (2weeks) and then stopped. Currently I am getting the following
  error 'Reference error id 504 (Source ID 239)'.
  Ports are open on the firewall. I however still get the error.
  KimaniBob

  Verify from following:
  you can telnet to your sip domain on port 5061 and 443 from external and resolve of nslookup to srv record of sipfederation is correct.
  Certificate on Edge Server not expire or damaged.
  This link had similar issue, you can check it.
  http://terenceluk.blogspot.com/2013/04/unable-to-send-instant-messages-or-view.html
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• MS Lync 2013 federation with Cisco CUP 8.6

  Hi all,
  I am currently trying to federate CUPS 8.6 with MS Lync 2013.
  After a lot of certificate issues we finally got a one-way IM from CUPS to Lync. I can't get Presence in either direction or send an IM from Lync to CUPS user.
  I have followed the Cisco guide for inter-domain federation within an enterprise. so no edge server or Cisco ASA involved.
  The error message I am seeing on the Lync side is:
  ms-diagnostics:
  1010;reason="Certificate trust with another server could not be established";ErrorType="Refer to HRESULT code for specific security status";tls-target="CUP-A.cupdomain.co.uk";HRESULT="0x80090326(SEC_E_ILLEGAL_MESSAGE)";source="LCT-LYNCFE01.lyncdomain.net"
  On the CUP side I can see the TLS session being dropped with this error message:
  17:22:58.945 |[Wed Apr 23 17:22:58 2014] PID(24295) sip_tls_verify_callback: TLS protocol error(ssl reason code=(null) [0]),lib=(null) [0],fun=(null) [0], errno=0
  17:22:58.945 |[Wed Apr 23 17:22:58 2014] PID(24295) sip_tcp.c(2409) SSL server accept returned SSL_ERROR_SSL
  17:22:58.945 |[Wed Apr 23 17:22:58 2014] PID(24295) sip_tls_accept: TLS protocol error(ssl reason code=no certificate returned [178]),lib=SSL routines [20],fun=SSL3_GET_CLIENT_CERTIFICATE [137], errno=0
  17:22:58.945 |Wed Apr 23 17:22:58 2014] PID(24295) sip_tcp.c(1056) sip_tcp : Hard close/destroy of tcp connid 93 sock_fd 37 flags 0
  On the cisco side I have only set a TLS Peer as the LYNCPOOL server. do I need to set up a TLS Peer for all of the Lync Servers?
  The lyncpool server has client and server enhanced key usage - do I need to reissue the certs with this for ALL servers in the lync cluster?
  It seems like TLS will neogotiate successfully using the LYNCPOOL server but not with any of the other servers. Must be missing something simple.
  Many thanks for advice.
  Regards
  Lee.

  Hi,
  Please double check the listen port of Lync Server．
  In the Lync Server Management Shell enter the following command to verify the current system configuration: Get-CSRegistrarConfiguration
  More ports requirement for Lync server you can refer to the link below:
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_6/english/integration_notes/IntegrationNote_CUP86_MicrosoftLyncServer2010_RCC.html
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Exchange 2010 Free/Busy Federation with vendor's Office 365 tenant

  Here the situation,
  ORG A
  ====
  Exchange 2010 SP3 On-premise. No externally accessible CAS available/published (we are very secure and require VPN for Outlook/OWA from home/outside network)
  ORG B
  ====
  Office 365
  ASK
  ===
  ORG B is a vendor for ORG A and we would like to have federated free/busy sharing between the two organizations. I have read the steps about setting up a federation trust, configuring org relationships both ways, configuring autodiscover on our end.
  My specific questions are,
  1. Currently we don't have any externally published CAS servers. My assumption is we need atleast one (and probably more for fault tolerance) for federated free/busy sharing correct? We obviously don't want to place this in the DMZ/externally...so what are
  the recommended configuration? Publish the CAS externally? Any other more secure recommendations? We don't have TMG or any other Microsoft solution for that purpose...are there any other options? We use Cisco IronPorts for inbound/outbound email.
  2. Does this coexistence server have to be Exchange 2013 or will Exchange 2010 sp3 suffice?
  3. Are there any other methods of accomplishing this ask? We don't want users to have to individually share calendars...so internet calendar sharing is out of the question.

  Hi,
  If the organization receives or sends Internet e-mail for the domain, we need to
  configure an
  internet facing CAS server.
  For your reference, here are some articles that may be helpful to you:
  Exchange 2010 SP1 and Exchange Online (Office 365) Calendaring:
  http://blogs.technet.com/b/exchange/archive/2011/02/16/3412010.aspx
  Federation in Office 365 and Exchange
  http://community.office365.com/en-us/wikis/exchange/federation-in-office-365-and-exchange.aspx
  Create a Federation Trust
  http://technet.microsoft.com/en-us/library/dd335198.aspx
  Thanks,
  Winnie Liang
  TechNet Community Support

• Federation with wildcard cert

  Hi,
  We have multiple SIP domains, and I am trying to reduce the number of certificates needed.
  I use a wildcard cert for one of the domains for the Edge and reverse proxy.
  It works fine to connect from outside etc. But federation is not working.
  In the DNS SRV record _sipfederationtls._tcp.domain2.com I have put the address sip.domain2.com as hostname, but it's actually pointing to a address that have the wildcard cert for *.mydomain1.com
  Is there some way to make this work without buying many certs?

  Hi,
  It is not supported to use wildcard certificate for Edge Server external interface. You need a public SAN certificate to support federation. You can use wildcard certificate for Reverse Proxy.
  For more Server Roles which wildcard certificate can be used in Lync Server environment, you can refer to the link below:
  https://technet.microsoft.com/en-us/library/hh202161.aspx
  Best Regards,
  Eason Huang  
  Eason Huang
  TechNet Community Support

• How many Public Certificate do I need for Edge federation with Skype

  Hi All,
  I am trying to setup Lync 2013 with Edge to federate with Skype.
  Now how many Public CA do i need to be able to setup Lync Edge to federate with Skype,.
  Thank you,

  Hi,
  You need to have to add the CA where you're getting the public certificate from. By default, most common Trusted CA's are included in to the Windows OS it self and does not need to be added manually.
  Z-Hire -- Automate Lync User Account creation process ( AD / Exchange / Lync )

• How to integrate Oracle identity Federation with Oracle Access Manager

  Hi Experts
  I need to integrate OIF(11.1.1.6.0) with OAM(11.1.2). My use case is as follows:
  Things done:
  1) OAM is integrated with an OID (OID1) and OIF is integrated with another OID (OID2)
  2) Able to authenticate the users of OID1 via OAM for my ADF applications.
  Things to be done:
  1) Need to forward the details of unauthenticated user from OAM to my OIF for authentication (i.e., OAM cannot authenticate OID2 users, in such case the details have to be forwarded)
  Looked into so many posts but not done with the integration. Can anyone help me please.. Stuck with this for the last 3 days
  Thanks
  Gopi

  Hi,
  Yes Depot Repair is a module, and you can enable this module if already not enabled using the License Manager. Oracle Depot Module carries the short name CSD.
  In additin to the above, also refer the implementation guide:
  http://docs.oracle.com/cd/B34956_01/current/acrobat/120csdig.pdf
  In order to license a product in Oracle using License Manager, please see following:
  http://myappsdba.com/how-to-license-a-new-product-in-oracle-applications/
  http://www.appsdba.info/docs/oracle_apps/R12/License_Manager.pdf
  Also see:
  How To Use OAM To License JA (Asia/Pacific Localizations), JE (European Localizations), JG (Regional Localizations) and JL (Latin-American Localizations) in Oracle Applications ? (Doc ID 351900.1)
  Thanks &
  Best Regards,

• OIM Integration with Active Directory Federation Services (ADFS)

  Hello friends
  I have a question about the integration of Oracle Identity Manager with Active Directory which is federated with another external directory for ADFS. My question is:
  What considerations should be to contemplate if I have an active directory federated environment when carrying out the integration with Identity Manager?
  I use version 9.1.0.2 of Oracle Identity Manager with Microsoft Active Directory Connector User Management 9.1.1.7
  Thanks for the support.

  First consideration is that the OIM's target ADFS - in the federated scenario, will that participate as a Service provider or identity provider. I would think identity provider.
  Next consideration: What all attributes are required to be played in the SAML assertion to the other end-point? All these attributes must be present and should be provisioned to the AD in this case.
  So, OIM should be set up (UDF etc) to provision all those attributes needed in the SAML.
  Next consideration: What all scenario to support? IdP initiated or SP initiated? If SP initiated, then process will hv to be defined if a user id does not exist in the AD of the OIM target. Will the request be failed or a in-time provisioning should happen.
  Hope this helps.