G6: Consolidating Multiple Authentication Sources

Hello everyone!
When our development environment was setup an Authentication Source was created to go against 1 of the 4 containers in our Active Directory. The containers correspond to different regions of our organization (North, South, East West). At the time we just wanted to test the North people so we set the OU to that container.
This past week I wanted to expand our user base to include the 3 other containers. Unsure of the exact procedure to do this, I copied the original AuthSource and created 3 new ones. The users were successfully pulled in, however at the login screen there are now 5 authentication sources (Plumtree Users, North, South, East, West). I realize now that a mistaken was made from the start in pulling from a container rather than the root, or in my second step of creating new sources rather than manipulating the original. (chalk it up to a learning curve!)
The Authentication Sources are tied directly to the users that they have loaded and can't be deleted unless the associated users/groups are "removed".
Would I be correct in assuming that the only way to consolidate our login Authentication Sources would be to delete all of our users followed by all of the Auth Sources and then create a single source to query the root? Is there any way to change the users Auth Source?
Are there was any other "best practices" or pitfalls that I should be aware of? Especially things that can't be modified after the initial import as in this case?
Thanks for any help,
Geoff
Geoff Garcia
Producer, Enterprise Portal
March of Dimes National Office
1275 Mamaroneck Ave.
White Plains, NY 10605
914 997.4275 (Office)
908 531.6364 (Cell)
[email protected]
Improving the health of babies by preventing birth defects, premature birth, and infant mortality

I would do this:
Delete the "new" (South, West, East) users, groups, then delete the corresponding authentication sources
Modify the "original" (North) authentication source's User Query Base (and Query Filter if necessary) Rename the authentication source if you like. Do not change the User Unique Name attribute.
Sync the original authentication souce. This should just add the users from the modifed root, and assuming that the original users are still included in the modified base and query, they should just stay right there.

Similar Messages

  • Multiple authentication sources with the same category

    Quote from portal help:
    "Multiple authentication sources can use the same category. However, because the prefix is prepended to the user and group names, you need to be certain that the domains involved do not have different users or groups with the same name. That is, if a LizaR user exists on one domain, and a LizaR user exists on another domain, they must be the same user because only one user will be created."
    Fine, let's say I am "certain that the domains involved do not have different users or groups with the same name".
    But there is other concern I have here. I want to know how portal will RECOGNIZE which authentication source to use?
    Let's say I have 2 auth sources AS1 and AS2 with the same category MyAuth. AS1 use WS1 to authenticate against LDAP1 and AS2 use WS2 to authenticate against LDAP2.
    Now, I have a user - Dmitry. I am trying to login into portal and I selected AS1 to do actual authentication. My question is how portal will CHOOSE which auth source to use because all portal knows about me is <MyAuth\Dmitry> that is came from portal login screen? Both auth sources match this pattern so seems like portal may choose any of them.
    Does it mean that portal will try to authenticate again AS1 and if this attempt failed then you AS2?
    I didn't find any explanation in portal documentation.
    Thank you.
    Edited by Bryazgin at 12/12/2007 10:42 AM

    Yes, it seems you are right. As soon as portal have found CORRECT user there is no issue anymore because user is bind to unique auth source that actually has been used to created this user.
    I think my main confusion come from the fact that having <Category> and <UserName> is not enough to UNIQUE identify user in portal as soon as <Category> can be the SAME for different auth sources.
    Let's have you have user created by AS1. According API this user created by this AS1 will have 4 different names, like sUniqueName, sAuthenticationName, sLoginName and sDisplayName. But portal is going to search user in portal database BASED on information that is available in login form - <Category> and <User Name>. At this point portal has no idea about sUniqueName and all this things.
    Now if there were 2 users in database that have been created by 2 different auth sources with the same <category> and <User Name> then I don't understand how portal will figured out which user to choose from. I guess <Category> value somehow MUST participate in sUniqueName value. <Category> has to be involve in process of finding user in database. In this scenario 2 users will be retrieved from database and what is important these 2 users are different, they have been created by different auth sources. Now question became which user is CORRECT one?
    Edited by Bryazgin at 12/12/2007 1:34 PM

  • OIM with multiple authentication source

    Dear All,
    Can OIM authenticate from Active Directory and Oracle Internet Directory?
    My customer require that :
    1. Permanent Employee will be authenticated using Active Directory.
    2. Non-Permanent Employee will be authenticated using Oracle Internet Directory.
    Can i do this with or without Oracle Access Manager?
    Thank you.

    Hi Kishore,
    We have tried configure OVD as authentication source with OID and OVD as the directory. We found another issue. In the AD, the Username Attribute (equals to OIM's User Login) is sAMAccountName, but in the OID, there is no sAMAccountName. We can use CN, UID, and orclsamaccountname as Username Attribute.
    How can we map the username attribute in the OVD so we can put the username attribute in the OAM configuration?
    Need help, please share your idea and experience.
    Thank you,
    -heri-

  • CUP 5.3 SP8 - Authentication Source/User Details Source question

    Hello,
    Here is another issue I'm noticing with CUP.
    Currently we have it configured as such:
    Authentication Source: LDAP
    Search Data Sourec: SAPHR
    User Details Data Source: SAPHR
    When a Requestor logs in to create a request for themself, Requestor Username and Email are correctly populated under the Requestor section of the request screen. This Username and Email match identically from SAPHR; and it should, as that is what we have defined as our User Data Source
    When a Requestor logs in to create a request for another user, Requestor Username and Email are populated differently under the Requestor section of the request screen; this information in this case appears to be coming from LDAP. This does not seem correct to me. LDAP is only defined as the Authentication Source, not the User Data Source.
    1) Why would the Requestor section populate differently when creating a request for yourself vs. another user?
    2) Is this a bug in CUP?
    3) Has anyone else noticed this or found a fix?
    Thanks!!
    Jes

    We are on the same SP level and are configured similarly but don't see this issue. 
    Data Source - LDAP
    Search - SAP
    Datasource - Multiple (SAPHR, SAP(BI), LDAP, SAP(SRM))
    Also, our LDAP does not carry the email address (yet).
    When I create a new request for someone else, all the information is filled in correctly from our SAPHR system, if they are in HR, or from our BI system if they are not in HR but are in BI.  However, since we don't carry e-mail address in our LDAP system yet, the requestor e-mail field is left blank and I have to manually fill it in.  (We do plan on changing this).
    Hope this helps,
    Peggy

  • MTS - Multiple trusted Sources

    Hi all,
    I want to have multiple trusted source in the IDM 11g, There are 2 kinds of connectors MTS-compatible and MTS-non-compatible, i need to know that how to identify that if a connector is MTS-compatible or MTS-non-compatible ?
    Secondly I need o have AD as main Trusted source and 1 or 2 databases as additional Trusted Sources, I will be using the DBAT_91050 connector to create GTC connectors to for the DBs. does anyone know that if DBAT_91050 is MTS-compatible or not?
    http://download.oracle.com/docs/cd/E10391_01/doc.910/e10363/resmgt.htm#BCEBGEDG
    Regards....

    A little further detail....
    I am running FMW, OIM 11g R1 (11.1.1.5). Kindly clear one doubt about "Database_App_Tables_9.1.0.5.0" that if it is MTS-Compatible connector or not ? since I am not getting any such information in the connector documentation. Moreover in the following document
    http://download.oracle.com/docs/cd/E14571_01/doc.1111/e14309.pdf
    Section: 9.9.4.3 - Multiple Trusted Source Reconciliation.
    there are two methods mentioned for the MTS Reconciliation one is for the connectors that are MTS compatible and the other for the MTS non compatible connectors, I need to know that in case of usning "Database_App_Tables_9.1.0.5.0" + "MSFT_AD_Base_9.1.1.7.0" which method can be followed since AD connector is MTS compatible and I think that DBAT connector is not MTS compatible?
    If you can refer any documentation that describes the procedure in a bit detail that would be great.
    My objective is to create user from AD, using AD as trusted source and fetching the additional feilds for the same user from the HR-DB and havimg a consolidated user record in OIM.
    Finally if it is possible to configure the DBAT connector to use the tables that have multiple level of Master-Slave relationship? i.e Parent Table1 having one Child Table and then this Child table is Parent of another Child table. P1>ch1>ch2..... what i know is that only upto one level of Master - Slave can be configured in DBAT having one Master that can have one Slave or 2 ,3, 4 Slave tables at the same level.... Mater1 > Child 1 - Child 2 - Child -3. is it correct?

  • Increase performance in a multiple data source report

    Post Author: ArturoFromPeru
    CA Forum: General
    Hi everybody.
    I have a big problem, when i make a report that have multiple data sources the performance decrease considerably, i still don't know the reason. Is it true that using multiple data sources is too slow?.
    I tell you a fact: I made the report connecting via "Field Definition File", and it take at least 2 minutes to show itself but it only have 170 records, and i'm very sure that the sql statements to each data source were executed very faster.
    I even heard about index, but i think they only are useful when i connect directly to the database.
    All my partner told me, that Cristal Report
    Thanks you in advance
    Regards.
    Arturo

    Post Author: ArturoFromPeru
    CA Forum: General
    Thanks you, but I explain better what i was doing.
    I've made a report called "Kardex de Producto" which show the behavior of the products according to its sales, purchases.
    The end result which is showed by the report is correct. I used three data source in the report, so links between each table is correct. The only problem i have is the performance because i still don't know why is too slow. In fact the sql statement is very heavy, but i think it doesn't matter to the report because when it takes the data from the database (connecting via Field Definition File) even if the very heavy sql statement returns twenty record Cristal Report must show itself very quickly. I don't want to believe that Cristal Report is very slow when it works with multiple data sources.
    Do you mind if i give you my report? if not please leave me your email address.
    Email: [email protected] / [email protected]
    Thank you in advance
    Regards
    Arturo

  • Report Viewer and Multiple Data Sources

    I know that it is possible to create a report in Crystal Reports using multiple data sources.  But is it possible to use just the Free  Report Viewer to view a report with Multiple Data Sources?
    Our company uses Crystal Reports XI.  I do not use the program myself, I am in the IT Department.  I have limited knowledge of Crystal and do not do any of the report writing.
    If this is possible, and if someone could help me out with what would need to be done, or point me in the right direction of a Knowledge Base or Help Topic that explains this, that would be great.
    Thanks.

    I believe it can but both data sources need to be set up. Ask a report designer to help you use the Designer to test this and see what is required.

  • Any examples of a data template using multiple data sources?

    I'm looking for an example report using multiple data sources. I've seen one where they do a master/detail but I'm just looking to combine results in sorted order (sorted across all data sources). The master/detail used a bind variable to link the two defined queries, I'm thinking what I want won't have that, so I'm lost on how to make that happen. I have reports using multiple sql queries and there is a way in the data source pulldown to tell it to combine the data sources. It appears to be a more manual process with data templates, if it's even possible.
    Any pointers/links would be appreciated.
    Gaff

    Hi Vetsrini :
    That's just it. Mine is simpler than that. There is no master/detail relationship between the two queries. I have the same exact query that I run in two databases and I want to merge the results (ordered, by, say eventTime) in one report. So I think my results are going to be two separate groups (one for each data source) which I'll have to let BI merge vis XSLT or whatever it uses. That's fine for small result sets but for larger ones, it would be nice if the database did the sorting/merging.
    Gaff

  • How to load data into an ods from multiple info sources.

    hi all...
    i am given a task to load data into an ods from 3 infosources ...
    can someone plz give me the flow .
    thank u in advance..

    Hi Hara Pradhan,
    You have to create 3 update rules by giving the 3 different infosources while creating each update rule. And u have to create the infopackages under each infosource. with this u can load the data to the same data target from multiple info sources.
    Hope it helps!
    Assign points if it helps!

  • Multiple Data Sources In One Logical Table

    I am new to OBIEE and I have came accross an issue. I appologize if this information is in the forum somewhere but I have searched and cannot find it.
    My situation is that I would like to have one logical table that contains multiple data sources which have all the same columns. I already have session variables setup to differentiate the user's security through a row-wise variable for a specific column and a session variable for another column which determines the user's association to the data source in which they belong to. This security works well when the data sources are seperated in the Business Model and Mapping portion but the issue that arises is that the user's cannot share reports when the data sources are seperated in the BM&M.
    I have dragged and dropped a table from the Physical model to the BM&M, I then dragged the second data source (with same meta data structure) over to the "Sources" folder in the first data source table in the BM&M. On the Content tab or each data source table I have defined the WHERE clause as such, where VALUEOF(NQ_SESSION."SCHOOL") session variable is my row-wise column filter and the VALUEOF(NQ_SESSION."GROUP") filter is my data source determinative:
    sandbox."".SANDBOX.OBIEE_CROSS_ENROLLMENTS.HOME_SCHOOL = VALUEOF(NQ_SESSION."SCHOOL") AND sandbox."".SANDBOX.OBIEE_CROSS_ENROLLMENTS.DATA_SOURCE = VALUEOF(NQ_SESSION."GROUP")
    Unfortunatley this only returns values in the BI Answers for the first drag and drop Pysical table in the BM&M layer and not the second Physical table drug into the "Sources" folder. I have also tried to create a new logical table and drag both tables into the "Sources" folder to no avail. I have experimented with the Fragmentation content on the "Content" tab of the seperate logical tables, checking the "This source should be combined with other sources at this level", which gives me an error in BI Answers that a column does not exist which really does.
    What could I be missing? Advanced thanks to those who reply.
    Thank you,
    Kyle

    Stijn,
    Thank you for the article link. That was very helpful! It seems that I had a few things off as you do need the "This source should be combined with other sources at this level." checked. In my two table source columns for DATA_SOURCE I defined a literal ('086496' and '085597' for the other) in the Column Mapping tab. I pasted the following in the Fragmentation content, checking the "This source..." box on the Content tab:
    eSIS.SANDBOX4_SCHOOLS.DATA_SOURCE = '086496'
    And pasted the following into the WHERE clause, checking "Select distinct values" on the Content tab:
    sandbox4."".OBIEE.NWOCA_SCHOOLS.SCHOOL_CODE = VALUEOF(NQ_SESSION."SCHOOL") AND sandbox4."".OBIEE.NWOCA_SCHOOLS.DATA_SOURCE = VALUEOF(NQ_SESSION."GROUP")
    This took care of my user's security, utilizing the session variables in the WHERE clause. I am now able to generate reports that only one user can access from one data source and share that same report with another user who can only see data from the other data source.
    Many thanks!!!

  • Document Access via Custom Authentication Source?

    I don't know if this should be under the 'Content Services' forum or this one, so I'll start here. I have a custom content crawler that crawls documents stored in a database. That works fine, but now I want to integrate access control into the equation. The documents that I retrieve have metadata associated with them (i.e. the users/groups from the document repository that have access to the document). Every ALUI portal user has an associated user with the same name in the document repository. I want to set things up so users can only see/view documents that they are allowed to see/view. I'm wondering if I need to create a custom authentication source to get these users/groups integrated into the portal. We already are doing Single Sign-On, but I need to know what needs to be done to pass user/group info from the document repository to the portal. Any thoughts would be appreciated.

    Hi Jake,
    I am also trying to achieve the same functionality. I have written a custom crawler and I am having the ACL's that contains the read/write etc permissions for the users and groups, but I am not able to find out how I can pass this information using custom cralwer interfaces. If you have got solution to your query please let me know the approach ASAP. Thanks in Advance.
    Viren

  • Bursting with multiple data sources

    Hello all,
    I am working in a retail environment and we are building reports for the stores. There are several reports and they all receive the same reports. We are using BIP Entreprise with the bursting feature and it works very well.
    The problem is that there are too many reports and we would like to combine all reports of the same store within the same PDF. We use the multiple data source feature and was able to concatenate all reports together.
    Using this new report and template, we can not make the bursting functionality to work properly: the bursted report do not contain all the required report components.
    For example, I have 2 queries A and B each producing reports for 3 stores: 2, 4 and 5. Without bursting, the output is as is:
    Query A - Store 2
    Query A - Store 4
    Query A - Store 5
    Query B - Store 2
    Query B - Store 4
    Query B - Store 5
    With bursting into a file using the store number, I get the following:
    File 1 - Store 2 - Query A
    File 2 - Store 4 - Query A
    File 3 - Store 5 - Query A
    + Store 2 - Query B
    + Store 4 - Query B
    + Store 5 - Query B
    I would like to have the following output:
    File 1 - Store 2 - Query A
    + Store 2 - Query B
    File 2 - Store 4 - Query A
    + Store 4 - Query B
    File 3 - Store 5 - Query A
    + Store 5 - Query B
    The main question is: can this be done using BI Pub Enterprise? We using version 10.1.3.3.2
    If it is, can you provide me with help on how to configure either/or the requests and template to accomplish this task?
    I create an SR and Oracle Support does not have an answser and suggested that somebody in the Forum might help.
    Thanks in advance,
    Minh

    I would like to have the following output:
    File 1 - Store 2 - Query A + Store 2 - Query B
    File 2 - Store 4 - Query A + Store 4 - Query B
    File 3 - Store 5 - Query A + Store 5 - Query B
    the bursting level should be give at
    File 1 - Store 2 - Query A + Store 2 - Query B
    so the tag in the xml has to be split by common to these three rows.
    since the data is coming from the diff query, and the data is not going to be under single tag.
    you cannot burst it using concatenated data source.
    But you can do it, using the datatemplate, and link the query and get the data for each file under a single query,
    select distinct store_name from all-stores
    select * from query1 where store name = :store_name === 1st query
    select * from query2 where store name = :store_name === 2nd query
    define the datastructure the way you wanted,
    the xml will contain something like this
    <stores>
    <store> </store> - for store 2
    <store> </store> - for store 3
    <store> </store> - for store 4
    <store> </store> - for store 5
    <stores>
    now you can burst it at store level.

  • Authentication Source not appearing in login dropdown

    Hi,I've created a custom Authentication Web Service and linked a Authentication Source to this. The Everyone group is given Select rights to both of these objects. I've given the Authentication Source the description "TestAuth".
    However when I refreshed my login page there after, I don't see my newly created Authentication Source. Tried re-starting the application server (Tomcat 4.1) and it didn''t work either. Tried to force a strict ordering of the Authentication Source Prefix using the options in PTConfig.xml, but no luck there either.
    The only useful Plumtree article I managed to find is one that talks about the blank description, which is not the case here.
    Has anyone encountered this before and know how to ensure that the authentication source you create appears always? Need to solve this urgently in preparation for migration from 4.5WS to 5.0.
    Thanks in advance for any advice!
    Weng Kong Lee

    Hi,
    This should just work. As long as the everyone group has read access to the Authentication Source it should show up in the select dropdown. You will need to restart the app server (as you did) to pick up the changes, because the auth source select is cached per language (you could also just change the guest user to a different language).
    Are there any errors or warnings in PTSpy the first time you hit the login page (errors would only show up the first time because the select will be cached after that)? If you turn on Debug logging for the portal common component, you should be able to see more information as the list gets created. If you can post any relevant PTSpy messages, we may be able to help you further.
    Another possibility is that if your Auth Source is set as an Auth Partner for a Sync Auth Source, then they won't be added to the list because the Sync Auth Source will be expected to be added to the list.
    -- Don

  • Capturing multiple DV sources simultaneously?

    Can I capture from multiple DV sources (not HDV) simultaneously with Final Cut Express?
    I want to record a live event using two DV camcorders.
    PowerMac G5 1.8GHz, 1GB RAM   Mac OS X (10.3.9)  

    Not into a single computer. You need two computers.
    Is it possible using a faster PowerMac or with Final Cut Pro?

  • Adhoc Query Requirement with Multiple Data Source

    Hi All,
    I have a Adhoc Query Requirement with Multiple Data Source. Is there any way to achive it. Other than Resultant set and bring into Model.
    Thanks
    SS

    You can compare stuff in the EL, but I don't think this is what you need.
    You can just use Java code in the backing bean class for all the business logic. You can use DAO classes for database access logic. Finally for displaying you can use the JSF tags such as h:outputText.

Maybe you are looking for

  • Adobe Media Encoder wont preserve widescreen

    I have a mp4 file that has a resolution of 640 x 360 pixels. When viewed in VLC it looks natural and in proportion. I simply want to convert the .mp4 file to an .flv file for web distribution maintaining the existing dimensions. I am attempting to do

  • This version of Visual Studio is unable to open the following projects. The project types may not be installed or this version of Visual Studio may not support them.

    Hey, I'm learning C#, using a book called "Learning C# by programming games". (2013) It comes with a zip file containing samples to use in Visual Studio. (I use Visual Studio Express 2013) However, opening the .CSPROJ files in the sample folder provi

  • Very n00b error....just started programming and need help?!?!

    Hi i just started programming in java. im running j2se 1.5.0 on windows xp im on the subject of classes and objects. here is my simple little code im trying to get to compile public class Newprog      public static void main(String[] args)           

  • Copy data between 2 cubes

    Gurus, Long time groups. Gosh, more than a month, finally got some time. Anyways had a quick question, thought if anybody has a simpler method to do what i need. I have a couple of cubes in the BW Prod which have actual and plan data. Is there a simp

  • Yosemite help

    Hey all, I am a new mac user, i just picked up a pro yesterday and am loving it so far. However, when I was using my top sites i was trying to organize it because I had the same site repeating, so I wanted to clear it up. I thought hitting disable cu