Help on Obiee single sign on

Similar Messages

• HELP needed on Single Sign on

  can any one give me some reference documents or reference links which can be used
  for single sign on to the Portal server and to several other applications.
  I need also some documents which should be able to connect to an AS400 application
  and to a peoplesoft application thro' my portal.
  plz help me in this regard. i really don't have any idea regarding this and i
  have been asked to do this. plz send me the documents which should clearly explain
  everything
  Thanx in Advance
  Prasanna

  Hello Prasanna,
  There is a new code sample on dev2dev ( http://dev2dev.bea.com/index.jsp ) that
  shows how to modify the login framework for Portal to support single signon. This
  code example modifies the security and portal webflows to allow you to plug in a
  custom login implementation.
  The example is called "WebLogic Portal Login Framework" and it is located at
  http://dev2dev.bea.com/code/codedetailcontent.jsp?productType=weblogic+portal&codeType=code+sample&filepath=components%2Fdev2dev%2Fcodelibrary%2Fcodesamples%2Fcodesample_wlplogin.htm
  Prasanna wrote:
  can any one give me some reference documents or reference links which can be used
  for single sign on to the Portal server and to several other applications.
  I need also some documents which should be able to connect to an AS400 application
  and to a peoplesoft application thro' my portal.
  plz help me in this regard. i really don't have any idea regarding this and i
  have been asked to do this. plz send me the documents which should clearly explain
  everything
  Thanx in Advance
  Prasanna--
  Ture Hoefner
  BEA Systems, Inc.
  4001 Discovery Drive
  Suite 340
  Boulder, CO 80303
  www.bea.com
  [att1.html]

• Using the Portal Single Sign-On for java applet clients

  Hi
  We have a task to build a java applet working within a portlet and comunicating to some session EJB(wrapped BC4J) running on the OC4J. The applet is presumably connecting to server via RMI. This connection should be restricted to some groups of portal users.
  When a user is entering the applet he is supposed to be already logged into the Portal.
  There is a lot of information on building custom secure portlets using only a pure HTML(same as JSP) client whith the help of the Portal Single Sign-On.
  But, is it possible to use the Single Sign-On for establishing a secure RMI connection from applet to OC4J without entering a password in the applet once more?
  Yuriy

  Perhaps you can write a small JSP page or PLSQL
  web procedure that will grab user name from
  the SSO Server (via SSOSDK/mod_osso)
  and invoke the applet with encrypted user name.
  The applet will receive the encrypted username
  and decrypt it to get the clear user name.
  This help to get Single Sign-On.
  To make sure that environment is secure, encrypted
  user name parameter should have random salt,
  user name, and time stamp to prevent replay attack.
  Applet must make sure that the encrypted users name
  time stamp set by the JSP/PLSQL page has value
  within a reasonable time limit like 5 minutes

• OBIEE 11G with Single Sign-On and Active Directory

  Hi guys,
  Release Version: Oracle Business Intelligence 11.1.1.5.0
  Patch applied: 11.1.1.5.0 BP3 (Patch 13832750)
  OBIEE Server operating system: Windows Server 2008 SP2 (32-bits Operating System).
  We are trying to configure Single Sign-On according to TechNote_WNA_SSO_AD_V4.0.doc.
  Our krb5login.conf:
  com.sun.security.jgss.krb5.initiate {
  com.sun.security.auth.module.Krb5LoginModule required
  principal="[email protected]"
  keyTab=cgdkobi2.keytab
  useKeyTab=true
  storeKey=true
  debug=true
  com.sun.security.jgss.krb5.accept {
  com.sun.security.auth.module.Krb5LoginModule required
  principal="[email protected]"
  keyTab=cgdkobi2.keytab
  useKeyTab=true
  storeKey=true
  debug=true
  We generate de keytab file:
  C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.24\bin\ktab.exe -k cgdkobi2.keytab -a [email protected]
  Password for [email protected]:XXXXXXX
  Done!
  Service key for [email protected] is saved in cgdkobi2.keytab
  C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\kinit -k -t cgdkobi2.keytab cgdkobi2
  New ticket is stored in cache file C:\Users\cgdkobi2\krb5cc_cgdkobi2
  C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\klist -k -t cgdkobi2.keytab
  Key tab: cgdkobi2.keytab, 1 entry found.
  [1] Service principal: [email protected]
  KVNO: 1
  Time stamp: Mar 15, 2013 10:34
  C:\OracleBI11g\user_projects\domains\bifoundation_domain>klist
  Current LogonId is 0:0x406163f5
  Cached Tickets: (0)
  We re-start the services and logon into analytics web and SSO doesn't work but there's not an error. It runs successfully with and Active Directoy user and password. Seems like SSO wasn't enabled, but I checked is enabled.
  Any suggestion?
  Thanks in advanced

  Follow the posts : OBI 11.1.1.6.SSO and You are not currently signed in to Oracle BI Server" for OBIEE 11.1.1.6 SSO do the troubleshooting mentioned there.
  Also check your logs for error like the one below:
  [2012-03-09T16:42:36.000-05:00] [OBIPS] [NOTIFICATION:1] [] [saw.securitysubsystem.checkauthentication.runimpl] [ecid: 6c98b5cce1f24814:2a613331:135f95fbdff:-8000-0000000000005b7a,0:1:1] [tid: 5932] Authentication Failure.
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)[[
  If you are getting this when you login to OBIEE :      You are not currently signed in to Oracle BI Server"
  then you need to apply this patch : 13553428 QA:BLK:DELIVER TO CORP. OID LDAP USERS FAILED WITH IMPERSONATOR DOES'NT EXIST. 11.1.1.6.0 Generic Platform (American English) General Oracle BI Suite EE Apr 5, 2012 799.4 KB
  Let us know the updates. Hope this helps. Mark if it does.!
  Thanks,
  SVS

• Single Sign On in OBIEE

  Hi Gurus,
  I have 2 Enterprise Manager (one for BI Applications, one for web portal).
  I want the user&group listed in Enterprise Manager for web portal, can be used for login in Enterprise Manager & Analytics of BI.
  I have moved some WLS*.jar from EM web portal to BI.It was worked for Enterprise Manager of BI.
  I can login in Enterprise Manager BI using username of Enterprise Manager of web portal.
  But, it failed when login to Analytics BI. I guess it related to BI roles(BIAdministrator, BIAuthor, etc) which can't be recognized.
  Do anybody know how to build single sign on here?
  PS:
  I use OBIEE 11.1.1.6
  Any help would be appreciated
  Regards
  JOE
  Edited by: JoeSSI on Nov 7, 2012 10:47 PM
  Edited by: JoeSSI on Nov 13, 2012 3:35 AM

  Hi Alastair,
  Thank you so much for this really very very helpful document but still I am facing some issues:
  1.     The pdf file is specific to Linux environment while I have windows environment for:
  Oracle Application Server 10.1.3.x
  OBIEE Server 10.1.3.4
  2.     We are using MS Active Directory for the domain login authentication process. I have configured the OBIEE with that Active directory to allow users to use their domain credentials to login to OBIEE. I need to provide the SSO in this environment. But the document provides very good and elaborated information about SSO using OID. Is there any way we can do SSO using MS AD or we have to import the users in OID?
  3.     We are using a db table for the authorization process for users after authentication is passed in which we are storing the USER NAME and GROUP information. The Authorization block of rpd select the corresponding GROUP from this table using SQL query and authorizes the users for their access scope. I was trying to execute the function AD_Authorization using the sql supplied after creating it in db but it is showing the below error: (Oracle11gR2 DB Server)
  SELECT getldapgroups('domainname\username') FROM dual;
  ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid DN syntax. 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece
  ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86
  ORA-06512: at "SYS.DBMS_LDAP", line 1487
  ORA-06512: at "SYS.DBMS_LDAP", line 234
  ORA-06512: at "SCHEMA.GETLDAPGROUPS", line 45
  4.     Can we install OIM on Windows machine having the Oracle DB server installed already on it?
  Your valuable response will be much awaited.
  Thanks,

• Single sign on using IDM??????...plz help

  hey friends,,i need to make single sign on using IDm without system access mananger,,but using identity manager,,,i have netbean in which i have deployed idm war,,,now i have company site in which various subb-sites r thr,,,i need to make single sign on for all these,,,i dont know how to proceed so plz help...

  You need to have J2EE Policy Agent on the Appserver mechine where you will have your IDM server running. There are set of configuration steps involved in-order to acheive SSO/Pass thorugh Authentication.
  Thanks
  --ANJI                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• Oracle single sign-on scenario. pls help.

  Hi,
  I have following basic Oracle single sign-on setup in place along with integration with Active Directory 2003.
  All the users are provisioned in AD, which is then synchronized with OID. The OID users is then manually synchronized to Oracle
  E-business suite (FND_USER table).
  So, the flow is like this :
  AD > OID > Ebiz suite
  Problem :
  We are now migrating users in AD 2003 to AD 2008 and i am being asked to perform impact analysis on Oracle Single sign-on environment while this AD migration is in process.
  Any clues or your inputs on impact that this will create on single sign-on will be much appreciated.
  Thanks in advance

  Hi Darsh,
  1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
  2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
  3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
  4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
  5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
  HTH.
  Ghassan

• Oracle identity federation 10g--error while login with single sign

  Hi...
  I installed oif10g using microsoft ad2003.now i am integrating with salesforce.com to provide single sign on...but while signing authentication is failed...so for that we need to search for assertion which will be under federation-mssg.log..
  but no error messg is under it...so can any one help to enable all debug settings in oif..

  Hello,
  I think its not possible to mix and match authentication once you have set OBIEE to use EBS ICX cookie based authentication, you would not able to use the DefaultAuthenticator Provider.
  Let me know the updates.
  Thanks,
  SVS.

• Configuring JCo3 Connection Pool with single sign on on non SAP Java server

  Hi Everyone,
  i have configured a connection pool on JBoss as per JCo3 Documentation and is working great.
  Now I need help to configure this connection pool with single sign on so that RFc on SAP ECC systems are executed using end users credential rather than using single user name password used to configure JCo connection pool.
  On SAP Java stack I am sure its possible within Java WebDynpro    and i assume using JCA resource adapter. But what if we don't want to use SAP Java App server.
  Any help will be appreciated.
  Thanks,
  Divyakumar Jain

  Eason, 你好！
  I have exactly the same problem.  Did you find a solution to this problem?  If so, please let me know!

• ApEx 2.1.0.00.39 as Partner Application in Oracle AS Single Sign-On

  Hi,
  I've installed the last Application Express 2.1.0.00.39 (oracle-xe-10.2.0.1-1.0.i386.rpm and oracle-xe-univ-10.2.0.1-1.0.i386.rpm) but, when I try to "create an authentication scheme" for configure an ApEx application to use SSO under
  Home>Application Builder>Application xxx>Shared Components>Authentication Schemes>Create Authentication Scheme
  in the second step of the procedure I don't find the choice "Oracle Application Server Single Sign-On (Application Express engine as Partner App)".
  I found only these:
  - Show Built-In Login Page and Use Open Door Credentials
  - Show Login Page and Use Application Express Account Credentials
  - Show Login Page and Use Database Account Credentials
  - Show Login Page and Use LDAP Directory Credentials
  - No Authentication (using DAD)
  even if under the help voice "V Information" the others two are describes:
  Oracle Application Server Single Sign-On (Application Express engine as Partner App) delegates authentication to the Oracle Application Server Single Sign-On (SSO) Server. This Application Express site must have already been registered as a partner application with the SSO server. For more information, contact your administrator.
  Oracle Application Server Single Sign-On (My application as Partner App) delegates authentication to the SSO server. In this case, you must register an application with SSO as a partner application. See the next page for more details.
  Does Someone know how to resolve it?
  Thanks
  Emanuele

  Thanks for all your help Scott
  I've added the -PORTAL_SSO- .....
  After this I've had a new problem same to this: Re: SSO Authentication Not Working
  "get the error below and it then directs me to http://hostx/htmldb/f? and the "p=" is missing"
  But after a lot of tests I discovered where was the problem: "The apache configuration for the proxy!!"
  This an extract from the installation doc :
  SetEnv force-proxy-request-1.0 1
  ProxyPass /htmldb http://127.0.0.1:8080/htmldb
  ProxyPassReverse /htmldb http://127.0.0.1:8080/htmldb
  ProxyPass /i http://127.0.0.1:8080/i
  ProxyPassReverse /i http://127.0.0.1:8080/i
  ProxyPass /sys http://127.0.0.1:8080/sys
  ProxyPassReverse /sys http://127.0.0.1:8080/sys
  where you replace 127.0.0.1 with the name OR ip address of your XE installation. 8080 is the default http port of your XE installation. "
  Well, I used the IP ADDRESS and in the @regapp > listener_token the NAME!!! (HTML_DB:servername.domain:80)
  I changed the IP ADDRESS with the NAME, restarted the httpd service and now all works fine.
  Emanuele

• Single Sign on using SAML between JWS application and Web Application

  Hi,
  We have two applications one is swing based Java Web Start application and other is a normal web application. We are trying to enable single sign on between both the applications. Can SAML be used to enable single sign on? If yes, can some one let us know how to do this?
  Thanks,
  Rama

  Thanks. But it is based on two WEB applications deployed on two different weblogic domains. What I am looking for is one application which is launched using Java Web Start(JNLP) and other a web application. The Java Web Start application uses its proprietary authentication implementation and the web application used DefaultAuthenticator of weblogic. Hope this detail will help you to answer my question better. I should have given this information earlier.
  Thanks.
  Rama

• Difference between Federated single sign on  and just Single sign on

  Can anyone please give a clear definition of what is
  1. Federated Single sign on?
  2. Just Single Sign on ?
  As a security expert if you were to Architect security what will you suggest ?
  Lets take an example Landscape
  NW1(ABAP + JAVA)- system, NW-2(ABAP+JAVA)  system and EP( java only), LDAP
  I am having a hard time convincing the customer to have both CONSUMER AND PRODUCER PORTAL for Federated single sign on? is this a bad idea. Customer says just give me SSO(with just one portal acting as CONSUMER/PRODUCER).
  initial GOLIVE user load will be 700+ users.
  Edited by: Franklin Jayasim on Jul 16, 2010 7:52 PM
  Edited by: Franklin Jayasim on Jul 16, 2010 7:53 PM
  Edited by: Franklin Jayasim on Jul 16, 2010 7:57 PM
  Edited by: Franklin Jayasim on Jul 17, 2010 12:17 AM

  Hi  Denny Liao
  The project is going to have BI(NW) and ECC/SRM/HR(NW) and sepparate  portal ( EP - Java only )
  I thought that normal SSO will help in the intranetwork, what happens if the employee(user)  needs to work from home.
  What about the external vendors suppliers etc...?

• How to integrate Single Sign-On and JSF?

  Hi all,
  We are going to develop a web application using Oracle technologies, including ADF and JSF.
  But we´ll need to secure our website using Oracle Identity Manager (Single Sign-On). I am having difficulties to find any resource explaining how to do that.
  Also, the IM (SSO) will run on a Oracle AS instance and our web app (ADF+JSF) will run on a separete OC4J instance, due to ADF version. Is this a problem?
  Thanks

  We too are in the process of implementing iStore with SSO features.
  And if you believe me it seems to me as nightmare.
  In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
  [email protected]
  regards and thanks in advance
  Vikas Deep

• AnyConnect WebVPN Single Sign-on and Sharepoint 2013

  I know  that single sign-on is currently working and supported for Sharepoint 2010 on 9.0 and later code however is Sharepoint 2013 supported? I can't seem to find any documentation or any material on this. Any help on this would be fantastic.
  Thanks!

  I'd like to know if Sharepoint 2013 is supported at all with ASA 9.x clientless SSL VPN. We get this error message:

• Sample Application - Single Sign On from PeopleSoft to Infoview

  <p>This zip file contains the code which provides the capability of Single Sign On (SSO) from the PeopleSoft portal to the BusinessObjects Enterprise Infoview portal even to the report level. See the documentation in the docs folder for information on what this code does and how to install it within your environment.</p><p> *********************</p><p>Update: Please be sure to download this <a href="http://ftp1.businessobjects.com/outgoing/CHF/boXIr2psoftwin_chf.zip">patch</a> (KBase<span style="margin-left: 5px"><a href="http://technicalsupport.businessobjects.com/KanisaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=1544953&sliceId=&dialogID=14530755&stateId=1 0 14532113">1544953</a>)</span> for the Integration Kit for PeopleSoft software as well. It resolves a security issue with how the PeopleSoft logon token is handled by BusinessObjects Enterprise.</p>

  Hello Boris,
  The error happens seemingly at the very end of the SSO login.  The Infoview screen is created, and after it is all built out the error appears.  The error appears before any user interaction and before a report can be run.  Clicking OK makes the error go away, but InfoView is not fully functional (folder hierarchy doesn't expand, etc etc).
  WAS log file excerpt at time of error:
  [5/7/07 15:31:58:926 CDT] 6ace6575 SystemOut     O 15811343 [Servlet.Engine.Transports : 15] ERROR com.businessobjects.encyclopedia.uitoolkit.web.ToolkitServlet  - Request = /businessobjects/enterprise115/desktoplaunch/applications/init.bouitoolkit
  [5/7/07 15:31:58:941 CDT] 6ace6575 SystemOut     O 15811358 [Servlet.Engine.Transports : 15] ERROR com.businessobjects.encyclopedia.uitoolkit.web.ToolkitServlet  - From = wxpch1-bfqb.cna.com
  [5/7/07 15:31:58:941 CDT] 6ace6575 SystemOut     O 15811358 [Servlet.Engine.Transports : 15] ERROR com.businessobjects.encyclopedia.uitoolkit.web.ToolkitServlet  - java.lang.NullPointerException
  [5/7/07 15:31:58:941 CDT] 6ace6575 WebGroup      I SRVE0181I: [Desktop Web Examples] [/businessobjects/enterprise115/desktoplaunch] [Servlet.LOG]: java.lang.NullPointerException: java.lang.NullPointerException
       at com.businessobjects.encyclopedia.reportviewer.encyclopedia.EncyclopediaApplication.init(EncyclopediaApplication.java:167)
       at com.businessobjects.encyclopedia.uitoolkit.web.HtmlApplicationFactory.createApplication(HtmlApplicationFactory.java:103)
       at com.businessobjects.encyclopedia.reportviewer.wrapper.InfoViewPanel.init(InfoViewPanel.java:106)
       at com.businessobjects.encyclopedia.uitoolkit.web.HtmlApplicationFactory.createApplication(HtmlApplicationFactory.java:103)
       at com.businessobjects.encyclopedia.uitoolkit.web.ToolkitServlet.doPost(ToolkitServlet.java:265)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.ibm.ws.webcontainer.servlet.StrictServletInstance.doService(StrictServletInstance.java:110)
       at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._service(StrictLifecycleServlet.java:174)
       at com.ibm.ws.webcontainer.servlet.IdleServletState.service(StrictLifecycleServlet.java:313)
       at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.service(StrictLifecycleServlet.java:116)
       at com.ibm.ws.webcontainer.servlet.ServletInstance.service(ServletInstance.java:283)
       at com.ibm.ws.webcontainer.servlet.ValidServletReferenceState.dispatch(ValidServletReferenceState.java:42)
       at com.ibm.ws.webcontainer.servlet.ServletInstanceReference.dispatch(ServletInstanceReference.java:40)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:1171)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:676)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:203)
       at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:125)
       at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java(Compiled Code))
       at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
       at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:246)
       at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:334)
       at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
       at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java(Compiled Code))
       at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:458)
  This and the other information you've requested can be found in case #302807226.
  Thank you for your help,
  Brian