How to do single sign on with outside website.

Similar Messages

• How to integrate single sign on with third party system

  we are in the process of implementing istore application. we already have home grown isupport application to contact support personnal for any issues. Now we are wondering how do we integrate oracle applications single sign on with our third pary system. Is there any recommendation provided by oracle to achieve the same.

  We too are in the process of implementing iStore with SSO features.
  And if you believe me it seems to me as nightmare.
  In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
  [email protected]
  regards and thanks in advance
  Vikas Deep

• How enabled Single Sign-On with a System SAP WAS ABAP (Run application BSP)

  Hi.
  I need to run any application BSP from a System SAP WAS ABAP, without entering SAP user and password. Using the windows authentication and without SAP Enterprise Portal.
  What authentication methods I have to apply for enabled Single Sign-On with a System SAP WAS ABAP?.
  And How can I enabled this method?.
  Best regards.
  Luis Gomez.

  Hi Ticiano,
  SAP WebAS ABAP supports a number of authenticaiton mechanisms. See
  [http://help.sap.com/saphelp_nw04s/helpdata/en/02/d4d53aa8a9324de10000000a114084/frameset.htm]
  A number of these authentication mechanisms can be combined with Windows authentication (e.g. SNC, client certificates, ...).
  The decision what mechanism fits best depends on critieria like
  - SAP server platform
  - security requirements
  - extensibility (should same authentication mechanism be used for future SAP environments, which will be E-SOA based)
  - authentication from outside company domain
  - Use of SAP security library (SAPcryptolib)
  You may want to look at the SAP Software Solution Partner Catalog, if you look for certified SSO solution vendors for SAP.
  Best regards,
  Peter

• How to pass credentials/saml token access sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication

  How to pass credentials/saml token exchange to the sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication 
  Identity provider here is Oracle identity provider 
  harika kakkireni

  Hi,
  The following materials for your reference:
  Consuming List.asmx on a claims based sharepoint site
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/f965c1ee-4017-4066-ad0f-a4f56cd0e8da/consuming-listasmx-on-a-claims-based-sharepoint-site?forum=sharepointcustomizationprevious
  Sharepoint Claims based authentication and Single Sign on
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/2dfc1fdc-abc0-4fad-a414-302f52c1178b/sharepoint-claims-based-authentication-and-single-sign-on?forum=sharepointadminprevious
  Sharepoint Claim Based Authentication Web Service issuehttp://social.msdn.microsoft.com/Forums/office/en-US/dd4cc581-863c-439f-938f-948809dd18db/sharepoint-claim-based-authentication-web-service-issue?forum=sharepointgeneralprevious
  Best Regards
  Dennis Guo
  TechNet Community Support

• How to single sign on with  webApplication with Basic Authenticated in IIS

  Dear Sir,
  Our server is EP6 SP14, we will link iview with BW URL which using basic authen in IIS. . Please kindly advise howto single sign on with  webApplication with Basic Authenticated in IIS
  Thank you and best regards,
  Vimol

  Are you sure the BW is using IIS? Most recent versions are using ABAP style authentication. What version are you running?
  You may want to investigate IISProxy - it's no longer supported, but it might help you out. It basically takes an SSO cookie and allows IIS to "know" who the user is.
  Cheers

• Setting up BusinessObjects Enterprise 3.1 for Single Sign On with Xcelsius

  Hi all
  Does anyone have any documentation and/or whitepapers that documents the setting up BusinessObjects Enterprise 3.1 for Single Sign On with Xcelsius Dashboards (xcelsius accessing BusinessObjects universe data through QAAWS and Live Office..
  Thank you for your help.
  Kind regards,
  Dean

  Based on the replies in this thread I'm guessing that there is someone out there that has gotten SSO to work with Xcelsius? If so could you please post the details of how that was achieved?
  When we purchased Xcelsius we were under the impression that it supported SSO but have never been able to get it to work and finally had SAP tell us that Xcelsius did not support SSO.
  Our understanding is that in order to bypass a login for Xcelsius you have to use QaaWS as the datasource and hardcode an enterprise id and password.
  LiveOffice supports SSO but not when it's used as a datasource within Xcelsius.

• Integrate Single Sign-On with Oracle E-Business Suite Release 12.

  Hi
  How to integrate oracle Single Sign-On with Oracle E-Business Suite Release 12 , give links and ideas about this ,
  Thanks
  Edited by: user12235518 on Feb 19, 2012 10:10 PM

  How to integrate Single Sign-On with Oracle E-Business Suite Release 12 , give links and ideas about this ,Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11gR1 (11.1.1.5) using Oracle E-Business Suite AccessGate [ID 1309013.1]
  Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On 10gR3 (10.1.4.3) [ID 376811.1]
  Troubleshooting Oracle Application Server 10g SSO and OID with Oracle E-Business Suite Release 12 [ID 380487.1]
  Thanks,
  Hussein

• Discussion on Blog: Single Sign On with External ID implemented in Ruby

  Hello,
  please use this Topic to discuss questions regarding the Blog <a href="/people/gregor.wolf3/blog/2006/09/30/single-sign-on-with-external-id-implemented-in-ruby">Single Sign On with External ID implemented in Ruby</a>.
  Regards
  Gregor

  Hi Gregor:
  As per your request, I am reposting my question in this forum..
  Your excellent blog Single Sign on with External ID Implemented in Ruby shows how you can generate a sso cookie with the external ID mapping with the X.509 certficate.
  In my scenario, the user has already logged into R/3 via SAPGUI (so no need for SNC here) and run an iView on the Portal - if I map an external ID in the table  VUSREXTID (type NT)  for each of my users then can I call the rfc SUSR_CHECK_LOGON_DATA by passing Auth_method = E and Auth_data = External ID and will this rfc return a SSO cookie?
  Thanks
  Venkat

• How to use single sign on to authenticate

  How to use single sign on to use the MS-AD for authentication
  I have created an data source which points to the MS-AD and tested
  Next how do i add this to the policies.
  Thanks
  NS

  Hi,
  Please, specify the products and versions that you are using?
  thanks,
  Thiago Leoncio

• How to integrate Single Sign-On and JSF?

  Hi all,
  We are going to develop a web application using Oracle technologies, including ADF and JSF.
  But we´ll need to secure our website using Oracle Identity Manager (Single Sign-On). I am having difficulties to find any resource explaining how to do that.
  Also, the IM (SSO) will run on a Oracle AS instance and our web app (ADF+JSF) will run on a separete OC4J instance, due to ADF version. Is this a problem?
  Thanks

  We too are in the process of implementing iStore with SSO features.
  And if you believe me it seems to me as nightmare.
  In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
  [email protected]
  regards and thanks in advance
  Vikas Deep

• Single Sign-on with Multiple Servlets and JSPs

  I am in the midst of attempting to logically tie together a number of our
            web applications under a single sign-on "umbrella". What we want is the
            following: for any n applications a user may have access rights for up to n
            of them. Once signed in, she has rights to visit any app to which she has
            permissions as long as her session is valid. Unfortunately, I'm having
            trouble seeing how to make this work given the documentation that I have.
            I've read thru the newsgroup in search of a solution, but I haven't seen
            anything geared toward this specific approach.
            Currently, each "application" (servlet) has a list of valid users via ACLs
            (we've implemented a RealmExtender, so we're not going via props file
            entries), and we let the browser pop-up window enforce the sign-on. This
            has worked exactly as we wish (single sign-on, etc.), for testing, but we'd
            really rather have our own form-based sign-on for production.
            To that end, we've done the following:
            1) implemented a JSP form-based sign-on (basically ripped off from the
            example provided by BEA), which does a "ServletAuthentication.weak()" check
            to confirm identity.
            2) placed the following code (essentially) within the service() method of
            our servlet superclass, which I thought would force another check. My
            intention is to disallow the user from "jumping into" an app thru a
            shortcut, and thereby bypassing security.
            HttpSession session = request.getSession(true);
            if (session.isNew()) {
            response.sendRedirect(welcomeURL);
            However, we can't get the form-based approach to mimic the functionality of
            the default browser pop-up: the sign-in doesn't seem to "follow" the user
            the way it did with the pop-up. Instead, when I come in thru our login
            page, the browser pop-up is still appearing when I click the link for an
            app for which to which I have permissions.
            Is the default browser pop-up doing something different that I should know
            about? Seems like this should be simple to do, but it's surprisingly subtle
            (or maybe I'm just clueless).
            TIA
            

  Well, if you want to hear my personal opinion:
  better stick to the cookie specification (http://wp.netscape.com/newsref/std/cookie_spec.html) and accept the constraint that cookies will only be send to domains that tail-match the domain-constraint specified in the set-cookie http response.
  Although this specification is not an official internet standard most browsers are implementing the cookie mechanism according to this specification.
  Unfortenately there's no option to specify that a cookie should be send to a list of servers and/or sub-domains.
  However one physical server can have multiple (FQDN) hostnames. So if you intend to send the cookie to a group of servers the best approach is to create a new (DNS) (sub-)domain exclusively for those servers.
  Theoretically (and also practically) it is possible to set cookies for multiple domains (by using a webservice that will set cookies on request of a caller). But that approach is dangerous:
  (1) not the server but the http client is defining the content of the cookie (= part of the http server response)
  (2) (unintended) many servers can obtain the cookie which will be send to all servers that reside in all (tail-matching sub-)domains; although most likely only one or two servers of each domain are intended recipients
  Regards, Wolfgang

• How to remove Windows Sign-in with Password upon Startup

  hi. Can anyone help me? Whenever we buy a new laptop, my husband always told me to "just leave it blank" , referring to the Microsoft Windows sign in with blank box for typing in a password. "This way you don't have to type your password everytime
  you sign in." I am totally in agreement with this. Why do extra work everytime you open your laptop? So we have always done that. Last weekend a client made me skype with her. I had to download Skype. I was offered only two options for signing into skype:
  either through Facebook or Microsoft Windows sign in, so I had to get a username and password at that point with Microsoft Windows. (Yes, there probably was some way to sign straight into Skype but the corporate relationship comes first, with Microsoft, so
  they only provided me a screen with those two options. Nowhere else on the Skype screen did it say there was a third option.)
  Now everytime I open my laptop I have to type my long Microsoft password. Right now I am in msconfig and reading every single running service under Startup, Services and Processes and cannot find the name of the authentication for Microsoft upon Startup,
  to disable. What is the name of it? Under which category?
  I use Windows 8.

  On Fri, 31 Jan 2014 15:15:05 +0000, norqdo wrote:
  hi. Can anyone help me? Whenever we buy a new laptop, my husband always told me to "just leave it blank"
  This is not the correct forum for your question.
  Please repost your question to one of the Windows 8 forums:
  http://answers.microsoft.com
  Paul Adare - FIM CM MVP
  Q. How do you solve bus problems?
  A. Shoot the driver.

• Ask the Experts: Single Sign-On with Cisco WebEx Meetings Server, Internet Reverse Proxy, and Enterprise License Manager Solutions

  With Arun Kumar
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Single Sign-On (SSO) with Cisco WebEx Meetings Server (Cisco WMS), Internet Reverse Proxy (IRP), and Enterprise License Manager (ELM) solutions.
  SSO standards such as Security Assertion Markup Language (SAML) 2.0 provide secure mechanisms for passing credentials and related information between different websites that have their own authorization and authentication systems. SSO enables simplified user authentication and management.
  IRP provides public access, enabling users to host or attend meetings from the Internet and mobile devices. Although IRP is optional, Cisco encourages its use because it provides a better user experience for your mobile workforce.
  Example question topics include:
  SSO profiles and SAML 2.0 Identity providers (IdPs) supported in Cisco WMS
  Basic configuration of IdPs
  Interaction between IdPs and Cisco WMS
  Difference between the cloud client implementation and Cisco WMS
  Meeting access behavior in a split-horizon network topology with SSO
  How to enable public access to Cisco WMS
  Cisco WMS ELM operations
  Cisco WMS ELM compared to other unified communications ELM or standalone ELM and compatibility/inoperability between them
  Arun Kumar is a team lead in the San Jose Conferencing Technical Assistance Center. He has over eight years of experience in conferencing technology and specializes in Cisco Unified Meeting Place Express and Cisco WebEx Meeting Server. He joined Cisco in 2010 as an escalation engineer for the Cisco Telepresence group. Before joining Cisco he worked for the UK's third-largest internet service provider Supanet on VoIP technology and the *Nix domain. Kumar holds a master of science degree in computer science from Sikkim Manipal University in India, and he holds CCIE (Voice) and VMware Certified Professional certifications.
  Remember to use the rating system to let Arun know if you have received an adequate response.
  Arun might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice, and Video community Other Subjects subcommunity shortly after the event. This event lasts through Monday May 17, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Mobile Service,
  CWMS and Jabber integrations:
  http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_1/JABW_BK_E4CC9599_00_environment-configuration-guide_chapter_01.html#JABW_TK_SF2ED5E1_00
  In above link start from section: Set Up Cisco WebEx Meetings Server on Cisco Unified Presence
  then move to section: Add Cisco WebEx Meetings Server to a Profile
  Once done, move to section: Specify Conferencing Credentials in the Client side. You will see above server already listed there, just go ahead and enter your username and password (pleae make sure this user already exists on your CWMS) and accept any certificate/s if presented. Jabber Integration is done and you can start testing the same.
  Attached CWMS - AFDS integration doc.
  Please let me know if any furhter question.
  Thanks, Arun

• NTLM and Single Sign On with WebLogic 8.1

  Hi guys,
  I've only been using WebLogic for about 3 weeks now, I have developed a small web app using servlets and need to add "single sign-on" functionality to it. One of my colleagues advised me to use NTLM, but he doesnt have any experience in implementing it with WebLogic.
  Could anyone send me some instructions or directions? Sample code maybe? I dont have much experience with security.
  Thanks guys,
  Tommy

  Hi Tommy,
  I used to work for a security company that built an off-the-shelf product that did NTLM SSO (along with SPNEGO), so I feel that I can give you a little bit of advice here. If you want a quick solution, buy it from Quest. The product is called Vintela SSO. If you want to actual build this your self however, I have given a rough guide of how to start.
  Essentially, you will need to develop new Identity Assertion and Authentication provider MBeans. There are guides on how to do this in the WebLogic SSPI documentation.
  http://edocs.bea.com/wls/docs81/dvspisec/index.html
  The Authentication provider should be pretty trivial (just making mappings from autheticated users to roles), but the Identity Assertion provider is a whole other kettle of fish. You will need to do some serious reading on NTLM:
  http://davenport.sourceforge.net/ntlm.html#whatIsNtlm
  You will also need to pickup a copy of an NTLMSSP java library. You can get one called jCIFS from http://jcifs.samba.org/
  Your identity assertion provider needs to parse the NTLM credential from the WWWAuthenticate line in a HTTP Request from IE. You then need to validate the token using JCIFs. You then use JAAS to create a JAAS Login Principal that is passed to the new Authentication Provider which will match the authenticate user against groups. Then you slip to the normal SSPI role-mapping process from there.
  Once you have created the new providers, you need to wrap them in JMX MBeans so that WebLogic can use them.
  This is all going to be quite a big job to implement.

• How to use Single sign On in CRM2007 ?

  Dear All,
  I have created a launch transaction for launching ransactions from R3 (using BOR).
  Now, the problem is when I click on the link in WebUI it gives me a popup for entering R3 User Id and only then it allows navigation to R3 transaction.
  How do I remove this popup ? I want that since user has already eneterd password for WebUI it should further not prompt him/her for the password. How to achieve this ?
  Can we use Single Sign on ? How ?
  Regards,
  Ashish

  Hi Stephen,
  I have done the settings as per the OSS notes. But, I am getting the following error while navigating to R3 from CRM (BOR Launch transaction):-
  - SSO logon not possible; browser logon ticket cannot be accepted
  - Choose "Logon" to continue A dialog box appears in which you can enter your user and password
  - No switch to HTTPS occurred, so it is not secure to send a password
  Also, after this I get the popup where I have to enter R3 User Id and Password and then it continues.
  But, the whole purpose was to remove this intermediate popup.
  What settings are missing / going wrong ?
  Regards,
  Ashish