How to expire SSO cookie?

Similar Messages

• RFC_ERROR_LOGON_FAILURE: System received an expired SSO ticket

  Hi All,
  We installed NW 7.0 SP 14 with EP 7.0; All the post-installation steps were completed and JCo's configured with SSO to backend ECC 6.0 system.
  Since morning we are getting he below mention error when trying to test the JCo's for all the users.
  com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: System received an expired SSO ticket.
  Tried many variations and also changed the Ticket expiration time(to 24 from 8) restarted the server but the problem still remains. Can any one suggest any more ideas on how to sole this?
  Is this problem any where related to CR Content? If so can you suggest how to check the current veriosn and how to find out the exact level which would be supported for our NW system.
  Thanks in advace for you help.
  Thanks,
  Sravanthi

  Hi,
  Your portal certificate has expired.
  To renew - you need to generate a new one in the ticket keystore using Visual Admin.
  Next you export the new updated ticket to the trusting system (in yoru case ECC) using tcode STRUSTSSO2.
  You then import the ticket and assign it to the ACL.
  Issue should then be resolved.

• One Portal user has several user in other systems - how to handle SSO

  Hi,
  I read a lot through several threads but could not really find the information that I need:
  Problem:
  Each PERSON has ONLY ONE unique portal user to log in. In SAP SRM / EBp these persons sometimes must have multiple users. Normally they login in than with TIMO1 or TIMO2 etc..
  But how can we handle that with SSO?
  The SOO cookie will always login only one explicit user.
  Such that I thought about a BSP application or something in-between: Portals opens this custom application via SSO. The application deletes the SSO cookie and depending on the selected user it will login the user to EPb / SRM.
  Who has any Ideas how to realize that. Or is there a better possibility for that?
  Thanks for HELP
  TIMO

  Hello Guys ...
  thanks for the posts, but I think I did not make realy clear what I need:
  SOO works fine, that is OK.
  But I need to login from the portal, being loged in as user 1243243 (we use numbers) into EBp (SRM) as JOHN or JOHN2. Depending on the company I would like to shop for.
  I am aware of the fact, that SAP Portal offers something like user-mapping. But we would like to avoid aditional maintenance in the Portal area (internal reasond). So user-mapping in the portal is no option.
  I think I realy need such a "LOGIN APPLICATION" inbetween
  PORTAL - LOGIN APP - SRM
  Thanks 4 your help!

• UWL config-S ystem received an expired SSO ticket not found in system

  Hi All,
    We are getting following erro while configuring UWL.
  Exception type:com.sap.netweaver.bc.uwl.connect.ConnectorException Message:uwlExceptionID: 1179143938021 :uwlExceptionID: 1179143938021 JCO Function template USER_NAME_GET:SAPR3CLNT900WF:com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: System received an expired SSO ticket not found in system
  Please HELP.
  Rgds
  Ganga

  hi ganga,
  may be there is problem with uwl configuration. u try with this link....
  hope ur error will clear........
  <b>How configure UWL in Portal 7.0,
  Problem configuring UWL,</b>
  regards
  bhargava

• How do I specify cookies that I do not want deleted while in Private Browsing?

  I would like to use Private Browsing all the time, but want to retain certain cookies, like my sign in info for hotmail.com and certain banking log in info. How do I specify cookies that I do not want deleted?

  You can protect specific cookies with the CookieCuller extension.
  The cookies are only protected within that extension, so other means (Clear Recent History) will still remove them.
  You can let all cookies expire if you close Firefox and keep the protected cookies.
  If you use the build-in cookie manager then you can only make an allow exception for a specific domain, but with CookieCuller you can protect specific cookies.
  * CookieCuller: https://addons.mozilla.org/firefox/addon/82

• Sending SSO Cookie from Applet

  Hi Experts,
  We have two ADF applications configured with SSO. From one application web page we have an applet to connect to the second application.
  I am using the URLConnection to establish the connection between the applet and the web applicaiotn, and i found the SSO cookie was not passed. Please advice me how can i pass the SSO cookie from the applet to the another web application?
  Looking forward some help in this topic.
  Thank you

  try using
  HttpUrlConnectionand
  requests are a 2 way process
  so you send the request and you must read the response
  so send a response from your servlet and read it in the applet

• How to renewal SSO public key certificate ??

  hiiiiii
  How to renewal SSO public key certificate....

  Hello,
  You should replace the existing certificate before it expires as per the link provided below.
  http://help.sap.com/saphelp_nw04s/helpdata/en/5c/b7d53ae8ab9248e10000000a114084/frameset.htm
  http://help.sap.com/saphelp_nw04s/helpdata/en/59/6b653a0c52425fe10000000a114084/frameset.htm
  Thanks,
  Siva Kumar

• How to check SSO user from database?

  Hi:
  I've posted this topic in Forms forum:
  How to check SSO user from database?
  then as I've been told, it's better to post it here, so ...... here is the question:
  I'm writing a "before delete trigger" to insert into log table before delete. Is there a way that I know from database the current SSO user when SSO users share one database user?
  Just like in Oracle Application Express there is v('APP_USER') to know the current user.
  Saad,

  End users are manipulating data through Oracle Forms(and SSO through portal) and the thing I need is to trace the SSO username from database without modifying forms, I mean purely from database taking into consideration that SSO users are sharing one database user. Is it possible?
  Saad,

• How to get SSO userid to URL-based app?

  I'm developing a web-app using Struts that will be accessed by Portal (I guess as a URL-based app). The web-app will not require login. The web-app will not be Portal "aware", except that it requires the SSO userid for auditing/logging purposes.
  I know little about Portal and SSO. How can Portal be configured to send the Portal userid of the logged-in Portal user? Can it send it as a parameter in a GET or POST?
  The version of Portal will be 9.0.2 (or greater).

  This topic is answered in the PDK forum here:
  How to get SSO userid to URL-based app?

• How do I use cookies to control which part of the timeline to play from?

  Hi there,
  I have created an animation with Adobe Edge. My site uses Concrete5 and I am pulling in the Edge content into an IFRAME on my home page (there my be a better way to do this and I'm open to suggestions). I want the animation to play from the start when someone first visits the site, but if during their browser session they navigate back to the home page, I want the animation to only play a shorter segment of frames near the end.
  My question is, how do I use cookies to acheive this? I'm new to javascript/jquery.
  I've included the following code on compositionReady, (found in another post on this forum) but don't have a clue how to continue...
  // insert code to be run when the composition is fully loaded here yepnope(   {     nope:[       '/js/jquery.cookie.js'     ],   complete: init   } ); function init() { //create your cookie's initial values here } 
  My temp site is here - http://79.170.40.43/nutcrackerdesign.co.uk/
  On revisting the homepage, I only want to play from when the green 'How can we help?' button drops in.
  Many thanks!
  Russ

  Hi, Russ-
  I found this article, which seemed really helpful in describing how cookies work in JavaScript:
  http://www.quirksmode.org/js/cookies.html
  Remember that JS works just fine within Animate, so on your compositionReady, you can read your cookie and then set the play based on that.  You should probably uncheck the autoplay for your Stage and control the play of your Stage from the compositionReady.
  Good luck!
  -Elaine

• How do I add cookies to adobe muse site?

  Hello,
  I am creating a site in Adobe Muse, which I also host through the webbasic adobe business catalyst account.
  I want to add a cookies message onto my site and to that of client sites that I create.
  I searched the forum and there appears to be a guide showing how to get the cookies set up in adobe business catalyst itself. However, when I try to follow the instructions, I fall at the first hurdle because it tells me to go into Site Manager and then into Pages. However, I don't have anything that says Pages. Mine only has two options; Web Forms and System Emails. The only thing in the Web Forms folder is Contact Form.
  I have no idea how to get the cookies message onto my Adobe Muse site. Please...does anyone know the answer?
  Also, if someone from Adobe reads this, it would be great if Adobe Muse had a widget for this...considering it is now a requirement for all websites that use cookies to be able to get consent. I hope it's in the next update.
  Cheers
  Sebastian

  Refer to this thread for instructions on adding a Manage cookies form - http://forums.adobe.com/message/539301
  The online content editing is disabled by default for sites published through Muse to BC and hence the Pages tab doesn't appear for you under Site Manager. However, you can always enable the Online Content editing feature by logging into the site admin -> going to the My Details section (by hovering over your name at the top right) and enable the option as indicated in the screenshot below.
  Please refer to the following post for a reason as to why the option is incompatible with Muse (but doesn't affect any functionality as such if you enable it).
  http://forums.adobe.com/message/4385787.
  Thanks,
  Vinayak

• How to configure sso with SSL step by step

  Purpose
  In this document, you can learn how to configure SSO with SSL. After user have certificate installed in browser, he can login without input username and password.
  Overview
  In this document we will demonstrate:
  1.     How to configure OHS support SSL
  2.     How to Register SSO with SSL
  3.     Configure SSO for certificates
  Prerequisites
  Before start this document, you should have:
  1.     Oracle AS 10g infrastructure installed (10.1.2)
  2.     OCA installed
  Note:
  1.     “When you install Oracle infrastructure, please make sure you have select OCA.
  2.     How Certificate-Enabled Authentication Works:
  a.     The user tries to access a partner application.
  b.     The partner application redirects the user to the single sign-on server for authentication. As part of this redirection, the browser sends the user's certificate to the login URL of the server (2a). If it is able to verify the certificate, the server returns the user to the requested application.
  c.     The application delivers content. Users whose browsers are configured to prompt for a certificate-store password may only have to present this password once, depending upon how their browser is configured. If they log out and then attempt to access a partner application, the browser passes their certificate to the single sign-on server automatically. This means that they never really log out. To effectively log out, they must close the browser.
  Enable SSL on the Single Sign-On Middle Tier
  The following steps involve configuring the Oracle HTTP Server. Perform them on the single sign-on middle tier. In doing so, keep the following in mind:
  l     You must configure SSL on the computer where the single sign-on middle tier is running.
  l     You are configuring one-way SSL.
  l     You may enable SSL for simple network encryption; PKI authentication is not required. Note though that you must use a valid wallet and server certificate. The default wallet location is ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default.
  1.     Back up the opmn.xml file, found at ORACLE_HOME/opmn/conf
  2.     In opmn.xml, change the value for the start-mode parameter to ssl-enabled. This parameter appears in boldface in the xml tag immediately following.
  <ias-component id="HTTP_Server">
  <process-type id="HTTP_Server" module-id="OHS">
  <module-data>
  <category id="start-parameters">
  <data id="start-mode" value="ssl-enabled"/>
  </category>
  </module-data>
  <process-set id="HTTP_Server" numprocs="1"/>
  </process-type>
  </ias-component>
  3.     Update the distributed cluster management database with the change: ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct opmn
  4.     Reload the modified opmn configuration file:
  ORACLE_HOME/opmn/bin/opmnctl reload
  5.     Keep a non-SSL port active. The External Applications portlet communicates with the single sign-on server over a non-SSL port. The HTTP port is enabled by default. If you have not disabled the port, this step requires no action.
  6.     Apply the rule mod_rewrite to SSL configuration. This step involves modifying the ssl.conf file on the middle-tier computer. The file is at ORACLE_HOME/Apache/Apache/conf. Back up the file before editing it.
  Because the Oracle HTTP Server has to be available over both HTTP and HTTPS, the SSL host must be configured as a virtual host. Add the lines that follow to the SSL Virtual Hosts section of ssl.conf if they are not already there. These lines ensure that the single sign-on login module in OC4J_SECURITY is invoked when a user logs in to the SSL host.
  <VirtualHost ssl_host:port>
  RewriteEngine on
  RewriteOptions inherit
  </VirtualHost>
  Save and close the file.
  7.     Update the distributed cluster management database with the changes:
  ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct ohs
  8.     Restart the Oracle HTTP Server:
  ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl startproc process-type=HTTP_Server
  9.     Verify that you have enabled the single sign-on middle tier for SSL by trying to access the OracleAS welcome page, using the format https://host:ssl_port.
  Reconfigure the Identity Management Infrastructure Database
  Change all references of http in single sign-on URLs to https within the identity management infrastructure database. When you change single sign-on URLs in the database, you must also change these URLs in the targets.xml file on the single sign-on middle tier. targets.xml is the configuration file for the various "targets" that Oracle Enterprise Manager monitors. One of these targets is OracleAS Single Sign-On.
  1.     Change Single Sign-On URLs
  Run the ssocfg script, taking care to enter the command on the computer where the single sign-on middle tier is located. Use the following syntax:
  UNIX:
  $ORACLE_HOME/sso/bin/ssocfg.sh protocol host ssl_port
  Windows:
  %ORACLE_HOME%\sso\bin\ssocfg.bat protocol host ssl_port
  In this case, protocol is https. (To change back to HTTP, use http.) The parameter host is the host name, or server name, of the Oracle HTTP listener for the single sign-on server.
  Here is an example:
  ssocfg.sh https login.acme.com 4443
  2. Restart OC4J_SECURITY instance and verify the configuration
  To determine the correct port number, examine the ssl.conf file. Port 4443 is the port number that the OracleAS installer assigns during installation.
  If you run ssocfg successfully, the script returns a status 0. To confirm that you were successful, restart the OC4J_SECURITY instance:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Then try logging in to the single sign-on server at its SSL address:
  https://host:ssl_port/pls/orasso/
       3. Back up the file targets.xml:
  cp ORACLE_HOME/sysman/emd/targets.xml ORACLE_HOME/sysman/emd/targets.xml.backup
  4. Open the file and find the target type oracle_sso_server. Within this target type, locate and edit the three attributes that you passed to ssocfg:
  ·     HTTPMachine—the server host name
  ·     HTTPPort—the server port number
  ·     HTTPProtocol—the server protocol
  If, for example, you run ssocfg like this:
  ORACLE_HOME/sso/bin/ssocfg.sh http sso.mydomain.com:4443
  Update the three attributes this way:
  <Property NAME="HTTPMachine" VALUE="sso.mydomain.com"/>
  <Property NAME="HTTPPort" VALUE="4443"/>
  <Property NAME="HTTPProtocol" VALUE="HTTPS"/>
  5.Save and close the file.
  6.     Reload the OracleAS console:
       ORACLE_HOME/bin/emctl reload
  7. Issue these two commands:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Registering mod_osso
  1.     This command sequence that follows shows a mod_osso instance being reregistered with the single sign-on server.
  $ORACLE_HOME/sso/bin/ssoreg.sh
       -oracle_home_path $ORACLE_HOME
       -config_mod_osso TRUE
       -mod_osso_url https://myhost.mydomain.com:4443
  2.     Restarting the Oracle HTTP Server
  After running ssoreg, restart the Oracle HTTP Server:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  Configuring the Single Sign-On System for Certificates
  1.     Configure policy.properties with the Default Authentication Plugin
  Update the DefaultAuthLevel section of the policy.properties file with the correct authentication level for certificate sign-on. This file is at ORACLE_HOME/sso/conf. Set the default authentication level to this value:
  DefaultAuthLevel = MediumHighSecurity
  Then, in the Authentication plugins section, pair this authentication level with the default authentication plugin:
  MediumHighSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOX509CertAuth
  2.     Restart the Single Sign-On Middle Tier
  After configuring the server, restart the middle tier:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Bringing the SSO Users to OCA User Certificate Request URL
  The OCA server reduces the administrative and maintenance cost of provisioning a user certificate. The OCA server achieves this by authenticating users by using OracleAS SSO server authentication. All users who have an Oracle AS SSO server account can directly get a certificate by using the OCA user interface. This reduces the time normoally requidred to provision a certificate by a certificate authority.
  The URL for the SSO certificate Request is:
  https://<Oracle_HTTP_host>:<oca_ssl_port>/oca/sso_oca_link
  You can configure OCA to provide the user certificate request interface URL to SSO server for display whenever SSO is not using a sertificate to authenticate a user. After the OracleAS SSO server authenticates a user, it then display the OCA screen enabling that user to request a certificate.
  To link the OCA server to OracleAS SSO server, use the following command:
  ocactl linksso
  opmnctl stoproc type=oc4j instancename=oca
  opmnctl startproc type=oc4j instancename=oca
  You also can use ocactl unlinksso to unlink the OCA to SSO.

  I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
  The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
  on a URL that looks like this :
  http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  and gives the error :
  ( Forbidden
  You don't have permisission to access /sso/auth on this server at port 7777)
  when I manually change the URL to :
  https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  the SSO works correctly.
  The question is :
  How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
  Any ideas ?
  Thanks in advance

• How to expire a page

  Hi,
  Anybody knows how to expire a page,for example
  if someone submit data on one page and is redirect to next
  page,if he hit back button of browser then he must see
  expire page.
  Thanks in advance.

  I usually put like this:
  response.setHeader("Pragma", "no-cache");
  response.setHeader("Cache-Control", "no-cache");
  response.setDateHeader("Expires", 1);
  You will need to add this code to doGet() and/or doPost() methods.

• How to clear the cookie in midlet before quite the midlet?anyone?pls

  i am fresh in J2ME . Can anyone teach me on how to clear the cookie in midlet before i quit from it?
  I designed an application that require login and use session(cookie) management, i need to clear the cookie before or during i quit the midlet, so that the user will need to login again after quit from midlet. Can anyone pls assist me? i need it urgently!

  I designed an application that require login and use session(cookie) management,How did you implement the cookies. This isn't a built-in part of J2ME. You have to implement it yourself (saving the cookie and resending it in future requests), so only you can know how to delete it.
  shmoove

• How do I enable cookies on Windows 7

  Some sites do hold my password for access ( e.g. credit card) when I went to ' help'. the suggestion for firefox was to go to firefox then 'tools', etc. When I explored firefox and open the different windows I was not able to find tools. Further investigation I found similar instructions but it stated it was for Windows XP. So how can I enable cookies on Windows 7?

  Hi Esther.Applegate,
  Do you have the ''Firefox'' menu in the upper left hand side of the screen? If you do, hit ''Alt'' to temporarily enable the ''Menu bar''. Then go to ''Tools > Options > Privacy''. The article [[Enabling and disabling cookies]] will show you how to set an exception for that site.
  If you want the ''Menu bar'' on at all times, go to ''Firefox > Options'' and enable ''Menu bar''.
  Hopefully this helps!