How to Hide user & pass in PORTAL URL

Similar Messages

• Hide user and password in URL

  Hi Experts,
  I need a help on portal URL. We are using SSA (Spend Analytics) in Portal. One of the option in portal is that you can generate an E-mail Link of a report which goes to users.
  Link looks like this for end user (They receive it via E-Mail)
  http://Host:Port/irj/servlet/prt/portal/prtrootxapps.analytics.ds_par.inbounds?guid=CC1E61FF_7B3F_45CB_A3BE_B00F6BD487B7&objType=REPO&objId=0DA4575B_3C28_E6D8_66C5_04008115C625
  Users should be able to view this link as soon as they click on it. If a user is already logged into portal and copy and paste the link, it works fine. However, if a user is not logged in and copy and past this link to IE, It automatically changes URL to something else and shows user & password 
  This is how it looks like. URL changes to the following link..
  http://HOST:PORT/irj/portal?j_user=XYZ_USER&j_password=XYZ_PASS&submit_logon=true
  So I'm not sure what is making portal to redirecting the link to (http://HOST:PORT/irj/portal?j_user=XYZ_USER&j_password=XYZ_PASS&submit_logon=true) when they enter generated link (http://Host:Port/irj/servlet/prt/portal/prtrootxapps.analytics.ds_par.inbounds?guid=CC1E61FF_7B3F_45CB_A3BE_B00F6BD487B7&objType=REPO&objId=0DA4575B_3C28_E6D8_66C5_04008115C625) and why is it showing user/pass and from where is it picking user & password.
  I kindly request all experts to please help me in this. I want to hide users/pass and make sure the link works fine without getting redirected it.
  Your help is much appreciated
  Thanks in Advance!!
  Afi

  Hi Sinivasan,
  I thought about it but I do not see User Mapping Field stating anything. It's empty.
  Here is how it looks like:
  Authentication Ticket Type : SAP Assertion Ticket
  Logon Method : SAPLOGONTICKET
  User Mapping Fields : <empty>
  User Mapping Type : admin,user
  So.. I really don't know why and from where is it picking up user/pass to URL. We are not even using Anonymous Login. Any other thing you could think of the possibility?
  Thanks
  Afi

• How to hide the parameters in the url

  Hi,
  Can anyone help me to hide the parameters being passed in the url. For example, when a link is clicked i want to pass few parameters to it, but i dont want to display those parameters in the url. Can anyone help me figure out how can i achieve this?
  Thanks
  ri

  In your CO's processFormRequest, do pageContext.putTransactionValue(name, value). You can retrieve the value using pageContext.getTransactionValue(name). Please use your own judgement to use Transaction or Session as the place holder as per your requirement. In most cases, transaction would do but if you want the values to be retained across transactions, use Session. Also, make sure to clear those values when you are done with the values so that this does not get retained across session/transaction.
  Incase, you want the values only for the next submit and not for the transaction, you can use pageContext.putParamater() and pageContext.getParameter() which has a very short life cycle.
  Regards,
  Guru.

• How to encrypt Password while calling Portal URL from Abap

  Hi all,
  My requirement is to call portal from R/3 4.6C.  As part of it I'm calling Portal URL along with user id & Password by using the FM CALL_BROWSER. The problem here is User ID & Password are visible everyone in the URL.
  Is there any way that I can encrypt sothat it doesn't become a security issue?
  I really appreaciate for your help.
  Thanks
  Seshu

  can you please mention the abap code  by which you are sending the username and password to a portal via url.....
  are you able to log on to the portal...please share your code ......
  Edited by: Ashutosh Shukla on Apr 18, 2008 9:17 AM

• How to access GET-parameters in portal url

  Is it possible to access GET-parameters in a bsp application in an iview in the enterprise portal, and if so, how do I do it?
  If you look at the url of this post (/message/1514719#1514719 [original link is broken])
  I would like to have the value of "forumID" in the bsp application in the iview with shortlink "thread".

  Raja,
  your solution is what I was initially looking for, so thank you.
  Can you also supply a link to the article you refer to?  I can't find it:-)
  But while looking for this I found something even better, a way to pass parameters to an iview without having to define them in the iview ApplicationParameter-property.
  Apparently the trick is to add the parameter "DynamicParameter" to the url, that translates to different parameters in your bsp application(iview).
  So if you want your bsp application to have the parameters "roomid=555&date=01.01.2007" your url should be
  http://bla/irj/portal/rooms?DynamicParameter=roomid%3D555%26date%3d01.01.2007
  where %3D is the ascii representation of "=" and %26 is the ascii representation of &.
  I found this here : /message/529588#529588 [original link is broken] , but in this thread they say to separate the parameters by a ";", whereas for me it only works when i use %26 (&).
  Message was edited by: Dries Horions

• How to hide ?config= in webforms url

  I have forms 11.1.1.2 with weblogic 10.3.5 and ohs
  I have several forms configurations like
  http://domainname:port/forms/frmservlet?config=A
  http://domainname:port/forms/frmservlet?config=B
  I want to hide the real URL, with configuration of virtual hosts I move to:
  http://Adomainname:Aport/forms/frmservlet?config=A
  http://Bdomainname:Bport/forms/frmservlet?config=B
  and with a location in mod_wls_ohs I can move to:
  http://Adomainname:Aport/myform?config=A
  http://Bdomainname:Bport/myform?config=B
  but I want to look the URL like:
  http://Adomainname:Aport/Aform
  http://Bdomainname:Bport/Bform
  Thank you for any idea.

  Well, I guess the better question is why are you trying to hide the information? If it is for security reasons, hiding the address shown in the url isn't going to offer much protection from someone who knows what they are looking at. If you just want it to look prettier, it may be possible to use mod_rewrite. This option may be a little more complex to get right because if done incorrectly, the form may not work properly. However, refer to the Apache documentation for information on how to use mod_rewrite. THIS WILL ONLY WORK IF YOU USE OHS IN FRONT OF WLS. Google or whatever your favorite search engine is will also a good source for information.
  Another way, which might also have issues depending on browser settings and restrictions would be to use an iFrame (inline-frame). This is likely the easiest way, but in order to accomplish this, the form likely would need to be launched from another web page for example from a link on a page. Another option would be to have the user call your new custom url which could point to a special page configured to show the form in the iframe.
  Again, google is a good place to start:
  http://www.google.com/search?q=iframe+hide+url
  Your last option (that I could come up with) would be to call Forms using a static html page rather than using the servlet's html generator. Basically you would create two static html pages and each would have the unique settings you wanted. For example, Aform.htm and Bform.htm (you can name them any way you like). Then the user would actually call something like this:
  http://Adomainname:Aport/Aform.htm
  http://Bdomainname:Bport/Bform.htm

• How to Hide User Menu at the Bottom of the Screen

  Hi, all:
  I am new to apex, currently using 3.2.1.
  I have created a simple interactive report, the screen shows report data correctly AND
  a user menu at the bottom. the user menu content is:
  user name
  Home Application 101 Edit Page 1 Create Session Activity Debug Show Edit Links
  how do I hide this menu when end user access the app?
  Thanks,
  John

  Hi,
  That "menu" is called developer toolbar.
  It is visible only when you have login to APEX builder and run your app.
  So it will not be visible for end users.
  Regards,
  Jari
  My Blog: http://dbswh.webhop.net/htmldb/f?p=BLOG:HOME:0
  Twitter: http://www.twitter.com/jariolai

• How to hide user id and password in java

  Hi, I have a j2ee application and somehow they need to know the weblogic system id and password in order for their application to work. We are the administrators and we normally do not tell this id and password.
  Now, how can i suggest my application people to use an envrypted id and pass ....i do not know if boot.properties file could be used ?
  this is the id and pass to logim to the weblogic console.
  any suggestions please ?

  With a good enough hash function, hashes are effectively unique.
  Say I have a good hash function, H.
  Say I have a user, Bob. His password is "bobrocks".
  H("bobrocks") = 1B // in hex; really small hash, but this is an example.
  So I store in my database (bob : 1B)
  Bob wants to login. He types in his password, which I then hash. I compare this hash to the stored hash. They match, and Bob logs in. If you typed in "balogna", the hashes wouldn't match, and you would not log in.
  Note that the password database stores 1B - from this hash, you can't tell what the password is. You can, however, tell if someone types in a password that matches it.
  That's the simple version. I suggest you read some books, do some research, and ask some questions on the Cryptography forum to understand the whole thing.
  ~Cheers

• How to hide user id and password for auto login in Analyzer 6.5?

  Could anyone tell me is it possible to hide the user id and password for auto login in Analyzer version 6.5 and how?Thanks in advance...

  Sainath,
  Referring admin guide as mentioned by Craig is good option.
  Let me give you few steps that I did in one of my projects.
  Open command prompt and navigate to the path "C:\Oracle\Middleware\EPMSystem11R1\products\DataRelationshipManagement\client\batch-client".. here you can see many see other utilities as well.
  drm-batch-client-credentials.exe is the one used to encrypt the userid and password.
  open this in command prompt and then choose the application to which you want to encrypt the password.
  then remove userid and password from batch script then run it... it does what you want

• How to hide users' (and roles and organization) list from a user in OIM

  Hi,
  Admin (xelsysadm) has created a user in OIM. Now if that user is logged in to OIM Self Service (http://<url>/identity), he can see other user in his organization, along with list of roles, role categories, organizations etc. I have requirement to hide all the administration links from end user. Right now, he only has "All Users" role, and doesn't have any admin role, but can see all these administration links. What do I need to do to hide these links from end user? Do need to remove "All Users" role, or assign any other role, or do something in entitlement or in access policy ??
  Thanks.

  Thanks Karthik for you reply. It helped a lot.
  Steps, just for reference...
  1). Create SandBox
  2). Activate
  3). Customze and view by source
  4). Select your link which you want to hide
  5). Edit Visible properties and use #{oimcontext.currentUser.roles['SYSTEM ADMINISTRATORS'] != null}
  6). Save
  7). Publish
  8). Test
  Edited by: 966405 on Feb 20, 2013 3:50 PM

• How to create  user groups in portal

  Hi
  I am new to portal..can any one explain how to create a group and add the users to that group.
  Thanks
  Rahul

  Hi
  Go to  "user administration"-> Identitiy management place "Groups" in the Search Criteria then you will see the options for creating NEw Group
  at the time of Group creation there is a tab for Assigned users from there you can add users.
  Or you select the user name and click on modify and select Assigned groups and assign your group.
  Regards,
  Mahesh

• How to hide JSESSIONID in first-page Url?

  Hi!
  Is it possible to hide JSESSIONID in url of first accessed page in application?
  (In non-SSL config,copying this param allows any client to gain access to server session, which is previously authenticated, and thus avoid JAAS authentication. This is very unpleasant OC4J behavior. Other platforms are using "hidden" session identification mechanisms which are not much more intrusion-proof but are less obvious to end-users .)
  Kind regards for any tip,
  Pavle

  Hi Steve!
  Yes, you got it right.
  In the first page, if the page is not protected so
  the redirect to JAAS login is not performed,
  jsessionid is visible in url.
  The behavior is on JDev
  11g TP4 with both JSF and ADFc controllers. After
  first page, jsessionid is removed form url, so
  cookie-bases session is enabled.
  But, if jsessionid
  is provided in url for some other page, the session
  is identified by supplied jsessionid even cookie is
  different.
  I read somewhere that this is some "automatic"
  cookie-support detection by OC4J (which is checking
  if the url jsessionid is same as cookie – if not,
  then OC4J considers cookies are not supported on
  client browser). Is there any way to force OC4J to
  use only cookie-bases session identification?
  Regards,
  Pavlegday Pavle --
  I did some testing on this yesterday with a straight JSP/Servlet based, session enabled application and I observed this happening for the very, very first request of a brand new browser process. As soon as you go to the second page, the jsessionid is removed from the URL. Logging out of the application and logging back in, using the same browser process doesn't result in the jsessionid appearing again.
  On the automatic cookie detection -- yes the container can determine if cookies are supported. If they are not, then it will use the url + jsessionid approach IFF the application has used the response.encodeURL() method on any links it presents in the application. If the application has not used the encodeURL method, then it won't work correctly. We don't do any auto encoding of URLs -- the application has to do it, and then we'll use it if cookies are disabled.
  I tried it with Firefox, Opera and even Internet Exploder and the same behaviour occurs.
  I'll look into it some more and post a bug if one needs to be entered. If I do, I'll let you know the bug number so that if you need a patch, you can log a support tar and reference the bug.
  -steve-

• How Can Hide The File Name in URL Using Jsp

  I Want source code for Hiding The File name in url address using jsp.
  for example www.website/login.jsp is view but i want www.website/ only.

  Hi Praveen - how does that DEF would be determined?
  Have a look at the below blog for executing os commands
  SAP XI File Adapter OS Command Line Feature - Process Integration - SCN Wiki
  XI/PI: Command line sample functions
  Is there any problem in using the dynamic file name configuration??
  Message was edited by: Hareesh Gampa

• How to hide user id and password in batch scripts

  Hi,
  Can some one help me to hide the user id and password in batch scripts that used to automate Export and Action script execution process.
  Context : In my project client doesn't want display user id and password hence they are looking for secured way to hide them.
  Thanks for your answer in advance.
  Regards,
  Sainath.

  Sainath,
  Referring admin guide as mentioned by Craig is good option.
  Let me give you few steps that I did in one of my projects.
  Open command prompt and navigate to the path "C:\Oracle\Middleware\EPMSystem11R1\products\DataRelationshipManagement\client\batch-client".. here you can see many see other utilities as well.
  drm-batch-client-credentials.exe is the one used to encrypt the userid and password.
  open this in command prompt and then choose the application to which you want to encrypt the password.
  then remove userid and password from batch script then run it... it does what you want

• How to maintain User Images in Portal

  Hi All,
  when clicking on a Member of a Collaboration Room, User Information of this Member is shown including an image of the user.
  I would like to know where I can maintain these images. That is to know, where to upload images for a Portal User.
  Thanks, Johannes

  Hi Johannes,
  Please read through this document for uploading and cropping images in Portal Collaboration feature.
  [Uploading and Cropping images|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/10ab79a4-1fc2-2b10-29bb-ef9ff6771e72?QuickLink=index&overridelayout=true]
  Also read through : [Maintaining images in Collaboration|http://help.sap.com/saphelp_nw2004s/helpdata/en/09/d7fe40be6eef23e10000000a155106/frameset.htm]
  Hope this helps.
  Regards,
  Shailesh
  Edited by: Shailesh Kumar Nagar on Feb 23, 2010 1:51 PM