How to implement Single-Sign-On?

Hello,
Whenever a user is opening the portal main page he needs to authenticate with UserName and Password in order to login. I would like to prevent this, meaning, if the user authenticated once, he will not have to do it again, say tomorrow (Like "Remember Me" Option). How do I do that?

Roy,
this can be realized by setting up an additional MS IIS webserver running SAP's free IISProxy in front of the portal server. IIS can be set up to speak so-called "windows integrated authentication" (also known as NTLM resp. Kerberos) and to forward the user ID to EP. Detailed information on this can be found in SAP's NetWeaver security guide available at http://service.sap.com/securityguide.
This has also been a topic of interest various times here at SDN, a search on IISproxy in the forums will give you some helpful results.
Regards,
Dominik
...and
if(helpful) {
  points++;

Similar Messages

  • How to implement single sign-on using java?

    I need your help regarding the following task, please go through it and tell me if you have a solution to it.
    DSOWeb is a portal which has links to all the reports generated from Microstrategy8.0.1 (MSTR) [it is another tool which generates the BI Reports] and my requirement is like when a report link in DSOWeb is clicked it goes to MSTR and shows a report of MSTR but the user is unaware of all this that the system is entering into some other portal and giving that report to him.
    1. User logs into DSOWeb (Implemented using Struts framework) - He is automatically logged into MSTR (Java Spring Architecture) as well.
    How to get the session Id of MSTR from DSOWeb and maintain that session within the DSOWeb???
    2.User clicks on a report link - He either uses the session created above or a new session is created for him, if the old one no longer exists.
    3.When User clicks Logout in DSOWeb the system should also internally invalidate the MSTR Session and logout from MSTR .
    Note : Here DSOWeb and MSTR applications are running in different Servers.

    Hello Meghal,
    It is possible to implement social login via Facebook for SAP Enterprise Portal 7.3 by simply using the SAP Cloud Identity offering.
    More details about SAP Cloud Identity you will be able to find here:
    SAP Cloud Identity Solution Brief:  Simplify and Secure Cloud Access to Critical Business Data
    SAP Cloud Identity features - latest release: http://scn.sap.com/community/security/blog/2014/12/18/new-capabilities-with-the-latest-release-of-the-sap-cloud-identity
    Please, find also the documentation about social login implementation:
    Enable or Disable Social Sign-On for an Application
    Best regards,
    Donka Dimitrova

  • Implementing single sign on across multiple web apps

    Hi
    I was wondering if somebody could help me. I need to implement single sign on
    for multiple web apps deployed in separate WARs in a single EAR file. I need
    to authenticate against an LDAP server and ensure that the user only has to sign
    on once per user session even if the user navigates between web apps. The weblogic
    docs only seem to go so far, i.e. "Single sign on works if each web app uses the
    same cookie" etc. So I see that, apart from buying WebLogic Enterprise Security
    there are only two ways of doing this:
    1. Implement single sign on.
    2. Create my own security realm with my own authenticator implementations.
    So my questions are:
    1. We don't want to effect the normal weblogic user/passwords used to access the
    WLS console but need to have single sign on. Should we implement single sign on
    (option 1,above) or create our own realm?
    2. Can somebody point me to somewhere on the web/in the the WLS documentation
    that shows me how to implement single sign on using session cookies?
    TIA
    Mik

    "Mik Quinlan" <[email protected]> wrote in message
    news:[email protected]..
    >
    Hi
    I was wondering if somebody could help me. I need to implement singlesign on
    for multiple web apps deployed in separate WARs in a single EAR file. Ineed
    to authenticate against an LDAP server and ensure that the user only hasto sign
    on once per user session even if the user navigates between web apps. Theweblogic
    docs only seem to go so far, i.e. "Single sign on works if each web appuses the
    same cookie" etc. So I see that, apart from buying WebLogic EnterpriseSecurity
    there are only two ways of doing this:
    1. Implement single sign on.
    2. Create my own security realm with my own authenticator implementations.
    So my questions are:
    1. We don't want to effect the normal weblogic user/passwords used toaccess the
    WLS console but need to have single sign on. Should we implement singlesign on
    (option 1,above) or create our own realm?
    2. Can somebody point me to somewhere on the web/in the the WLSdocumentation
    that shows me how to implement single sign on using session cookies?
    http://e-docs.bea.com/wls/docs81/security/thin_client.html#1039551
    That also has a pointer to:
    For more information, see session-descriptor in Assembling and Configuring
    Web Applications.

  • " Path not found() "error when implementing single sign on

    Hi,
    We are implementing single sign on so that when users click on the "Reports Login" he is navigated to the obiee presentation services screen. For the reports login we have a .asp page which directs to the presentation services.
    I have done the necessary changes in the instanceconfig and credentialstore xml files.
    I have been receiving a strange error when I click on the reports login. I get the error
    Path not found ()
    Error Details
    Error Codes: U9KP7Q94
    I have checked the presentation server log file and I see the below error
    Type: Error
    Severity: 45
    Time: Tue Mar 09 09:18:44 2010
    File: project/websubsystems/ssportal.cpp Line: 1907
    Properties: ThreadID-2672;HttpCommand-Dashboard;Proxy-;RemoteIP-127.0.0.1;User-;Impersonator-
    Location:
         saw.subsystem.portal
         saw.httpserver.request
         saw.rpc.server.responder
         saw.rpc.server
         saw.rpc.server.handleConnection
         saw.rpc.server.dispatch
         saw.threadPool
         saw.threads
    Path not found ()
    Can anyone provide me an input how to resolve this issue?
    This is bit urgent for me.
    Thanks

    Hi,
    Please ensure that the navigational attribute is checked at the attribute level and also at the Infocube level and also check that correct mapping of this navigational attribute is done at the Multiprovider level.
    Thanks,
    Venkat

  • Sourcing 7.0: Email Link in Mail templates when implementing Single Sign on

    Hello,
    We are implementing Sourcing 7.0 SP02 On premise.
    We are in the processing of setting up the single sign on with Enterprise Portal.
    In E-Sourcing 5.1 - when we implement single sign on with portal - the mail links in the mail templates have to be replaced with the portal URL and also - in order to redirect the user from portal login to the correct object in E-Sourcing (contract/MA/RFX) - we had implemented a custom portal solution (par file) to redirect the user.
    So when the user clicks on the link in the mail - it will take the user to Enterprise portal login. Once the login is done - user will be redirected to the E-Sourcing object like RFX/MA which the token %DOCUMENT_URL% contains.
    I wanted to check if there is any standard solution to this issue in Sourcing 7.0 on p

    Hi Vikram, Thanks a lot for your reply. I got a release note 1485253 that explains that this is resolved. Please find the text below
    2011/0000612672
    In user emails, %DOCUMENT_URL% token is used to generate the document
    specific URL. This URL takes the user directly to the document. However,
    when Sourcing is integrated with SAP Portal, using only this token will not
    take the user to the document. In order to fix this, ENCODE function has
    been introduced. Wrapping this around the URL, the URL can be encoded and
    used as a "forcedURL" in the portal link.
    Would you be able to explain to me how this can be achieved through configuration? I tried now with a portal user of Sourcing and the link was still showing up as the old link. Is this forcedURL generated using a system property?
    Regards,
    Srivatsan

  • How to use single sign on to authenticate

    How to use single sign on to use the MS-AD for authentication
    I have created an data source which points to the MS-AD and tested
    Next how do i add this to the policies.
    Thanks
    NS

    Hi,
    Please, specify the products and versions that you are using?
    thanks,
    Thiago Leoncio

  • How to use single sign-on  for BCC and Experience Manager

    Does anyone have experience in implementing single-sign-on for BCC and Endeca Experience manager for business users.

    With the older versions of Endeca commerce stack there is no OOTB support for this. However with Oracle Commerce 11, SSO with BCC and Experience Manager are out of the box. Oracle Commerce 11 is released today.

  • Implementing Single Sign-On support for the Oracle E-Business suite

    Implement Single Sign-On support for the Oracle E-Business suite
    I want implement Single Sign-On support for the Oracle E-Business suite.
    Operationg System : linux/Solaris
    Oracle E-Business suite : 11.5.10
    Oracle Application Server : 10gAS(latest availble)
    Type of integration : SSO and OID with 11i
    No third party SSO or LDAP
    Qusetions
    1.If my SSO Server is down can i login to applications(11i) using normal mode(default login http://servername.xxxx.com:8000/).
    2. Is it possible to have appilications (11i) in Linux/Solaris and 10gAS in windows.
    Please answer...
    NOTE:
    I am following Oracle METALINK Doc.Id 233436.1 and 261914.1.
    Thank you.
    MARK

    You couldn't login into server But You can use the following login
    http://servername.xxxx.com:8000/AppsLocalLogin.jsp
    For this you need to enable the Appslocallogin Profile option

  • How to integrate Single Sign-On and JSF?

    Hi all,
    We are going to develop a web application using Oracle technologies, including ADF and JSF.
    But we´ll need to secure our website using Oracle Identity Manager (Single Sign-On). I am having difficulties to find any resource explaining how to do that.
    Also, the IM (SSO) will run on a Oracle AS instance and our web app (ADF+JSF) will run on a separete OC4J instance, due to ADF version. Is this a problem?
    Thanks

    We too are in the process of implementing iStore with SSO features.
    And if you believe me it seems to me as nightmare.
    In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
    [email protected]
    regards and thanks in advance
    Vikas Deep

  • How to integrate single sign on with third party system

    we are in the process of implementing istore application. we already have home grown isupport application to contact support personnal for any issues. Now we are wondering how do we integrate oracle applications single sign on with our third pary system. Is there any recommendation provided by oracle to achieve the same.

    We too are in the process of implementing iStore with SSO features.
    And if you believe me it seems to me as nightmare.
    In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
    [email protected]
    regards and thanks in advance
    Vikas Deep

  • Implementing Single Sign-On in J2SE Application

    I am developing a application which is going to do some Single Sign-On authentication.
    For those who do not know what Single Sign-On is: For user who have multiple usernames and password for different web site, Single Sign-On offers them a way to authenticate to these different site without the need to remember all those passwords. It takes over the authentication process, and authenticates to these web sites for the user. The usernames and passwords are stored in a database.
    I am going to develop such a program in Java. This program is going to fetch the web site which contains the login form. Find out what to send to the web server. Send the username and password stored for that web site and in return if authentication goes through the web site will send the web page to the Java program which when receive it will open it in a web browser.
    Does anyone have any idea how I can implement this Single Sign-On feature? I know there exist several applications for windows which offers such Single Sign-On and which works with Internet Explorer. So somehow I should be able to make such a feature for a Java application.

    Thanks for the reply
    Should I read the following from the document you sent in Section 4.5? I just wanna confirm..
    4.5 Configuring Custom SSO Environments
    For information about configuring Oracle Business Intelligence to participate in custom SSO environments (for example, setting up SSO using Active Directory or SiteMinder), see articles 1287479.1 and 1274953.1 on My Oracle Support at:
    https://support.oracle.com

  • How to use Single sign On in CRM2007 ?

    Dear All,
    I have created a launch transaction for launching ransactions from R3 (using BOR).
    Now, the problem is when I click on the link in WebUI it gives me a popup for entering R3 User Id and only then it allows navigation to R3 transaction.
    How do I remove this popup ? I want that since user has already eneterd password for WebUI it should further not prompt him/her for the password. How to achieve this ?
    Can we use Single Sign on ? How ?
    Regards,
    Ashish

    Hi Stephen,
    I have done the settings as per the OSS notes. But, I am getting the following error while navigating to R3 from CRM (BOR Launch transaction):-
    - SSO logon not possible; browser logon ticket cannot be accepted
    - Choose "Logon" to continue A dialog box appears in which you can enter your user and password
    - No switch to HTTPS occurred, so it is not secure to send a password
    Also, after this I get the popup where I have to enter R3 User Id and Password and then it continues.
    But, the whole purpose was to remove this intermediate popup.
    What settings are missing / going wrong ?
    Regards,
    Ashish

  • How to impleament Single Sign On on local installation Server

    Hi, we installed ERP.60(ABAP + Oracle) on Windows2003 by local installation.
    But we need Active Directory integration for SSO with Microsoft Kerberos SSP.
    Is it possible to implement SSO?
    If it is possible, Please tell me the step.
    Best Regards

    hi,Markus
    Thank you for your response.
    Our server is already a member server of the domain.
    I create a new domain user named "SAPService<SID>" and set parameter
    snc/identity/as = p:SAPService<SID>@<DOMAIN_NAME>.
    and set other snc parameters related single sign on.
    And I try to restart Central Instance, but Central Instance cannot be restarted.
    log file "dev_w0" wrote a part of snc
    N  SncInit(): Initializing Secure Network Communication (SNC)
    N        PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 16/64/64)
    N  SncInit():   found snc/data_protection/max=1, using 1 (Authentication Level)
    N  SncInit():   found snc/data_protection/min=1, using 1 (Authentication Level)
    N  SncInit():   found snc/data_protection/use=1, using 1 (Authentication Level)
    N  SncInit(): found  snc/gssapi_lib=C:\WINDOWS\system32\gx64krb5.dll
    N    File "C:\WINDOWS\system32\gx64krb5.dll" dynamically loaded as GSS-API v2 library.
    N    The internal Adapter for the loaded GSS-API mechanism identifies as:
    N    Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
    N  SncInit():   found snc/identity/as=p:SAPServiceSID@D_ERP
    N  *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1432]
    N        GSS-API(maj): No valid credentials provided (or available)
    N        GSS-API(min): No Kerberos SSPI credentials available for requested name
    N      Could't acquire ACCEPTING credentials for

    N      name="p:SAPServiceSID@D_ERP"
    M  *** ERROR => ErrISetSys: error info too large [err.c        944]
    M  Tue Oct 16 20:13:21 2007
    M  LOCATION    SAP-Server sv01_SID_30 on host sv01 (wp 0)
    M  ERROR       GSS-API(maj): No valid credentials provided (or available)
    M  GSS-API(min): No Kerberos SSPI credentials available for requested nam
    M  name="p:SAPServiceSID@D_ERP"
    M  TIME        Tue Oct 16 20:13:21 2007
    M  RELEASE     700
    M  COMPONENT   SNC (Secure Network Communication)
    M  VERSION     5
    M  RC          -4
    M  MODULE      sncxxall.c
    M  LINE        1432
    M  DETAIL      SncPAcquireCred
    M  SYSTEM CALL gss_acquire_cred
    M  ERRNO      
    M  ERRNO TEXT 
    M  DESCR MSG NO
    M  DESCR VARGS GSS-API(maj): No valid credentials provided (or available);;;;
    M  ;;;;GSS-API(min): No Kerberos SSPI credentials available for requested nam;;;;
    M  ;;;;name="p:SAPServiceSID@D_ERP"
    M  DETAIL MSG N
    It is thought that "snc/identity/as" parameter is  wrong .

  • How to Create Single Sign On for Yahoo

    hi,
    i know how to do SSO for SAP R/3 SYSTEM.
    i want to know how to connect yahoo system using SSO
    let me know procedure how to do that
    regards
    prakash

    Hi,
    Yahoo is already single sign on. You just login in home page and you can access your briefcase, photos, etc...
    you don't require to do anything special.
    If i didn't understand eloborate...
    --Ragu

  • Implement Single Sign-On

    Hi
    What is the best way of implementing a single sign on in a clustered web based client server solution.
    Thanks,
    AA

    I am looking for a seamless login to applications using windows credentials. So ESSO which is like a password vault is not a desired solution. ESSO saves the user id/ password to applications and retrieves them whenever the application needs login. The login information saved by ESSO Logon Manager is protected by windows login credentials.
    I have tried to implement Windows Native Authentication as described in http://www.oracle.com/technology/obe/obe_as_10g/im/wna/wna.htm
    It apparently requires the policy.properties to be modified to set MediumSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOKerbeAuth. But the current applications require that it be set to 'SSOOblixAuth', i.e
    MediumSecurity_AuthPlugin = SSOOblixAuth. Changing it to SSOKerbeAuth will break the applications on the server. Is there a work around?

Maybe you are looking for

  • Safari wont open at all

    I just updated my safari last night and ever since i did it wont work. if i click the exe to open it i get the hourglass telling me its loading but then it just stops and nothing happens not even an error message. I've tried restarting my computer se

  • CL_SALV_PRINT

    Hi, I have a report with CL_SALV_TABLE. This report displays data and some header. Problem is, when user removes some extra columns from ALV, ALV row has less then 80 characters to display/print. But still header remains the same, 120 characters long

  • Advantages/disadvantages,Capabilities,Failures of Types of mapping

    Dear all, Can you kindly explain me the Advantages/disadvantages,Capabilities,Failures of Types of mapping. what is the parser XSLT uses. what is differnece between sax/dom parsers. Thanks, Srinivasa

  • Faulting module cvirte.dll

    I have a vb.net desktop app which makes call to a dll developed in LabWindows/CVI.  I have version 9.0 cvi runtime engine installed.  The CVI dll is actually developed by another company I am working on this project with.  The crashing is not consist

  • Re Itunes will not open

    I double click on itunes to open it but i get the message; The itunes library.itl file is locked, on a locked disk, or you do not have write permission for this file. How do I correct this problem. It just started doing this one week ago.