How to install for Single Sign-on?

Similar Messages

• How to implement a single sign on  feature using java.

  Hi,
  I have a question like , How to implement **single sign on** feature in java without using any third party framework or tool like LDAP or any other which is available in the market.
  Actually the situation is i have all security information into the table and those information is used for single sign on . If a user logged in from a jsp loging page all the security role should be assigned to that particular user.
  We can do this using LDAP but i am not supposed to use the LDAP or any third party tool . I have to write a java class for that .
  please suggest me the method , how to implement this in a web application.
  Edited by: Rakesh_Singh on Mar 19, 2008 11:55 AM

  you could setup a token that specifies a user is authenticated. other applications that u want SSO can check for existance of this token
  if it is HTTP - you can save the token as a cookie and downstream apps look for this token
  yr code needs to validate that the token/cookie was indeed a valid one and not subject to man-in-the middle attack.

• Setting up BusinessObjects Enterprise 3.1 for Single Sign On with Xcelsius

  Hi all
  Does anyone have any documentation and/or whitepapers that documents the setting up BusinessObjects Enterprise 3.1 for Single Sign On with Xcelsius Dashboards (xcelsius accessing BusinessObjects universe data through QAAWS and Live Office..
  Thank you for your help.
  Kind regards,
  Dean

  Based on the replies in this thread I'm guessing that there is someone out there that has gotten SSO to work with Xcelsius? If so could you please post the details of how that was achieved?
  When we purchased Xcelsius we were under the impression that it supported SSO but have never been able to get it to work and finally had SAP tell us that Xcelsius did not support SSO.
  Our understanding is that in order to bypass a login for Xcelsius you have to use QaaWS as the datasource and hardcode an enterprise id and password.
  LiveOffice supports SSO but not when it's used as a datasource within Xcelsius.

• How to enable a partner application for Single Sign-On?

  Can someone please advise me on how to enable my existing J2EE web application for the Oracle Single Sign-On?
  My requirement is i want to provide the single sign-on authentication service to my J2EE web application. For this, I would like to make my application as a partner application similar like the OracleAS Portal.
  I am using Oracle 10g ( OralceAS, Oracle Infra, OID ...)
  I found the following service/APIs which Oracle provides. I am not sure which one is suitable for me.
  1. mod_osso ( Static)
  --- In this case, I have to make a entry in mod_osso.config file to protect the URL. should I have to register the URL again through single sign on admin page ("Administer Partner Application") after make a entry in config file?
  2. mod_osso ( Dynamic directive)
  -- in this case, I have to modify the code by providing the directives like 401, 499.. etc. So i don't prefer this as i don't want to touch my app.
  --If I go with this option, should i have to register the URL with Single sign on server through SSO admin page ( as mentioned in the above step#1) ?
  3. SSO SDK
  - Since it was deprecated and need java coding, i am prefer this option.
  -- however, if i go with this option, i will develop code by using SDK. in this case i need to register the URL in SSO server through admin page.. am i right?
  Note:- OSSO server integrated with Active Directory for the authentication.
  Thanks,
  -Senthil

  sharon38_74 wrote:
  they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
  My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?Your application need to act like a proxy. You can invoke a HTTP request programmatically using java.net.URLConnection. You can set request headers using URLConnection#setRequestProperty(). Also see the API docs: [http://java.sun.com/javase/6/docs/api/java/net/URLConnection.html]. You only need to know the header field name where to set the Base64-encoded value in. You need to Base64-encode the value yourself.

• How to set custom HTTP header for single sign on

  Currently we just begin to use an application called "etran". This application requires user name and password to login. Now, my assignment is to integrate etran application in our internal application. This means that somewhere in our internal application, there is a link leads to the etran application.
  It is going to be single sign on, that means that once user logs into our internal application, when he/she clicks on the etran link, no sign on to etran is needed.
  I consult with the technical people in etran. they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
  My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?
  Thanks in advance for your help.

  sharon38_74 wrote:
  they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
  My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?Your application need to act like a proxy. You can invoke a HTTP request programmatically using java.net.URLConnection. You can set request headers using URLConnection#setRequestProperty(). Also see the API docs: [http://java.sun.com/javase/6/docs/api/java/net/URLConnection.html]. You only need to know the header field name where to set the Base64-encoded value in. You need to Base64-encode the value yourself.

• Proper security structure for Single Sign on Server

  We are all used to how we design security structure for vCenter Server if you have had an existing VMware environment prior to 5.1.  Who should have administrative privileges in vCenter Server, what roles, permissions, and so on should be assigned to what users and groups - these questions have already been addressed in our current configuration.
  Now Single Sign on introduces a significant new point of consideration for determining issues of access and authentication.
  I'd like to get some ideas on how this should be handled.  For example, should previous VMware administrators by definition become Single Sign on Administrators? Should the administrators of the Active Directory domain now start to get involved with the Single Sign on Server?
  For example, Single Sign on now forces VMware administrators to configure things like:
  -Password Complexity Policy for SSO
  -Password Expiration for SSO
  -Lockout Policy
  We already probably have these things tightly controlled in AD and locked down with group policy, but you can't apply group policy directly to an SSO server and make it receive a GPO from Active Directory.  (You can make the Windows OS that SSO is running on have a GPO applied, but it won't configure SSO itself, just the OS).
  VMware admins are looking at a new set of questions relating to authentication and authorization.  Someone has to have written something or will be writing something to help us get the big picture of what is changing with SSO if anything and how we need to look at SSO from a security design and best practices.
  Should we just make existing vCenter Server admins SSO admins or do we need to take a step back and reconsider?

  Hello,
  Actually, yes. SSO is fairly robust in 5.5. It has a few limitations around email of expired passwords, but that is mainly because some people do not use them. I use SSO to provide the usernames and passwords for all my VMware vCenter and related product service accounts. I.e. an account for vdp, Horizon, vCops, Log Insight, etc.  This is more about keeping systems segregated once more with no real need for AD for services. But AD via SSO is used by users.
  Read the documentation, and determine how SSO fits into your current password policy and take a long hard look at your virtualization management environment. Is there a 1 service account per service talking directly to vCenter? If not, SSO can help you implement that. The key is to match its functionality to your security policy.
  Best regards,
  Edward L. Haletky
  VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014
  Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
  Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

• How to install a single 2Gb FC adapter with Solaris 10 SPARC ?.

  Hi All,
  I have the Sun Box runing Solaris 10 SPARC, i tried to install PCI single 2Gb FC adapter on this Server in order to connect to Sun Storage FC. At Ok prompt, i tried to run show-devs and looked the path /pci@1e,600000/SUNW,qlc@2 and supposed that physical installation for this adapter is ok.
  But i don't know whether Solaris 10 SPARC included the required drivers for this adapter already or not. Pls show me how to get correct drivers for this adapter and how to test to look if it's working properly under Solaris 10 SPARC ?.
  Thanks
  Scott

  Yes, it's part#X6767A supported for entry SPARC Sun Fire server Line.
  I tried to seach drivers via qlogic.com and it leads me to the sunsolve.com for the download but the download is required to login with a service plan from Sun. So sun wanted to charge for these patches/drivers.
  Do you know which site/link is free for Sun drivers in gerneral ?.
  Thanks
  Scott

• When we need to go for single sign-on in SAP-XI

  hi,
     When exactly we need single sign-on, and if we do not implement single sign-on in XI , do we get any problems during implementing the project.
  Regards
  siva

  Siva,
  SSO is used to avoid signing on using password each time into ur IR /ID RWB or Appln. system. See each and everytime when u log in to these systems u need to give user name and pwd, but if  enabled SSO then it won't prompt for u the password. Once u enter the username it will log u in.
  No, you won't get any problem in XI , if u haven't enabled SSO in XI. Its the additional feature so that it will not affect ur implementation.
  -raj.

• How to update for single batch id in one a table by using mutiple parametrs

  Hi Everyone,
  I need simple pl/sql logic to update one table using with some parametrs.I need a logic for single batch_id there will be 100 of records are there .how do i update my custom table ? how do i show how many records have been updated for each batch ? how to handle excpetions while updating ?Som body could help me it will be great.
  -- Sample Code
  PROCEDURE UPDATE_table (P_IN_BATCH_ID IN Number,
  P_IN_TRANS_ID IN number,
  P_IN_TRANS_STATUS IN varchar2,
  P_IN_ERROR_MSSG IN varchar2
                                               ) is
  cursor
  select*from xx_cust_table
  BEGIN
  UPDATE xx_cust_table
  SET TRANSMISSION_ID=P_IN_TRANS_ID
  TRANSMISSION_MSG=P_IN_TRANS_STATUS     
  PROCESSED_FLAG=P_IN_ERROR_MSSG
  where BATCH_ID=P_IN_BATCH_ID
  END UPDATE_table;

  PROCEDURE UPDATE_table (P_IN_BATCH_ID IN Number,
  P_IN_TRANS_ID IN number,
  P_IN_TRANS_STATUS IN varchar2,
  P_IN_ERROR_MSSG IN varchar2
  ) IS
  BEGIN
  UPDATE xx_cust_table
         SET TRANSMISSION_ID=P_IN_TRANS_ID
                TRANSMISSION_MSG=P_IN_TRANS_STATUS
                 PROCESSED_FLAG=P_IN_ERROR_MSSG
    WHERE BATCH_ID=P_IN_BATCH_ID;
  DBMS_OUTPUT.PUT_LINE(SQL%ROWCOUNT||' rows updated!');
  --EXCEPTION
  --  WHEN DUP_VAL_ON_INDEX THEN
  --    DBMS_OUTPUT.PUT_LINE('Duplicate value');
  --  WHEN OTHERS THEN
  --   <display sqlcode and sqlerrm>
  END UPDATE_table;

• Flash File for Single Sign On

  Hi,
  [disclaimer]
  I usually post in the ColdFusion forum so I am sorry if this
  topic should be moved into a different Flash section.
  [preface]
  I am trying to implement a single sign on solution between
  several sites that are located both within the same network and on
  external hosting services. I've tried several things with
  <iframe> and <img> tags to get a logged in environment
  established on each server - to no avail.
  [quesion]
  Can SWF file be programmed to access a ColdFusion, ASP, or
  php page via aboslute path that would at minimum set a cookie on
  the computer for each of those sites?
  [example]
  I have one HTML page that has 5 <iframe> tags - each of
  a partner site. The URLs called in the <iframe> do nothing
  more than set a cookie of the UUID. I'd like a flash file that does
  the same - eliminating frames.
  Thnks in advance. Please let me know if more details are
  needed. Please do not offer alternatives - the situation is
  uniquely complex and I'd rather not go through all the why's and
  why nots - that's been the last 6 months of my life. I really just
  need to know if I can create a cookie from flash for multiple sites
  without having the browser physcially having to go there.

  Hi Kalyan,
  Did you use SAML method for SSO??
  Thanks
  Santhosh

• How to By pass single sign-on

  Hi,
  I am working in Erecruitment. When I am trying to acces the BSP page, the following error came.
  [<b>b]Logon Error
  Logon requires activated Single Sign-On on this server. This is not the case. Contact your system administrator
  </b> 1. Is there anyway we can by pass this error.</b>
  Thanks
  Uday

  Check the BSP application <b>sytem</b> and page <b>sso2test.htm</b> to check out whether SSO is enabled.
  Follow this steps if SSO is not enabled in your BSP system to configure SSO:
  1.Run RZ10 transaction.
  2.Add the following parameters:
  login/accept_sso2_ticket 1
  login/create_sso2_ticket 1
  login/ticket_expiration_time Default = 60 hours
  3.Then Restart your server.
  Then in the transaction SSO2 check whether logon tickets are accepeted..
  You can run sso2test.htm in your system BSP application whether SSO2 is enabled or not.
  Refer to SAP help documentation for more info.
  Hope this helps!
  Regards,
  Ravikiran.

• Using API's for Single Sign On

  Hi,
  we are trying to develop the Single sign on feature for our site.We have used the API's WWSEC_API for this.It creates a portal user with add_portal_user method in the table WWSEC_PERSON$ fine! but with the same user name and password we are unable to login.
  Any help??
  null

  when i use the following code to create a new user:
  declare
  v_user portal30_sso.sso_user_type;
  begin
  portal30_sso.wwsso_ls_private.get_default_user_config (v_user );
  v_user.ssousername := 'NEWUSER';
  v_user.hashed_password := 'secret';
  v_user.ssorole := 'USER'; -- ordinary user. Use 'FULL' for an admin.
  portal30_sso.wwsso_ls_private.ls_create_user
  p_newuser => v_user,
  p_err => v_err
  end;
  i get the following error:
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at "PORTAL30_SSO.WWPRO_API_NODE_REGISTRY", line 231
  ORA-01403: no data found
  ORA-06512: at "PORTAL30_SSO.WWCTX_SSO", line 501
  ORA-06512: at "PORTAL30_SSO.WWCTX_SSO", line 514
  ORA-06512: at "PORTAL30_SSO.WWCTX_API", line 56
  ORA-06512: at "PORTAL30_SSO.WWSEC_PERS_BRI_TRG", line 15
  ORA-04088: error during execution of trigger 'PORTAL30_SSO.WWSEC_PERS_BRI_TRG'
  ORA-06512: at "PORTAL30_SSO.WWSSO_LS_PRIVATE", line 2168
  ORA-06512: at "ATS.CREATE_USER", line 128
  ORA-06512: at line 8
  DAD name: portal30
  PROCEDURE : ats.create_user.self_register
  URL : http://mycnn4.us.oracle.com:80/pls/portal30/ats.create_user.self_register
  PARAMETERS :
  ============
  p_username:
  tom
  p_password:
  tom
  p_password_confirm:
  tom
  p_email:
  tom
  has anyone had this problem?
  thanks,
  anu
  null

• How to use the single sign-on cookie

  I have a web dynpro application that's triggered by a button press in the gui. It was set up to use the 'WDY_EXECUTE_IN_PLACE' function module. However, I recently attended a Web Dynpro course and was told that's not the correct way to do it - I should be just calling the url and passing any parameters in the url string. I set about changing this today and I'm now using cl_gui_frontend_services=>execute to execute the url but now I'm being asked to log on to access the application - previously I didn't have to do this.
  I'm told this is something to do with the single sign-on cookie MYSAPSS02. According to our basis team this is already set but it looks like I need to do something extra - like retrieve it and/or send it to the application somehow. I've had a search around the forum but haven't come up with the answer yet. Can someone point me in the right direction please ?
  thanks,
  Malcolm.

  If you use cl_gui_frontend_services=>execute  you won't get single sign on.  Instead use CL_GUI_HTML_VIEWER. This class has the special logic to generate the SSO ticket (method ENABLE_SSO).  You can place the control in a dummy container object (not actually on the screen) and then use the DETACH_URL_IN_BROWSER method to launch the browser separately from the SAPGUI.

• How to install a self-signed Digital certificate in messenger express

  I have Java Enterprise System 2003 and I can not buy a commercial certificate so I generated a certificate with keygentool from java but I don't know how to install this certificate in the messenger express http server. Could you tell me what config file do I have to change and where to put the certificate?
  I can't find documentation about this.

  http://docs.sun.com/source/817-6266/security.html#wp13035

• How to install for free Microsoft Office on macbook air when already installed it on iMac ?

  I installed on my iMac at home Microsoft-Word for Mac (v. 14.3.6) and would like to also install it for free on my matchbook air. How do I do ? I also subscribed yesterday to Microsoft 365 subscription to use the new Office for iPad; will this help ?

  Since you subscribed to Office365 just log into your account at Microsoft and in the upper right hand corner select My Account. There you'll be able to download Office for your computer. You'll also want to go to Apple's App Store and download the OneDrive app to sync your documents to OneDrive so you can view/edit them on your iPad and keep your two computers synced.