Hyperion integration with Tivoli Access Manager

Similar Messages

• OBIEE Integration with Oracle Access Manager (OAM)

  Hi All,
  I am new to OBIEE and not familiar with Security part. We have one request from the client to have OBIEE Integration with Oracle Access Manager (OAM) through eternal identity management tool (OID/other LDAP).
  I tried google and found some information, but non of them has Step-by-Step process.
  Does anyone has document or know good portal which gives step by step information on how to Integrate OBIEE with OAM using external identity management tool?
  Appreciate if you share the information.

  Hi,
  You can use this note/doc attached in the note to configure:
  Oracle Access Manager (OAM) and Oracle Business Intelligence (OBI) Integration [ID 1217103.1]
  Regards,
  Jay

• Siebel Integration with SUN Access Manager

  Hi Guys,
  We are trying to integrate siebel with Sun access Manager.
  I have gone thro the sun site but unable to find any documentation and policy agent to download.
  Please guide me where can i find documenttaion and policy agent software download.
  Thanks
  Regards,
  Mohit

  There is no agent to integrate with Siebel directly. However it should be possible by using Sun web server or IIS agent. Here is an old document that may still apply.
  http://docs.sun.com/source/816-6901-10/Chapter.html#wp19548
  There was more detailed integration document on Siebel web site. But it has been removed after Oracle acquisition (http://www.siebel.com/partners/portal/docs/integrationbriefs/siebel77_sjsam_tib.pdf)
  thanks,
  shivaram

• RMAN integrated with Tivoli Storage Manager

  Environment
  ===========
  Two Node RAC Production DBs on 10.2.0.4
  Platform : Solaris
  RMAN is the only backup tool i've ever worked with. I've come across OTN articles which discuss TSM along with RMAN. Is there any advantage at all in using TSM with RMAN ? Or, Is it just marketing gimmick by IBM?

  Our strategy:
  1--Monday ------------------->Level 0 backup  (1:00am)
  2--Tuesday----->     Level1
  3--Wednesday----->     Level1
  4--Thursday------------------>Level 0 backup  (1:00am)
  5--Friday----->     Level1
  6--Saturday----->     Level1
  0--Sunday ----->     Level1Our RMAN backup pieces got to an NFS mount . Every monday morning the Level 0 backup is copied to Tape by Sysadmins and kept for 3 months. So, where does Tivoli storage manager come into picture ? Does TSM do copying the backup pieces from Disk to Tape part ?

• UCM Integration with Oracle Access Manager

  Hi,
  We have successfully integrated UCM with OAM for Single Sign On purpose. If we click the 'Login' link of UCM Home page, it will be redirected to OAM SSO page, asking for user credentials. The entered user credentials will get validated with OID.
  Also we have implemented LDAP configured with UCM.
  We are using search.wsdl througn webservice proxy (option in jdeveloper) for searching the documents in UCM. The problem arises when we add the UCM URL to OAM for SSO authenication, we are unable to do the search process through webservices.
  The below code is the code to set the authenication for search.wsdl.
  ( WEB PROXY URL : http://localhost/idc/idcplg -)
  SearchSoapClient searchItem     = null;
  IdcPropertyList extraProps      = null;
  String dDocType                 = null;
  AdvancedSearchResult        result;
  SearchResults[] src             = null;
  searchItem                      = new SearchSoapClient();
  searchItem.setUsername("sysadmin");
  searchItem.setPassword("idc");
  When i remove the UCM url from OAM (i.e) not enabling the SSO, the above code is working.
  I need to set the logged in USER value for this authenication. How to resolve this issue.
  Edited by: user1117227 on Apr 17, 2009 4:13 AM

  Hi,
  Could you please help me with the integration guide for UCM & OAM integration?
  Regards,
  Ashish

• BPC authentication via Tivoli Access Manager

  Hello experts,
  I'm now investigating BPC authentication mechanism with third vendor authentication software.
  Is it possible to login to BPC v7.5 MS version via Tivoli Access Manager with 'Reverse Proxy' ?
  And can BPC get a login-user information as a http-header from Tivoli Access Manager at this time ?
  If the above situation is possible, can BPC utilize BO enterprise authentication with Tivoli Access Manager ?
  Best regards,
  Tatsuo Oba

  SAP BOPC can use Reverse Proxy.
  I'm not sure how you want to use Tivoli Access Manager with SAP BOPC?
  It is very interesting to know also the reason you woudl like to use SAP BOPC in this way.
  It can be a very nice case study.
  BPC can not get information like an HTTP header and something like that it will be unsafe from security point of view.
  Regarding your question:
  BPC to utilize CMS authentication with Tivoli Access Manager
  I think you have to provide more information? Why do I need Tivoli Access Manager to access BPC or to do authentication to CMS.
  I have to mention I don't know how it is working Tivoli Access Manager and because of that I'm asking you to provide more information.
  Regards
  Sorin Radulescu

• Tivoli Access Manager 6.0 with Sun Java System Directory 6.3

  Hi,
  We have been using Tivoli Access Manager 6.0 with Sun Java System Directory 6.3 .
  Using IBM TAM Java API we can administer the user creation but the API provide support only to create user with required attribute as user name, password, description, setAccoutntvalid etc.
  But Sun Java System Directory 6.3 contains the many attributes as just to name a few...
  First Name (givenname), User ID (uid),Password (userPassword), Confirm Password
  E-mail (mail), Telephone Number (telephoneNumber), Country (c),Fax Number (facsimileTelephoneNumber), Locality (l), Organization (o), Organizational Unit (ou), accessHint, accountHint, departmentNumber, description, destinationIndicator, displayName, employeeNumber ETC...
  Now My Issue is if we need to add the values for other attributes as "accessHint" , "employeeNumber" etc, then how can we acheive using IBM TAM Java API or is there any other way.
  Thanks for your kind help...

  Looks like the attribute sunIdentityServerDiscoEntries is defined twice in the schema. Run the following and see where it is defined for the second time.
  # cd /var/opt/SUNWdsee/dsins1/config/schema
  # grep -w sunIdentityServerDiscoEntries *.ldif | grep -iv objectclasses
  Edited by: etst123 on Mar 3, 2009 1:28 PM

• Integrating Oracle EBS R12 with Oracle Access Manager 11g

  Hi Everyone ,
  Oracle Access Manager version 11.1.1.5
  Oracle Identity Management 11.1.1.6.0
  Oracle Access Manager WebGate 11.1.1.5
  Oracle E-Business Suite AccessGate patch p12796012
  Apps Version : 12.1.1
  DB Version 11.2.0.3
  PLatform : OEL 5.8
  We are trying to Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11g using Oracle E-Business Suite AccessGate.We followed metalink id's
  1309013.1 and 1543803.1 and some other documents.We have performed every step as documented , and everything seems to work fine untill user tries to log out from Oracle Applications i.e User
  is able to login to Oracle Applications through access gate and everything is working fine. But as user click logout button an error messsage is diplayed like "*500*
  *Internal Server Error Servlet error: An exception occured* " (The url at the time of this message is http://hostname:port/OA_HTML/AppsLogout ).
  Apps Tier (oacore) Application log:-
  +13/05/15 19:04:20.229 html: Servlet error+
  java.lang.NoSuchMethodError: oracle.apps.fnd.sso.SSOManager.getAuthAgentLogoutUrl(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
  at oracle.apps.fnd.sso.AppsLogoutRedirect.doGet(AppsLogoutRedirect.java:193)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)+
  at oracle.apps.jtf.base.session.ReleaseResFilter.doFilter(ReleaseResFilter.java:26)
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:15)+
  at oracle.apps.fnd.security.AppsServletFilter.doFilter(AppsServletFilter.java:318)
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)+
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)+
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)+
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)+
  Apps Tier Apache Error log :-
  +[Wed May 15 18:50:52 2013] [error] [client 192.168.0.2] [ecid: 1368624052:192.168.0.61:10798:0:44,0] File does not exist: /u01/eBiZR12/apps/apps_st/comn/java/classes//+
  WE have set all required profile in Oracle Application as directed in documents , and users are able to login just fine , but they are not able to logout.
  IS there something that we are missing , any help is highly appreciated.
  Regards
  Edited by: TheKop88 on May 16, 2013 11:39 AM

  Hi there ,
  Thanks for reply ,
  We had already gone through that document earlier. We noticed that when Apllication Profile "*Apllications SSO Type* " is set to SSWA then OA_HTML/AppsLogout is
  working fine , but when we set "*Applications SSO Type*" to SSWA w/SSO then OA_HTML/AppsLogout is not working(not redirecting) .Error thrown on web browser is "+500 Internal Server Error Servlet error: An exception occurred. The current application deployment descriptors do not allow for including it in this response+" . we believe that we might have missed some Profile settings that is causing this error.
  Regards
  Edited by: TheKop88 on May 16, 2013 12:03 PM
  Edited by: TheKop88 on May 16, 2013 12:07 PM

• Solution Manager Integration with Tivoli and TSRM

  Hi,
  Has anyone done an integration of SAP Solution manager with Tivoli or TSRM. Solution Manager can perform the same capabilities of Tivoli or TSRM of monitoring and Service desk. However we want to use the best of both. I would appreciate if if someone can share thier thoughts on this.
  Regards
  Jasvinder

  Hi,
  Heres a good news for you.
  IBM Tivoli Service Request Manager version 7.1 software has now SAP-certified for integration with SAP Solution Manager 7.0 via the service desk interface scenario (SMG-SDI 4.0).
  [The News|http://www.cbronline.com/news/ibm_launches_new_service_to_help_automate_it_service_desk_operations_091013]
  To Inegrate refer [this guide.|http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e3eeb4a8-0b01-0010-bd99-f4a700a49d32]
  Hope this will solve your problem.
  Feel free to revert back.
  -=-Ragu

• Issues integrating WebCenter with Oracle Access Manager

  Hi All,
  I am trying to integrate WebCenter 10.1.3.2 with Oracle Access Manager (CoreId). Followed the steps described in the Chapter 11 of the OC4J Security Guide.
  I was able to successfully authenticate WebCenter using IWA with Access Manager.
  Then I proceeded with the below steps:
  - Implemented ADF Security in the application. Created application roles and login page and worked fine on my local machine.
  - Provide the auth-method of "COREIDSSO" in orion-application.xml
  - Renamed the app-jazn-data.xml to give the OID groups
  - Mapped the OID groups to application roles in orion-application.xml
  - Used the jazn migration tool to populate the system-jazn-data.xml
  When trying to access the application, it looks like the ADF Context identifies that this is an authenticated user.
  ADFContext.getCurrent().getSecurityContext().isAuthenticated() retruns true
  ADFContext.getCurrent().getSecurityContext().isAuthorizationEnabled() returns true
  I get the below error message on the server console:
  [CoreIDLoginModule::getUserSessionFromCookie]: This user session for F3iwZhUGgjej9RSrMLSo0wjH5Ec6c2oeC0OBRH12y7%2FvfPVncz6dYoBoFD6q8DWAlMtzah%2FYV4T1t7jztVFYbxwfOyu0VOMXMEIosRrFicfJwoPRrM8MOkFsziQxpUqo98XrC9iBRHffdWSItNHZRZK4ZoCJMi6HZZ6noOc4Z%2BGJDGj3kWndYHTWjiG0cJhkSbL95wMmrXCDElzZHjPMdkuNQUHW1TfAJvgSlDeX6hhhIThlc%2BGmxMP3MQ%2FZoxUysbKieIJgDXo1%2FEMmLmTVjA%3D%3D is not valid or user is not logged in.
  I also tried using the "Headervar" variable to display the obmygroups value, but it comes as blank.
  Any help would be appreciated.
  Thanks
  Aneesh

  We recently integrated Webcenter Application (with ADF Authentication and Authorization) with OAM. May be the following will be of some help to you.
  We did the following steps documented in Chapter 11 Oracle Access Manager in Oracle J2EE security guide.
  OAM
  1. Created ALL specified policies , authentication schemes, protection specified in OAM section of the document.
  OC4J
  1. Ran all configuration listed for the OC4J section.
  Webcenter
  1. Developed the Webcenter Application
  2. Enabled ADF Security (Authentication & Authorization)
  3. Deployed the application. While deploying chose File based provider.
  4. After the deployment, changed orion-application.xml to have COREIDSSO as documented in Oracle documentation
  system-jazn-data.xml
  1. Added login module details as specified in the document. (Changed only the application name. Rest all was same as we used names as specified in the earlier steps of the document)
  OID Migration
  Reference document: "Configuring a WebCenter Application to Use Oracle Access Manager" in Webcenter Framework Developer guide.
  1. Located app-jazn-data.xml in the deployed application
  2. Removed "realm-name" and "type" subelements of "grantee" tags. Removed any realm details in user name.
  3. changed references to "class oracle.security.jazn.spi.xml.XMLRealmRole" to "oracle.security.jazn.realm.CoreIDPrincipal"
  4. ran the JAZN migration tool with "all" options. Migration from app-jazn-data.xml to OID.
  OAM
  Created policies for protecting our application.
  Test the application.
  Debugging.
  1. Enable oracle.adf.share.security , oracle.j2ee.security & oracle.j2ee.security.oc4j loggers to debug if the application is not working the way you expect to work.
  2. Set log level in Enterprise manager.
  3. All logging information are written in log.xml in $ORACLE_HOME/j2ee/OC4J_Webcenter/log/OC4J_WebCenter_default_group_1/oc4j
  Thanks

• Oracle Apex - SSO with IBM Tivoli Access Manager WebSeal - filters out Files with Server Error 500

  Hi,
  We are using IBM Tivoli Access Manager for SSO to authenticate users to access our APEX application. The authentication works but...
  When the application is being accessed with the WebSeal JS/CSS files are randomly not loaded and show up with either HTTP 400 or HTTP 500 error in the FF Toolbar Console. Of course without certain CSS / JS files the application can't be used by the user.
  If the application is accessed without WebSeal all files are loaded successful.
  Our set up:
  There are two APEX Applications using the WebSeal - the first one apparently works
  Apex Listener on Tomcat7.0
  Apex 4.2.6
  We tried all kind of different WebSeal configurations but nothing worked so far.
  I found the following:
  interactive report problem with SSO
  ==> Does anyone know how to use mapping tables and does it help?
  Interactive report javascript error due to proxy
  ==> The solution is for EPG but we use Tomcat as Listener so the solution does not apply
  Does anyone know how to configure the WebSeal ?
  Thanks

  I have same issue with Apex 4.2.6 and Webseal,  but only on Mobile Application.  Desktop Application is ok.
  I have raise a SR on supportweb, but SR engineer tell me it's may be the Webseal issue, they can't reproduce it with Oracle Access Manger.
  It's really a tough issue.

• Using IBM Tivoli Access Manager to Secure Tuxedo Services

  Wondering if anybody has any experience using 'IBM Tivoli Access Manager for e-business' to perform tuxedo service authorization ?
  Is there an out-of-the-box integrated solution available or does one have to basically build a security service that use the Tivoli Access Manager APIs to determine if the user is authorized to invoke service?
  Thanks,

  Hi,
  I followed the steps of establishing SSO using TAM for OBIEE application.
  Below is the piece of code that i had inserted in the "instanceconfig.xml" to enable SSO:
  <Listener>
  <!-- other settings ... -->
  </Listener>
  <CredentialStore>
  <CredentialStorage type="file" path="<OracleBIData>/web/config/credentialstore.xml" passphrase="another"/> </CredentialStore>
  <!-- other settings ... -->
  <Auth>
  <SSO enabled="true">
  <ParamList>
  <!--IMPERSONATE param is used to get the authenticated user's username and is re quired -->
  <Param name="IMPERSONATE"
  source="httpHeader" nameInSource="iv-user"/>
  </ParamList> <!--Optional. Replace the URLs with actual logoff/logon URL-->
  <LogonUrl>http://pkmslogin</LogonUrl>
  <LogoffUrl>http://pkmslogout</LogoffUrl>
  </SSO>
  </Auth>
  My credential store file look Like on below
  <sawcs:credential type="usernamePassword" alias="impersonation">
  <sawcs:username>USER</sawcs:username>
  <sawcs:password>password</sawcs:password>
  </sawcs:credential>
  In the above code i am trying to get the userID of a User through the header of the application's URL, who has been already been authenticated by Windows desktop Authentication mechanism .
  but then i try creating a junction using TAM and access the application through the junction i still get the logon page of OBIEE application...
  Can any one help me out in this issue..
  Thanks in Advance...

• Tivoli Access Manager WebSeal & Infoview

  Post Author: ab129001
  CA Forum: Authentication
  Is it possible to enable Infoview users to authenticate via Tivoli Access Manager WebSeal (a reverse proxy authentication product)?
  Thanks in advance.
  Andy

  Post Author: jsanzone
  CA Forum: Authentication
  Andy,
  It's my understanding that in order to achieve SSO w/ TAM running under WebSeal, that a Portal Integration Kit (PIK) must first be produced from BusinessObjects for the XI R2 platform.  Back in early April 2007, before I knew about PIKs, I submitted a trouble ticket to Tech Support in the hopes of getting a "quick" solution, hence the PIK education lesson.  In response to my request, tech support submitted an enhancement request for a WebSeal Portal Integration Kit, the Ticket number for the enhancement is ADAPT00755013.   If you find out anything further on this situation, I'd be all ears!!

• Punchout - How to post login params to Tivoli Access Manager?

  I am trying to help a customer access our parts ordering system. He is using SAP and wants to use the OCI Punchout feature. (Warning: I am a complete and utter SAP novice)
  Our application servers are protected by Tivoli Access Manager and users currently login to our application by entering their user/pwd info in a form. This customer wants to store this login info in SAP and perform the login automatically as well as posting other parameters, such as HOOK_URL etc., to our parts ordering application.
  I have been struggling with this for a few days now but without success. Can anyone offer some pointers here? Has anyone done something similar?
  Thanks
  Paul

  Thanks for your reply Masa,
  as I mentioned in my post, I am an SAP novice. I am assuming that the user, password and hook url are stored somewhere in SAP for use in the punchout.
  The problem I see is this: how to login with TAM and send the hook url to my application. It seems to me to be 2 separate actions.
  Paul

• Queries on Advance Complaint Management Integration with Advance Return Management

  Hello All,
  We plan to implement Advance Complaint Management and integrate the same with Advance Return Management in SAP CRM, I have gone through the following links for the same
  http://help.sap.com/saphelp_crm700_ehp02/helpdata/en/f8/d9632674dc4934a6ae266ce5e9f651/content.htm?frameset=/en/46/010af618cf3482e10000000a1553f6/frameset.htm
  http://help.sap.com/saphelp_crm700_ehp02/helpdata/en/a9/4cf641ea7a497cae3fee1c251af1c8/content.htm?frameset=/en/f8/d9632674dc4934a6ae266ce5e9f651/frameset.htm&current_toc=/en/2e/b0da18dbe84ed9bdff9a5d6d91f531/plain.htm&node_id=44&show_children=false
  http://scn.sap.com/thread/3408793
  We need to implement the return to vendor functionality and I have the following queries
  1) Does the return PO and delivery followed by the goods issue happen automatically? once the complaint transaction is released
  2) Can Service Confirmation be integrated with Advance Complaint Management
  Kind Regards
  Atul

  ok