Implementing OAM - SSO for Multiple Applications

Similar Messages

• URGENT: SSO for multiple Applications

  I have integrated 4 different applications in a single domain with OAM for SSO.
  Individually all apps are working fine (for SSO). Now I want to Apply only single login for all the applications. So what changes need to be done in OAM side?
  Continuing to my above Question. For the first time if I access application A, Authentication should be done and if I access Application B, C, D no authentication should be done
  and What changes to be done for Single Log OUT.
  Help me what to do for SSO for all the applications.
  Thanks
  Ajay
  Edited by: 915734 on Mar 12, 2012 7:57 PM

  You have to configure single sign-on policy for same
  Go through the blelow documents
  http://docs.oracle.com/cd/E14571_01/doc.1111/e15478/sso.htm#BJFGFBDC
  http://docs.oracle.com/cd/E14571_01/doc.1111/e15478/intro.htm#BABCDGEH
  http://docs.oracle.com/cd/E23943_01/core.1111/e10043/osso_b_oam11g.htm
  http://docs.oracle.com/cd/E24269_01/doc.11120/e24477/sso.htm

• SSO for multiple APEX applications on the same instance

  Hi All,
  We have an APEX instance with 2 applications configured in 2 workspaces.
  The instance is already configured to use SSO. I have followed thee Metalink note #562807.1 to do the SSO wiring.
  We are planning to incorporate SSO authentication for both the applications.
  Also planning to use different URLs (2 aliases for the server) for the applications.
  eg:-
  App1 will be using http://app1.us.oracle.com/pls/apex/f?p=100:10
  App2 will be using http://app2.us.oracle.com/pls/apex/f?p=200:10
  Is it possible to register SSO on 2 URLs for the same instance?
  Can I execute regapp.sql multiple times on the same instance?
  Please advice me.
  Thanks,
  Sajeesh

  Is it possible to register SSO on 2 URLs for the same instance?You should be able to register as many partner applications as you like. I suggest that you try it.
  Can I execute regapp.sql multiple times on the same instance?Yes, but the lsnr_token value must be unique. That's HTML_DB:hostname:port.
  Your applications in different workspaces will not be able to share sessions but you will probably get the single-sign-on behavior you need.
  Scott

• SSO for various applications within the same portal

  Is it possible to implement SSO at the application level in an EP 7.0 environment?
  Ex:  One Portal with ESS and BI Functionality (BI is connected to the BI backend, ESS is connected to the ECC backend, but all of it exists within the same portal instance) in which the BI Explorer would rely on SSO, while the ESS would require a logon to the portal.  The initial page of the portal would not be a logon screen, but rather a menu screen
  Does this functionality exist?

  For our purposes, ESS would have to be authenticated (perferably through Active Directory), while BI Explorer wouldn't require "visible" authentication, BUT the question would be, could all of this exist on the same portal..
  I agree that it certainly wouldn't be user friendly to ask users to logon (using AD l/p) for certain parts but not others.  I think the solution would simply to have 2 portal instances (ESS/ECC = Logon/Password,  BI Portal = SSO), and to federate the BI to the ECC Portal. That way, if someone wanted to work in BI and only BI, they could go without logging on, but if they wanted to go to the ESS Portal they would have to logon BUT would be able to use both ESS and BI.
  This all stems from an effort to eliminate the neccessity of having to logon to a portal (for a small group of managers), but still maintaining a level of security for ALL users in regards to employee self-service

• SSO for JDeveloper application -- how?

  Hello,
  I am developing a servlet with JDeveloper & Struts, and I am curious whether it is possible to configure SSO and JDeveloper so that when I DEBUG the project and the embedded OC4J server starts, my application gets protected by the Single-Sign-On. That is, when I access http://<server>:8988/MYApplication/request.do?<params>, the SSO login page shows up, and after I type in correct login and pwd, my original page gets called again, only with the SSO cookie set this time.
  I have all the things set up (infrastructure etc), and I guess if I go and deploy my application into Apache web folders, things should work -- but is there a way to do this with embedded OC4J server -- with its ports, etc?
  Thank you very much,
  Sasha.

  Krrish,
  For enabling security for your ADF application in JDeveloper use ADF Security wizard. Read this:
  http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
  You should set up your identity management with the application server.
  (App Server Console->Administration->Identity Management)
  You should set the identity management as the security provider of the ADF Application.
  (App Server Console->Your Application->Security Provider)
  You should have installed your APP Server in advanced mode.
  You have to enable SSO for application server and define the ADF application as a partner application:
  http://download-uk.oracle.com/docs/cd/B32110_01/web.1013/b28957/configldap.htm#BEHCGHHF
  see Configure SSO (Optional) section.
  Despite that, I myself have had problem making this work. I am using Identity Management 10.1.4.
  Regards
  Farbod

• SSO for External application not part of the portal framework

  Greetings,
  I am desperate!!!
  I am trying to do the following:
  I have a pl/sql application that presents to the user a set of external applications links.When the user activates a link, I would like to make a call the SSO server so it can do external application login.
  I know I can configure the external applications as described in the SSO admin guide.
  Unfortunately the API to query the SSO server for external application mapping is not public.
  ANY IDEAS ON WHERE I CAN GET THIS INFO??
  Every thing I have read says that external applications can be accessed through Portal. This is not my case. I can use any packages or classes available by the SSO server to portal, but MY APPLICATION IS NOT A PORTAL.

  I have similar kind of requirements for Single sign-on to external web applications.
  But in my applications I have to auto-generate random userid & password for different external web applications.
  These uids & password are exported to external applications, which upon recieving creates user in their applications.
  So, actual user will never have access to these credentials(uid &pwd).
  So, how can I cutomize the Portlets to do the first time SSO when user is created & their credentials to external apps are stored to OID.
  Any idea Barry..
  Bye

• IdM 7 and SSO for legacy applications

  Dear experts,
  Per SAP NetWeaver 7 documentation new approach allows SSO for any legacy applications without a need for a 3rd party IdM solution.
  Could someone explain how this is handled? Does evary non-SAP application need to become aware of SAP IdM credential store and be able to interact with it, or some other - non-intrusive approach is being used?
  Thanks in advance,
  Eugene.

  Hi Eugene,
  SAP NetWeaver Identity Management 7.0 handles the provisioning of users (identities) for a heterogeneous landscape. Authentication and Single Sign-On (SSO) is being handled within the SAP NetWeaver platform. So introducing SAP NetWeaver Identity Management itself does not introduce additional SSO functionality.

• One login for multiple applications

  Hi,
  I was using HTMLDB 1.6 and followed the following guidlines: one login multiple applications for one login to multiple applications. Basically I set the cookie name the same for both applications. It worked.
  Now I've upgraded to HTMLDB 2.0 and this doesn't work anymore. I need to login to each application. Any way around this?
  Thanks,
  Marty

  Scott
  I have an SQL report region that includes this column:
  decode((select count(*) from gr_agency_add f, gr_emp_add a where a.empid = g.userid and a.aid = f.aid and a.add_type = g.address_option), 0, '', '<a href="f?p=&APP_ID.:9:' || :APP_SESSION || '::::P9_GRID:' || g.GRID || ' target="_blank">') ||decode(trunc(length(g.topic)/30), 0 , g.topic || '</a>', substr(g.TOPIC,1,30)||'..') "Topic",
  With the
  target="_blank"
  of course I am opening page 9 in a new window. I never had a problem with this but today, in a demo to some executives, the new window apparently came up with the login page and not page 9. Would this be due to a browser setting? Unfortunately, I don't have much info about the laptop they were using.
  The demo was still a success!
  Bill

• Mailman v3 implementation of support for multiple domains

  Mailman has evolved to support listserve names for multiple domains (think VH for listserves). At what point can we see Apple roll this kind of management into the existing product? It would be fabulous to give VH clients the ability to have their own 'branded' listserve experience rather than one with our default domains
  Server Group -- please update Mailman when more pressing bug fixes are out of your way. Thank you!

  Alex,
  Thanks. I know that it can be done via the CLI, but once again we see where alterations done in the CLI will immediately require abandoning the SA as an admin tool. We're trying to encourage Apple to not create this paradox, or rather, to evolve the GUI admin toolset. I was recently at a Leopard Server tour seminar where the field engineer and I discussed this very feature. His comment to me was essentially 'many of the tools in the Server are based on open source projects, so you can simply download the latest update, compile it and configure it for the server ... but you won't be able to use the admin tools we provide." He's accurate, and if I was the only one admin'ing my machines, that might be a temporary solution to this particular small issue. But it immediately brings to mind the reflex question of 'so why did I buy Leopard server?
  This is a matter of Apple needing to provide sufficient resources to the Server group to grow the product. Whether that means some new hiring, or not pulling engineers off for other product lines, or a different management paradigm. We shouldn't purchase a server product that is touted as an enterprise-class solution when it may only have a bare framework for the offered toolsets. If growing the toolset to match what is already offered in the open source world (for that particular product) requires abandoning the server tools, then there's a bit of a vision problem with the Server product.
  Sorry, -- I didn't mean to get on a soap box. You and I are here to learn and help others. I know you aren't part of Apple any more than I am. I do hope Apple engineers are given some time to peruse this board and mine it for ideas, or gauge the effectiveness of their solutions based on the questions and solutions posed here.
  With Mailman 3 so far along in development (VH support was added in October), is Apple culling the very best from it for their user base (and adjusting the SA toolset accordingly)?

• SSO for J2EE Applications

  Hello ,
  How can j2ee web Applications (not ADF ) be SSO Enabled using Oracle Access Manager or Oracle SSO (oid)??If so,Which is the best solution??Is it mandatory for applications to be Deployed in Oracle Weblogic Server?Is there any fixed topology provided by oracle for the same???
  Regards,
  Pradeep

  Yes, j2ee webapps can be enabled for SSO using Oracle Access Manager. There is no mandatory requirement to put it in weblogic unless you want to use the 10g weblogic-oam-sspi connector. Basically there are 2 options (or maybe more!)
  Option 1 is to use a standard webserver (apache) as a reverse proxy to the j2ee webapp. Then have a webgate installed on the apache webserver. You will have to write some proxypass rules in the apache to fwd the requests to the webapp. The advantage is that there is 1 central point of implementation and control and the disadvantage is that all traffic should go through the proxy and none can go to the appserver directly. It is a topology requirement.
  Option 2 is to use a connector for the specific container. For oam 10g, we had weblogic and websphere connector outof box. For tomcat, there is no connector out of box, but using tomcat api, a connector can be built (read tomcat valve).
  These are high level information. Evaluate which works best for your topology and explore that option. Hope this helps. Let us know.

• SSO for Web applications

  Hi,
  I want to implement SSO between my portal and web applications. i found some documents but not sufficient information. what would be the correct source of information if i want to impalement SSO between Portal and Web server(non SAP).
  Any help is appreciated.
  Thanks,
  Damodhar.

  Hi,
  i have gone through the some documentation, i am giving the links to help for the others if anyone go through this thread in future.
  Logon tickets for the sap and non sap systems, it's good.
  SAP Logon Ticket-based Single Sign-On
  SSO with SAP logon ticket- Security issues
  SSO with SAP Logon Ticket - security issues
  we have another document but the document has been moved to another link, can you suggest me link for the following document.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/enabling single sign-on from sap j2ee engine to non-sap java applications.article
  the above link has been moved, can anyone suggest me the correct link for the above document.
  Thanks,
  Damodhar.

• SSO for partner applications

  Hi All,
  I have installed 10g AS Release 2 on a system. I also have Application Express(formerly HTML DB) installed on the same system. I registered one of the HTML DB applications as partner applications and have put SSO authentication for it.
  When I try to login the AS looks at the OID installed on the system(which I gave during installation). I want it to look at the Oracle gmldap.oraclecorp.com server OID so that only Oracle employees login.
  Can anybody tell me how to change the OID and what are the entries to be give to configure it to gmldap.oraclecorp.com server??
  Thanks,
  Swaroop

  See Task 3 in the Section 9.4 of the Oracle Application Server Administrator's Guide:
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/chginfra.htm#i1014978
  See the following for information about what to specify on each page.
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/reconfig.htm#i1013341

• SSO for external applications

  Hi,
  We are using SSO to integrate with external applications. There is a need to open the third party application from eBusiness Center when we click on a button. Can anyone guide me how SSO invokes the external application when you click on any link for the same. I need to invoke the URL same way from the button click as well.
  Thanks,
  Viral

  Hi,
  Can anybody help regarding the same?
  Thanks,
  Viral

• Problem with sso for asp applications

  Hi,
  i am using the web app integrator to integrate asp application with SSO, i am getting permission denied some times, the permission denied is a small html file on asp server side when userid is null.
  I am sure that the user id is not null because i have written small script to respond back with the passed user id like response.write(""), it is giving back the passed user id every time but at the same time i am getting Permission denied.
  The permission denied is a small html file on the .net server side when the ui=null in the pssing URL.
  How this is happening at the same time, one is giving back the user id and one is taking the user id as null.
  some times i am getting right page and some times giving permisssion denied.
  the basic URl is
  http://abc.xyz.com/sm_log.asp?userid=damodhar
  There is no great security behind this only passing user id, they are not passing the password even in the http header authentication. the simple logic is they are hiding the URL from the view source.
  if i pass the hard coded url from the browser i am getting the proper page at the same time if i pass the url  from portal it is working some times and some times not, i don't know when?
  I am using the web application integrator method.
  we are operating portal server from internet and .net server is on intranet.
  Thanks,
  Damodhar.

  If you lose sounds for keyboard clicks, games or other apps, email notifications and other notifications, system sounds may have been muted.
  System sounds can be muted and controlled two different ways. The screen lock rotation can be controlled in the same manner as well.
  Settings>General>Use Side Switch to: Mute System sounds. If this option is selected, the switch on the side of the iPad above the volume rocker will mute system sounds.
  If you choose Lock Screen Rotation, then the switch locks the screen. If the screen is locked, you will see a lock icon in the upper right corner next to the battery indicator gauge.
  If you have the side switch set to lock screen rotation then the system sound control is in the task bar. Double tap the home button and in the task bar at the bottom, swipe all the way to the right. The speaker icon is all the way to the left. Tap on it and system sounds will return.
  If you have the side switch set to mute system sounds, then the screen lock rotation can be accessed via the task bar in the same manner as described above.
  This support article from Apple explains how the side switch works.
  http://support.apple.com/kb/HT4085

• Directory Structure for multiple applications at one host

  Can I have multiple (more than one) WEB-INF directory structures in the public_html directory for different web applications? If I do this, how do setup the url-pattern in the Servlet Mapping tag in the web.xml file? How do I setup the URL that calls the servlet from the HTML that has been send to the user�s browser?

  If I understand your question, you want multiple contexts. All App Servers/Web Servers allow you to setup multiple contexts. Normally if your root context is in /home/myhome/app_server/
  then you would setup multiple contexts by creating a folder for each context:
  /home/myhome/app_server/context1/
  /home/myhome/app_server/context2/
  Each would have their own full application/website. And the way to reference these would be as such:
  if the domain, www.mydomain.com, is mapped to /home/myhome/app_server/
  www.mydomain.com/context1/
  www.mydomain.com/context2/
  I think that is what you were asking. Hope it helps