Implementing single sign on across multiple web apps

Hi
I was wondering if somebody could help me. I need to implement single sign on
for multiple web apps deployed in separate WARs in a single EAR file. I need
to authenticate against an LDAP server and ensure that the user only has to sign
on once per user session even if the user navigates between web apps. The weblogic
docs only seem to go so far, i.e. "Single sign on works if each web app uses the
same cookie" etc. So I see that, apart from buying WebLogic Enterprise Security
there are only two ways of doing this:
1. Implement single sign on.
2. Create my own security realm with my own authenticator implementations.
So my questions are:
1. We don't want to effect the normal weblogic user/passwords used to access the
WLS console but need to have single sign on. Should we implement single sign on
(option 1,above) or create our own realm?
2. Can somebody point me to somewhere on the web/in the the WLS documentation
that shows me how to implement single sign on using session cookies?
TIA
Mik

"Mik Quinlan" <[email protected]> wrote in message
news:[email protected]..
>
Hi
I was wondering if somebody could help me. I need to implement singlesign on
for multiple web apps deployed in separate WARs in a single EAR file. Ineed
to authenticate against an LDAP server and ensure that the user only hasto sign
on once per user session even if the user navigates between web apps. Theweblogic
docs only seem to go so far, i.e. "Single sign on works if each web appuses the
same cookie" etc. So I see that, apart from buying WebLogic EnterpriseSecurity
there are only two ways of doing this:
1. Implement single sign on.
2. Create my own security realm with my own authenticator implementations.
So my questions are:
1. We don't want to effect the normal weblogic user/passwords used toaccess the
WLS console but need to have single sign on. Should we implement singlesign on
(option 1,above) or create our own realm?
2. Can somebody point me to somewhere on the web/in the the WLSdocumentation
that shows me how to implement single sign on using session cookies?
http://e-docs.bea.com/wls/docs81/security/thin_client.html#1039551
That also has a pointer to:
For more information, see session-descriptor in Assembling and Configuring
Web Applications.

Similar Messages

  • Multiple web apps sharing same cache in a single JVM ?

    Is it possible to share cache across multiple web apps running in the same app server (multiple web apps, single JVM) ?
    Thanks for any info.

    Hi Bob,
    Cluster membership is scoped to the ClassLoader, so if your application server provides a ClassLoader-per-application, this will work fine.
    This is supported for both Coherence (NamedCaches) and Coherence*Web (HTTP sessions).
    Jon Purdy
    Tangosol, Inc.

  • Does lion server support a single email address across multiple devices??

    I am looking to move from an outdated Microsoft Exchange Server 2003 to OS X Lion Server but I am unsure as to how Lion will handle email. I do not want to spend money on a new windows server if I can get a Mac Mini Server to do the job. I am a very small business with a number of email accounts for a couple employees and need access to email and calendar from both the office iMac's and my Macbook Pro when on the road. My IT guy says I need Exchange but he's been off base on a few other items recently and I wanted to check with other sources.
    I have 2 new iMac's, a MacBook Pro, an iPad1 and and iPhone4 on the mac side of things and 2 windows computers running XP. I would get rid of the windows computers completely if not for my CAD program which runs best not in a virtual machine mode.
    How well will email and calendar entries sync across devices?

    I have a very similar setup at my office. Lion Server will push email, calandar, contacts to all of your apple product with out a hitch.
    As far the Windows XP machines, you can access email over IMAP with Thunderbird, and calandars via sunbird or the built in web app.
    I would ditch the exchange server move to Mac OS X Server, and never look back.
    God Luck!
    PS. All of your devices will be in sync all the time.
    Shore answer:
    Does lion server support a single email address across multiple devices??
    Yes.

  • Can Windows Server Backup spread a single backup job across multiple disks if they are not set up as a virtual disk?

    This may be a dumb question, but I can't seem to find any definitive information after having done many, many searches.  Short question is - can Windows Server Backup spread a single backup job across multiple disks if they are not in a storage
    pool or some other RAID/JBOD structure?
    Background:
    I'm running Server 2012 Essentials with all Windows Updates installed.  I have been backing up approx 2.8TB of data (Bare Metal Recovery, C:, S: (shared folders), and system reserved) for the past year+ onto a storage pool made up of two-2TB external
    USB drives.  Backup is slow (takes approx 1.5 days to complete), but generally works.  Not surprisingly I was constantly getting capacity low messages so I decided to increase my backup storage pool by adding a 3TB drive and another spare 750GB drive
    for a total of 7.75TB.  Instead of having four separate external USB enclosures, I bot a 4-bay enclosure - Startech.com model #S3540BU33E to simplify this (or so I thought!).
    The first problem I had was adding the two new drives to the existing storage pool. I think that is because the Startech uses a JMicron USB controller that reports identical uniqueid's for all drives so only one shows up in the GUI interface for creating storage
    pools. After doing research on this, I set up a new storage pool and virtual disk using all four drives via Powershell and thought I was good. However, when the backup ran, it failed after filling the first drive, saying there was no remaining capacity. In
    reality there were three remaining empty drives and there storage pool reported almost 5TB of avail capacity. I assumed this was due to the identical uniqueid issue so I decided to try a different tactic.
    Instead of using a storage pool that combines all four disks into one virtual disk, I just added each of them to Windows Server Backup as individual drives thinking it would manage them collectively. I.e., when a drive filled up during a particular backup,
    it would just start using the next drive and so on. Apparently this was a foolish assumption because the backup failed again as soon as the first disk filled up.
    So now I don't know if this is still an issue with the identical uniqueid's or if Server Backup actually can't spread a single backup across multiple individual drives that aren't in a pool or other virtual disk implementation. Hence, my original question.
    My guess is that it does *not* spread them across individual disks, but I just wanted to get confirmation.
    Thanks

    Mandy,
    Thank you for following up on my question.
    Unfortunately the article you referenced doesn't address what I am trying to accomplish.
    The article focuses on saving the same backup job to multiple disks and rotating the disks between on and offsite for enhanced protection.  However, it still requires that an individual backup job fits on a single disk.
    What I am trying to determine is if a single backup job can span across more than one physical disk (during the backup process) without those physical disks being in some type of virtual disk implementation (e.g., storage pool, RAID, etc.).
    Thanks,
    Gerry

  • Single Sign-On (SSO) in Web Server 7.0u5

    Hello,
    I am in the process of trying to configure single sign-on (SSO) between several apps in the same SJWS 7.0u5 virtual server, and I'm not having much luck. This appears to be very similar to the problem reported in another thread (http://forums.sun.com/thread.jspa?forumID=759&threadID=5281564) that applied to 7.0u2.
    I found one interesting detail that the previous post did not mention, however, and I think it is key to resolving this issue.
    I've been using the SSO feature of WS7 since day one, and up to this point is has worked flawlessly. However, I am in the process of adding a new webapp that differs from the prior webapps in one significant way: it uses form-based login, and all the previous webapps used basic authentication.
    Using the "Live HTTP Headers" Firefox add-on I captured the cookie exchanges between the client and server, and this is what I see:
    1. Logging in to any of the apps that use basic authentication results in both the JSESSIONID for the current webapp and the JSESSIONIDSSO for the entire server to be returned in the response.
    2. If I then go to a secured URI in the new (form login) webapp the JSESSIONIDSSO cookie is sent, but I still land on the login page.
    3. When completing the login form and submitting it, no JSESSIONIDSSO is returned.
    In both types of apps, my web.xml includes the appropriate configuration. FORM authentication:  <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>ldap</realm-name>
        <form-login-config>
          <form-login-page>/login.jsf</form-login-page>
          <form-error-page>/error.jsf</form-error-page>
        </form-login-config>
      </login-config>...and BASIC authentication:  <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>ldap</realm-name>
      </login-config>From this, it appears as though the SSO functionality is not working when using FORM authentication, only when using BASIC authentication.
    The web apps developer's guide specifically says that SSO works for all webapps in the same virtual server with the same realm-name, which is certainly the case for me. It doesn't say that SSO is not supported in FORM-authenticated webapps, but that would appear to be the case.
    Or is this a bug?
    Or am I simply doing something obviously wrong?
    Thanks!
    Bill

    In addition, I set the logging level to "fine", and I see these entries for the FORM authentication:
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Process request for '/testSso/'
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:  Checking for SSO cookie
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:  SSO cookie is not present
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Security checking request GET /testSso/
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:   Matched constraint 'SecurityConstraint[secureURIs]' against GET /index.jsp
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:   Matched constraint 'SecurityConstraint[secureURIs]' against GET /index.jsp
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:  Calling hasUserDataPermission()
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:   User data constraint has no restrictions
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:  Calling authenticate()
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Restore request from session '19FFE2F63CF4E8756C19B60AC6F7A65E'
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Authenticated 'testUser' with type 'FORM'
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Registering sso id '2698AFCE8889EF9877778386855517BC' for user 'testUser in realm ldap' with auth type 'FORM'
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Associate sso id 2698AFCE8889EF9877778386855517BC with session StandardSession[19FFE2F63CF4E8756C19B60AC6F7A65E]
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Proceed to restored request
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:  Calling accessControl()
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:   Checking roles testUser
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:  Successfully passed all security constraintsThat seems to indicate that an SSO ID is created and a cookie should be sent with the response, but as show in the Live HTTP Headers output, that is not the case.
    The log entries for the BASIC authentication are as follows:
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Process request for '/ppc/'
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:  Checking for SSO cookie
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Security checking request GET /ppc/
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:   Matched constraint 'SecurityConstraint[ppc]' against GET /index.jsp
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:   Matched constraint 'SecurityConstraint[ppc]' against GET /index.jsp
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:  Calling hasUserDataPermission()
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:   User data constraint has no restrictions
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:  Calling authenticate()
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Logging in user [testUser] into realm: ldap using JAAS module: ldapRealm
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Password login succeeded for : testUser
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Authenticated 'testUser' with type 'BASIC'
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Registering sso id 'A58B93F0A00C619AF18F53C2F7C00D16' for user 'testUser in realm ldap' with auth type 'BASIC'
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Associate sso id A58B93F0A00C619AF18F53C2F7C00D16 with session StandardSession[EF2E1F7E8B3FB7E3FDD4607E4A62D99E]
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:  Calling accessControl()
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:   Checking roles testUser
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: No role found:  administrator
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:  Successfully passed all security constraintsIn this case, you can see that the SSO ID that is generated matches the value set in the response.
    Bill

  • Single Sign on for 2 Web Applications deployed on Web Logic Server

    We want to implement single sign on for our application.
    We want to deploy 2 applications(JSF/ADF) on web logic server say
    webapp1 and webapp2.
    If user already logged into webapp1 with valid userid and password and
    then he access the link for webapp2 he should not be asked to provide
    the credential details userid and password.
    How we can implement this
    1. If user credentials are maintained/authenticated against LDAP
    2. If user maintained/authenticated are from database

    you are in the wrong forum. This one is related to Oracle forms. Try the ADF-forum instead.

  • Authentication Across Multiple Web Applications (Revisited)

              Its been an ongoing battle, but I've made some insight into this situation. The problem stands as it seems impossible to authenticate against one web application deployed as a WAR archive and have that authentication carry across to another web application with the same security constraints. I've been told by BEA that, quote:
              "It seems to me that we are violating section 11.6 of the servlet 2.2 spec which talks about webapps"
              I've also been told that this is fixed in WLS 6.0, reference issue #38732.
              For those of us building production environments using 5.1 instead of 6.0 XML based configuration, this does NOT solve our problem.
              I've dug further into the bowels of 5.1 and found that if you manually set the realm name in the login-config of the security constraint in the web.xml file in each WAR deployment as such:
                   <login-config>
                        <auth-method> [whichever method] </auth-method>
                        <realm-name>WebLogic Server</realm-name>
                   </login-config>
              Authentication will carry across web applications. However, I've noted that the session management then becomes unpredictable. For example:
              I log into the application TESTAPP1 which contains a protected servlet that outputs the session ID and attempts to get the authenticated principal name from the "_wl_authuser_" session variable. Upon first load of the page (after the login dialog box), the session is null [can be fixed with .getSession(true) call instead] and the "_wl_authuser_" object does not exist. Reload the page and the session appears as well as the "_wl_authuser_" object. Strange.
              I then move to TESTAPP2, which does not prompt me for authentication but also is missing the session in the same manner. Upon browser reload, the session is created with a different ID and the "_wl_authuser_" object is now available with the appropriate principal name.
              Upon moving back to TESTAPP1, I am not prompted for authentication however, I am assigned yet another session ID after browser reload, different from the first.
              So it seems that although authentication is carried across web applications, the session IDs as you move from TESTAPP1 to TESTAPP2 change, and then change again but not back to the original when going back to TESTAPP1.
              This is a particular problem since we are using Vignette's V5 as our main client and tracking sessions through V5 - this would quickly become unmanageable if a single page view access three or four different application components with three or four different session ids.
              I'm wondering if we can expect the same behavior from WLS 6.0?
              Ideally, I'd like to see WebLogic use a single session ID to track users across multiple web applications but still have session independence between applications. So if I store something in session in TESTAPP1, its not available in TESTAPP2. Does this outline the behaviour in WLS 6.0? Can anyone verify this?
              Some food for thought. Thanks!
              ./Chris
              Senior Systems Anaylst
              MassMutual Financial Group
              

    Hello! I am searching an answer to this question too!!!
    Did you get some news regarding this item?
    Regards,
    C.M.

  • The test encountered an error while signing in to Outlook Web App. HTTP code: 200

    Infrastructure: Exchange 2010 SP3 RU2 environment on 17 servers worldwide with CAS, MB, HUB and UM roles. Server 2008 R2 VM's on Hyper-V 2008 R2.
    Trying to run the following command to test OWA connectivity on a server in the same Active Directory domain but in a different AD site:
    Get-ClientAccessServer -Identity Server1 | test-owaconnectivity -AllowUnsecureAccess -TrustAnySSLCertificate
    I get the reponse:
    WARNING: [11:04:51.276] : An Outlook Web App page wasn't received.
    WARNING: [11:04:51.276] : The test encountered an error while signing in to Outlook Web App.
    HTTP code: 200
    WARNING: [11:04:51.276] : Test failed for URL 'https://server1.domain.com/owa/'.
    ClientAccessServer        MailboxServer            URL                                               
    Scenario       Result       Latency          Error
    Server1.domain.com      Server2.domain.com  https://server1.domain.com/owa  Logon           Failure                           
    The test encountered an error while signing in to Outlook Web App. HTTP code: 200
    This is the same error message received from SCOM on its tests also.
    I have created a test account on all 17 servers using ./new-TestCasConnectivityUser and ensured their mailboxes reside on the correct server in the correct database.
    All internal servers are set for OWA and ECP for Windows Authentication. Only public facing CAS servers are set to Forms based. That said, have checked the 'Microsoft Exchange Forms-Based Authentication service' is running on both Server1 and Server2 as
    are all Exchange services except 'Microsoft Exchange IMAP4' (not used) or 'Microsoft Exchange POP3' (not used).
    However, if I run this command:
    test-owaconnectivity -AllowUnsecureAccess -TrustAnySSLCertificate -URL
    https://server1.domain.com/owa
    I get the following success after I have entered my correct credentials:
    Windows PowerShell Credential Request : cmdlet Test-OwaConnectivity at command pipeline position 1
    Warning: This credential is being requested by a script or application on the Server2.domain.com remote computer.
    Enter your credentials only if you trust the remote computer and the application or script requesting it.
    Supply values for the following parameters:
    MailboxCredential
    ClientAccessServer  MailboxServer  URL                                                
    Scenario              Result      Latency    Error
    (ms)
                                                            https://server1.domain.com/owa  
    Logon                 Success    6282.13
    So if I login with my domain username, it works and logs in. If the script runs using the 'extest....' user account created by the above ./new-TestCasConnectivityUser.ps1 , it does not work.
    Has anyone got any ideas please? I know its not the network as it works under my username, I know all fo the services required are running as it works under my username. There are no entries at all in the receiving server's error logs for Application, System,
    Exchange or Powershell at all.
    Any help greatly appreciated.
    Danny

    Did you read this?  http://support.microsoft.com/kb/2277649/en-us
    Did you run Test-MapiConnectivity? If not, can you run and post results? 
    HossFly, Exchange Administrator

  • The test couldn't sign in to Outlook Web App due to an authentication failure. Extest_ account.

    Hi.
    I'm using SCOM 2012 R2 and have imported the Exchange server 2010 MP.
    I have runned the TestCasConnectivityUser.ps1 script and almost everything is okay except for the OWA test login.
    The OWA rule is working for some time until (I think) SCOM is doing a automatic password reset of the extest_ account. Then I get the OWA error below. The other test connectivity are working. Any suggestions.
    One or more of the Outlook Web App connectivity tests had warnings. Detailed information:
    Target: xxx|xxx
    Error: The test couldn't sign in to Outlook Web App due to an authentication failure.
    URL: https://xxx.com/OWA/
    Mailbox: xxxx
    User: extest_xxx
    Details:
    [22:50:08.936] : The TrustAnySSLCertificate flag was specified, so any certificate will be trusted.
    [22:50:08.936] : Sending the HTTP GET logon request without credentials for authentication type verification.
    [22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
    [22:50:09.154] : The sign-in page is from ISA Server, not Outlook Web App.
    [22:50:09.154] : The server reported that it supports authentication method FBA.
    [22:50:09.154] : This virtual directory URL type is External or Unknown, so the authentication type won't be checked.
    [22:50:09.154] : Trying to sign in with method 'Fba'.
    [22:50:09.154] : Sending HTTP request for logon page 'https://xxx.com/CookieAuth.dll?Logon'.
    [22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
    [22:50:09.373] : The test couldn't sign in to Outlook Web App due to an authentication failure.
    URL: https://xxx.com/OWA/
    Mailbox: xxx
    User: extest_xxx
    [22:50:09.373] : Test failed for URL 'https://xxx/OWA/'.
    Authentication Method: FBA
    Mailbox Server: xxx
    Client Access Server Name: xxx
    Scenario: Logon
    Scenario Description: Sign in to Outlook Web App and verify the response page.
    User Name: extest_xxx
    Performance Counter Name: Logon Latency
    Result: Skipped
    Site: xxx
    Latency: -00:00:00.0010000
    Secure Access: True
    ConnectionType: Plaintext
    Port: 0
    Latency (ms): -1
    Virtual Directory Name: owa (Default Web Site)
    URL: https://xxx.com/OWA/
    URL Type: External
    Error:
    The test couldn't sign in to Outlook Web App due to an authentication failure.
    URL: https://xxx.com/OWA/
    Mailbox: xxx
    User: extest_xxx
    Diagnostic command: "Test-OwaConnectivity -TestType:External -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true"
    EventSourceName: MSExchange Monitoring OWAConnectivity External
    Knowledge:
    http://go.microsoft.com/fwlink/?LinkID=67336&id=CB86B85A-AF81-43FC-9B07-3C6FC00D3D42
    Computer: xxx
    Impacted Entities (3):
    OWA Service - xxx, xxx - xxx, Exchange
    Knowledge:     View additional knowledge...
    External Knowledge Sources
    For more information, see the respective topic at the Microsoft Exchange Server TechCenter
    Thanks
    MHem

    Hi,
    Based on the error, it looks like an OWA authentication failure.
    Have you tried post this to LYNC forums?
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Implementing Single Sign-On support for the Oracle E-Business suite

    Implement Single Sign-On support for the Oracle E-Business suite
    I want implement Single Sign-On support for the Oracle E-Business suite.
    Operationg System : linux/Solaris
    Oracle E-Business suite : 11.5.10
    Oracle Application Server : 10gAS(latest availble)
    Type of integration : SSO and OID with 11i
    No third party SSO or LDAP
    Qusetions
    1.If my SSO Server is down can i login to applications(11i) using normal mode(default login http://servername.xxxx.com:8000/).
    2. Is it possible to have appilications (11i) in Linux/Solaris and 10gAS in windows.
    Please answer...
    NOTE:
    I am following Oracle METALINK Doc.Id 233436.1 and 261914.1.
    Thank you.
    MARK

    You couldn't login into server But You can use the following login
    http://servername.xxxx.com:8000/AppsLocalLogin.jsp
    For this you need to enable the Appslocallogin Profile option

  • Single result set across multiple tables

    Hi - what's the best way to perform a single query that can pull
    a single result set across multiple tables, ie., a master table
    containing subject details and child table containing multiple
    records with detail.
    I know how to do this for two columns in the same table via
    indexing, but how about across tables?
    Cheers,
    John

    I am not sure if I understood your question, but you can use
    Intermedia Text with USER_DATA_STORE to create an index with data
    source from multiple tables.
    (see technet.oracle.com -> products -> oracle text)
    Thomas

  • " Path not found() "error when implementing single sign on

    Hi,
    We are implementing single sign on so that when users click on the "Reports Login" he is navigated to the obiee presentation services screen. For the reports login we have a .asp page which directs to the presentation services.
    I have done the necessary changes in the instanceconfig and credentialstore xml files.
    I have been receiving a strange error when I click on the reports login. I get the error
    Path not found ()
    Error Details
    Error Codes: U9KP7Q94
    I have checked the presentation server log file and I see the below error
    Type: Error
    Severity: 45
    Time: Tue Mar 09 09:18:44 2010
    File: project/websubsystems/ssportal.cpp Line: 1907
    Properties: ThreadID-2672;HttpCommand-Dashboard;Proxy-;RemoteIP-127.0.0.1;User-;Impersonator-
    Location:
         saw.subsystem.portal
         saw.httpserver.request
         saw.rpc.server.responder
         saw.rpc.server
         saw.rpc.server.handleConnection
         saw.rpc.server.dispatch
         saw.threadPool
         saw.threads
    Path not found ()
    Can anyone provide me an input how to resolve this issue?
    This is bit urgent for me.
    Thanks

    Hi,
    Please ensure that the navigational attribute is checked at the attribute level and also at the Infocube level and also check that correct mapping of this navigational attribute is done at the Multiprovider level.
    Thanks,
    Venkat

  • Sourcing 7.0: Email Link in Mail templates when implementing Single Sign on

    Hello,
    We are implementing Sourcing 7.0 SP02 On premise.
    We are in the processing of setting up the single sign on with Enterprise Portal.
    In E-Sourcing 5.1 - when we implement single sign on with portal - the mail links in the mail templates have to be replaced with the portal URL and also - in order to redirect the user from portal login to the correct object in E-Sourcing (contract/MA/RFX) - we had implemented a custom portal solution (par file) to redirect the user.
    So when the user clicks on the link in the mail - it will take the user to Enterprise portal login. Once the login is done - user will be redirected to the E-Sourcing object like RFX/MA which the token %DOCUMENT_URL% contains.
    I wanted to check if there is any standard solution to this issue in Sourcing 7.0 on p

    Hi Vikram, Thanks a lot for your reply. I got a release note 1485253 that explains that this is resolved. Please find the text below
    2011/0000612672
    In user emails, %DOCUMENT_URL% token is used to generate the document
    specific URL. This URL takes the user directly to the document. However,
    when Sourcing is integrated with SAP Portal, using only this token will not
    take the user to the document. In order to fix this, ENCODE function has
    been introduced. Wrapping this around the URL, the URL can be encoded and
    used as a "forcedURL" in the portal link.
    Would you be able to explain to me how this can be achieved through configuration? I tried now with a portal user of Sourcing and the link was still showing up as the old link. Is this forcedURL generated using a system property?
    Regards,
    Srivatsan

  • Distributed sessions for multiple web-apps in a single App. Server (v.8.1)

    I have 3 applications on App. Server 8.1 (running on JDK 1.5)
    App-A handles login
    App-B and App-C are functions that are accessible after login is validated.
    It works fine with App. Server 6.5 (JDK 1.3)
    But the distributed session cannot be shared in App. Server 8.1 (JDK 1.5)
    So App-A handles sign on and stores the user's Login Name on the session.
    App-B and App-C read the user's login name from the session object and grant access to different modules.
    1. Starting App-A and perform login
    2. Starting App-B from App-A (it is linked there)
    3. Starting App-C from App-A (it is linked there)
    In step 1, a new session is created for the user, an attribute ("LoginName") is put in the session - ie. using HttpSession.setAttribute()
    In step 2, the program checks for attribute "LoginName" from the session object - ie. using HttpSession.getAttribute()
    If not found, redirect to login; if found, then continue with App-B
    In step 3, same as in step 2 above.
    It works fine with App. Server 6.5 but problem occurs in step 2 and 3.
    web.xml of App-A, App-B and App-C:
    <i>
    <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <display-name>App-A</display-name>
         <distributable/>
    </i>
    sun-web.xml of App-A, App-B and App-C
    <i>
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 8.1 Servlet 2.4//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_4-1.dtd">
    <sun-web-app>
    <session-config>
    <session-manager persistence-type="memory">
    <manager-properties>
    <property name="persistenceFrequency" value="web-method"/>
    </manager-properties>
    <store-properties>
    <property name="persistenceScope" value="session"/>
    </store-properties>
    </session-manager>
    </session-config>
    </i>

    Distributed sessions has nothing to do with different web applications. The concept is about distributing load for the same application between several appserver instances running on the same box(different jvm) or on some other box in the network.
    What you used with iAS 6.5 is not available in 8.1 because sharing sessions between web apps is forbidden by the servlet spec. You should consider repackaging your apps. into a single web app. or using other way of signing/verifying user identity(check Sun Access Manager for example).
    Have a look at this thread as well: http://swforum.sun.com/jive/thread.jspa?threadID=100931

  • Single Sign-on with Multiple Servlets and JSPs

    I am in the midst of attempting to logically tie together a number of our
              web applications under a single sign-on "umbrella". What we want is the
              following: for any n applications a user may have access rights for up to n
              of them. Once signed in, she has rights to visit any app to which she has
              permissions as long as her session is valid. Unfortunately, I'm having
              trouble seeing how to make this work given the documentation that I have.
              I've read thru the newsgroup in search of a solution, but I haven't seen
              anything geared toward this specific approach.
              Currently, each "application" (servlet) has a list of valid users via ACLs
              (we've implemented a RealmExtender, so we're not going via props file
              entries), and we let the browser pop-up window enforce the sign-on. This
              has worked exactly as we wish (single sign-on, etc.), for testing, but we'd
              really rather have our own form-based sign-on for production.
              To that end, we've done the following:
              1) implemented a JSP form-based sign-on (basically ripped off from the
              example provided by BEA), which does a "ServletAuthentication.weak()" check
              to confirm identity.
              2) placed the following code (essentially) within the service() method of
              our servlet superclass, which I thought would force another check. My
              intention is to disallow the user from "jumping into" an app thru a
              shortcut, and thereby bypassing security.
              HttpSession session = request.getSession(true);
              if (session.isNew()) {
              response.sendRedirect(welcomeURL);
              However, we can't get the form-based approach to mimic the functionality of
              the default browser pop-up: the sign-in doesn't seem to "follow" the user
              the way it did with the pop-up. Instead, when I come in thru our login
              page, the browser pop-up is still appearing when I click the link for an
              app for which to which I have permissions.
              Is the default browser pop-up doing something different that I should know
              about? Seems like this should be simple to do, but it's surprisingly subtle
              (or maybe I'm just clueless).
              TIA
              

    Well, if you want to hear my personal opinion:
    better stick to the cookie specification (http://wp.netscape.com/newsref/std/cookie_spec.html) and accept the constraint that cookies will only be send to domains that tail-match the domain-constraint specified in the set-cookie http response.
    Although this specification is not an official internet standard most browsers are implementing the cookie mechanism according to this specification.
    Unfortenately there's no option to specify that a cookie should be send to a list of servers and/or sub-domains.
    However one physical server can have multiple (FQDN) hostnames. So if you intend to send the cookie to a group of servers the best approach is to create a new (DNS) (sub-)domain exclusively for those servers.
    Theoretically (and also practically) it is possible to set cookies for multiple domains (by using a webservice that will set cookies on request of a caller). But that approach is dangerous:
    (1) not the server but the http client is defining the content of the cookie (= part of the http server response)
    (2) (unintended) many servers can obtain the cookie which will be send to all servers that reside in all (tail-matching sub-)domains; although most likely only one or two servers of each domain are intended recipients
    Regards, Wolfgang

Maybe you are looking for

  • How to read in a text file of race lap times....

    How do i read in a text file containing lap times from a race for one driver? I have the times down 1 column and look like this. I then want to add the times up to get a total race time. I have been looking at the Calendar class and the simpleDateFun

  • Memory monitoring in ABAP debugger

    Can anyone tell me the relevance of memory monitoring in ABAP debugger and and how to use it practically. I have searched the forums but did not find anything.

  • File Read Failure

    hi I am trying to read the file which is written from LabVIEW only. But it fails. I cant debug this. my source data is fixed 2d array of cluster of 55 elements. Herewith i attached VIs for reference. ( If i try to convert the data to variance, LabVIE

  • What color space is shown first in RAW files?

    When I first open a new folder of pictures (NEF RAW files) in Bridge, they are shown in a vibrant colorspace. After a minute or three the colors all fade to the RAW defaults seen in Camera RAW. There are no other filetypes in the folder, so Bridge is

  • HELP: itunes could not restore because the backup is corrupt or not compatable

    I back up my iphone to icloud via itunes but when i want to restore the iphone from back up this error messege appeared: itunes could not restore because the backup is corrupt or not compatable how to solve this problem? Thanks,,