Implementing single sign on across multiple web apps
Hi
I was wondering if somebody could help me. I need to implement single sign on
for multiple web apps deployed in separate WARs in a single EAR file. I need
to authenticate against an LDAP server and ensure that the user only has to sign
on once per user session even if the user navigates between web apps. The weblogic
docs only seem to go so far, i.e. "Single sign on works if each web app uses the
same cookie" etc. So I see that, apart from buying WebLogic Enterprise Security
there are only two ways of doing this:
1. Implement single sign on.
2. Create my own security realm with my own authenticator implementations.
So my questions are:
1. We don't want to effect the normal weblogic user/passwords used to access the
WLS console but need to have single sign on. Should we implement single sign on
(option 1,above) or create our own realm?
2. Can somebody point me to somewhere on the web/in the the WLS documentation
that shows me how to implement single sign on using session cookies?
TIA
Mik
"Mik Quinlan" <[email protected]> wrote in message
news:[email protected]..
>
Hi
I was wondering if somebody could help me. I need to implement singlesign on
for multiple web apps deployed in separate WARs in a single EAR file. Ineed
to authenticate against an LDAP server and ensure that the user only hasto sign
on once per user session even if the user navigates between web apps. Theweblogic
docs only seem to go so far, i.e. "Single sign on works if each web appuses the
same cookie" etc. So I see that, apart from buying WebLogic EnterpriseSecurity
there are only two ways of doing this:
1. Implement single sign on.
2. Create my own security realm with my own authenticator implementations.
So my questions are:
1. We don't want to effect the normal weblogic user/passwords used toaccess the
WLS console but need to have single sign on. Should we implement singlesign on
(option 1,above) or create our own realm?
2. Can somebody point me to somewhere on the web/in the the WLSdocumentation
that shows me how to implement single sign on using session cookies?
http://e-docs.bea.com/wls/docs81/security/thin_client.html#1039551
That also has a pointer to:
For more information, see session-descriptor in Assembling and Configuring
Web Applications.
Similar Messages
-
Multiple web apps sharing same cache in a single JVM ?
Is it possible to share cache across multiple web apps running in the same app server (multiple web apps, single JVM) ?
Thanks for any info.Hi Bob,
Cluster membership is scoped to the ClassLoader, so if your application server provides a ClassLoader-per-application, this will work fine.
This is supported for both Coherence (NamedCaches) and Coherence*Web (HTTP sessions).
Jon Purdy
Tangosol, Inc. -
Does lion server support a single email address across multiple devices??
I am looking to move from an outdated Microsoft Exchange Server 2003 to OS X Lion Server but I am unsure as to how Lion will handle email. I do not want to spend money on a new windows server if I can get a Mac Mini Server to do the job. I am a very small business with a number of email accounts for a couple employees and need access to email and calendar from both the office iMac's and my Macbook Pro when on the road. My IT guy says I need Exchange but he's been off base on a few other items recently and I wanted to check with other sources.
I have 2 new iMac's, a MacBook Pro, an iPad1 and and iPhone4 on the mac side of things and 2 windows computers running XP. I would get rid of the windows computers completely if not for my CAD program which runs best not in a virtual machine mode.
How well will email and calendar entries sync across devices?I have a very similar setup at my office. Lion Server will push email, calandar, contacts to all of your apple product with out a hitch.
As far the Windows XP machines, you can access email over IMAP with Thunderbird, and calandars via sunbird or the built in web app.
I would ditch the exchange server move to Mac OS X Server, and never look back.
God Luck!
PS. All of your devices will be in sync all the time.
Shore answer:
Does lion server support a single email address across multiple devices??
Yes. -
This may be a dumb question, but I can't seem to find any definitive information after having done many, many searches. Short question is - can Windows Server Backup spread a single backup job across multiple disks if they are not in a storage
pool or some other RAID/JBOD structure?
Background:
I'm running Server 2012 Essentials with all Windows Updates installed. I have been backing up approx 2.8TB of data (Bare Metal Recovery, C:, S: (shared folders), and system reserved) for the past year+ onto a storage pool made up of two-2TB external
USB drives. Backup is slow (takes approx 1.5 days to complete), but generally works. Not surprisingly I was constantly getting capacity low messages so I decided to increase my backup storage pool by adding a 3TB drive and another spare 750GB drive
for a total of 7.75TB. Instead of having four separate external USB enclosures, I bot a 4-bay enclosure - Startech.com model #S3540BU33E to simplify this (or so I thought!).
The first problem I had was adding the two new drives to the existing storage pool. I think that is because the Startech uses a JMicron USB controller that reports identical uniqueid's for all drives so only one shows up in the GUI interface for creating storage
pools. After doing research on this, I set up a new storage pool and virtual disk using all four drives via Powershell and thought I was good. However, when the backup ran, it failed after filling the first drive, saying there was no remaining capacity. In
reality there were three remaining empty drives and there storage pool reported almost 5TB of avail capacity. I assumed this was due to the identical uniqueid issue so I decided to try a different tactic.
Instead of using a storage pool that combines all four disks into one virtual disk, I just added each of them to Windows Server Backup as individual drives thinking it would manage them collectively. I.e., when a drive filled up during a particular backup,
it would just start using the next drive and so on. Apparently this was a foolish assumption because the backup failed again as soon as the first disk filled up.
So now I don't know if this is still an issue with the identical uniqueid's or if Server Backup actually can't spread a single backup across multiple individual drives that aren't in a pool or other virtual disk implementation. Hence, my original question.
My guess is that it does *not* spread them across individual disks, but I just wanted to get confirmation.
ThanksMandy,
Thank you for following up on my question.
Unfortunately the article you referenced doesn't address what I am trying to accomplish.
The article focuses on saving the same backup job to multiple disks and rotating the disks between on and offsite for enhanced protection. However, it still requires that an individual backup job fits on a single disk.
What I am trying to determine is if a single backup job can span across more than one physical disk (during the backup process) without those physical disks being in some type of virtual disk implementation (e.g., storage pool, RAID, etc.).
Thanks,
Gerry -
Single Sign-On (SSO) in Web Server 7.0u5
Hello,
I am in the process of trying to configure single sign-on (SSO) between several apps in the same SJWS 7.0u5 virtual server, and I'm not having much luck. This appears to be very similar to the problem reported in another thread (http://forums.sun.com/thread.jspa?forumID=759&threadID=5281564) that applied to 7.0u2.
I found one interesting detail that the previous post did not mention, however, and I think it is key to resolving this issue.
I've been using the SSO feature of WS7 since day one, and up to this point is has worked flawlessly. However, I am in the process of adding a new webapp that differs from the prior webapps in one significant way: it uses form-based login, and all the previous webapps used basic authentication.
Using the "Live HTTP Headers" Firefox add-on I captured the cookie exchanges between the client and server, and this is what I see:
1. Logging in to any of the apps that use basic authentication results in both the JSESSIONID for the current webapp and the JSESSIONIDSSO for the entire server to be returned in the response.
2. If I then go to a secured URI in the new (form login) webapp the JSESSIONIDSSO cookie is sent, but I still land on the login page.
3. When completing the login form and submitting it, no JSESSIONIDSSO is returned.
In both types of apps, my web.xml includes the appropriate configuration. FORM authentication: <login-config>
<auth-method>FORM</auth-method>
<realm-name>ldap</realm-name>
<form-login-config>
<form-login-page>/login.jsf</form-login-page>
<form-error-page>/error.jsf</form-error-page>
</form-login-config>
</login-config>...and BASIC authentication: <login-config>
<auth-method>BASIC</auth-method>
<realm-name>ldap</realm-name>
</login-config>From this, it appears as though the SSO functionality is not working when using FORM authentication, only when using BASIC authentication.
The web apps developer's guide specifically says that SSO works for all webapps in the same virtual server with the same realm-name, which is certainly the case for me. It doesn't say that SSO is not supported in FORM-authenticated webapps, but that would appear to be the case.
Or is this a bug?
Or am I simply doing something obviously wrong?
Thanks!
BillIn addition, I set the logging level to "fine", and I see these entries for the FORM authentication:
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Process request for '/testSso/'
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Checking for SSO cookie
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: SSO cookie is not present
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Security checking request GET /testSso/
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Matched constraint 'SecurityConstraint[secureURIs]' against GET /index.jsp
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Matched constraint 'SecurityConstraint[secureURIs]' against GET /index.jsp
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Calling hasUserDataPermission()
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: User data constraint has no restrictions
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Calling authenticate()
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Restore request from session '19FFE2F63CF4E8756C19B60AC6F7A65E'
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Authenticated 'testUser' with type 'FORM'
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Registering sso id '2698AFCE8889EF9877778386855517BC' for user 'testUser in realm ldap' with auth type 'FORM'
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Associate sso id 2698AFCE8889EF9877778386855517BC with session StandardSession[19FFE2F63CF4E8756C19B60AC6F7A65E]
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Proceed to restored request
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Calling accessControl()
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Checking roles testUser
[06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Successfully passed all security constraintsThat seems to indicate that an SSO ID is created and a cookie should be sent with the response, but as show in the Live HTTP Headers output, that is not the case.
The log entries for the BASIC authentication are as follows:
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Process request for '/ppc/'
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Checking for SSO cookie
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Security checking request GET /ppc/
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Matched constraint 'SecurityConstraint[ppc]' against GET /index.jsp
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Matched constraint 'SecurityConstraint[ppc]' against GET /index.jsp
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Calling hasUserDataPermission()
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: User data constraint has no restrictions
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Calling authenticate()
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Logging in user [testUser] into realm: ldap using JAAS module: ldapRealm
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Password login succeeded for : testUser
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Authenticated 'testUser' with type 'BASIC'
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Registering sso id 'A58B93F0A00C619AF18F53C2F7C00D16' for user 'testUser in realm ldap' with auth type 'BASIC'
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Associate sso id A58B93F0A00C619AF18F53C2F7C00D16 with session StandardSession[EF2E1F7E8B3FB7E3FDD4607E4A62D99E]
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Calling accessControl()
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Checking roles testUser
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: No role found: administrator
[06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Successfully passed all security constraintsIn this case, you can see that the SSO ID that is generated matches the value set in the response.
Bill -
Single Sign on for 2 Web Applications deployed on Web Logic Server
We want to implement single sign on for our application.
We want to deploy 2 applications(JSF/ADF) on web logic server say
webapp1 and webapp2.
If user already logged into webapp1 with valid userid and password and
then he access the link for webapp2 he should not be asked to provide
the credential details userid and password.
How we can implement this
1. If user credentials are maintained/authenticated against LDAP
2. If user maintained/authenticated are from databaseyou are in the wrong forum. This one is related to Oracle forms. Try the ADF-forum instead.
-
Authentication Across Multiple Web Applications (Revisited)
Its been an ongoing battle, but I've made some insight into this situation. The problem stands as it seems impossible to authenticate against one web application deployed as a WAR archive and have that authentication carry across to another web application with the same security constraints. I've been told by BEA that, quote:
"It seems to me that we are violating section 11.6 of the servlet 2.2 spec which talks about webapps"
I've also been told that this is fixed in WLS 6.0, reference issue #38732.
For those of us building production environments using 5.1 instead of 6.0 XML based configuration, this does NOT solve our problem.
I've dug further into the bowels of 5.1 and found that if you manually set the realm name in the login-config of the security constraint in the web.xml file in each WAR deployment as such:
<login-config>
<auth-method> [whichever method] </auth-method>
<realm-name>WebLogic Server</realm-name>
</login-config>
Authentication will carry across web applications. However, I've noted that the session management then becomes unpredictable. For example:
I log into the application TESTAPP1 which contains a protected servlet that outputs the session ID and attempts to get the authenticated principal name from the "_wl_authuser_" session variable. Upon first load of the page (after the login dialog box), the session is null [can be fixed with .getSession(true) call instead] and the "_wl_authuser_" object does not exist. Reload the page and the session appears as well as the "_wl_authuser_" object. Strange.
I then move to TESTAPP2, which does not prompt me for authentication but also is missing the session in the same manner. Upon browser reload, the session is created with a different ID and the "_wl_authuser_" object is now available with the appropriate principal name.
Upon moving back to TESTAPP1, I am not prompted for authentication however, I am assigned yet another session ID after browser reload, different from the first.
So it seems that although authentication is carried across web applications, the session IDs as you move from TESTAPP1 to TESTAPP2 change, and then change again but not back to the original when going back to TESTAPP1.
This is a particular problem since we are using Vignette's V5 as our main client and tracking sessions through V5 - this would quickly become unmanageable if a single page view access three or four different application components with three or four different session ids.
I'm wondering if we can expect the same behavior from WLS 6.0?
Ideally, I'd like to see WebLogic use a single session ID to track users across multiple web applications but still have session independence between applications. So if I store something in session in TESTAPP1, its not available in TESTAPP2. Does this outline the behaviour in WLS 6.0? Can anyone verify this?
Some food for thought. Thanks!
./Chris
Senior Systems Anaylst
MassMutual Financial Group
Hello! I am searching an answer to this question too!!!
Did you get some news regarding this item?
Regards,
C.M. -
The test encountered an error while signing in to Outlook Web App. HTTP code: 200
Infrastructure: Exchange 2010 SP3 RU2 environment on 17 servers worldwide with CAS, MB, HUB and UM roles. Server 2008 R2 VM's on Hyper-V 2008 R2.
Trying to run the following command to test OWA connectivity on a server in the same Active Directory domain but in a different AD site:
Get-ClientAccessServer -Identity Server1 | test-owaconnectivity -AllowUnsecureAccess -TrustAnySSLCertificate
I get the reponse:
WARNING: [11:04:51.276] : An Outlook Web App page wasn't received.
WARNING: [11:04:51.276] : The test encountered an error while signing in to Outlook Web App.
HTTP code: 200
WARNING: [11:04:51.276] : Test failed for URL 'https://server1.domain.com/owa/'.
ClientAccessServer MailboxServer URL
Scenario Result Latency Error
Server1.domain.com Server2.domain.com https://server1.domain.com/owa Logon Failure
The test encountered an error while signing in to Outlook Web App. HTTP code: 200
This is the same error message received from SCOM on its tests also.
I have created a test account on all 17 servers using ./new-TestCasConnectivityUser and ensured their mailboxes reside on the correct server in the correct database.
All internal servers are set for OWA and ECP for Windows Authentication. Only public facing CAS servers are set to Forms based. That said, have checked the 'Microsoft Exchange Forms-Based Authentication service' is running on both Server1 and Server2 as
are all Exchange services except 'Microsoft Exchange IMAP4' (not used) or 'Microsoft Exchange POP3' (not used).
However, if I run this command:
test-owaconnectivity -AllowUnsecureAccess -TrustAnySSLCertificate -URL
https://server1.domain.com/owa
I get the following success after I have entered my correct credentials:
Windows PowerShell Credential Request : cmdlet Test-OwaConnectivity at command pipeline position 1
Warning: This credential is being requested by a script or application on the Server2.domain.com remote computer.
Enter your credentials only if you trust the remote computer and the application or script requesting it.
Supply values for the following parameters:
MailboxCredential
ClientAccessServer MailboxServer URL
Scenario Result Latency Error
(ms)
https://server1.domain.com/owa
Logon Success 6282.13
So if I login with my domain username, it works and logs in. If the script runs using the 'extest....' user account created by the above ./new-TestCasConnectivityUser.ps1 , it does not work.
Has anyone got any ideas please? I know its not the network as it works under my username, I know all fo the services required are running as it works under my username. There are no entries at all in the receiving server's error logs for Application, System,
Exchange or Powershell at all.
Any help greatly appreciated.
DannyDid you read this? http://support.microsoft.com/kb/2277649/en-us
Did you run Test-MapiConnectivity? If not, can you run and post results?
HossFly, Exchange Administrator -
Hi.
I'm using SCOM 2012 R2 and have imported the Exchange server 2010 MP.
I have runned the TestCasConnectivityUser.ps1 script and almost everything is okay except for the OWA test login.
The OWA rule is working for some time until (I think) SCOM is doing a automatic password reset of the extest_ account. Then I get the OWA error below. The other test connectivity are working. Any suggestions.
One or more of the Outlook Web App connectivity tests had warnings. Detailed information:
Target: xxx|xxx
Error: The test couldn't sign in to Outlook Web App due to an authentication failure.
URL: https://xxx.com/OWA/
Mailbox: xxxx
User: extest_xxx
Details:
[22:50:08.936] : The TrustAnySSLCertificate flag was specified, so any certificate will be trusted.
[22:50:08.936] : Sending the HTTP GET logon request without credentials for authentication type verification.
[22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
[22:50:09.154] : The sign-in page is from ISA Server, not Outlook Web App.
[22:50:09.154] : The server reported that it supports authentication method FBA.
[22:50:09.154] : This virtual directory URL type is External or Unknown, so the authentication type won't be checked.
[22:50:09.154] : Trying to sign in with method 'Fba'.
[22:50:09.154] : Sending HTTP request for logon page 'https://xxx.com/CookieAuth.dll?Logon'.
[22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
[22:50:09.373] : The test couldn't sign in to Outlook Web App due to an authentication failure.
URL: https://xxx.com/OWA/
Mailbox: xxx
User: extest_xxx
[22:50:09.373] : Test failed for URL 'https://xxx/OWA/'.
Authentication Method: FBA
Mailbox Server: xxx
Client Access Server Name: xxx
Scenario: Logon
Scenario Description: Sign in to Outlook Web App and verify the response page.
User Name: extest_xxx
Performance Counter Name: Logon Latency
Result: Skipped
Site: xxx
Latency: -00:00:00.0010000
Secure Access: True
ConnectionType: Plaintext
Port: 0
Latency (ms): -1
Virtual Directory Name: owa (Default Web Site)
URL: https://xxx.com/OWA/
URL Type: External
Error:
The test couldn't sign in to Outlook Web App due to an authentication failure.
URL: https://xxx.com/OWA/
Mailbox: xxx
User: extest_xxx
Diagnostic command: "Test-OwaConnectivity -TestType:External -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true"
EventSourceName: MSExchange Monitoring OWAConnectivity External
Knowledge:
http://go.microsoft.com/fwlink/?LinkID=67336&id=CB86B85A-AF81-43FC-9B07-3C6FC00D3D42
Computer: xxx
Impacted Entities (3):
OWA Service - xxx, xxx - xxx, Exchange
Knowledge: View additional knowledge...
External Knowledge Sources
For more information, see the respective topic at the Microsoft Exchange Server TechCenter
Thanks
MHemHi,
Based on the error, it looks like an OWA authentication failure.
Have you tried post this to LYNC forums?
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Implementing Single Sign-On support for the Oracle E-Business suite
Implement Single Sign-On support for the Oracle E-Business suite
I want implement Single Sign-On support for the Oracle E-Business suite.
Operationg System : linux/Solaris
Oracle E-Business suite : 11.5.10
Oracle Application Server : 10gAS(latest availble)
Type of integration : SSO and OID with 11i
No third party SSO or LDAP
Qusetions
1.If my SSO Server is down can i login to applications(11i) using normal mode(default login http://servername.xxxx.com:8000/).
2. Is it possible to have appilications (11i) in Linux/Solaris and 10gAS in windows.
Please answer...
NOTE:
I am following Oracle METALINK Doc.Id 233436.1 and 261914.1.
Thank you.
MARKYou couldn't login into server But You can use the following login
http://servername.xxxx.com:8000/AppsLocalLogin.jsp
For this you need to enable the Appslocallogin Profile option -
Single result set across multiple tables
Hi - what's the best way to perform a single query that can pull
a single result set across multiple tables, ie., a master table
containing subject details and child table containing multiple
records with detail.
I know how to do this for two columns in the same table via
indexing, but how about across tables?
Cheers,
JohnI am not sure if I understood your question, but you can use
Intermedia Text with USER_DATA_STORE to create an index with data
source from multiple tables.
(see technet.oracle.com -> products -> oracle text)
Thomas -
" Path not found() "error when implementing single sign on
Hi,
We are implementing single sign on so that when users click on the "Reports Login" he is navigated to the obiee presentation services screen. For the reports login we have a .asp page which directs to the presentation services.
I have done the necessary changes in the instanceconfig and credentialstore xml files.
I have been receiving a strange error when I click on the reports login. I get the error
Path not found ()
Error Details
Error Codes: U9KP7Q94
I have checked the presentation server log file and I see the below error
Type: Error
Severity: 45
Time: Tue Mar 09 09:18:44 2010
File: project/websubsystems/ssportal.cpp Line: 1907
Properties: ThreadID-2672;HttpCommand-Dashboard;Proxy-;RemoteIP-127.0.0.1;User-;Impersonator-
Location:
saw.subsystem.portal
saw.httpserver.request
saw.rpc.server.responder
saw.rpc.server
saw.rpc.server.handleConnection
saw.rpc.server.dispatch
saw.threadPool
saw.threads
Path not found ()
Can anyone provide me an input how to resolve this issue?
This is bit urgent for me.
ThanksHi,
Please ensure that the navigational attribute is checked at the attribute level and also at the Infocube level and also check that correct mapping of this navigational attribute is done at the Multiprovider level.
Thanks,
Venkat -
Sourcing 7.0: Email Link in Mail templates when implementing Single Sign on
Hello,
We are implementing Sourcing 7.0 SP02 On premise.
We are in the processing of setting up the single sign on with Enterprise Portal.
In E-Sourcing 5.1 - when we implement single sign on with portal - the mail links in the mail templates have to be replaced with the portal URL and also - in order to redirect the user from portal login to the correct object in E-Sourcing (contract/MA/RFX) - we had implemented a custom portal solution (par file) to redirect the user.
So when the user clicks on the link in the mail - it will take the user to Enterprise portal login. Once the login is done - user will be redirected to the E-Sourcing object like RFX/MA which the token %DOCUMENT_URL% contains.
I wanted to check if there is any standard solution to this issue in Sourcing 7.0 on pHi Vikram, Thanks a lot for your reply. I got a release note 1485253 that explains that this is resolved. Please find the text below
2011/0000612672
In user emails, %DOCUMENT_URL% token is used to generate the document
specific URL. This URL takes the user directly to the document. However,
when Sourcing is integrated with SAP Portal, using only this token will not
take the user to the document. In order to fix this, ENCODE function has
been introduced. Wrapping this around the URL, the URL can be encoded and
used as a "forcedURL" in the portal link.
Would you be able to explain to me how this can be achieved through configuration? I tried now with a portal user of Sourcing and the link was still showing up as the old link. Is this forcedURL generated using a system property?
Regards,
Srivatsan -
I have 3 applications on App. Server 8.1 (running on JDK 1.5)
App-A handles login
App-B and App-C are functions that are accessible after login is validated.
It works fine with App. Server 6.5 (JDK 1.3)
But the distributed session cannot be shared in App. Server 8.1 (JDK 1.5)
So App-A handles sign on and stores the user's Login Name on the session.
App-B and App-C read the user's login name from the session object and grant access to different modules.
1. Starting App-A and perform login
2. Starting App-B from App-A (it is linked there)
3. Starting App-C from App-A (it is linked there)
In step 1, a new session is created for the user, an attribute ("LoginName") is put in the session - ie. using HttpSession.setAttribute()
In step 2, the program checks for attribute "LoginName" from the session object - ie. using HttpSession.getAttribute()
If not found, redirect to login; if found, then continue with App-B
In step 3, same as in step 2 above.
It works fine with App. Server 6.5 but problem occurs in step 2 and 3.
web.xml of App-A, App-B and App-C:
<i>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>App-A</display-name>
<distributable/>
</i>
sun-web.xml of App-A, App-B and App-C
<i>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 8.1 Servlet 2.4//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_4-1.dtd">
<sun-web-app>
<session-config>
<session-manager persistence-type="memory">
<manager-properties>
<property name="persistenceFrequency" value="web-method"/>
</manager-properties>
<store-properties>
<property name="persistenceScope" value="session"/>
</store-properties>
</session-manager>
</session-config>
</i>Distributed sessions has nothing to do with different web applications. The concept is about distributing load for the same application between several appserver instances running on the same box(different jvm) or on some other box in the network.
What you used with iAS 6.5 is not available in 8.1 because sharing sessions between web apps is forbidden by the servlet spec. You should consider repackaging your apps. into a single web app. or using other way of signing/verifying user identity(check Sun Access Manager for example).
Have a look at this thread as well: http://swforum.sun.com/jive/thread.jspa?threadID=100931 -
Single Sign-on with Multiple Servlets and JSPs
I am in the midst of attempting to logically tie together a number of our
web applications under a single sign-on "umbrella". What we want is the
following: for any n applications a user may have access rights for up to n
of them. Once signed in, she has rights to visit any app to which she has
permissions as long as her session is valid. Unfortunately, I'm having
trouble seeing how to make this work given the documentation that I have.
I've read thru the newsgroup in search of a solution, but I haven't seen
anything geared toward this specific approach.
Currently, each "application" (servlet) has a list of valid users via ACLs
(we've implemented a RealmExtender, so we're not going via props file
entries), and we let the browser pop-up window enforce the sign-on. This
has worked exactly as we wish (single sign-on, etc.), for testing, but we'd
really rather have our own form-based sign-on for production.
To that end, we've done the following:
1) implemented a JSP form-based sign-on (basically ripped off from the
example provided by BEA), which does a "ServletAuthentication.weak()" check
to confirm identity.
2) placed the following code (essentially) within the service() method of
our servlet superclass, which I thought would force another check. My
intention is to disallow the user from "jumping into" an app thru a
shortcut, and thereby bypassing security.
HttpSession session = request.getSession(true);
if (session.isNew()) {
response.sendRedirect(welcomeURL);
However, we can't get the form-based approach to mimic the functionality of
the default browser pop-up: the sign-in doesn't seem to "follow" the user
the way it did with the pop-up. Instead, when I come in thru our login
page, the browser pop-up is still appearing when I click the link for an
app for which to which I have permissions.
Is the default browser pop-up doing something different that I should know
about? Seems like this should be simple to do, but it's surprisingly subtle
(or maybe I'm just clueless).
TIA
Well, if you want to hear my personal opinion:
better stick to the cookie specification (http://wp.netscape.com/newsref/std/cookie_spec.html) and accept the constraint that cookies will only be send to domains that tail-match the domain-constraint specified in the set-cookie http response.
Although this specification is not an official internet standard most browsers are implementing the cookie mechanism according to this specification.
Unfortenately there's no option to specify that a cookie should be send to a list of servers and/or sub-domains.
However one physical server can have multiple (FQDN) hostnames. So if you intend to send the cookie to a group of servers the best approach is to create a new (DNS) (sub-)domain exclusively for those servers.
Theoretically (and also practically) it is possible to set cookies for multiple domains (by using a webservice that will set cookies on request of a caller). But that approach is dangerous:
(1) not the server but the http client is defining the content of the cookie (= part of the http server response)
(2) (unintended) many servers can obtain the cookie which will be send to all servers that reside in all (tail-matching sub-)domains; although most likely only one or two servers of each domain are intended recipients
Regards, Wolfgang
Maybe you are looking for
-
How to read in a text file of race lap times....
How do i read in a text file containing lap times from a race for one driver? I have the times down 1 column and look like this. I then want to add the times up to get a total race time. I have been looking at the Calendar class and the simpleDateFun
-
Memory monitoring in ABAP debugger
Can anyone tell me the relevance of memory monitoring in ABAP debugger and and how to use it practically. I have searched the forums but did not find anything.
-
hi I am trying to read the file which is written from LabVIEW only. But it fails. I cant debug this. my source data is fixed 2d array of cluster of 55 elements. Herewith i attached VIs for reference. ( If i try to convert the data to variance, LabVIE
-
What color space is shown first in RAW files?
When I first open a new folder of pictures (NEF RAW files) in Bridge, they are shown in a vibrant colorspace. After a minute or three the colors all fade to the RAW defaults seen in Camera RAW. There are no other filetypes in the folder, so Bridge is
-
HELP: itunes could not restore because the backup is corrupt or not compatable
I back up my iphone to icloud via itunes but when i want to restore the iphone from back up this error messege appeared: itunes could not restore because the backup is corrupt or not compatable how to solve this problem? Thanks,,