Integrating Webcenter 11g (Discussions)  with OAM  for SSO

Similar Messages

• Integrating Oracle Applications with Siteminder for SSO.

  We currently have a Oracle Apps implementations with Oracle 9iAS as Application server. We are planning to integrate it in SSO using Netegrity Siteminder.
  Please let me know your thoughts on the following
  1) Additional softwares or patches needed to be applied at Oracle Application Server level before integrating with Siteminder. Do we need to install Oracle SSO seprately or does it come as part of Oracle 9iAS.
  2) Also how will we implement SSO using siteminder without OID.
  Any documents on it will help.

  The Netegrity Siteminder Webagent will authenticate to some third party, probably the corporate LDAP. Using Oracle SSO (OSSO) is required and a java plugin needs to be customized. See:
  Oracle® Application Server Single Sign-On Administrator's Guide
  10g Release 2 (10.1.2) < I know different version but doesn't matter
  B14078-02
  Specifically Chapter - 13 Integrating with Third-Party Access Management Systems. That is a minor task.
  Loading OID is a prerequisite and needs to contain the users that will need access to the protected resources in the environment. If it's a small amount of users, manually maintaining OID may not be a big deal utilizing OIDDAS but if it is a large amount, then this effort is a big deal. Big deal meaning a load utilizing the bulkload utility and a custom job that syncronizes the "Corporate LDAP" with OID. Mapping is important. External dependancy with the "Corporate LDAP" folks.
  Another couple of important things to consider:
  1. The seeded users in OID, such as orcladmin will most likely not be in the "Corporate LDAP" so once Netegrity Simplified Sign On (SSO) comes into play, those users are locked out. Orcladmin is a superuser in OIDDAS. For that reason, server administrators or DBA's that are in OID need to be granted OIDDAS privileges prior to enabling the Netegrity agent to prevent being locked out of that important but sensative tool. Disabling and re-enabling SSO is as simple as editing 2 config files and bouncing a few things though.
  2. The OIDDAS Password lockout policy will start locking users after 60 days with no warning unless changed. If oidadmin gets locked, the fix is Note:251354.1. Very important to change the policy since it will be handled by the "Corporate LDAP". Note:251354.1 covers this. Basically using the oidadmin utility, change the "Password Expiry Time" from the default 5184000 to zero "0" which turn off the policy.
  The realms that should be protected on the Netegrity policy server are both infrastructure. 7777/oiddas and 7777/sso need to be protected realms on the policy server. If you have a protected application going to mid-tier applications like 7778/discoverer/viewer, they get redirected to the infrastructure 7777/sso because if the directive in mod_osso.conf. Forms will be protected by the 7777/sso realm as well. On the Netegrity Policy Server, unprotected sub-realms can be created under protected realms.
  The custom java plugin tells Oracle to trust the "Corporate LDAP" for authentication but authorization can still be performed within OID.
  This all sounds difficult but it is really simple. The only part than can get difficult and time consuming is the OID load. Hopefully you get Siteminder DAS access to administer your realms on the Policy server.
  Hope this helps! - Ron

• Setting up IDM and OAM for SSO

  Can someone please point us to a document which assists in installing IDM, OAM and configuring sso?
  Our requirement is to integrate with an external ldap like sunone for authentication.
  -Pratap

  Can you be more specific with regards to "IDM"? It's a bit of an overloaded term. What are your requirements besides SSO? This is the install guide for OAM:
  http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12493/toc.htm

• How configure Windows 8.1 Clients with IE11 for SSO with Kerberos SPNEGO

  We are using BI Publisher OBIEE 11.1.1.7 with SSO Kerberos SPNEGO.
  The Weblogic Server Version is WLS_PRODUCT_VERSION=10.3.5.0
  The SSO is working very well with Clients that are Windows XP or Windows 2003 R2. We had testet wit IE7,IE8 Firefox.
  Now as we become Windows 8.1 Clients with IE11 the Kerberos SPNEGO SSO is not working.
  Please give us advice or a HOW TO Document about the configuration on Windows 8.1 Cllients with IE11 Browser.
  I find many Dokuments related to older Windows Versions for example
  http://www.oracle.com/technetwork/articles/idm/weblogic-sso-kerberos-1619890.html
  but nothing for Windows 8.1 Clients
  Thanks in advance.

  The location for tabs in IE11 browser might be different but the steps are the same :
  Configure Local Intranet Domains
     1. In Internet Explorer, select Tools > Internet Options.
     2. Select the Security tab.
     3. Select Local intranet and click Sites.
     4. In the Local intranet popup, ensure that the Include all sites that bypass the proxy server and Include all local (intranet) sites not listed in other zones options are checked.
     5. Click Advanced.
     6. In the Local intranet (Advanced) dialog box, add all relative domain names that will be used for Oracle WebLogic Server instances participating in the SSO configuration (for example, myhost.example.com) and click OK.
  Configure Intranet Authentication
     1. Select Tools > Internet Options.
     2. Select the Security tab.
     3. Select Local intranet and click Custom Level... .
     4. In the Security Settings dialog box, scroll to the User Authentication section.
     5. Select Automatic logon only in Intranet zone. This option prevents users from having to re-enter logon credentials, which is a key piece to this solution.
     6. Click OK.
  Verify Proxy Settings
  If you have a proxy server enabled:
     1. Select Tools > Internet Options.
     2. Select the Connections tab and click LAN Settings.
     3. Verify that the proxy server address and port number are correct.
     4. Click Advanced.
     5. In the Proxy Settings dialog box, ensure that all desired domain names are entered in the Exceptions field.
     6. Click OK to close the Proxy Settings dialog box.
  What is the error reported by the browser / wls logs ?
  -- Puneeth

• Integrating WebDynpro ABAP applications with UWL for workflow in Portal

  Dear
  We want to integrate an abap webdynpro application as task in the workflow with UWL.
  More information was found in /people/ginger.gatling/blog/2005/12/14/create-new-uis-for-existing-workflow-tasks-with-abap-web-dynpro-and-universal-worklist
  But no answer on the following issue:
  We use the transaction SWFVISU to prepare standard setting for our  task. This defines how a task is executed, once you select the task subject line on the worklist.
  Task                           TS91700001
  Visualization Type             ABAP Web Dynpro
  APPLICATION     z_wd_pas
  DYNPARAM     IV_WIID=${item.externalId}&period=${item.PERIOD}
  NAMESPACE     SAP
  SYSTEM_ALIAS     SAP_BSP_EREC
  But we want to start the abap webdynpro application with a dynamic parameter: period 07.2010 or 08.2010 or MM.YYYY. This parameter is a container element of the task, filled when the task is created. Also other parameters are available in the abap webdynpro application.
  Component       Z_WD_PAS
  Interface View  PAS
  Plug Name       DEFAULT
  Help Menu Text
  Help Link
                                                                                  Package         Z_PAS
  Language        EN
  URL             http://saperpd1.imec.be:8000/sap/bc/webdynpro/sap/z_wd_pas                                                                               
  with parameters
  IV_WIID     000000000000     SWW_WIID
  ORG_UNIT     00000000     ORGEH
  PERIOD                              SPMON
  PERNR     00000000     PERSNO                            
  Can we set the dynamic parameter list DYNPARAM from the task
  or should  we read the container in our abap webdynpro application described in http://wiki.sdn.sap.com/wiki/display/WDABAP/IntegratingWebDynproABAPapplicationswithUWLforworkflowin+Portal?
  More information: The task is a webservice
  Standard task        91700001   Z_PAS_CC
  Object Category      BOR Object Type
  Object Type          WEBSERVICE   WebFlow Service
  Method               PROCESSDIALOG                      Dialog Service
  with the following standard program code for this method:
  begin_method processdialog changing container.
  DATA: l_wi_objkey TYPE swotobjid-objkey.
  DATA: l_wiid TYPE swwwihead-wi_id.
                                                                                  CALL FUNCTION 'SWE_WI_GET_FROM_REQUESTER'
    IMPORTING
      requester_workitemid = l_wi_objkey.
  l_wiid = l_wi_objkey.
                                                                                  CALL FUNCTION 'SWF_WSC_START_LH_DIALOG'
    EXPORTING
      i_wiid                 = l_wiid
    EXCEPTIONS
      url_creation_failed    = 1
      browser_launch_failure = 2
      OTHERS                 = 3.
  IF sy-subrc <> 0.
    CASE sy-subrc.
      WHEN 1.
        exit_return '1000' space space space space.
      WHEN 2.
        exit_return '1001' space space space space.
      WHEN OTHERS.
        exit_return '1002' space space space space.
    ENDCASE.
  ENDIF.
  end_method.                                           
  Before calling the function SWF_WSC_START_LH_DIALOG the parameters for the abap webdynpro should be defined. Is this possible ?
  Thanks for your suggestions.
  Best regards
  Luc Marent

  I added below sources .
  >    <ItemType name="uwl.request.webflow.WS91000001" connector="WebFlowConnector" defaultView="WorkItemRequestsView" defaultAction="launchWebDynPro" executionMode="default">
  >      <ItemTypeCriteria systemId="UWLSETXXX" externalType="WS91000001" connector="WebFlowConnector" />
  >      <Actions>
  >        <Action name="launchWebDynPro" groupAction="" handler="SAPWebDynproABAPLauncher" returnToDetailViewAllowed="yes" launchInNewWindow="yes" launchNewWindowFeatures="resizable=yes,scrollbars=yes,status=yes,toolbar=no,menubar=no,location=no,directories=no">
  >          <Properties>
  >            <Property name="WebDynproApplication" value="ZWD_WF_002" />
  >            <Property name="newWindowFeatures" value="resizable=yes,scrollbars=yes,status=yes,toolbar=no,menubar=no,location=no,directories=no" />
  >            <Property name="DynamicParameter" value="wi_id=${item.externalId}" />
  >            <Property name="openInNewWindow" value="yes" />
  >            <Property name="System" value="WDSETXXX" />
  >            <Property name="WebDynproNamespace" value="sap" />
  >            <Property name="display_order_priority" value="5" />
  >          </Properties>
  >          <Descriptions default="" />
  >        </Action>
  >      </Actions>
  >    </ItemType>
  >    <ItemType name="uwl.request.webflow.decision.WS91000001.UWLSETXXX" connector="WebFlowConnector" defaultView="WorkItemRequestsView " defaultAction="viewDetail" executionMode="default">
  >      <ItemTypeCriteria systemId="UWLSETXXX" externalType="WS91000001" connector="WebFlowConnector" />
  >    </ItemType>

• Integrating WebCenter Interaction 10gR3 with UCM Contributor 11gR1

  Hello,
  I found there are services such as WCM_BEGIN_EDIT_SESSION to do it but I wonder what is really available within a WCI portlet.
  For instance :
  - does it give access to the placeholder menu (like in a site studio website) ?
  - does it highlight the contribution region too ?
  - if yes, does it give access to the same options like "switch content", "document info", "edit" ?
  - Is the edit form available from WCI like a site studio website ?
  - Is the FCKEditor working as well in an edit form from WCI as from a site studio website ?
  - when switching content, can we browse into UCM and/or local system ?
  - would you have already done such integration showing it is feasible ?
  Thanks for any clue !
  Regards,
  Vince

  I found answers in this thread :
  Re: Services in SiteStudio Designer WCM_PLACEHOLDER and WCM_BEGIN_EDIT_SESSION
  Thanks !

• ADF and WebCenter 11g libraries upgrade paths for WLS 12.1.3

  We want to upgrade one of our WLS from 10.3.6 to 12.1.3.
  (1) The application hosted on this instance uses the following ADF and WebCenter libraries (also deployed on the same WLS). Please confirm if these can be deployed in WLS12c without any changes or if we need to check on an upgrade path to ADF or Webcenter 12c components as well:
  adf.oracle.businesseditor(1.0,11.1.1.2.0)
  adf.oracle.domain(1.0,11.1.1.2.0)
  adf.oracle.domain.webapp(1.0,11.1.1.2.0)
  oracle.adf.dconfigbeans(1.0,11.1.1.2.0)
  oracle.adf.desktopintegration(1.0,11.1.1.2.0)
  oracle.adf.desktopintegration.model(1.0,11.1.1.2.0)
  oracle.adf.management(1.0,11.1.1.2.0)
  oracle.bi.adf.model.slib(1.0,11.1.1.2.0)
  oracle.bi.adf.view.slib(1.0,11.1.1.2.0)
  oracle.bi.adf.webcenter.slib(1.0,11.1.1.2.0)
  oracle.bi.composer(11.1.1,0.1)
  oracle.bi.jbips(11.1.1,0.1)
  oracle.bpm.mgmt(11.1.1,11.1.1)
  oracle.webcenter.composer(11.1.1,11.1.1)
  oracle.webcenter.skin(11.1.1,11.1.1)
  oracle.wsm.seedpolicies(11.1.1,11.1.1)
  orai18n-adf(11,11.1.1.1.0)
  (There are other libraries too but not anything related to ADF or Webcenter)
  (2) We also have EM extension template in WLS 10.3.6. How can we upgrade this? Do we need to delete this and install FMW infra 12c with the additional DB schema and then try to extend the 12c domain?

  Moved your thread to the WLS Communities since you are not asking if products are certified.
  Thanks,
  Lisa Fedynich

• Integrating Canon Raw Converter with Aperture (for G9)

  This is a follow up question to an email I posted last night on Apertures incompatibility with Canon G9 Raw Format.
  DOes anyone or has anyone tried to integrate the Canon Raw Converter that came with the G9 in with Aperture? I thought of it this morning. My thought is to identify the Canon Raw converter as the external editor. Changes can be made in Canon RAW then saved. There would be the additional picture created in Aperture that I can modify. Granted the saved format would need to be a jpeg or tiff file format.
  Any thoughts? Has anyone tried this?
  Also, what is a high quality format the file can be saved once changes are made in Canon RAW?
  Thanks

  Using 'Open in External Editor' in Aperture tells Aperture to convert the RAW file to either a TIFF or PSD and send that to the external editor, not the RAW file. So if a camera is unsupported by Aperture you can't use the command...
  Ian

• SecurityContext userName with OAM SSO

  Hi,
  We need to get the logged in userName property from the securityContext(). We are using OAM for SSO.
  The code #{securityContext.userName} works fine when we used Basic login process with OAM and we get the logged user info, but we need to use Form based login and when we change to Form based we keep getting "anonymous" and can't get any property from the securityContext.
  Didn't find any solution for this.
  Has anyone dealt with similar issue?
  Thanks

  Thanks for all the replies.
  I am working with another colleague who is configuring OAM and so have been testing different configurations.
  We are using WebCenter 11.1.1.5 and OAM 10g (10.1.4.3) and OAM is used as the SSO for OBIEE and other oracle apps. My application is a custom Portal app and we are not yet using Spaces.
  Access to all applications URLs, including WebCenter are protected by OAM configuation and Webgate. users for now will use an ID/pwd to login. But later they can also use a certificate.
  No security configuration was done at the WebCenter app side and the Login Authentication in web.xml was not set.
  In the WebCenter admin console we configured the OAM as a provider and added
  - "OAM ID Asserter" configured OAM_REMOTE_USER as the SSO Header Name and as the Active type assertor (didn't add obSSOCookie) and "OIDAuthenticator".
  We have no issues to login and if we used OAM Basic authentication. We always get the logged user fine in the securityContext.
  When changed OAM to use Form based authentication the loggin worked but get anonymous in securityContext.
  I am trying to get the securityContext from a custom JSPX page and from a Managed Bean (both work with Basic but not Form based)
  I will test with the:
  <login-config>
  <auth-method>CLIENT-CERT</auth-method>
  </login-config>
  The question I have is do I need to configure WebCenter in other ways than to what I mentioned above? (currently don't see the need since OAM does the work of the authenticating and Asserting and worked with Basic authn.)
  1. I see in Jdev in the web.xml security has: Login Authentication (which will test with CLIENT-CERT), security roles and security Constraints. DON'T see for the need to configure the last two since will have the user roles in OID and securityContext have a method to get the user Roles.
  2. Do I need to enable for the WebCenter application ADF security and add "ADF Authentication and Authorization" ?
  Will provide more updates when we validate and tests the configurations.
  Thanks

• OBIEE 11.1.1.5 SSO integration with OAM 11gR1 (11.1.1.5)

  Hi,
  I am integrating OBIEE 11.1.1.5 with OAM 11gR1 (11.1.1.5).
  I have configured as per section 12.3 of following link:
  http://docs.oracle.com/cd/E22203_01/doc.31/e20664/chapter_12.htm#CHDFAFHH
  After making all these configurtions, when i access:
  http://<OHS server>:<OHS port>/analytics
  User is getting prompted for auth from OAM. After successful auth, request gets redirected to WebLogic server hosting the OBIEE app. I have verified in OBI logs that the header value OAM_REMOTE_USER gets passed to OBI.
  But even with all this, after successful OAM authentication, user is getting prompted with OBI login page.
  Pls help.
  Thanks

  Hi Abhinay,
  I have already make the following configurations as per the documentation:
  To enable SSO:
  1.Log in to OBIEE at
  http://[OBIEE server:port]/em.
  2.Click Farm_<OBIEEDomain>_domain > Business Intelligence > Coreapplication.
  3.Click the Security tab.
  4.Select Enable SSO.
  5.Select SSO Provider: Oracle Access Manager.
  6.Click Apply and Activate Changes.
  Do we need to make some other configurations also at OBIEE EM ?
  Thanks

• Only one UPN suffix works with OAM plugin for RSA-integrated Authentication

  Only one UPN suffix works with OAM plugin for RSA-integrated Authentication while others give "CredentialsRejected" error
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-
  Has anyone seen this before and might know the answer? Any suggestions? Thanks!
  I have setup an OAM authentication scheme that uses a custom plugin to use RSA ACE server - all pretty much exactly as it is outlined in the chapter called "Integrating the RSA SecurID Authentication Plug-in" in Oracle Access Manager Integration Guide. Here's the problem:
  Everything works fine when I use a particular UPN suffix to login to the RSA Securid Login form that is presented, eg. [email protected], but if I create another user that uses a different UPN suffix as defined in Active Directory, (eg. [email protected]), the credentials are rejected. This happens before the secuirid.pl script even gets a chance to run. After hitting "POST" the user is present with the same login screen he was just at, as expected during an authentication failure.
  More info:
  - I have performed successful anonymous ldap queries for both users in Active Directory using LDP. Both users exist in the same domain and in the same OU. If I change the UPN (in AD and the RSA database) to something different from the "good" one, on either user, it fails. If I change the UPN to the "good one" on either user (in AD and the RSA database) it works.
  - if I test users with either the "good" or the "bad" UPN via the RSA agent tester that sits on the OAM box, both of them show as authenticating successfully. However, it doesn't work for the "bad" UPN when I try to access via a web browser on a remote client (but does work with the "Good" UPN)
  - I am not using SSL in any of this yet, it's all http://
  - yes, I already got rid of the "-w" parameter in the first line of the perl script, as per the "login can fail if the Login Attribute Contains an "@" Character in Integration Guide Troubleshooting section
  - here's an example of the settings in rsa securid authentication scheme:
  action:/OracleAccessManager/securid-cgi/securid.pl
  form:/OracleAccessManager/securid-forms-adforest/securid-std-login.html
  creds:login password domain newpin newpin2
  passthrough:yes
  authn_securid fullformdir="C:\apache\Apache2\htdocs/OracleAccessManager/securid-forms-adforest/",machine="MyComputer.mydomain.com:80"
  credential_mapping obMappingBase="%domain%",obMappingFilter="(&(objectclass=user)(userPrincipalName=%login%))"
  Environment:
  OAM 7.0.4.3
  RSA Ace Server 5.2
  Windows 2003 domain with multiple UPNs defined in Active Direcory Domains and Trusts
  Error as seen in the oblog.log for the webgate on the server that holds the RSA login pages and perl script:
  Message^A plugin for the authentication scheme SecurID Authentication has denied authentication for credentials ([email protected]
  password=(omitted) domain=dc=ourdomain,dc=com newpin= newpin2= Resource=/OracleAccessManager/securid-cgi/securid.pl RequesterIP=10.250.1.2 Operation=POST).
  ReqReq^POST /OracleAccessManager/securid-cgi/securid.pl HTTP/1.1 ReqProto^HTTP/1.1 ReqHost^www.MyComputer.mydomain.com. ReqStatLine^
  ReqStatus^200 ReqRawUri^/OracleAccessManager/securid-cgi/securid.pl ReqUri^/OracleAccessManager/securid-cgi/securid.pl
  ReqFilename^C:/apache/Apache2/htdocs/OracleAccessManager/securid-cgi/securid.pl ReqPath^ ReqArgs^
  2009/07/13@15:19:49.665000 45688 46472 AUTHENTICATION ERROR 0x00001515
  \Oblix\coreid\palantir\webgate\src\authentication_event_handler.cpp:1361 "Authentication failed" HTTPStatus^401
  authenticationSchemeName^SecurID Authentication AuthenticationStatus^majorCode = 11[CredentialsRejected], minorCode = 47[AuthnPluginDenied],
  StatusMsg = , GSN = 0, needInfo = NONE Creds^[email protected] password=(omitted) domain=dc=ourdomain,dc=com newpin= newpin2=
  Resource=/OracleAccessManager/securid-cgi/securid.pl RequesterIP=10.250.1.2 Operation=POST
  Only error seen in log produced by the RSA agent that sits on the Access server:
  [20804] 12:27:08.915 File:ACNETSUB.C Line:326 # CheckServerAddress: server 0 detected from address 10.250.88.100
  [20804] 12:27:08.915 File:udpmsg.c Line:968 # Entering decrypts_ok_legacy()
  [20804] 12:27:08.915 File:udpmsg.c Line:999 # decrypts_ok_legacy: decrypt() wpcode1 failed; wpcode0 next ***********
  [20804] 12:27:08.915 File:udpmsg.c Line:1089 # Leaving decrypts_ok_legacy(), result=1
  [20804] 12:27:08.915 File:ACEXPORT.C Line:820 # Entering AceGetUserData()
  [20804] 12:27:08.915 File:ACEXPORT.C Line:833 # Leaving AceGetUserData() return: ACE_SUCCESS
  [20804] 12:27:08.915 File:ACEXPORT.C Line:579 # Entering AceGetAuthenticationStatus()
  [20804] 12:27:08.915 File:ACEXPORT.C Line:592 # Leaving AceGetAuthenticationStatus() return: ACE_SUCCESS

  What are the logs you see at the ACE server end? You can try passing an additional parameter debug="true" to the authn_securid plug-in - it should generate some more logs at the access server - I think in apps\common\bin.
  Also does "ReqHost^www.MyComputer.mydomain.com" look right in the logs?
  -Vinod

• Has anybody integrated with CO-Sign for SSO / Authentication

  Hi Folks,
  Has anybody looked at Co-Sign for SSO in terms of forms / discoverer in the 11g release?
  Gary

  Marvin,
  You make me feel better. I thought I might have been the only one who had ever done this. ;-) It's not too bad to clean up.
  I am referencing old notes, and do not currently have access to an OID instance to verify, but try this:
  In Entry Management, look under the default Oracle Context, under Services, and Ebusiness. You should see an entry for your EBS instance. (For example, the full DN might be: cn=VIS,cn=EBusiness,cn=Services,cn=OracleContext). Remove this record, and you should be set. You may need to remove other links to this record under your custom context. For example, there may also be a DN cn=VIS,cn=EBusiness,cn=Services,cn=OracleContext,dc=your_org,dc=com.
  I was initially concerned that there might be a ton of junk to remove from OID related to the EBS instance registration, but I was not able to find any other likely entries, and was able to proceed with re-registration without issues after removing these two entries.
  Hope this helps!
  Regards,
  John P.
  http://only4left.jpiwowar.com

• Integrating webcenter spaces with Micosoft Client SSO

  Hi All,
  I have configured the webcenter to use an external Identity store (In my case an Active Directory). I followed the documentation as mentioned in : http://download.oracle.com/docs/cd/E12839_01/webcenter.1111/e12405/wcadm_security.htm#BGBHHGEH and I am now able to login to the webcenter using the username / password from the Active Directory.
  Now, I am trying to integrate a Seamless Microsoft Client SSO for the same. I followed the documentation http://download.oracle.com/docs/cd/E12839_01/webcenter.1111/e12405/wcadm_security.htm#BGBCFDJI and created a "NegotiateIdentityAsserter" and made this asserter as the highest in the order. my providers are now int he following order:
  1. NegotiateIDAsserter
  2. ADProvider (SUFFICIENT) : This is my AD Authenticator provider
  3. DefaultAuthenticator (SUFFICIENT)
  4. DefaultIdentityAsserter
  I have now configured such that the Public user does not have 'view' access as per the above document as well.
  Now, when i try to hit http://<machinename>:8888/webcenter , I still get the Login page (not the same as the one where I have public user view enabled though). But seamless authentication is not happening. In the debug log file, i see the following:
  [2009-12-09T17:42:12.511+05:30] [WLS_Spaces] [NOTIFICATION] [] [oracle.webcenter.webcenterapp.internal.view.webapp] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: 0000ILnMct63V8JpQkx0id1B7si000000Q,0] [APP: webcenter] Request-response cycle complete for Spaces request #Request URL =
  From the Login page, if i provide the username and password of the Active directory user, I am able to login. Can anyone please suggest what could be wrong here?
  Thanks,
  Diwakar

  Did you setup weblogic as per this doc? - http://download.oracle.com/docs/cd/E17904_01/webcenter.1111/e12405/wcadm_security_sso.htm#WCADM8175

• SharePoint 2010 with OAM 11g

  We are currently trying to integrate SharePoint 2010 server with OAM 11g with 10g webgate. In our environment SharePoint site is configured with Claims based authentication with LDAP provider for membership. We have performed all the configurations based on the Oracle documentation with validation mode as OAMHttp.
  We are seeing the following behavior after this integration.
  1)     The user requests access to an SharePoint Site
  2)     Webgate protecting the site intercepts the request, determines if the resource is protected, and challenges the user.
  3)     The user enters their OAM credentials; Webgate contacts the OAM Server, which verifies the credentials from user store and authenticates the user. Webgate generates the OAM native SSO cookie (ObSSOCookie), which enables single sign-on and sets the User ID (to username) header variable in the HTTP request and redirects the user to SharePoint site.
  Here, instead of taking user to the home page of the site, the SharePoint login page is displayed again.
  =================================================================================================
  Looking into the debug logs i found the following error.
  Date ProcessId ThreadID ManagesThreadId ClassName MethodName Message
  =================================================================================================
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider Initialize validationMode^OAMHttp
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor Method Entered
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor ValidationURL configured validationUrl^http://wtv-sea-spapp01.chemd.net:8086/ValidateCookie.html
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor validationHost^wtv-sea-spapp01.chemd.net
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor OAMAuthUserCookieName^OAMAuthCookie
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor Method Exited
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider Initialize Setting Validation Type OAMHttp
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider ValidateUser Entering ValidateUser : username^IDG2M
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator ValidateUser Method Entered
  Exception Caught InValidateUser
  The remote server returned an error: (403) Forbidden. at System.Net.HttpWebRequest.GetResponse()
  at Oracle.OAMHttpValidator.ValidateUser(Dictionary`2 creds)5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator ValidateUser Exiting AuthStatus^AuthZFail
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider ValidateUser OAMauthStatus^AuthZFail
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider ValidateUser Method Exited returnCode^False
  If anyone have integrated OAM 11g with SharePoint 2010 earlier, appreciate your inputs in this regard.

  Each license is platform specific, you can't backwards apply or forwards apply licenses from one version of SharePoint to another.
  If you do have MSDN access, you'll have access to all current versions of SharePoint, across the current and retired server products.
  Steven Andrews
  SharePoint Business Analyst: LiveNation Entertainment
  Blog: baron72.wordpress.com
  Twitter: Follow @backpackerd00d
  My Wiki Articles:
  CodePlex Corner Series
  Please remember to mark your question as "answered" if this solves (or helps) your problem.

• Obiee 11.1.1.5 integration with OAM

  Hi,
  I integrated OBIEE 11.1.1.5 with OID11g (as a part of OAM integration),all OID users are getting reflected into obiee.Im able to login in to the ‘analytics’ but not able to access the reports.Also I'm not able to assign any BI groups to OID users.
  Have anyone faced this kind of a scenario?Can anyone please help me?
  If anyone have done obiee 11.1.1.5 integration with oam 11g,please provide me the document which you followed.
  Thanks in advance,
  Fathima farsatha.
  Edited by: 927873 on Jul 16, 2012 12:11 AM

  Hi,
  Please try to access Analytics Webservices by using 'analytics-ws' instead of only 'analytics' in the URL as below,
  http://<Host Name>:<Port>/analytics-ws/saw.dll?WSDL
  Give a try with below link it may help you..
  http://onlineappsdba.com/index.php/2011/12/05/integrate-obiee-11g-with-oam-11g-for-single-sign-on-in-13-steps/
  http://fusionsecurity.blogspot.com/2012/06/integrating-obiee-11g-into-weblogics.html
  http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/sso.htm#CEGJBAED
  Thanks
  Deva