IRecuritment: Resume Parsing with Single Sign on (SSO)

Application Version:11.5.9
RDBMS Version:9.2.0.7
Patch Level:IRC.D, HR_PF.G
Problem Description/Question:
Anyone successfully parsed resumes with Single Sign On enabled. We are unable to parse resume with SSO. If I disable the SSO the parsing is working fine. With the SSO enabled resume parsing giving the following error:
javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
Pl. let me know if you have any suggestions/work around to resolve the issue. Client is going to live in 3 weeks. Any help is appreciated.
Thanks,
V

Hi Rainer,
you can find this setting in your Internet Explorer. Use Tools -> Internet Options -> Advanced. In the section "Security", check "Enable Integrated Windows Authentication (requires restart)" and restart your browser.
If the error still persists Note
934138 might be useful. 
Hope this will help out.
Regards,
André

Similar Messages

  • CRM single sign on (SSO) to R/3 system via ITS 6.20

    Hi all
    I try to configue CRM2007 single sign on (SSO) to R/3 system via ITS 6.20.
    my configuraion process
    1. on CRM2007
    -profile : login/accept_sso2_ticket = 1
                  login/create_sso2_ticket = 2
    - t-code : strustsso2 --> export system PSE
    2. on R/3 system
    - profile : login/accept_sso2_ticket = 1
                   login/create_sso2_ticket = 0
    - t-code : strust --> import certification --> add certification list --> save
    - t-code : oss2 --> execute with crm rfcdestination --> all green.
    3. ITS
    ~appserver      r/3.domain
    ~client     
    ~clientcert      1
    ~cookies      1
    ~exiturl     
    ~hostsecure      itshost.domain
    ~hostunsecure      itshost.domain
    ~language     
    ~login     
    ~logingroup     
    ~messageserver     
    ~multiinstanceservices      1
    ~password     
    ~portsecure      443
    ~portunsecure      80
    ~routestring     
    ~runtimemode      pm
    ~systemname      R/3 SID
    ~systemnumber      R/3 system no
    ~theme      99
    ~timeout      600
    ~urlimage      /sap/its/graphics
    ~urlmime      /sap/its/mimes
    ~usertimeout      240
    ~xgateway      sapdiag
    ~xgateways      sapdiag,sapxgwfc,sapxginet,sapextauth
    ~mysapcomgetsso2cookie 
    ~mysapcomusesso2cookie  1
    ~mysapcomssonoits  1
    for SSO check, execute web ui and then log on web ui
    I go to the Interation center and then go to the ERP information.
    but ITS log on screen appear.
    crm user and r/3 user is same.
    how can I do ??

    You use Server Port 3600, message server.
    It means, while creating a system you used wrong template and picked "SAP system using dedicated application server".
    You should use "SAP system with load balancing", since message server is doing load balancing.
    Once you selected correct template you will see "Message Server" instead of App and GW servers.
    Make sure to fill in
    Group  - Logon group to use. If not defined in R3, use SPACE
    Message Server - ansapdev01
    SAP Client = 150
    SAP System ID <SID> = DEV
    Server Port 3600
    System Type = SAP R/3
    It should work.
    Regards,
    Slava

  • Single Sign-On (SSO) in Web Server 7.0u5

    Hello,
    I am in the process of trying to configure single sign-on (SSO) between several apps in the same SJWS 7.0u5 virtual server, and I'm not having much luck. This appears to be very similar to the problem reported in another thread (http://forums.sun.com/thread.jspa?forumID=759&threadID=5281564) that applied to 7.0u2.
    I found one interesting detail that the previous post did not mention, however, and I think it is key to resolving this issue.
    I've been using the SSO feature of WS7 since day one, and up to this point is has worked flawlessly. However, I am in the process of adding a new webapp that differs from the prior webapps in one significant way: it uses form-based login, and all the previous webapps used basic authentication.
    Using the "Live HTTP Headers" Firefox add-on I captured the cookie exchanges between the client and server, and this is what I see:
    1. Logging in to any of the apps that use basic authentication results in both the JSESSIONID for the current webapp and the JSESSIONIDSSO for the entire server to be returned in the response.
    2. If I then go to a secured URI in the new (form login) webapp the JSESSIONIDSSO cookie is sent, but I still land on the login page.
    3. When completing the login form and submitting it, no JSESSIONIDSSO is returned.
    In both types of apps, my web.xml includes the appropriate configuration. FORM authentication:  <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>ldap</realm-name>
        <form-login-config>
          <form-login-page>/login.jsf</form-login-page>
          <form-error-page>/error.jsf</form-error-page>
        </form-login-config>
      </login-config>...and BASIC authentication:  <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>ldap</realm-name>
      </login-config>From this, it appears as though the SSO functionality is not working when using FORM authentication, only when using BASIC authentication.
    The web apps developer's guide specifically says that SSO works for all webapps in the same virtual server with the same realm-name, which is certainly the case for me. It doesn't say that SSO is not supported in FORM-authenticated webapps, but that would appear to be the case.
    Or is this a bug?
    Or am I simply doing something obviously wrong?
    Thanks!
    Bill

    In addition, I set the logging level to "fine", and I see these entries for the FORM authentication:
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Process request for '/testSso/'
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:  Checking for SSO cookie
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:  SSO cookie is not present
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Security checking request GET /testSso/
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:   Matched constraint 'SecurityConstraint[secureURIs]' against GET /index.jsp
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:   Matched constraint 'SecurityConstraint[secureURIs]' against GET /index.jsp
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:  Calling hasUserDataPermission()
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:   User data constraint has no restrictions
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:  Calling authenticate()
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Restore request from session '19FFE2F63CF4E8756C19B60AC6F7A65E'
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Authenticated 'testUser' with type 'FORM'
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Registering sso id '2698AFCE8889EF9877778386855517BC' for user 'testUser in realm ldap' with auth type 'FORM'
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Associate sso id 2698AFCE8889EF9877778386855517BC with session StandardSession[19FFE2F63CF4E8756C19B60AC6F7A65E]
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports: Proceed to restored request
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:  Calling accessControl()
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:   Checking roles testUser
    [06/Sep/2009:22:52:57] fine (20013): for host 127.0.1.1 trying to GET /testSso/index.jsp while trying to GET /testSso/, service-j2ee reports:  Successfully passed all security constraintsThat seems to indicate that an SSO ID is created and a cookie should be sent with the response, but as show in the Live HTTP Headers output, that is not the case.
    The log entries for the BASIC authentication are as follows:
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Process request for '/ppc/'
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:  Checking for SSO cookie
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Security checking request GET /ppc/
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:   Matched constraint 'SecurityConstraint[ppc]' against GET /index.jsp
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:   Matched constraint 'SecurityConstraint[ppc]' against GET /index.jsp
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:  Calling hasUserDataPermission()
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:   User data constraint has no restrictions
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:  Calling authenticate()
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Logging in user [testUser] into realm: ldap using JAAS module: ldapRealm
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Password login succeeded for : testUser
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Authenticated 'testUser' with type 'BASIC'
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Registering sso id 'A58B93F0A00C619AF18F53C2F7C00D16' for user 'testUser in realm ldap' with auth type 'BASIC'
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: Associate sso id A58B93F0A00C619AF18F53C2F7C00D16 with session StandardSession[EF2E1F7E8B3FB7E3FDD4607E4A62D99E]
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:  Calling accessControl()
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:   Checking roles testUser
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports: No role found:  administrator
    [06/Sep/2009:22:57:29] fine (20013): for host 127.0.1.1 trying to GET /ppc/index.jsp while trying to GET /ppc/, service-j2ee reports:  Successfully passed all security constraintsIn this case, you can see that the SSO ID that is generated matches the value set in the response.
    Bill

  • Configuring JCo3 Connection Pool with single sign on on non SAP Java server

    Hi Everyone,
    i have configured a connection pool on JBoss as per JCo3 Documentation and is working great.
    Now I need help to configure this connection pool with single sign on so that RFc on SAP ECC systems are executed using end users credential rather than using single user name password used to configure JCo connection pool.
    On SAP Java stack I am sure its possible within Java WebDynpro    and i assume using JCA resource adapter. But what if we don't want to use SAP Java App server.
    Any help will be appreciated.
    Thanks,
    Divyakumar Jain

    Eason, 你好!
    I have exactly the same problem.  Did you find a solution to this problem?  If so, please let me know!

  • Can Captivate pull a user's login information from a Single Sign On (SSO) page?

    Looking to start pushing out quizzes and trainings via Captivate.  We currently do not have a LMS, so I started testing using Acrobat.com.  We have a Single Sign On (SSO) page that passes our users credenitals on to all the sites and apps.  Is there a way for Captivate to get those credentials, when submitting quiz results?  Do they have to submit their quiz answers via an Acrobat sign in?  Can Captivate auto submit answers or does the end user have to hit the Submit/Submit All button?

    Hi there,
    There is no native feature for getting SSO information in Captivate course.
    If you don't have an LMS, and if you would like to use Acrobat.com reporting, then learner will have to click on the post results button, and enter their Adobe.com or Acrobat.com credentials, then hit submit. (Learners must have an Account on Acrobat.com or Adobe.com to submit the results.)
    If the course will be accessed within the organization's network, then you can also use Internal server reporting, that works exactly same except learners do not need an account on Adobe.com
    They will have to enter their Name and E-mail address to niquely identify them while fetching result reports.
    Thanks.

  • Using multiple wireless networks with Single sign on?

    The university that I currently work for has switched from one wireless SSID to 2 separate SSIDs that separate the student users from the faculty/staff users. At this time only the Faculty Staff can log into STAFF and students can only log into STUDENT...
    I have a few laptop carts that were setup for student use and have single sign on configured for the STUDENT wireless connection. The laptops are on the university's domain so that students have access to the home drives.
    We run into problems when Faculty try to use a laptop to teach a class. They are unable to log in because their credentials are not authorized for the STUDENT wireless network. 
    So...Is it possible to setup 2 wireless profiles (STUDENT and STAFF) with single sign on and give the user an option to choose from?

    Hi,
    Based on your description, I would like to suggest you use Group Policy to configure Wireless Network Settings:
    Using Group Policy to Configure Wireless Network Settings
    http://technet.microsoft.com/en-us/magazine/gg266419.aspx
    Please follow the information from the link above to check the issue.
    If it doesn’t work, I recommend you initial a new thread in our Windows Server Forum for further assistance.
    http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?category=windowsserver
    Hope it helps.
    Regards,
    Blair Deng
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Want to integrate Primavera P6 EPPM with Single Sign-on

    Hi,
    Please let me which product you are using to integrate Primavera P6 EPPM with Single Sign-on?
    Thanks

    Check out the security integration guide:
    http://download-west.oracle.com/docs/cd/E10316_01/cs/cs_doc_10/documentation/admin/managing_security_10en.pdf
    Integrating with Active Directory is easy... most Single Sign On solutions are similar, although some require custom code

  • How to configure Exchange 2013 OWA with Single Sign On

    Hi All ,
    How to configure Exchange 2013 OWA with Single Sign On ?
    Thanks .

    Hi,
    From your description, I am not quite sure what you really want to achieve. Could you explain it furthermore? If you need to set up Exchange 2013 OWA single sign on with Exchange 2010, here is a helpful thread for your reference.
    Exchange 2013 OWA Single Sign on with Exchange 2010
    https://social.technet.microsoft.com/Forums/en-US/2899ebfc-8622-4cdc-8d77-d76b607618f7/exchange-2013-owa-single-sign-on-with-exchange-2010?forum=exchangesvrdeploy
    If that is not your case, please feel free to tell me.
    Best regards,
    If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Amy Wang
    TechNet Community Support

  • Changing of the standard port 1521 and afterward problems with Single Sign

    System / Host Environment
    Operating System: HP-UX 11i, Existing Oracle RDBMS Vers. 9.2 x, Listener on standard port 1521
    9iAS System Architecture: 9iAS Infrastructure and Middle tier (AS Instance) on the same machine
    Problem Environment:
    -Before and during the installation of 9iAS infrastructure the Listener of the existing Oracle RDBMS was stopped
    -The installation of 9iAS Infrastructure (db: IASDB) Version 9.0.2.0 works well
    -Afterwards the port 1521 of IASDB changed to 1525. For a detail description of IASB port changing please refer to Doc. ID: 211 929.1 AFTER CHANGE 'IASDB' LISTENER PORT
    -The installation of Patch Set 2 (Common Patch 2703110) follows (9iAS is now up to Release 9.0.2.2).
    -The Installation of 9iAS Middle tier (AS Instance) Version 9.0.3 follows
    Problem description:
    -During the installation of 9iAS Middle tier problems with Single Sign On occurs.
    The reason of this problems seems a communication problem between the Single Sign On login sequence and the IASDB. After a reset of the port changing (back to the standard port 1521) the installation of 9iAS Middle tier works well.
    Through this incorrect and problematic behaviour we have some notes and questions:
    -Well at first the description of the port changing in Doc. ID: 211 929.1 seems us incomplete. Some configuration still carry on the standard port 1521 and not the knew value of the port 1525.
    -So we want to know all configuration files and parts where we have to change the port value manually ?
    -What will happened to the Single Sign On function with this manually port changing. Does Single Sign On works later on correct or have we to change much more ?

    Currently, changing the listener port is not supported. It must stay on 1521. I believe this is to be fixed in a latter release (perhaps 9.0.4)

  • WCI single sign on(SSO) configurations with Oracle Access Manager(OAM)

    I have to integrate the oracle access manager with the WCI(ALUI) for the SSO implementation.What are the configurations required to implement SSO with oracle access manager in WCI/ALUI

    Any answer to the last question on..?
    No, better explain my query with 2 scenarios:
    Scenario 1:
    Usual scenario authentication of a user to a web application without the single web functionality on the acces single manager:
    Login screen of the web application ====> Access to the web application home
    Scenario 2:
    Scenario authentication of a user to a single web application with web functionality on the acces single manager:
    Login screen oracle access manager ====> Display login web application ====> Access to the web application home
    My query is:
    You can configure the functionality of single sign on to access manager with a web application that does not have its login screen of the web application. For example:
    Login screen oracle access manager ====> Access to the web application home

  • OBIEE 11G with Single Sign-On and Active Directory

    Hi guys,
    Release Version: Oracle Business Intelligence 11.1.1.5.0
    Patch applied: 11.1.1.5.0 BP3 (Patch 13832750)
    OBIEE Server operating system: Windows Server 2008 SP2 (32-bits Operating System).
    We are trying to configure Single Sign-On according to TechNote_WNA_SSO_AD_V4.0.doc.
    Our krb5login.conf:
    com.sun.security.jgss.krb5.initiate {
    com.sun.security.auth.module.Krb5LoginModule required
    principal="[email protected]"
    keyTab=cgdkobi2.keytab
    useKeyTab=true
    storeKey=true
    debug=true
    com.sun.security.jgss.krb5.accept {
    com.sun.security.auth.module.Krb5LoginModule required
    principal="[email protected]"
    keyTab=cgdkobi2.keytab
    useKeyTab=true
    storeKey=true
    debug=true
    We generate de keytab file:
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.24\bin\ktab.exe -k cgdkobi2.keytab -a [email protected]
    Password for [email protected]:XXXXXXX
    Done!
    Service key for [email protected] is saved in cgdkobi2.keytab
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\kinit -k -t cgdkobi2.keytab cgdkobi2
    New ticket is stored in cache file C:\Users\cgdkobi2\krb5cc_cgdkobi2
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\klist -k -t cgdkobi2.keytab
    Key tab: cgdkobi2.keytab, 1 entry found.
    [1] Service principal: [email protected]
    KVNO: 1
    Time stamp: Mar 15, 2013 10:34
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>klist
    Current LogonId is 0:0x406163f5
    Cached Tickets: (0)
    We re-start the services and logon into analytics web and SSO doesn't work but there's not an error. It runs successfully with and Active Directoy user and password. Seems like SSO wasn't enabled, but I checked is enabled.
    Any suggestion?
    Thanks in advanced

    Follow the posts : OBI 11.1.1.6.SSO and You are not currently signed in to Oracle BI Server" for OBIEE 11.1.1.6 SSO do the troubleshooting mentioned there.
    Also check your logs for error like the one below:
    [2012-03-09T16:42:36.000-05:00] [OBIPS] [NOTIFICATION:1] [] [saw.securitysubsystem.checkauthentication.runimpl] [ecid: 6c98b5cce1f24814:2a613331:135f95fbdff:-8000-0000000000005b7a,0:1:1] [tid: 5932] Authentication Failure.
    Odbc driver returned an error (SQLDriverConnectW).
    State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
    [nQSError: 43113] Message returned from OBIS.
    [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)[[
    If you are getting this when you login to OBIEE :      You are not currently signed in to Oracle BI Server"
    then you need to apply this patch : 13553428 QA:BLK:DELIVER TO CORP. OID LDAP USERS FAILED WITH IMPERSONATOR DOES'NT EXIST. 11.1.1.6.0 Generic Platform (American English) General Oracle BI Suite EE Apr 5, 2012 799.4 KB
    Let us know the updates. Hope this helps. Mark if it does.!
    Thanks,
    SVS

  • Slow report viewer/rdlc performance in local mode with Single Sign On

    Hi Team,
    We have recently enabled Single Sign On to our application and after that our rdlc reports loading got extremely slow.
    Please find the below configuration that we are using.
    1. Report Viewer 11.0.0.0
    2. running rdlc file in local mode (not using Report Server)
    3. System.IdentityModel.Services 4.0.0.0
    The query behind the reports is returning result in 5-10 sec but report is taking 1-4 min to load (sometimes getting timeout) (as per the complexity of the report).
    We have tried a lot of workaound but nothing worked.
    i saw performance improvement in reports by addding <trust legacyCasModel = "True"   level="Full" /> in config file, But using this we are getting "Dynamic operations can only be performed in homogenous AppDomain" error
    in many pages of our application.
    Without SSO reports are running completely fine.
    We are stucked here and not able to proceed. Is there any issue with the SSO and rdlc in local mode ? Is there any hot fix available for the same ?
    Please help !!!
    Regards,
    Pranav Sharma

    This problem is probably related to :
    [http://blogs.oracle.com/stevenChan/2010/03/ebs_jre_issues_16018.html]
    Oracle problem ID : 1054293.1
    Loginpage / Error in Browser for Export and Attachments after upgrading to Sun JRE 1.6.0_18 [ID 1054293.1]
    Sun bug : 6927268
    ShowDocument calls results in new iexplorer process

  • Single Sign On (SSO) Issue

    We are running Business Objects Enterprise XI 3.1, SP2 (BOBJ) in a Windows environment and have implemented single sign on for Windows AD.  Randomly single sign on does not work for some of our users when either accessing InfoView or when executing a WebI report via an OpenDocument call.  These users can log into InfoView using the Windows ID and Password manually.  The users also have the u201CEnable Integrated Windows Authenticationu201D option checked in IE.
    We have checked the InfoViewApp web.xml and OpenDocument web.xml settings and everything appears to be setup correctly for using sso and vintela (per SAP Note 1251945).  Required SPN entries appear to have been made.  The maxHttpHeaderSize setting in the Tomcat server.xml is set to 16384.  We do tend to make substantial use of Windows AD Groups within our security model.
    When the users are unable to login via sso, here is the error stack that appears in the Tomcat stdout.log:
    SEVERE: Servlet.service() for servlet action threw exception
    java.lang.IllegalStateException
         at org.apache.catalina.connector.ResponseFacade.sendError(ResponseFacade.java:418)
         at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:117)
         at com.businessobjects.sdk.credential.WrappedServletResponse.sendError(WrappedServletResponse.java:30)
         at com.wedgetail.idm.sso.AbstractAuthenticator.setUnauthorizedResponse(AbstractAuthenticator.java:1328)
         at com.wedgetail.idm.sso.MechChecker.authenticate(MechChecker.java:144)
         at com.wedgetail.idm.sso.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:1060)
         at com.wedgetail.idm.sso.AbstractAuthenticator.authenticateServiceTicket(AbstractAuthenticator.java:998)
         at com.wedgetail.idm.sso.AbstractAuthenticator.checkAuthentication(AbstractAuthenticator.java:953)
         at com.wedgetail.idm.sso.AuthFilter.doFilter(AuthFilter.java:122)
         at com.businessobjects.sdk.credential.WrappedResponseAuthFilter.doFilter(WrappedResponseAuthFilter.java:66)
         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
         at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
         at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
         at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
         at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
         at java.lang.Thread.run(Thread.java:595)
    Before we go about installing SP3 in an effort to resolve the problem, can anyone look at the above error stack and tell us what might be going on here?  Would the above error stack be consistent with an Httpheader getting truncated?
    Thanks in advance for your help.
    Wendell Giedeman

    That error is part of a logging bug and not related to your issue. If SSO is working consistently from infoview then it probably is not a web.xml setting either. The most common problems with opendoc have been related to sessions. Are the users using a new IE window or possibly one that had previous documents open? If it is the session issue then SP3 may help as some work has been done in that area. If you are sure the users are using new IE windows for the opendoc calls then more troubleshooting may be required to identify the problem.
    Regards,
    Tim

  • FC3 : Problem with Single Sign-On

    Hi,
    We are installing Oracle 10g (ias 10.1.2) on Federo Core 3 Operating system.
    We installed successfully 'oracle Infrastructure' 10.1.2. We navigated to infrastructure home, the single sign-on status is'Down' and other components are 'Up'.
    What could be the problem with SSO?.
    Your help will be appreciated.
    Regards,
    Raj

    Hello
    I have the same problem. I installed succesfully Oracle10g on SLSE9 but the single sign-On is every down I followed all step but the problem isn't resolved.
    I would like the infrastructure on Linux you have any idea?

  • Oracle identity federation 10g--error while login with single sign

    Hi...
    I installed oif10g using microsoft ad2003.now i am integrating with salesforce.com to provide single sign on...but while signing authentication is failed...so for that we need to search for assertion which will be under federation-mssg.log..
    but no error messg is under it...so can any one help to enable all debug settings in oif..

    Hello,
    I think its not possible to mix and match authentication once you have set OBIEE to use EBS ICX cookie based authentication, you would not able to use the DefaultAuthenticator Provider.
    Let me know the updates.
    Thanks,
    SVS.

Maybe you are looking for