Issue in ESS - Single Signon

Similar Messages

• Single Sign Issue in Ess

  Dear All,
  EP7.0 SP9, ECC5
  We have an major issue in ESS, The problem is with single sign on.
  Here are the scenario's we are using :-
  1. We are using "training1" as EP login id and in PA30 in R/3 InfoType 105 and Sub Infotype 0001 The same ID "training1" (Same as EP log in), the portal is picking the data properly and working fine.
  2. If we use training1 as EP loginID and in PA30 in R/3 InfoType 105 and Sub Infotype 0001 if we use exeibckk (R/3 ID created for each individual user as communication user),
  we are getting error "User TRAINING1 does not exist in this period"
  we need to go ahead with the Step2, since all the EP login users are LDAP configured and,it has more than 15 characters, we cannot use EP login ID in InfoType 105 and Sub Infotype 0001
  since it is restricted to 12 Characters.
  e.g:
  EP user ID is - shivakumar_ks ( taken from LDAP)
  where as his R/3 or ESS user ID is - P000000002
  since the login ID and R/3 ID are different,The system is throwing the error mentioned above.
  We map the Shivakumar_ks with P000000002 in the EP Personalize option. But it is
  not picking up the mapping. It tried to find the Shivakumar_ks in R/3 and fails.
  Even though we are giving the UIDPWD in the system Logon Method.
  Can anyone please give me the solution on the above.
  Thanks in advane
  Ponnusamy P

  Hi,
  As correctly mentioned here by debasish, most of the iviews in ESS and MSS use JCo Connections but there are some iviews which are IACs.
  In this case, you need to configure both JCo connections as well as user mapping. Incase of PA30, which could be an IAC or a transaction iview, <b>you may just focus on User Mapping</b>. But for the webdynpro applications, you would need JCo Connections.
  The link provided by Antonio clearly explains the steps. In brief, these are the steps involved:
  1) Create System and an alias. Make sure that you use the logon method UIDPW.
  2) Using the Personalization link, select a system and give the backend username and password. Save it.
  Log off and test if it works.
  Hope this helps.
  Regards,
  Sunil
  PS: Reward points for helpful answers.

• Single Signon and Integration with Active Directory

  Hi,
  We have a requirement to integrate Active Directory with SAP and implement Single Signon solution. Our Active Directory is running on Windows 2003 and we are having systems 4.7 , ECC6.0 which run on Linux OS in our landscape.
  Can anyone of you help me by answering following questions
  1. Is there any need of any third party solution(tool) to integrate  Active Directory and SAP and activate single signon?
  2.Is there any difference in integration from SAP 4.7 and ECC6.0 of SAP on Linux OS with Active Directory ?
  3. If possible please share any documents or links on above issue.
  Suitable answers will be rewarded with points. Thanks in advance for your help
  Regards
  Murali

  > Thank you very much for providing me the link. But the document on link seem to be in German. Can you please let me know how to get English version of this document.
  I'm sorry, you'd have to ask Realtech for that document in English.
  Basically you can follow
  http://osdir.com/ml/encryption.kerberos.general/2004-11/msg00007.html
  Markus

• Single-signon for multiple sites or sub sites

  Does anyone know of some good articles/publications or suggestions for
  implementing a single signon for multiple very secure internet sites in
  weblogic type environments.
  For example, bank1 has a internet site and bank 2 has an internet site.
  Bank 2 has some cool features they want to offer bank1's customers. They
  agree but, bank1 wants to present bank2 as a tab or part of bank1 site.
  IN order to do this there are lots of fun things, but the things Im
  interested in are how to authenticate between them and handle timeouts.
  timeouts seem particularly tricky in that if I dont hit a page on bank2
  for a while, it could time out its session for the guy on bank1. Also if
  im in the bank2 section of the site, then bank1 could time me out as
  well.
  any ideas let me know.
  thanks
  Joel

  I've been informed ;-) that a pure Java solution is also available from
  Entegrity. So here are a couple of URLs for you to research
  anagrammatically:
  http://www.netegrity.com
  http://www.entegrity.com
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  Tangosol: How Weblogic applications are customized
  "Cameron Purdy" <[email protected]> wrote in message
  news:[email protected]...
  Netegrity?
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  Tangosol: How Weblogic applications are customized
  "Tim Funk" <[email protected]> wrote in message
  news:[email protected]...
  This is long winded and I tried to have this make sense, if it doesn't
  just mark this as read ...
  I am running into the same issue. Out of need, different applications
  need to be hosted on different boxes/JVM's/web applications. I am
  experimenting with a customer single sign on process which is
  independent of Java but lends itself nicely to it. Here is my thoughts:
  1) All applications need to run under the same domain. For example:
  foo.redrose.net, www.redrose.net, bar.redrose.net, app1.redrose.net
  all reside under redose.net.
  2) You have a database table (secure) that contains the following:
  user id, password, session id, last access time.
  3) This database table contains all of the valid sessions across the
  domain (in this exmaple .redrose.net)
  4) There is a daemon running which runs every ?? seconds that deletes
  any records older than ?? seconds/(or minutes/hours) in the
  database.
  5) There exist a cookie which is set to the domain level that contains
  the session id.
  6) The session id provides a way to obtain the id and password for the
  user to authenticate to the container. For example in WL5.1SP8 there
  exists: weblogic.servlet.security.ServletAuthentication.weak(...) to
  authenticate to your container. By using this you will get the
  capability of setting up your roles and ACLS etc in you web.xml and
  weblogic.xml to handle authorization.
  7) All requests to any applications participating in this philosophy
  must do the following for EVERY request (or appropriate):
  Even if you are logged authenticated to the container and authorized,
  you may have timed out or logged out of another application. So the
  database table must be checked to see if the session id exists. At the
  same time, you must also update the last access time to prevent timeout.
  8) If the user tries to access a different application which he has not
  authenticated to yet - the user will be forwarded to a servlet whichwill:
  a) Look for the cookie at the domain level
  b) If the cookie is found - get the UID and PWD from database
  b2) Present login form if cookie is invalid/not exists
  c) Authenticate to container
  d) Forward back to original page and let the container handle
  authorization since you have already authenticated.
  I use have encapsulated the database activity into 3 stored functions:
  1) isValidSession(session_id) - Returns null or the user id and pwd
  concatentated which will need split apart if needed
  2) makeSession(user_id, password) - Returns a new unique session id and
  creates the appropriate record
  3) cleanUpSessions() - Arguements not yet determined. This will delete
  any records older than a certain time. I would like to have the proc
  know what to delete without being given a parameter but time to the
  second level can be tricky for some DBMS's.
  There is a concern of storing the user id and password in the database
  but this can be eliminated with a good design to restrict access to the
  database table and using encrypted connections.
  Hope this helps. Hopefully - a similar philosphy will be adopted by an
  application container so I may not have to worry about this and I can go
  back programming business functionality.
  -Tim
  Joel Nylund wrote:
  Does anyone know of some good articles/publications or suggestions for
  implementing a single signon for multiple very secure internet sites
  in
  weblogic type environments.
  For example, bank1 has a internet site and bank 2 has an internetsite.
  Bank 2 has some cool features they want to offer bank1's customers.They
  agree but, bank1 wants to present bank2 as a tab or part of bank1site.
  IN order to do this there are lots of fun things, but the things Im
  interested in are how to authenticate between them and handletimeouts.
  >>>
  timeouts seem particularly tricky in that if I dont hit a page onbank2
  for a while, it could time out its session for the guy on bank1. Alsoif
  im in the bank2 section of the site, then bank1 could time me out as
  well.
  any ideas let me know.
  thanks
  Joel

• CrystalReports XI RDC causes a disfunction of Lotus Notes Single SignOn

  Our customer uses Lotus Notes. When he installed the CR RDC merge modul (XI Rel. II, SP6), the single signon for Lotus Notes doesn't work anymore. That means the customer has to type in username and password once more if he want's to use Lotus Notes. It seams that the single signon service is running.
  The registry key "ProviderOrder"="RDPNP,LanmanWorkstation,WebClient,npnotes" is correctly sorted (I found that in another forum). Any suggestions? TIA, F. Bartsch

  Hi Frank,
  Well there may be an issue with the RDC, but it seems that yourself and one other have just seemed to report it. We don't have any other information then that. I want to add my two-bits similar along the lines of what Don and Ludek was saying. Personally I would look at the runtime differences before and after the RDC stuff is installed. We have an application called modules, that takes a snap-shot of the runtime in memory for all applications currently running on the system. By running lotus before your RDC install creating a modules snap-shot, and after the install then you will see what the differences are. Perhaps this is just a difference in the COM files on the system.
  As for creating a support case, there is only so much we can do on the forums. Support cases allow you to engage an engineer directly to try trouble shooting and modules would probably be the first thing they would get you to do. If this does turn out to be an issue with our product then there is a process to get a refund on the case. However this is contingent on us determining that it is in deed our issue.
  You can find modules at https://smpdl.sap-ag.de/~sapidp/012002523100006252802008E/modules.zip
  Trevor

• Testing Single Signon partner apps on local dev server

  We're just starting to look at hooking our new webapp into the Single Signon Server. What I don't see, at the moment, is a good way of continuing to test a SSO application on local machines so that it can be accessed through SSO when deployed to the server.
  The application will have to pick up some user information from the signon to decide which data is accessible. Is there some kind of dummy SSO connection, or should I write one? How have people coped?

  Oops! Sorry for multi-posting. Our firewall denied that the posting had happened and I tried again!
  Somebody please delete embarassing duplicates.

• Issue in ESS Personal Information iViews

  Dear Experts,
  I have an issue with ESS Personal Information details. The issue is the personal information related iViews such as Bank information , personal id, address iViews are only displays a road map and a button in disabled mode. Its doesn't display any data.
  But my Employee search iViews are working fine.;
  Any idea about this issue?
  Thanks,
  Ram

  Im getting exactly like below in Bank information iView
  [1] -
  [2]--[3][4]--
  Overview Edit Review and Save Confirmation
  <Previous Step> <Exit>.
  Please help me out!
  Ram

• Issue creating a single PDF from MS Word on Mac

  Using Trial Version of Acrobat XI for Mac.  I am having issue creating a single PDF from MS Word on Mac.  Acrobat is creating multiple files splitting up randomly.  Are there any settings to select for ending up with just one PDF fil

  Sabian,
  As I mentioned before, I have used the following methods, each resulting the same, split up PDF file.
  File>Save As - Selected PDF from under the Format dropdown menu.
  File>Print>PDF - used Save As PDF
  File>Print>PDF - used Save As Adobe PDF
  With this information, I think I have tried all that you have asked me to do.  Please let me know if I could reach out to a technical consultant or someone else who can help.  Thank you.

• Changing session language during Single Signon in PeopleSoft

  Hi All,
  I have a working PeopleSoft Single Signon environment. It is simple architecture where I have used the "Allow Public Access" feature in web profile configurations and a signon peoplecode program.
  Users on an external portal are given PeopleSoft component specific URL's with user ID as a query string in the URL (for testing only). However, I'm unable to allow non-English (or user's language preference feature) login as "SetLanguage" is not supported in signon peoplecode. By default the login is in English.
  Please let me know if there are any work around for this problem.
  Many Thanks
  Srini

  Hello,
  Is there a way to hide the option of select your language on the signin.html, I have removed the html code on signin.html and cleared the web server cache, still it shows up on the signin,html page? Am I missing anything?
  Thanks
  Ram

• Single signon between JSP page and Net.Data page

  I am trying to setup a single signon between a JSP page hosted on a tomcat server, and a Net.Data page hosted on an IBM HTTP server. Both of these servers are running on an AS400. The JSP page (www.jsppage.com/menu) contains a link to the Net.Data page (www.netData.com/page2). In order to access www.jsppage.com/menu the user needs to login. Once this happens I want them to be able to go back and forth between the two pages without having to log in when they switch servers. Page navigation is handled through myServlet.java so that when a user clicks on a link the request is forwarded on to myServlet.java where the servlet determines where to redirect the user to. The servlet uses
  RequestDispatcher requestDispatcher = getServletContex().getRequestDispatcher(url);
  requestDispatcher.forward(request, response);
  to forward the user to the correct page. This works fine for the JSP pages but when I forward to www.netData.com/page2 I get an error telling me the address doesn't start with a /. I also need to send the user name and password for the net.data pages to avoid the second login window to popup.
  I understand that the requestDsipatcher.forward() method directs the browser to a page that is relative to the current root directory. If I try to use response.sendRedirect(url) I get sent to the right page but the signon window pops up. I would appreciate any help.

  I am trying to setup a single signon between a JSP
  page hosted on a tomcat server, and a Net.Data page
  hosted on an IBM HTTP server. Both of these servers
  are running on an AS400. The JSP page
  (www.jsppage.com/menu) contains a link to the Net.Data
  page (www.netData.com/page2). In order to access
  www.jsppage.com/menu the user needs to login. Once
  this happens I want them to be able to go back and
  forth between the two pages without having to log in
  when they switch servers. Page navigation is handled
  through myServlet.java so that when a user clicks on a
  link the request is forwarded on to myServlet.java
  where the servlet determines where to redirect the
  user to. The servlet uses
  RequestDispatcher requestDispatcher =
  getServletContex().getRequestDispatcher(url);
  requestDispatcher.forward(request, response);
  to forward the user to the correct page. This works
  fine for the JSP pages but when I forward to
  www.netData.com/page2 I get an error telling me the
  address doesn't start with a /. I also need to send
  the user name and password for the net.data pages to
  avoid the second login window to popup.
  I understand that the requestDsipatcher.forward()
  method directs the browser to a page that is relative
  to the current root directory. If I try to use
  response.sendRedirect(url) I get sent to the right
  page but the signon window pops up. I would
  appreciate any help.You can't do that without passing username and password.
  The servers keep track of the user by storing a cookie on the clients computer. The cookie is only valid for the domain that created it.
  So, to make this work you need to send the username and password as part of the sendRedirect. the forward() method won't work.
  What you could do is create some code on the .net machine that accepts username, password and target URL as input. Once it receives those parameters it should perform the .net login procedure and redirect to the correct page.
  In your servlet you should pass those parameters on to the .net machine and the user should get the correct page without ever seeing any login windows.
  Make sure to use https if you decide to follow this scheme since http will transmit the username/password in cleartext.
  /Christopher

• How to create reports using single signon

  How to create reports with single signon and how to control the specific user access for the report.

  Hi Denis ,
  Thanks , Can u pls send a short document which contains the steps to configure the single sign on a user friendly
  document.
  regards
  Gope

• Single Signon using Trusted Authentication - version 3.0

  There was good documentation on this in version 2 but looks like 3.0 it was just copied and not much added.
  I am using the ISAPI redirector and have figured out the single signon but it logs in to the little window that use to contain the login when no sso is enabled.
  So, what piece am I missing?  Do I need a newer ISAPI redirctor?

  "madhav" <[email protected]> wrote in message
  news:3fa67a2c$[email protected]..
  >
  We are trying to enable single sign-on through perimeter authentication.We are
  trying to
  accomplish the same using DefaultAuthenticator andDefaultIdentityAsserter. We
  have the
  following questions
  1. Weblogic documentation says that the following authentication types aresupported
  username/password, certificate and perimeter. Where do I set the perimeterauthentication
  >
  type Ex: In web.xml, I can specify basic, Form or Client-Cert as the authmethod.
  How do I
  specify that the authentication method is perimeter based.
  You use client-cert. This causes the servlet container to look for identity
  assertion tokens
  in request headers and cookies. There is a CR to separate this from the
  authentication
  method.
  2. How do I create a token for the DefaultIdentityAssertor.
  Upon investigation in the AssertIdentity method of theDefaultIdentityAssertor,
  the code
  snippet from DefaultIdentityAssserterProvideImpl.java is the following
  You define your token format and implementation and then write a
  corresponding
  identity asserter. It handles the tokens, not the default identity asserter.
  >
  Is there a mechanism to generate the token for the AuthenticatedUser tokentype.We
  are
  trying to pass the token as a part of the HTTPHeader using the
  URLConnection.setRequestProperty("AuthenticatedUser",tokenString"). Wetried two
  >
  The authenticated user token type really should have been internal and not
  exposed as
  a token type. Don't use it - define your own token type.
  See the dev2dev security provider samples for an example of how to do this.

• Tutorial to Develope a Single-signon System using LDAP

  Folks,
  Hello. I have just started to develop a Single-signon security system using LDAP for FSCM and HRMS for my client.
  The only tutorial I get is Chapter 6, 7, and 8 in the document http://download.oracle.com/docs/cd/E05317_01/psft/acrobat/pt849sec-b0307.pdf. It seems it's regarding Oracle Database. But I am using MS SQL Server.
  Can any folks provide a case study or an example or some tutorial regarding developing a Single-signon security system using LDAP for FSCM and HRMS ?

  Connect an Ethernet cable from the Ethernet port in the hotel room to the WAN "O" port on the AirPort Extreme wireless router. An AirPort Express router will work as well for this. So will a Time Capsule.
  http://www.apple.com/wifi/
  Configure the AirPort Exteme to "create a wireless network".
  Configure the AirPort Extreme to operate as a router providing DHCP and NAT service, which is the default configuration of the AirPort Extreme.
  Connect your computer to the wireless network that the AirPort Extreme is producing
  Open your Internet browser. You are on the Internet. If the hotel's log in page appears, enter your credentials and agree to terms, etc.
  Connect any other wireless devices that you have to the same wireless network that the AirPort Extreme is providing
  The hotel network will charge you for one connection.
  This works in just about any hotel where I have ever stayed, but I cannot guarantee that it will work for you.

• Single Signon in WLP 4.0 ?

  Hi,
  Can someone help me with a step-by-step description on how to achieve single
  signon between
  a number of portals (same deployment)? We have some problems getting it to
  work properly, and
  I think I have thoroughly confused myself :-)
  - Jan

  FYI: After many attempts and an email from a BEA contact, this is not possible
  with the portal architecture because all requests are routed through PortalWebflowServlet.
  "Chris" <[email protected]> wrote:
  >
  Trying to map a specific portlet in my Portal application to a specific
  ExecuteQueue
  and I am unsuccessful at this point.
  Can anyone help me out?
  Thanks in advance.

• Can anyone send the Single Signon implementation guide document?

  We need implement the single signon between the PeopleSoft Portal 9.0 and PeopleSoft HCM 9.0, please help post the related implementation and configuration document.

  Have a look to that thread :
  Re: How to implement Single Sign On
  Nicolas.