JAAS ,SSO and OC4J

Hi ,
Earlier , We were connecting our application as partner applications in portal for SSO authentication. We used SSO sdk for diverting requests to SSO. I was reading some literature and it seems oracle is supporting connecting to SSO from JAAS provider. Can i get a documentation for 10G JAAS (With details on how to connect to SSO).
questions
1. Is JAAS just replacement of SSO sdk and we still need to define partner applications?
2.Do I need to configure mod_osso ? and then JAAS will give user details . (I don't need to define partner application.)
thanks
Simar

I do believe there is a logout URL that you need to set. When the user logs out of the application, they also need to be redirected to the logout URL. This is covered in the Oracle Application Server Single Sign-On Application Developer's Guide
From the doc:
Security Issues: Single Sign-Off and Application Logout
If you build custom applications using OracleAS release 9.0.4, note the following: when global logout, or single sign-off, is invoked, only the single sign-on and mod_osso cookies are cleared. This means that an OracleAS application must be coded to store single sign-on user and realm names in either the OC4J session or in the application session. The application must then compare these values to those passed by mod_osso. If a match occurs, the application must show personalized content. If no match occurs, which means that the mod_osso cookie is absent, the application must clear the application session and force the user to log in.
They also have a code example:
Application Logout: Recommended Code
Most applications that authenticate users have a logout link. In a single-sign-on-enabled application, the user invokes the dynamic directive for logout in addition to other code in the logout handler of the application. Invoking the logout directive initiates single sign-off, or global logout. The example that follows shows what single sign-off code should look like in Java.
// Clear application session, if any
String l_return_url := return url to your application e.g. home page
response.setHeader( "Osso-Return-Url", l_return_url);
response.sendError( 470, "Oracle SSO" );

Similar Messages

SSO and JavaScript

Hi all,
does any one of you know about any restriction or any other issue involving SSO and JavaScript?
We have a web app in an OC4J instance, which uses JSP and JavaScript.
When SSO is disabled for the application, everything goes well. But when SSO is active, the page loads a lot slower, and the IE browser always shows the error icon when any component tries to execute Javascript.
Any ideas about this issue?
Oracle AS 10g (9.4.1)
Win 2000 SP4
IE 6.0 SP1
Thanks a Lot in advance.
Have a nice day.
Jaime

It is simpler to do from server side as follows. Place below line
inside Page_Load event of any portal component:
Write(this.Request.Cookies.Get("MYSAPSSO2").Value);

Owsm jaas sso integration

Hi,
I'm not sure if it is possible to integrate Oracle Web Service Manager with Web Security (JAAS).
We have a portal app with sso, and I'd like to know if the security context (jaas subject) is automatically propagated when I send a web service from this application (using salm).
We are trying to implement a SOA architecture.
Is it possible?
Regards,
Gaston

Hi,
- Open the Policy Domain defined to protect your URLs.
- Go to Policies tab.
- Protect below URLs with anonymous authentication scheme.
http://hostname:port/insurance/webservcies
http://hostname:port/gcs/webservcies
Regards
GK Goalla

SSO and how to Managing User Roles/Privileges with Forms using Oracle db

We are in the process of implementing Oracle Application Server SSO with our custom Forms application using Oracle database -- all 10.2.0.1.0 version.
In our Forms Applications, we have about a dozen roles we have assigned to various users. We need to identify each user using our Forms because we are using the GLOBAL USER throughout the application.
Questions:
-- Do we have to create users/passwords in both OID and application database?
-- Is there a way to easily manage the user and passwords between SSO and Forms App/database in one place? For example, how does a user change their password once, but actually change it in both the database and SSO?
Any advice and/or direction would be greatly appreciated.
Thank you,
Mika
Edited by: user11846198 on Sep 1, 2009 1:41 PM
Edited by: user11846198 on Sep 1, 2009 1:53 PM

Yes, you can have global roles in the DB and assign this roles to specific OID users, and the will heritage the privilages, you can do this using Oracle Identity Management Web Tool http://hostname:7777/oiddas is not complicated.
Greetings.

Java SSO and IIS

This is a repeat of this post: Java SSO and IIS
Noone answered there.
Hello,
my organization uses Java SSO authentication in Oracle Application Server. Now we want to "expand" SSO so that our IIS applications can benefit from Oracle SSO and user needn't print user name / password again. Is there any way to use Java SSO in IIS? In this project we use Java SSO, not Oracle Identity Management.
Thanks in advance

Hi ,
I was installed and configured policy agent successfully.while i am trying to access the application url i am getting following error.
I am using IIS6.0 and access manager 7.1.
Error 2824:15b9918 AuthService: AuthService::processLoginStatus() Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp.
2009-03-10 00:03:05.828 Error 2824:15b9918 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp and code:3
2009-03-10 00:03:05.828 Warning 2824:15b9918 PolicyAgent: am_web_is_access_allowed()(http://fcs-ylwkuzfoz1q.ramesh.com:99/website.html, GET) denying access: status = Access Manager authentication service failure
2009-03-10 00:03:05.828 Debug 2824:15b9918 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://fcs-ylwkuzfoz1q.ramesh.com:99/website.html.
2009-03-10 00:03:05.828 Info 2824:15b9918 PolicyAgent: am_web_is_access_allowed()(http://fcs-ylwkuzfoz1q.ramesh.com:99/website.html, GET) returning status: Access Manager authentication service failure.
2009-03-10 00:03:05.828 Debug 2824:15b9918 PolicyAgent: HttpExtensionProc(): status after am_web_is_access_allowed = Access Manager authentication service failure (3)
2009-03-10 00:03:05.828 Error 2824:15b9918 PolicyAgent: HttpExtensionProc(): status: Access Manager authentication service failure (3)
2009-03-10 00:03:05.828 Debug 2824:15b9918 PolicyAgent: OnSendResponse(): HTTP Status code is 500
can any one please help me to resolve this.
Thanks
Ramesh Kumar GV

SSO and external applications

Hello folks,
Due to my inexperience with PS6, I'm looking for some high-level outline that will help me look in the right places and understand things better here.
I have an external application that requires authentication via a web form (or by attaching the username and password on the URL as parameters).
What I want to do is have a channel of this application and utilize information from the SSO mechanism to redirect the request to that remote app and provide the credentials for a transparent login.
From what I understand this can be done by having a servlet in that channel to retrieve the credentials of the user for that remote application from the SSO and then redirect to the external application, attaching the credentials to the URL.
Is the above correct? I would appreciate any pointers or considerations since my experience with PS is minimal.
Thanks in advance,
Manos

I don't see a way to that servlet to retrieve a password for the user - it's not stored in the session.
There are following options:
1. OpenText LiveLink way: You have some "hidden" password for every user (based on user's ID and a shared key) known only to your server and this servlet. Servlet will supply this password.
2. Normal way - web server: Implement login module to this application, which will trust REMOTE_USER variable provided by the agent on the web server.
3. Normal way - standalone app: Implement login module to this application which will validate DSAME session cookie on the DSAME server. You can use example code in the SUNWam/samples/ of your server.

How do I use toplink with Spring 2.5 and oc4j 10.1.2?

Our existing java server environment is limited to Oc4j 10.1.2 due to being tied to Oracle Forms.
We've added a java 6 jdk to the machine and linked it to a specific container to examine some newer java features since this version of the application server only comes with java 1.4.2.
Does anyone have some configuration steps for getting toplink essentials and spring to work with oc4j 10.1.2? Even with oc4j 10.1.3 in jdev 10.1.3.4 I'm having problems trying to figure out what needs placed in the persistence.xml file verses what needs placed in the spring-beans.xml file.
I'm trying to either use the J2SE option of keeping the connection information in the persistence.xml file (which doesn't work) - it tries to connect to //localhost:1521/orcl. If I try to define a datasource within Spring's xml file, I'm not sure how to tie that into the persistence.xml file. Could I use the oc4j 10.1.2 container provided datasource?
It seems like I'm at a loss as to how to get this working. If you'd like me to post some files, I can do that later on today when I get back to work.
The configuration that I'm trying to do is based on a modified workspace from an ibm developerworks article with websphere, mixing in the ideas from a JPA with Spring 2.0 article from Mike Keith and Rod Johnson. (That article goes pretty far in the configuration information but never provided an example to download...)
Any help appreciated.
Eric (hbg, pa)

I'm still at a loss with this. Rather than worry about the older version, for now, I just want to see JPA in action. So, I've decided on just running the Spring 2.5.6 petclinic example out of the samples folder. When I try to do this, after only tweaking the web.xml to use the applicationContext-jpa.xml file, the application does not initialize properly. Here's the stack trace I get:
Target URL -- http://192.168.0.2:8988/petclinic/index.jsp
09/05/11 23:26:05 Oracle Containers for J2EE 10g (10.1.3.4.0) initialized
WARNING: Code-source C:\javalib\spring-2.5.6\samples\petclinic\war\WEB-INF\lib\connector.jar (from WEB-INF/lib/ directory in C:\javalib\spring-2.5.6\samples\petclinic\war\WEB-INF\lib) has the same filename but is not identical to /C:/jdev10134/j2ee/home/lib/connector.jar (from <code-source> (ignore manifest Class-Path) in META-INF/boot.xml in C:\jdev10134\j2ee\home\oc4j.jar). If it contains different versions of the same classes, it will be masked as the latter is already visible in the search path of loader current-workspace-app.web.petclinic:0.0.0.
WARNING: Code-source C:\javalib\spring-2.5.6\samples\petclinic\war\WEB-INF\lib\jta.jar (from WEB-INF/lib/ directory in C:\javalib\spring-2.5.6\samples\petclinic\war\WEB-INF\lib) has the same filename but is not identical to /C:/jdev10134/j2ee/home/lib/jta.jar (from <code-source> (ignore manifest Class-Path) in META-INF/boot.xml in C:\jdev10134\j2ee\home\oc4j.jar). If it contains different versions of the same classes, it will be masked as the latter is already visible in the search path of loader current-workspace-app.web.petclinic:0.0.0.
WARNING: Code-source C:\javalib\spring-2.5.6\samples\petclinic\war\WEB-INF\lib\persistence.jar (from WEB-INF/lib/ directory in C:\javalib\spring-2.5.6\samples\petclinic\war\WEB-INF\lib) has the same filename but is not identical to /C:/jdev10134/j2ee/home/lib/persistence.jar (from <code-source> (ignore manifest Class-Path) in META-INF/boot.xml in C:\jdev10134\j2ee\home\oc4j.jar). If it contains different versions of the same classes, it will be masked as the latter is already visible in the search path of loader current-workspace-app.web.petclinic:0.0.0.
WARNING: Code-source C:\javalib\spring-2.5.6\samples\petclinic\war\WEB-INF\lib\toplink-essentials.jar (from WEB-INF/lib/ directory in C:\javalib\spring-2.5.6\samples\petclinic\war\WEB-INF\lib) has the same filename but is not identical to /C:/jdev10134/toplink/jlib/toplink-essentials.jar (from <code-source> in /C:/jdev10134/jdev/system/oracle.j2ee.10.1.3.42.70/embedded-oc4j/config/server.xml). If it contains different versions of the same classes, it will be masked as the latter is already visible in the search path of loader current-workspace-app.web.petclinic:0.0.0.
09/05/11 23:26:24 log4j: Parsing for [root] with value=[INFO, stdout].
09/05/11 23:26:24 log4j: Level token is [INFO].
09/05/11 23:26:24 log4j: Category root set to INFO
09/05/11 23:26:24 log4j: Parsing appender named "stdout".
09/05/11 23:26:24 log4j: Parsing layout options for "stdout".
09/05/11 23:26:24 log4j: Setting property [conversionPattern] to [%d %p [%c] - <%m>%n].
09/05/11 23:26:24 log4j: End of parsing for "stdout".
09/05/11 23:26:24 log4j: Parsed "stdout" options.
09/05/11 23:26:24 log4j: Parsing for [org.springframework.samples.petclinic.aspects] with value=[DEBUG].
09/05/11 23:26:24 log4j: Level token is [DEBUG].
09/05/11 23:26:24 log4j: Category org.springframework.samples.petclinic.aspects set to DEBUG
09/05/11 23:26:24 log4j: Handling log4j.additivity.org.springframework.samples.petclinic.aspects=[null]
09/05/11 23:26:24 log4j: Finished configuring.
09/05/11 23:26:24 log4j: Reading configuration from URL file:/C:/javalib/spring-2.5.6/samples/petclinic/war/WEB-INF/classes/log4j.properties
09/05/11 23:26:24 log4j: Parsing for [root] with value=[INFO, stdout].
09/05/11 23:26:24 log4j: Level token is [INFO].
09/05/11 23:26:24 log4j: Category root set to INFO
09/05/11 23:26:24 log4j: Parsing appender named "stdout".
09/05/11 23:26:24 log4j: Parsing layout options for "stdout".
09/05/11 23:26:24 log4j: Setting property [conversionPattern] to [%d %p [%c] - <%m>%n].
09/05/11 23:26:24 log4j: End of parsing for "stdout".
09/05/11 23:26:24 log4j: Parsed "stdout" options.
09/05/11 23:26:24 log4j: Parsing for [org.springframework.samples.petclinic.aspects] with value=[DEBUG].
09/05/11 23:26:24 log4j: Level token is [DEBUG].
09/05/11 23:26:24 log4j: Category org.springframework.samples.petclinic.aspects set to DEBUG
09/05/11 23:26:24 log4j: Handling log4j.additivity.org.springframework.samples.petclinic.aspects=[null]
09/05/11 23:26:24 log4j: Finished configuring.
2009-05-11 23:26:24,593 INFO [org.springframework.web.context.ContextLoader] - <Root WebApplicationContext: initialization started>
2009-05-11 23:26:24,687 INFO [org.springframework.web.context.support.XmlWebApplicationContext] - <Refreshing org.springframework.web.context.support.XmlWebApplicationContext@eeb406: display name [Root WebApplicationContext]; startup date [Mon May 11 23:26:24 EDT 2009]; root of context hierarchy>
2009-05-11 23:26:24,828 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] - <Loading XML bean definitions from ServletContext resource [WEB-INF/applicationContext-jpa.xml]>
2009-05-11 23:26:25,281 INFO [org.springframework.web.context.support.XmlWebApplicationContext] - <Bean factory for application context [org.springframework.web.context.support.XmlWebApplicationContext@eeb406]: org.springframework.beans.factory.support.DefaultListableBeanFactory@1da817b>
2009-05-11 23:26:25,734 INFO [org.springframework.beans.factory.config.PropertyPlaceholderConfigurer] - <Loading properties file from class path resource [jdbc.properties]>
2009-05-11 23:26:25,796 INFO [org.springframework.context.weaving.DefaultContextLoadTimeWeaver] - <Determined server-specific load-time weaver: org.springframework.instrument.classloading.oc4j.OC4JLoadTimeWeaver>
2009-05-11 23:26:28,296 INFO [org.springframework.web.context.support.XmlWebApplicationContext] - <Bean 'org.springframework.orm.jpa.vendor.TopLinkJpaVendorAdapter#c25ae3' is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)>
2009-05-11 23:26:28,359 INFO [org.springframework.web.context.support.XmlWebApplicationContext] - <Bean 'dataSource' is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)>
2009-05-11 23:26:28,437 INFO [org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean] - <Building JPA container EntityManagerFactory for persistence unit 'PetClinic'>
2009-05-11 23:26:28,468 INFO [org.springframework.web.context.support.XmlWebApplicationContext] - <Bean 'entityManagerFactory' is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)>
2009-05-11 23:26:28,562 INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] - <Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@1da817b: defining beans [org.springframework.context.weaving.AspectJWeavingEnabler#0,org.springframework.context.config.internalBeanConfigurerAspect,loadTimeWeaver,org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0,dataSource,entityManagerFactory,transactionManager,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.transaction.config.internalTransactionAspect,org.springframework.samples.petclinic.aspects.UsageLogAspect#0,org.springframework.dao.annotation.PersistenceExceptionTranslationPostProcessor#0,clinic]; root of factory hierarchy>
2009-05-11 23:26:29,671 INFO [org.springframework.web.context.ContextLoader] - <Root WebApplicationContext: initialization completed in 5078 ms>
2009-05-11 23:26:29,734 INFO [org.springframework.web.servlet.DispatcherServlet] - <FrameworkServlet 'petclinic': initialization started>
2009-05-11 23:26:29,734 INFO [org.springframework.web.context.support.XmlWebApplicationContext] - <Refreshing org.springframework.web.context.support.XmlWebApplicationContext@c00e55: display name [WebApplicationContext for namespace 'petclinic-servlet']; startup date [Mon May 11 23:26:29 EDT 2009]; parent: org.springframework.web.context.support.XmlWebApplicationContext@eeb406>
2009-05-11 23:26:29,734 INFO [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] - <Loading XML bean definitions from ServletContext resource [WEB-INF/petclinic-servlet.xml]>
2009-05-11 23:26:30,171 INFO [org.springframework.web.context.support.XmlWebApplicationContext] - <Bean factory for application context [org.springframework.web.context.support.XmlWebApplicationContext@c00e55]: org.springframework.beans.factory.support.DefaultListableBeanFactory@1c5543b>
2009-05-11 23:26:30,375 INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] - <Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@1c5543b: defining beans [addOwnerForm,addPetForm,addVisitForm,clinicController,editOwnerForm,editPetForm,findOwnersForm,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter#0,org.springframework.web.servlet.handler.SimpleMappingExceptionResolver#0,org.springframework.web.servlet.view.InternalResourceViewResolver#0,messageSource]; parent: org.springframework.beans.factory.support.DefaultListableBeanFactory@1da817b>
2009-05-11 23:26:31,828 INFO [org.springframework.web.servlet.DispatcherServlet] - <FrameworkServlet 'petclinic': initialization completed in 2094 ms>
May 11, 2009 11:26:58 PM oracle.toplink.essentials.session.file:/C:/javalib/spring-2.5.6/samples/petclinic/war/WEB-INF/classes/-PetClinic.transaction
WARNING: PersistenceUnitInfo PetClinic has transactionType RESOURCE_LOCAL and therefore jtaDataSource will be ignored
May 11, 2009 11:26:58 PM oracle.toplink.essentials.session.file:/C:/javalib/spring-2.5.6/samples/petclinic/war/WEB-INF/classes/-PetClinic
INFO: TopLink, version: Oracle TopLink Essentials - 2.0.1 (Build b09d-fcs (12/06/2007))
May 11, 2009 11:26:58 PM oracle.toplink.essentials.session.file:/C:/javalib/spring-2.5.6/samples/petclinic/war/WEB-INF/classes/-PetClinic
INFO: Server: unknown
May 11, 2009 11:26:58 PM oracle.toplink.essentials.session.file:/C:/javalib/spring-2.5.6/samples/petclinic/war/WEB-INF/classes/-PetClinic.connection
CONFIG: connecting(DatabaseLogin(
        platform=>EssentialsHSQLPlatformWithNativeSequence
        user name=> ""
        connector=>JNDIConnector datasource name=>null
May 11, 2009 11:27:03 PM oracle.toplink.essentials.session.file:/C:/javalib/spring-2.5.6/samples/petclinic/war/WEB-INF/classes/-PetClinic
SEVERE:
Local Exception Stack:
Exception [TOPLINK-4002] (Oracle TopLink Essentials - 2.0.1 (Build b09d-fcs (12/06/2007))): oracle.toplink.essentials.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: Io exception: The Network Adapter could not establish the connection
Error Code: 17002
        at oracle.toplink.essentials.exceptions.DatabaseException.sqlException(DatabaseException.java:305)
        at oracle.toplink.essentials.jndi.JNDIConnector.connect(JNDIConnector.java:150)
        at oracle.toplink.essentials.sessions.DatasourceLogin.connectToDatasource(DatasourceLogin.java:184)
        at oracle.toplink.essentials.internal.databaseaccess.DatasourceAccessor.connect(DatasourceAccessor.java:233)
        at oracle.toplink.essentials.internal.databaseaccess.DatabaseAccessor.connect(DatabaseAccessor.java:242)
        at oracle.toplink.essentials.internal.databaseaccess.DatasourceAccessor.connect(DatasourceAccessor.java:309)
        at oracle.toplink.essentials.threetier.ConnectionPool.buildConnection(ConnectionPool.java:117)
        at oracle.toplink.essentials.threetier.ExternalConnectionPool.startUp(ExternalConnectionPool.java:135)
        at oracle.toplink.essentials.threetier.ServerSession.connect(ServerSession.java:451)
        at oracle.toplink.essentials.internal.sessions.DatabaseSessionImpl.login(DatabaseSessionImpl.java:616)
        at oracle.toplink.essentials.ejb.cmp3.EntityManagerFactoryProvider.login(EntityManagerFactoryProvider.java:282)
        at oracle.toplink.essentials.internal.ejb.cmp3.EntityManagerSetupImpl.deploy(EntityManagerSetupImpl.java:229)
        at oracle.toplink.essentials.internal.ejb.cmp3.base.EntityManagerFactoryImpl.getServerSession(EntityManagerFactoryImpl.java:93)
        at oracle.toplink.essentials.internal.ejb.cmp3.base.EntityManagerFactoryImpl.createEntityManagerImpl(EntityManagerFactoryImpl.java:126)
        at oracle.toplink.essentials.internal.ejb.cmp3.base.EntityManagerFactoryImpl.createEntityManagerImpl(EntityManagerFactoryImpl.java:120)
        at oracle.toplink.essentials.internal.ejb.cmp3.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:91)
        at org.springframework.orm.jpa.JpaTransactionManager.createEntityManagerForTransaction(JpaTransactionManager.java:392)
        at org.springframework.orm.jpa.JpaTransactionManager.doBegin(JpaTransactionManager.java:320)
        at org.springframework.transaction.support.AbstractPlatformTransactionManager.getTransaction(AbstractPlatformTransactionManager.java:374)
        at org.springframework.transaction.interceptor.TransactionAspectSupport.createTransactionIfNecessary(TransactionAspectSupport.java:263)
        at org.springframework.transaction.interceptor.TransactionAspectSupport.createTransactionIfNecessary(TransactionAspectSupport.java:220)
        at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$before$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(AbstractTransactionAspect.aj:63)
        at org.springframework.samples.petclinic.jpa.EntityManagerClinic.getVets(EntityManagerClinic.java:39)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
        at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:138)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
        at $Proxy19.getVets(Unknown Source)
        at org.springframework.samples.petclinic.web.ClinicController.vetsHandler(ClinicController.java:53)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.doInvokeMethod(HandlerMethodInvoker.java:421)
        at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:136)
        at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:326)
        at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:313)
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
        at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
        at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:713)
        at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
        at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
        at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
        at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
        at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
        at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
        at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
        at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234)
        at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29)
        at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879)
        at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
        at java.lang.Thread.run(Thread.java:595)
Caused by: java.sql.SQLException: Io exception: The Network Adapter could not establish the connection
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:138)
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:175)
        at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:287)
        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:328)
        at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:430)
        at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:151)
        at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
        at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:608)
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:218)
        at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPhysicalConnection(OracleConnectionPoolDataSource.java:114)
        at oracle.jdbc.pool.OracleConnectionPoolDataSource.getPooledConnection(OracleConnectionPoolDataSource.java:77)
        at oracle.jdbc.pool.OracleImplicitConnectionCache.makeCacheConnection(OracleImplicitConnectionCache.java:1361)
        at oracle.jdbc.pool.OracleImplicitConnectionCache.getCacheConnection(OracleImplicitConnectionCache.java:441)
        at oracle.jdbc.pool.OracleImplicitConnectionCache.getConnection(OracleImplicitConnectionCache.java:336)
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:286)
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:179)
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:159)
        at oracle.oc4j.sql.DataSourceConnectionPoolDataSource.getPooledConnection(DataSourceConnectionPoolDataSource.java:57)
        at oracle.oc4j.sql.xa.EmulatedXADataSource.getXAConnection(EmulatedXADataSource.java:92)
        at oracle.oc4j.sql.spi.ManagedConnectionFactoryImpl.createXAConnection(ManagedConnectionFactoryImpl.java:211)
        at oracle.oc4j.sql.spi.ManagedConnectionFactoryImpl.createManagedConnection(ManagedConnectionFactoryImpl.java:170)
        at com.evermind.server.connector.ApplicationConnectionManager.createManagedConnection(ApplicationConnectionManager.java:1398)
        at oracle.j2ee.connector.ConnectionPoolImpl.createManagedConnectionFromFactory(ConnectionPoolImpl.java:327)
        at oracle.j2ee.connector.ConnectionPoolImpl.access$800(ConnectionPoolImpl.java:98)
        at oracle.j2ee.connector.ConnectionPoolImpl$NonePoolingScheme.getManagedConnection(ConnectionPoolImpl.java:1211)
        at oracle.j2ee.connector.ConnectionPoolImpl.getManagedConnection(ConnectionPoolImpl.java:785)
        at oracle.oc4j.sql.ConnectionPoolImpl.getManagedConnection(ConnectionPoolImpl.java:45)
        at com.evermind.server.connector.ApplicationConnectionManager.getConnectionFromPool(ApplicationConnectionManager.java:1596)
        at com.evermind.server.connector.ApplicationConnectionManager.acquireConnectionContext(ApplicationConnectionManager.java:1541)
        at com.evermind.server.connector.ApplicationConnectionManager.allocateConnection(ApplicationConnectionManager.java:1486)
        at oracle.j2ee.connector.OracleConnectionManager.unprivileged_allocateConnection(OracleConnectionManager.java:238)
        at oracle.j2ee.connector.OracleConnectionManager.allocateConnection(OracleConnectionManager.java:192)
        at oracle.oc4j.sql.ManagedDataSource.getConnection(ManagedDataSource.java:272)
        at oracle.oc4j.sql.ManagedDataSource.getConnection(ManagedDataSource.java:200)
        at oracle.oc4j.sql.ManagedDataSource.getConnection(ManagedDataSource.java:142)
        at oracle.oc4j.sql.ManagedDataSource.getConnection(ManagedDataSource.java:127)
        at oracle.toplink.essentials.jndi.JNDIConnector.connect(JNDIConnector.java:145)
        ... 60 moreAny ideas? I'd really like to see JPA, Spring and oc4j working together?
Thanks,
Eric

ADFS SSO and SharePoint 2013 on-premise Hybrid outbound search results from SharePoint Online - does it work?

Hi,
I want to setup an outpund hybrid search for SharePoint 2013 on-premise to SharePoint Online.
But I'm not shure if this works with ADFS SSO.
Has somebody experience with this setup?
Here's my guide which I'm going to use for this installation:
Introduction
In this post I'll show you how to get search results from your SharePoint Online in your SharePoint 2013 on-premise search center.
Requirements
User synchronisation ActiveDirectory to Office 365 with DirSync
DirSync password sync or ADFS SSO
SharePoint Online
SharePoint 2013 on-premise
Enterprise Search service
SharePoint Online Management Shell
Instructions
All configuration will be done either in the Search Administration of the Central Administration or in the PowerShell console of your on-premise SharePoint 2013 server.
Set up Sever to Server Trust
Export certificates
To create a server to server trust we need two certificates.
[certificate name].pfx: In order to replace the STS certificate, the certificate is needed in Personal Information Exchange (PFX) format including the private key.
[certificate name].cer: In order to set up a trust with Office 365 and Windows Azure ACS, the certificate is needed in CER Base64 format.
First launch the Internet Information Services (IIS) Manager
Select your SharePoint web server and double-click Server Certificates
In the Actions pane, click Create Self-Signed Certificate
Enter a name for the certificate and save it with OK
To export the new certificate in the Pfx format select it and click Export in the Actions pane
Fill the fields and click OK Export to: C:\[certificate
name].pfx Password: [password]
Also we need to export the certificate in the CER Base64 format. For that purpose make a right-click on the certificate select it and click on View...
Click the Details tab and then click Copy to File
On the Welcome to the Certificate Export Wizard page, click Next
On the Export Private Key page, click Next
On the Export File Format page, click Base-64 encoded X.509 (.CER), and then click Next.
As file name enter C:\[certificate
name].cer and then click Next
Finish the export
Import the new STS (SharePoint Token Service) certificate
Let's update the certificate on the STS. Configure and run the PowerShell script below on your SharePoint server.
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
$X64CertPath = "c:\[certificate name].cer"
# get the encrypted pfx certificate object
$PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# import it
Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $PfxCert
Type Yes when prompted with the following message.
You are about to change the signing certificate for the Security Token Service. Changing the certificate to an invalid, inaccessible or non-existent certificate will cause your SharePoint installation to stop functioning. Refer
to the following article for instructions on how to change this certificate: http://go.microsoft.com/fwlink/?LinkID=178475. Are you
sure, you want to continue?
Restart IIS so STS picks up the new certificate.
& iisreset
& net stop SPTimerV4
& net start SPTimerV4
Now validate the certificate replacement by running several PowerShell commands and compare their outputs.
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
# get the encrypted pfx certificate object
New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# compare the output above with this output
(Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
[/code]
## Establish the server to server trust
[code lang="ps"]
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
Import-Module MSOnline
Import-Module MSOnlineExtended
# set the cerficates paths and password
$PfxCertPath = "c:\[certificate name].pfx"
$PfxCertPassword = "[password]"
$X64CertPath = "c:\[certificate name].cer"
# set the onpremise domain that you added to Office 365
$SPCN = "sharepoint.domain.com"
# your onpremise SharePoint site url
$SPSite="http://sharepoint"
# don't change this value
$SPOAppID="00000003-0000-0ff1-ce00-000000000000"
# get the encrypted pfx certificate object
$PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
# get the raw data
$PfxCertBin = $PfxCert.GetRawCertData()
# create a new certificate object
$X64Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
# import the base 64 encoded certificate
$X64Cert.Import($X64CertPath)
# get the raw data
$X64CertBin = $X64Cert.GetRawCertData()
# save base 64 string in variable
$CredValue = [System.Convert]::ToBase64String($X64CertBin)
# connect to office 3656
Connect-MsolService
# register the on-premise STS as service principal in Office 365
# add a new service principal
New-MsolServicePrincipalCredential -AppPrincipalId $SPOAppID -Type asymmetric -Usage Verify -Value $CredValue
$MsolServicePrincipal = Get-MsolServicePrincipal -AppPrincipalId $SPOAppID
$SPServicePrincipalNames = $MsolServicePrincipal.ServicePrincipalNames
$SPServicePrincipalNames.Add("$SPOAppID/$SPCN")
Set-MsolServicePrincipal -AppPrincipalId $SPOAppID -ServicePrincipalNames $SPServicePrincipalNames
# get the online name identifier
$MsolCompanyInformationID = (Get-MsolCompanyInformation).ObjectID
$MsolServicePrincipalID = (Get-MsolServicePrincipal -ServicePrincipalName $SPOAppID).ObjectID
$MsolNameIdentifier = "$MsolServicePrincipalID@$MsolCompanyInformationID"
# establish the trust from on-premise with ACS (Azure Control Service)
# add a new authenticatio realm
$SPSite = Get-SPSite $SPSite
$SPAppPrincipal = Register-SPAppPrincipal -site $SPSite.rootweb -nameIdentifier $MsolNameIdentifier -displayName "SharePoint Online"
Set-SPAuthenticationRealm -realm $MsolServicePrincipalID
# register the ACS application proxy and token issuer
New-SPAzureAccessControlServiceApplicationProxy -Name "ACS" -MetadataServiceEndpointUri "https://accounts.accesscontrol.windows.net/metadata/json/1/" -DefaultProxyGroup
New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://accounts.accesscontrol.windows.net/metadata/json/1/" -IsTrustBroker -Name "ACS"
Add a new result source
To get search results from SharePoint Online we have to add a new result source. Run the following script in a PowerShell ISE session on your SharePoint 2013 on-premise server. Don't forget to update the settings region
if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
# region settings
$RemoteSharePointUrl = "http://[example].sharepoint.com"
$ResultSourceName = "SharePoint Online"
$QueryTransform = "{searchTerms}"
$Provier = "SharePoint-Remoteanbieter"
# region settings end
$SPEnterpriseSearchServiceApplication = Get-SPEnterpriseSearchServiceApplication
$FederationManager = New-Object Microsoft.Office.Server.Search.Administration.Query.FederationManager($SPEnterpriseSearchServiceApplication)
$SPEnterpriseSearchOwner = Get-SPEnterpriseSearchOwner -Level Ssa
$ResultSource = $FederationManager.GetSourceByName($ResultSourceName, $SPEnterpriseSearchOwner)
if(!$ResultSource){
Write-Host "Result source does not exist. Creating..."
$ResultSource = $FederationManager.CreateSource($SPEnterpriseSearchOwner)
$ResultSource.Name = $ResultSourceName
$ResultSource.ProviderId = $FederationManager.ListProviders()[$Provier].Id
$ResultSource.ConnectionUrlTemplate = $RemoteSharePointUrl
$ResultSource.CreateQueryTransform($QueryTransform)
$ResultSource.Commit()
Add a new query rule
In the Search Administration click on Query Rules
Select Local SharePoint as Result Source
Click New Query Rule
Enter a Rule name f.g. Search results from SharePoint Online
Expand the Context section
Under Query is performed on these sources click on Add Source
Select your SharePoint Online result source
In the Query Conditions section click on Remove Condition
In the Actions section click on Add Result Block
As title enter Results for "{subjectTerms}" from SharePoint Online
In the Search this Source dropdown select your SharePoint Online result source
Select 3 in the Items dropdown
Expand the Settings section and select "More" link goes to the following URL
In the box below enter this Url https://[example].sharepoint.com/search/pages/results.aspx?k={subjectTerms}
Select This block is always shown above core results and click the OK button
Save the new query rule

Hi Janik,
According to your description, my understanding is that you want to display hybrid search results in SharePoint Server 2013.
For achieving your demand, please have a look at the article:
http://technet.microsoft.com/en-us/library/dn197173(v=office.15).aspx
If you are using single sign-on (SSO) authentication, it is important to test hybrid Search functionality by using federated user accounts. Native Office 365 user accounts and Active Directory Domain Services
(AD DS) accounts that are not federated are not recognized by both directory services. Therefore, they cannot authenticate using SSO, and cannot be granted permissions to resources in both deployments. For more information, see Accounts
needed for hybrid configuration and testing.
Best Regards,
Eric
Eric Tao
TechNet Community Support

SSO and WebUtil

Hi,
I have a form that was working with webutil. We implemented SSO on the server. Know the webutil jar file does not load - it can not find it.
Getting the following message in java console:
Loading http://capps.cauto.com/forms90/webutil/webutil.jar from JAR cache
Loading http://capps.cauto.com/forms90/webutil/jacob.jar from JAR cache
Loading http://capps.cauto.com/forms90/java/f90all_jinit.jar from JAR cache
RegisterWebUtil - Loading Webutil Version 1.0.2 Beta
Loading http://capps.cauto.com/forms90/java/rolloverbutton.jar from JAR cache
Loading http://capps.cauto.com/forms90/java/hyperlink.jar from JAR cache
connectMode=HTTP, native.
Forms Applet version is : 90290
java.io.IOException: Could not connect to http://wadjet.cauto.com/forms90/webutil/webutil.jar
     at oracle.jre.protocol.jar.JarCache$CachedJarLoader.download(Unknown Source)
     at oracle.jre.protocol.jar.JarCache$CachedJarLoader.load(Unknown Source)
     at oracle.jre.protocol.jar.JarCache.get(Unknown Source)
Has anyone use SSO and webutil?
Thanks,
Mary Santry

Mary,
using single sign-On with Forms should not have an impact to webutil.jar.
Just to be sure: You configured webutil and it works if not running using single sign-on. You configured Forms to use singke sign-on (uncommenting th emod_osso directive in forms90.conf file) and from now on webutil.jar cannot be found.
What if you directly try and request the webutil.jar file from a Browser
http://wadjet.cauto.com/forms90/webutil/webutil.jar ?
Can you access jacob.jar using a Browser URL?
Fran

SSO and BiBeans

Hi,
i want to use SSO with Bi Beans. I have my BiBeans deployed on a 9iasR2 (9.0.2.3). I edit the mod_osso.conf with <Location /*appname*> require valid-user authType Basic </Location> and i have in BIController uncomment the sso blocks.
After authenticated to the SSO, i got always a NullPointerException. I looked in the code and i found that application.getBISession() is not initalized.
Please, have anybody an idea, or knows anybody a documentation about SSO and BIBeans.
best regards
Rene

cn=XXX information is missing for the SSO Server (orasso) when going to http://servername:7777/pls/orasso/orasso.home. Is that causing the problem? If so, how can I resolve it?
Thanks.
Andy

SSO and success URL with parameters

Hello
I have succeeded to configure HTML_DB engine as Partner App for Oracle SSO.
HTML_DB 1.5.0.00.33
Oracle IAS Release 1 ehk 1.0.2.2.2
I'm entering into HTMLDB application from outside directly to concrete page with concrete parameters. The calling outside app is authenticated with SSO.
Example URL: http://host/pls/DAD/f?p=103:3:::::PAR1,PAR2:VAL1,VAL2
I'm then authenticated checked against SSO and redirected to my requested page, but the parameters are lost. The URL looks like http://host/pls/DAD/f?p=103:3:987698769876098
It only happens at first try. Next time I have a session and I'm redirected together with parametes.
It seams that this http://host/pls/DAD/wwv_flow_custom_auth_sso.process_success is getting somehow wrong parameter URLC. Without parameters. Why?
Please help!
Yours,
jan lakspere

Hi
Thanks, Scott.
This patch 1.5.1 solved this problem. Now SSO redirect forwards the parameters together with URL.
Yours,
jan

SSO and LDAP no working after revokeing Territory selection choice of SSO

Hi i have 9ias 9.0.2 infrastructure on win 2k box.
earlier the territory selection choice was checked.
but when i unchecked that option. and i logged out of SSO.
Now the problem is i am not getting the SSO and Internet Directory home pages.
and in Enterprise manager web page shows both are up.
win 2k's task manager also shows the all the three process of Internet directory also running along with other essentianl processs.
any clue....
my whole work and intranet & extranet is not accessible due to this.... it will be great to me if i get any tip of hint...
thanks a lot... in advance...
regards
samir([email protected])

Well, this is certainly a case where I would be opening a tech support case. Your server is down, and you need help . .
I'll try what I can for you.
[18/Jun/2004:09:21:57 -0400] vipmail2 httpd[1560]: Account Debug: SASL [10.29.11.63] Cannot get namespace for domain vipmail2.kvcc.edu: Entry not found
This likely means that you've missed another, earlier error in the log. I suspect that what may have happened, is that the USER that Messaging Server connects to LDAP with has had a password change, and you're no longer able to BIND to LDAP to make queries.
I would start looking at your LDAP Access Log, and see what user you're attempting to BIND as, and see if that BIND is successful.
The contents of msg.conf and your other file is useful as information, but is not a user-editable file. You must use configutil to make changes, as this data is stored in LDAP, and on server startup, the files will be rewritten with ldap data.

SSO and EUS with EM Grid Control

Trying to configure both SSO using client certificate authentication process and Enterprise Users, I noted that the parameter used to configure both is the same (oracle.sysman.emSDK.sec.DirectoryAuthenticationType) in emons.properties.
Can I use both SSO and EUS with EM Grid Control???

Hello
i am interested in a very special feature: is it possible to get notified if alerts occur in alert logs in an 8i/9i database when using Grid control and the 10g agent on the 8i/9i systems?
Moreover, the 10g agent should be able to get Performance Data using the v$ views or direct sga access without using statspack, right?
Do you know where I can find documentation about the supported features when using Grid Control with 8i/9i databases?

SSO and REMOTE_USER

Hi everybody,
Once authenticated to HTML_DB through SSO, is there a way to know the REMOTE_USER (the username entered by the user when authentified by SSO) and use it in a query ?
Thank you

Yves,
I think you might be talking about mod_osso. Mod_osso doesn't yet support dynamic directives for PL/SQL applications, so for the DAD that is protected by mod_osso, you will get the behavior you described in all HTML DB applications using that DAD. You might want to consider dedicating a DAD for mod_osso-authenticated HTML DB apps. When PL/SQL dynamic directives are supported in mod_osso in a future release, it will be easier to use with HTML DB.
HTML DB never accesses REMOTE_USER, which is set by mod_osso. If mod_osso is also setting USER, i.e., the user connected through the DAD, to the same value, that's interesting.
As far as spoofing REMOTE_USER, you'd have to get between mod_osso and mod_plsql and the application to do it. So I'd say that that isn't a concern.
With mod_osso or AS Single Signon using a partner application, you have to decide how to handle logout. Should it end your current session only, or take you to the Single Sign-Out page and log you out of everything?
Today, AS Single Signon with HTML DB registered as the partner application is a supported and secure solution. Search this forum for detailed steps about setting that up using the SSO SDK.
Scott

SSO and normal login

Hi All,
Thanks for any replies in advance. Is it possible to have SSO and the normal login mechanism enabled at the same time? I want to enable SSO, but if the user is not authenticated, I want the normal login screen to appear. What I mean is that if SSO is not enabled and you are not logged in, you should get the default OBI login screen, not some LogonURL that I specify. However, when SSO is enabled and the user is not logged in, all I see is a "Not logged in" message. I know I can enable a login URL that should presumably take the user to the SSO login page. However, is there anyway that OBI checks cookies to see if the user is logged in and if not it should present the default OBI login screen.
The reason is that I want some external users to be authenticated using SSO, but I want the normal screen to appear for internal company users. Thanks.

There isn't much documentation in OBIEE about how to implement your own SSO authentication. The documentation (Deployment Guide) simply says:
"When using a J2EE Application Server and the BI Presentation Services Plug-In (Java Servlet), from the getRemoteUser method of the javax.servlet.http.HttpServletRequest.getRemoteUser API. In this case, the SSO system must be able to integrate with the J2EE environment of choice and set up the framework such that the getRemoteUser method returns the username of the end user."
And that's what you have to do. Implementing the getRemoteUser method in a Java WebApp is not difficult, the difficulty will depend on how you want to authenticate your users. Also you need to integrate this custom Java WebApp within your Presentation Services plug-in. In JBOSS we have done this by creating a custom Valve. The integration will vary depending on your J2EE server and your custom SSO authenticator. Once setup it works pretty well. Users go to any /analytics URL and if the they have not been authenticated before our custom SSO Java kicks in. In they are authenticated correctly the getRemoteUser method gets set with their current user ID. Then on the OBIEE side we have the impersonator user and the usual Init Blocks to validate the user on the BI Server and grant them Web Catalog groups, BI Server Groups, set the Display Name, etc.

JAAS ,SSO and OC4J

Similar Messages

Maybe you are looking for