Login Issue in Portal system using SSO

Similar Messages

• Login to multiple SAP systems using pwd of single SAP system

  Hi All,
  We have 3 different SAP servers, with sids: ECD, BWD, HRD.
  for each user, a user with the same username is created in all three systems.
  the user does not want to maintain 3 different passwords, instead only single password to be used in all systems. i.e. when he changes the password in system ECD, the changed password should work in other systems BWD and HRD as well.
  if we were using SAP EP, we checked the possiblity of username based SSO and having portal login using only on system ECD.
  but we are not using the portal, and all the users will access 3 sap systems using SAPGUI.
  is there any way, where one system's password will work to login to other systems.
  thanks in advance,
  Madhu_1980

  Hi Tim,
  You're right about the fixed client for the MYSAPSSO2-ticket-issuing system. In the case for Java, the "client" is specified inthe UME parameter login.ticket_client. And the trusting ABAP system will have to add the Java system + "client" into its ACL (in addition to the certificate). This "client" will only play a role in that "trust" relationship.
  As for launching the actual transaction via SSO, this is how it works.
  SAPGUI transaction will be launched by a thing called Portal transaction iview. That iview will have a parameter called the System Object. The System Object will determine which ABAP system-client it will connect and logon on to. So if you want to logon to multiple clients, then create one System Object for each of the system-client combination, and then create transaction iviews to each of the corresponding system object. The iviews will be presented to the user which then allows the user to launch the transaction iview (specificy SAPGUI link in the iview property)
  https://help.sap.com/saphelp_nw74/helpdata/en/4e/1262711e3d2287e10000000a15822b/content.htm
  I hope I understood your questions.
  Cheers
  Donald

• Big Issue with access applicationwise using SSO (windows AD)

  Hello BO Guru's,
  I have one big issue. i will try to explain my scenario here in brief.
  Scenario
  Currently we have 3 application A,B & C in production and SSO is configured using windows AD auth
  application -> User group -> Access -> Win AD group
  A | UG1 | Infoview | WD1
  B | UG2 | Infoview | WD2
  C | UG3 | WebIntl | WD3
  Here Infovew acces refers to: View objects & refresh object of applicationwise.
  WebI refers infoview access in addition to that copy document from corporate to personal folder\ category and scheduling access.
  Note: corporate Folder\category & universe\connection right given appropriately.
  Issue
  Suppose user a belong to WD1 means wuld have access to application A with infoview access. now after some time i.e. 2-3 days when user a is deleted from WD1 and and added to WD3 means would have access to application C with WEbi access. But issue is
  When user a logs on to infoview sometimes appllication A is also visible along with application C  which is not correct securitywise. 
  Could you please help me as how resolve it? and please share your views if anybody has faced same prob before 
  I think some where userwise security setting will be stored causing same.
  Thanks & Regards

  Many Thanks Julian Jimenez,
  FYI, I am on BOXI R3.1 with FP1.8
  I dont have access to SIA to restart CMS.
  any i will get it done.
  But what i was thinking of, there would be some cache maintned for user profiles  of last logins. so it may remember last user profile login which may causing apllication A still shown under corporate folder for him\her.
  But i am not able to get how can i achieve it?
  Please share some workaround if any body has faced same issue before.
  Thanks & Regards
  Edited by: naughtychintu19 on Sep 14, 2011 12:23 PM
  Edited by: naughtychintu19 on Sep 15, 2011 8:59 AM

• Urgent: Portal access using SSO with Windows NT

  Dear all,
  I'm planning to implement SSO for Portal with Window NT authentication.
  Can anybody explain me the steps to do...
  If the internal users logs in NT domain say..("ABC"). he/she should be authenticated to Portal without giving logon credentials.. automatically they needs to enter into portal.
  I'm using NW'04 SR1(EP6.0 SP9) with AIX 5.2/oracle
  Microsoft ADS(LDAP)
  Pl explain me...
  Appreciated with reward points...
  regards
  PRadeep

  Hi,
  in order to apply windows SSO you will need to install the IIS proxy module in front of your portal, this module knows how to handle users authentication using the NTLM/kerberos features MS ADS supports.
  the specific procedure for implementing it can be found in the documentation/help. i have managed to find it in the EP6 sp2 security guide but i think it is the same for the EP6 SP9 as well. so just go to this link:
  <u><b>https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/ep/d-f/ep 6.0 sp2 security guide.pdf</b></u>
  keep in mind that you will need to be logged on to SDN.

• How to login into NP Identity System using ObSSOCookie?

  I am using the Web Services API to Netpoint, generated by WSDL files. I have an ObSSOCookie (from IWA) which I want to use to log into Netpoint Identity System. The usual method is as follows:
  Authentication authN = new Authentication();
  authN.setLogin("admin");
  authN.setPassword("passwd");
  port.oblixIDXML_common_search( authN, myrequest);
  I could not find a method to use an ObSSOCookie to authenticate against Netpoint Identity System. (I understand that ObSSOCookie can be used to log into a Netpoint Access System protected URL using AccessSDK).
  If there is any other solution using utilities like HTTPClient, etc, please let me know.
  Thanks,
  Prashant.

  Hi Pankaj,
  I had tried this code earlier once. This is what I wrote:
  Authentication authObject = new Authentication();
  authObject.setLogin("pshetty");
  authObject.setPassword("dummyPassword");
  authObject.setDomain(".mydomain.com");
  OblixIDXMLPortType port = loc.getOblixIDXML_common_search_Port();
  ((javax.xml.rpc.Stub)port)._setProperty ("javax.xml.rpc.session.maintain", Boolean.TRUE);
  ((javax.xml.rpc.Stub)port)._setProperty(HTTPConstants.HEADER_COOKIE, "ObSSOCookie=" + ssoCookie);
  port.oblixIDXML_common_search( authObject, myrequest);
  The error I get is:
  "Invalid Credentials. Login failed."
  I guess it is still using the password from the AuthN object instead of the cookie. Am I missing something here?
  Thanks,
  Prashant.

• Anyone having login issues with iCloud system preference ?

  have been having issues with Login in to make changes in iCloud system preference. When I click on my icloud account inside systme prefrence it ask me to enter the password , after entering the password still everything is grayed out and cant make any changes. what is wrong?

  Same thing happened. It seems to default to another me.com address I had before changing to the current me.com address. Resetting the default keychain exaxtly does what? Does it also remove all other keychain enties?
  Thanks

• After add single signoff HTML code, Portal system can not login in Firefox

  We implemented single singon between our Portal system and HCM system.
  After we add the single signoff HTML code to the signout.html,expire.html, exception.html file of the web server of portal system, and we change the web profile:
  Logout Page:signin.html to signout.html
  Signon Page:signon.html to signout.html
  We can not login the Portal system in Firefox browser, system display the following error information:
  "You must have cookies enabled in order to sign in to your PeopleSoft application."
  We can login in the Portal system in IE browser.
  We can login the HCM login in FireFox.

  My HCM and Portal application is 9.0. PeopleToos is 8.49 for the same application.
  The Firefox Browser is :3.0.1.
  My App, Web and DB server for the HCM and Portal deployed on the same local machine, so the tow application have the same domain.
  And the client browser is on the same machine with the server.
  And when I remove all the pagelet from the portal homepage, the system report the same error information when login portal system in Firefox. Only when I stop the HCM web server, I can login in portal system in Firefox.

• How to login CRM 2007 BSP page use account domain of Microsoft AD

  Dear friends,
  I am finding solution to setup system with the requisite:
  - Login to CRM 2007 Business Server Page use account domain which is managed by Microsoft Acitve Directory.
  - Users use only web browser, they didn't use SAPGUI and they must type username, password ( their username,password are managed in Microsoft AD, not in SAP system) in every login to BSP page, don't use solution like X.509 client certificate.
  I used to configured using SNC and I could login to SAP System using SAPGUI without type SAP username and password when I log in my computer by account domain( my computer is joined in domain).
  But my requisite is have to use account domain( username and password)  and type them in web browser when I want to log in SAP system, could not configured to go to directly SAP application ( BSP page ) without type username/password of account domain.
  After time looking for solution about authentication :
  http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/8039306e-cea4-2a10-15b9-8e96d40c51ef [original link is broken]
  I think may be I could login to java portal by used username/password of account domain to authenticate after login  to portal I use SSO to switch to BSP page without type username password again. This solution may be accepted because I was login to SAP application from web browser and used account domain.
  Could you show me, there are anymore solution or how could I do to to set up my above solution.
  Thanks and Best Regards.

  The normal way to do this is to configure the authentication stack required on a JAVA stack (e.g. portal or standalone Java instance of NetWeaver or dual stack) and then configure the BSP app in SICF transaction to redirect to Java stack when no SSO2 ticket is sent by browser (e.g. user has already authenticated). The redirect to Java stack will be done, such that after user has authenticated to Java stack they will be issued with an SSO2 ticket and redirected back to the BSP app URL. From end users perspective, they will access the BSP app URL and get authenticated using Active Directory, and they won't know about the redirection since they will be logged into the BSP app once they have authenticated.
  The authentication using Active Directory can be done using two methods:
  - Using credentials already on workstation from workstation logon, e.g. using Integrated Windows Authentication
  - Showing user a form where they enter AD account and password.
  Thanks,
  Tim

• Difference in the display/rendering between two 7.4 portal systems

  Hi everyone,
  At this moment we are faced with a difference in the display/rendering between two 7.4 portal systems (see red area’s in screenshots). Both systems are green field installations.
  At our LAB system with EP-BASIS 1000.7.40.7.0.20140421205300 and EP-RUNTIME 1000.7.40.7.0.20140414131600 the portal is rendered as follows:
  Our development system DEV is based on EP-BASIS 1000.7.40.8.7.20141217073700 and EP-RUNTIME 1000.7.40.8.13.20150106224500. The portal is displayed as follows:
  Both portal systems use the standard SAP Gold Reflection theme.
  The expectation was that the DEV portal would have the same view as the LAB portal. Unfortunately, it appears that the DEV portal falls back to the older standard SAP Tradeshow theme when displaying (for example) the Portal Content Studio or the UWL. Different stylesheets (CSS) are loaded. There is no unified rendering and in our opinion this is not correct.
  SCN provides much information about the various rendering problems that exists in the use of Internet Explorer in combination with the SAP Portal. However, it is unclear to us where to start with the analysis of this problem.
  Answers / suggestions to the following questions will be highly appreciated:
  Is it correct that the portal by default should make use of UR when the SAP Gold Reflection theme is used?
  Is the difference of rendering caused by the difference in the versions of the EP BASIS / EP RUNTIME? (DEV portal has higher SP/patch level than LAB);
  How to investigate this issue further and finally solve it?
  Thanks in advance!
  Kind regards, Allan

  Hi Allan
  I hope you are well and many thanks for using the SAP Discussion Forums .
  Ok firstly in relation to this particular query, you can find additional information in the following documentation SAP Note:1852400 - UI theme designer (main note) .
  Regarding the GOLD Reflection theme from a general perspective this is supported only alongside the UFP framework.
  SAP Gold Reflection supports only Unified Rendering Lightspeed
  In relation to your two other queries. Could you kindly clarify which particular version of IE you are presently running and also if compability mode is presently enabled/disabled?
  Reference Documentation Look & Feel, Framework Pages and Portal Navigation
  http://scn.sap.com/docs/DOC-23058
  Kindly update me as per your findings.
  Kind Regards
  Troy Cronin - Enterprise Portal Support Engineer
  Follow - Troy Cronin

• Ciscoworks 3.2 login issue with ACS

  Hi All,
  I am facing an issue with login into Ciscoworks portal from the LMS server, which is integrated with ACS tool.
  Now I am unable to login to the portal with the username and password, which is already configured in the ACS server.
  I have ended up with reinstalling the ciscoworks software and restored the backup, still problem persists. Please let me know how to fix it.
  If I again reinstall it, how would I restore the backup - since back restoration again gives the login issue.
  If Im using only the dcrcli exported devices list after the reinstallation, all the devices gets stuck in DFM question status, hence I restored the proper backup. Now I am stuckup. please help.

  You need to sort out your DNS get the lookup and reverse lookup working.
  Say your device is a box with
  Fa 0/0 10.10.1.1
  Lo 0    172.32.1.1
  If you get you dns to resolve the address of port Fa 0/0  (10.10.1.1)  to the DNS "name adevice.yournetwork.com".
  Next you get your DNS to resolve the name "adevice.yournetwork.com" to 172.32.1.1 with happens to be to Lo0 interface of the device
  Then you can get LMS to use the address you want as it is configured in DNS
  Cheers,
  Michel

• Running Discoverer reports into portal using SSO portal login - help

  Hi,
  I am trying to run disco reports into oracle portal using discoverer portlet providers -list of worksheet. What I want to achieve is as follows
  1) login to portal using SSO userid /pwd - Done
  2) Enable discoverer for SSO - Done
  *3) Use discoverer list of worksheets to show reports into portal but want to filter the list of worksheet to currently logged in portal user. This so that users looged in only sees the reports to which they have access in discoverer - Need Help*
  *4) Once user runs this report then I want to filter the discoverer data based on users login or portal group - Help*
  Can someone please help with issue no 3/4 urgently.
  Mant thanks
  Ganesh

  Hi Michael,
  Assuming I have created the private connections using CAPI I still have my doubts as follows
  Do I have to then login as each portal user and add the list of worksheet portlet for each user and selecting
  "check the box called Display a different list of worksheets by allowing users to customize database connection and then check Show a default list of worksheets using connection, changing the connection to user's connection."
  Considering we have 500+ users this will be huge cumbersom task for me.
  Also when I tried to do this before loggin as each portal user when I logged in as second portal user I could see the list of worksheet portalet added by the first user which means I have to edit it but even that was not possible because it would not let me edit as only the page own whi created the portlet was allowed to edit (that is the first user)
  OR
  Do you have to give portal user permission to edit the page so that they can log on themselve to add the list of worksheet portlet on the page by selecting their private connection and selecting
  "check the box called Display a different list of worksheets by allowing users to customize database connection and then check Show a default list of worksheets using connection, changing the connection to user's connection."
  Finally I know someone has made it work using URL links and it works as follows
  1) Map the portal and disco user into a table
  2) Create disco private connections
  3) when portal user loggs in and click on "Show my discoverer report" it then runs a PL/SQL package which in turn identifies the private connection details and creates a URL out of it as follows
  [http://portal.ccm.ac.uk/discoverer/app/partialConnect?password=IRTIMUDV123_=qplus=VDUMITRI=browser_selected=connect=RELATIONAL=QPRIS=viewer]
  clicking on this link open discoverer with private list of workbook/worksheet.
  Please advise which way should I follow.
  Thanks
  Ganesh

• Issue in redirecting to portal page from SSO login page

  HI facing issue while redirecting to portal application from SSO login page.please find below basic details
  the application comprises of TAM / Apache / Weblogic, and all the request goes in the same order.
  When the application is deployed as portlet, the jsp page some how hard codes the apache host name, that in turn blocks any form submit or Ajax action.
  so on successful login the redirection is not happening to required portal page as it includes apache host name in the url consrtucted.
  Please suggest me what are the configurations that I need to verify .
  Thanks in Advance
  Jetti.

  If you upgrade to v7.1 you will have all those features and more - PLUS a lot of defective pieces have been fixed in 7.1

• You have encountered an unexpected PLSQL error. Please contact System Administrator: When login using SSO

  SSO Enabled Environment. When login using OAM page, Some of the users are getting this error.
  You have encountered an unexpected PLSQL error. Please contact System Administrator: When login using SSO
  Not sure why this is happening. Few users started complaining that they get this error. If they using direct login url to EBS (bypass link) - It works fine.
  Any idea ?

  please check Apache and application.log
  looks like you hit a bug
  Bug 14230537 : PLSQL ERROR OCCUR WHEN LOGIN EBS INTEGRATED WITH OAM(11.1.1.5.0 )
  AppsMasti
  Sharing is Caring

• Calling Webservice from Netweaver Portal to SAP XMII 12.0 using SSO

  Hello,
  we have a Netweaver 2004s based Portal and a Netweaver-based SAP XMII (v12.0) System providing Webservices.
  What we try to do is to call a webservice out of the Portal EAR Application using SSO.
  SSO-Konfiguration between Portal and XMII is done and works fine. I tested this using an URL-iView, which calls a https-URL on XMII and SSO-Authentification is done in the background.
  Now I want to call a Webservice using SSO.
  Without SSO (prodiving UID/PW), the webservice-call works fine.
  In order to use SSO with Webservice, I created a "Deployable Webservice Proxy" with "HTTP-Authentication" and "use SAP Logon Ticket" turned on.
  Then I remove Login/Password from my SOAP-Request and unfortunately it doesn't work.
  What do I have to consider in addition to the topics above?
  Can you provide any useful links with tutorials, hints, documentation, ...?
  Thanks in advance
  Andreas

  > Can you please list all the options that we have in order to implement SSO for EP and SAP GUI?
  >
  > I could not find any info in regards to the advantages and disadvantages of each SSO solution. Do you have any links that gives this information?
  If you search the forum here for the terms you have used, then you will find many of them and interesting discussions about advantages and disadvantages from different views. I think that in 1 or 2 hours you will be a guru
  > I am thinking more of using Kerberos authentication for SAP GUI and using OpenSSO (Sun's product)solution for EP 7.0.
  >
  > Do you know what SSO technologies are other companies implementing these days?
  I only know which solutions I have been involved in doing the security evaluations for and implementation support.
  I don't want to do any direct or indirect comparative advertizing here, but only wanted to point out to you that there is plenty of information if you use the search. What you need to understand is that other that SAP proprietary mechanisms and newer standards based initiatives (search for 'SAML'), this is often a 3rd party vendor question (and resulting discussion...).
  If you find a solution and want to specifically discuss it here, then this can most of the time be done in a civilized way...
  Cheers,
  Julius

• Usually this system rejects access using SSO tickets exception

  Hi,
  I'm facing a problem when trying to access to some tasks in the UWL.
  It appears an error message saying "Usually this system rejects the access using SSO tickets" (it's not an accurate translation, the message in spanish says "Generalmente este sistema rechaza el acceso mediante ticket SSO").
  The same happens when I try to access to the backend system (R/3 Release 4.6C) using an iView.
  At first I thought it was a problem related with the certificate between the backend and the portal, but we have reimported the certificate in the backend and the problem still happens. And the certificate doesn't expire until 2012.
  I have restarted the J2EE Engine too, but it continues the same.
  What is extrange is that all the WebDynpro applications that call RFCs in the backend system work fine and get the information.
  Anybody knows what can I do to solve this problem? Yesterday all worked fine and this morning I saw all this.
  The release is Enterprise Portal 6.0 SP18.
  Thank you very much! All help would be highly appreciated (and rewarded)!

  You can check the following
  - the following profile parameters are set 
    login/create_sso2_ticket = 2
    login/accept_sso2_ticket = 1
  - if the corresponding R3 user is not locked or expired
  - if the portal certificate is added to the ACL list of the R/3 System (using  STRUSTSSO2)
  Regards,
  Abhishek