OAM and MS Active Directory Integration on Non-Windows Server envrionment
I will start by saying that I am dealing with a heterogeneous environment here where multiple systems are run by different levels of management. Our Oracle systems chose to go all *nix (Oracle Solaris and Red Hat Linux) and hence we do not have a single Windows Server in our Oracle services area and would really like to keep it that way as we prefer to keep a uniform platform across our Oracle servers. However, the desktop side of our department has chosen to use Microsoft Active Directory and now we wish to integrate and perform authentication against it for our OAM protected sites. We are in the initial setup phase but we have no desire to implement a critical server such as OAM on the Windows platform and would rather tie OAM running on a Red Hat Linux server to Active Directory. We will also be using OID as we run Portal but do not want to use it as our authentication authority for Oracle Products (local policy is that Active Directory is the only valid credential authority on site as we are moving to true Single Sign On across our desktops and web applications). I have a few questions.
1. Can it be done natively or would we have to run the Windows version of OAM?
2. If you must run OAM on Windows to use AD for authentication, Is there some way to setup the Windows version of OAM as sort of an interface for our main OAM server running on Red Hat Linux to do the AD Auth?
3. Can it be done using some sort of an interface such as Oracle Virtual Directory to interface with the LDAP interface to MS Active Directory?
Hi David,
Answers in-line
1. Can it be done natively or would we have to run the Windows version of OAM?
You can run all of the OAM Servers on *nix, and simply point to AD as an OAM data source on the machine:port that AD is running on. There is no need for the OAM components to be on Windows.
2. If you must run OAM on Windows to use AD for authentication, Is there some way to setup the Windows version of OAM as sort of an interface for our main OAM server running on Red Hat Linux to do the AD Auth
As above, this is not necessary.
3. Can it be done using some sort of an interface such as Oracle Virtual Directory to interface with the LDAP interface to MS Active Directory?
Yes, this is entirely possible. Even though it is not necessary in your situation, it often provides more flexibility to front-end the user store with OVD, for example when adding/renaming Windows domains, or specifying specific branches for users and so on.
Regards,
Colin
Similar Messages
-
I install Active Directory Domain Controller on Windows server 2008 enterprise and dont login on Sql Server 2008 R2. Before install ADDC, I have logon SQL Server 2008r2 Success, After when i install ADDC is don't logon on SQL Server 2008r2 -->not success.
I have uninstalled ADDC but i still can't login on SQL server 2008r2.
please help me. it is very very disaster!
I think is loss account SQL server 2008r2!Hello,
I stronly recommend you post the detail error message to us while you try to connect to SQL Server instance, it's useful for us to do further investigation.
Microsoft recommends that you do not install SQL Server 2008 R2 on a domain controller, there are some limitations:
You cannot run SQL Server services on a domain controller under a local service account or a network service account.
After SQL Server is installed on a computer, you cannot change the computer from a domain member to a domain controller. You must uninstall SQL Server before you change the host computer to a domain controller.
After SQL Server is installed on a computer, you cannot change the computer from a domain controller to a domain member. You must uninstall SQL Server before you change the host computer to a domain member.
SQL Server failover cluster instances are not supported where cluster nodes are domain controllers.
SQL Server Setup cannot create security groups or provision SQL Server service accounts on a read-only domain controller. In this scenario, Setup will fail.
On Windows Server 2003, SQL Server services can run under a domain account or a local system account.
So, I would suggest you try to open up Windows Services list and changed the account for SQL Server service.
Regards,
Elvis Long
TechNet Community Support -
OID and MS Active directory integration in 9ias
How to integrate OID with MS Active directory ?
We have 9ias and Portal . How to use the username/password in MS AD for Portal authentication ? As far as I know 9ias is using OID , so the question comes down to how to replicate MS AD information to OID ?Hi, I have the same question.
Thanks,
Malin -
ISE and MS Active Directory Integration Issue
It appears that our ISE 1.2 solution is having issues with nested MS AD Groups. The first login attempt always fails, the second occasionally works and the third always works. Has anyone else experience this login issues with ISE 1.2 and MS AD?
Sent from Cisco Technical Support iPhone AppRick,
I am a little lost in the screenshots you posted. In your AD groups that you have pulled I dont see an authorization policy mapped to the first group. In the authentication report it looks like authentication is successfull.
I have seen that ISE will only display a few of the groups now in ISE 1.2 can you build a policy based on the the group you want it to show and then try your authentication again? That is when ISE will show the specific group as opposed to ise pre 1.2 where it would show more groups.
Thanks,
Tarik Admani
*Please rate helpful posts* -
Active Directory integration problem, Bind AC and OD
Hi.
I'm trying to set an Open Directory as "connect to a Directory System" because I have a windows 2000 server with Active Directory. But i have a problem when i click on "open directory Access", Access Directory appear and I select Active Directory.
xxx.yyy is the server with active directory, with its admin and its password. but i cant Bind it and an error always appear.
can you help me?
what's "active directory domain"?is it xxx.yyy?
and what's "computer ID"?
Are there others parameters to set for example in DNS or other?
help help helpWhat are you trying to achieve by doing this?
Got to http://www.afp548.com/ and serach for AD-OD integration.
http://www.afp548.com/article.php?story=20051202151540574 -
Integration of sap R/3 (4.7) and Microsoft active directory (2003)
Hi All,
I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
Pls help me with this issue.
Thanks in advance,
Regards,
Raghav.Hi,
First You should read:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
Regards,
Jarek -
Help with Active Directory Integration and kerberos
Hello,
Im encountering a bug preventing me to use Active Directory integration with kerberos :
Our domain name is CORP.DOMAIN.COM.
When we request the GC in this domain :
bash-3.00# nslookup -query=any gc.tcp.corp.domain.com
Server: 1.2.1.6
Address: 1.2.1.6#53
** server can't find gc.tcp.corp.domain.com: NXDOMAIN
there is no answer.
But when we request without corp, we find the servers :
bash-3.00# nslookup -query=any gc.tcp.domain.com | grep sis
gc.tcp.domain.com service = 0 100 3268 serveur02.corp.domain.com.
gc.tcp.domain.com service = 0 100 3268 serveur01.corp.domain.com.
bash-3.00#
Is-it possible to add the possibility to enter the domain name where reside the gc.tcp ?
Thank you.Hello
the domain.com domain exist, but it's not our domain.
so, when I put domain.com, it search with no result (nothing appends).
our kdc.conf :
[kdcdefaults]
kdc_ports = 88,750
[realms]
CORP.DOMAIN.COM = {
profile = /etc/krb5/krb5.conf
database_name = /var/krb5/principal
admin_keytab = /etc/krb5/kadm5.keytab
acl_file = /etc/krb5/kadm5.acl
kadmind_port = 749
max_life = 8h 0m 0s
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = +preauth
krb.conf
[libdefaults]
default_realm = CORP.DOMAIN.COM
default_checksum = rsa-md5
[realms]
CORP.DOMAIN.COM = {
kdc = dc01.corp.domain.com
kdc = dc02.corp.domain.com
[domain_realm]
.corp.domain.com = CORP.DOMAIN.COM
corp.domain.com = CORP.DOMAIN.COM
in every domain, I think the GC are in corp.domain.com. but in my company, it's in domain.com...
Thank you, -
Active Directory integration: Invalid Token Error in Verification Service
I'm having problems with Active Directory integration. I'm able to browse users in the task routing slip in JDeveloper. But I'm unable to login to the worklist application.
Getting an "Invalid Token Error in Verification Service" error. Any pointers?
<2007-06-12 21:40:36,843> <ERROR> <default.collaxa.cube.services> <PCException::<init>> Identity Service Configuration error.
<2007-06-12 21:40:36,843> <ERROR> <default.collaxa.cube.services> <PCException::<init>> Identity Service Configuration file has error.
<2007-06-12 21:40:36,859> <ERROR> <default.collaxa.cube.services> <PCRuntimeException::<init>> Identity Service Configuration error.
<2007-06-12 21:40:36,859> <ERROR> <default.collaxa.cube.services> <PCRuntimeException::<init>> Identity Service Configuration file has error.
<2007-06-12 21:40:36,859> <ERROR> <default.collaxa.cube.services> <::> WorkflowService:: VerificationService.destroyContext: invalid token: c9pHcmBFtc4q7/EY3xGAv/6hhfa6Hf5tllCb8ZYKtdSA/8/y0exRcwpjy0vWiWGgBPzuIh5Ur+l+ZHDNe0PKb9KiFScsKAG3JK1y+nIJtC827Rljhn8E+/BoF+ZIN6GFYn/iyo/6Mrlmz02Pg4QtetftO7eHJ01rEV5MmZFTXsg8iV6LQPnkAPjqmmsq+5bVYGGfSFpHX7FXk/0FrSabClKy6DKiwt/1Kp2Ldbj2RY8=
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> ORABPEL-30503
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Invalid Token Error in Verification Service.
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Invalid Token Error in Verification Service. Received invalid token c9pHcmBFtc4q7/EY3xGAv/6hhfa6Hf5tllCb8ZYKtdSA/8/y0exRcwpjy0vWiWGgBPzuIh5Ur+l+ZHDNe0PKb9KiFScsKAG3JK1y+nIJtC827Rljhn8E+/BoF+ZIN6GFYn/iyo/6Mrlmz02Pg4QtetftO7eHJ01rEV5MmZFTXsg8iV6LQPnkAPjqmmsq+5bVYGGfSFpHX7FXk/0FrSabClKy6DKiwt/1Kp2Ldbj2RY8= in destroyContext
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Check the underlying exception and correct the error. Contact oracle support if error is not fixable.
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at oracle.bpel.services.workflow.verification.impl.VerificationService.destroyContext(VerificationService.java:667)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at oracle.bpel.services.workflow.query.impl.TaskQueryService.destroyWorkflowContext(TaskQueryService.java:161)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at worklistapp.servlets.Logout.handleRequest(Logout.java:66)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at worklistapp.servlets.BaseServlet.doGet(BaseServlet.java:142)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at java.security.AccessController.doPrivileged(Native Method)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:368)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:866)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:448)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:216)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:117)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:110)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> at java.lang.Thread.run(Thread.java:595)
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Caused by: BPEL-10555
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Identity Service Configuration error.
<2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Identity Service Configuration file has error.Hi Adina,
thank you for your answer (questions)!
We use 10.1.3.1 SOA Suite and the default jazn.com Security Provider and what we set at java.naming.security.principal property is oc4jadmin.
It is interesting, we deployed again out EAR and now it works again! There is not Invalid Token Error exception, but we didn't change almost anything...
Can we debug it somehow?
Where does this bug come from?
Thanks!
ric -
Tutorial: Azure Active Directory integration with Igloo Software
Click reply and tell us what you think:
Tutorial: Azure Active Directory integration with Igloo Software
Markus Vilcinskas, Knowledge Engineer, Microsoft CorporationHello
Can you be little clear, what you have tested with Airwatch MDM cloud?.. which scenarios?..
1) Device Enrollment ?
2) Access to Airwatch console?
3) Access to Airwatch self service portal?
By following the steps We do not get it working at all. by the way some of the steps in this tutorial are unclear and outdated;
I finally personally figured out how things should look like, and make it work but only with Device Enrollment scenarios from the mobile devices itself. not from the pc and browsers or from the Access panel. -
Oracle Discoverer 10G and mapping Active Directory to use SSO/OID
Could anybody point me please to the right direction?
1. I've setup Oracle 10gIAS but turned off SSO and my users running discoverer /portals with no SSO.
2. My goal is to turn on SSO and synchronize it with Active directory on the windows box.
Thanks you in advanceHi Randy;
As you mention all notes refer to SSO&OID for Active Directory integration.AFAIK there is no way to do it, please log a Sr and confirm this wiht oracle support
Regard
Helios -
Active directory Integration with OBIEE
Hi all,
Can any one send me a link for active directory integration with OBIEE.
I have imported the users succesfully and I was able to login to analytics as an AD user.
But SSO is not possible. Kindly help me over this.
Thanks,
Haree.Thanks for reply veeravalli.
Me too followed the same link and successfully imported all the users from AD into OBIEE and login in is also possible.
But my requirement is to have Single Sign On ie.., users may log on to their Windows PCs and access Oracle BI EE via a standard web browser with no further authentication required on their part.
Thanks,
Haree -
OID and MS Active Directory LDAP information Synchronization
Do you know have to do the integration between OID and MS active Directory? How to synchronize the LDAP information between two?
Hi, I have the same question.
Thanks,
Malin -
Can Microsoft active directory integrated with Oracle Applications
Hi,
Can anyone provide me any document on Microsoft Active Directory Integration with Oracle Applications(12.0.6)
ManishHi,
It is possible, please refer to the following documents for details.
Note: 376811.1 - Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On
Note: 415007.1 - Oracle Application Server with Oracle E-Business Suite Release 12 FAQ
Regards,
Hussein -
I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.
You problem is here.
right
join v_R_User USR on USR.ResourceID
= CS.ResourceID
USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
end up with unreliable results.
Anyways you need to make these changes to your query.
left
join v_R_User USR on USR.Unique_User_Name0
= CS.UserName0
http://www.enhansoft.com/ -
User base Synchronization between SAP and MS Active Directory Server
Dear all!
I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
i successfully implemented the synchronization of user data between SAP and the ADS.
My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
Currently I don't have a clue how to do this.
Regards,
ChristophHave you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
Regards,
Marc g
Maybe you are looking for
-
Error installing itunes 10.5 on windows vista
I keep getting an error message that says something about the windows installer when I try to download itunes 10.5
-
Looking for experienced iWeb 09 developer to help me in dev. my ecomm site.
Greetings, I am looking to get my site up and running using nothing but iWeb to conduct e-commerce transaction, shopping cart, course schedules etc. This site is not too difficult with about 5-7 pages but I would like to get someone to do this for me
-
Project 2010 Filter Selector (+/-) Not Displaying
Hello all. I'm using Project 2010 and am having a problem with the "filter selector" - the "+" or "-" symbols which allow you to roll-up or expand sections. I first noticed this with Summary Tasks in my project file not displaying the small boxed in
-
Order release on maintenance plan level
Hi, Is it possible to have preventive maintenance order release on maintenance plan level instead of order type level? Br, Shrithar
-
File Info Metadata Templates Photoshop CC 2014
In PS CC 2014 I have no direct access to previously generated metadata templates. Under the new "Template" button in the File Info panel I have only an Import and Export option How do I create a new template? How do I access my 10 previous templates?