OBIEE Security - How to setup SSO-integrated EBS users & mobile access?

Similar Messages

• SAP IDM 7.2: How to setup SSO functionality for WebUI of CRM and GRC?

  Hello IDM-experts,
  where can my customer find information about
  SAP IDM 7.2: How to setup SSO functionality for WebUI of CRM and GRC?
  Customer situation description:
  The situation is that we are using SAP IDM 7.2. We are using a functionality to allow our users to access a webpage from where they can gain
  SSO access to the Abap systems via the SAPGui. See screenshot as an example.
  Now what we want is to access the CRM and GRC WebUI also with the same SSO possibility. We cannot find any guide/best practice on how to do
  this or if it is possible via SAP IDM 7.2.
  You can see a weblink in the first screenshot but it does not work. It will ask you for a username and password, see second screenshot.
  Kind regards,
  Daniela

  Do you know how the SAP GUI SSO is setup ? Is it using SNC/Kerberos ?
  If it is (I suspect it is), then you will need to use similar method of authentication for the ICF Services. These cannot use SNC since they are accessed via browser, but what you want is possible.
  Thanks
  Tim

• How to setup osx Firewall to allow incoming access to nginx?

  Hello!
  How to setup osx Firewall to allow incoming access to nginx (any port)?
  Local access is all fine, but when I trying to open http://<myip>:<port> from outside (other device in same network) there are no answer.
  If I turn off Firewall all works fine, but I want to keep my safety.
  Adding "nginx" binary file to Firewall  list doesn't help.

            "Victor" <[email protected]> wrote:
            >
            >Hi,
            >
            >I need to limit access on one JSP to a user. All the
            >other JSP's
            >should be available to averyone all the time. The following
            Victor,
            two ideas:
            1. Once you've seen where jspservlet compiles the jsp to, try adding
            an explicit servlet registration (then an acl for that servlet)
            I'm not sure if it would work, never tried.
            2. If it doesn't, well, you have a servlet class available from
            the jspservlet/jspc process. Move it to servletclasses (or wherever
            you keep other servlets) and register/acl it normally
            

• How to make SSO if a user login from Jetspeed and jump to Sun Portal

  We need to make the Sun Java Portal Server SSO when a user has done the authentication in another remote desktop application or the web applications ( like Jetspeed host ).
  Username and password can be retrieved if a user logs in any other application. In the Access Manager, LDAP is the only authentication module used.
  We made this requirement in the Jetspeed. The general idea is to create a filter which sets the Username and Password into the principal. Thus, Jetspeed checks the existence of the principal and regards the user as being authenticated if the principal is valid.
  Currently, it seems not feasible in the Sun Java Portal Server by using the same way. Anyone met the same the situation before? Who is familar with the process of the second session validation? I read the Sun Java System Access Manager - Technical Overview ( p38, topic: session validation). It just gave me a very general image. Who has some specific references about that ? I am very appreciated for your help.
  Here is the codes of the filter
  Public class EnablerFilter implements Filter {
  public void init (FilterConfig arg0) throws Servlet Exception {}
  public void destroy() {}
  pulic void doFilter (ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
  HttpServletRequest request = ( HttpServletRequest) req;
  HttpServletResponse response = ( HttpServletRequest) res;
  SSOTokenManger tokenMgr =null;
  try {
  tokenMgr = SSOTokenManger.getInstance();
  } catch ( SSOException e) {
  e.printStackTrace ():
  System.out.println ( " failed in creating Token Manger");
  SSOToken token = null;
  // if a token exists in the cookie
  try {
  token = tokenMgr . createSSOToken (request);
  } catch (UnsupportedOperationExcetpion e1) {
  el.printStackTrace() ;
  } catch (SSOException e1) {
  el.printStackTrace ();
  // if a token does not exist in the cookie
  if (token =null ) {
  Principal cfxPrincipal = new CfxPrincipal ( " username");
  try {
  token = tokenMgr. createSSOToken ( cfxPrincipal, " username");
  } catch (SSOException e) {
  e.printStackTrace () ;
  chain.doFilter (request, response);
  }

  Hi,
  Thanks,
  But the note don´t say how to connect the j2ee of the BI-Java with the J2ee of the Portal.

• How to setup to support more user support

  We plan to migrate our database from SQL Server to Oracle 10g to improve application system cocurrency.Our application system is C/S architecture.But,after my migration,I tested and found connection number is not as much as before.So,I want to know how to setup my initial parameter to support more cocurrent connection.
  Very thanks.

  I tested and found connection number is not as much as beforeCan you explain what issues you are having in a bit more detail?
  Are you getting any Oracle errors while trying to connect?
  How many simultanious connections are you expecting?
  How many are currently supported in your setup?
  How is the application using the connection? How long is the connection held by the client before releasing it?

• How can I check if an user has access to an url within my web app?

  Hi,
  I have a web application where I allow the users to set their startup page by presenting them a list of startup pages. However, some startup pages can accessed only by certain users, so I want to present the user only those pages the user has access to.
  How can I do this with weblogic?
  One way is to read the web.xml file and determine the roles that have access to the page, then check whether the user has any of those roles.
  Is there a better way eventually using some weblogic api?
  Thanks

  Just for the record, I decided to parse the web.xml file and to simulate whatever the container does.

• OBIEE 11.1.1.5 SSO integration with OAM 11gR1 (11.1.1.5)

  Hi,
  I am integrating OBIEE 11.1.1.5 with OAM 11gR1 (11.1.1.5).
  I have configured as per section 12.3 of following link:
  http://docs.oracle.com/cd/E22203_01/doc.31/e20664/chapter_12.htm#CHDFAFHH
  After making all these configurtions, when i access:
  http://<OHS server>:<OHS port>/analytics
  User is getting prompted for auth from OAM. After successful auth, request gets redirected to WebLogic server hosting the OBIEE app. I have verified in OBI logs that the header value OAM_REMOTE_USER gets passed to OBI.
  But even with all this, after successful OAM authentication, user is getting prompted with OBI login page.
  Pls help.
  Thanks

  Hi Abhinay,
  I have already make the following configurations as per the documentation:
  To enable SSO:
  1.Log in to OBIEE at
  http://[OBIEE server:port]/em.
  2.Click Farm_<OBIEEDomain>_domain > Business Intelligence > Coreapplication.
  3.Click the Security tab.
  4.Select Enable SSO.
  5.Select SSO Provider: Oracle Access Manager.
  6.Click Apply and Activate Changes.
  Do we need to make some other configurations also at OBIEE EM ?
  Thanks

• HR Security - How to setup BW Security similar to Security setup on R/3

  Hello Gurus,
  In our BW environment we are restricting the HR data based on the administrator group (SBMOD). For Example: We have two analysis authorizations. First one will gives access to US SBMOD values and the second one gives access to EX-US (International) SBMOD values. Then if a user is assigned with both the authorizations and he runs the query for all the SBMOD values, no data is returned. Is there a way to make this combination work in BI Analysis Authorizations?
  I understand in BW I can create one role that for the example above gives access to all sbmod values and then the person who had this role would have access to all employees.
  This is just one example, we are an international company and on the R/3 side have over 1000 roles for different groups of employees and then we can assign multiple roles to give access to multiple groups of people because in R/3 you get the join of all the roles you have.
  We are able to give multiple roles on the R/3 to make this work we are trying to avoid creating a role in BW for every combination of roles assigned on R/3.
  Any suggestions would be appreciated.
  Thanks,
  Dileep

  Deb,
  I work with Dileep.
  Here is our setup for 3 separate roles in RSECVAL:
  User master maintenance: Authorization n     InfoObject     SIGN     Operator     Internal Characteristic Value     Internal Characteristic Value
  YHRGLB     0BUS_AREA     I     CP     *     
  YHRGLB     0COMP_CODE     I     CP     *     
  YHRGLB     0CO_AREA     I     CP     *     
  YHRGLB     0EMPLGROUP     I     CP     *     
  YHRGLB     0EMPLSGROUP     I     CP     *     
  YHRGLB     0ORGUNIT     I     CP     *     
  YHRGLB     0ORG_KEY     I     CP     *     
  YHRGLB     0PERS_AREA     I     CP     *     
  YHRGLB     0PERS_SAREA     I     CP     *     
  YHRGLB     0PLANT     I     CP     *     
  YHRGLB     0TCAACTVT     I     EQ     03     
  YHRGLB     0TCAIPROV     I     CP     0HAP*     
  YHRGLB     0TCAIPROV     I     CP     0PA*     
  YHRGLB     0TCAIPROV     I     CP     YCATS*     
  YHRGLB     0TCAIPROV     I     CP     YHR*     
  YHRGLB     0TCAIPROV     I     CP     YPA*     
  YHRGLB     0TCAIPROV     I     CP     YPY*     
  YHRGLB     0TCAIPROV     I     EQ     0EMPLOYEE     
  YHRGLB     0TCAIPROV     I     EQ     0PERSON     
  YHRGLB     0TCAKYFNM     I     CP     *     
  YHRGLB     0TCAVALID     I     CP     *     
  YHRGLB     YHRMDADMN     I     CP     *     
  YHRGLB     YHRPRLADM     I     CP     *     
  YHRGLB     YHRSBMOD     I     CP     *     
  YHRGLB     YHRTRADMN     I     CP     *     
  YHRINTL     0BUS_AREA     I     CP     *     
  YHRINTL     0COMP_CODE     I     CP     *     
  YHRINTL     0CO_AREA     I     CP     *     
  YHRINTL     0EMPLGROUP     I     CP     *     
  YHRINTL     0EMPLSGROUP     I     CP     *     
  YHRINTL     0ORGUNIT     I     CP     *     
  YHRINTL     0ORG_KEY     I     CP     *     
  YHRINTL     0PERS_AREA     I     CP     *     
  YHRINTL     0PERS_SAREA     I     CP     *     
  YHRINTL     0PLANT     I     CP     *     
  YHRINTL     0TCAACTVT     I     EQ     03     
  YHRINTL     0TCAIPROV     I     CP     0HAP*     
  YHRINTL     0TCAIPROV     I     CP     0PA*     
  YHRINTL     0TCAIPROV     I     CP     YCATS*     
  YHRINTL     0TCAIPROV     I     CP     YHR*     
  YHRINTL     0TCAIPROV     I     CP     YPA*     
  YHRINTL     0TCAIPROV     I     CP     YPY*     
  YHRINTL     0TCAIPROV     I     EQ     0EMPLOYEE     
  YHRINTL     0TCAIPROV     I     EQ     0PERSON     
  YHRINTL     0TCAKYFNM     I     CP     *     
  YHRINTL     0TCAVALID     I     CP     *     
  YHRINTL     YHRMDADMN     I     CP     *     
  YHRINTL     YHRPRLADM     I     CP     *     
  YHRINTL     YHRSBMOD     I     BT     A%     O%
  YHRINTL     YHRSBMOD     I     BT     Q%     Z%
  YHRINTL     YHRTRADMN     I     CP     *     
  YHRUS     0BUS_AREA     I     CP     *     
  YHRUS     0COMP_CODE     I     CP     *     
  YHRUS     0CO_AREA     I     CP     *     
  YHRUS     0EMPLGROUP     I     CP     *     
  YHRUS     0EMPLSGROUP     I     CP     *     
  YHRUS     0ORGUNIT     I     CP     *     
  YHRUS     0ORG_KEY     I     CP     *     
  YHRUS     0PERS_AREA     I     CP     *     
  YHRUS     0PERS_SAREA     I     CP     *     
  YHRUS     0PLANT     I     CP     *     
  YHRUS     0TCAACTVT     I     EQ     03     
  YHRUS     0TCAIPROV     I     CP     0HAP*     
  YHRUS     0TCAIPROV     I     CP     0PA*     
  YHRUS     0TCAIPROV     I     CP     YCATS*     
  YHRUS     0TCAIPROV     I     CP     YHR*     
  YHRUS     0TCAIPROV     I     CP     YPA*     
  YHRUS     0TCAIPROV     I     CP     YPY*     
  YHRUS     0TCAIPROV     I     EQ     0EMPLOYEE     
  YHRUS     0TCAIPROV     I     EQ     0PERSON     
  YHRUS     0TCAKYFNM     I     CP     *     
  YHRUS     0TCAVALID     I     CP     *     
  YHRUS     YHRMDADMN     I     CP     *     
  YHRUS     YHRPRLADM     I     CP     *     
  YHRUS     YHRSBMOD     I     BT     0000     9ZZZ
  YHRUS     YHRTRADMN     I     CP     *     
  We can assign someone the US or INTL or GLB. Ideally we would have liked to not have to create the Global role and just assigned the US and INTL roles to the same person.
  Any suggestions of how we could set this up differently so we would not have to have a separate role for each combination of access would be greatly appreciated.
  Thanks,
  Barb

• How to setup clients to use authentication to access OID

  Hello,
  I'd like to perform two tasks with OID:
  1) anonymous OID browse for net service entries access to everyone (simple all client configuration - add LDAP naming method and ldap.ora)
  2) password protected OID browse for particular net service entries to subset of users (for special clients who has to access restricted Net services)
  I check documentation and played a bit and finally can perform task 1) with anonymous binds
  Main problem is how to perform task 2). I try to follow guidance from http://download.oracle.com/docs/cd/E11882_01/network.112/e10836/config_concepts.htm#i484232
  that I need to put those parameters to sqlnet.ora file:
  names.ldap_authenticate_bind = TRUE
  wallet_location = location_value
  I start playing with Wallet Manager with no success yet.
  Question:
  1) Maybe somebody knows how to perform tasks above better than I suppose to do with little overhead for admin and end user?
  2) Do I need to put all OID Net Service entries to wallets for all clients?
  3) Do I need to simply create user in OID with enough privileges to access restricted net service names for browsing and put this user to wallet for all clients?
  4) Other ideas?
  Configuration:
  I setup OID 11.1.1.3.0 on Windows XP 32-bit, import Net Service entries from tnsnames.ora, setup anonymous binding.
  Thanks,
  Sergiy

  Hi
  Do you have a radius/tacacs server in your infrastructure. What you want is to authenticate the user on the ASA before they get access to the devices.
  Attached is a link to authenticating network access with the ASA
  http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/fwaaa.html#wp1043431
  HTH
  Jon

• How to setup a physical architecture for MS ACCESS in Solaris

  There isn't any odbc in Solaris platform. How can I access to MS ACCESS files?
  Thanks in advance!

  Hi, here are two solutions from metalink.
  a) Setting up a Sunopsis Agent on the Microsoft Windows system hosting the Access database which will use the ODBC / JDBC bridge for connecting to the Access database. The data may then, for example, be loaded by an Integration Interface into a Database on a Unix system for further processing.
  b) Seting up a Sunopsis Package made up of the following steps (to be executed on an Agent set up on the appropriate Microsoft Windows host)
  - 1. Run the SnpsSQLUnload Tool to extract the data to a Flat File on the Microsoft Windows host
  - 2. Use the SnpsFTP tool to transfer the file to a Unix system
  - 3. Run an Integration Interface from the Unix system file as Source.

• How to setup everything to start making mobiles games?

  I want to learn how to write applications/games for a HTC hero (and other mobile phones) in java me.
  I installed:
  - netbeans
  - mobility Version: 1.6.1 (I guess that is the same is java ME?)
  When I press:
  file/New Project
  Select "java me" Select "CDC Application", it says: "No compatible platform is installed in the IDE"
  Googling a bit, brought me the following: http://netbeans.org/kb/docs/javame/cdcemulator-setup.html
  The link contains a bunch of emulators and instructions how to configure them.
  My problem is that I don't know which one I should select. The platform that I'm aiming for is a HTC hero (it has a touchscreen).

  The Android OS is a JavaFX OS designed by Google and uses as default standard J2SE and not J2ME, so you have to
  develop in Java SE. Behind it is a optimized JVM(Java Virtual Machine and not KVM) called Dalvik.
  First of all you have installed the wrong IDE.
  To develop for Android you have to use Google's SDK and it is supported as
  plugin in Eclipse and not in NetBeans.
  So, you have to install Eclipse and download the ADT plugin from Google that adds custom project setings and the api for Android. Now you have all you need to develop applications for Android. You have to keep in mind that the API for android is different from the one designed for J2ME, so try to use Android tutorials and not J2ME ones.
  J2ME applications can run in Android but in order to do this some companies use a layer of translation between the Android API and J2ME and this
  was done by experienced programmers. Also there is another way of running midlets in Android by installing platforms as applications for android, but
  you have to rebuild the specific platform for android and there are no well designed tutorials in order to do this.
  The best thing is to develop in native api for Android because the application will run 100% and you will have a richer API at your disposal while
  J2ME one is quite limited when compared to Android's one.
  In industry multiple versions for the same game are created as a single project but in order to fit all devices it is used Ant tool that adds a preprocessing phase before compilation. It is used to filter the source code and to extract the specific setting for one device from a script that contains device capabilities, like the possibility of rendering jpg images(newer devices) or png(default format used for older devices), to possibility to play mp3(newer devices) or amr(older format), the presence of absence of softkeys, the custom key codes when the device is not returning standard key codes at input, etc.
  You can make an analogy with C++ compiling directives (#ifdef... #endif) used to compile cross platform C++ code. The standardized code used for data processing is written in ANSI standards but some features like multithreading, communication, events are dependent by the api provided by the operating system.
  Edited by: Conrad_Ciobanica on Feb 2, 2010 11:17 PM

• 11.5.10 AP How to setup Invoice Approval by user

  Dear Gurus
  I have 5 companies, each one have AP installed.
  I have 100 AP Users in the 5 Companies, so there are 10 AP Clerks and another 10 Users that needs to capture Prepayments and Standar Invoices by Company.
  Those 10 users have a supervisor that needs to approve either the prepayments or standard invoices.
  Therefore I was wondering if I can setup AME by user and by Company.
  Thanks for your comments
  Regards

  Hello Gurus
  I thinks is complex
  5 Companies each one have 20 users. Those 20 users are split 10 are AP Clerks and the others are employees thats needs to capture prepayments and standard invoices.
  Each one of the 10 users that a Supervisors that needs to approve the prepayments or estandar invoices through AME, while the AP Clerks does not need an Approval.
  Therefore I was wondering if I can setup AME by user, because ones user needs an approval while the other does not.
  Thanks

• HOW TO CONFIGURE MANAGER or APPROVER USER IN ACCESS REQUEST MANAGEMENT TO APPROVE OR REJECT REQUEST

  hi sap gurus,
  i configured grc 10 system successfully. I created one user: GR_AR_APP001 and assign following roles:
  SAP_GRAC_ACCESS_APPROVER
  SAP_GRAC_ACCESS_REQUEST_ADMIN
  SAP_GRC_FN_BASE
  SAP_GRC_FN_NUSINESS_USER
  and I maintained GR_AR_APP001 in access control owners as "POINT OF CONTACT", "SECURITY LEAD" and "WORKFLOW ADMINISTRATOR"
  but when i am creating access request for new user and defining MANAGER under user details tab as GR_AR_APP001.
  the user GR_AR_APP001 is not receiving any request for APPROVE or REJECT in his WORK INBOX.
  can u please guide me how to configure APPROVER or MANAGER to approve or reject request.
  I will be very much thankful if you guide me successfully.

  Hi Colleen,
  thanks a lot for your time.
  PIC1: I created one user: GR_AR_APP001
  and assigned all the GRC ROLES.
  PIC2: I assigned owner type to GR_AR_APP001 user : POINT OF CONTACT, SECURITY LEAD and WORKFLOW ADMINISTRATOR in NWBC ACCESS CONTROL OWNERS
  PIC3: I created one EUP 980 (copied from default EUP)
  PIC4: I maintained default manager as GR_AR_APP001 user in 980 EUP
  PIC5: I selected SAP_GRAC_ACCESS_REQUEST process id
  PIC6: I created one agent id as ZGRAC_MANAGER11 in which I added approver user id: GR_AR_APP001
  PIC7: I saved agent id
  PIC8: I added agent id as ZGRAC_MANAGER11 in stage5 in manager stage.
  PIC9: I saved
  PIC10: I maintained EUP 980 (in which I configured manager as GR_AR_APP001 user) in stage 5 task settings
  PIC11: Maintain Route Mapping, I clicked on next
  PIC12 and PIC13: I saved and activated.
  After this process I created one request for new account and selected the manager as GR_AR_APP001 and one request is created with request no 9000000030.
  now I logged into system by user GR_AR_APP001 and checked, there is no request under his work inbox.
  please guide me at least one procedure, how to receive request in approver work inbox so that I can learn other procedures to configure approver as per our organization requirement.
  thanks for your support Colleen.

• How do I allow two account users to access pSE6 on their own accounts?

  how do I set up PSE 6 to allow two account users on one computer to access pSE6 on their own accounts?

  They can't share a catalog stored on the main hard drive, if that's what you want to do, but to just use the program separately, log in to the other user account, open PSE, and if PSE wants to register itself again, let it.

• How do I allow parental controlled users to access third party apps on the admin account?

  I just set my son up with a separate parental controlled user account and he can't seem to access some third party games that we installed for him under my admin account. He has saved progress on these games that we don't want to lose, so I don't want to reinstall them. I checked them off as allowed apps, but when he tries to play- the game icon shows up in the doc then changes to the updater icon and they won't run. I've searched for answers to this question, but can't seem to find any. Please help? My son and I would be very grateful!

  jeremiahfromva wrote:
  Mavericks (isn't that an old Ford model?
  Sure was! They used it on 4 different models. But that was Maverick, as in horse. This will be Mavericks as in ocean waves.