OIF 11g as IDP supporting multiple SPs

Similar Messages

• Is QuickTime support Mp4 file with Multiple SPS(Sequence Paramter Set) ?

  Hello EveryOne.
  I am in much trouble... plz help me. Thanks
  I have a Mp4 file with Multiple SPS(Sequence Parameter Set) and PPS(Picture Parameter Set.
  When i play into latest QuickTime then only Audio come. Blank White screen come in case of Video..Means no Video..
  i want to ask :
  Is QuickTime support Multiple SPS Mp4 file ?
  Thanks
  Shakti Kapoor
    Windows 2000  

  You didn't answer probably the most important question: whether you're using hardware or software Mercury Playback Engine (MPE). However, since you've set Maximum Render Quality on, it's largely irrelevant.
  When you're using hardware MPE or have the MRQ flag set for your export, rendering is performed with linear color. Linear color processing affects how color channels and alpha channels are composited--anything less than 100% opacity is subject to linear color processing. Check out this article for more information on linear color/linear light: Linear Light - Artbeats
  Since it sounds like you're seeing the results you expect in the Program Monitor, but not export, I'll wager you're not using hardware MPE. Only by disabling the Maximum Render Quality flag on export will you be able to get results that match what you see in the Program Monitor (within reason, of course). The only way you could see the effects of linear color within Premiere would be to either use a qualified GPU that enables hardware MPE, or go into your Sequence Settings and check the "Maximum Render Quality" option and then render previews.
  Please let me know if that helps resolve the issue, or at least provide a little insight into the problem.

• Steps to configure IDP on OIF 11g?

  Has anyone used OIF 11g as IDP using SAML 2.0? What are the steps (speacially related to certificate creation and update)? I went through the oracle documents but unable to figure out the correct steps to update the signing/encryption certificate. Should I be using keystore or Oracle Wallet?
  Thanks.
  VS

  Hello,
  Thank you for your reply and for the link to the documentation. I feel confused about with SSO method to use.
  Here is the case:
  1. Users have enterprise login/password credentials
  2. Once logged in their computer they would like to access EPM products which are installed on a remote server without entering their credentials again. They would enter the Url on the IE browser.
  3. We are using EPM 11.1.2 with weblogic
  If you had to implement SSO in this situation what steps would you follow?
  I've tried to create a custom authentication module, but don't know how to use it.
  I also read about Http request but don't know when I should use it.
  Any ideas for me?

• OIF 11g Admin Interfaces Unavailable

  Hey,
  We have an install of OIF 11g r1 that will no longer allow us to access the EM management interfaces associated with the IdP or SP. The error we get is as follows:
  Configuration settings are unavailable because /Farm_IDMDomain/IDMDomain/wls_oif1/OIF(11.1.1.2.0) is down.
  However, when I go to check the Farm_IDMDomain the Deployments and Fusion Middleware components show that everything is up and running. Strangely enough, I have another instance on another box that is showing something is down in my Fusion Middleware component view but nothing is actually down and the server seems to running fine. Not sure how to proceed. I've logged an SR but so far have had no response.
  tks

  The OIF 11g administration is done via the em (enterprise manager) console of the weblogic instance where OIF is deployed.
  1) Start the weblogic admin server.
  2) from the browser: http://host:port/em (the default port is 7001, unless you hv given something else during install). Give login/password.
  3) Then start the OIF application from the console.
  This is going to work.
  Instead of 3 above, you can start the applications from the command line also, but this is easier to do.
  Hope this helps. Let us know.

• OIF 11g SSO assertion attributes

  I am using OIF 11g and acting as IDP. I am unable to send any attributes in the SAML assertion apart from the NameID. Has anyone faced this issue earlier?
  Regards,
  Vinod

  Hello Vinod
  Login to Enterprise Manager
  Federations > Trusted Provider
  Select SP Trusted Provider > Edit
  Under "Oracle Identity Federation Settings", Attribute Mappings and Filters, Click "Edit"
  Click Add
  Type an attribute (User Attribute Name) that you want to pass in the assertion
  Type a name (Assertion Attribute Name) that you want to pass the above value as (can be same as the User Attribute Name)
  Check "Send with SSO Assertion"
  Repeat this step for additional attributes
  Apply changes
  Hope this helps
  Shiva

• LDAP supporting multiple DNS domains

  I have an environment with multiple DNS domains, and am configuring a Directory server (DS 6.3.1) to centralize various OS configuration maps including user authentication. None of the DNS domains have unique data, so I'd like to do something like storing all the real data in one suffix, then somehow have all clients look to that primary suffix. I am aware that the Solaris Native LDAP client wants to bind to a nisDomainObject that matches its DNS domain. I'm just having a hard time believing that I really need to manage all those individual suffixes when they don't have unique data requirements.
  Take as an example the following domains to be supported: foo.example.com, bar.example.com, dev.example.com, qa.example.com, prd.example.com (no hosts are actually in "example.com", they are all in subdomains). Again, all share common configuration data, same user IDs, etc - no unique maps are required.
  I created a suffix, "dc=example, dc=com", set it up with idsconfig. All is well there.
  [A] My first thought is to bind all Solaris clients, regardless of their DNS domain, to the baseDN of "dc=example, dc=com" in order to avoid having a separate suffix for each DNS domain. I tried to do this using "-a defaultSearchPath=dc=example,dc=com" with ldapclient init, but it failed with an error indicating it wants to see the nisDomainObject of its real DNS domain.
  The second though I had, which I don't believe is possible, is to find some sort of a LDAP equivalent of a symbolic link so that I could actually have an object for each DNS domain, but it would simply point back to "dc=example,dc=com". I can't find anything in the documentation which suggests this is possible, but I'd love to be wrong!
  [C] Perhaps this could be somehow done with a rats nest of SSDs, but that really seems unwieldy, right? I plan on using a fair amount of the available objects, so it would be many SSDs per suffix. Yuck.
  Can anyone comment on my above thoughts, or provide how they would go about supporting multiple DNS domains that have common configuration data?
  Thank you,
  Chris

  Ok, I answered my own question. Turns out it's pretty easy. Just use the "-a domainName=example.com" option with `ldapclient` then make sure that the FQDN of the LDAP server is available (or use its IP address). My problem was that the ldapclient overwriting nsswotch.conf was clobbering the SSL session because I used the FQDN which couldn't resolve.
  This leaves an interesting condition of having the output of "domainname" not match the DNS domain. I'm testing now to see if this causes any unexpected issues with our environmnet, but I suspect it's not a problem.

• HT201250 Hello i am using TimeMachine to back-up entire Mac image (data + system) on an usb-local drive. I would like (on top of it) add a specific plan to back up some files on a remote network drive. Does TimeMachine support multiple back-up plans ? How

  Hello i am using TimeMachine to back-up entire Mac image (data + system) on an usb-local drive. I would like (on top of it) add a specific plan to back up some files on a remote network drive. Does TimeMachine support multiple back-up plans ? How ?

  Time Machine is capable of backing up to multiple locations, and can be used to back up to both a local hard drive and a networked drive (provided that that drive is in or connected to a Time Capsule or another Mac that is sharing it over the network). The catch, though, is that you can't specify different things to back up to different destinations. Whatever you exclude from Time Machine backups is excluded from ALL backups, and whatever is included is included on all.
  So, get a large enough drive that you can back up everything you want in all locations, or use something else for maintaining the network backup.
  More information on these topics can be found here:
  How do I set up Time Machine to a shared drive on another Mac?
  How do I set up Time Machine to a Time Capsule or Airport Extreme?
  "Rotating" Time Machine backup disks

• Cisco Jabber client to support Multiple e-mail domains

  Hi All,
  Per the following link, CUCM an IM&Presence starts supporting multiple domains at version 10:
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/10_0_1/delta/CUCM_BK_C206A718_00_cucm-new-and-changed-1001/CUCM_BK_C206A718_00_cucm-new-and-changed-1001_chapter_010.html#CUCM_RF_I31EA3AB_00
  However, we have heard from Cisco that there is NO Jabber client that works with version 10 to support multiple email domains.
  This may or not may be true.
  Can someone who has connection with BU confirm this? If there is Jabber client that supports multiple email domains, what is the version and when is it going to be available?
  Thanks,
  Mustafa

  Per-Olov
  How are you dealing with this DA restriction?
  Also, what are your comments about the use of Domain Alias vs. Domain with inetdomainbaseDN pointing to my organization? Which one was your choice?
  Thanks,
  Ivo

• RDBMS Security Store supporting multiple domains

  Can one instance of the RDBMS Security Store be utilized to support multiple WLS 10.3.2 domains?
  I have several 10.3.2 domains, all of which have clusters and role requirements? The documentation 'suggests' one Store per domain, but all of the tables in the schema contain DOMN (domain) and REALMN (realm) columns that would seem to indicate domain independence. It would be nice to be able to manage one Store schema that supports several Domains.

  Hi,
  The document which you are referring is for WLS 10.0 and RDBMS security is introduced from WLS 10.3.0 onwards.
  The reason why RDBMS security store should not be stored between two domains is RDBMS security store is used by authorization, role mapping, credential mapping, and certificate registry providers.
  Once the RDBMS security store is configured in a domain, an instance of any of the preceding security providers that has been created in the security realm automatically uses only the RDBMS security store as a datastore, and not the embedded LDAP server.
  It is just the replacement for Embedded LDAP.
  Thanks & Regards,
  Murali.
  ============

• Supporting multiple companies with JES6

  I have been trying to find instructions to support multiple companies using email, calendar, and IM on a single installation of JES6 (messaging, calendar, IM, delegated admin, independent convergence, etc). I have had no luck.
  The sales pitch talks a great story about scalability, so I must be missing something. Sun Docs does not have Messaging Server 7.0 yet. The wiki that the product page sends you to is incomplete. I am not sure when Sun made the decision to not require complete documentation before a product is released, but I find that frustrating.
  I see that I can add multiple domains in Delegated Administrator, but this does not create separate partition areas in Messaging Server. I believe that you need to separate each company's email and calendar so that conflicts in names don't happen.
  Can someone direct me to a document or tell me how to do this? Please?

  workman99 wrote:
  I have been trying to find instructions to support multiple companies using email, calendar, and IM on a single installation of JES6 (messaging, calendar, IM, delegated admin, independent convergence, etc). I have had no luck.Log into Delegated Administrator and create a new organisation for each of the companies you wish to support. This organisation will require a domain-name e.g. somecompany.com (hence the term "hosted domain"). The users in the company then log into Messaging/Calendar/Convergence with [email protected].
  The sales pitch talks a great story about scalability, so I must be missing something. Hosted/Virtual domain functionality is in use by a number of companies to provide the very functionality you refer to.
  Sun Docs does not have Messaging Server 7.0 yet. There is no intention to provide static PDF based docs for communication-suite-6 products (which include MS7.0) going forth.
  The wiki that the product page sends you to is incomplete.How exactly is it incomplete? Where there are differences between MS6.3 and MS7.0 they are documented on the http://wikis.sun.com/display/CommSuite/ site.
  I am not sure when Sun made the decision to not require complete documentation before a product is released, but I find that frustrating.Once again, what exactly is not complete. Sweeping statements aren't really constructive. The wiki format has provided the ability to provide much quicker updates and enhancements to the documentation then was previously possible with the publish-once PDF guide mechanism.
  I see that I can add multiple domains in Delegated Administrator, but this does not create separate partition areas in Messaging Server. I believe that you need to separate each company's email and calendar so that conflicts in names don't happen. You don't require separate partitions as Messaging Server and Calendar Server both use the hosted domain information in their storage e.g.
  bash-3.00# ./mboxutil -lxp user/[email protected]/INBOX
    msgs  Kbytes last msg         partition   quotaroot mailbox path and acl
       3     240 2008/04/03 07:28 primary          5120 user/[email protected]/INBOX /opt/SUNWmsgsr/data/store/partition/primary/=user/b7/e4/=testuser@hosted%dsun%dcom [email protected] lrswipcda
  bash-3.00# ./mboxutil -lxp user/shjorth/INBOX
    msgs  Kbytes last msg         partition   quotaroot mailbox path and acl
       6      37 2008/09/12 13:08 primary          5120 user/shjorth/INBOX /opt/SUNWmsgsr/data/store/partition/primary/=user/c4/31/=shjorth shjorth   lrswipcdaSo in the above example "testuser" is in the hosted.sun.com hosted domain and "shjorth" is in the aus.sun.com default domain. The default domain does not have the domain information appended in the path and is treated as a special case.
  bash-3.00# ./cscal list [email protected]
  [email protected]: [email protected] status=enabled
  bash-3.00# ./cscal list [email protected]
  [email protected]: [email protected] status=enabledFor calendar server, the domain of the user is appended to the UID thus providing for separate UID name-spaces for each hosted-domain organisation.
  Regards,
  Shane.

• Looking for a client/server that supports multiple protocol and delivery

  Hi all, I don't know if this the right place to ask my question,here it goes.
  I am looking to develop a client-server that supports multiple protocols such as HTTP, HTTPS etc. I am looking for a framework( i don't know if that is correct or I need some kind of web-service (soap etc)) that would manage connection, security etc. I would like to like to devote most of my time in developing business objects with multiple delivery mechanism such as sending serilized java objects, xml message or soap message, or in some case JMS message as well. So I need a client server that can come in via TCP/IP or HTTP or anyother industry standard protocol and I should be able to service him with pub/sub model and also request/response model as well.
  I don't know if I had explained what I need, I would like to know what technologies I should be evaluating and which direction I should be heading... Also the server I'm developing should be free of Java constraints if needed...
  Also this service is not webbased service as now but if need arises I should have a flexibilty to make them web enabled in future. Also I would like to work with open source webservers or appservers if I need

  Inxsible wrote:I installed i3 - along with the i3status - which I still have to figure out. I am liking what I see as of now. It reminds me of wmii -- when I used it way back when. However I do not like the title bar. I would much rather prefer a 1 px border around the focused window.
  "i3 was created because wmii, our favorite window manager at the time, didn't provide some features we wanted (multi-monitor done right, for example), had some bugs, didn't progress since quite some time and wasn't easy to hack at all (source code comments/documentation completely lacking). Still, we think the wmii developers and contributors did a great job. Thank you for inspiring us to create i3. "
  To change the border of the current client, you can use bn to use the normal border (including window title), bp to use a 1-pixel border (no window title) and bb to make the client borderless. There is also bt  which will toggle the different border styles.
  Examples:
  bindsym Mod1+t bn
  bindsym Mod1+y bp
  bindsym Mod1+u bb
  or put in your config file
  new_window bb
  from: http://i3.zekjur.net/docs/userguide.html (you probably already found that by now )

• Does the sender SOAP adapter support multiple operations per interface

  Hi guys,
  does the sender SOAP adapter support multiple operations per interface? (interface type of 7.1)?
  Thanks,
  Andrzej

  theoretically Yes.
  Do have a look into this when you get time
  /people/shabarish.vijayakumar/blog/2010/09/08/service-interface-and-multiple-operations--is-it-just-an-hype

• OSB (11.1.1.7): Can OSB/Weblogic (11.1.1.7) support multiple PKIs (Public Key Infra-structure)

  Hi All,
  Would you be able to help me in understanding if OSB/Weblogic (11.1.1.7) can support multiple private key's in the domain to enable 2-SSL W/S calls ?
  Solution walk-through :
  A 3rd Party Web Service is only accessible via 2-way SSL http channel. To achieve this, OSB is required to use the private key which is issued by 3rd party. This private key and 3rd party root certificate (CA) need to be installed into OSB’s keystore which is based on Java Keystore format.
  The private key (issued by 3rd Party) will be used by OSB for identity signature. This private key is bound to IP address of the OSB machine calling the 3rd Party web service. Also, 3rd Party root certificate (CA) will be used by OSB to verify the identity of 3rd Party web service.
  Given the private key is used as the identity of the system and should be guarded closely by the target system, we believe this approach needs to be reviewed and assessed accordingly.
  Limitations and drawbacks with the current solution :  
  1. The private key of OSB system is issued and controlled by an external application vendor.
  2. OSB is enforced to use this private key and its signature algorithm for other external parties’ interactions. The current client certificate issued by 3rd Party is X509v3 certificate which uses RSA, with a 2048-bit key size, signed with a SHA-512 hash.
  3. The SSL is self-signed, not signed by a publicly trusted cert provider (i.e. VeriSign)
  4. Extra dependency on external vendor systems as the key provider. Currently, the keys are bound to server IP address; any changes to the production environment, (i.e. adding new nodes) will require a new key to be generated by 3rd Party system. In case 3rd Party is no more used in the future, the keys can no longer be generated.
  Conclusion : OSB does not support multiple PKIs (Public Key Infra-structure) which is a mapping mechanism that OSB uses to provide its certificate for SSL connecitons to the server. Multiple private keys, require multiple PKIs which OSB does not handle.
  So, do you agree that OSB/Welblofic (11.1.1.7) could not support multiple private key issued by more than one 3rd party vendor ?
  Thanks,
  Kunal Singh

  Hi Kunal,
  Although it is recommended to have 1 key pair for 1 identity store as it represents unique identity of your domain but you can:
  import multiple key-pairs in your identity store
  Configure PKI credential mapper to use reference of identity store consisting of multiple keys
  When in your OSB project, you create Service Key provider(SKP) then it loads all the private keys present in identity store referred by PKI mapper. It will browse both the keys.
  Depending on your requirement, you can choose different key pair for for different SKPs for "Client Authentication key" section(For SSL) and "Signature key" for DigiSign.
  Please let me know if i understood your query correctly and above helps.
  Regards,
  Ankit

• Does the IPhone 3G support multiple phone lines?

  Looking into purchasing the iphone 3G - does the 3G support multiple Phone lines or numbers? Such as a business and personal number?

  You should probably call and ask AT&T, as that would be something that would need to be configured on their end.

• Report sould support multiple company codes and currencies

  Hi Experts,
  I had requirement, my report should support multiple company codes and currencies. Right now it is supporting 2 company codes and currencies(EUR, USD) only. Now the report should support all copmany codes and currencies.
  I had analyzed report. In the report there are class and authorization objects. In this authorization objects, they may be any chances of maintaining company codes and currencies?  This is regarding PS Module.
  Need ur suugestions to solve this issue...
  Regards,
  K. Bharat

  Hi raja,
  Could you share what you had to do to attain this functionality? I have the same requirement.
  Thanks,
  Kiran