Oracle Single Sign-On for perticular module ?

hello people,
I have implemented Single Sign-On for some of my jsp pages in different folders like finance, inventory, etc,. Am creating some test users and groups in OID. but the users in inventory group are able to login to finance module. can u please give me some suggestions on how to restrict this ? where to do the configurations ?
thanks

Hi,
if it is a J2EE application, use J2EE roles - defined in web.xml - and map it to groups in OID through the orion-application.xml file. See the OC4J security guide which is a part of Oracle Application Server documentation on OTN
Frank

Similar Messages

  • Oracle Single Sign on and Oracle Internet Directory

    Hello Gurus,
    What is the relationship between Oracle Single Sign on and Oracle Internet Directory.
    To my understanding, OID is required to install SSO.
    If OID already exist, can we just install SSO and go on integrating it to existing OID.
    Great Thanks,
    vimal jain.
    [email protected]

    Hi Tim,
    I've been working on this and could reproduce the issue with anonymous binds. A fix will be ready in 4.2.1.
    So what I really need is the password used for login to pass to the is_member call.The P101_PASSWORD item does not save state. However, you can access the value during submit processing of the login page, for example in the post authentication function of your authentication scheme. People sometimes put code in there to query the user's groups (e.g. with apex_ldap.member_of2) and save them in an application. This item value can then be used in the authorization schemes.
    Regards,
    Christian

  • How to use single sign-on  for BCC and Experience Manager

    Does anyone have experience in implementing single-sign-on for BCC and Endeca Experience manager for business users.

    With the older versions of Endeca commerce stack there is no OOTB support for this. However with Oracle Commerce 11, SSO with BCC and Experience Manager are out of the box. Oracle Commerce 11 is released today.

  • Oracle Single Sign on Integration with Oracle EBS  r12

    Hello,
    I am working on a project to integrate Oracle Single Sign On on Oracle r12. There is plenty of information available on Oracle Support but few inter-mixing and confusing terminology keeps popping up and I do not understand how all pieces together work. I am new to Oracle Single Sign On.
    Here are few basic questions.
    1. What is the difference between Oracle Internet Directory, Oracle Virtual Directory and Oracle Active Directory
    2. Are the terms Identity Management and Oracle Single Sign On interchangeable?   What is the difference between two?
    3. What is Oracle Access manager and how different that is from Identity Management?
    4. What is Oracle HTTP Server 11g webgate and how different that is from a normal traditional Oracle HTTP Server?
    5. What is Oracle EBS Accessgate?  Why do I need it?  On metalink some notes do not indicate use of Accessgate at all for OSSO deployment while some makes it look like required.And advise on above will help.
    Thank you
    Darsh

    Hi Darsh,
    1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
    2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
    3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
    4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
    5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
    HTH.
    Ghassan

  • Deploying OracleAS Single Sign-On Server Cluster setup with a Proxy Server

    I have a question regarding setting up a OracleAS Single Sign-On Server in a cluster mode along with a Apache Proxy Server.
    Step1 - I'm planning to install OracleAS Single Sign-On Server on two nodes sso1.oracle.com and sso2.oracle.com in a Cluster. Both the nodes in the cluster accesed via Load balancer i.e sso.oracle.com.
    Step2 - Then I'm planning to setup two Apache Servers as Proxy Server i.e apache1.oracle.com and apache2.oracle.com. These two apache servers are accessed via Load balancer i.e apache.oracle.com
    The question I have is
    1)while setting up OracleAS Single Sign-On cluster I would provide Load balancer host i.e sso.oracle.com as part of the install. So that all the user requests coming to sso1.oracle.com/sso2.oracle.com get redirected back to Load balancer.
    2)But as part of the Apache Server proxy setup I am also supposed to redirect from SSO server to apache.oracle.com
    But using ssocfg.sh I can only provide either sso.oracle.com or apache.oracle.com NOT BOTH.
    In this case what I should
    1) avoid redirecting to sso.oracle.com instead redirect only to apache server OR are there any other methods to configure.
    I have above setup working fine in DEV environment, where there is only one sso server and one apache proxy server. Problem really comes when I go for setting OSSO server as a cluster in this case I have to redirect to load balancer as well as proxy server?

    why not using webcacheclustering between the apache and the 2 sso's?

  • Single Sign on for 2 Web Applications deployed on Web Logic Server

    We want to implement single sign on for our application.
    We want to deploy 2 applications(JSF/ADF) on web logic server say
    webapp1 and webapp2.
    If user already logged into webapp1 with valid userid and password and
    then he access the link for webapp2 he should not be asked to provide
    the credential details userid and password.
    How we can implement this
    1. If user credentials are maintained/authenticated against LDAP
    2. If user maintained/authenticated are from database

    you are in the wrong forum. This one is related to Oracle forms. Try the ADF-forum instead.

  • Integrating Oracle BI Publisher with Oracle Single Sign-on security.

    I am trying to integrate BI Publisher with Oracle Single Sign-on running on a different machine.
    The BI Publisher is installed with an Oracle application server 10.3.1 (includes a HTTP server). These are the steps I followed:
    1) Registered BI publisher as a partner application in the Oracle SSO admin console which generated a single sign-off url.
    2) Made the required modifications in the mod_osso.xml config file.
    3) On the BI publisher admin page went to the securities tab and opted the SSO security and entered the single sign-off url generated in the previous step.
    4) Restarted the Oracle ID mgt infrastructure and the BI pub server.
    The BI pub login is not getting redirected to the SSO page.
    Please let me know as what is that I am missing. I've been cracking my head with this for quite long - any help will be highly appreciated.

    "user589320"
    APEX is only using BI Publisher to transform the XML data of your report and the template you provide into PDF, Word or Excel. For this, APEX sends the XML data and the template to BI Publisher, and BI Publisher sends back to completed document. So there's nothing stored in BI Publisher, all templates, report definitions, etc are stored in the APEX schema. This has the advantage that you can reference item values and other information in your print documents, and it also ensures that you don't have to access the database again from within BI Publisher, i.e. you don't need to communicate any authentication information to BI Publisher.
    Of course BI Publisher itself also provide the ability to store reports and to store templates. But those are not accessible from APEX through the built-in integration. You can however use the same templates you use for BI Publisher directly on load them into APEX for use there.
    Lastly, if you want to use and print reports in both BI Publisher and your APEX applications, you can do that through web services, take a look at Tyler Muth's BLOG for more information on this topic:
    http://tylermuth.wordpress.com/2008/03/31/call-bi-publisher-web-services-from-apex/
    Regards,
    Marc

  • Oracle Single Sign on JSP Database Connection

    I am writing a JSP Search Screen that launches off of Oracle Portal (behind SSO). What I'm looking to do is have the JSP connect to the database as that user, and then show the information available to that user (we have this handled by a VPD). I was wondering how I could get access to the single signon RAD in order to connect to the database from within my JSP. Any help would be greatly appreciated.

    Hi Darsh,
    1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
    2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
    3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
    4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
    5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
    HTH.
    Ghassan

  • Oracle single sign-on scenario. pls help.

    Hi,
    I have following basic Oracle single sign-on setup in place along with integration with Active Directory 2003.
    All the users are provisioned in AD, which is then synchronized with OID. The OID users is then manually synchronized to Oracle
    E-business suite (FND_USER table).
    So, the flow is like this :
    AD > OID > Ebiz suite
    Problem :
    We are now migrating users in AD 2003 to AD 2008 and i am being asked to perform impact analysis on Oracle Single sign-on environment while this AD migration is in process.
    Any clues or your inputs on impact that this will create on single sign-on will be much appreciated.
    Thanks in advance

    Hi Darsh,
    1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
    2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
    3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
    4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
    5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
    HTH.
    Ghassan

  • Oracle Single Sign-On: Use NTLM inside LAN

    hi,
    i want to configure oracle single sign-on to use NTLM authentication when accessing a protected resource from the LAN (specific IP-range). when a user is accessing a protected resource from the internet it should still show up the login-page.
    how can i achieve that?
    regards,
    matthias

    Hi Darsh,
    1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
    2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
    3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
    4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
    5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
    HTH.
    Ghassan

  • Single Sign On For CRM IC?

    I'm working on a project to implement Single Sign On for our company.  I currently have it working for all of our SAPGUI users via SNC (LDAP auth) and also our portal users (also via LDAP auth), and want to use it also for the CRM Interaction Center (Web client). 
    Has anyone successfully implemented a single sign on solution for the IC?  If so, reward points are waiting for someone who can guide me to documentation on how to set it up/configure.
    Thanks in advance for any help the forum can provide.

    Hi Wayne, a very good question based on the docs. <a href="http://help.sap.com/saphelp_crm40sr1/helpdata/en/99/39926a159f4a75bd7abeec9b49a040/frameset.htm">In the docs</a> it is stated that:
    <b>Integration Into Single Sign-On Environments</b>
        The application does not accept SAP logon tickets.
        The application does not accept X.509 digital certificates.
        When the IC agent user is integrated into the SAP Enterprise Portal, it is SSO enabled.
    I would guess, this means, there is an iview or something like this in the portal to start the WebClient wihtout requiering the user to authenticate again.
    regards,
    Patrick

  • Using the Portal Single Sign-On for java applet clients

    Hi
    We have a task to build a java applet working within a portlet and comunicating to some session EJB(wrapped BC4J) running on the OC4J. The applet is presumably connecting to server via RMI. This connection should be restricted to some groups of portal users.
    When a user is entering the applet he is supposed to be already logged into the Portal.
    There is a lot of information on building custom secure portlets using only a pure HTML(same as JSP) client whith the help of the Portal Single Sign-On.
    But, is it possible to use the Single Sign-On for establishing a secure RMI connection from applet to OC4J without entering a password in the applet once more?
    Yuriy

    Perhaps you can write a small JSP page or PLSQL
    web procedure that will grab user name from
    the SSO Server (via SSOSDK/mod_osso)
    and invoke the applet with encrypted user name.
    The applet will receive the encrypted username
    and decrypt it to get the clear user name.
    This help to get Single Sign-On.
    To make sure that environment is secure, encrypted
    user name parameter should have random salt,
    user name, and time stamp to prevent replay attack.
    Applet must make sure that the encrypted users name
    time stamp set by the JSP/PLSQL page has value
    within a reasonable time limit like 5 minutes

  • How to do single sign on for multiple webservices in flex application

    Hi Experts,
    I have created a flex application and using few webservices in that application. When I run the application its asking logon details for each and every webservice I used. However I want to do single sign On without providing logon details for each and every webservice.Please suggest me.
    Thanks and advance.

    Hi,
    if yout projects are deployed in their own Java EE context root then you have multiple applications, though logically you count them as one. Use OSSO or Oracle SSO (where OSSO should be fine since all deployments share the same instance)
    Frank

  • Integrating AS 10.1.2 and AS 10.1.3 to use Single Sign-on for BI Publisher

    Hi Everyone
    I was trying to make the following demonstration scenario on the AS and the facilities that can afforded by Oracle to our company:
    Note: I have just one machine for demonstration with Win2003 Enterprise
    First of all, I need to build a portal for my company, this portal will be published to the web through port 80 opened by Microsoft ISA Firewall (ISA installed on different machine):
    1- Portal should be integrated with oracle forms and reports with single sign-on
    2- AS, should have single sign-on authentication to work on port 80 only.
    3- Portal should be integrated with BI Publisher 10.3
    For the objectives mentioned above i have done the following:
    1- install AS 10.1.2 (infra and mid-tier) on the same machine with default installation options (http port 7777 for infra and port 80 for MT). (objective 1 = done)
    2- to make sso works on port 80, i have used webcache as reverse proxy for sso, and it's done but i have error (WWC-41400), but it doesn't affect login on portal, and that is my first problem.
    3- To have BI Publisher to work and authenticate users using single sign-on on port 80 (from outside), I had to install AS 10.1.3 (http on port 7779) on the same machine mentioned above, and then deploy BI Publisher on it, and that was ok, but problem is how to make use of single sign-on to authenticate people listed in oracle internet directory of INFRA installation mentioned above to use BI Publisher on port 80 only.
    So, could anyone please guide me in problem 2 and 3.
    Thanks in advance.
    Anas

    a couple of parameters not configured inside the Tomcat files. Now the SSO is working.
    SNC is not required for sso in bi 4.0
    http://wiki.sdn.sap.com/wiki/display/BOBJ/BI4IntegrationintotheSAPEntreprisePortal+7.0.x
    http://wiki.sdn.sap.com/wiki/display/BOBJ/SetupofSAPSSOServiceinSAPBOBI4.0+CMC
    Best Regards

  • Use single sign on for multiple portal domains

    Is it possible for a user to sign on once to a domain, and then be able to access other domains. What I'm trying to do is have one user registration page/login page, but use different portal server domains to present different sites, while at the same time having a type of single sign on, once a user has entered his credentials. Thus my registration process will create a new ldap user in an external directory, and i can then just point all the different domains to that External Ldap directory.

    I wouldn't recommend this because it would affect performance plus there are potential other issues like conflict that you would run into ..
    Everytime a user logs into a new session is created for him and this means a user might have multiple sessions on the server. The cookie that is also set is dependent on per portal domain so it might not work ..
    An alternative approach might be to have multiple roles and then customize the role for different views. You can modify the membership code in such a way that based on certain criteria you can assign him to a particular role, equivalent to your domain. However the problem could be if you want to provide delegated admin, currently the delegated admin is only at a domain level.

Maybe you are looking for

  • Old ipod updater ... where can I get a copy?

    I had asked this question in a previous post but received no replies so I though I would try again. I am (like lots of others) having problems with my ipod and itunes 5 and the new ipod updater. I was hoping to download an old ipod-updater - say Feb

  • (College task): Can anyone help me on a Datablocks Join problem?

    There is a college Forms task that i need to perform and I have some difficulties on that. I hope someone can help me. Okay I have a master data block(named manager) based on a table(named employees) in a form style. Every employee has an ENR (which

  • Automator won't save as Application

    Why doesn't automator allow saving workflows as applications anymore? The only option is that rediculous "save version" feature. If you want to call it a feature. Using version 2.2

  • Photoshop elements organizer crashed every time I try to open.

    The first time when I tried to open photo shop elements photo organizer it shut right down. Tried 3x more times and the same thing. I thought maybe my initial install was corrupted. So I uninstalled and did a re-install. Tried to open again and encou

  • Lifo pool?

    hi all, i configured LIFO Pool in sap using this path SPRO>MM>VALUATION ACCOUNT ASSSIGNMENT>BALANCE SHEET VALUATION PROCEDURES>CONFIGURE LIFO/FIFO METHODS>LIFO>CONFIG LIFO LIFO POOL and assigned the same to SPRO>MM>VALUATION ACCOUNT ASSSIGNMENT>BALAN