Oracle single sign on Synchronization issue

We have pushed the Single Sign on Agent in our enviornment through SMS.With most of the users it seem to be working perfectly alrightAll the applications are listed and being synchronized.The issue is with some of the users we get the applications Greyed.Settings for Synchronization are selected but still its not working.
its only with some of the users,With rest its working perfectly fine.where as the same MSI package have been installed on all the machines.
Any body who have faced the same issue. Help

Hi
In my experience applications are greyed out when their template is available in the local cache and the user does not belong to the group the particular template has been assigned through the Administrative Console. Have you enabled role/group support?
Regards

Similar Messages

  • Oracle Single Sign on and Oracle Internet Directory

    Hello Gurus,
    What is the relationship between Oracle Single Sign on and Oracle Internet Directory.
    To my understanding, OID is required to install SSO.
    If OID already exist, can we just install SSO and go on integrating it to existing OID.
    Great Thanks,
    vimal jain.
    [email protected]

    Hi Tim,
    I've been working on this and could reproduce the issue with anonymous binds. A fix will be ready in 4.2.1.
    So what I really need is the password used for login to pass to the is_member call.The P101_PASSWORD item does not save state. However, you can access the value during submit processing of the login page, for example in the post authentication function of your authentication scheme. People sometimes put code in there to query the user's groups (e.g. with apex_ldap.member_of2) and save them in an application. This item value can then be used in the authorization schemes.
    Regards,
    Christian

  • Oracle Single Sign on Integration with Oracle EBS  r12

    Hello,
    I am working on a project to integrate Oracle Single Sign On on Oracle r12. There is plenty of information available on Oracle Support but few inter-mixing and confusing terminology keeps popping up and I do not understand how all pieces together work. I am new to Oracle Single Sign On.
    Here are few basic questions.
    1. What is the difference between Oracle Internet Directory, Oracle Virtual Directory and Oracle Active Directory
    2. Are the terms Identity Management and Oracle Single Sign On interchangeable?   What is the difference between two?
    3. What is Oracle Access manager and how different that is from Identity Management?
    4. What is Oracle HTTP Server 11g webgate and how different that is from a normal traditional Oracle HTTP Server?
    5. What is Oracle EBS Accessgate?  Why do I need it?  On metalink some notes do not indicate use of Accessgate at all for OSSO deployment while some makes it look like required.And advise on above will help.
    Thank you
    Darsh

    Hi Darsh,
    1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
    2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
    3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
    4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
    5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
    HTH.
    Ghassan

  • Deploying OracleAS Single Sign-On Server Cluster setup with a Proxy Server

    I have a question regarding setting up a OracleAS Single Sign-On Server in a cluster mode along with a Apache Proxy Server.
    Step1 - I'm planning to install OracleAS Single Sign-On Server on two nodes sso1.oracle.com and sso2.oracle.com in a Cluster. Both the nodes in the cluster accesed via Load balancer i.e sso.oracle.com.
    Step2 - Then I'm planning to setup two Apache Servers as Proxy Server i.e apache1.oracle.com and apache2.oracle.com. These two apache servers are accessed via Load balancer i.e apache.oracle.com
    The question I have is
    1)while setting up OracleAS Single Sign-On cluster I would provide Load balancer host i.e sso.oracle.com as part of the install. So that all the user requests coming to sso1.oracle.com/sso2.oracle.com get redirected back to Load balancer.
    2)But as part of the Apache Server proxy setup I am also supposed to redirect from SSO server to apache.oracle.com
    But using ssocfg.sh I can only provide either sso.oracle.com or apache.oracle.com NOT BOTH.
    In this case what I should
    1) avoid redirecting to sso.oracle.com instead redirect only to apache server OR are there any other methods to configure.
    I have above setup working fine in DEV environment, where there is only one sso server and one apache proxy server. Problem really comes when I go for setting OSSO server as a cluster in this case I have to redirect to load balancer as well as proxy server?

    why not using webcacheclustering between the apache and the 2 sso's?

  • Integrating Oracle BI Publisher with Oracle Single Sign-on security.

    I am trying to integrate BI Publisher with Oracle Single Sign-on running on a different machine.
    The BI Publisher is installed with an Oracle application server 10.3.1 (includes a HTTP server). These are the steps I followed:
    1) Registered BI publisher as a partner application in the Oracle SSO admin console which generated a single sign-off url.
    2) Made the required modifications in the mod_osso.xml config file.
    3) On the BI publisher admin page went to the securities tab and opted the SSO security and entered the single sign-off url generated in the previous step.
    4) Restarted the Oracle ID mgt infrastructure and the BI pub server.
    The BI pub login is not getting redirected to the SSO page.
    Please let me know as what is that I am missing. I've been cracking my head with this for quite long - any help will be highly appreciated.

    "user589320"
    APEX is only using BI Publisher to transform the XML data of your report and the template you provide into PDF, Word or Excel. For this, APEX sends the XML data and the template to BI Publisher, and BI Publisher sends back to completed document. So there's nothing stored in BI Publisher, all templates, report definitions, etc are stored in the APEX schema. This has the advantage that you can reference item values and other information in your print documents, and it also ensures that you don't have to access the database again from within BI Publisher, i.e. you don't need to communicate any authentication information to BI Publisher.
    Of course BI Publisher itself also provide the ability to store reports and to store templates. But those are not accessible from APEX through the built-in integration. You can however use the same templates you use for BI Publisher directly on load them into APEX for use there.
    Lastly, if you want to use and print reports in both BI Publisher and your APEX applications, you can do that through web services, take a look at Tyler Muth's BLOG for more information on this topic:
    http://tylermuth.wordpress.com/2008/03/31/call-bi-publisher-web-services-from-apex/
    Regards,
    Marc

  • Oracle Single Sign on JSP Database Connection

    I am writing a JSP Search Screen that launches off of Oracle Portal (behind SSO). What I'm looking to do is have the JSP connect to the database as that user, and then show the information available to that user (we have this handled by a VPD). I was wondering how I could get access to the single signon RAD in order to connect to the database from within my JSP. Any help would be greatly appreciated.

    Hi Darsh,
    1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
    2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
    3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
    4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
    5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
    HTH.
    Ghassan

  • Oracle single sign-on scenario. pls help.

    Hi,
    I have following basic Oracle single sign-on setup in place along with integration with Active Directory 2003.
    All the users are provisioned in AD, which is then synchronized with OID. The OID users is then manually synchronized to Oracle
    E-business suite (FND_USER table).
    So, the flow is like this :
    AD > OID > Ebiz suite
    Problem :
    We are now migrating users in AD 2003 to AD 2008 and i am being asked to perform impact analysis on Oracle Single sign-on environment while this AD migration is in process.
    Any clues or your inputs on impact that this will create on single sign-on will be much appreciated.
    Thanks in advance

    Hi Darsh,
    1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
    2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
    3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
    4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
    5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
    HTH.
    Ghassan

  • Oracle Single Sign-On: Use NTLM inside LAN

    hi,
    i want to configure oracle single sign-on to use NTLM authentication when accessing a protected resource from the LAN (specific IP-range). when a user is accessing a protected resource from the internet it should still show up the login-page.
    how can i achieve that?
    regards,
    matthias

    Hi Darsh,
    1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
    2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
    3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
    4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
    5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
    HTH.
    Ghassan

  • Single Sign On (SSO) Issue

    We are running Business Objects Enterprise XI 3.1, SP2 (BOBJ) in a Windows environment and have implemented single sign on for Windows AD.  Randomly single sign on does not work for some of our users when either accessing InfoView or when executing a WebI report via an OpenDocument call.  These users can log into InfoView using the Windows ID and Password manually.  The users also have the u201CEnable Integrated Windows Authenticationu201D option checked in IE.
    We have checked the InfoViewApp web.xml and OpenDocument web.xml settings and everything appears to be setup correctly for using sso and vintela (per SAP Note 1251945).  Required SPN entries appear to have been made.  The maxHttpHeaderSize setting in the Tomcat server.xml is set to 16384.  We do tend to make substantial use of Windows AD Groups within our security model.
    When the users are unable to login via sso, here is the error stack that appears in the Tomcat stdout.log:
    SEVERE: Servlet.service() for servlet action threw exception
    java.lang.IllegalStateException
         at org.apache.catalina.connector.ResponseFacade.sendError(ResponseFacade.java:418)
         at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:117)
         at com.businessobjects.sdk.credential.WrappedServletResponse.sendError(WrappedServletResponse.java:30)
         at com.wedgetail.idm.sso.AbstractAuthenticator.setUnauthorizedResponse(AbstractAuthenticator.java:1328)
         at com.wedgetail.idm.sso.MechChecker.authenticate(MechChecker.java:144)
         at com.wedgetail.idm.sso.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:1060)
         at com.wedgetail.idm.sso.AbstractAuthenticator.authenticateServiceTicket(AbstractAuthenticator.java:998)
         at com.wedgetail.idm.sso.AbstractAuthenticator.checkAuthentication(AbstractAuthenticator.java:953)
         at com.wedgetail.idm.sso.AuthFilter.doFilter(AuthFilter.java:122)
         at com.businessobjects.sdk.credential.WrappedResponseAuthFilter.doFilter(WrappedResponseAuthFilter.java:66)
         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
         at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
         at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
         at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
         at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
         at java.lang.Thread.run(Thread.java:595)
    Before we go about installing SP3 in an effort to resolve the problem, can anyone look at the above error stack and tell us what might be going on here?  Would the above error stack be consistent with an Httpheader getting truncated?
    Thanks in advance for your help.
    Wendell Giedeman

    That error is part of a logging bug and not related to your issue. If SSO is working consistently from infoview then it probably is not a web.xml setting either. The most common problems with opendoc have been related to sessions. Are the users using a new IE window or possibly one that had previous documents open? If it is the session issue then SP3 may help as some work has been done in that area. If you are sure the users are using new IE windows for the opendoc calls then more troubleshooting may be required to identify the problem.
    Regards,
    Tim

  • Single Sign On WiFi issue

    Hi folks!
    I've got the most frustrating issue I've ever experienced. Single Sign on for my wireless clients (laptops/tablets). It's literally hit or miss whether it happens or not.
    The most recent one is a rebuild of an ASUS T100TA. I installed 8.1 Pro from USB stick and used a USB LAN Adapter to connect the client to the domain the first time and to refresh GPs for the first few hours of use. After that, the device was to go to a
    new user who would be able to login via the Wireless settings being rolled out via GPO - see settings below.
    Now, I know the profile is 100% correct, as once logged in, the SSID is magically connected (based on the GPO settings to connect immediately, not seen in the image). Users have full access to any/all network services.
    But see to log a new user onto the device, I get connecting, then "Unable to connect to SSID. Logging on", and finally the dreaded There are no logon servers available message.
    But that's not strictly true either, as all my tested BEFORE
    sending to the site/user were successful. And even once on site, one of the admin staff logged in to test it (mustn't have trusted me :/) with 100% success. Logged her in without her ever being logged onto it before. But the following day, when the device's
    owner arrived and logged on, the bloody nope train arrived again, and it's been like that ever since. But once I log on with a cached profile, boom, WiFi connects via the GPO settings without an issue. There is another identical device in the same office and
    it works without an issue.
    Without sounding dramatic, I can find absolutely no one else that has experienced the same issues as I'm having and it's starting to look like the window and ground will be the destination for the wee tablet if it doesn't start to play ball.
    Any help would be so appreciated.
    Cheers!

    Hi Goducks90,
    We'd better start your own thread for the others to be better involved. As the issue is different from many aspects.
    Also please have a share with the current situation and what steps you have tried for the folks to share a quick and helpful suggestions. We may follow the suggestions in the thread below to ask in TechNet:
    How to ask a question efficiently in TechNet forum
    Best regards
    Michael Shao
    TechNet Community Support

  • Oracle Single Sign-On for perticular module ?

    hello people,
    I have implemented Single Sign-On for some of my jsp pages in different folders like finance, inventory, etc,. Am creating some test users and groups in OID. but the users in inventory group are able to login to finance module. can u please give me some suggestions on how to restrict this ? where to do the configurations ?
    thanks

    Hi,
    if it is a J2EE application, use J2EE roles - defined in web.xml - and map it to groups in OID through the orion-application.xml file. See the OC4J security guide which is a part of Oracle Application Server documentation on OTN
    Frank

  • Oracle Single Sign On Feature

    I read and headrd about Oracle 9iAS's single sign on feature. Can someone explain it me with a practicle example.
    We are developing jsp/ servlet applications. We make our appilcations to sign in the user an one time and we store users data in the computer with a cookie. Do 9iAS use mean this thing as SSO? If then, do 9iAS use cookie to impliment SSO?
    Ranjith
    [email protected]

    I read and headrd about Oracle 9iAS's single sign on feature. Can someone explain it me with a practicle example.
    We are developing jsp/ servlet applications. We make our appilcations to sign in the user an one time and we store users data in the computer with a cookie. Do 9iAS use mean this thing as SSO? If then, do 9iAS use cookie to impliment SSO?
    Ranjith
    [email protected]

  • Oracle Single Sign on : Agent synchronization

    I am Facing an issue regarding esso.logon manager.
    we have made the required changes in the admin console and generated MSI agent, which includes the applications to be assigned to the users.
    When we install or push the MSI files to some random users its done successfully.The Applications assigned to them are also listed in the agent.But the issue we are facing is the applications appear to be DARK or DULL or whatever you call it,when you double click any of the application listed it says **" there is no cridentions configured under the following application"**
    Where as in the test enviornment we have done the testing in the same procedure and its working fine.
    Any body who have faced the same issue and can help me out on this?

    Hi,
    In my experience, applications become greyed out when their templates are stored in the local cache and the user is no longer assigned these applications through the role/group support feature of ESSO-LM (I have tested it with AD, iPlanet and OID as LDAP repositories). Are you using this feature?
    HTH

  • Oracle single sign on

    I am Facing an issue regarding esso.logon manager.
    we have made the required changes in the admin console and generated MSI agent, which includes the applications to be assigned to the users.
    When we install or push the MSI files to some random users its done successfully.The Applications assigned to them are also listed in the agent.But the issue we are facing is the applications appear to be DARK or DULL or whatever you call it,when you double click any of the application listed it says **" there is no cridentions configured under the following application"**
    Where as in the test enviornment we have done the testing in the same procedure and its working fine.
    Any body who have faced the same issue and can help me out on this?

    I have seen this issue as well. Can't give you a good resolution but we went into the logon manager for the user and deleted the applications that were greyed out. The next time the user accessed those applications ESSO went through the acquisition dialogue and loaded the new template resolving the issue.

  • Integrating EBS12 with OID and Oracle Single Sign-On

    Hi All,
    I recently installed EBS12 and followed all the instructions on metalink note 376811.1 to integrate it with OID and OSSO server.
    At the end of integration to verify SSO integration with EBS12, when I access EBS login page via http://[host]:[port]/OA_HTML/AppsLogin, the following error message is displayed:
    << Start of Error Message>>
    500 Internal Server Error
    java.lang.NoClassDefFoundError
    at oracle.apps.fnd.sso.AppsLoginRedirect.AppsSetting(AppsLoginRedirect.java:120)
    at oracle.apps.fnd.sso.AppsLoginRedirect.init(AppsLoginRedirect.java:161)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpApplication.loadServlet(HttpApplication.java:2231)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpApplication.findServlet(HttpApplication.java:4617)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpApplication.findServlet(HttpApplication.java:4541)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:2821)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:740)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:451)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.AJPRequestHandler.run(AJPRequestHandler.java:299)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.AJPRequestHandler.run(AJPRequestHandler.java:187)
    at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
    at java.lang.Thread.run(Thread.java:595)
    << End of Error Message>>
    Please let me know what can be the cause of this error?
    Thanks,
    Shyam

    PLease use NOTE.249669.1 How To Collect Apache and Jserv Debugging Details
    You will collect more informations.

Maybe you are looking for

  • Problem with Delivery due list VL10b for STO's - Orders not disappearing

    Hi We have a problem where some 'Stock Transfer orders' are not disappearing from the delivery due list VL10b Collective processing of documents due for delivery - Purchase orders hence we have had two deliveries created for one STO order, which in t

  • Dual monitor cloning size issue

    ive always had trouble selecting a size for my macmini on my 40 inch tv, but now i want it to work as a dual screen moniter that clones onto a 4:3 square screen, basically i need it to fill the wide screen, and have some kind of black bars on the top

  • [COMPLEX DATATYPE] - Cannot create table

    Hello I tried to create a table with a column based on an complex data type from an Xml Schema. 1 -- XML Schema <?xml version="1.0" encoding="UTF-8"?> <!--W3C Schema generated by XMLSpy v2007 sp2 (http://www.altova.com)--> <xs:schema xmlns:xs="http:/

  • Mavericks, only one site show question mark instead of images

    Hi,      Updated to Mavericks, only one site show question mark instead of images. Tried safari, chrome and firefox all of them have same problem of showing images of this site. Tried reset, empty cachs, cookies, did not work. Any one have a clue to

  • Waveform NOT showing up

    Windows 7 CC2014 Premiere - up to date. P2 Footage Still, constantly having issues with the waveform NOT showing up in the sequence. Usually the second 1/3 or 1/2 of the footage in the sequence.