Oracle Single Sign-On: Use NTLM inside LAN

Similar Messages

• Single sign-on using Oracle Identity Management

  Hi All,
  I am new to Oracle Identity Management. We are planning to implement Oracle Identity Management in our environment, which consists of :
  * Microsoft Active Directory.
  * Microsoft Exchange
  * Oracle eBusiness Suite Release 12 running on RedHat Enterprise Linux 5.5
  Is it possible to implement single sign-on using Oracle Identity Management. Once you integrate Microsoft Active Directory, Microsoft Exchange & Oracle eBS, a user should not be prompted to enter password to access Oralce Applications once he logins to his computer/Windows.
  Thank you for your time.
  Thanks

  Hi,
  You need to use different product eSSO for single sign on. to manage user credentials for applications from OIM then you need to implement Provisioning Gateway connector.
  Once you have eSSO Logon manager running on users workstation, user will be prompted for credentials for first time then going forward it will not ask.
  Regards,
  Raghav.

• Oracle Single Sign on and Oracle Internet Directory

  Hello Gurus,
  What is the relationship between Oracle Single Sign on and Oracle Internet Directory.
  To my understanding, OID is required to install SSO.
  If OID already exist, can we just install SSO and go on integrating it to existing OID.
  Great Thanks,
  vimal jain.
  [email protected]

  Hi Tim,
  I've been working on this and could reproduce the issue with anonymous binds. A fix will be ready in 4.2.1.
  So what I really need is the password used for login to pass to the is_member call.The P101_PASSWORD item does not save state. However, you can access the value during submit processing of the login page, for example in the post authentication function of your authentication scheme. People sometimes put code in there to query the user's groups (e.g. with apex_ldap.member_of2) and save them in an application. This item value can then be used in the authorization schemes.
  Regards,
  Christian

• Oracle Single Sign on Integration with Oracle EBS  r12

  Hello,
  I am working on a project to integrate Oracle Single Sign On on Oracle r12. There is plenty of information available on Oracle Support but few inter-mixing and confusing terminology keeps popping up and I do not understand how all pieces together work. I am new to Oracle Single Sign On.
  Here are few basic questions.
  1. What is the difference between Oracle Internet Directory, Oracle Virtual Directory and Oracle Active Directory
  2. Are the terms Identity Management and Oracle Single Sign On interchangeable?   What is the difference between two?
  3. What is Oracle Access manager and how different that is from Identity Management?
  4. What is Oracle HTTP Server 11g webgate and how different that is from a normal traditional Oracle HTTP Server?
  5. What is Oracle EBS Accessgate?  Why do I need it?  On metalink some notes do not indicate use of Accessgate at all for OSSO deployment while some makes it look like required.And advise on above will help.
  Thank you
  Darsh

  Hi Darsh,
  1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
  2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
  3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
  4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
  5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
  HTH.
  Ghassan

• Deploying OracleAS Single Sign-On Server Cluster setup with a Proxy Server

  I have a question regarding setting up a OracleAS Single Sign-On Server in a cluster mode along with a Apache Proxy Server.
  Step1 - I'm planning to install OracleAS Single Sign-On Server on two nodes sso1.oracle.com and sso2.oracle.com in a Cluster. Both the nodes in the cluster accesed via Load balancer i.e sso.oracle.com.
  Step2 - Then I'm planning to setup two Apache Servers as Proxy Server i.e apache1.oracle.com and apache2.oracle.com. These two apache servers are accessed via Load balancer i.e apache.oracle.com
  The question I have is
  1)while setting up OracleAS Single Sign-On cluster I would provide Load balancer host i.e sso.oracle.com as part of the install. So that all the user requests coming to sso1.oracle.com/sso2.oracle.com get redirected back to Load balancer.
  2)But as part of the Apache Server proxy setup I am also supposed to redirect from SSO server to apache.oracle.com
  But using ssocfg.sh I can only provide either sso.oracle.com or apache.oracle.com NOT BOTH.
  In this case what I should
  1) avoid redirecting to sso.oracle.com instead redirect only to apache server OR are there any other methods to configure.
  I have above setup working fine in DEV environment, where there is only one sso server and one apache proxy server. Problem really comes when I go for setting OSSO server as a cluster in this case I have to redirect to load balancer as well as proxy server?

  why not using webcacheclustering between the apache and the 2 sso's?

• Single Sign-On using SAML in WebLogic Server 10.3

  I followed Vikrant Sawant's tutorial on how to configure single sign-on (SSO) with SAML in WebLogic (http://www.oracle.com/technology/pub/articles/dev2arch/2006/12/sso-with-saml.html) but am being forced to re-authenticate when going from Domain B back to Domain A. I'd appreciate any help or suggestions.
  I posted a question in the General forum here:
  Single Sign-On using SAML in WebLogic Server 10.3

  I too am facing the same problem SSO with SAML - Session on Source Site killed after landing on Destination
  Thanks
  Togotutor
  <b><a class="jive-link-external" href="http://www.togotutor.com">http://www.togotutor.com</a> (Learn Programming and Administration for Free)</b>
  Edited by: user7507600 on Sep 17, 2010 10:01 AM

• Integrating Oracle BI Publisher with Oracle Single Sign-on security.

  I am trying to integrate BI Publisher with Oracle Single Sign-on running on a different machine.
  The BI Publisher is installed with an Oracle application server 10.3.1 (includes a HTTP server). These are the steps I followed:
  1) Registered BI publisher as a partner application in the Oracle SSO admin console which generated a single sign-off url.
  2) Made the required modifications in the mod_osso.xml config file.
  3) On the BI publisher admin page went to the securities tab and opted the SSO security and entered the single sign-off url generated in the previous step.
  4) Restarted the Oracle ID mgt infrastructure and the BI pub server.
  The BI pub login is not getting redirected to the SSO page.
  Please let me know as what is that I am missing. I've been cracking my head with this for quite long - any help will be highly appreciated.

  "user589320"
  APEX is only using BI Publisher to transform the XML data of your report and the template you provide into PDF, Word or Excel. For this, APEX sends the XML data and the template to BI Publisher, and BI Publisher sends back to completed document. So there's nothing stored in BI Publisher, all templates, report definitions, etc are stored in the APEX schema. This has the advantage that you can reference item values and other information in your print documents, and it also ensures that you don't have to access the database again from within BI Publisher, i.e. you don't need to communicate any authentication information to BI Publisher.
  Of course BI Publisher itself also provide the ability to store reports and to store templates. But those are not accessible from APEX through the built-in integration. You can however use the same templates you use for BI Publisher directly on load them into APEX for use there.
  Lastly, if you want to use and print reports in both BI Publisher and your APEX applications, you can do that through web services, take a look at Tyler Muth's BLOG for more information on this topic:
  http://tylermuth.wordpress.com/2008/03/31/call-bi-publisher-web-services-from-apex/
  Regards,
  Marc

• Oracle Single Sign on JSP Database Connection

  I am writing a JSP Search Screen that launches off of Oracle Portal (behind SSO). What I'm looking to do is have the JSP connect to the database as that user, and then show the information available to that user (we have this handled by a VPD). I was wondering how I could get access to the single signon RAD in order to connect to the database from within my JSP. Any help would be greatly appreciated.

  Hi Darsh,
  1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
  2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
  3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
  4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
  5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
  HTH.
  Ghassan

• Oracle single sign-on scenario. pls help.

  Hi,
  I have following basic Oracle single sign-on setup in place along with integration with Active Directory 2003.
  All the users are provisioned in AD, which is then synchronized with OID. The OID users is then manually synchronized to Oracle
  E-business suite (FND_USER table).
  So, the flow is like this :
  AD > OID > Ebiz suite
  Problem :
  We are now migrating users in AD 2003 to AD 2008 and i am being asked to perform impact analysis on Oracle Single sign-on environment while this AD migration is in process.
  Any clues or your inputs on impact that this will create on single sign-on will be much appreciated.
  Thanks in advance

  Hi Darsh,
  1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
  2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
  3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
  4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
  5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
  HTH.
  Ghassan

• Single sign-on using Kerberos and Ldap

  I am currently setting up single sign-on using Kerberos for authentication and Ldap for authorization and information store.
  The setup includes several Solaris 8 & 9 workstations, a couple of SGI's, as well as a M$ terminal server farm, several WinXP desktops and their associated Active Directory.
  I am required to authenticate etc against the AD. (which has M$ SFU3.5 installed)
  I have the Kerberos authentication and part of the Ldap service working via pam & nss.
  ie. I can logon to the solaris worksatations using the AD username and password, mount the home directory from a M$ NFS server.
  BUT...
  id gives:- userID, groupID (primary group only)
  groups :- primary group only. (no secondary groups are listed)
  Question: what additional configuration information do I need in the pam, nss &/or ldap config files, so that I can list the secondary groups.
  Thanks in advance for any help.

  After evaluating (giving up on, and finally throwing out) the Sun Directory server it looks like we are going to endup with a similar solution..
  Sadly enough, the MS AD seems much more stable and easier to handle than Suns DS, kerberos and associated services.
  Anyway, currently we are evaluating a product called vintela ( www.vintela.com ), and it seems very promising; its easy, robust, stable and does what we require it to do, as well as more :) It comes with an additional nss module called 'vas', so you easily can retrieve data like hosts/groups from your AD.
  //M.

• Single sign on using IDM??????...plz help

  hey friends,,i need to make single sign on using IDm without system access mananger,,but using identity manager,,,i have netbean in which i have deployed idm war,,,now i have company site in which various subb-sites r thr,,,i need to make single sign on for all these,,,i dont know how to proceed so plz help...

  You need to have J2EE Policy Agent on the Appserver mechine where you will have your IDM server running. There are set of configuration steps involved in-order to acheive SSO/Pass thorugh Authentication.
  Thanks
  --ANJI                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• Oracle Single Sign-On for perticular module ?

  hello people,
  I have implemented Single Sign-On for some of my jsp pages in different folders like finance, inventory, etc,. Am creating some test users and groups in OID. but the users in inventory group are able to login to finance module. can u please give me some suggestions on how to restrict this ? where to do the configurations ?
  thanks

  Hi,
  if it is a J2EE application, use J2EE roles - defined in web.xml - and map it to groups in OID through the orion-application.xml file. See the OC4J security guide which is a part of Oracle Application Server documentation on OTN
  Frank

• Oracle Single Sign On Feature

  I read and headrd about Oracle 9iAS's single sign on feature. Can someone explain it me with a practicle example.
  We are developing jsp/ servlet applications. We make our appilcations to sign in the user an one time and we store users data in the computer with a cookie. Do 9iAS use mean this thing as SSO? If then, do 9iAS use cookie to impliment SSO?
  Ranjith
  [email protected]

  I read and headrd about Oracle 9iAS's single sign on feature. Can someone explain it me with a practicle example.
  We are developing jsp/ servlet applications. We make our appilcations to sign in the user an one time and we store users data in the computer with a cookie. Do 9iAS use mean this thing as SSO? If then, do 9iAS use cookie to impliment SSO?
  Ranjith
  [email protected]

• Single Sign on using SAML between JWS application and Web Application

  Hi,
  We have two applications one is swing based Java Web Start application and other is a normal web application. We are trying to enable single sign on between both the applications. Can SAML be used to enable single sign on? If yes, can some one let us know how to do this?
  Thanks,
  Rama

  Thanks. But it is based on two WEB applications deployed on two different weblogic domains. What I am looking for is one application which is launched using Java Web Start(JNLP) and other a web application. The Java Web Start application uses its proprietary authentication implementation and the web application used DefaultAuthenticator of weblogic. Hope this detail will help you to answer my question better. I should have given this information earlier.
  Thanks.
  Rama

• Oracle single sign on Synchronization issue

  We have pushed the Single Sign on Agent in our enviornment through SMS.With most of the users it seem to be working perfectly alrightAll the applications are listed and being synchronized.The issue is with some of the users we get the applications Greyed.Settings for Synchronization are selected but still its not working.
  its only with some of the users,With rest its working perfectly fine.where as the same MSI package have been installed on all the machines.
  Any body who have faced the same issue. Help

  Hi
  In my experience applications are greyed out when their template is available in the local cache and the user does not belong to the group the particular template has been assigned through the Administrative Console. Have you enabled role/group support?
  Regards