OracleAS SSO - Microsoft Active Directory External Authentication Plug-in
hi ,
I recently inherited support of a Oracle SSO/OID environment where we use AD and a external Authentication Plug-
in to talk to it as user credentials are managed in AD,
We have a lot of domain controllers for AD in our env , so my questions is
1) How do I find out which AD server is the plugin currently referring to ,
I need to know this info ASAP as lot of AD servers are getting decomissioned and I want to make sure the SSO env
is not talking to a AD server that would get decomissioned soon
hi,
Look in the integration part in oidadmin. ActiveChgImp
$ORACLE_HOME/bin/oidadmin
or look for ad2oid.properties
or look at this URL http://www.oracle.com/technology/obe/obe_as_10g/im/ads_import/import.htm
is what I used to configure ours
Regards
Similar Messages
-
Invoking 'active directory external authentication plug-in' from login.jsp
Hi
I am using the Oracle AS 10g on Unix. We have a web application in JAVA based on OC4J Framework.
Currently user use application url for accessing the login page, enters credentials and then the authentication is done through LDAP.
Now we have to remove the login page from application. i.e. once user is successfully logged in Windows on his pc, and tries to access our application through it's url, he must be automatically authenticated using the credentials entered in windows and display the welcome page of application. Same as any intranet application.
For this requirement, we have 'active directory external authentication plug-in' installed on server.
What we need to know is how this process will work and changes required in our jsp page to invoke this plug-in and authenticate user by accessing windows-credentials automatically.
kindly let me knowHi
I am currently using NTLM to fetch the windows username and then creating an anonymous connection with the LDAP Server.
Then i serach using the user name in ldap directory.
NTLM is no longer required , instead we have 'active directory external authentication plug-in' installed on LDAP.
as far as i know the plug-in will process the kerberos ticket generated by windows to automatically authenticate. -
Reconfigure Active Directory External Authentication plug in to use ssl
Assuming this is the proper place to post this question:
I've quickly gone through the IM integration documentation trying to find out how to reconfigure the ad external auth plugin to use ssl and have come up empty handed. Does anyone know how to do this? Should I just rerun oidspadi.sh?
Also, where can i view the configuration information that was entered the last time this was configured?
thanks for any help!
chrisRerun oidspadi.sh and select SSL option. You can get adwhencompare and adwhenbind plug-ins detail under plug-in management in Oracle directory manager.
-
Bug with Active Directory external authentication plug-in??
I'm configuring the plugin on Windows. I installed the cygwin unix emulation software already. It kept saying incorrect connect string or ODS password specified when I tried to enter values for the following 2 questions
1) Please enter DB connect string: hostname.domain:1521:orcl.domain
2) Please enter ODS password: ODS (I viewed the ODS schema password in OID and it's ODS)
I'm using
OID 10.1.2.1.0
Portal 10.1.4
ThanksHi,
I've got the same error.
The user is not found.
Tue Aug 24 17:20:36 CEST 2004 [ERROR] AJPRequestHandler-ApplicationServerThread-6 Could not get attributes for user, [email protected]
oracle.ldap.util.NoSuchUserException: User does not exist - SIMPLE NAME = [email protected]
at oracle.ldap.util.Subscriber.getUser_NICKNAME(Subscriber.java:1041)
at oracle.ldap.util.Subscriber.getUser(Subscriber.java:820)
at oracle.ldap.util.Subscriber.getUser(Subscriber.java:767)
at oracle.security.sso.server.ldap.OIDUserRepository.getUserProperties(OIDUserRepository.java:483)
at oracle.security.sso.server.auth.SSOServerAuth.authenticate(SSOServerAuth.java:561)
at oracle.security.sso.server.auth.SSOKerbeAuth.authenticate(SSOKerbeAuth.java:111)
at oracle.security.sso.server.ui.SSOLoginServlet.processSSOPartnerRequest(SSOLoginServlet.java:833)
at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:318)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(Unknown Source)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:604)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:317)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:790)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:208)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:125)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
at java.lang.Thread.run(Thread.java:534) -
Active Directory External Authentication Plug-in
Right now, this script is a UNIX shell script and I'm using windows so I have to install a UNIX emulation software. I have 2 questions
1) Is there a windows version of this script? I searched everywhere but I couldn't find any.
2) If there's no windows version, after I executed the script, can I uninstall the UNIX emulation software from my windows server?
ThanksHi,
I've got the same error.
The user is not found.
Tue Aug 24 17:20:36 CEST 2004 [ERROR] AJPRequestHandler-ApplicationServerThread-6 Could not get attributes for user, [email protected]
oracle.ldap.util.NoSuchUserException: User does not exist - SIMPLE NAME = [email protected]
at oracle.ldap.util.Subscriber.getUser_NICKNAME(Subscriber.java:1041)
at oracle.ldap.util.Subscriber.getUser(Subscriber.java:820)
at oracle.ldap.util.Subscriber.getUser(Subscriber.java:767)
at oracle.security.sso.server.ldap.OIDUserRepository.getUserProperties(OIDUserRepository.java:483)
at oracle.security.sso.server.auth.SSOServerAuth.authenticate(SSOServerAuth.java:561)
at oracle.security.sso.server.auth.SSOKerbeAuth.authenticate(SSOKerbeAuth.java:111)
at oracle.security.sso.server.ui.SSOLoginServlet.processSSOPartnerRequest(SSOLoginServlet.java:833)
at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:318)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(Unknown Source)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:604)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:317)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:790)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:208)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:125)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
at java.lang.Thread.run(Thread.java:534) -
Integrating Oracle Portal & Microsoft Active Directory
Dear friends
I Integrated Oracle Portal & Microsoft Active Directory without any error or problems but it just integrate the users under Users Container in active directory, I have some OU,Groups and policies and I categorized my users under them, so when I run "sh oidspadi.sh" and set "cn=...." with other values except "Users" it can not add all of the users under specific groups or policies.
Please let me know how can I add all of my users in active directory to OID?
Thanks
Babak SaraieI'm not familiar with iPlanet, but if it can allow basic
authentication and connect to AD, it should be possible to do what
you want.
Personally, I would rather that the browser did not
automatically log me in. For example, if someone was having
problems with their "view" on the intranet web site, if they
visited your office, you would have to log off, let them log on
(and wait while their profile was created) just to let them open a
browser.
Is it really asking too much for them to enter their
username/password into a browser prompt once each day? Heck, most
browsers will remember usernames and passwords so you don't have to
type it. You just click OK.
That's just my perspective.
M!ke -
Error while Configuring AD external authentication plug in
Hi
While configuring Active directory external authentication plug I am getting following error
OID Active Directory Plug-in Configuration
Please make sure Database and OID are up and running.
Please enter Active Directory host name: clmad101.ad.company.com
Do you want to use SSL to connect to Active Directory? (y/n) n
Please enter Active Directory port number [389]: 389
Please enter DB connect string:SQLPLUS sys/manager1 @infradb.ad.company-.com @md61nthiims1.ad.company.com:1521
Please enter ODS password:
Please enter confirmed ODS password:
Please enter OID host name: md61nthiims1.ad.company.com
Please enter OID port number [389]: 389
Please enter orcladmin password:
Please enter confirmed orcladmin password:
Please enter the subscriber common user search base [orclcommonusersearchbase]:
CN=Users,dc=ad,dc=company,dc=com
Please enter the Plug-in Request Group DN:
Please enter the exception entry property [(!(objectclass=orcladuser))]: (|(!obj
ectclass=orcladuser))(cn=orcladmin))
Do you want to setup the backup Active Directory for failover? (y/n) n
Installing Plug-in Packages ...
Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
<logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
<start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
"-H" displays the SQL*Plus version banner and usage syntax
"-V" displays the SQL*Plus version banner
"-C" sets SQL*Plus compatibility version <v>
"-L" attempts log on just once
"-M <o>" uses HTML markup options <o>
"-R <n>" uses restricted mode <n>
"-S" uses silent mode
Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
<logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
<start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
"-H" displays the SQL*Plus version banner and usage syntax
"-V" displays the SQL*Plus version banner
"-C" sets SQL*Plus compatibility version <v>
"-L" attempts log on just once
"-M <o>" uses HTML markup options <o>
"-R <n>" uses restricted mode <n>
"-S" uses silent mode
Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
<logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
<start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
"-H" displays the SQL*Plus version banner and usage syntax
"-V" displays the SQL*Plus version banner
"-C" sets SQL*Plus compatibility version <v>
"-L" attempts log on just once
"-M <o>" uses HTML markup options <o>
"-R <n>" uses restricted mode <n>
"-S" uses silent mode
Registering Plug-ins ...
adding new entry cn=adwhencompare,cn=plugin,cn=subconfigsubentry
adding new entry cn=adwhenbind,cn=plugin,cn=subconfigsubentry
Done.
Is there anythign wrong in the DB connect string??
ThanksDid you check the debug information from the external auth plugin.?
This is mentioned in metalink note https://metalink.oracle.com/metalink/plsql/showdoc?db=NOT&id=277382.1
here an excerpt:
D) Enabled plug in debugging at the database level. Reference documentation: Oracle Internet Directory Administrator's Guide 10g (9.0.4) Chapter 43 Integration with the Microsoft Windows Environment - Troubleshooting Integration with Microsoft Windows Under section "Debugging the Microsoft Active Directory External Authentication Plug-in"
...enable the plug-in debugging. To do this, enter:
> sqlplus ods/odspassword @$ORACLE_HOME/ldap/admin/oidspdon.pls
To check the plug-in debugging log, enter:
> sqlplus system/manager
SQL> select * from ods.plg_debug_log order by id;
(To delete the plug-in debugging log:
> sqlplus system/manager
SQL> truncate table ods.plg_debug_log
To disable the plug-in debugging:
> sqlplus ods/ods @$ORACLE_HOME/ldap/admin/oidspdof.pls
E) Dump the plug-in profile to make sure it is enabled and configured correctly:
> ldapsearch -h <OID host> -p <OID port> -D "cn=orcladmin" -w <orcladmin password> -b "cn=plugin,cn=subconfigsubentry" -L -s sub "(objectclass=*)" "*"
please take also a look into the DIPTESTER tool available in
http://www.oracle.com/technology/sample_code/products/oid/java_diptester.tar
regards
--Olaf -
Oracle Virtual Directory vs. Oracle External Authentication Plug-in
I am working in Windows 2003 Server platform and I have Oracle Portal 10g R2 with Oracle Single Sign On 10g R2 setup. I also have Microsoft Active Directory setup. I want to use Microsoft Active Directory users from Oracle Portal and as per my understanding I could use Oracle External Authentication Plug-in or Oracle Virtual Directory for this purpose. I would like to use Oracle Virtual Directory if possible. Could someone please tell me if I could use Oracle Virtual Directory or not?
Thanks.Yeah, I could use Oracle External Authentication Plug-in, but I am having issues with running the oidspadi.sh script on my Windows 2003 server environment. I am running this script using Cygwin's latest software, but for some reason I get the following error message.
: command not found8:
: command not found8:
: command not found3:
: command not found7:
: command not found1:
: command not found8:
: command not found9:
: command not found0: clear
OID Active Directory Plug-in Configuration
Please make sure Database and OID are up and running.
: command not found7:
: command not found0:
oidspadi.sh: line 103: syntax error near unexpected token 'fi'
'idspadi.sh: line 103:' fi
Therefore, I was trying to find an alternative solution, which will be using Virtual Directory. Right now, I have installed Oracle Virtual Directory on my testing system and I have both Active Directory server and OID server part of LDAP Browser. My goal is to using Oracle Portal to log-in and first look for the user in OID if not found then look in Active Directory. Can this be accomplished using Oracle Virtual Directory?
Please let me know. -
Problem with Oracle external procedures and Microsoft Active Directory
Hi,
Our server was recently updated to use Microsoft Active Directory. However, we noticed that all external procedure calls keeps on failing with ORA-28575: unable to open RPC connection external procedure agent. Everything was working fine before we migrated to Active Directory which is why we can say that the listener is configured correctly.
Any idea on how we can make extproc calls with Active Directory?
thanks.Michael,
Oracle Forms does support Single Sign-On (SSO). Take a look at Oracle Containers for J2EE Security Guide: OC4J Java Single Sing-On. Also take a look at the Oracle Forms 10g Sample Code and scroll to the SSO demo under the Forms Services Demo section. There are also, numerous other documents available via Google. ;-)
Craig B-)
If someone's response is helpful or correct, please mark it accordingly. -
Integrate Oracle Apps R12 with Microsoft Active Directory
Dear Friends,
I am using Oracle Apps R12.1.3 and alsoo we have Microsoft Activity Directory.
we need to integrate both so that any employee cretaed in Oracle Apps HRMS will be replicated in Microsoft Directory.
Please let us know the oracle 10g and 11g products we have to use to achieve this.
Please let us know both 10g and 11g products and is 10g products covered in Oracle support?
Regards,
DBPlease see these docs/links.
Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On 10gR3 (10.1.4.3) [ID 376811.1]
Using the Latest Oracle Internet Directory 11gR1 Patchset with Single Sign-on and Oracle E-Business Suite [ID 876539.1]
Registering Oracle E-Business Suite Release 12 with Oracle Internet Directory 11gR1 and Single Sign-On [ID 1370938.1]
External Authentication To Active Directory Integration With E-Business Suite [ID 429020.1]
Re: Integrating Active directory with oracle EBS 12.1.3 with 11g R2 database
Re: Oracle EBS with SSO
Re: Need to integrate AD with R12.1.3 with the most simplest architecture.
Re: EBS R12,how to use OID implement SSO without OAM/OID(with 3rd product)?
Thanks,
Hussein -
Oracle account and microsoft active directory password synchronisation
Hi
We are migrating our application to use windows active directory authentication. We have separate oracle account for
each logged in user in the application, and these oracle credentials have to be the same as the windows active directory
credentials.
Also, a password change on windows Active directory should change the oracle account password.
Is there a tool available to manage and synchronize the microsoft active directory and oracle account.
We use oracle 10g and application is hosted on Windows 2008 server.
Thanks
KarthikThere's an OOTB connector for Password Synch between AD -> OIM. Please use that.
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
For password synch, OIM- AD/Oracle, you can use triggers.
Enabling update for provisioned user in OIM11g -
Can Microsoft active directory integrated with Oracle Applications
Hi,
Can anyone provide me any document on Microsoft Active Directory Integration with Oracle Applications(12.0.6)
ManishHi,
It is possible, please refer to the following documents for details.
Note: 376811.1 - Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On
Note: 415007.1 - Oracle Application Server with Oracle E-Business Suite Release 12 FAQ
Regards,
Hussein -
Deploying Oracle Password filter for Microsoft Active Directory.
We created the Oracle Wallet w/ Self-Signed Certificate. When we setup the Oracle Password filter for Microsoft Active Directory from LDAP server. We are getting the error. Certificate is not valid.
Is this OK or Can we get the success message.You can't ignore it. A valid certificate is important to make it work.
--olaf -
E-Business suite r12 login through Microsoft Active Directory
I integrated E-business suite release 12.1 with SSO and OID and i want to integrate OID with Microsoft Active Directory. how is this possible?
804050 wrote:
I integrated E-business suite release 12.1 with SSO and OID and i want to integrate OID with Microsoft Active Directory. how is this possible?Yes, it is possible. The basic idea is EBS 12.1 will use OID, which will be configured to use third party external authentication, like Microsoft AD.
Please see this document:
Oracle® Identity Management Integration Guide
10g (10.1.4.0.1)
Part Number B15995-01
Chap 19 Integrating with Microsoft Active Directory
HTH
AMN -
802.1x, catalyst, ACS & active directory external DB!
Hi,
I'm working with 802.1x over catalyst switch, ACS 3.1 as Radius and external DB users authentication on Ms Active Directory with LDAP.
My questions are:
1) Are the only EAP's version supported by catalyst, MD5-EAP and EAP-TLS (not PEAP and LEAP);
2) The only supported method to authenticate users from ACS to AD is EAP-TLS? is EAP-MD5 not supported over LDAP access protocol?
3) Can I import the users from Active Directory to Internal ACS data base? (like a RDBMS...)
thanks,
Graz.I am in a installation with 802.1x.
I have install a Cisco ACS and cisco 2950 Switch and I am authorizating users via MS-CHAPv2 against the Cisco ACS
ACS is validating users against a Microsoft Active directory.
I have the following problem: When user logs in, it takes between 45 to 90 seg to log the user and change the vlan.
I have install Windows XP Service Pack 2 and patches:
xp-kb817778-x86-esn
xp-kb826942-x86-esn
I have change the switch software to the latest release.
How can I reduce this delay? Any idea?
Maybe you are looking for
-
Incorrect sender name, subject, and photo being displayed in Mail
For many of my emails, the wrong persons name, photo and subject are being displayed for emails. Anyone have this happen to them? And does anyone know how to resolve it? We've tried reinstalling the software.
-
All Apps Suddenly Gone (iTouch 4th-gen)
Hey guys! So my cousin has a 4th-gen iTouch, and he's had it for a while. He just came up to me and told me that after attempting to shut off one of his apps (double-tapping the home button and selecting the 'minus'), all of his apps disappeared. I c
-
Firefox is running (CTRL,ALT,DEL) "unable to connect....www.google"
-
U0093Addn to stocku0094 for putaway strategy u0093 u0093 in storage type not working
Hi It seems that the flag Addn to stock for putaway strategy in the storage type 103 configuration is not working fine as the quantities of the same material with the same batch sent to the same stype 103, and destination bin are not being add
-
Hi everybody I hope that somebody helps me I've an application in Forms 9ids, when i call a form from menu this form run fine, but when I´ve try to exit the form this close, but the browser is not closed which prevents to see my main form me I've win