Portal 30 EAP
anyone get the samples running on nt ?
it finally installed but none of the samples
will work
does oracle actually test their demos before
they ship them out ?
also there appears to be a bug in portal
if you forget to put a slash after /pls
instead of a 404 it reveals the setup info
....ouch
eg
http://<machinename>/pls/portal30admin_gateway.htm
not very nice....needs to be fixed
null
I, for one, would not want this requirement for a visitor to have to log-in to use my portal. I have items that I want any person to be able to view without logging on. None of those items, however, allow for updating of information and any sensitive information is kept in tables that are not accessable to PUBLIC.
As a previous poster mentioned, secure those items you don't want the public to access. Oracle portal allows you to do this very easily. The whole point of a main portal page is to allow you to seperate information for public consumption and information for use by authorized users.
Similar Messages
-
Optional WEP on Autonomous AP1230
I would like to enable a single SSID to support EAP and non-EAP clients. This is to enable non-EAP clients to be directed to a captive login portal, and EAP clients to go directly to the network.
I am able to make EAP optional for authentication, but can't seem to make WEP optional. (WEP is probably not the end-game, but I'm trying to get the lowest common denominator working)
my configuration contains:
dot11 ssid MYSSID
authentication open optional eap EAPAUTH
guest-mode
interface Dot11Radio0
encryption mode wep optional
This works fine for users using Open authentication, and no encryption.
Users using Open authentication, with 802.1x and WEP encryption are not able to associate with the AP, and I never even see an authentication/association attempt.
Thanks in advance.You may be out of luck. According to an older document at http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a008009483e.shtml, there's the following specific statement about static WEP and EAP:
Q. In Cisco IOS Software-based APs, can you run static Wired Equivalent Privacy (WEP) keys and Extensible Authentication Protocol (EAP) together on the same AP for authentication? This has worked with VxWorks-based APs.
A. No, you cannot run static WEP keys for encryption and EAP for authentication in the same service set identifier (SSID). VxWorks has allowed this configuration because of software vulnerability, but this ability is not a feature. What you can do is create two SSIDs and two VLANs (one per SSID). Then, configure open authentication with WEP for one SSID and EAP authentication for the other SSID.
I would seriously consider putting in 2 SSIDs, one for EAP and one for non-EAP. Associate each with a different VLAN (required for the configuration). However, if you want them to be on the same subnet, use bridge group 1 under both subinterfaces on a radio. I think it accomplishes what you are trying to do. -
How to use ISE Guest Portal for AD users
Hi there,
As subject explains all, I want to use ISE Guest Portal for my domain users. I have tried many different ways to authenticate users and finally I came to the conclusion that ISE CWA works pretty well and is very stable. WLC Webauth sucks alot, does not redirect to the login page always.
Can you please share what other ways are stable ways to authenticate AD users? I know about WPA 802.1x authentication but that requires a CA in the network which is not available at the moment. So can you please Suggect?
Otherwise, I want to use ISE Guest Portal for my AD users as well. AD is already integrated to ISE, the issue happens when I attempt to athenticate using AD user account, the user gets authenticated but the Guest Portal redirects me to Device Provissioning page and there it shows an error saying "there is not policy to register the device, contact system admin"
Am I missing something??
I am running WLC 5760 with ISE 1.2
Thanks in advance..Hi,
Can you post a screenshot of your current policies? Also for 802.1x authentication although it is best practices you do not have to have an internal CA to make this solution work. You can disable the option to "validate server certificate" or you can use a trusted CA to sign the certificate for the eap interface.
In most cases 802.1x is the method to go because it provides dynamic authentication without forcing users to redirected to a web page multiple times throughout the day, scenarios such as computers that sleep or users that are mobile will not have connectivity until they redirect to the portal if one of the scenarios exist. You also gain WPA encryption on your WLAN, if you are using strictly layer 3 web auth you run into issues where encryption is not used and rely on encryption from the application as your method of data integrity and security.
Thanks,
Tarik Admani
*Please rate helpful posts* -
ISE - EAP-TLS and then webAuth?
Hello everyone!
I have a little bit of a complex dilemma in an ISE deployment and I am trying to lean more on how it works technically. Long story short: I am trying to do both machine and user authentication / authorization (per requirements from our Security department) on a wireless network using iDevices (iPads, iPhones, iTouches) that are shared between users. Just an FYI, I know Apple devices are not intended for “multiple users”; hence, why it is a problem I am trying to solve with CWA.
Hardware:
Cisco ISE VM running 1.1.3.124
WLC 5508 running 7.4.100.0
AP 3602I running 7.4.100.0 / IOS 15.2(2)JB$
iPod Touch version 6.1.3(10B329)
Senario:
•- User Authenticates to SSID that is 802.1x WPA2 AES,
•- Machine is checked by having valid Cert issued by CA and given access to ISE CWA
•- User open’s their browser
•- WLC redirects them to ISE CWA
•- User provides credentials on the portal
•- User to CoA’d to full access network
Rules, NSP is a limited profiling access network. CWA is a limited access network with redirect to centeral web auth on ISE. Standard rule 2 & 3 (which are disabled in this screen shot) are the rules that prove the CWA works on an open SSID.
I have gotten the CWA to work great on an open SSID, however when the process involves EAP-TLS everything works but the redirect. The iPod is properly authorized to the CWA (which is the redirect permission), but when I open a browser the iPod just spins searching for the website; it is never redirected to the ISE. My question is, is this even possible? Is there a trick or order of sequence that needs to be changed? I have been told from a Cisco NCE that specializes in ISE that this “may” or “may not” work, but not given an explanation as to why or why not. And if it’s not possible, why not?
Thank you in advance!
Example, now the user is authorized for CWA, but when a user opens the browser it just sits there spinning.
I checked the WLC “Clients>Details” (from the monitoring page) and I noticed something interesting:Please review the below link which might be helpful :
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_60_byod_certificates.pdf
http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_man_id_stores.pdf -
ISE Provisioning Issues - Public Certificate & EAP-TLS
Anyone run into the issues similar to the below?:
Public Certificate bound for HTTPS
Internal AD Certificate Bound for EAP
Issue is SPW or Native Supplicant will be provisioned with Root CA of Public Cert then SCEP enrolls EAP-TLS with Internal CA however as client device (ipad/iphone/android) doesnt get the Internal Root CA provisioned they will fail EAP-TLS communication
Running ISE 1.1.2 patch2, 2 node-cluster
Guest Portal being used for Provisioning if AD credentials passed
Works a treat if i bind both https & eap on the Internal identity ceritficate (only issue then is Guests/BYOD devices get Certificate Warnings on the portal)
Cheers
Kamthe process doesnt fail as such for the onboarding/provisioning on the iphone, however the when entering domain credentials to the guest portal which intiates the onboarding/provisioning process, i notice the root CA certificate is prompted to be installed on the iphone is that of the public certificate instead of the internal root CA, the rest of the user certificate and scep process properly completes however as the root CA for the internal CA wasnt installed i get warnings when connect to our dot1x eap-tls SSID.
On other devices this process fails which i can only assume is down to the lack of internal root CA cert
so as per the above im pretty much following this (differentiated access via certificates) :
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_60_byod_certificates.pdf
however my setup is slighlty different as the EAP & HTTPS indentity certificate is not the internal, i have installed a public cert for HTTPS to remove certificate warnings on guest portal (as BYOD devices and guests will only have non-domain machines thus a public cert removes the certificate warnings)
does that clarify anymore?
Cheers
Kam -
ISE EAP-FAST chaining EAP-TLS inner method - authorizing against AD
Just a question surrounding EAP-FAST chaining (EAP-TLS inner) and the ability to authorize the username in the CN field of the certificate against AD. As an example for standard EAP-TLS I am able to specifiy that the username should be in a specific AD group. WIth EAP-FAST I seem unable to get the same functionality working - I suspect it is using the combined Chained username to poll with. Any advice would be much appreciated as I would like to differentiate users in different groups whilst retaining the EAP-TLS inner method.
I have found the answer to my own question. In short my issues came down to the way that Microsoft populates the certificate subject fields in particular user certificates and the CN field.
In my deployment I am using a single SSID with the following protocols:
EAP-FAST (EAP-TLS inner) - Certs deployed via AD GPO
EAP-TLS Machine Certs - Certs deploted via AD GPO
EAP-TLS User Certs - Certs deployed via ISE and SCEP (utilising PEAP to auth the user)
EAP-PEAP for Guest and onboarding purposes (no guest portal or MAB - not using the guest portal and CWA is awesome in my opinion).
My certificate profile, created in ISE, utilised the CN field in the subject for principle username. This configuration works fine for machine certs and user certifcates generated via ISE as the CN field is acceptable for matching against AD. The problem however is that the user certs issued by AD GPO etc utilise the AD CN which as I understand cannot be used to ascertain group membership in AD.
The solution seemed obvious - create a new cert profile that utilises the SAN field of the certifcate which is populated with "other name" attributes that can be matched against AD groups. The problem however is that my authentication policy for EAP protocols only allows the selection of one cert profile.... By using the SAN cert profile my EAP-TLS authentications broke but allowed successful auth of the EAP-FAST clients - not a good result.
I figured that the a failure to match the first authentication policy (based on not matching allowed protocol) would then carry on to the next authentication policy allowing me to specifiy a different cert profile - again no dice as the first policy is matched on the wireless 802.1x condition but EAP-FAST protocol was not specified as an allowed protocol and it fails.
The way around this was, lucky in my mind, basically I now match wireless 802.1x condition and Network Access Type:EAP-Chaining which allows me to specify the SAN cert profile for EAP-FAST connections. EAP-TLS obviously does not match the first authentication policy at all as it is not chaining. The subsequent policy is matched for EAP-TLS which specifies the CN cert profile.
I know this explantion is long winded and perhaps obvious to some so for that I apologise. For those of you who are undertaking this and run into the same drama I hope it helps. Feel free to contact me for more information or clarification as this explanation is a mouthful to say the least. -
Guest Portal - untrusted certificate
All,
My ISE integration is on our local domain,for example company.local. I created a rule in the authorization policy that used a static IP address, say guest.company.com for our guests to use for the redirection. When guests get the web auth redirection to guest.company.com they are getting the untrusted certificate.
I tried to import a certificate from our external CA, and faced errors because it didnt have the .company.local SAN. I did generate that with the CSR but my external CA doesnt give me an option to include this.
How is this rectified so our guests hit the web portal without getting a certificate error?Hi Jason,
From my experience, this is a common problem. Typically, what I do on deployments is obtain a trusted 3rd-party signed certificate for my HTTPS usage on the ISE appliances. If you want to use your internal CA certificate to authenticate EAP for your domain computers and other sessions, you can still do so.
Note: Sometime in 2014 (it may already be active) the 3rd-party certificate signers are no longer going to allow .local or other internal domains on their certificates.
With that said, I've normally been deploying the ISE appliances with an external domain name, example, ise.company.com rather than ise.company.local. You can setup split DNS on your network to allow ise.company.com to resolve to your internal IP.
Hope this helps. -
Guest Wireless with Web Portal
I have my guest wireless accepting terms through a web portal, but it seems they have to accept these terms about every 30 minutes to an hour to get access to the internet again. They are not idle, their session just stops working, and when they open a new browser it redirects them to the web portal. Is there a timer for this somewhere that I am missing?
I installed v7.5 configured the sleeping client feature and I'm not getting the desired result. My test device (Ipod model MD067LL/A) isn't being added to the sleeping clients list. I saw the following in the configuration guide.
The authentication of sleepling clients feature is not supported with Layer 2 security and web authentication enabled.
I don't think that applies to my situation.
The WLANs configuration is below.
WLAN Identifier.................................. 4
Profile Name..................................... xxxxxxxxxx
Network Name (SSID).............................. xxxxxxxxxx
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist.................................... Disabled
Session Timeout.................................. 36000 seconds
User Idle Timeout................................ 300 seconds
Sleep Client..................................... enable
Sleep Client Timeout............................. 8 hours
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... xxxxxxxxxxxxxxx
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ xxxxxxxxxx
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
PMIPv6 MAG Profile........................... Unconfigured
PMIPv6 Default Realm......................... Unconfigured
PMIPv6 NAI Type.............................. Hexadecimal
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Framed IPv6 Acct AVP ...................... Prefix
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Disabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Enabled
IPv4 ACL........................................ Unconfigured
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Email Input..................................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Disabled
Client MFP.................................... Disabled
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60 -
Cisco ISE Guest portal - smart card login
Does anyone know if Cisco ISE support smart card login to the guest portal page?
No it doesn't, you can test the same , while editing the wireless SSID profile, opting authentication method as smart card other than PEAP/EAP.
-
Setting UP Captive Portal ON 5508 WLC
Dear All,
I do know that captive portal could be setup on cisco 5508, such that internet users could login as follows:
Username, password , login duration etc.
however i would like to know whether the above configuration would work with just 5508 and MS Active directory.or do we need any other device to achieve this.
secondly can we upload a customised login web page from which users can login and gain access to the internet ?
Jude.1. i would like to know whether the above configuration would work with just 5508 and MS Active directory
Yes, you would need to configure an LDAP server on the WLC pointed to your MS AD, binding properly. Then, make sure your L3 authentication priority is configured to query LDAP first. This works pretty well in a L3 web-auth scenario, but is limited when using LOCAL EAP
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml
2. can we upload a customised login web page from which users can login and gain access to the internet ?
Yes; start by downloading the webauth_bundle.zip for your respective release/platform.
http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_user_accts.html#wp1049404 -
Hi,
I have a BYOD setup that is working well except one thing that is enoying, I cant get iOS device's to trust the ISE server certificate.
Tested on 2 iPads and 2 iPhones.
When runing Wireshark from a Mac I can see the certificate chain in the TLS packet coming from ISE and my Mac is accepting this with out problem, same for a Win 8 test machine.
In this document under The Trust Chain, Apple writes:
'The first time the user joins a device to an 802.1X-protected network, the device will prompt the user to trust the server’s certificate'
Could it be that iOS devices ignore the cert. chain in a EAP packet?The trusted CAs only come into effect when navigating to web portals. Because the user is actually initiated a browser session to a secure site where the url is entered.
With eap authentication this behavior is different. When a user sends their credentials the supplicant on the iphone automatically prompts the client to validate the radius server identity. It will also show you that the identity is trusted, but it will still prompt the user by informing them that their credentials are being forwarded to a specific radius server.
You can also verify this by using a windows machine, if you set the supplicant to "validate the server certificate" but leave the certificate entries unchecked, you will still be prompted to validate the radius server's identity.
Thanks,
Tarik Admani
Sent from Cisco Technical Support iPad App -
Is local EAP + Web Authentication possible in Auto Anchor Configuration
Hi,
I have a wireless network setup in an auto-anchor configuration with the foreign and anchor controllers. Due to the foreign controller being owned and managed by another company, I have an interesting authentication scenerio I would like to acheive. We can't implement full EAP-TLS as we would have to allow authentications from the foreign controller which is owned and managed by another company.
Currently Web Authentication is working correctly for the Wireless Network. As another layer of security, I want to know if its possible for the wireless clients to trust a certificate installed on the foreign controller? If so, are you able to point me in the direction of a user guide to implement.
I found the following document which describes local EAP configuration . Would this work with Web Authentication?
Thanksso, kinda but no. EAP is a layer 2 authentication that uses encryption as well.
WebAuth is a layer3 authentication only.
Now the kinda....you can create guest/network users on the WLC local database, and if someone logins to the webauth portal with those credentials they will be able to get on.
I'm not really sure what you are looking to do based on your post.
Personally, if I had users that were going to roam to this controller, I'd work with that companies IT and get it linked to my AAA server and keep the EAP-TLS that I had working already going. Just because that WLC would be able to communicate to your AAA doesn't mean their users would be able to get on, as they wouldn't have the machine or client certificate nor the Root CA cert on their machines.
HTH,
Steve -
Error Log during logon of RAR 5.3 Portal - please help
Hi Experts,
We are unable to login into the CC portal [GRC RAR 5.3]. The login screen is appearing again and again without logging into the CC portal
Below is the log file which we are getting and we understand that the product is not responding properly to the application
Can somebody please help us in resolving this at the earliest
Thanks in Advance
Best Regagards,
Srihari.K
Date : 12/05/2008
Time : 2:38:16:008
Message : Exception of type com.sap.sql.log.OpenSQLException caught: Cannot assign NULL to host variable 1. setNull() can only be used in INSERT and UPDATE statements. The statement is "SELECT MIN("YEARMONTH") "YEARMONTH",MIN("VIOLTYPE") "VIOLTYPE",MIN("VSYSKEY") "VSYSKEY",MIN("ANLTYPE") "ANLTYPE",MIN("USERGROUP") "USERGROUP",SUM("TOTCOUNT") "TOTCOUNT",SUM("RISKLOW") "RISKLOW",SUM("RISKMED") "RISKMED",SUM("RISKHIGH") "RISKHIGH",SUM("RISKCRT") "RISKCRT",SUM("URNONE") "URNONE",SUM("URLOW") "URLOW",SUM("URMED") "URMED",SUM("URHIGH") "URHIGH",SUM("URCRT") "URCRT",SUM("URMIT") "URMIT",MAX("TOTCRTCD") "TOTCRTCD",SUM("CRTCD") "CRTCD",MAX("TOTCRROLE") "TOTCRROLE",SUM("CRROLE") "CRROLE",SUM("TOTUSER") "TOTUSER",MIN("RUNDATE") "RUNDATE" FROM "VIRSA_CC_MGMTTOT" WHERE "YEARMONTH" = ? AND "VIOLTYPE" = ? AND "VSYSKEY" LIKE ? AND "ANLTYPE" = ? AND "USERGROUP" LIKE ?"..
[EXCEPTION]
com.sap.sql.log.OpenSQLException: Cannot assign NULL to host variable 1. setNull() can only be used in INSERT and UPDATE statements. The statement is "SELECT MIN("YEARMONTH") "YEARMONTH",MIN("VIOLTYPE") "VIOLTYPE",MIN("VSYSKEY") "VSYSKEY",MIN("ANLTYPE") "ANLTYPE",MIN("USERGROUP") "USERGROUP",SUM("TOTCOUNT") "TOTCOUNT",SUM("RISKLOW") "RISKLOW",SUM("RISKMED") "RISKMED",SUM("RISKHIGH") "RISKHIGH",SUM("RISKCRT") "RISKCRT",SUM("URNONE") "URNONE",SUM("URLOW") "URLOW",SUM("URMED") "URMED",SUM("URHIGH") "URHIGH",SUM("URCRT") "URCRT",SUM("URMIT") "URMIT",MAX("TOTCRTCD") "TOTCRTCD",SUM("CRTCD") "CRTCD",MAX("TOTCRROLE") "TOTCRROLE",SUM("CRROLE") "CRROLE",SUM("TOTUSER") "TOTUSER",MIN("RUNDATE") "RUNDATE" FROM "VIRSA_CC_MGMTTOT" WHERE "YEARMONTH" = ? AND "VIOLTYPE" = ? AND "VSYSKEY" LIKE ? AND "ANLTYPE" = ? AND "USERGROUP" LIKE ?".
at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:85)
at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:124)
at com.sap.sql.jdbc.common.CommonPreparedStatement.setNull(CommonPreparedStatement.java:303)
at com.sap.sql.jdbc.common.CommonPreparedStatement.setString(CommonPreparedStatement.java:509)
at com.sap.sql.sqlj.runtime.profile.ref.RTStatementJDBCPrepared.setString(RTStatementJDBCPrepared.java:359)
at com.virsa.cc.xsys.mgmreport.dao.sqlj.MGMTotalDAO.getResult(MGMTotalDAO.sqlj:63)
at com.virsa.cc.ui.RARiskVGraph.refreshData(RARiskVGraph.java:476)
at com.virsa.cc.ui.RARiskVGraph.wdDoInit(RARiskVGraph.java:130)
at com.virsa.cc.ui.wdp.InternalRARiskVGraph.wdDoInit(InternalRARiskVGraph.java:191)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doInit(DelegatingView.java:61)
at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
at com.sap.tc.webdynpro.progmodel.view.View.initController(View.java:445)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:709)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:555)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:724)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bindRoot(ViewManager.java:579)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.init(ViewManager.java:155)
at com.sap.tc.webdynpro.progmodel.view.InterfaceView.initController(InterfaceView.java:43)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:709)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:555)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:724)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:555)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:724)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:555)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:724)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bindRoot(ViewManager.java:579)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.init(ViewManager.java:155)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.doOpen(WebDynproWindow.java:295)
at com.sap.tc.webdynpro.clientserver.window.ApplicationWindow.show(ApplicationWindow.java:183)
at com.sap.tc.webdynpro.clientserver.window.ApplicationWindow.open(ApplicationWindow.java:178)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:364)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Severity : Error
Category : /System/Database/sql/jdbc/common
Location : com.sap.sql.jdbc.common.CommonPreparedStatement
Application : sap.com/tcwddispwda
Thread : SAPEngine_Application_Thread[impl:3]_32
Datasource : 1666450:/apps/usr/sap/HLG/JC00/j2ee/cluster/server0/log/defaultTrace.trc
Message ID : 0003BAF96A51006E0000001F0000265200045D4A46588084
Source Name : com.sap.sql.jdbc.common.CommonPreparedStatement
Argument Objs : com.sap.sql.log.OpenSQLException,Cannot assign NULL to host variable 1. setNull() can only be used in INSERT and UPDATE statements. The statement is "SELECT MIN("YEARMONTH") "YEARMONTH",MIN("VIOLTYPE") "VIOLTYPE",MIN("VSYSKEY") "VSYSKEY",MIN("ANLTYPE") "ANLTYPE",MIN("USERGROUP") "USERGROUP",SUM("TOTCOUNT") "TOTCOUNT",SUM("RISKLOW") "RISKLOW",SUM("RISKMED") "RISKMED",SUM("RISKHIGH") "RISKHIGH",SUM("RISKCRT") "RISKCRT",SUM("URNONE") "URNONE",SUM("URLOW") "URLOW",SUM("URMED") "URMED",SUM("URHIGH") "URHIGH",SUM("URCRT") "URCRT",SUM("URMIT") "URMIT",MAX("TOTCRTCD") "TOTCRTCD",SUM("CRTCD") "CRTCD",MAX("TOTCRROLE") "TOTCRROLE",SUM("CRROLE") "CRROLE",SUM("TOTUSER") "TOTUSER",MIN("RUNDATE") "RUNDATE" FROM "VIRSA_CC_MGMTTOT" WHERE "YEARMONTH" = ? AND "VIOLTYPE" = ? AND "VSYSKEY" LIKE ? AND "ANLTYPE" = ? AND "USERGROUP" LIKE ?".,com.sap.sql.log.OpenSQLException: Cannot assign NULL to host variable 1. setNull() can only be used in INSERT and UPDATE statements. The statement is "SELECT MIN("YEARMONTH") "YEARMONTH",MIN("VIOLTYPE") "VIOLTYPE",MIN("VSYSKEY") "VSYSKEY",MIN("ANLTYPE") "ANLTYPE",MIN("USERGROUP") "USERGROUP",SUM("TOTCOUNT") "TOTCOUNT",SUM("RISKLOW") "RISKLOW",SUM("RISKMED") "RISKMED",SUM("RISKHIGH") "RISKHIGH",SUM("RISKCRT") "RISKCRT",SUM("URNONE") "URNONE",SUM("URLOW") "URLOW",SUM("URMED") "URMED",SUM("URHIGH") "URHIGH",SUM("URCRT") "URCRT",SUM("URMIT") "URMIT",MAX("TOTCRTCD") "TOTCRTCD",SUM("CRTCD") "CRTCD",MAX("TOTCRROLE") "TOTCRROLE",SUM("CRROLE") "CRROLE",SUM("TOTUSER") "TOTUSER",MIN("RUNDATE") "RUNDATE" FROM "VIRSA_CC_MGMTTOT" WHERE "YEARMONTH" = ? AND "VIOLTYPE" = ? AND "VSYSKEY" LIKE ? AND "ANLTYPE" = ? AND "USERGROUP" LIKE ?".
at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:85)
at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:124)
at com.sap.sql.jdbc.common.CommonPreparedStatement.setNull(CommonPreparedStatement.java:303)
at com.sap.sql.jdbc.common.CommonPreparedStatement.setString(CommonPreparedStatement.java:509)
at com.sap.sql.sqlj.runtime.profile.ref.RTStatementJDBCPrepared.setString(RTStatementJDBCPrepared.java:359)
at com.virsa.cc.xsys.mgmreport.dao.sqlj.MGMTotalDAO.getResult(MGMTotalDAO.sqlj:63)
at com.virsa.cc.ui.RARiskVGraph.refreshData(RARiskVGraph.java:476)
at com.virsa.cc.ui.RARiskVGraph.wdDoInit(RARiskVGraph.java:130)
at com.virsa.cc.ui.wdp.InternalRARiskVGraph.wdDoInit(InternalRARiskVGraph.java:191)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doInit(DelegatingView.java:61)
at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
at com.sap.tc.webdynpro.progmodel.view.View.initController(View.java:445)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:709)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:555)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:724)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bindRoot(ViewManager.java:579)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.init(ViewManager.java:155)
at com.sap.tc.webdynpro.progmodel.view.InterfaceView.initController(InterfaceView.java:43)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:709)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:555)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:724)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:555)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:724)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:555)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:724)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bindRoot(ViewManager.java:579)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.init(ViewManager.java:155)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.doOpen(WebDynproWindow.java:295)
at com.sap.tc.webdynpro.clientserver.window.ApplicationWindow.show(ApplicationWindow.java:183)
at com.sap.tc.webdynpro.clientserver.window.ApplicationWindow.open(ApplicationWindow.java:178)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:364)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Arguments : com.sap.sql.log.OpenSQLException,Cannot assign NULL to host variable 1. setNull() can only be used in INSERT and UPDATE statements. The statement is "SELECT MIN("YEARMONTH") "YEARMONTH",MIN("VIOLTYPE") "VIOLTYPE",MIN("VSYSKEY") "VSYSKEY",MIN("ANLTYPE") "ANLTYPE",MIN("USERGROUP") "USERGROUP",SUM("TOTCOUNT") "TOTCOUNT",SUM("RISKLOW") "RISKLOW",SUM("RISKMED") "RISKMED",SUM("RISKHIGH") "RISKHIGH",SUM("RISKCRT") "RISKCRT",SUM("URNONE") "URNONE",SUM("URLOW") "URLOW",SUM("URMED") "URMED",SUM("URHIGH") "URHIGH",SUM("URCRT") "URCRT",SUM("URMIT") "URMIT",MAX("TOTCRTCD") "TOTCRTCD",SUM("CRTCD") "CRTCD",MAX("TOTCRROLE") "TOTCRROLE",SUM("CRROLE") "CRROLE",SUM("TOTUSER") "TOTUSER",MIN("RUNDATE") "RUNDATE" FROM "VIRSA_CC_MGMTTOT" WHERE "YEARMONTH" = ? AND "VIOLTYPE" = ? AND "VSYSKEY" LIKE ? AND "ANLTYPE" = ? AND "USERGROUP" LIKE ?".,com.sap.sql.log.OpenSQLException: Cannot assign NULL to host variable 1. setNull() can only be used in INSERT and UPDATE statements. The statement is "SELECT MIN("YEARMONTH") "YEARMONTH",MIN("VIOLTYPE") "VIOLTYPE",MIN("VSYSKEY") "VSYSKEY",MIN("ANLTYPE") "ANLTYPE",MIN("USERGROUP") "USERGROUP",SUM("TOTCOUNT") "TOTCOUNT",SUM("RISKLOW") "RISKLOW",SUM("RISKMED") "RISKMED",SUM("RISKHIGH") "RISKHIGH",SUM("RISKCRT") "RISKCRT",SUM("URNONE") "URNONE",SUM("URLOW") "URLOW",SUM("URMED") "URMED",SUM("URHIGH") "URHIGH",SUM("URCRT") "URCRT",SUM("URMIT") "URMIT",MAX("TOTCRTCD") "TOTCRTCD",SUM("CRTCD") "CRTCD",MAX("TOTCRROLE") "TOTCRROLE",SUM("CRROLE") "CRROLE",SUM("TOTUSER") "TOTUSER",MIN("RUNDATE") "RUNDATE" FROM "VIRSA_CC_MGMTTOT" WHERE "YEARMONTH" = ? AND "VIOLTYPE" = ? AND "VSYSKEY" LIKE ? AND "ANLTYPE" = ? AND "USERGROUP" LIKE ?".
at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:85)
at com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:124)
at com.sap.sql.jdbc.common.CommonPreparedStatement.setNull(CommonPreparedStatement.java:303)
at com.sap.sql.jdbc.common.CommonPreparedStatement.setString(CommonPreparedStatement.java:509)
at com.sap.sql.sqlj.runtime.profile.ref.RTStatementJDBCPrepared.setString(RTStatementJDBCPrepared.java:359)
at com.virsa.cc.xsys.mgmreport.dao.sqlj.MGMTotalDAO.getResult(MGMTotalDAO.sqlj:63)
at com.virsa.cc.ui.RARiskVGraph.refreshData(RARiskVGraph.java:476)
at com.virsa.cc.ui.RARiskVGraph.wdDoInit(RARiskVGraph.java:130)
at com.virsa.cc.ui.wdp.InternalRARiskVGraph.wdDoInit(InternalRARiskVGraph.java:191)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doInit(DelegatingView.java:61)
at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
at com.sap.tc.webdynpro.progmodel.view.View.initController(View.java:445)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:709)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:555)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:724)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bindRoot(ViewManager.java:579)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.init(ViewManager.java:155)
at com.sap.tc.webdynpro.progmodel.view.InterfaceView.initController(InterfaceView.java:43)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:709)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:555)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:724)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:555)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:724)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bind(ViewManager.java:555)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.getView(ViewManager.java:724)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.bindRoot(ViewManager.java:579)
at com.sap.tc.webdynpro.progmodel.view.ViewManager.init(ViewManager.java:155)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.doOpen(WebDynproWindow.java:295)
at com.sap.tc.webdynpro.clientserver.window.ApplicationWindow.show(ApplicationWindow.java:183)
at com.sap.tc.webdynpro.clientserver.window.ApplicationWindow.open(ApplicationWindow.java:178)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:364)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Dsr Component : n/a
Dsr Transaction : d2d9c100c2b811dd9eb60003baf96a51
Dsr User :
Indent : 0
Level : 0
Message Code : com.sap.sql_0019
Message Type : 1
Relatives : /System/Database/sql/jdbc/common
Resource Bundlename :
Session : 92
Source : com.sap.sql.jdbc.common.CommonPreparedStatement
ThreadObject : SAPEngine_Application_Thread[impl:3]_32
Transaction :
User : ac_adminHi,
The shear length of your post is frightening - this would keep many potential replies away !!
What i woudl recommend is --> Open an OSS messgae ! This would resolve your problem !!
Thanks -
HOW TO SET UP PARTNER APPLICATION TO USE SSO OUTSIDE OF PORTAL
If anyone knows how Portal switches context to run as the db user mapped to the lightweight schema and how it knows the db schema password please let me know.
Should you have any queries please do not hesitate to contact me on 07775 896738.
From document Oracle Portal Security Overview on PortalStudio.oracle.com:
In Single Sign On mode (EnableSSO=Yes in the DAD), mod_plsql determines the name of the light-weight user and mapped database schema by calling
WPG_SESSION_PRIVATE.GET_LW_USER and WPG_SESSION_PRIVATE.GET_DB_USER respectively.
** These calls are done using the Portal Schema (PORTAL30) and Portal schema password **
mod_plsql then executes the procedure in the requested URL by using the N-Tier Authentication feature to connect to the database as the user returned from
WPG_SESSION_PRIVATE.GET_DB_USER. ..... Note that N-Tier Authentication requires all schemas to be used for Portal user mappings to be granted 'connect
through' privleges to the Portal schema (PORTAL30).
The WWCTX packages are also used.
So this is how it works with standard Portal
- the document states that the WPG_SESSION_PRIVATE package is only accessible to the Portal schema
- but I checked and it is also available to PORTAL30_SSO
SQL> desc WPG_SESSION_PRIVATE
PROCEDURE CREATE_SESSION
Argument Name Type In/Out Default?
P_COOKIE_NAME VARCHAR2 IN
FUNCTION GET_DB_USER RETURNS VARCHAR2
FUNCTION GET_LW_USER RETURNS VARCHAR2
PROCEDURE GET_SESSION_INFO
Argument Name Type In/Out Default?
NUM_PARAMS NUMBER OUT
PARAM_NAMES TABLE OF VARCHAR2(32000) OUT
PARAM_VALUES TABLE OF VARCHAR2(32000) OUT
PROCEDURE RESET_SESSION
Argument Name Type In/Out Default?
P_COOKIE_NAME VARCHAR2 IN
In my case only the Login Server (PORTAL30_SSO) is going to be used/installed
- the SAMPLE_SSO_PAPP application will only work if the DAD used to access is it set to use Basic authentication, i.e. the actual integration with the Login Server
is done in the sample application code calls, stored in the database
- when a DAD has enableSSO=yes it automatically accesses Portal (PORTAL30) packages to implement N-Tier authentication
I'm currently testing:
1. Configuring the SAMPLE_SSO_PAPP sample as documented with a DAD with Basic authentication
2. Amending the ssoapp procedure to set context to another (db) user on successful authentication:
wwctx_api.set_context (
p_user_name => 'SCOTT',
p_password => 'TIGER' );
3. If this works then set_context with get_lw_user instead
I have now amended the ssoapp procedure as follows to print out
1. The userid entered when the login box is presented
2. The Database user which the Portal Lightweight user is mapped to
3. The Lightweight user Portal has used for authentication
Amendments to papp.pkb:
(ssoapp procedure, declare db_user_info and lw_user_info as VARCHAR2 in declare section)
htp.p('Congratulations! It is working!<br>');
db_user_info := wwctx_api.get_db_user;
lw_user_info := wwctx_api.get_user;
htp.p('User Information:' || l_user_info || '<br>');
htp.p('DB User Information:' || db_user_info || '<br>');
htp.p('LW User Information:' || lw_user_info || '<br>');
The following shows the interesting results from my testing:
- if the user owning the sample_sso_papp package is PORTAL30_SSO then the call to wwctx_api.get_db_user succeeds
- if the user owning the sample_sso_papp package is a non-portal schema e.g. SSOAPP below the call to wwctx_api.get_db_user generates a User Defined exception
Steps to test:
Created new schema SSOAPP on the database
- edited it in Portal and checked the use this schema for Portal users checkbox
- created new Lightweight user SSO_LW in Portal, mapped it to SSOAPP schema
- created new Lightweight user SSO_SCOTT in Portal, mapped to SCOTT schema
- loadjava -user ssoapp/ssoapp@portal30 SSOHash.class
- sqlplus portal30/portal30@portal30
@provsyns ssoapp
- sqlplus ssoapp/ssoapp@portal30
@loadsdk.sql
@loadpapp.sql
Created DAD with basic authentication SAMPLE_SSO_PAPP
- username: ssoapp
- default home page: sample_sso_papp.ssoapp
Registered the Sample SSO Partner Application with the Login Server and ran regapp.sql
Commented out the calls to get_db_user in papp.pkb to avoid exception
- called http://<server>/pls/sample_sso_papp
- logged on as SSO_LW/sso_lw
- got output:
Congratulations! It is working!
User Information: SSO_LW
LW User Information: PUBLIC
So the Portal lightweight user is not returned as SSO_LW
if anyone knows why the Lightweight User in my test is returned as PUBLIC not SSO_LW
Best Regards
MIchaelhttp://support.mozilla.com/en-US/kb/Changing+the+e-mail+program+used+by+Firefox
-
SSO to ECC (without java stack), BI (on NetWeaver), & Portal
I have a client that wants to configure their SAP systems in such a way so that the users sign onto their Windows workstations, are authenticated by Windows Active Directory and from then on they can sign on directly to an ECC ABAP instance, a BI instance, and an SAP Portal without having to supply a user/password combination again. (We already have SSO setup for users access some BI reports through the Portal, but in this case we want to setup direct access to the ECC and BI systems without necessarily going through the Portal environment).
The servers are running HP-UX, the clients Windows XP, and the AD system is running under Windows 2003.
Is this possible without using a third-party tool and if so,can anyone point me to the appropriate documentation (I've done a lot of searching, but can't find anything).
Thanks in advance!I am sure this has been done before and often discussed here?
Take a look in the FAQ thread at the top of the forum for a general overview discussion of SSO. If you keep an eye out for the note numbers, terms used and those folks who contributed to it when searching, then I am sure will find plenty of infos to start with.
Specific vendor evaluation details and comparisons (outside of the technical realm) are generally not provided, as the 3rd parties are generally competitors...
Cheers,
Julius
Maybe you are looking for
-
When trying to connect to iTunes I get this message An internal error occurred during: "FindSonarTrackJob". java.lang.NullPointerException
-
Time charged in timesheet but not showing up in project
Hi, Resource charged time in timesheet , approved by PM and functional manager the time shows in timesheet but not in project for those days? I have recalled the timesheet,resubmitted and publish project again still don't show up Anyone knows why
-
Why wont this RUN and Set a New-Service..?
PS C:\WINDOWS\system32> New-Service -Name RunSafe -BinaryPathName C:\Users\3steveco33_01\Skydrive\Documents\Adminstartup.ps1 -DisplayName 'Active Protraction Service' -Description Safety and Security -StartupType Manual -Credential 'Admin_01' -Depen
-
Newbie JDeveloper OC4J doesn't install
Followed instructions for installing OC4J. From the command prompt went to the correct directory, typed 'start java -jar oc4j.jar -install and a window flashes by and I am never asked for an admin password?? Any ideas?
-
Auto-sleep won't work when web pages auto-refresh
Dear Apple, Around 4 years ago, I noticed that my computer stopped going to sleep. I first noticed it shortly after adopting Gmail for my email platform and was subsequently able to isolate the issue down to Gmail and other websites, such as Huffingt