Portal LDAP SSO

Similar Messages

• Oracle9iAS R2 - Virtual Hosts with Portal and SSO with OIDDAS application

  Hi!
  I have installed a the machine with name minsk.discover.local. The machine have installed Infrastructure and Portal. The instalation is sucessfull and i work fine. But i have publish Portal to WEB with name intranet.discover.com.br. The Oracle describe:
  1 - Create the virtual hosts in SSO and PORTAL - OK
  2 - run ptlasst to create SSO Partners Applications - OK
  After this steps iwork fine with Portal and SSO, but when i click in portlet to create user to access the application OIDDAS, the Portal redirect to login page of SSO in address mct.com.br, the internal name, when then name not responde in the internet.
  I need a help!!!!
  Marcio Mesti

  I just spoke to the Oracle App server admins, the two servers in question are clustered.
  So my question changes slightly to:
  What is the best way to install and configure a webgate for clustered Oracle App servers with mulitple virtual hosts, that are residing behind a load balancer (Traffic Manager)?
  Thanks,
  Andy

• LDAP SSO to database in XI3.1

  Hi  All,
  We are using XI3.1 and trying to find a solution for configuring LDAP single sign on to database and have not been able to find any material on that matter.
  Is it possible to configure LDAP SSO to database (Oracle 11) natively? Or is there a third party tool like siteminder that can make that configuration work? Please let me know.
  Thanks,
  V

  It should work natively.
  In the CMC > Authentication > LDAP there is an option for propogate credentials at logon time. This option will cause LDAP users to have their username/pw cached in their user account (in fields called DBuser/DBpass). Then you must configure your reports to use these fields. If using reports based of universes you need to set the universe connection to use DB credentials, if crystal then it's a bit more complicated and you may need to log a case to get the instructions.
  If using SSO on the front end with siteminder or trusted auth then the LDAP propogate option will not work (it requires users to key in their user/pw).
  Regards,
  Tim

• How to access BW RFC FM as web service from Enterprise portal using SSO

  We have developed a custom remote function module in our BW system. We are accessing this function module as a webservice from a java class we have written. This java class access the BW webservice and formats the output. We created a webservice on top of this java class and deployed on the Enterprise Portal. SSO is setup between EP and BW systems. So when i make call to the BW RFC webservice, i would like to make use of SSO setup between EP and BW instead of hardcoding the user id and password while calling the webservice. Please advise on how to achive this.
  Thanks for the help.
  Thanks
  Hari
  Edited by: Hari Krishna Nalluri on Mar 19, 2008 12:41 PM

  Hi,
  Go to webserive perspective -> WebService Configuration -> Expand config node->Security-> Select HTTP Authentication and check Use SAP logon tickets option.
  Ashutosh

• Running Discoverer reports into portal using SSO portal login - help

  Hi,
  I am trying to run disco reports into oracle portal using discoverer portlet providers -list of worksheet. What I want to achieve is as follows
  1) login to portal using SSO userid /pwd - Done
  2) Enable discoverer for SSO - Done
  *3) Use discoverer list of worksheets to show reports into portal but want to filter the list of worksheet to currently logged in portal user. This so that users looged in only sees the reports to which they have access in discoverer - Need Help*
  *4) Once user runs this report then I want to filter the discoverer data based on users login or portal group - Help*
  Can someone please help with issue no 3/4 urgently.
  Mant thanks
  Ganesh

  Hi Michael,
  Assuming I have created the private connections using CAPI I still have my doubts as follows
  Do I have to then login as each portal user and add the list of worksheet portlet for each user and selecting
  "check the box called Display a different list of worksheets by allowing users to customize database connection and then check Show a default list of worksheets using connection, changing the connection to user's connection."
  Considering we have 500+ users this will be huge cumbersom task for me.
  Also when I tried to do this before loggin as each portal user when I logged in as second portal user I could see the list of worksheet portalet added by the first user which means I have to edit it but even that was not possible because it would not let me edit as only the page own whi created the portlet was allowed to edit (that is the first user)
  OR
  Do you have to give portal user permission to edit the page so that they can log on themselve to add the list of worksheet portlet on the page by selecting their private connection and selecting
  "check the box called Display a different list of worksheets by allowing users to customize database connection and then check Show a default list of worksheets using connection, changing the connection to user's connection."
  Finally I know someone has made it work using URL links and it works as follows
  1) Map the portal and disco user into a table
  2) Create disco private connections
  3) when portal user loggs in and click on "Show my discoverer report" it then runs a PL/SQL package which in turn identifies the private connection details and creates a URL out of it as follows
  [http://portal.ccm.ac.uk/discoverer/app/partialConnect?password=IRTIMUDV123_=qplus=VDUMITRI=browser_selected=connect=RELATIONAL=QPRIS=viewer]
  clicking on this link open discoverer with private list of workbook/worksheet.
  Please advise which way should I follow.
  Thanks
  Ganesh

• Cannot register portal to SSO

  I am trying to register the portal to SSO running the ssoreg script
  but I get an error message in the log file, even though the script
  says that SSO registration tool finished successfully.
  The script that I run is the above:
  ssoreg -site_name www.mydomain.com -mod_osso_url http://www.mydomain.com:7777 -config_mod_osso TRUE -oracle_home_path d:/OraHome_1 -config_file d:/OraHome_1/Apache/Apache/conf/osso/osso.conf -admin_info cn=orcladmin
  and the error message that I get is:
  Base Exception:
  The instance, "portal.dps" already exists in the configuration repository. The instance must have a unique name.
  Resolution:
  Remove or destroy the instance or choose a different name then retry the operation.
  oracle.ias.sysmgmt.exception.PersistenceException: Base Exception:
  The instance, "portal.dps" already exists in the configuration repository. The instance must have a unique name.
  Resolution:
  Remove or destroy the instance or choose a different name then retry the operation.
       at oracle.ias.sysmgmt.persistence.DBTopology.createPersistenceInstance(Unknown Source)
       at oracle.ias.sysmgmt.persistence.PersistenceCluster.createPersistenceInstance(Unknown Source)
       at oracle.ias.sysmgmt.task.FarmManager.joinFarm(Unknown Source)
       at oracle.ias.sysmgmt.task.TaskMaster.initRepository(Unknown Source)
       at oracle.ias.sysmgmt.task.TaskMaster.<init>(Unknown Source)
       at oracle.ias.sysmgmt.task.InstanceManager.sysInit(Unknown Source)
       at oracle.ias.sysmgmt.task.InstanceManager.init(Unknown Source)
       at oracle.ias.sysmgmt.cmdline.DcmCmdLine.checkInit(Unknown Source)
       at oracle.ias.sysmgmt.cmdline.DcmCmdLine.execute(Unknown Source)
       at oracle.ias.sysmgmt.cmdline.DcmCmdLine.main(Unknown Source)
  I have tried to find something about this error in the manuals of the Application server
  but I could not find anything.
  The version of the application server that I use is 10g Release 2 (10.1.2) .
  Thanks
  Stelios

  make sure whatever you put in for the -site_name you have not used before. so do something like -site_name=mysite.com-http-ddmmyy or something.
  Its just telling you the name you put in there before is already there. Or you have to go into the sso admin page and delete the current one and then register it again.
  thanks

• Direct access to a file in IFS from Portal using SSO

  Hi,
  we need to be able to access a file in IFS directly from a link in Portal using SSO.
  I take it is possible. Has anybody done it? Any tips?
  thanks,
  Inga

  Hi,
  If u want to increase the speed of reading then u can try this.
  If each line of the file is almost the same length then u can fix a particular size for each record.
  For example each record will occupy 50 bytes. If u want to access the 10th record u can just use skip method to skip 450 bytes and read 50 bytes from that location.
  In this method there will be wastage of space, but memory consumed when running the app will be less since u dont store full content of the file in memory(vector)

• Reading/Writing the "wpproperty" from portal LDAP

  Hi,
  We want to read/write the "wpproperty" from portal LDAP. I found the code for EP60.
  IUser user = request.getUser();
  String itar[] = user.getAttribute("com.sap.security.core.usermanagement","wpproperty");
  newUser.setAttribute("com.sap.security.core.usermanagement",
  "wpproperty", value);
  Does anybody have an example for <b>EP50</b> code?
  Kind regards,
  Onno

  I think the answers you got over [url http://forum.java.sun.com/thread.jsp?thread=524137&forum=54]here were excellent. You should now know that Java is a terrible language for this kind of thing. You would be much better off with some kind of a native language like C++. Even then, you are going to have to get heavily into the internal Windows system to get what you want from another application and I can't even imagine what you would have to go through to get it out of IE.
  Anyway, I doubt you are going to find what you are looking for in the 'New To Java Technology' forum. You might be able to find something like this if you found a 'Hacker Forum' with people on it who had spent the time to find out how to steal information from other programs (probably at least a couple of years) and didn't mind if they got invovled with someone who might be talking to the FBI shortly.
  Your only other option would be to spend the year or two it would take you to learn enough to do it yourself.
  Good Luck.

• What is Portal Ldap Directory

  Hi Experts,
  In documentation of User Management, I saw ' in addition to corporate LDAP directory server(which portla uses as user data repository) Portal User Management Component uses a dedicated portal LDAP directory to store additional data for the portal.
  So here my dought is what is portal LDAP directory, Is it comes with portal installation or do we need this server separately,if we need to install separately, which directory server we need to install and for what additional information we need to install this server.
  Pls any one clarify my dought,,Points will be rewards.
  Regards
  Seshu

  Hi,
  Yes you need to have a separate server i.e. LDAP server. It is not  shipped with portal installation, usually every organisation have LDAP servers as their data sources where every user in an organisation is stored so portal provides ways to integrate this server so that we need not to create users again in portal, once integrated all the users in LDAP will be accessed using portal and every user will have his/her own id created in portal through this data source.
  For some more information, refer these links.
  http://help.sap.com/saphelp_nw70/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw70/helpdata/en/63/14f5b51a6eff429f2d8b2063400e82/frameset.htm
  Regards,
  Ameya
  Message was edited by:
          Ameya Pimpalgaonkar
  Message was edited by:
          Ameya Pimpalgaonkar

• Integrate a https site into portal using sso

  Hi all,
  We have a information system application which is a 'https' site for the company users. Now I would like to integrate this to our portal using SSO. could you please suggest me the how to accomplish this.
  thanks in advance
  -Henry

  Hi Henry,
  Is your information system a SAP system or Non-SAP system ?
  Anyways, there are various options for doing this
  1)Kerberos Authentication
  2)PAS
  3) JAAS
  4)SAML
  check out this link
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/58094632-0301-0010-a391-fc0de26f010e
  Check this for details on various methods for SAP and Non-SAP systems
  http://help.sap.com/saphelp_nw04/helpdata/en/04/120b40c6c01961e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/04/120b40c6c01961e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/04/120b40c6c01961e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/04/120b40c6c01961e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/04/120b40c6c01961e10000000a155106/frameset.htm
  Regards,
  Piyush
  ps: pls reward points if u find this info useful.

• R/3 Secure Store and Forward, while using SAP portal for SSO

  Hello,
  We are using SAP Portal UME for authentication, then SAP SSO tickets to log into the SAP R/3 system.  Initially we decided that the end users would have a "disabled password" so that they must use the portal authentication mechanism to get into R/3 and therefore could not log in straight to R/3 system via SAP GUI.
  All was working fine until during integration testing when someone tried to use the electronic signature function on a QM t-code (QA11) that prompted for an e-sig.  Since local passwords have been disabled, the user could not execute the e-sig. 
  We do not want to activate local R/3 passwords for the users.  Can anyone give some advice or a best practice regarding how to set up electronic sigs in R/3 while using an external authentication source? FYI, we are also trying to avoid using the LDAP connector from R/3 to our LDAP.
  Please comment for any clarity needed or comments,
  Thanks in advance,
  Ryan

  Good point - but I'm afraid of not knowning an instant answer.
  Well, theoretically one could make use of the fact that an NWAS ABAP can act as http client (submitting http requests to the NWAS Java to validate logon data); but that's just a rough idea.
  Regards, Wolfgang

• Double stack BI and Enterprise portal for SSO

  I am in the process of configuring a double stack BI and SAP Enterprise Portal. Both systems are residing on different domains. We want to utilize the standalone SAP Enterprise Portal for our BEx etc. For that I have exchanged certificates between the ABAP and the SAP Enterprise Portal systems and with the help of Support desk tool I have overcome the certificate issues. The RFC connection from ABAP and SAP Enterprise Portal works fine. The Support desk tool is complaining now about the prefix of these two servers. Also when I check the connection testing between these two systems all the messages are correct except for WEBAS connection it complains about the ping service which is already active on ABAP side. For Connectors it complains about SSO which is not detected/complained by the Support desk tool (0.426). I need your advice:
  1. Either uninstall the JAVA instance of BI or
  2. Make a Federated Portal network by making the BI JAVA as PRODUCER and the SAP standalone as CONSUMER.
  The Support package levels are the same as EHP1 SP 7 of both the double stack BI and the standalone Enterprise Portal systems. The source of users are both local to the systems.

  answered

• Calling a web dynpro application via portal using SSO

  Hello Expert,
  i have a requirement where i need to call a web dnpro application via portal.
  But it is asking for user name and password.
  i want to call using single sign on.
  Can u please suggest a way.
  i did the coding like this:-
  CALL METHOD cl_wd_utilities=>construct_wd_url
  EXPORTING
  application_name = l_c_appl_name
  IMPORTING
  out_absolute_url = l_v_gv_url_string.
  l_v_icf_url = l_c_icf_url_val.                      "#EC SYNTCHAR
  CALL METHOD cl_icf_tree=>if_icf_tree~service_from_url
  EXPORTING
  url             = l_v_icf_url
  hostnumber      = l_c_0
  authority_check = space
  IMPORTING
  icfactive       = l_v_m_sso_active.
  IF l_v_m_sso_active = l_c_x .
  CREATE OBJECT o_viewer
  EXPORTING
  parent = o_empty_co.
  CALL METHOD o_viewer->enable_sapsso
  EXPORTING
  enabled = l_c_x
  EXCEPTIONS
  OTHERS  = 0.
  l_v_gv_url_c = l_v_gv_url_string .
  CONCATENATE l_v_gv_url_c l_c_url_string p0022-pernr INTO l_v_gv_url_c.
  CALL METHOD o_viewer->detach_url_in_browser
  EXPORTING
  url        = l_v_gv_url_c
  EXCEPTIONS
  cntl_error = 1
  OTHERS     = 2.
  IF sy-subrc <> 0.
  MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
  WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4
  RAISING error_occured.
  ENDIF.
  cl_gui_cfw=>flush( ).
  ENDIF.
  but it is not working
  thanks
  Mahesh

  Hi Mahesh,
  You need to setup a Single Sign On between SAP Portal and ECC system where yoy are doing the development.
  Ask basis team to setup the single sign on and usually this is the job done by Basis teams. Refer the below link to get some idea on SSO setup:
  http://scn.sap.com/community/enterprise-portal/blog/2013/12/15/sso-configuration-between-sap-portal-73-and-ecc-60-ehp-6
  Thanks
  Krishna

• Running MI-Webconsole in a Portal with SSO?

  Hi,
  we want to do mobile Administration from a SAP Portal.
  How can i integrate the MI-Webconsole with SSO in a portal?
  I created a URL-IView for webconsole,but i get the webconsole login screen in the Portal.
  Is there are solution how to do Single-Sign-On to MI-Webconsole from a portal?

  Hello Marco,
  you can realize a portal SSO to webconsole with user mapping by doing following steps:
  1. Create a HTTP-System in the system configuration of your portal.You need this HTTP-System for the User-Mapping of Webconsole login.          
  2. Create an URL iview to "webconsole/checklogin" for example: "http://yoursystem.domain:port/me/WebConsole/checklogin"
  3. Select your created Http-System as system in the URL-iview!!
  4. Set the following values in the url-parameter table of the Iview:
  user = select mappedUser from dropdownlistbox
  pwd = select mappedPasswort from dorpdownlistbox
  system=your system
  client=your client
  language=EN
  systemnumber=00
  (Enter here the login-values from input fields of webconsole login screen)
  5. Assign the iview to a page/workset/role(you have still done that)
  6. Do the User Mapping for the created Http-System in the Personalisation.
  That's it.
  Then you can logon to MI-Webconsole via Portal without having a seperate webconsole login.
  Regards and please don't forget to reward with some christmas-points;-)
  Frank Brackmann
  Message was edited by: Frank Brackmann

• Question about backing up Portal LDAP

  I have a question I want to migrate my production Portal Profile
  Server(LDAP) to a test development enviroment
  And all i need is my ldap.ldif file...
  Has any one tried this?

  yes, u must have LDAP access to the profile server admin port (8900).
  Tore
  "James Karocki" <[email protected]> wrote in message
  news:9js8tk$[email protected]..
  I have a question I want to migrate my production Portal Profile
  Server(LDAP) to a test development enviroment
  And all i need is my ldap.ldif file...
  Has any one tried this?