Problem in SSO

Similar Messages

• Session management problems with SSO

  Hi all-
  I've been getting an Apex app tied to SSO as a partner app (per http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html). So far, it sort of works. If I go to my apex app, it redirects me to SSO, where I authenticate and end up back in the apex app. Great. Here are two problems I've run into:
  1. If I am already authenticated to SSO, and I go to my apex app (url like: http://host/pls/apex/f?p=101:1), my browser goes into an infinite redirect (url like: http://host/pls/apex/f?p=101:1:::::FSP_AFTER_LOGIN_URL:\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|\\\\\\\\\\\\\\\\\\\). To resolve, I have to clear cookies.
  2. If I am using my apex app, then log out of SSO (in another browser window), I can still click around in my apex app (i.e., apex thinks I'm still authenticated).
  Anyone have any thoughts? I'm wondering if I need to do something in page session management (under authentication schemes) to fix #2, but I have no clue about #1.
  Thanks
  Rob

  Hi Scott-
  Thanks for the info on #2 - I'll work on that after I get #1 sorted out, since it's the more dire problem. Here's some more info:
  Apex version = 3.0.1.00.08
  SSO SDK = ssosdk902.zip
  I set it up as "My Application as Partner App." I used "MY_PARTNER_NAME" as SSO Partner Application Name. In the list of SSO Partner Apps on the SSO Admin page, my partner app name is also MY_PARTNER_NAME. It gives the following info:
  Login URL:      https://sso_host/pls/orasso/orasso.wwsso_app_admin.ls_login
  Single Sign-Off URL:      https://sso_host/pls/orasso/orasso.wwsso_app_admin.ls_logout
  Home URL: http://apex_host/pls/apex
  Success URL: http://apex_host/pls/apex/RBLICK.YOUR_PACKAGE.PROCESS_SUCCESS
  Logout URL: http://apex_host/pls/apex
  RBLICK is the schema owning the apex app. In there, I created a package called YOUR_PACKAGE:
  create package YOUR_PACKAGE as
  procedure process_success(urlc in varchar2);
  end YOUR_PACKAGE;
  CREATE PACKAGE BODY YOUR_PACKAGE AS
  procedure process_success(urlc in varchar2) as
  begin
  wwv_flow_custom_auth_sso.process_success(
  urlc=>urlc,
  p_partner_app_name=>'MY_PARTNER_NAME');
  end process_success;
  END YOUR_PACKAGE;
  Anything look obviously wrong to you?
  Thanks!
  Rob

• Problem in SSO  with a Designer Generated Portlet

  Trying to evaluate Designer 6i Release4's portlet genration functionality for Oracle Portal.
  Problem with the SSO features.
  Completed all of the preconfiguration tasks:
  - Installed PL/SQL SSO enabler packages for the SSOSDK from
  the June Portal Developers Kit.
  - Installed the WSGSSO Packages and a created some users with
  the default 'administrator' role.
  - Registered the application with the Portal Login Server.
  - Developed a PL/SQL form in Desginer and generated with
  MODPTL pref as 'Yes' and MODFOU with the correct DAD.
  As described here, all is well. Refreshing the Portlet
  Provider list will display the generated form as a new
  portlet. However, the problem occurs when turning on the SSO
  functionality - Set SECVAL to 'Yes' and SECPKG to 'WSGSSO'.
  Regenerate, refresh the Portlet provider list and the form
  is no longer available as a portlet!
  Has anyone else tried this and had the same problem?
  Any ideas?

  have you ensure that when using logon tickets, the user logging in has relevant backend access...
  perhaps in user mapping, the particular userid might have necessary backend access..and hence its working fine ..
  just check if the loggin in user has necessary authorization during logon ticket method..
  Regards,
  Abhijeet

• Problem about SSO using logon ticket  with user mapping

  Hi everyone ,
  I had done SSO with Portal , BW and R/3 system.
  I use logon ticket with user mapping .
  When user name is same in Portal as in R/3 system, or user name is same in Portal as in BW , user can access R/3 transactions and BW report without logon.
  There are some Portal users name which are different with R/3 user and  BW user. And I done the user mapping for these  user.
  But some user mapping works fine,but most of them can't work,means that most of them need to enter mapped user ID and password.
  What's the reason?
  When SSO using logon ticket with user mapping, the Portal user which is different with R/3 user and BW user,  can they access R/3 transaction iview and BW report iview without logon?

  Hi Chen,
  What you have done is correct. But the problem lies here.
  Since you are using the same system object for accessing the iview, where the ticket method is set to SAPLOGONTICKET in the user Management property of the system object.
  To avoid this create another system object like the previous one but set the logon method to UIDPW and select admin, user from the drop down box. Also create a system alias for this system.
  Now create another iview like the previous one but link this iview to the new system. Now do the user mapping for the users which are different in portal compared with R/3. Now you should be able to login without any problems.
  Another important point is login to portal with Fully qualified domain name. In the ITS property of the system object also give the FQDN.
  Hope this helps
  Regards
  Arun

• Problem in SSO..Please guide

  Hello All,
  Am trying to establish a SSO connection between EP7 SR2 Sneak Preview Portal and ECC5.0 using Logon Tickets.
  Using this link for the same - http://help.sap.com/saphelp_nw2004s/helpdata/en/1c/22afe3b26011d5993800508b6b8b11/frameset.htm
  Have downloaded the verify.der certificate and added into R/3 using the STRUSTSSO2 T-code and have added to ACL too.
  Problem:
  I need to maintain table TWPSSO2ACL using sm30 which am not able to.
  When I enter the table name and press enter, then either I hit Display or Maintain, I get an error saying "<b>View/table TWPSSO2ACL can only be displayed and maintained with restrictions</b>".
  Am not into R/3...please guide me....
  Get the above error even when I select "No Restrictions or Enter condition" from the Restrict Data Range section.
  Awaiting Reply.
  Thanks and Warm Regards,
  Ritu

  But then the Connector test is failing. It gives an error as "Connection failed. Make sure user mapping is set correctly and all connection properties are correct"
  What needs to be done here?
  On the other hand, all this works fine using User-Mapping, the Connector test + the SAP Transaction iView.
  Pleae guide.
  Awaiting Reply.
  Thanks and Warm Regards,
  Ritu

• AIA Installation Problem : cwallet.sso access denied

  I am first time user of AIA & trying to install AIA. After 45-mins of run the AIA installer stops & gives below error. I tried to run installer as administrator, Do it has to any thing with java property -Djps.app.credential.overwrite.allowed=true .
  The below file ...........src\META-INF\cwallet.sso (Access is denied) gets created by the Installer & then it gives msg Access Denied.
  oracle.mds.config.MDSConfigurationException: MDS-01330: unable to load MDS configuration document
  MDS-01329: unable to load element "persistence-config"
  MDS-01370: MetadataStore configuration for metadata-store-usage "mstore-usage_2" is invalid.
  MDS-00011: unable to create configuration object or MDSInstance due to invalid configuration information: oracle.mds.exception.MDSException: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  MDS-01370: MetadataStore configuration for metadata-store-usage "mstore-usage_3" is invalid.
  MDS-00011: unable to create configuration object or MDSInstance due to invalid configuration information: oracle.mds.exception.MDSException: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
       at oracle.mds.config.PConfig.loadFromBean(PConfig.java:690)
       at oracle.mds.config.PConfig.<init>(PConfig.java:499)
       at oracle.mds.config.MDSConfig.loadFromBean(MDSConfig.java:707)
       at oracle.mds.config.MDSConfig.loadFromElement(MDSConfig.java:764)
       at oracle.mds.config.MDSConfig.<init>(MDSConfig.java:515)
       at oracle.mds.config.MDSConfig.<init>(MDSConfig.java:443)
       at oracle.integration.platform.common.MDSUtil.getMDSConfig(MDSUtil.java:42)
       at oracle.integration.platform.common.MDSUtil.getMDSInstance(MDSUtil.java:132)
       at oracle.integration.platform.common.MDSMetadataManagerImpl.getMDSInstance(MDSMetadataManagerImpl.java:660)
       at oracle.integration.platform.common.MDSMetadataManagerImpl.init(MDSMetadataManagerImpl.java:274)
       ... 15 more
  Caused by: oracle.mds.exception.MDSExceptionList: MDS-01329: unable to load element "persistence-config"
  MDS-01370: MetadataStore configuration for metadata-store-usage "mstore-usage_2" is invalid.
  MDS-00011: unable to create configuration object or MDSInstance due to invalid configuration information: oracle.mds.exception.MDSException: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  MDS-01370: MetadataStore configuration for metadata-store-usage "mstore-usage_3" is invalid.
  MDS-00011: unable to create configuration object or MDSInstance due to invalid configuration information: oracle.mds.exception.MDSException: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
  JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException: C:\AIA_HOME_Path\aia_instances\AIA_Inst_1\config\MDSConfig\.adf\META-INF\..\..\src\META-INF\cwallet.sso (Access is denied)
       at oracle.mds.config.PConfig.loadFromBean(PConfig.java:684)
       ... 24 more
  All Help would be highly appreciable.
  Thanks
  Anand Vithalani

  Hi,
  You can try the following work around to your problem :
  before running the installer
  update aiaoneclick.properties under the Disk1/install/win32/win64(depending on OS being 32 bit or 64 bit) folder with the following
  (The tag to be updated already exists you just need to add the detail highlighted )
  aia_deploy_cmd1_win=cmd /c set PATH=mwHome\\modules\\org.apache.ant_1.7.1\\bin;javaHome
  bin;%PATH%&& set CLASSPATH=.;mwHome\\wlserver_10.3\\server\\lib\\weblogic.jar;aiaHome\\lib\\aia.jar;aiaHome\\lib\\aia-utils.jar;mwHome\\modules\\net.sf.antcontrib_1.1.0.0_1-0b2\\lib\\ant-contrib.jar;mwHome\\oracle_common\\modules\\oracle.mds_11.1.1\\mdsrt.jar;mwHome\\oracle_common\\modules\\oracle.jps_11.1.1\\jps-common.jar;mwHome\\oracle_common\\modules\\oracle.jps_11.1.1\\jps-internal.jar;mwHome\\oracle_common\\modules\\oracle.jps_11.1.1\\jps-unsupported-api.jar;mwHome\\oracle_common\\modules\\oracle.pki_11.1.1\\oraclepki.jar;mwHome\\oracle_common\\modules\\oracle.idm_11.1.1\\identitystore.jar;mwHome\\oracle_common\\modules\\oracle.webservices_11.1.1
  oracle.webservices.standalone.client.jar;%CLASSPATH%&&set JAVA_HOME=javaHome&& set ANT_HOME=mwHome\\modules
  org.apache.ant_1.7.1&&set ANT_OPTS=-Xms512M -Xmx1024M -XX:MaxPermSize=512M&& set AIA_HOME=aiaHome&& set SOA_HOME=soaHome&& set MW_HOME=mwHome&& set ORACLE_HOME=oracleHome&& set WEBLOGIC_HOME=mwHome
  wlserver_10.3&& set SystemRoot=systemRoot&& set USERDOMAIN=<Replace with user domain value>&&set USERNAME=<Replace with user executing the OUI>&& cd /d aiaHome\\Infrastructure\\Install
  AID&& ant -f aiaHome\\Infrastructure\\Install\\AID
  AIACreateInstance.xml -DPropertiesFile=aiaInstanceXX\\config
  AIAInstallProperties.xml

• SSO between Portal and Nakia.....problem with SSO... library not found..

  Hi Sdn's  and Nakisa tehnical experts,
  We have a Portal environment 7.02 , a Nakisa environment 3.0  (CE) and and HR backend environment 701 (604).
  We are busy setting up SSO between Portal and Nakisa via the, URL iview for the Org chart (http://<host>:<port>OrgChart/default.jsp).
  We have done as indicated in wiki:
  http://wiki.sdn.sap.com/wiki/display/ERPHCM/SAPSSOAuthenticationwithverify.pseusingSAPSSOEXT
  We are however stil having issues with the SSO and in the cds.log the following is being displayed:
  ++01 Aug 2011 13:11:42 ERROR com.nakisa.Logger  - com.mysap.sso.SSO2Ticket : Could not load library: sapsecu.dll - java.lang.Exception: MySapInitialize failed: rc= 14null++
  ++01 Aug 2011 13:11:42 ERROR com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0++
  ++01 Aug 2011 13:11:42 ERROR com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Internal error (9) - No SSF error (0)++
  Can someone indicate what I am doing wrong?
  Regards Dries

  Hi Luke,
  thanks a lot for your help so far.
  I have created a root/XML folder under the diretory, and the path is now as follows:
  K:\usr\sap\NKP\J14\j2ee\cluster\apps\Nakisa\OrgChart\servlet_jsp\OrgChart\root\.system\Admin_Config\__000__Sasol_DEV_LIVE\.delta\root\XML
  It seems like it finds the verify.pse, but not the library, sapsecu.dll.
  My credentials.xml file is as follows:
  <credentials>
  <assembly name="SapSso"/>
    <info>
      <item name="PseFilePath">XML\verify.pse</item>
      <item name="SsfLibFilePath">XML\sapsecu.dll</item>
      <item name="PsePassword"></item>
      <item name="WindowsPlatform">64</item>
      <item name="TicketFile"></item>
      <item name="Base64decode">true</item>
     </info>
  </credentials>
  I however stilll get the following in the cds.log
  15 Aug 2011 13:59:53 INFO  com.nakisa.Logger  - Tenant ID: 000
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - LoginSettingsObject Load: 1719
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Credential provider SapSso
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Using cert: K:\usr\sap\NKP\J14\j2ee\cluster\apps\Nakisa\OrgChart\servlet_jsp\OrgChart\root\XML\verify.pse
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Ticket is: AjExMDAgAA9wb3J0YWw6eXNzZWxhZ2OIABNiYXNpY2F1dGhlbnRpY2F0aW9uAQAIWVNTRUxBR0MCAAMwMDADAANEUDkEAAwyMDExMDgxNTExNDcFAAQAAAAICgAIWVNTRUxBR0P%2FAQQwggEABgkqhkiG9w0BBwKggfIwge8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGBzzCBzAIBATAiMB0xDDAKBgNVBAMTA0RQOTENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTEwODE1MTE0NzIwWjAjBgkqhkiG9w0BCQQxFgQUK13ubzFiQrY4H%2FLRk2ysyvPSvccwCQYHKoZIzjgEAwQuMCwCFF1W9d!tAjLvP8dnb1bs4XghaHSBAhQ9kd9N!bJubUWITtkzU!za96lxNg%3D%3D
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Version of SAPSSOEXT: SAPSSOEXT 4
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : SCUE LIB base path is:
  15 Aug 2011 13:59:55 ERROR com.nakisa.Logger  - com.mysap.sso.SSO2Ticket : Could not load library: sapsecu.dll - java.lang.Exception: MySapInitialize failed: rc= 14null
  15 Aug 2011 13:59:55 ERROR com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0
  15 Aug 2011 13:59:55 ERROR com.nakisa.Logger  - com.nakisa.framework.login.Credentials_SapSso : Internal error (9) - No SSF error (0)
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : User to authenticate null
  15 Aug 2011 13:59:55 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Authentication provider SapSso
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : User authenticated null
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Authentication row is {SapSsoTicket=AjExMDAgAA9wb3J0YWw6eXNzZWxhZ2OIABNiYXNpY2F1dGhlbnRpY2F0aW9uAQAIWVNTRUxBR0MCAAMwMDADAANEUDkEAAwyMDExMDgxNTExNDcFAAQAAAAICgAIWVNTRUxBR0P%2FAQQwggEABgkqhkiG9w0BBwKggfIwge8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGBzzCBzAIBATAiMB0xDDAKBgNVBAMTA0RQOTENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTEwODE1MTE0NzIwWjAjBgkqhkiG9w0BCQQxFgQUK13ubzFiQrY4H%2FLRk2ysyvPSvccwCQYHKoZIzjgEAwQuMCwCFF1W9d!tAjLvP8dnb1bs4XghaHSBAhQ9kd9N!bJubUWITtkzU!za96lxNg%3D%3D}
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : User population provider is Database
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - FunctionRunner : ensurePool : Current pool size:0
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - FunctionRunner : ensurePool : Current pool size:0
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - FunctionRunner.executeFunctionDirect: /NAKISA/RFC_REPORT took: 266ms
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - BAPI_SAP_OTFProcessor_Report :  WhereClause : ( (Userid is null) or (Userid='') ); Table : (SAP_UserPopulation); Dataelement : (UserPopulationInfo)
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : User populated
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Role mapping provider is: SAP
  15 Aug 2011 14:00:00 ERROR com.nakisa.Logger  - SAPRoleMapping_SAP.MapRoles() : while trying to invoke the method java.lang.String.toUpperCase() of an object loaded from local variable 'value'
  15 Aug 2011 14:00:00 INFO  com.nakisa.Logger  - com.nakisa.framework.login.Main : LogIn : Login process finished with errors
  Any ideas? Should I maybe hardcode the location in the credentials.xml?
  Kind regards
  Dries Yssel

• Problem with sso for asp applications

  Hi,
  i am using the web app integrator to integrate asp application with SSO, i am getting permission denied some times, the permission denied is a small html file on asp server side when userid is null.
  I am sure that the user id is not null because i have written small script to respond back with the passed user id like response.write(""), it is giving back the passed user id every time but at the same time i am getting Permission denied.
  The permission denied is a small html file on the .net server side when the ui=null in the pssing URL.
  How this is happening at the same time, one is giving back the user id and one is taking the user id as null.
  some times i am getting right page and some times giving permisssion denied.
  the basic URl is
  http://abc.xyz.com/sm_log.asp?userid=damodhar
  There is no great security behind this only passing user id, they are not passing the password even in the http header authentication. the simple logic is they are hiding the URL from the view source.
  if i pass the hard coded url from the browser i am getting the proper page at the same time if i pass the url  from portal it is working some times and some times not, i don't know when?
  I am using the web application integrator method.
  we are operating portal server from internet and .net server is on intranet.
  Thanks,
  Damodhar.

  If you lose sounds for keyboard clicks, games or other apps, email notifications and other notifications, system sounds may have been muted.
  System sounds can be muted and controlled two different ways. The screen lock rotation can be controlled in the same manner as well.
  Settings>General>Use Side Switch to: Mute System sounds. If this option is selected, the switch on the side of the iPad above the volume rocker will mute system sounds.
  If you choose Lock Screen Rotation, then the switch locks the screen. If the screen is locked, you will see a lock icon in the upper right corner next to the battery indicator gauge.
  If you have the side switch set to lock screen rotation then the system sound control is in the task bar. Double tap the home button and in the task bar at the bottom, swipe all the way to the right. The speaker icon is all the way to the left. Tap on it and system sounds will return.
  If you have the side switch set to mute system sounds, then the screen lock rotation can be accessed via the task bar in the same manner as described above.
  This support article from Apple explains how the side switch works.
  http://support.apple.com/kb/HT4085

• Problem configuring SSO: "Oracle SSO Warning - Unable to process request"

  I'm having difficulty getting a sample application to work with SSO, and I was hoping someone could point me in to the right direction.
  We've got 2 separate systems, call them ASserver and SSOserver. ASserver is running Oracle 9i AS, SSOserver is the infrastructure server (e.g. OID and SSO).
  The application runs just fine on ASserver without SSO.
  I made the change to mod_osso.conf so that the URL for the application is now protected, and added a partner application entry to the application (more on that in a moment).
  When I go to the URL for the partner application, the browser is properly redirected to the SSO server and I am prompted to log in. After logging in, I get an error page with the error "Oracle SSO Warning - Unable to process request" (the URL is something like http://<ASserver>/osso_login_success?urlc=... etc).
  Several questions:
  - can my servlet just be a plain servlet, or does it need to do the various things described in the "SSO Application Developer's Guide"?
  - when configuring the partner application on the SSO server, are success url and logout url supposed to be the osso_login_success and osso_logout_success URLs? Should they be on the ASserver or the SSOserver?
  Any other recommendations?
  Thanks,
  dwh

  Okay, solved. I am pretty sure I was suffering from the condition described in metalink Note:227221.1, "Oracle SSO Warning Logging On to Midtier Using Mozilla Based Browser" (http://metalink.oracle.com/metalink/plsql/ml2_documents.showNOT?p_id=227221.1)
  although it was happening in IE as well.
  Essentially, I modified the entry for the partner application to change the port numbers from 7778 to 7777, and now it works.
  I think I also had several entries for the app server in the SSO server, and I don't know which one it was using. I got rid of all of them except the one named <oraclehome>.<restofdomain>, e.g. oas.foobar.com, where "oas" is the name of my app server's Oracle home.

• Problem in SSO configuration

  Hi,
  ISSUE 1
  Description
     When a user is logged on to the SAP Portal and presses the logoff button he/she is forwarded to the Anonymous/Guest page of the SAP Portal. This is by design and is OK.
  it was discovered that the first time a person pressed the logoff button he/she did got forwarded tot the Anonymous/Guest area of the RaboShop but was still logged in (user name was still visible in welcome area). A second logoff actually did the trick.
  Analysis
  During issue analysis it turned out that on of the session u201CCookiesu201D that is steering the Portal and the SSO Module was not erased when clicking on the logoff button. This cannot be changed as this u201CCookieu201D is set by the SAP Portal (SAP Coding). What causes it to go wrong is that the SSO Module was designed to work based on the value of this u201CCookieu201D. This turns out to be an incorrect design decision and need to be changed.
  What should we do to correct this issue?
  ISSUE 2 :
  Description
             When a user is logged on to itu2019s Workstation an browses tot NON SAP PortalOR any other area on the Web that containts the link to the SAP Portal, it opens in a new window. When the user, for any reason, closes the SAP Protal window and again clicks on the link for the SAP Portal in the NON SAP Portal then he/she is confronted with the UserID and Password Logon screen. This happens every even (2nd, 4th 6th, etcu2026) time.
  Analysis
  During issue analysis it turned out that the initiating window (NON SAP Portal) acts as a parent window for the SAP Porta Window. This allows the windows to share u201CCookieu201D information.
  Because a u201CCookieu201D that is steering the Portal and the SSO Module was not erased when the user closes the SAP Portal window it stays active in the parent window. Every second request by the parents window (NON SAP Portal) will cause that the Cookie is send to the SAP Portal again.
  The  SSO Module was designed to work based on the value of this u201CCookieu201D and will handle accordingly. It turns out that using this u201CCookieu201D to steer the SSO Module is an incorrect design decision and need to be changed.
  Whats the solution for this issue?

  Have a look with name of thread "Delete cookies automatically after logoff ".
  Check out the following URL
  http://www.elated.com/articles/javascript-and-cookies/
  Use the above methods in logoff scripts
  Koti Reddy

• Problem: Establishing SSO between EP7.0(UC)  to SRM 4.0(non unicode)

  Dear gurus
  While creating SSO between EP 7.0 and SRM 4.0(non Unicode)....while uploading the certificate with  SSO2 tool from portal....by selecting add trusted system, The system throwing error message like:
  Error occurred: Selected system does not have SSO Model deployed.
  is there any restrictions are there for unicode system to Non system...Actually by using my EP system i am able to connect the BI7.0 system very well, where i am getting the erro with SRM 4.0 system only
  any help please
  Thanks in advance

  No, there are no such restrictions for SAP Logon Tickets / Assertion Tickets and Unicode vs. Non-Unicode systems.
  If you are using the [NWA Trust Configuration Wizard|https://service.sap.com/sap/support/notes/1083421] then it might happen that the [ABAP backend system does not provide the required APIs|https://service.sap.com/sap/support/notes/1014077]. In that case you have to setup the SSO2 trust relationship manually (using ABAP transaction STRUSTSSO2).

• Problem in SSO (Single Sign On)

  I have configured all the necessary steps for setting up SSO between SAP EP and ECC system. But when i am trying to open a transaction iview from portal its giving me ecc login screen and it is not taking me directly to that transaction.
  This is the login screen message i m getting:
  SSO logon not possible; browser logon ticket cannot be accepted
  Choose "Logon" to continue A dialog box appears in which you can enter your user and password
  No switch to HTTPS occurred, so it is not secure to send a password
  What could me the reason for this, what steps I am missed out.
  Need help on this..

  Hi,
  " SSO logon not possible; browser logon ticket cannot be accepted "
  I believe your SSO is not configured properly,
  First test the connection between ECC and EP
  1. login to portal -> system administration->system confgiuration->select the ECC system right click open->connection tests
  make sure that  you get a tick mark. againt all in particular for  " connection test for connectors"
  2. If your test conenciton is not working probably  SSO is not confgiured properly.
  3. try importing portal certificate to ECC and vice versa
  4. in strustsso2 check whether you have added the logon tickets for the clients under ACL.
  regards,
  prakash

• Password reset page problem after sso integration

  Dear all,
  We've integrated ERP 12.0.4 with SSO. Integration is fine
  the url http://hostname:8010/ is redirecting to
  the portal login page ( as per the design)
  if any user password is reset,before SSO integration the above redirects to a new password reset page, where the user can reset his password. Now after integration, the SSO page redirects directly to the home page of the user.We need to have the password reset page also.IS there any option to do this ?
  Thanks
  Yoosuf

  Hi,
  Please verify that you have completed all the steps in these docs.
  Enabling Register Here Link in Login Page in 11i and 12+ [ID 874373.1]
  Reset Password Functionality FAQ [ID 399766.1]
  Thanks,
  Hussein

• Problem in SSO Connection

  Hi All,
  I am Running with ABAP+Java Stack with windows 2003 and Oracle Database.
  I checked Profile Parametes in the Backend in RZ10.
  Default Profile i am getting following Errors.
  It is showing few unknown Parametes.
  Parameter Name                              Parameter value
  SAPDBHOST                                   host1
  j2ee/dbtype                                 ora
  j2ee/dbname                                 ECC
  E:j2ee/dbname changes not permitted
  j2ee/dbhost                                 host1
  SAPSYSTEMNAME                               ECC
  SAPGLOBALHOST                               host1
  rdisp/bufrefmode                            sendoff,exeauto
  rdisp/mshost                                host1
  rdisp/msserv                                sapmsECC
  rdisp/msserv_internal                       3901
  j2ee/scs/host                               host1
  W:Unknown parameter j2ee/scs/host , a check cannot be performed
  login/accept_sso2_ticket                    1
  j2ee/scs/system                             host1
  W:Unknown parameter j2ee/scs/system , a check cannot be performed
  j2ee/ms/port                                3901
  W:Unknown parameter j2ee/ms/port , a check cannot be performed
  login/system_client                         001
  login/create_sso2_ticket                    2
  Instance Profile showing Following Unknown Parameters
  Parameter Name                              Parameter value
  login/create_sso2_ticket                    2
  SAPSYSTEMNAME                               ECC
  SAPGLOBALHOST                               host1
  SAPSYSTEM                                   04
  INSTANCE_NAME                               DVEBMGS04
  DIR_CT_RUN                                  $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTI386
  DIR_EXECUTABLE                              $(DIR_INSTANCE)\exe
  jstartup/trimming_properties                off
  W:Unknown parameter jstartup/trimming_properties , a check cannot be performed
  jstartup/protocol                           on
  W:Unknown parameter jstartup/protocol , a check cannot be performed
  jstartup/vm/home                            C:\j2sdk1.4.2_12
  W:Unknown parameter jstartup/vm/home , a check cannot be performed
  jstartup/max_caches                         500
  W:Unknown parameter jstartup/max_caches , a check cannot be performed
  jstartup/release                            700
  W:Unknown parameter jstartup/release , a check cannot be performed
  jstartup/instance_properties                $(jstartup/j2ee_properties);$(jstartup/sdm_properties)
  W:Unknown parameter jstartup/instance_properties , a check cannot be performed
  j2ee/dbdriver                               $(DIR_EXECUTABLE)\ojdbc14.jar
  W:Unknown parameter j2ee/dbdriver , a check cannot be performed
  PHYS_MEMSIZE                                512
  rdisp/wp_no_dia                             6
  rdisp/wp_no_btc                             3
  rdisp/j2ee_start_control                    1
  rdisp/j2ee_start                            1
  rdisp/j2ee_libpath                          $(DIR_EXECUTABLE)
  exe/j2ee                                    $(DIR_EXECUTABLE)\jcontrol$(FT_EXE)
  E:exe/j2ee file D:\usr\sap\ECC\DVEBMGS04\exe\jcontrol.EXE does not exist
  rdisp/j2ee_timeout                          600
  rdisp/frfc_fallback                         on
  W:Unknown parameter rdisp/frfc_fallback , a check cannot be performed
  login/accept_sso2_ticket                    1
  icm/HTTP/j2ee_0                             PREFIX=/,HOST=host1,CONN=0-500,PORT=5$$00
  icm/server_port_0                           PROT=HTTP,PORT=80$$
  ms/server_port_0                            PROT=HTTP,PORT=81$$
  rdisp/wp_no_enq                             1
  rdisp/wp_no_vb                              1
  rdisp/wp_no_vb2                             1
  rdisp/wp_no_spo                             1
  DIR_CLIENT_ORAHOME                          $(DIR_EXECUTABLE)
  j2ee/instance_id                            ID0440785
  W:Unknown parameter j2ee/instance_id , a check cannot be performed
  I went to RZ70 and Executed by entering Hostname 'host1' and Gateway as 'sapgw04'
  here i am getting only RFC failure rest of all is success.
  What is unknown Parameters and how to make them correct ?
  What about RZ70 RFC Failure ?
  Give me some solutions..
  Regards,
  kumar.

  -check your hosts and services files for ip and port definitions
  - use sldapicust tx-code for sld settings
  - use rz70 tx-code  for correcting host name and scheduling periodic jobs
  - go to visual administrator and check definitions for "sld data supplier"
  regards,

• Problem registering apex app with sso

  I followed the instructions listed in Note:353023.1 to register an apex app as an sso application.
  when i go to the url:
  http://portal.research.na.admworld.com/pls/REMGThtmldb/f?p=100:1
  i get:
  Bad Request
  Your browser sent a request that this server could not understand.
  mod_plsql: /pls/REMGThtmldb/f HTTP-400 Invalid name
  i've redone everything several times. i must be missing something simple. any clue as to what this could be?

  Hi Chris,
  I had a lot of problems getting SSO working. The name of the partner application had to be HTML_DB and in the WWSEC_ENABLER_CONFIG_INFO$ table I had to change the port in LSNR_TOKEN to :80. You will find lots of other posts about SSO problems.
  One thing you can do is to set debug on as explained in step 6 here: http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
  Regards Pete