Problem Using Single Sign on with Deployed Applications

I have deployed some appliciations to a standalone OC4J. I am using Identity Management for authentication and it works unless I check the Single Sign on box here:
OC4J
Administration ->
Security Provider->
Enable SSO Authentication
I receive this error:
499 Oracle SSO
Oracle SSO
(all my products are version 10.1.1.3)
I guess I should run ssoreg and osso1013. I can't find the latter.
I appreciate any comment.
Regards,
Farbod

Dear John,
from my point of view, we have to seperate the problem in two parts:
1.) The automatic logon to the struts application via SSO.
2.) The session sharing via some J2EE mechanism.
For the SSO (1.) You have to logged on to the portal - with a cookie on the clientside. This cookie can be used for SSO by Your Struts application as long as You share the same session (same browserinstance). This is not difficult examples are available.
The sessionsharing between a J2EE aap - Struts and an iView is an intersting point. I hope I can get some time to try this out. One trick which is not too clever is to store the session data serialized in a database and privide the sessionid in the url which calls the iView or Struts. Sessionsharing between iViews is no problem as long as You use the HTTPSession.
Walter

Similar Messages

  • Discoverer Single sign on with other applications

    Hello,
    I am using Oracle Discoverer 10g (will be using the Discoverer Plus) as a reporting tool and had some doubts around SSO, Application Server and Oracle Internet Directory.
    We have a .NET based front end application and we want to establish a Single Sign On between this and the Discoverer, so that when a user moves from the front end to Discoverer he doesnt have to go through the authentication process again. Has anybody implemented this before.. Any help will be greatly appreciated.
    Any help will be really valuable
    Thanks and regards,
    Sumit

    Hi
    No it does not mean that. It means that in order to use SSO and Discoverer you have to authenticate using the username and passwords as stored in the OID in the Infrastructure database.
    You can set up links from Portal to third party applications but not vice versa if that other application has its own authentication mechanism.
    Does this help?
    Best wishes
    Michael Armstrong-Smith
    URL: http://learndiscoverer.com
    Blog: http://learndiscoverer.blogspot.com

  • How enabled Single Sign-On with a System SAP WAS ABAP (Run application BSP)

    Hi.
    I need to run any application BSP from a System SAP WAS ABAP, without entering SAP user and password. Using the windows authentication and without SAP Enterprise Portal.
    What authentication methods I have to apply for enabled Single Sign-On with a System SAP WAS ABAP?.
    And How can I enabled this method?.
    Best regards.
    Luis Gomez.

    Hi Ticiano,
    SAP WebAS ABAP supports a number of authenticaiton mechanisms. See
    [http://help.sap.com/saphelp_nw04s/helpdata/en/02/d4d53aa8a9324de10000000a114084/frameset.htm]
    A number of these authentication mechanisms can be combined with Windows authentication (e.g. SNC, client certificates, ...).
    The decision what mechanism fits best depends on critieria like
    - SAP server platform
    - security requirements
    - extensibility (should same authentication mechanism be used for future SAP environments, which will be E-SOA based)
    - authentication from outside company domain
    - Use of SAP security library (SAPcryptolib)
    You may want to look at the SAP Software Solution Partner Catalog, if you look for certified SSO solution vendors for SAP.
    Best regards,
    Peter

  • Integrating AS 10.1.2 and AS 10.1.3 to use Single Sign-on for BI Publisher

    Hi Everyone
    I was trying to make the following demonstration scenario on the AS and the facilities that can afforded by Oracle to our company:
    Note: I have just one machine for demonstration with Win2003 Enterprise
    First of all, I need to build a portal for my company, this portal will be published to the web through port 80 opened by Microsoft ISA Firewall (ISA installed on different machine):
    1- Portal should be integrated with oracle forms and reports with single sign-on
    2- AS, should have single sign-on authentication to work on port 80 only.
    3- Portal should be integrated with BI Publisher 10.3
    For the objectives mentioned above i have done the following:
    1- install AS 10.1.2 (infra and mid-tier) on the same machine with default installation options (http port 7777 for infra and port 80 for MT). (objective 1 = done)
    2- to make sso works on port 80, i have used webcache as reverse proxy for sso, and it's done but i have error (WWC-41400), but it doesn't affect login on portal, and that is my first problem.
    3- To have BI Publisher to work and authenticate users using single sign-on on port 80 (from outside), I had to install AS 10.1.3 (http on port 7779) on the same machine mentioned above, and then deploy BI Publisher on it, and that was ok, but problem is how to make use of single sign-on to authenticate people listed in oracle internet directory of INFRA installation mentioned above to use BI Publisher on port 80 only.
    So, could anyone please guide me in problem 2 and 3.
    Thanks in advance.
    Anas

    a couple of parameters not configured inside the Tomcat files. Now the SSO is working.
    SNC is not required for sso in bi 4.0
    http://wiki.sdn.sap.com/wiki/display/BOBJ/BI4IntegrationintotheSAPEntreprisePortal+7.0.x
    http://wiki.sdn.sap.com/wiki/display/BOBJ/SetupofSAPSSOServiceinSAPBOBI4.0+CMC
    Best Regards

  • Best practices followed in using Single Sign-On

    Hi Everybody,
    Now here is the toughest situation I have been facing on my project where I have to decide on how to use single sign-on(SSO) or whether SSO is the right solution for my problem.
    Here goes the problem :
    I have been developing a dashboard for my client using APEX 3.0.0.00.20 on Oracle Database 10g Enterprise Edition Release 10.2.0.2.0.
    Now the client do not want to create new logins for the end users on this new APEX application.
    After going through several threads in the forum about SSO I thought SSO might get me there but the confusion is how exactly SSO works for a situation like this.
    As per my understanding SSO would act like an intermediary staging place which would take the existing logins and associate with the APEX logins(please correct me if I am wrong).
    Also when I requested my DBA to install the SSO SDK as per the link http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html#INSTALL I got a reply saying SSO is deprecated and now it is mod_osso.
    I need your thoughts and opinion on what the best practices being followed in projects like these.
    Thanks in advance.
    Raj.

    Teku,
    * You install the SSO SDK into a schema in the Application Express database.
    * You register the APEX site as an Oracle AS SSO partner application using the facilities of the AS Login Server which produces some "keys".
    * You take those keys and plug them into a script that you run in the APEX SSO SDK schema.
    * You create an APEX application and set its authentication scheme to SSO using a wizard or the authentication scheme edit pages in the Application Builder. (From this point on, you can create or modify any number of applications in any workspace (in this APEX database) to use SSO just by using the authentication scheme wizards/edit pages in the Application Builder.)
    *You run the application and get redirected to the login server.
    *The login server authenticates you based on username/password in OID.
    *The login server then redirects back to the requested page in your application.
    Scott

  • Single Sign On with FDF Toolkits

    Hi all,
    We are deploying an application using JSP + Struts + Oracle Toplink in Oracle AS 10g. We get the data from Oracle DB and fill to PDF report files using FDF Toolkit. Everything is fine util we decide to use Single Sign On (SSO)in Oracle AS 10g. Since then, users can't open PDF reports when they click our links. This situation doesn't appear when we don't use Single Sign On. Can anyone help me ?

    Look into the GSSAPI or Kerberos support in Directory server. http://docs.sun.com/source/817-7613/ssl.html#wp19858

  • Integrate Single Sign-On with Oracle E-Business Suite Release 12.

    Hi
    How to integrate oracle Single Sign-On with Oracle E-Business Suite Release 12 , give links and ideas about this ,
    Thanks
    Edited by: user12235518 on Feb 19, 2012 10:10 PM

    How to integrate Single Sign-On with Oracle E-Business Suite Release 12 , give links and ideas about this ,Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11gR1 (11.1.1.5) using Oracle E-Business Suite AccessGate [ID 1309013.1]
    Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On 10gR3 (10.1.4.3) [ID 376811.1]
    Troubleshooting Oracle Application Server 10g SSO and OID with Oracle E-Business Suite Release 12 [ID 380487.1]
    Thanks,
    Hussein

  • How to use Single sign On in CRM2007 ?

    Dear All,
    I have created a launch transaction for launching ransactions from R3 (using BOR).
    Now, the problem is when I click on the link in WebUI it gives me a popup for entering R3 User Id and only then it allows navigation to R3 transaction.
    How do I remove this popup ? I want that since user has already eneterd password for WebUI it should further not prompt him/her for the password. How to achieve this ?
    Can we use Single Sign on ? How ?
    Regards,
    Ashish

    Hi Stephen,
    I have done the settings as per the OSS notes. But, I am getting the following error while navigating to R3 from CRM (BOR Launch transaction):-
    - SSO logon not possible; browser logon ticket cannot be accepted
    - Choose "Logon" to continue A dialog box appears in which you can enter your user and password
    - No switch to HTTPS occurred, so it is not secure to send a password
    Also, after this I get the popup where I have to enter R3 User Id and Password and then it continues.
    But, the whole purpose was to remove this intermediate popup.
    What settings are missing / going wrong ?
    Regards,
    Ashish

  • How to use JavaMail 1.4 with Oracle Application Server 10g (9.0.4.0.0)

    Hi all,
    I'd like to know if it's possible and how to use JavaMail 1.4 with Oracle Application Server 10g (9.0.4.0.0), Windows version.
    With the following code, I can see that the mail.jar used by the server is the one included in the jdk installation :
    // I'm testing InternetAddress.class because I want to use commons-email-1.2.jar that requires mail.jar 1.4 (or higher) and activation.jar 1.1 (or higher)
    // and I know that inside the commons-email-1.2.jar file, I need to call the InternetAddress.validate() method that throws a java.lang.NoSuchMethodError: javax.mail.internet.InternetAddress.validate()V if it is used with mail.jar 1.2.
    Class cls = javax.mail.internet.InternetAddress.class;
    java.security.ProtectionDomain pDomain = cls.getProtectionDomain();
    java.security.CodeSource cSource = pDomain.getCodeSource();
    java.net.URL location = cSource.getLocation();
    System.out.println(location.toString());
    This code returns : file:/C:/oracle/app/jdk/jre/lib/ext/mail.jar and this mail.jar file has an implementation version number: 1.2
    - I've tried to include my own mail.jar (1.4.2) and activation.jar (1.1.1) files in the war file that I deploy, but it doesn't work (the server still uses the same mail.jar 1.2)
    - I've tried to put the mail.jar (1.4.2) and activation.jar (1.1.1) files in the applib directory of my OC4J instance, but it doesn't work (the server still uses the same mail.jar 1.2)
    - I know that a patch exists : I've read the following document: How to Make Libraries such as mail.jar and activation.jar Swappable ? [ID 552432.1]
    This article talks about the Patch 6514136, but this patch only applies to : Oracle Containers for J2EE - Version: 10.1.3.3.0
    Can you please help me ?
    Thanks in advance for your answers,
    Laurent

    I strongly suggest to upgrade to AS 10.1.3 to get this.
    Think of future support of AS 9.0.4. You will get not critical patch updates anymore.
    --olaf                                                                                                                                                                                                                                                                                                               

  • Hi, I cant login to the facebook app on my iphone 5 ios 6.0.2.  I keep getting an error message saying 'There was an error logging in using single sign on' when im asked to log in again i get a 'session expired' message.  This only started happening yeste

    Hi, I cant login to the facebook app on my iphone 5 ios 6.0.2.  I keep getting an error message saying 'There was an error logging in using single sign on' when im asked to log in again i get a 'session expired' message.  This only started happening yesterday. Anyone else having this problem? Thanks.

    I am having the same problem and took the following steps to mitigate it to no avail.
    1. I deleted the Facebook app on the phone and turned off Facebook in the iPhone's system-wide settings.
    2. I re-enabled Facebook in the iPhone's system-wide settings and reinstalled the Facebook app and logged in again. It worked. For about an hour.
    3. I completely restored the phone to a previous backup (before the problems started) and reenabled Facebook .... reinstalled the app.... and now it works intermittenly. But it hasn't worked in about 12 hours now (just tried a few minutes ago).
    Please advise.

  • How to integrate single sign on with third party system

    we are in the process of implementing istore application. we already have home grown isupport application to contact support personnal for any issues. Now we are wondering how do we integrate oracle applications single sign on with our third pary system. Is there any recommendation provided by oracle to achieve the same.

    We too are in the process of implementing iStore with SSO features.
    And if you believe me it seems to me as nightmare.
    In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
    [email protected]
    regards and thanks in advance
    Vikas Deep

  • Setting up BusinessObjects Enterprise 3.1 for Single Sign On with Xcelsius

    Hi all
    Does anyone have any documentation and/or whitepapers that documents the setting up BusinessObjects Enterprise 3.1 for Single Sign On with Xcelsius Dashboards (xcelsius accessing BusinessObjects universe data through QAAWS and Live Office..
    Thank you for your help.
    Kind regards,
    Dean

    Based on the replies in this thread I'm guessing that there is someone out there that has gotten SSO to work with Xcelsius? If so could you please post the details of how that was achieved?
    When we purchased Xcelsius we were under the impression that it supported SSO but have never been able to get it to work and finally had SAP tell us that Xcelsius did not support SSO.
    Our understanding is that in order to bypass a login for Xcelsius you have to use QaaWS as the datasource and hardcode an enterprise id and password.
    LiveOffice supports SSO but not when it's used as a datasource within Xcelsius.

  • Configure CRS2008 to using AD and Kerberos with Java application servers.

    Hi All,
    I have configure CRS2008 to using AD and Kerberos with Java application servers. Domain Controller is installed on W2K3 Server. In addition, CRS2008 is installed on another W2k3 Server.
    I have create service account in domain controller: CMSACC
    I have create two user account: CRuser1 and CRuser2
    I have create domain group: CRSGroup
    After I had run the setspn in domain controller,I got the message at below:
    Registered ServicePrincipalNames for CN=CMSACC, OU=TEST, DC=BD, DC=com:
        BOBJCentralMS/BDMGTSRV.BD.com
    CMC Setting:
    AD Administration Name: BD\administrator
    Default AD Domain: BD.com
    Add AD Group(Domain\Group): secWinAD:CN=CRSGroup,OU=TEST,D=BD,DC=com
    Service principal name:BOBJCentralMS/CMSACCatBD.com
    I have create a WINNT folder in root directory.Moreover and save bcsLognin.conf and Krb5.ini at here.
    bscLogin.conf:
    com.businessobjects.security.jgss.initiate {
    com.sun.security.auth.module.Krb5LoginModule required;
    krb5.ini:
    [libdefaults]
    default_realm = BD.com
    dns_lookup_kdc = true
    dns_lookup_realm = true
    [realms]
    forwardable = true
    BD.com = {
    default_domain = BD.com
    kdc = BDMGTSRV.BD.com
    I have tested the Kerberos,using kinit CMSACCatBD.com password, and got error message at below:
    Exception: krb_error 41 Message stream modified (41) Message stream modified
    KrbException: Message stream modified (41)
            at sun.security.krb5.KrbKdcRep.check(KrbKdcRep.java:53)
            at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:96)
            at sun.security.krb5.KrbAsRep.getReply(KrbAsRep.java:486)
         at sun.security.krb5.KrbAsRep.getReply(KrbAsRep.java:444)
         at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:310)
         at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:259)
         at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:106)
    My problem is failed to logon CMC and infoview and got error message at below:
    Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserNameatDNS_DomainName, and then try again.
    Actually, I am sucessful to logon Business View manager with CRuser1. However, I fail to logon CMC and infoview and got the above error. Have you any suggestion to solve this problem?
    Ken.

    if you can logon with client tools then that should be an indication that the service account running the CMS IS working! Good news.
    So the problem is likely with the java portion (krb5/bsclogin or java options)
    If the files are in c:\winnt\ (if not copy them there) and perform c:\program files\business objects\javasdk\bin\kinit username
    then enter and password/enter again
    Probably get the same message. To note in your krb5.ini all domain info must be in CAPS (the .com appears to be in lower case)
    kinit works with just the krb5.ini, java SDK and AD (removing BO config and the service account from the picture). Once that works if your java options are specified properly you should be able to login to CMC/infoview.
    also 1 last point. Add udp_preference_limit = 1 to the krb5 lib defaults section
    libdefaults
    default_realm = BD.com
    dns_lookup_kdc = true
    dns_lookup_realm = true
    udp_preference_limit = 1
    Regards,
    Tim

  • How to single sign on with  webApplication with Basic Authenticated in IIS

    Dear Sir,
    Our server is EP6 SP14, we will link iview with BW URL which using basic authen in IIS. . Please kindly advise howto single sign on with  webApplication with Basic Authenticated in IIS
    Thank you and best regards,
    Vimol

    Are you sure the BW is using IIS? Most recent versions are using ABAP style authentication. What version are you running?
    You may want to investigate IISProxy - it's no longer supported, but it might help you out. It basically takes an SSO cookie and allows IIS to "know" who the user is.
    Cheers

  • Discussion on Blog: Single Sign On with External ID implemented in Ruby

    Hello,
    please use this Topic to discuss questions regarding the Blog <a href="/people/gregor.wolf3/blog/2006/09/30/single-sign-on-with-external-id-implemented-in-ruby">Single Sign On with External ID implemented in Ruby</a>.
    Regards
    Gregor

    Hi Gregor:
    As per your request, I am reposting my question in this forum..
    Your excellent blog Single Sign on with External ID Implemented in Ruby shows how you can generate a sso cookie with the external ID mapping with the X.509 certficate.
    In my scenario, the user has already logged into R/3 via SAPGUI (so no need for SNC here) and run an iView on the Portal - if I map an external ID in the table  VUSREXTID (type NT)  for each of my users then can I call the rfc SUSR_CHECK_LOGON_DATA by passing Auth_method = E and Auth_data = External ID and will this rfc return a SSO cookie?
    Thanks
    Venkat

Maybe you are looking for

  • Dynamic CSV file name in target (Multiple workflow calling same dataflow with new global variable value)

    Hi their, I have multiple data flows doing 90% of the process same. The difference is in source query where clause and target flat file. I used the global variables to dynamically change the query where clause easily, but I need help in dynamically c

  • My text messages to iphones are not sending as imessages.  Instead I have to copy and then send as text messages.

    Over the last couple of weeks, when I try to send someone an imessage, it won't sent and instead I have to click on the message and choose the option, 'send as text message'.  I haven't changed any of the settings other than install ios7.  Please hel

  • Production order - Yield over confirmed

    Dear Experts, We have a situation here the production department have confirmed over yield. Example Actual production order was for 100 but they have confirmed it for 102 Qty GRN also have been made with 102 Quantity also. Delivery made for 100 qty f

  • SPSS, missing tabs when installed

    Hi, I ve been struggling with the SPSS installation, it works fine in my other computer. But when i install it on my mac, there are many missing tabs, for instance in Analysis, i can't find regression or descriptive statistiques or correlation and ma

  • Trimming long clips?

    (I should know this but) When I bring a long clip into the Viewer I cannot perform precise trimming because the Viewer's timeline is hopelessly coarse; slight movement of the mouse makes 30-90 second leaps. I can drop the clip down into the timeline