Proceedure to implement sso

Similar Messages

• How to Implement SSO with R12

  Hi,
  I have installed R12 with Vision Demo Database.now i need to implement SSO for it. can anyone tell the procedure to implement in a detailed manner?

  Hi,
  Please see these docs.
  Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On [ID 376811.1]
  Oracle Application Server with Oracle E-Business Suite Release 12 FAQ [ID 415007.1]
  Starting R12 Apache errors with status 204 after Cloning SSO Enabled E-Business Suite Instance [ID 730982.1]
  Thanks,
  Hussein

• SWs needed to implement SSO using AM

  Hi,
  I want to know what all SWs are needed to implement SSO using sun AM.
  I tried implementing SSO using AM along with Policy Agent. But somewhere I am missing something.
  Does anyone know of any simple doc which explains the steps in clearly with confusion?
  Thanks
  Rahul A Honrao

  Try these links, good start ups:
  http://www.sun.com/software/products/access_mgr/index.jsp
  http://developers.sun.com/identity/reference/techart/install.html
  http://docs.sun.com/app/docs/prod/sjs.policy.agt22~1322.1#hic

• How can we implement SSO in SP2013

  Hi,
  How can we implement SSO from other applications to SP2013 web app.
  Please suggest with an example.
  Thanks,
  Krishna
  Krishnasandeep

  Basically  it is used to store credentials in a safe way. My article at
  http://sharepointdragons.com/2012/02/13/creating-a-bcs-net-assembly-connector/ discusses an example where it is leveraged within other SharePoint technology (BCS) but you can also use the object model to retrieve credentials and get login pages etc. for
  free provided by the Secure Store Service framework.
  Kind regards,
  Margriet Bruggeman
  Lois & Clark IT Services
  web site: http://www.loisandclark.eu
  blog: http://www.sharepointdragons.com

• How to Start to implement SSO

  Hi Experts,
  I have Installed BO XI R3.1 SP3 Integration Kit for SAP Solutions .Now i could able to connect to BI to generate Universe or Reports.
  I want to implement SSO to my BO environment.
  Can tell me the ways to implement SSO?
  Can you provide details related to implement SSO?

  Hi,
  this is a duplicate to this entry:
  How to Start to implementation of  SSO for BO Environment
  therefore this one is being closed
  please do not create duplicate entries
  ingo

• Ep 6.0 sp7: steps needed to implement SSO to R3 ?

  Hi Everyone,
  I implemented SSO in previous EP versions, but now with SP7 I don't know how to do it... =(   Now we have more concepts in our hand (sld, rz70, etc).
  Somebody could tell me which steps are needed to implement this ?   
  I appreciate ANY help... I'm stucked in this since 6 days ago.. =(
  Thanks and Regards from Mexico !!!
  Diego

  Diego,
  When you create your own ticket, on JVM, it creates these two files with your name and TicketKeyPair/TicketKeyPair-cert (or whatever name you define).
  What I usually do is highlight both (at seperate times), make changes to the Country Name, State/Province(full name), Locality Name, ON, OUN, CN in accordance to your naming standards, then on ENTRY NAME within Create screen, you can either keep these names
  - SAPLogonTicketKeyPair
  - SAPLogonTicketKeyPair-cert
  or use your own. The SAPLogonTicketKeyPair you Save to File, the SAPLogonTicketKeyPair-cert you export. You have to click on Store Certificate for SAPLogonTicketKeyPair-cert , and assign Algorithm to DSA. The SAPLogonTicketKeyPair-cert you will Export.
  Then on the Portal you would login, go to System Administration -> System Configuration -> Keystore Administration, and you would Download the Verify.der File, as well as Download Verify.pse
  Then on strustsso2, you import the verify.der (on second box screen) you would import certificate you generated from portal steps above, You will see your entries that you assigned for CN, OUN, etc. You would Add Certificate to List/and Add to ACL. Add to ACL will pop-up with new screen asking you to enter WPS System and client. WPS System would be your Portal SID (ie. DEV) and client would be 000. NW04 uses 000 as default. This has nothing to do with your R/3 backend client assignments (at this point at least.
  If you have problems, just drop me email.
  Regards,
  James
  [email protected]

• Implementing SSO in OBIEE 11g

  Hi All,
  We have a requirement to implement custom SSO with OBIEE 11g.
  Is configuration of SSO in OBIEE 11g similar to that of OBIEE 10.1.3 ? (10g steps mentioned below)
  1. Changing Instanceconfig.xml
  2. Adding a user “Impersonate ” in Repository
  3. Adding Impersonate user Credentials to Credential Store using cryptotools
  4. Add Credential Store information to Instanceconfig .xml file
  Are there any additional configurations required to be related to weblogic integration with OBI?

  What sort of SSO setup are you looking to implement? The security model in 11g is much more complex and unfortunatelly it's all in Weblogic. I don't think that was a good idea but Oracle it's obviously pushing to use all of its products into OBIEE.
  On the positive side OBIEE 11g now supports configuring authentication and SSO with Active Directory and Windows Native Authentication using Kerberos (the next generation authentication protocol after NTLM). This SSO solution is sometimes called "silent SSO" as does not require domain authenticated users to login to OBIEE and it's completely transparent. In view it's the "real and proper" SSO solution as it's server side and it's unspoofable. Oracle Support Note ID 1274953.1 provides guidance on how to do that. The configuration process is complex but it provides a way to use Windows Native Authentication out-of-the-box in OBIEE 11g without having to rely on custom/3er party components or any additional license costs.

• Implementing SSO using Microsoft IIS with OBIEE 10.1.3.3.2

  We are running OBIEE 10.1.3.3.2 on Windows 2003 server and want to impement Single-Sign-On (SSO) using Microsoft IIS. We set up the SSO according to chapter #8 of the deployment guide but it doesn't work :when opening the web login pages of the OBI application it still ask the user for authentication.
  Also, according to the installation guide the SSO feature is deployed when chosing "Advanced installation type" during the installation. This advanced installation type requires the Oracle Application server. We have not installed Oracle Application server in our environment, and we chose "Basic" installation.
  Is the SSO functionality available without Oracle Application server? What are the steps to setup SSO in our environment?

  Hi,
  I'm experiencing the same issue with IIS. Did you find any resolution in the meanwhile?
  Please let me know...
  Thanks a lot,
  GL

• How to implement SSO to non-SAP systems using SAP logon ticket?

  Hello,
  We would like to implement Single Sign On between our SAP Netweaver system and a Siebel which is a non-SAP system using SAP logon tickets.
  Can anyone please give me some leads on this, in particular:
  1. Is there a JAVA API or an SAP plug-in that can be implemented on the Siebel machine to extract the SAP logon ticket?
  2. As the other machine might seat on a complete different domain, is it possible to implement SAP logon ticket without using cookies (perhaps through the HTTP header?
  3. In case you think using SAP logon tickets is not the best solution here I would be happy to hear any other suggestions you might have.
  Roy

  Hi,
  I'm currently using SAML as well. Unfortunately the SAP J2EE cannot work as authority (identity provider) but what you can do is using an open implementation of SAML such as opensso which is an open version of SUNs Java System access manager.
  There are a couple of other projects such as opensaml, apache's wss4j or shibboleth that might be interesting in this context.
  I just installed opensso and got it working with SAP J2EE 7.0 using SAPs JAAS SAMLLoginModule to authenticate users within SAP J2EE.
  In this scenario opensso serves as identity provider just as you need! There are a couple of Policy agents available on SUNs Download site you can use with Apache, Tomcat, JBOSS, WebSphere, Bea Web Logic etc. in order to authenticate! Otherwise you just directly authenticate against opensso. When installing opensso you can configure the type of user store you want  to use! By default it uses LDAP but you can also use different types of user store using JDBC or other mechanisms. Since you have a Directory Service you could easily connect it to your existing directory.
  There is also a way to map user ids directly in opensso by adding a uid mapping class. I created some documentation with lots of screenshots about using opensso with SAP J2EE. You can easily use opensso with any other system that supports SAML. In the case of SAP the usage is currently limited to SAML versions 1.0 and 1.1. Version 2.0 is not yet supported but should be in one of the following versions.
  Here are some links you might want to check:
  OpenSAML: https://spaces.internet2.edu/display/OpenSAML/Home
  wss4j: http://ws.apache.org/wss4j/
  shibboleth: http://shibboleth.internet2.edu/
  opensso: https://opensso.dev.java.net/
  On SDN you will find a documentation on how to connect SUN Java System Access Manager to SAP J2EE (see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/906d9fc6-31b9-2910-1385-90edad7d7570). As I said opensso is based on the SUN Access Manager code and looks quite the same. So you can adapt this documentation in order to configure opensso or you can just ask me for the documentation.
  Hope this is helpful...
  Let me know if you need further assistance on this topic
  Cheers

• Is it possible to implement SSO by setup SAML on weblogic with IIS?

  Hi! We have IIS as front-end web server talking to weblogic. Is there anything specific to IIS when configuring SAML on weblogic9.1? Thanks.

  Hi! We have IIS as front-end web server talking to weblogic. Is there anything specific to IIS when configuring SAML on weblogic9.1? Thanks.

• SSO implementation through IIS proxy

  I am  implementing SSO through IIS proxy. when I tried add the iis_sso.dll to IIS ISAPI filters tab, Its showing red color(which says that it is inactive). Please tell me how to make it green (Active).

  Ramesh,
  Which version of EP? I am assuming as well you have IIS 6.0? Also, ISAPI.dll is no longer supported.
  James

• Opinions on implementing a JAAS login module to achieve SSO

  We are looking at implementing SSO from a sharepoint website to the portal.  The users who are accessing the Sharepoint site are using their own computers and are not members of the AD Domain, so they could theoretically be using any computer in the world to access Sharepoint.
  the desired user experience looks something like this.
  user--login> sharepoint site -no login--
  >portal
  One of the methods we are looking at to achieve this is to implement a custom JAAS login module that would authenticate the user if they are coming from the Sharepoint site.
  I would like to get your opinions on how viable you think this method is.  One of the goals of this method is ease of implementation, so if you can think of an easier way to implement this please let us know.
  the method is basically this.
  1. User logs into sharepoint using their AD username and password and establish an active session with sharepoint
  2. user navigates to a link in sharepoint that points to a resource in the SAP Portal
  3. we don't want the user to have to login to access the resource when they click on the link
  4. to facilitate this, sharepoint has constructed the link in the following way
  5. the link is an https link
  6. the link has two additional parameters in addition to whatever is necessary to navigate to the resource
  7. the parameters are
  8. un = the users AD username
  9. uh = sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + "username")
  10. the user clicks the link and is directed to the SAP portal
  11. the sap portal has a custom JAAS login module which performs it's checks before the other login modules
  12. the custom module computes ( sha1("secret_password_known_to_both_the_login_module_and_sharepoint" + un)) and then compares the result with uh, if they are equal, the custom login module authenticates the user bypassing any further need for authentication, otherwise authentication passes to the original authentication modules as normal.
  If you think there is an easier way, please let us know.  We are essentially looking for the easiest/fastest way to implement this functionality that is still secure.

  Hey Gary,
    I'm currently using Apache running on RedHat that leverage Apache's mod_rewrite module. I've got a bank of 6 reverse proxies sitting in front of an SAP Portal and each proxy runs on a host with dual 3.33GHz processors and 8Gb or RAM. I know... they're waaay over-sized and they pretty much snooze all day.
    This is the sole entry point for all SAP users and we sized them to accommodate the "worst case" of about 5000 (potential) named users, concurrently. Realistically, we've only ever had about 1500 unique users hitting the systems in a day (following an upgrade go-live, everybody is curious and wants to log on) and a typical load of about 500 to 750 users in a day.
    Never had a real performance problem to speak of. As long as the proxies are tuned properly (ssl cache, sessions, etc.), you should be fine.
    Setting header variables and some other "custom stuff" is handled in Perl (need Apache's mod_perl active). We've got a script that's called by all users before being passed to the Portal.
    We used IISProxy.dll with an IIS web server a long time ago (5 years maybe?) but opted to can it in favor of the approach described above.
    If you ask SAP, they'll recommend you use a WebDispatcher... and that's certainly an option as well.
  -Kevin

• SSO Implementation in OBIEE 11g

  Hi All,
  I have a requirement in OBIEE 11g to implement SSO for the users. The actual requirement is that OBIEE should be able to authenticate users when they access the OBIEE URL through windows authentication credentials that they have used to log in into their machine.
  Please let me know if this can be achieved and if so what are all the configuration changes that has to be made for this to work.
  Any pointers on this will be highly helpful.
  Thanks.

  Has anyone verified this with Oracle?
  The documentation would suggest otherwise (http://docs.oracle.com/cd/E14571_01/bi.1111/e10543/sso.htm) - but I've yet to try to make it work on 11g.
  Would be nice to know if it is at all possible (without having to install a separate IIS server to host it) before embarking on the setup.... :-S
  Regards,
  -Haakon-

• How To Identify which SSO(Windows Authentication ) is Implemented

  Hi ,
  We have SSO windows authentication implemented in portals,so that portal users can skip the Log-in screen.
  I need to find out by which method they have implemented SSO windows Authentication.I heard about some possibities:
  1.Kerberos authentication
  2.SP Nego
  As it is already implemented, is there any place in portal UI or windows system where this information is tracked or captured.?coz the worst part is i did not have transition and I can not ask my client that how it has been done.
  Help will be greatly Appreciated
  Regards
  Rani A

  Hi Rani,
  take a look at SAP notes 958107 and 957666. There you'll find a diagtool application that is used to troubleshoot the Kerberos authentication. Before you do start with the tool, though, I'd suggest to look at the Kerberos documentation here:
  http://help.sap.com/saphelp_nw2004s/helpdata/en/43/4bd58c6c5e5f34e10000000a1553f6/content.htm
  SPNego is in fact the mechanism that the portal uses to 'execute' Kerberos authentication.
  Regards,
  Yonko

• How to make Oracle BI Mombile to work when  SSO is implemented in BI?

  Hi folks:
  I have SSO enabled in my OBIEE 11.1.1.6.6 . Its is working fine from IE/Firefox Browser/Chrome.
  Before implementing SSO ipad app was running perfectly fine.. but now Its not getting connected...prompt for username and password all the time.
  I am aware of SSO limitation of Ipad. Hence I tried connecting with SSO switch OFF in Ipad....in none of the ways actually is working :-(
  For SSO ...I'm using AD Authentication with Kerberos.
  So is there any configuration I am missing somewhere to allow Oracle Mobile to work when SSO is configured for BI?
  Below is what I am using to connect:
  Host: xxx.yyy.com (also tried with IP address)
  Port: 9704
  SSL – Off
  SSO – Off (also tried setting to ON)
  Username: my username
  Pass: my password
  Save Pw: On
  Device Locale: On
  Analytics Path: /analytics/saw.dll
  Publisher Path: /xmlpserver
  Any feedback will be really appreciated ...I'm really stuck on this ... or if you faced this and had to implement a workaround ... please let me know.
  Thanks a lot!
  Matias

  Hi: I tried that and got the following error message.
  "Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.2 401 Unauthorized
  Te request requires user authentication. Te response MUST include a WWW-Autenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11."
  Again this was after SSO configuration. I have no way to bypass SSO based on the current configuration ... so not sure how to solve that in order to make it work from iPAD and also from the IOS application.
  Any thoughts?
  Thanks!
  Matias