Punchout - How to post login params to Tivoli Access Manager?

I am trying to help a customer access our parts ordering system. He is using SAP and wants to use the OCI Punchout feature. (Warning: I am a complete and utter SAP novice)
Our application servers are protected by Tivoli Access Manager and users currently login to our application by entering their user/pwd info in a form. This customer wants to store this login info in SAP and perform the login automatically as well as posting other parameters, such as HOOK_URL etc., to our parts ordering application.
I have been struggling with this for a few days now but without success. Can anyone offer some pointers here? Has anyone done something similar?
Thanks
Paul

Thanks for your reply Masa,
as I mentioned in my post, I am an SAP novice. I am assuming that the user, password and hook url are stored somewhere in SAP for use in the punchout.
The problem I see is this: how to login with TAM and send the hook url to my application. It seems to me to be 2 separate actions.
Paul

Similar Messages

  • BPC authentication via Tivoli Access Manager

    Hello experts,
    I'm now investigating BPC authentication mechanism with third vendor authentication software.
    Is it possible to login to BPC v7.5 MS version via Tivoli Access Manager with 'Reverse Proxy' ?
    And can BPC get a login-user information as a http-header from Tivoli Access Manager at this time ?
    If the above situation is possible, can BPC utilize BO enterprise authentication with Tivoli Access Manager ?
    Best regards,
    Tatsuo Oba

    SAP BOPC can use Reverse Proxy.
    I'm not sure how you want to use Tivoli Access Manager with SAP BOPC?
    It is very interesting to know also the reason you woudl like to use SAP BOPC in this way.
    It can be a very nice case study.
    BPC can not get information like an HTTP header and something like that it will be unsafe from security point of view.
    Regarding your question:
    BPC to utilize CMS authentication with Tivoli Access Manager
    I think you have to provide more information? Why do I need Tivoli Access Manager to access BPC or to do authentication to CMS.
    I have to mention I don't know how it is working Tivoli Access Manager and because of that I'm asking you to provide more information.
    Regards
    Sorin Radulescu

  • Hyperion integration with Tivoli Access Manager

    Hello All:
    Does Hyperion supports using pre-authenticated users from IBM Tivoli Access Manager. Please can you point me to any documentation explaining the integration procedure.
    TIA.

    Suggest you read sections 2,3,4 of the below document:
    http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/hyp_security_guide.pdf
    It doesn't come out and say that this type of agent is supported -- you can potentially log a case with Oracle and they may be able to answer you however as it's not documented I would suggest it's not supported.
    If you decided to go forward with this then you need to find someone else who is using it successfully and ask them how it is working out.
    Presuming they didn't change too much from 9.3.1 to 11.1 (9.5) then you will find many many issues with SSO working.
    IT saving a user a login box or two and making the application non-usable just isn't a good direction to go.
    John

  • Tivoli Access Manager 6.0 with Sun Java System Directory 6.3

    Hi,
    We have been using Tivoli Access Manager 6.0 with Sun Java System Directory 6.3 .
    Using IBM TAM Java API we can administer the user creation but the API provide support only to create user with required attribute as user name, password, description, setAccoutntvalid etc.
    But Sun Java System Directory 6.3 contains the many attributes as just to name a few...
    First Name (givenname), User ID (uid),Password (userPassword), Confirm Password
    E-mail (mail), Telephone Number (telephoneNumber), Country (c),Fax Number (facsimileTelephoneNumber), Locality (l), Organization (o), Organizational Unit (ou), accessHint, accountHint, departmentNumber, description, destinationIndicator, displayName, employeeNumber ETC...
    Now My Issue is if we need to add the values for other attributes as "accessHint" , "employeeNumber" etc, then how can we acheive using IBM TAM Java API or is there any other way.
    Thanks for your kind help...

    Looks like the attribute sunIdentityServerDiscoEntries is defined twice in the schema. Run the following and see where it is defined for the second time.
    # cd /var/opt/SUNWdsee/dsins1/config/schema
    # grep -w sunIdentityServerDiscoEntries *.ldif | grep -iv objectclasses
    Edited by: etst123 on Mar 3, 2009 1:28 PM

  • Using IBM Tivoli Access Manager to Secure Tuxedo Services

    Wondering if anybody has any experience using 'IBM Tivoli Access Manager for e-business' to perform tuxedo service authorization ?
    Is there an out-of-the-box integrated solution available or does one have to basically build a security service that use the Tivoli Access Manager APIs to determine if the user is authorized to invoke service?
    Thanks,

    Hi,
    I followed the steps of establishing SSO using TAM for OBIEE application.
    Below is the piece of code that i had inserted in the "instanceconfig.xml" to enable SSO:
    <Listener>
    <!-- other settings ... -->
    </Listener>
    <CredentialStore>
    <CredentialStorage type="file" path="<OracleBIData>/web/config/credentialstore.xml" passphrase="another"/> </CredentialStore>
    <!-- other settings ... -->
    <Auth>
    <SSO enabled="true">
    <ParamList>
    <!--IMPERSONATE param is used to get the authenticated user's username and is re quired -->
    <Param name="IMPERSONATE"
    source="httpHeader" nameInSource="iv-user"/>
    </ParamList> <!--Optional. Replace the URLs with actual logoff/logon URL-->
    <LogonUrl>http://pkmslogin</LogonUrl>
    <LogoffUrl>http://pkmslogout</LogoffUrl>
    </SSO>
    </Auth>
    My credential store file look Like on below
    <sawcs:credential type="usernamePassword" alias="impersonation">
    <sawcs:username>USER</sawcs:username>
    <sawcs:password>password</sawcs:password>
    </sawcs:credential>
    In the above code i am trying to get the userID of a User through the header of the application's URL, who has been already been authenticated by Windows desktop Authentication mechanism .
    but then i try creating a junction using TAM and access the application through the junction i still get the logon page of OBIEE application...
    Can any one help me out in this issue..
    Thanks in Advance...

  • How to check amsilent file in Sun Access manager patch or redeploying WAR's

    h1. How to check amsilent file in Sun Access manager patch or redeploying WAR's
    I had a hard time getting all the passwords correct, so I wrote a shell (bash) script that uses most passwords and other parameters in searches and queries. It let's you know before you start if a value is wrong. It does not change anything, only queries.
    h2. One pitfall I found ...
    during the postinstall of patch 05. I told Sun about it, but I suspect it was too late and is also an issue with patch 06:
    Look at the documentation regarding amconfig and the amsilent file:
    http://docs.sun.com/app/docs/doc/819-2137/adsav?l=en&q=amconfig&a=view
    Two problems that are clear to me now:
    1. ADMINPASSWD in practice, this password is used for cn=puser, not amadmin as it says. Perhaps there is something that makes them the same. It was the same for me, so it probably does not matter.
    2. AS81_ADMINPASSWD is not the same as ADMINPASSWD using either my definition or the document's definition. However, in the amsilent template, it is set like this, which I found is incorrect and the cause of my recent hair loss:
    <blockquote>AS81_ADMINPASSWD="$ADMINPASSWD"</blockquote>
    Also, this one if you use the web server:
    <blockquote>WL8_PASSWORD="$ADMINPASSWD"</blockquote>
    Delete the $ADMINPASSWD and replace it with the password for the app/web server.
    h2. The Script.
    It tests for the above problem, but I just realized it does not check $ADMINPASSWD. If that is set incorrectly in your amsilent, you'll get errors immediately from amconfig, so no big deal. If you make improvements, please post a reply!
    Paste this into a file named checkamsilent. LDAP and appserver must be running. It reads /opt/SUNWam/amsilent. Run it as root or use sudo:
    sudo ./checkamsilent
    #!/usr/bin/bash
            echo "This will test several important parameters of the amsilent file "
            echo "run this as root."
            echo "### read in the amsilent parameters"
            echo "source /opt/SUNWam/amsilent  "
    source /opt/SUNWam/amsilent
            echo "### look for the *server port* with LISTNER, otherwise it's not listening. "
            echo "netstat -a | grep $SERVER_PORT    "
            echo "--------------"
    netstat -a | grep $SERVER_PORT  
            echo "--------------"
            echo "."
            echo "### *admin port* with LISTNER, otherwise it's not listening. "
            echo "netstat -a | grep $ADMIN_PORT   "
            echo "--------------"
    netstat -a | grep $ADMIN_PORT 
            echo "--------------"
            echo "."
            echo "### Expect to see a line of XML, otherwise the SERVER_PORT is incorrect in the amsilent file."
            echo "grep $SERVER_PORT  ${AS81_INSTANCE_DIR}/config/domain.xml  "
            echo "--------------"
    grep $SERVER_PORT  ${AS81_INSTANCE_DIR}/config/domain.xml
            echo "--------------"
            echo "."
            echo "### Expect to see a line of XML, otherwise the ADMIN_PORT is incorrect in the amsilent file."
            echo "grep $ADMIN_PORT  ${AS81_INSTANCE_DIR}/config/domain.xml "
            echo "--------------"
    grep $ADMIN_PORT  ${AS81_INSTANCE_DIR}/config/domain.xml
            echo "--------------"
            echo "."
            echo "### bind as the directory manager "
            echo "ldapsearch -v -h $DS_HOST -p 3892  -L -s sub -D \"$DS_DIRMGRDN\" -w \"$DS_DIRMGRPASSWD\" -b 'dc=nsf, dc=gov' \"cn=amldapuser\"" 
    ldapsearch -v -h $DS_HOST -p 3892  -L -s sub -D "$DS_DIRMGRDN" -w "$DS_DIRMGRPASSWD" -b 'dc=nsf, dc=gov' "cn=amldapuser" 
            echo "."
            echo "### check the amldapuser password. "
            echo "ldapsearch -w $AMLDAPUSERPASSWD -v -h $DS_HOST -p 3892  -L -s sub -D cn=amldapuser,ou=DSAME Users,dc=nsf,dc=gov -b ou=DSAME Users,dc=nsf,dc=gov cn=* cn  "
    ldapsearch -w "$AMLDAPUSERPASSWD" -v -h $DS_HOST -p 3892  -L -s sub -D "cn=amldapuser,ou=DSAME Users,dc=nsf,dc=gov" -b "ou=DSAME Users,dc=nsf,dc=gov" cn=* cn
            echo "."
            echo "### check the app server admin: AS81_ADMIN password: AS81_ADMINPASSWD  and port: ADMIN_PORT "
         echo "### That's actually a bug in the template.  "
         echo "### Do not use AS81_ADMINPASSWD=\$ADMINPASSWD  Make sure they are  different passwords! Don\'t use the default!"
         echo "Expect to see a WARNING about --password option. "
            echo "/opt/SUNWappserver/appserver/bin/asadmin  list-http-listeners --user $AS81_ADMIN --port $ADMIN_PORT  -w $AS81_ADMINPASSWD  "
    /opt/SUNWappserver/appserver/bin/asadmin  list-http-listeners --user $AS81_ADMIN --port $ADMIN_PORT  -w "$AS81_ADMINPASSWD"
            echo "done!"

    I change the product machine from LG optimus to Samsung Galaxy but the file writing is not working, too.
    I copied the source code from Adobe website about FileStream  but it is needless too.
    -----------------program code------------------------
    import flash.filesystem.*;
    import flash.filesystem.FileStream;
    import flash.events.Event;
    //txtFld is a standard textField component
    txtFld.text = "Start";var file:File = new File();
    //btnSaveFile is a standard button component
    btnSaveFile.addEventListener(MouseEvent.CLICK,handlerBtnSaveFile);
    function handlerBtnSaveFile(e:Event){
    txtFld.text = "Pressed";
    file = File.documentsDirectory;
    file = file.resolvePath("test.txt");
    var fileStream:FileStream = new FileStream();
    fileStream.openAsync(file, FileMode.WRITE);
    fileStream.writeUTFBytes("Hello");
    txtFld.text = file.nativePath.toString();
    //fileStream.addEventListener(Event.CLOSE, fileClosed);
    fileStream.close();
    fcnFileName();
    function fcnFileName(){
    txtFld.text = file.name.toString();
    function fileClosed(event:Event):void {
        trace("closed");
    txtFld.text = "FileClosed";

  • Tivoli Access Manager WebSeal & Infoview

    Post Author: ab129001
    CA Forum: Authentication
    Is it possible to enable Infoview users to authenticate via Tivoli Access Manager WebSeal (a reverse proxy authentication product)?
    Thanks in advance.
    Andy

    Post Author: jsanzone
    CA Forum: Authentication
    Andy,
    It's my understanding that in order to achieve SSO w/ TAM running under WebSeal, that a Portal Integration Kit (PIK) must first be produced from BusinessObjects for the XI R2 platform.  Back in early April 2007, before I knew about PIKs, I submitted a trouble ticket to Tech Support in the hopes of getting a "quick" solution, hence the PIK education lesson.  In response to my request, tech support submitted an enhancement request for a WebSeal Portal Integration Kit, the Ticket number for the enhancement is ADAPT00755013.   If you find out anything further on this situation, I'd be all ears!!

  • Oracle Apex - SSO with IBM Tivoli Access Manager WebSeal - filters out Files with Server Error 500

    Hi,
    We are using IBM Tivoli Access Manager for SSO to authenticate users to access our APEX application. The authentication works but...
    When the application is being accessed with the WebSeal JS/CSS files are randomly not loaded and show up with either HTTP 400 or HTTP 500 error in the FF Toolbar Console. Of course without certain CSS / JS files the application can't be used by the user.
    If the application is accessed without WebSeal all files are loaded successful.
    Our set up:
    There are two APEX Applications using the WebSeal - the first one apparently works
    Apex Listener on Tomcat7.0
    Apex 4.2.6
    We tried all kind of different WebSeal configurations but nothing worked so far.
    I found the following:
    interactive report problem with SSO
    ==> Does anyone know how to use mapping tables and does it help?
    Interactive report javascript error due to proxy
    ==> The solution is for EPG but we use Tomcat as Listener so the solution does not apply
    Does anyone know how to configure the WebSeal ?
    Thanks

    I have same issue with Apex 4.2.6 and Webseal,  but only on Mobile Application.  Desktop Application is ok.
    I have raise a SR on supportweb, but SR engineer tell me it's may be the Webseal issue, they can't reproduce it with Oracle Access Manger.
    It's really a tough issue.

  • How to protect custom applications using oracle access manager?

    Can someone brief me on how to protect custom applications using oracle access manager?

    Is the Custom application a Web Application running on certified platform? If its Web Application then its no different you have to configure the access policies with http(s) as resource type.
    If its not a web application you can write Custom access Gate and then implement. You would configure the policies similar to Web application (you can define your ouwn resource type if you like) and in the custom web gate you will use Access server SDK API to validate the access rules.
    Thanks
    Ram

  • How to change LDAP server setting in Access Manager 6.2

    Hi,
    We have initially set authentication as a SunONE Directory Server 5.1 (master DS1) in Sun Java System Access Manager 6.2. In both /etc/opt/SUNWam/config/serverconfig.xml
    /etc/opt/SUNWam/config/AMConfig.properties
    conf files, DS1 was set initially. Also on console's Service Configuration ->LDAP->Primary LDAP Server was set as "DS1"
    Now the problem is that I am not able to change the DS1 to the other master "DS2". I set DS2 in both above conf files and also the Service Configuration page as Primary LDAP Server. I restarted the server. When I stopped the DS1, I couldn't login access manager console with any user. It looks like it is still trying to get authentication from DS1.
    Does anybody know what I am missing here?
    Regards,

    After hopeless tries, I finally made it work;) The trick was actually updating the sunKeyValue attribute of the entry:
    "dn:ou=default,ou=OrganizationConfig,ou=1.0,ou=iPlanetAMAuthLDAPService,ou=ser
    vices,dc=company,dc=com" in one of the master DS I have.
    Even though I set DS2 and loadBalancer hosts in all conf files and in Primary LDAP conf in amconsole's Service Configuration, it just didn't work until I inserted loadBalancer host in sunKeyValue attribute.
    Hope it helps to someone....
    -Bora

  • How to post message from SAP to solution manager

    Dear Friends,
    We have configured solution manager service desk and the users were able to send messages so that we can view it in solman ITSM.
    Now we want to bifurcate the messages from different people, hence we woule like to use of Problems in incident management of solman.
    How a end user can create a message so that it comes and fall in problems folder of incident management,
    Normally create support message from SAP will make the message to be visible in incidents of solman ITSM, but we want the message to fall in problems section of ITSM in solman.
    Please help.
    Thanks
    Suresh

    Hi,
    In 7.1 we do have dedicated services as Problem management, with the transaction type SMPR. you can create ZMPR and proceed similar to SMIN ( incident) in ITSM.
    also refer here  Problem Management in SAP Solution Manager 7.1 - Part 2
    Thanks
    Jansi

  • Is it possible to Integrate IBM Tivoli Access Manager with EBS R12.1.3 ?

    Hi All,
    We have a requirment to integrate IBM TAM with oracle EBS R12.1.3. We already had such setup with TAM5.1 with oracle EBS 11.5.0. Now we try to replicate setup using R12.1.3 and end up with failures.
    - TAM login is unable to bypass the oracle EBS 12.1.3 page (Webseal landing page marks to /OA_HTML/Rf.jsp in R12 and 11i has /OA_HTML/AppsLocalLogin.jsp) which normally gives the home page in 11i.
    - I can see EBS is not accepting the TAM post call completly.
    Can somebody please throw some light on this.
    OS -- IBM AIX 6.1
    DB - 11.2.0.3

    Hi Hussein,
    Thanks for the reply. There is no error message as such. TAM Page just route it to apps login page.
    I've reviewed above MOS notes. But in our case, we are not using any form services. Just HTTP and oacore services are running in application node.
    Below standard IBM note was followed for config,
    http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=%2Fcom.ibm.itame2.doc_5.1%2Fam51_webseal_guide99.htm
    Apache log with debug option gives below messages
    10.15.25.71 - - [26/Jun/2013:10:31:35 +0100] "GET /OA_HTML/RF.jsp?function_id=1024788&resp_id=-1&resp_appl_id=-
    1&security_group_id=0&lang_code=US HTTP/1.1" 200 13618 6 "https://isup-sit.via.novonet/pkmslogin.form" "Mozilla
    /4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.45
    06.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)"
    10.15.25.71 - - [26/Jun/2013:10:31:35 +0100] "POST /OA_HTML/OA.jsp?page=/oracle/apps/fnd/sso/login/webui/MainLo
    ginPG&_ri=0&_ti=1493943578&language_code=US&oapc=2&oas=vAqt8ennrMoGojwjkH3sjA.. HTTP/1.1" 200 12466 0 "https://
    isup-sit.via.novonet/isup/OA_HTML/RF.jsp?function_id=1024788&resp_id=-1&resp_appl_id=-1&security_group_id=0&lan
    g_code=US" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.507
    27; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)"
    In normal course we use to get one more GET to OA.jsp that is not happening here..
    GET /OA_HTML/OA.jsp?OAFunc=OAHOMEPAGE
    Please note we are not using oracle SSO.
    Thanks,
    Lakshmanan

  • How to send login details by post in AN, as form?

    how do I understand the edge POST Login form?
    look the code html:
    <form id="form1" name="form1" action="http://www.aniwere.com.br/LoginExterno.aspx?emp=137975"; method="post">
    <input type="text" id="txtLogin" name="txtLogin" size="20" placeholder="Login" style="height:20px; border: 1px solid #FFF; margin-bottom:5px;" />
    <input type="password" id="txtSenha" name="txtSenha" size="20" placeholder="Senha" style="height:20px; border: 1px solid #FFF;" />
    <input type="image" src="imagens/bt_entrar.jpg" name="button" id="button" style="margin: 5px 0 0 85px;" />
    </form>
    ok, i make 2 textbox and code in tigger
    sym.$("operand1").html("<input type='text' name='txtLogin' id = 'txtLogin' style = 'width:115px; height: 10px;font-size:9px; background:transparent; border-color:transparent'></input>");
    sym.$("operand2").html("<input type='password' name='txtSenha' id = 'txtSenha' style = 'width:115px; height: 10px;font-size:9px; background:transparent; border-color:transparent'></input>");

    make a form like you made those 2 inputs. ( but than form)
    put operand1 and 2 as childs of the form and make the button ( also with .html)

  • [iPhone] How to POST url in safari

    Hi!
    I want my app to open url in Safari and to login.
    I know how to just open URL:
    UIApplication *app = [UIApplication sharedApplication];
    [app openURL:[[NSURL alloc] initWithString:@"http://www.somedomain.net"]];
    But there is a login form on that site. Here is it's code:
    <form action="http://www.somedomain.net/login.php" method="post">
    <td width="68%"><input name="username" class="formlogin" size="23" type="text" /></td>
    <td width="10%"> </td>
    </tr>
    <tr>
    <td>Password:</td>
    <td><input name="pass" class="formlogin" size="23" type="password" /></td>
    it looks like I have to POST params to http://www.somedomain.net/login.php
    Well, I know how to POST
    NSString *myRequestString = @"username=sampleuser&pass=samplepass";
    NSData *myRequestData = [NSData dataWithBytes: [ myRequestString UTF8String ] length: [ myRequestString length ] ];
    NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:[NSURL URLWithString:@"http://somedomain.net/login.php" ]];
    [ request setHTTPMethod: @"POST" ];
    [ request setHTTPBody: myRequestData ];
    NSURLConnection *connection = [[NSURLConnection alloc]
    initWithRequest:request
    delegate:self];
    [connection release];
    [request release];
    But how to combine it all together? Just POSTing and calling openURL does not work. Is it possible at all? openURL opens safari and GETs? What if a site could log me in on GET request with username and pass as params, would openURL work then?

    No, you cannot specify a request method in a URL.

  • Username availability in post-login application processes

    Hi there,
    I have a problem with a post-login application procedure that sets session variables. Some of the variables are based on the username of the user that is logging in. I'm using the function htmldb_custom_auth.get_username to return the username. However, it always reports 'nobody' as the username.
    Is there a way to get the username of the logged-in user in a post-login application procedure?
    Robert

    By "post-login application procedure," I mean an application process whose "Process Point" property is set to "On New Session: After Authentication".That firing point means once per session at the point during the rendering of the requested page after the step where the user identity (if any) has been determined. If the first page requested is a public page (which might be the login page specified by your authentication scheme) then the user identity has not yet been established and will be null, 'nobody', 'APEX_PUBLIC_USER', 'ANONYMOUS', or perhaps some other public user name, depending on "how your application works".
    You should put code like I think you have in this process into the authentication scheme's Post-Authentication Process. This block will be executed after the login API has processed the login request and after a session has been created and registered with the authenticated username.
    I'm not sure what you're asking about how my application works.I was looking for a technical description of what you intend to happen in the scenario, e.g., User starts browser -> user requests URL like f?p=100:1, -> user sees login page which is page number 101 in application 100 and is specified as the Session Not Valid Page in the application's authentication scheme -> user enters username and password and presses Login button -> On New Session process should fire after login page is submitted and capture authentication username -> etc.
    Scott

Maybe you are looking for

  • How to import file to DVD Widesrceen without leterbox ??

    hi. please help ! I inport one video file (resoluton : 1440*1080 file H264 ) from hard disk . and i set the iMovie project is DV Widesrceen (16:9) . After import finish . i find both of side has black vertical stripe . And i check the dst DV file in

  • Nested table in a subtype

    Hi, A question: Is it possible to have a nested table on a subtype? If yes : How to declare the storage table for the nested table. I will be really grateful for any help here. Nina

  • R-Tree and Disc IO

    Hi, I have a question how Oracle Spatial saves the data on disc. Is there a connection between r-tree-index-leafes and the data on disc ? Is it the case that data is stored like they are in the index-leafes ? I could imagine that this could have perf

  • Change location of APPLCSF log and out

    Hi , We are on oracle version 11.2.0.2 and Apps version 11.5.2.0 running on Solaris Sparc 64 Bit. We have a new mount point in the system and need to configure the APPLLOG and APPLOUT to that location. Previously it was confiugured to another mount p

  • Non technical SAP Modules

    hi good day i got 7+ years of exp in Software Testing and would like to learn SAP . i got  good domain knowledge in mobil communications and banking . can any one guide me  which is the correct module for me to choose.thanks in advance i 'm not good