Register non web application on SSO

Similar Messages

• Where should one register a web application directory

  Hi:
  I have created a server domain and server instance for weblogic 8.1. Could someone
  please tell me where I should register the web application directory so that my
  jsp files could be served from this directory or a sub-directory of this web application
  directory?
  Thanks in advance.
  Rino

  Yes, it did work!
  Thanks a lot.
  Rino
  "Deepak Vohra" <[email protected]> wrote:
  >
  Rino,
  Is directory structure of the WebApplication the following?
  user_projects/mydomain/applications/myWebApp/jsp/HelloWorld.jsp
  myWebApp/WEB-INF/web.xml
  myWebApp/WEB-INF/weblogic.xml
  thanks,
  Deepak
  "Rino" <[email protected]> wrote:
  I did put the web application directory "myWebApp" under the "applications"
  folder
  but it still gives me error 404-Not Found.
  The content my my weblogic.xml file is as follows:
  <!DOCTYPE weblogic-web-app PUBLIC "-//BEA
  Systems, Inc.//DTD Web Application 8.1//EN"
  "http://www.bea.com/servers/wls700/dtd/weblogic700-web-jar.dtd">
  <weblogic-web-app>
  <context-root>myWebApp</context-root>
  </weblogic-web-app>
  Can someone explain me how the applications folder serves the jsp pages?
  And
  also what I may be doing wrong
  Thanks.
  Rino
  "Deepak Vohra" <[email protected]> wrote:
  I created a web application directory "myWebApp" under my weblogichome directory.
  The web application directory "myWebApp" should be under the 'applications'
  directory.
  thanks,
  Deepak
  "Rino" <[email protected]> wrote:
  Thanks for your response. However, I still could not get it to work.
  My weblogic home is "C:\bea\weblogic81"
  I created a web application directory "myWebApp" under my weblogic
  home
  directory.
  I also created a WEB-INF folder under "myWebApp" directory.
  After this I created "weblogic.xml" file under the WEB-INF folder.
  The content of my weblogic.xml file is as follows:
  <!DOCTYPE weblogic-web-app PUBLIC "-//BEA
  Systems, Inc.//DTD Web Application 7.0//EN"
  "http://www.bea.com/servers/wls700/dtd/weblogic700-web-jar.dtd">
  <weblogic-web-app>
  <context-root>myWebApp</context-root>
  </weblogic-web-app>
  Under my web application folder i.e. "myWebApp" I have a sub-directory
  named jsp.
  In this sub-directory I placed my helloworld.jsp file.
  Now when I try to run my jsp file from the browser as follows.
  http://localhost:port/jsp/helloworld.jsp
  I get an error message "Error 404-Not Found
  Could someone let me know what I am doing wrong here?
  Thanks in advance.
  Rino
  "Deepak Vohra" <[email protected]> wrote:
  The applications directory has a default Web Applications directory,
  DefaultWebApp.
  To specify a Web Applications dir other than the DefaultWebApp dir,specify
  the
  web app dir in
  the context-root element of weblogic.xml deployment descriptor.
  thanks,
  Deepak
  "Rino" <[email protected]> wrote:
  Hi:
  I have created a server domain and server instance for weblogic
  8.1.
  Could someone
  please tell me where I should register the web application directory
  so that my
  jsp files could be served from this directory or a sub-directoryof
  this
  web application
  directory?
  Thanks in advance.
  Rino

• Accessing Object Clusters From non-web applications

            Say I have a three-tiered WebLogic cluster (web proxy, servlet, EJB).
            I have an application that wants to access the EJBs directly from
            the object cluster via RMI or Corba.
            If I'm correct, the only load balancing/failover would be provided
            by DNS. So how are non-web applications able to enjoy the benefits
            of the cluster?
            I suppose you could send your EJB requests through a servlet??
            Is that the only way?
            Please share your ideas!
            Thanks,
            Dave
            

  See http://www.weblogic.com/docs51/cluster/concepts.html#1024225
            David Mrozek <[email protected]> wrote:
            > Say I have a three-tiered WebLogic cluster (web proxy, servlet, EJB).
            > I have an application that wants to access the EJBs directly from
            > the object cluster via RMI or Corba.
            > If I'm correct, the only load balancing/failover would be provided
            > by DNS. So how are non-web applications able to enjoy the benefits
            > of the cluster?
            > I suppose you could send your EJB requests through a servlet??
            > Is that the only way?
            > Please share your ideas!
            > Thanks,
            > Dave
            Dimitri
            

• Registering a partner application with SSO SDK

  Good day
  Since 2 days, I am struggling for the issue of registering a Servlet application as a partner
  application using the SSO Login Server.
  As per the suggested note id 182701.1 in metalink , I implement the following steps :
  - Step A : Create the partner Application Schemas (Succesful & the name of the shemas is : ssopartner)
  - Step B : Load Packages for the partner application (Successful)
  - Step C : Obtain the registration information (Successful)
  - Step D : Run the regapp.sql (successful but they forgot to mention that I should load the
  SSOHash.class )
  - Step E : Compile and Run
  I deploy the application under 9iAS in order to test it.
  I add the ssosdk307.jar the the jserv.properties file.
  I invoke the SSOPartnerServlet java program by entering :
  http://name of the webserver/servlet/SSOPartnerServlet
  I got the message "redirecting to the login server" and I got the
  login page of the SSO Server.
  Once I submit the user/password , I got HTTP 400: Page cannot be
  displayed.
  I check the mod_jserv.log file and find out the following message :
  [08/04/2002 13:54:16:949] (ERROR) ajp12: Servlet Error: POST is not
  supported by this URL
  Could you please advise
  Your prompt feedback is highly appreciated
  regards

  I believe that this is not possible as the mod_osso realizes that the URL is below an URL that you want to protect.
  The only way I see that you can do this is the following modification in the mod_osso.conf:
  <Location /myApp/secure_partA>
  AuthType basic
  Require valid-user
  </Location>
  <Location /myApp/secure_partB>
  AuthType basic
  Require valid-user
  </Location>
  <Location /myApp/secure_partX>
  AuthType basic
  Require valid-user
  </Location>
  So your application /myApp/subApp will not be effected and people can just access this part. However you will have more administration in your mod_osso.conf
  cu
  Andreas

• Register the partner application through SSO Administer Partner Application

  When should I use the "Administer Partner Applications" link on the SSO Server Administration page to register the application among the following cases?
  1. sign-on SDK integrated application
  2. mod_osso integrated application

  Were you able to resolve the issue???
  Can you pls try Rerunning ssodatan/x with the correct data. The ssodatan script is located in the directory ORACLE_HOME/portal30/admin/plsql/ssodatan.
  Refer following link for more info on SSODATAN , SSODATAX and DIAGNOSTICS scripts in Portal 3.0.x:
  http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=136138.1

• Java Web application with SSO cookie

  Hello All,
  We are having a web-Java application which is interacting with SAP-Web As and then calling RFC'c to get data from backend.
  My scenario should get user name and password from the MYSAPSSO2 cookie generated by the server.
  There are few issues with the application.
  1)When I am launching the application from my browser , a small pop up comes up "The server at Upload Protected area requires a user name and password".When I am providing the user name which is existing on my Java and ABAP stack ,its saying  "403   Forbidden :You are not authorized to view the requested resource."
  But when I am logging in with super user j2ee_admin, its allowing me to enter the application.
  Please let me the what settings are required for my user on the server to bypass this small window of protected area.
  2) Do we have any option to generate MYSAPSSO2 cookie programmatically ?
  3) Do we have any option to modify /add username in existing MYSAPSSO2 cookie?
  Thanks & Regards,
  Abhivyakti
  Edited by: Abhivyakti Srivastava on Jun 17, 2011 8:27 AM

  sorry,I 've got this:
  http://sourceforge.net/forum/forum.php?thread_id=1731549&forum_id=399715
  The problem is solved!
  forget my question...Thanks a lot!

• Java web application and SSO in Portal

  I have successfuly deployed an EAR file(Servlet/JSP) to my OC4J. In my deployment descriptor, I have added security-constraints tag to implement authenticaion using LDAP. In the process of deploying, I have also specified the LDAP associated to my OC4J as my user manager. This in effect adds up a jazn auth method=sso in orion-application.xml after deployment.
  My application, when accessed independently as http://hostname:port/app/index.jsp, is working fine. Login page pops up when the user hasn't logged in yet and redirects to index.jsp when authenticated.
  however, when I added this exact link to oracle portal so that everytime a user logs into the portal, he/she will be automatically logged-in to my application, it turns out that it isn't recognizing the logged user and keeps flashing an page cannot be accessed error.
  Any idea what to do with this?

  have you tried a javascript forum?

• "SSO" for non-sap web application using SAPGUI to browse?

  I have a web application (non SAP) and the user base are also SAP users in an ABAP system.
  To strengthen the authentication in the web app, I wanted to implement SSO 
  authentication as we pity the users for having to remember so many strong pw's and I
  dont like LDAP based pw sync or other technology I dont understand, because then we are
  just yet another application with the same pw...
  We are having technical problems implementing SSO on the web app side, and are anyway a
  bit sceptical about the user admin / role admin assignment if we get it to work.
  So I have created a transaction in SAP which browses the web app and the intention is to
  send the SAP sy-uname as the web app user. We can control this using s_tcode, and
  an own auth object on the WAS side and a check on the session type before the connection is
  established. In this sense we are dependent on the SAP concept implemented, but even so:
  The role assignment is controlled in the web app itself -> so assume that I am not overly
  worried about unauthorized access to the web application, as they would not have any
  system role for it as their sy-uname does not exist. (Infact we can monitor this)
  The browser on the front end is the SAPGUI with html controls on the SAP side.
  I would be interested in knowing whether anyone else has experience with this approach, and
  whether there are any areas to be carefull of?
  I would also like to know whether this is a strategic error?
  Kind regards,
  Julius

  Hi Julius,
  well, if that web application would run on the same ABAP backend system then the solution described in <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0612670">SAP Note 612670</a> would be applicable:
  a so-called "Re-entrance ticket" (based on the "SAP logon ticket" SSO proceedings) is issued, transported via the SAPGUI connection and back to the system via the invoked HTML control.
  But for non-SAP web applications that does not help.
  In that case only X.509 client certificates can be used for SSO. Actually, the web application could then also be invoked directly (independent from the SAPGUI session). The user is authenticated based on the X.509 client certificate - and not based on the ABAP userID (of the SAPGUI session).
  Well, if you don't mind the effort you could also use the "SAP Logon Ticket evaluation library" (sapssoext, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0304450">SAP Note 304450</a>) to evalute the SAP logon ticket externally. You'll then need to have a "stub application" at the ABAP side that triggers the http redirect to your external web application. Not a nice solution but a possible one.
  In the future SAML browser artifacts would be an option (preferable to integrate non-SAP applications). But currently that's not available (for NWAS ABAP).
  Cheers, Wolfgang

• SSO to non SAP Application using SAP Logon Ticket

  Hi Experts,
  I Have EP 7 SP 15 using SPNego Wizard to SSO with Active Directory and SSO between EP and ECC using SAP Certificates.
  Now I have a demand to SSO some JAVA based applications (non SAP) to my portal using the SAP Logon Ticket.
  I Have followed some blogs that directed me to use SAPSSOEXT (some libs) to read the MYSAPSSO2 cookie. The problem is that I didn't found this cookie, I even executed the command javascript:document to look for this cookie but the browser just show me the JSESSIONID info.
  Does anybody knows where I can find this cookie or if there's a better way to set up this SSO? It´s necessary to say that I cannot SSO these application to the kerberos protocol because some security reasons on my company.
  Thanks
  Armando

  Hi,
  I dont have much info related but i can giv u hint
  refer OSS Notes 442401 and 723896.
  When using SAP logon tickets for non-SAP applications, two different implementation options are available. The difference lies in where the ticket verification takes place.
  In the first case,  the SAP logon ticket is submitted to the web server filter located on the web server. The web server filter verifies the portal serveru2019s public key
  certificate using its local Personal Security Environment (PSE) and then populates the HTTP header field with the user ID for SSO to the non-sap web application.
  In the second case,  the SAP logon ticket is sent to the non-SAP application, which then verifies it using the ticket verification DLL and submits the user ID to the application for SSO.
  You can refer following link :-
  http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
  user authentication and SSO
  http://help.sap.com/saphelp_nw70/helpdata/EN/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
  Authentication Using a Directory with SSO Integration Using Logon Tickets
  http://help.sap.com/saphelp_nw70/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm
  SSO
  SAP Logon Ticket-based Single Sign-On
  http://help.sap.com/saphelp_nwce10/helpdata/en/45/b6af743753003ae10000000a11466f/frameset.htm

• Using APEX as SSO redirect for existing web application

  Hi,
  I have an existing PHP based Web Application hosted on an Apache server. I want to protect these web pages by authenticating users via Oracle SSO.
  I tested this by creating a simple APEX web page with redirect <Meta> tag to route traffic to my application upon successful SSO login. This works fine if request comes directly to APEX page....
  So my question is how do I protect php pages from being directly accessed and still be able to get sso user login information (like username) coming from APEX page?
  Do I still need to set up mod_sso.so in osso.conf for my Apache Server or should I just register my php web application as partner application with SSO server without going through APEX?
  Any advice on this is greatly appreciate.
  Thanks,
  james

  Tony,
  Sorry for taking so long to respond as I got side tracked with other tasks.
  Thank you so much for the link. The provided link is very helpful.
  One difference in my situation is that I am using a generic Apache installation (version 2.2.11) and not Oracle Apache Server from OAS.
  So I copied mod_osso.so from OAS 10.1.3.1.0 installation to my generic Apache location. As I tried to startup Apache instance I got following error while loading mod_osso.so.
  ... Cannot load /apache-2.2.11/modules/mod_osso.so into server: /apache-2.2.11/modules/mod_osso.so: undefined symbol: ap_configtestonly
  I did some search and found that other folks are reporting success of using mod_osso.so on generic Apache (without saying which version of Apache). I wonder if mod_osso.so can only work with older version of Apache?
  Do you have insights on this by any chance?
  Thanks again,
  James

• Registering the Web based application as a Partner Application

  Good day
  I went through the suggested documentation of registering a
  web based application as a partner application of the SSO Login Server.
  I installed the SSOSDK.JAR and went through the demo application (JSP Demo)
  which consists of the following programs :
  papp.jsp
  ssoinclude.jsp
  ssoEnablerJspBean
  SSOEnablerBean
  SSOSignon
  As per the technical documentation,I register this demo application as a
  partner application.
  1 - The source code of the papp.jsp checks for the existence of the user
  through method of ssoEnablerJspBean [getSSOUserInfo(request, response)] which
  calls method of SSOEnablerBean [getSSOUserInfo (request, response) and this
  method calls getUserInfo(p_request) of SSOEnablerBean (the same program) to
  check the existence of the application cookie.
  2 - If it doesn't exit , it redirect it to the SSO Login page for user
  authentication.Once the user is authenticated, a SSO login cookie is created on
  the client's browser and redirects back to the SSOSignOn.
  3 - The SSOSignOn program creates the application cookie and redirects back to
  the entry point of the demo application which is papp.jsp.
  My Questions are as follows :
  1 - Instead of creating a session object within my web based application to hold some
  information used between the different pages, can I define them in the
  application cookie? kindly advise? Is there any limitation for the length of
  the application cookie? If yes, what will be the risk?
  2 - The SSOSignOn program is calling a method in the SSOEnablerBean
  [setPartnerAppCookie(response, request). Within this method , it is retrieving
  the parameters values of the request object as :
  request.getParameterValues("urlc")[0];
  What is the role of this [urlc]? Is it hard coded? Can I change it?
  3 - In order to ensure that I am still dealing with the same user, shall I put
  the above security check procedure on each page of my weeb based application? Kindly advise?
  Thanks in advance for your prompt feedback
  regards

  Dear Paul
  I think there is a misunderstanding regarding the last correspondence.
  I am talking about the customized home page of the PORTAL and not the home page of my web based application (JSP) .So in this case, Am I able to use the customized home page which contains a login portlet instead of the default Login page of the SSO Login Server.Kindly advise!!!
  On the other hand, I am facing a problem during the surfing of the web based application.
  The web based application consists mainly of two packages :
  Package I : Bank.counter which contains a set of jsp pages.
  JSP_HOME_COUNTER (MAIN PAGE WHICH CONTAINS 2 FRAMES)
  JSP_LEFT_FRAME_COUNTER
  JSP_MAIN_FRAME_COUNTER
  JSP_MAIN_FRAME_COUNTER_DETAIL
  Package II : Bank.portfolio which contains a set of jsp pages.
  JSP_HOME_PORTFOLIO (MAIN PAGE WHICH CONTAINS 2 FRAMES)
  JSP_LEFT_FRAME_PORTFOLIO
  JSP_MAIN_FRAME_PORTFOLIO
  Please note that the SSO classes are residing under the first package.
  As agreed on in the third question, I am including in each page of my web based application, a security check procedure as follows :
  <%@ include file="ssoinclude.jsp" %>
  <%
  if(usrInfo == null)
  response.getWriter().println("<center>User information not found</center>");
  else
  my jsp code.......
  %>
  Please note that all the jsp page of the portfolio package are pointing to the SSO classes as follows :
  <%@ include file="../counter/ssoinclude.jsp" %>
  <%
  if(usrInfo == null)
  response.getWriter().println("<center>User information not found</center>");
  else
  my jsp code.......
  %>
  Once I invoke the JSP_HOME_COUNTER , it will render the JSP_LEFT_FRAME_COUNTER page and
  JSP_MAIN_FRAME_COUNTER page which invokes the SSO Login page. Once the user has been authenticate, the result of the JSP_MAIN_FRAME_COUNTER is rendered successfully. The result contains an hyperlink to the
  JSP_MAIN_FRAME_COUNTER_DETAIL page. As the user has been authenticated , this page is rendering automatically the result without displaying the SSO Login page. (Perfect as of now!!).
  Once I invoke the JSP_HOME_PORTFOLIO from the JSP_HOME_COUNTER, it runs the security procedure without any rendering of the SSO Login page (fine!!) but redirects me back to JSP_HOME_COUNTER instead of rendering the result of the JSP_HOME_PORTFOLIO.
  please note that the m_requestUrl variable in the SSOEnablerJSPBean class has been assigned the folowing value : JSP_HOME_COUNTER
  Kindly advise .

• SSO for Web applications

  Hi,
  I want to implement SSO between my portal and web applications. i found some documents but not sufficient information. what would be the correct source of information if i want to impalement SSO between Portal and Web server(non SAP).
  Any help is appreciated.
  Thanks,
  Damodhar.

  Hi,
  i have gone through the some documentation, i am giving the links to help for the others if anyone go through this thread in future.
  Logon tickets for the sap and non sap systems, it's good.
  SAP Logon Ticket-based Single Sign-On
  SSO with SAP logon ticket- Security issues
  SSO with SAP Logon Ticket - security issues
  we have another document but the document has been moved to another link, can you suggest me link for the following document.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/enabling single sign-on from sap j2ee engine to non-sap java applications.article
  the above link has been moved, can anyone suggest me the correct link for the above document.
  Thanks,
  Damodhar.

• SSO to non SAP Application (ASP)

  We have followed the sample steps for SSO to non SAP Applications in ASP, but we're receiving the following results:
  Start SSO2TICKET main
  Version: SAPSSOEXT 2
  Ticket verifying failed. Return codes error=1 and ssf error=0
  Does anyone know what the problem is and how to solve it?
  Thanks!

  hi ive,
  u cn refer to this links.......these r  some of    the blogs that u cn go throu.its useful.
  <b>User Mapping-based Single Sign On,
  SAP Logon Ticket-based Single Sign-On>
  regards
  bhargava

• SSO to Web Application from Portal

  Hi,
      I am working on a scenario where I need to access a Web Application from the Portal.
      I read about the Application Integrator that is provided by the Portal .
      I wanted to know that can I only have SSO to those Web Application that accept the userid and password and as URL parameters using Application Integrator , ie: those applications that have post method cannot be integrated.
     Please help me out with clearing this doubt.
  Thnx,
  Pravesh Puria.

  Hi  Abdulbasit ,
      Please give me more details , we have a Lotes Notes Web application hosted on Domino server , another is J2EE based application. I need to achieve SSO to each of these applications from the SAP Portal.
     I followed the below listed steps:
     Created two systems one for each Web application based on the template generated from the application integrator. I entered the user mapping values for both the systems.
     I also created two IViews. When I preview , the logon page of the web application opens but the user credentials are not passed to the application.
     Please help me with the steps to achieve the SSO , from the reply I interpret that Logon ticket method was used to achieve the SSO and user mapping.
      My email id is : [email protected]
      It will be of immense help to me.
  Thnx,
  Pravesh Puria.

• SSO to web application

  Hello all,
  Okay, I'm trying to accomplish SSO between EP5.0 and an existing web application and am having little luck.  Basically, the web app will be called in the portal and I need to somehow pass the web app the userid/pswd that is stored in a user mapping entry in the portal (userid is not the same as the portal userid).  In retrieving the usermapping info, the pswd is encoded (obviously for security reasons).  So, anyone have an idea as how to a) get the usermapping info and b) pass it to the web app.  (I've tried using a session cookie, but it does not appear be globally visible).
  Cheers,
  Mike

  I'm not familiar with EP5.0, but I think maybe using URL rewriting can accomplish SSO.
  But I am worry about if this method will encode the password.