Rest Security Framework using Internal user

We are planning to use ATG 10.0.3 REST framework to expose web APIs for other channels as REST services. These services will be called in session context and will be used to place an Order for registered external user.
We would like to use REST Security framework to restrict certain method / repository access to certain client only. There are 2 set of users involved here in one session 1. The client making the Rest service call and we would like to restrict access by these client. 2. The end user, who will login and create order and checkout. But we don't want to setup access rule based on the external customer profile.
How should we approach this scenario? Any suggestion.

1) Report level security
Using Discoverer you can control access to specific workbooks, so that only certain users have access to the workbooks you want. Also, you can also share workbooks to database roles, and not just users.
2) Data Level security
Discoverer relies on the Oracle database to implement data security. What this means is that the Discoverer user connecting to Discoverer to run a workbook that queries the database for data will never be able to get to data that they do not have access/privilege to. For e.g. is user 'A' is not authorized to view data in table 'B' then user 'A' cannot use Discoverer to get to the data in table 'B'.
3) EUL/Business Area Access
This can be done using Discoverer Administrator - using the relevant menu options. Users can either have full access to the Business area, or you can specify whether a user has access to a business area to begin with. Secondly, using the Privileges dialog, you can furthermore specify whether a user has 'Administration' privileges or not, and even as an administrator whether the user can create new BAs, summaries, manage scheduled workbooks, etc...
4) Allowing user to view the report but restricting it to modify existing report(i.e removing conditions,some fields etc.)
Using Discoverer Administrator, you can also specify whether users have privileges like drill-out, save a workbook, etc... If for example a user does not have drill privileges, then the drill icon is not displayed when running the workbook.
For concepts like how to setup row/column level security, you should consult the Oracle database documentation:
See the Oracle® Label Security Administrator's Guide, 10g Release 2 (10.2), Part Number B14267-01 at http://download-east.oracle.com/docs/cd/B19306_01/network.102/b14267/toc.htm
and
Oracle® Database Security Guide, 10g Release 2 (10.2), Part Number B14266-01 at http://download-east.oracle.com/docs/cd/B19306_01/network.102/b14266/toc.htm
Thanks
Abhinav

Similar Messages

  • Guest/Internal users on a 1300

    I have a client that is looking to deploy 1300 series APs to provide wireless access for both internal users and guest users. They would like to allow guest users access to the internet without WEP or security while forcing internal users to use WEP/Security. They would like to be able to do this using the same APs. I know the 1300 supports VLANs, but I'm not sure if WEP can be turned on per VLAN/SSID or if it is a device wide configuration option. Can anyone provide me with some direction
    Thanks,
    Jack

    Jack,
    The encryption method is per SSID/VLAN, so you could have one that is open for guest users and one that is secured for internal use. But I would recommend that you us 1242/1130 for your AP since the 1300 is really more for bridging.

  • ISE internal user authentication failure - user not found

    Hi Forumers'
    I trying to do wireless 802.1x, where identity store using intenral user.
    But i found this error message when i trying to connect
    Authentication failed                                                                                 :
    22056 Subject not found in the applicable identity store(s)
    My authrorization rules is built like this
    identity groups = user identities group / " mygroup"
    condition = no setting
    permissions = standard / PermitAccess
    Question 1
    Any troubleshooting step to do on this?
    Question 2
    For the Authorization rules, what's the condition should set for using Internal User as Identity store?
    Thanks
    Noel

    The error is caused to an authentication failure and is not an issue with authorization
    You need to look at your authentications policy (Policy->Authentications) and see which identity store was authenticated against
    In addition can do the Live Authentications page (Monitor->Authentications) and for the failing record click on the icon under details. This will give you the full details of the requets processing and you can see which rule was matched in the identity policy (Identity Policy Matched Rule) and "Selected Identity Stores".

  • Creating internal user account in ACS 5.2

    I have an ACS 5.2 server integrated with Active directory . Now i need to create an internal user account to login to some radisu devices using internal user database  .I have near about 600 users all are authenticating through AD .
    Regards ,
    Sandeep

    There is system account in ACS ,which is using to run the scripts . in AD the same account is cerated as a service account and last day the account got expired .we extended that account but its not working ,As per AD team there is no issue from AD side .but we are unable to login to the devices using that account .when we are running the script contineous failed attempts is coming .
    So now we need to create an internal account for testing purpose .
    I have created the same and issue got fixed .

  • I rented a movie. I want to see it using different user on same mac for security reason. How can I do this? Home Sharing fails to do this, so far.

    I rented a movie. I want to see it using different user on same mac for security reason. How can I do this? Home Sharing fails to do this, so far.

    Copy the movie from the current library to the correct library.
    iDevices can only sync to one library at a time.

  • Cisco ISE 1.2 - Problem with Device Onboarding of internal users using AD Credentials

    Dear experts,
    We have implemented ISE 1.2 with WLC 7.5 in our organization. We are using Device Onboarding by letting the users enter their AD Username and Passowrd on Guest portal which then redirects them to device registration portal where they simply register their device and they get internet access.
    The problem is that some users are unable to authenticate using this portal while some can successfully authenticate and register their devices. All users are of the same group in AD. Also, we have enabled this check on two places. One is when users connects to the SSID where the security WPA2-Enterprise uses 802.1x and asks for AD username password. The other is on the portal.
    All users are able to connect to the SSID using their AD credentials. However, 30% of the users are not being authenticated when they are redirected to the Guest portal for device registration. Also, it gives no error or event on either ISE or on the mobille device. When the users enters their credentials, the same guest portal page comes back blank with no errors or logs anywhere.
    Can someone guide me if there is some configuration mistake that I may have done or have someone faced this same issue and were/weren't able to resolve it.
    Thanks in advance.
    Jay

    Our problem got solved. It was related to a few user accounts in AD. Usually any authentication on AD User Account is carried out using the User ID. However, during Web Authentication, Login ID/Name is also checked by ISE and should be same as User ID.
    The problem you are facing might also related be to AD since we had the similar issue. try to check this on a laptop as the mobile portal gives no error if the user is unknown or invalid. Also, you can enable logs for web authentication which are off by default. It will give you a pretty good idea where the problem lies. And yeah, do not keep the web authentications log on for long, it can hang your ISE.
    Anyways, thanks for all the support.

  • Completion Insight not working correctly when using Enterprise User Security (EUS) logon

    This is a pre existing issue we've experienced with SQL Developer, though I've only just worked out what is causing the issue it is present in previous versions of the tool, up to the current 4.0.EA2.
    We experience issues with the Completion Insight functionality of SQL Developer.
    When we log into a database using Enterprise User Security i,e authenticating against OID, the schema of the database account is prefixed to any reference to public synonyms, ie all user_%, all_%, dba_% and v$% views.
    When I change the authentication of the database account back to normal database authentication the schema prefix correctly isn't shown. It simply suggests the synonym name of the views.
    An example of this is as follows when attempting to query the DBA_TABLES view:
    The database account is ORADBA and has DBA privs.
    The EUS user that is mapped to the ORADBA schema is dbutler.
    The ORADBA user is configured to authenticate externally (against OID).
    I login with my dbutler directory credentials:
    If I start typing:
    select * from dba_tabl
    The object name is suggested as ORADBA.dba_tables
    If I change the authentication of the ORADBA account back to database authentication, the prefix is no longer present.
    i.e If I start typing:
    select * from dba_tabl
    The object name is suggested as dba_tables

    If you're not using DB 10.2 this is the "expected" behavior for the DB. See also metalink note 351170.1 "Enterprise Users Can Connect to a Database when the OID Account is Disabled"
    regards,
    --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                   

  • E-recruiting: create internal user failture when using RCF_CREATE_USER

    Hi, experts
        When I create candidate and internal user in E-recuriting using report RCF_CREATE_USER, the system returns me a message: "I::000 Enter at least one number for the business partner" , and so i can't create the user successfully.
        Can anyone show me the solution?
        Thanks very much.
        Best Regards,
        qiuguo

    Hi
    just a thought.....it may not be creating a CP /BP....check your authorization.....hope this helps.....b/r

  • Errors while consuming secured portlet on anonymous user

    Hello,
    I'm trying to configure security end-to-end Portlet as in this link http://fusionsecurity.blogspot.com/2010/09/hands-on-wsrp-security-in-oracle-fusion_04.html.
    I got WSRP security with authenticated users, but when I try to consume the portlet on anonymous users (unauthenticated), I receive the error below:
    Caused By: javax.xml.rpc.soap.SOAPFaultException: FailedAuthentication : The security token cannot be authenticated.
                    at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:669)
                    at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:475)
                    at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:149)
                    at oracle.portlet.wsrp.v2.soap.runtime.WSRP_v2_Markup_Binding_SOAP_Stub.initCookie(WSRP_v2_Markup_Binding_SOAP_Stub.java:343)
                    at oracle.portlet.wsrp.v2.WSRP_v2_Markup_PortTypeJaxbToSoap.initCookie(WSRP_v2_Markup_PortTypeJaxbToSoap.java:671)
                    at oracle.portlet.wsrp.v2.ServerToWSRPv2.initCookie(ServerToWSRPv2.java:22225)
                    at oracle.portlet.client.connection.wsrp.ActivityServerWrapper.initCookie(ActivityServerWrapper.java:1125)
                    at oracle.portlet.client.techimpl.wsrp.WSRPInitCookiePipe.execute(WSRPInitCookiePipe.java:130)
                    … more
    We have the following usecase:
    1) Created an ADF application with one JSP page and converted to portlet.
    2) Created a consumer application (Webcenter Portal Framework Application).
    3) In the consumer app, created a WSRP connection for this portlet (to register the producer).
    - In the "Configure Security Attributes" in the WSRP portlet producer wizard, we have selected the following:
    - Token Profile: WSS 1.0 SAML Token with Message Protection
    - Configuration: Default
    - Default user: anonymous
    4) Drag and drop the portlet on the consumer page and run.
    Would anyone tell me how do I set the permission for an anonymous user?
    Thanks.

    Hi Bijesh,
    Yes, I have tried not specifying a default user and I got the error below:
    <Feb 3, 2015 2:53:48 PM BRST> <Notice> <Stdout> <BEA-000000> <<Feb 3, 2015 2:53:48 PM BRST> <Error> <oracle.wsm.resources.security> <WSM-00008> <Web service authentication failed.
    javax.security.auth.login.LoginException: wsrp:minimal
                    at oracle.security.jps.internal.jaas.module.saml.JpsAbstractSAMLLoginModule.login(JpsAbstractSAMLLoginModule.java:127)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                    at java.lang.reflect.Method.invoke(Method.java:597)
                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                    at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
                    at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
                    at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
                    at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:184)
                    at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:325)
    Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User wsrp:minimal javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User wsrp:minimal denied
                    at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
                    at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
                    at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                    at java.lang.reflect.Method.invoke(Method.java:597)
                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
                    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                    at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
    I’ve set ADF Security for my Portlet Application following the steps below:
    Create an Enterprise Role ‘Participante’. (The authenticated user has this group 'Participante' in LDAP)
    Create an Application Role ‘participante-role’ and map to the enterprise role ‘Participante’.
    Assign ‘participante-role’ to Web Page or Task Flow in Resources Grants.
    Those steps work well when I am using Task Flows. If I use Portlets based on Page instead of Task Flow, the security does not work.
    I have already tested the second option (create a guest user). The problem here is that the user has the authenticated-role associated to it.
    Thanks for help.

  • UNABLE TO ACCESS SECURED EJB USING IIOP FROM JSP

    Following codes does not work with IIOP when called from jsp returns an
    com.sap.engine.services.iiop.CORBA.CORBAObject:com.sap.engine.services.iiop.server.portable.Delegate_1_1@8312b1 step2 RemoteException occurred in server thread; nested exception is: java.rmi.RemoteException: com.sap.engine.services.ejb.exceptions.BaseRemoteException: User Guest does not have access to method create(). at
    Following codes does not work with IIOP when called from a fat client returns an
    org.omg.CORBA.UNKNOWN:   vmcid: 0x0  minor code: 0 completed: Maybe
            at com.sun.corba.se.internal.core.UEInfoServiceContext.<init>(UEInfoServ
    iceContext.java:33)
            at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
            at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstruct
    orAccessorImpl.java:39)
            at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingC
    onstructorAccessorImpl.java:27)
            at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
            at com.sun.corba.se.internal.core.ServiceContextData.makeServiceContext(
    Properties p = new Properties();
    p.put(Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.cosnaming.CNCtxFactory");
    p.put(Context.PROVIDER_URL, "iiop://hostname:50007");
    p.put(Context.SECURITY_PRINCIPAL, "User");
    p.put(Context.SECURITY_CREDENTIALS, "pass");
    I have add java option to add IIOP filer
    -Dorg.omg.PortableInterceptor.ORBInitializerClass.com.sap.engine.services.iiop.csiv2.interceptors.SecurityInitializer
    Solution Required: Could you please detail me what steps in need to perform in order for me to access secure ejb using iiop protocol.
    FYI -- How ever ejb security works with P4 protocol, If required i can send you the test case ear.
    Thanks
    Vijay
    Following are the server side logs
    java.rmi.RemoteException: com.sap.engine.services.ejb.exceptions.BaseRemoteException: User Guest does not have access to method create().
         at test.TestEJBHomeImpl0.create(TestEJBHomeImpl0.java:91)
         at test._TestEJBHome_Stub.create(_TestEJBHome_Stub.java:214)
         at jsp_testIIOP1199698887113._jspService(jsp_testIIOP1199698887113.java:33)
         at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
         at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:544)
         at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:186)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
    Caused by: com.sap.engine.services.security.exceptions.BaseSecurityException: Caller not authorized.
         at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:608)
         at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:505)
         at com.sap.engine.services.security.resource.ResourceContextImpl.checkPermission(ResourceContextImpl.java:45)
         at test.TestEJBHomeImpl0.create(TestEJBHomeImpl0.java:89)
         ... 20 more
    ; nested exception is:
         java.lang.SecurityException: com.sap.engine.services.security.exceptions.BaseSecurityException: Caller not authorized.
         at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:608)
         at com.sap.engine.services.security.resource.ResourceHandleImpl.checkPermission(ResourceHandleImpl.java:505)
         at com.sap.engine.services.security.resource.ResourceContextImpl.checkPermission(ResourceContextImpl.java:45)
         at test.TestEJBHomeImpl0.create(TestEJBHomeImpl0.java:89)
         at test._TestEJBHome_Stub.create(_TestEJBHome_Stub.java:214)
         at jsp_testIIOP1199698887113._jspService(jsp_testIIOP1199698887113.java:33)
         at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
         at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:544)
         at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:186)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)

    That's the code that you need to execute but you should
    probably encapsulate that code in Custom Action.
    Orion has a EJB Tag Library that is free to distribute that
    does all that stuff you just set some attributes.
    Go to their site and look at their Tag Libraries.
    Also look for other Tag Libraries Freely Available for EJB Access.

  • Keeping Internal Users off Guest Wireless

    Have a WLC 5508 running 6.x code with LAP's providing wireless for our internal laptops (WPA2 and EAP-TLS). I want to provide guest wireless which goes out a different port on the WLC to a guest firewall/cable modem. However, we want to prevent our internal laptops from being able to use the guest wireless. I have RADIUS (IAS) and LDAP for my AD available. We would prefer not to have use Lobby Ambassador and just have the guests use a simple password or web passthru. Guests may be laptops or smartphones.
    What options are available? I have tried a test setup using dynamic vlan assignments from RADIUS using the IETF flags, but can't seem to get it to work. Is there a way to identify the SSID is being used at the RADIUS server? Thanks.

    I'm closer. I have aaa override working for vlan assignment via RADIUS. On the RADIUS server, I have two access policies. The first is my normal authentication (EAP-TLS) for internal wireless clients where I included the condition member of Windows group Domain Computers. The RADIUS reply for the first policy assigns them to the "internal" vlan. The second RADIUS policy is for the visitor account (AD account with username/password) and the RADIUS reply from that assigns them to the "guest" vlan. The guest vlan exits my WLC on a seperate port to the guess firewall/cable modem, while the internal vlan exits to my internal lan.
    That way even if internal user connects to the Guest SSID with a company laptop they still end on the internal lan.
    Right now I have the Internal SSID authenticating off one group of RADIUS servers, and the Guest SSID authenticating off another set. My next step is to see if it can be done with only one SSID and one group of RADIUS servers, since assigning the vlan is what really matters.
    Are there any security considerations with using a single SSID?  I plan on turning on Peer to Peer Blocking if I do that.

  • Proper security realm for ecommerce user

    I would like to use j2ee security on our ecommerce site (isUserInRole, getUserPrincipal,
    web.xml declarative functionality to protect resources), but my problem is not
    knowing what security realm to I use to manage the user. The site has thousands
    of users and they need the ability to create an account which will determine their
    "role" based on what membership fee they paid. After they have an account they
    can login an have access to sections of the site that are permitted to them based
    on role. All the examples I've seen about weblogic security is using LDAPs or
    their internal RDMS. How can I have weblogic use our own database or is there
    a best practice to accomplish the task I need? Any information would be helpful!!

    It sounds like you have many users in your database, but not that many roles
    & policies.
    Probably you can use the DefaultRoleMapper and DefaultAuthorizer for your
    roles & policies.
    You need a database based authentication provider. Check out the sample
    dbms authentication provider on the dev2dev center:
    http://dev2dev.bea.com/codelibrary/code/sec_rdbms.jsp
    -tm
    "fed " <[email protected]> wrote in message
    news:4010111d$[email protected]..
    >
    I would like to use j2ee security on our ecommerce site (isUserInRole,getUserPrincipal,
    web.xml declarative functionality to protect resources), but my problem isnot
    knowing what security realm to I use to manage the user. The site hasthousands
    of users and they need the ability to create an account which willdetermine their
    "role" based on what membership fee they paid. After they have an accountthey
    can login an have access to sections of the site that are permitted tothem based
    on role. All the examples I've seen about weblogic security is usingLDAPs or
    their internal RDMS. How can I have weblogic use our own database or isthere
    a best practice to accomplish the task I need? Any information would behelpful!!

  • Routing internal users through UAG

    We have published SharePoint on the UAG and want all internal users to access SharePoint through the UAG, as if they were connecting from outside our network. This is working. The problem is that we are trying to publish Office Web Apps
    for SharePoint and it is not working internally or externally. We followed the TechNet article "Publishing Office Web Apps Server Using a Reverse Proxy Server." Is this a supported configuration (to route all internal traffic through UAG
    as if the connection was external to the network)? 

    Thanks for your reply. The underlying setup is the following and this should clarify things a bit:
    UAG is load balancing SharePoint farm.
    Internal DNS is the same as the Public DNS to access SharePoint. (For example sp.domain.com)
    At this point Office Web Apps works normally for both internal and external users.
    Since we want users to experience the same login steps, the following was done:
    A DNS record was created internally, so that sp.domain.com resolves to the public IP of the UAG. This way everyone is going through the UAG for access regardless if they are internal or external users. This is when we started having issues. It seems that
    there is a loop somewhere when office web apps tries to send the document back to SharePoint.

  • BSP - UserId and Password for Internal Users - Anonymous for other users

    Hello,
    We developed an application via BSP's. This application can be accessed by two kind of users.
    1. External Users, with should access the page without using a userId and password.
    2. Internal Users, they will have more authorisation and need to specify their userId and Password.
    How can we accomplish this? I tried internal aliases, but can't get it to work properly.
    In the first service 'zbsp' I didn't specify a userId and password in sicf.
    Then I created an internal alias 'zbsp' referring to this 'zbsp'. In this alias I specified a userId and Password, but the system still asks for a userId and Password. (and after logging in the system gives the following error: The application name in URL .../bc/bsp/sap/zbsp2/uat_report.htm is invalid.)
    What did I do wrong? Or are there other ways to accomplish this?
    Greetings,
    Bart

    Take a look at the following mesaages that discussed the whole SSO and SSO2 ticket logins.
    As for a way to handle the two different login types. Well first and formost - active the SSO Tickets on your system.  Set your BSP up for that.
    Then create a new starting page with an alias to the pöublic section for BSP's in your system. On this page make two links.
    For your external users - one that redirects to your BSP passing the user and password in the url for the "read only external user" - that's the sap-user=name here&sap-password=passwordhere.
    For your internal people give them simply the link to the BSP which when they click it will see no user name and password and redirect them to the BSP login.
    Make sure you setup the BSP login according to SAP note 517860 and follow the instructions from http://help.sap.com/saphelp_nw04/helpdata/en/1d/13c73cee4fb55be10000000a114084/frameset.htm using the supplied SYSTEM_PUBLIC)
    It's a bit basic but it works, we do it
    Oh and setting up the system for the SSO (transaction sso2) is very very simple!!

  • Submit batch job daynamically using batch user id

    Hi,
    I need to submit the background job dynamically from ABAP program with BATCH user id.
    I have created new program. Users will execute program in foreground.
    Had issue with USER id. If I give my user id then batch job successfully creating. If I give u2018BAICHu2019 id then it is giving the error.
    Am I doing any thing wrong here?
    Code:
    Open Job
      CALL FUNCTION 'JOB_OPEN'
        EXPORTING
          jobname  = jobname
        IMPORTING
          jobcount = w_jobcount.
        SUBMIT zrufilep WITH p_file1 = sourfile
                        WITH p_file2 = destfile
                        VIA JOB jobname NUMBER w_jobcount
                        USER 'BATCH_FI'
                        AND RETURN.
    Schedule and close job.
          CALL FUNCTION 'JOB_CLOSE'
            EXPORTING
              jobcount  = w_jobcount
              jobname   = jobname
              sdlstrtdt = sy-datum
              sdlstrttm = sy-uzeit.
    Thanks

    Can any body tell me if that authorization is given to the user, can he submit any other job from front end?
    As you can see if he can, it will conflict security issues of business. So If he is not permitted to execute these kind of statements in any other program, would he be confined to using diff user in this program only?
    Or is there any other way-out to confine the user for getting this authorization for a single T-code or such?

Maybe you are looking for

  • Can no longer enter data in the address bar {url Bar}, it correctly follows data from google search bar. It was a 1 month old installation so not a lot of complications

    I was not adding anything to Firefox. I Refused tool bars embedded in several application installs on this new computer. Was working fine. Then had a problem with Google search, restored default values and re-tooled Firefox. At this point all worked

  • Error in making report

    I am trying to make a report for a database.  I have vb2010 express.  I have the option to add the crystal report viewer to a form, but when I try to make a report, it gives me the error "The system cannot find the file specified.(exception from HRES

  • ITunes 10.6.1.7 won't work.

    When I start iTunes up, it says that a file is missing and to re-install. I tried and it is the same. I completely removed and re-installed clean - still did not work.  It will not connect with iPad, iPod or iPhone - it says to restore each device. 

  • INGESTED DVCPRO HD FOOTAGE IN WRONG "EASY SETUP" - HELP!

    OK, this falls under the heading: Just plain stupid. Nevertheless, now I am looking for a fix. I'm new to HD. I shot a short film with a Panasonic HVX-200. I was not going to have to do the post-production and would periodically load the footage into

  • ITunes and Quicktime crash when opened!!!

    Ok, I'm kind of panicking. I have the iPhone 4 now and I updated my iTunes last week. It was working fine until today. I got a bonjour disable message, and now neither application will work. I then check my services and bonjour was started. I've been