SAP BI and BO SDK Application user authentication (SSO)

Similar Messages

• Sap installation and configuration procedure,its user id and pwds to access

  hi ppl...
  hope u r doing best help with ur career (may be) as well as knowledge on SAP...
  I am actually trying to install SAP-Ecc 6.0 in Home PC(Laptop i mean)...
  i have Windows XP ....As of now i just have SAP-GUI installed..but i need the server(IDES or any log on details)...to work and play around(practice or have hands-on)...which application server(create a logon pad) and clients(login and pwd) to use...any free source exists...just to work on SAP..
  Even i heard in Minisap or IDES...less tables and datas are only stored...say only 'sflight' like tables will be there..or even some display mode only(access to many TCODES)..
  so is that any suggestions to configure or customize ourselves..to work and improve our knowledge?
  I was a developer...now home-maker...but would be good if i can play around and develop my interest on SAP-ABAP...
  can any one of u, pls do help me out to get server details(for entering in SAP-GUI) and its clients as well as password(development,testing,etc...TCODEs where we can create/display/change,etc.. mode access)....?

  Check out this Links.For more go to help.sap.com and search.
  http://help.sap.com/saphelp_erp2005/helpdata/en/c6/811e70ec5811d1801c00c04fadbf76/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/87/4d5739d335a85ee10000000a114084/plain.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/70/579502a7c611d3961700a0c94260a5/content.htm
  Thanks
  Govind.

• Read Attachment from SAP inbox and Transfer to Application Server Folder

  Hi
    I have one requirement . I have to developed one background program to read the all the attachment in SAP inbox and transfer all this attachment to sap application server folder.
  Thanks and Regards
  Shyam

  Hi Rajendra ,
  please try this code snippet , here we call a selection screen that allows us to browse the file name .
  PARAMETER : p_file TYPE localfile OBLIGATORY .
  AT SELECTION-SCREEN ON VALUE-REQUEST FOR p_file .
    data: user_action type i, filename type filetable, result type i,
          fn type file_table.
  CALL METHOD CL_GUI_FRONTEND_SERVICES=>FILE_OPEN_DIALOG
    EXPORTING
      WINDOW_TITLE            = 'SELECT FILE'
     DEFAULT_EXTENSION       =
     DEFAULT_FILENAME        =
     FILE_FILTER             =
     INITIAL_DIRECTORY       =
     MULTISELECTION          =
    CHANGING
      FILE_TABLE              = filename
      RC                      = result
      USER_ACTION             = user_action
    EXCEPTIONS
      FILE_OPEN_DIALOG_FAILED = 1
      CNTL_ERROR              = 2
      ERROR_NO_GUI            = 3
      NOT_SUPPORTED_BY_GUI    = 4
      others                  = 5
    if user_action = cl_gui_frontend_services=>action_ok.
      clear p_file.
      loop at filename into fn.
        p_file = fn-filename.
      endloop.
    endif.
  Hopefully it helps

• Create "Sysadmin Read only" Responsibility and add to Application user.

  Hi
  I am using 11.5.10.2 (Single node installation) on RedHat LinuxAS4 OS. I have couple of requests from the users.
  Issue 1:
  The user has requested to "Sysadmin Read Only" Responsibility and attach that responsibility to his user. Please find below the request raised by the user.
  Can u add query only access for Sysadmin responsibility as I need an option to check the values assigned to each profile option and other relevant functionalities in sys_admin responsibility.
  Issue 2:
  The user is unable to open two forms simuntaniously. I was asked to set a profile option for that, please let me know which profile option is that.
  Thanks and Regards
  Amith

  Amith
  Issue 1:
  Refer the following thread
  System Administrator Read-Only responsibility.
  Issue 2:
  Perform the following steps
  System Administrator ->Security->Responsibility->Define
  Query the responsibility for which u want to enable Multiform access
  In the Menu Exclusions tab add
  Type: Function
  Name: Navigator: Disable Multiform
  -HTH
  Regards
  Mahesh

• Problems with 802.1x MS PEAP machine and user authentication

  Using Microsoft PEAP 802.1x client on Windows XP SP2, if we enable machine authentication against a Windows Domain, the machine authentication is successful and the machine gets access to the network. However, when user logon occurs to the domain, contrary to the flow given in ACS and Windows documentation, no user authentication takes place.
  We need to differentiate user access based on their identities. We need machine authentication only to allow users access to the domain controller and also GP implementation.
  Any idea why user does not get prompted when they logon. 802.1x is configured in users profile and I have tried with both integrated and non-integrated with Domain logon (i.e. "use my windows logon name and password and domain (if any) option"
  There is no record of any identity request/response in ACS after the initial machine authentication (which appears in successful authentication log)
  We are using MS-CHAPv2.

  Update...The problem of cached credentials in MS PEAP does not occur if "enable logon using Windows username and password (and domain if any) is checked. Using this option, MS PEAP always uses logged on users most current credentials.
  However, using this option sends the username as "DOMAIN\USERNAME". Since we are using ACS internal database for user authentication (even though the ACS and Windows passwords are same - using an identity management system) ACS does not recognize the user.
  I have tried proxy distribution with prefix stripping but it does not seem to work when it is pointing to the same ACS server on which proxy distribution is configured and which receives the request.
  Any idea how the domain\ can be ignored by ACS?

• Oracle users and application users

  Hi All,
  I'm currently developing a small application, probably 50 users max. I'm still having a hard time as to how I should create and manage the application users. I've thought of 2 ways but not really sure which will be the best approach.
  Approach 1: 1 application user = 1 oracle user.
  - This way I can create roles with specific privileges and grant them to particular users.
  - I won't have to manually configure/grant users access to specific modules in the application.
  - Each user will have their own connection since they will use their username and password to build the connection string.
  - I will be able to use the auditing feature.
  Approach 2: Create 1 user/schema with all the objects needed for the application then create my own users_tbl to store user credentials such as username/password etc.
  - Manually configure access to users on specific modules.
  - All users will use 1 connection string.
  - Will not be able to use auditing feature.
  can anyone else suggest any other approach or comment on my 2 approach.
  also, i will be using vb.net using vs 2005 to develop the application for my oracle 10g express edition database.
  thanks.

  Hello,
  Just to throw something into the hat....have you considered using the already installed APEX development environment that already comes with your XE?
  Much of this sort of 'connection pooling/handling' disappears using the APEX environment as it is all automatically-handled for you (which means you can then concentrate on the really important stuff).
  John.
  http://jes.blogs.shellprompt.net
  http://apex-evangelists.com

• UCCX application user and password.

  Hi Team ,
  Is there any effect on configuration if i change username and password by using these commands?
  utils reset_application_ui_administrator_name
  utils reset_application_ui_administrator_password
  Actually i don't know the username and password of application user of uccx even not in the cucm enduser.

  show uccx appadmin administrators command is not available on 8.5.1 version ?
  admin:show uccx
        show uccx cad*
        show uccx components
        show uccx dbcontents
        show uccx dbschema
        show uccx dbserver*
        show uccx dbtable*
        show uccx jtapi_client*
        show uccx license
        show uccx provider*
        show uccx recordings*
        show uccx servm*
        show uccx subcomponents
        show uccx tech*
        show uccx trace*
        show uccx version
  admin:set uccx
        set uccx cad*
        set uccx provider*
        set uccx trace*

• User authentication in FDM

  Hi friends,
  1) I am using FDM 9.3.1, we can i create a user in FDM using user management and we are creating simple user authentication vb script in FDM but still we are able to access that user with any password.
  2)I also donot know how to configure fdm with shared services.
  But i think we can create some user in FDM without any need of shared services and we can authenticate that user by writing vb user authentication script.
  Pls help me for both these problems

  Hi,
  How SRDEMO calls the login page which asks the username and password and later use it in other pages?
  Its using container managed security: Look at infrastructure/SRLogin.jspx
  Is there exists any document which describe How user connection(userid and password) information is authenticated and preserve later in other pages of the ADF applicaton?
  In container managed authentication, the username can be accessed from the JSf external context. The password isn't
  Is there exists any example which does the database user authentication instead of application user authentication in ADF BC and used in later forms?
  Yes, you can configure container managed authentication to use a custom JAAS LoginModule instead
  http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
  Is there exists some pre-login( on-logon) triggers kind of stuff in ADF as it was in forms?
  Using ADF Business Components that would be the prepareSession() method that is called on the application module
  Frank

• User Authentication in ADF BC

  Hi,
  I am trying to understand "how to authenticate the database(or application) user and retain the connection for later pages in ADF BC application".
  I downloaded the famous SRDEMO from oracle and now working on it.
  As I understand :
  It runs the index.jspx page which just has the following code :
  <?xml version='1.0' encoding='windows-1252'?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0">
  <jsp:scriptlet>
  response.sendRedirect("faces/app/SRWelcome.jspx");
  </jsp:scriptlet>
  </jsp:root>
  it calls the SRWelcome.jspx but when I see the SRWelcome.jspx I do not see the actual code as I see when I run the application.I do not find any include file statement which ask for username and password.
  Questions :
  1. How SRDEMO calls the login page which asks the username and password and later use it in other pages?
  2. Is there exists any document which describe How user connection(userid and password) information is authenticated and preserve later in other pages of the ADF applicaton?
  3. Is there exists any example which does the database user authentication instead of application user authentication in ADF BC and used in later forms?
  4. Is there exists some pre-login( on-logon) triggers kind of stuff in ADF as it was in forms?
  PS: I don't have experienced in ADF but in Oracle Forms so looking for the same kind of simple authentication functionality in ADF.
  Best Regards
  Anurag Vidyarthi

  Hi,
  How SRDEMO calls the login page which asks the username and password and later use it in other pages?
  Its using container managed security: Look at infrastructure/SRLogin.jspx
  Is there exists any document which describe How user connection(userid and password) information is authenticated and preserve later in other pages of the ADF applicaton?
  In container managed authentication, the username can be accessed from the JSf external context. The password isn't
  Is there exists any example which does the database user authentication instead of application user authentication in ADF BC and used in later forms?
  Yes, you can configure container managed authentication to use a custom JAAS LoginModule instead
  http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm
  Is there exists some pre-login( on-logon) triggers kind of stuff in ADF as it was in forms?
  Using ADF Business Components that would be the prepareSession() method that is called on the application module
  Frank

• Business Objects Enterprise SDK application.

  Hi All,
  I am planning to develop a custom web application using BOE 3.1 java SDK's.
  I would like to create only application level users, these users would be mapped with a single BO user account to create enterprise session.
  That means, My application "A" will have say 10 users (i.e. 10 userid and passwords). All these users will their different sets of userid's and passwords (custom application users), they can login into the application using application level credentials,  however to login into the enterprise the application will internally use only one BO user credential (i.e. only one named user acount info.)
  eg:
  user1-login -> application>logins using BO userX userid and password>BO Enterprise session created
  user2-login -> application>logins using BO userX userid and password>BO Enterprise session created
  user3-login -> application>logins using BO userX userid and password>BO Enterprise session created
  and so on.
  The idea is to purchase only one named user licence and create many application level users to login into BOE; but using the same BO user account.
  Is this approach legal in-terms of licensing?
  Would appreciate any help on this.
  Regards,
  Jon

  Hello Adam,
  Thank you very much.
  Please see the following post:
  Business Objects Enterprise 3.1 Licensing
  Tim says:
  names means you can have five users created, any amount logged on concurently (i.e the administrator could have 10 sessions, usera 20 etc no limit) But you can only create 5 different users names
  that means 1 Named user eg: 'A'  can login into the enterprise using his credentials and create any amount of enterprise sessions concurrently for self right??
  Each named user is for a specific user and not to be shared. If you were using concurrent user licensing, than this would be ok to use one enterprise user account.
  5 Concurrent linceses means one user account created in enterprise but, account info can be shared with 5 users, so they can login using same credentials and create five different enterprise sessions?? right?
  so, I can purchase one- 5 concurrent user license and share it with 5 users? OR purchase 5 named user licences and share it with 5 users?
  Either ways my understanding is number of users=number or linceses available (named or concurrent). please correct me if I am wrong.
  Now, which one is cost effective named user lincenses or concurrent?
  Awaiting your response.
  Regards,
  Jon

• Using application user for Cisco webdialer (V7.1.3)

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:Standaardtabel;
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman";
  mso-ansi-language:#0400;
  mso-fareast-language:#0400;
  mso-bidi-language:#0400;}
  Hi,
  I’m trying to use the Cisco webdialer Servlet to make a central application for making phone call’s. When I’m using an normal enduser, I’m able to make a call without any problems. When the end user is configured with multiple Controlled Devices, I can select one of the phones and make a call.
  Because I’m making a central application, I don't like to use an normal enduser (ldap). Therefore I tried to use an ‘application user’. I configured the controlled devices (same phones as the with the normal enduser)and gave the application user permission for the standard CCM end user.
  I checked everything, but I’m not able to get any information about the controlled phones. When I use the normal WebDialer http page, the authentication works fine, but I don’t see the any (controlled) phones.
  Does anyone know if its possible to use an application user in the WebDialer?
  Regards,
  Theo

  There are two different database tables - applicationuserdevicemap and enduserdevicemap.  Those tables store the association relationship between users and devices.
  I guess Web Dialer only looks into enduserdevicemap table.
  Michael
  http://htluo.blogspot.com

• ISE and 802.1x - Retrieve User Cert from AD for Auth without it being in the Personal Store?

  Hello,
  We are implementing 802.1x EAP-TLS wired at the moment with Cisco ISE, and wireless is to come after that, along with our internal PKI.  I set up the PKI, and our network engineer is setting up the ISE.  We currently have it set to first authenticate the computers with a computer certificate (allowing access to AD, among some other things), and then further authenticate the users with user certificates.
  I don't have much knowledge of Cisco ISE, and plan to learn as we go, but I'm wondering:
  Is it possible to authenticate the computer via the computer certificate, getting access to AD, and then have the ISE check AD for the User certificate INSTEAD of the User certificate being in the local Personal store of the client computer?  We have autoenrollment going for user certificates, but it seems to be cumbersome (in thought) that once 802.1x is enabled, a new computer/employee coming on the network has to first go to an unauthenticated port to be able to download the User certificate in the Personal store, before then being able to use an 802.1x port?
  I guess that makes two questions:
  1) Can ISE pull the user cert from AD, without needing it in the local Personal store?
  2) What's the easiest way to handle new computers/users that don't already have the User cert in their local Personal store once 802.1x is enabled?

  1)No
  2)Use EAP-Chaining with EAP-TLS and PEAP
  For this scenario, i would go with Cisco AnyConnect NAM, and then use EAP-Chaining, with EAP-TLS for machine auth, and then PEAP for user authentication. This way you can make sure that both the machine and the user is authenticated, and more importantly, that a user can not get on the network with their user identity only and no machine identity. Using windows own supplicant for this, gives no garantee that the user has logged in from an authenticated machine. The feature that used to be used for this before EAP-Chaining was introduced, is called MAR, and has many problems, making it almost useless in a corporate environment. Security wise, the PEAP-MSCHAPV2 is tunneled in EAP-FAST and does not have the same security issues as regular PEAP.

• Web Application Security - User authentication and registration

  I am trying to develop a very simple web app with following feature
  1. Users should be able to register (sign-up) with the application, i.e backed code will create new user account when new users sign up.
  2. Once the user account is created, they should be able to log in.
  I was reading Java Security section in Java EE tutorial. To use any of Java EE security, the recommended way is to have security-constraint in web.xml specifying roles that have access to application. The roles are then mapped to the users that are created in the application server. The problem here is that the users cannot be created at deployment time. Users are created at run-time as new people sign up using the registration form. So, how can user be created with the application server before deploying the application?
  It seems very odd to be that application users are defined at the app-server level. Eg, Ebay/Amazon has millions of users. Are all those users defined at the application server where their app is deployed?
  If JavaEE security cannot support this simple usecase, what is the point of having security-constraint and all the other security features?

  As per your comment you want to use J2EE/JAAS security for existing user and want sign in feature. You can do it by providing link on log in screen. Please create sign up page and unprotected resource in web.xml. Once user fill sign in details you can store his detail in your authorization repository ( LDAP / Database ) and then either redirect request to login page or submit to your authorization scheme directly.

• Please guide me for user authentication and authorization in WebDynPro App

  Hi,
      I just study the WebDynPro to develop the SAP Portal. I've ever developed the Web-based App using J2EE. So when i developed the Web-based App i have to develop the control of the user authentication and authorization on each page for example ,checking the session of the user whether they can access this page or whether session is expired or not,. So i have no idea with the WebDynPro and the SAP Portal because i never had experience for both WebDynPro and Portal.
  I need to ask you some question to clarify my doubt :
  1. SAP Portal  is web page that include every enterprise application with in one page and user log-in to them just on time, isn't it?
  2. If i integrate WebDynPro with SAP Portal, which one will do the authentication and authorization?. I mean that, Do i have to develop the code to check authentication and authorization in the WebDynPro App or Let the SAP Portal manage them?
  3.Could you please suggest the best practice for authentication and authorization in webDynPro.
  Many Thanks
  Noppong J

  in most case you don't have to write code to deal with session, authentication and authorization.
  1. yes,
  2. no, no code needed. you just set an attribute to your application, which make the the authentication required. when user access this page, portal will display the logon page
  3 you can put some authorization related code in web dynpro for specific requirement, search this doc "Protecting Access to the Web Dynpro Car Rental Application Using UME Permissions"

• How to let SAP user use SSO to access Application in DMZ?

  Hi All,
  Our J2EE application is running on a system in DMZ which can not be connected with LDAP. So I am wondering if it's possible to let SAP user use SSO to access our application.
  After talking with my colleague I think the only way is to import SSO public key to our WebAS and create user in UME and then assign user to the corresponding public key, but anybody know where to download SSP verification file or is it allowed to download and import into another system at all?
  Regards,
  Bin

  Hi,
  Take a look at this example, it uses property nodes to select tha
  active plot and then changes the color of that plot.
  If you want to make the number of plots dynamic you could use a for
  loop and an array of color boxes.
  I hope this helps.
  Regards,
  Juan Carlos
  N.I.
  Attachments:
  Changing_plot_color.vi ‏38 KB