Secure Login library

Similar Messages

• Secure Login and trust between BO/BW

  Hi.
  We configured server-side trust between BO and BW using libsapcrypto library. All works fine.
  Now we installing Secure Login (SAP NetWeaver Single Sign-On) for SSO from SAP GUI based on Kerberos token. To configure Secure Login we need to modify profile parameters like
    snc/identity/as=p:CN=QBW, OU=Surgutasuneft, O=Surgutneftegas, C=RU
    snc/gssapi_lib=/sapmnt/QBW/exe/libsapcrypto.so
  which were in use by server-side trust between BO and BW. So when we modify them like in installation guide for Secure Login to this:
    snc/identity/as=p:CN=SAP/[email protected]
    snc/gssapi_lib=/usr/sap/QBW/DVEBMGS20/SLL/libsecgss.sl
  we can use SAP GUI SSO to BW but can't run reports from BO since we broke server-side trust.
  We tried many different variations of using these two libraries (including fully regenerating certificates both on BW and BO for server-side trust) but they all failed.
  Any suggestions of how we can activate SAP NetWeaver Single Sign-On on our BW systems, without breaking server-side trust between BW and BO?
  Thanks in advance
  wbr
  Stanislav

  Thanks, but this problem was resolved. Frane was very helpfull in solving this problem, but it was beyond the forum.
  He described the possibility of Secure Login Client that I did not know.
  Another possibility is implemented in Secure Login Client 1.0 SP02 Patch 03 and higher (current version is 1.0 SP03 Patch 02).
  Secure Login Client is able to “rebuild” the required SPN Name (in your example p:CN=SAP/[email protected]).
  This means if the X.509 certificate SNC name is p:CN=KerberosSSO à Secure Login Client will rebuild p:CN=SAP/[email protected]
  This works also if the X.509 certificate name is p:CN=KerberosSSO, OU=SAP Security, C=RU
  Maybe this solution integration is easier for You? You can use the transaction STRUST to create a self-signed certificate.
  Thanks again, Frane.

• Secure login client is not working in VPN

  Hi,
  We have scenario where users connect to office network though VPN and access SSO. When users connect through VPN, users are not able to login in SLC and hence not receiving X.509 user certificate. It shows the following error when try to login in SLC.
  "There are currently no logon servers available to service the logon request"
  But the same SLC is working when users connect directly (ex LAN or WI-FI) to the network.
  We have enabled secure login client trace and found the below errors in the trace when user is connected through VPN.
  SLC trace file
  [2014.04.23 14:23:24.531][ERROR][sbus.exe            ][BASE        ][  6060] ERROR(0xA0100017) in CRYPT->sec_crypt_cipher_get_cipher_len(): An attribute is missing
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/ssodev' with algorithm 23 returned error
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056]     0/C000005E There are currently no logon servers available to service the logon request.
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/ssodev' with algorithm  3 returned error
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056]     0/C000005E There are currently no logon servers available to service the logon request.
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/ssodev' failed (user name is [email protected])
  [2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][  6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_clientGetTicket(): No Kerberos ticket for the requested service
  [2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][  6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_spnego_CreateToken(): No Kerberos ticket for the requested service
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/[email protected]' with algorithm 23 returned error
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056]     0/C000005E There are currently no logon servers available to service the logon request.
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/[email protected]' with algorithm  3 returned error
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056]     0/C000005E There are currently no logon servers available to service the logon request.
  [2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][  6056] Getting kerberos ticket for 'HTTP/[email protected]' failed (user name is [email protected])
  [2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][  6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_clientGetTicket(): No Kerberos ticket for the requested service
  [2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][  6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_spnego_CreateToken(): No Kerberos ticket for the requested service
  [2014.04.23 14:28:38.171][TRACE][sbus.exe            ][sbusslogin.d][  6056] { CSecureLogin_Protocol_2_0::Send_DeleteSession
  Anyone suggest us to fix this issue.
  Regards,
  Yogesh Kumar D

  Hello,
  which kind of VPN do you use?
  Does this guarantee full network access to the domain servers?
  Is the VPN network IPv4 or IPv6 based?
  thanks for the information
  best regards
  Alexander Gimbel

• Web Center app with ADF Security - login problem

  I have a custome Oracle Web Center app.
  I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
  When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
  and i get
  Error 403--Forbidden
  I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
  This works fine if i use a Login link with
  destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
  which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
  Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
  Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
  P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
  Edited by: new_to_webcenter on 18-Jan-2011 05:25

  Thanks for your response Frank.
  The web.xml has
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/login.html</form-login-page>
  <form-error-page>/error.html</form-error-page>
  </form-login-config>
  </login-config>
  When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
  "/faces/postLogin.jspx"
  this then adds into web.xml
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/postLogin.jspx</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  So the sequence which works is:
  Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
  I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
  So should the form be posting to j_security_check directly or to the adfAuthentication ?

• SQL Server Security Logins vs. Databases Security Users

  Why isn't all security needs done just in logins?  When migrating databases, the Logins are not brought over when restoring a backup.  It does not make sense.  Could it not be done all just in the Security > Logins area or why not?  That COULD be designed to track users and rights on various databases rather than a thing owned by each database....
  Thanks for your time.
  Gib

  Understand
  the below points first
  Login are being used to access the server (Server level)
  Database users are being used to access the database.(Database level)
  Why
  isn't all security needs done just in logins?
  Just Imagine the below things:
  I want give the permission to user to take backup for specific databases in this case we will give databasedb_backupoperator
  role. Is this possible with server role to take backup for specific databases
  I want give the permission to user to run the BULK INSERT statement on databases in this case we
  will give bulkadmin server role. Is this possible with database role to run the BULK INSERT statement on databases 
  Thanks-Vanchan
  Please click the Mark as Answer button if a post solves your problem!

• Secure Login Client and Java

  Hi All,
  We are having a project to implement NW SSO for NWBC for HTML, Citrix XenApp will be used as the desktop environment. The requirement is that no Java allowed to be installed on the web browser.
  According to PAM, Secure Login Client is not support Microsoft Application Virtualization (App-V), so how can we deploy the Secure Login Client to Citrix environment?
  If we want to use Secure Login Web Client instead of Secure Login Client, does Secure Login Web Client requires Java installed on users' web browsers? In the latest Secure Login implementation guide (SSO 2.0), it does not mentioned anything about Java runtime. However, because as far as I understand, Secure Login Web Client is a feature of Secure Login Server, while Secure Login Server is pure Java application, I suspect that Secure Login Web Client also require Java runtime to run. Is that true?
  Best regards,
  Duy

  Hello Duy,
  The Product Availability Matrix states that Secure Login Web Client needs a Java runtime in the browser. See the footer of the Secure Login Web Client pages for Windows and Linux/MAC OS browser platform support. It says the following:
  For Windows: SupportedJava Runtime: Oracle (Sun) JSE 6, 7 and8, 32bit
  For Linux/MAC OS: Supported Java Runtime: Oracle (Sun) JSE 6.0 and7.0, 32bit/64bit depending on browser
  Best regards,
  Martin

• Cannot find SECURE LOGIN SERVER software

  Hi.
  I am trying to setup SAP NW Single Sign On.  I have been trying to download Secure Login Server but cannot find it in SAP software download page. I searched for SINGLE SIGN ON, SSO, SECURE LOGIN SERVER,  SLSERVER, etc...The SAP download page returned 0 match.  Can anyone direct me to the right download link please?
  Thank you for your help.
  Tuan

  Hi Kristen,
  Thank you for your prompt reply. I did follow your instruction but Single Sign-On is nowhere to be found in that page. I read the SSO implementation and follow download instruction there as well but again, cannot find it.  

• Non-secure login for 5.0 ip services

  How do I change to non-secure login on phones for ip services in 5.0?
  Thanks,
  Andy

  This gives you access to all your subscribed services without logging in every time. Keep in mind that anyone can access your information if your login mode is set to non-secure.
  you need to use the SCCP Phone Security Profile in Callmanager 5.0
  http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a0080645855.html

• About SCCM 2012 Primary sites sql server security logins

  Hi, guys!
  I've got some issue or some misunderstanding....In primary site's sql security logins there were same accounts as on CAS sql.....(We've got about ten primary servers)....two days ago someone (i'm going to find out that guy....damned...) from branch administrators
  cleared up security list logins on one of primary server and left only two accounts....one of them it is primary site server installation account, second account - there is SCCM all hierarchy administrators group....
  Most of that....that somebody got lower site server installation account role from sysadmin to public....
  Am I right thinking in that way - all sql server security logins on all primary sites in one hierarchy must be identical....it explains by SQL replication.......?????
  How can i get back sql security logins list on that sccm server to normal way....became after installing primary site server....??? need help......  

  Hi,
  Primary sites do not always have the same security logins.
  You need to add NT... accounts, sa etc into security logins. These accounts were added during SQL installation.
  All site system computer accounts (such as MP, DP) and primary site computer account also need to be added.
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Secure Login from Internet

  Hi, We are looking to make the Portal available to our clients over the internet with a secure login.  Is there any way to allow us to allow login in any of the following ways?:  What would be required?
  1. User Logs in with User Name/Password, but only if they have a Certificate we issued to them or they have on their pc.
  2. Allow the Portal to automatically log them in if they have a certificate?
  Thanks

  Hi,
  if I understand you correctly, you want to have a mutual authentication, meaning:
  1. You'll have a SSL secured connection to your portal from the Internet
  2. The users do have a client certificate that your organization (CA, PKI) has issued.
  The EP supports client certificates. You'll have to enable this feature on the portal server.
  SAP Help: http://help.sap.com/saphelp_nw70/helpdata/en/b1/07dd3aeedb7445e10000000a114084/frameset.htm
  br,
  Tobias

• Signed By User from security login

  I have a table with an calculate string so it is signed By User from security login called "Transcribed by".
  I need to know how this works though if I have a second string defined by user login Called "Reviewed By".
  Is there a way either through the use of separate screens or tabs to only have the information saved to either of these two when they are displayed?
  Is there a way two differnent users could sign the same order and still be tied to thier secure login ID?
  My Code for the "Transcribed by" string is followign does this even work?
  partial void NurseTranscribing_Compute(ref string result)
  result = DataWorkspace.SecurityData.UserRegistrations.Details.Name.ToString();
  // Set result to the desired field value

  So the question is if I use code to assign automatically fill in the field will it know what to do if a second person signs the same entity this way. like how Created by and modified by works in VS 2013. I want an Orders screen to sign the entity entry programmatically
  then a review screen for the reviewer to sign the same entry programmatically.
  Would that simply work if the "Created by" property was only on the orders screen and the "Reviewed by" property was only on the review screen.

• Secure Login System

  I know that this might be quite simple to advanced PHP users and CSS coders but I am new to that sort of thing. Although I am very advanced in HTML and with computers in general, and dreamweaver, but I am confused on how I would go about adding in a secure login system for my sites users to use and a member area for their profiles they can use and such. I have done a lot of looking around and research on how to do this and all I have seem to find are terrible youtube videos on how to do MSQL which is doesnt really comply with DW, and other numerous sites offering paid for exstentions for such a thing.
  Is there any easy way to do this such as somone who has (or can) write a easy to cpy and paste code that allows this. I know that sounds weak and lazy but I dont understand any other way to do this. Im kinda on a low budget which is why I make websites in the firstplace. So if anyone can lead me in the right direction or just help me in some or any way at all i would really appreciate it.
  Thanks.

  The Dreamweaver Help files contain instructions on how to build a login system. There's also an online tutorial by Sherri German (a very reliable writer on Dreamweaver). Sherri's article is based on the original release of the user authentication server behaviors as a Dreamweaver extension. The server behaviors are now built into Dreamweaver, so you don't need an extension.

• Configure BO System to Accept Secure Login Certificate

  Hello,
  I installed Netweaver SSO 2.0 Secure Login Server.
  Configured ABAP and Java Systems' SSO.
  I have also Business Object system in my landscape.
  Is it possible to login BO system using secure login server certificate?
  If yes how can we configure? Is there a document for this?
  Thanks.
  Yuksel AKCINAR

  Hello Yuksel,
  Please, find the documentation - BI Platform Administrator Guide: http://help.sap.com/businessobject/product_guides/sbo41/en/sbo41sp3_bip_admin_en.pdf
  Look at the section: "9.2.4 Enabling Trusted Authentication"
  I hope this will help you to find a solution.
  Best regards,
  Donka Dimitrova

• What happened to the security login section for one password which allows me to have passwords stored???

  what happened to the security login section for one password which allows me to have passwords stored???

  * Tools > Options > Security: Passwords: "Remember passwords for sites"
  Make sure that you haven't saved Uppercase and Lowercase versions of that name and password.
  Remove saved Password(s):
  * [[Remembering passwords]]
  * [[Protecting stored passwords using a master password]]

• Secure login to remote UNIX host and run a shell script

  Hi I am new to JAVA. I want to login to remote UNIX host from my application secure login (SSH) and run a shell script reside that remote host. Can any one let me know the way how to do it. If possible provide the code example.

  Runtime.exec with an ssh command (not really recommended).
  Much better, an SSH API (JSch, which needs JZlib, from http://www.jcraft.com/ is a good one).