Secured LDAP implementation in Oracle BI

Hi All,
Can anyone tell me how can I implement the secured LDAP in Oracle BI as I have enabled SSL certificate box during the LDAP configuration in the Oracle BI Repository. Is this enough to say that we have implemented secured LDAP or there is something more that I need to do.
Thanks!

In terms of securing your LDAP credentials you probably want the OBIEE Presentation Layer as well to be running over HTTPS otherwise the user LDAP credentials will be sent over a clear text HTTP session (although it might not be an issue for you as the BI Server and the Presentation Services might be running on the same box).

Similar Messages

Setting security credentials dynamically in Oracle BPEL

Hi,
I am tring to pass security credentials dynamically to partner link in oracle BEPL using following code(.bpel). But when i try to complie i am getting below error
Error:
[Error ORABPEL-10902]: compilation failed
[Description]: in "bpel.xml", XML parsing failed because "undefined part element.
In WSDL at "file:/D:/BEPL/OWSM/CustomHeader/bpel/CustomHeader.wsdl", message part element "{http://xmlns.oracle.com/CustomHeader}CustomHeaderProcessResponse" is not defined in any of the schemas.
Please make sure the spelling of the element QName is correct and the WSDL import is complete.
[Potential fix]: n/a.
please help me to sort out above problem. I want to pass the credentials dynamically to partner link in oracle BEPL is it the raight way to do. Kndly respond if any other way.
<?xml version = "1.0" encoding = "UTF-8" ?>

<process name="BPELSycProcess"
targetNamespace="http://xmlns.oracle.com/BPELSycProcess"
xmlns="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
xmlns:xp20="http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.Xpath20"
xmlns:bpws="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:ns1="http://datespackage/"
xmlns:ldap="http://schemas.oracle.com/xpath/extension/ldap"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:client="http://xmlns.oracle.com/BPELSycProcess"
xmlns:bpelx="http://schemas.oracle.com/bpel/extension"
xmlns:ora="http://schemas.oracle.com/xpath/extension"
xmlns:orcl="http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.ExtFunc">

<partnerLinks>

<partnerLink name="client" partnerLinkType="client:BPELSycProcess"
myRole="BPELSycProcessProvider"/>
<partnerLink myRole="GetDatesWS_Role" name="GetDatesWS"
partnerRole="GetDatesWS_Role"
partnerLinkType="ns1:GetDatesWS_PL"/>
</partnerLinks>

<variables>

<variable name="inputVariable"
messageType="client:BPELSycProcessRequestMessage"/>

<variable name="outputVariable"
messageType="client:BPELSycProcessResponseMessage"/>
<variable name="Invoke_GetDate_getDate_InputVariable"
messageType="ns1:GetDatesWS_getDate"/>
<variable name="Invoke_GetDate_getDate_OutputVariable"
messageType="ns1:GetDatesWS_getDateResponse"/>
<variable name="wscheaders" element="ns4:Security"/>
</variables>

<sequence name="main">

<receive name="receiveInput" partnerLink="client"
portType="client:BPELSycProcess" operation="process"
variable="inputVariable" createInstance="yes"/>

<assign name="Assign_1">
<copy>
<from>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>siva </wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">kris</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</from>
<to variable="wscheaders"/>
</copy>
</assign>
<assign name="Assign_Before">
<copy>
<from expression="'Before Service Invoke'"/>
<to variable="inputVariable" part="payload"
query="/client:BPELSycProcessProcessRequest/client:input"/>
</copy>
</assign>
<invoke name="Invoke_GetDate" partnerLink="GetDatesWS"
portType="ns1:GetDatesWS" operation="getDate"
inputVariable="Invoke_GetDate_getDate_InputVariable"
outputVariable="Invoke_GetDate_getDate_OutputVariable"
bpelx:inputHeaderVariable="wscheaders"/>
<assign name="Assign_After">
<copy>
<from expression="'After Service Invoke'"/>
<to variable="inputVariable" part="payload"
query="/client:BPELSycProcessProcessRequest/client:input"/>
</copy>
</assign>
<reply name="replyOutput" partnerLink="client"
portType="client:BPELSycProcess" operation="process"
variable="outputVariable"/>
</sequence>
</process>
Thanks & Regards,
Siva

There are so many limitations on what can and cannot be done in Apps related forms so you should ask this question in the relevant Apps forum: OA Framework (I would think)

Any docs or guide for OpenSSO secure Ldap with Opends

Any docs or guide for OpenSSO secure Ldap with Opends
Cheers
Blacknasa

Hi,
it seems to be a JRE Problem. When I use the Kerberos implementation from "Vintela Single Sign-On for Java" I can establish a "aes256" secured LDAP connection to the AD Server.
This LDAP connection allows to change the passwords of the users stored in the AD.
The problem is that "Vintela Single Sign-On for Java" is not free, so it would be nice to have a solution which works with the Kerberos implementation of the JRE.
The error is the same for "aes128" and "aes256" encryption.
And with Wireshark I can not see any differences in the packets send to the AD and received from the AD.

Error while invoking a WS-Security secured web service from Oracle BPEL..

Hi ,
We are facing some error while invoking a WS-Security secured web service from our BPEL Process on the windows platform(SOA 10.1.3.3.0).
For the BPEL process we are following the same steps as given in an AMIS blog : - [http://technology.amis.nl/blog/1607/how-to-call-a-ws-security-secured-web-service-from-oracle-bpel]
but sttill,after deploying it and passing values in it,we are getting the following error on the console :-
“Header [http://schemas.xmlsoap.org/ws/2004/08/addressing:Action] for ultimate recipient is required but not present in the message”
Any pointers in this regard will be highly appreciated.
Thanks,
Saurabh

Hi James,
Thanks for the quick reply.
We've tried to call that web service from an HTML designed in Visual Studios with the same username and password and its working fine.
But on the BPEL console, we are getting the error as mentioned.
Also if you can tell me how to set the user name and password in the header of the parter link.I could not find how to do it.
Thanks,
Saurabh

Confirming method to secure web services through oracle web service manager

Hi All,
I am just wondering about the method to secure web service through oracle web service manager.
I have a unsecure web service "helloworld" which is deployed on JWSDP1.6 toolkit.I want to secure it through oracle web service manager.
Inorder to secure this unsecure web service,I use gateway(web service manager for securing web service using message level security through certificate).
So when client want to access the helloworld service,it contacts the gateway securely and gateway intern connect to original web service after decrypting and verification of the signature.When gateway gets response from the web service,it signs the response message and then encrypt and passs on to the client.
So my question is,is it the right way to secure web service?
As I am getting the following fault exception :
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode "http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode>
<faultstring>Step execution failed with an exception
</faultstring>
<detail></detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I checked the log at :
C:\coresv_install_home\external\oc4j-10.1.2.0.0\j2ee\home\log\http-web-access
but there is no helpful information available.Thanks for any help.
Kash

Hi Rajesh,
Thanks for your reply.I am using the following policy steps:
1)for Request (Decrypt and Verify signature).
2)for Response(Sign Message and Encrypt).
The configuration for Request is shown below:
Pipeline "Request"
Pipeline Steps:
Start Pipeline
Log
Decrypt and Verify Signature
Basic Properties Type Default Value
Enabled (*) boolean true true
XML Decryption Properties Type Default Value
Decryptor''s keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
Decrypt Keystore Type (*) string jks jks
Decryptor''s keystore password string *******
Decryptor''s private-key alias (*) string s1as
Decryptor''s private-key password string *******
Enforce Encryption (*) boolean true true
XML Signature Verification Properties Type Default Value
Verifying Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
Verifying Keystore type (*) string jks jks
Verifying Keystore password string *******
Signer''s public-key alias (*) string xws-security-client
Enforce Signing (*) boolean true true
End Pipeline
And the configuration for Response is shown below:
Pipeline "Response"
Pipeline Steps:
Start Pipeline
Log
Sign Message and Encrypt
Basic Properties Type Default Value
Enabled (*) boolean true true
Signing Properties Type Default Value
Signing Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
Signing Keystore Type (*) string jks jks
Signing Keystore password string *******
Signer''s private-key alias (*) string s1as
Signer''s private-key password string *******
Signed Content (*) string BODY BODY
Sign XPATH Expression string
Sign XML Namespace string[]
Encryption Properties Type Default Value
Encryption Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
Encrypt Keystore Type (*) string jks jks
Encryption Keystore password string *******
Decryptor''s public-key alias (*) string xws-security-client
Encrypted Content (*) string BODY BODY
Encrypt XPATH Expression string
Encrypt XML Namespace string[]
End Pipeline
I checked the log again but nothing useful there,it is just giving the following values:
2006-08-14 16:32:50,372 INFO [Thread-21] mstore.OLiteMStore - SELECT MEASUREMENT_STR FROM MEASUREMENT_PERSISTED_STORE WHERE ID=? FOR UPDATE
2006-08-14 16:34:50,364 INFO [Thread-16] mstore.OLiteMStore - INSERT INTO MEASUREMENT_PERSISTED_STORE (ID,DEF_ID,CONTEXT_ID,PARENT_CONTEXT_ID,TIME,STORETIME,KEY0,KEY1,KEY2,KEY3,KEY4,KEY5,KEY6,KEY7,KEY8,KEY9,KEY10,KEY11,KEY12,KEY13,KEY14,KEY15,KEY16,KEY17,KEY18,KEY19,KEY20,KEY21,KEY22,KEY23,KEY24,KEY25,KEY26,KEY27,KEY28,KEY29,KEY30,KEY31,KEY32,KEY33,KEY34,KEY35,KEY36,KEY37,KEY38,KEY39,DBM0,MEASUREMENT_STR) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,'R',empty_clob())
2006-08-14 16:34:50,364 INFO [Thread-16] mstore.OLiteMStore - SELECT MEASUREMENT_STR FROM MEASUREMENT_PERSISTED_STORE WHERE ID=? FOR UPDATE
Any help would be appreciated.Thanks.
Kash

Java.security.AccessControlException: access denied (oracle.security.jazn.J

Hi All.
I am calling the getIdentityStoreFactory() method in the IdentityStoreFactoryBuilder class and I am getting the following error:
oracle.security.idm.ConfigurationException: java.security.AccessControlException: access denied (oracle.security.jazn.JAZNPermission getOC4JIntegrationData)
Any ideas what is going on and any possible fixes?
thanks
james

I will move it to the OC4j and J2ee forum.
Thanks for bring it to my attention.
Message was edited by:
user480263

Function Security Menu Report in Oracle 11i -- URGENT NEED!

Is there a way that I can run the Function Security Menu report in Oracle 11.5.10 for all responsibilities at the same time? We currently have 175 active responsibilities in the system.
We also have to provide this info to auditors on a quarterly basis, and it would be great if I didn't have to run this report for each active responsibility. Is there any SQL Script avaliable for this?
Any help would be very much appreciated?
Thanks!
FZ
Edited by: 993391 on Mar 12, 2013 10:28 AM

993391 wrote:
Is there a way that I can run the Function Security Menu report in Oracle 11.5.10 for all responsibilities at the same time? We currently have 175 active responsibilities in the system.
We also have to provide this info to auditors on a quarterly basis, and it would be great if I didn't have to run this report for each active responsibility. Did anyone wrote any custom queries to pull this information out for all responsibilities or any help would be very much appreciated? Have you checked the code in (Checking Functions Associated with a User Menu or a Responsibility [ID 948512.1])?
Thanks,
Hussein

How to implement the Oracle Group by function in Crystal reports?

Hi all,
In SQL, for example we have a group function like:
select district,state, country, continent, sum(no.of people) from world.
Now, How to implement this group function in crystal reports? Please advise.
Thanks in advance..
Regards,
sriram

Hi Vinay,
Thanks for the prompt reply.
In one of our report, we are supposed to perform group by for 14 columns to get sum of 3 columns and there by displaying 17 columns in the report.
When we tried in crystal reports to implement this oracle group by functionality:
1. We created 14 groups from the Insert->Group option.
2. By performing this, we got 14 group sections vertically(one inside the other).
3. Then we created the sum(15th column),sum(16th column), sum(17th column) by Insert->Summary option.
4. We suppresed all the group sections except for the last group.
5. Then, dragged all the groups to the last group section along with the summary fields.
This is how, we tried to acheive the oracle group by function in Crystal reports.
Please advise, whether our approach is right. If not, please suggest the appropriate approach with a bit detailed explanation.
Thanks,
Sriram.

Connect to secure LDAP server from iWS 4.1

I am trying to connect to a secure LDAP server that is expecting client authentication. I installed a client cert (provided by the LDAP admin) on the iWS admin server, and I can search/view user records housed on the LDAP server.
However, when I try to use an iWS webserver to restrict access to a resource using the LDAP, it appears that I have to install the client cert on that webserver as well. The problem is, that if the webserver is not a secure webserver, there appears to be no way to do this. That is, I cannot use a non-secure webserver (not running https) to access the secure LDAP server.
When I install the client cert on the non-secure webserver, I have to create a Trust Database, providing a password. I can then install the client cert that I need to access the LDAP server, but when I go to restart the non-secure webserver, it complains that it can't read the cert database ("NSS initialization failed: -8177"), and attempts to authenticate users fail.
If the webserver is running https, a secure webserver, that is, everything works fine: I can install the client cert, and use the LDAP to authenticate users.
Is there any way to configure a non-secure iWS webserver so that it can read its Trust Database? Or some way to store client certs that does not require a Trust Database?

I don't believe so. As far as I know, this capability was first introduced in iPlanet Web Server 6.0.

Secure LDAP for GWIA Address book

I've setup the GWIA 7.0.3 May 2009 code set and configured for Secure LDAP.
I'm using the same *.b64 and *.key files we use for all our POA and MTAs.
I cannot get the Novell LDAP address book to connect to 636.
Is there a document I can use to help me figure this out.
I can revert to 389 but that port is not open through the firewall.
Mike

POP and IMAP both work on secure port
>>>
From: jgrubbs<[email protected]>
To:novell.support.groupwise.7x.gwia
Date: 9/9/2009 6:36 PM
Subject: Re: Secure LDAP for GWIA Address book
Does POP3 work on the secure port?-- Jeff Grubbs
Novell Technical Support Engineer II
[email protected]-------------------------jgrubbs's Profile: http://forums.novell.com/member.php?userid=41638View this thread: http://forums.novell.com/showthread.php?t=385674

Please let me know LDAP Configuration in Oracle Weblogic Server 10.3.2

Hi,
Please let me know LDAP Configuration in Oracle Weblogic Server 10.3.2.Please give me the steps to configure the LDAP in weblogic 10.3.2.

Hi,
You can check http://download.oracle.com/docs/cd/E15523_01/doc.1111/e14142/console.htm#i1075285

Web Proxy Server & Secure LDAP Problem

Hi,
I'm currently trying to interface a test system with SunONE Web Proxy 3.6 SP4 with a SunONE DIrectory Server 5.2 system. Using unencrypted LDAP, things worked fine.
After creating a test certificate on the Directory Server, I reconfigured the Proxy to use SSL LDAP. Within the Administration Server of the proxy, communications with the SSL-enabled LDAP port looks fine and I am able to download the user/group lists from the directory server. Similarly, the ldapsearch tool works fine. However, the proxy instance itself does not even want to start, reporting the following problem(s):
[30/Mar/2004:13:49:24] info: ldap_pool: ldapu_pool_init() : can't contact server <bovproxy.bov.com>
[30/Mar/2004:13:49:24] security: ldap subsystem: ldap server(s) unreacheable. Acl evaluation may fail.
[30/Mar/2004:13:49:24] info: LdapCheckUp set to 30 seconds
A netstat whilst the proxy is starting reveals that the system does open ports with the LDAP server ok. I've tried various things without success. Any ideas/suggestions would be really welcome.
Thanks,
Herbert

Hi, Can you just guide how to setup this kind of scenario. I mean to say
im using solaris 9 X86 and i have to setup webproxy server (for internet connection sharing) and LDAP. The users should enter username and password for accessing internet. If you dont mind where can i get the documenattion on this. Please help me in this issue as im new bie in Solaris World.
Thanks in Advance
R. Venkat Sharma

LDAP Intigration with Oracle BPM 10.3.0.0.0

Hi,
I want to know about integration with LDAP connectivity with Oracle BPM suite.
We don’t have any knowledge between the integration on Oracle BPM suit & LDAP.
Please do the needful on the same as soon as possible.
With Best Regards,
Ratna Prasad.

I configured LDAP directory, and I was able to see the participants. However the group information is not retrieved properly. Here is the error
(cont) ] Main: Invalid characters found for attribute [OU name].
[     (cont)     ] Main: Detail:Attribute [OU name] cannot be assigned the following value: [Dev/Test].
[     (cont)     ] Main: The invalid character is: [].
[     (cont)     ] Main:
[     (cont)     ] Main: fuego.directory.exception.InvalidAttributeValueException: Invalid characters found for attribute [OU name].
[     (cont)     ] Main: Detail:Attribute [OU name] cannot be assigned the following value: [Dev/Test].
[     (cont)     ] Main: The invalid character is: [].
[     (cont)     ] Main:
Any ideas on what can be the possible solution?
Thanks

Parameterized queries not implemented in Oracle OLEDB ?

Hi Xperts !
I'm implementing an ADO application with Oracle Provider for OLEDB and get an error when accessing Parameters:Count properties of an ADO command object.
Is this not implemented in Oracle OLEDB ?
Is there a workaround to get and set parameters for a query ?
Thanks in advance.
Phil

It can in principle be achieved in SQL (depending on what result set you require) with CONNECT BY and SYS_CONNECT_BY_PATH in 9i and later and with POWERMULTISET in 10g. No doubt this could be done in 8i if absolutely necessary.
Possibly DBMS_FREQUENT_ITEMSETS in 10g supports this kind of analysis.

How are JDBC batch updates implemented by Oracle?

When you're looking to reduce commits you typically think of JDBC batch updates.
I'm just wondering how are these implemented by Oracle and is there ever gains to be had to reducing commits in an Oracle specific way like say using VARRAYs with procedures?

Please refer
http://www.oracle.com/technology/products/oracle9i/daily/jun07.html

Secured LDAP implementation in Oracle BI

Similar Messages

Maybe you are looking for