Security Issue Regarding to User and Password (Abid)

Similar Messages

• Linking to an OBIEE report without showing the user and password

  Hi!
  we are trying to access to an obiee report from an external portal (coded with php).
  The idea is that the user clicks on a link an gets the report in pdf format. For that purpose we are using this url:
  http://ttivobiee01:7001/analytics/saw.dll?Go&Path=/shared/Prueba/ogp_obi&Action=Print&P0=1&P1=eq&P2="Criteria"."Key"&P3=1402&NQuser=user&NQPassword=pass&format=pdf
  But this url is expossing OBIEE's user and password.
  In order to avoid this security issue we tried to do an wget of the url but it doesn't return the report. Instead we get an html, which seams to download the report chunk by chunk (using javaScript).
  The question is, is there any way that we could let our portal ussers access to an obbie report without expossing the user and password?
  I have been looking into oracle forums and have found this: OBIEE Go URL with password protected
  but we couldn't use this aproach due to security issues.
  Thanks!
  Nuria

  Hi!
  We have finally done this (and it works!)
  <?php
  $urlInforme='http://obi:7001/analytics/saw.dll?Go&Path=/shared/Prueba/ogp_obi&Action=Print&P0=1&P1=eq&P2="Criterios"."Clave oficial"&P3=1402&NQuser=user&NQPassword=pass&format=pdf';
  $ch = curl_init($urlInforme);
  $ckfile = tempnam ("./", "CURLCOOKIE");
  $ch = curl_init ($urlInforme);
  curl_setopt ($ch, CURLOPT_COOKIEJAR, $ckfile);
  curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
  $output = curl_exec ($ch);
  $ch = curl_init ($urlInforme);
  curl_setopt ($ch, CURLOPT_COOKIEFILE, $ckfile);
  curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
  $fp = fopen("salida.pdf", "w");
  curl_setopt($ch, CURLOPT_FILE, $fp);
  $output = curl_exec ($ch);
  curl_close($ch);
  fclose($fp);

• Problem in getting Portal Mapped user and password in Web Dynpro iView

  I am developing a webdynpro iview.My app need to read mapped user and password form a system in Portal runtime.
  I used the following codes in my Web Dynpro java program:
       IWDClientUser user = WDClientUser.getCurrentUser();
       IUser iuser = user.getSAPUser();
       IUserMappingService iums = (IUserMappingService)WDPortalUtils.getServiceReference(IUserMappingService.KEY );
  //     IUserMappingService iums = (IUserMappingService)
  //     PortalRuntime.getRuntimeResources().getService(IUserMappingService.KEY);
       IUserMappingData iumd = iums.getMappingData (systemalias, iuser);
       Map map = new HashMap ();
       iumd.enrich(map);
       String userid = (String)map.get( "user" );
       String pwd = (String)map.get ("mappedpassword");
  I've add a sharing references in project properties,the value is "PORTAL:sap.com/com.sapportals.portal.prt.service.usermapping.IUserMappingService"
  But when I run the iview on my Portal, it goes wrong, the message is:
  com.sap.engine.services.deploy.container.DeploymentException: Clusterwide exception: Failed to prepare application ''local/HomePage'' for startup. Reason= Clusterwide exception: Failed to start dependent library ''com.sapportals.portal.prt.service.usermapping.IUserMappingService'' of application ''local/HomePage''. Status of dependent component: STATUS_MISSING. Hint: Is the component deployed correctly on the engine?
      at com.sap.engine.services.webdynpro.WebDynproContainer.prepareStart(WebDynproContainer.java:1490)
      at com.sap.engine.services.deploy.server.application.StartTransaction.prepareCommon(StartTransaction.java:231)
      at com.sap.engine.services.deploy.server.application.StartTransaction.prepareLocal(StartTransaction.java:184)
      at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesLocal(ApplicationTransaction.java:365)
      at com.sap.engine.services.deploy.server.application.ParallelAdapter.runInTheSameThread(ParallelAdapter.java:117)
  Anybody can help me?And are there anyother methods can get mapped user and password of Portal systems in Web Dynpro JAVA.

  Hi Wayne,
        Did you added com.sap.security.api.jar to your webdynpro project. if not follow this steps.
  1. Right-click the project in Eclipse or SAP NetWeaver Developer Studio.
  2. Select Properties.
  3. Choose Java build path -> Libraries -> Add Variable -> Select variable WD_RUNTIME -> Extend -> com.sap.security -> lib -> com.sap.security.api.jar.
  I hope this should solve your problem.
  Regards, Suresh KB

• URL in sender SOAP channel with user and password

  Hi Expert,
  I have developed SOAP to proxy scenario.The serder WSDL is generated by using sender agreement. In the WSDL we are using default below URL.
  http://host:port/XISOAPAdapter/MessageServlet?channel=party:service:channel
  But the client requirement is that he want SAP user and password also in above url.
  Is this possible in sender SOAP channel?
  Any body can please help me for above issue?
  Thanks.
  Edited by: darshana-PI on Feb 1, 2012 5:26 PM

  Thanks prateek,
  we have used HTTP plain adapter for this and used below link to call that interface in PI. And its working.
  http://server:port/sap/xi/adapter_plain?service=<xxx>&namespace=<xxx>&interface=<xxx>&sap-user=<xxx>&sap-password=<xxx>&qos=BE
  I can understand the security related problem, but that was the requirement for end application.
  Thanks,
  Darshana.

• Proxy interface always request user and password

  Hi all,
  I have created a interface from R/3 Proxy -> XI -> RFC.
  The interface works fine, but I have a problem, whe I execute the interface in the SPROXY transaction and with a report, the system always request for me the SAP Web Application Server  user and password.
  How can solve it?
  Regards, RP

  All the configurations for your mails are previously done in the system. The issue has not been solved.
  I give you more details. When I do the conections test from SM59 the connection is ok, and not logging is requested. And interfaces with RFC adater works fine too.
  The issue is in the Sender call, the receiver call use a RFC Adapter and works. And if you fill the user and password the sender works fine.
  Thanks in advance.
  RP

• External Web Service - User and password in HTTP header

  Hi!
  How is it possible to add user and password in the HTTP header in a external web service call? 
  I have created a "Portal Service from WSDL file - Client side" with the wizard in SAP Developer Studio.  I following the Java Development Guide - Web Service Security, and use the <i>secured service connection</i>.  I have also created a new <i>System Landscape</i>, but should the new system be based on HTTP, my own PAR or what?
  How can I check that the user and password is added to the HTTP header or the SOAP envelope? Do I have to scan http traffic with a proxy as Paros or can I find the request sent from SAP EP in the logs?
  Cheers
  Asle

  Hello All,
  I have been struggling a bit while putting a reasonable security framework on a jax-rpc style web service. I'm using JWSDP1.2 to set up the webservice. I've tried to outline my problem below. Please correct me where I'm wrong.
  I've been through the Sun's WS tutorials, but they are not really clear on security. However, from them I surmised that there are two decent authentication techniques. HTTP Basic and mutual authentication (MA) . Both have their drawbacks though. HTTP Basic suffers from poor encryption while MA is a bit difficult to set up on both client and server sides. Another problem with MA is that there is no central repository for users/passwords.
  OK, what I would really like to do is use my own user database to verify users/passwords i.e. use a HTTP Basic like authentication (but at application level) but run it over SSL for encryption. It seems simple, but is it possible?
  Also, I have noted that when I use HTTP Basic on the service side, and use a java client, then setting username/password has no effect. In other words, I can always access the web-service, even with wrong username/password.
  Sorry for the long post. Hope someone can help. Thanks.

• WebService in XI with user and password

  Hello,
  I´ve created a webservice in XI. When I call this webservice without user and password from an external tool (soapUI 1.7.5), the following error appears:
  +Logon Error Message
  Der Aufruf der URL http:... wurde aufgrund fehlerhafter Anmeldedaten abgebrochen.+
  (means: the call failed because of missing authorization)
  Ok, but where can I implement the user and passwort, that this webservice can be called automatically from an other application?
  Thanks for your assistence.
  Kind regards
  Martin

  Hi Huber,
  <b>but where can I implement the user and passwort, that this webservice can be called automatically from an other application?</b>
  open the WSDL  ....and in the left side (bottom) u can see option of user name and password...but i guess its not possible to login automaticaly.
  u have to provide the username and password evrytime....
  regards
  biplab

• Link to folder with user and password

  Hi all!
  From my action I want to redirect to a file in order to download it but the problem is that this file is in a web folder with user/password
  How can I redirect to it to downlad it directly without introducing user and password manually by the customer?
  Thanks!
  T

  Do you understand where this user/password restriction comes from? It look like just a HTTP based authentication. A Servlet can access the local file system directly without issueing a new HTTP request for that. Or is that file located at another server?

• UCM Administration Applets request the user and password confirmation

  I want to ask if someone has experienced in the UCM Administration Applets, that request the user and password confirmation for each time the applets are executed,
  Is there any configuration in the UCM that activates this behavior?
  I’m trying to reproduce this behavior in the development environment but with not much success
  The UCM version is 10.350
  Thanks for your support.

  Is there any configuration in the UCM that activates this behaviorNo. It's more likely that you are accessing the applets via a URL that does not match the one you originally used to log in to the Content Server.
  For example, you logged into "http://myserver/cs" or "http://<ip address>/cs". However, your HttpServerAddress variable is defined in Content Server as "http://myserver.mydomain.com". (Any absolute links to the applets use the variable to build the URL.) The browser "thinks" this is a new domain, and doesn't forward credentials to the different address. So the applet must prompt again for credentials. (Are you using a load balancer by chance? Does your HttpServerAddress variable in Content Server match the DNS entry being used for the load balancer?)
  I've also seen some versions of the Sun client JRE do this by design as a security "feature". If you using IE, make sure your server address is in the "trusted" or "intranet" security zone.

• Reset the user and password in the config tool

  Dear All,
  how can I reset the user and password in the config tool ?
  Regards
  ertas

  how can I reset the user and password in the config tool ?
  Section from help:
  http://help.sap.com/saphelp_nw70/helpdata/en/1c/129d440bbe4b7d8ae8b82879808d7e/content.htm
  Section from SDN Wiki:
  https://www.sdn.sap.com/irj/scn/wiki?path=/display/ep/to%252breset%252badministrator%252bpassword%252bthrough%252bconfig%252btool
  Regards,
  Abhishek.

• I can not login into the Folio Builder, I introduce my user and password and keeps logging in...

  I've introduced my user and password, the Folio Builder tries to login but gets stuck logging in with the wheel spinning.
  I've tried to uninstall and install Indesign CS6 again several times but nothing different happened...
  Could you help me please?
  Thanks.

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  *Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Tools > Options > Privacy > Cookies: "Show Cookies"
  You can check if there are entries in the password manager with an empty user name.
  Make sure that you haven't saved multiple (uppercase, lowercase) versions of that name and password.
  Remove saved Password(s):
  * Tools > Options > Security: Passwords: "Saved Passwords" > "Show Passwords"
  If you click "Never" then you create an exception that needs to be removed.

• How to pass user and password in workspace when open a bqy

  hello,
  how to pass user and password of workspace when refresh a bqy for a query in DB2.
  I don't know where to insert the properties in order to use user and password of workspace,
  I want to use user of login of workspace,
  I don't want to make to appear the mask of login newly when the user refresh the query.
  I don't want to set a default user and password
  thanks
  massimo

  Dear Friend,
  What you mean?
  1. Do you mean how to pass login page on workspace ?
  2. or Do you mean how you can use a connection file to connect to db that is hide from user?
  3. or You mean how to use user & password to login to doc on workspace
  Answer for 1:
  use link
  http://HyperServer:45000/workspace/browse/get/MyFolder/MyIR.bqy?user=admin&pass=password
  Answer for 2:
  a) Upload or import connection file ( MyConn.oce ) to DB2 into workspace,
  b) for IR doc properties change file connection ( MYConn.oce )
  Answer for 2:
  use link without user & pass parameter
  http://HyperServer:45000/workspace/browse/get/MyFolder/MyIR.bqy <?user=admin&pass=password>
  regards
  siyavuş

• What is default user and password for Single Sign On

  When I try to run a test.rdf report (that comes for demonstration purpose). A page appears which asks form SSO user and password.<br>
  I tried all user IDs and password that I have used so for during installation. But none works. Please give me hint about it.

  Hi,
  If you would like to turn off the SSO for Reports, you can edit the Reports server's .conf file. For some reason, Oracle enabled SSO by default for Reports.
  You can access this file through OEM, or you can hand-edit it. It is located at ORACLE_HOME\reports\conf\<rep_server_name>.conf. (Make a back-up first just in case).
  Scroll down about a third of the file until you locate the <security>. . .</security> section.
  Delete this section, save the file (and run dcmctl updateconfig if you hand-edited the file), and restart the OC4J_BI_Forms instance.
  You will no longer get the SSO sign-in page when you run a report.
  HTH,
  Jim

• Can't write my user and password when accessing OV...

  Hi all,
  can somebody help me to resolve my issue
  when i access OVI, i am requested to  enter user and password, but when i write my user and password, it looks like i am writing in white caracters , i can't see what i am writing.
  thx for all and regards

  are you using predictive text ?what phone have you ?you can use the hash key to change characters
  If  i have helped at all a click on the white star below would be nice thanks.
  Now using the Lumia 1520

• User and password fields vanish in login window

  Hi all
  I'm scratching my head. I have a managed 10.7 client, bound to a 10.7 OD, for various testing. Set login window to show user and password text fields. Sometimes (but not always, haven't found a rule yet), there is a little left/back arrow left to the user field. If I click it, user and password text fields vanish, leaving me with a more or less blank login screen except for the restart/shutdown/sleep buttons. Nothing I tried will bring back the text fields, and the only option is to do a restart.
  Anyone seen this? What should it be good for?
  I thought that maybe this should be something like in Windows, where you have to press ctrl-alt-del to get the actual login screen to show, but neither cmd-option-shift-enter nor cmd-option-ctrl-enter have any effect. Nor does esc or ctrl-option-esc.

  Finally got the upgrade rolling again.  Not sure which trick did it, But the last thing i did was this.  I changed the password for the user SAP* using the configtool under cluster-data -> Global server configuration -> services -> comn.sap.security.core.ume.service -> ume.superadmin.password.  Type in the value field, hit "set" and retyped it in again. Hit save, restarted the instance. I had tried this earlier under the single instance server.  But that didn't seem to take effect.