Single Sign On and BeX Analyzer

Hello All,
Does anyone know of a way of using windows authentication (via Active Directory) to automate the login prompt in the BeX Excel Analyzer? I have found a solution for the BI portal via SPNego, but have not been able to find any discussion or documentation about automating the BeX Excel Analyzer login prompt. Any help is greatly appreciated.
Thanks, --Matt

Hi Derick,
I want to make our discussion into 2 parts
1) Sign on
2) Viewing data based on the Heirarchy
1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
2) We can make the second point possible in two ways One is with providing restriction at universe level
and the other one is through the use of flash variables.
Using flash variables:
The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
I hope this is what you ar looking for....
If so i have more points to acheive such scenario.
Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
Regards,
AnjaniKumar C.A.

Similar Messages

  • Starting single sign-on and directory service

    i am trying to install oracle 9i infrastructure on my clean win2000 box with 2.4 GHz proc and 1GB RAM.
    i am getting falilure messages for the following:
    infrastructure instance configuration assistant: failed
    oracle 9i application server randomize password: failed
    single sign on configuration assistant: failed
    infrastructure mod-osso configuration assistant: failed
    OPMN configuration assistant: failed
    log file says:
    Configuration failed for IAS
    IAS Instance creation failed
    Configuration failed for JAZN
    JAZN configuration failed: unable to establish a directory context.
    Configuration succeeded for IASProperty
    Configuration failed for IAS
    Configuration failed for JAZN
    after which single sign-on and directory service dont start. which means no connectivity :(
    can somebody please guide me about how to avoid this failure in installation or how to manually start these after installation.
    it would be a great help
    ashish

    Hi,
    we're having exactly the same problem.
    Could you tell me what the problem is with the network ?
    You say configure it properly but what do you mean ?
    It's installed on a Windows 2000 Server machine, it's own DNS.
    Thanks,
    Yuri Arts

  • Oracle Single Sign on and Oracle Internet Directory

    Hello Gurus,
    What is the relationship between Oracle Single Sign on and Oracle Internet Directory.
    To my understanding, OID is required to install SSO.
    If OID already exist, can we just install SSO and go on integrating it to existing OID.
    Great Thanks,
    vimal jain.
    [email protected]

    Hi Tim,
    I've been working on this and could reproduce the issue with anonymous binds. A fix will be ready in 4.2.1.
    So what I really need is the password used for login to pass to the is_member call.The P101_PASSWORD item does not save state. However, you can access the value during submit processing of the login page, for example in the post authentication function of your authentication scheme. People sometimes put code in there to query the user's groups (e.g. with apex_ldap.member_of2) and save them in an application. This item value can then be used in the authorization schemes.
    Regards,
    Christian

  • Single Sign on and Protect URL step

    Hi,
    I have successfully installed Oracle Internet Directory, Identity Server, Web Pass, Policy manager, Access Server and WebGate (attached to Oracle HTTP Server from Oracle Management Infrastructure).
    My questions are:
    - How do I protect URL so the user will need to login to access certain URL?
    - How do I enable single sign on and test it?
    - What are the general steps involve to enable URL protection (so if the url is protected it will prompt for username and password) and single sign on using Oracle Internet Directory?
    Kindly help me if anyone know a solution or can point me to the right documentation. I have tried to read Oracle Access Manager - Access Administration Guide, but keep getting confused.
    Thanks.
    Regards,
    Alfonso

    Hi,
    You can follow Oracle Access Manager Integration Guide (10.1.4.0.1) B25347-01, chapter 4, to achieve this. This document will answer most of your questions.
    Regards,

  • Single Sign-On and Data Visibility Rights

    Hello,
    I was wondering whether anyone has any best practices for implementing single sign on and user identification with Excelsius.
    More specifically, I need to interrogate user role, and limit certain data visibility based on that role.
    For example, a sales rep may only see certain data for their own territories, but the regional and national managers can see more.
    With the emphasis in improving enterprise integration with the new version coming up, I'm also wondering if there are any improvements included for this aspect.
    Thanks in advance.
    Derick

    Hi Derick,
    I want to make our discussion into 2 parts
    1) Sign on
    2) Viewing data based on the Heirarchy
    1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
    2) We can make the second point possible in two ways One is with providing restriction at universe level
    and the other one is through the use of flash variables.
    Using flash variables:
    The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
    I hope this is what you ar looking for....
    If so i have more points to acheive such scenario.
    Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
    Regards,
    AnjaniKumar C.A.

  • Single Sign-On and session information

    I have an Oracle Portal application with many Java Web Applications. I wish to
    provide Single Sign-On to this applications. I know how to configure Single
    Sign-On and how to get the user login in Java. I want to store session
    information such as: User First and Last Name, User Social Security Number. I
    want to get this information from the database after authentication, store it
    in session and then access this information from all my applications.

    Are you familiarized with sys_context function?
    Hope this is useful help.
    BR,
    Marcos

  • Difference between bexbrowser and Bex analyzer

    Hi,
       can any body tell me  what is the difference between bex browser and bex analyzer  and how end users will access the reports and how they access SAP.

    Hi
    *BEx Web Analyzer *
    The BEx Web Analyzer is a standalone, convenient Web application for data analysis that you can call using a URL or as an iView in the portal.
    The Web Analyzer allows you to execute ad hoc analyses on the Web: When you have selected a data provider (query, query view, InfoProvider, external data source), the data is displayed in a table with a navigation pane. You can navigate to the data and use other Web Analyzer functions available in the application toolbar. For example, you can change the type of data display, use the information broadcasting functions to broadcast your analyses to others, and create printable versions of your analyses.
    In the Web Analyzer, you can save the data view generated from navigation and analysis as a query view by choosing Save View in the context menu, and you can save the ad hoc analysis by choosing Save As. When the query view is saved, only the data view is saved; when the ad hoc analysis is saved, the entire Web application is saved, including the properties of Web items and the layout of the data.
    Check the link for more info
    http://help.sap.com/erp2005_ehp_03/helpdata/EN/00/e8d13f7fb44c21e10000000a1550b0/frameset.htm
    Bex Browser
    The Business Explorer Browser (BEx Browser) makes it possible for you to access all document types of the Business Information Warehouse that are assigned to your role or that you have stored in your favorites. You can select and open documents assigned to you in the BEx Browser or store and manage new documents in the BEx Browser.
    Document types that you can work with in the BEx Browser are:
    ·        BW workbooks
    ·        Documents that are stored in the Business Document Service (BDS)
    ·        Links (references to file system, shortcuts)
    ·        Links to internet sites (URLs)
    ·        SAP transaction calls.
    ·        Web applications and Web templates
    ·        Crystal Reports
    Regards
    Shilpa

  • OBIEE 11G with Single Sign-On and Active Directory

    Hi guys,
    Release Version: Oracle Business Intelligence 11.1.1.5.0
    Patch applied: 11.1.1.5.0 BP3 (Patch 13832750)
    OBIEE Server operating system: Windows Server 2008 SP2 (32-bits Operating System).
    We are trying to configure Single Sign-On according to TechNote_WNA_SSO_AD_V4.0.doc.
    Our krb5login.conf:
    com.sun.security.jgss.krb5.initiate {
    com.sun.security.auth.module.Krb5LoginModule required
    principal="[email protected]"
    keyTab=cgdkobi2.keytab
    useKeyTab=true
    storeKey=true
    debug=true
    com.sun.security.jgss.krb5.accept {
    com.sun.security.auth.module.Krb5LoginModule required
    principal="[email protected]"
    keyTab=cgdkobi2.keytab
    useKeyTab=true
    storeKey=true
    debug=true
    We generate de keytab file:
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.24\bin\ktab.exe -k cgdkobi2.keytab -a [email protected]
    Password for [email protected]:XXXXXXX
    Done!
    Service key for [email protected] is saved in cgdkobi2.keytab
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\kinit -k -t cgdkobi2.keytab cgdkobi2
    New ticket is stored in cache file C:\Users\cgdkobi2\krb5cc_cgdkobi2
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\klist -k -t cgdkobi2.keytab
    Key tab: cgdkobi2.keytab, 1 entry found.
    [1] Service principal: [email protected]
    KVNO: 1
    Time stamp: Mar 15, 2013 10:34
    C:\OracleBI11g\user_projects\domains\bifoundation_domain>klist
    Current LogonId is 0:0x406163f5
    Cached Tickets: (0)
    We re-start the services and logon into analytics web and SSO doesn't work but there's not an error. It runs successfully with and Active Directoy user and password. Seems like SSO wasn't enabled, but I checked is enabled.
    Any suggestion?
    Thanks in advanced

    Follow the posts : OBI 11.1.1.6.SSO and You are not currently signed in to Oracle BI Server" for OBIEE 11.1.1.6 SSO do the troubleshooting mentioned there.
    Also check your logs for error like the one below:
    [2012-03-09T16:42:36.000-05:00] [OBIPS] [NOTIFICATION:1] [] [saw.securitysubsystem.checkauthentication.runimpl] [ecid: 6c98b5cce1f24814:2a613331:135f95fbdff:-8000-0000000000005b7a,0:1:1] [tid: 5932] Authentication Failure.
    Odbc driver returned an error (SQLDriverConnectW).
    State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
    [nQSError: 43113] Message returned from OBIS.
    [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)[[
    If you are getting this when you login to OBIEE :      You are not currently signed in to Oracle BI Server"
    then you need to apply this patch : 13553428 QA:BLK:DELIVER TO CORP. OID LDAP USERS FAILED WITH IMPERSONATOR DOES'NT EXIST. 11.1.1.6.0 Generic Platform (American English) General Oracle BI Suite EE Apr 5, 2012 799.4 KB
    Let us know the updates. Hope this helps. Mark if it does.!
    Thanks,
    SVS

  • Difference between Federated single sign on  and just Single sign on

    Can anyone please give a clear definition of what is
    1. Federated Single sign on?
    2. Just Single Sign on ?
    As a security expert if you were to Architect security what will you suggest ?
    Lets take an example Landscape
    NW1(ABAP + JAVA)- system, NW-2(ABAP+JAVA)  system and EP( java only), LDAP
    I am having a hard time convincing the customer to have both CONSUMER AND PRODUCER PORTAL for Federated single sign on? is this a bad idea. Customer says just give me SSO(with just one portal acting as CONSUMER/PRODUCER).
    initial GOLIVE user load will be 700+ users.
    Edited by: Franklin Jayasim on Jul 16, 2010 7:52 PM
    Edited by: Franklin Jayasim on Jul 16, 2010 7:53 PM
    Edited by: Franklin Jayasim on Jul 16, 2010 7:57 PM
    Edited by: Franklin Jayasim on Jul 17, 2010 12:17 AM

    Hi  Denny Liao
    The project is going to have BI(NW) and ECC/SRM/HR(NW) and sepparate  portal ( EP - Java only )
    I thought that normal SSO will help in the intranetwork, what happens if the employee(user)  needs to work from home.
    What about the external vendors suppliers etc...?

  • How to integrate Single Sign-On and JSF?

    Hi all,
    We are going to develop a web application using Oracle technologies, including ADF and JSF.
    But we´ll need to secure our website using Oracle Identity Manager (Single Sign-On). I am having difficulties to find any resource explaining how to do that.
    Also, the IM (SSO) will run on a Oracle AS instance and our web app (ADF+JSF) will run on a separete OC4J instance, due to ADF version. Is this a problem?
    Thanks

    We too are in the process of implementing iStore with SSO features.
    And if you believe me it seems to me as nightmare.
    In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
    [email protected]
    regards and thanks in advance
    Vikas Deep

  • OAM 11g Single Sign-On and OAM 11g Cookies

    Hi all,
    I need to know following,
    is it possible to get the username and password from the OAM 11g + IIS Webgate cookies and forward the same to the application for further authentication? is there any way to decrypt the cookie and use the information in the application?
    Regards.

    Yes , you can get the user password ,but for that you will have to write a custom plugin , else it is not possible.
    Refer step number 9 in the blog Single Sign on with Oracle Access Manager: Creating a Custom Authentication Plugin

  • Active Directory, single sign-on and  SRM Users

    We are in the process of installing SRM 7.0. using the Classic Scenario. I am seeking clarification around the creation of users in that system given the following:
    - My Basis colleagues are in the process of implementing single sign-on using Active Directory for our SAP Portal, SAP Business Warehouse and SRM systems.
    - Single sign-on will not  at this point be used for our SAP ECC 6.0 system
    My questions are:
    1. If active directory is being used do we need to create actual users within the SRM system?
    2. If actual users in the SRM system are not required, does this have any impact on the creation of the Organizational structure in SRM from the SAP ECC HR hierarchy?
    Many Thanks

    Hi Claire,
    The Single Sign On work only if user exist on every systemes.
    For example :
    If you connect trough portal to access ECC and SRM, your user id must exist in ECC and SRM.
    For Active Directory you can synchronize your user table to AD by using LDAP option.
    The best way is to configure a CUA for ECC and SRM, use the UME of Portal on ECC and synchronize the CUA to Active Directory.
    Finally use the SSO certificate between Portal ECC and SRM.
    Regards,
    Gilles SEBBAG
    Sap Technical Consultant.

  • AnyConnect WebVPN Single Sign-on and Sharepoint 2013

    I know  that single sign-on is currently working and supported for Sharepoint 2010 on 9.0 and later code however is Sharepoint 2013 supported? I can't seem to find any documentation or any material on this. Any help on this would be fantastic.
    Thanks!

    I'd like to know if Sharepoint 2013 is supported at all with ASA 9.x clientless SSL VPN. We get this error message:

  • Authentication between Single Sign-On and Web based applications

    Hi everyone,
    I need to create a way in Portal 10g (10.1.2.0.2) that allow me to do the following:
    Once the user is logged on Portal (against Single Sign-On - SSO) he doesn't need to retype his username/password when he access a web based application throught the portal, in my case, an ASP application (not .NET, just ASP).
    I made a test creating a External Application in SSO and after publishing this portlet (external application) inside portal.
    It worked, BUT I was prompted to inform username/password to log on the aplication.
    So, the user end up entering his password twice.
    Does anybody know a way to acomplish this task?
    The documentation I'm researching is:
    Oracle Application Server Single Sign-On
    Administrator's Guide
    10g Release 2 (10.1.2)
    B14078-02
    Oracle Application Server Single Sign-On
    Security Guide
    10g Release 2 (10.1.2)
    B13999-03
    Thank you very much,
    Diogo Santos.

    have figured out how to secure any HTML, ASP, PHP, CFM, etc. web page again Portal / OID using the PDK toolkit.
    Using AJAX (Asynchronous JavaScript and XML) and one Oracle Stored Procedure just adding a simple Javascript call to any HTML, ASP, PHP, etc. web page can secure it via Oracle SSO (OID). Access to any secured web page will require that it to be linked from an authenticated Portal session or a page opened in an authenticated Portal session.
    This process can be easily modified to add in group security etc. This is just my starting point.
    1) Create a stored procedure
    # Make sure it has access to portal.wwctx_api.is_logged_on
    CREATE OR REPLACE PROCEDURE login_ajax_check (
    display_error IN number default NULL) AS
    BEGIN NULL;
    If portal.wwctx_api.is_logged_on = false then
    htp.prn('DENY');
    ELSE
    htp.prn('ALLOW');
    END IF;
    Exception when others then htp.p('DENY');
    END;
    2) Use this Javascript in any page you wish to secure.
    <-- Begin Paste Here -->
    <script>
    var allowgo=2
    function ajaxCallRemotePage(url)
    if (window.XMLHttpRequest)
    // Non-IE browsers
    req = new XMLHttpRequest();
    req.onreadystatechange = processStateChange;
    req.open("GET", url, false);
    req.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
    req.send(null);
    else if (window.ActiveXObject)
    // IE
    req = new ActiveXObject("Msxml2.XMLHTTP");
    req.onreadystatechange = processStateChange;
    req.open("GET", url, false);
    req.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
    req.send();
    else
    return; // Navigateur non compatible
    // process the return of the "ajaxCallRemotePage"
    function CheckPortal()
    ajaxCallRemotePage('[Your page calling the procedure from above]');
    function processStateChange()
    if (req.readyState == 4)
    if (req.status == 200)
    if (req.responseText.substring(0,4) == 'ALLO')
    allowgo = 0;
    else
    allowgo = 1;
    function doPage()
    if (allowgo==1)
    window.location='[Your login or error page]';
    CheckPortal();
    doPage();
    </script>
    <-- End Paste Here -->
    That's it!!! Super easy. It works great too.
    Larry Schenavar
    [email protected]

  • Single Sign-on and PORTAL30 DAD

    What I've done:
    1) Setup up PORTAL30 DAD with Single Sign-on
    2) Created schema called JOHN with "hello world" procedure call TEST
    3) Grant execute on TEST to PORTAL30
    4) Goto http://<servername>/pls/portal30/john.test
    5) Receive "Procedure Doesn't Exist" error
    6) Change DAD from single sign-on to Basic authentication
    7) Repeat Step 4 with no problems

    Hi Derick,
    I want to make our discussion into 2 parts
    1) Sign on
    2) Viewing data based on the Heirarchy
    1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
    2) We can make the second point possible in two ways One is with providing restriction at universe level
    and the other one is through the use of flash variables.
    Using flash variables:
    The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
    I hope this is what you ar looking for....
    If so i have more points to acheive such scenario.
    Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
    Regards,
    AnjaniKumar C.A.

Maybe you are looking for