Single Sign On and BeX Analyzer
Hello All,
Does anyone know of a way of using windows authentication (via Active Directory) to automate the login prompt in the BeX Excel Analyzer? I have found a solution for the BI portal via SPNego, but have not been able to find any discussion or documentation about automating the BeX Excel Analyzer login prompt. Any help is greatly appreciated.
Thanks, --Matt
Hi Derick,
I want to make our discussion into 2 parts
1) Sign on
2) Viewing data based on the Heirarchy
1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
2) We can make the second point possible in two ways One is with providing restriction at universe level
and the other one is through the use of flash variables.
Using flash variables:
The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
I hope this is what you ar looking for....
If so i have more points to acheive such scenario.
Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
Regards,
AnjaniKumar C.A.
Similar Messages
-
Starting single sign-on and directory service
i am trying to install oracle 9i infrastructure on my clean win2000 box with 2.4 GHz proc and 1GB RAM.
i am getting falilure messages for the following:
infrastructure instance configuration assistant: failed
oracle 9i application server randomize password: failed
single sign on configuration assistant: failed
infrastructure mod-osso configuration assistant: failed
OPMN configuration assistant: failed
log file says:
Configuration failed for IAS
IAS Instance creation failed
Configuration failed for JAZN
JAZN configuration failed: unable to establish a directory context.
Configuration succeeded for IASProperty
Configuration failed for IAS
Configuration failed for JAZN
after which single sign-on and directory service dont start. which means no connectivity :(
can somebody please guide me about how to avoid this failure in installation or how to manually start these after installation.
it would be a great help
ashishHi,
we're having exactly the same problem.
Could you tell me what the problem is with the network ?
You say configure it properly but what do you mean ?
It's installed on a Windows 2000 Server machine, it's own DNS.
Thanks,
Yuri Arts -
Oracle Single Sign on and Oracle Internet Directory
Hello Gurus,
What is the relationship between Oracle Single Sign on and Oracle Internet Directory.
To my understanding, OID is required to install SSO.
If OID already exist, can we just install SSO and go on integrating it to existing OID.
Great Thanks,
vimal jain.
[email protected]Hi Tim,
I've been working on this and could reproduce the issue with anonymous binds. A fix will be ready in 4.2.1.
So what I really need is the password used for login to pass to the is_member call.The P101_PASSWORD item does not save state. However, you can access the value during submit processing of the login page, for example in the post authentication function of your authentication scheme. People sometimes put code in there to query the user's groups (e.g. with apex_ldap.member_of2) and save them in an application. This item value can then be used in the authorization schemes.
Regards,
Christian -
Single Sign on and Protect URL step
Hi,
I have successfully installed Oracle Internet Directory, Identity Server, Web Pass, Policy manager, Access Server and WebGate (attached to Oracle HTTP Server from Oracle Management Infrastructure).
My questions are:
- How do I protect URL so the user will need to login to access certain URL?
- How do I enable single sign on and test it?
- What are the general steps involve to enable URL protection (so if the url is protected it will prompt for username and password) and single sign on using Oracle Internet Directory?
Kindly help me if anyone know a solution or can point me to the right documentation. I have tried to read Oracle Access Manager - Access Administration Guide, but keep getting confused.
Thanks.
Regards,
AlfonsoHi,
You can follow Oracle Access Manager Integration Guide (10.1.4.0.1) B25347-01, chapter 4, to achieve this. This document will answer most of your questions.
Regards, -
Single Sign-On and Data Visibility Rights
Hello,
I was wondering whether anyone has any best practices for implementing single sign on and user identification with Excelsius.
More specifically, I need to interrogate user role, and limit certain data visibility based on that role.
For example, a sales rep may only see certain data for their own territories, but the regional and national managers can see more.
With the emphasis in improving enterprise integration with the new version coming up, I'm also wondering if there are any improvements included for this aspect.
Thanks in advance.
DerickHi Derick,
I want to make our discussion into 2 parts
1) Sign on
2) Viewing data based on the Heirarchy
1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
2) We can make the second point possible in two ways One is with providing restriction at universe level
and the other one is through the use of flash variables.
Using flash variables:
The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
I hope this is what you ar looking for....
If so i have more points to acheive such scenario.
Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
Regards,
AnjaniKumar C.A. -
Single Sign-On and session information
I have an Oracle Portal application with many Java Web Applications. I wish to
provide Single Sign-On to this applications. I know how to configure Single
Sign-On and how to get the user login in Java. I want to store session
information such as: User First and Last Name, User Social Security Number. I
want to get this information from the database after authentication, store it
in session and then access this information from all my applications.Are you familiarized with sys_context function?
Hope this is useful help.
BR,
Marcos -
Difference between bexbrowser and Bex analyzer
Hi,
can any body tell me what is the difference between bex browser and bex analyzer and how end users will access the reports and how they access SAP.Hi
*BEx Web Analyzer *
The BEx Web Analyzer is a standalone, convenient Web application for data analysis that you can call using a URL or as an iView in the portal.
The Web Analyzer allows you to execute ad hoc analyses on the Web: When you have selected a data provider (query, query view, InfoProvider, external data source), the data is displayed in a table with a navigation pane. You can navigate to the data and use other Web Analyzer functions available in the application toolbar. For example, you can change the type of data display, use the information broadcasting functions to broadcast your analyses to others, and create printable versions of your analyses.
In the Web Analyzer, you can save the data view generated from navigation and analysis as a query view by choosing Save View in the context menu, and you can save the ad hoc analysis by choosing Save As. When the query view is saved, only the data view is saved; when the ad hoc analysis is saved, the entire Web application is saved, including the properties of Web items and the layout of the data.
Check the link for more info
http://help.sap.com/erp2005_ehp_03/helpdata/EN/00/e8d13f7fb44c21e10000000a1550b0/frameset.htm
Bex Browser
The Business Explorer Browser (BEx Browser) makes it possible for you to access all document types of the Business Information Warehouse that are assigned to your role or that you have stored in your favorites. You can select and open documents assigned to you in the BEx Browser or store and manage new documents in the BEx Browser.
Document types that you can work with in the BEx Browser are:
· BW workbooks
· Documents that are stored in the Business Document Service (BDS)
· Links (references to file system, shortcuts)
· Links to internet sites (URLs)
· SAP transaction calls.
· Web applications and Web templates
· Crystal Reports
Regards
Shilpa -
OBIEE 11G with Single Sign-On and Active Directory
Hi guys,
Release Version: Oracle Business Intelligence 11.1.1.5.0
Patch applied: 11.1.1.5.0 BP3 (Patch 13832750)
OBIEE Server operating system: Windows Server 2008 SP2 (32-bits Operating System).
We are trying to configure Single Sign-On according to TechNote_WNA_SSO_AD_V4.0.doc.
Our krb5login.conf:
com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.Krb5LoginModule required
principal="[email protected]"
keyTab=cgdkobi2.keytab
useKeyTab=true
storeKey=true
debug=true
com.sun.security.jgss.krb5.accept {
com.sun.security.auth.module.Krb5LoginModule required
principal="[email protected]"
keyTab=cgdkobi2.keytab
useKeyTab=true
storeKey=true
debug=true
We generate de keytab file:
C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.24\bin\ktab.exe -k cgdkobi2.keytab -a [email protected]
Password for [email protected]:XXXXXXX
Done!
Service key for [email protected] is saved in cgdkobi2.keytab
C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\kinit -k -t cgdkobi2.keytab cgdkobi2
New ticket is stored in cache file C:\Users\cgdkobi2\krb5cc_cgdkobi2
C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\klist -k -t cgdkobi2.keytab
Key tab: cgdkobi2.keytab, 1 entry found.
[1] Service principal: [email protected]
KVNO: 1
Time stamp: Mar 15, 2013 10:34
C:\OracleBI11g\user_projects\domains\bifoundation_domain>klist
Current LogonId is 0:0x406163f5
Cached Tickets: (0)
We re-start the services and logon into analytics web and SSO doesn't work but there's not an error. It runs successfully with and Active Directoy user and password. Seems like SSO wasn't enabled, but I checked is enabled.
Any suggestion?
Thanks in advancedFollow the posts : OBI 11.1.1.6.SSO and You are not currently signed in to Oracle BI Server" for OBIEE 11.1.1.6 SSO do the troubleshooting mentioned there.
Also check your logs for error like the one below:
[2012-03-09T16:42:36.000-05:00] [OBIPS] [NOTIFICATION:1] [] [saw.securitysubsystem.checkauthentication.runimpl] [ecid: 6c98b5cce1f24814:2a613331:135f95fbdff:-8000-0000000000005b7a,0:1:1] [tid: 5932] Authentication Failure.
Odbc driver returned an error (SQLDriverConnectW).
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
[nQSError: 43113] Message returned from OBIS.
[nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)[[
If you are getting this when you login to OBIEE : You are not currently signed in to Oracle BI Server"
then you need to apply this patch : 13553428 QA:BLK:DELIVER TO CORP. OID LDAP USERS FAILED WITH IMPERSONATOR DOES'NT EXIST. 11.1.1.6.0 Generic Platform (American English) General Oracle BI Suite EE Apr 5, 2012 799.4 KB
Let us know the updates. Hope this helps. Mark if it does.!
Thanks,
SVS -
Difference between Federated single sign on and just Single sign on
Can anyone please give a clear definition of what is
1. Federated Single sign on?
2. Just Single Sign on ?
As a security expert if you were to Architect security what will you suggest ?
Lets take an example Landscape
NW1(ABAP + JAVA)- system, NW-2(ABAP+JAVA) system and EP( java only), LDAP
I am having a hard time convincing the customer to have both CONSUMER AND PRODUCER PORTAL for Federated single sign on? is this a bad idea. Customer says just give me SSO(with just one portal acting as CONSUMER/PRODUCER).
initial GOLIVE user load will be 700+ users.
Edited by: Franklin Jayasim on Jul 16, 2010 7:52 PM
Edited by: Franklin Jayasim on Jul 16, 2010 7:53 PM
Edited by: Franklin Jayasim on Jul 16, 2010 7:57 PM
Edited by: Franklin Jayasim on Jul 17, 2010 12:17 AMHi Denny Liao
The project is going to have BI(NW) and ECC/SRM/HR(NW) and sepparate portal ( EP - Java only )
I thought that normal SSO will help in the intranetwork, what happens if the employee(user) needs to work from home.
What about the external vendors suppliers etc...? -
How to integrate Single Sign-On and JSF?
Hi all,
We are going to develop a web application using Oracle technologies, including ADF and JSF.
But we´ll need to secure our website using Oracle Identity Manager (Single Sign-On). I am having difficulties to find any resource explaining how to do that.
Also, the IM (SSO) will run on a Oracle AS instance and our web app (ADF+JSF) will run on a separete OC4J instance, due to ADF version. Is this a problem?
ThanksWe too are in the process of implementing iStore with SSO features.
And if you believe me it seems to me as nightmare.
In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
[email protected]
regards and thanks in advance
Vikas Deep -
OAM 11g Single Sign-On and OAM 11g Cookies
Hi all,
I need to know following,
is it possible to get the username and password from the OAM 11g + IIS Webgate cookies and forward the same to the application for further authentication? is there any way to decrypt the cookie and use the information in the application?
Regards.Yes , you can get the user password ,but for that you will have to write a custom plugin , else it is not possible.
Refer step number 9 in the blog Single Sign on with Oracle Access Manager: Creating a Custom Authentication Plugin -
Active Directory, single sign-on and SRM Users
We are in the process of installing SRM 7.0. using the Classic Scenario. I am seeking clarification around the creation of users in that system given the following:
- My Basis colleagues are in the process of implementing single sign-on using Active Directory for our SAP Portal, SAP Business Warehouse and SRM systems.
- Single sign-on will not at this point be used for our SAP ECC 6.0 system
My questions are:
1. If active directory is being used do we need to create actual users within the SRM system?
2. If actual users in the SRM system are not required, does this have any impact on the creation of the Organizational structure in SRM from the SAP ECC HR hierarchy?
Many ThanksHi Claire,
The Single Sign On work only if user exist on every systemes.
For example :
If you connect trough portal to access ECC and SRM, your user id must exist in ECC and SRM.
For Active Directory you can synchronize your user table to AD by using LDAP option.
The best way is to configure a CUA for ECC and SRM, use the UME of Portal on ECC and synchronize the CUA to Active Directory.
Finally use the SSO certificate between Portal ECC and SRM.
Regards,
Gilles SEBBAG
Sap Technical Consultant. -
AnyConnect WebVPN Single Sign-on and Sharepoint 2013
I know that single sign-on is currently working and supported for Sharepoint 2010 on 9.0 and later code however is Sharepoint 2013 supported? I can't seem to find any documentation or any material on this. Any help on this would be fantastic.
Thanks!I'd like to know if Sharepoint 2013 is supported at all with ASA 9.x clientless SSL VPN. We get this error message:
-
Authentication between Single Sign-On and Web based applications
Hi everyone,
I need to create a way in Portal 10g (10.1.2.0.2) that allow me to do the following:
Once the user is logged on Portal (against Single Sign-On - SSO) he doesn't need to retype his username/password when he access a web based application throught the portal, in my case, an ASP application (not .NET, just ASP).
I made a test creating a External Application in SSO and after publishing this portlet (external application) inside portal.
It worked, BUT I was prompted to inform username/password to log on the aplication.
So, the user end up entering his password twice.
Does anybody know a way to acomplish this task?
The documentation I'm researching is:
Oracle Application Server Single Sign-On
Administrator's Guide
10g Release 2 (10.1.2)
B14078-02
Oracle Application Server Single Sign-On
Security Guide
10g Release 2 (10.1.2)
B13999-03
Thank you very much,
Diogo Santos.have figured out how to secure any HTML, ASP, PHP, CFM, etc. web page again Portal / OID using the PDK toolkit.
Using AJAX (Asynchronous JavaScript and XML) and one Oracle Stored Procedure just adding a simple Javascript call to any HTML, ASP, PHP, etc. web page can secure it via Oracle SSO (OID). Access to any secured web page will require that it to be linked from an authenticated Portal session or a page opened in an authenticated Portal session.
This process can be easily modified to add in group security etc. This is just my starting point.
1) Create a stored procedure
# Make sure it has access to portal.wwctx_api.is_logged_on
CREATE OR REPLACE PROCEDURE login_ajax_check (
display_error IN number default NULL) AS
BEGIN NULL;
If portal.wwctx_api.is_logged_on = false then
htp.prn('DENY');
ELSE
htp.prn('ALLOW');
END IF;
Exception when others then htp.p('DENY');
END;
2) Use this Javascript in any page you wish to secure.
<-- Begin Paste Here -->
<script>
var allowgo=2
function ajaxCallRemotePage(url)
if (window.XMLHttpRequest)
// Non-IE browsers
req = new XMLHttpRequest();
req.onreadystatechange = processStateChange;
req.open("GET", url, false);
req.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
req.send(null);
else if (window.ActiveXObject)
// IE
req = new ActiveXObject("Msxml2.XMLHTTP");
req.onreadystatechange = processStateChange;
req.open("GET", url, false);
req.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
req.send();
else
return; // Navigateur non compatible
// process the return of the "ajaxCallRemotePage"
function CheckPortal()
ajaxCallRemotePage('[Your page calling the procedure from above]');
function processStateChange()
if (req.readyState == 4)
if (req.status == 200)
if (req.responseText.substring(0,4) == 'ALLO')
allowgo = 0;
else
allowgo = 1;
function doPage()
if (allowgo==1)
window.location='[Your login or error page]';
CheckPortal();
doPage();
</script>
<-- End Paste Here -->
That's it!!! Super easy. It works great too.
Larry Schenavar
[email protected] -
Single Sign-on and PORTAL30 DAD
What I've done:
1) Setup up PORTAL30 DAD with Single Sign-on
2) Created schema called JOHN with "hello world" procedure call TEST
3) Grant execute on TEST to PORTAL30
4) Goto http://<servername>/pls/portal30/john.test
5) Receive "Procedure Doesn't Exist" error
6) Change DAD from single sign-on to Basic authentication
7) Repeat Step 4 with no problemsHi Derick,
I want to make our discussion into 2 parts
1) Sign on
2) Viewing data based on the Heirarchy
1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
2) We can make the second point possible in two ways One is with providing restriction at universe level
and the other one is through the use of flash variables.
Using flash variables:
The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
I hope this is what you ar looking for....
If so i have more points to acheive such scenario.
Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
Regards,
AnjaniKumar C.A.
Maybe you are looking for
-
I have an iPhone and iPad on the same account. I gave my iPad to my daughter. Can I set up a new account for my iPhone only so I can back up photos, etc, in privacy?
-
Hi All, We have created client proxy using URL for Asyn method and for the proxy we created the logical port in SOAMANAGER . then used method of Client Proxy in program and execued the same . Then we checked the result in SXI_monitor. The request
-
Manual statistics in BW 7.0
Hi expert, I'm working on a BW 7.0 system. I'd like to know if is possible execute the ODS statistics manually as an alternative to TOOL-->Settings for BI Statistics. I should execute the statistics only for a single ODS and only when I want. Thanks
-
Parameters not Working with Links
Hi everyone, I have a question about opening pdf files with hyperlinks. I am trying to open a pdf file to a specific page number with a hyperlink from a word document. The hyperlink I'm trying to use looks something like this: file:///C:folder/file.p
-
Oracle.DataAccess.Client.OracleException ORA-29875 - ODCIINDEXINSERT error
Hi, We are migrating data into our GIS repository using an application witch uses ODP fro .NET. Yesterday, when we were importing parcels from a certain geographic zone we have got this error: 4430528 [4028] ERROR DBCommand - Error Executing Command