Single Sign On -- Enterprise portal and BI JAVA
Hi,
I need to watch reports BI J2ee from an EP 7.00. I have configured the single sign On but it works just for ABAP BI Stack.
This is what I have done for SSO JAVA:
Importing the BI JAVA Certificate to the SAP NetWeaver 2004s Portal (SAP EP 7.0)
1. Start the SAP J2EE Engine Administrator with %INSTALLATION_ROOT%admingo.bat.
2. Connect to the portal server.
3. Choose are the values of and of certificate SAPLogonTicketKeypair-cert (see above).
You also have to add these values under evaluate_assertion_ticket:
13. Start the SAP J2EE Engine Administrator with %INSTALLATION_ROOT%admingo.
14. Connect to the portal server.
15. Choose (for example, CN=J2E)
Any clue?
Regards
Hi Jorge,
if the UME is used with an ABAP based system as the back-end user storage, do the following:
Generate and export the Portal Certificate:
Go to Visual Administrator
Choose <SID> - Server - Services - Key Storage - from the tree Select the view TicketKeystore under Views
If the SAPLogonTicketKeypair exist, delete it.
If the SAPLogonTicketKeypair-cert exist, delete it.
Generate a portal certificate using the following steps:
Under Entry choose Create.
Enter the folowing values in u201CKey and Certificate Generationu201D
Organization Unit Name (OU) = J2EE
Common Name (CN) = <SID>
Entry Name = SAPLogonTicketKeypair
Store Certificate: X
Algorithm: DSA
Click u201CGenerateu201D
Import the Portal Java Certificate into ABAP
STRUSTSSO2
System PSE:
u201CImport Certificateu201D - Choose your exported .crt file - File format = Binary
Click u201CAdd to Certificate Listu201D
Click u201CAdd to ACLu201D - System ID = <SID>, Client = 000
save it.
Export PSE ABAP Certificate and import into J2EE Portal:
STRUST
Choose PSE, export it and save as <SID>.pse
sapgenpse export_p12 -p <SID>.pse <SID>.p12
copy the generated p12 file <SID>.p12 to J2EE Portal
Go to Visual Administrator
Choose <SID> - Server - Services - Key Storage - from the tree Select the view TicketKeystore under Views
export the .p12 ABAP certificate with "Load"
adjust com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule:
Choose <SID> - Server - Services - Security Provider - from the components tree select evaluate_assertion_ticket
ensure that trustediss<n>, trusteddn<n>, trustedsys<n> are correct set.
ume.configuration.active = true.
restart the ICM in SMICM
If you also want to use SSL, there are some further steps to be done.
Regards,
Gerd
Similar Messages
-
Hosting two portals on a single instance of enterprise portal server
Hi,
We have a requirement to host two different portals on a single instance of enterprise portal server. The URLs to the portals would be different. Also for logging into the portal, one portal would have only User ID and Password and
the other may have Retailer ID, User ID and Password for logging.
I am trying to understand what kind of an approach needs to be followed. There
is a single instance of Oracle server where PCD is stored.
How will authentication/authorization happen and how would the user data be stored for both the portals in a single instance of Oracle database.
Thanking you in advance,
Regards,
VeenaHi,
in general, could do that by using a distinct role concept. With the "Collection of base rules" you can assign different portal desktops with different layouts to everyone based on criterias like groups, roles or users.
We have 4 very different portals running inside one instance. Every portal has its own standardized structure and is selected by logon groups, that points to roles, which points to desktops.
What will not work is a logon concept other than "userid, password". SAP, by default. only allows standard authentication with userid and password or ticket. Even if you use an LDAP that would have that distinction, you cannot query that property without modifying the system
If you want to use anything different, you have to write a new logon handler for the logon stack (using JAAS). This is tricky, but not outrageous difficult. We have implemented three different new steps in the logion stack, each handles a different case, from ip-based logon, ticket or LDAP query. It is possibly, all of them don't have more than 20 lines of java.
But, still tricky.
It is a broad theme and you can try it out with showcasing two different desktop themes belonging to two different roles. Than you can work your way through tge problems.
In terms of database, it makes no distinction. You work solely with the PCD, and that is stored in the database. We are using DB2 and I've never touched the DB at all.
HTH
hs -
How to use single sign-on for BCC and Experience Manager
Does anyone have experience in implementing single-sign-on for BCC and Endeca Experience manager for business users.
With the older versions of Endeca commerce stack there is no OOTB support for this. However with Oracle Commerce 11, SSO with BCC and Experience Manager are out of the box. Oracle Commerce 11 is released today.
-
Difference between using the Enterprise Portal and SAP GUI
Hi Gurus,
Could one of you please send me a document that lists the differences between the Enterprise Portal and SAP GUI?
thanks in advanceHi,
For groups, managedBy is an administrative convenience to designate “group admins”. Whatever principal listed in
managedBy gets permission to update a group’s membership (the actual security is updated on the group’s AD object to allow this).
In Win2008 and later managedBy also became the way you delegated local administration on an RODC, allowing branch admins to install patches, manage shares, etc. (http://technet.microsoft.com/en-us/library/cc755310(WS.10).aspx).
On the RODC, this is updating the RepairAdmin registry value within RODCRoles.
So the difference between them should be only the way they do the same thing.
For more details, please refer to the below article:
http://blogs.technet.com/b/askds/archive/2011/06/24/friday-mail-sack-wahoo-edition.aspx
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Enter your Single Sign-On user name and password to sign in
Hi,
Could anybody tell me the user and password by default for administering SSO ? I think the user is orasso but I am not sure ...
From:
http://localhost:7777/pls/orasso/orasso.home
I click on Login
And here I get the message: Enter your Single Sign-On user name and password to sign in
Here I have to use the user/password I don't know :(
Thanks for your help,
PaulYou also may want to look at DAS to manage the users of your applications:
http://download-west.oracle.com/docs/cd/B14099_19/idmanage.1012/b14086/toc.htm -
SAP Enterprise Portals and Webdynpro application development environment
Hi,
Is there a way to set up a Development environment for SAP Enterprise Portals and Webdynpro on a laptop/desktop without SAP-GUI.
Any help/guidance will be truly appreciated.
Thanks,
Prasannahi,
can you look at this
[http://www.sap-hefte.de/download/dateien/1000/075_leseprobe.pdf]
[http://www.octavia.de/fileadmin/octavia_files/content_bilder/Hauptnavigation/SAP_NetWeaver/WebDynpro/Tutorial_1.pdf]
[http://www.sercononline.com/suntechnovate07/images/images/13%20-%20Rajiv%20Jain%20-%20SAP.pdf]
Regards,
Muralidhar -
TEP15 SAP Enterprise Portal and KMC Development Book Required.
Hi everyone....
can someone please let me know where i can download book "<b>TEP15</b> - SAP Enterprise Portal and KMC Development" from?
Its urgent please.
Thanks in advance.
Regards,
TejasSee https://forums.sdn.sap.com/thread.jspa?threadID=398494
-
Single Sign-On Netweaver Portal with Cornerstone On Demand
Hi
Does someone experiences with Single Sign-On between SAP Netweaver Portal and the Learning Management System of Cornerstone On Demand?
The options are:
- SAML: but at this moment we don't have SAML provider. Is it easy to use this with Netweaver 7.01 SP6 ?
- standard SSO : encrypted string between SAP portal and LMS: client sends encrypted string with userid...based on encryption algorithm.: Has someone developed this (java code) for SSO to an other system?
But can they use Sap Login Tickets?
Best regards
LucHi,
I just recently implemented SSO between SAP system and on demand solution from 3rd party provider. We didn't have any guy with Java skills so we implemented HTTP handler in SICF that generates web page with redirection to the 3rd party system. ABAP does not have a good support for various encryption algorithms so we used javascript interpreter available in ABAP AS. Portal just points to ICF service on ECC system that redirects to on demand solution. Implementation took one day. Obviously, in this case all users had to have account in ECC system.
Cheers -
Reg: calling default desktop page of enterprise portal from webdynpro java
hi Experts
Here is an scenario where i need to call enterprise portal desktop from webdynpro java application.
Actually i have designed a custom Home page in WDJAVA and this page i have assigned as default frame work page in enterprise portal ,so once we logon through the portal URL wewill be getting this custom home page as default page and when i click on next button it should connect to the predefined SAP given default frame work page.
The thing is i am able to see the custom page and the button but when i click on the button it is opening the same custom home page only not able to log on to portal default frame work page.
My question is how can we connect to the predefined page from the custom home page.
please share your regarding this scenario...
regards & Thanks
Deepika
Edited by: deepika_indian on Mar 3, 2010 6:05 AMhi Experts
you didnt get my point i vl give in brief
1) that at first we are going to enter the portal URL.
2)we are going give userid and password and click logon button.
3)so once we click on that button it should open custom page what we have designed in by using web dynpro java.with in this application we will have next button which should connect to the sap given predefined default desktop page.
i hope you have got my point.
and more over where can we get the logon action coding in which par file,if so can you give brief information related to it.
i changed the themes master rule collection there i have assigned this custom home page ,but when i click on next button it is opening the same custom it is not connecting to the default desktop.i think this is not the write approach.
please share your knowledge and document also related to it.
Thanking you
Deepika. -
Single sign-on using Kerberos and Ldap
I am currently setting up single sign-on using Kerberos for authentication and Ldap for authorization and information store.
The setup includes several Solaris 8 & 9 workstations, a couple of SGI's, as well as a M$ terminal server farm, several WinXP desktops and their associated Active Directory.
I am required to authenticate etc against the AD. (which has M$ SFU3.5 installed)
I have the Kerberos authentication and part of the Ldap service working via pam & nss.
ie. I can logon to the solaris worksatations using the AD username and password, mount the home directory from a M$ NFS server.
BUT...
id gives:- userID, groupID (primary group only)
groups :- primary group only. (no secondary groups are listed)
Question: what additional configuration information do I need in the pam, nss &/or ldap config files, so that I can list the secondary groups.
Thanks in advance for any help.After evaluating (giving up on, and finally throwing out) the Sun Directory server it looks like we are going to endup with a similar solution..
Sadly enough, the MS AD seems much more stable and easier to handle than Suns DS, kerberos and associated services.
Anyway, currently we are evaluating a product called vintela ( www.vintela.com ), and it seems very promising; its easy, robust, stable and does what we require it to do, as well as more :) It comes with an additional nss module called 'vas', so you easily can retrieve data like hosts/groups from your AD.
//M. -
Authentication on single sign on page slow and hangs.
Hi members
We are using Oracle application server single signon with Apex as partner application. The single sign on page authentication was working properly until yesterday when all of a sudden it became very slow. After the username and password are entered and login button is pressed, the blue status bar is moving extremely slow finally leading to a page not found. Can someone advise what components (logfiles etc) need to be checked to resolve this?
Thank you.
Ravi.Hi,
I tried to find the cause but I have no clue yet as to what is wrong with this slowness of single sign on page. Can someone throw some light on this and tell what could be wrong here? Thank you. There are some errors in the HTTP Server Virtual Host log file and the log file is creates when oc4j_security was restarted. In the documentation, they were described as not uncommon. I am doubting if that is the reason behind the slowness. Thanks in advance.
Wed May 27 11:46:09 2009] [error] [client 198.222.232.234] [ecid:
1243439169:198.222.232.234:476:3948:151,0] File does not exist:
d:/oracle/oracleas/apache/apache/htdocs/favicon.ico
[Wed May 27 14:54:15 2009] [error] [client 198.222.232.234] [ecid:
1243450455:198.222.232.234:476:4028:185,0] MOD_OC4J_0015: recv() returns
0. There has no message available to be received and oc4j has gracefully (orderly)
closed the connection.
[Wed May 27 14:54:15 2009] [error] [client 198.222.232.234] [ecid: 1243450455:198.222.232.234:476:4028:185,0] MOD_OC4J_0054:
Failed to call
network routine to receive an ajp13 message from oc4j.
[Wed May 27 14:54:15 2009] [error] [client 198.222.232.234] [ecid:
1243450455:198.222.232.234:476:4028:185,0] MOD_OC4J_0033: Failed to receive
an ajp13 message from oc4j.
[Wed May 27 14:54:15 2009] [warn] [client 198.222.232.234] [ecid: 1243450455:198.222.232.234:476:4028:185,0] MOD_OC4J_0078:
Network connection
errors happened to host: test02 and port: 12501 while receiving the first response from oc4j. This request is recoverable.
[Wed May 27 15:13:19 2009] [notice] FastCGI: process manager initialized
(End of Log File) -
Single Sign On between BPM and Siebel
Hi,
How are you? has somebody involved in a proyect where SSO was implemented between BPM and Siebel? is there an Oracle Standard way of achieving this?
thanx in Advanced and Kind Regards!
Gerardo JHi Harsh,
I heard about SPNego a mechanism you use for making single Sign On Using Kerberos Authentication with Web clients...
check this link.. It may give you some inputs...
http://help.sap.com/saphelp_nw04/helpdata/en/43/4bd58c6c5e5f34e10000000a1553f6/content.htm
Thanks,
Sudhakar. -
Let me know the difference between SAPR/3 4.7 , Enterprise portal and ECC 6
hi anybody pls tell me
Let me know the difference between SAPR/3 4.7 , Enterprise portal ,ECC 6.0 and Netweaver
thanks in advanceHi
Refer this link for ECC 5.0 & 6.0:
http://help.sap.com/saphelp_erp2005/helpdata/en/43/68805bb88f297ee10000000a422035/frameset.htm
A similar post
/message/1783778#1783778 [original link is broken]
You can go through the Release Notes for each of the versions after 4.6B (4.6C, 4.7 , ECC 5.0 & ECC 6.0)
http://help.sap.com/saphelp_erp2005/helpdata/en/43/688055b88f297ee10000000a422035/content.htm
For 4.7 SAP R/3 http://help.sap.com/saphelp_47x200/helpdata/en/12/9d78d6d8f74043a32e82be87e433b7/content.htm
Release Notes on SAP Web Application Server 6.30
http://help.sap.com/saphelp_47x200/helpdata/en/2b/64fc3e9d3b6927e10000000a114084/content.htm
http://solutionbrowser.erp.sap.fmpmedia.com/
Check these links
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/790e690c-0901-0010-7894-de8b3d91d78e
http://help.sap.com/saphelp_nw04/helpdata/en/94/c65839bec58b27e10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/a8/b9623c44696069e10000000a11405a/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/c1/1253164e665b4fa635af38b66dc166/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/f5/a9673e42613f7ce10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/dc/6b7f2f43d711d1893e0000e8323c4f/frameset.htm
Regards
Anji -
Enterprise JavaBeans and SNMP Java Connector
There is possible to develop a Java Connector that will allow my J2EE application to collaborate ( send , receive) SNMP commands with various network devices ( sensors, Access Points, hardware devices).
The information eventualy will be pushed back to the subscribed users using AJAX technologies.
MikeHi,
I do not get your question.....
You want to connect from MI7.1 directly to a BAPI in the Middleware? Well, in 7.0 there was Generic Sync to do that - and I think this should be still there. With Generic sync it was possible to connect to call any BAPI in the middleware directly - if your user had appropiate rights. Check MDK for details.
And if you want to do that in our own app - if this is the intention of your question.... well.... then I would tell you this is under SAP (C), so as you know you could decompile the MI client code, but this is not allowed.
But I guess it was the first thing you are after, so see if that answer helps. But even there you need the running MI middleware - and this thing confused me in your question - are you using MI already or not and what do you want to do?
Regards,
Oliver -
Integration with Enterprise Portal and Cognos System
Hi Gurus,
I want to display the report from Cognos System, but i want to take up the Snapshot of the report in backend and while in displaying in Portal an image of the particular report should be displayed, what's the report running.
If anyone tell how to get the snapshot.If anycoding block , that more helpful to me.
Awaiting for the reply..
Best Regards
GaneshHi Ram,
One of the ways to do it is described in the following blog:
https://www.sdn.sap.com/sdn/weblogs.sdn?blog=/pub/wlg/1334 [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken]
Regards,
Sridhar
Maybe you are looking for
-
I had my most frequently used documents in Documents folder in the Dock. I thought I'd just drag it to the external hard drive, which I did, but then it was gone from the dock and I haven't had any luck putting it back. Somehow the applications fol
-
How do I customize the date in the menu bar to rearrange items, etc.?
I know about "System Preferences -> Date & Time -> Clock", so I'm not asking about that. What I want to is in, in Lion, how do I rearrange items for the date in the menu bar? Right now, it shows as "Mon 31 Oct", and I'd prefer "Mon, Oct. 31". It used
-
Is there a way that two iPod Touch can be synced, shared, connected to one another? For instance, if a friend and I want to share music, pictures or play a game on the Apps.
-
Games And Extra!! for the zen mic
since the ipod has a couple of wack games..does the zen micro has any games to download since it didnt came with one..also are there any new extra features that can be downloaded.
-
MAC OS X updater and Office Update?
Hello everyone I have MAC OS X TIGER and am about to install MS Office. I know that the MSN Messenger 4.0 is included and will work together with the Office Apps. But I also know that there is already version 5.1.1 available online. My question is: W