Single Sign on for ISA

Similar Messages

• How to use single sign-on  for BCC and Experience Manager

  Does anyone have experience in implementing single-sign-on for BCC and Endeca Experience manager for business users.

  With the older versions of Endeca commerce stack there is no OOTB support for this. However with Oracle Commerce 11, SSO with BCC and Experience Manager are out of the box. Oracle Commerce 11 is released today.

• Single Sign on for 2 Web Applications deployed on Web Logic Server

  We want to implement single sign on for our application.
  We want to deploy 2 applications(JSF/ADF) on web logic server say
  webapp1 and webapp2.
  If user already logged into webapp1 with valid userid and password and
  then he access the link for webapp2 he should not be asked to provide
  the credential details userid and password.
  How we can implement this
  1. If user credentials are maintained/authenticated against LDAP
  2. If user maintained/authenticated are from database

  you are in the wrong forum. This one is related to Oracle forms. Try the ADF-forum instead.

• Oracle Single Sign-On for perticular module ?

  hello people,
  I have implemented Single Sign-On for some of my jsp pages in different folders like finance, inventory, etc,. Am creating some test users and groups in OID. but the users in inventory group are able to login to finance module. can u please give me some suggestions on how to restrict this ? where to do the configurations ?
  thanks

  Hi,
  if it is a J2EE application, use J2EE roles - defined in web.xml - and map it to groups in OID through the orion-application.xml file. See the OC4J security guide which is a part of Oracle Application Server documentation on OTN
  Frank

• Single Sign On For CRM IC?

  I'm working on a project to implement Single Sign On for our company.  I currently have it working for all of our SAPGUI users via SNC (LDAP auth) and also our portal users (also via LDAP auth), and want to use it also for the CRM Interaction Center (Web client). 
  Has anyone successfully implemented a single sign on solution for the IC?  If so, reward points are waiting for someone who can guide me to documentation on how to set it up/configure.
  Thanks in advance for any help the forum can provide.

  Hi Wayne, a very good question based on the docs. <a href="http://help.sap.com/saphelp_crm40sr1/helpdata/en/99/39926a159f4a75bd7abeec9b49a040/frameset.htm">In the docs</a> it is stated that:
  <b>Integration Into Single Sign-On Environments</b>
      The application does not accept SAP logon tickets.
      The application does not accept X.509 digital certificates.
      When the IC agent user is integrated into the SAP Enterprise Portal, it is SSO enabled.
  I would guess, this means, there is an iview or something like this in the portal to start the WebClient wihtout requiering the user to authenticate again.
  regards,
  Patrick

• Using the Portal Single Sign-On for java applet clients

  Hi
  We have a task to build a java applet working within a portlet and comunicating to some session EJB(wrapped BC4J) running on the OC4J. The applet is presumably connecting to server via RMI. This connection should be restricted to some groups of portal users.
  When a user is entering the applet he is supposed to be already logged into the Portal.
  There is a lot of information on building custom secure portlets using only a pure HTML(same as JSP) client whith the help of the Portal Single Sign-On.
  But, is it possible to use the Single Sign-On for establishing a secure RMI connection from applet to OC4J without entering a password in the applet once more?
  Yuriy

  Perhaps you can write a small JSP page or PLSQL
  web procedure that will grab user name from
  the SSO Server (via SSOSDK/mod_osso)
  and invoke the applet with encrypted user name.
  The applet will receive the encrypted username
  and decrypt it to get the clear user name.
  This help to get Single Sign-On.
  To make sure that environment is secure, encrypted
  user name parameter should have random salt,
  user name, and time stamp to prevent replay attack.
  Applet must make sure that the encrypted users name
  time stamp set by the JSP/PLSQL page has value
  within a reasonable time limit like 5 minutes

• Integrating AS 10.1.2 and AS 10.1.3 to use Single Sign-on for BI Publisher

  Hi Everyone
  I was trying to make the following demonstration scenario on the AS and the facilities that can afforded by Oracle to our company:
  Note: I have just one machine for demonstration with Win2003 Enterprise
  First of all, I need to build a portal for my company, this portal will be published to the web through port 80 opened by Microsoft ISA Firewall (ISA installed on different machine):
  1- Portal should be integrated with oracle forms and reports with single sign-on
  2- AS, should have single sign-on authentication to work on port 80 only.
  3- Portal should be integrated with BI Publisher 10.3
  For the objectives mentioned above i have done the following:
  1- install AS 10.1.2 (infra and mid-tier) on the same machine with default installation options (http port 7777 for infra and port 80 for MT). (objective 1 = done)
  2- to make sso works on port 80, i have used webcache as reverse proxy for sso, and it's done but i have error (WWC-41400), but it doesn't affect login on portal, and that is my first problem.
  3- To have BI Publisher to work and authenticate users using single sign-on on port 80 (from outside), I had to install AS 10.1.3 (http on port 7779) on the same machine mentioned above, and then deploy BI Publisher on it, and that was ok, but problem is how to make use of single sign-on to authenticate people listed in oracle internet directory of INFRA installation mentioned above to use BI Publisher on port 80 only.
  So, could anyone please guide me in problem 2 and 3.
  Thanks in advance.
  Anas

  a couple of parameters not configured inside the Tomcat files. Now the SSO is working.
  SNC is not required for sso in bi 4.0
  http://wiki.sdn.sap.com/wiki/display/BOBJ/BI4IntegrationintotheSAPEntreprisePortal+7.0.x
  http://wiki.sdn.sap.com/wiki/display/BOBJ/SetupofSAPSSOServiceinSAPBOBI4.0+CMC
  Best Regards

• How to do single sign on for multiple webservices in flex application

  Hi Experts,
  I have created a flex application and using few webservices in that application. When I run the application its asking logon details for each and every webservice I used. However I want to do single sign On without providing logon details for each and every webservice.Please suggest me.
  Thanks and advance.

  Hi,
  if yout projects are deployed in their own Java EE context root then you have multiple applications, though logically you count them as one. Use OSSO or Oracle SSO (where OSSO should be fine since all deployments share the same instance)
  Frank

• Use single sign on for multiple portal domains

  Is it possible for a user to sign on once to a domain, and then be able to access other domains. What I'm trying to do is have one user registration page/login page, but use different portal server domains to present different sites, while at the same time having a type of single sign on, once a user has entered his credentials. Thus my registration process will create a new ldap user in an external directory, and i can then just point all the different domains to that External Ldap directory.

  I wouldn't recommend this because it would affect performance plus there are potential other issues like conflict that you would run into ..
  Everytime a user logs into a new session is created for him and this means a user might have multiple sessions on the server. The cookie that is also set is dependent on per portal domain so it might not work ..
  An alternative approach might be to have multiple roles and then customize the role for different views. You can modify the membership code in such a way that based on certain criteria you can assign him to a particular role, equivalent to your domain. However the problem could be if you want to provide delegated admin, currently the delegated admin is only at a domain level.

• Single Sign-On for OS X 10.8 Server/AD

  Hi All -
  I know that in OS 10.7 Server it was possible to bind my Mac Mini running Lion Server to an AD Domain Controller, set up Open Directory and then Kerberize the Open Directory Master in order to give Mac clients single sign-on access to resources normally managed by AD. Without the Server Admin Tools, it appears this functionality is non-existent in Mountain Lion server? Is this the case, and if not, how would I go about doing this? I am somewhat new to the Mac Server Administration world, thanks in advance for your help.

  Yes it is still possible.  And the process and tools are just a bit different.  My process is:
  1:  Make sure your Mac and your AD controller agree on time.  Either set both to an common external time server or point your Mac at the AD controller if you are running NTP services on it.
  2:  Make sure DNS is correct all around.  Your Mac should have an A and PTR record and be configured with a fixed IP address.  Running sudo changeip -checkhostname should return good results.  You must complete a first run of Server.app to run the command as shown about or you will need to path to inside the Server.app applications bundle with sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/changeip -checkhostname  A reboot seems to be required to allow the updated classpath.
  3:  Launch Server.app and choose Directory Utility from the Tools menu.
  4:  Bind the server to AD much like you would a client.  However, since no one is logging in directly to this machine, settings like Mobile account and UNC path can be disabled.
  5:  Once bound to the domain, disable machine record password reset (sudo dsconfigad -passinterval 0)
  6:  Then kerberize your services with sudo dsconfigad --enablesso
  That will get your Mac Server ready to participate in AD for compatible services.  I will always try to get the AD admins to create the needed groups for me.  And now with the deprecation of MCX and the promotion of Profiles, I see less of a need for OD groups.  Your experience may be different.  If you still need OD. Use Server.app to enable OD and then follow the wizard to create a new OD master.  This will allow you to manage proxy groups containing AD users and groups.

• How to Create Single Sign On for Yahoo

  hi,
  i know how to do SSO for SAP R/3 SYSTEM.
  i want to know how to connect yahoo system using SSO
  let me know procedure how to do that
  regards
  prakash

  Hi,
  Yahoo is already single sign on. You just login in home page and you can access your briefcase, photos, etc...
  you don't require to do anything special.
  If i didn't understand eloborate...
  --Ragu

• MS Outlook Integration with CRM & Single Sign-On for Mobile\Blackberry

  Hi,
  Weu2019re looking at implementing CRM and have some questions on whether SSO (Single Sign-On) is a requirement for integrating Outlook with CRM for access via Mobile\Blackberry devices or not. I've the following questions:
  - For integrating Outlook and Active Directory with CRM is SSO implementation a MUST?
  - Also, is it possible to integrate Outlook without Active Directory integration with SAP esp. CRM?
  Mandeep Virk

  We got this figured out a couple of months earlier. It's nto a requirement to have SSO enabled for MS Outlook integration w/ CRM for Mobile\Blackberry use.

• How can i configure firefox single sign-on for urls on citrix environment to affect all users

  Hello,
  i tried to configure single sign-on on firefox, which is published on our citrix environment and i tried to setup it as per this article "http://support.citrix.com/article/ctx120598" this method and it only applies for a single user, is there any way of doing the config to apply for any user which is loged via citrix session...?
  Thank you,
  Manoj.

  you can use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values for all users and profile folders.
  Place a local-settings.js file in the defaults\pref folder where also the channel-prefs.js file is located to specify using mozilla.cfg.
  pref("general.config.filename", "mozilla.cfg");
  pref("general.config.obscure_value", 0);
  These functions can be used in the mozilla.cfg file:
  defaultPref(); // set new default value
  pref(); // set pref, allow changes in current session
  lockPref(); // lock pref, disallow changes
  See:
  *http://kb.mozillazine.org/Locking_preferences
  *http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/

• Single-sign-on for Polestar

  Hello!
  I assigned the Polestar server URL to NW Portal, then I can't skip the logon screen at Polestar.
  The signle sign on problem can be solved for Crytal reports,Xcelsisu dashboard,but I have no clue about Polestar(Business Object Explorer).
  How can we skip the Polestar logon page or is it possible to hard code the userid,password,authentication in the Polestar BO server URL(ex.in below URL) ?
  http://<BO server>:<port number>/polestar/
  Appreciate your wisdom!
  Thanks & Regards,
  Lai Wei

  If you are using SAP as your primary ERP or BI solution, then simply install the SAP Integration Kit on your BOE XI 3.1 server where Polestar is running.  Then follow the instructions to enable the SSO authentication via SAP Auth.
  Then simply use your SAP user ID and password to login to the Polestar application.
  If you want to completely bypass the login screen, simply configure Single Sign-On it's alittle more complicated.
  Would need to know what your users are currently logging into(NT Auth, SAP Portal, Windows AD), then you would simply need to setup a trust relationship between the current login and your BOE...which is fully support for the above options listed.
  Most of this stuff would be in the BO Administration forum.

• Single Sign On for SAP - Integration wih AD

  Users often need both an SAP and Active Directory identity and password to work in their IT environment. However, these multiple identities and passwords create several problems: user confusion leading to decreased productivity, increased help desk costs and security breaches.
  For this purpose how can we extend Active Directory authentication for single sign-on to SAP?
  Regards,
  Majid Khan

  Hi,
  It seems that SAP SSO/IWA  based on Spnego Kerberos is what you want.
  Spnego Kerberos only works on a J2EE stack based system.
  The classical technique is so to implement it on a SAP portal and to use redirect applications to use the portal saplogon ticket to authenticate on abap systems.
  Check help.sap.com on the subject, you will get a lot of information.
  Regards,
  Olivier