Single Sign On for SAP - Integration wih AD

Similar Messages

• Single Sign On For CRM IC?

  I'm working on a project to implement Single Sign On for our company.  I currently have it working for all of our SAPGUI users via SNC (LDAP auth) and also our portal users (also via LDAP auth), and want to use it also for the CRM Interaction Center (Web client). 
  Has anyone successfully implemented a single sign on solution for the IC?  If so, reward points are waiting for someone who can guide me to documentation on how to set it up/configure.
  Thanks in advance for any help the forum can provide.

  Hi Wayne, a very good question based on the docs. <a href="http://help.sap.com/saphelp_crm40sr1/helpdata/en/99/39926a159f4a75bd7abeec9b49a040/frameset.htm">In the docs</a> it is stated that:
  <b>Integration Into Single Sign-On Environments</b>
      The application does not accept SAP logon tickets.
      The application does not accept X.509 digital certificates.
      When the IC agent user is integrated into the SAP Enterprise Portal, it is SSO enabled.
  I would guess, this means, there is an iview or something like this in the portal to start the WebClient wihtout requiering the user to authenticate again.
  regards,
  Patrick

• How to use single sign-on  for BCC and Experience Manager

  Does anyone have experience in implementing single-sign-on for BCC and Endeca Experience manager for business users.

  With the older versions of Endeca commerce stack there is no OOTB support for this. However with Oracle Commerce 11, SSO with BCC and Experience Manager are out of the box. Oracle Commerce 11 is released today.

• No Connection after installing SP 2.3 for SAP Integration Kit

  Hello Community!
  We just installed Service Pack 2 and Fix Pack 2.3 (in this order) for SAP Integration Kit on one of our client's servers. Before that everything worked fine. After the installation I verify the CE connection in /crystal/rptadmin. The result is:
  Unable to log on to Enterprise system. Reason: Unable to log on: Could not connect to server vm103:6400.  Please check that the server name is correct, and that the server is running.
  I checked the RFC connection in sm59 but that works normally. BW Publisher Service is also running. The servers (BW and BO) are on the same machine: Windows 2008, 64bit, SQL Server, BOE XI 3.1 SP 2.
  The BW Publisher Trace log shows the following entry:
  [Fri Feb 26 12:45:57 2010]     1480     6084     SAP bwcepub: Tracing is enabled.
  [Fri Feb 26 12:46:17 2010]     1480     6084     Entering CPubReqPing::Process(1)
  [Fri Feb 26 12:46:17 2010]     1480     6084     Logging on to Crystal Enterprise
  [Fri Feb 26 12:46:23 2010]     1480     6084     ERROR: .\system_connectors.cpp [479]: l_pSessionMgr->Logon(l_bstrUserName, l_bstrPassword, l_bstrCMSName, l_bstrAuthMethod, &m_pSession) failed with return code l_hr = -2147219455
  [Fri Feb 26 12:46:23 2010]     1480     6084     Leaving CPubReqPing::Process(1)
  [Fri Feb 26 12:46:23 2010]     1480     6084     Dispatch returned with code 0 and message [See RFC trace file or SAP system log for more details]
  When I try to log into BO Info View or CMC with my SAP credentials CMS crashes without any logs!
  This is now the 2nd server with that issue!
  Any ideas what this could be?
  Thank!
  phil

  No, this happens only by logging in with SAP credentials.
  CMS log file shows a huge list of entries like this one:
  .\pluginhelper.cpp:276: TraceLog message 1
  2010/02/26 11:46:49.316|>>|A| |  936|6040| |||||||||||||||assert failure: (.\pluginhelper.cpp:276). (0 : Error reading pin file E:\Business Objects\BusinessObjects Enterprise 12.0\packages\BusinessObjects_ClientActionSet_CrystalReport_UploadSet_dfo.xmlwarnings:
  errors:
  fatal errors:
  Fatal Error in file: E:\Business Objects\BusinessObjects Enterprise 12.0\packages\BusinessObjects_ClientActionSet_CrystalReport_UploadSet_dfo.xml, line: 1, col: 1, Message: Invalid document structure
  But I've got these entries on other systems too...

• Single Sign on for 2 Web Applications deployed on Web Logic Server

  We want to implement single sign on for our application.
  We want to deploy 2 applications(JSF/ADF) on web logic server say
  webapp1 and webapp2.
  If user already logged into webapp1 with valid userid and password and
  then he access the link for webapp2 he should not be asked to provide
  the credential details userid and password.
  How we can implement this
  1. If user credentials are maintained/authenticated against LDAP
  2. If user maintained/authenticated are from database

  you are in the wrong forum. This one is related to Oracle forms. Try the ADF-forum instead.

• Oracle Single Sign-On for perticular module ?

  hello people,
  I have implemented Single Sign-On for some of my jsp pages in different folders like finance, inventory, etc,. Am creating some test users and groups in OID. but the users in inventory group are able to login to finance module. can u please give me some suggestions on how to restrict this ? where to do the configurations ?
  thanks

  Hi,
  if it is a J2EE application, use J2EE roles - defined in web.xml - and map it to groups in OID through the orion-application.xml file. See the OC4J security guide which is a part of Oracle Application Server documentation on OTN
  Frank

• Using the Portal Single Sign-On for java applet clients

  Hi
  We have a task to build a java applet working within a portlet and comunicating to some session EJB(wrapped BC4J) running on the OC4J. The applet is presumably connecting to server via RMI. This connection should be restricted to some groups of portal users.
  When a user is entering the applet he is supposed to be already logged into the Portal.
  There is a lot of information on building custom secure portlets using only a pure HTML(same as JSP) client whith the help of the Portal Single Sign-On.
  But, is it possible to use the Single Sign-On for establishing a secure RMI connection from applet to OC4J without entering a password in the applet once more?
  Yuriy

  Perhaps you can write a small JSP page or PLSQL
  web procedure that will grab user name from
  the SSO Server (via SSOSDK/mod_osso)
  and invoke the applet with encrypted user name.
  The applet will receive the encrypted username
  and decrypt it to get the clear user name.
  This help to get Single Sign-On.
  To make sure that environment is secure, encrypted
  user name parameter should have random salt,
  user name, and time stamp to prevent replay attack.
  Applet must make sure that the encrypted users name
  time stamp set by the JSP/PLSQL page has value
  within a reasonable time limit like 5 minutes

• Integrating AS 10.1.2 and AS 10.1.3 to use Single Sign-on for BI Publisher

  Hi Everyone
  I was trying to make the following demonstration scenario on the AS and the facilities that can afforded by Oracle to our company:
  Note: I have just one machine for demonstration with Win2003 Enterprise
  First of all, I need to build a portal for my company, this portal will be published to the web through port 80 opened by Microsoft ISA Firewall (ISA installed on different machine):
  1- Portal should be integrated with oracle forms and reports with single sign-on
  2- AS, should have single sign-on authentication to work on port 80 only.
  3- Portal should be integrated with BI Publisher 10.3
  For the objectives mentioned above i have done the following:
  1- install AS 10.1.2 (infra and mid-tier) on the same machine with default installation options (http port 7777 for infra and port 80 for MT). (objective 1 = done)
  2- to make sso works on port 80, i have used webcache as reverse proxy for sso, and it's done but i have error (WWC-41400), but it doesn't affect login on portal, and that is my first problem.
  3- To have BI Publisher to work and authenticate users using single sign-on on port 80 (from outside), I had to install AS 10.1.3 (http on port 7779) on the same machine mentioned above, and then deploy BI Publisher on it, and that was ok, but problem is how to make use of single sign-on to authenticate people listed in oracle internet directory of INFRA installation mentioned above to use BI Publisher on port 80 only.
  So, could anyone please guide me in problem 2 and 3.
  Thanks in advance.
  Anas

  a couple of parameters not configured inside the Tomcat files. Now the SSO is working.
  SNC is not required for sso in bi 4.0
  http://wiki.sdn.sap.com/wiki/display/BOBJ/BI4IntegrationintotheSAPEntreprisePortal+7.0.x
  http://wiki.sdn.sap.com/wiki/display/BOBJ/SetupofSAPSSOServiceinSAPBOBI4.0+CMC
  Best Regards

• MS Outlook Integration with CRM & Single Sign-On for Mobile\Blackberry

  Hi,
  Weu2019re looking at implementing CRM and have some questions on whether SSO (Single Sign-On) is a requirement for integrating Outlook with CRM for access via Mobile\Blackberry devices or not. I've the following questions:
  - For integrating Outlook and Active Directory with CRM is SSO implementation a MUST?
  - Also, is it possible to integrate Outlook without Active Directory integration with SAP esp. CRM?
  Mandeep Virk

  We got this figured out a couple of months earlier. It's nto a requirement to have SSO enabled for MS Outlook integration w/ CRM for Mobile\Blackberry use.

• When we need to go for single sign-on in SAP-XI

  hi,
     When exactly we need single sign-on, and if we do not implement single sign-on in XI , do we get any problems during implementing the project.
  Regards
  siva

  Siva,
  SSO is used to avoid signing on using password each time into ur IR /ID RWB or Appln. system. See each and everytime when u log in to these systems u need to give user name and pwd, but if  enabled SSO then it won't prompt for u the password. Once u enter the username it will log u in.
  No, you won't get any problem in XI , if u haven't enabled SSO in XI. Its the additional feature so that it will not affect ur implementation.
  -raj.

• Single-sign-on for Polestar

  Hello!
  I assigned the Polestar server URL to NW Portal, then I can't skip the logon screen at Polestar.
  The signle sign on problem can be solved for Crytal reports,Xcelsisu dashboard,but I have no clue about Polestar(Business Object Explorer).
  How can we skip the Polestar logon page or is it possible to hard code the userid,password,authentication in the Polestar BO server URL(ex.in below URL) ?
  http://<BO server>:<port number>/polestar/
  Appreciate your wisdom!
  Thanks & Regards,
  Lai Wei

  If you are using SAP as your primary ERP or BI solution, then simply install the SAP Integration Kit on your BOE XI 3.1 server where Polestar is running.  Then follow the instructions to enable the SSO authentication via SAP Auth.
  Then simply use your SAP user ID and password to login to the Polestar application.
  If you want to completely bypass the login screen, simply configure Single Sign-On it's alittle more complicated.
  Would need to know what your users are currently logging into(NT Auth, SAP Portal, Windows AD), then you would simply need to setup a trust relationship between the current login and your BOE...which is fully support for the above options listed.
  Most of this stuff would be in the BO Administration forum.

• How to single sign off from all integrated forms with application server

  Hi!
  I deployed two forms form1 and form 2 on oracle application server 10g.
  The i created user in oid and created two data sources for these two forms to have data from database .
  I enabled single sign on on the formsweb.cfg file ,Now single sign on is working fine .
  When i try to open any form it promt me the SSO page after successful login it opens the form but problem is that now how do i log out so that when i logout from one form i should logout from other form as well using single sign off
  please can anybody help...

  Hello Anoop,
  The folowing link describes how to setup SSO between two portal.
  http://help.sap.com/saphelp_nw04s/helpdata/en/43/2232900bb93fece10000000a11466f/frameset.htm
  Regards
  Deb
  [Reward Points for helpful answers]

• How to Create Single Sign On for Yahoo

  hi,
  i know how to do SSO for SAP R/3 SYSTEM.
  i want to know how to connect yahoo system using SSO
  let me know procedure how to do that
  regards
  prakash

  Hi,
  Yahoo is already single sign on. You just login in home page and you can access your briefcase, photos, etc...
  you don't require to do anything special.
  If i didn't understand eloborate...
  --Ragu

• How to do single sign on for multiple webservices in flex application

  Hi Experts,
  I have created a flex application and using few webservices in that application. When I run the application its asking logon details for each and every webservice I used. However I want to do single sign On without providing logon details for each and every webservice.Please suggest me.
  Thanks and advance.

  Hi,
  if yout projects are deployed in their own Java EE context root then you have multiple applications, though logically you count them as one. Use OSSO or Oracle SSO (where OSSO should be fine since all deployments share the same instance)
  Frank

• Use single sign on for multiple portal domains

  Is it possible for a user to sign on once to a domain, and then be able to access other domains. What I'm trying to do is have one user registration page/login page, but use different portal server domains to present different sites, while at the same time having a type of single sign on, once a user has entered his credentials. Thus my registration process will create a new ldap user in an external directory, and i can then just point all the different domains to that External Ldap directory.

  I wouldn't recommend this because it would affect performance plus there are potential other issues like conflict that you would run into ..
  Everytime a user logs into a new session is created for him and this means a user might have multiple sessions on the server. The cookie that is also set is dependent on per portal domain so it might not work ..
  An alternative approach might be to have multiple roles and then customize the role for different views. You can modify the membership code in such a way that based on certain criteria you can assign him to a particular role, equivalent to your domain. However the problem could be if you want to provide delegated admin, currently the delegated admin is only at a domain level.