Single Sign-On with multiple shops in E-Commerce 7
I have more than one shop and everything is working fine.
Right now I want to do a single sign on.
I have it working in a previous version. e-commerce v4
I'm developing in e-commerce v7.
The class PrepareLoginAction.java exists.
The action "/preparelogin" exists in the file config_user.xml, but never used.
Can anyone know why or how I can use PrepareLoginAction in v7.
Any help will be much appreciated.
Thanks in advance.
Well, if you want to hear my personal opinion:
better stick to the cookie specification (http://wp.netscape.com/newsref/std/cookie_spec.html) and accept the constraint that cookies will only be send to domains that tail-match the domain-constraint specified in the set-cookie http response.
Although this specification is not an official internet standard most browsers are implementing the cookie mechanism according to this specification.
Unfortenately there's no option to specify that a cookie should be send to a list of servers and/or sub-domains.
However one physical server can have multiple (FQDN) hostnames. So if you intend to send the cookie to a group of servers the best approach is to create a new (DNS) (sub-)domain exclusively for those servers.
Theoretically (and also practically) it is possible to set cookies for multiple domains (by using a webservice that will set cookies on request of a caller). But that approach is dangerous:
(1) not the server but the http client is defining the content of the cookie (= part of the http server response)
(2) (unintended) many servers can obtain the cookie which will be send to all servers that reside in all (tail-matching sub-)domains; although most likely only one or two servers of each domain are intended recipients
Regards, Wolfgang
Similar Messages
-
Single Sign-on with Multiple Servlets and JSPs
I am in the midst of attempting to logically tie together a number of our
web applications under a single sign-on "umbrella". What we want is the
following: for any n applications a user may have access rights for up to n
of them. Once signed in, she has rights to visit any app to which she has
permissions as long as her session is valid. Unfortunately, I'm having
trouble seeing how to make this work given the documentation that I have.
I've read thru the newsgroup in search of a solution, but I haven't seen
anything geared toward this specific approach.
Currently, each "application" (servlet) has a list of valid users via ACLs
(we've implemented a RealmExtender, so we're not going via props file
entries), and we let the browser pop-up window enforce the sign-on. This
has worked exactly as we wish (single sign-on, etc.), for testing, but we'd
really rather have our own form-based sign-on for production.
To that end, we've done the following:
1) implemented a JSP form-based sign-on (basically ripped off from the
example provided by BEA), which does a "ServletAuthentication.weak()" check
to confirm identity.
2) placed the following code (essentially) within the service() method of
our servlet superclass, which I thought would force another check. My
intention is to disallow the user from "jumping into" an app thru a
shortcut, and thereby bypassing security.
HttpSession session = request.getSession(true);
if (session.isNew()) {
response.sendRedirect(welcomeURL);
However, we can't get the form-based approach to mimic the functionality of
the default browser pop-up: the sign-in doesn't seem to "follow" the user
the way it did with the pop-up. Instead, when I come in thru our login
page, the browser pop-up is still appearing when I click the link for an
app for which to which I have permissions.
Is the default browser pop-up doing something different that I should know
about? Seems like this should be simple to do, but it's surprisingly subtle
(or maybe I'm just clueless).
TIA
Well, if you want to hear my personal opinion:
better stick to the cookie specification (http://wp.netscape.com/newsref/std/cookie_spec.html) and accept the constraint that cookies will only be send to domains that tail-match the domain-constraint specified in the set-cookie http response.
Although this specification is not an official internet standard most browsers are implementing the cookie mechanism according to this specification.
Unfortenately there's no option to specify that a cookie should be send to a list of servers and/or sub-domains.
However one physical server can have multiple (FQDN) hostnames. So if you intend to send the cookie to a group of servers the best approach is to create a new (DNS) (sub-)domain exclusively for those servers.
Theoretically (and also practically) it is possible to set cookies for multiple domains (by using a webservice that will set cookies on request of a caller). But that approach is dangerous:
(1) not the server but the http client is defining the content of the cookie (= part of the http server response)
(2) (unintended) many servers can obtain the cookie which will be send to all servers that reside in all (tail-matching sub-)domains; although most likely only one or two servers of each domain are intended recipients
Regards, Wolfgang -
can I sign in with multiple apple IDs in a single apple device without deleting my previous one?
Hi swagyoloswag,
Welcome to the Apple Support Communities!
There are several different services that require signing into an Apple ID to use on your iOS device. You can sign into different Apple IDs for different services on your iPhone. For example, Apple ID #1 for iCloud and Apple ID #2 for iTunes & App Store. You cannot sign into the same service with two different Apple IDs at the same time. The attached article has a list of services that are accessible with your Apple ID.
Where can I use my Apple ID? - Apple Support
Cheers,
Joe -
Implementing single sign on across multiple web apps
Hi
I was wondering if somebody could help me. I need to implement single sign on
for multiple web apps deployed in separate WARs in a single EAR file. I need
to authenticate against an LDAP server and ensure that the user only has to sign
on once per user session even if the user navigates between web apps. The weblogic
docs only seem to go so far, i.e. "Single sign on works if each web app uses the
same cookie" etc. So I see that, apart from buying WebLogic Enterprise Security
there are only two ways of doing this:
1. Implement single sign on.
2. Create my own security realm with my own authenticator implementations.
So my questions are:
1. We don't want to effect the normal weblogic user/passwords used to access the
WLS console but need to have single sign on. Should we implement single sign on
(option 1,above) or create our own realm?
2. Can somebody point me to somewhere on the web/in the the WLS documentation
that shows me how to implement single sign on using session cookies?
TIA
Mik"Mik Quinlan" <[email protected]> wrote in message
news:[email protected]..
>
Hi
I was wondering if somebody could help me. I need to implement singlesign on
for multiple web apps deployed in separate WARs in a single EAR file. Ineed
to authenticate against an LDAP server and ensure that the user only hasto sign
on once per user session even if the user navigates between web apps. Theweblogic
docs only seem to go so far, i.e. "Single sign on works if each web appuses the
same cookie" etc. So I see that, apart from buying WebLogic EnterpriseSecurity
there are only two ways of doing this:
1. Implement single sign on.
2. Create my own security realm with my own authenticator implementations.
So my questions are:
1. We don't want to effect the normal weblogic user/passwords used toaccess the
WLS console but need to have single sign on. Should we implement singlesign on
(option 1,above) or create our own realm?
2. Can somebody point me to somewhere on the web/in the the WLSdocumentation
that shows me how to implement single sign on using session cookies?
http://e-docs.bea.com/wls/docs81/security/thin_client.html#1039551
That also has a pointer to:
For more information, see session-descriptor in Assembling and Configuring
Web Applications. -
How to pass credentials/saml token exchange to the sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication
Identity provider here is Oracle identity provider
harika kakkireniHi,
The following materials for your reference:
Consuming List.asmx on a claims based sharepoint site
http://social.technet.microsoft.com/Forums/sharepoint/en-US/f965c1ee-4017-4066-ad0f-a4f56cd0e8da/consuming-listasmx-on-a-claims-based-sharepoint-site?forum=sharepointcustomizationprevious
Sharepoint Claims based authentication and Single Sign on
http://social.technet.microsoft.com/Forums/sharepoint/en-US/2dfc1fdc-abc0-4fad-a414-302f52c1178b/sharepoint-claims-based-authentication-and-single-sign-on?forum=sharepointadminprevious
Sharepoint Claim Based Authentication Web Service issuehttp://social.msdn.microsoft.com/Forums/office/en-US/dd4cc581-863c-439f-938f-948809dd18db/sharepoint-claim-based-authentication-web-service-issue?forum=sharepointgeneralprevious
Best Regards
Dennis Guo
TechNet Community Support -
Single proforma invoice with multiple deliveries
Hi
I would like to know how to create a single proforma invoice with multiple delivery numbers. Please let me know how?
ThanksApart from the above option, you can also use T-code VF04 i.e. Billing due list
Regards,
Sagar -
Using single SMB share with multiple Hyper-V clusters
Hello,
I'm trying to find out if I can use a single SMB share with multiple Hyper-V Clusters. Looking at:
How to Assign SMB 3.0 File Shares to Hyper-V Hosts and Clusters in VMM
I think it's possible. Since the File Server is going to handle the file locking it shouldn't be a problem.
Has anyone tried that?
Thank you in advance!Hello,
I'm not sure that's possible, I get this from this statement:"Assign the share—Assign
the share to a virtual machine host or cluster."
Even if it worked I wouldn't do that. Why don't you just create multiple shares? -
Single step workflow with multiple approvers (without using a group)
Hi,
is it possible to have a single step workflow with multiple approvers without using a group? This is for a contract document.
i want to add a number of users based on particular logic. The approvers are random and do not belong to any particular group.
DO let me know if it is possible or if any of you have done that.
thanks in advance.
regards,
rubioHi Rubio,
I believe the behavior would be, if individual users are added as approvers then the system would require each approver to approve the document. However, if you use the user group, you could set the role so that it would be either ALL or ANY.
Regards,
Vikram -
How do I create a single PDF file with multiple pages?
Hi, I occasionally need merge several jpg images into a single pdf file with multiple pages (one Jpg per page). I have tried doing this on Preview, and by selecting all the pages I want to include in my document and trying to save to Pdf through the "Print" function, but every time it only saves the first page.
Can anyone tell me if there is a way to save multple-page pdf files without having to purchase a specific program (i to this too infrequently to justify the cost)?
Thanks very much,This works for me...
Open first image in Preview View > Sidebar. Drag the other images into Sidebar, then select all.
From File menu > print selected images. Choose PDF > Save as PDF
-mj -
How to integrate single sign on with third party system
we are in the process of implementing istore application. we already have home grown isupport application to contact support personnal for any issues. Now we are wondering how do we integrate oracle applications single sign on with our third pary system. Is there any recommendation provided by oracle to achieve the same.
We too are in the process of implementing iStore with SSO features.
And if you believe me it seems to me as nightmare.
In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
[email protected]
regards and thanks in advance
Vikas Deep -
Setting up BusinessObjects Enterprise 3.1 for Single Sign On with Xcelsius
Hi all
Does anyone have any documentation and/or whitepapers that documents the setting up BusinessObjects Enterprise 3.1 for Single Sign On with Xcelsius Dashboards (xcelsius accessing BusinessObjects universe data through QAAWS and Live Office..
Thank you for your help.
Kind regards,
DeanBased on the replies in this thread I'm guessing that there is someone out there that has gotten SSO to work with Xcelsius? If so could you please post the details of how that was achieved?
When we purchased Xcelsius we were under the impression that it supported SSO but have never been able to get it to work and finally had SAP tell us that Xcelsius did not support SSO.
Our understanding is that in order to bypass a login for Xcelsius you have to use QaaWS as the datasource and hardcode an enterprise id and password.
LiveOffice supports SSO but not when it's used as a datasource within Xcelsius. -
How enabled Single Sign-On with a System SAP WAS ABAP (Run application BSP)
Hi.
I need to run any application BSP from a System SAP WAS ABAP, without entering SAP user and password. Using the windows authentication and without SAP Enterprise Portal.
What authentication methods I have to apply for enabled Single Sign-On with a System SAP WAS ABAP?.
And How can I enabled this method?.
Best regards.
Luis Gomez.Hi Ticiano,
SAP WebAS ABAP supports a number of authenticaiton mechanisms. See
[http://help.sap.com/saphelp_nw04s/helpdata/en/02/d4d53aa8a9324de10000000a114084/frameset.htm]
A number of these authentication mechanisms can be combined with Windows authentication (e.g. SNC, client certificates, ...).
The decision what mechanism fits best depends on critieria like
- SAP server platform
- security requirements
- extensibility (should same authentication mechanism be used for future SAP environments, which will be E-SOA based)
- authentication from outside company domain
- Use of SAP security library (SAPcryptolib)
You may want to look at the SAP Software Solution Partner Catalog, if you look for certified SSO solution vendors for SAP.
Best regards,
Peter -
How to single sign on with webApplication with Basic Authenticated in IIS
Dear Sir,
Our server is EP6 SP14, we will link iview with BW URL which using basic authen in IIS. . Please kindly advise howto single sign on with webApplication with Basic Authenticated in IIS
Thank you and best regards,
VimolAre you sure the BW is using IIS? Most recent versions are using ABAP style authentication. What version are you running?
You may want to investigate IISProxy - it's no longer supported, but it might help you out. It basically takes an SSO cookie and allows IIS to "know" who the user is.
Cheers -
Integrate Single Sign-On with Oracle E-Business Suite Release 12.
Hi
How to integrate oracle Single Sign-On with Oracle E-Business Suite Release 12 , give links and ideas about this ,
Thanks
Edited by: user12235518 on Feb 19, 2012 10:10 PMHow to integrate Single Sign-On with Oracle E-Business Suite Release 12 , give links and ideas about this ,Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11gR1 (11.1.1.5) using Oracle E-Business Suite AccessGate [ID 1309013.1]
Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On 10gR3 (10.1.4.3) [ID 376811.1]
Troubleshooting Oracle Application Server 10g SSO and OID with Oracle E-Business Suite Release 12 [ID 380487.1]
Thanks,
Hussein -
Can I communicate single PXI chassis with multiple computer using MXI
Can I communicate single PXI chassis with multiple computer using multiple MXI cards
we are using cvi with MXI we want to share channels for other computers Can we do with mxiYes this is possible when you use a PXI controller. Attached is a screenshot showing a possible configuration.
Jacob K || Applications Engineer || National Instruments
Attachments:
PXIMaster.png 20 KB
Maybe you are looking for
-
I have an ion guitar and I can't get it to play? It says I need to aggregate MIDI but I don't see that button on 10.6.8.
-
Scanning problem with HP Photosmart C6180
Since the upgrade to 10.6 my HP C6180 multifunction printer is not working as a scanner from Adobe Acrobat Pro 9 I select from the acrobat menu: File CreatePDF From Scanner in the "acrobat scan" window Scanner: shows "Please select a device" but ther
-
DAILY GENERATION REPORT Date PARTICULARS UNIT FREQUENCY UNIT#1 Value UNIT#2 Value PLANT#1 Value GENERATION MUs Daily GENERATION MUs MTD GENERATION MUs YTD PLANT LOAD FACTOR % Daily PLANT LOAD FACTOR % MTD PLANT LOAD FACTOR % YTD
-
Help required - frequent hang and slow down in my MBP
Hi, My MBP get slow down frequently with the colour circle come up and need a few minute to resume and hang again. ANd this hang seem can stop the hold machine even for Force quit and Activity Monitor And it seem most likely that, if I quite Safari a
-
Correct Hardware Requirment for Educational Purpose
Goal: Buy a new hardware for SharePoint development. Purpose: Increase my knowledgein SharePoint development. Today. I'm a junior SharePoint developer. I have experience in dot.net deveopment but not in SharePoint development. Problem: 1. Is Hardware