Single Signon in WLP 4.0 ?

Similar Messages

• Testing Single Signon partner apps on local dev server

  We're just starting to look at hooking our new webapp into the Single Signon Server. What I don't see, at the moment, is a good way of continuing to test a SSO application on local machines so that it can be accessed through SSO when deployed to the server.
  The application will have to pick up some user information from the signon to decide which data is accessible. Is there some kind of dummy SSO connection, or should I write one? How have people coped?

  Oops! Sorry for multi-posting. Our firewall denied that the posting had happened and I tried again!
  Somebody please delete embarassing duplicates.

• Single Signon and Integration with Active Directory

  Hi,
  We have a requirement to integrate Active Directory with SAP and implement Single Signon solution. Our Active Directory is running on Windows 2003 and we are having systems 4.7 , ECC6.0 which run on Linux OS in our landscape.
  Can anyone of you help me by answering following questions
  1. Is there any need of any third party solution(tool) to integrate  Active Directory and SAP and activate single signon?
  2.Is there any difference in integration from SAP 4.7 and ECC6.0 of SAP on Linux OS with Active Directory ?
  3. If possible please share any documents or links on above issue.
  Suitable answers will be rewarded with points. Thanks in advance for your help
  Regards
  Murali

  > Thank you very much for providing me the link. But the document on link seem to be in German. Can you please let me know how to get English version of this document.
  I'm sorry, you'd have to ask Realtech for that document in English.
  Basically you can follow
  http://osdir.com/ml/encryption.kerberos.general/2004-11/msg00007.html
  Markus

• Single-signon for multiple sites or sub sites

  Does anyone know of some good articles/publications or suggestions for
  implementing a single signon for multiple very secure internet sites in
  weblogic type environments.
  For example, bank1 has a internet site and bank 2 has an internet site.
  Bank 2 has some cool features they want to offer bank1's customers. They
  agree but, bank1 wants to present bank2 as a tab or part of bank1 site.
  IN order to do this there are lots of fun things, but the things Im
  interested in are how to authenticate between them and handle timeouts.
  timeouts seem particularly tricky in that if I dont hit a page on bank2
  for a while, it could time out its session for the guy on bank1. Also if
  im in the bank2 section of the site, then bank1 could time me out as
  well.
  any ideas let me know.
  thanks
  Joel

  I've been informed ;-) that a pure Java solution is also available from
  Entegrity. So here are a couple of URLs for you to research
  anagrammatically:
  http://www.netegrity.com
  http://www.entegrity.com
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  Tangosol: How Weblogic applications are customized
  "Cameron Purdy" <[email protected]> wrote in message
  news:[email protected]...
  Netegrity?
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  Tangosol: How Weblogic applications are customized
  "Tim Funk" <[email protected]> wrote in message
  news:[email protected]...
  This is long winded and I tried to have this make sense, if it doesn't
  just mark this as read ...
  I am running into the same issue. Out of need, different applications
  need to be hosted on different boxes/JVM's/web applications. I am
  experimenting with a customer single sign on process which is
  independent of Java but lends itself nicely to it. Here is my thoughts:
  1) All applications need to run under the same domain. For example:
  foo.redrose.net, www.redrose.net, bar.redrose.net, app1.redrose.net
  all reside under redose.net.
  2) You have a database table (secure) that contains the following:
  user id, password, session id, last access time.
  3) This database table contains all of the valid sessions across the
  domain (in this exmaple .redrose.net)
  4) There is a daemon running which runs every ?? seconds that deletes
  any records older than ?? seconds/(or minutes/hours) in the
  database.
  5) There exist a cookie which is set to the domain level that contains
  the session id.
  6) The session id provides a way to obtain the id and password for the
  user to authenticate to the container. For example in WL5.1SP8 there
  exists: weblogic.servlet.security.ServletAuthentication.weak(...) to
  authenticate to your container. By using this you will get the
  capability of setting up your roles and ACLS etc in you web.xml and
  weblogic.xml to handle authorization.
  7) All requests to any applications participating in this philosophy
  must do the following for EVERY request (or appropriate):
  Even if you are logged authenticated to the container and authorized,
  you may have timed out or logged out of another application. So the
  database table must be checked to see if the session id exists. At the
  same time, you must also update the last access time to prevent timeout.
  8) If the user tries to access a different application which he has not
  authenticated to yet - the user will be forwarded to a servlet whichwill:
  a) Look for the cookie at the domain level
  b) If the cookie is found - get the UID and PWD from database
  b2) Present login form if cookie is invalid/not exists
  c) Authenticate to container
  d) Forward back to original page and let the container handle
  authorization since you have already authenticated.
  I use have encapsulated the database activity into 3 stored functions:
  1) isValidSession(session_id) - Returns null or the user id and pwd
  concatentated which will need split apart if needed
  2) makeSession(user_id, password) - Returns a new unique session id and
  creates the appropriate record
  3) cleanUpSessions() - Arguements not yet determined. This will delete
  any records older than a certain time. I would like to have the proc
  know what to delete without being given a parameter but time to the
  second level can be tricky for some DBMS's.
  There is a concern of storing the user id and password in the database
  but this can be eliminated with a good design to restrict access to the
  database table and using encrypted connections.
  Hope this helps. Hopefully - a similar philosphy will be adopted by an
  application container so I may not have to worry about this and I can go
  back programming business functionality.
  -Tim
  Joel Nylund wrote:
  Does anyone know of some good articles/publications or suggestions for
  implementing a single signon for multiple very secure internet sites
  in
  weblogic type environments.
  For example, bank1 has a internet site and bank 2 has an internetsite.
  Bank 2 has some cool features they want to offer bank1's customers.They
  agree but, bank1 wants to present bank2 as a tab or part of bank1site.
  IN order to do this there are lots of fun things, but the things Im
  interested in are how to authenticate between them and handletimeouts.
  >>>
  timeouts seem particularly tricky in that if I dont hit a page onbank2
  for a while, it could time out its session for the guy on bank1. Alsoif
  im in the bank2 section of the site, then bank1 could time me out as
  well.
  any ideas let me know.
  thanks
  Joel

• Changing session language during Single Signon in PeopleSoft

  Hi All,
  I have a working PeopleSoft Single Signon environment. It is simple architecture where I have used the "Allow Public Access" feature in web profile configurations and a signon peoplecode program.
  Users on an external portal are given PeopleSoft component specific URL's with user ID as a query string in the URL (for testing only). However, I'm unable to allow non-English (or user's language preference feature) login as "SetLanguage" is not supported in signon peoplecode. By default the login is in English.
  Please let me know if there are any work around for this problem.
  Many Thanks
  Srini

  Hello,
  Is there a way to hide the option of select your language on the signin.html, I have removed the html code on signin.html and cleared the web server cache, still it shows up on the signin,html page? Am I missing anything?
  Thanks
  Ram

• Single signon between JSP page and Net.Data page

  I am trying to setup a single signon between a JSP page hosted on a tomcat server, and a Net.Data page hosted on an IBM HTTP server. Both of these servers are running on an AS400. The JSP page (www.jsppage.com/menu) contains a link to the Net.Data page (www.netData.com/page2). In order to access www.jsppage.com/menu the user needs to login. Once this happens I want them to be able to go back and forth between the two pages without having to log in when they switch servers. Page navigation is handled through myServlet.java so that when a user clicks on a link the request is forwarded on to myServlet.java where the servlet determines where to redirect the user to. The servlet uses
  RequestDispatcher requestDispatcher = getServletContex().getRequestDispatcher(url);
  requestDispatcher.forward(request, response);
  to forward the user to the correct page. This works fine for the JSP pages but when I forward to www.netData.com/page2 I get an error telling me the address doesn't start with a /. I also need to send the user name and password for the net.data pages to avoid the second login window to popup.
  I understand that the requestDsipatcher.forward() method directs the browser to a page that is relative to the current root directory. If I try to use response.sendRedirect(url) I get sent to the right page but the signon window pops up. I would appreciate any help.

  I am trying to setup a single signon between a JSP
  page hosted on a tomcat server, and a Net.Data page
  hosted on an IBM HTTP server. Both of these servers
  are running on an AS400. The JSP page
  (www.jsppage.com/menu) contains a link to the Net.Data
  page (www.netData.com/page2). In order to access
  www.jsppage.com/menu the user needs to login. Once
  this happens I want them to be able to go back and
  forth between the two pages without having to log in
  when they switch servers. Page navigation is handled
  through myServlet.java so that when a user clicks on a
  link the request is forwarded on to myServlet.java
  where the servlet determines where to redirect the
  user to. The servlet uses
  RequestDispatcher requestDispatcher =
  getServletContex().getRequestDispatcher(url);
  requestDispatcher.forward(request, response);
  to forward the user to the correct page. This works
  fine for the JSP pages but when I forward to
  www.netData.com/page2 I get an error telling me the
  address doesn't start with a /. I also need to send
  the user name and password for the net.data pages to
  avoid the second login window to popup.
  I understand that the requestDsipatcher.forward()
  method directs the browser to a page that is relative
  to the current root directory. If I try to use
  response.sendRedirect(url) I get sent to the right
  page but the signon window pops up. I would
  appreciate any help.You can't do that without passing username and password.
  The servers keep track of the user by storing a cookie on the clients computer. The cookie is only valid for the domain that created it.
  So, to make this work you need to send the username and password as part of the sendRedirect. the forward() method won't work.
  What you could do is create some code on the .net machine that accepts username, password and target URL as input. Once it receives those parameters it should perform the .net login procedure and redirect to the correct page.
  In your servlet you should pass those parameters on to the .net machine and the user should get the correct page without ever seeing any login windows.
  Make sure to use https if you decide to follow this scheme since http will transmit the username/password in cleartext.
  /Christopher

• How to create reports using single signon

  How to create reports with single signon and how to control the specific user access for the report.

  Hi Denis ,
  Thanks , Can u pls send a short document which contains the steps to configure the single sign on a user friendly
  document.
  regards
  Gope

• Single Signon using Trusted Authentication - version 3.0

  There was good documentation on this in version 2 but looks like 3.0 it was just copied and not much added.
  I am using the ISAPI redirector and have figured out the single signon but it logs in to the little window that use to contain the login when no sso is enabled.
  So, what piece am I missing?  Do I need a newer ISAPI redirctor?

  "madhav" <[email protected]> wrote in message
  news:3fa67a2c$[email protected]..
  >
  We are trying to enable single sign-on through perimeter authentication.We are
  trying to
  accomplish the same using DefaultAuthenticator andDefaultIdentityAsserter. We
  have the
  following questions
  1. Weblogic documentation says that the following authentication types aresupported
  username/password, certificate and perimeter. Where do I set the perimeterauthentication
  >
  type Ex: In web.xml, I can specify basic, Form or Client-Cert as the authmethod.
  How do I
  specify that the authentication method is perimeter based.
  You use client-cert. This causes the servlet container to look for identity
  assertion tokens
  in request headers and cookies. There is a CR to separate this from the
  authentication
  method.
  2. How do I create a token for the DefaultIdentityAssertor.
  Upon investigation in the AssertIdentity method of theDefaultIdentityAssertor,
  the code
  snippet from DefaultIdentityAssserterProvideImpl.java is the following
  You define your token format and implementation and then write a
  corresponding
  identity asserter. It handles the tokens, not the default identity asserter.
  >
  Is there a mechanism to generate the token for the AuthenticatedUser tokentype.We
  are
  trying to pass the token as a part of the HTTPHeader using the
  URLConnection.setRequestProperty("AuthenticatedUser",tokenString"). Wetried two
  >
  The authenticated user token type really should have been internal and not
  exposed as
  a token type. Don't use it - define your own token type.
  See the dev2dev security provider samples for an example of how to do this.

• Tutorial to Develope a Single-signon System using LDAP

  Folks,
  Hello. I have just started to develop a Single-signon security system using LDAP for FSCM and HRMS for my client.
  The only tutorial I get is Chapter 6, 7, and 8 in the document http://download.oracle.com/docs/cd/E05317_01/psft/acrobat/pt849sec-b0307.pdf. It seems it's regarding Oracle Database. But I am using MS SQL Server.
  Can any folks provide a case study or an example or some tutorial regarding developing a Single-signon security system using LDAP for FSCM and HRMS ?

  Connect an Ethernet cable from the Ethernet port in the hotel room to the WAN "O" port on the AirPort Extreme wireless router. An AirPort Express router will work as well for this. So will a Time Capsule.
  http://www.apple.com/wifi/
  Configure the AirPort Exteme to "create a wireless network".
  Configure the AirPort Extreme to operate as a router providing DHCP and NAT service, which is the default configuration of the AirPort Extreme.
  Connect your computer to the wireless network that the AirPort Extreme is producing
  Open your Internet browser. You are on the Internet. If the hotel's log in page appears, enter your credentials and agree to terms, etc.
  Connect any other wireless devices that you have to the same wireless network that the AirPort Extreme is providing
  The hotel network will charge you for one connection.
  This works in just about any hotel where I have ever stayed, but I cannot guarantee that it will work for you.

• Can anyone send the Single Signon implementation guide document?

  We need implement the single signon between the PeopleSoft Portal 9.0 and PeopleSoft HCM 9.0, please help post the related implementation and configuration document.

  Have a look to that thread :
  Re: How to implement Single Sign On
  Nicolas.

• CrystalReports XI RDC causes a disfunction of Lotus Notes Single SignOn

  Our customer uses Lotus Notes. When he installed the CR RDC merge modul (XI Rel. II, SP6), the single signon for Lotus Notes doesn't work anymore. That means the customer has to type in username and password once more if he want's to use Lotus Notes. It seams that the single signon service is running.
  The registry key "ProviderOrder"="RDPNP,LanmanWorkstation,WebClient,npnotes" is correctly sorted (I found that in another forum). Any suggestions? TIA, F. Bartsch

  Hi Frank,
  Well there may be an issue with the RDC, but it seems that yourself and one other have just seemed to report it. We don't have any other information then that. I want to add my two-bits similar along the lines of what Don and Ludek was saying. Personally I would look at the runtime differences before and after the RDC stuff is installed. We have an application called modules, that takes a snap-shot of the runtime in memory for all applications currently running on the system. By running lotus before your RDC install creating a modules snap-shot, and after the install then you will see what the differences are. Perhaps this is just a difference in the COM files on the system.
  As for creating a support case, there is only so much we can do on the forums. Support cases allow you to engage an engineer directly to try trouble shooting and modules would probably be the first thing they would get you to do. If this does turn out to be an issue with our product then there is a process to get a refund on the case. However this is contingent on us determining that it is in deed our issue.
  You can find modules at https://smpdl.sap-ag.de/~sapidp/012002523100006252802008E/modules.zip
  Trevor

• Forms and single signon

  Hi,
  I have two questions regarding forms9i and single signon:
  1. How do you identifiy which user is logged on from within forms?
  2. How do you get around menu security which is implemented using user roles if all users share a single schema?
  Thanks for your input.
  Regards
  Sajit Kalidas

  Check Get_Application_Property, using this procedure you can get the SSO username. Also depending on this user you then can enable your session roles.
  Cheers, Stefan

• Single SignOn Configuration

  Hi Experts,
  I've to insert SAP User Interface inside a custom java portal.
  Users should not re-logon when from java portal they pass to CRM User Interface.
  I've found that I've to enable ticket logon, but I'm unable to find any documentation that explains how to configure the system to accept ticket logon and permit single sign on.
  Could you help me explaining how to solve this requirement?
  Thank you
  Alessandro

  Hi  Shikha ,
      this is kumar .... ? I too have the same problem.. I hope you might have find the solution for this problem.. If you have the solution for this problem please send your solutions to this
  Email Id: [email protected].
  Please help me shikha...
  I have this problem
  Hi
  We have completed configuration of XI.
  On the server machine we proceed as follows :
  1. We log on to the Integration repository , it askes us for login (userid and password )
  2. We enter , say , id as xisuper , with password
  3. Now Java Web Start is started and all jar fikles are uploaded automatically
  4. Now we get IR page and we can work on it (It is working perfectly )
  Now, we proceed on local desktops as follows:
  1. We log on to the Integration repository , it askes us for login (userid and password )
  2. We enter , say , userid as xisuper , with password
  3. Now Java Web Start is started and all jar files are uploaded automatically
  4. Now an error popups , saying “Single Signon failed” and it asks for login and password
  Our question is , if it is properly working on server machine , then why is it not working properly on local desktops
  Please note that when we launch “System Landscape Directory” , this problem does not come
  Can someone please suggest us a solution
  Also we would like to know, which user should we use to access the Integration Repository. Is it the same as the super user ie xisuper or some special user
  Or is there some problem with Single signon configuration
  Please guide us on this as we need help urgently

• Siebel Single SignOn

  Hi,
  I would like to know what options are available for providing Single Signon for Siebel? I know that Siebel can be intagrated with OAM for SSO. Can Siebel be integrated with Oracle Application Server Single Signon? If so what version and any links to information would be very helpful.
  Thanks

  Hi Marcus,
  You can use IISProxy in order to obtain Sigle Sign-on between Your Windows Network and the portal.
  http://help.sap.com/saphelp_nw04/helpdata/en/07/914e4f02a69f448aeee7263b2a9dc6/content.htm
  If you want more information about how to configure it, send me a email to [email protected]
  Regards.

• Single SignOn with SAP

  Can anyone tell me if we can have single signon between SAP-xMII and SAP-ERP

  Same thing, same mechanism.  You can pass the SSO2 Ticket from the xMII login session (assuming you entered xMII through EP) through to the JCO action(s).
  In version 12.0, xMII will be capable of generating SSO2 tickets natively, without needing Enterprise Portal.
  You also need to export/import certs across all of the affected systems in order for the SSO2 ticket(s) to work properly.
  That said, you lose a lot of performance benefits since you cannot do JCO caching or connection pooling with this mechanism.
  - Rick