Siteminder Co-Existance

Similar Messages

• Can SiteMinder and OAM co-exist (SMSession and ObSSOCookie)?

  Hi folks,
  We currently have SiteMinder in place, but we're migrating to OAM 10.1.4.3.0. At some point, we'll need to have SiteMinder and OAM to co-exist and stand in parallel, so that we can gradually phase out Siteminder, and start protecting all of our resources with OAM. With this in mind, is there a way for the two of these access systems to co-exist? Can they share some common data, so that once user has been authenticated with SM, a cookie is created (similar to SMSession) which would then be understood by the OAM, or vice versa. This way, when the same customer accesses a subsequent resource protected in turn by OAM, the OAM (instead of authenticate and authorize user for the second time) would then read a session cookie, created by the SM and grant access. This scenario should be reversible, and also work the other way around with OAM as an entry point.
  Has anyone faced the same issue?
  Thank you,
  Roman

  For apps already protected by SiteMinder:
  User get authenticated by SiteMinder; gets SMSession cookie and comes to app protected by OAM
  OAM can read the cookie value and treat it as Credentials. For this you need to evaluate how to make OAM understand the SMSession cookie value.
  More Info: http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12488/v2authen.htm#BABEAHEB
  For apps protected by OAM:
  User get authenticated by OAM; gets ObSSOCookie and comes to app protected by OAM
  Well, I'm not sure if this is supported by SiteMinder, but there should be some way to read the ObSSOCookie value also. Otherwise, you need to develop your own module.
  If you have considerable number of applications, it will be practical if applications are migrated from SM to OAM step by step. I might be wrong with these ideas, but it will be a good experience to involve in such type of discussions. Lets see what the experts have to say on this.

• Assigning siteminder resource to an IDM user

  The IDM URL is currently protected by siteminder so that we can initiate single signon. My requirement is to have only the SSO login page and remove the IDM login module. I cerated a siteminder LDAP resource pointing to our siteminder server and a login module. I assigned this login module to the end user interface so that the user needs to login only once on the SSO page.
  I created one identity user within IDM and the same user existed in SSO ldap also. I assigned the LDAP resource to that user and tried to save the record. On saving, here is the error I get "Resource 'ESSOQA-SiteMinderLDAP' is not accessible at this time. Correct the resource access problem or remove this resource from the user before attempting any updates".
  PS: The entry DN for the LDAP account starts with ssouid=XXX,ou=XXX,o=test.com. The uid field is not used for entrydn attribute and the ssouid field is a random text . However the uid field in LDAP and the IDM account ID will be the same.
  Please help figure out what the issue could be.

  All you need to do is to link the IDM users with the SSO LDAP resource, don't call the reprovision.
  Also make sure you have SM_USERDN in the pass-thru authentication variable to allow passthrough authentication.
  If you are using Siteminder resource just for authentication then all you need to have is just the LDAP connection parameters.
  -Aravanan

• I need to CHANGE my SAML Claims Identity Provider from Siteminder to Okta

  I went ahead and got specific on the title .... but, the question is a general question actually.
  I currently have SAML-provider-A.    I need to move my Sharepoint Claims Webapplication from SAML-A  over to SAML-provider-B.     I THINK that I should be able to simply remove SAML-A TIP and add SAML-B tip and as long as I retain
  the same TIP-NAME - I think that my profiles shoudl not have to be migrated etc. etc.    
  When I DELETE the connection for UPA - and reCREATE the connection to AD via the TIP.
  My fear is that there is something that will cause the UPA to duplicate the profiles.  But, I dont THINK that'll happen.
  Does anybody know?  
  if my post is helpful - please click on the green arrow. (please excuse, in advance, any perceived sarcasm/humor - as I often forget it does not translate through text) :)

  Hi  ,
  According to your description, my understanding is that you need to change your SAML Claims Identity Provider from Siteminder to Okta.
  For achieving your demand, you can refer to the steps as the guide:
  https://support.okta.com/entries/55886993-Microsoft-SharePoint-On-Premises-Deployment-Guide#setup 
  And  you need to associate your existing web application with the Okta identity provider and perform  IIS Reset:
  http://technet.microsoft.com/en-us/library/hh305235(v=office.15).aspx#CreateWebApp
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
  contact [email protected]
  Eric Tao
  TechNet Community Support

• WLPI: integrating organizations and roles with existing application

  Hi,
  how do I integrate WLPI's organizations and roles with an existing application's
  data structure? It looks like WLPI expects organizations and roles to be groups
  with a particular naming convention (i.e. an org is defined by a group 'WLPIOrg@MyOrg'
  and a null member). If I am integrating with an application that stores organizations
  and roles in (for example) separate database tables, how do I get WLPI to recognize
  these? Or do I have to maintain the organizations and roles in 2 places, one for
  the application and one for WLPI in the format described above?
  THanks,
  Martin

  Hi Martin,
  We're in the middle of a prototyping exercise of getting WLS, JMS,
  WLP, WLPI integrated accross one security realm. What its looking like
  is this (bear in mind I think this hasn't been tried before judging by
  newsgroups + BEA Docs)
  1)WLP has a bug that you cannot get user details from LDAP(exception
  is thrown)
  2)WLPI does need a certain structure -
  http://e-docs.bea.com/wlpi/wlpi121/install/cfigrun.htm#1246656
  and
  http://developer.bea.com/ftp_bin/Using_LDAP_with_WLPI.zip
  A) To solve your problem maybe you could write a custom realm to
  translate the roles + orgs back (no writing from WLPI ie read only )
  to WLPI.
  B) Maybe you caould have a META-DIRECTORY set up that synchronises the
  RDBMSRealm with something else maybe LDAP or another RDBMSRealm
  We are also looking into a unified security solution by Netegrity
  called siteminder. They are about to release a version for WLS 6 but
  they seem to be laggin behind. This provides a single signon over and
  enterprise system.
  This is a bit vague Martin, I will hopefully have more concrete info
  in a week or 2. If you have any other info you can mail me on -
  [email protected]
  BTW this wouldn't be Martin Van Vilet from the Netherlands that worked
  on the Intelligent Finance Product?
  "Martin van Vliet" <[email protected]> wrote in message news:<3b17ece8$[email protected]>...
  Hi,
  how do I integrate WLPI's organizations and roles with an existing application's
  data structure? It looks like WLPI expects organizations and roles to be groups
  with a particular naming convention (i.e. an org is defined by a group 'WLPIOrg@MyOrg'
  and a null member). If I am integrating with an application that stores organizations
  and roles in (for example) separate database tables, how do I get WLPI to recognize
  these? Or do I have to maintain the organizations and roles in 2 places, one for
  the application and one for WLPI in the format described above?
  THanks,
  Martin

• Siteminder webagent for wlp 4.0

  Dear Sir/Madam,
  One of my customer looking for Single SignOn solution through Netegrity SiteMinder.
  The existing setup is like this, WLS 6.1 SP2, WLP 4.0 SP2 running on solaris 8
  platform. If need to implement Single SignOn solution, we need to install and
  configured Siteminder Webagent on WLP. I came to know that SiteMinder WebAgent
  is available for WLS 6.1. I am not sure about WLP 4.0?. Could you please let
  me know WLP 4.0 is having the SiteMinder WebAgent or is there any related documents
  for the same.
  Rgds.
  Venkat

  Can you please clarify? Where is Tuxedo being used in this architecture? Are you
  asking for Single signon between WLS and a Tuxedo application?
  weew wrote:
  Dear Sir/Madam,
  One of my customer looking for Single SignOn solution through Netegrity SiteMinder.
  The existing setup is like this, WLS 6.1 SP2, WLP 4.0 SP2 running on solaris 8
  platform. If need to implement Single SignOn solution, we need to install and
  configured Siteminder Webagent on WLP. I came to know that SiteMinder WebAgent
  is available for WLS 6.1. I am not sure about WLP 4.0?. Could you please let
  me know WLP 4.0 is having the SiteMinder WebAgent or is there any related documents
  for the same.
  Rgds.
  Venkat

• If image file not exist in image path crystal report not open and give me exception error problem

  Hi guys my code below show pictures for all employees
  code is working but i have proplem
  if image not exist in path
  crystal report not open and give me exception error image file not exist in path
  although the employee no found in database but if image not exist in path when loop crystal report will not open
  how to ignore image files not exist in path and open report this is actually what i need
  my code below as following
  DataTable dt = new DataTable();
  string connString = "data source=192.168.1.105; initial catalog=hrdata;uid=sa; password=1234";
  using (SqlConnection con = new SqlConnection(connString))
  con.Open();
  SqlCommand cmd = new SqlCommand("ViewEmployeeNoRall", con);
  cmd.CommandType = CommandType.StoredProcedure;
  SqlDataAdapter da = new SqlDataAdapter();
  da.SelectCommand = cmd;
  da.Fill(dt);
  foreach (DataRow dr in dt.Rows)
  FileStream fs = null;
  fs = new FileStream("\\\\192.168.1.105\\Personal Pictures\\" + dr[0] + ".jpg", FileMode.Open);
  BinaryReader br = new BinaryReader(fs);
  byte[] imgbyte = new byte[fs.Length + 1];
  imgbyte = br.ReadBytes(Convert.ToInt32((fs.Length)));
  dr["Image"] = imgbyte;
  fs.Dispose();
  ReportDocument objRpt = new Reports.CrystalReportData2();
  objRpt.SetDataSource(dt);
  crystalReportViewer1.ReportSource = objRpt;
  crystalReportViewer1.Refresh();
  and exception error as below

  First: I created a New Column ("Image") in a datatable of the dataset and change the DataType to System.Byte()
  Second : Drag And drop this image Filed Where I want.
  private void LoadReport()
  frmCheckWeigher rpt = new frmCheckWeigher();
  CryRe_DailyBatch report = new CryRe_DailyBatch();
  DataSet1TableAdapters.DataTable_DailyBatch1TableAdapter ta = new CheckWeigherReportViewer.DataSet1TableAdapters.DataTable_DailyBatch1TableAdapter();
  DataSet1.DataTable_DailyBatch1DataTable table = ta.GetData(clsLogs.strStartDate_rpt, clsLogs.strBatchno_Rpt, clsLogs.cmdeviceid); // Data from Database
  DataTable dt = GetImageRow(table, "Footer.Jpg");
  report.SetDataSource(dt);
  crv1.ReportSource = report;
  crv1.Refresh();
  By this Function I merge My Image data into dataTable
  private DataTable GetImageRow(DataTable dt, string ImageName)
  try
  FileStream fs;
  BinaryReader br;
  if (File.Exists(AppDomain.CurrentDomain.BaseDirectory + ImageName))
  fs = new FileStream(AppDomain.CurrentDomain.BaseDirectory + ImageName, FileMode.Open);
  else
  // if photo does not exist show the nophoto.jpg file
  fs = new FileStream(AppDomain.CurrentDomain.BaseDirectory + ImageName, FileMode.Open);
  // initialise the binary reader from file streamobject
  br = new BinaryReader(fs);
  // define the byte array of filelength
  byte[] imgbyte = new byte[fs.Length + 1];
  // read the bytes from the binary reader
  imgbyte = br.ReadBytes(Convert.ToInt32((fs.Length)));
  dt.Rows[0]["Image"] = imgbyte;
  br.Close();
  // close the binary reader
  fs.Close();
  // close the file stream
  catch (Exception ex)
  // error handling
  MessageBox.Show("Missing " + ImageName + "or nophoto.jpg in application folder");
  return dt;
  // Return Datatable After Image Row Insertion
  Mark as answer or vote as helpful if you find it useful | Ammar Zaied [MCP]

• How can a family with multiple existing accounts use Home Sharing?

  I'd like to use the new Home Sharing feature, but it appears to be restricted to families in which all of the family members share a single user account.
  We already have separate accounts for each family member. Is there some way for us to use Home Sharing without abandoning most of our existing accounts, along with all of the purchases made by those accounts? I don't think anyone in this situation would be willing to do that.

  Eh. I am not too sure since I have not messed with it much but I do have a great deal of experience with multiple accounts. Each computer can be authorized for multiple accounts. As can iPods. iPods can sync songs/videos/apps from multiple accounts as long as the computer is authorized with them. What I have set up here, is I buy my stuff I want, my parents buy what they want and so do my brothers. When my bro gets something I want I just move it to my computer. That way all our accounts are separate, but if there is something I want I can get it. Also, since the music no longer has DRM, it won't matter. It will play on any computer. What you should see is if you can just do the shared library with multiple accounts. Then if you don't have videos or such, you can get apps or music. Hope this helps!

• Error message: "playlists selected for updating no longer exist"

  I tried to update my ipod nano and I guess I had deleted a playlist, but since then, I have not been able to update. Every time I try, I get the following message:
  "Cannot be updated because all of the playlists selected for updating no longer exist."
  I haven't been able to highlight which playlists are selected to begin with.
  I read through the manual and thought that maybe rebooting the whole system might work. So I deleted Itunes from my computer and re-installed.
  Then I tried re-setting my ipod. So now I have nothing on my ipod.
  I also deleted everything from my library, thinking it might help to start from scratch. Nothing has worked.
  How do I "select" and "unselect" playlists so I can get up and running again?

  Here you go.
  http://discussions.apple.com/thread.jspa?messageID=607312&#607312

• Error message iPod cannot update b/c all of the playlists no longer exist

  Hello. I have been getting this error message. "Songs on the iPod "MAR(the name of my iPod)" cannot update because all of the playlists selecting for updating no longer exist." And my playlists are still on the left side in my iTunes. They do exist. I have a feeling ths might have to do with the fact that on vacation the person I was visiting gave me a gift of putting all of his music that would fit into the external hard drive part of my iPod, and for the past week or so I have been putting that music onto my 40 GB portable hard drive at home. I suspect I took a vital folder out of my iPod by accident. Right now I have the folder iPod_control if I open my iPod up in My Computer. Am I missing something? Right now my iPod is empty because iTunes made a composite playlist last week and I deleted it thinking I could get my real playlists back. Can you help me, or reccomend a site/someone who can? Thank you.
  PC   Windows XP  

  hiya!
  And my playlists are still on the left side in my iTunes. They do exist.
  let's just doublecheck this. folks get this message if they have "automatically update selected playlists only" selected in their itunes "ipod" preferences tab. so bring up that tab ("edit > preferences", click "ipod" while the ipod is showing up in the source list), and do a playlist by playlist crosscheck of the playlists selected in that tab, and the playlists showing up in the itunes sourcelist.
  is there any playlist selected in the preferences tab that isn't showing up in the sourcelist?
  love, b

• How to Activate the Table which Doesn't Exist - Can I create Table in SE11

  Hi Gurus,
  I am a BASIS Person ..so, I don't have much idea about ABAP Developement side . But, while applying patches to one of  the SAP Component, I get the following error message ( usr\sap\trans\log ) :
  Phase Import_Proper
  >>>
  SAPAIBIIP7.BID
  1 ED0301 *************************************************************************
  1 EDO578XFollowing objects not activated/deleted or activated/deleted w. warning:
  1EEDO519X"Table" "WRMA_S_RESULT_DATA" could not be activated
  1EEDO519 "Table Type" "WRMA_TT_UPDTAB_DSO" could not be activated
  1 ED0313 (E- Row type WRMA_S_RESULT_DATA is not active or does not exist )
  2WEDO517 "Domain" "WRMA_KAPPL" was activated (error in the dependencies)
  2WEDO517 "Data Element" "/RTF/DE_FISCPER" was activated (error in the dependencies)
  2WEDO517 "Data Element" "/RTF/DE_FISCVARNT" was activated (error in the dependencies)
  2WEDO517 "Data Element" "WRMA_DE_RCLASV" was activated (error in the dependencies)
  2WEDO517 "Data Element" "WRMA_DE_RMA_AMNT" was activated (error in the dependencies)
  2WEDO517 "Data Element" "WRMA_DE_RMA_INV" was activated (error in the dependencies)
  2WEDO517 "Data Element" "WRMA_DE_RMA_OBJ" was activated (error in the dependencies)
  2WEDO549 "Table" "V_WRMA_TRCLASVER" was activated (warning for the dependent tables)
  2WEDO549 "Table" "V_WRMA_TRCLASVPE" was activated (warning for the dependent tables)
  2WEDO549 "Table" "V_WRMA_TRCLPERCL" was activated (warning for the dependent tables)
  2WEDO549 "Table" "WRMA_S_STOCK_SELECTION_DATE" was activated (warning for the dependent tables)
  <<<
  Now, I checked Domain WRMA_KAPPL  in SE11 and it diplays that it is partially active :
  " The obeject is marked partially active for the following reasons :
     Errors occured when adjusting dependent Objects to a change. Some of the dependent objects could not
     be adjusted to this change. To adjust the dependent objects, you must perform the following actions
     the next time you activate this object.
                      - SET THE SYNP TIME STAMP IN THE RUNTIME OBJECT OFALL DEPENDENT OBJECTS
  My question is - how to activate this SYNP Time Stamp.. ?
                        - Once I activate this SYNP Time Stamp.. How do I activate this ..in SE11 or some other
                          TCode..
  Any / ALL Help is highy appreciated and would be rewarded with appropriate Reward Points.
  Thanks,
  Regards,
  - Ishan
  >> Ok, Now I forcefully activated the Domain and then all the 5  Data Elements in SE11 ...now I have error
       that table  WRMA_S_RESULT_DATA  and WRMA_TT_UPDTAB_DSO Could not be activated...
       ..And in SE11 > Input the first / Second Table  > Excute > Output : Table Does not Exist !!!
        - Now, How do I activate something which does not exist in the first place ?
      Any Input about this ?
  Thanks,
  Regards,
  - Ishan
  Edited by: ISHAN P on Jun 19, 2008 3:44 PM

  Read note 1152612 - Incorrect component type in structure WRMA_S_RESULT_DATA.
  The error occurs in Release BI_CONT 703 Support Package 9.
  If you require an advance correction for Support Package 9, make the following manual changes if the InfoObject 0TCTLSTCHG is inactive in your system.
  1. Use transaction RSA1 to call the Data Warehousing Workbench.
  2. Check whether the InfoObject 0TCTLSTCHG was already activated by the compilation process the first time you called transaction RSA1.  You can use transaction RSD1 to check this by entering 0TCTLSTCHG in the "InfoObject" field and choosing "Display".  Proceed as follows if the InfoObject is still not active:
  3. Go to BI Content activation.
  4. Select "Object Types".
  5. Open the "InfoObjects" tree and select "Objects".
  6. Search for the InfoObject 0TCTLSTCHG and select it.
  7. Transfer the object and activate it.
  These steps activate the required component type /BI0/OITCTLSTCHG. You can check again in transaction RSD1 to ensure that the InfoObject 0TCTLSTCHG is available as active.
  Jacek Fornalczyk

• How can i update an existing item in sap using CSV file?

  Hi,
  i am trying to update an existing Item in SAP using a CSV file.
  in the message log i get an error message that the item already exists.
  what should i do in order to update the existing record?
  Thanks, Udi

  Hi..........
  I would sugest you to use Tab delimited file and choose proper option in order to update the itsm master in DTW......
  Regards,
  Rahul

• SAP Business Workplace - No log data exists message

  Hi,
  We have the work items of EDI 810 configured to reach the workflow inbox of certain users.  The users have 300+ items in their workflow inbox - but when they click the Workflow Inbox they get a message - "No log data exists".
  The message is an error type: Message BL 223
  The message is coming from the function module BAL_CNTL_REFRESH.
  We tried to get the same workflow positions assigned to our user id and the unprocessed 300 + items came to our inbox and we are able to view and process the work items without any issue.
  The issue pertains only to the two users. It seems like it has something to do with the filter / layout settings set for the two users alone.  Could you please advice.
  Regards,
  Prabaharan

  Hi
  i am using SAP GUI at client place via Citrix.
  it was working fine till yesterday
  pls suggest. wat could be other possible reason
  thanks

• Index with "or" clause (BUG still exists?)

  The change log for 2.3.10 mentions "Fixed a bug that caused incorrect query plans to be generated for predicates that used the "or" operator in conjunction with indexes [#15328]."
  But looks like the Bug still exists.
  I am listing the steps to-repro. Let me know if i have missed something (or if the bug needs to be fixed)
  DATA
  dbxml> openContainer test.dbxml
  dbxml> getDocuments
  2 documents found
  dbxml> print
  <node><value>a</value></node>
  <node><value>b</value></node>
  INDEX (just one string equality index on node "value")
  dbxml> listIndexes
  Index: unique-node-metadata-equality-string for node {http://www.sleepycat.com/2002/dbxml}:name
  Index: node-element-equality-string for node {}:value
  2 indexes found.
  QUERY
  setVerbose 2 2
  preload test.dbxml
  query 'let $temp := fn:compare("test", "test") = 0
  let $results := for $i in collection("test.dbxml")
  where ($temp or $i/node[value = ("a")])
  return $i
  return <out>{$temp}{$results}</out>'
  When $temp is true i expected the result set to contain both the records, but that was not the case with the index. It works well when there is no index!
  Result WITH INDEX
  dbxml> print
  <out>true<node><value>a</value></node></out>
  Result WITHOUT INDEX
  dbxml> print
  <out>true<node><value>a</value></node><node><value>b</value></node></out>

  Hi Vijay,
  This is a completely different bug, relating to predicate expressions that do not examine nodes. Please try the following patch, to see if it fixes this bug for you:
  --- dbxml-2.3.10-original/dbxml/src/dbxml/optimizer/QueryPlanGenerator.cpp     2007-04-18 10:05:24.000000000 +0100
  +++ dbxml-2.3.10/dbxml/src/dbxml/optimizer/QueryPlanGenerator.cpp     2007-08-08 11:32:10.000000000 +0100
  @@ -1566,11 +1572,12 @@
       else if(name == Or::name) {
            UnionQP *unionOp = new (&memMgr_) UnionQP(&memMgr_);
  +          result.operation = unionOp;
            for(VectorOfASTNodes::iterator i = args.begin(); i != args.end(); ++i) {
                 PathResult ret = generate(*i, ids);
                 unionOp->addArg(ret.operation);
  +               if(ret.operation == 0) result.operation = 0;
  -          result.operation = unionOp;
       // These operators use the presence of the node arguments, not their valueJohn

• Exist a Jtree node.id or something like this ?

  I would want to retrieve a node using a unique 'id', for example the absolute index (into the total nodes count)
  Is there something like this ?
  Can I add a particular property to a node ? ( for example this 'id' if it does not exist )
  Another question :
  If I want to implement a search code, this 'id' can be useful, or must I transverse the whole Jtree
  Thanks

  Hello.
  Do the following:
  1. Go to the Apple Menu at the top left of the screen
  2. Select Software Update...
  3. Install any updates that are found.
  If the Amazon issue continues after these updates, then do this:
  1. Open Safari
  2. Erase any web address you have currently showing (for example www.apple.com or www.google.com)
  3. Type in www.amazon.com
  4. That should take you directly to amazon.com
  It should look like this in your Safari::