Siteminder Integration in NW04s

Similar Messages

• SiteMinder integration with the internal and external facing portals

  Hi ,
  We are in development phase for SiteMinder integration with the internal and external facing portals.The proposed dual authentication scheme which requires both SiteMinder for External facing portal (EFP) and LDAP for Internal portal .is it possible?
  and is it possible to main to diff LDAP directories one is external users and one is for internal users.?
  If you maintain  2 diff(external & internal) LDAP Directories in Siteminder Policy Server  what about  external users which are  not exit in portal data source .
  I appreciate if anyone  can help me for my above query .
  Regards
  Tag

  Hey Tag,
  We do have a physical external Portal and a physical internal portal.  The both the external and internal are connected to 2 LDAP directories.
  For example the External Portal is connected to the Employee LDAP Direcotry and the Customer LDAP Directory.  The Internal Portal is connected to the US Employee LDAP Direcotry and the EMEA LDAP Directory.
  So each one of them is connected to 2 different LDAP Directories.
  I believe that the Siteminder Policy is setup such that the Internal portal has a policy and the External portal has a seperate policy on the same Siteminder Server.  Then each of the Policies is configured to connect to the approiate LDAP Directories.
  You have to maintain the LDAP Directory information in both the portal and Siteminder Policy Server.  It is required in the policy server so that it can authenticate the user and it is required in the Portal server so that it can authorize the user and display content based on thier assigned roles.
  Hope that helps.
  Regards,
  Keith

• Integrated Planning NW04s

  Must SEM be configured in ECC as a prerequisite to using Integrated Planning NW04s?  Or can Integrated Planning NW04s work with non-SEM business content?

  Hi
  As far as I know the integrated planning is a part of BW-BPS so it will work without having SEM. Some of the standard SEM functions might not be available.
  thanks

• Siteminder integration

  We are using Netegrity Siteminder for providing Single SignOn for differnet applications.
  Lately there has been request of integrating it with the Security Structure of
  BEA Weblogic 8.1 (For EJB's and certain secured resouces) based on SSO Id. Is
  there any plugin which provides this integration?

  Oh and neglected to say, the answer is yes. And as per the doc referrenced
  you must obtain this from Netegrity
  "Jason Keating" <[email protected]> wrote in message
  news:[email protected]..
  You do not suggest which version or Siteminder you are using. Unsure which
  version of Siteminder this supports but imagine it is the most recent.
  See the following doc (you need a Netegrity support acct)
  https://support.netegrity.com/ocp/custom/productdownload/productdownload_edi
  >
  t.asp?grouptype=248&isNodeGroup=null&filepath=%5Cliterature%5Cwhite+papers%5
  Cauth1%5Fsiteminder%5Fweblogic%5F8%2E1%2Epdf#
  "pvprabhakar" <[email protected]> wrote in message
  news:[email protected]..
  We are using Netegrity Siteminder for providing Single SignOn fordiffernet applications.
  Lately there has been request of integrating it with the SecurityStructure of
  BEA Weblogic 8.1 (For EJB's and certain secured resouces) based on SSO
  Id.
  Is
  there any plugin which provides this integration?

• BEA 8.1 and Siteminder Integration

  Does anybody have code sample and/or implementation for BEA 8.1 and Siteminder 6.0 integration?

  Does anybody have code sample and/or implementation for BEA 8.1 and Siteminder 6.0 integration?

• OIA and Siteminder integration

  Has anyone integrated OIA(11g BP6) with Siteminder for authentication purposes? Can you please helo me with the configurations to be done in OIA and in Siteminder for this integration.
  Inputs from integration done in any version of OIA will be helpful.
  Let me know if you need more information.
  Thanks,
  JK

  The files are located in the deployment path used by Weblogic. In my case that is $RBACX_HOME/rbacx/WEB-INF/lib where $RBACX_HOME = C:\OIA_11gR1.
  Have I set it right?
  I tried changing the variable to $RBACX_HOME to C:\OIA_11gR1\rbacx but the Application won't start when I change the variable RBACX_HOME.
  Thanks!!!

• Documentum integration with NW04

  Hi Colleagues,
  My customer would like to integrate documentum in his EP (NW04).
  Since NW04 does not support JSR168, documentum BP can not be implemented in NW04.
  Do you have any suggestions how to over come this probelm?
  1. Can we modify documentum BP (easily) and fix the problem with some code?
  2. Should we use WebDAV in order to integrate the two systems? what will be the disadvantages of this solution.
  Thanks in advance,
  Aviad
  p.s.
  I read all the other threads regarding this issue, but could not find the clear solution for the problem...

  Aviad -
  Wingspan Technology, has iViews that integrate Documentum with NetWeaver Portal.   You can register for a trial via the web: 
  http://www.wingspantech.com/default.asp?id=news16

• Bea Portal 7.x and Siteminder integration

  Hi All,
  Does anyone know if the integration kit supplied by BEA for the above
  product versions which uses delegate realm solution, works with RDBMS Realm
  Any extra configuration to be done for it to work ?
  By default the examples are in LDAP v2 realms
  Thanks.
  Regards,
  Leonard.

  Yes, it saves a lot of grief, providing all servers are equally secure of
  course...
  On Mon, 8 Dec 2003 18:43:29 -0800, "Carl" <[email protected]> wrote:
  Very cool. How does it work under the covers? The two WLS domain talk with
  each other? So, the following would work:
  o We have a WLS 7 domain
  o The domain uses RDBMSRealm
  o We created a new WLS 8 domain
  o We set-up the trust
  o Now, we login in to app on 8 domain, and it checks the 7's realm?Not quite - 8 still needs its own realm. The subjects (users and groups)
  have to exist in both realms - 8 will just be taking 7's word for it that
  "fred" has been authenticated but will still need to check fred's group
  and/or role mappings.
  The same realm data needs to exist for both systems. In LDAP it would be
  easy enough to point them both at the same directory but.for a database
  there is less control over the mappings - any differences between RDBMSRealm
  and 8's RDBMSAuthenticator (unless you want to run compatibility security)
  schemas might cause problems. I believe running the latter on both should
  work but in principle the schema could change in a later version of the
  product.
  >
  "Alex Thomas" <[email protected]> wrote in message
  news:[email protected]..
  See "Enabling Trust Between WebLogic Server Domains" section in
  http://e-docs.bea.com/wls/docs81/secmanage/domain.html#1140940
  This works between 7 and 8 (and, using the system account, on 6.1).
  cheers
  Alex
  On Fri, 5 Dec 2003 10:22:29 -0800, "Carl" <[email protected]> wrote:
  You can make the 7 domain trust the 8 domain so users don't have to log
  in
  twice, but you can't run the two versions in the same domain (not agreat
  deal of benefit in doing so, once trust is sorted).How we do make 7 domain trust the 8 domain?

• Oracle Access Manager - Sharepoint Portal Server 2007 integration

  Does anyone know a proper documentation link for OAM-Sharepoint portal integration. We have followed pretty much the same steps provided on OTN site. No luck, integration is not working.
  Our OAM is listening to OVD for the user data which at the backend is pointed to AD whereas sharepoint is listening to AD for authentication.
  we also tried custom http module to read the headervar and authorize the user (steps provided by asp .net - siteminder integration). It was authenticating the user, but some links were missing and when clicked on peoples and group link it says access denied for this user. Dunno where exactly we are doing wrong.
  Does OAM which is listening to OVD for user data supports OAM-Sharepoint integration?
  Any help on this would be much appreciated.
  Thanks!

  Since you are getting "Welcome unknown" then there's definitely something wrong with the configuration you have done for the integrated windows authentication and impersonation. It has nothing to do with the user store, OVD should work perfectly fine.
  If you are using 10g I suggest you
  1. check the event viewer to see if your impersonation is working correctly. you should see logins to the system by impersonation user as well as the user you are trying to login with. See http://download.oracle.com/docs/cd/E12530_01/oam.1014/e10356/shrpprtl.htm#CHDFGBFC
  2. check if you have given all the necessary permissions to the impersonation user. See http://download.oracle.com/docs/cd/E12530_01/oam.1014/e10356/shrpprtl.htm#CHDHGIJA
  3. Test the impersonation on some other site on IIS rather than Sharepoint
  Once your impersonation works you would have all the accesses which that user is entitled to in the Sharepoint.
  Hope this helps,
  Sagar

• Integration of Essbase / Analyser security with External securtiy like LDAP

  Hi,We are trying to create a reporting intranet website and our aim is to have only one login per user via our website, this needs us to integrate the security for Essbase , analyser and any other BI tool. Also keeping in mind that we need to use filters on some of our essbase applications.Has anyone used this concept ? Any inputs on this is welcome.Thanks

  integration in hyperion environment is possible via hyperions CSS (common security services) ..for integration and SSO with other products/technology you might find the new netegrity siteminder integration useful!cheers

• How to Create a system in VC

  Hi,
  I wanted to know how to create a system in VC without integrating with NW04s?
  when i click on Find data i am not getting any list in systems.
  Please let me know how can i get it
  Edited by: Kavitha Bhat on Feb 11, 2008 12:04 PM
  Edited by: Kavitha Bhat on Feb 11, 2008 12:05 PM

  hi kavita,
  Go to Tools->Options
  1) Uncheck (Mask unsupported features).
  2) Try changing Runtime to Dynpro.
  Hope this will solve your Prob.
  Awards will be welcomed!!!!
  Regards
  parth
  Edited by: Parth on Feb 12, 2008 3:13 PM
  Please close the thread is your question been answered

• SAP Lumira Connection to Protected App Server

  Hi All,
  Report in lumira on top of a universe, requires connection to BI application server (CMS Name, User ID & Password).
  But in our production server we have siteminder integration and business users are not allowed to connect to application server directly, in this case can we use URL instead of CMS name OR is it possible to connect to application server without port opening to use Lumira ?
  Please suggest.
  Thanks and Regards,
  Ankit Sharma

  Hi,
  according to the help guide http://help.sap.com/businessobject/product_guides/vi01/en/lum_117_user_en.pdf
  section 5.9.1 Connecting to a universe datasource
  -> 　Enter the name or IP address of the server hosting your Central Management Server (CMS).
  I feel this would be a very strong topic for consideration and future inclusion. Please could you submit your enhancement to the Lumira Ideas Place?    (over here: SAP Lumira: Home )
  I seem to remember someone asking for the ability to connect to an @Clustername  but can't find it alas..
  regards,
  H

• How works the assignation of a group to a role visitor in WLP

  Hi everyone,
  I have some problems with Siteminder integration with security in Weblogic Portal.
  Basically when I try to show the groups in my SM security provider for assign to a Role Visitor it produces a siteminder API error:
  weblogic.management.utils.NotFoundException:
       at com.netegrity.siteminder.weblogic.sspi.auth.ci.h(DashoA10*..)
       at com.netegrity.siteminder.weblogic.sspi.auth.SiteMinderAuthenticationProviderImpl.listMemberGroups(DashoA10*..)
       at com.netegrity.siteminder.weblogic.sspi.auth.SiteMinderAuthenticationProviderMBeanImpl.listMemberGroups(DashoA10*..)
       at sun.reflect.GeneratedMethodAccessor4239.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.bea.p13n.usermgmt.AtnProviderProxy$Runner.run(AtnProviderProxy.java:156)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at com.bea.p13n.usermgmt.AtnProviderProxy.invoke(AtnProviderProxy.java:113)
       at $Proxy369.listMemberGroups(Unknown Source)
       at com.bea.p13n.security.management.authentication.internal.GroupProvider.getParentGroupNames(GroupProvider.java:363)
       ... 112 more
  Caused by: com.netegrity.siteminder.weblogic.sspi.auth.dw: Could not obtain groups for user: fnp_sane_plasan_plapro_actpet_bpm_grupActuacio
       at com.netegrity.siteminder.weblogic.sspi.auth.b9.b(DashoA10*..)
  This error is reported to the provider but we haven't solution yet and we need a workaround and I would like to know how is done the relationship between the role visitor and the assigned groups, is this information in LDAP? who I can introduce this relationship manually?
  Thank you.

  I have the role visitor created. I am trying to assign a group to the role visitor in PAT, but when I selected the Siteminder Provider to view all the groups this error happens.
  The Siteminder error is recognized by Siteminder as a bug and is making a patch (5 months ago) and we haven't answer yet, and then I would like to find a workaround to this problem.
  I try it with the API but Oracle recognize me another bug when I try to create a visitor role for Enterprise Scoped Applicaction, only works in Web Application scope. (1 month ago)
  And then the last solution is doing this assign manually... and I would like to know how I can do it in LDAP (if LDAP is the repository of this information)

• Integrating WebLogic Server with CA SiteMinder Web Agent R6

  Hi I have searched on the topic of integrating WebLogic Server with the CA SiteMinder Web Agent R6 to provide single sign on services, and have been unable to find anything. Does anyone have any experience with this that could provide some tips, or could direct me to some documentation?

  It definitely can work. We have done the same thing in several installations. The question is "How secure does it need to be?" You will be using SM to do authentication. You will configure SSO to trust the SM header variable. If you really want to be secure you need to configure your boxes so that the http server on you SUSE box (for Portal) can only be accessed from the Reverse Proxy. If another machine can access it someone could spoof the header variable and log in as anyone they want.
  Hope this is helpful.
  Anton

• Integrating portal/identity server with netegrity siteminder?

  Has anyone integrated identity server/portal server with Netegrity Siteminder for single sign on?
  Both products seem to support SAML and the Liberty Alliance project. Can a new auth module in the identity server just exchange the appropriate messages to create a single sign on token in netegrity and then validate the token on each request?

  We are running Identity Server 6.1 on Solaris.
  The logs are in /var/opt/SUNWam/debug/
  The most useful one is amAuth. You might also want to look at amAuthInternal, amSession, amAuthLDAP, and amAuthContext.
  If you are seeing these, checkout AMConfig.properties (in /opt/SUNWam/lib). It should have the log level set to warning or message for you to get all these logs. Here's the setting from my AMConfig.properties:
  com.iplanet.services.debug.level=warningPS Sorry for the unix paths, but hopefully they map closely to the windows directories.