SSO 1.0.2.2 to 9.0.2 integration

Similar Messages

• SSO error message when publishing a BI 7.0 report to the NW04s Portal

  Please indicate how to resolve the following SSO error message received when publishing a BI 7.0 report from Query Designer to a PCD folder on a NW04s Portal:
  Java system error: call FM RSRD_X_MAP_TO_PRTL_USERS_PROXY to ProgId (server alias)_PORTAL_ABV on host (server alias) with SSO not authorized: Authentication f

  Hi,
  Please check if the integration and sso configuration did correctly
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b0a5216a-349c-2a10-9baf-9d4797349f6a
  Hope it helps.
  Regards,
  Mona

• SSO for Dot Net Applications

  Hi all,
  We are in the process of  integrating dot net applications with SAP.
  Can you please let us know the process to do SSO with the dot net applications which uses
  1.Integrated windows based authentication.
  2.Basic authentication
  Regards,
  Shyam.

  Shyam,
  You could refer to these threads.
  .Net to SAP Portal (SSO)
  .Net SSO with SAP
  Reward points for handy posts!
  Cheers,
  Sandeep

• Oracle E-business Suite 11i(11.5.10.2) integration with SSO/AD.

  Hi,
  Please suggest any note/info on Oracle E-business Suite 11i(11.5.10.2) integration with SSO/AD.
  Thanks

  Hi,
  Please see these docs.
  Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On [ID 261914.1]
  How to integrate Active Directory with Applicactions 11i , with SSO/OID enable? [ID 437822.1]
  Oracle Application Server with Oracle E-Business Suite Release 11i FAQ [ID 186981.1]
  Thanks,
  Hussein

• Session keep Alive when EBS is integrated with OIF acting as SP

  We have an E-Business Suite R12(12.1.3) Application which is integrated with Oracle Access Manager 11.1.1.5. For authentication the Oracle Access Manager delegates the authentication request to Oracle Identity Federation acting as a Service Provider (SP). There is a home-grown SSO which acts as the Identity provider by Federating it with OIF using SAML 2.0 protocol.
  The integration is successful and EBS is able to authenticate using this third party SSO.
  Now there are multiple applications which are integrated with this third party SSO and the user can access any of these applications including EBS.
  Considering a scenario where a user is using EBS Application say for more than 30 mins. Now when he tries to login to another application the challenge screen is thrown though he can continue to work on EBS without any issue. The reason being that the session timeout on the IDP side is set to 30 mins.
  To overcome this issue the solution that has been thought of using a javascript for each page load on the application which will update the SSO token with the latest UTC time on the IDP server. This has been successfully done for all other applications except EBS.
  So my question is how we can call this java script for each page load for EBS?
  Thanks & Regards
  Sarbashis

  It appears that OAM is removing the url parameters for the p_done_url sent to it by OIF.
       302 Redirect to -> Location: https://sso.mycompany.com/oam/server/logout?p_done_url=https%3A%2F%2Fsso.mycompany.com%2Ffed%2Fuser%2Fsloosso%3Fid%3Dosso%26type%3D3&invokeOSFSLogout=false
       Result: 200. Set-Cookie OAM-ID to expired.
  Form Submits: https://sso.mycompany.com/fed/user/sloosso
  Result: 500 Error
  Notice the p_done_url value in the redirect has extra parameters which when the Form is submitted are lost.
  If I manually enter the url: https://sso.mycompany.com/fed/user/sloosso?id=osso&type=3&invokeOSFSLogout=false
  Then I am successfully logged out.
  This seems almost like a bug in OAM...

• How to bypass from OAM authentication for certain domain

  Hi All,
  We are trying to unprotect certain domain from OAM domain but coudn't. Please help us fix this issue.
  Environement details:
  We have two nodes, one node for OAM_OSSO and another one for OSSO_Portal application.
  OAM server details:
  In this server, oracle application server single sign on(services are HTTP, OC4J, and OID) and OAM. Integrated OAM_OSSO using [ID 979827.1]
  Portal server details:
  In this server, oracle application server single sign on(services are HTTP, OC4J, and OID) and portal weblogic server(portal application) is running. portal weblogic is registered with thier own portal OSSO.
  In OAM, We protected following portal url's
  /sso/auth      
  /pls/orasso/orasso.wwsso_app_admin.ls_login
  portal _OAM integration is working fine.
  Now portal team come with new requirement for customer, application also running in their same portal weblogic server and that portal application domain is alreday registered with Portal OSSO and Portal OSSO page is protected by OAM. the requirement is bypass OAM authentication, and need to authentication against their own portal OSSO+OID.
  Please tell me how to bypass OAM authentication from this scenerio.
  -Sarath

  Hi MD,
  Thanks for your update.
  We are using oracle 10g. Please tell me how Anonymous scheme will help us to get out from this issue.
  Portal Weblogic server registered with portal IDM server and portal IDM server OSSO protected by IDM OAM. So if i tried any of the application which deployed under portal weblogic server will get protected by OAM right. Please correct me if iam wrong.
  In this scenerio we have two OSSO, one in OAM node and another one in portal server. Now portal team come up with new webserver domain for customer, in customer scenerio we want authenticate againt portal OSSO with their own OID rather than using OAM authentication. Here my concern is, customer or employee the portal weblogic server and portal OSSO are common for both user but only difference in webserver domain.
  So if i tried to access customer application, then customer webserver redirect to portal weblogic for open the requested page(note if webgate not in picture). portal weblogic server is register with portal OSSO and its redirect to portal OSSO for authentication but Portal OSSO server integrated with OAM using webgate.
  1. When tried to access customer application ,Portal OSSO server tried to show own sso login page for authentication but Portal OSSO server already integrated with OAM. so portal OSSO server requested to OAM to access portal sso login page not the request of customer page login.
  2. here,portal OSSO login page protected and OAM serve login page for OAM authentication against OAM OID. If i specify anonymous scheme for customer domain then how will work here, portal OSSO requested to OAM to access portal OSSO login page not the customer page or employee page...
  Here OAM authentication will come into picture for all scenario but need bypass for customer login.
  Requirement is when customer trying to access then authentication need to happen in portal OSSO not in OAM. Hope you understand the architecture.Please suggest how.
  -Sarath
  Edited by: 898990 on May 11, 2012 8:22 PM
  Edited by: 898990 on May 11, 2012 8:25 PM

• Siteminder integration

  We are using Netegrity Siteminder for providing Single SignOn for differnet applications.
  Lately there has been request of integrating it with the Security Structure of
  BEA Weblogic 8.1 (For EJB's and certain secured resouces) based on SSO Id. Is
  there any plugin which provides this integration?

  Oh and neglected to say, the answer is yes. And as per the doc referrenced
  you must obtain this from Netegrity
  "Jason Keating" <[email protected]> wrote in message
  news:[email protected]..
  You do not suggest which version or Siteminder you are using. Unsure which
  version of Siteminder this supports but imagine it is the most recent.
  See the following doc (you need a Netegrity support acct)
  https://support.netegrity.com/ocp/custom/productdownload/productdownload_edi
  >
  t.asp?grouptype=248&isNodeGroup=null&filepath=%5Cliterature%5Cwhite+papers%5
  Cauth1%5Fsiteminder%5Fweblogic%5F8%2E1%2Epdf#
  "pvprabhakar" <[email protected]> wrote in message
  news:[email protected]..
  We are using Netegrity Siteminder for providing Single SignOn fordiffernet applications.
  Lately there has been request of integrating it with the SecurityStructure of
  BEA Weblogic 8.1 (For EJB's and certain secured resouces) based on SSO
  Id.
  Is
  there any plugin which provides this integration?

• Is it possible to pass nQuireID (session ID) via URL ?

  is it possible to pass nQuireID (session ID) via URL?
  (how to get the session id ?)
  therefore, we dont need to pass the userid and password. (embedded in the URL)

  Ummm you can't get a session ID unless you login first, chicken and egg problem? Have you looked at implementing SSO? That's the proper way of solving integration issues, hard-coding the user ID and the password on the URL is a nasty and insecure "hack"...

• Avoiding Database Logon in Infoview

  I created a Crystal Reports using an Oracle Database. Once the report is completed I saved the report in INFOVIEW under a folder. When I try to run the report from InfoView it asks me for
  Database Logon again.
  I have to enter the user id and Password to make the report run. I want to run the report without asking
  Credentials again.

  there are 2 methods that can help
  1) SSO to the DB which requires Oracles to be integrated with AD(not documented by BO) and BO to be integrated with AD (admin guide)
  2) DBuser DBpass also allows a way to use a predetermined user/pw added to a user account in the CMC.I don't think this is documented externally. You will need to open a case and have an engineer check our internal product forums for a solution.
  Regards,
  Tim

• CRM integration problems

  Hi,
  I've successfully established an SSO with my CRM system from the portal. I've implemented the business package for including the channel management functions as well. I'm able to access some iviews as well. But sometimes I get an error http://<server>:<port>/sap/bsp/sap/crm_bsp_frame/mainDH.do not found or http://<server>:<port>/sap/bsp/sap/crm_bsp_frame/entry.do not found. Please guide me on how to progress further.
  Thanks in advance,
  Pinac

  Hi Pinac,
  I'm integrating CRM Web UI with Portals.I'm having problem in configuring SSO with the CRM system.While checking the connection in the portal in"Connection Tests" it is saying that SSO is not configured properly.So whenever I'm clicking on the tab for my CRM roles it is asking me user name & password.
  I've already configured the BW & our ECC systems integration with the portals where I followed the same steps for configuring the SSO & they are working pretty fine.
  For CRM integration I've followed the steps mentioned in the SAP Library help for CRM integration with portals but it is not working.I've followed the SSO best practice doc for its configuration but in vain.
  I think there might something else I need to do for CRM.Kindly suggest.
  My requirement is very urgent.Your quick reply will definitely be rewarded.
  Regards.

• Oracle Identity Federation or Microsoft ADFS

  Hi,
  There are two companies A & B having an isolated infrastructure. Currently we have an architecture where Company A is providing OAM-IWA based SSO functionality for its own users and not for Company B users. If Company B also wants to avail the benefits of IWA/SSO for an application hosted in Company AS what should they do? Please advise-
  1. Implement Microsoft ADFS? Company B may not like it because they think ADFS might expose confidential attributes to Company A?
  2. Implement Oracle Identity Federation? How will that fit in if we have OAM in place? Can OAM authenticate half of the user base and OIF do the rest? Pls advise
  3. Implement OVD? I am not sure if OVD can authenticate userbase against AD credentials?
  Pls let me know.
  Thanks,

  Since company A and B have isolated infrastructures, I assume they are separate companies and on separate networks, with the internet as the network that will allow users from company B to access the application hosted by company A. And I assume the application is a web application.
  First, IWA is a function of the IIS web server and suppported browsers (IE and Firefox) and is independent of OAM or OIF. OAM 10g supports IWA when running a webgate on the IIS web server that is configured to accept IWA authentication. IWA will work on the Intranet, so employees of company A can use IWA to SSO to OAM in their environment. Likewise, if company B has their own deployment of OAM, they can use IWA to SSO their users to their instance of OAM.
  If you deploy OAM 11g, there is no longer a dependency on IIS because OAM 11g support Windows Native Authentication. You can read OAM 11g documentation for details on WNA.
  1) Regarding use of ADFS, I have no comment as I am not familiar with the details of ADFS.
  2) Regarding using OIF, some questions and clarifications
  - Does company B own a web SSO and/or federation product? Do they own OAM? Do they own OIF? If not, they'll need something that speaks SAML or another federation protocol supported by OIF.
  - For company A, you can buy OIF and integrate with OAM, if necessary. Since company A is hosting the application that company B employees want to get to, they would most likely be configured as the service provider/relying party.
  - For company B, you can buy OIF and integrate with OAM. And OAM can integrate with IWA. So a user could use IWA to seamlessy SSO to OAM and then follow a federation enabled link to company A's app and seamlessy SSO to that as well.
  - There is some integration work to be done here. Specificaly, company B needs to have a way to send its users over to company A so they can import them into company A's app. You need to exchange some metadata and agree on a unique identifier to identify the users. Or if the app works by having company B users access it as a generic user or something, you need to set something up for that (such as passing the generic userID in the SAML assertion).
  - I would probably deploy the app such that there were two entry doors. One door would be for company A's employees and would be internally accessible only and protected by OAM. Then I would have an externally accessible door that relied on OIF SAML and was configured as a relying party for company B's employees.
  3) regarding OVD, I don't see how that is going to help you since each company is on a separate isolated infrastructure.

• OAS - Services Failed To Start

  Hi,
  I recently installed Oracle Enterprise Applicaton Server 10g on my windows machine. Actually I installed the whole server to get Oracle Internet Directory and Oracle HTTP Server. At the end of the installation, during the configuration phase it failed start an Application Server service (second last step) of all the configurations. Then I just retried for some time but still no help. Following are th two services stiil failed to start with error code 1.
  OracleDBConsoleorcl
  Oracleoracleas2ASControl
  Following services are Up and Running :) _
  OracleServiceORCL
  Oracleoracleas2TNSListener
  Oracleoracleas2ProcessManager
  OracleJobSchedularORCL
  OracleCSService
  As I said I want only two components to work with Oracle Access Manager for SSO I left it like that and move onto integration with WLS using SSPI connector. I think all my configurations are correct but SSPI is failing to get my user authenticated successfuly by giving me the error in SSPI log as 'Erro in SOAP Request'.
  I am successfully runing my HTTP and OID servers. Following are the details from opmn status command
  C:\OraHome_2\opmn\bin>opmnctl status
  Processes in Instance: interhttp.ukdsk-hpoplaw.europe.temenosgroup.com
  ------------------------------------------------+---------
  ias-component | process-type | pid | status
  ------------------------------------------------+---------
  DSA                | DSA                |     N/A | Down
  LogLoader          | logloaderd         |     N/A | Down
  dcm-daemon         | dcm-daemon         |     N/A | Down
  HTTP_Server | HTTP_Server | 5484 | Alive
  OID | OID | 5000 | Alive
  Are these two services are important to successfully acheive my setup or I can leave it like that???
  If you need any other information from any logs please let me know and I will post it here to debug my problem please.
  Thanks
  SJunejo

  Hi,
  I recently installed Oracle Enterprise Applicaton Server 10g on my windows machine. Actually I installed the whole server to get Oracle Internet Directory and Oracle HTTP Server. At the end of the installation, during the configuration phase it failed start an Application Server service (second last step) of all the configurations. Then I just retried for some time but still no help. Following are th two services stiil failed to start with error code 1.
  OracleDBConsoleorcl
  Oracleoracleas2ASControl
  Following services are Up and Running :) _
  OracleServiceORCL
  Oracleoracleas2TNSListener
  Oracleoracleas2ProcessManager
  OracleJobSchedularORCL
  OracleCSService
  As I said I want only two components to work with Oracle Access Manager for SSO I left it like that and move onto integration with WLS using SSPI connector. I think all my configurations are correct but SSPI is failing to get my user authenticated successfuly by giving me the error in SSPI log as 'Erro in SOAP Request'.
  I am successfully runing my HTTP and OID servers. Following are the details from opmn status command
  C:\OraHome_2\opmn\bin>opmnctl status
  Processes in Instance: interhttp.ukdsk-hpoplaw.europe.temenosgroup.com
  ------------------------------------------------+---------
  ias-component | process-type | pid | status
  ------------------------------------------------+---------
  DSA                | DSA                |     N/A | Down
  LogLoader          | logloaderd         |     N/A | Down
  dcm-daemon         | dcm-daemon         |     N/A | Down
  HTTP_Server | HTTP_Server | 5484 | Alive
  OID | OID | 5000 | Alive
  Are these two services are important to successfully acheive my setup or I can leave it like that???
  If you need any other information from any logs please let me know and I will post it here to debug my problem please.
  Thanks
  SJunejo

• Tivoli Access Manager WebSeal & Infoview

  Post Author: ab129001
  CA Forum: Authentication
  Is it possible to enable Infoview users to authenticate via Tivoli Access Manager WebSeal (a reverse proxy authentication product)?
  Thanks in advance.
  Andy

  Post Author: jsanzone
  CA Forum: Authentication
  Andy,
  It's my understanding that in order to achieve SSO w/ TAM running under WebSeal, that a Portal Integration Kit (PIK) must first be produced from BusinessObjects for the XI R2 platform.  Back in early April 2007, before I knew about PIKs, I submitted a trouble ticket to Tech Support in the hopes of getting a "quick" solution, hence the PIK education lesson.  In response to my request, tech support submitted an enhancement request for a WebSeal Portal Integration Kit, the Ticket number for the enhancement is ADAPT00755013.   If you find out anything further on this situation, I'd be all ears!!

• Nakisa SVTN2.0 SP3 Portal integration

  Hi Luke,
  After the AD authentication is failed, I try to use the SSO with Logon Tickets.
  The NAkisa OrgChart is integrated into the portal, I also install SAPSSOEXT.
  I've done every steps written in here:
  http://wiki.sdn.sap.com/wiki/display/ERPHCM/SAPSSOAuthenticationwithverify.pseusingSAPSSOEXT
  But the logon doesn't work. I get a "Server Error in /OrgChart Application"
  The NAkisa log says:
  ERROR: Credentials_SapSso : GetCredentials : MYSAPSSO2 cookie was not found.
  Credentials will be empty.
  Do you have any suggestion where to find the solution for this problem. Unfortunatelly I can'T edit the LoginConfiguration.xml. because it's encrypted and I don't have the encryption key
  Thanks
  NGastanek

  Hi everyone,
  Thanks for the help. The SSo login is now working. I changed the Authorization source to the system, where the HR data is stored, and now the logon works fine.
  *But *
  Again I get the same problem as in the AD authentication. The OrgChart button is missing from the Wlecome screen.
  Int he Nakisa log I have this error:
  {[SAPConnector.Open]: Connect to SAP gateway failed
  Connect_PM  GWHOST=lsaphr09.sys.corp, GWSERV=sapgw05,
  ASHOST=saphr09.sys.corp, SYSNR=05
  LOCATION    CPIC (TCP/IP) on local host
  ERROR       hostname '?' unknown
  TIME        Tue Jan 11 13:43:24 2011
  RELEASE     640
  COMPONENT   NI (network interface)
  VERSION     37
  RC          -2
  COUNTER     14
  2011.01.11. 13:43:     ERROR: SAPRoleMapping_SAP.MapRoles() :
  Object reference not set to an instance of an object.

• SSO to partner application running under IIS

  Hi,
  We have a complete set-up for 9iAS Release2 where some applications are running. In parallell we have an application running under IIS, and would now like to enable the IIS application as a partner application to 9iAS letting the 9iAS SSO server handle the authentication.
  In the documentation of Oracle Proxy Plug-in I read that this proxy plug-in can be used to proxy requests from IIS to Oracle http server (OHS) and also in this way enable SSO.
  My question is if this can be done only for applications running under 9iAS but having IIS as web server, or if it is also possible like in our case to enable SSO via the proxy plug-in to applications runnind under IIS?
  If this is not supported is the only available solution to use the SSO SDK in my IIS application?
  Thanks and regards,
  Rikard

  Here's a DIY answer.
  See Metalink Note 269820.1 which shows you how to use Perl to overwrite the host name in the HTTP header and remove the port number.