SSO and BiBeans

Hi,
i want to use SSO with Bi Beans. I have my BiBeans deployed on a 9iasR2 (9.0.2.3). I edit the mod_osso.conf with <Location /*appname*> require valid-user authType Basic </Location> and i have in BIController uncomment the sso blocks.
After authenticated to the SSO, i got always a NullPointerException. I looked in the code and i found that application.getBISession() is not initalized.
Please, have anybody an idea, or knows anybody a documentation about SSO and BIBeans.
best regards
Rene

cn=XXX information is missing for the SSO Server (orasso) when going to http://servername:7777/pls/orasso/orasso.home. Is that causing the problem? If so, how can I resolve it?
Thanks.
Andy

Similar Messages

  • SSO and how to Managing User Roles/Privileges with Forms using Oracle db

    We are in the process of implementing Oracle Application Server SSO with our custom Forms application using Oracle database -- all 10.2.0.1.0 version.
    In our Forms Applications, we have about a dozen roles we have assigned to various users. We need to identify each user using our Forms because we are using the GLOBAL USER throughout the application.
    Questions:
    -- Do we have to create users/passwords in both OID and application database?
    -- Is there a way to easily manage the user and passwords between SSO and Forms App/database in one place? For example, how does a user change their password once, but actually change it in both the database and SSO?
    Any advice and/or direction would be greatly appreciated.
    Thank you,
    Mika
    Edited by: user11846198 on Sep 1, 2009 1:41 PM
    Edited by: user11846198 on Sep 1, 2009 1:53 PM

    Yes, you can have global roles in the DB and assign this roles to specific OID users, and the will heritage the privilages, you can do this using Oracle Identity Management Web Tool http://hostname:7777/oiddas is not complicated.
    Greetings.

  • Java SSO and IIS

    This is a repeat of this post: Java SSO and IIS
    Noone answered there.
    Hello,
    my organization uses Java SSO authentication in Oracle Application Server. Now we want to "expand" SSO so that our IIS applications can benefit from Oracle SSO and user needn't print user name / password again. Is there any way to use Java SSO in IIS? In this project we use Java SSO, not Oracle Identity Management.
    Thanks in advance

    Hi ,
    I was installed and configured policy agent successfully.while i am trying to access the application url i am getting following error.
    I am using IIS6.0 and access manager 7.1.
    Error 2824:15b9918 AuthService: AuthService::processLoginStatus() Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp.
    2009-03-10 00:03:05.828 Error 2824:15b9918 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp and code:3
    2009-03-10 00:03:05.828 Warning 2824:15b9918 PolicyAgent: am_web_is_access_allowed()(http://fcs-ylwkuzfoz1q.ramesh.com:99/website.html, GET) denying access: status = Access Manager authentication service failure
    2009-03-10 00:03:05.828 Debug 2824:15b9918 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://fcs-ylwkuzfoz1q.ramesh.com:99/website.html.
    2009-03-10 00:03:05.828 Info 2824:15b9918 PolicyAgent: am_web_is_access_allowed()(http://fcs-ylwkuzfoz1q.ramesh.com:99/website.html, GET) returning status: Access Manager authentication service failure.
    2009-03-10 00:03:05.828 Debug 2824:15b9918 PolicyAgent: HttpExtensionProc(): status after am_web_is_access_allowed = Access Manager authentication service failure (3)
    2009-03-10 00:03:05.828 Error 2824:15b9918 PolicyAgent: HttpExtensionProc(): status: Access Manager authentication service failure (3)
    2009-03-10 00:03:05.828 Debug 2824:15b9918 PolicyAgent: OnSendResponse(): HTTP Status code is 500
    can any one please help me to resolve this.
    Thanks
    Ramesh Kumar GV

  • SSO and external applications

    Hello folks,
    Due to my inexperience with PS6, I'm looking for some high-level outline that will help me look in the right places and understand things better here.
    I have an external application that requires authentication via a web form (or by attaching the username and password on the URL as parameters).
    What I want to do is have a channel of this application and utilize information from the SSO mechanism to redirect the request to that remote app and provide the credentials for a transparent login.
    From what I understand this can be done by having a servlet in that channel to retrieve the credentials of the user for that remote application from the SSO and then redirect to the external application, attaching the credentials to the URL.
    Is the above correct? I would appreciate any pointers or considerations since my experience with PS is minimal.
    Thanks in advance,
    Manos

    I don't see a way to that servlet to retrieve a password for the user - it's not stored in the session.
    There are following options:
    1. OpenText LiveLink way: You have some "hidden" password for every user (based on user's ID and a shared key) known only to your server and this servlet. Servlet will supply this password.
    2. Normal way - web server: Implement login module to this application, which will trust REMOTE_USER variable provided by the agent on the web server.
    3. Normal way - standalone app: Implement login module to this application which will validate DSAME session cookie on the DSAME server. You can use example code in the SUNWam/samples/ of your server.

  • ADFS SSO and SharePoint 2013 on-premise Hybrid outbound search results from SharePoint Online - does it work?

    Hi, 
    I want to setup an outpund hybrid search for SharePoint 2013 on-premise to SharePoint Online.
    But I'm not shure if this works with ADFS SSO.
    Has somebody experience with this setup?
    Here's my guide which I'm going to use for this installation:
    Introduction
    In this post I'll show you how to get search results from your SharePoint Online in your SharePoint 2013 on-premise search center.
    Requirements
    User synchronisation ActiveDirectory to Office 365 with DirSync
    DirSync password sync or ADFS SSO
    SharePoint Online
    SharePoint 2013 on-premise
    Enterprise Search service
    SharePoint Online Management Shell
    Instructions
    All configuration will be done either in the Search Administration of the Central Administration or in the PowerShell console of your on-premise SharePoint 2013 server.
    Set up Sever to Server Trust
    Export certificates
    To create a server to server trust we need two certificates.
    [certificate name].pfx: In order to replace the STS certificate, the certificate is needed in Personal Information Exchange (PFX) format including the private key.
    [certificate name].cer: In order to set up a trust with Office 365 and Windows Azure ACS, the certificate is needed in CER Base64 format.
    First launch the Internet Information Services (IIS) Manager
    Select your SharePoint web server and double-click Server Certificates
    In the Actions pane, click Create Self-Signed Certificate
    Enter a name for the certificate and save it with OK
    To export the new certificate in the Pfx format select it and click Export in the Actions pane
    Fill the fields and click OK Export to: C:\[certificate
    name].pfx Password: [password]
    Also we need to export the certificate in the CER Base64 format. For that purpose make a right-click on the certificate select it and click on View...
    Click the Details tab and then click Copy to File
    On the Welcome to the Certificate Export Wizard page, click Next
    On the Export Private Key page, click Next
    On the Export File Format page, click Base-64 encoded X.509 (.CER), and then click Next.
    As file name enter C:\[certificate
    name].cer and then click Next
    Finish the export
    Import the new STS (SharePoint Token Service) certificate
    Let's update the certificate on the STS. Configure and run the PowerShell script below on your SharePoint server.
    if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
    # set the cerficates paths and password
    $PfxCertPath = "c:\[certificate name].pfx"
    $PfxCertPassword = "[password]"
    $X64CertPath = "c:\[certificate name].cer"
    # get the encrypted pfx certificate object
    $PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
    # import it
    Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $PfxCert
    Type Yes when prompted with the following message.
    You are about to change the signing certificate for the Security Token Service. Changing the certificate to an invalid, inaccessible or non-existent certificate will cause your SharePoint installation to stop functioning. Refer
    to the following article for instructions on how to change this certificate: http://go.microsoft.com/fwlink/?LinkID=178475. Are you
    sure, you want to continue?
    Restart IIS so STS picks up the new certificate.
    & iisreset
    & net stop SPTimerV4
    & net start SPTimerV4
    Now validate the certificate replacement by running several PowerShell commands and compare their outputs.
    # set the cerficates paths and password
    $PfxCertPath = "c:\[certificate name].pfx"
    $PfxCertPassword = "[password]"
    # get the encrypted pfx certificate object
    New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
    # compare the output above with this output
    (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
    [/code]
    ## Establish the server to server trust
    [code lang="ps"]
    if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
    Import-Module MSOnline
    Import-Module MSOnlineExtended
    # set the cerficates paths and password
    $PfxCertPath = "c:\[certificate name].pfx"
    $PfxCertPassword = "[password]"
    $X64CertPath = "c:\[certificate name].cer"
    # set the onpremise domain that you added to Office 365
    $SPCN = "sharepoint.domain.com"
    # your onpremise SharePoint site url
    $SPSite="http://sharepoint"
    # don't change this value
    $SPOAppID="00000003-0000-0ff1-ce00-000000000000"
    # get the encrypted pfx certificate object
    $PfxCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $PfxCertPath, $PfxCertPassword, 20
    # get the raw data
    $PfxCertBin = $PfxCert.GetRawCertData()
    # create a new certificate object
    $X64Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
    # import the base 64 encoded certificate
    $X64Cert.Import($X64CertPath)
    # get the raw data
    $X64CertBin = $X64Cert.GetRawCertData()
    # save base 64 string in variable
    $CredValue = [System.Convert]::ToBase64String($X64CertBin)
    # connect to office 3656
    Connect-MsolService
    # register the on-premise STS as service principal in Office 365
    # add a new service principal
    New-MsolServicePrincipalCredential -AppPrincipalId $SPOAppID -Type asymmetric -Usage Verify -Value $CredValue
    $MsolServicePrincipal = Get-MsolServicePrincipal -AppPrincipalId $SPOAppID
    $SPServicePrincipalNames = $MsolServicePrincipal.ServicePrincipalNames
    $SPServicePrincipalNames.Add("$SPOAppID/$SPCN")
    Set-MsolServicePrincipal -AppPrincipalId $SPOAppID -ServicePrincipalNames $SPServicePrincipalNames
    # get the online name identifier
    $MsolCompanyInformationID = (Get-MsolCompanyInformation).ObjectID
    $MsolServicePrincipalID = (Get-MsolServicePrincipal -ServicePrincipalName $SPOAppID).ObjectID
    $MsolNameIdentifier = "$MsolServicePrincipalID@$MsolCompanyInformationID"
    # establish the trust from on-premise with ACS (Azure Control Service)
    # add a new authenticatio realm
    $SPSite = Get-SPSite $SPSite
    $SPAppPrincipal = Register-SPAppPrincipal -site $SPSite.rootweb -nameIdentifier $MsolNameIdentifier -displayName "SharePoint Online"
    Set-SPAuthenticationRealm -realm $MsolServicePrincipalID
    # register the ACS application proxy and token issuer
    New-SPAzureAccessControlServiceApplicationProxy -Name "ACS" -MetadataServiceEndpointUri "https://accounts.accesscontrol.windows.net/metadata/json/1/" -DefaultProxyGroup
    New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://accounts.accesscontrol.windows.net/metadata/json/1/" -IsTrustBroker -Name "ACS"
    Add a new result source
    To get search results from SharePoint Online we have to add a new result source. Run the following script in a PowerShell ISE session on your SharePoint 2013 on-premise server. Don't forget to update the settings region
    if(-not (Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)){Add-PSSnapin "Microsoft.SharePoint.PowerShell"}
    # region settings
    $RemoteSharePointUrl = "http://[example].sharepoint.com"
    $ResultSourceName = "SharePoint Online"
    $QueryTransform = "{searchTerms}"
    $Provier = "SharePoint-Remoteanbieter"
    # region settings end
    $SPEnterpriseSearchServiceApplication = Get-SPEnterpriseSearchServiceApplication
    $FederationManager = New-Object Microsoft.Office.Server.Search.Administration.Query.FederationManager($SPEnterpriseSearchServiceApplication)
    $SPEnterpriseSearchOwner = Get-SPEnterpriseSearchOwner -Level Ssa
    $ResultSource = $FederationManager.GetSourceByName($ResultSourceName, $SPEnterpriseSearchOwner)
    if(!$ResultSource){
    Write-Host "Result source does not exist. Creating..."
    $ResultSource = $FederationManager.CreateSource($SPEnterpriseSearchOwner)
    $ResultSource.Name = $ResultSourceName
    $ResultSource.ProviderId = $FederationManager.ListProviders()[$Provier].Id
    $ResultSource.ConnectionUrlTemplate = $RemoteSharePointUrl
    $ResultSource.CreateQueryTransform($QueryTransform)
    $ResultSource.Commit()
    Add a new query rule
    In the Search Administration click on Query Rules
    Select Local SharePoint as Result Source
    Click New Query Rule
    Enter a Rule name f.g. Search results from SharePoint Online
    Expand the Context section
    Under Query is performed on these sources click on Add Source
    Select your SharePoint Online result source
    In the Query Conditions section click on Remove Condition
    In the Actions section click on Add Result Block
    As title enter Results for "{subjectTerms}" from SharePoint Online
    In the Search this Source dropdown select your SharePoint Online result source
    Select 3 in the Items dropdown
    Expand the Settings section and select "More" link goes to the following URL
    In the box below enter this Url https://[example].sharepoint.com/search/pages/results.aspx?k={subjectTerms}
    Select This block is always shown above core results and click the OK button
    Save the new query rule

    Hi  Janik,
    According to your description, my understanding is that you want to display hybrid search results in SharePoint Server 2013.
    For achieving your demand, please have a look at the article:
    http://technet.microsoft.com/en-us/library/dn197173(v=office.15).aspx
    If you are using single sign-on (SSO) authentication, it is important to test hybrid Search functionality by using federated user accounts. Native Office 365 user accounts and Active Directory Domain Services
    (AD DS) accounts that are not federated are not recognized by both directory services. Therefore, they cannot authenticate using SSO, and cannot be granted permissions to resources in both deployments. For more information, see Accounts
    needed for hybrid configuration and testing.
    Best Regards,
    Eric
    Eric Tao
    TechNet Community Support

  • SSO and WebUtil

    Hi,
    I have a form that was working with webutil. We implemented SSO on the server. Know the webutil jar file does not load - it can not find it.
    Getting the following message in java console:
    Loading http://capps.cauto.com/forms90/webutil/webutil.jar from JAR cache
    Loading http://capps.cauto.com/forms90/webutil/jacob.jar from JAR cache
    Loading http://capps.cauto.com/forms90/java/f90all_jinit.jar from JAR cache
    RegisterWebUtil - Loading Webutil Version 1.0.2 Beta
    Loading http://capps.cauto.com/forms90/java/rolloverbutton.jar from JAR cache
    Loading http://capps.cauto.com/forms90/java/hyperlink.jar from JAR cache
    connectMode=HTTP, native.
    Forms Applet version is : 90290
    java.io.IOException: Could not connect to http://wadjet.cauto.com/forms90/webutil/webutil.jar
         at oracle.jre.protocol.jar.JarCache$CachedJarLoader.download(Unknown Source)
         at oracle.jre.protocol.jar.JarCache$CachedJarLoader.load(Unknown Source)
         at oracle.jre.protocol.jar.JarCache.get(Unknown Source)
    Has anyone use SSO and webutil?
    Thanks,
    Mary Santry

    Mary,
    using single sign-On with Forms should not have an impact to webutil.jar.
    Just to be sure: You configured webutil and it works if not running using single sign-on. You configured Forms to use singke sign-on (uncommenting th emod_osso directive in forms90.conf file) and from now on webutil.jar cannot be found.
    What if you directly try and request the webutil.jar file from a Browser
    http://wadjet.cauto.com/forms90/webutil/webutil.jar ?
    Can you access jacob.jar using a Browser URL?
    Fran

  • SSO and success URL with parameters

    Hello
    I have succeeded to configure HTML_DB engine as Partner App for Oracle SSO.
    HTML_DB 1.5.0.00.33
    Oracle IAS Release 1 ehk 1.0.2.2.2
    I'm entering into HTMLDB application from outside directly to concrete page with concrete parameters. The calling outside app is authenticated with SSO.
    Example URL: http://host/pls/DAD/f?p=103:3:::::PAR1,PAR2:VAL1,VAL2
    I'm then authenticated checked against SSO and redirected to my requested page, but the parameters are lost. The URL looks like http://host/pls/DAD/f?p=103:3:987698769876098
    It only happens at first try. Next time I have a session and I'm redirected together with parametes.
    It seams that this http://host/pls/DAD/wwv_flow_custom_auth_sso.process_success is getting somehow wrong parameter URLC. Without parameters. Why?
    Please help!
    Yours,
    jan lakspere

    Hi
    Thanks, Scott.
    This patch 1.5.1 solved this problem. Now SSO redirect forwards the parameters together with URL.
    Yours,
    jan

  • SSO and LDAP no working after revokeing Territory selection choice of SSO

    Hi i have 9ias 9.0.2 infrastructure on win 2k box.
    earlier the territory selection choice was checked.
    but when i unchecked that option. and i logged out of SSO.
    Now the problem is i am not getting the SSO and Internet Directory home pages.
    and in Enterprise manager web page shows both are up.
    win 2k's task manager also shows the all the three process of Internet directory also running along with other essentianl processs.
    any clue....
    my whole work and intranet & extranet is not accessible due to this.... it will be great to me if i get any tip of hint...
    thanks a lot... in advance...
    regards
    samir([email protected])

    Well, this is certainly a case where I would be opening a tech support case. Your server is down, and you need help . .
    I'll try what I can for you.
    [18/Jun/2004:09:21:57 -0400] vipmail2 httpd[1560]: Account Debug: SASL [10.29.11.63] Cannot get namespace for domain vipmail2.kvcc.edu: Entry not found
    This likely means that you've missed another, earlier error in the log. I suspect that what may have happened, is that the USER that Messaging Server connects to LDAP with has had a password change, and you're no longer able to BIND to LDAP to make queries.
    I would start looking at your LDAP Access Log, and see what user you're attempting to BIND as, and see if that BIND is successful.
    The contents of msg.conf and your other file is useful as information, but is not a user-editable file. You must use configutil to make changes, as this data is stored in LDAP, and on server startup, the files will be rewritten with ldap data.

  • SSO and EUS with EM Grid Control

    Trying to configure both SSO using client certificate authentication process and Enterprise Users, I noted that the parameter used to configure both is the same (oracle.sysman.emSDK.sec.DirectoryAuthenticationType) in emons.properties.
    Can I use both SSO and EUS with EM Grid Control???

    Hello
    i am interested in a very special feature: is it possible to get notified if alerts occur in alert logs in an 8i/9i database when using Grid control and the 10g agent on the 8i/9i systems?
    Moreover, the 10g agent should be able to get Performance Data using the v$ views or direct sga access without using statspack, right?
    Do you know where I can find documentation about the supported features when using Grid Control with 8i/9i databases?

  • SSO and REMOTE_USER

    Hi everybody,
    Once authenticated to HTML_DB through SSO, is there a way to know the REMOTE_USER (the username entered by the user when authentified by SSO) and use it in a query ?
    Thank you

    Yves,
    I think you might be talking about mod_osso. Mod_osso doesn't yet support dynamic directives for PL/SQL applications, so for the DAD that is protected by mod_osso, you will get the behavior you described in all HTML DB applications using that DAD. You might want to consider dedicating a DAD for mod_osso-authenticated HTML DB apps. When PL/SQL dynamic directives are supported in mod_osso in a future release, it will be easier to use with HTML DB.
    HTML DB never accesses REMOTE_USER, which is set by mod_osso. If mod_osso is also setting USER, i.e., the user connected through the DAD, to the same value, that's interesting.
    As far as spoofing REMOTE_USER, you'd have to get between mod_osso and mod_plsql and the application to do it. So I'd say that that isn't a concern.
    With mod_osso or AS Single Signon using a partner application, you have to decide how to handle logout. Should it end your current session only, or take you to the Single Sign-Out page and log you out of everything?
    Today, AS Single Signon with HTML DB registered as the partner application is a supported and secure solution. Search this forum for detailed steps about setting that up using the SSO SDK.
    Scott

  • SSO and JavaScript

    Hi all,
    does any one of you know about any restriction or any other issue involving SSO and JavaScript?
    We have a web app in an OC4J instance, which uses JSP and JavaScript.
    When SSO is disabled for the application, everything goes well. But when SSO is active, the page loads a lot slower, and the IE browser always shows the error icon when any component tries to execute Javascript.
    Any ideas about this issue?
    Oracle AS 10g (9.4.1)
    Win 2000 SP4
    IE 6.0 SP1
    Thanks a Lot in advance.
    Have a nice day.
    Jaime

    It is simpler to do from server side as follows. Place below line
    inside Page_Load event of any portal component:
       Write(this.Request.Cookies.Get("MYSAPSSO2").Value);

  • SSO and normal login

    Hi All,
    Thanks for any replies in advance. Is it possible to have SSO and the normal login mechanism enabled at the same time? I want to enable SSO, but if the user is not authenticated, I want the normal login screen to appear. What I mean is that if SSO is not enabled and you are not logged in, you should get the default OBI login screen, not some LogonURL that I specify. However, when SSO is enabled and the user is not logged in, all I see is a "Not logged in" message. I know I can enable a login URL that should presumably take the user to the SSO login page. However, is there anyway that OBI checks cookies to see if the user is logged in and if not it should present the default OBI login screen.
    The reason is that I want some external users to be authenticated using SSO, but I want the normal screen to appear for internal company users. Thanks.

    There isn't much documentation in OBIEE about how to implement your own SSO authentication. The documentation (Deployment Guide) simply says:
    "When using a J2EE Application Server and the BI Presentation Services Plug-In (Java Servlet), from the getRemoteUser method of the javax.servlet.http.HttpServletRequest.getRemoteUser API. In this case, the SSO system must be able to integrate with the J2EE environment of choice and set up the framework such that the getRemoteUser method returns the username of the end user."
    And that's what you have to do. Implementing the getRemoteUser method in a Java WebApp is not difficult, the difficulty will depend on how you want to authenticate your users. Also you need to integrate this custom Java WebApp within your Presentation Services plug-in. In JBOSS we have done this by creating a custom Valve. The integration will vary depending on your J2EE server and your custom SSO authenticator. Once setup it works pretty well. Users go to any /analytics URL and if the they have not been authenticated before our custom SSO Java kicks in. In they are authenticated correctly the getRemoteUser method gets set with their current user ID. Then on the OBIEE side we have the impersonator user and the usual Init Blocks to validate the user on the BI Server and grant them Web Catalog groups, BI Server Groups, set the Display Name, etc.

  • SSO and ABAP Web Services

    I am opening this thread on behalf of my colleague Bala regarding SSO and ABAP Web Services.
    We have gone through single sign on options and found several options are available within 5.0.
    We would like to know the options available for SAP ABAP web services access from a Non-SAP system with user authorization but without Portal/ITS installation.
    Also I would like to avoid any hard coding of user id in Non-SAP system .
    Could you provide any information.
    Thanks,
    Bala

    We have gone through single sign on options and found several options are available within 5.0.
    Tell me what are the several options and what is your Non-SAP system?
    without Portal/ITS installation.
    ITS is now an integral part of ECC 5.0 system. So would not need a seperate installation, unlike earlier versions.
    AB

  • SSO and portal timeout  -- other bug?

    ...this is very probably related to the other post talking about SSO and portal timeout...
    I am having another weird issue with dotnet portlets that uses inline refresh (done automatically by dotnet accelerator) and SSO.
    When you let the portal session expire, and then click on a button/link within a portlet (hence generate an inline refresh gatewayed request), the full portal window (header/footer etc...) appears within the portlet, instead of the portlet content alone.
    I did some http traces (see below) and it seems the problem is due to the windows SSOLogin.aspx (we are using windows auth SSO) not taking the requested portlet gatewayed request url as a post login redirect info... but taking instead the current page url (which is wrong)
    Thus, after the gatewayed portlet request is successfully authenticated by the SSOLogin.aspx component, it is automatically redirected to the wrong urll...making the full portal page refresh into the portlet.
    So my question is: have anyone already seen such behavior? And has anything been done to fix this?
    It really seems like a bug with the SSO servlet...but maybe i am doing something wrong...Just want to have your thoughts on this.
    Thanks,
    Fabien
    ============================================================================================
    HTTP Trace:
    POST     302     Redirect to /portal/sso/SSOLogin.aspx?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login     http://your.portal.com/portal/server.pt/gateway/PTARGS_0_15046_362_205_0_43/http%3B/your.portletserver.com/yourapp/youraspx.aspx
    GET     401     text/html     http://your.portal.com/portal/sso/SSOLogin.aspx?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login
    GET     401     text/html     http://your.portal.com/portal/sso/SSOLogin.aspx?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login
    GET     302     Redirect to http://your.portal.com/portal/server.pt?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login     http://your.portal.com/portal/sso/SSOLogin.aspx?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login
    GET     200     text/html; charset=utf-8     http://your.portal.com/portal/server.pt?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login

    I have this happen in v6.0 sp1. We have worked around the problem with a bit of work and synchronization of settings. Below, I've outlined how we've worked around the problem (which is indeed a problem that should be fixed). Also, if you have a load balancer, you'll need to set your session timeout on the load balancer to a bit more than the refresh rate that you set for your communities and My Pages.
    Resolving the Portlet Timeout / Refresh Problem in ALUI Portal_
    Problem: Users occasionally receive the portal page within a portlet error
    Cause: The root cause has not been determined; however it appears that the primary event that exhibits the behavior is when a teammember’s session has expired on the portal server and they then utilize a .NET form-based portlet which refreshes in place. Because we are using WIA SSO to enable automatic logins to the portal, it makes the error seem to occur randomly.
    Resolution:
    The workaround solution is to – 1) increase the portal session timeout on the portal web servers from the default 20min to 4 hours, and 2) set the MyPage refresh interval setting for all portal users to 3 hours. The setting name is a bit of a misnomer, as it will actually refresh the entire portal page automatically if the user is idle on either a My Page or a Community Page, as these are the only two places that portlets reside.
    Increasing the portal session timeout:
    The portal session timeout is controlled in two places, and both settings should match. On the portal virtual directory in IIS, edit the configuration and increase the timeout setting to 240 (minutes). Then, edit the portal application’s web.config file (d:\portal\ptportal\6.0\webapp\portal\web\) and increase the sessionState Timeout variable to 240. Editting the config file will require you to restart the services before you see the change.
    Initial setting of the MyPage refresh interval:
    The initial setting will need to be done by a SQL script in order to apply it to all existing users. The Default Profile should also be updated so that all new user synched from AD will have this setting applied automatically.
    /* Delete refresh interval settings for all users first so that there are no conflicts on the inserts */
    DELETE FROM portaldbuser.ptprefs WHERE prefname = 'intMyPageRefreshRate'
    /* Insert desired page refresh setting for all users */
    INSERT INTO portaldbuser.ptprefs (userid,gadgetid,prefclassid,prefobjectid,prefname,prefvaluetype,prefvalue,pagenumber) SELECT objectid,0,0,0,'intMyPageRefreshRate',3,180,0 FROM portaldbuser.ptusers
    From Administration, access the Default Profiles utility. Check the Default Profile entry and click on the Edit Profile Layout link. Click on the My Account link in the Portal Settings portlet and then on the Display Options link on the next page. In the Page and Portlet Settings, update the Your My Page will be updated: setting to 4 hours. Click Finish twice to return to Administration.
    Updating the MyPage refresh interval:
    To update the setting just modify the insert portion of the SQL script. Change the prefvalue number (180) to the desired timeout in minutes and rerun both statements of the script.
    The Default Profile should be also be modified per the instructions above.
    I hope this helps...
    -tom

  • SSO and OID concepts

    Is there any document which explains the concept and architecure of SSO and OID concepts in simple words ??

    Check the following notes/documents:
    Overview of Oracle Single Sign-On
    http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/toc.htm
    Note: 261914.1 - Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On
    https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=261914.1
    Note: 233436.1 - Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i
    https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=233436.1

Maybe you are looking for

  • Viewing PDF in Browser.

    Hi, I'm in a bit of a hurdle here. I have a PDF file on the server which I want to display in the browser immediately after the user enters the page. When the I go to the page I get the following error: "Acrobat could not open '_home_appsamba_kkristo

  • Printer frustration

    Installed new HP LaserJet P1105w.  Printed two or three times and can not get it to print now.  Router is also new as is Pavilion 23 computer.  I am oblivious as how to print Network configuration page since my printer will not print and I don't know

  • HTML inside .swf?

    Is there any way to use flash to show html? Something similar to an iframe if it can't display it naturally. Maybe something could be accessed externally in the browser?

  • How can I put a image in a label?

    thanks

  • How can I update material in iw42?

    Hi experts, I need BAPI or Function to update material in transaction iw42. Thanks' Tatiana.