SSO and normal login
Hi All,
Thanks for any replies in advance. Is it possible to have SSO and the normal login mechanism enabled at the same time? I want to enable SSO, but if the user is not authenticated, I want the normal login screen to appear. What I mean is that if SSO is not enabled and you are not logged in, you should get the default OBI login screen, not some LogonURL that I specify. However, when SSO is enabled and the user is not logged in, all I see is a "Not logged in" message. I know I can enable a login URL that should presumably take the user to the SSO login page. However, is there anyway that OBI checks cookies to see if the user is logged in and if not it should present the default OBI login screen.
The reason is that I want some external users to be authenticated using SSO, but I want the normal screen to appear for internal company users. Thanks.
There isn't much documentation in OBIEE about how to implement your own SSO authentication. The documentation (Deployment Guide) simply says:
"When using a J2EE Application Server and the BI Presentation Services Plug-In (Java Servlet), from the getRemoteUser method of the javax.servlet.http.HttpServletRequest.getRemoteUser API. In this case, the SSO system must be able to integrate with the J2EE environment of choice and set up the framework such that the getRemoteUser method returns the username of the end user."
And that's what you have to do. Implementing the getRemoteUser method in a Java WebApp is not difficult, the difficulty will depend on how you want to authenticate your users. Also you need to integrate this custom Java WebApp within your Presentation Services plug-in. In JBOSS we have done this by creating a custom Valve. The integration will vary depending on your J2EE server and your custom SSO authenticator. Once setup it works pretty well. Users go to any /analytics URL and if the they have not been authenticated before our custom SSO Java kicks in. In they are authenticated correctly the getRemoteUser method gets set with their current user ID. Then on the OBIEE side we have the impersonator user and the usual Init Blocks to validate the user on the BI Server and grant them Web Catalog groups, BI Server Groups, set the Display Name, etc.
Similar Messages
-
What is the diff. b/w certificate login and normal login?
Dear All,
I have recently cleared my SAP certification, so i am now operating with a new account with MY S.NO and Password provided by SAP. prior to that i had a normal account.
I cant find difference in both the acounts. I was told that in case of certified candidates the SAP logo is displayed. Is It?
If its tru, y cant i see any logo or diff. by my name?
rgds,
PrashantDear Prashant
No SAP Logo will display with your name after certification but it will display when you will become the employee of SAP, So have to wait for this.
You can just request for Logo of your Certification but this will not display with your name on SCN
I think you were using your P account before this one. The main difference between these two is that you can login to [Server Marketplace|http://service.sap.com/] with your S ID but can't with P ID and also you can use Certificate Login (Sign Sign-On) option for your S ID.
one other thing that i noticed that when you will go to edit your Business Card in the Last Tab (COMMUNITY) you will see option MY RELATION TO SAP here you can show Customer I think this option is available for P account.
Thanks and Regards,
Faisal -
Need to be able to use both SSO and manual login to the WAS
Hi,
we are currently on NW7 SP20 (SPS18) but we are still using 3.x queries and web applications extensively. We have SSO enabled on all systems and that works fine. However, this does not give us the possibility to test for example roles by logging on as a test user. How can we keep SSO but also allow us to log on as a different user to the WAS when running queries or web templates.
Typical test scenario:
1) Open WAS3.x or Query Designer 3.x and log on as a test user
2) Close all browser windows
3) Execute web template or query in browser
4) At this point SSO takes over and logs the tester on as him/herself. What we would like here is to have the option of either logging on manually /by for example clicking a log on button) or using SSO (say by not clikcing the login button within 5 seconds or clikcing a SSO button). How can we get this to work?
Kind regards
Kenneth EriksenActually, we want both...
Most of the time, SSO is desired, but when testing role changes etc we need to be able to log on with a test user.
The desired scenario:
When you try to run a web report/query and have not logged on, the system should offer you two options:
1) Manual log on
2) Single sign on
If you wait for a specified time (say 3 seconds) without selecting an option then SSO is used automatically (to avoid having to select SSO every time you need it).
If you click manual log on then you should be prompted for a username/password and be logged on as the specified user.
Can this be done at all?
Kind regards
/Kenneth -
Oracle form is slow when first login and normal after that
My Query is that one screen when queried is very slow on first login and normal with same query afterwards.What can be the cause.Forms 10g on Linux,Database 10g
I had raised this issue to Oracle. It is now considered as bug:
BUG 13005659 - PSR:PERF:BIP:POOR PERF ACCESSING CATALOG FOLDER IN BIP 11G WITH SECURITY ENABLED
The notes:
1373204.1: BI Publisher: Navigation in catalog folders is slow after enabling catalog file system security
And the fix is now included in one-off patch for October 2011:
Patch 13042018 -
Can anyone help regarding the Admin Login page and Normal User Page.
Hi Friends,
I have worked on normal login page it has been worked well. But now i have to create the Admin login page. That means, I have written the code in the following way.
public String userLogin_action() {
// TODO: Process the button click action. Return value is a navigation
// case name where null will return to the same page.
com.sun.sql.rowset.CachedRowSetXImpl crs = new com.sun.sql.rowset.CachedRowSetXImpl();
String Name = getUserName().getText().toString();
String password = getUserPwd().getText().toString();
try {
crs.setDataSourceName("java:comp/env/jdbc/Employee");
crs.setCommand("SELECT * FROM srni.UserTable");
crs.setTableName("UserTable");
crs.execute();
crs.beforeFirst();
while(crs.next()){
info("Cursor is been moving");
boolean ok = crs.getBoolean("Admin");
info("Value of ok:" + ok);
String Username = (String) crs.getObject("UserName");
info("Usernames are:" + Username + Name);
if(Username.equals(Name)&&(ok)){
info("Login Successfull");
java.util.Date Date = new java.util.Date();
info(" Admin Logged on :" + Date);
return "toUserPage";
info("Login Failed or Admin doesn't exist");
catch (Exception e) {
error("Login Failed : " + e.getMessage());
} finally {
crs.close();
return null;
}You can see there that i have used the boolean type of value for verifying wheter the user is admin or not. If the admin type of column in database is true then it must allow the admin to certain page. Otherwise it must not redirect. So i have used this logic. When i am checking it is showing everything true,but it is not redirecting and it is saying that login failed. Please try the above code with a sample database table and verify it. You can see the output like this.
Cursor is been moving
Value of ok:true
Usernames are: srinu srinu //here it must not go to next cursor,because srinu has been identified, but it is not behaving like that.
Cursor is been moving
Value of ok:false
Usernames are: Chandu srinu
Cursor is been moving
Value of ok:false
Usernames are: kirank srinu
Login Failed or Admin doesn't exist The above output describes that it is moving the cursor from first row to the last row and checking all the usernames i n each row with the given username, and it is also checking wheter it is admin or not. Currently i have three rows so it is moving three times. It is retreiving every value correctly but in comparing it is not comparing. What to do.
Please help me out from this problem.
Thanking You in Advance.The buttons are all created using the same library object (but MC), except for the code you have in the revised file does not call on that for the con button.
You have it calling on something with a linkage name of "con", which a quick check tells me doesn't exist--so it is undefined in the code when you try to use it. I found this by using trace(newConBut._x); after its _x value was assigned, as I mentioned you should try. So the first thing you want to do is change the following line from...
var newConBut = _root.attachMovie("con", "conbut", _root.getNextHighestDepth());
To
var newConBut = _root.attachMovie("but", "conbut", _root.getNextHighestDepth());
so that it uses the but MC that serves that purpose in the library. Then you want to correct the _x assignment of the buttons to what I think you had earlier...
newConBut._x = 650-newConBut._width;
newRecBut._x = newConBut._x-newRecBut._width;
Here is a picture of what those changes do (note, without the XML file I had to finagle things just to work, so the biutton labels aren't what they will be)... -
APEX SSO and Load balancing: Could not determine workspace for application
We had a single HTTP Server serving APEX in a 10.2.0.2 database configured with SSO to be used by the developers. APEX has been registered as a partner application and the login url has been CA Siteminder protected so that the SM_USER details are forwarded in the header for the application to use for authorization. Everything is fine so far.
Now we have added a HTTP Server on another host and have it all set up for APEX and its pointing to the same database. APEX_ADMIN access works as normal, but applications previously using SSO now get the following error after entering the URL.
Expecting p_company or wwv_flow_company cookie to contain security group id of application owner.
Error ERR-7620 Could not determine workspace for application ().
Using HTTP Watch I find that the application is not even trying to redirect to the login page.
What is wrong here?APEX has been registered as a partner application as described in
http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
In the meantime I found metalink document 368746.1 which describes the cause of this problem. Please read carefully what I wrote, it all works when the the new APEX web server is turned off in the server farm on the load balancer and directed through the original web server. When running regapp.sql the hostname in the listener token was using the virtual hostname. This works fine if the request comes from the original APEX server which proofs that there is nothing wrong with the installation and set up of SSO. When directing the request to the new APEX web server the APEX_ADMIN page still works only existing work spaces using SSO don't seems to work anymore resulting in a error as described in the subject.
As for metalink document 368746.1 naming the causes of this error:
- there are no duplicate entries in WWSEC_ENABLER_CONFIG_INFO$
-LISTENER_TOKEN clearly works for requests coming from the first web server
-theoretically the web server listener port could be changed from 7777, but port 80 needs to be maintained here as production is mimiced as far down as possible.
Is there some cache table which can be cleared? How is it that the flows schema (apex engine) can not find the work space when the request comes from a new web server which can however access the APEX_ADMIN pages.
anyone? -
Hello folks,
Due to my inexperience with PS6, I'm looking for some high-level outline that will help me look in the right places and understand things better here.
I have an external application that requires authentication via a web form (or by attaching the username and password on the URL as parameters).
What I want to do is have a channel of this application and utilize information from the SSO mechanism to redirect the request to that remote app and provide the credentials for a transparent login.
From what I understand this can be done by having a servlet in that channel to retrieve the credentials of the user for that remote application from the SSO and then redirect to the external application, attaching the credentials to the URL.
Is the above correct? I would appreciate any pointers or considerations since my experience with PS is minimal.
Thanks in advance,
ManosI don't see a way to that servlet to retrieve a password for the user - it's not stored in the session.
There are following options:
1. OpenText LiveLink way: You have some "hidden" password for every user (based on user's ID and a shared key) known only to your server and this servlet. Servlet will supply this password.
2. Normal way - web server: Implement login module to this application, which will trust REMOTE_USER variable provided by the agent on the web server.
3. Normal way - standalone app: Implement login module to this application which will validate DSAME session cookie on the DSAME server. You can use example code in the SUNWam/samples/ of your server. -
SSO Deployment-specific login - howto display application name
I am deploying 4 forms applications using a single SSO server/OID for authentication. The problem is, I want to display the application name on login.jsp, depending on which application was requested.
For example:
If the URL is http://localhost/forms/frmservlet?config=app1, then login.jsp should display "App1".
If the URL is http://localhost/forms/frmservlet?config=app2, then login.jsp should display "App2".
...... and so on. Has anyone ever done it before? I am using Oracle 10g Release 2.
Thanks,
Sanjay GulabaniThanks to timktaylor's earlier post (messageid=1184036), I was able to solve this problem. I am using Oracle 10g (10.1.2.0.2) Single Sign On and Forms Services.
For anyone who is facing a similar problem, I am pasting the code - just use it as it is in login.jsp - of course, you will need to change app1 and "APP 1" etc to suit your application names.
(%ORACLE_HOME%\j2ee\OC4J_SECURITY\applications\sso\web\jsp\login.jsp):
<%
String str_token = null;
try
str_token = request.getParameterValues("site2pstoretoken")[0];
catch (Exception e)
try
str_token = request.getParameterValues("Site2pstoreToken")[0];
catch (Exception e1)
str_token = null;
if(str_token == null)
throw new Exception("The site2pstoretoken value not found");
//Code to decode site2pstoretoken starts here
java.sql.Connection con = null;
try
oracle.jdbc.pool.OracleDataSource ds = new oracle.jdbc.pool.OracleDataSource();
ds.setURL("jdbc:oracle:thin:@ngt-hyd:1521:orcl");
con = ds.getConnection("orasso", "UBrWt0c9" );
java.lang.String query = "begin ? := wwsso_utl.unbake_site2pstore_token('" + str_token + "',?); end;";
java.sql.CallableStatement cstmt = con.prepareCall(query);
cstmt.registerOutParameter(1, java.sql.Types.VARCHAR);
cstmt.registerOutParameter(2, java.sql.Types.VARCHAR);
cstmt.executeQuery();
java.lang.String x = cstmt.getString(1);
if (x.toLowerCase().indexOf("config%3dapp1") > -1) ngd_app_name = "APP 1";
if (x.toLowerCase().indexOf("config%3dapp2") > -1) ngd_app_name = "APP 2";
if (x.toLowerCase().indexOf("config%3dapp3") > -1) ngd_app_name = "APP 3";
if (x.toLowerCase().indexOf("config%3dapp4") > -1) ngd_app_name = "APP 4";
if (x.toLowerCase().indexOf("oiddas") > -1) ngd_app_name = "Delegated Administrative Services";
javax.servlet.http.HttpSession session = request.getSession();
if (ngd_app_name.trim().length() > 0) session.setAttribute("ngd_app_name",ngd_app_name);
out.println("<center>");
out.println(ngd_app_name);
out.println("</center>");
finally
if( con != null ) { con.close(); }
//Code to decode site2pstoretoken ends here
%> -
SSO and portal timeout -- other bug?
...this is very probably related to the other post talking about SSO and portal timeout...
I am having another weird issue with dotnet portlets that uses inline refresh (done automatically by dotnet accelerator) and SSO.
When you let the portal session expire, and then click on a button/link within a portlet (hence generate an inline refresh gatewayed request), the full portal window (header/footer etc...) appears within the portlet, instead of the portlet content alone.
I did some http traces (see below) and it seems the problem is due to the windows SSOLogin.aspx (we are using windows auth SSO) not taking the requested portlet gatewayed request url as a post login redirect info... but taking instead the current page url (which is wrong)
Thus, after the gatewayed portlet request is successfully authenticated by the SSOLogin.aspx component, it is automatically redirected to the wrong urll...making the full portal page refresh into the portlet.
So my question is: have anyone already seen such behavior? And has anything been done to fix this?
It really seems like a bug with the SSO servlet...but maybe i am doing something wrong...Just want to have your thoughts on this.
Thanks,
Fabien
============================================================================================
HTTP Trace:
POST 302 Redirect to /portal/sso/SSOLogin.aspx?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login http://your.portal.com/portal/server.pt/gateway/PTARGS_0_15046_362_205_0_43/http%3B/your.portletserver.com/yourapp/youraspx.aspx
GET 401 text/html http://your.portal.com/portal/sso/SSOLogin.aspx?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login
GET 401 text/html http://your.portal.com/portal/sso/SSOLogin.aspx?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login
GET 302 Redirect to http://your.portal.com/portal/server.pt?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login http://your.portal.com/portal/sso/SSOLogin.aspx?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login
GET 200 text/html; charset=utf-8 http://your.portal.com/portal/server.pt?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=LoginI have this happen in v6.0 sp1. We have worked around the problem with a bit of work and synchronization of settings. Below, I've outlined how we've worked around the problem (which is indeed a problem that should be fixed). Also, if you have a load balancer, you'll need to set your session timeout on the load balancer to a bit more than the refresh rate that you set for your communities and My Pages.
Resolving the Portlet Timeout / Refresh Problem in ALUI Portal_
Problem: Users occasionally receive the portal page within a portlet error
Cause: The root cause has not been determined; however it appears that the primary event that exhibits the behavior is when a teammember’s session has expired on the portal server and they then utilize a .NET form-based portlet which refreshes in place. Because we are using WIA SSO to enable automatic logins to the portal, it makes the error seem to occur randomly.
Resolution:
The workaround solution is to – 1) increase the portal session timeout on the portal web servers from the default 20min to 4 hours, and 2) set the MyPage refresh interval setting for all portal users to 3 hours. The setting name is a bit of a misnomer, as it will actually refresh the entire portal page automatically if the user is idle on either a My Page or a Community Page, as these are the only two places that portlets reside.
Increasing the portal session timeout:
The portal session timeout is controlled in two places, and both settings should match. On the portal virtual directory in IIS, edit the configuration and increase the timeout setting to 240 (minutes). Then, edit the portal application’s web.config file (d:\portal\ptportal\6.0\webapp\portal\web\) and increase the sessionState Timeout variable to 240. Editting the config file will require you to restart the services before you see the change.
Initial setting of the MyPage refresh interval:
The initial setting will need to be done by a SQL script in order to apply it to all existing users. The Default Profile should also be updated so that all new user synched from AD will have this setting applied automatically.
/* Delete refresh interval settings for all users first so that there are no conflicts on the inserts */
DELETE FROM portaldbuser.ptprefs WHERE prefname = 'intMyPageRefreshRate'
/* Insert desired page refresh setting for all users */
INSERT INTO portaldbuser.ptprefs (userid,gadgetid,prefclassid,prefobjectid,prefname,prefvaluetype,prefvalue,pagenumber) SELECT objectid,0,0,0,'intMyPageRefreshRate',3,180,0 FROM portaldbuser.ptusers
From Administration, access the Default Profiles utility. Check the Default Profile entry and click on the Edit Profile Layout link. Click on the My Account link in the Portal Settings portlet and then on the Display Options link on the next page. In the Page and Portlet Settings, update the Your My Page will be updated: setting to 4 hours. Click Finish twice to return to Administration.
Updating the MyPage refresh interval:
To update the setting just modify the insert portion of the SQL script. Change the prefvalue number (180) to the desired timeout in minutes and rerun both statements of the script.
The Default Profile should be also be modified per the instructions above.
I hope this helps...
-tom -
We recently registered our E-Business instance with 10g SSO and everything is working as expected except for iRecruitment. External users can access the iRecruitment home page without any problem. When they attempt to login I expect that they are directed to a local login page, but for some reason they are directed to the SSO login page... which makes no sense for an external user. Has anyone seen this or have any suggestions for resolving the issue? Thanks.
Frank WrightOur SSO login page is internally accessible only. Apparently, SSO registration is all or nothing for the entire E-Business Suite. We are able to set APPS_SSO_TYPE (the profile option to enable or disable SSO) only at the site level. Looks like this is a relatively recent change, per Metalink note 402122.1:
"If you are on OA Framework 11.5.10 ATG CU 3 the Applications SSO Type
can only be set at site level and no lower. Prior to OA Framework
11.5.10 ATG CU 3, there was the ability to set the system profile
Applications SSO Type at a lower level."
Our SSO server authenticates against Oracle Internet Directory which is synchronizing and externally authenticating with Active Directory. EBS accounts are provisioned unidirectionally from OID. If, as I understand, SSO is all or none with all EBS applications, then I think we will have to:
1) Modify EBS provisioning to be bidirectional, OID->EBS and EBS->OID
2) Configure OID DIT to place reconciled EBS accounts in a container that will not be externally authenticated against AD
3) Put our SSO login server in the DMZ
If we do all these things then I think everything will work right. Is this correct, and/or is there any other way? It seems silly to me that external iRecruitment users should be forced to authenticate with our SSO server...
Thanks,
Frank Wright -
Hi,
Does anyone know how to suppress the SSO and reports authentication when we run reports from either Oracle Forms or URL - by using the standalone/custom report server? Whenever we call reports from Forms or URL, the login page comes up.
Thanks.
AndyHello,
To suppress the SSO and reports authentication HTM page , you have to modify the Reports Server configuration in order to set it "non secure"
Remove securityId="rwSec" in :
<job jobType="report" engineId="rwEng" securityId="rwSec"/>
And you can remove too the security TAG
<security id="mysec1" class="oracle.reports.server...">
<property name="oidEntity" value="ReportsApp"/>
</security>
restart the Reports server fater the modifications.
Regards -
SSO and Principal Propagation in SUP
Hi all,
I am wondering how SSO and Principal Propagation work in SUP.
Ideally, users should be able to logon on their device application and the same user/pwd should be used to perform backend SAP invocations.
I have seen that personalization keys exists which can store users/passwords to use later in backend invocations.
However:
how can I perform login if my device is offline?
is the password used for login from device the same as the SAP system's?
do SUP and SAP have to share the same user engine (i.e. LDAP)?
Any help or pointers to best practices/manuals are really appreciated
Thanks, regards
VincenzoHi
how can I perform login if my device is offline?
Once the device logs into the SUP once every-time thereafter the client app doesn't perform an online authentication.
The credentials are stored on the device securely and authenticated with the user supplied credentials. When the device is online it will perform the online authentication.
is the password used for login from device the same as the SAP system's?
You can have the same credentials on both the systems. The SAP connectivity credentials are however stored in SUP.
do SUP and SAP have to share the same user engine (i.e. LDAP)?
Yes currently SUP for development purposes has the openDS ldap service. but in production we can use the LDAP provider of your company.
Thanks -
My Macbook Pro has become very slow and it sometimes hangs. How can I make it work faster and normal? I used Etrecheck and got the report below;
EtreCheck version: 1.9.12 (48)
Report generated June 16, 2014 at 18:05:25 GMT+1
Hardware Information:
MacBook Pro (13-inch, Mid 2012) (Verified)
MacBook Pro - model: MacBookPro9,2
1 2.5 GHz Intel Core i5 CPU: 2 cores
4 GB RAM
Video Information:
Intel HD Graphics 4000 - VRAM: (null)
Color LCD 1280 x 800
System Software:
OS X 10.9.3 (13D65) - Uptime: 0 days 1:50:52
Disk Information:
APPLE HDD TOSHIBA MK5065GSXF disk0 : (500.11 GB)
EFI (disk0s1) <not mounted>: 209.7 MB
Machintosh HD (disk0s2) / [Startup]: 499.25 GB (465.33 GB free)
Recovery HD (disk0s3) <not mounted>: 650 MB
MATSHITADVD-R UJ-8A8
USB Information:
Apple Inc. FaceTime HD Camera (Built-in)
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Computer, Inc. IR Receiver
Thunderbolt Information:
Apple Inc. thunderbolt_bus
Gatekeeper:
Mac App Store and identified developers
Launch Daemons:
[loaded] com.adobe.fpsaud.plist Support
[loaded] com.microsoft.office.licensing.helper.plist Support
User Login Items:
iTunesHelper
Dr.Web Light
Dropbox
Internet Plug-ins:
SharePointBrowserPlugin: Version: 14.0.0 Support
FlashPlayer-10.6: Version: 14.0.0.125 - SDK 10.6 Support
Flash Player: Version: 14.0.0.125 - SDK 10.6 Support
QuickTime Plugin: Version: 7.7.3
Default Browser: Version: 537 - SDK 10.9
Safari Extensions:
iGetter Extension: Version: 2.9.2
Audio Plug-ins:
BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9
AirPlay: Version: 2.0 - SDK 10.9
AppleAVBAudio: Version: 203.2 - SDK 10.9
iSightAudio: Version: 7.7.3 - SDK 10.9
iTunes Plug-ins:
Quartz Composer Visualizer: Version: 1.4 - SDK 10.9
User Internet Plug-ins:
iGetter Plugin: Version: 2.9.2 Support
iGetterScriptablePlugin: Version: 2.9.2 Support
3rd Party Preference Panes:
Flash Player Support
Time Machine:
Time Machine not configured!
Top Processes by CPU:
4% Dropbox
3% WindowServer
0% fontd
0% Microsoft Word
0% Microsoft Excel
Top Processes by Memory:
242 MB drwebd
176 MB Dropbox
147 MB Dr.Web Light
86 MB WindowServer
82 MB App Store
Virtual Memory Information:
43 MB Free RAM
1.68 GB Active RAM
1.65 GB Inactive RAM
641 MB Wired RAM
421 MB Page-ins
0 B Page-outsMeli070,
uninstall Dr.Web Light. -
Cisco 3850 SSO and NSF failover time
Dear Member,
I m trying to setup a network with few second fail-over with Cisco 3850 stack, C3850 support SSO and NSF on OSPF.
However, when the Master fails, Slave take up the role and re-learn routing information and around 10 sec to fail-over.
May any brothers have this experience and 10 sec fail-over should be the normal behavior or can be enhance?
Attach diagram for reference.
Regards
RussGreat, adding the following command and only have 1 ping loss with end to end.
=========================
Stack-mac persistent timer 0
router ospf 1
nsf cisco enforce global
======================== -
Setup and Configure IM Components SSO and DAS on Replica RMS Node
Dear All,
I was trying the step
Step 5: How to Setup and Configure IM Components SSO and DAS on Replica RMS Node In Multimaster Replication (MMR) with Identity Management (IM) Cluster in High Availability Env
But, at the stage to connect to OID, it is not connecting to the RMS database.
When I checked login through ODM, it is connecting fine. also, ldapbind is also binding fine.
How to solve this ? What will be the issue and where to check it ?
Also, from the RMS, when I am connecting through EM console, I am not getting any output on Infrastructure link to change the passwords. its showing
Identity Management
Error retrieving information of default metadata repository.
Unable to establish secure connection to Oracle Internet Directory Server ldap://devportal.paaf.gov.kw:636/ Base Exception : javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
If there is any experts, pls reply. Because, last time I created a TAR and it took months to resolve and ultimately nothing happened they closed the TAR after some time as I was busy with some other works and not able to proceed with the synchronization.
Thanks in advance,
With Regards,
Sheeja AnilRule [ 47 ]: fuser link
~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if the fuser symbolic link /sbin/fuser -> /bin/fuser exists or
not. This is required for Suse 8.0 and Suse 9.0.
Test [ PASSED ] :
Not required =~ Exists|Not required
Action:
fuser link exists or not required.
Rule [ 48 ]: orarun package
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if the orarun package is installed and if the oracle user
environment need to be reset. This is only required for Suse 8.0 and
Suse 9.0.
Test [ PASSED ] :
Not applicable =~ Not installed|Installed correctly|Not
applicable|Environment reset not required
Action:
orarun is not installed or installed correctly.
Rule [ 49 ]: semmsl
~~~~~~~~~~~~~~~~~~~
Description:
Check if semmsl kernel parameter is 256 or higher. For more details on
how to configure this parameter, refer to Oracle Application Server
10.1.2 Installation Guide - Chapter 4 - Section 4.3.2 Configuring the
Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
semmsl kernel parameter is 256 or higher.
Rule [ 50 ]: semmns
~~~~~~~~~~~~~~~~~~~
Description:
Check if semmns kernel parameter is 32000 or higher. For more details
on how to configure this parameter, refer to Oracle Application Server
10.1.2 Installation Guide - Chapter 4 - Section 4.3.2 Configuring the
Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
semmns kernel parameter is 32000 or higher.
Rule [ 51 ]: semopm
~~~~~~~~~~~~~~~~~~~
Description:
Check if semopm kernel parameter is 100 or higher. For more details on
how to configure this parameter, refer to Oracle Application Server
10.1.2 Installation Guide - Chapter 4 - Section 4.3.2 Configuring the
Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
semopm kernel parameter is 100 or higher.
Rule [ 52 ]: semmni
~~~~~~~~~~~~~~~~~~~
Description:
Check if semmni kernel parameter is 142 or higher. For more details on
how to configure this parameter, refer to Oracle Application Server
10.1.2 Installation Guide - Chapter 4 - Section 4.3.2 Configuring the
Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
semmni kernel parameter is 142 or higher.
Rule [ 53 ]: shmall
~~~~~~~~~~~~~~~~~~~
Description:
Check if shmall kernel parameter is 2097152 or higher. For more
details on how to configure this parameter, refer to Oracle
Application Server 10.1.2 Installation Guide - Chapter 4 - Section
4.3.2 Configuring the Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
shmall kernel parameter is 2097152 or higher.
Rule [ 54 ]: shmmax
~~~~~~~~~~~~~~~~~~~
Description:
Check if shmmax kernel parameter is 2147483648 or higher. For more
details on how to configure this parameter, refer to Oracle
Application Server 10.1.2 Installation Guide - Chapter 4 - Section
4.3.2 Configuring the Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
shmmax kernel parameter is 2147483648 or higher.
Rule [ 55 ]: shmmni
~~~~~~~~~~~~~~~~~~~
Description:
Check if shmmni kernel parameter is 4096 or higher. For more details
on how to configure this parameter, refer to Oracle Application Server
10.1.2 Installation Guide - Chapter 4 - Section 4.3.2 Configuring the
Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
shmmni kernel parameter is 4096 or higher.
Rule [ 56 ]: msgmax
~~~~~~~~~~~~~~~~~~~
Description:
Check if msgmax kernel parameter is 8192 or higher. For more details
on how to configure this parameter, refer to Oracle Application Server
10.1.2 Installation Guide - Chapter 4 - Section 4.3.2 Configuring the
Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
msgmax kernel parameter is 8192 or higher.
Rule [ 57 ]: msgmnb
~~~~~~~~~~~~~~~~~~~
Description:
Check if msgmnb kernel parameter is 65535 or higher. Refer to Oracle
Application Server 10g Installation Guide 10g - Chapter 4 - Section
4.3.3 Configuring the Kernel Parameters on Linux for more details on
how to configure this.
Test [ PASSED ] :
Adequate = Adequate
Action:
msgmnb kernel parameter is 65535 or higher.
Rule [ 58 ]: msgmni
~~~~~~~~~~~~~~~~~~~
Description:
Check if msgmni kernel parameter is 2878 or higher. For more details
on how to configure this parameter, refer to Oracle Application Server
10.1.2 Installation Guide - Chapter 4 - Section 4.3.2 Configuring the
Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
msgmni kernel parameter is 2878 or higher.
Rule [ 59 ]: file-max
~~~~~~~~~~~~~~~~~~~~~
Description:
Check if file-max kernel parameter is 131072 or higher. For more
details on how to configure this parameter, refer to Oracle
Application Server 10.1.2 Installation Guide - Chapter 4 - Section
4.3.2 Configuring the Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
file-max kernel parameter is 131072 or higher.
Rule [ 60 ]: ip_local_port_range
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if ip_local_port_range kernel parameter is between 10000 and
65000 or higher. For more details on how to configure this parameter,
refer to Oracle Application Server 10.1.2 Installation Guide - Chapter
4 - Section 4.3.2 Configuring the Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
ip_local_port_range kernel parameter is between 10000 and 65000 or
higher.
Rule [ 61 ]: limit processes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if the limit of max processes is set to 16384 or higher. For
more details on how to configure this parameter, refer to Oracle
Application Server 10.1.2 Installation Guide - Chapter 4 - Section
4.3.2 Configuring the Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
The limit of max processes is set to 16384 or higher.
Rule [ 62 ]: limit descriptors
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if the limit of file descriptors is set to 65536 or higher. For
more details on how to configure this parameter, refer to Oracle
Application Server 10.1.2 Installation Guide - Chapter 4 - Section
4.3.2 Configuring the Kernel Parameters on Linux.
Test [ PASSED ] :
Adequate = Adequate
Action:
The limit of descriptors is set to 65536 or higher.
Rule [ 63 ]: Port 1521
~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if port 1521 is free or not. If port 1521 is used by an Oracle
listener version 10.1.0.2 or later, then the existing listener will be
used by the existing database and the Oracle Application Server 10g
Metadata Repository. The installer will perform this configuration
automatically. If port 1521 is used by an Oracle listener version
earlier than 10.1.0.2, then the existing listener need to be stopped.
After the installation is complete, the new 10.1.0.2 listener can be
configured to listen to the existing (pre 10.1.0.2) databases. If port
1521 is used by non-oracle programs, then this program need to be
configured to listen to ports other than 1521. Refer to Installation
Guide, section 4.4.4 for more details.
Test [ PASSED ] :
TNS Listener 10.1.0.2 or higher is running =~ TNS Listener 10.1.0.2 or
higher is running|Free
Action:
Port 1521 is not used, or is used by TNS*Listener version 9.0.1 or
higher.
Rule [ 64 ]: Environment Variables
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if the following environment variables are not set: TNS_ADMIN,
ORA_NLS, and LD_BIND_NOW. In addition, the following environment
variables must not references to any existing Oracle Home: PATH,
CLASSPATH and LD_LIBRARY_PATH.
Test [ FAILED ] :
Has reference to existing Oracle Homes = Properly defined
Action:
Refer to the following table for the necessary action to take:
<PRE>
Return Value Action
Has reference to existing Remove any reference to existing
Oracle Homes Oracle Homes from PATH, CLASSPATH
and LD_LIBRARY_PATH.
Some variables are set Unset TNS_ADMIN, ORA_NLS, and
LD_BIND_NOW.
Cannot access /etc/oratab Grant read permission on
/etc/issue to the current user.
</PRE>
Rule [ 67 ]: DNS Lookup
~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if the host is properly registered in the DNS.
Test [ FAILED ] :
nslookup IP_address = Host correctly registered in DNS
Action:
Refer to the following table for the necessary action to take:
<PRE>
Return Value Action
nslookup host.domain The DNS server failed to resolve the
nslookup using host.domain.
nslookup IP_address The DNS server failed to resolve the
nslookup using IP address.
Cannot determine IP address Fix any problem with host IP address.
Cannot access Grant execute permission on
/usr/bin/nslookup /usr/bin/nslookup to the current
user.
</PRE>
Rule [ 68 ]: /etc/hosts format
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if /etc/hosts file contains a line with "ip_address
fully_qualified_hostname short_hostname".
Test [ PASSED ] :
Contains host.domain = Contains host.domain
Action:
The Fuly Qualified Domain name has been set correctly.
Rule [ 69 ]: Oracle Home length
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check that the path to the Oracle home directory is not longer than
127 characters.
Test [ PASSED ] :
Less than 127 char = Less than 127 char
Action:
Oracle Home directory is not longer than 127 characters.
Rule [ 70 ]: Memory for Dev Kit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if the machine has enough memory to install Developer Kits
install type. The minimum requirements is 256 MB.
Test [ PASSED ] :
Available = Available
Action:
The machine has enough memory to install J2EE & Webcache install type.
Rule [ 71 ]: Memory for BI&Forms
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if the machine has enough memory to install Business
Intelligence & Forms install type. The minimum requirements is 1 GB.
Test [ PASSED ] :
Available =~ Available|Install type not available
Action:
The machine has enough memory to install Business Intelligence & Forms
install type.
Rule [ 72 ]: Space for BI&Forms
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if the machine has enough disk space to install Business
Intelligence & Forms install type. The minimum requirements is 2 GB.
Test [ PASSED ] :
Available =~ Available|Install type not available
Action:
The machine has enough disk space to install Business Intelligence &
Forms install type.
Rule [ 73 ]: control-center
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if the minimum required control-center package version is
installed. For RedHat AS/ES 4.0: control-center-2.8.0-12.
Test [ PASSED ] :
Adequate =~ Adequate|Not required
Action:
The required compat-db package version or higher is installed.
Rule [ 74 ]: xscreensaver
~~~~~~~~~~~~~~~~~~~~~~~~~
Description:
Check if the minimum required xscreensaver package version is
installed. For RedHat AS/ES 4.0: xscreensaver-4.18-5.rhel4.2.
Test [ PASSED ] :
Adequate =~ Adequate|Not required
Action:
The required compat-db package version or higher is installed.
Maybe you are looking for
-
i have i iphone 4s. i can not turn on my wifi threw my settings. i can turn it on threw siri and the slide up pannel but it still dont connect i have reset my whole phone whipped it clean and also reset my network settings and it still dont work. ple
-
Use SAP defined methods instead of Logical Database(LDB)
Hi All, I gonethrough some documents related to new HR ABAP programing without using logical database. we can replace the logical databased with SAP defined methods for all the infotypes. Appreciate if anyone let me know how do this. Thanks in adva
-
Purchasing music from iTunes to send to someone?
How do i purchase music from itunes and send it or have it sent to my girlfriends e-mail?
-
The only thing that was different was that I had enabled spaces for the first time. And assigned applications to different spaces. I went to open my iPhoto from the dock and nothing! I disabled spaces, which was working fine with all my other apps, a
-
Info about MSI NX6600 VTD256EH?
I have this card it has passive coler+vivo OK works fine but I ask where is info about this card on MSI page??? card wos bought in retail packing so MSI should make product info/drivers ect.. at site or am i wrong?