SSO between BW and Sharepoint

Hi,
We have a situation where we want to establish SSO between SAP BW (3.5 with out java stack running on UNIX machine) and MS Sharepoint server.
Can you kindly let me know what could be the best solution and any documentation?
I've looked at various docs and mostly all are boiling down to have a Java Stack. I'm unable to figure out a correct solution for the above scenario.
Thanks and regards
Aarthi

Hi Andre,
We have Windows NTLM (not kerberos) enabled for IWA to logon to Sharepoint portal.
Thanks and regards
Aarthi

Similar Messages

SSO between ITS and EP

We are implementing ESS MSS on 4.7 , ITS 4.7 with EP 6.0
Can some one point me as to how to configure the SSO between these various landscapes. I Think we would require SSO between EP and ITS for ESS in MSS services.
regards
Sam
Message was edited by:
sameer chilama

Hi Sameer,
All the information you are looking for is in the help.sap.com
http://help.sap.com/saphelp_nw04/helpdata/en/89/6eb8e1af2f11d5993700508b6b8b11/frameset.htm
This help guide is really very clear and thorough.
Regards
Daniel

SSO between Portal and Nakia.....problem with SSO... library not found..

Hi Sdn's and Nakisa tehnical experts,
We have a Portal environment 7.02 , a Nakisa environment 3.0 (CE) and and HR backend environment 701 (604).
We are busy setting up SSO between Portal and Nakisa via the, URL iview for the Org chart (http://<host>:<port>OrgChart/default.jsp).
We have done as indicated in wiki:
http://wiki.sdn.sap.com/wiki/display/ERPHCM/SAPSSOAuthenticationwithverify.pseusingSAPSSOEXT
We are however stil having issues with the SSO and in the cds.log the following is being displayed:
++01 Aug 2011 13:11:42 ERROR com.nakisa.Logger - com.mysap.sso.SSO2Ticket : Could not load library: sapsecu.dll - java.lang.Exception: MySapInitialize failed: rc= 14null++
++01 Aug 2011 13:11:42 ERROR com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0++
++01 Aug 2011 13:11:42 ERROR com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Internal error (9) - No SSF error (0)++
Can someone indicate what I am doing wrong?
Regards Dries

Hi Luke,
thanks a lot for your help so far.
I have created a root/XML folder under the diretory, and the path is now as follows:
K:\usr\sap\NKP\J14\j2ee\cluster\apps\Nakisa\OrgChart\servlet_jsp\OrgChart\root\.system\Admin_Config\__000__Sasol_DEV_LIVE\.delta\root\XML
It seems like it finds the verify.pse, but not the library, sapsecu.dll.
My credentials.xml file is as follows:
<credentials>
<assembly name="SapSso"/>
<info>
    <item name="PseFilePath">XML\verify.pse</item>
    <item name="SsfLibFilePath">XML\sapsecu.dll</item>
    <item name="PsePassword"></item>
    <item name="WindowsPlatform">64</item>
    <item name="TicketFile"></item>
    <item name="Base64decode">true</item>
   </info>
</credentials>
I however stilll get the following in the cds.log
15 Aug 2011 13:59:53 INFO com.nakisa.Logger - Tenant ID: 000
15 Aug 2011 13:59:55 INFO com.nakisa.Logger - LoginSettingsObject Load: 1719
15 Aug 2011 13:59:55 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Credential provider SapSso
15 Aug 2011 13:59:55 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Using cert: K:\usr\sap\NKP\J14\j2ee\cluster\apps\Nakisa\OrgChart\servlet_jsp\OrgChart\root\XML\verify.pse
15 Aug 2011 13:59:55 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Ticket is: AjExMDAgAA9wb3J0YWw6eXNzZWxhZ2OIABNiYXNpY2F1dGhlbnRpY2F0aW9uAQAIWVNTRUxBR0MCAAMwMDADAANEUDkEAAwyMDExMDgxNTExNDcFAAQAAAAICgAIWVNTRUxBR0P%2FAQQwggEABgkqhkiG9w0BBwKggfIwge8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGBzzCBzAIBATAiMB0xDDAKBgNVBAMTA0RQOTENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTEwODE1MTE0NzIwWjAjBgkqhkiG9w0BCQQxFgQUK13ubzFiQrY4H%2FLRk2ysyvPSvccwCQYHKoZIzjgEAwQuMCwCFF1W9d!tAjLvP8dnb1bs4XghaHSBAhQ9kd9N!bJubUWITtkzU!za96lxNg%3D%3D
15 Aug 2011 13:59:55 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Version of SAPSSOEXT: SAPSSOEXT 4
15 Aug 2011 13:59:55 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : SCUE LIB base path is:
15 Aug 2011 13:59:55 ERROR com.nakisa.Logger - com.mysap.sso.SSO2Ticket : Could not load library: sapsecu.dll - java.lang.Exception: MySapInitialize failed: rc= 14null
15 Aug 2011 13:59:55 ERROR com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0
15 Aug 2011 13:59:55 ERROR com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Internal error (9) - No SSF error (0)
15 Aug 2011 13:59:55 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : User to authenticate null
15 Aug 2011 13:59:55 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Authentication provider SapSso
15 Aug 2011 14:00:00 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : User authenticated null
15 Aug 2011 14:00:00 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Authentication row is {SapSsoTicket=AjExMDAgAA9wb3J0YWw6eXNzZWxhZ2OIABNiYXNpY2F1dGhlbnRpY2F0aW9uAQAIWVNTRUxBR0MCAAMwMDADAANEUDkEAAwyMDExMDgxNTExNDcFAAQAAAAICgAIWVNTRUxBR0P%2FAQQwggEABgkqhkiG9w0BBwKggfIwge8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGBzzCBzAIBATAiMB0xDDAKBgNVBAMTA0RQOTENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTEwODE1MTE0NzIwWjAjBgkqhkiG9w0BCQQxFgQUK13ubzFiQrY4H%2FLRk2ysyvPSvccwCQYHKoZIzjgEAwQuMCwCFF1W9d!tAjLvP8dnb1bs4XghaHSBAhQ9kd9N!bJubUWITtkzU!za96lxNg%3D%3D}
15 Aug 2011 14:00:00 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : User population provider is Database
15 Aug 2011 14:00:00 INFO com.nakisa.Logger - FunctionRunner : ensurePool : Current pool size:0
15 Aug 2011 14:00:00 INFO com.nakisa.Logger - FunctionRunner : ensurePool : Current pool size:0
15 Aug 2011 14:00:00 INFO com.nakisa.Logger - FunctionRunner.executeFunctionDirect: /NAKISA/RFC_REPORT took: 266ms
15 Aug 2011 14:00:00 INFO com.nakisa.Logger - BAPI_SAP_OTFProcessor_Report : WhereClause : ( (Userid is null) or (Userid='') ); Table : (SAP_UserPopulation); Dataelement : (UserPopulationInfo)
15 Aug 2011 14:00:00 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : User populated
15 Aug 2011 14:00:00 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Role mapping provider is: SAP
15 Aug 2011 14:00:00 ERROR com.nakisa.Logger - SAPRoleMapping_SAP.MapRoles() : while trying to invoke the method java.lang.String.toUpperCase() of an object loaded from local variable 'value'
15 Aug 2011 14:00:00 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Login process finished with errors
Any ideas? Should I maybe hardcode the location in the credentials.xml?
Kind regards
Dries Yssel

SSO between Portal and Java WD application

Hi Experts,
I am using CE 7.2 on localhost and I am very new to SAP.
I need to know how can I get SSO between Portal and Java WD. I have a WD application that displays the logged in user using "IUser currentUser = WDClientUser.getCurrentUser().getSAPUser()", as well I can use "IUser user = UMFactory.getAuthenticator().getLoggedInUser()". Both work.
Q1. What is the difference in the 2 above?
Q2. My WD application is set to authenticate user. The WD application is in URL iView. I need SSO between Portal and WD application. Is there a way to get this SSO without SAP Backend (ECC), for now I just need SSO between Portal and Java WD appl.
Everything is in localhost.
Please advice. Thanks.

> need to know how can I get SSO between Portal and Java WD.
Then I suggest you ask your question in the Web Dynpro Java forum instead of the Web Dynpro ABAP one.

Setting up SSO between EP and back-end SAP systems

Can anybody give me some insight about setting up SSO between EP and back-end SAP systems. If possible some links to write up would be great.
Thanu

Hi,
This link gives you a detailed information on setting up SSO : http://help.sap.com/saphelp_nw04/helpdata/en/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
Some How-guides:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e676ec90-0201-0010-cfa3-90b7c1291903
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/77378b3d-0b01-0010-ffa5-c6941e286c43
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/80fbc690-0201-0010-1aba-93d5c8232b4a
Regards,
Sunil

Different ways to establish SSO between Portal and ADP

Hi,
We are implementing payroll with the help of ADP.
Please let me know different ways of establishing SSO between portal and ADP
Thanks
Bala Duvvuri

You may a few issues. SSO with logon tickets is based on accessing web sites in the same domain. So, if the portal is on http://ourportal.company.com, then the web site being accessed needs to have a URL like http://adphosted.company.com. Is the ADP system accessible by a DNS alias that is within company.com? If so, you're OK. If not, then there will be problems.
The other SSO method is user mapping, but the security implications are not good...

SSO between EP and ECC-- JCo RFC Provider- Error-- JCO_ERROR_SERVER_STARTUP

Hello Everyone
I am setting Up SSO between my EP 7.0 and my ECC 6.0 system. During the phase JCO RFC PRovider i am giving the following values:
The following was done;
1. start Visual Administrator -> Service : Choose JCo RFC Provider
2. Created JCo RFC provider:
Program ID: SAPJ2EE_Port
Gateway host: EPDEV ( host of my EP System)
Gateway service: sapgw00
Server Count 5
Application Server Host: ERP6 ( Host of my ECC System)
System Number: 00
Client: 000
Language: EN
User: SAPJSF
Password: ..
When i click on SET i am getting the error " ERROR When ADDING TO BUNDLE" Check LOG FOR DETAILS".
I checked the DEFAULTTRACE.TRC and get the following MEssage :
Date , Time , Message , Severity , Category , Location , Application , User
03/01/2011 , 3:33:30:101 , Error changing bundle SAPJ2EE_PORT , Error , /System/Server , com.sap.engine.services.rfcengine.RFCRuntimeInterfaceImpl.addBundle(BundleConfiguration conf) , , Administrator
03/01/2011 , 3:33:30:085 , com.sap.mw.jco.JCO$Exception: (129) JCO_ERROR_SERVER_STARTUP: Server startup failed at Tue Mar 01 03:33:30 PST 2011.
This is caused by either a) erroneous server settings, b) the backend system has been shutdown, c) network problems. Will try next startup in 1 seconds.
Could not start server: Connect to SAP gateway failed
Connect parameters: TPNAME=SAPJ2EE_PORT GWHOST=EPDEV GWSERV=sapgw00
ERROR       partner 'EPDEV:sapgw00' not reached
TIME        Tue Mar 01 03:33:30 2011
RELEASE     700
COMPONENT   NI (network interface)
VERSION     38
RC          -10
MODULE      nixxi.cpp
LINE        2823
DETAIL      NiPConnect2
SYSTEM CALL connect
ERRNO       10061
ERRNO TEXT WSAECONNREFUSED: Connection refused
COUNTER     1
I have configured my SLD as well. Any suggestions. Please Advise.

Hi Ahmed,
Please do check the validity of the certificate.
Please do cross check these steps again.
1.     Transaction u2013 STRUSTSSO2 (Trust Manager for Logon Ticket)
2.     Double Click Owner certificate. It gets reflected under the certificate tab.
3.                  Choose Format Binary
4.                  Choose File Path.
5.                  Enter the File Name
6.                 saved in local drive.
You can import into portal as x.509 certificate.
check this thread -
Certificate no longer has signature (use restriction)
Renew certificate via SAP MarketPlace, and install from tcode slicense. If you are working on a trial version, there is a SAP license request application form. Fill the form with the hardware key. you will get the new license via email. Install using slicense. Then try exporting the certificate.
Thanks,
Divya
Edited by: Divya V on Mar 10, 2011 11:25 AM

SSO between EP and GRC systems

Hi,
We have EP 7.0 and GRC 5.3 systems in our landscape. In the login page of the portal, we have a link configured to the GRC system to use the Compliant User Provisioning application.
On clicking the GRC link for accessing CUP, the user is prompted to enter the username and password to login to the GRC system. In our landscape both the EP and GRC systems have the ECC ABAP system as the UME and hence the user credentials are exactly the same for both EP and GRC systems for a particular user.
I would like to avoid another logon for the user in GRC as he has already logged in with the same user credentials in EP system.This, i believe is achieved through SSO but i'm not sure about configuring SSO between two Java systems.
Please help me in the configuration.
Regards,
Ragav

Ragav_ss wrote:
Everything is working fine when i click User Logon link in GRC system which comes up through the link from EP. The SSO is working fine there. But when i click Request Access or Request Status link, the SSO does not work.
Any clues.
GRC version is 5.3 SP 12
Did you ever get that resolved? I'm having the same problem with 5.3 SP 15.
Regards,
Sean

SSO Between EP and R/3 6.4

Hi,
I am trying to implement SSO between SAP EP 6.0 and SAP R/3 6.4 using logon tickets.
I've downloaded the .pse and .der files from Portal,uploaded the .pse in the backend system,added it to the ACL,but when i tried to test the connection in portal using system admin->system configuration->UM configuration->SAP system
i am getting an error----
(System ID): com.sap.mw.jco.JCO$Exception: (101) RFC_ERROR_PROGRAM: 'mshost' missing
(System ID & System Number): com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to SAP gateway failed Connect_PM TYPE=A ASHOST=ctsgvcsap3 SYSNR=03 GWHOST=ctsgvcsap3 GWSERV=sapgw03 PCS=1 LOCATION CPIC (TCP/IP) on local host with Unicode ERROR service '?' unknown TIME Thu Feb 23 16:24:39 2006 RELEASE 640 COMPONENT NI (network interface) VERSION 37 RC -3 COUNTER 2
Where am i going wrong?Please help.
If anyone is having detailed documentation please forward the same.
Thanks in advance
SwarnaDeepika.
Message was edited by: SwarnaDeepika

Hi Swarna
the procedure for importing portal certificate in r3 system i already mentioned
u have a authorization for strustsso2 on r3 system
ask for that to basis person or done with their id
after importing portal certificate into r3 system u have to restart the r3 system no need to restart the portal system
and make sure for SSO both portal and R3 system are in same domain.
i.e
sapr3.mydomain.com
portal.mydomain.com
if not u have to specify the DNS entry for that by creating alias.
regards,
kaushal

Error in SSO between Portal and IDM

Hi All,
In my scenario i need to configure the IDM workflow in portal and do SSO between them. I followed the steps given in IDM-Workflow installation document and did following things.
1. Uploaded the par file available in IDM installation kit in to portal.
2. Imported the Portal Content package (epa file) in to portal.I got the role Identity Center in my masthead.
3. Created System as said in the document.
4. Completed the necessary steps for transporting certificate between them.
But when click on the role 'Identy Center' or do preview of any iViews of IDM i am getting the following error.
Portal runtime error.
An exception occurred while processing your request. Send the exception ID to your portal administrator.
Exception ID: 05:58_06/12/08_0860_1657450
Refer to the log file for details about this exception.
Here is my default trace log for that exception id.
#1.5 #0019BBDC2B650079000000440000161C00045D5E6D4D111F#1228560048914#com.sap.portal.portal#sap.com/irj#com.sap.portal.portal#tventhan#24261##n/a##e764b200c37c11ddca800019bbdc2b65#SAPEngine_Application_Thread[impl:3]_16##0#0#Error#1#/System/Server#Java###Exception ID: 05:58_06/12/08_0860_1657450
[EXCEPTION]
#1#com.sapportals.portal.prt.component.PortalComponentException: Error in service call of Portal Component
Component : pcd:portal_content/com.sap.idm/iviews/workflow/com.sap.idm.workflow.home_overview
Component class : com.sapportals.portal.sapapplication.SAPApplicationIntegratorComponent
User : xxxxx
     at com.sapportals.portal.prt.core.PortalRequestManager.handlePortalComponentException(PortalRequestManager.java:973)
     at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:343)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
     at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215)
     at com.sapportals.portal.prt.pom.PortalNode.service(PortalNode.java:645)
     at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
     at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:753)
     at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
     at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:524)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:407)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: com.sapportals.portal.prt.runtime.PortalRuntimeException: Exception in SAP Application Integrator occured: Unable to parse template &\#39;<System.protocol>://<System.hostname>/<System.appcontext>/welcome.php?SAPIDStore=<System.idstore>&wf_portal=1&\#39;; the problem occured at position 38. Cannot process expression <System.appcontext> because Invalid System Attribute:
System:    &\#39;SAP_LocalSystem&\#39;,
Attribute: &\#39;appcontext&\#39;.
     at com.sapportals.portal.appintegrator.AbstractIntegratorComponent.doContentPass(AbstractIntegratorComponent.java:123)
     at com.sapportals.portal.appintegrator.AbstractIntegratorComponent.doContent(AbstractIntegratorComponent.java:98)
     at com.sapportals.portal.prt.component.AbstractPortalComponent.doPreview(AbstractPortalComponent.java:240)
     at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:168)
     at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)
     at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
     ... 29 more
Please help me to get rid of this issue.
Thanks & Regards,
Tamil K

Hi Tamil,
Please have a look in your log
Exception in SAP Application Integrator occured: Unable to parse template &\#39;<System.protocol>://<System.hostname>/<System.appcontext>/welcome.php?SAPIDStore=<System.idstore>&wf_portal=1&\#39;; the problem occured at position 38. Cannot process expression <System.appcontext> because Invalid System
Please check the above values in system properties which are in bold
regards
Anand.M

Problem SSO between VPN and NAC

Hello
Description of our problem : SSO doesn't work
-on the first connexion from vpn client we insert two time the login and password :one time for the client vpn and the seconde time for CAA (clean Access agent).
-although for the other connexion that succeed, we insert only one time the login and password (for vpn only) and for CAA the connexion is done automatiquely and a some hours later we reinsert two times login and password for vpn and CAA.
The following steps are done to configure Cisco NAC Appliance to work with a VPN concentrator:
Step 1 Add Default Login Page =ok
Step 2 Configure User Roles and Clean Access Requirements for your VPN users =ok
Step 3 Enable L3 Support on the CAS = ok
Step 4 Verify Discovery Host =ok (CAS IP ADDRESS 192.168.2.11)
Step 5 Add VPN Concentrator to Clean Access Server =ok (ASA IP ADDRESS 192.168.2.1)
Step 6 Make CAS the RADIUS Accounting Server for VPN Concentrator =ok
Step 7 Add Accounting Servers to the CAS (accounting server is CAM IP ADDRESS 192.168.20.10)
Step 8 Map VPN Concentrator(s) to Accounting Server(s)=ok
Step 9 Add VPN Concentrator as a Floating Device =ok
Step 10 Configure Single Sign-On (SSO) on the CAS/CAM =ok
the database for vpn authentication is cisco secure acs(192.168.1.30).
Tanks to any anybody to give us a possible solution.
FILALI Saad
Ares Maroc

Hi
I have just gone the the same issues with SSO VPN with my CAS in real-ip mode.
First thing to consider, when your testing, every time you test a user, make sure you go into the CAS or CAM and remove them as a certified device or active user before you perform your next test. I found that while I was testing that it would sometimes cache the user and I was getting successful auth attempts but due to their device being already accepted on a previous connection because the CAS was not made aware that the user had logged out correctly.
1. Make sure you have a fully functional DNS system on the inside network, I didnt realize how important it was to have forward and reverse look ups for your CAS and CAM. Make sure that all CAS and cams are listed in dns with correct domain names.
This in very important if your running your own CA certificates on cas and cam. Make sure that the CAM and CAS can resolve each other via dns. Make sure the CAM and CAS can perform reverse lookups of each other. Also make sure that when the user VPN's into your ASA that they can also perform DNS lookups and reverse lookups. If they cant perform dns look ups, you may need to temporarily allow the untrusted network full access while you resolve the DNS lookup problem on the client computer. One of the issues I had was that the VPN clients couldnt resolve internal DNS names and so the CCA agent would never auto pop-up and start the auto login process because it was trying to resolve the CAM name and also check that the CA certificate I had on the CAS was legitimate as I had used names in my certs and not IP addresses.
2. Make sure your VPN group settings on the IPSEC policy of the ASA has DNS pointing to your internal DNS server.
3. I know you already said you have done this but check to make sure that the VPN group setup on your ASA for your remote access users, has been setup with the radius accounting being directed the INSIDE interface IP address of your CAS, (if you are running your CAS in real-ip, I found that the inside interface was the only interface listening on 1813, do a 'netstat -an' on the cas to check) if your running in VGW mode then you only have 1 ip address to direct it to anyway.
Follow from step 15 in following link
http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a008074d641.shtml
3. Troubleshoot and make sure that the ASA actually sends a radius accounting message to the CAS. I did this by ssh into the CAS and doing a 'tcpdump -i any src and not tcp 22'. I then logged into the VPN client and made sure that once I entered my vpn user and pass, that the ASA authenticates the vpn user and then passes a radius accounting message to the CAS informing the CAS it has allowed a new user. If you dont see this radius accounting message hit the CAS interface go back to my step 3 and resolve.
4. Finally check that you have not mistyped a shared secret somwhere, ie between CAM and ACS, Between ASA and ACS, Between ASA and CAS. I had all my users authenticate though radius on my ACS server, a number of times I got caught out by a simple typo in a shared secret.
Try these things first.
Also someone else here on the forums linked this guide to me that also helped me setup my CAS correctly.
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cas/s_vpncon.html
You may find it useful too.
Dale

HA SSO Between LDPE and non-LDPE

There is a customer who got two new 5500 WLCs for Russia, running 7.4.110 SV. per mistake one of the controllers was sent as non-LDPE capable, the other is LDPE. He wants to know if possible to enable HA SSO between these two controllers?
The only topic related I have found is this https://supportforums.cisco.com/thread/2220165
But not too much info!

Here is the risk your customer faces and you know they will say they didn't know!
I would just tell your customer it's not stabile and they need to RMA the unit!
Important Note for Customers in Russia
If you plan to install a Cisco Wireless LAN Controller in Russia, you must get a Paper PAK, and not download the license from Cisco.com. The DTLS Paper PAK license is for customers who purchase a controller with DTLS that is disabled due to import restrictions but have authorization from local regulators to add DTLS support after the initial purchase. Consult your local government regulations to ensure that DTLS encryption is permitted.
Sent from Cisco Technical Support iPhone App

What is the difference between Lync and Sharepoint?

Both lync and sharepoint seem to serve the same purpose,then why do they both exist? and another question is,is the sharepoint hosted by onedrive or
it has independent cloud system?i got really confused with all these similar services in microsoft. Even skype does similar tasks like Lync does.then why do we need different platforms to do similar tasks.all these things really making little complected.can
anyone please care to explain clearly?I really love to use Lync for working with my colleagues,but before that i want to make sure that i know enough about these services.Thank you

Please, checkout this http://timwalwyn.com/2014/03/27/lync-vs-yammer-vs-sharepoint/
http://wadingthrough.com/2012/04/04/lync-and-sharepoint-integration-more-than-presence-information/

Sharing data between CRM and Sharepoint

Does anyone have an easy way to share dynamic lists in CRM with Sharepoint? We basically have a client list/view in accounts in CRM (all are online services with Microsoft 2013) and want to have it or a variation of it in sharepoint, but we want the data
to be dynamic. Wondering about BCS or using dynamic spreadsheets. Thanks.

Hi,
Yes, this is what EPMA is meant for. You can create and share dimensions between applications of different type. In the property grid of any member at dimension library you can choose the category and edit the properties in selected category of the member (Planning, Consolidation (HFM), Essbase, etc.).
Further details are in below:
http://download.oracle.com/docs/cd/E17236_01/epm.1112/epma_admin/frameset.htm?launch.html
Cheers,
Alp

A Comparative analysis between WebCenter and Sharepoint

Hi All,
Do you have any readily available comparative analysis between Sharepoint Freeware, MOSS and Webcenter is support of KM Functions. the major parameters that I wanted in comparison are as follows:
Ability to pre-fill metadata
Security to allow right people for right content
Ensure Single Source (Check-in & Check-out)
Desktop Integration for quick Uploads
E-Mail Integrations
Feedback
Metadata for quick retrieval
Ease of entry of Metadata
Intelligent Search
Flexible access of content
One location for one asset
Content organizing
Document centric collaboration
Information rights Management
Document capturing
Ability to provide Audit data
Ability to recommend the downloads
Ability to alert based on non-use of assets
Best regards,

Hi All,
Do you have any readily available comparative analysis between Sharepoint Freeware, MOSS and Webcenter is support of KM Functions. the major parameters that I wanted in comparison are as follows:
Ability to pre-fill metadata
Security to allow right people for right content
Ensure Single Source (Check-in & Check-out)
Desktop Integration for quick Uploads
E-Mail Integrations
Feedback
Metadata for quick retrieval
Ease of entry of Metadata
Intelligent Search
Flexible access of content
One location for one asset
Content organizing
Document centric collaboration
Information rights Management
Document capturing
Ability to provide Audit data
Ability to recommend the downloads
Ability to alert based on non-use of assets
Best regards,

SSO between BW and Sharepoint

Similar Messages

Maybe you are looking for