SSO-BI-EP integration

Similar Messages

• Problem: Deploy a SSO Third Party Integration Adapter in Portal

  A user want to deploy a SSO third party integration adapter (Novell Access Gateway) in Portal (AS v10.1.2.0.2). And used method in Note 430877.1. They can login through Novell Access Gateway and login Portal, but when click search user button, there always show a blank IE. And no error log. How to resolve? Thanks.

  Hello,
  I have found out that in SAP Portal it must be possible to create a new system from a par-file which is uploaded to portal before.
  I have such a par-file. It is deployed and uploaded to the portal server. And the application which is contained by this PAR is running in SAP Portal.  But when I go to
  System Administration --> System Configuration --> Portal Content --> right mouse click to folder --> new System from par
  then this PAR can not find there.
  I have also tried to upload this PAR manually to portal. But the result is the same. This PAR does not exist in the radiobutton-options to create a new System.
  Please can anybody tell me how to create a system (or a system-template) from an uploaded PAR-file?
  Regards,
  Iris

• Apex Application With Oralce SSO (inbuilt) application integration

  Hi,
  Installed oracle 11g, configured Application Express Release 3.0.
  I developed application in APEX.
  Now I want to authenticate my application with Oracle SSO login.
  Please help me on this.
  Thanks in advance.
  Thanks,
  Surya

  Hello Surya,
  If you follow the instructions here you should be able to connect to your SSO.
  http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
  Peter

• OBIEE Security - How to setup SSO-integrated EBS users & mobile access?

  I'm looking for the best approach to solution my company's OBIEE Security requirements, they are:
  1) Create a standard authentication/security process at an enterprise level
  2) Maintain EBS Roles to provide object-level and data-level security in OBIEE
  3) EBS Users must go through the EBS portal to get to OBIEE (ie. single signon integration)
  4) non-EBS users must go through the OBIEE portal
  5) Both EBS and non-EBS users need ability to use the OBIEE iPad mobile application
  So for the EBS users, I've implemented the SSO integration between OBIEE 11.1.1.5.0 and EBS R11 based on the Oracle white paper [ID 1343143.1]. I've also set up an Authorization session init block to read the user's EBS Roles and set up object/data level security.
  For the non-EBS users, I've kept the default identity store (WLS-LDAP) and authentication provider.
  My question is what's the best approach for providing mobile access to the EBS users? Obviously I can't pass an HTML cookie to the iPad for these guys. Assuming these EBS users are in an corporate-LDAP store, I was thinking to setup a dual authentication store that connects to both corporate-ldap(EBS) and the WLS-integrated LDAP(non-EBS).
  Will this work? Does anyone have a better approach they'd like to share?

  Please post the details of the application release, database version and OS.
  We have a customer, who has upgraded to EBS R12 recently. With EBS R12 there comes a responsibility that enables users to directly open embedded BI in EBS. When people do LDAP authentication to EBS, they can directly open the OBIEE inside the EBS. But, when the EBS is SSO (OAM+WNA) integrated, OBIEE SSO in EBS does not work. What is the error?
  It could be related that OAM generated cookies are not recognized by embedded OBIEE.
  Is there a way to do a setup with both OAM SSO enabled to EBS, and EBS-OBIEE SSO is enabled inside EBS ? I do not think there is a single document that covers all the above (I believe you are aware of the individual docs).
  For urgent issue, please always log a SR.
  Thanks,
  Hussein

• Register application with SSO

  Hi all
  I have a APEX install which I have succesfully registered with SSO as a partner application (I have registered APEX/HTMLDB itself). On this machine we host a number of applications which can be accessed as http://myserver.mydomain.com/pls/htmldb/f?p=APP_NAME1 (and so on to APP_NAME_n).
  The business owner of one of these applications wants to have an application-specific URL instead of the generic type URL (eg, http://my-new-app.mydomain.com/....), and to keep the new alias in the browser URL. However, I am sure that this will require me to register the application with SSO as the SSO server won't recognise the new URL.
  I have searched the forum and not found any reference to having the entire HTMLDB engine registered as a partner app, and registering individual apps with SSO at the same time. Perhaps, this is so trivial and straightfoward that no-one has come across any problems with this. But I wonder if there are any "gotchas" in having this kind of set up before I actually start on it.
  regards
  Gerard

  Gerard - That should work as that was the intended purpose of having the two "flavors" of SSO partner app integration - so that a workspace schema could have a local copy of the SSO SDK and could use it independently of the Application Express installation's copy. Do let us know how it goes, especially if it works.
  Scott

• SSO between ITS 620 R/3 and EP

  Hi,
  I need to use ITS 620 for R/3 4.7 and EP 6.0 for ess/mss implementation
  I have to configure SSO between R/3 and EP.
  Do I also need to configure SSO between ITS and R/3 , ITS and EP also for this?
  If yes can any one tell me the steps in configuring SSO between ITS and R/3, ITS and EP ?
  advance thanks,
  PK

  UPDATE:
  I have installed a portal (SAp netweaver 7.0 Java stack) and have connected it to a ECC6.0 SR3 backend and I needed only to configure the SSO between portal and backend abap instance, and all worked fine. There was no need to configure the SSO between the integrated ITS and abap instance.
  About the error  message mentioned in my previous forum entry:
  I did not only do the steps for SSO between portal and backend as described in the blog "Configuring the Business Package for Employee Self-Service (ESS)", but I also did all the additional steps as mentioned in "10 golden rules of SSO".
  After that the error message "SSO logon not possible; logon tickets not activated on the server" did not appear anymore. (Instead a screen that asks for username and password always appears with the warning "No switch to HTTPS occurred, so it is not secure to send a password". But I think that's ok.)

• Can we integrate Lotus quickr into ep 7 using application integrator

  hi gurus,
  can we integrate lotus quickr in to ep 7 (i.e sso) using appliction integrator or do we have any other way to do sso,
  helpful replies are appreciated.
  Thanks & Regards
  K Naveen Kishore

  Hi,
  Tobias , thank you for you reply
  yes it is ,Lotus Quickr is a DMS(document management system) which sits on Lotus Domino server.
  i have done integrating Lotus quickr to ep 7,using application integration,
  what i have done:
  1)uploaded par file,
  2)ceated system template,
  3)created system using template,
  4)then iview using par,
  5)done usermapping
  in iview in the property
  URL Template Fragment for User Mapping : i have given
  Username=<MappedUser>&password=<MappedPassword>
  i took Username and password names from source of the login page of quicke
  document.write("<input id=\"user\" class=\"text\" type=\"text\" name=\"Username\" />");
  document.write("
  <label for=\"password\">""Password:""</label>
  document.write("<input id=\"password\" class=\"text\" type=\"password\" name=\"password\" />
  document.write("
  <input id=\"button\" type=\"submit\" name=\"login\" value=\"""Log In""\" />
  when i cliclk on preview
  finally page is displayed without user logedin, when i tried to login with this page with valid username and password same page is displayed .but when i tried with invalid username and password it is saying invalid username and password.
  also as u said  "Best way would be to configure Quickr to user Kerberos authentication"  if possible send me the step by  step guide for this.
  Regards
  K Naveen Kishore.

• Problem in application integrator while connecting yahoo system

  hi,
  i have connected yahoo mail to portal as described in how to guide pdf...but when i am opening that iview..one pop up window is coming dispalying the message SESSION MANAGEMENT WILL NOT WORK ..PLZ CHECK THE DSM LOG FILES
  wen i m closing that pop up window..logon page of yahoo is comin..SSO is not happening
  thanks in advance

  Hi Amit,
  Can you tell me what URL you are using for accessing your portal. DSM problem normally appears if you are not using the fully qualified URL path for your portal.
  For Yahoo SSO with app integrator can you specify what settings you have done at System definition level and in the Iview properties.
  Regards,
  Sarabjeet.

• Ms-Active Directory integration with SAP 4.7 SR2 through LDAP Connector

  Dear Gurus,
  Let me clarify the scenario:
  At our end, we are planning for SSO, we are integrating Microsoft ADS with SAP 4.7 IDES
  Following are the system details:
  SAP: IDES 4.7, on Windows 2000 Advance Server, Oracle 8.1.7.,Kernel-620
  MS-Active Directory: Windows 2003 Enterprise Edition, with Service Pack-1
  With the above mentioned landscape we have integrated
  LDAP-Connector on MS-Active Directory, on MS-Active Directory OS
  side we have tested the command (ldap_rfc –a LDAP_ADS –g
  ides.ho.com –x sapgw00) then we are testing it through an
  RFC in SAP 4.7(IDES), with result success.
  Everything is fine Im able to Log ON thru the User but when I try to search objects in LDAP(ie. ADS) thru "FIND", but getting Error message "operation Failed".
  Referred note 511141 for the error.
  Can't find anything more.
  Required help...
  Regards,
  SHAH

  Dear Juergen,
  As of we have applied the SP-level till 40.
  Through LDAP tcode we are able to Logon to the Directory server, and we
  are also able to search, through FIND,
  the system displays all entries below the specified base entry.
  After that we are trying to Synchronize it, using report RSLDAPSYNC_USER through SE38, but its showing following errors:
  Connection created to Server LDAP_ADS (successfully with Green)
  Operation Failed (Error with Red)
  Error message: LDAPRC001
  LDAP_SEARCH failed (Error with Red)
  Error message: LDAPACCESS101
  The System could not create directory objects pool (Error with Red)
  Error message: LDAPSYNC005
  Connection to LDAP_ADS server terminated
  As for first Error: Error message: LDAPRC001, we referred Note 511141,
  Response: "This error msg does not mean that the SAP System sent incorrect data".
  For Error message: LDAPACCESS101 and Error message: LDAPSYNC005, we refferred 696021 and 695026
  Response: to apply the correction change, as our SP level is above the requirement, we have
  level-40.
  Unable to get further, any solution/suggestion.
  Bye for now.
  Regards,
  Shaibaz

• Issue in accessing Client Web Service 401 authentication error

  Hi,
  I have a requirement where i need to call a web service from SOA composite. When i deploy the service on SOA Server and try accessing it i get below error
  **oracle.fabric.common.FabricException: Cannot read WSDL "{http://www.service-now.com}ServiceNow_u_incident" from Metadata Manager.: Error in getting XML input stream: https://XXXXXXX.service-now.com/incident.do?WSDL: Response: '401: Unauthorized' for url: 'https://XXXXXXXX.service-now.com/incicdent.do?WSDL'**
  If i go from broweser and hit the url it asks for my ldap / windows credential.
  My question is how to i pass these credentials from Composite.
  sample service
  https://demo.service-now.com/incident.do?WSDL
  Shirish

  To pass HTTP Basic Auth from an External Reference in a composite_
  Set up in the EM
  1. Create the credentials in the EM
  - In the EM Weblogic Domain > right click the domain name
  - Choose Security > Credentials
  2. Create an oracle.wsm.security map
  This is where the http token details are held
  - If the oracle.wsm.security does not exist create one (Create Map)
  - call it oracle.wsm.security
  3. Create the Key
  - Click create Key
  - Enter the following values
       Select Map -> oracle.wsm.security
       Key -> Key name
       Type -> Password
       Username -> << basic auth username required >>
       Password -> << basic auth password required >>
       Description -> Clear text description
  Note : Make the key name specific to the service you are accessing i.e. basic.credentials.sitea.demo
  Secure the Reference Partner Link
  In JDeveloper
       Open the composite that needs securing
       Right click on the external reference
       Select Configure WS Policies
       For Security, click the + button
       Select the oracle/wss_http_token_client_policy entry
       Select this and click the pencil button to edit the Override Value.
       In the override value column (csf-key), enter the credential key name you wish to use. i.e. basic.credentials.sitea.demo
  Deploy the service, and this will now be secured against the Basic Auth.
  This does not address SSO / Windows AD integration from the client, this is where a Web Service is protected by basic auth. If you need to integrate with AD as SSO etc then you will need to configure Kerberos. That is a much bigger explaination that you will probably find on the Net.
  Good luck
  Edited by: rodhiggins on 28/05/2013 22:52

• Do we need to configure webgate & HTTP server two times

  Hi Experts,
  Our requirement is need to integrate EBS and OBIEE with OAM 11g for SSO.
  For integrating EBS, oracle recommanding HTTP server, webgate and accessgate.
  At the same time do we need to configure separate webgate and HTTP for OBIEE also otherwise we can use common webgate & HTTP server for both EBS and OBIEE.
  Can anyone please advise me.
  Thanks in advance,
  903079.

  Hi Hussein,
  Thanks for reply,
  EBS release : 12.1.3
  OBIEE : 11.1.1.5
  OS : RHEL 5.3 x86_64
  I am following the MOS doc. 1309013.1
  Regards,

• HFM 9.3.1 drill through FDM

  Hi All,
  I'm trying to use the drill through functionality in HFM 9.3.1.
  When I click on Audit Intersection in the web data grid FDM starts to open but then I get an error relating to Single Sign On not being setup correctly.
  I've added the FDM app name to the App setting in HFM and I've got the correct URL in the Web Config .
  Can anyone give me any guidance of where to setup SSO in Shared Services for HFM/FDM?
  Is it possible to use drill through using Web Data Forms?
  Thanks
  G

  Choose Administration>Manage Documents then click on links
  click new to add a new link
  In the link field enter one of the following, for the
  version of FDM you are using.
  • http://<server name>/<wwwwwwww>/AuthorizedPages/LogonPage.aspx?AppName=<xxxxxxxx>
  • Replace <server name> with valid web server address
  • Replace <wwwwwwww> with UpstreamWeblinkDataMart for versions FDM 9.0.2 to FDM 9.2.x
  • Replace <wwwwwwww> with HyperionFDM for 9.3 and above
  • Replace <xxxxxxxx> with a valid FDM Application Name.
  Ensure that FDM does not open in the same page
  • Ensure to include the Single Sign On information in page request. Click ‘Save’
  On the ‘Manage Documents – Links’ screen you will now see your link to FDM. Log into the server where FDM is installed.
  • Go to Start > All Programs > Hyperion > Financial Data Quality Management > Load Balance Manager > Load Balance Configuration
  Go to the ‘Authentication Providers’ tab, click ‘Add’ and choose ‘Visual Basic Script SSO Authentication’ Provide a description. Set sso uathentication script ,The script is generically written, and must be customized for each customer.
  • Once the changed have been made click ‘OK’ and notice the Authentication Providers have been updated.
  • Go back to the ‘General’ tab and re-enter the service account password and click ‘OK’
  • Go back to HFM Workspace and test the link you created. FDM will open up in a new window, and sign you in.
  Now enable FDM to pass the SSO token:
  • Administration -> Integration Settings
  • From the ‘Options’ drop-down choose ‘Use SSO’
  • Enable the check-box
  • Click ‘Save’
  • From the HFM Web-Server you need to provide a link to FDM inside of the ‘Server and Web Configuration’
  • Choose the ‘Web Server’ tab
  • Enter the following link to ‘Financial Data Management URL’ field http://<server name>/HyperionFDM/AuthorizedPages/IntersectionSummaryByLocation.aspx
  • Update <server name> with the appropriate FDM Web-Server name
  •Enter a valid DCOM service account and password in the ‘DCOM User Info’ fields.
  Test Drill back functionality

• Loggin in a user without asking user credentials

  Hi,
  I have an Oracle SSO and OCM integration running a sitestudio web site. I want to provide a link on the site which contributors can use to switch to contribution mode. When the user clicks this link he/she should automatically be loggen into the system with a user/pass which is present in OCM so the user is not prompted with the login screen. I tried to explore the LOGIN service, but is there a better way of doing this.
  Thanks in advance
  - AU

  You need to set the option to create a mobile account using the Directory Utility app. 

• Authorization has become case sensitive

  We have migrated from Stellent 7.5 (Windows platform with MS SQL db) to UCM 11g (Linux platform with Oracle 11i DB). We have implemented SSO using AD integration. The issue is that after authenticating the user the kerberos token passes the user NT ID in same case as its stored in AD (ex: MJack). However, in our database the user NT ID is stored in lower case (ex: mjack).
  As Oracle DB is case sensitive while quering the DB the UCM application throws the error that user doesn't have priviledges, it doesn't finds the user prviledge information in DB with NT ID 'MJack'.
  Is there any fix for this issue or someone else also has faced this problem.
  Thanks,
  Rajiv

  What user privilege information can it not find?
  Everything should come from AD I would think? Do you have a stack trace of the error...and can you tell us when it occurs.
  If it does not recognise the user at all I would have thought it would maybe create a new entry in the Users table...

• IPSec or LEAP+MIC+TKIP?

  Hello,
  What is meaning of "reasonable" in the following sentence?
  "Organizations should use IPSec when they have the utmost concern for the sensitivity of the transported data, but remember that this solution is more complex to deploy and manage than LEAP. LEAP should be used when an organization wants reasonable assurance of confidentiality and a transparent user security experience." (http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns128/networking_solutions_white_paper09186a008009c8b3.shtml)
  What is the most secure option to transport data, IPSec or LEAP+MIC+TKIP? Is it something like 10 billion years to crack IPSec and 1 billion years to crack LEAP+MIC+TKIP?
  Thanks.

  I am sure the security gurus will chime in on the technical side but I prefer LEAP+MIC+TKIP. My goal is very good security for a wireless network but at the same time I want things to be as transparent to the user as possible. If they do LEAP against a Cisco ACS that references the domain account you get dynamic WEP keys. You can go the extra mile and enable MIC and TKIP. Cisco says this may reduce your throughput as much as 30% but I have foud the impact to be negligible. This way you get SSO and data integrity and confidentiality using a system tha, in my opinion, someone would have to be pretty good to get into your system. It lock out most of the people who would want to get in but I have yet to see a totally hack-proof system. You can also go even farther and do Broadcast key rotation but if you do that you have some workarounds regarding VLANS else the user will get locked out after the second rotation.