SSO for a Webdynpro App
Hi Everyone hope you can help.
All i would like to know is:
If you have created a webdynpro and would like to bypass the default way of obtaining a JCO connection i.e)
Not using the GUI under the webdynpro admin console in the portal and defining the JCO (Meta and Model) there.
I have looked everywere and i can not find any documentation supporting "Writing your own JCO connection" inside the webdynpro app as a pooled connection.
I used to do it in EP5 like this:
public class Test {
private IPortalComponentRequest request; //used for SSO
public void setRequest(IPortalComponentRequest value){
request = value;
private void BuildConnection(){
IJCOClientService clientService = (IJCOClientService) request.getService(IJCOClientService.KEY);
poolEntry =
clientService.getJCOClientPoolEntry("PROD_SYSTEM", request);
sapConnection = poolEntry.getJCOClient();*/ }
private void closeConnection(){
poolEntry.release();
} //end Juan
The API that i used is not included in the webdynpro development lib.
Can anyone show me how to get the SSO cookie using the webdynpro API inside the webdynpro app. I need this cookie to include it into the required parameters during the JCO connection creation.
Thanks in advance!
Hi Diego
There is tons of information on this.
Check this post
Re: Problem accessing R/3 with SSO ticket from the EP6.0
and also links in this post.
For Web dynpro app to R/3 these simple points should help
-> Go to your Security provider service in VA , select the authentication template ticket and provide options for CreateTicketLoginModule with the one given in this document
http://help.sap.com/saphelp_nw04/helpdata/en/cb/ac3d41a5a9ef23e10000000a155106/content.htm
->Go to your key storage service in VA and export out the certificate and import this into R/3
->Go to your Content administration for Web Dynpro and switch the security settings in your JCO destinations to use 'useSSO' instead of userid and password , this applies only for the destination that fetches application data. The meta data destination can be configured to use userid and password.
Thats about it.
Regards
Pran
P.S is this '=(' the mexican hat
Similar Messages
-
Custom Login for each WebDynPro App
Hello All,
We are trying to develop non-Portal WebDynPro applications. Since, checking the authentication box for the WebDynPro Applications will always cause the standard UME Login Screen to appear, I was wondering if this can be customized such that I have different one for <b>each</b> Application.
This is not about customizing Portal Login Screen.
Thanks,
KiranPran,
Thank you so much for the reply.
I have implemented it in a different way. I have a normal login jsp taking username/pwd and with the "action" pointing to a servlet. The servlet has the following code.
IUser user = UMFactory.getAuthenticator().getLoggedInUser(request, response);
if (null == user) {
try {
UMFactory.getLogonAuthenticator().logon(request, response, "uidpwdlogon");
} catch (LoginException e) {
RequestDispatcher rd = request.getRequestDispatcher("unauthorised.html");
rd.forward(request, response);
response.sendRedirect("http://localhost:50000/webdynpro/dispatcher/local/Welcome/MyWebDynProAppl?SAPtestId=2");
I saw that there was a cookie being generated MYSAPSSO2.
Now, my question is, How different is this approach compared to yours? I looked at the "Security provider" for my application in Visual admin and saw that the authentication template is "no" with just BasicPasswordLoginModule/Sufficient/{}.
Is this anyway less/more secure than what you mentioned?
Also, what do u suggest as a better way of redirecting? Is response.sendredirect the only option?
Do you know what "SAPtestId=2" mean in the URL of the webdynpro application that I need to redirect to?
Thank you,
Kiran -
SSO for 'external' partner apps
Is it possible to use oracle's SSO product with applications written in various languages (php/perl/coldfusion/.net,etc) on non-oracle servers.
ie, if i have a php application that sits on a server entirely separate from the oracle app server or SSO server, is there documentation that allows me to write code that hands-off authentication responsabilities to the SSO. so, the php application would verify that a user is presenting a login cookie, and speak to the sso server in the backend to verify that the login cookie is valid, etc.
Thanks very much for any help you can provide!I have similar kind of requirements for Single sign-on to external web applications.
But in my applications I have to auto-generate random userid & password for different external web applications.
These uids & password are exported to external applications, which upon recieving creates user in their applications.
So, actual user will never have access to these credentials(uid &pwd).
So, how can I cutomize the Portlets to do the first time SSO when user is created & their credentials to external apps are stored to OID.
Any idea Barry..
Bye -
SSO for some SAP Apps, but forced login for the sensitive data application
We have R/3 4.7 (Enterprise), with EP 6.0 and Web AS 6.40. We have implemented Employee Self Service, as well as CRM, and some BW reports through EP 6.0. We have a Broadvision Portal that is on top of EP 6.0. In other words, the employees login to the Broadvision Portal, and authenticate against our Active Directory user store. Then they will choose the SAP apps listed above, which go through the SAP Portal (EP 6.0)
We want to allow SSO through EP when users choose either CRM, or BW reports, but we want to force a login when they choose ESS, since this data is more sensitive. The problem we have had is that when we turn on SSO, it allows the user through for all 3 SAP apps. My question is: How can we force a login for just ESS, but not for the other 2 apps.
Thanks.Rick,
I suppose, Eric meant Authentication Schemes ("authschemes") instead of security zones.
An authentication scheme is essentially a pointer to a JAAS logon stacks on the J2EE Engine plus a frontend ("login screen"). Authentication schemes are assigned numbers ("priorities"), the higher the number the more trustworthy the authentication of the underlying JAAS stack is regarded.
Example:
Let's assume you use the default authscheme "uidpwdlogon" for all your iviews. It features a password-based or SAP logon ticket-based logon and is assigned a value of 20. All iviews that have this authscheme set in its "authscheme" property are accessible for you without any further authentication once you have passed this scheme (or any other authscheme with a priority <= 20).
Now, you set one individual iview to use authscheme "certlogon", which requires an X.509 certificate and is valued "21". When accessing this iview, the portal will force a re-authentication (as 21>20).
By configuring custom authschemes and JAAS logon stacks you can easily implement your scenario. Simply ensure that all your ESS iviews will be using an authscheme with a value greater that your default value.
Regards,
Dominik -
Please guide me for user authentication and authorization in WebDynPro App
Hi,
I just study the WebDynPro to develop the SAP Portal. I've ever developed the Web-based App using J2EE. So when i developed the Web-based App i have to develop the control of the user authentication and authorization on each page for example ,checking the session of the user whether they can access this page or whether session is expired or not,. So i have no idea with the WebDynPro and the SAP Portal because i never had experience for both WebDynPro and Portal.
I need to ask you some question to clarify my doubt :
1. SAP Portal is web page that include every enterprise application with in one page and user log-in to them just on time, isn't it?
2. If i integrate WebDynPro with SAP Portal, which one will do the authentication and authorization?. I mean that, Do i have to develop the code to check authentication and authorization in the WebDynPro App or Let the SAP Portal manage them?
3.Could you please suggest the best practice for authentication and authorization in webDynPro.
Many Thanks
Noppong Jin most case you don't have to write code to deal with session, authentication and authorization.
1. yes,
2. no, no code needed. you just set an attribute to your application, which make the the authentication required. when user access this page, portal will display the logon page
3 you can put some authorization related code in web dynpro for specific requirement, search this doc "Protecting Access to the Web Dynpro Car Rental Application Using UME Permissions" -
Getting the following error while creating the model for webdynpro app.
Plugin Name: Web Dynpro Model Editor Services
Plugin ID : com.sap.ide.webdynpro.service.modeleditor
Class :ap.ide.webdynpro.modeleditor.wizards.model. creation.ModelDialog
Method : nextPressed
Exception : org.eclipse.swt.SWTException: Failed to execute runnable (java.lang.NoClassDefFoundError)
This is the error i am getting while creating the model for the webdynpro application. Can some one help ?
Thanks & Regards
Lalithhi
This error occurs mainly due to the reason that particular plugin is not there in the NWDS.
So please try to reinstall the NWDS or try tracing out whether that particular plugin is there or not.
Thank,
kris -
"SSO" for non-sap web application using SAPGUI to browse?
I have a web application (non SAP) and the user base are also SAP users in an ABAP system.
To strengthen the authentication in the web app, I wanted to implement SSO
authentication as we pity the users for having to remember so many strong pw's and I
dont like LDAP based pw sync or other technology I dont understand, because then we are
just yet another application with the same pw...
We are having technical problems implementing SSO on the web app side, and are anyway a
bit sceptical about the user admin / role admin assignment if we get it to work.
So I have created a transaction in SAP which browses the web app and the intention is to
send the SAP sy-uname as the web app user. We can control this using s_tcode, and
an own auth object on the WAS side and a check on the session type before the connection is
established. In this sense we are dependent on the SAP concept implemented, but even so:
The role assignment is controlled in the web app itself -> so assume that I am not overly
worried about unauthorized access to the web application, as they would not have any
system role for it as their sy-uname does not exist. (Infact we can monitor this)
The browser on the front end is the SAPGUI with html controls on the SAP side.
I would be interested in knowing whether anyone else has experience with this approach, and
whether there are any areas to be carefull of?
I would also like to know whether this is a strategic error?
Kind regards,
JuliusHi Julius,
well, if that web application would run on the same ABAP backend system then the solution described in <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0612670">SAP Note 612670</a> would be applicable:
a so-called "Re-entrance ticket" (based on the "SAP logon ticket" SSO proceedings) is issued, transported via the SAPGUI connection and back to the system via the invoked HTML control.
But for non-SAP web applications that does not help.
In that case only X.509 client certificates can be used for SSO. Actually, the web application could then also be invoked directly (independent from the SAPGUI session). The user is authenticated based on the X.509 client certificate - and not based on the ABAP userID (of the SAPGUI session).
Well, if you don't mind the effort you could also use the "SAP Logon Ticket evaluation library" (sapssoext, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0304450">SAP Note 304450</a>) to evalute the SAP logon ticket externally. You'll then need to have a "stub application" at the ABAP side that triggers the http redirect to your external web application. Not a nice solution but a possible one.
In the future SAML browser artifacts would be an option (preferable to integrate non-SAP applications). But currently that's not available (for NWAS ABAP).
Cheers, Wolfgang -
SSO for JDeveloper application -- how?
Hello,
I am developing a servlet with JDeveloper & Struts, and I am curious whether it is possible to configure SSO and JDeveloper so that when I DEBUG the project and the embedded OC4J server starts, my application gets protected by the Single-Sign-On. That is, when I access http://<server>:8988/MYApplication/request.do?<params>, the SSO login page shows up, and after I type in correct login and pwd, my original page gets called again, only with the SSO cookie set this time.
I have all the things set up (infrastructure etc), and I guess if I go and deploy my application into Apache web folders, things should work -- but is there a way to do this with embedded OC4J server -- with its ports, etc?
Thank you very much,
Sasha.Krrish,
For enabling security for your ADF application in JDeveloper use ADF Security wizard. Read this:
http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
You should set up your identity management with the application server.
(App Server Console->Administration->Identity Management)
You should set the identity management as the security provider of the ADF Application.
(App Server Console->Your Application->Security Provider)
You should have installed your APP Server in advanced mode.
You have to enable SSO for application server and define the ADF application as a partner application:
http://download-uk.oracle.com/docs/cd/B32110_01/web.1013/b28957/configldap.htm#BEHCGHHF
see Configure SSO (Optional) section.
Despite that, I myself have had problem making this work. I am using Identity Management 10.1.4.
Regards
Farbod -
SSO for Oracle Apex application
Hi All,
I am working on the requirement where the client want to implement the SSO for the apex application which are in different workspaces.
But not using oracle SSO server :(
The Microsoft active directory is used for authentication.
Please give me some idea how to implement SSO for these apex applications.
Thanks & Regards,
PruthaHi,
I am trying to implement Single-Sign On for my Apex applications. Below are the requirement steps:
This is working fine within same WORKSPACE and on single DB, but I need to implement SSO across DB with different workspaces.
1. I have *2 Databases* DB-1 and DB-2. Both are different and running on different machines.
2. On Both DB's Apex is configured.
3. I have to deploy an app which uses internal Application Express account credentials for Login on DB-1
4. From DB-1, after login, I have to provide a link to open another Apex App deployed on DB-2
5. All Apex Apps on both DB's are using same Authentication Schemes.
6. In both DB's I have PAGE SENTRY function for session validation.
Can we configure Apex only once on both DB servers like RAC. Do we have any admin setting in Apex by which we can achieve th motive.
Please help me to implement such functionality using only Apex across different DB's and different Workspaces.
Thanks,
Ismail
Edited by: user9536278 on Mar 27, 2012 4:18 AM -
SSO for Forms9i & Rep9i applications
Hai all,
We have developed forms9i & Reports application(around 3 applications .
We want to use SSO for authentication process and expose this application as portelts in 9iAS portal release2.
Can any body give the steps to follow.
How to configure forms9i apps in Portal?
As partner applications or external application?
If partner applications which mechanism ia goob.
Mod_osso or PDK?
Regards,
SreenivasAnupam,
Thanks for response.
Can users create the resources themselves? if yes what user interface is available for this?
Do you know how the users can change their password for a particular resource if it changes?
Harish -
URGENT: SSO for multiple Applications
I have integrated 4 different applications in a single domain with OAM for SSO.
Individually all apps are working fine (for SSO). Now I want to Apply only single login for all the applications. So what changes need to be done in OAM side?
Continuing to my above Question. For the first time if I access application A, Authentication should be done and if I access Application B, C, D no authentication should be done
and What changes to be done for Single Log OUT.
Help me what to do for SSO for all the applications.
Thanks
Ajay
Edited by: 915734 on Mar 12, 2012 7:57 PMYou have to configure single sign-on policy for same
Go through the blelow documents
http://docs.oracle.com/cd/E14571_01/doc.1111/e15478/sso.htm#BJFGFBDC
http://docs.oracle.com/cd/E14571_01/doc.1111/e15478/intro.htm#BABCDGEH
http://docs.oracle.com/cd/E23943_01/core.1111/e10043/osso_b_oam11g.htm
http://docs.oracle.com/cd/E24269_01/doc.11120/e24477/sso.htm -
How to consume a ABAP webservice in a webdynpro app?
Hi,
I have a BAPI in ABAP that is exposed as a webservice. I want to use this to build a webdynpro app so that i can consume this webservice. This BAPI returns the Employee data. As soon as the person logs into the portal i am going to pass his login id to this BAPI so that it retrieves the Employee data for that user id. But i need to know the procedure of consuming this webservice in a webdynpro app. Any pointers in this regard will be greatly appreciated.
Thanks,
Arun E VHi Arun,
Consumption of a web service is univesal I guess so it wont matter if it is an ABAP webservice. For consumtion of webservice in Web Dynpro you can go through the following tutorials
<a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webdynpro/using%20car%20rental%20web%20service%20with%20web%20dynpro.pdf">https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webdynpro/using%20car%20rental%20web%20service%20with%20web%20dynpro.pdf</a>
<a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webdynpro/creating%20an%20email-client%20using%20web%20dynpro%20and%20web%20services.pdf">https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webdynpro/creating%20an%20email-client%20using%20web%20dynpro%20and%20web%20services.pdf</a>
Do reward points if it helps
Regards
Sid -
Consuming ABAP Webservice in Webdynpro app
Hi,
I have wrote a webdynpro app for consuming ABAP webservice. I used the procedure in the link below
http://wiki.sdn.sap.com/wiki/display/WDJava/ConsumingABAPWebServiceinJavaWD
Everything seemed to be went well, I created model and Webservice destinations. I have written the code for calling the webservice, which does not return data as part of response. I mean though the RFC returns data at the backend,its not showing the returned records in the webdynpro table.
I have also tried checking the same by setting external break point. when the webservice is executed from my webdynpro app,it goes to the ABAP debugger and i could clearly see the records in the export parameters of RFC,but the same is not returned in the reponse object.
Could any one let me know what could be missing. Any help is greatly appreciated?
I have used the following code in Init method of my View
Request_ZMYRFC input=new Request_ZMYRFC (model);
wdContext.nodeRequest_ZMYRFC ().bind(input);
ZMYRFC req= new ZMYRFC (model);
req.setPUserid("EDLAS00C");
req.setPLtc("E");
input.setMYRFC (req);
IWDMessageManager manager = wdComponentAPI.getMessageManager();
try
wdContext.currentRequest_ZMYRFCElement().modelObject().execute();
wdContext.nodeResponse().invalidate();
wdContext.nodeZMYRFCResponse().invalidate();
wdContext.nodeReturn_res().invalidate();
wdContext.nodeItem_res_ret().invalidate();
wdContext.nodeILtcg_res().invalidate();
wdContext.nodeItem_res_ltcg().invalidate();
catch(Exception e)
manager.reportException(e.getMessage(), false);
Thanks
Santhoshsantosh,
Check provider system defination in nwa for webservice.After this mapp the provider system and service group after wd app deployed.This is mandatory while consuming webservice in webdynpro for latest versions of CE7.11 or later.for reference check this article/document. http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/50d70a19-45a3-2b10-bba0-807d819daf46
Thanks,
Murthy.
Edited by: Murthy Karaka on Mar 22, 2010 12:59 PM -
Can I execute a function module in my Webdynpro App ?
Hi,
Can I execute a function module in my Webdynpro App ? I mean, it's not a BAPI.
Is it possible ? which is the procedure to follow ? (comparing to a bapi procedure).
Thanks for your help !
Regards from Mexico. =)
DiegoHi Diego,
the warning icon indicates that you're using a function module that has not been externally released. If the corresponding function module has been defined by SAP, its interface might be changed in an incompatible way within one of the next releases, e.g. removing / renaming a parameter or structure field. Stability is only guaranteed for BAPIs or external released function modules.
From the point of view of the model import it does not make any difference. If import does not work, there seems to be some other problem. Maybe the function module has not been activated in the R/3 system. Or check the log file or the import log page which will be the last page of the import wizard.
You might want to import some other none external released function module in order to verify that model import of these kind of function module works.
Kind regards,
Lothar Bender -
ABAP session id with a webdynpro app
Hi....
I have a custom webdynpro app that makes JCO calls to ABAP.
So when i open the abap debugger (debugging remotely from the java webdynpro) i can see that sy-uname
is in fact the user that logged into the portal....
What I am wondering is this....
Is there a way to get a unique session id (or guid) on the abap side for that users session? when the user logs off of the portal, there session closes on the abap side as well...if they logged into the portal then they
would have a new session on the abap side as well....
I need to find a way to get this session id on the abap side.maybe this function module?
TH_GET_SESSION_ID
Maybe you are looking for
-
About cost center accounting (Transaction based posting with CO assignment
Hi, I m working on cost center accounting ,and i m stuck in transaction based posting ,i m post transaction through FB50, i m given concern G/L account Dr 8000 and credit to bank account with account assignment cost center 10100.after i simulate thi
-
Lightroom 5 installation error messages
When trying to install Lightroom 5 on Mac 10.6.8, the following error messages popped up. ----------- Payload: Adobe Photoshop Lightroom 5 5.4.0.0 Adobe Photoshop Lightroom 5.pkg_5.4 ----------- ERROR: DW006: Apple Package failed to install successfu
-
This week I did a factory restore using the Thinkvantage tools on my PC. I did this because my hard drive was full despite only actually being about 50% full. I did every imaginable virus and malware scan and could not identify why my HD was showing
-
Error 50103 in LabView using NI 6363
hi everyone, I have encountered a problem. I was trying to write a Labview program in which i will get simultaneous signal from an unsteady pressure transducer and a steady pressure transducer.(both give voltage input signals) both will run for the s
-
Hi! My intel Imac suddenly, and without apparent reason, shut down, and won't turn back on. When I press the power button, sometimes it makes a small noise, but then nothing happens. I have unplugged all the cables, and also tried resetting the SMC,