SSO for ALUI using OAM 10.1.4.0.1

Has any1 successfully tested SSO for ALUI or WCI using OAM??? I would appreciate if someone shares the policy created. you can send me an email to [email protected]
Edited by: Ferry on Sep 24, 2009 11:07 PM

The 10.1.4.0.1 installers can still be found on http://edelivery.oracle.com under Oracle Application Server 10.1.3 - please see Note 1286374.1 for details. 10.1.4.0.1 is deprecated, and I would certainly recommend using the base 10.1.4.3 installers if at all possible.
Regards,
Colin

Similar Messages

Implementing OAM - SSO for Multiple Applications

I am trying to implement OAM - SSO for 2 applications. I already have completed the setup of SSO for one application . OID -- OAM -- OHS ( 11g webgate ) - Weblogic Server - OBIEE . ( All the components are 11.1.1.5 version ).
Now I am looking to add a 2nd application ( OBIEE 11.1.1.6.5 version ) into the mix. So should I install a separate OHS and webgate for the new application or can I use the existing OHS to add another application.
Any tips on this would be helpful please.
Thanks

You may use the same OHS server in reverse proxy to the two applications and configure corresponding policies in OAM console.
Let us know if you get into any issues.

SSO for MS outlook, OWA and Sharepoint using SSO 2.0

Hi,
We have installed the secure login server 2.0. And configured SSO for SAP (ABAP, JAVA) systems using X.509 certificate. it is working fine.
We want to configure SSO for some non SAP applications like MS outlook, Outlook Web Access, Sharepoint.
I dont see any documentation in the implememntation guide of NW SSO 2.0 for how to configure these non sap applications to accept X.509 certificates.
Anyone please share the details of how to configure SSO for MS outlook, OWA and Sharepoint
Regards,
Yogesh Kumar D

Hello Yogesh,
Secure Login Server generates short lived certificates, this means after a configured time (or even
after an logout, because the Secure Login Client does not persist the private
keys in the file system) the private key and certificate is gone.
So using this for long term encryption is not practicable (because decryption
will be very very hard after a certificate/key renew...)
For a signature only solution the problem would be the signature validation, because it needs the
public key/certificate from the signer. This is usually included into the
PKCS#7 signature format, but its not guaranteed (depends on the application settings as example in outlook etc.). So this would be theoretically possible, but unlikely.
For long term encryption/signatures you need persistence certifkate/keys.
So thats the reason there is not documentation about that use case in Secure Login Server.
best regards
Alex

How to use SSO for some sites

I have one SSO certificate provided in IE and some of my corresponding sites refer to this SSO while logging in.
This works perfectly well in chrome as well, however same sites do not recognize SSO certificate and prompt for Logon credentials while accessing in firefox

Hi Daniel,
Yes, you can use SSO for your purpose. One of the over-looked features of SSO is to use as configuration store. Especially for storing the credentials for accessing your external
systems.
Create an
affiliate application in SSO and save your credentials in there. And in send port, under security tab you can select the affiliate application to use the credentials.
Read this article on this topic. This article gives you the detailed information starting from access required to create affiliate application, ways to read data
from SSO.
Building and Executing
a BizTalk Single Sign On Scenario
Single Sign-On Support for the WCF Adapters
If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

Need documents for how to use OAM for APPS DBAs

Hi All,
Need documents/pdfs, how to use OAM for APPS DBAs.
Thanks a lot in advance

Hi,
For R12 ,refer the Oracle E-Business Suite System Administrator's Guide - Configuration part no:E12893-03 (http://download.oracle.com/docs/cd/B53825_04/current/acrobat/121sacg.pdf)
For 11i version pls chk :
Oracle Applications System Administrator's Guide - Configuration (zipped) B13925-06 (http://download.oracle.com/docs/cd/B25516_18/current/acrobat/115sacg.zip)
--Rk

How do we use SSO for both Windows AD and Trusted authentication?

We want to have the majority of our users access the BO 4 BI Launchpad using SSO with Windows AD authentication. We have set this up and it's working ok. We also have a subset of external users and need to configure SSO with Trusted authentication for their Enterprise accounts. Support says we can only have SSO for one authentication type. I'm assuming we can work around this by installing a 2nd Tomcat instance on our Linux server. Has anyone done this type of config successfully? Any other ideas would be greatly appreciated. Thanks!

Hi Collins,
BOE's CMS can be accessed from multiple application servers.
Please have a look on this new article [here|http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/00240702-8343-2f10-ed9a-85ece14c93db] .
You may use this method for other application servers(not only NW) but just dont add the file "web-j2ee-engine.xml" as its not needed.
regarding sections 4.2.4 on the document, On one application server just set "authentication.default" property under the file BIlaunchpad.properties, to "secWinAD"(for win AD). and on the other set it to "secEnterprise".
please report any problems you may encounter,
thanks,
Idan

How to use SSO for credential storeage

Hi All,
Can I use SSO to store my credentials for the different web services and SQL databases, which I am going to specify in send ports. So that i can specify the use sso single sign on in send ports. Please comment.
Thank You,
Dani

Hi Daniel,
Yes, you can use SSO for your purpose. One of the over-looked features of SSO is to use as configuration store. Especially for storing the credentials for accessing your external
systems.
Create an
affiliate application in SSO and save your credentials in there. And in send port, under security tab you can select the affiliate application to use the credentials.
Read this article on this topic. This article gives you the detailed information starting from access required to create affiliate application, ways to read data
from SSO.
Building and Executing
a BizTalk Single Sign On Scenario
Single Sign-On Support for the WCF Adapters
If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

Detailed steps to make SSO using OAM 11g

Can anyone provide me detailed steps to configure SSO using OAM 11g.
thanks

Hi,
Install webgates in OHS
First you deploy the web application in web/application server
1. Create user Identity Store
2. Create authentication scheme.....and use identity store create above
3. Create Authentication module
3. Create Application Domain
4. In application Domain Create Create Authentication and authorization policies
5. Add the resource which you want to protect in Authentication & Authorization Policies
6. Testing
Regards
Kumar
Edited by: Kumar.kummathi on Sep 17, 2012 11:55 AM

How to protect applications running in Weblogic using OAM

Hi all,
I have a doubt,
I have 2 application running in weblogic.
I need to protect those application using OAM and provide single sign on.
How this can be done?
In the OAM integration guide i saw OAM with BEA Weblogic SSPI
Is SSPI like a connector r what is the use of this?
Is there any other way to protect a application running in weblogic using OAM and provide SSO for those applications
thanks in advance.

You will need to also add the OAMIdentityAsserter and possibly an Authenticator to get group/role information in the weblogic instances (assuming it's not the same one where OAM is installed).
Jack

How to configure ADF application to use OAM Identity Assertion ? web.xml

We have a web application developed using ADF (application development framework) and deployed on WebCenter 11.1.1.2 (weblogic 10.3.2)
OID Authentication and OAM identity assertion is configured in WebLogic 10.3.2 .
How to configure security in ADF application (web.xml or weblogic.xml) so that it uses OAM identity assertion (already configured as authentication providers in weblogic server)
Any pointers or documentation so that application (developed using ADF) check for identity tocken and verifies it with one of identity assertion providers.

John,
I have to concur. With OAM you don't need this. OAM intercepts the calls and inserts a cookie for WLS to get user information from.
I strongly advise to go through the above mention OFM Security Guide. Esp. Chapter 10 tells you in every detail how to implement OAM SSO with WLS (with or without OHS as a proxy).
Reading this chapter saves you time and turnarounds on this topic...
--olaf

SSO for JDeveloper application -- how?

Hello,
I am developing a servlet with JDeveloper & Struts, and I am curious whether it is possible to configure SSO and JDeveloper so that when I DEBUG the project and the embedded OC4J server starts, my application gets protected by the Single-Sign-On. That is, when I access http://<server>:8988/MYApplication/request.do?<params>, the SSO login page shows up, and after I type in correct login and pwd, my original page gets called again, only with the SSO cookie set this time.
I have all the things set up (infrastructure etc), and I guess if I go and deploy my application into Apache web folders, things should work -- but is there a way to do this with embedded OC4J server -- with its ports, etc?
Thank you very much,
Sasha.

Krrish,
For enabling security for your ADF application in JDeveloper use ADF Security wizard. Read this:
http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
You should set up your identity management with the application server.
(App Server Console->Administration->Identity Management)
You should set the identity management as the security provider of the ADF Application.
(App Server Console->Your Application->Security Provider)
You should have installed your APP Server in advanced mode.
You have to enable SSO for application server and define the ADF application as a partner application:
http://download-uk.oracle.com/docs/cd/B32110_01/web.1013/b28957/configldap.htm#BEHCGHHF
see Configure SSO (Optional) section.
Despite that, I myself have had problem making this work. I am using Identity Management 10.1.4.
Regards
Farbod

SSO for Oracle Apex application

Hi All,
I am working on the requirement where the client want to implement the SSO for the apex application which are in different workspaces.
But not using oracle SSO server :(
The Microsoft active directory is used for authentication.
Please give me some idea how to implement SSO for these apex applications.
Thanks & Regards,
Prutha

Hi,
I am trying to implement Single-Sign On for my Apex applications. Below are the requirement steps:
This is working fine within same WORKSPACE and on single DB, but I need to implement SSO across DB with different workspaces.
1. I have *2 Databases* DB-1 and DB-2. Both are different and running on different machines.
2. On Both DB's Apex is configured.
3. I have to deploy an app which uses internal Application Express account credentials for Login on DB-1
4. From DB-1, after login, I have to provide a link to open another Apex App deployed on DB-2
5. All Apex Apps on both DB's are using same Authentication Schemes.
6. In both DB's I have PAGE SENTRY function for session validation.
Can we configure Apex only once on both DB servers like RAC. Do we have any admin setting in Apex by which we can achieve th motive.
Please help me to implement such functionality using only Apex across different DB's and different Workspaces.
Thanks,
Ismail
Edited by: user9536278 on Mar 27, 2012 4:18 AM

SSO for application systems with local users?

Hi all, I'm new to Oracle Identity Management. My company is going to implement SSO for inhouse applications. However, some applications have their own local users (e.g. admin, guest, etc.) who have to login to the application system through the same interface. We put all organization users in an Oracle enterprise Directory server, which is the authentication backend of the Access Manager. After implementing webgate, such local users can't get authenticated. I'd like to know if it's possible to configure particular users/applications to bypass SSO and use local authentication? Thanks.
Rgds
/ST wong

Possible solution is to create a new entry point for local users. Create two proxies one for actual user entry and another for local user. You can restrict n/w access to proxy with local login so that only few hosts based on your requirement who needs to access system with local accounts. This way you will have two web sites for single application.

SSO for SAP and Non-SAP applications without Enterprise Portal

Dear all,
Is it possible to implement SSO for both SAP and non-SAP applications without involvement of EP at all?
I have gone through this link.
<a href="http://help.sap.com/saphelp_nw04s/helpdata/en/e5/4344b6d24a05408ca4faa94554e851/frameset.htm">http://help.sap.com/saphelp_nw04s/helpdata/en/e5/4344b6d24a05408ca4faa94554e851/frameset.htm</a>
But I still i am not able to get the precise answer on how to enable SSO for both SAP and non-SAP applications without EP.
We have decided not to implement EP in first phase of SAP implementation. But we need to enable SSO for other SAP and Non-SAP applications.
A detailed description on how to deal this kind of scenarios will be helpful.
Thanks.

A client of our's uses SAP Enterprise Portal, and is using the SAP SSO, which is implemented with tickets, and requires the use of SAPSECULIB. My company provides an application for this client, and our application in hosted in our data center for the client, as a Software as a Service application, obviously across the internet. Our client, which owns a SAP license, has asked that we support the SAP SSO as a non-SAP SSO application. The client user's SSO ticket will be created from SAP EP, and then passed across the internet to our application, and we are to use that SSO ticket as an authentication ticket to our application. I beleive I know how to do this work technically, having reviewed the SAP document named: "Dynamic Library for Verifying SSO Tickets in Third-Party Software" Specification Version 2.00 December 2005.
My question is, does my company have the right to use the SAPSECULIB? Where is the official download and license download, that indicates we can download this library, and use it to support a SAP customer? We do not own a SAP license. Thank you for your help. I have searched many places in SAP support.

SSO for Forms9i & Rep9i applications

Hai all,
We have developed forms9i & Reports application(around 3 applications .
We want to use SSO for authentication process and expose this application as portelts in 9iAS portal release2.
Can any body give the steps to follow.
How to configure forms9i apps in Portal?
As partner applications or external application?
If partner applications which mechanism ia goob.
Mod_osso or PDK?
Regards,
Sreenivas

Anupam,
Thanks for response.
Can users create the resources themselves? if yes what user interface is available for this?
Do you know how the users can change their password for a particular resource if it changes?
Harish

SSO for ALUI using OAM 10.1.4.0.1

Similar Messages

Maybe you are looking for