SSO for partner applications

Similar Messages

• Add new company (subscriber) for partner application

  Hi
  I want to add new company (subscriber) for partner application that is accessible from portal.
  and I want to get username , password , company in login page and change the login page to accept 3 parameter but I don't know what is the next step . and where can I define my company and define user for the company .
  Thanks
  Roshanak

  Hi,
  1. Get info regarding the chart of accounts.  It forms the basis  for FI\
  2. Though automatic postings are not regular, check the required details for configuration for APP.  If you are going for APP, u need to check house bank also
  3. Check the tax procedures (Varies between countries) - Sales Tax and Withholding tax config
  4. Payment terms
  5. Discount received / paid configurations
  6. Dunning details - Check if existing standard SAPscripts will suffice ur needs.  Else u may need the help of ABAPers
  Regards,
  Sridevi
  <i><b>Award points, if useful</b></i>

• Implementing OAM - SSO for Multiple Applications

  I am trying to implement OAM - SSO for 2 applications. I already have completed the setup of SSO for one application . OID -- OAM -- OHS ( 11g webgate ) - Weblogic Server - OBIEE . ( All the components are 11.1.1.5 version ).
  Now I am looking to add a 2nd application ( OBIEE 11.1.1.6.5 version ) into the mix. So should I install a separate OHS and webgate for the new application or can I use the existing OHS to add another application.
  Any tips on this would be helpful please.
  Thanks

  You may use the same OHS server in reverse proxy to the two applications and configure corresponding policies in OAM console.
  Let us know if you get into any issues.

• SSO requires double login for partner application

  I'm having some trouble with SSO partner applications, when I login to a SSO protected application, the login works fine, but when I try to navigate to another application I'm presented with the login page again, the sso cookie seems to be working since clicking on the login button without entering the user credentials works. For example, I log in to portal and from there I navigate to a forms application that is on the same server and the same port (portal: https://apps.mydomain.com:4444/pls/portal --> forms: https://apps.mydomain.com/forms/frmservlet?config=app) I am presented with the login page and after clicking on the login button without entering any information everything works fine. This is happening for all the middle tiers that are connected to the same OID. Any ideas on what can be wrong on my configuration?

  Hi Andrey,
  The problem sounds really wierd.
  Can you check your SSO settings for your Portal ECC system? I mean, please check the User Management/Administration properties in your System Adminstration of Portal System that points to ECC.
  Regards
  <i><b>Raja Sekhar</b></i>

• SSO to partner application running under IIS

  Hi,
  We have a complete set-up for 9iAS Release2 where some applications are running. In parallell we have an application running under IIS, and would now like to enable the IIS application as a partner application to 9iAS letting the 9iAS SSO server handle the authentication.
  In the documentation of Oracle Proxy Plug-in I read that this proxy plug-in can be used to proxy requests from IIS to Oracle http server (OHS) and also in this way enable SSO.
  My question is if this can be done only for applications running under 9iAS but having IIS as web server, or if it is also possible like in our case to enable SSO via the proxy plug-in to applications runnind under IIS?
  If this is not supported is the only available solution to use the SSO SDK in my IIS application?
  Thanks and regards,
  Rikard

  Here's a DIY answer.
  See Metalink Note 269820.1 which shows you how to use Perl to overwrite the host name in the HTTP header and remove the port number.

• Register the partner application through SSO Administer Partner Application

  When should I use the "Administer Partner Applications" link on the SSO Server Administration page to register the application among the following cases?
  1. sign-on SDK integrated application
  2. mod_osso integrated application

  Were you able to resolve the issue???
  Can you pls try Rerunning ssodatan/x with the correct data. The ssodatan script is located in the directory ORACLE_HOME/portal30/admin/plsql/ssodatan.
  Refer following link for more info on SSODATAN , SSODATAX and DIAGNOSTICS scripts in Portal 3.0.x:
  http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=136138.1

• Apex application registered with sso as partner application

  We have 1 apex app registered with sso and working properly.
  I just registered a new apex application with sso. when i authenticate through sso, it directs me to the originally registered application.
  I went in through the portal administrator app and verified my settings all pointed to the new application. I verified that my dad is set up correctly.
  Any ideas?
  APEX 2.0

  i did register and obtain the keys through portal admin.
  to ensure i used the proper keys (i guess there is a possibility i used the keys from db1 registration) i re-ran regapp with the right keys but recieved the following output:
  SQL> @regapp
  Partner Application Configuration
  Enter value for listener_token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
  Enter value for site_id: EFBE3E14
  Enter value for site_token: MSMXURH1EFBE3E14
  Enter value for login_url: https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admin.ls_login
  Enter value for encryption_key: 2EBDD126A3A40606
  Enter value for ip_check: N
  ERROR: Error in registration. Please try again
  User-Defined Exception
  Registration successful.
  Listener token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
  Site id : EFBE3E14
  Site token : MSMXURH1EFBE3E14
  Encryption key: 2EBDD126A3A40606
  Login URL :
  https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
  n.ls_login
  Logout URL :
  https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
  n.ls_logout
  IP check : N
  PL/SQL procedure successfully completed.
  Commit complete.
  No errors.
  SQL>
  ...in spite of the error, i aske the app developer to try and use sso for db2. he now recieves:
  User-Defined Exception
  Error Error in wwv_flow_custom_auth_sso.process_success:l_sso_user_name:l_sess_id:: Please contact administrator.
  OK
  any ideas?

• OID Realm Setup for Partner Application in another application server

  This message was also posted under the Identity Management thread.
  We currently have 10.1.2 SSO running and configured to accept a partner application from another app server (10.1.3). A sample application attempts to authenticate a user and then use JAZN to confirm whether the user is in the correct OID group. The user can authenticate successfully, which shows up in the SSO audit table, but the group check fails. I believe this is due to the realm not being visible to the other app server? How do I go about setting up the app server or application on the 10.1.3 platform to be able to check the 10.1.2 SSO server for the right OID group when the user authenticates? I have tried to set up the file-based permissions through the EM console, but seems to be only valid for the local setup. My thought was that the system-jazn-data.xml file would need to identify and point to the SSO server? When I troubleshoot that file, I see the correct realm entry and also the correct JAZN group and the OID GUID for the group. Any suggestions?
  Thanks,
  Leif

  Hi Amit,
  I am also facing the same issue. Could you please share the work around you around to get rid of this issue?
  Mahendra.

• SSO for JDeveloper application -- how?

  Hello,
  I am developing a servlet with JDeveloper & Struts, and I am curious whether it is possible to configure SSO and JDeveloper so that when I DEBUG the project and the embedded OC4J server starts, my application gets protected by the Single-Sign-On. That is, when I access http://<server>:8988/MYApplication/request.do?<params>, the SSO login page shows up, and after I type in correct login and pwd, my original page gets called again, only with the SSO cookie set this time.
  I have all the things set up (infrastructure etc), and I guess if I go and deploy my application into Apache web folders, things should work -- but is there a way to do this with embedded OC4J server -- with its ports, etc?
  Thank you very much,
  Sasha.

  Krrish,
  For enabling security for your ADF application in JDeveloper use ADF Security wizard. Read this:
  http://www.oracle.com/technology/products/jdev/howtos/1013/adfsecurity/adfsecurity_10132.html
  You should set up your identity management with the application server.
  (App Server Console->Administration->Identity Management)
  You should set the identity management as the security provider of the ADF Application.
  (App Server Console->Your Application->Security Provider)
  You should have installed your APP Server in advanced mode.
  You have to enable SSO for application server and define the ADF application as a partner application:
  http://download-uk.oracle.com/docs/cd/B32110_01/web.1013/b28957/configldap.htm#BEHCGHHF
  see Configure SSO (Optional) section.
  Despite that, I myself have had problem making this work. I am using Identity Management 10.1.4.
  Regards
  Farbod

• b OID Realm setup for partner application server /b

  We currently have 10.1.2 SSO running and configured to accept a partner application from another app server (10.1.3). A sample application attempts to authenticate a user and then use JAZN to confirm whether the user is in the correct OID group. The user can authenticate successfully, which shows up in the SSO audit table, but the group check fails. I believe this is due to the realm not being visible to the other app server? How do I go about setting up the app server or application on the 10.1.3 platform to be able to check the 10.1.2 SSO server for the right OID group when the user authenticates? I have tried to set up the file-based permissions through the EM console, but seems to be only valid for the local setup. My thought was that the system-jazn-data.xml file would need to identify and point to the SSO server? When I troubleshoot that file, I see the correct realm entry and also the correct JAZN group and the OID GUID for the group. Any suggestions?
  Thanks,
  Leif

  Hi Amit,
  I am also facing the same issue. Could you please share the work around you around to get rid of this issue?
  Mahendra.

• Error running ssodatax script for partner applications

  I am running the ssodatax script after creating a partner
  application using the user interface in the portal. I get the following
  error after the script starts running:
  SP2-0310: unable to open file "sso/ssoseedp.sql"
  Any thoughts will be appreciated.
  Thanks,
  Suzanne

  It appears that ssodatax in your environment is unable to find the script ssoseedp.sql. This script should be available in plsql/sso directory under the ORACLE_HOME. Please find the script ssodatax and look for the sso subdirectory within the directory that contains ssodatax. If you find ssoseedp.sql in sso, then you can try running ssodatax from the directory that contains it.

• SSO for External application not part of the portal framework

  Greetings,
  I am desperate!!!
  I am trying to do the following:
  I have a pl/sql application that presents to the user a set of external applications links.When the user activates a link, I would like to make a call the SSO server so it can do external application login.
  I know I can configure the external applications as described in the SSO admin guide.
  Unfortunately the API to query the SSO server for external application mapping is not public.
  ANY IDEAS ON WHERE I CAN GET THIS INFO??
  Every thing I have read says that external applications can be accessed through Portal. This is not my case. I can use any packages or classes available by the SSO server to portal, but MY APPLICATION IS NOT A PORTAL.

  I have similar kind of requirements for Single sign-on to external web applications.
  But in my applications I have to auto-generate random userid & password for different external web applications.
  These uids & password are exported to external applications, which upon recieving creates user in their applications.
  So, actual user will never have access to these credentials(uid &pwd).
  So, how can I cutomize the Portlets to do the first time SSO when user is created & their credentials to external apps are stored to OID.
  Any idea Barry..
  Bye

• OID connection error for partner application

  Hello All
  I have registered a partner application which run from Oracle application server OC4J and when i login via URL, I get following error below, any suggestions?. All parameters are correctly specified.
  AJPRequestHandler-ApplicationServerThread-458 Communication Exception received. Cleaning up the stale
  connection
  oracle.ldap.util.CommunicationErrorException: Unable to establish connection to directory. Please verify the input parameters: host, port,
  dn &' password connection closed
  at oracle.ldap.util.Subscriber.getUser_NICKNAME(Subscriber.java:1214)
  at oracle.ldap.util.Subscriber.getUser(Subscriber.java:913)
  at oracle.ldap.util.Subscriber.getUser(Subscriber.java:860)
  at oracle.security.sso.server.ldap.OIDUserRepository.getUserProperties(OIDUserRepository.java:495)
  at oracle.security.sso.server.auth.SSOServerAuth.authenticate(SSOServerAuth.java:485)
  at oracle.security.sso.server.ui.SSOLoginServlet.processSSOPartnerRequest(SSOLoginServlet.java:1058)
  at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:350)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:835)
  at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:341)
  at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:816)
  at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:231)
  at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:136)
  at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
  at java.lang.Thread.run(Thread.java:534)
  Thanks
  Amit

  Hi Amit,
  I am also facing the same issue. Could you please share the work around you around to get rid of this issue?
  Mahendra.

• SSO for various applications within the same portal

  Is it possible to implement SSO at the application level in an EP 7.0 environment?
  Ex:  One Portal with ESS and BI Functionality (BI is connected to the BI backend, ESS is connected to the ECC backend, but all of it exists within the same portal instance) in which the BI Explorer would rely on SSO, while the ESS would require a logon to the portal.  The initial page of the portal would not be a logon screen, but rather a menu screen
  Does this functionality exist?

  For our purposes, ESS would have to be authenticated (perferably through Active Directory), while BI Explorer wouldn't require "visible" authentication, BUT the question would be, could all of this exist on the same portal..
  I agree that it certainly wouldn't be user friendly to ask users to logon (using AD l/p) for certain parts but not others.  I think the solution would simply to have 2 portal instances (ESS/ECC = Logon/Password,  BI Portal = SSO), and to federate the BI to the ECC Portal. That way, if someone wanted to work in BI and only BI, they could go without logging on, but if they wanted to go to the ESS Portal they would have to logon BUT would be able to use both ESS and BI.
  This all stems from an effort to eliminate the neccessity of having to logon to a portal (for a small group of managers), but still maintaining a level of security for ALL users in regards to employee self-service

• IdM 7 and SSO for legacy applications

  Dear experts,
  Per SAP NetWeaver 7 documentation new approach allows SSO for any legacy applications without a need for a 3rd party IdM solution.
  Could someone explain how this is handled? Does evary non-SAP application need to become aware of SAP IdM credential store and be able to interact with it, or some other - non-intrusive approach is being used?
  Thanks in advance,
  Eugene.

  Hi Eugene,
  SAP NetWeaver Identity Management 7.0 handles the provisioning of users (identities) for a heterogeneous landscape. Authentication and Single Sign-On (SSO) is being handled within the SAP NetWeaver platform. So introducing SAP NetWeaver Identity Management itself does not introduce additional SSO functionality.