SSO for some SAP Apps, but forced login for the sensitive data application

We have R/3 4.7 (Enterprise), with EP 6.0 and Web AS 6.40.  We have implemented Employee Self Service, as well as CRM, and some BW reports through EP 6.0.  We have a Broadvision Portal that is on top of EP 6.0.  In other words, the employees login to the Broadvision Portal, and authenticate against our Active Directory user store.  Then they will choose the SAP apps listed above, which go through the SAP Portal (EP 6.0)
We want to allow SSO through EP when users choose either CRM, or BW reports, but we want to force a login when they choose ESS, since this data is more sensitive.  The problem we have had is that when we turn on SSO, it allows the user through for all 3 SAP apps.  My question is: How can we force a login for just ESS, but not for the other 2 apps.
Thanks.

Rick,
I suppose, Eric meant Authentication Schemes ("authschemes") instead of security zones.
An authentication scheme is essentially a pointer to a JAAS logon stacks on the J2EE Engine plus a frontend ("login screen"). Authentication schemes are assigned numbers ("priorities"), the higher the number the more trustworthy the authentication of the underlying JAAS stack is regarded.
Example:
Let's assume you use the default authscheme "uidpwdlogon" for all your iviews. It features a password-based or SAP logon ticket-based logon and is assigned a value of 20. All iviews that have this authscheme set in its "authscheme" property are accessible for you without any further authentication once you have passed this scheme (or any other authscheme with a priority <= 20).
Now, you set one individual iview to use authscheme "certlogon", which requires an X.509 certificate and is valued "21". When accessing this iview, the portal will force a re-authentication (as 21>20).
By configuring custom authschemes and JAAS logon stacks you can easily implement your scenario. Simply ensure that all your ESS iviews will be using an authscheme with a value greater that your default value.
Regards,
Dominik

Similar Messages

  • Incoming Email not working for one web app, but IS working for others in same farm.

    I have enabled incoming email in a large multi-web application farm running SharePoint 2013 SP1 and the Feb 2015/March 2015 CUs that were pushed down in Windows Updates.  It works just fine for two web applications, but it will not work for one particular
    web application. I see the email land in the /drop folder. If I remove the email address from the library in http://nonworkingapp web
    application and use it on a library in a http://working web application, then the email is processed successfully. Conversely,
    if I take an address from a library in http://working and move it to a library inhttp://nonworkingapp it
    does not work. I've tried multiple site collections on http://nonworkingapp. This rules out any SMTP issues, etc. and means
    the issue is bound to this web application. Permissions are the same between the "non-working" and "working" locations: domain users are members on the site, and the library inherits permissions from the site.  The App Pool and Timer
    Service accounts have rights to the folder and to the library.
    The error in the ULS log is the typical error processing message, but it gives no additional information even though I have enabled Verbose logging.
    The Incoming E-Mail service has completed a batch. The elapsed time was 00:00: 00.0156294. The service processed 2 message(s) in total. Errors occurred processing 2 message(s): Message ID: Message
    ID:
    Typically, you see "alias not found" or some permissions or quota issue here, but this issue is NOT the same as those. In this case NO additional information is provided in ULS.
    Edit: running stsadm.exe -o refreshdms -url http://one/failing/site fixed some similar issues where "Unknown alias" was
    reported even though the list did have an alias (see here:http://blogs.technet.com/b/vinitt/archive/2009/07/15/e-mail-enabled-list-alias-information-is-not-synchronized-between-configuration-database-and-content-database.aspx).
    This did not fix the issue for the case mentioned above.
    What could possibly be the issue preventing incoming email from working on this one web application?

    Thanks for your reply.  Incoming E-Mail was running on all 3 WFE, however I do not think this was the cause.  As noted, _other_ emails send to http://workingapp are working just fine.  I can send two emails - one to a library on http://workingapp
    and another on http://notworkingapp.  The email to http://notworkingapp will sit in the drop folder, while the one to http://workingapp will be processed correctly.  In addition, the ULS log on WFE1 indicates an attempt to process the file fails.
     So clearly, the timer job on WFE1 is running and attempting to process the file.  For kicks, I disabled the service on WFE2 and WFE3, but with no change in the behavior.
    WRT to #1, I have done this already (as noted in the original post).  I can remove an alias from http://workingapp and place it on http://nonworkingapp and it is not processed.  If I return it to http://workingapp it is processed.  In other
    words, I go into Library Settings -> Incoming Email for a working library, and copy the alias, then disable incoming email for that library.  I then go to Library Settings -> Incoming Email for a non-working library, enable incoming email, and paste
    the alias.  Once done, emails sent to the alias are not processed.  I then do the reverse, and it works again.
    On #2, I have already tried multiple libraries on http://nonworkingapp (also as noted in the original post).
    In my environment, incoming email does not work for any library on http://nonworkingapp, but does work for any library on http://workingapp.  Troubleshooting listed above has ruled out any problem with basic mail server configuration or library settings
    - the problem is bound to http://nonworkingapp
    I'm not sure what you mean by "steps to reproduce the issue".  If I knew that, I would probably be able to solve the issue.  The best I could come up with to describe the situation would be:
    Set up SP 2010 in a three-node configuration with multiple web apps
    Enable incoming email and confirm it works
    Migrate to a SP2013 SP1 farm in a three node configuration.
    Enable a new email alias for a library
    Observe that it doesn't work for one web application.
    Obviously, it's pretty unlikely that attempting that in a lab would actually have the same result.

  • I have synced my ipod many times, but for some reason it will no longer sync the apps, and says there are app installed that can not be determined. What should I do?

    I have synced my ipod many times, but for some reason it will no longer sync the apps, and says there are apps installed that can not be determined. What should I do?

    See these previous discussions:
    not determined
    iTunes cannot sync... apps not determined installed on...: Apple Support Communities
    installed apps could not be determined...: Apple Support Communities

  • Internal Microphone not working with Quicktime and some other apps, yet it does for Skype.

    Internal Microphone not working with Quicktime and some other apps, yet it does for Skype. 
    Microphone works fine with Quictime on another mac, so I do know how to use it. The one where it is not working (A) had an external microphone and camera attached earlier, and indeed it does work with that external microphone, but not with the internal microphone selected; and (B) had RealPlayer installed previously.
    Any suggestions, please?

    Hi,
    Download Audio driver from here.
    Intructions how to install it in Vista/Win7.
    Extract this driver with Winrar.
    Open Device manager and expand the Sound, video and game controllers section.
    Right click on Either the High Definition Audio Device if you have the generic Microsoft drivers, or the Conexant High Definition SmartAudio 221 if you have older Conexant drivers and choose "Update Driver Software..."
    Click Browse my computer for driver software, then click "Let me pick from a list of device drivers on my computer"
    Click "Have Disk..." then Browse to the folder where the drivers were extracted  .......\V64 for 64-bit Vista/Win7. Click OK.
    Select one of the "Conexant High Definition SmartAudio 221" models in the list, there will be multiple identical entries.
    Click Next, and you're done.
    I'm not sure which one from the list will work for You.
    This drivers weren't test. So if You will try them and it will work for You let us now about.
    ** Say thanks by clicking the "Thumb up" icon which is on the left. **
    ** Make it easier for other people to find solutions, by marking my answer with "Accept as Solution" if it solves your issue. **

  • IPad Mini 2 goes ballistic when being charged -- in other words, it hangs abruptly ; does not type properly. Moreover, in some instances open apps peculiarly force quit without the screen being touched whatsoever.

    iPad Mini 2 goes ballistic when being charged -- in other words, it hangs abruptly ; does not type properly. Moreover, in some instances open apps peculiarly force quit without the screen being touched whatsoever.

    Hi, RomeroSalsa. 
    Thank you for visiting Apple Support Communities. 
    I understand that you are experiencing an issue with the responsiveness of your iPad mini while charging.  I would need a little more information on how you are charging the device to provide a better answer.  While the steps below are not exactly labeled for this issue, they may help resolve the issue.
    If the battery doesn’t charge
    If the battery doesn’t charge, unplug your device and try these steps:
    Look at the connector at the bottom of your device and make sure it’s free of debris.
    If you're using a USB power adapter, make sure it's plugged in all the way and the power outlet is working. If you're connecting to a computer, make sure it's on and can charge your device. To charge an iPad, you might need to use a USB power adapter and plug into a power outlet.
    Try a different USB cable, USB power adapter, or USB port.
    If everything seems to be working, reconnect your device and wait for 30 minutes.
    If your device still doesn’t charge, try to restart it while it's connected to power. If you can't restart, reset your device.
    If you can’t charge your iPhone, iPad, or iPod touch
    -Jason H. 

  • I have downloaded infinity blade 3 and then deleted it because i wanted to install some other apps. but now i am trying to install the game again but its saying error 0xE8000004. I have about 6.5 GB space on my iPad. what should i do..

    I have downloaded infinity blade 3 and then deleted it because i wanted to install some other apps. but now i am trying to install the game again but its saying error 0xE8000004. I have about 6.5 GB space on my iPad. what should i do..

    These might help
    http://support.apple.com/kb/TS3221
    http://support.apple.com/kb/TS3694

  • Hi, I have the iPhone 4, 32GB, version 4.3.5 (8L1) and for some reason when I connect it to the laptop, it starts synchronising but never goes beyond step 1. I have tried evrything, but it does not work and now I cannot update the iPhone s/w. any clue?

    Hi, I have the iPhone 4, 32GB, version 4.3.5 (8L1) and for some reason when I connect it to the laptop, it starts synchronising but never goes beyond step 1. It goes on syncing forever, without actually doing anything. I have tried everything, wiped the phone numerous times, deleted all files from the laptop but still no resolution. As a result, the phone does not really synchronise.
    This started somewhere in May 2011 when I upgraded what proved to be a problematic s/w version and the phone has not recovered since.
    Now I cannot update the iPhone s/w any longer.
    Any clue?

    You may have to try deleting all the music from your phone (by going to Settings>General>Usage>Music, swipping All Music and tapping Delete), then sync it all back on with iTunes in order to fix this.

  • The credit card info on the account has changed but for some reason there is no option for me to make the changes.  In addition, cloud has stopped working and all other programs that need to be updated cannot be.

    the credit card info on the account has changed but for some reason there is no option for me to make the changes.  In addition, cloud has stopped working and all other programs that need to be updated cannot be??

    Make sure that EVERY DETAIL is the same in every place you enter your information
    -right down to how you spell and punctuate the parts of your name and address
    Change/Verify Account https://forums.adobe.com/thread/1465499 may help
    -Credit card https://helpx.adobe.com/utilities/credit-card.html
    -email address https://forums.adobe.com/thread/1446019
    -http://helpx.adobe.com/x-productkb/global/didn-t-receive-expected-email.html

  • I've downloaded current update for iPad 2 but it won't install. It keeps coming up as an error. I have deleted many apps but didn't help the situation...

    I've downloaded current update for iPad 2 but it won't install. It keeps coming up as an error. I have deleted many apps but didn't help the situation... What's causing this and how do I fix this?

    What is the latest iOS for iPad 2? Is it iOS 7 or can you update to 8?
    all I remember is that my iPad mini performed poorly under iOS 7. Try to update it to the very latest version. Also you will have to use iOS 8.1.3, because 8.1.2 is no longer signed in case you were trying to install that. You can get the latest IPSW from http://IPSW.me just enter in your device and it will forward you to the right Apple ios download link.
    Another thing is keeping your device memory free, if you have a 16 gig device, it's harder to keep space free. my iPad mini is 16 gig, but all I can ever keep free is 1 GB so I keep it at that. Turn off "iCloud photo sharing beta" and that will help a little bit. also when you do a restore from iTunes, don't restore your backup right away, see how it performs fresh, and then add your apps back in one at a time you might have to sacrifice photos and other personal things for performance.

  • For some reason I am ending up in the Spanish App Store. How do I change back to the US store?

    For some reason I am ending up in the Spanish App Store. How do I change back to the US store?

    What device are is this happening on....
    GB

  • I try to buy credit for my vonage app but doesn't let me. Why???? I am getting mad!

    I try to buy credit for my vonage app but doesn't let me. Why???? I am getting mad!

    Any particular error msg popping up?   Can you buy other apps through App Store?

  • HT1766 Hello there, started to sinc my iPad 3 to my iPhone 5 with iCloud and a lot off the items did copy over, I was connected to a power supply but for some reason it's still missing half the items and I am struggling to retrieve them can you help pleas

    Hello there, started to sinc my iPad 3 to my iPhone 5 with iCloud and a lot off the items did copy over, I was connected to a power supply but for some reason it's still missing half the items and I am struggling to retrieve them can you help please.
    Thank you Callum Gordon

    Well the term "hotlined" I have never heard before. In any case many states (like NY) just passed regulatory powers to the State Public Service Commission of which it may be called something different in your state. You could file a complaint with them. Or file a complaint with your state attorney generals office, they also take on wireless providers.
    The problem here is the staff you speak to are poorly trained, in days gone by it took one call to them and they pulled up your account and see the error and had the authority to remove any errors. They did not remove legitimate account actions, but used their heads instead of putting a customer off or worse lying to the customer.
    Its a shame you have to go through what you going through.
    Good Luck

  • Hi, for some reason screenshots have stopped showing on the appstore, ive tried resetting my cache, restarted computer and itunes, but there still missing

    hi, for some reason screenshots have stopped showing on the appstore, ive tried resetting my cache, restarted computer and itunes, but there still missing
    im using itunes for windows, windows vista 64bit

    hi, heres the info u requested
    Microsoft Windows Vista x64 x64 Ultimate Edition Service Pack 2 (Build 6002)
    Acer Aspire 6920
    iTunes 10.3.1.55
    QuickTime 7.6.9
    FairPlay 1.11.17
    Apple Application Support 1.5.2
    iPod Updater Library 10.0d2
    CD Driver 2.2.0.1
    CD Driver DLL 2.1.1.1
    Apple Mobile Device 3.4.1.2
    Apple Mobile Device Driver 1.57.0.0
    Bonjour 2.0.5.0 (214.3)
    Gracenote SDK 1.8.2.457
    Gracenote MusicID 1.8.2.89
    Gracenote Submit 1.8.2.123
    Gracenote DSP 1.8.2.34
    iTunes Serial Number 00D6ACD0035A7110
    Current user is not an administrator.
    The current local date and time is 2011-06-26 19:10:29.
    iTunes is not running in safe mode.
    WebKit-accelerated compositing is enabled.
    HDCP is not supported.
    Core Media is supported.
    Video Display Information
    ATI Technologies Inc., ATI Mobility Radeon HD 3650
    **** External Plug-ins Information ****
    No external plug-ins installed.
    The drive G: WD Virtual CD 1110 Rev 2003 is a USB 1 device.
    iPodService 10.3.1.55 (x64) is currently running.
    iTunesHelper 10.3.1.55 is currently running.
    Apple Mobile Device service 3.3.0.0 is currently running.
    **** Network Connectivity Tests ****
    Network Adapter Information
    Adapter Name:    {956AE0ED-F775-4157-8184-95CB8B89B99D}
    Description:    Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
    IP Address:    0.0.0.0
    Subnet Mask:    0.0.0.0
    Default Gateway:    0.0.0.0
    DHCP Enabled:    Yes
    DHCP Server:   
    Lease Obtained:    Thu Jan 01 00:00:00 1970
    Lease Expires:    Thu Jan 01 00:00:00 1970
    DNS Servers:   
    Adapter Name:    {805B9D00-0148-4062-8C0F-9DF326230B82}
    Description:    Intel(R) Wireless WiFi Link 4965AGN
    IP Address:    192.168.0.4
    Subnet Mask:    255.255.255.0
    Default Gateway:    192.168.0.1
    DHCP Enabled:    Yes
    DHCP Server:    192.168.0.1
    Lease Obtained:    Sun Jun 26 14:02:36 2011
    Lease Expires:    Mon Jun 27 14:02:36 2011
    DNS Servers:    192.168.0.1
    Active Connection:    LAN Connection
    Connected:    Yes
    Online:        Yes
    Using Modem:    No
    Using LAN:    Yes
    Using Proxy:    No
    SSL 3.0 Support:    Enabled
    TLS 1.0 Support:    Enabled
    Firewall Information
    Windows Firewall is on.
    iTunes is NOT enabled in Windows Firewall.
    Connection attempt to Apple website was successful.
    Connection attempt to browsing iTunes Store was successful.
    Connection attempt to purchasing from iTunes Store was successful.
    Connection attempt to iPhone activation server was successful.
    Connection attempt to firmware update server was successful.
    Connection attempt to Gracenote server was successful.
    Last successful iTunes Store access was 2011-06-26 18:57:29.

  • Want to buy something Ap Store and I came to buy I have the answers to the questions of safety, now I forgot them, I went to MY ACCOUNT MANAGER website and there was no reset was some other reset but it asked for the answers to Secure

    Want to buy something Ap Store and I came to buy I have the answers to the questions of safety, now I forgot them, I went to MY ACCOUNT MANAGER website and there was no reset was some other reset but it asked for the answers to Secure

    Morning AndreD86,
    Thanks for using Apple Support Communities.
    These articles explain exactly what is backed up by using their method.
    iTunes: About iOS backups
    http://support.apple.com/kb/ht4946
    and
    iCloud: Backup and restore overview
    http://support.apple.com/kb/ht4859
    Also we want to double-click the Home button and swipe the Task Bar to the right.
    Then make sure the button on the far left of Task Bar is not muted.
    Best of luck,
    Mario

  • TS3048 I'm having a difficult time getting my wireless keyboard & trackpad to work w/my iMac. I just changed the batteries on both devises but for some reason, after turning on and seeing the green light flash on both devises, won't connect to iMac. Pleas

    I'm having a difficult time getting my wireless keyboard &amp; trackpad to work w/my iMac. I just changed the batteries on both devises but for some reason, after turning on and seeing the green light flash on both devises, both won't connect to iMac. Please help...

    Hello:
    Try resetting the SMC:
    http://support.apple.com/kb/HT3964
    Barry

Maybe you are looking for