SSO for various applications within the same portal

Is it possible to implement SSO at the application level in an EP 7.0 environment?
Ex:  One Portal with ESS and BI Functionality (BI is connected to the BI backend, ESS is connected to the ECC backend, but all of it exists within the same portal instance) in which the BI Explorer would rely on SSO, while the ESS would require a logon to the portal.  The initial page of the portal would not be a logon screen, but rather a menu screen
Does this functionality exist?

For our purposes, ESS would have to be authenticated (perferably through Active Directory), while BI Explorer wouldn't require "visible" authentication, BUT the question would be, could all of this exist on the same portal..
I agree that it certainly wouldn't be user friendly to ask users to logon (using AD l/p) for certain parts but not others.  I think the solution would simply to have 2 portal instances (ESS/ECC = Logon/Password,  BI Portal = SSO), and to federate the BI to the ECC Portal. That way, if someone wanted to work in BI and only BI, they could go without logging on, but if they wanted to go to the ESS Portal they would have to logon BUT would be able to use both ESS and BI.
This all stems from an effort to eliminate the neccessity of having to logon to a portal (for a small group of managers), but still maintaining a level of security for ALL users in regards to employee self-service

Similar Messages

  • Copy an Application in the same portal?

    My application seelct data from tables in a specific schema. I want to create a demo, with the same forms, etc but with different tables (to allow me to change names, ids, etc). I recreated the tables as another user, but my LOVs all access the original. My plan is to recreate the application on the same portal server.
    When I tried to use appexp and appimp (CHECK) with a different app, eveything has the same portal IDs, so errors out with ID nnnn already exits. Is there a way to copy an app?

    Hi Andrew
    Try the following:
    Use export / import instead of the copy function.
    Between the two steps edit the export script by replacing all appearances of "old_schema" by "new_schema".
    Note: Editing the export script is a efficient way to make some changes. We use this step e.g. to replace the public templates when moving applications from the test to the production environment in order to respect the changed navigation logic.

  • Separate CSS files for Differenct Applications in the Same Workspace

    I am working in APEX 4.0, using Theme 4 (Topaz), primarily with the region template "Top Bar." The application I am working on has gotten so large that I decided to break it into two applications. So I copied the original application and then deleted the pages that I did not want in the second application. I then modified the authentication for a single login. One of the nice things about the Top Bar template is that you can color the background. I had a blue background in the first application and wanted to use a differenct color in the other. So I created a second CSS file and uploaded it to the Cascading Style Sheets area of the Shared Components file for the second application. Turns out that both it and the style sheet for the first application now show up in the CSS file area. The CSS file for the second application has no effect. Here is the CSS code:
          background-color: #E5E5AA;
         }I also tried giving the region on each page in the second application a static id and then identifying them in the CSS file by the id. That didn't work either, at least not yet. Sometimes it takes the server a while to refresh.
    Question: For two applications in the same workspace, can there be separate CSS files? If so, how do I set them up so that each responds only to one of the applications?
    Edited by: Doug on Nov 14, 2012 4:54 AM
    Edited by: Doug on Nov 14, 2012 7:16 AM

    If you upload your file to Shared Components >> Cascading Style Sheetst then:
    edit your page template in the header section and just before +*</head>*+ tag  add :
    <link rel="stylesheet" src="#WORKSPACE_IMAGES#MY_FILE.css" type="text/css" />And that will be applied for all pages that have the same Page Template.
    You can edit a page and put this in the header section to be applied only for a that page:
    <link rel="stylesheet" src="#WORKSPACE_IMAGES#MY_FILE.css" type="text/css" />
    <style>If the file is on your web server then replace #WORKSPACE_IMAGES# with #IMAGE_PREFIX#
    This should be helpful to you:
    Best Regards,
    If you believe that my answer is correct or helpful to you, then please mark it as helpful or correct...

  • Delivery without reference for stock transfer within the same plant 311

    Dear all,
    I need to create a delivery without reference for stock transfer within the same plant, movement 311,  i.e. just from 1 storage location to another storage location.
    I tried to use VL01NO with delivery type UL.
    Now my question is how can I assign a receiving plant for a customer?
    I can't do the MIGO or MB1B document because I need the delivery document (packing list, forms, Texts,...).
    It's possible this option???
    Thank you very much.

    What is the item category you are assigning while doing VL01NO?  Check the schedule line category for that item category assignment.  That Schedule line category has an option for one step GI.  There you can assign 311 or create a separate item category and schedule line category and in that SC assign 311. 

  • Newest MBA or MBP for large applications at the same time?

    Love the newest MBA and really want it - the reviews are so fantastic - but I am simply afraid of making the same mistake I've made in the past and ordering the less powerful machine. I currently have a Dell and an HP, and neither will allow me to use photoshop CS5 BY ITSELF with any efficiency, let alone while open with other applications such as internet explorer. The quality of webcam conversations with Skype is also very poor, despite a very fast internet connection. I am fed up and converting to Mac, just not sure which one to get - but I need it to be the best for PS and Skype. Advice from those who have used the newest MBA? Thanks!

    Ferrell, I have done what you suggested. I clicked onto the Spaces icon in the upper control panel and assigned spaces to six apps: Mail, Safari, iPhoto, iMovie, Pages, and iWeb.
    The problem is that if I am one app and I want to put something into that app, then the minute my mouse cursor goes to get that other thing, the original application into which I want the thing put GETS WHOOSHED OFF THE DESKTOP. What I want is for the original app to remain open whilst I go to retrieve a file or folder, and stay open while I put that thing into the original app.
    How does one turn off Spaces? I don't mean to delete all the names from the settings.I mean, just turn it off for a while so I can do something which requires for two apps to be open at the same time????
    ~ Lorna in Southern California

  • Pass Username & Password to a Different Application in the Same Workspace

    Can I pass the username and password from a main menu to open a different application in the same workspace. I'm trying to prevent the user from having to logon again. My main menu has links to different applications within the same work space.
    Thank you

    Anonymous - One way to do it (if you are using HTML DB's built-in session management) is to edit each application's authentication scheme and type in the same cookie name in the cookie name field (use any name you like). Another way is to use Single Sign-On.

  • Multiple layouts for the same user in the same portal

    I have a challenge.
    Currently there is a portal (6.40) running as a frontend for an application. So the portal is used for only this purpose. The content is a changed masthead and a number of WebDynpros and UWL's all accessing the same backend.
    Now there is a wish to use the same portal to execute a transaction iView for the same backend. Simple. BUT when a user uses the portal for the product he/she shall not see the transaction iView and also when the user sees the transaction iView, the WDs and UWL's should not be shown in the navigation. And also the masthead should be different on the two views.
    Putting in another portal is not anoption, this should be done on the same portal. The way I expect it to work is by accessing the same portal og two different URL's.
    Companies cannot be used since some of the users should be able to access poth views.
    I know that in a prefect world it would simply be a matter of creating two different roles and assign them as needed and if the user has both roles hen they would both be available in the navigation. But to the user the portal should look like different portals.
    Any suggestions on how to achieve this functionality?
    Thomas Mouritsen

    Hi Thomas,
    you have several options with the portal standard:
    1.) If the user only has one role assigned at a time you can attach the portal layout to the roles. So depending on the role the user has he sees the respective layout - BUT: how to asign the two roles to the user!? This can only be done by admins and I assume that it is no intended to call the admins every time the user needs the other role?
    2.) The entry to the portal is realized with different urls like and
    VIEW1 and VIEW2 are so called portal aliases and you can attach the different layouts to those aliases.
    BUT: the two roles have nothing to do with the aliases so you still have the problem of role assignment.
    3.) Each person gets two users with each user assigned to one role and one layout assigned to the user or group or role...
    Anyhow: I would ask the people who brought up the idea of two different layouts - WHY?? A portal is ONE single point of entry for EVERY application and information a user needs. So why two different layouts? And what, if five others are coming each bringing their own layouts, too?
    4.) If you really want to have different layouts each time a different top-level navigation point is active you have to program your own portal component. That would fit your needs but is besides standard.

  • Multiple applications running on the same portal server

    Environment : EP 7.0 SPS12
    We have multiple portal applications running on the same portal with different login page for each application. On one of our employee portal, we want to put a login page link for another portal application running on the same portal which requires a different user ID and password to access that application.
    The problem we are encountering is, the login page link we put in our employee portal is bypassing the login page for the other application and using the same session as the employee portal. What can I do to make sure application login page show up when accessing the link from employee portal?
    Your help is really appreciated.
    Bhabesh Patel

    thanks for the clarification. I think I do understand now and the only thing I can think of is to delete the session cookie.
    The problem with that is that you would not be able to use "simple" links (e.g. you could not just call the URL of the other application, but you would have to create some application (a simply JSP would probably be fine) that deletes the cookie and redirects you to the new application.
    An other option would be to create DNS aliases that so that the session cookie is not sent (but depending on your setup this might have other drawbacks). Since the cookies are not valid for the other domains you would always start with a new login when you access a new application (e.g. the employee portal has the url and the customer portal has Then (if the settings for,see is correct)
    Hope this helps,

  • Logic for DC selection for authentication within the same AD site

    Hello All, I am working on extending AD service from an existing data center to a new data center. As part of co-existence, I have created new DC's in the new data center but kept them as part of the AD site in the existing data center. Both the data centers
    have a 1 GB connectivity.
    What I would like to know is - would there be any internal logic in calculating which DC should a client authenticate against based on network latency or something like that ? I wanted to know if there was any way I can restrict the user workstations at
    the existing data center location (which is also the HQ location) to authenticate against the DC's available locally instead of travelling to the new DC's at the new data center, within the same AD site. I cannot make the new data center a separate AD site
    for now due to the migration challenges.
    Any inputs would be highly appreciated. Thanks in advance.

    Hi Goldy,
    I will recommend you to create a separate AD site and configure sites and services accordingly, if you dont want clients to authenticate against the new DC.
    DC locator is the service name which is responsible for assigning a logon DC to the client.
    If the DC's are in different sites you can configure the sites and services to point the client to correct DC in a site. AD authentication always distributed based on the sites and services you configured.
    You can configure ldapsrv records to authenticate against specific DC.
    Domain Controller Locator : an overview
    How DNS Support for Active Directory Works
    LdapSrvWeight & LdapSrvPriority 
    Domain Controllers Are Located in Windows
    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

  • Does the Imovie Application for Ipad 2 have the same trailers loaded that the Imovie for Mac has?

    Does the Imovie Application for Ipad 2 have the same trailers loaded as the Imovie Application for Mac regular computers

    They are 2 separate apps, there are no trailers for the IOS version.

  • Question relating tips for 2 DFF segments within the same group

    Hi All,
    I have a requirement where in I need to display a tip message for two of the DFF flexfield Segments within the same group. Currently we are displaying a tip for one of the DFF flexfield segment by placing it at the end of the Segment List and creating a normal tip message just below it. The shortfall of the above approach is when I add new segments to the DFF, the tip for the former segment is out of place.
    Also, I currently have a requirement to create another tip for another Segment which is part of the same DFF. Could anyone of you please suggest how both the tips for the 2 DFF segments of the same group can be shown on the same page?
    Edited by: user770244 on Nov 5, 2009 12:54 AM

    Hi experts,
    I am trying to find some solution that way:
    - Maintain field catalog (FBRC008): setting field Segment as "secondary organisational unit" and setting field parter segment as "Secondary partner unit"
    - Setting up a the reconciliation display (FBRC003) with the flag "Use Primary and Secondary org units and partner units in hierarchy display"
    But when I launch the reconciliation display, the following dump arises :
    In the current ABAP program "CL_FBRC_PRESENTATION==========CP" the internal
    table "<LT_TOTAL>" was to be
    processed with "SORT".
    At the same time, a component "SEGMENT " was dynamically specified as content
    of the field "ME->MD_SECONDARY_ORGUNIT_FIELD".
    Do you have any explanation for that dump?

  • Two Urls for the same portal server

    I have to access the same portal server for the two diffent url links.
    This is required for me to have two different logon pages for the portal for completely different urls.
    Please share your ideas here!

    say for example
    your one URL is
    and the second URL is
    and maintain two umLogonPagedefault.jsp with names,
    umLogonPage1stURL.jsp and umLogonPage2ndURL.jsp and do the necessary coding you want inside the JSPs.
    Now, umLogonPage.JSP is the JSP file responsible for determinig your portal URL to open when user wants to enter into portal. So Open that JSP(umLogonPage.JSP) and do like this:::
    String strReqURL = request.getRequestURL().toString()==null?"" : request.getRequestURL().toString() ;
    if ( strReqURL != null && strReqURL.endsWith("/1stURL"))     
         <%@ include file="umLogonPage1stURL.jsp"%>
    else if ( strReqURL != null && strReqURL.endsWith("/2nuURL"))
    <%@ include file="umLogonPage2ndURL.jsp"%>

  • I want to check the status of application No.  For it is written in my account was canceled and I did not do so I urgent news about his condition and the reason for canceled I redial the same time as the sender befo

    Thank you for your attention
    I want to check the status of application No. W439602096
    For it is written in my account was canceled and I did not do so
    I urgent news about his condition and the reason for canceled
    I redial the same time as the sender before you
    We are waiting for you

    This is a user to user forum. You are not talking to Apple here. We cannot help you; you will need to contact wherever the order was placed.

  • How to apply different styles to Portlets on the same Portal page?

    How do you apply different styles to Portlets on the same Portal page?
    I'm new to this kind of thing, but understand that something called "cascading style sheets" can help here?
    What are these, how do you use them, and can you make different Portlets (all types - PL/SQL, Java, Applications, etc) on the same Portal page have different styles assigned?

    Apply Oracle Portal styles at the region level. Your portlets within each region will inherit the style defined for the region.
    You may want to check out Report #40050 at, "Design an Attractive and Compelling Portal Interface" for a good overview of the various design features of Oracle Portal.
    Here is the link:

  • IdM 7 and SSO for legacy applications

    Dear experts,
    Per SAP NetWeaver 7 documentation new approach allows SSO for any legacy applications without a need for a 3rd party IdM solution.
    Could someone explain how this is handled? Does evary non-SAP application need to become aware of SAP IdM credential store and be able to interact with it, or some other - non-intrusive approach is being used?
    Thanks in advance,

    Hi Eugene,
    SAP NetWeaver Identity Management 7.0 handles the provisioning of users (identities) for a heterogeneous landscape. Authentication and Single Sign-On (SSO) is being handled within the SAP NetWeaver platform. So introducing SAP NetWeaver Identity Management itself does not introduce additional SSO functionality.

Maybe you are looking for