SSO from JSP to IIS

Security gurus,
I am trying to implement a simple Single Sign-on solution and have been having pretty hard time getting it to work! I am wondering if you would be able to help me out..
The description of the problem and the attempts I made are presented below.
We have a web app that is restricted and hosted on IIS (windows 2000) server.
Now, I have a JSP that has the following link:
Secure Page
When the users click on it, they need to be able to access the Secure Page without being prompted for windows challenge (uid/pwd) window. mysite.com is configured to accept both 'BASIC' and 'Intergrated Windows Authentication'.
In the JSP, I know the username, password and domain. Somehow, I need to pass this authentication info to IIS, so that it does not prompt for uid/pwd pop-up.
Some of the approaches tried:
1) <form name="postForm" action="http://username:[email protected]" method="post" target="_blank" >
</form>
Secure Page
This thows an HTTP 405 (page expired) error. Even trying to access www.yahoo.com gives 405 error. Even if this worked, the uid and pwd will be visible in the browser and so, it is not acceptable.
2) Tried setting HTTP headers (appropriately Base64 encoded) but that did not work either. Here, I am not sure if I am soing the right stuff. Tried using the WWW-Authenticate and Authenticate headers.
3) The following link that has a good thread, but it does not address my prob. It is related, but not of direct help.
http://www.jguru.com/forums/view.jsp?EID=393110
Any leads that you could provide, would be of HUGE help. This has been giving me sleepless nights for a week! It shouldn't be that hard to accomplish this. Not sure where am I doing it wrong.
Thanks,
Anant

If the secure page needs basic authentication (that mean, if you configured it to be protected like that), sending the right HTTP headers should work.
You need to send your headers like this:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
The puzzled string is the Base64 coded username:password. See
http://www.zvon.org/tmRFC/RFC1945/Output/chapter11.html#sub1
for details.
--pn                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

Similar Messages

  • SSO from portal to Java based web application not happening

    Hi,
    We are trying to configure SSO from SAP Enterprise portal with Java based
    web application(Solaris on SPARC 64 bit).
    Then we downloaded library files for "Solaris on SPARC 64 bit" from
    service market place from the path "Support Packages and Patches"
    Additional Components" SAPSSOEXT".
    We are successful in sending the portal side cookie to the application.
    But while loading the library files we get the following error
    INFO | jvm 1 | 2009/04/13 04:47:00 | java.lang.UnsatisfiedLinkError:
    /usr/local/blackboard/apps/tomcat/lib/libsapssoext.so: ld.so.1: java:
    fatal: /usr/local/blackboard/apps/tomcat/lib/libsapssoext.so: wrong ELF
    class: ELFCLASS64 (Possible cause: endianness mismatch)
    Can you please suggest us what went wrong in this whole process.
    But when i tried with the 32 bit library files i was able to load libsapssoext.so file but when I
    tried to initialize libsapsecu.so i got the below message
    java.lang.Exception: MySapInitialize failed: rc= 14
    Also do we require to take"SAPSECULIB" from Support Packages and Patches" ...>Additional Components" ...>SAPSECULIB" ...>SAPSECULIB 5.4  for this SSO activity.
    Please get back on this ASAP as we are nearing the golive date.
    regards
    Bharath

    hi,
    am facing similar issue... i.e.
    java.lang.Exception: MySapInitialize failed: rc= 14
            at com.mysap.sso.SSO2Ticket.init(Native Method)
            at com.mysap.sso.SSO2Ticket.<clinit>(SSO2Ticket.java:27)
            at org.apache.jsp.index_jsp._jspService(index_jsp.java:92)
            at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
            at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
            at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
            at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
            at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
            at java.lang.Thread.run(Thread.java:619)
    static beendet.
    java.lang.Exception: MySapEvalLogonTicketEx failed: standard error= 9, ssf error= 0
    CustomeSSO: Object is null.
    pls. help me in resolving it.
    rgds,
    santosh malavade

  • SSO from Web Application to EP

    Hi,
    We have a requirement where we have to provide SSO from some web application to Portal (EP6 SP15).
    This web application will be having link to portal on its pages.
    User store for Web Application and Portal is different.
    This Web Application can be accessed from Internet.
    We have not yet decided about accessing Portal from internet.
    Is there any solution to this? Is this doable??
    I have looked at thread
    SSO from .Net application to SAP Portal
    can anyone provide more information??
    Thanks in advance

    Hi Santosh,
    there is not much to explain. It your web app side, you must have some matching table between webAppUser and the portal users and their passwords, like:
    webAppUser1  portalUserA  xy56123
    webAppUser2  portalUserB  g6324s3
    Your own "integration" checks which user is logged on, takes the portal user name and password and calls the portal with the parameters "j_user" and "j_password" (and "login_submit=true"); for example via the client and a form where these values are put in and the target is requested per POST. And that's it. For the form (including the pwd) would be send to the client from your webApp server, you definitely should use https at least, as already stated.
    Hope it helps
    Detlev

  • SSO from Microsoft wabsite to SAP Portal

    Hi
    My client wants SSO from .net based Microsoft website to SAP Portals. Requirement is that when customer enters the website e.g. www.mysite.com , he will be automatically gain access (SSO) to  SAP Portal .
    How it can be done ?
    Please help
    Thanks in advance

    Hi Ananda,
    This link answers your query.
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/interoperability/dotnet/_web%20services%20and%20a2a%20interoperability%20center/sample%20application%3a%20sso%20with%20a%20.net-based%20web%20service%20client%20using%20sap%20logon%20tickets.pdf
    Reward points if handy!
    Regards,
    Sandeep Tudumu

  • SSO from Microsoft ISA to SAP enterprise Portal

    Hi Gurus,
      Our vendors access the Internal network using MS-ISA as proxy.The first point of authentication is MS-ISA where the Vendor needs to give his User id and Password.After that he hits the Internal Portal and is prompted for a Login  again.Is there a way to set up SSO from MS-ISA to SAP EP7.0 so that there is no need for second Logon.
    Thanks in Advance!

    The easiest, and common way to solve this, l but not the only way is to use ISA as a proxy and use the fact that the ID of the authenticated user can be stored in an http header variable (e.g. REMOTE_USER). This HTTP header variable can then be used by the back-end SAP system (internal portal) to authenticate the user and issue an SSO2 ticket so that the authentication only needs to occur first time they access a page on the SAP system.
    The use of HTTP Header variables in SAP J2ee engine is widely documented on SDN and in SAP help library.
    Thanks,
    Tim

  • SSO from non-SAP J2EE to NW04 ABAP WebService

    Hello,
    I currently have issues establishing SSO from a J2EE (which is NOT a NetWeaver system) server to a WebService that resides on a AS ABAP 6.40. When I look over the options I see no obvious SSO solution. I cannot be the only one in this situation. Which solution have you managed to implement.
    I must stress that username/password is not a solution.
    Withouth really understanding the different scenarios, I would prefer to make som sort of trust relation. And then just let the calling application supply the username in a header variable
    Best regards,
    Thomas Mouritsen

    >
    Thomas Mouritsen wrote:
    > Hello,
    >
    > I currently have issues establishing SSO from a J2EE (which is NOT a NetWeaver system) server to a WebService that resides on a AS ABAP 6.40. When I look over the options I see no obvious SSO solution. I cannot be the only one in this situation. Which solution have you managed to implement.
    >
    > I must stress that username/password is not a solution.
    >
    > Withouth really understanding the different scenarios, I would prefer to make som sort of trust relation. And then just let the calling application supply the username in a header variable
    >
    > Best regards,
    > Thomas Mouritsen
    Well, the best solution would be using message-based authentication (WS-Security) - either "X.509 Token" (digitally signed message) or "SAML (1.1) Token". Unfortenately you are using an older ABAP system where this feature is not available.
    Especially regarding Web Services it is definetly worth to consider upgrading to NWAS 7.0 Enhancement Pack 1 (or at least: NWAS 7.0 with SP14 or higher).
    But it also depends on the capabilities of "your" J2EE server. Does it support WS-Security and SAML Tokens? Can it servce as SAML Source Site?
    Transport-level security (e.g. SSL with X.509 client certificates) will not help in your scenario (system-to-system calls). It would only be an option if the WS Consumer is an User Agent (-> SSL client represents a single user); only then X.509 client certificates can be used for SSO.
    Best regards, Wolfgang

  • SSO from Non-SAP portal to EP

    Hi.
    We need SSO from Non-SAP portal to EP.
    The Non-SAP Portal has publish Form-based authentification.
    I mean userid&password set to URL.
    Then the EP can generate SAP Logon ticket to backend system?
    regards,

    How to Enable Single Sign-on with Non-SAP Web Application                    
    I have very good material coollected for the same implement this.
    http://help.sap.com/saphelp_nw04/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm                                             
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a7b5ba90-0201-0010-4dbc-8f999dcd2798                                                                                
    Cheers!!                                             
    SJ.

  • Values from JSP to Struts Action Class

    Dear All,
    Am working on a small struts project, i want to get values from JSP in the Action class, i tried with sending variables using request through URL, it works fine, any other way is there to send the values from JSP to action class. Am not having any input fields in the JSP.I have links.
    Thanks,
    vyrav.

    I have a dispatch action for that am calling the action like this viewfiles.do?parameter=edit, and i have to send a variable ID from the same page, so am doing like this through java script, viewfiles.do?parameter=edit&id=10. Am able to get the id in the dispatch action edit, but when i start tomcat with security manager its not calling the action itself and its giving accesscontrol exception, but when i directly type viewfiles.do in URL its calling the action.
    I dont know wats the problem, tomcat security manager not allowing this. Please help me.
    Thanks,
    vyrav.

  • How to get an ArrayList Object in servlet from JSP?

    How to get an ArrayList Object in servlet from JSP?
    hi all
    please give the solution for this without using session and application...
    In test1.jsp file
    i am setting values for my setter methods using <jsp:usebean> <jsp:setproperty> tags as shown below.
    After that i am adding the usebean object to array list, then using request.setAttribute("arraylist object")
    ---------Code----------
    <jsp:useBean id="payment" class="com.common.PaymentHandler" scope="request" />
    <jsp:setProperty name="payment" property="strCreditCardNo" param="creditCardNumber" />
    <%-- <jsp:setProperty name="payment" property="iCsc" param="securityCode" /> --%>
    <jsp:setProperty name="payment" property="strDate" param="expirationDate" />
    <jsp:setProperty name="payment" property="strCardType" param="creditCardType" />
    <%--<jsp:setProperty name="payment" property="cDeactivate" param="deactivateBox" />
    <jsp:setProperty name="payment" property="fAmount" param="depositAmt" />
    <jsp:setProperty name="payment" property="fAmount" param="totalAmtDue" /> --%>
    <jsp:useBean id="lis" class="java.util.ArrayList" scope="request">
    <%
    lis.add(payment);
    %>
    </jsp:useBean>
    <%
    request.setAttribute("lis1",lis);
    %>
    -----------Code in JSP-----------------
    In testServlet.java
    i tried to get the arraylist object in servlet using request.getAttribute
    But I unable to get that arrayObject in servlet.....
    So if any one help me out in this, it will be very helpfull to me..
    Thanks in Advance
    Edward

    Hi,
    Im also facing the similar problen
    pls anybody help..
    thax in advance....
    Litty

  • Launching a Discoverer report from jsp page

    Hi
    I have a discoverer workbook created using BI Discoverer (for relational). I want to accept some parameters for this workbook from a jsp page, which will also have a "View report" button. This button when pressed should open up the Discoverer workbook and all the parameters from the jsp should be passed to the workbook.
    Is it possible? If yes, any details on it?
    We do the same thing successfully to launch Oracle Reports from jsps, we simply build the url in the jsp, and from jsp we submit it to a new window, and it opens up the report. Similar functionality we are looking to launch Discoverer reports.
    Any help will be appreciated.
    Thanks
    Shalu

    You can open the workbook with URL parameters with Discoverer Viewer much like you would Oracle Reports. Setting anything form the username, password, workbook name, worksheet, and parameters. All the information can be found in the following document:
    http://download-east.oracle.com/docs/cd/B14099_11/bi.1012/b13918/urlstart.htm
    The specific question your asking is addressed under 13.5.2 Example 2. Let me know if you have any issues
    Matt Topper
    Technical Management Consultant
    TUSC, The Oracle Experts
    [email protected]

  • How to call Crystal Reports10 from JSP?

    Hi!
    I want to generate a crystal report based on the parameters from database which in turn will be taken from jsp page.Can anybody help me on this?
    Thanks in advance!

    http://www.businessobjects.com/products/dev_zone/java/default.asp?ref=devzone_main
    Check their top 5 java downloads for documentation on how it works.

  • How to call servlet from jsp

    i m trying to call it from jsp using
    <a href="../purchaseP?orderno=<%=pno%>"><%=pno%></a>
    but its giving error..
    type Status report
    message HTTP method GET is not supported by this URL
    description The specified HTTP method is not allowed for the requested resource (HTTP method GET is not supported by this URL).

    i m trying to call it from jsp using
    <a href="../purchaseP?orderno=<%=pno%>"><%=pno%></a>
    but its giving error..
    type Status report
    message HTTP method GET is not supported by this URL
    description The specified HTTP method is not allowed
    for the requested resource (HTTP method GET is not
    supported by this URL).Are you implementing the doGet or doPost method in your servlet? If you are calling from a hyperlink then it needs to be implementing the GET method. To access the POST method use a html form.

  • How to call RDF report from JSP page

    Dear all,
    I want to call a RDF report from JSP page. I am creating the JSP page using j developer 10G.
    Can anyone help me out in this case. Is there any tag or procedure or any other way by of that i can perform this work.
    please help and send the reply on [email protected],[email protected]
    thanks
    Ashok

    Hi Ashok,
    You can use rwservlet - nothing really to do with JDeveloper. Once you have report server up and running (hint: read http://download-uk.oracle.com/docs/cd/B14099_19/bi.1012/b14048/toc.htm), you can call a report like this:
    http://server:port/rwservlet?report=my_report.rdf&destype=cache&desformat=html&p_my_parameter=xxx etcHope this helps,
    John

  • How to call cystal report8 report file from jsp page

    hi guys
    present i am using cystal report8 already i am having ReportViewer.jar and ReportviewerBean.jar files
    using that please send me sample code how to call that report from jsp page..
    and how to pass the parameters from jsp page to crystalreport8 report file.
    it was very urgent task to me..so please send sample code on above topic..
    or send me crystalreport8 API
    thanks
    regards

    Hi,
    I also want to work on crystal report but i dont have the ReportViewerBean.jar and ReportViewer.jar. So, please tell from where will i get those jar files.
    Thanks in advanced.

  • How to import and display an applet from JSP

    i m using netbeans 5.0
    i have class named myapplet.class
    and jsp named myjsp.jsp
    now i want to access(import) this myapplet.class from jsp
    also i want to display this applet from this jsp
    i am able to do either thing but not both
    so please help me it is so urgent and important for me bcoz
    i have to complete my project as early as possible
    Thanks in advance

    my jsp source file page path is D:\Reliance
    project\WebApplication3\web\
    and classes path is D:\Reliance
    project\WebApplication3\build\web\WEB-INF\classes\
    so problem is that if i want to use myapplet.class
    then i have to put my class in D:\Reliance
    project\WebApplication3\build\web\WEB-INF\classes\
    location
    but at that time i am not able to display this applet
    on my jsp
    if i put my myapplet.class in
    D:\Reliance project\WebApplication3\web\ then i m
    able to display
    applet but not able to access(import) this class
    hope you will got the problem!!!
    thanks for your reply !!!try to set the path of your applet on jsp something like this
    "WEB-INF/classes/myclass.class"

Maybe you are looking for

  • G5 CRASHES ON START UP

    My G5 1.8 dual has started crashing on start-up. I switch it on and it eventually powers up and I get my personalised desktop but as soon as I try to do anything I ge the spinning beach ball and cannot do anything but force it to close. I have tried

  • Using Windows Vista and IE7 with Forms based applications

    A user has Vista & iexplorer 7 installed on their machine and when they attempt to access the Professional Buyer responsibility (forms based) they receive an error message stating that 'Internet Explorer has stopped working'. When they attempt the sa

  • How to connect T6100 to the DVD - home cinema

    I really don't understand how I can connect 5.1 sound system T600 to DVD-player which have a 6 channels ( "cin-cin" connectors )?! Is better option to buy GD580 or T600? My DVD player support audio optical out connectors ? Please help me!

  • How to build Information button in WAD, web template

    Hello friends, I am working in BI 7.0 WAD well i designed a query in Bex and it is linked with portal , so if i run the query it shows the result in Portal On portal while executing the query if i filter on some characteristics, then there is a butto

  • FIND Last Purchase Order of specific materials

    Hello Gurus, I wonder if someone can help to find the last purchase order created of certain materiales, which tables Do i have to search for? thanks for the help.