SSO (single sign on) on NetWeaver 7.0 Enterprise Portal based on spnego with Microsoft Active Directory

Similar Messages

• Single sign on and microsoft active directory

  Hi,
  I have EBS 12.1.3 on linux. I know that I can implement single sign on to login to EBS. Now the question is: can I integrate this single sign on with my existing Microsoft Active Directory? Can you send me some links or documentation?

  Self-reply:
  http://blogs.oracle.com/stevenChan/2006/05/indepth_using_thirdparty_ident.html
  Thanks

• Problem in SSO (Single Sign On)

  I have configured all the necessary steps for setting up SSO between SAP EP and ECC system. But when i am trying to open a transaction iview from portal its giving me ecc login screen and it is not taking me directly to that transaction.
  This is the login screen message i m getting:
  SSO logon not possible; browser logon ticket cannot be accepted
  Choose "Logon" to continue A dialog box appears in which you can enter your user and password
  No switch to HTTPS occurred, so it is not secure to send a password
  What could me the reason for this, what steps I am missed out.
  Need help on this..

  Hi,
  " SSO logon not possible; browser logon ticket cannot be accepted "
  I believe your SSO is not configured properly,
  First test the connection between ECC and EP
  1. login to portal -> system administration->system confgiuration->select the ECC system right click open->connection tests
  make sure that  you get a tick mark. againt all in particular for  " connection test for connectors"
  2. If your test conenciton is not working probably  SSO is not confgiured properly.
  3. try importing portal certificate to ECC and vice versa
  4. in strustsso2 check whether you have added the logon tickets for the clients under ACL.
  regards,
  prakash

• SSO All SAP solution with windows Active directory

  Dear Experts,
  We have multiple sap solution like
  SAP ERP EHP7
  SAP BW
  SAPBO
  SAP EES/MMS
  SAP Solution Manager
  And all solutions based on Operating system AIX and database is DB2
  We want to configure SSO ( using windows 2012 active directory users ) with all above systems and it's clients.
  Kindly guide me how to achieve SSO using Windows 2013 active directory users.
  DO we need LDAP between Active directory and all servers ?
  we need additional SAP license
  please guide me
  Regards

  Hello
  You can use SAP Single Sign-on 2.0 solution by SAP to integrate all your systems with SSO. The solution contains all what is required for configuring SSO in SAP ABAP and Java Systems. To know more, you may refer:
  1. SAP NetWeaver Single Sign-On 2.0 – SAP Help Portal Page
  2. Implementing SAP NetWeaver Single Sign-On 2.0 Based on Kerberos Tokens 1/4 - YouTube
  3.Implementing SAP NetWeaver Single Sign-On 2.0 Based on Kerberos Tokens 2/4 - YouTube
  4.  Implementing SAP NetWeaver Single Sign-On 2.0 Based on Kerberos Tokens 3/4 - YouTube
  5. Implementing SAP NetWeaver Single Sign-On 2.0 Based on Kerberos Tokens 4/4 - YouTube
  You will have to buy license for SAP Single Sign-on 2.0.
  Regards,
  Tapan

• SSO for SAP and Non-SAP applications without Enterprise Portal

  Dear all,
  Is it possible to implement SSO for both SAP and non-SAP applications without involvement of EP at all?
  I have gone through this link.
  <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/e5/4344b6d24a05408ca4faa94554e851/frameset.htm">http://help.sap.com/saphelp_nw04s/helpdata/en/e5/4344b6d24a05408ca4faa94554e851/frameset.htm</a>
  But I still i am not able to get the precise answer on how to enable SSO for both  SAP and non-SAP applications without EP.
  We have decided not to implement EP in first phase of SAP implementation. But we need to enable SSO for other SAP and Non-SAP applications.
  A detailed description on how to deal this kind of scenarios will be helpful.
  Thanks.

  A client of our's uses <b>SAP Enterprise Portal</b>, and is using the SAP SSO, which is implemented with tickets, and requires the use of SAPSECULIB.  My company provides an application for this client, and our application in hosted in our data center for the client, as a Software as a Service application, obviously across the internet.  Our client, which owns a SAP license, has asked that we support the SAP SSO as a non-SAP SSO application.  The client user's SSO ticket will be created from SAP EP, and then passed across the internet to our application, and we are to use that SSO ticket as an authentication ticket to our application.  I beleive I know how to do this work technically, having reviewed the SAP document named: "Dynamic Library for Verifying SSO Tickets in Third-Party Software"   Specification   Version 2.00  December 2005.
  My question is, does my company have the right to use the SAPSECULIB?  Where is the official download and <b>license</b> download, that indicates we can download this library, and use it to support a SAP customer?  We do not own a SAP license.  Thank you for your help.  I have searched many places in SAP support.<b></b>

• RE: Help on Development Consultant SAP Netweaver 2004 u0096 Enterprise Portal

  Hi ,
    I am planning to take Certification on Certification ID for Development Consultant SAP Netweaver 2004 – Enterprise Portal  {(Booking code): C_TEP15_04}. Can someone help me regarding the material availability.
  Thanks
  Venkat

  Hello Venkat,
  Exactly what kind of "material" are you looking for? The following site, https://www.sdn.sap.com/irj/sdn/developerareas/ep, has a Sneak Preview of SAP NetWeaver for downloading and eLearning material for you to go through to prepare yourself by going through the sample.  Does that help?
  Regards,
  John Ta

• Development Consultant SAP Netweaver 2004 u0096 Enterprise Portal   Questions

  Hi
  I am planning to complete Development Consultant SAP Netweaver 2004 – Enterprise Portal
  I want to know the Cost for this Certifiation
  Guide lines how to prepare for this certification
  Please help me regarding this
  Thanks
  Venkat

  Hello Venkat,
  Exactly what kind of "material" are you looking for? The following site, https://www.sdn.sap.com/irj/sdn/developerareas/ep, has a Sneak Preview of SAP NetWeaver for downloading and eLearning material for you to go through to prepare yourself by going through the sample.  Does that help?
  Regards,
  John Ta

• Bex Web Application Designer launched from desktop NOT SSO (single sign-on)

  NW 2004s
  BI 7.0
  The SSO from the Portal to BI/BW is working correctly, The SSO from BI/BW to the POrtal is working correctly.
  The problem is from the desktop, launching Bex Web Application DEsigner, it prompts to Logon to the BI system, then when you execute the selection it prompts you to log on to the Portal. I would expect the Portal logon to be SSO. Is there an SSO option for the Bex WAD I need ?
  Is there a  Bex tool or desktop configuration that I need to implement?
  Thanks in advance for any help
  Sarah

  Hello Sarah,
  Please refer this SSO SAP Pages
  http://help.sap.com/saphelp_nw04s/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm
  For Portals
  http://help.sap.com/saphelp_nw04s/helpdata/en/89/6eb8deaf2f11d5993700508b6b8b11/content.htm
  You can also refer this forum
  /thread/342517 [original link is broken]
  Hope it helps
  Thanks
  Chandran
  Edited by: Chandran Ganesan on Feb 6, 2008 8:26 PM

• OracleAS SSO - Microsoft Active Directory External Authentication Plug-in

  hi ,
  I recently inherited support of a Oracle SSO/OID environment where we use AD and a external Authentication Plug-
  in to talk to it as user credentials are managed in AD,
  We have a lot of domain controllers for AD in our env , so my questions is
  1) How do I find out which AD server is the plugin currently referring to ,
  I need to know this info ASAP as lot of AD servers are getting decomissioned and I want to make sure the SSO env
  is not talking to a AD server that would get decomissioned soon

  hi,
  Look in the integration part in oidadmin. ActiveChgImp
  $ORACLE_HOME/bin/oidadmin
  or look for ad2oid.properties
  or look at this URL http://www.oracle.com/technology/obe/obe_as_10g/im/ads_import/import.htm
  is what I used to configure ours
  Regards

• 3 topics in  Dev Cons SAP Netweaver 2004 u0096 Enterprise Portal

  Hi All,
  I read that the following topics form a part of the devlopment consultant EP certy exam.
  Please take a look at them below and let me know:
  <i>Are these just theoritical concepts for the exam?
  In KM you can do stuff through wizards as well as Code API's, so are these topics related to the former or the API's with certy. point of view.?</i>
  9. KMC Overview(+)
  • Repository Framework
  • Types of Locks
  • Information sources
  10. KMC Getting Started(+)
  • Project Structure
  • Deployment
  11. KMC Using the Repository Manager(+)
  • Methods
  • Resource Factory
  • Versioning Manager
  • Version History
  • Functions of the Security Manager
  And can you give me some online reference matter for the above topics considering with what aspect they are based on my questions.
  Thanks a lot.

  Hi ,
  Go thru this link
  This is simple link.
  http://www.braincert.com/portal/modules.php?name=TestEngine&file=tests_new&cPath=&sort=&filter_id=1&tEsid=6acfb4d2eeaab02a7709db734339c835
  thanks
  Lohi.

• Single Sign-On (Portal to R/3 Backend)

  Hi all,
  Iu2019m trying to implement Single Sign On (SSO) between our SAP portal (front end) and SAP R/3 ECC 6.0 Backend.  Keep in mind this has nothing to do with Active Directory.
  I read posting after posting from this site and I canu2019t tell you how much documentation and canu2019t seem to get to the root cause of the problem.
  To sum it up, the Test connections in the Portal, which there are 3 (SAP Web AS Connection, ITS Connection, and Connection Test for Connectors)
  The connection tests work for the first 2.  The one that fails is the Connector.
  The errors are not much help.  Here is what I get.
  Test Details:
  The test consists of the following steps:
  1.     Retrieve the default alias of the system
  2.     Check the connection to the backend application using the connector defined in this object.
  Results:
  1.     Retrieval of default alias successful.
  2.     Connection failed.  Make sure the Single Sign-On is configured correctly. 
  Details:       Portal Host name = lansapdep01
       Backend Host name = lansapdev01
  Property Category:  Connector
  Application Host = lansapdev01
  Gateway Host = lansapdev01
  Logical System Name = devcln150
  Remote Host type = 3
  SAP Client = 150
  SAP System ID <SID> = DEV
  System Number = 01
  Server Port 3600
  System Type =  SAP R/3

  You use Server Port 3600, message server.
  It means, while creating a system you used wrong template and picked "SAP system using dedicated application server".
  You should use "SAP system with load balancing", since message server is doing load balancing.
  Once you selected correct template you will see "Message Server" instead of App and GW servers.
  Make sure to fill in
  Group  - Logon group to use. If not defined in R3, use SPACE
  Message Server - ansapdev01
  SAP Client = 150
  SAP System ID <SID> = DEV
  Server Port 3600
  System Type = SAP R/3
  It should work.
  Regards,
  Slava

• How to use single sign-on  for BCC and Experience Manager

  Does anyone have experience in implementing single-sign-on for BCC and Endeca Experience manager for business users.

  With the older versions of Endeca commerce stack there is no OOTB support for this. However with Oracle Commerce 11, SSO with BCC and Experience Manager are out of the box. Oracle Commerce 11 is released today.

• ADFS single sign-on with office 365 and multiple forests

  I have 2 forests with one of them (Forest A) only running Exchange / Office 365 in hybrid mode. The other forest (Forest B) has my AD accounts for everyday user login and work. Is there a way to set up ADFS between these 2 forests in order for Forest B
  to achieve single sign-on to office 365? Today users have to login with separate office 365 accounts in order to access email and sharepoint. Short of migrating Forest A into Forest B and getting down to one forest / domain, is there anything else we can do
  to achieve single sign-on?

  Hi,
  Based on my research, we can have one ADFS farm servicing multiple forests, here are some related articles below for your references:
  Multi-forest and Multi-tenant scenarios with Office 365
  http://blogs.technet.com/b/educloud/archive/2013/08/02/multi-forest-and-multi-tenant-scenarios-with-office-365.aspx
  Hybrid Deployment Prerequisites
  http://technet.microsoft.com/en-us/library/hh534377(v=exchg.150).aspx
  SupportMultipleDomain switch, when managing SSO to Office 365
  http://blogs.technet.com/b/abizerh/archive/2013/02/06/supportmultipledomain-switch-when-managing-sso-to-office-365.aspx
  For more information about Office 365, I suggest you refer to Office 365 community below:
  http://community.office365.com/en-us/f/default.aspx
  Best Regards,
  Amy

• MS Outlook Integration with CRM & Single Sign-On for Mobile\Blackberry

  Hi,
  Weu2019re looking at implementing CRM and have some questions on whether SSO (Single Sign-On) is a requirement for integrating Outlook with CRM for access via Mobile\Blackberry devices or not. I've the following questions:
  - For integrating Outlook and Active Directory with CRM is SSO implementation a MUST?
  - Also, is it possible to integrate Outlook without Active Directory integration with SAP esp. CRM?
  Mandeep Virk

  We got this figured out a couple of months earlier. It's nto a requirement to have SSO enabled for MS Outlook integration w/ CRM for Mobile\Blackberry use.

• Single Sign On in OBIEE

  Hi Gurus,
  I have 2 Enterprise Manager (one for BI Applications, one for web portal).
  I want the user&group listed in Enterprise Manager for web portal, can be used for login in Enterprise Manager & Analytics of BI.
  I have moved some WLS*.jar from EM web portal to BI.It was worked for Enterprise Manager of BI.
  I can login in Enterprise Manager BI using username of Enterprise Manager of web portal.
  But, it failed when login to Analytics BI. I guess it related to BI roles(BIAdministrator, BIAuthor, etc) which can't be recognized.
  Do anybody know how to build single sign on here?
  PS:
  I use OBIEE 11.1.1.6
  Any help would be appreciated
  Regards
  JOE
  Edited by: JoeSSI on Nov 7, 2012 10:47 PM
  Edited by: JoeSSI on Nov 13, 2012 3:35 AM

  Hi Alastair,
  Thank you so much for this really very very helpful document but still I am facing some issues:
  1.     The pdf file is specific to Linux environment while I have windows environment for:
  Oracle Application Server 10.1.3.x
  OBIEE Server 10.1.3.4
  2.     We are using MS Active Directory for the domain login authentication process. I have configured the OBIEE with that Active directory to allow users to use their domain credentials to login to OBIEE. I need to provide the SSO in this environment. But the document provides very good and elaborated information about SSO using OID. Is there any way we can do SSO using MS AD or we have to import the users in OID?
  3.     We are using a db table for the authorization process for users after authentication is passed in which we are storing the USER NAME and GROUP information. The Authorization block of rpd select the corresponding GROUP from this table using SQL query and authorizes the users for their access scope. I was trying to execute the function AD_Authorization using the sql supplied after creating it in db but it is showing the below error: (Oracle11gR2 DB Server)
  SELECT getldapgroups('domainname\username') FROM dual;
  ORA-31202: DBMS_LDAP: LDAP client/server error: Invalid DN syntax. 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece
  ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86
  ORA-06512: at "SYS.DBMS_LDAP", line 1487
  ORA-06512: at "SYS.DBMS_LDAP", line 234
  ORA-06512: at "SCHEMA.GETLDAPGROUPS", line 45
  4.     Can we install OIM on Windows machine having the Oracle DB server installed already on it?
  Your valuable response will be much awaited.
  Thanks,