Sso to a website

Similar Messages

• SSO to a website with applet as a home page

  Hi,
  we have a scenario in which we need to setup a SSO to a website which has applet as its homepage. I am trying to use the application integrator.
  did anybody else implemented this scenario, if so, could you please share your experiences or ideas with me.
  thank you

  You could use the mysapsso2 control for .NET and write a wrapper.  This would have to be an external page/application that would check for the existance of the SSO cookie and then do a redirect.  This has to be external because PDK does not support redirect.  At least this is my understanding.

• SSO to external website from portal

  We want to do a single sign on to an external website (non-sap). I know for SAP we can do a logontickets. But for non-sap external websites are there ways to do a SSO? Please help.

  please don't cross-post, see SSO to external website from portal
  kr, achim

• SSO with a website using Apache Httpclient form post

  Hi ,
  I am trying to obtain, SS0 with a website, that accepts the user information via post.
  I tried using app Integrator, but the website sends a cookie in first request, and redirects to another URL. App Integrator is only catching the first response.
  Thus i tried implementing this Form post using Apache HTTPClient class inside the Abstractportacomponent, as shown..
  The login is taking place. But, When i click on any link on the page, It is redirecting to the login page again, I am wondering where should i give the Cookie, so the portal request will include that cookie in its subsequent requests, so that i wont be prompted for login agian..
  thank you,
  chiranjeevi.
  public void doContent(IPortalComponentRequest request, IPortalComponentResponse response)
      {try
                    String url = "http://www.xxxxxxxxxxxxx.com/gold_online/validate.asp";
                    //Here, calling the timberline comes into place.
                     HttpClient client = new HttpClient();
                      PostMethod method = new PostMethod (url);
                      method.setFollowRedirects(false);
                      method.addParameter( "code","xxxxxxx");
                      method.addParameter( "upass", "xxxxxx" );
                                int statusCode = client.executeMethod( method );
                      if( statusCode != -1 ) {
                           // The Status code for this first request is 302..which is a redirect with the redirect path
                           Header locationHeader = method.getResponseHeader("location");
                           Header cookie = method.getResponseHeader("set-cookie");
                           String redirectedURL = locationHeader.getValue();
                           String host = "http://www.xxxxxxxxxxxxxx.com/gold_online/";
                           redirectedURL = host+redirectedURL;
                           GetMethod method2 = new GetMethod (redirectedURL);
                           method2.setFollowRedirects(false);
                           method2.setRequestHeader("cookie",cookie.getValue());
                           method2.addRequestHeader("Accept", "image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, /");
                           int statuscode2 = client.executeMethod( method2);
                           String contents  = method2.getResponseBodyAsString();
                           // Converting the Relative URLs to Absolute URLs
                           contents = replace (contents,"src=\"","src=\""+host);
                           contents = replace(contents,"href=\"","href=\""+ host);
                           Cookie ck = new Cookie("cookie", cookie.getValue()) ;
                           //adding the cookie to the response...
                           response.addCookie(ck);
                           response.write(contents);
                        method.releaseConnection();

  Hi Manish,
  first, welcome on SDN! About your question:
  The URL iView in SP9++ has been reported quite instable from different sides (just do a look on "URL iView" within this forum). The alternative for the aim you have is to use the good "old" application integrator iView, which behaves very stable and will do what you want without hesitating...
  Also see URL iView and HTTP System - SSO to web app
  Hope it helps
  Detlev
  PS: Please consider to reward point for helpful answers on SDN. Thanks in advance!

• Using ADFS authentication to perform SSO via HTTP GET request

  Hi,
  Can i authenticate users (those users are clients, at home) to a web application using ADFS without SAML tokens?
  The situation is that i want the clients to perform SSO to the website via a link they receive in their mailboxes. 
  I thought about a solution that combines JWT in a URL link that each user will get to his private mail. this link will contain the users' claim (such as ID Num, given from AD DS Server dedicated especially for them).
  Thus, the user will receive an email with a link that already contains a short period of time JWT to perform SSO to the webapp.
  Is it possible ? anybody heard about a similar solution ?

  Sandra
  Thanks for your message
  Here is the my requirment
  The basic flow of a Where 2 Get It REST API call is:
  1) create the required XML structure,
  2) URI encode it,
  3) make a HTTP GET request,
  4) then parse the return XML document.
  Currently i have some data in ABAP structure with 5 fields, i need to create XML from the those 5 fields,and needs to be URI
  encode it, and then needs to make a HTTP get request to connect Where to Get It REST API, finally it will return XML document via HTTP Get request , and then needs to convert the return XML to  ABAP structure for further processing .the above 4 points will be implemented in my report.
  Any  body could help on this

• Configuring SSO Between Portal & Any Third Party Website.....

  Hello All,
          I have a requirement to configure the SSO between Porat & any Website, Does anybody have experience of it. pls provide if any Doc is there or way of doing that ??
  thanks
  Smita

  Hi Smita,
  You can follow these steps:
  UPLOAD:
  1.Upload the par in PCD
  SYSTEM CREATION:
  1)Create ->System from par -> select com.sap.portal.howtos.webapp -> web application->give name & Id
  2)Properties-->object->system definition
         Name of the server : login.yahoo.com
         Port : (empty)
         URI :/config/login
  3)create alias
  4)set user Mapping
  IVIEW CREATION:
  1)Iview from par
  2)Iview type:com.sap-appintegrator.sap
  3)template:generic
  4)Properties Setting:
       System : (system alias name )
       URL Template :<System.protocol>://<System.server><System.uri>?<Authentication>
       URL Template fragment for UserMapping: <System.protocol>://<System.server><System.uri>?<Authentication>
  You can have a look at this blog:
  Step-By-Step Guide to implement Application Integrator
  Regards,
  Dhana

• When connecting to website using sso, packet sniffing shows ntlm user is using {server name}\{user name} instead of {domain name}\{user name}

  I moved to windows 7 and firefox 12 and my internal website via the servername (not FQN) is now prompting me for the username and password in firefox. I do not get prompted for a username and password when using IE9 to access the site via servername (not FQN).
  packet sniffing shows IE9 is using my windows domain as the windows domain. packet sniffing shows Firefox is using the web servers servername as the domain.
  If I use the fully qualified server name then firefox authenticates successfully. this is not a problem on my winxp workstation with firefox 12.

  The only time it fails is in windows 7 and the address used of HTTP://servername. I updated the above post to show it works in XP with ff12.
  There is no proxy server involved.
  I am logged into the domain.
  If I use the fully qualified servername as the address it works. Http://servername.domain.local

• Where on the Apple website  do I go to get a separate iCloud account for my wife so we can keep our text messages separate?

  Both wife and I now have Iphones.  Were on the Apple website do I go to get her, her own icloud account/email etc.  I want to keep the itunes apple ID the same sso we can share purchases, just dont need to see all her messages?

  On her iPhone. Settings>Mail, Contacts, Calendar>Add Account>iCloud>Get A Free Apple ID.
  Use this ID for iCloud, iMessage, and FaceTime on her iPhone. Keep your ID in Settings>iTunes and App Stores on both iPhones.

• SSO to Web application – Cookies blocked in IE

  Hi Experts
  I need to create SSO to a webpage (that contains a standard html login form) into a NetWeaver 2004 Portal
  I have used the App Integrator iView and it all seems to work fine except cookies are block in the user’s Internet Explorer and therefore the logon screen is shown instead.
  The website is located on another domain, which I guess is why cookies are blocked. If a user enables cookies from this specific site then it works fine.
  Anyone have a workaround on how to solve this issue? Hopefully I don't need to tell all users that they have to change their IE settings.
  Would it help if I create a sub-domain for the website in the portal setup which hopefully should resolve in that the website and portal are located in the same domain?
  Thanks in advance
  Cheers
  John

  Are the two domains within the same subdomain at all?  In which case, you could use domain relaxing...
  See note 701205 and the property ume.logon.security.relax_domain.level
  Hope this helps,
  Darren

• How to know if user (session) is authenticated in other application (SSO)

  Hi folks!
  We've deployed various J2EE applications in some OC4J instances. So far the applications used SSO Authentication against OiD (LDAP), but we need a public access application.
  The problem is the following: we need a different behaviour in this last application (without authentication characteristics) depending on one user is authenticated within other application that required SSO login.
  How could check if current user (session) si authenticated against SSO, for example, in ADF-STRUTS DataAction class?
  We tested the gerRemoteUser() method but is only works within the applications requering login.
  Please, anyone could guide me?
  Mike
  Thanks!

  Hi,
  Oracle AS Single Sign ON stores some of the attributes of an authenticated user in a browser cookie - the name of the Cookie is SSO_ID.
  You cannot get any information from this Cookie. The Cookie is avaliable only to the Oracle AS Single Sign ON and is meant to be used only by it. You cannot read any useful information from the Cookie as it is higly encrypted.
  If you need to know the name of the currently logged in user, your application should be a Partner Application or an External Applciation to Oracle AS Single Sign On.
  The reason is simple - you can use your browser to connect to many Websites protected by Oracle AS Single Sign ON. Thus, if your application isn't a Partner or an External Application registered with SSO, your application can't establish a context.
  Hence, your application needs to be registered as a Partner Application or an External Application with SSO.
  An application which is nto registered with SSO cannot get the User information from SSO. The getRemoteUser() method would always return a null in such cases.
  Regards,
  Sandeep

• Get Error on AM 7.0 do SSO on MS IIS 6.0 and Apache 2.0x

  Hi...
  I install AM 7.0/Sun Web 6.1 on Window (Java ES4). And I try to setup SSO between MS IIS 6.0 and Apache 2.0. I don't know how config in the AM by using amserver (web admin).
  I already complete install Policy Agent for MS IIS and Apache 2.0 and both of web was protected.
  I get the error msg on AM dubug log below :
  IIS :
  2006-06-26 22:56:18.376 Debug 3876:157ae90 AuthService: HTTP Status = 200 (OK)
  2006-06-26 22:56:18.376 Debug 3876:157ae90 AuthService: Http::Response::readAndParse(): No content length in response.
  2006-06-26 22:56:18.376 Error 3876:157ae90 AuthService: AuthService::processLoginStatus() Exception message=[Authentication Failed!!] errorCode='107' templateName=login_failed_template.jsp.
  2006-06-26 22:56:18.376 Error 3876:157ae90 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Authentication Failed!!] errorCode='107' templateName=login_failed_template.jsp and code:3
  2006-06-26 22:56:18.376 Warning 3876:157ae90 PolicyAgent: am_web_is_access_allowed()(http://w2k3.sunth.com:81/index.html, GET) denying access: status = Access Manager authentication service failure
  2006-06-26 22:56:18.376 Debug 3876:157ae90 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://w2k3.sunth.com:81/index.html.
  2006-06-26 22:56:18.376 Info 3876:157ae90 PolicyAgent: am_web_is_access_allowed()(http://w2k3.sunth.com:81/index.html, GET) returning status: Access Manager authentication service failure.
  2006-06-26 22:56:18.376 Debug 3876:157ae90 PolicyAgent: HttpExtensionProc(): status after am_web_is_access_allowed = Access Manager authentication service failure (3)
  2006-06-26 22:56:18.376 Error 3876:157ae90 PolicyAgent: HttpExtensionProc(): status: Access Manager authentication service failure (3)
  Thank you very much for your support
  Wut

  Hi ,
  I was installed and configured policy agent successfully.while i am trying to access the application url i am getting following error.
  I am using IIS6.0 and access manager 7.1.
  Error 2824:15b9918 AuthService: AuthService::processLoginStatus() Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp.
  2009-03-10 00:03:05.828 Error 2824:15b9918 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp and code:3
  2009-03-10 00:03:05.828 Warning 2824:15b9918 PolicyAgent: am_web_is_access_allowed()(http://fcs-ylwkuzfoz1q.ramesh.com:99/website.html, GET) denying access: status = Access Manager authentication service failure
  2009-03-10 00:03:05.828 Debug 2824:15b9918 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://fcs-ylwkuzfoz1q.ramesh.com:99/website.html.
  2009-03-10 00:03:05.828 Info 2824:15b9918 PolicyAgent: am_web_is_access_allowed()(http://fcs-ylwkuzfoz1q.ramesh.com:99/website.html, GET) returning status: Access Manager authentication service failure.
  2009-03-10 00:03:05.828 Debug 2824:15b9918 PolicyAgent: HttpExtensionProc(): status after am_web_is_access_allowed = Access Manager authentication service failure (3)
  2009-03-10 00:03:05.828 Error 2824:15b9918 PolicyAgent: HttpExtensionProc(): status: Access Manager authentication service failure (3)
  2009-03-10 00:03:05.828 Debug 2824:15b9918 PolicyAgent: OnSendResponse(): HTTP Status code is 500
  can any one please help me to resolve this.
  Thanks
  Ramesh Kumar GV

• Java SSO and IIS

  This is a repeat of this post: Java SSO and IIS
  Noone answered there.
  Hello,
  my organization uses Java SSO authentication in Oracle Application Server. Now we want to "expand" SSO so that our IIS applications can benefit from Oracle SSO and user needn't print user name / password again. Is there any way to use Java SSO in IIS? In this project we use Java SSO, not Oracle Identity Management.
  Thanks in advance

  Hi ,
  I was installed and configured policy agent successfully.while i am trying to access the application url i am getting following error.
  I am using IIS6.0 and access manager 7.1.
  Error 2824:15b9918 AuthService: AuthService::processLoginStatus() Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp.
  2009-03-10 00:03:05.828 Error 2824:15b9918 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp and code:3
  2009-03-10 00:03:05.828 Warning 2824:15b9918 PolicyAgent: am_web_is_access_allowed()(http://fcs-ylwkuzfoz1q.ramesh.com:99/website.html, GET) denying access: status = Access Manager authentication service failure
  2009-03-10 00:03:05.828 Debug 2824:15b9918 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://fcs-ylwkuzfoz1q.ramesh.com:99/website.html.
  2009-03-10 00:03:05.828 Info 2824:15b9918 PolicyAgent: am_web_is_access_allowed()(http://fcs-ylwkuzfoz1q.ramesh.com:99/website.html, GET) returning status: Access Manager authentication service failure.
  2009-03-10 00:03:05.828 Debug 2824:15b9918 PolicyAgent: HttpExtensionProc(): status after am_web_is_access_allowed = Access Manager authentication service failure (3)
  2009-03-10 00:03:05.828 Error 2824:15b9918 PolicyAgent: HttpExtensionProc(): status: Access Manager authentication service failure (3)
  2009-03-10 00:03:05.828 Debug 2824:15b9918 PolicyAgent: OnSendResponse(): HTTP Status code is 500
  can any one please help me to resolve this.
  Thanks
  Ramesh Kumar GV

• NTLM SSO is not working using IIS

  Hi,
  We have unable to login to the infoview using SSO getting u201C page canu2019t found u201C error.
  1. We can  login to the infoview using AD authentication when tomcat as the application server but we are  unable to login to the infoview using SSO when IIS as the application server.
  2. If we select  the option called u201Cintegrated windows Authenticationu201D under internet options then the  SSO is not working and if we  uncheck the u201Cintegrated windows Authenticationu201D in the internet options then we are  able to login to the infoview using SSO.We are  able to login to the infoview using SSO on another environments and the working and problematic environments we  Configured IIS6, XI2 SP4.
  4.We tried to login to the infoview using http://servername instead of entire URL however we are getting error.
  5.We restarted IIS but no use.
  6.Our admin follow the below options-
  Open a registry editor, such as Regedit.exe or Regedt32.exe.
  Navigate to:
  HKLM\System\CurrentControlSet\Services\HTTP\Parameters
  Right-click Parameters, select New | DWORD value, and then name the value MaxFieldLength.
  Right-click Parameters, select New | DWORD value, and then name the value MaxRequestBytes.
  In the right pane, double-click MaxFieldLength, and then set its value to 32768 (decimal).
  In the right pane, double-click MaxRequestBytes, and then set its value to 32768 (decimal).
  Close the registry editor and restart the IIS Admin service for the change to take effect.
  But we are getting same problem.
  7.We  tried  to login to the infoview using http://localhost but issue still persists.
  8.We installed jakarta redirector.Is this root cause of this issue?
  9.We selected  intigrated windows authentication under default websites and i am sure i gave all the options under internet information  manager.
  Any one please help on this.
  My environment is-
  BOXIR2 SP4,
  NTLM SSO,
  Windows 2003,
  IIS6.

  "We tried to login to the infoview using http://servername instead of entire URL however we are getting error"
  What's the error using the hostname for SSO with integrated windows authentication enabled on only the infoview virtual directory?
  Regards,
  Tim

• SSO from Microsoft wabsite to SAP Portal

  Hi
  My client wants SSO from .net based Microsoft website to SAP Portals. Requirement is that when customer enters the website e.g. www.mysite.com , he will be automatically gain access (SSO) to  SAP Portal .
  How it can be done ?
  Please help
  Thanks in advance

  Hi Ananda,
  This link answers your query.
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/interoperability/dotnet/_web%20services%20and%20a2a%20interoperability%20center/sample%20application%3a%20sso%20with%20a%20.net-based%20web%20service%20client%20using%20sap%20logon%20tickets.pdf
  Reward points if handy!
  Regards,
  Sandeep Tudumu

• SSO - login/logout toPortal 'under the covers'

  Hi
  we are developing a website where users can have their own username/password. Once logged in (via a webpage in our application) they should be able to access Portal pages which require a DIFFERENT username/password (the reason for this is that there will be many application logons, but relatively few Portal ones).
  To do this, we want to log them in/out of Portal from our application WITHOUT redirecting them to different pages, or even having them aware this has happened.
  Is this possible?
  Are there any examples on the oracle site?
  I have downloaded the SSO SDK, but its not obvious how this should be coded. I was expected methods with names like logon and logoff. Its made a bit harder by the fact that the SSO SDK zipfile has links to files (in the doc directory) that are missing. I think we want to set up, what is termed by Oracle, an 'External Application' (as distinct from, a 'Partner Application').
  Any help appreciated
  Bob Sams
  null

  Bob,
  Defining an External Application allows it to be accessed, with Login Server performing an automated login, after the user logs on the the Portal - through the Login Server. This is not what you are asking for, which is more the other way around.
  To achieve what you are describing, you may be possible to implement this with the 3.0.9 version of the Portal and Login Server.
  In this version, there is a mechanism whereby you can implement a package on the Login Server which will attempt to obtain the user's identity through some user defined mechanism when an authentication request is received. This feature was added to enable integration with other Single Sign-On systems such as Netegrity SiteMinder.
  In your case, you would have your web application do the actual authentication, and then set something in the environment that could be obtained by the package implemented on the Login Server to get the user's identity when called for.
  The details of implementing something like this will be forthcoming in a white paper. You will need to wait for the 3.0.9 version of the Login Server to avail of this feature.
  null