SSO to IC WebClient
Dear All,
I am using CRM 5.0 and NW 2004s. I have configured Single Sign-On for this also. but when i am accessig the IC WebClient it ask me for login window. Other than IC WebClient other applications of CRM are working fine. So is some special settings needs to be configure for SSO to IC WebClient?
Kindly help. Its *URGENT*.
Full reward points for helpful answers also.
Regards,
Vinayak
Hi there,
I would suggest this:
- Building block for IC (C78) at http://help.sap.com/bp_crmv12007/CRM_DE/BBLibrary/html/BBlibrary.htm
- Documents available at this thread Documentation for Interaction Center (IC) WebClient
- UI guidelines for CRM2007, available at User Interface Guidelines for CRM 2007 are now available
Kind regards.
Edited by: Bruno Garcia on Dec 3, 2008 9:57 AM
Similar Messages
-
Problem opening documents no SSO with rich client integration ( ADFS 3.0 + WAP + SharePoint 2013 )
At our customer we deployed, ADFS 3.0 and the web application proxy, to provide external users access to SharePoint 2013.
we went with this solution as UAG is pretty much gone now.
Every time a editor opens up a office document he/she is prompted for password.
I have checked that the URLs is in the intranet Zone, and that the webclient is configured for passing on credentials.
We are using kerberos and Non-claim-aware relying parties.
Please advise, we really really rally need a SSO experience as we had when using UAG.
Best regards
Michael Thøgersen
Best regards Michael ThøgersenHi,
Check your browser definitions:
on IE go to tools -> internet options -> security -> custom level -> User Athuntication.
Set it on "Automatic user name and password" (the third radio button) -
Problem when Provisioning Users using EBS Connector (Enable SSO)
Hi expert,
We do provisioning users to EBS through EBS connector Version 9.1.0.4.0
Normally, we can provisioning users if we set value of SSO enable = NO,
but by the scope of this project,
We have to let EBS using Single sign-on by authentication from OID
so, we must set value of SSO enable = YES, this makes us cannot provisioning user to EBS.
the error log shown that it's about password but we do enter password already.
Thank,
Noraset
#### EBS IT Resource ####
SSO Enabled : Yes
SSO IT Resource : OID Users
SSO Identifier : orclGUID
SSO Login Attribute : uid
#### Error LOG ####
Running InitUtil
Running CreateUser
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <================= Start Stack Trace =======================>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagementHelper : createEBSUser>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <Exception Occured>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <Description : ORA-20001: APP-FND-02600: Unable to create user BT005 due to the following reason(s):
Password must contain at least one letter and at least one number..
ORA-06512: at "APPS.APP_EXCEPTION", line 72
ORA-06512: at "APPS.FND_USER_PKG", line 869
ORA-06512: at "APPS.FND_USER_PKG", line 915
ORA-06512: at "APPS.FND_USER_PKG", line 1034
ORA-06512: at "APPS.OIM_FND_USER_PKG", line 40
ORA-06512: at line 1
>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <java.sql.SQLException: ORA-20001: APP-FND-02600: Unable to create user BT005 due to the following reason(s):
Password must contain at least one letter and at least one number..
ORA-06512: at "APPS.APP_EXCEPTION", line 72
ORA-06512: at "APPS.FND_USER_PKG", line 869
ORA-06512: at "APPS.FND_USER_PKG", line 915
ORA-06512: at "APPS.FND_USER_PKG", line 1034
ORA-06512: at "APPS.OIM_FND_USER_PKG", line 40
ORA-06512: at line 1
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:457)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:889)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:476)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:204)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:540)
at oracle.jdbc.driver.T4CCallableStatement.doOall8(T4CCallableStatement.java:213)
at oracle.jdbc.driver.T4CCallableStatement.executeForRows(T4CCallableStatement.java:1075)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1466)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3752)
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:3887)
at oracle.jdbc.driver.OracleCallableStatement.executeUpdate(OracleCallableStatement.java:9323)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeUpdate(OraclePreparedStatementWrapper.java:1508)
at oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagementHelper.createEBSUser(Unknown Source)
at oracle.iam.connectors.ebs.usermgmt.integration.EBSUserManagement.createUserHRF(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpEBSCREATEUSERHRMS.CREATEUSER(adpEBSCREATEUSERHRMS.java:269)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpEBSCREATEUSERHRMS.implementation(adpEBSCREATEUSERHRMS.java:105)
at com.thortech.xl.client.events.tcBaseEvent.run(tcBaseEvent.java:196)
at com.thortech.xl.dataobj.tcDataObj.runEvent(tcDataObj.java:2492)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(tcScheduleItem.java:2917)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(tcScheduleItem.java:547)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(tcORC.java:844)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(tcORC.java:1159)
at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(tcOrderItemInfo.java:735)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(tcOrderItemInfo.java:171)
at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(tcUDProcess.java:235)
at com.thortech.xl.dataobj.tcDataObj.insert(tcDataObj.java:602)
at com.thortech.xl.dataobj.tcDataObj.save(tcDataObj.java:474)
at com.thortech.xl.dataobj.tcTableDataObj.save(tcTableDataObj.java:2906)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(tcFormInstanceOperationsBean.java:710)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(tcFormInstanceOperationsBean.java:425)
at Thor.API.Operations.tcFormInstanceOperationsIntfEJB.setProcessFormDatax(Unknown Source)
at sun.reflect.GeneratedMethodAccessor4098.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy727.setProcessFormDatax(Unknown Source)
at Thor.API.Operations.tcFormInstanceOperationsIntfEJB_h6wb8n_tcFormInstanceOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcFormInstanceOperationsIntfEJB_h6wb8n_tcFormInstanceOperationsIntfRemoteImpl.setProcessFormDatax(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy141.setProcessFormDatax(Unknown Source)
at sun.reflect.GeneratedMethodAccessor4096.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy723.setProcessFormDatax(Unknown Source)
at Thor.API.Operations.tcFormInstanceOperationsIntfDelegate.setProcessFormData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(DirectProvisionUserAction.java:2077)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(DirectProvisionUserAction.java:363)
at sun.reflect.GeneratedMethodAccessor3160.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:108)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(AccessController.java:310)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
<May 2, 2013 4:44:50 PM ICT> <Error> <OIMCP.EBSUM> <BEA-000000> <================= End Stack Trace =======================>You can build your own db connector using jdbc and set the specific field in a separate provisioning task once the main provisioning is done.
Best regards
/Martin -
Hi..
I finished the vSphere Web Client SDK Setup ,after starting my virgo server i get the following error when i open the link https://localhost:9443/vsphere-client/.
A server error occured.
[500]SSO error:null
Check the vsphere webclient server logs for details.
Can you please help me,i am stuck here.
Regards
sriniThese are the Errors that i see in the log generated in the path vsphere-client-sdk-6\server\serviceability\logs of the development machine.
[ERROR] system-artifacts org.apache.catalina.mbeans.GlobalResourcesLifecycleListener No global naming context defined for server
[ERROR] cm-catalog-manager-pool-5 com.vmware.vim.sso.client.impl.SoapBindingImpl The SSL certificate of STS service cannot be verified
[ERROR] cm-catalog-manager-pool-5 com.vmware.vise.vim.security.sso.impl.NgcSolutionUser Login as solution user failed.
[ERROR] http-bio-9443-exec-1 70000001 100001 ###### com.vmware.vim.sso.client.impl.SoapBindingImpl The SSL certificate of STS service cannot be
[ERROR] http-bio-9443-exec-1 70000001 100001 ###### com.vmware.vise.vim.security.sso.impl.NgcSolutionUser Login as solution user failed.
[ERROR] http-bio-9443-exec-1 70000001 100001 ###### com.vmware.vsphere.client.security.websso.MetadataGeneratorImpl Error when registering ngc metadata.
[ERROR] ing.timer.TimerFactoryBean#0 com.vmware.vim.sso.client.impl.SoapBindingImpl The SSL certificate of STS service cannot be verified
[ERROR] ing.timer.TimerFactoryBean#0 com.vmware.vise.vim.security.sso.impl.NgcSolutionUser Login as solution user failed.
[ERROR] ing.timer.TimerFactoryBean#0 com.vmware.vise.vim.cm.healthstatus.InventoryServiceHealth Search failed for Health Status
[ERROR] ing.timer.TimerFactoryBean#0 com.vmware.vise.vim.cm.healthstatus.InventoryServiceHealth Could not find Health Status EndPoint for Inventory Service
Regards
Srini -
SSO to partner application running under IIS
Hi,
We have a complete set-up for 9iAS Release2 where some applications are running. In parallell we have an application running under IIS, and would now like to enable the IIS application as a partner application to 9iAS letting the 9iAS SSO server handle the authentication.
In the documentation of Oracle Proxy Plug-in I read that this proxy plug-in can be used to proxy requests from IIS to Oracle http server (OHS) and also in this way enable SSO.
My question is if this can be done only for applications running under 9iAS but having IIS as web server, or if it is also possible like in our case to enable SSO via the proxy plug-in to applications runnind under IIS?
If this is not supported is the only available solution to use the SSO SDK in my IIS application?
Thanks and regards,
RikardHere's a DIY answer.
See Metalink Note 269820.1 which shows you how to use Perl to overwrite the host name in the HTTP header and remove the port number. -
SSO java sample application problem
Hi all,
I am trying to run the SSO java sample application, but am experiencing a problem:
When I request the papp.jsp page I end up in an infinte loop, caught between papp.jsp and ssosignon.jsp.
An earlier thread in this forum discussed the same problem, guessing that the cookie handling was the problem. This thread recommended a particlar servlet , ShowCookie, for inspecting the cookies for the current session.
I have installed this cookie on the server, but don't see anything but one cookie, JSESSIONID.
At present I am running the jsp sample app on a Tomcat server, while Oracle 9iAS with sso and portal is running on another machine on the LAN.
The configuration of the SSO sample application is as follows:
Cut from SSOEnablerJspBean.java:
// Listener token for this partner application name
private static String m_listenerToken = "wmli007251:8080";
// Partner application session cookie name
private static String m_cookieName = "SSO_PAPP_JSP_ID";
// Partner application session domain
private static String m_cookieDomain = "wmli007251:8080/";
// Partner application session path scope
private static String m_cookiePath = "/";
// Host name of the database
private static String m_dbHostName = "wmsi001370";
// Port for database
private static String m_dbPort = "1521";
// Sehema name
private static String m_dbSchemaName = "testpartnerapp";
// Schema password
private static String m_dbSchemaPasswd = "testpartnerapp";
// Database SID name
private static String m_dbSID = "IASDB.WMDATA.DK";
// Requested URL (User requested page)
private static String m_requestUrl = "http://wmli007251:8080/testsso/papp.jsp";
// Cancel URL(Home page for this application which don't require authentication)
private static String m_cancelUrl = "http://wmli007251:8080/testsso/fejl.html";
Values specified in the Oracle Portal partner app administration page:
ID: 1326
Token: O87JOE971326
Encryption key: 67854625C8B9BE96
Logon-URL: http://wmsi001370:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
single signoff-URL: http://wmsi001370:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
Name: testsso
Start-URL: http://wmli007251:8080/testsso/
Succes-URL: http://wmli007251:8080/testsso/ssosignon.jsp
Log off-URL: http://wmli007251:8080/testsso/papplogoff.jsp
Finally I have specified the cookie version to be v1.0 when running the regapp.sql script. Other parameters for this script are copied from the values specified above.
Unfortunately the discussion in the earlier thread did not go any further but to recognize the cookieproblem, so I am now looking for help to move further on from here.
Any ideas will be greatly appreciated!
/MadsPierre - When you work on the sample application, you should test the pages in a separate browser instance. Don't use the Run Page links from the Builder. The sample app has a different authentication scheme from that used in the development environment so it'll work better for you to use a separate development browser from the application testing browser. In the testing browser, to request the page you just modified, login to the application, then change the page ID in the URL. Then put some navigation controls into the application so you can run your page more easily by clicking links from other pages.
Scott -
How to change SSO Partner Application Login_url and Logout_url
As part of a deployment in a different data centre, we needed to change the domain name of an application using SSO for authentication. We have gone through the process of re-registering the SSO server but this does not update the domain name
By using diagnostic tools from Oracle we have discovered that the file 'osso.conf' in $ORACLE_HOME/Apache/Apache/conf/osso contains incorrect entries for login_url and logout_url.
These settings are of the form:
login_url=http://www.ourolddomain.com/pls/orasso/orasso.wwsso_app_admin.ls_login
logout_url=http://www.ourolddomain.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
Please can anyone tell me how these settings can be changed.Hi,
[Solved] SSO fails to show success page you can find some information on re registering mod_osso.
Hope it helps. -
HOW TO SET UP PARTNER APPLICATION TO USE SSO OUTSIDE OF PORTAL
If anyone knows how Portal switches context to run as the db user mapped to the lightweight schema and how it knows the db schema password please let me know.
Should you have any queries please do not hesitate to contact me on 07775 896738.
From document Oracle Portal Security Overview on PortalStudio.oracle.com:
In Single Sign On mode (EnableSSO=Yes in the DAD), mod_plsql determines the name of the light-weight user and mapped database schema by calling
WPG_SESSION_PRIVATE.GET_LW_USER and WPG_SESSION_PRIVATE.GET_DB_USER respectively.
** These calls are done using the Portal Schema (PORTAL30) and Portal schema password **
mod_plsql then executes the procedure in the requested URL by using the N-Tier Authentication feature to connect to the database as the user returned from
WPG_SESSION_PRIVATE.GET_DB_USER. ..... Note that N-Tier Authentication requires all schemas to be used for Portal user mappings to be granted 'connect
through' privleges to the Portal schema (PORTAL30).
The WWCTX packages are also used.
So this is how it works with standard Portal
- the document states that the WPG_SESSION_PRIVATE package is only accessible to the Portal schema
- but I checked and it is also available to PORTAL30_SSO
SQL> desc WPG_SESSION_PRIVATE
PROCEDURE CREATE_SESSION
Argument Name Type In/Out Default?
P_COOKIE_NAME VARCHAR2 IN
FUNCTION GET_DB_USER RETURNS VARCHAR2
FUNCTION GET_LW_USER RETURNS VARCHAR2
PROCEDURE GET_SESSION_INFO
Argument Name Type In/Out Default?
NUM_PARAMS NUMBER OUT
PARAM_NAMES TABLE OF VARCHAR2(32000) OUT
PARAM_VALUES TABLE OF VARCHAR2(32000) OUT
PROCEDURE RESET_SESSION
Argument Name Type In/Out Default?
P_COOKIE_NAME VARCHAR2 IN
In my case only the Login Server (PORTAL30_SSO) is going to be used/installed
- the SAMPLE_SSO_PAPP application will only work if the DAD used to access is it set to use Basic authentication, i.e. the actual integration with the Login Server
is done in the sample application code calls, stored in the database
- when a DAD has enableSSO=yes it automatically accesses Portal (PORTAL30) packages to implement N-Tier authentication
I'm currently testing:
1. Configuring the SAMPLE_SSO_PAPP sample as documented with a DAD with Basic authentication
2. Amending the ssoapp procedure to set context to another (db) user on successful authentication:
wwctx_api.set_context (
p_user_name => 'SCOTT',
p_password => 'TIGER' );
3. If this works then set_context with get_lw_user instead
I have now amended the ssoapp procedure as follows to print out
1. The userid entered when the login box is presented
2. The Database user which the Portal Lightweight user is mapped to
3. The Lightweight user Portal has used for authentication
Amendments to papp.pkb:
(ssoapp procedure, declare db_user_info and lw_user_info as VARCHAR2 in declare section)
htp.p('Congratulations! It is working!<br>');
db_user_info := wwctx_api.get_db_user;
lw_user_info := wwctx_api.get_user;
htp.p('User Information:' || l_user_info || '<br>');
htp.p('DB User Information:' || db_user_info || '<br>');
htp.p('LW User Information:' || lw_user_info || '<br>');
The following shows the interesting results from my testing:
- if the user owning the sample_sso_papp package is PORTAL30_SSO then the call to wwctx_api.get_db_user succeeds
- if the user owning the sample_sso_papp package is a non-portal schema e.g. SSOAPP below the call to wwctx_api.get_db_user generates a User Defined exception
Steps to test:
Created new schema SSOAPP on the database
- edited it in Portal and checked the use this schema for Portal users checkbox
- created new Lightweight user SSO_LW in Portal, mapped it to SSOAPP schema
- created new Lightweight user SSO_SCOTT in Portal, mapped to SCOTT schema
- loadjava -user ssoapp/ssoapp@portal30 SSOHash.class
- sqlplus portal30/portal30@portal30
@provsyns ssoapp
- sqlplus ssoapp/ssoapp@portal30
@loadsdk.sql
@loadpapp.sql
Created DAD with basic authentication SAMPLE_SSO_PAPP
- username: ssoapp
- default home page: sample_sso_papp.ssoapp
Registered the Sample SSO Partner Application with the Login Server and ran regapp.sql
Commented out the calls to get_db_user in papp.pkb to avoid exception
- called http://<server>/pls/sample_sso_papp
- logged on as SSO_LW/sso_lw
- got output:
Congratulations! It is working!
User Information: SSO_LW
LW User Information: PUBLIC
So the Portal lightweight user is not returned as SSO_LW
if anyone knows why the Lightweight User in my test is returned as PUBLIC not SSO_LW
Best Regards
MIchaelhttp://support.mozilla.com/en-US/kb/Changing+the+e-mail+program+used+by+Firefox
-
Hi All,
I have installed 10g AS Release 2 on a system. I also have Application Express(formerly HTML DB) installed on the same system. I registered one of the HTML DB applications as partner applications and have put SSO authentication for it.
When I try to login the AS looks at the OID installed on the system(which I gave during installation). I want it to look at the Oracle gmldap.oraclecorp.com server OID so that only Oracle employees login.
Can anybody tell me how to change the OID and what are the entries to be give to configure it to gmldap.oraclecorp.com server??
Thanks,
SwaroopSee Task 3 in the Section 9.4 of the Oracle Application Server Administrator's Guide:
http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/chginfra.htm#i1014978
See the following for information about what to specify on each page.
http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/reconfig.htm#i1013341 -
I've searched these forums and finding bits and pieces of information so I'm hoping someone can help me out.
I've successfully installed XI 3.0 on a new server. We're trying to get SSO to work from our custom application so that users won't have to sign onto BO seperately.
Most of the documentation I've found has been related to XI 2.
I'm very new to administrating BO. I'm assuming that the SSO on XI 2 (which we currently have our users using) cannot simply be copied over (I've tried.). Also, I'm assuming that the SSO is part of a SDK or API. If so, are these installed by default or are they seperate downloads?
Can someone point me in the right direction?
Thanks3.0 does not support IIS for infoview, only java app servers. We can enable SSO for those.
As far as what migrates over from XIR2, the users, groups, plugin config, but the SSO settings do have to be applied on the web/app server(s)
If you get 3.1 (same license code) that does support IIS/SSO. You should get 3.1 regardless 3.0 was the very 1st version of 3.x and therefor has the most bugs.
Regards,
Tim -
SSO between a Java EE application (Running on CE) and r/3 backend
Hi All,
Over the past few days I have been trying to implement a SSO mechanism between NW CE Java Apps and R/3 backend without any success. I have been trying to use SAP logon tickets for implementing SSO.
Below is what I need:
I have a Java EE application which draws data from R/3 backend and does some processing before showing data to the users. As of now the only way the Java App on CE authenticates to r/3 backend is by passing the userid and pwds explicitly. See sample authentication code below:
BindingProvider bp = (BindingProvider) myService;
Map<String,Object> context = bp.getRequestContext();
context.put(BindingProvider.USERNAME_PROPERTY, userID);
context.put(BindingProvider.PASSWORD_PROPERTY, userPwd);
Now this is not the way we want to implement it. What we need is when the user authenticates to CE ( using CE's UME) CE issues a SAP logon ticket to the user. This ticket should be used to subsequently login to other system without having to pass the credentials. We have configured the CE and Backend to use SAP logon tickets as per SAP help.
What I am not able to figure out is: How to authenticate to SAP r/3 service from the java APP using SAP logon tickets. I couldnt find any sample Java code on SAP help to do this. (For example the above sample code authenticates the user by explicitly passing userid and pwd, I need something similar to pass a token to the backend)
Any help/pointers on this would be great.
Thanks,
DhananjayHi,
Have you imported the java certificate into R/3 backend system ? if so.
Then just go to backend system and check on sm50 for each applicaion instance of any error eg.
SM50-> Display files (ICON) as DB symbol with spect.(cntrlshiftF8)
You will get logon ticket details.
with thanks,
Rajat -
SSO requires double login for partner application
I'm having some trouble with SSO partner applications, when I login to a SSO protected application, the login works fine, but when I try to navigate to another application I'm presented with the login page again, the sso cookie seems to be working since clicking on the login button without entering the user credentials works. For example, I log in to portal and from there I navigate to a forms application that is on the same server and the same port (portal: https://apps.mydomain.com:4444/pls/portal --> forms: https://apps.mydomain.com/forms/frmservlet?config=app) I am presented with the login page and after clicking on the login button without entering any information everything works fine. This is happening for all the middle tiers that are connected to the same OID. Any ideas on what can be wrong on my configuration?
Hi Andrey,
The problem sounds really wierd.
Can you check your SSO settings for your Portal ECC system? I mean, please check the User Management/Administration properties in your System Adminstration of Portal System that points to ECC.
Regards
<i><b>Raja Sekhar</b></i> -
SSO userid for a partner application
Hi,
We have one application deployed on WebLogic Application Server this is registred as Partner application over SSO server.
On application side we have installed Oracle HTTP Server as webserver and configured mod_osso.
Now when user attempt to access any secured page SSO askes for the authentication. And on successful login user landed back to application page configured while creating Partner application.
After login we need userid of user who logged in on sso server. I have tried following and getting null.
Remote User: <%=request.getRemoteUser() %>,
Proxy-Remote-User: <%=request.getHeader("Proxy-Remote-User") %>
Osso-User-Dn: <%=request.getHeader("Osso-User-Dn") %>
Osso-User-Guid: <%=request.getHeader("Osso-User-Guid") %>
Osso-Subscriber: <%=request.getHeader("Osso-Subscriber") %>
Osso-Subscriber-Dn: <%=request.getHeader("Osso-Subscriber-Dn") %>
Osso-Subscriber-Guid: <%=request.getHeader("Osso-Subscriber-Guid") %>
Accept-Language: <%=request.getHeader("Accept-Language") %>
output:
Remote User: null,
Proxy-Remote-User: null
Osso-User-Dn: null
Osso-User-Guid: null
Osso-Subscriber: null
Osso-Subscriber-Dn: null
Osso-Subscriber-Guid: null
Accept-Language: en-us,en;q=0.5
Is any one there knows, what exactly i should do?
Thanks & Regards,
Kevin ChhedaSo the user has successfully authenticated and can access protected areas of the application?
Have you tried using Http headers to see values/attribute names?
Can you try this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body>
<%@ page import = "java.util.*" %>
<h1>Headers received:</h1>
Remote user header is: <% out.println(request.getRemoteUser()); %>
<p>
<table>
<%
Enumeration headerNames = request.getHeaderNames();
while(headerNames.hasMoreElements()) {
String headerName = (String)headerNames.nextElement();
out.println("<tr><td>" + headerName);
out.println(" <td>" + request.getHeader(headerName));
%>
</table>
</body></html> -
Sso session timeout per partner application
Hello,
I was just wondering if it is possible to configure SSO session timeouts per partner application? I'm looking to log out users of a particular application after 15 minutes, but don't want this change to affect any of my other SSO enabled applications. Is this possible?
Thanks,Hi,
I do not think so, you can not specify specail parameter for one application in SSO.
Why because SSO is one component (within your Infra) through which you logon different apps.
Another solution may be it will expensive is that you 'll need to use different infra for this specific application.
Regards,
Hamdy -
We have Business Objects 3.1 SP2 FP2.3 running on Windows 2003 R2 SP2 64bits.
CMS database on SQL 2005 x64
Environment runs on Apache Tomcat
Single Sign-On with kerberos on Active Directory is working fine.
We have developers who want to use their Crystal Reports with SSO also and not use SQL authentication like they used to do in previous BO versions.
In Windows AD Authenticaton of the CMC, I checked the option Cache security context (required for SSO database)
In the Database Configuration of the Crystal Report we're testing, in the section "When viewing report", we selected Use SSO context for database logon
Is there any other necessary configuration to be done in any config file?
Not sure whether this should be added but in the krb5.ini file, I added the following value under libdefaults (just before the realms section): forwardable = true
When I try to view the report, I get the following error message in InfoVIew:
Error in File "testreport": Unable to connect: incorrect log on parameters: Details: [Database Vendor Code: 18456]
For the same kind of report but with the option: "Use same database logon as when report is run", with SQL authentication parameters, everything is OK.
DEV Environment: one InfoVIew FrontEnd server and one BO CMS server
PROD Environment: one InfoView FrontEnd server and 2 BO clustered servers
Regards
JayI think [this thread should get you going|SSO2DB / Use Database Credentials; about half way down I worte a response with links to setup the DB for kerberos.
Regards,
Tim
Maybe you are looking for
-
How to make copies of delivered class/function module.
Hello All, Can anybody tell me how/where should I go, to make copies of delivered class "CL_HRMSS_RECRUITING_WF" and the function module "HRWPC_EREC_CREATE_EREC_OBJECT". Also if I am renaming with Z<my-class-name>, and using the method "CREATENBOBJEC
-
Is there a way to not to execute a query on table rendering?
Is there a way to not to execute a query associated with an af:table on table rendering on the page? I would like to control this programmatically. Any examples will be much appreciated.
-
Hi friends, I m using labview 8.6 version. I hve interfaced labview with cdaq 9172. I have used 9201, 9203 ,9219 card.Now i want to use 9264 card i.e analog output card.I am not getting how to use it .wheather I hve 2 use on function plate express--
-
Two questions ... 1. I'm getting the following warning ... I think that a TIFF file bigger than 2 gb does not create any quality issue in LR - PS workflow ... correct? It is just related with some third party programs, as the warning box says. 2. Thi
-
I have several machines with in-memory Ontologies that I need to update based on Database Ontology changes and I want to do it via database events and not polling. I think that ideally ModelOracleSem should dispatch Jena Model-Changed events when suc