SSO with BSP Not Working

Similar Messages

• SSO with WIA not working yet...

  Hi,
  We are trying to deploy SSO in our PT 5.0.2 portal (running on Windows 2000), but have not been able to get it to work
  successfully yet. Microsoft Active Directory 2000 is our user/group source.
  The server architecture is as follows:
  Server A = Serves as Admin Portal, Portal Server, and Image Server (resides in the DMZ)Server B = Serves as Automation Server (resides inside the firewall)Server C = Serves as Database Server (running SQL Server 2000; resides inside the firewall)Server D = Serves as the Application Server (portlets reside on this server; resides in the DMZ)
  All servers reside in the SAME domain.
  This is what we have done so far:
  1. Installed prerequisite software (i.e. IIS 5.0 and .NET Framework 1.1.4322) on Server C. Successfully installed and
  configured the Active Directory Authentication Web Service (i.e. PT Optional Enterprise Web Component) on Server C.
  2. Imported the above Web component, ADAWS, into Server A, using the PT Migration Wizard. This automatically created a
  "Remote Server" and 2 "Web Services" (namely Authentication Web Service and Profile Web Service) objects on Server A.
  3. Created a "Authentication Source - Remote" on Server A. The value in the "Authentication Source Category: " field is
  EXACTLY the same as the Active Directory Source Domain. Selected "Authentication and Synchronization" as the Synchronization
  setting, and "Full Synchronization."
  4. Created a Job and added the above Remote Auth Source as the operation. The JOb ran successfully and imported all users and
  groups from Active Directory.
  5. Users can successfully login to the portal using the above Remote Auth Source (User ID example: Domain\joe_user).
  6. Enabled "Integrated Windows Authentication" ONLY on the "\portal\sso" folder in Internet Services Manager on Server A.
  Ensured that the security is set to "Anonymous" on "\portal" and "\portal\bin" folders.
  7. Enabled SSO in the Portal, by entering the SSO Secret key in the SSO tab in the PT Admin Applet on Server A.
  8. Created a "Authentication Source - SSO" on Server A. Entered the same SSO Secret key entered above and successfully
  validated it.
  9. Configured SSO integration with Windows Integrated Authentication (WIA) by editing the PTconfig.xml file. The edits are as
  follows:
  <SSOVendor value="5"/><DefaultAuthSourcePrefix value=""/><CookieDomain value=".companyname.com" />
  NOTE: I did not have to edit the "sso.xml" file since the Auth Source category is EXACTLY the same as the Active Directory
  Source Domain.
  10. Edited the "Authentication Source - Remote" that we created in step 3 above, and changed the setting to
  "Synchronization." And then selected the "Authentication Source - SSO" (created in step 8 above) from the "Authentication
  Partners: " drop down list.
  11. Users can still successfully login to the portal using the Remote Authentication Source after the above change.
  12. Server D hosts a remote portlet. It is an IFRAME portlet (written in ASP) that has "href" links to several apps that
  reside on Server D. The security on the folder, that contains this portlet, in Internet Services Manager, is set to
  "Integrated Windows Authentication." Created a "Remote Server" object for Server D on Server A. Then created a "Web Service -
  Remote Portlet" object for the portlet. In the Web Service, I selected the Remote server that I created, and entered only the
  remaining path to the portlet (i.e. Portlet URL setting), since PT provided the "http://serverD/" portion. Finally created a
  "Portlet" object.
  13. users login to the portal using their domain ID (i.e. Domain\joe_user). They are then able to add the portlet to their
  page. But when they attempt to click on the links in the portlet they are challenged to enter their user name and password
  again.
  What step or setting are we missing here? Any help will be sincerely appreciated.
  Best regards,Kiran

  Hi Rajendrakumar,
  You probably haven't updated the ACL properly via STRUSTSS02.
  The portal server digitally signs logon tickets as it issues them to the portal users. SAP Systems need to accept the tickets and verify the portal server’s digital signature. The following information is important for the SAP System to be able to accept and verify logon tickets:
  ·        The SAP System should only accept logon tickets issued from their designated portal server. Therefore, the identity of the portal server needs to be entered in the SAP System’s Single Sign-On (SSO) access control list (ACL).
  ·        The SAP System needs to be able to verify the portal server’s digital signature. The portal server has a self-signed certificate, therefore the SAP System needs access to the portal server’s public-key information, which needs to be entered in the SAP System’s certificate list.
  Check the following procedure
  http://help.sap.com/saphelp_nw70/helpdata/en/78/f1a8490e7011d6999500508b6b8a93/frameset.htm
  Regards,
  Siddhesh

• OBIEE 11.1.1.6.2 BP1 SSO with AD not working on MAC OS 10.6.8

  Hi Experts,
  We have setup SSO in our production with OBIEE 11.1.1.6.2 BP1 version and Active directory. All seems to work fine on all browsers. But on MAC OS 10.6.8 when we use Safari 5.1.7 it doesn't work. But when we use the application on MAC OS version 10.7.5 and safari version 6.0.1 and it is working fine. Can anyone please let me know if you have come across the scenario and the solution for this. In windows it works perfectly fine on all browsers. Only this version of MAC and Safari is giving us the trouble.
  Thanks in advance for any solution provided.
  Regards,
  Satyabrat

  JavaScript and Cookies are enabled.  my cookies list shows at least 3 associated with hulu.  Funny thing is, if I grab the up/down control bar on right side of screen with my mouse, then hulu plays in a somewhat chopped frame by frame. As soon as I let go, the frame freezes yet audio portion continues.
  I don't know what a munged Hulu cookie is, however.

• SSO with SSL not working

  We've set up SSL to use with 10g AS Portal (9.0.4). Actually, all we want is to have the SSO sign in securely.
  So if I go to https://www.myserver.com:4446/pls/portal I get a portal page. However when I try to login it reverts back to non-SSL. Also, if I go to https://www.myserver.com:4445/pls/orasso the SSO server comes up, but doesnt let me login (no entries in the Enabler Config table) Do I have to run ssodatax? And how can I tell portal to use the SSO through SSL once I fix that?
  Im using Oracle 10g AS (9.0.4) on Red Hat 3.0
  Thanks

  Hi Tim,
  Thank you for the update.
  Is this the option you are specifying (i,e) located in Tomcat/conf/server.xml.
  Define a SSL Coyote HTTP/1.1 Connector on port 8443
      <Connector port="8443"
                 maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
                 enableLookups="false" disableUploadTimeout="true"
                 acceptCount="100" debug="0" scheme="https" secure="true"
                 clientAuth="false" sslProtocol="TLS" />
  So, should we add any parameter called headersize?
  Please let us know the parameter that needs to be added.
  Thanks..

• Axis bank net secure with webpin not working on ipad2

  Hi,
  Axis bank net secure with webpin not working on ipad2
  Lt me know how to proceed

  Try using their App:
  https://itunes.apple.com/in/app/axis-bank-mobile-application/id517266358?mt=8

• Since installing Yosemite, Airplay with Freebox not working

  Since installing Yosemite, Airplay with Freebox not working
  With Maverick Airplay working well

  If you haven't done so already, try resetting the printing system.
  OS X Mavericks: Reset the printing system  also Yosemite
  Try deleting the printer and scanner and add them back.
  Also try Applications/Image Capture to see if it can find the printer and scanner.

• Wifi connection with 4s not working after installing new software ios6

  wifi connection with 4s not working after installing ios 6.

  Go to Settings > WiFi > Select your network and hit the right arrow to "Forget Network"
  Then go to Settings > General > Reset Network Settings  and try connecting again when the phone restarts.

• I'm having constant problems with pages not working. I.E.: I cannot fill in writeable fields, click on buttons... or anything... nothing on the page works. And, this is not exclusive to a particular site. I can, however, work well in Explorer.

  For the last few weeks I have had constant problems with pages not working. I.E.: I cannot fill in writeable fields, click on buttons... or anything... nothing on the page works. And, this is not exclusive to a particular site. It does seem to be a browser issue, because I can work well in Explorer.

  Both the Yahoo! Toolbar extension and the Babylon extension have been reported to cause an issue like that. Disable or uninstall those add-ons.
  * https://support.mozilla.com/kb/Troubleshooting+extensions+and+themes

• Applications associated with workstations not working

  Hello,
  I have onld zen 7.x, on netware.
  Applications associated with workstations not working or appearing in one container. Not sure if it every worked. Apps work fine with users.
  I am in a bind, since I need to get the app out in the workstation space.
  It maybe rights or simple install error with the ZEN from the begining.
  thanks for any help or ideas.. Yes I know I need to get to Zen 11.
  Phil

  PhilJannusch,
  > Applications associated with workstations not working or appearing in
  > one container. Not sure if it every worked. Apps work fine with users.
  >
  > I am in a bind, since I need to get the app out in the workstation
  > space.
  Please tell us more as "not working" can mean a lot of things. So:
  Are they user or workstation associated?
  Are those for whick they do not work (users or workstations) all in the
  same container?
  In what way do they not work?
  Any errors?
  Anders Gustafsson (NKP)
  The Aaland Islands (N60 E20)
  Have an idea for a product enhancement? Please visit:
  http://www.novell.com/rms

• I am getting frustrated with Apple not working with Flash player on some of my favorite web sites. Is there any alternative that will work on I-pad instead of flash?

  I am getting frustrated with Apple not working with Flash Player on some of my favorite web sites! Is there another alternative to watching these site options on my I-pad?

  Flash is not, and probably never will be, supported on the iPad : http://www.apple.com/hotnews/thoughts-on-flash/ . Plus it would be up to Adobe to make a version of their flash player that works on iOS devices - something which they have never managed to do and which they have now given up on trying to do.
  Browser apps such as Skyfire, iSwifter and Puffin 'work' on some sites, but judging by their reviews not all sites. Also some websites, especially news sites, have their own apps in the App Store, so your could try checking there for your sites (and there is the built-in YouTube app).

• My orignal computer that I sync my iPhone 4 with does not work...can I sync it with a new computer?

  My original computer that I set up my iPhone 4 with
  Does not work.....can I use a new computer to sync
  The phone....how do I do this and is there a risk of
  Of losing any apps, music etc

  Try this:
  Syncing to a "New" Computer or replacing a "crashed" Hard Drive

• SSO to R3 not working after system copy

  Hi Experts,
  Recently our QA R3 client XXX was deleted and the whole system was rebuild using system copy of client ZZZ of R3 production. Now we had to reconfigure the SSO between portal and QA R3 with the new client.
  But it is not working. It was found that the QA R3's own self signed certificate shows CN=ERP (same as R3 Prod) and not ERU as it should have been. We changed the CN value to ERP,in Visual Admin (Services ->key storage , Ticket ). Still the result is same.
  How to re-generate the self signed certificate in R3 with CN=ERU ?
  or a workaround for this problem.
  Regards
  Jimmy

  HI Jayendra 
  Recreate the saplogonticketkeypair following the procedure outlined here
  http://help.sap.com/saphelp_nw70/helpdata/en/75/c80b424c6cc717e10000000a155106/content.htm
  Then you can export the SAPLogonticketkeypair-cert (public key certificate) of the Java AS and import it into the target ABAP system
  Important: the following two steps must be done in the ABAP client that will receive the logon tickets i.e the ABAP client that the component/application on the Java AS is configured to connect to e.g the client specified in the portal iview properties or the client specified in a Web Dynpro JCo Destination
  (1) Import the public-key certificate of the Java AS into the ABAP systems certificate list using transaction STRUSTSSO2
  (2) Add the certificate to access control list
  When adding the certificate to the ACL the SID should be set to the SID of the ticket issuing Java AS and the client should be set to the client that the Java AS is writing to the logon tickets i.e the value of login.ticket_client in the Java AS
  Remember, in an Add-In installation, where the system IDs are the same, you must change the default client for the J2EE Engine (000) to a client that does not exist on the SAP Web AS ABAP system e.g change login.ticket_client to 999
  See: http://help.sap.com/saphelp_nw70/helpdata/en/cb/ac3d41a5a9ef23e10000000a155106/content.htm
  The reason for this change is that the system ID and client combination must be unique when tickets are to be accepted by an SAP Web AS ABAP system
  By the way it is better to start a new thread with your question rather than bumping a thread that was already set to 'answered'

• Read Only Display of Radio group and Text area with counter not working

  Hello,
  I am using Apex 3.2, with 10g for the database
  I have this form, with fields that will set to read only when status = 'closed'
  All of the fields display as read only except for 2. I cannot figure out why this is not working correctly.
  1st field is Issues that is a text area with character counter, with a sql query behind it, that is set to null unless the query is pulling in the data.
  2nd field is Status which is a radio group that will not display as read only when status = 'closed'
  I have other fields on the form with the same format and they change to read only when the status = 'closed', I have even copied the pl/sql expression from one field to these fields and it still doesn't work correctly. I have also tried javascript for an on load event, which works, but once I click on the save button, it disables all of the page items, which works correctly, but I purposely forget to enter information, to make sure the validations are firing correctly, which it does, but the script disables everything, not allowing me to correct the errors. The javascript is firing on the on page load event.
  Any help on this is greatly appreciated.
  Mary

  Dung,
  That API seems to have a bug, it returns true/false/null, so you could use 'return not nvl(htmldb_util.current_user_in_group(p_group_name => 'APP Admin'),false)' to get a false value.
  Unfortunately there's another problem: using the read-only attributes for checkbox or radiogroup item makes them hidden. My suggestion would be to create another item that has disabled="disabled" in the HTML Form Element attribute in the item definition and display that item or the non-disabled item alternately, using conditions based on the current_user_in_group logic.
  Scott

• MacBook Pro to TV with RCA - Not working

  Hi guys, I'm trying to connect my Macbook pro 08 to my new Samsung HD TV. I'm using a DVI-D to HDMI for the video which works great, but I'm using RCA to the headphone jack for Audio and it's not working. I've tried playing with the settings in my TV but cannot change the Audio input to analog. I'm guessing my TV thinks it's getting the audio from the HDMI, but the DVI-D does not carry audio.
  Does anyone know how to get the audio to work with RCA cables? Or is there an adapter that can combine my audio into the HDMI input?
  Any help would be appreciated.
  (My TV has 2 HDMI ports, component, and RCA ports as well as a USB)

  Yes, it is the ones on the left, but you're not going to hear any audio because your input selection must be on Component on the TV in order to get the audio out of that input.  HDMI and Component are two different inputs on your Input menu selection.  Do this, play some audio on your Mac and then flip to Component on the TV with your stuff hooked up.  I bet you hear the sounds, but no video and when you're on HDMI, you see the video but no sounds.  That's because it's two different inputs.
  Also, your 2008 MBP doesn't support Audio passthrough the MiniDisplayPort, so you're kind hosed unless you do external speakers like Grant suggested.

• Crystal Report formula with datediff not working as expected

  We need a Crystal Report formula to display the number of seconds the oldest arriving call has been waiting.  Across multiple resources that can each have an "oldest call".  The database stores a datetime value for the time the oldest call arrived.  If there are no waiting calls, then this field is NULL.  (MSSQL database).  It seemed reasonable to implement this in a formula that 1) discovers the minimum of "oldest call" timestamps in the selected records, and 2) to use "datediff" to produce the difference (in seconds) between the "oldest call" timestamp and current time.
  The first attempt at this relied on "implied" iteration that could be done within a formula.  Something like:
  data: OLDESTARRIVALTIME
         null
         '2014-06-14 08:08:08.000'
         null
        '2014-06-14 08:07:55.000'
         null
  whilereadingrecords;
  datetimevar minArrival;
  if isNull({SVCCLASSMEASURES_VW.OLDESTARRIVALTIME}) = False
                 and minArrival < {SVCCLASSMEASURES_VW.OLDESTARRIVALTIME} then
       minArrival := {SVCCLASSMEASURES_VW.OLDESTARRIVALTIME};
  DateDiff("s", minArrival, {SVCCLASSMEASURES_VW.UTCDATE})
  We tried storing the values of OLDESTARRIVALTIME in an array.  We could see it iterating, but the values in the array only contained
  the column value from the first record.
  This was to solve the problem of screening null values and producing the minimum of the set.
  Since that didn't work (and the web articles seemed to imply this would iterate over all the records, we tried another approach.  This
  time we set NULL timestamps in the table to a timestamp far in the future, so that we could directly apply "minimum" to produce
  the correct "begin" for datediff.
  data: OLDESTARRIVALTIME
            '2030-01-01 00:00:00.000'
            '2014-06-14 08:08:08.000'
            '2030-01-01 00:00:00.000'
            '2014-06-14 08:07:55.000'
            '2030-01-01 00:00:00.000'
  datetimevar minArrival = minimum({SVCCLASSMEASURES_VW.OLDESTARRIVALTIME});
  datetimevar minUTC = minimum({SVCCLASSMEASURES_VW.UTCDATE});
  if minArrival < minUTC then
       DateDiff("s", minArrival, minUTC)
  else
       0
  (minUTC would be current time in UTC)
  So, to start things off, the last formula produces negative numbers!  They hover in negative seconds within a negative minute (-33, -45, etc.).
  That's inconceivable, considering the test for minArrival < minUTC.  Both of the fields are "datetime".
  As it turns out, in the near term, it's most important to get the second formula working.  And, of course, insights into getting the first
  formula to work are welcome as well!
  Have we run into some weird behavior of the "DateDiff" function?
  Thanks!

  If DateDiff is always returning a negative number you could try swapping the dates around in the call to DateDiff - it should look like this:
       DateDiff("s", minUTC, minArrival)    
  Or you could use the Absolute Value of the calculation:
       Abs(DateDiff("s", minUTC, minArrival) )
  As for your first formula, you need to initialize the variable to a value prior to using it in the comparison.  If you don't, its value is null and comparing it against a value won't work.  (See What is Null and Why is it Important for Crystal Reports | SAP BI BLOG for a blog that I wrote about working with nulls in Crystal.)
  You should change your existing formula to something like this:
  whilereadingrecords;
  datetimevar minArrival;
  if OnFirstRecord then minArrival := DateTime(2013, 1, 1, 0, 0, 0);
  if not isNull({SVCCLASSMEASURES_VW.OLDESTARRIVALTIME})
                 and minArrival > {SVCCLASSMEASURES_VW.OLDESTARRIVALTIME} then
       minArrival := {SVCCLASSMEASURES_VW.OLDESTARRIVALTIME};
  Note how I changed the If statement.  Also, you want to replace minArrival with the field value if the field is less than the current value of minArrival - so you need to use ">" instead of "<" in the comparison.  Place this formula in the details section.  It will now show anything because of the semi-colon on the end.  This will ensure that it gets evaluated for every record.
  Now, create a second formula that looks like this:
  whileReadingRecords;
  datetimevar minArrival;
  DateDiff("s", minArrival, {SVCCLASSMEASURES_VW.UTCDATE})
  Place this formula in a footer section - it will not work in a header section.  If you need it in a header section you might be able to take the "whilereadingrecords" off of both formulas and use the "Maximum()" summary function to get the correct value.
  -Dell