SUn Access managet  - Single sign on and Federation  - Getting the assertio

We are using SUN AM 7.1 with DS 6.1 and WS 7.1 , SAML2.0 and liferay portal as the fronting application. We are also using the SUN one Ploicy agent.
For transaction purposes , we need to get the asswertion ID in the SP and pass it to the application.
We have got the assertion ID in the spassersionconsumer.jsp but donot know the way to pass it back to the application. Looks like the HTTP-HEADER is not working.
Please help us to solve the issue.Any help is appreciated. Thanks for the help.

Hi,
You can follow Oracle Access Manager Integration Guide (10.1.4.0.1) B25347-01, chapter 4, to achieve this. This document will answer most of your questions.
Regards,

Similar Messages

  • Oracle Single Sign on and Oracle Internet Directory

    Hello Gurus,
    What is the relationship between Oracle Single Sign on and Oracle Internet Directory.
    To my understanding, OID is required to install SSO.
    If OID already exist, can we just install SSO and go on integrating it to existing OID.
    Great Thanks,
    vimal jain.
    [email protected]

    Hi Tim,
    I've been working on this and could reproduce the issue with anonymous binds. A fix will be ready in 4.2.1.
    So what I really need is the password used for login to pass to the is_member call.The P101_PASSWORD item does not save state. However, you can access the value during submit processing of the login page, for example in the post authentication function of your authentication scheme. People sometimes put code in there to query the user's groups (e.g. with apex_ldap.member_of2) and save them in an application. This item value can then be used in the authorization schemes.
    Regards,
    Christian

  • Single sign-on and different usernames and passwords

    Hello,
    I am building a Portal with WLPS 3.5 and WLS 6.0. I tried to get
    information about the background of single sign-on.
    I understand, that I need a Realm (i.e. LDAP Realm) to authenticate the
    user for the first login to the portal (with username and password).
    Now I would like to integrate my webmail-programm (to get emails from
    Lotus Notes via Internet) as a portlet.
    For my understanding the user has to authorizate to get access to webmail.
    Therefore I create a ACL for webmail and this ACL is assigned to my
    security Realm.
    I would like the portlet to show after login the number of mails for the
    specific user. But where are the username and password for webmail stored
    and how are they received and forwarded?
    I understand that my ACL included all users that have access to webmail
    (i.e. all users). But I only want emails for the specific user.
    Does WLS get all usernames and passwords while the first login? Do I have to
    implement a algorithmen to get the specific username and password for the
    requested resource in my portlet?
    Has anyone solved a similar problem or can tell me where I can get more
    information. I read the WebLogic Security document but I cant find a
    answer to my questions.
    Thanks
    Lydia

    Lydia,
    I'm not an expert in this area, but I can give you a start.
    As for single sign-on, there are different levels. For single sign-on across web-apps,
    the servlet spec requires this (section 12.6 of th 2.3 spec) and therefore Weblogic
    does this.
    What you are talking about is single sign-on across back-end applications through
    a web-app. BEA has partnered with Securant (just acquired by RSA) to provide this
    kind of functionality. Browse to http://www.rsasecurity.com/products/ and look
    at the ClearTrust product. BEA has also partnered with Netegrity (www.netegrity.com)
    with their SiteMinder product. Neither is included in the Weblogic license. I'm
    sure either vendor would be excited to explain how their product will solve your
    problem if you give them a call.
    As for where the username and passwords are stored, that is up to the realm. If
    you are using the default WLPS RDBMSRealm, the username and encrypted password
    are stored in the WLCS_USER table. If you are using LDAPRealm, they are stored
    in your LDAP server.
    Hope this was useful!
    PJL
    [email protected] wrote:
    Hello,
    I am using PersonalizationServer 3.5 and WLS 6.0 SP 2.
    Now I try to unterstand the functionality of Single sign-on when a user
    has different usernames and passwords for different applications.
    Can someone explain where the usernames and passwords for a user are
    stored (all in the LDAP-realm or a RDBMS-realm?) When a user access the
    application how username and passwords are mapped? Or usernames and
    passwords for all applications are the same and will be equalized?
    Precisely I would like to get access to a mail-account for a specific
    user
    (webmail from Lotus Notes).
    Thanks for any help
    Lydia

  • Single Sign-On and Forcing logins

    Hi
    I'm new to single sign-on firstly.
    Is it possible for a company using SSO, to force a user to login again when trying to access a certain web application, in this instance a J2EE application within the company's domain (I know it defeats the purpose but they have their bizarre reasons)?
    I.e. have single sign-on working with all the other web applications within the company not needing to login to them if they already have an authenticated SSO login, except this one, having the start page rerouted to the SSO login page regardless of whether the user already has an SSO authenticated login or not?
    Thanks
    Mario

    This is pretty much possible and this does not actually defeats the purpose as this is business requirement.
    First of all you need to create a different authentication scheme (J2EE Authentication scheme) for J2EE application. I can be replica of your generic authentication scheme (The one which is used for SSO) with just a one change, set authentication level for J2EE Authentication scheme higher than generic authentication scheme.
    This will make sure that a user having an authenticated SSO login is asked for authentication when user access J2EE application. Also once used is logged onto J2EE application, he will not be challenged for authentication when he access SSO enabled applications.
    I hope this answers your requirement.
    Thanking You
    Kiran Thakkar

  • Single Sign on and Protect URL step

    Hi,
    I have successfully installed Oracle Internet Directory, Identity Server, Web Pass, Policy manager, Access Server and WebGate (attached to Oracle HTTP Server from Oracle Management Infrastructure).
    My questions are:
    - How do I protect URL so the user will need to login to access certain URL?
    - How do I enable single sign on and test it?
    - What are the general steps involve to enable URL protection (so if the url is protected it will prompt for username and password) and single sign on using Oracle Internet Directory?
    Kindly help me if anyone know a solution or can point me to the right documentation. I have tried to read Oracle Access Manager - Access Administration Guide, but keep getting confused.
    Thanks.
    Regards,
    Alfonso

    Hi,
    You can follow Oracle Access Manager Integration Guide (10.1.4.0.1) B25347-01, chapter 4, to achieve this. This document will answer most of your questions.
    Regards,

  • Single Sign-On and session information

    I have an Oracle Portal application with many Java Web Applications. I wish to
    provide Single Sign-On to this applications. I know how to configure Single
    Sign-On and how to get the user login in Java. I want to store session
    information such as: User First and Last Name, User Social Security Number. I
    want to get this information from the database after authentication, store it
    in session and then access this information from all my applications.

    Are you familiarized with sys_context function?
    Hope this is useful help.
    BR,
    Marcos

  • Starting single sign-on and directory service

    i am trying to install oracle 9i infrastructure on my clean win2000 box with 2.4 GHz proc and 1GB RAM.
    i am getting falilure messages for the following:
    infrastructure instance configuration assistant: failed
    oracle 9i application server randomize password: failed
    single sign on configuration assistant: failed
    infrastructure mod-osso configuration assistant: failed
    OPMN configuration assistant: failed
    log file says:
    Configuration failed for IAS
    IAS Instance creation failed
    Configuration failed for JAZN
    JAZN configuration failed: unable to establish a directory context.
    Configuration succeeded for IASProperty
    Configuration failed for IAS
    Configuration failed for JAZN
    after which single sign-on and directory service dont start. which means no connectivity :(
    can somebody please guide me about how to avoid this failure in installation or how to manually start these after installation.
    it would be a great help
    ashish

    Hi,
    we're having exactly the same problem.
    Could you tell me what the problem is with the network ?
    You say configure it properly but what do you mean ?
    It's installed on a Windows 2000 Server machine, it's own DNS.
    Thanks,
    Yuri Arts

  • Single Sign On and user security with IS

    We have installed Information Steward 4.1 SP1 Patch 1 with Data Services 4.1 SP1 Patch 2 on Information Platform Services 4.0 SP 5 patch 6.  The Information Steward system is installed on it's own server.  We are connecting IS to our SAP Netweaver 7.3 system. 
    I have set up Single Sign On using Windows AD authentication.  The connection to the SAP system uses a service account. 
    Because the SAP system has our payroll information on it, we want to restrict Information Steward users based on their SAP security profiles.  We don't want to have to maintain security settings in both SAP and Information Steward. 
    Does anyone know if there's a way to set up Single Sign On so it passes the user credentials from SAP to Information Steward?  Then restrict the users on Information Steward based on their SAP security settings?
    Any advice would be appreciated!

    Hi,
    You can use Windows AD or SAP Authentication and configure it with SSO. However this should be done in the BI/IPS plaftorm and not IS. See the BI admin guide (http://help.sap.com/bobip40) section "Authentication options in BI platform". Please let me know if that's what you wanted.
    thanks

  • Single Sign-On and Data Visibility Rights

    Hello,
    I was wondering whether anyone has any best practices for implementing single sign on and user identification with Excelsius.
    More specifically, I need to interrogate user role, and limit certain data visibility based on that role.
    For example, a sales rep may only see certain data for their own territories, but the regional and national managers can see more.
    With the emphasis in improving enterprise integration with the new version coming up, I'm also wondering if there are any improvements included for this aspect.
    Thanks in advance.
    Derick

    Hi Derick,
    I want to make our discussion into 2 parts
    1) Sign on
    2) Viewing data based on the Heirarchy
    1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
    2) We can make the second point possible in two ways One is with providing restriction at universe level
    and the other one is through the use of flash variables.
    Using flash variables:
    The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
    I hope this is what you ar looking for....
    If so i have more points to acheive such scenario.
    Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
    Regards,
    AnjaniKumar C.A.

  • I have an iMac OS 10.9.5 - Every time I turn on my system I get the message that it can not access icloud and to fix it using iCloud preferences. I do not want to access or use iCloud, how do I get the message to discontinue?

    I have an iMac OS 10.9.5 - Every time I turn on my system I get the message that it can not access icloud and to fix it using iCloud preferences. I do not want to access or use iCloud, how do I get the message to discontinue?

    Hello mrmacjohn,
    Verifying that any iCloud account that may be signed in is signed out should resolve this error.
    On your Mac, open iCloud preferences, then click Sign Out.
    iCloud: Change iCloud feature settings
    http://support.apple.com/kb/PH2613
    Cheers,
    Allen

  • When trying to launch iTunes it freezes and I get the message: "Authentication Required. To access this site you need to log in to area "100656 on mellor.co. Your password will be sent in the clear." I am unable to enter a uname or password. Please help!!

    When trying to launch iTunes on my PC running Windows 7 it freezes and I get the message: "Authentication Required. To access this site you need to log in to area "100656 on mellor.co. Your password will be sent in the clear." Because iTunes is frizen at this point I am unable to enter a username or password, or in fact do anything. Please help!! I have uninstalled and reinstalled iTunes numerous times as well as attempting all of the fixes that I could find on-line and still no joy.

    That sounds extremely phishy to me... iTunes does not require authentication simply to launch it. I suspect you've got something nasty intercepting network traffic. That server may be set up to log the Apple ID that you enter so it can be used fraudulently. Try ComboFix from Bleeping Computer.
    FWIW the domain mellor.co is registered to an accountants in Knutsford, Cheshire, UK, and produces the same authentication request if visited with a browser. There is no sign of a "real" publicly visible website at that domain which is a somewhat odd.
    tt2

  • I try to install i cloud on my new HP desk top and i get the message"you can't sign in because of a server error"

    What can I do?
    I try to install i cloud on my new HP desk top and i get the message"you can't sign in because of a server error"

    I also have the same problem. I've tried all fixes listed in other forums and nothing works. Running windows Vista 32 bit. Any working solutions yet? Tried every solution listed for the cmd prompt. Turned off antivirus and spyware. Rebooting about 100 times. Nothing works.

  • I signed up for a free trial.  I want to convert a Word document to a PDF document.  I've signed in and been through the process a dozen times.  It doesn't work.

    I signed up for a free trial.  I want to convert a Word document to a PDF document.  I've signed in and been through the process a dozen times.  It doesn't work.

    Hi kemtnilion,
    What did you get a trial of? Adobe doesn't offer free trials of the Acrobat.com online services; did you get a free trial of Acrobat, perhaps? If so, you can save a PDF directly to Word from Acrobat, by choosing File > Save as Other > Microsoft Word > Word Document.
    Please let us know if you have additional questions.
    Best,
    Sara

  • I am trying to upgrade to itunes 10.7 using windows and keep getting the following error message: "Error writing to file: C:\Config.Msi\364460.rbf   Verify access to this dierctory". Help!

    I am trying to upgrade to itunes 10.7 using windows and keep getting the following error message: "Error writing to file: C:\Config.Msi\364460.rbf   Verify access to this dierctory". Help!

    Fixed! (win7 64 bit)! Just stop your antivirus during the upgrade/installation (I've got Kaspersky).
    Good luck!

  • HT201364 trying to install new software for OS mavericks and i get the he product distribution file could not be verified. It may be damaged or was not signed.can you assist

    trying to install new software for OS mavericks and i get the the product distribution file could not be verified. It may be damaged or was not signed error message
    .can you assist

    What "new" software?
    Barry

Maybe you are looking for

  • No remittance advice output in the 'Outbound Payment File Directory'

    We are working on an upgrade from 11i to R12. Configuration has created a profile for an electronic payment with a separate remittance advice. They have specified an outbound payment file directory. The EFT text file is generated in the proper direct

  • IPad 2, VGA adapter, iOS 6?

    I need to use a projector in a meeting to have the participants view my iPad 2 screen. Looking at the description in the Apple store and the reviews posted there I have some questions that I hope someone can help me with. 1. According to The Apple St

  • Adobe Lightroom 2 question

    My old lap top was recently stolen and since then I have gotten a new one. I am now trying to reinstall my programs/software such as Photoshop, Lightroom, etc. However Lightroom keeps telling me there is an 'ERROR' during installation and prompts me

  • Extra data plan with iPod?

    I already have an iPhone 5s and MacBook pro laptop. If I buy an iPad will I have any other monthly or one time data fees that I will have to pay to add the iPad to the "family."?

  • How to detect and delete double files like for iPhoto

    I have a high number of double photos in iPhoto and would like to know a possibility to detect and delete the doubled ones any idea for a reliable support tool thanks