UPCOMING Webcast on Sept 27th - Security Scenarios with WebCenter Content

Similar Messages

• Don't miss Thursday's Webcast: Security Scenarios with WebCenter Content 11

  Learn how user authentication and authorization is now implemented in WCC 11g by attending this 1 hour Advisor Webcast!
  Topic: Security Scenarios with WebCenter Content
  When: September 27, 2012 at 16:00 UK / 17:00 CET / 08:00 am Pacific / 9:00 am Mountain / 10:00 am Central / 11:00 am Eastern
  This one-hour session is recommended for technical and functional users who use WebCenter Content (WCC). This session will be used to explain how user authentication and authorization is now implemented in WCC 11g. Also the means that single sign can be used.
  TOPICS WILL INCLUDE:
  - How authentcation and authorization was handled in previous Content Server versions
  - The WLS mechanisms now used to provide user access and content security
  - External users and internal users
  - Overview of the WLS ldap provider configuration
  - How to differentiate Roles and Accounts
  - WCC credential mapping -- not WLS credential mapping
  - Single Sign on -- OAM only
  - Saml and Kerberos
  To register for this meeting:
  1. Event address for attendees: https://oracleaw.webex.com/oracleaw/onstage/g.php?d=595760912&t=a
  2. Register for the meeting.
  Once the host approves your request, you will receive a confirmation email with instructions for joining the meeting.

  Hi Everybody:
  I've found the solution. It was necessary to fill the roles on the Front End. However, this step is not mentioned on the GRC 10.1 Security guide, only in 10.0.
  Best Regards:
  Caio

• Webinar: How to implement secure scenarios with SAP NW PI 7.1

  SAP Intelligence Platform & NetWeaver RIG APJ Expert Call
  Dear valued SAP Experts,
  Next SAP Intelligence Platform & NetWeaver RIG Expert Call Session will take place on Tuesday, August 18.
  The SAP Intelligence Platform & NetWeaver RIG Expert Call Sessions are designed to support consultants, partners and customers  during their implementation projects. The sessions cover all different aspects of SAP NetWeaver and are aimed at
  thus provide knowledge which is not available via standard training courses. The session duration is typically 60min and includes questions and answers.
  Tuesday, August 18, 2009:
  How to implement secure scenarios with SAP NetWeaver Process Integration 7.1
  Time: 2.00 - 3.00 p.m. Singapore Time (UTC +8)
  This event will feature Makoto Sugishita with the SAP Intelligence Platform & NetWeaver Regional Implementation Group.
  Makoto provides the following abstract:
  In this session you will learn more about the core security concepts that are provided with the service-oriented architecture (SOA)
  management capabilities in SAP NetWeaver Process Integration (SAP NetWeaver PI). This session will cover main use cases and
  supported scenarios of secure SAP NetWeaver PI deployments. 
  SAP Connect Link: https://sap.emea.pgiconnect.com/I016095
  (no passcode needed)
  Dial in:
  For dial in details please register here http://www.surveymonkey.com/s.aspx?sm=EFeuZl9PxrwKOW5i5W556g_3d_3d
  Kind regards,
  Sarma Sishta
  SAP Intelligence Platform & NetWeaver RIG APJ

  hi,
  I'm making this a sticky thread till August 18 so it will have better visibility
  Regards,
  Michal Krawczyk

• OCR with WebCenter Content and Imaging

  Hi,
  I'm searching for some information about OCR with webcenter content and imaging.
  I've seen that there are two solutions :
  - WebCenter Capture
  - Webcenter Forms Recognition
  But I can't find if any of that product use lexical post-correction of OCR results. Is anyone have this information?
  Thanks,
  David

  David:
  Both products will use print (vs handwritten) character recognition to identify "tokens" from the image of a document with text. Capture usage focuses mainly on zonal recognition of information - what I would call structured forms processing. Forms Recognition is for information capture from semi-structured documents - say invoices, where you know that many fields are present, but their location differs from example to example. It can use patterns, text locators, etc to find the field. Both benenfit when there exists a reference DB of acceptable values, but that is not a requirement.
  Lexical correction (as I understand it to mean) is not a feature of either. They are not going to try to validate extracted tokens based upon language analysis. I would try to use them to extract all of the tokens and then add some tool to do lexical analysis. You could do that as a separate, post OCR process, or try to see if you can fit it into an FR post-extraction EP.
  Might I ask what the business problem you are trying to solve is?
  Bernard

• How can scan directly with webcenter content

  how can directly scan with webcenter content without other software for scanner
  tnx

  Hi,
  If you are referring to not using ODC/ODDC kind of software which has drivers to connect to Webcenter Content then following is what I can think of:
  1. Have your scanner drop the scanned images to a shared folder
  2. Have a standalone Java program to checkin the scanned images to Webcenter Content using RIDC API calls
  3. Access what set of metadata you want to set on the content, advice you set most of the general metadata on the folder so the content inherits them
  4. If the metadata is available in a database then you could use the Java program to look up to this DB for metadata which performing the checkin
  Regards,
  - Anand

• Error IBR with Webcenter Content cluster

  Dear all.
  I am using oracle webcenter content 11.1.1.6.
  When i configure IBR single with single webcenter content   it working but  error with webcenter content cluster.
  It still generate image but link access image not found and nolog.  I don't known why.
  Thanks all.
  Hoan

  There's 1209496.1 from a few weeks ago.
  also edited a few weeks ago: 1150893.1
  There are a few others from last year, but these were the two that were at the top of the search. Perhaps it's a difference of the word 'cluster'. I use it primarily as the WLS group of managed servers. The IBR instances are not sharing resources or sharing queues of work, but they are configured in WLS as a set of clustered managed servers.
  some repeated notes:
  "IBR can not be active on more than one Managed Server cluster node at any time unless the following three (3) conditions are ALL meet.
  The IBR instances are running on separate machines
  The IBR instances do not share a file system
  The IBR instances do not share a JVM or anything at all"
  "All Inbound Refinery instances are completely independent. You can assign Inbound Refinery to a server group in WebLogic as a cluster, but it does not run as a cluster because each Inbound Refinery Managed Server runs independently.  If you do create a cluster in WebLogic for the refineries, the cluster is used for management purposes only.  If you are to "cluster" the refinery by putting two or more refinery managed servers in a cluster for them that you've created in a WebLogic domain, then the following three things must be true so that nothing is shared between the refineries.
  The Refinery instances are running on separate physical machines
  The Refinery instances do not share a file system, or any IBR configuration at all
  The Refinery instances do not share the same JVM or anything at all
  If the above three things are not true, you will encounter errors further down the line."
  If you're going to update docs, there are at least a handful others that are specific to this case.
  -ryan

• "Content Less" workflows with WebCenter Content

  Hi,
  "BPEL Process Engine" comes along with WebCenter Content for restricted use (for developing workflows/processes within or between WebCenter Content components only).
  And as per the documentation only Basic (human triggered workflows with a document etc) and Criteria (auto triggered by an event - uploading a document etc.)
  But, can we create a workflows without a document/content? E.g. a simple workflow of leave application where no document upload is required. Or a simple process for Customer on-board where there is no document involved.
  Can anybody help me in understanding this?

  Hi ,
  For that you would have to set Metadata Only check-in which does not need a primary file . What it does is use the check-in form details and creates a file by itself (without having used any primary file) and creates the assets .
  So , from the WF point of view there need not have any changes . Only thing is from WCC check-in side .
  For details please check the following links:
  https://blogs.oracle.com/kyle/entry/check-ins_without_files_ucm
  Uploading Documents - Release 11g (11.1.1)- section 18.4.1.7 - Tip
  Hope this helps .
  Thanks,
  Srinath

• Big Security Issues with WebCenter

  I have some questions about security with webcenter:
  1) can I hide and show the whole portlet according to the role of the user ?
  2) how can I develop the dummy page definition to put some components in it, and apply security constrains on that portion differenet from the whole page definition constrains ?
  3) the "Rendered" property of the component can be shown and hidden using the EL. But can I control every component alone depeneding on the authoriztion of the user on that control ? or all the component is depending on the same level of authorization?
  please provide some explanation and not only URLs
  thank you

  I have some questions about security with webcenter:
  1) can I hide and show the whole portlet according to
  the role of the user ?You could do this in a number of ways
  a) use the isrunnable method in your portlet code (role membership is passed at runtime to the provider)
  b) Create a managed bean and track the role membership (isUserInRole) by using the just use EL to reference this bean in the rendered property of the portlet to return true or false (similar to method in developers guide, section 10.3)
  c) use a dummy page def as mentioned below
  2) how can I develop the dummy page definition to put
  some components in it, and apply security constraints
  on that portion different from the whole page
  definition constrains ?From the developers guide "While there is a one-to-one relationship between the page definition file and the page you are securing, it is also possible to secure areas within a page (for example, a ShowOneTab) by using a headless (dummy) page definition file that represents a specific section of the page. This page definition is not actually tied to a physical page, but can still have a policy defined for it. As such, by defining view permission on this headless page definition, you can show and hide a section of a page by referencing the headless page definition rather than the actual page definition of a target page."
  3) the "Rendered" property of the component can be
  shown and hidden using the EL. But can I control
  every component alone depeneding on the authoriztion
  of the user on that control ? or all the component is
  depending on the same level of authorization?
  Not sure what you mean here, maybe it is explained in my answers above?
  please provide some explanation and not only URLs
  Please read Section 10 Securing Your WebCenter Application of the WebCenter Developers Guide (http://download-west.oracle.com/docs/cd/B32110_01/webcenter.1013/b31074/jpsdg_security.htm#CDDGCDAH) we put alot of effort into the documenation so we don't have to write massive answers to every post.
  thank you

• Integrating BPM with WebCenter Content

  To integrate UCM and BPM, I followed this tutorial written by J@n van Zoggel.
  At the moment, I've already set up everything exactly as instructed in the tutorial. However, when I viewed a task in BPM Workspace, I still cannot see the Attachment section. In the log, I saw the following error:
  Ensure that credential store map WF-ADMIN-USER with key WF-ADMIN-CREDENTIAL
  contains UCM server admin username/password. Also ensure that Workflow configuration parameter
  UcmIdcUrl contains IDC socket connection url to connect to UCM server and UCM server has permission
  to let SOA server connect to it using IDC protocol.
  access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=WF-ADMIN-USER,keyName=WF-ADMIN-CREDENTIAL" "read")]]
  One thing I'd like to ask is that in all tutorials or articles I've read, the authors are always testing in the environment in which both the UCM and BPM servers are on the same machine. In my case, I am trying to connect my local BPM server with the online WebCenter Content server of my company, I wonder if I have to make any additional settings for this to work. A few pictures of my current settings are shown below.
  I'd be very grateful if you could share with me your experience in integrating BPM and UCM.
  Best regards,
  James Tran
  P/S: My environment is SOA Suite 11.1.1.7 and WebCenter 11.1.1.7
  1. UcmIdcUrl setting:
  2. WF-ADMIN-USER key map:
  3. WebCenter Content IP Filter:

  I don't believe that noone has ever tried to connect the local BPM environment to a remote WCC server before. Please let me know if you've ever experienced the same problem. Otherwise, even a simple "I tried to do the samething and I succeeded using the same steps in the tutorial" would help too .
  Another thing is that yesterday, I talked to the tech-lead and I learned that our WCC server environment doesn't have BPM installed yet. I am wondering if this would cause the WCC server to not understand the request from my BPM server. In addtion, I've also upgraded my local BPM server using the lastest SOA bundled patch. Should the same patch be applied to the WCC server environment too?
  I'd be very grateful for any advice .

• Integrate PeopleSoft Security model with WebCenter JAZN

  Hi,
  I am wondering how I can get Peoplesoft roles in a Webcenter application??
  Rgs
  JO

  Radhika,
  I am also facing the same problem. Are you able to do the integration?
  If so, can you please help me or suggest me some doc.
  Thank you
  Ravindra Thota

• File to File Scenario with Secure Connection. Pls help urgent

  Hello All,
  I tried a lot to get a link/blog that expalin full scenario
  for File to File Scenario with Secure Connection
  Kindly let me know if somebody have link/doc for it
  that describe all the steps to do configuring this scenario.
  What is difference in simple words between
  FTPS and SFTP.
  Pls help it is urgent as I require for Project work urgently.
  Regards

  hi rich
  go through these links
  FTPs connection failed - error ".. certificate rejected by ChainVerifier"
  Re: What is SFTP, FTI channels
  http://help.sap.com/saphelp_erp2005/helpdata/en/e3/94007075cae04f930cc4c034e411e1/frameset.htm
  http://help.sap.com/saphelp_erp2005/helpdata/en/bc/bb79d6061007419a081e58cbeaaf28/frameset.htm
  FTPS implementation question.
  http://help.sap.com/saphelp_nw04s/helpdata/en/43/0e16bfd7b021aee10000000a1553f6/frameset.htm
  Server certificate rejected by ChainVerifier:FTPS server(Points Guaranteed)
  /people/krishna.moorthyp/blog/2007/07/31/sftp-vs-ftps-in-sap-pi
  File adapter
  thanks
  Kunaal

• Help with Security Scenario

  Hi, I have a security scenario I am hoping someone can me help with.
  Right now a user is authorized to "Sales Office" 100 only. 
  In the below scenario I need the user to be able to:
  1. See Transactions where the "Sales Office" is 100
  2. See Transactions where the "Sales Office of the Ship-To" is 100 even if they don't have access to "Sales Office" value. 
  So if the "Sales Office" is not 100, but the "Sales Office of the Ship-To" is 100 then they should see that as well.
  Access
  Sales Office
  Sales Office of Ship-To
  Yes
  100
  200
  Yes
  100
  201
  Yes
  200
  100
  No
  200
  300
  No
  300
  310
  Yes
  400
  100
  Yes
  300
  100
  Yes
  100
  100
  Note: Sales Office of the Ship-To is a Navigational Attribute of Ship-To Customer and is the same characteristic as "Sales Office"
  Is there any way to accomplish this with 7.x Analysis Authorizations or any other method?

  Hi,
  Yes it's possible, check details in the document below :
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/7052dee3-bce5-2d10-5299-cd5d00ebeb72?quicklink=index&…
  hope it helps.

• Extended SOAP Scenario with Security

  Hi All,
  Could anyone send me the step by step procedure for "Extended SOAP Scenario with Security"?
  Regards,
  Sai.

  Hello,
  Please use the search option on SDN.
  There are no step by step guides as such and you will have to combine multiple different activities to achieve this, including set up of Server SSL on XI and then set up of the SOAP adapter to use the certificates.
  Refer to the guides on SDN for these.
  Regards
  Bhavesh

• Can we design the scenario with Business service

  Hi,
  I have IDOCXIFile Scenario
  Can we design the scenario with Business service for SAP R/3 and As well as for File system also????
  I dont have details abt the SAP R/3 system to create the Tech system in SLD
  Regards
  Suman

  Hello Suman,
  Go through this Blog..
  /people/prateek.shah/blog/2005/06/08/introduction-to-idoc-xi-file-scenario-and-complete-walk-through-for-starters
  These are the steps which u have to do
  STEPS IN DESIGN
  1. Import idoc from the SAP System (SAP02) through imported objects.
  2. Create Data Type, Message Type, Message Interface for the Outbound File.
  3. Create Message Mapping with file Message and idoc (Matmas04)
  5.Create Interface mapping between File Interface and the idoc.
  Steps to be followed in Creation of Technical and Business System
  Technical System
  In SLD, click on technical landscape->New Technical System->WebAS ABAP.
  Business System.
  1.Goto Business Landscape->New Business System->Name the business system.
  2. Choose the technical system that needs to be attached->WebAS ABAP->Technical System Name.
  Preconfiguration steps for transfer of data to IDOCS
  1.Create a RFC Destination in SM59 of XI Server of type.
  2.In transaction IDX1 ,create a port for the client of XI server.
  3. The port has to be displayed in the idx2 transaction and we should be able to view the idoc’s which we imported through integration repository.
  Steps in Configuration
  1. Goto service without party, right click->Assign a business system.
  2. Choose the business system to be added.
  3. Create a File Sender Service with communication channel for the same.
  4. Create an idoc receiver channel under the business system.
  7. The Idoc type( which data is to be written) is mentioned as inbound parameter.
  8. Mention the logical Name in the Service->Adapter Specific Parameters of both the File Sender Service as well as the business system.
  9. Make the Sender Agreement for theFile Sender with communication channel.
  10.Create the Receiver Determination and Interface Determination for the business system.
  11.Create the Receiver Agreement for the Business system.
  Step for Configuration fo IDOC in R/3
  SM59-rfc destination
  IDX1-port
  IDX2-load metadata
  we05-IDoc status records
  BD54-Create Partner Number
  We20-Create Partner Profile
  WE19-Testing IDoc Processing
  Do these configurations in R/3 and in XI...
  SAP XI
  1) RFC Destination (SM59)
  a) Choose create.
  b) Specify the name of the RFC destination
  c) Select connection type as 3 and save
  d) In the technical settings tab enter the details SAP SID/URL and system number#.
  e) Enter the Gateway host as same details above SID/URL.
  f) Gateway service is 3300+system number#.
  g) In the Logon /Security tab, enter the client user & Password details of Destination system.
  h) Test the connection and remote logon.
  2) Create Port (IDX1)
  a) Select create new button
  b) Enter the port name as SAP+SID (The starting char should be SAP)
  c) Enter the destination client.
  d) Enter the RFC Destination created in SAP R/3 towards other system.
  e) Save
  3) Load Meta Data for IDOC (IDX2)
  a) Create new
  b) IDOC Message Type
  c) Enter port created in IDX1.
  SAP R/3
  1) RFC Destination (SM59)
  a) Choose create.
  b) Specify the name of the RFC destination
  c) Select connection type as 3 and save
  d) In the technical settings tab enter the details SAP SID/URL and system number#.
  e) Enter the Gateway host as same details above SID/URL.
  f) Gateway service is 3300+system number#.
  g) In the Logon /Security tab, enter the client user & Password details of Destination system.
  h) Test the connection and remote logon.
  2) Create Port (We21)
  a) First Select Transactional RFC and then click create button
  b) Enter the destination port name as SAP+SID (The starting char should be SAP)
  c) Enter the destination client.
  d) Enter the RFC Destination created in SAP R/3 towards other system.
  e) Save
  3) Create Partner Profile (WE20)
  a) Create New
  b) Create the Partner no. name as same the logical system name of the destination system.
  c) Select Partner type LS
  d) Enter details for Type: US/USER, Agent, and Lang.
  e) Click on the + button to select the message type.
  f) Select Partner no. and LS which ever create above.
  g) Select Message type
  h) Select Process code related to the Message type.
  I) save.
  Reward Points if it is useful..
  Thanks,
  Satya Kumar

• Item level security not available to accounts with manage content?

  Though I'd post this here before trying metalink.
  Environment: App Server Portal 9.0.4 (10g) on Win200
  The scenario:
  I have set up a page with one item area. This is set to be a portlet on another page and act as a message board.
  I wish to set up a group of users to maintain this message board, but restrict their access any further.
  Setting a user up with 'Manage Content' on the Page properties almost does this. It allows them to Enter/Edit/Move or delete items but pretty much no more which is exactly the level of access I require.
  What it doesn't allow, when they add or edit an Item, is the ability to change Access permissions.
  The page has 'item level security' ticked, and a user with higher 'Manage' access can set access permissions on items, for example only allowing a certain group viewing an item, but it also allows them to manipulate the page which I do not want to permit.
  Is it possible that 'Manage Content' level users can also set access on items?
  Thanks.

  Resolved, it appears that access can be set after item creation using the edit. a little quirk.
  Also I was trying to set access on an item created by the 'manage' user, which was beyond the 'manage content' users scope, and not a practical situation.