[URGENT] : ERP11i Using SSO (OID)

Greetings,
I'm using ERP 11i Suite and Oracle AS 10.1.2.0.2 with ID Management 10.1.2
1. does ERP11i users roles and responcibilities can be maintained in OID, so the user from OID be authenticated and then can use the ERP modules according to his access privillages, i mean user can see only to his portion of information which he is entitled to? i mean the user will be only maintained in OID as one centralised repository not in ERP.
if this is possible then pls provide the documentation through which it could be implemented.
Thanks & Regards,
-Tarique Abdullah-

You would need to maintain roles and responsibility in EBS11i. There isn't any provision yet to manage 11i roles and responsibility in OID. You can sync users ( one way or directional) between OID and 11i.

Similar Messages

  • Oracle Discoverer 10G and mapping Active Directory to use SSO/OID

    Could anybody point me please to the right direction?
    1. I've setup Oracle 10gIAS but turned off SSO and my users running discoverer /portals with no SSO.
    2. My goal is to turn on SSO and synchronize it with Active directory on the windows box.
    Thanks you in advance

    Hi Randy;
    As you mention all notes refer to SSO&OID for Active Directory integration.AFAIK there is no way to do it, please log a Sr and confirm this wiht oracle support
    Regard
    Helios

  • Hundreds of roles for a J2EE application using SSO/OID

    We are starting to develope a J2EE software that will have hundreds of logical roles. These logical roles must be assignable to users and groups on OID.
    When prototyping this scenario, we were not able to make this work well enough. Namely, in OIDDAS (which will be used by the end users to administrate users), all the "role groups" and user groups are always shown in one listing.
    Ideally, what we would want is to only have configurable user groups visible in OIDDAS and all the fine-grained roles would be assignable to users and groups separately. Tthe "Roles Assignment" section in user/group edit screen is quite close to the idea though having hundreds of low-level roles listed there will make administration a bit complex.
    We have also considered hiding the raw "role groups" from OID by moving the low-level administration to Enterprise Manager, where multiple logical roles would be mapped to composite OID groups. However, we currently don't see this as a viable option since we don't want to allow normal login administrators access to OEM where they can break too many things.
    How have you guys solved the problem of mapping hundreds of roles to user-configurable groups and users? What would you suggest? Is our planned approach (map logical roles to LDAP groups) the wrong way to try to solve the issue? What would be a better way?
    Thanks in advance,
    Keke

    Hi Peter,
    Thanks a lot for your post.
    My requirement is such that I have to fetch nodes from WLP content management system and all the associated data (content, security related info) with that node. Since security for a particular node is in the form of roles, I need to fetch the roles list for the node under processing.
    However my application requirement is such that any user can ask for retrieval of node(its contents). In that case I need to check whether user lies in the list of roles defined for the current node (node for which user asked).
    Thus my requirement becomes: Checking whether a user is in the given list of roles.
    A careful investigation if the API's helped me find out a method isUserInRole(role, rolemap), but this method provides information for the logged in user only.
    My application will login thru admin credentials(weblogic, weblogic) and will chekc other users say bryan, linda are in the roles list of the nodes under procesing.
    Please guide.
    Regards,
    Shakti

  • Jdeveloper SSO/OID 11.5.10.2 instance and CMAN (OCM)

    What works:
    I've done a sucessful install of win jdeveloper 9.0.3.8.13 and run the toolbox tutorial test on instance OPEN (11.5.10.2; no SSO; no firewall).
    Another instance, DEVL, is behind a firewall, using SSO/OID with a 1-time password via securecard kerberos authentication, and it behaves normally.
    We can connect to the DEVL database through CMAN (or Oracle Connection Manager) by adding the appropriate OCM information to the tnsnames alias.
    With the same jdeveloper that worked on OPEN, the connections > database > test is good to DEVL. (Again after adding the OCM parts to the URL:jdbc:oracle:thin:<connect string>)
    The DEVL.dbc file was copied from the app-server, modified to add the OCM information (I didn't delete the "\" characters.), then saved to the same location as the OPEN.dbc.
    This .dbc file was chosen in the tutorial's runtime connection section.
    I also configured my 11i Apps user account via the profile option "Applications SSO Login Types" to use a local login with a fixed password - in theory, skipping the SSO login requirement.
    (Related issue 1: the tutorial project settings runtime connection requires a username and password. In our SSO, there won't be a fixed password. Resolvable?)
    What doesn't work:
    Attempting to run the tutorial test_fwktutorial.jsp. It runs the enbedded OC4J and the new browser window opens with the right *jsp URL, but it's the Error Page. Clicking "here" for exception details:
    oracle.apps.fnd.framework.OAException: Application: FND, Message Name: SYSTEM-ERROR. Tokens: MESSAGE = Io exception: The Network Adapter could not establish the connection; at oracle.apps.fnd.framework.server.OAExceptionUtils.processAOLJErrorStack(OAExceptionUtils.java:988) at oracle.apps.fnd.framework.server.OAUtility.getWebAppsContext(OAUtility.java:353) at oracle.apps.fnd.framework.CreateIcxSession.getEncryptedSessId(CreateIcxSession.java:144) at oracle.apps.fnd.framework.CreateIcxSession.createSession(CreateIcxSession.java:80) at test_fwktutorial._jspService(test_fwktutorial.jsp:40)
    Anyone want to tackle a recommendation?

    Did you double click the jpx file and check the connection which is associated to it? Also make sure the correct DBC is associated at Runtime Connections level (Project->RuntimeConnections)

  • Running Discoverer reports into portal using SSO portal login - help

    Hi,
    I am trying to run disco reports into oracle portal using discoverer portlet providers -list of worksheet. What I want to achieve is as follows
    1) login to portal using SSO userid /pwd - Done
    2) Enable discoverer for SSO - Done
    *3) Use discoverer list of worksheets to show reports into portal but want to filter the list of worksheet to currently logged in portal user. This so that users looged in only sees the reports to which they have access in discoverer - Need Help*
    *4) Once user runs this report then I want to filter the discoverer data based on users login or portal group - Help*
    Can someone please help with issue no 3/4 urgently.
    Mant thanks
    Ganesh

    Hi Michael,
    Assuming I have created the private connections using CAPI I still have my doubts as follows
    Do I have to then login as each portal user and add the list of worksheet portlet for each user and selecting
    "check the box called Display a different list of worksheets by allowing users to customize database connection and then check Show a default list of worksheets using connection, changing the connection to user's connection."
    Considering we have 500+ users this will be huge cumbersom task for me.
    Also when I tried to do this before loggin as each portal user when I logged in as second portal user I could see the list of worksheet portalet added by the first user which means I have to edit it but even that was not possible because it would not let me edit as only the page own whi created the portlet was allowed to edit (that is the first user)
    OR
    Do you have to give portal user permission to edit the page so that they can log on themselve to add the list of worksheet portlet on the page by selecting their private connection and selecting
    "check the box called Display a different list of worksheets by allowing users to customize database connection and then check Show a default list of worksheets using connection, changing the connection to user's connection."
    Finally I know someone has made it work using URL links and it works as follows
    1) Map the portal and disco user into a table
    2) Create disco private connections
    3) when portal user loggs in and click on "Show my discoverer report" it then runs a PL/SQL package which in turn identifies the private connection details and creates a URL out of it as follows
    [http://portal.ccm.ac.uk/discoverer/app/partialConnect?password=IRTIMUDV123_=qplus=VDUMITRI=browser_selected=connect=RELATIONAL=QPRIS=viewer]
    clicking on this link open discoverer with private list of workbook/worksheet.
    Please advise which way should I follow.
    Thanks
    Ganesh

  • How to choose different SSO/OID resource name - when start application?

    Background
    We are new to 10g(10.1.2.0.2)
    We have an environment where we have a front end 10g application (set of screens, menus, reports etc) that we like to be able to run against different backends. Eg one database for one set of data and another database with a different set of data.
    We have several users and we created one SSO/OID account/username for each person and one resource type for each username/password@database that they need to have access to. We decided to name the resource type with the same name as the database – for ease of memory.
    The first time that a person logs on, enters their SSO u/p SSO asks the users for their “default” u/p@db – since the formsweb.cfg’s ssoDynamicResourceCreate=true. This creates yet another resource in SSO/OID for the user. From then on the people never get the option to go into one of the other databases – ie to use one of their other SSO/OID resources.
    We do not want any passwords to be written into the formsweb.cfg file.
    Question
    How can we get our people to use SSO to open their front end but be able to chose a “non default” resource to open the application against a different backend/database?
    Ta

    Oracle Forms can use only a resource with a name equal to the config section you are using to start your application. This in contrast to reports where the SSOCONN parameter can be used to differentiate between resources.
    The solution is to use a different config section for each environment. You can for example make an html page on which you have a link to all environments, each of these pointing to a url with a different config.

  • How to perform SSO / OID in Jheadstart 1013

    Hi,
    Could any please help me, How to implement SSO / OID for an application that is been developed using Jheadstart10.1.3.
    Regards,
    Tulacenath

    I have deployed a jdev adfbc/jsf application to my oas 10g 10.1.3.1 and checked the OC4J config checkbox to turn on SSO for this application, but when I run the application it does not present the sso username and password screen. I feel that if I could overcome this problem I could work out the other issues. Have you encountered anything like this? Do I have do do something with the deployment descriptor or profile special in order to get the sso login screen when I run my app?

  • Can Oracle Portal use IDM OID rather than portal OID

    Hi,
    Is it possible to use OID of IDM during Oracle portal installation?
    If we use the OID of IDM should we have to install the SSO component in the portal infra?
    How does the process flow work when portal is integrated with IDM OID?
    Thanks in Advance.
    Jay.

    <div>In order to use Oracle Portal, you will indeed need OiD. Not only does Oracle Portal use OiD for its users and groups, it also stores metadata for the application server.</div>
    <div>Your question about synchronization of user and group information is not easily answered. Pending on your requirements there are lots of possible solutions. I'd recommend to check the OiD integration guide for possible solutions.</div>

  • How to config authority when use SSO

    I have defined some groups in the RPD file, now the obiee use SSO, can I reuse these groups and filters on gorup? How to assign the users in OID to the Specific groups.
    Thanks.

    I used a windows machine (client and server running on windows) to build the datawarehouse. then execute loads from the linux server..
    I did get the odbc installed but was a pain.. then it quit working and couldn't get it working again.. so I went the temporary windows route...
    I also had trouble configuring informatica.. did the same thing.. ran it from a windows maching running the server then moved back to linux.

  • Why apply 10.1.0.5 patch to SSO/OID server? [Moved]

    The readme for patch 4960210 (OAS 10.1.2.2) indicates that the Database patch for 10.1.0.5 should be applied to the OAS SSO/OID server.
    In my configuration, the SSO/OID are on their own server, but the database is an existing Oracle Database on another server.
    Does anyone know if the 10.1.0.5 patch should be applied to the SSO/OID server ONLY if the database is on that server and was installed as part of the OAS install?
    If the database is on a separate server and is version 10.2, then does the SSO/OID patch for 10.1.0.5 need to be applied?
    overall, I am trying to patch my OAS install to 10.1.2.2, and the 10.1.0.5 database client patch is a prerequisite.
    TIA
    I copied this post to Portal Upgrades and Patchsets forum. Posted here by mistake.
    Message was edited by:
    Angrydot

    The Application Server ORACLE_HOME uses 10.1 Required Support Files (RSFs). In other words, there are database binaries and libraries in your Application Server Oracle Home. A good example is the shared library libclntsh.so. These binaries and libraries are patched when you install the 10.1.0.5.0 patch set.
    In your specific environment you will need to install the 10.1.0.5.0 patch set first before applying the AS 10.1.2.2.0 patch set. Metalink Note 359362.1 (Known Issues Applying Oracle Database 10.1.0.5 Patch Set to OracleAS 10g (10.1.2)) is probably mandatory reading before you start.
    One note on portal :
    When you apply AS 10.1.2.2.0 metata repository patch set on top of Portal 10.1.2.0.2, you will get Portal 10.1.2.2.0. If you need Oracle Portal 10.1.4, you will need to upgrade Oracle Portal 10.1.2.2.0 to Portal 10.1.4.0 first with the upgrade cdrom in your Application Server Media Pack. After the upgrade, you can run the metadata repository upgrade part of the AS 10.1.2.2.0 patch set again to install the 10.1.4.1 Portal patch.
    If your Oracle Portal is 10.1.4.0 already, the metadata repository will take you to 10.1.4.1.
    And I even managed to upgrade to 10.1.2.2.0 so it should not be too difficult :-)
    Good luck !

  • How to let SAP user use SSO to access Application in DMZ?

    Hi All,
    Our J2EE application is running on a system in DMZ which can not be connected with LDAP. So I am wondering if it's possible to let SAP user use SSO to access our application.
    After talking with my colleague I think the only way is to import SSO public key to our WebAS and create user in UME and then assign user to the corresponding public key, but anybody know where to download SSP verification file or is it allowed to download and import into another system at all?
    Regards,
    Bin

    Hi,
    Take a look at this example, it uses property nodes to select tha
    active plot and then changes the color of that plot.
    If you want to make the number of plots dynamic you could use a for
    loop and an array of color boxes.
    I hope this helps.
    Regards,
    Juan Carlos
    N.I.
    Attachments:
    Changing_plot_color.vi ‏38 KB

  • Calling Webservice from Netweaver Portal to SAP XMII 12.0 using SSO

    Hello,
    we have a Netweaver 2004s based Portal and a Netweaver-based SAP XMII (v12.0) System providing Webservices.
    What we try to do is to call a webservice out of the Portal EAR Application using SSO.
    SSO-Konfiguration between Portal and XMII is done and works fine. I tested this using an URL-iView, which calls a https-URL on XMII and SSO-Authentification is done in the background.
    Now I want to call a Webservice using SSO.
    Without SSO (prodiving UID/PW), the webservice-call works fine.
    In order to use SSO with Webservice, I created a "Deployable Webservice Proxy" with "HTTP-Authentication" and "use SAP Logon Ticket" turned on.
    Then I remove Login/Password from my SOAP-Request and unfortunately it doesn't work.
    What do I have to consider in addition to the topics above?
    Can you provide any useful links with tutorials, hints, documentation, ...?
    Thanks in advance
    Andreas

    > Can you please list all the options that we have in order to implement SSO for EP and SAP GUI?
    >
    > I could not find any info in regards to the advantages and disadvantages of each SSO solution. Do you have any links that gives this information?
    If you search the forum here for the terms you have used, then you will find many of them and interesting discussions about advantages and disadvantages from different views. I think that in 1 or 2 hours you will be a guru
    > I am thinking more of using Kerberos authentication for SAP GUI and using OpenSSO (Sun's product)solution for EP 7.0.
    >
    > Do you know what SSO technologies are other companies implementing these days?
    I only know which solutions I have been involved in doing the security evaluations for and implementation support.
    I don't want to do any direct or indirect comparative advertizing here, but only wanted to point out to you that there is plenty of information if you use the search. What you need to understand is that other that SAP proprietary mechanisms and newer standards based initiatives (search for 'SAML'), this is often a 3rd party vendor question (and resulting discussion...).
    If you find a solution and want to specifically discuss it here, then this can most of the time be done in a civilized way...
    Cheers,
    Julius

  • SSO/OID with Workflow

    Do we have to purchase Advanced Security option of 9i database if we want to use SSO with Workflow ?
    Thank you
    Aamir

    Aamir,
    I don't belive so, but you might want to check the licensing terms for using the Oracle Single-Sign-On server. For workflow to work, all you need it the mod_osso module which comes with Oracle SSO server.
    Thanks,
    Raja

  • Login Issue in Portal system using SSO

    Dear All,
    We have Expressnet system version 7 - windows +SQL DB.
    If the user can able to login to EP using SSO.
    My question is single user is present in different Data Source in LDAP during this case how the user can able to login.
    Ex username: Priyan , It present in CORE_LDAP_DS1 and CORE_LDAP_DS5.
    Kindly let us know the how the user is login to LDAP where and how the user name and password is fetching from?
    Thanks,
    Priyanga G.

    Hi,
    The problem is in the BEx Web configuration.
    Check whether the the Mime repository has the images or not in BI 7 server.
    If Mime has the images then the BI and portal configuration is not done properly using the BI template installer.
    You need to set the set the BWMANDT in table RSADMINA to current used default client.
    Also try to set the BEx web,
    The problem might get resolved after setting BEx Web.
    Required Steps
    You can perform an initial check of the automatic configuration with the
    following steps:
    Note 917950 - SAP NetWeaver 2004s: Setting Up BEx Web
    1. Execute the report RSPOR_SETUP with transaction SE38 (or SA38; or you
    can execute the report from the SAP Reference IMG, see Documentation
    below)
    2. Use value help of entry field Program ID (or RFC Destination) to
    choose <BI_SID>_<J2EE_HOSTNAME>_<J2EE_SID> as RFC Destination (this
    destination is created by the Template Installer)
    3. Enter Portal SID (required to check step 10)
    4. Press button Execute
    Placeholder <BI_SID> correspond to the field BACKEND_SID of the Template
    Installer's Data Entry. <J2EE_HOSTNAME> correspond to the field J2EE HOST
    and <J2EE_SID> to J2EE SID.

  • Call RFC from EJB using SSO

    Can anyone point me in the right direction on the best practice for calling an RFC using SSO from an EJB?
    When using the local interface for the EJB, the only solution I see is to pass the authenticated IUser instance from the portal component to the EJB business method through the method signature.
    I am guessing that there is a better way to get access to an authenticated user in the EJB container.

    Thanks for the reply.
    Actually I was able to solve the problem last night. To get SSO to work in my local EJBs I created an RFC destination in the destination service using the visual administrator. I then used the destination service at runtime to pull the system definition from the J2EE system definitions store instead of the portal system landscape definitions and my connection object was created as expected.
    Here is the code to create the connection in my EJB business method:
    //get the user
    IUser user = UMFactory.getUserFactory().getUserByUniqueName(this.myContext.getCallerPrincipal().getName());
    // get the destination service
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sapportals.portal.prt.registry.PortalRegistryFactory");
    InitialContext context = new InitialContext(env);
    IDestinationsService destinationsService =
         (IDestinationsService) context.lookup(IDestinationsService.SERVICE_JNDI_NAME);
    // define a destination filter to restrict to the RFC defined destinations
    DestinationFilter destinationFilter1 =
         new DestinationFilter(DestinationFilter.SOURCE_J2EE_DESTINATION_SERVICE, DestinationFilter.TYPE_SAP);
    // get a user specific connection
    IConnection connection = destinationsService.getConnection(user, "ECC", destinationFilter1);

Maybe you are looking for