URL Decode SSO Token Flag Property IIS 6.0

Similar Messages

• OnDemand Web Services, SSO, SSO Token

  Hello,
  We are working on a project that requires integration between an external application and Oracle CRM OnDemand. We are using the OnDemand web services for this and have got the integration going.
  However we are currently using a fixed username/password for instantiating the web services sessions and would like to change that using SSO such that we pass the SSO Token and obtain a session id and then use that for the same integration.
  Not sure how to get SSO going though. I've read the posts on this forum and have now gotten SSO enabled for our company and user. We also know that we need to pass on the URL a SSO Token instead of Username/Password.
  However dont know where/how to get the SSO Token?
  Any pointers will be appreciatd. If someone has the pseudo code of the 3-4 steps to getting the SSO token going would be appreciated.
  Thanks

  Ok got it. So I guess the SSO Token does not meet our use case then.
  Here's our use case.
  We have an custom web application that users log into. These users are also OnDemand users with a OD Username/Password but the values are not the same as the custom web app username/password.
  What we need is, when these users log into the custom web app and perform certain tasks the web app behind the scenes creates a web service session with OD and inserts some data. We were currently using a common username/password to do inserts, but now we want to do it based on each users login, but do not want to locally store in the custom app the OD Uid/Pwd's. So we thought SSOToken would allow us to do this where since the users are logged into the custom web app that app would then use the SSO Token to create a session with OD and insert data.
  Any ideas would be appreciated.

• Error 21 for SSO Token

  Hi, I have Tomcat with opensso installed on the same machine with IIS 6 + agent.
  While trying to browse any of pages in IIS pages get immediately that error after authentication:
  2009-10-06 11:16:43.357   Error 3240:161bd38 AM_SSO_SERVICE: SSOTokenService::getSessionInfo(): Error 21 for sso token ID AQIC5wM2LY4SfczzPs5KzV6tcQMK0T1shHOpKmXvAr8vmSQ=@AAJTSQACMDE=#.
  2009-10-06 11:16:43.357   Error 3240:161bd38 PolicyEngine: am_policy_evaluate: InternalException in Service::initialize() with error message:Session query failed during service creation. and code:21
  2009-10-06 11:16:43.357   Error 3240:161bd38 PolicyAgent: HttpExtensionProc(): status: HTTP error (21)Any suggestion is welcome !
  Thank You !
  Edited by: AlexanderL on Oct 6, 2009 11:20 AM

  I think the problem is due to agent configuration...
  What i did is to add the property (com.sun.am.ignore.naming_service = true) to the AMAgent.properties file to disable looking for the naming service url. The problem was solved but i am not sure if it's really the good solution or not.
  Any suggestions?

• Error 12 for sso token ID

  Hello everybody,
  Here is the configuration i am trying to deploy:
  - Apache server 2.0.55 secured with ssl
  - Tomcat 6.0.14 also secured with ssl
  - An fam-samples.war configured as IdP on tomcat
  - Web agent installed on apache server
  Now if a non authenticated user tries to access a resource on apache, the web agent redirect him to IdP for authentication. After giving the write login and password he's redirected to the resource initially requested. Here i got an "Internal server error" and when i looked in the amAgent file for error i found this:
  <--
  2007-09-17 15:17:06.594 Error 6447:98a16d8 all: LineBuffer::findEndOfLine():
  2007-09-17 15:17:06.608 Error 6447:98a16d8 all: LineBuffer::findEndOfLine():
  2007-09-17 15:17:06.617 Error 6447:98a16d8 all: LineBuffer::findEndOfLine():
  2007-09-17 15:17:06.618 Error 6447:98a16d8 AM_SSO_SERVICE: SSOTokenService::getSessionInfo(): Error 12 for sso token ID AQIC5wM2LY4SfcxUl+Qrr8Za5tjVgKq5XRocwCegb79ttmE=@AAJTSQACMDE=#.
  2007-09-17 15:17:06.618 Error 6447:98a16d8 PolicyEngine: am_policy_evaluate: InternalException in Service::initialize() with error message:Session query failed during service creation. and code:12
  -->
  I tried to look in the web agent configuration file AmAgent.properties for some properties to change but i didn't found the solution!
  Does anyone please have an idea about this problem?
  Note: If tomcat is not secured all works perfectly.
  THANKS

  I think the problem is due to agent configuration...
  What i did is to add the property (com.sun.am.ignore.naming_service = true) to the AMAgent.properties file to disable looking for the naming service url. The problem was solved but i am not sure if it's really the good solution or not.
  Any suggestions?

• "Cannot obtain Application SSO token" error

  Hello,
  I configured my agent as follows:
  Version: 3.0
  Build Date: 20071212
  Application Server Config Directory : C:\Sun\SDK\domains\domain1\config
  Application Server Instance name : server
  Access Manager URL : http://juno:6140/opensso
  Domain Administration Server Host is remote : false
  Agent URL : http://juno:8080
  Deployment URI for the Agent Application : /agentapp
  Encryption Key : J+KQLOM+s6gAQb1Y1H8uJoej3bzKBAEN
  Agent Profile name : asagent
  Agent Profile Password file name : c:\temp\password.TXT
  Agent installed on the DAS host for a remote instance : false
  The AM and the sample applications are both running on separate domains.
  Following steps I performed:
  1. I started my SSO domain (domain2) first and then the application domain where my agent is installed (domain1).
  2. I deployed the agentsample.ear file after compilation through build.xml file
  When I try to access the URL (http://localhost:8080/agentsample/index.html), it throw the following exception (recorded in amSSO log file located in the Agent_001
  Caused by: com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.
  Check AMConfig.properties for the following properties
       com.sun.identity.agents.app.username
       com.iplanet.am.service.password
       at com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:233)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.identity.common.PropertiesFinder.getProperty(PropertiesFinder.java:49)
       at com.iplanet.am.util.SystemProperties.get(SystemProperties.java:255)
       at com.iplanet.am.util.SystemProperties.get(SystemProperties.java:298)
       at com.iplanet.dpro.session.SessionID.<clinit>(SessionID.java:90)
       ... 46 more
  |#]
  [#|2007-12-14T11:32:42.881-0500|SEVERE|sun-appserver9.1|javax.enterprise.system.container.web|_ThreadID=15;_ThreadName=httpSSLWorkerThread-8080-1;_RequestID=30ba22ac-dd83-461b-a835-440480970033;|StandardWrapperValve[default]: PWC1406: Servlet.service() for servlet default threw exception
  java.lang.NoClassDefFoundError: Could not initialize class com.sun.identity.agents.filter.AmFilterManager
       at com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:217)
       at com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:279)
       at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:64)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)
       at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
       at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:270)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:339)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:261)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:212)
       at com.sun.enterprise.web.portunif.PortUnificationPipeline$PUTask.doTask(PortUnificationPipeline.java:361)
       at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
       at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
  |#]
  I spent lot of time refering the supporting document but could not find any solution.
  Your assistance will be greatly appreciated.
  Thanks,
  Vinit

  I tried to deploy "agentapp.war" in the "domain1" which I configured to install J2EE Agent. The "domain2" deployed opensso.war file. When I tried to invoke "http://test.domain.org:8080/agentapp", it threw the following error:
  Caused by: com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.
  Check AMConfig.properties for the following properties
       com.sun.identity.agents.app.username
       com.iplanet.am.service.password
       at com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:233)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.identity.common.configuration.ConfigurationBase.isLegacy(ConfigurationBase.java:180)
       at com.sun.identity.common.configuration.ConfigurationObserver.createAttributeMapping(ConfigurationObserver.java:62)
       at com.sun.identity.common.configuration.ConfigurationObserver.<init>(ConfigurationObserver.java:58)
       at com.sun.identity.common.configuration.ConfigurationObserver.<clinit>(ConfigurationObserver.java:50)
       ... 35 more
  |#]
  [#|2007-12-17T21:24:21.453-0500|SEVERE|sun-appserver9.1|javax.enterprise.system.container.web|_ThreadID=15;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=fde18bdd-a04f-48ba-b4f1-7a88a756c315;|StandardWrapperValve[default]: PWC1406: Servlet.service() for servlet default threw exception
  java.lang.NoClassDefFoundError: Could not initialize class com.sun.identity.agents.filter.AmFilterManager
       at com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:217)
       at com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:279)
       at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:64)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)
       at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
       at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:270)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:339)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:261)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:212)
       at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
       at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
  |#]
  I do not understand why it is looking for AMConfig.properties file in domain1? This file exist in domain2 and not in domain1. Secondly, it also throws NoClassDefFoundError Exception. However, config.xml file sets classpath as :
  <java-config classpath-suffix="${path.separator}C:/tools/opensso/j2ee_agents/appserver_v9_agent/lib/agent.jar${path.separator}C:/tools/opensso/j2ee_agents/appserver_v9_agent/lib/openssoclientsdk.jar${path.separator}C:/tools/opensso/j2ee_agents/appserver_v9_agent/locale${path.separator}C:/tools/opensso/j2ee_agents/appserver_v9_agent/Agent_001/config" debug-enabled="false" debug-options="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=9009" env-classpath-ignored="true" java-home="${com.sun.aas.javaRoot}" javac-options="-g" rmic-options="-iiop -poa -alwaysgenerate -keepgenerated -g" system-classpath="">
  I am not sure whether both these problems are related or independent.
  Thanks in advance,
  Vinit

• How to get userID or name from SSO, SSO Token

  How can I get the userID or name from the SSO token passed through a weblink/webtab to an external application?

  That's Simple...
  When you configure weblink or webtab you specify the custom application url along with SSO Token %%%SSO Token%%% similarly you can get User First Name, User Last Name, User Full Name and UserId from the same fashion..
  Hope this helps...
  Regards,
  Deepak H Andeli

• Return the user detail after validate the SSO token

  Hi all ,
  Iam new to Oracle CRM on demand. I want to know is there a way to get user details when validating the SSO token. After SSO validation success then need to return the user detail (User first name, email, last name, etc ).
  Please help me

  Hi Vikas,
  I have done the same setup as your sample application. I am using
  <br>
  Branch URL : <br>
  f?p=&APP_ID.:&APP_PAGE_ID.:&APP_SESSION.::::::#&P1_ANCHOR.
  <br>
  Computation for P1_ANCHOR:<br>
  case :REQUEST
  WHEN 'P1_A_SCN' THEN 'P1_A_SCN'
  ELSE NULL
  end
  <br>
  Anchor Code in region header for item P1_A_SCN:<br>
  < a name="P1_A_SCN">< /a >
  <br>
  When I use the select list it wont come back to the region where the select list P1_A_SCN is located. I checked for the value in P1_ANCHOR in the session state and it correctly shows as 'P1_A_SCN'. But the page URL after the submit does <b>not</b> show the anchor like<br>
  ......f?p=206:1:14418154115565883485::::::#P1_A_SCN it shows <br>
  ......f?p=206:1:14418154115565883485::::::
  <br>
  When I but the branch URL as <br>
  f?p=&APP_ID.:&APP_PAGE_ID.:&APP_SESSION.::::::&P1_ANCHOR. without the '#' it shows the page URL as<br>
  ......f?p=206:1:14418154115565883485::::P1_A_SCN
  <br>
  Do you what is causing the anchor to not show up in the page URL and thereby the intra page branch to not work.
  Thanks,
  Swaroop

• PL/SQL URL decode function

  I am looking for a pl/sql url decode function. Does not appear to be in owa_util or htp/htf. Does any one have one please?

  You can use the utl_url package that provides public APIs for both encoding and recoding purposes.

• URL Decode function

  I am in need of a URL decode function. Can not find one in owa_utl, htp or htf. Is there one available please?

  Can you define "URL decode function"? Given the URL for this page
  URL Decode function
  what do you want the function to do?
  Justin

• Policy Agent 3.0 for Tomcat - Cannot obtain Application SSO token

  Hi
  I am trying to configure Sun OpenSSO Enterprise Policy Agent 3.0 for Apache Tomcat Application Server 6.
  After installing the Policy Agent, Tomcat is not starting.
  The Error in the stack is :
  =========
  Jun 14, 2009 2:21:00 AM
  org.apache.tomcat.util.digester.Digester startElement
  SEVERE: Begin event threw error
  java.lang.ExceptionInInitializerError
  at
  com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfig
  uration(AgentConfiguration.java:682)
  Caused by:
  com.sun.identity.security.AMSecurityPropertiesException:
  AdminTokenAction: FATAL ERROR: Cannot obtain Application
  SSO token.
  Check AMConfig.properties for the following properties
  com.sun.identity.agents.app.username
  com.iplanet.am.service.password
  at
  com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:
  258)
  =========
  There is no AMConfig.properties file. The Agent uses "OpenSSOAgentBootstrap.properties".
  Is there a workaround for this issue ?
  Cheers.

  Hi,
  I have the same Problem, did you come up with a solution for it?
  thanks
  Matrius

• The 'Keep Flag' property -- How does it work? Why does it work?

  Within my calculation views I had been encountering problems properly aggregating the measures, when certain attributes were excluded from the result set. An SAP consultant recommended setting the attributes' KeepFlag property to True; that resolved the problem, but I'm not sure why.
  The help feature within HANA Studio doesn't mention the Keep Flag property. I haven't been able to find much information about this property online, either.
  Exception aggregation modeling with Graphical Calc view states:"The Keep flag will always add [the specified] columns in the group by clause even if they are not selected in the query." This is a good start; however, is there any additional documentation regarding this property?

  Thanks, Jody. That explanation is helpful. So should Keep Flag be set to True for all of the columns that the user could potentially exclude from the result set? To illustrate: Given the following sample data:
  PRODCODE   LOCATION   QUANTITY
  12345      A                 1
  23456      B                10
  34567      C               100
  12345      A                 1
  If the result set excludes LOCATION, the aggregated results are incorrect; i.e.,
  PRODCODE   QUANTITY
  12345             1
  23456            10
  34567           100
  The second occurence of 12345 / A / 1 is inexplicably excluded. Setting LOCATION's Keep Flag property to True restores the second occurrence--resulting in the correct quantities; i.e.,
  PRODCODE   QUANTITY
  12345             2
  23456            10
  34567           100
  Of course, calculation views typically have many more attribute columns. Should the Keep Flag property be set to True for every one of the columns that the user could potentially exclude from the result set?

• Essbase SSO Token with OBIEE 11g

  Has anyone had success is setting up SSO token security in OBIEE 11g for Essbase. I have followed the steps in the documents of 11.1.1.x and still am not getting users to authenticate against the cube I am using. When I log in as one of those users, and view the report I get a invalid user.

  Hi J.A.M.
  If you got this working, please can you share the steps?
  Thanks!

• WebGate Error Report - The URL /access/sso is reserved for use by Oracle...

  We are getting a 500 error on the web gates when logging in.
  They have been working before, but are now reporting the error below.
  2010/01/27@07:09:25.632239 18521 33 WEB ERROR 0x0000151F /export/build40/Oblix/coreid1014/palantir/commonlib/src/apache2_req_info.cpp:170 "WebGate Error Report" Message^The URL /access/sso is reserved for use by Oracle Access Manager and has been used with incorrect parameters. ReqReq^POST /access/sso HTTP/1.1 ReqProto^HTTP/1.1 ReqHost^p1uawbsv1.portal.internal ReqStatLine^ ReqStatus^200 ReqRawUri^/access/sso ReqUri^/access/sso ReqFilename^/u01/app/oracle/product/11.1.1/ohs1/instances/instance1/config/OHS/ohs1/htdocs/access ReqPath^/sso ReqArgs^
  The configuration uses form based login
  Details for Authentication Scheme
  Level           1
  Challenge Method           Form
  Challenge Parameter           
  creds:userid password
  form:/oamsso/login.html
  action:/access/sso
  passthrough:no
  SSL Required           No
  Challenge Redirect           
  Enabled           Yes

  thanks,
  the login post goes to /access/sso, but now i am getting 404 error /access/sso
  Below is what I currently have the following in httpd.conf, which is the same as in a working environment.
  The web gate policy resources include /portal and /public, but no mention of /access. How does web gate know how to intercept /access/sso?
  [2010-01-28T10:50:42.9609+11:00] [OHS] [ERROR:32] [OHS-9999] [core.c] [host_id: p1uawbs02] [host_addr: 10.252.16.223] [tid: 18] [user: oracle] [ecid: 0000Pa_5qz3BP9s5Gj0Fyf0001rV00009_] [rid: 0] [VirtualHost: main] File does not exist: /u01/app/oracle/product/11.1.1/ohs1/instances/instance2/config/OHS/ohs1/htdocs/access
  #*** BEGIN WebGate Specific ****
  LoadFile "/u01/app/oracle/product/11.1.1/ohs1/oam/webgate/access/oblix/lib/libgcc_s.so.1"
  LoadFile "/u01/app/oracle/product/11.1.1/ohs1/oam/webgate/access/oblix/lib/libstdc++.so.5"
  LoadModule obWebgateModule "/u01/app/oracle/product/11.1.1/ohs1/oam/webgate/access/oblix/apps/webgate/bin/webgate.so"
  WebGateInstalldir "/u01/app/oracle/product/11.1.1/ohs1/oam/webgate/access"
  WebGateMode PEER
  <Location /access/oblix/apps/webgate/bin/webgate.cgi>
  SetHandler obwebgateerr
  </Location>
  <Location "/oberr.cgi">
  SetHandler obwebgateerr
  </Location>
  <LocationMatch "/*">
  AuthType Oblix
  require valid-user
  </LocationMatch>
  #*******Default Login page alias***
  Alias /oamsso "/u01/app/oracle/product/11.1.1/ohs1/oam/webgate/access/oamsso"
  <LocationMatch "/oamsso/*">
  Satisfy any
  </LocationMatch>
  #*** END WebGate Specific ****

• Identity 6.0 issues passing SSO token from JSP to web service

  Hi,
  Environment: Solaris 8, SunOne IS 6.0, SP1, Sun One WebServer
  We're using a JSP (based on the samples) to pass an SSO token to a java based web-service (everthing is running locally on one server):
  The token string resulting from calling mgr.createSSOToken is different from the value examined in the browser/JSP initial cookie and is practically useless when passed to the web-services for use as an SSO token (doesn't work and IS doesn't recognize it as a valid session/token).
  Here's the code:
  >>>>>>>
  SSOTokenManager mgr = SSOTokenManager.getInstance();
  SSOToken token;
  if (request.getParameter("token") == null)
  token = mgr.createSSOToken(request);
  else
  token = mgr.createSSOToken(request.getParameter("token"));
  mgr.validateToken(token);
  >>>>>>>>
  What are we doing wrong?

  not resolved closed

• IM Installation - FATAL ERROR: Cannot obtain Application SSO token

  Hi Guys,
  I am having a problem trying to install IM, I got the following error,
  Registering services with Access Manager...exist exception - AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.
  Check AMConfig.properties for the following properties
  com.sun.identity.agents.app.username
  com.iplanet.am.service.password
  I got the IM + DA+ AM 7.1 + AS 9.1 U2 installed in the same server with the DS 6.3 installed remotly. I installed the following components for the AM
  *[X] 1. Access Manager Core Services
  *[X] 2. Access Manager Administration Console
  *[X] 3. Common Domain Services for Federation Management
  *[X] 4. Access Manager SDK
  yes, the Application server is up and running before I start the installation of IM and the access manager is working fine, do you know why I am getting this error?
  p.s. i tried to set those variable in the following file (/etc/opt/SUNWam/config/AMConfig.properties) but i got the same error
  com.sun.identity.agents.app.username=amadmin
  com.iplanet.am.service.password=encrypted password
  thanks a lot guys

  I give up finding the problem....i will re-install AM, these are the questions that the installer will ask, are my values ok ?
  *[X] 1. Access Manager Core Services
  *[X] 2. Access Manager Administration Console
  *[X] 3. Common Domain Services for Federation Management
  *[X] 4. Access Manager SDK
  Specify Common Server Settings
  Enter Host Name [convergence] {"<" goes back, "!" exits}
  Enter DNS Domain Name [domain.com] {"<" goes back, "!" exits}
  Enter IP Address [192.168.2.82] {"<" goes back, "!" exits}
  Enter Server admin User ID [admin] {"<" goes back, "!" exits}
  Enter Admin User's Password (Password cannot be less than 8 characters) []
  {"<" goes back, "!" exits}
  Confirm Admin User's Password [] {"<" goes back, "!" exits}
  Enter System User [root] {"<" goes back, "!" exits}
  Enter System Group [root] {"<" goes back, "!" exits}
  Access Manager: Specify Configuration Information
  Install type (Realm/Legacy) Mode [Legacy] {"<" goes back, "!" exits}:
  Administrator User ID: amAdmin
  Administrator Password [] {"<" goes back, "!" exits}:
  Retype Password [] {"<" goes back, "!" exits}:
  LDAP User ID: amldapuser
  LDAP Password [] {"<" goes back, "!" exits}:
  Retype Password [] {"<" goes back, "!" exits}:
  Password Encryption Key [gdtrt576ythjgut7erehejr8] {"<" goes back,
  "!" exits}:
  Access Manager: Choose Deployment Container
  1. Sun Java(TM) System Application Server
  2. Sun Java(TM) System Web Server
  Select the container to deploy the component and hit enter key [1] {"<" goes
  back, "!" exits} 1
  Access Manager: Specify Sun Java System Application Server
  Installation Directory [opt/SUNWappserver/appserver] {"<" goes back, "!"
  exits}: /opt/SUNWappserver
  Instance Directory [var/opt/SUNWappserver/domains/domain1] {"<" goes back,
  "!" exits}: /opt/SUNWappserver/domains/domain1
  Access Manager Runtime Instance [server] {"<" goes back, "!" exits}:
  Access Manager Instance Port [8080] {"<" goes back, "!" exits}: 80
  Document Root [var/opt/SUNWappserver/domains/domain1/docroot] {"<" goes
  back, "!" exits}: /opt/SUNWappserver/domains/domain1/docroot
  Administrator User ID [admin] {"<" goes back, "!" exits}:
  Administrator Password [] {"<" goes back, "!" exits}:
  Master Password [] {"<" goes back, "!" exits}:
  Administrator Port [4849] {"<" goes back, "!" exits}: 4848
  Secure Server Instance Port [No] {"<" goes back, "!" exits}:
  Secure Administration Server Port [Yes] {"<" goes back, "!" exits}:
  Access Manager: Specify Web Container for Running Access Manager Services
  Host Name [convergence.domain.com] {"<" goes back, "!" exits}:
  Services Deployment URI [amserver] {"<" goes back, "!" exits}:
  Common Domain Deployment URI [amcommon] {"<" goes back, "!" exits}:
  Cookie Domain(Assure it is not a top level domain) [.domain.com] {"<" goes
  back, "!" exits}:
  Password Deployment URI [ampassword] {"<" goes back, "!" exits}:
  1. HTTP
  2. HTTPS
  Console Protocol [1] {"<" goes back, "!" exits}:
  Access Manager: Choose Access Manager Console
  Administration Console [Yes] {"<" goes back, "!" exits}:
  Console Deployment URI [amconsole] {"<" goes back, "!" exits}:
  Access Manager: Specify Directory Server Information
  Directory Server Host [] {"<" goes back, "!" exits}: mail.domain.com
  Directory Server Port [389] {"<" goes back, "!" exits}:
  Directory Root Suffix [dc=domain,dc=com] {"<" goes back, "!" exits}:
  Directory Manager DN [cn=Directory Manager] {"<" goes back, "!" exits}:
  Directory Manager Password [] {"<" goes back, "!" exits}:
  Access Manager: Specify Directory Server Data
  Is Directory Server provisioned with user data [No] {"<" goes back, "!"
  exits}?
  Ready to Install