Use single sign on for multiple portal domains

Similar Messages

• Integrating AS 10.1.2 and AS 10.1.3 to use Single Sign-on for BI Publisher

  Hi Everyone
  I was trying to make the following demonstration scenario on the AS and the facilities that can afforded by Oracle to our company:
  Note: I have just one machine for demonstration with Win2003 Enterprise
  First of all, I need to build a portal for my company, this portal will be published to the web through port 80 opened by Microsoft ISA Firewall (ISA installed on different machine):
  1- Portal should be integrated with oracle forms and reports with single sign-on
  2- AS, should have single sign-on authentication to work on port 80 only.
  3- Portal should be integrated with BI Publisher 10.3
  For the objectives mentioned above i have done the following:
  1- install AS 10.1.2 (infra and mid-tier) on the same machine with default installation options (http port 7777 for infra and port 80 for MT). (objective 1 = done)
  2- to make sso works on port 80, i have used webcache as reverse proxy for sso, and it's done but i have error (WWC-41400), but it doesn't affect login on portal, and that is my first problem.
  3- To have BI Publisher to work and authenticate users using single sign-on on port 80 (from outside), I had to install AS 10.1.3 (http on port 7779) on the same machine mentioned above, and then deploy BI Publisher on it, and that was ok, but problem is how to make use of single sign-on to authenticate people listed in oracle internet directory of INFRA installation mentioned above to use BI Publisher on port 80 only.
  So, could anyone please guide me in problem 2 and 3.
  Thanks in advance.
  Anas

  a couple of parameters not configured inside the Tomcat files. Now the SSO is working.
  SNC is not required for sso in bi 4.0
  http://wiki.sdn.sap.com/wiki/display/BOBJ/BI4IntegrationintotheSAPEntreprisePortal+7.0.x
  http://wiki.sdn.sap.com/wiki/display/BOBJ/SetupofSAPSSOServiceinSAPBOBI4.0+CMC
  Best Regards

• Can we use single DB Adapter for multiple tables

  Hi,
  I have 3 tables. ONE is the Master table and other 2 tables having Primary and foreign key relationships with the Master Table.
  Data is enter in the Tables 2 & 3 (based on Master Table Primary key)
  I have to use a DB Adapter in BPEL Process which will be in Transaction (what type of Transaction is Best in such a Scenario).
  - How do i implement it in BPEL.
  - Can i use a Single DB Adapter for Multiple Tables ? (*Views* should not be created for tables 1, 2 & 3),
  as we want to avoid using multiple DB Adapters, as in future Tables may increase or decrease...
  - while in Transaction if Table 2 fails in Inserting / Updating, it should roll back on error and also if Table 3 fails in Inserting / Updating, it should roll back table 2 and Table 3.
  - how access to concurrent users is maintained / managed in such a scenarios.
  But everything should be done using Single DB Adapter without creating a separate view.
  Is this Possible in BPEL..
  If not, How do we design, Implementation such a BPEL Process in Transaction with a best in Performance (both BPEL Process & DB Resources)
  thanks in advance
  thanks & regards,
  anvv sharma

  Hi,
  Thanks for your quick response.
  I have few quires.
  If we use PL/SQL, how do we implement transaction and Exception Handling appropriately based on the Error / Exception in BPEL.
  If the Table 2 or Table 3 gives out Error / Exception, i have to handle it separately and intimate accordingly.
  Suppose, if Table 2 got Error / Exception - Error Handling would be 'Roll back due to error in Table2'
  Thanks & regads,

• How to use single sign-on  for BCC and Experience Manager

  Does anyone have experience in implementing single-sign-on for BCC and Endeca Experience manager for business users.

  With the older versions of Endeca commerce stack there is no OOTB support for this. However with Oracle Commerce 11, SSO with BCC and Experience Manager are out of the box. Oracle Commerce 11 is released today.

• How to do single sign on for multiple webservices in flex application

  Hi Experts,
  I have created a flex application and using few webservices in that application. When I run the application its asking logon details for each and every webservice I used. However I want to do single sign On without providing logon details for each and every webservice.Please suggest me.
  Thanks and advance.

  Hi,
  if yout projects are deployed in their own Java EE context root then you have multiple applications, though logically you count them as one. Use OSSO or Oracle SSO (where OSSO should be fine since all deployments share the same instance)
  Frank

• Single sign on w/ multiple iis domains

  I have two WAR applications running in a single EAR. The strategy is that the newer application is to piggy-back on the original app's authentication. You hit the new site without being authenticated, and you are directed to the login page of the original site, and upon login are redirected back to the app you originally requested. This was working fine on a development machine, with IIS 5.1 hosting and proxying for one application, and the redirect going straight to the portal desktop URL of the other app. However, as we move into a staging server environment where each app is hosted and proxied on separate domain named web sites by one IIS server, the mechanism fails. The user is directed to login, and then redirected back to the requested site, but at that point the authentication is no longer recognized and it again sends the user to the authenticating app, which recognizes the original authentication and loads up the welcome page.
  Is there anything I can do to make this methodology work, or anything I should be looking for if it should work but is not?

  I wouldn't recommend this because it would affect performance plus there are potential other issues like conflict that you would run into ..
  Everytime a user logs into a new session is created for him and this means a user might have multiple sessions on the server. The cookie that is also set is dependent on per portal domain so it might not work ..
  An alternative approach might be to have multiple roles and then customize the role for different views. You can modify the membership code in such a way that based on certain criteria you can assign him to a particular role, equivalent to your domain. However the problem could be if you want to provide delegated admin, currently the delegated admin is only at a domain level.

• Is it possible to use single ssl certificate for multiple server farm with different FQDN?

  Hi
  We generated the CSR request for versign secure site pro certificate
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  SSL Certificate for cn=abc.com   considering abc.com as our major domain. now we have servers in this domain like    www.abc.com,   a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
  And the same message when trying to access https://www.abc.com from Google Chrome.
  "This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
  so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
  Now my question is
  1. Is is possible to  remove above errors doing some ssl configuration on ACE?
  2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate  for CSR generated uisng cn =abc.com to be installed on ACE  and will be used  for all servers like  www.abc.com , a.abc.com etc..
  Thanks
  Waliullah

  If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate.  Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate.  And right now it won't beause your certificate is for abc.com.  You need a wildcard cert that will be for something like *.abc.com.
  Hope this helps,
  Sean

• Want to use single oracle home for multiple database releases

  Hi,
  I have following 3 different databases.
  Oracle7 Server Release 7.3.4.4.0
  Oracle Database 10g Enterprise Edition Release 10.2.0.3.0
  Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bit
  I want to access these databases using single oracle home. Please advise which client version I have to install to access these. I tried using Oracle Release 9.2.0.1.0 client but I am not able to connect to oracle 7 by using this.I am ready to have multiple oracle homes.But what client version I have to install and where can I get it.Your help will be highly appreciated.

  ... and 7 is using oracle 8.1.7 client.From your sales representative. 8i is no longer available for downloading,because desupported since many years.
  Werner

• HCM Processes and Forms : Using single Form Scenario for Multiple Countries

  Hi ,
  I have a requirement to design a HCM P&F form ( Single Process, Single Form Scenario ) to support multiple countries.  Form fields should be visible/invisible based on the country ( derived from the login Manager).  please help me with the following questions.
  1. Is it right way to enable/disable the fields in the same form scenario for multiple countries ( Approx. 20-25 countries)
  2. Is there any limitation to no. of fields on the form? does the form performs well with multiple dynamic conditions?
  3. If yes, what is the best way to do this? through Java Script / Back end Generic Service?
  Thanks in Advance,
  VR.

  Hi VR,
  1. Is it right way to enable/disable the fields in the same form scenario for multiple countries ( Approx. 20-25 countries)
  -You can use same form scenario or process for multiple countries if you are using fields based on international structure HCMT_BSP_PA_XX_R*. If you intend to use country specific fields then you may like to use different form scenario for different countries.
  2. Is there any limitation to no. of fields on the form? does the form performs well with multiple dynamic conditions?
  - As such there is no limiation for the fields.Yes, form performs well with multiple rule configurations.
  3. If yes, what is the best way to do this? through Java Script / Back end Generic Service?
  I interpret you would like to derive & show fields based on same backend logic, in that case you should generic service.
  If you want to show fields based on manager's logon then you should also use authorization BAdi.
  Regards
  Pooja

• How to use single web form for multiple secure zone signup?

  I have multiple secure zones in my website. I want to sell membership of secure zones to users of my website. I want, users signup for multiple secure zone of their choice and submit payment. Is it possible if can you please explain a bit or refer me to an doc about it.
  Thanks a lot for your time,

  I realize this isn't likely, but do you know of a way to allow the user to select the secure zone to be registered (e.g. from a list of multiple secure zones or entering ID of one sz into a text input) from within a single web form? I wonder if this can be passed in through a parameter in the action URL or through a special system field.
  Thanks

• Using single iTunes library for multiple computers

  With the new Airport Disk utility, can I attach an external hard drive with my iTunes library and have multiple computers point to that library as the library for each?

  BKRonline wrote:
  neptune2000 wrote:
  A BIG WARNING (...) If you are a good guy and use ONLY one computer to read/write (i.e., to copy music to it) and all the others are read only (which cannot be enforced in software), then you're OK. Consider yourself warned.
  just to clarify...
  Use ONE computer and ONE COMPUTER ONLY for purchasing / adding new content to the 'master' iTunes library area. Use ANY OTHER COMPUTER that's looking at that 'master' iTunes library for reading (playing back).
  Yes. If you can enforce it by "persuasion", not software
  Would there be a conflict if someone rates songs from other computers etc?
  Yes. If they both rate at the same time.

• How to use single JSP page for multiple users.

  Hi ,
  I am doing messenger kind of program using JSP and tomcat server.
  When i type message it is showing in the some div. If some other person request for the same page by giving my IP address and jsp page, he should able to see what i have typed on page so far.
  how can i do that one . can any one guide me .
  Thanks in advance.

  SuneelGoodatJava wrote:
  Hi ,
  I am doing messenger kind of program using JSP and tomcat server.
  When i type message it is showing in the some div. If some other person request for the same page by giving my IP address and jsp page, he should able to see what i have typed on page so far.
  how can i do that one . can any one guide me .
  Thanks in advance.HTTP is a request/response protocol. You can't do what you're suggesting without "pushing" what you type to all the other users. That's not the way HTTP works. Maybe an applet and servlet.
  %

• Single sign on for multiple organization with one base application (multiple InssuerNameregistry)

  1.
  I am going to host this as a service and dont want to add IssuerNameRegistry in
  web.config every time whenever i am adding new organization. I Need to pull the details from DB and set it dynamically (token, url etc). I tried to do that based on the return URL . But this fails because FederationConfiguration can be only updated in Application_Start
  Event. I cant do that because i cant access my HTTPContext to know the return url in my App_Start.So
  i kept a separate Config file and had all my authorities configured for all Organizations in it. But our client raising a question on security and the performance. Is it advisable to keep the sensitive data in XML for all the organizations and also we are
  concerned about performance. if the return token go and read all the keys to validate against it’s token, will the system be Slow
  Please advise me with some sample code to achieve this..
  2. I tried to implement ValidatingIssuerNameRegistry but unable
  to success since it is talking about updating the tenent id based on the Metadata.xml.
  All i have is the following info for all the organizations
   <authority name="http://test123.login.edu/adfs/services/trust">
            <keys>            <add thumbprint="{Thumbprit}" />
            </keys>
            <validIssuers>
              <add name="http://test/adfs/services/trust" />
            </validIssuers>
          </authority>

  Hello,
  For issues regarding ASP.NET, I suggest you post it to:
  http://forums.asp.net
  There are asp.net experts who will help you better.
  Thanks for your understanding.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Implementing single sign on across multiple web apps

  Hi
  I was wondering if somebody could help me. I need to implement single sign on
  for multiple web apps deployed in separate WARs in a single EAR file. I need
  to authenticate against an LDAP server and ensure that the user only has to sign
  on once per user session even if the user navigates between web apps. The weblogic
  docs only seem to go so far, i.e. "Single sign on works if each web app uses the
  same cookie" etc. So I see that, apart from buying WebLogic Enterprise Security
  there are only two ways of doing this:
  1. Implement single sign on.
  2. Create my own security realm with my own authenticator implementations.
  So my questions are:
  1. We don't want to effect the normal weblogic user/passwords used to access the
  WLS console but need to have single sign on. Should we implement single sign on
  (option 1,above) or create our own realm?
  2. Can somebody point me to somewhere on the web/in the the WLS documentation
  that shows me how to implement single sign on using session cookies?
  TIA
  Mik

  "Mik Quinlan" <[email protected]> wrote in message
  news:[email protected]..
  >
  Hi
  I was wondering if somebody could help me. I need to implement singlesign on
  for multiple web apps deployed in separate WARs in a single EAR file. Ineed
  to authenticate against an LDAP server and ensure that the user only hasto sign
  on once per user session even if the user navigates between web apps. Theweblogic
  docs only seem to go so far, i.e. "Single sign on works if each web appuses the
  same cookie" etc. So I see that, apart from buying WebLogic EnterpriseSecurity
  there are only two ways of doing this:
  1. Implement single sign on.
  2. Create my own security realm with my own authenticator implementations.
  So my questions are:
  1. We don't want to effect the normal weblogic user/passwords used toaccess the
  WLS console but need to have single sign on. Should we implement singlesign on
  (option 1,above) or create our own realm?
  2. Can somebody point me to somewhere on the web/in the the WLSdocumentation
  that shows me how to implement single sign on using session cookies?
  http://e-docs.bea.com/wls/docs81/security/thin_client.html#1039551
  That also has a pointer to:
  For more information, see session-descriptor in Assembling and Configuring
  Web Applications.

• Using the Portal Single Sign-On for java applet clients

  Hi
  We have a task to build a java applet working within a portlet and comunicating to some session EJB(wrapped BC4J) running on the OC4J. The applet is presumably connecting to server via RMI. This connection should be restricted to some groups of portal users.
  When a user is entering the applet he is supposed to be already logged into the Portal.
  There is a lot of information on building custom secure portlets using only a pure HTML(same as JSP) client whith the help of the Portal Single Sign-On.
  But, is it possible to use the Single Sign-On for establishing a secure RMI connection from applet to OC4J without entering a password in the applet once more?
  Yuriy

  Perhaps you can write a small JSP page or PLSQL
  web procedure that will grab user name from
  the SSO Server (via SSOSDK/mod_osso)
  and invoke the applet with encrypted user name.
  The applet will receive the encrypted username
  and decrypt it to get the clear user name.
  This help to get Single Sign-On.
  To make sure that environment is secure, encrypted
  user name parameter should have random salt,
  user name, and time stamp to prevent replay attack.
  Applet must make sure that the encrypted users name
  time stamp set by the JSP/PLSQL page has value
  within a reasonable time limit like 5 minutes