When we need to go for single sign-on in SAP-XI

Similar Messages

• Setting up BusinessObjects Enterprise 3.1 for Single Sign On with Xcelsius

  Hi all
  Does anyone have any documentation and/or whitepapers that documents the setting up BusinessObjects Enterprise 3.1 for Single Sign On with Xcelsius Dashboards (xcelsius accessing BusinessObjects universe data through QAAWS and Live Office..
  Thank you for your help.
  Kind regards,
  Dean

  Based on the replies in this thread I'm guessing that there is someone out there that has gotten SSO to work with Xcelsius? If so could you please post the details of how that was achieved?
  When we purchased Xcelsius we were under the impression that it supported SSO but have never been able to get it to work and finally had SAP tell us that Xcelsius did not support SSO.
  Our understanding is that in order to bypass a login for Xcelsius you have to use QaaWS as the datasource and hardcode an enterprise id and password.
  LiveOffice supports SSO but not when it's used as a datasource within Xcelsius.

• How to install for Single Sign-on?

  Hello Community
      When you install a Sharepoint 2013 Server farm
  how do you install the Sharepoint 2013 Server farm
  so that it is setup for "Single Sign-on (SOS)"?
      Thank you
      Shabeaut

  Hi Shabeaut,
  Yes, in this case if your users who are in different domain can are able to log in to SharePoint manually you can enable trust relation for all types
  of browser, here are the links you can follow.
  http://expressionsinweb.com/2011/05/17/allow-the-pass-through-of-window%E2%80%99s-credentials-to-sharepoint/
  http://blog.fpweb.net/sharepoint-credentials-prompt-quick-tip/#.VKHarl4B4
  and for understanding the concept of ADFS with SharePoint and what other claim provider to implement SSO see below.
  http://www.slideshare.net/thomasvochten/spsuk2013-adfs-sp2013
  Krishana Kumar http://www.mosstechnet-kk.com
  Please mark the replies and Proposed as answer if they help and solve your issue

• How to set custom HTTP header for single sign on

  Currently we just begin to use an application called "etran". This application requires user name and password to login. Now, my assignment is to integrate etran application in our internal application. This means that somewhere in our internal application, there is a link leads to the etran application.
  It is going to be single sign on, that means that once user logs into our internal application, when he/she clicks on the etran link, no sign on to etran is needed.
  I consult with the technical people in etran. they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
  My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?
  Thanks in advance for your help.

  sharon38_74 wrote:
  they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
  My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?Your application need to act like a proxy. You can invoke a HTTP request programmatically using java.net.URLConnection. You can set request headers using URLConnection#setRequestProperty(). Also see the API docs: [http://java.sun.com/javase/6/docs/api/java/net/URLConnection.html]. You only need to know the header field name where to set the Base64-encoded value in. You need to Base64-encode the value yourself.

• How to enable a partner application for Single Sign-On?

  Can someone please advise me on how to enable my existing J2EE web application for the Oracle Single Sign-On?
  My requirement is i want to provide the single sign-on authentication service to my J2EE web application. For this, I would like to make my application as a partner application similar like the OracleAS Portal.
  I am using Oracle 10g ( OralceAS, Oracle Infra, OID ...)
  I found the following service/APIs which Oracle provides. I am not sure which one is suitable for me.
  1. mod_osso ( Static)
  --- In this case, I have to make a entry in mod_osso.config file to protect the URL. should I have to register the URL again through single sign on admin page ("Administer Partner Application") after make a entry in config file?
  2. mod_osso ( Dynamic directive)
  -- in this case, I have to modify the code by providing the directives like 401, 499.. etc. So i don't prefer this as i don't want to touch my app.
  --If I go with this option, should i have to register the URL with Single sign on server through SSO admin page ( as mentioned in the above step#1) ?
  3. SSO SDK
  - Since it was deprecated and need java coding, i am prefer this option.
  -- however, if i go with this option, i will develop code by using SDK. in this case i need to register the URL in SSO server through admin page.. am i right?
  Note:- OSSO server integrated with Active Directory for the authentication.
  Thanks,
  -Senthil

  sharon38_74 wrote:
  they said that our internal application needs to send a "login request" to etran via SSL with the user's information encoded in base 64 format. etran captures the HTTP header containing user authentication and authorization information, and parses the required information from the HTTP header.
  My question is that how I set user information in HTTP header? From my understanding, once I am able to set the user information in HTTP header, it is in base 64 format?Your application need to act like a proxy. You can invoke a HTTP request programmatically using java.net.URLConnection. You can set request headers using URLConnection#setRequestProperty(). Also see the API docs: [http://java.sun.com/javase/6/docs/api/java/net/URLConnection.html]. You only need to know the header field name where to set the Base64-encoded value in. You need to Base64-encode the value yourself.

• Proper security structure for Single Sign on Server

  We are all used to how we design security structure for vCenter Server if you have had an existing VMware environment prior to 5.1.  Who should have administrative privileges in vCenter Server, what roles, permissions, and so on should be assigned to what users and groups - these questions have already been addressed in our current configuration.
  Now Single Sign on introduces a significant new point of consideration for determining issues of access and authentication.
  I'd like to get some ideas on how this should be handled.  For example, should previous VMware administrators by definition become Single Sign on Administrators? Should the administrators of the Active Directory domain now start to get involved with the Single Sign on Server?
  For example, Single Sign on now forces VMware administrators to configure things like:
  -Password Complexity Policy for SSO
  -Password Expiration for SSO
  -Lockout Policy
  We already probably have these things tightly controlled in AD and locked down with group policy, but you can't apply group policy directly to an SSO server and make it receive a GPO from Active Directory.  (You can make the Windows OS that SSO is running on have a GPO applied, but it won't configure SSO itself, just the OS).
  VMware admins are looking at a new set of questions relating to authentication and authorization.  Someone has to have written something or will be writing something to help us get the big picture of what is changing with SSO if anything and how we need to look at SSO from a security design and best practices.
  Should we just make existing vCenter Server admins SSO admins or do we need to take a step back and reconsider?

  Hello,
  Actually, yes. SSO is fairly robust in 5.5. It has a few limitations around email of expired passwords, but that is mainly because some people do not use them. I use SSO to provide the usernames and passwords for all my VMware vCenter and related product service accounts. I.e. an account for vdp, Horizon, vCops, Log Insight, etc.  This is more about keeping systems segregated once more with no real need for AD for services. But AD via SSO is used by users.
  Read the documentation, and determine how SSO fits into your current password policy and take a long hard look at your virtualization management environment. Is there a 1 service account per service talking directly to vCenter? If not, SSO can help you implement that. The key is to match its functionality to your security policy.
  Best regards,
  Edward L. Haletky
  VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014
  Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
  Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

• Flash File for Single Sign On

  Hi,
  [disclaimer]
  I usually post in the ColdFusion forum so I am sorry if this
  topic should be moved into a different Flash section.
  [preface]
  I am trying to implement a single sign on solution between
  several sites that are located both within the same network and on
  external hosting services. I've tried several things with
  <iframe> and <img> tags to get a logged in environment
  established on each server - to no avail.
  [quesion]
  Can SWF file be programmed to access a ColdFusion, ASP, or
  php page via aboslute path that would at minimum set a cookie on
  the computer for each of those sites?
  [example]
  I have one HTML page that has 5 <iframe> tags - each of
  a partner site. The URLs called in the <iframe> do nothing
  more than set a cookie of the UUID. I'd like a flash file that does
  the same - eliminating frames.
  Thnks in advance. Please let me know if more details are
  needed. Please do not offer alternatives - the situation is
  uniquely complex and I'd rather not go through all the why's and
  why nots - that's been the last 6 months of my life. I really just
  need to know if I can create a cookie from flash for multiple sites
  without having the browser physcially having to go there.

  Hi Kalyan,
  Did you use SAML method for SSO??
  Thanks
  Santhosh

• Using API's for Single Sign On

  Hi,
  we are trying to develop the Single sign on feature for our site.We have used the API's WWSEC_API for this.It creates a portal user with add_portal_user method in the table WWSEC_PERSON$ fine! but with the same user name and password we are unable to login.
  Any help??
  null

  when i use the following code to create a new user:
  declare
  v_user portal30_sso.sso_user_type;
  begin
  portal30_sso.wwsso_ls_private.get_default_user_config (v_user );
  v_user.ssousername := 'NEWUSER';
  v_user.hashed_password := 'secret';
  v_user.ssorole := 'USER'; -- ordinary user. Use 'FULL' for an admin.
  portal30_sso.wwsso_ls_private.ls_create_user
  p_newuser => v_user,
  p_err => v_err
  end;
  i get the following error:
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at "PORTAL30_SSO.WWPRO_API_NODE_REGISTRY", line 231
  ORA-01403: no data found
  ORA-06512: at "PORTAL30_SSO.WWCTX_SSO", line 501
  ORA-06512: at "PORTAL30_SSO.WWCTX_SSO", line 514
  ORA-06512: at "PORTAL30_SSO.WWCTX_API", line 56
  ORA-06512: at "PORTAL30_SSO.WWSEC_PERS_BRI_TRG", line 15
  ORA-04088: error during execution of trigger 'PORTAL30_SSO.WWSEC_PERS_BRI_TRG'
  ORA-06512: at "PORTAL30_SSO.WWSSO_LS_PRIVATE", line 2168
  ORA-06512: at "ATS.CREATE_USER", line 128
  ORA-06512: at line 8
  DAD name: portal30
  PROCEDURE : ats.create_user.self_register
  URL : http://mycnn4.us.oracle.com:80/pls/portal30/ats.create_user.self_register
  PARAMETERS :
  ============
  p_username:
  tom
  p_password:
  tom
  p_password_confirm:
  tom
  p_email:
  tom
  has anyone had this problem?
  thanks,
  anu
  null

• What is default user and password for Single Sign On

  When I try to run a test.rdf report (that comes for demonstration purpose). A page appears which asks form SSO user and password.<br>
  I tried all user IDs and password that I have used so for during installation. But none works. Please give me hint about it.

  Hi,
  If you would like to turn off the SSO for Reports, you can edit the Reports server's .conf file. For some reason, Oracle enabled SSO by default for Reports.
  You can access this file through OEM, or you can hand-edit it. It is located at ORACLE_HOME\reports\conf\<rep_server_name>.conf. (Make a back-up first just in case).
  Scroll down about a third of the file until you locate the <security>. . .</security> section.
  Delete this section, save the file (and run dcmctl updateconfig if you hand-edited the file), and restart the OC4J_BI_Forms instance.
  You will no longer get the SSO sign-in page when you run a report.
  HTH,
  Jim

• How to burn a CD copy when Waveburner needs master CD for the File

  Hi,
  I'm using Logic 8 Waveburner. I've got a master CD - which is one long Audio file of a live set performance. I'm using Waveburner to break it up into separate songs or tracks.
  No Problem - but Waveburner seems to "need" the original master CD to access or display the CD as separate tracks. I've created a wb3 file from it but that seems to be data.
  I've created a DDP image file but I can't access it after I created it.
  I just want to burn a new Master CD of the separate tracks I created using Waveburner and the original Master CD. But I have only one (1) Rom drive on my Mac tower.
  How do I do this? Many Thanks for any help. I'm looking up the manual in the meantime.
  Many Thanks, Frank B.

  I'm replying to myself after reading a few posts - I'm trying 'Bounce Project' which should, I hope, copy the CD tracks to my hard drive.
  And Hopefully I can burn a CD from that?

• Can Adobe Media Server 5.3 communicate with Shibboleth or ADFS for single sign on?

  I work at a university and was wondering if this is possible, thanks.

  Moving this discussion to the Adobe Media Server forum.

• Server always needs to be specified on Sign-on to SAP B1

  Two particular users have this issue. Every time they click on SAP B1 icon and enter user and password, message is issued stating that user or password is invalid. Eventually, the Choose Company window is display without any company databases listed. User then selects the server and can then select a databse and login using same user and password originally entered.
  All other users when they login go to the last comapany database last accessed automatically.
  SAP B1 is 2007A PL 15 and MS SQL 2005.
  Can't see this scenarion listed anywhere in the Forum or in SAP B1 Notes.
  Has anyone experienced the same issue? Is there a workaround?
  Thanks.

  Found this entry under the SAP B1 Login issues and will ask cstomer IT to follow-up.
  Influence 6: User privileges are not setup correctly
  Reason: Insufficient privileges in Windows
  After install/upgrade of SAP Business One or certain changes in the domain were made one or more users need to type always the SQL credentials 'sa' user and password.
  What to verify/check
  Check with the system administrator if the user has at least 'power user' privileges
  Check in the folder '%USERPROFILE%\Local Settings\Application Data\SAP\SAP Business One' that you can add a file/create a new folder or change a text file.
  Resolution
  Check SAP Note
  1156461
  Ask the System Administrator to raise the privilege (or copy from another user that does not face the issue) for this user to the profile folders:
  '%USERPROFILE%\Local Settings\Application Data\SAP\SAP Business One'
  Copy the profile files from another user's machine to the affected desktop and test it again.

• Need a Advice for move from  peoplesoft to SAP BI

  Hi Experts,
  I am working as a peoplesoft Technical consultant in a MNC past 2 yrs .
  I want to change my domain to SAP BI. I need a suggestion.
  SAP BI Training already completed. But in my it's not possible for change so please advice how i will highlight in Resume.
  So that i will get calls for intv.
  Please guide my Guy's.
  Regards,
  Mohanty.

  Hi Yxu,
  I see what you mean now. It sounds like you'll need to pull in the tables from various studio databases and also edit some of the native studio application tables to associate the new tables. Unfortunately I've never tried this and don't have any instructions I can share with you. In terms of the portlets, i'm not sure how easy it would be to migrate them. You could upgrade the various WCI instances to 10g then use the migration utility to move the studio portlets to your main wci 10g instance. Or like you said, create new portlets. Keep in mind direct manipulation of your databases can render your product unsupportible by technical support. The more supportable alternative may be to just build all the studio databases and portlets from scratch in the new instance.
  Regards,
  Ryan

• Single Sign On for SAP - Integration wih AD

  Users often need both an SAP and Active Directory identity and password to work in their IT environment. However, these multiple identities and passwords create several problems: user confusion leading to decreased productivity, increased help desk costs and security breaches.
  For this purpose how can we extend Active Directory authentication for single sign-on to SAP?
  Regards,
  Majid Khan

  Hi,
  It seems that SAP SSO/IWA  based on Spnego Kerberos is what you want.
  Spnego Kerberos only works on a J2EE stack based system.
  The classical technique is so to implement it on a SAP portal and to use redirect applications to use the portal saplogon ticket to authenticate on abap systems.
  Check help.sap.com on the subject, you will get a lot of information.
  Regards,
  Olivier

• Need information on Single Sign On

  Hi,
  Can we have SAP integeration and Business Objects AD SSO authentication work on the same application server.In our environment this same instance has to support SAP users to login also . For that default should be secSAPR3 and Vintela should be false and other SSO enabled as mentioned in document.
  But for Single sign on, authentication.default has to be secWinAD,Vintela true.For SAP , authentication.default has to be secSAPR3 We want both of them to work. Is this possible.
                                                         OR
  Is recommendation from BO to separate out instance for SAP users integrated with BO in one instance and all non sap users in another?
  Is there any documentation/steps to configure SSO for XI 3.1?
  Please guide!!!
  Thanks...

  Hi,
  not sure if I fully got your scenario but it looks like you have three different authentication mechanisms:
  - Win AD
  - SAP
  - Vintela
  An chance to consolidate with a scenario like SNC ?
  What are the use cases for the end-user or asked different when would a user use Win AD, SAP, Vintela ?
  thanks
  ingo