Wireless Single Sign-On

Similar Messages

• Single Sign On is not working when deploying a Wi-Fi profile from Configuration Manager 2012 R2

  Hello,
  Trying to deploy a wireless profile to a user collection everything works except for the single sign on.
  The user will get the wireless profile and be able to connect successfully but when the user signs on again to the same device the Wi-Fi will not connect before the logon process starts. 
  So GPO processing and home drive mappings are not occurring. The Wi-Fi profile is configured for "Single Sign On - Perform immediately before user logon" 
  These same settings can be managed successfully by GPO.  It would be really nice to be able to use ConfigMgr though!
  Thank you.

  Hi,
  Please refer to the links below:
  Single Sign-On Profile Sample
  http://msdn.microsoft.com/en-us/library/windows/desktop/aa369849(v=vs.85).aspx
  Wireless Single Sign-On
  http://technet.microsoft.com/en-us/magazine/2007.11.cableguy.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Wireless Network Policy Single Sign On Issue with Windows 8.1 only

  I'll try to set this up as best I can. I have a laptop with a fresh Windows 8.1 install on it. It is on my domain, and I have a single GPO applied to it. In the GPO under Computer Configuration -> Windows Settings -> Security Settings ->
  Wireless Network Policies I have created a Windows Vista or later policy. In the policy I have configured single sign on.  I log into a local account on the laptop and plug it into a wired connection. I then run gpupdate on it. At that point I unplug
  the network cable, and log off. Now, from the login screen I click Other user, and it looks like the screenshot below.
  Notice that "Windows will try to connect to" is present. I can login using domain credentials, and single sign on works perfectly. Now if I reboot the machine, the "Windows will try to connect to" is gone and single sign
  on does not work. If I log in with a local account and log out. The "Windows will try to connect to" is present again. I can login normally using domain credentials, and single sign on works perfectly again.
  One other note: I installed a fresh copy of Windows 7 on the same model laptop, and put it in the same OU with that single GPO. Single sign on works perfectly with the Windows 7 machine every time. Including after reboots. Thank you, in advance,
  for any advice or comments. I will be happy to provide additional information if it is needed.

  I managed to get this to work properly in my environment. I realized that I needed to export the wireless profile from the Group Policy editor and import it on the client (by using Group Policy). I realized this while reading through this article:
  https://technet.microsoft.com/en-gb/magazine/2007.11.cableguy.aspx
  You can see the "Export..." button in the screenshot posted by keyserag above. Select the profile name, in the Group Policy editor Properties dialog, i.e. the item that keyserag has blurred in his screenshot, then click the "Export..."
  button. You will be prompted to save the XML file. 
  I use Computer Configuration > Preferences > Windows Settings > Files to copy the XML file to the clients:
  Destination: %WindowsDir%\WirelessProfileExportFileName.XML
  I then use Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks to run netsh and import the profile:
  Action: netsh wlan add profile filename="%WindowsDir%\WirelessProfileExportFileName.XML"
  The PCs using my policies are now ready to logon without any need for additional manual actions.
  I've left out some detail here, I assume everyone will do something a little different anyway. Let me know if you need more help with this.

• Using multiple wireless networks with Single sign on?

  The university that I currently work for has switched from one wireless SSID to 2 separate SSIDs that separate the student users from the faculty/staff users. At this time only the Faculty Staff can log into STAFF and students can only log into STUDENT...
  I have a few laptop carts that were setup for student use and have single sign on configured for the STUDENT wireless connection. The laptops are on the university's domain so that students have access to the home drives.
  We run into problems when Faculty try to use a laptop to teach a class. They are unable to log in because their credentials are not authorized for the STUDENT wireless network. 
  So...Is it possible to setup 2 wireless profiles (STUDENT and STAFF) with single sign on and give the user an option to choose from?

  Hi,
  Based on your description, I would like to suggest you use Group Policy to configure Wireless Network Settings:
  Using Group Policy to Configure Wireless Network Settings
  http://technet.microsoft.com/en-us/magazine/gg266419.aspx
  Please follow the information from the link above to check the issue.
  If it doesn’t work, I recommend you initial a new thread in our Windows Server Forum for further assistance.
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?category=windowsserver
  Hope it helps.
  Regards,
  Blair Deng
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Transparent single sign on domain logon / wireless

  Hello,
  I recently found out about the "single sign on" option in combination with "perform immediatly before user logon" which allows a user to enter wifi credentials and so be able to log on to a domain computer without cached credentials.
  It seems like the windows logon screen always shows four input boxes: two for domain credentials and two for wireless credentials.
  I would like to get rid of the double credential boxes in the logon screen and make the logon process transparent to users. Their domain and wireless credentials are the same so they have to enter the same information twice.
  Is this possible or am I doing something wrong?

  Hi,
  Thank you for the update, if no further help needed, please mark the proper post as an answer, this may help the others who might encounter the same issue reading this thread.
  And if any futher questions, welcome to post in Technet forum.
  Best regards
  Michael Shao
  TechNet Community Support

• Single Sign On WiFi issue

  Hi folks!
  I've got the most frustrating issue I've ever experienced. Single Sign on for my wireless clients (laptops/tablets). It's literally hit or miss whether it happens or not.
  The most recent one is a rebuild of an ASUS T100TA. I installed 8.1 Pro from USB stick and used a USB LAN Adapter to connect the client to the domain the first time and to refresh GPs for the first few hours of use. After that, the device was to go to a
  new user who would be able to login via the Wireless settings being rolled out via GPO - see settings below.
  Now, I know the profile is 100% correct, as once logged in, the SSID is magically connected (based on the GPO settings to connect immediately, not seen in the image). Users have full access to any/all network services.
  But see to log a new user onto the device, I get connecting, then "Unable to connect to SSID. Logging on", and finally the dreaded There are no logon servers available message.
  But that's not strictly true either, as all my tested BEFORE
  sending to the site/user were successful. And even once on site, one of the admin staff logged in to test it (mustn't have trusted me :/) with 100% success. Logged her in without her ever being logged onto it before. But the following day, when the device's
  owner arrived and logged on, the bloody nope train arrived again, and it's been like that ever since. But once I log on with a cached profile, boom, WiFi connects via the GPO settings without an issue. There is another identical device in the same office and
  it works without an issue.
  Without sounding dramatic, I can find absolutely no one else that has experienced the same issues as I'm having and it's starting to look like the window and ground will be the destination for the wee tablet if it doesn't start to play ball.
  Any help would be so appreciated.
  Cheers!

  Hi Goducks90,
  We'd better start your own thread for the others to be better involved. As the issue is different from many aspects.
  Also please have a share with the current situation and what steps you have tried for the folks to share a quick and helpful suggestions. We may follow the suggestions in the thread below to ask in TechNet:
  How to ask a question efficiently in TechNet forum
  Best regards
  Michael Shao
  TechNet Community Support

• Partner application single sign-on and Oc4j

  hello,
  I'm trying to test portal's partner application single sign-on, following the examples inside the "Oracle9 iAS Single Sign-On Application Developers Guide":
  With Tomcat as jsp engine everything works fine, but with Oc4j when I try to enter the protected jsp page i have this exception:
  oracle.security.sso.enabler.SSOEnablerException: java.lang.IllegalStateException: OutputStream already retrieved
       at SSOEnablerBean.getSSOUserInfo(SSOEnablerBean.java:153)
       at SSOEnablerJspBean.getSSOUserInfo(SSOEnablerJspBean.java:57)
       at /protetta.jsp._jspService(/protetta.jsp.java:37) (JSP page line 4)
  Any suggestion?
  Thanks in advance.

  I get the same problem with my partner application. It runs fine on JServer but I get the following problem on oc4j:
  oracle.security.sso.enabler.SSOEnablerException: java.lang.IllegalStateException: OutputStream already retrieved     
  at oracle.br.aerochain.sso.SSOEnablerBean.getSSOUserInfo(SSOEnablerBean.java, Compiled Code)     
  at oracle.br.aerochain.sso.SSOEnablerJspBean.getSSOUserInfo(SSOEnablerJspBean.java, Compiled Code)     
  at /jsp/papp.jsp._jspService(/jsp/papp.jsp.java, Compiled Code)     
  at com.orionserver[Oracle9iAS (9.0.2.0.0) Containers for J2EE].http.OrionHttpJspPage.service(OrionHttpJspPage.java, Compiled Code)     
  at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.HttpApplication.serviceJSP(HttpApplication.java, Compiled Code)     
  at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.JSPServlet.service(JSPServlet.java, Compiled Code)     
  at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java, Compiled Code)     
  at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java, Compiled Code)     
  at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java, Compiled Code)     at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.HttpRequestHandler.run(HttpRequestHandler.java, Compiled Code)     
  at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].util.ThreadPoolThread.run(ThreadPoolThread.java, Compiled Code)
  Did anyone get a solution for this?
  TIA

• Configuring JCo3 Connection Pool with single sign on on non SAP Java server

  Hi Everyone,
  i have configured a connection pool on JBoss as per JCo3 Documentation and is working great.
  Now I need help to configure this connection pool with single sign on so that RFc on SAP ECC systems are executed using end users credential rather than using single user name password used to configure JCo connection pool.
  On SAP Java stack I am sure its possible within Java WebDynpro    and i assume using JCA resource adapter. But what if we don't want to use SAP Java App server.
  Any help will be appreciated.
  Thanks,
  Divyakumar Jain

  Eason, 你好！
  I have exactly the same problem.  Did you find a solution to this problem?  If so, please let me know!

• How to pass credentials/saml token access sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication

  How to pass credentials/saml token exchange to the sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication 
  Identity provider here is Oracle identity provider 
  harika kakkireni

  Hi,
  The following materials for your reference:
  Consuming List.asmx on a claims based sharepoint site
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/f965c1ee-4017-4066-ad0f-a4f56cd0e8da/consuming-listasmx-on-a-claims-based-sharepoint-site?forum=sharepointcustomizationprevious
  Sharepoint Claims based authentication and Single Sign on
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/2dfc1fdc-abc0-4fad-a414-302f52c1178b/sharepoint-claims-based-authentication-and-single-sign-on?forum=sharepointadminprevious
  Sharepoint Claim Based Authentication Web Service issuehttp://social.msdn.microsoft.com/Forums/office/en-US/dd4cc581-863c-439f-938f-948809dd18db/sharepoint-claim-based-authentication-web-service-issue?forum=sharepointgeneralprevious
  Best Regards
  Dennis Guo
  TechNet Community Support

• ApEx 2.1.0.00.39 as Partner Application in Oracle AS Single Sign-On

  Hi,
  I've installed the last Application Express 2.1.0.00.39 (oracle-xe-10.2.0.1-1.0.i386.rpm and oracle-xe-univ-10.2.0.1-1.0.i386.rpm) but, when I try to "create an authentication scheme" for configure an ApEx application to use SSO under
  Home>Application Builder>Application xxx>Shared Components>Authentication Schemes>Create Authentication Scheme
  in the second step of the procedure I don't find the choice "Oracle Application Server Single Sign-On (Application Express engine as Partner App)".
  I found only these:
  - Show Built-In Login Page and Use Open Door Credentials
  - Show Login Page and Use Application Express Account Credentials
  - Show Login Page and Use Database Account Credentials
  - Show Login Page and Use LDAP Directory Credentials
  - No Authentication (using DAD)
  even if under the help voice "V Information" the others two are describes:
  Oracle Application Server Single Sign-On (Application Express engine as Partner App) delegates authentication to the Oracle Application Server Single Sign-On (SSO) Server. This Application Express site must have already been registered as a partner application with the SSO server. For more information, contact your administrator.
  Oracle Application Server Single Sign-On (My application as Partner App) delegates authentication to the SSO server. In this case, you must register an application with SSO as a partner application. See the next page for more details.
  Does Someone know how to resolve it?
  Thanks
  Emanuele

  Thanks for all your help Scott
  I've added the -PORTAL_SSO- .....
  After this I've had a new problem same to this: Re: SSO Authentication Not Working
  "get the error below and it then directs me to http://hostx/htmldb/f? and the "p=" is missing"
  But after a lot of tests I discovered where was the problem: "The apache configuration for the proxy!!"
  This an extract from the installation doc :
  SetEnv force-proxy-request-1.0 1
  ProxyPass /htmldb http://127.0.0.1:8080/htmldb
  ProxyPassReverse /htmldb http://127.0.0.1:8080/htmldb
  ProxyPass /i http://127.0.0.1:8080/i
  ProxyPassReverse /i http://127.0.0.1:8080/i
  ProxyPass /sys http://127.0.0.1:8080/sys
  ProxyPassReverse /sys http://127.0.0.1:8080/sys
  where you replace 127.0.0.1 with the name OR ip address of your XE installation. 8080 is the default http port of your XE installation. "
  Well, I used the IP ADDRESS and in the @regapp > listener_token the NAME!!! (HTML_DB:servername.domain:80)
  I changed the IP ADDRESS with the NAME, restarted the httpd service and now all works fine.
  Emanuele

• Single Sign on using SAML between JWS application and Web Application

  Hi,
  We have two applications one is swing based Java Web Start application and other is a normal web application. We are trying to enable single sign on between both the applications. Can SAML be used to enable single sign on? If yes, can some one let us know how to do this?
  Thanks,
  Rama

  Thanks. But it is based on two WEB applications deployed on two different weblogic domains. What I am looking for is one application which is launched using Java Web Start(JNLP) and other a web application. The Java Web Start application uses its proprietary authentication implementation and the web application used DefaultAuthenticator of weblogic. Hope this detail will help you to answer my question better. I should have given this information earlier.
  Thanks.
  Rama

• OBIEE 11G with Single Sign-On and Active Directory

  Hi guys,
  Release Version: Oracle Business Intelligence 11.1.1.5.0
  Patch applied: 11.1.1.5.0 BP3 (Patch 13832750)
  OBIEE Server operating system: Windows Server 2008 SP2 (32-bits Operating System).
  We are trying to configure Single Sign-On according to TechNote_WNA_SSO_AD_V4.0.doc.
  Our krb5login.conf:
  com.sun.security.jgss.krb5.initiate {
  com.sun.security.auth.module.Krb5LoginModule required
  principal="[email protected]"
  keyTab=cgdkobi2.keytab
  useKeyTab=true
  storeKey=true
  debug=true
  com.sun.security.jgss.krb5.accept {
  com.sun.security.auth.module.Krb5LoginModule required
  principal="[email protected]"
  keyTab=cgdkobi2.keytab
  useKeyTab=true
  storeKey=true
  debug=true
  We generate de keytab file:
  C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.24\bin\ktab.exe -k cgdkobi2.keytab -a [email protected]
  Password for [email protected]:XXXXXXX
  Done!
  Service key for [email protected] is saved in cgdkobi2.keytab
  C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\kinit -k -t cgdkobi2.keytab cgdkobi2
  New ticket is stored in cache file C:\Users\cgdkobi2\krb5cc_cgdkobi2
  C:\OracleBI11g\user_projects\domains\bifoundation_domain>C:\OracleBI11g\jrockit_160_24_D1.1.2-4\bin\klist -k -t cgdkobi2.keytab
  Key tab: cgdkobi2.keytab, 1 entry found.
  [1] Service principal: [email protected]
  KVNO: 1
  Time stamp: Mar 15, 2013 10:34
  C:\OracleBI11g\user_projects\domains\bifoundation_domain>klist
  Current LogonId is 0:0x406163f5
  Cached Tickets: (0)
  We re-start the services and logon into analytics web and SSO doesn't work but there's not an error. It runs successfully with and Active Directoy user and password. Seems like SSO wasn't enabled, but I checked is enabled.
  Any suggestion?
  Thanks in advanced

  Follow the posts : OBI 11.1.1.6.SSO and You are not currently signed in to Oracle BI Server" for OBIEE 11.1.1.6 SSO do the troubleshooting mentioned there.
  Also check your logs for error like the one below:
  [2012-03-09T16:42:36.000-05:00] [OBIPS] [NOTIFICATION:1] [] [saw.securitysubsystem.checkauthentication.runimpl] [ecid: 6c98b5cce1f24814:2a613331:135f95fbdff:-8000-0000000000005b7a,0:1:1] [tid: 5932] Authentication Failure.
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 13039] The impersonator does not exist in the BI Security Service. (08004)[[
  If you are getting this when you login to OBIEE :      You are not currently signed in to Oracle BI Server"
  then you need to apply this patch : 13553428 QA:BLK:DELIVER TO CORP. OID LDAP USERS FAILED WITH IMPERSONATOR DOES'NT EXIST. 11.1.1.6.0 Generic Platform (American English) General Oracle BI Suite EE Apr 5, 2012 799.4 KB
  Let us know the updates. Hope this helps. Mark if it does.!
  Thanks,
  SVS

• Difference between Federated single sign on  and just Single sign on

  Can anyone please give a clear definition of what is
  1. Federated Single sign on?
  2. Just Single Sign on ?
  As a security expert if you were to Architect security what will you suggest ?
  Lets take an example Landscape
  NW1(ABAP + JAVA)- system, NW-2(ABAP+JAVA)  system and EP( java only), LDAP
  I am having a hard time convincing the customer to have both CONSUMER AND PRODUCER PORTAL for Federated single sign on? is this a bad idea. Customer says just give me SSO(with just one portal acting as CONSUMER/PRODUCER).
  initial GOLIVE user load will be 700+ users.
  Edited by: Franklin Jayasim on Jul 16, 2010 7:52 PM
  Edited by: Franklin Jayasim on Jul 16, 2010 7:53 PM
  Edited by: Franklin Jayasim on Jul 16, 2010 7:57 PM
  Edited by: Franklin Jayasim on Jul 17, 2010 12:17 AM

  Hi  Denny Liao
  The project is going to have BI(NW) and ECC/SRM/HR(NW) and sepparate  portal ( EP - Java only )
  I thought that normal SSO will help in the intranetwork, what happens if the employee(user)  needs to work from home.
  What about the external vendors suppliers etc...?

• How to integrate Single Sign-On and JSF?

  Hi all,
  We are going to develop a web application using Oracle technologies, including ADF and JSF.
  But we´ll need to secure our website using Oracle Identity Manager (Single Sign-On). I am having difficulties to find any resource explaining how to do that.
  Also, the IM (SSO) will run on a Oracle AS instance and our web app (ADF+JSF) will run on a separete OC4J instance, due to ADF version. Is this a problem?
  Thanks

  We too are in the process of implementing iStore with SSO features.
  And if you believe me it seems to me as nightmare.
  In our scenerio we are intgrating this SSO with Third party access control too (AD and Siteminder). I would request you to please respond me on the following mail id , so we can share our experince which will help us in our implementation
  [email protected]
  regards and thanks in advance
  Vikas Deep

• OAM 11g Single Sign-On and OAM 11g Cookies

  Hi all,
  I need to know following,
  is it possible to get the username and password from the OAM 11g + IIS Webgate cookies and forward the same to the application for further authentication? is there any way to decrypt the cookie and use the information in the application?
  Regards.

  Yes , you can get the user password ,but for that you will have to write a custom plugin , else it is not possible.
  Refer step number 9 in the blog Single Sign on with Oracle Access Manager: Creating a Custom Authentication Plugin