[XI 3.1] SSO for InfoView and OpenDocument URL

Similar Messages

• How to configure Oracle SSO for forms and apex

  Hi All,
  I am trying to configure oracle SSO for forms and apex using third party external authentication. Please help me how to configure. I a have tried all possible things
  from web but I am not able to do it. Is there any doc or links are much appreciated.
  Info: Some reason my oiddas web link is not working it used to work fine before and also the from /pls/orasso/ link I am not able to login may be because of my oiddas issue
  Thanks

  Hi Andreas,
  Thanks you for your help. I am trying to implement third party external LDAP authentication for APEX and Forms.
  So I started with OID and SSO setup to create external Partner Applications. Some reason my oid and sso web login links are not working. I didn't find any errors. I need some help in finding the problem and direction, I already read docs on web but no proper direction. I appreciate your help.
  Thanks

• SSO for SAP and Non-SAP applications without Enterprise Portal

  Dear all,
  Is it possible to implement SSO for both SAP and non-SAP applications without involvement of EP at all?
  I have gone through this link.
  <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/e5/4344b6d24a05408ca4faa94554e851/frameset.htm">http://help.sap.com/saphelp_nw04s/helpdata/en/e5/4344b6d24a05408ca4faa94554e851/frameset.htm</a>
  But I still i am not able to get the precise answer on how to enable SSO for both  SAP and non-SAP applications without EP.
  We have decided not to implement EP in first phase of SAP implementation. But we need to enable SSO for other SAP and Non-SAP applications.
  A detailed description on how to deal this kind of scenarios will be helpful.
  Thanks.

  A client of our's uses <b>SAP Enterprise Portal</b>, and is using the SAP SSO, which is implemented with tickets, and requires the use of SAPSECULIB.  My company provides an application for this client, and our application in hosted in our data center for the client, as a Software as a Service application, obviously across the internet.  Our client, which owns a SAP license, has asked that we support the SAP SSO as a non-SAP SSO application.  The client user's SSO ticket will be created from SAP EP, and then passed across the internet to our application, and we are to use that SSO ticket as an authentication ticket to our application.  I beleive I know how to do this work technically, having reviewed the SAP document named: "Dynamic Library for Verifying SSO Tickets in Third-Party Software"   Specification   Version 2.00  December 2005.
  My question is, does my company have the right to use the SAPSECULIB?  Where is the official download and <b>license</b> download, that indicates we can download this library, and use it to support a SAP customer?  We do not own a SAP license.  Thank you for your help.  I have searched many places in SAP support.<b></b>

• SSO for OBIEE and WebLogic 10.3

  Hey, and thanks in advance for any replies.
  I'm struggling trying to get the single sign on integration working for OBIEE (10.1.3.4.1) and Oracle WebLogic 10.3. I've got the active directory hooks enabled, but there doesn't seem to be any passthrough from the browser to weblogic to the application on the back end (using NTLM and Internet Explorer).
  Any tips on getting this running?
  Thanks,
  Eric

  There are no "passthroughs from the browser to weblogic" for SSO. I think you are getting confused between SSO and external authentication. By "got the active directory hooks" I presume you meant you configured LDAP in your RPD, right? But that's just for external authentication. How are you trying to do SSO? What portal are you trying to integrate OBIEE with?

• Best practice for infoview and which folder to save webi or crystal reports

  All,
  I was wondering what are your thought about the following question.Imagine you have a customer using at the same time webi reports and also crystal reports against BW.
  The thing is that he is transporting the crystal report thru SAP using the rsadmin transaction to manage his crystal reports, but also use the SAP transport to move them to PROD .As far as webi, he is using the import wizard to move them to PROD. \
  As you know the crystal reports will end up into an SAP folder .. something that is such as SAP/(description of the menu role).
  Well webi reports happen to be inside the public folder.
  The question was .. what would be the best practice
  1 u2013 store all your crystal reports against BW in the SAP menu roles as it is ending up thru the SAP transport and have the webi reports inside the public folder ?
  2 u2013 Copy your webi reports from the public folder to the SAP /Menu role folder where my crystal reports are ?
  3 u2013 copy your crystal reports from the SAP/(menu role folder) to the Public folder ?
  Let me know what is your feeling as best practice
  Thank you
  Philippe

  Just a hint:
  The path SAP/2.0 is not mandatory. You can configure the SAP BW publisher on the BW side (transaction /CRYSTAL/RPTADMIN) so that your reports will be stored in another folder on the BOE side. Please note that the addition of the role name in the path cannot be overrided.
  Regards,
  Stratos

• InfoView and CmcApp URLs unavailable

  Hi,
  we're experiencing issues  accessing both the sandpit InfoViewApp and the CmcApp
  on accessing the following URL
  http://hnsbosjd01s.glasgow.gov.uk:50000/InfoViewApp/logon.jsp
  I am reverted back to the login screen
  on accessing the following URL
  http://hnsbosjd01s.glasgow.gov.uk:50000/CmcApp
  I get a 503 error
  Application cannot be started.
  Details: com.sap.engine.services.deploy.container.ExceptionInfo:
  Error in starting application [sap.com/CmcApp].
  If we try and access the sandpit environment via our tomcat server
  (which resides on our development environment) we are also unable to
  access the CMC.
  There haven't been any changes recently so I'm unsure why the problem
  has occurred.
  I have stopped and started the system and bounced the cluster in which
  it resides but to no affect. Profile parameters, environment variables, PATHs look ok
  I would be grateful for any advice on this issue?
  Thanks
  Paul

  Julian,
  thanks for the reply.
  to resolve the issue I had to redeploy the following:
  1. CmcApp
  2. CmcAppAction
  3. InfoViewApp
  4. InfoViewAppAction
  5. PlatformServices
  This is the 2nd time recently I've had to redeploy specific components on the sandpit environment. I've also had to redeply CmcApp recently on production. Have you experienced similar issues on the BOE environment?
  Thanks
  Paul

• Exchange 2010 and 2013 coexistence Internal and external URL

  Hi all,
  been reading alot of threads about Outlook anywhere and virtual directories in co-existence exchange 2010 and 2013.
  Still i dont get any smarter.
  Here is scenario:
  Exchange 2010
  Cas1
  Cas2
  Mailbox1
  Mailbox2
  Casarray is Exchange.casarray,com ( internal dns pointed to CAS1 in exchange 2010).Seems like by default both exchange 2013 cas servers are added to the casarray.
  Exchange 2013
  CAS+Mailbox
  Cas+Mailbox
  DNS
  mail.exchange.com pointing to VIP (kemp loadbalancer)
  Autodiscover ( pointed to same vip ,kemp load balancer)
  Outlook anywhere on all servers (2010 and 2013)
  Internal ( pointing to VIP on Kemp)
  External ( pointing to external IP,then it passes firewall that again passes to kemp)
  Problem we are having is when migrating users from Exchange 2010 - 2013.
  Users using Outlook 2010
  restart of outlook and mail  works fine.
  OWA works fine
  Active sync fails ( need to inherit permission of users AD object),wait couple of hours then mobile can sync again.)
  Users using Outlook 2013
  Outlook in disconnected status,only fix is to create new profile.
  OWA works fine
  Active sync fails ( need to inherit permission of users AD object),wait couple of hours then mobile can sync again.)
  Question is,what should be set for internal and external url (active sync,owa,ews)on 2010 and 2013 servers?
  Where is the config wrong?
  Thanks!
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

  Hi Martina,
  did the test as mentioned,even tried both CAS 2013 servers.Flush and registerdns didnt help.
  Still Outlook is Connected to the cas.exchange.as (which again Points to 1 of Exchange 2010 servers),
  Tried repair Outlook profile,no og.Only fix is to setup New account.
  Any more tips?
  thanks!
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

• SSO for MS outlook, OWA and Sharepoint using SSO 2.0

    Hi,
  We have installed the secure login server 2.0. And configured SSO for SAP (ABAP, JAVA) systems using X.509 certificate. it is working fine.
  We want to configure SSO for some non SAP applications like MS outlook, Outlook Web Access, Sharepoint.
  I dont see any documentation in the implememntation guide of NW SSO 2.0 for how to configure these non sap applications to accept X.509 certificates.
  Anyone please share the details of how to configure SSO for MS outlook, OWA and Sharepoint
  Regards,
  Yogesh Kumar D

  Hello Yogesh,
  Secure Login Server generates short lived certificates, this means after a configured time (or even
  after an logout, because the Secure Login Client does not persist the private
  keys in the file system) the private key and certificate is gone.
  So using this for long term encryption is not practicable (because decryption
  will be very very hard after a certificate/key renew...)
  For a signature only solution the problem would be the signature validation, because it needs the
  public key/certificate from the signer. This is usually included into the
  PKCS#7 signature format, but its not guaranteed (depends on the application settings as example in outlook etc.). So this would be theoretically possible, but unlikely.
  For long term encryption/signatures you need persistence certifkate/keys.
  So thats the reason there is not documentation about that use case in Secure Login Server.
  best regards
  Alex

• IdM 7 and SSO for legacy applications

  Dear experts,
  Per SAP NetWeaver 7 documentation new approach allows SSO for any legacy applications without a need for a 3rd party IdM solution.
  Could someone explain how this is handled? Does evary non-SAP application need to become aware of SAP IdM credential store and be able to interact with it, or some other - non-intrusive approach is being used?
  Thanks in advance,
  Eugene.

  Hi Eugene,
  SAP NetWeaver Identity Management 7.0 handles the provisioning of users (identities) for a heterogeneous landscape. Authentication and Single Sign-On (SSO) is being handled within the SAP NetWeaver platform. So introducing SAP NetWeaver Identity Management itself does not introduce additional SSO functionality.

• SSO Configuration not working - Still asking for Userid and password

  Hi Guys,
  I have configured Portal to use with backend server. Configured WAS & ITS and created System Alias.
  For Testing SSO I did following steps on portal:
  System Administration > Support > SAP Appliction > SAP Transaction
  Selected system Alias and tcode se12. Selected SAPGUI for HTML. Pressed Go.
  Instead of SE12 screen, I get Logon Screen asking for USERID and password.
  I should be getting SE12 screen directly without entering USERID and PASSWORD.
  I tested with Transaction iView (SE12)  and getting the same logon screen. After entering userid/password  it displays SAP Easy Access menu instead of displaying SE12
  Please help.
  Thanks a lot.
  mini

  Hi Sandeep.
  Thanks for your reply. Here are the answers to your questions:
  1. Is the username same in the portal and the backend that you are trying to connect, ensure that there is the same username that exists in the system you want to connect to. YES
  2. The ticket is imported properly- check the ACL and Certificate list in Tcode STRUSTSSO2.
  Ticket is valid from 01 Jan 2009 to 14 Mar 2012.
  3. Check for the parameters in place login_accept_ticket = 1 and login_create_ticket = 2 and icm_hostname_full is set to FQDN. 
  In RZ10 it has 3 parameters:
  login/accept_sso2_ticket = 1
  login/create_sso2_ticket = 2
  icm/host_name_full = sapecc6.tri.com 
  4. What is the result when you test the system connection?
  WAS & ITS Connections are successful.
  Connection test for Connectors is giving following results:
  Results
  Retrieval of default alias successful
  Connection failed. Make sure user mapping is set correctly and all connection properties are correct.
  My Connectors Details:
  Application Host : sapecc6
  Gateway Host : sapecc6.tri.com
  Gateway Host : 3301
  SAP Client : 800
  SAP Client : EC7
  SAP System Number : 01
  Server Port: 3201
  System Type: SAP_R3
  I am using same userid for Portal and backend.
  5. Are the 2 systems that you want to configure SSO in the same domain?
  I am trying to connect R3 to Portal.
  Please give me directions to fix the problem.

• SSO for prompts with Crystal and BW in BO XI 3.1 SP3

  Hello together,
  i have a question regarding Crystal and SSO based on a Bex Query.
  I created a Crystal report based on a Bex Query.
  Saved this to BW und published it with the BW Publisher to BOE (SAP Int. Kit is installed).
  In the Cmc i set the report to SSO for prompts.
  I logon to BOE with my SAP User and Password.
  Try to run the Crystal.
  Unfortunately it does not work, i get an logon error message for the Database.
  Can somebody help me why this happen?
  Thx a lot
  Br
  Mike

  Hi Ingo,
  sorry for my late response, i had no chance to access the system.
  It is no error, it is just the Database Logon
  "The report you requested requires further information."
  But how can i avoid this Logon und use SSO?
  Thanks a lot for your help.
  Best Regards
  Mike

• Setting up ldap and enabling sso for disussion service

  How to do setup of discussion service site so that user base of the discussion site uses an external ldap like OID? It was very easy with Jive(on which oracle's version si based). It was done at the time of installation.
  I thought of using system properties that were defined for jive and using the same for oracle's disussion service but not sure what values I can provide for UserManager and GroupManager. I tried giving the same values as that we used in Jive but after restarting the WLS_Services the login function was not working at all. Is there a document that helps in doing this setup.
  Also, do we have a document on how to enable SSO with discussion services site?
  -Pratap

  I figured out how to do ldap settings for discussions. It is the same approach as that of jive. Go to C:\OracleMiddlewareHome\user_projects\domains\base_domain\config\fmwconfig\servers\WLS_Services\owc_discussions_11.1.1.2.0 and edit the jiveStartup.xml. Change to contain <setup>true</setup> to <setup>false</setup> . And log in to discussion site using the http://localhost:8890/owc_discussions. This will let you go through setup process where we can give the ldap settings.
  Can someone please help us in working with SSO?
  -Pratap

• Best Practices for SSO between NWBC and BOBJ CMC

  What are the best practices in this scenario:
  - NWBC client (using SAP ECC logon credentials)
  - BOBJ client (configured using Windows AD credentials)
  I would like my users to log into NWBC - but be automatically logged into CMC for running crystal reports inside the NWBC gui.
  Thanks
  Shane Kelly

  yes.  we're not using portal.    only SAPGUI up till now.
  but we've recently configured our DEV server to run NWBC.
  Normally my users log into CMC Infoview in a browser - but with NWBC i can bring infoview directly into the UI.
  but it asks for a sign=on every time.
  i'd like to configure SSO for NWBC to BOBJ infoview somewhow.

• How do we use SSO for both Windows AD and Trusted authentication?

  We want to have the majority of our users access the BO 4 BI Launchpad using SSO with Windows AD authentication.  We have set this up and it's working ok.  We also have a subset of external users and need to configure SSO with Trusted authentication for their Enterprise accounts.  Support says we can only have SSO for one authentication type.  I'm assuming we can work around this by installing a 2nd Tomcat instance on our Linux server.  Has anyone done this type of config successfully?  Any other ideas would be greatly appreciated.  Thanks!

  Hi Collins,
  BOE's CMS can be accessed from multiple application servers.
  Please have a look on this new article [here|http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/00240702-8343-2f10-ed9a-85ece14c93db] .
  You may use this method for other application servers(not only NW) but just dont add the file "web-j2ee-engine.xml" as its not  needed.
  regarding sections 4.2.4 on the document, On one application server just set "authentication.default" property under the file BIlaunchpad.properties, to "secWinAD"(for win AD). and on the other set it to "secEnterprise".
  please report any problems you may encounter,
  thanks,
  Idan

• How can i enable the trace for OpenDocument URL

  When i trying to view the document through OpenDocument URL getting an error message "An error occured. Error occured while trying to view the document". But when i verified throguh infoview/cmc able to view the report with out any error for the same user.
  I verified access level and the user have required access rights "view access, View Objects" etc..
  I enabled the trace for the servers "Crystal Processing Server, Crystal Cache Server, CMS server, Report Application Server", but i didn't see any useful information.
  I'm facing the issue with Crystal Reports and didn't try with WEBI reports.
  Is there any way to debug the issue and any path to enable the trace

  Hi RVS,
  I integrated BO to my application. When i tried to open the instance through my app using OpenDocument URL, it asking the login credentials (generally it should not). Once if i provide the credentials navigating to the error page.
  I'm using the BOXI 3.1 with SP6.
  Below are the url's captured when i tried to see the instance
  http://myserver.com:8080//PlatformServices/service/app/logon.do?appKind=InfoView&service=%2FOpenDocument%2FappService.do&backContext=%2FOpenDocument&backUrl=%2Fopendoc%2FopenDocument.jsp%3FbackContext%3D%252FCrystalReports%26SERVICE%3D%252FOpenDocument%252FappService.do%26backUrl%3D%252Fview.do%26service%3Dtimeout&backUrlParents=1&appName=Open+Document&prodName=Business+Objects+Enterprise&cmsVisible=false&cms=myserver%3A6400&authenticationVisible=false&authType=secEnterprise&sso=false&sm=true&smAuth=secLDAP&sapSSOPrimary=false&persistCookies=true&sessionCookie=true&useLogonToken=true
  http://myserver.com:8080//OpenDocument/appService.do?service=skinning&resource=stylesheet
  Thanks,
  Pradeep.