SSO with Saml

Similar Questions

• SSO with Cloud-based deployments hybrid

  Hello

  I m wondering, how SSO works with the Hybrid Cloud-Based deployments.

  I want to use Jabber for Windows with WebEx Connect and unified with Cisco WebEx Communications integration.

  Issues related to the:

  1. How can I configure Jabber for Windows to use SSO with WebEx Connect after Installation of the Client?
  2. I ve read, that the SSO with WebEx Connect username will be [email protected] / * /. Fix?
  3. I ve read, that I need to create a jabber - config.xml with a following to apply Jabber for Windows to use the connection information Webex-Connect also for telephone Services. Fix?
  4.      presence  
  5. If this is correct, Jabber for Windows will use [email protected] / * / to authenticate with CUCM, but CUCM would need only the name without the domain name user. From my point of view, Jabber for Windows will not be able to authenticate with CUCM Telephony Services.

  Any thoughts?

  Thank you

  Tino

  Hi Tino,

  You can use the command line arguments to specify the SSO with WebEx presence server. There is no real soloution SSO at present for hybrid mode (CUCM, unit Cxn).  See the answer online for other issues.

  • I ve read, that the SSO with WebEx Connect username will be [email protected] / * /. Fix?

            >> Fix

  • I ve read, that I need to create a jabber - config.xml with a following to apply Jabber for Windows to use the connection information Webex-Connect also for telephone Services. Fix?

  >> Attribute 'PhoneService_UseCredentialsFrom' can only be used in the deployment prem No.. Check the section plan for authentication of the administration of Jabber for Windows for more information guide.

  Thank you

  Ménard

• ASA WebVPN SSO with cactus

  Hello

  I use SSO with HTTP POST parameters for SINGLE sign-on for web applications behind my ASA.

  I am currently playing with cactus.

  My settings are:

  action = login

  login_username = CSCO_WEBVPN_USERNAME

  login_password = CSCO_WEBVPN_PASSWORD

  Realm = ldap

  The connection works fine, but after the post OFFICE, the Web server sends a HTTP "302 OK code." Normally, it should be "302 moved" or "200 OK".

  The ASA does not include what to do, to do nothing and replies with an error "Server is not available >.

  When I press the 'Home' button and click again on the bookmark of cactus, I'm connected to cactus. It seems that there is a cookie or something missing.

  When I do exactly the same with a browser, it sends after the "302 OK" normal GET and I am connected.

  Me seems a mistake in cactus, but I'm not also sure if ASA does not respond properly?

  Also, when I change the type of bookmark of https to post, it works! BUT: post plugin only supports http and not https, so my connections has send in clear on the internal network.

  Any ideas?

  Thank you

  MB

  configure the POST plugin for HTTPS by using the csco_proto=https parameter
  
  in the Post-Plugin URL

• implementation of SSO with r12

  Hello Experts,

  I must apply sso with our installation r12.

  the details are:

  Operating system: HP-UX Itanium

  EBS: 12.1.3

  DB: 11.2.0.2

  Next Note: Integration Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On [376811.1 ID]

  According to the note, need to install 10 g AS (10.1.4.0.1)

  can it go to 10.1.4.0.3

  I am facing problem to download s/w for 10g As.

  http://www.Oracle.com/technetwork/middleware/IAS/downloads/101401-099957.html

  but not able to understand which I take download to do the first installation. (10.1.4.0.1)

  Please suggest.

  Thanks in ADV!

  Hello

  The issue is discussed previously and answered in the forum, please visit:

  https://forums.Oracle.com/message/10403374

  HTH!

  Thank you &

  Best regards

• OBIEE 11.1.1.6 SSO with OAM 11.1.1.5: problem of attribute OID 11.1.1.6

  Hello world!
  
  I configured an OAM (webgate) + DIO + OBIEE + OHS system.
  The OBIEE is protected via OHS(weblogic module) and webgate. It works very well.
  The CAO authenticates OID (default user identity store).
  The * "User research Base" * is the same (* "cn = Users, dc is mydomain, dc = com" *) in the store of identity and authentication provider OID of OBIEE too.
  SSO is enabled in OBIEE and suppliers are:
  OID (provider that performs authentication LDAP 1.0) JUST
  REQUIRED OAM (Oracle Access Manager identity Asserter 1.0) provider
  DefaultAuthenticator (WebLogic Authentication Provider 1.0) SUFFICIENT
  DefaultIdentityAsserter
  
  IF the * "User name attribute" * is * '' cn '' * in-store OAM of identity of the users and the provider of the OID of the OBIEE * "user name attribute" * is * "cn" * (by default) also, everything works fine.
  
  But I have to use * "orclSAMAccountName" * instead of * "cn" * (OAM and OID provider). And in this case, I have the problem.
  The OID of the OBIEE provider are:
  All users filter: (& (orclSAMAccountName = *)(objectclass=person))
  The user of the name filter: (&(orclSAMAccountName=%u)(objectclass=person)))
  Username attribute: orclSAMAccountName
  
  I did a test user:
  CN = test
  SN = test_sn
  orclsamaccountname = test_sama
  UID = test_uid
  krbprincipalname = test_krb
  I can authenticate with test_sama OAM, but OBIEE say: * "" you are not logged here: Oracle BI Server. "*"
  The bi log shows that:
  + By default (self-adjusting)' > < BISystemUser > <>< 00093dFuR ^ HFW7PMye7i6G00052S000Tt7 > < 1345642607333 > < BEA-000000 > < javax.security.auth.login.FailedLoginException: [Security: 090304] authentication failed: User test javax.security.auth.login.LoginException: identity [Security: 090300] Assertion failure: test user does not exist +.
  + oracle.security.jps.internal.api.jaas.AssertionException: javax.security.auth.login.FailedLoginException: [Security: 090304] authentication failed: User test javax.security.auth.login.LoginException: [Security: 090300] identity Assertion failure: test user does not exist.
  
  Why does search OBIEE the * '' cn '' * and why does not use the * "orclsamaccountname?"
  
  Any idea?
  
  Best regards, Jani

  Hello Joseph,.

  This is a known issue in OBIEE 11.1.1.6.0, please see: OBIEE 11.1.1.6 Agent failed with error code: IHVF6OM7:OPR4ONWY:U9IM8TAC [nQSError: 13039] the imposter does not exist in the BI [1446877.1 ID] Security Service

  We have configured OBIEE 11.1.1.6 on Linux and use Single Sign On (SSO) with authentication Native for Windows (Ondaaah).

  Configured authenticator AD, select sAMAccountName instead of CN for the attribute of the user. SSO in MS license. When you try to access the OBIEE presentation services we met the below error.

  «You are not logged here: Oracle BI Server.»

  When to check the logfile biserver1 found: failure of the Assertion of identity [Security: 090300]: user OracleSystemUser does not exist

  After you apply the hotfix 13553428 on top of 11.1.1.6.0 OBIEE we connected in OBIEE presentation services.

  It works very well with OBIEE, 11.1.1.5.0 and 11.1.1.6.1

  OBIEE fixed in 11.1.1.6.1. Apply Patch 13742915.

  If you want to stay in OBIEE 11.1.1.6.0. Apply Patch 13553428.

  Let me know if this solves the problem of Asserter.

  Pls mark so useful or response.

  Thank you
  SVS-

• SSO with ebs

  Hi all
  
  execution of 11.5.10.2 with 10.2.0.4 db multi-user.
  intalled 10g as another break with the OID/SSO.
  application server 10.1.2.0.2
  DB server: 10.1.0.4
  
  need to integrate SSO with ebs
  
  following mos 233436.1
  
  has confused with authentication UNIQUE task 2, step 5: run the registration script
  
  as this mos says that:
  A perl script is used to register the instance of Oracle E-Business Suite Oracle Internet Directory and Oracle Single Sign-On
  
  txkrun.pl - script = SetSSOReg.
  -provtmp = $FND_TOP/admin/template / < TemplName >
  
  
  and a lot of google search wrote 3 steps:
  
  -Registration of oracle home
  $FND_TOP/bin/txkrun.pl-script = SetSSOReg - registerinstance = yes
  
  -SSO registration
  $FND_TOP/bin/txkrun.pl-script = SetSSOReg - registersso = yes
  
  
  -Record OID
  $FND_TOP/bin/txkrun.pl-script = SetSSOReg - registeroid = yes
  
  
  
  What is the good?
  
  
  If both are right, then how decide what trake should I take?
  
  
  Please suggest!

  Salvation;

  If you have doupt that its go with sr. But if you follow google and if you hit error and if you mention your steps which is not covered in metalink with that you may have a support problem

  Respect of
  HELIOS

• SSO with OBIEE 11 g

  Hello
  
  Has anyone use SSO with OBIEE? We have restricted MSAD/Windows with OBIEE SSO.
  
  Let us know that it is possible to do with the authentication of the RPD?
  
  Thank you!

  Yes, as long as you're not on the v.3 version where the roles session variable cannot be initialized the. If you're on v.5, Yes, it's quite possible.

• Software needed to achieve SSO with Webcenter Suite 11.1.1.2

  Hi all
  
  I installed Web center suite 11.1.1.2 on my Machine. Can someone suggest, what software I need to install in order to achieve
  Oracle SSO with E-Business Suite and OBIEE.
  
  
  
  
  
  
  Concerning
  Nanfack marzolf
  
  Published by: user11965597 on 15 Sep 2011 03:58

  Using these business applications with WebCenter spaces? If you start a new project, why don't you use WebCenter 11 G PS3 or PS4 because there are a number of new features? Also the Oracle Access Manager (OAM) is the recommended method to achieve the goal of SSO.

  Although Oracle SSO (OSSO) is the main solution for Oracle 10 G Infrastructure but Weblogic also support OSSO. Anyway, if you want to use Oracle SSO (OSSO) in WebCenter 11.1.1.2, you need after 2 software: -.

  1 oracle HTTP Server (OHS)
  2 oracle Internet Directory (OID)

  You can find the configuration details in http://download.oracle.com/docs/cd/E15523_01/webcenter.1111/e12405/wcadm_security.htm#BGBDADFE.

  You don't need additional software for E-business Suite as well.

• OBIEE SSO with permission

  Hi gurus,
  
  
  (1) I have configured instance SSO with windows Active Directory and OBIEE.
  
  (2) I also have another instance (without configured SSO) with table external authentication (verification of name and password of the user) and authorization (groups, that populate the session for the filtering of data variables).
  
  Now my question is, I want a combination of scenario 1 and scenario 2. I want OBIEE SSO with Active directory
  
  and the groups in the external table.
  
  The reason being, my groups are custom in the outer table groups, I do not want to keep users in the repository.
  
  can you please give me some pointers if the scenario is possible. Thanks in advance
  
  Thanks and greetings
  Satya

  Now my question is, I want a combination of scenario 1 and scenario 2. I want OBIEE SSO with Active directory and the groups in the external table.

  I don't have what is your question? Just do SSO with AD, and then load the groups in the GROUP through SQL init block. What is your real problem?

  To filter the report data, you must have the same structure of Group at Web cat I guess (correct me if I'm wrong).

  Yes, even if you do not need to use the same workgroup name. Is MNI names I'd rather have completely separate groups, some for safety to the RPD for Web security catalog. As long as the groups exist in the appropriate location (RPD or Web catalog) and they are assigned in the block GROUP init then OBIEE will be happy, they do not need to exist in both places.

  (2) No SSO will fill the Remote_User variable rather than the default USER variable.

  No, you say OBIEE where to put the REMOTE_USER value. "You can simply select ': USER"FROM DUAL or if you have your users defined in a table, you can also authenticate the user exist in this table, SELECT": 'FROM USER_TABLE WHERE USER_ID =' USER: USER" which adds another layer of authentication to your SSO solution.

• vCloud SSO with a 3rd party identity provider?

  I have read that vCloud can be linked to vCenter which vCenter becomes the identity provider and vCloud Gets a SAML him for UNIQUE authentication token. I would like to use vCloud with a 3rd party identity provider that is supported by the CAs and also provide vCloud a SAML token.

  Is it possible to use an identity 3rd party with vCloud provider?

  N °

  Think about it this way as a string of past tasks.  The order is just different for both processes.

  System Administrators--> Login system--> vSphere SSO (User Identification)--> 3rd party Identity Provider (LDAP or SAML for authenticating)--> vCloud Director (authorization and access control)

  Users in the Organization--> Organization Login--> provider of 3rd party SAML (authentication)--> vCloud Director (authorization and access control)

• AD SSO with Server 2008

  Hello

  I have windows 2008 server running with NAC 4.7.2 but all users running xp AD SSO is possible or not because according to Cisco, vista must be installed.

  "You need to use Windows Server 2008 machines with KTPass version 6.0.6001.18000 client must be running Windows Vista with Cisco NAC Agent version 4.7.1.15 installed, to ensure that you are able to maintain the standard FIPS 140-2 compliance and support AD SSO.

  Y at - it a workaroun?

  Nameair,

  Workaround: forget KTPASS exists!

  Check your settings by this link and ensure that accounts are displayed correctly, as they do in AD:

  http://www.Cisco.com/en/us/docs/security/NAC/appliance/configuration_guide/48/CAs/s_adsso.html#wp1300720

  HTH,

  Faisal

  --

  If you find this article useful, please note so that others can easily find the answer

• SSO with WebVPN ASA using RSA tokens

  Current configuration:

  Chip & PIN the user authenticates for-> ASA5510 8.2 Clientless VPN-> past to the 7.2 SDI RSA Authentication Manager.

  I've got of authentication works great, at the first connection, users can connect with their AD usernames and RSA tokens and generate his pin code.

  We used to use ACS express and their advertising information for vpn authentication, but now we have to two factors of authentication.

  Is it possible to some how to maintain SSO so that when the user authenticates via its RSA token they can always browse through OWA, Sharepoint, CIFS (file share) without having to enter their credentials for the AD?

  Any help or information is much appreciated.

  Thank you

  You can activate the field "internal password" on the customization of WebVPN and also re-name-the ("Password AD" for example) and then configure the entries in the auto-code of access for internal URLS on NTLM.  Such that when the guest servers the WebVPN session will send the user name used to connect to the ASA but send the internal password captured during the connection instead of the password used to connect to the WebVPN himself.

  The only problem I saw during the test, there is no seam to be a graceful way to establishing a password incorrect or missing, then NTLM would fail and fall back basic over ssl.   Finally it would block the AD accounts based on URL how much the user has tried when the password entered when the connection is bad or missing (because it failed to connect to the WebVPN).

• Reg SSO with discoverer

  Hi all

  My environment,

  EBS: R12.1.3

  Database: 11.1.0.7

  Discoverer: 10.1.2

  As discoverer is integrated with EBS. We need to also configure SSO for discoverer?

  If possible, share the document for a better understanding.

  Please give tickets to go further. Also, let me know if you need more details.

  Kind regards

  Krish

  Hello

  It is not mandatory to use SSO for the discoverer.

  With the help of discoverer 10.1.2 with Oracle E-Business Suite Release 12 (Doc ID 373634.1)

  Kind regards

  Bashar

• Strategy for the SSO with multiple vCenter servers.

  We are upgrading vSphere/SRM 5.0U1 for vSphere/SRM 5.5U1 with multiple vCenters in our environment. After reading 2058239 KB:

  VMware KB: installing vCenter Single Sign-On 5.5 on a Microsoft Windows platform

  We install SSO on a separate Windows Server and choose vCenter Single Sign-On for your first server vCenter Server for this first instance. Now my question is for the following facilities as the vCenter for MRS or vCenters which manages areas replacement fault which option, existing site or new, do we choose? Thank you

  
  

  You have therefore three sites.

  The first time, you will choose vCenter Single Sign-On for your first server vCenter Server.

  For the second one on the same site, you choose existing vCenter Single Sign-On for an additional vCenter Server in a site.

  Now, when you come to an another site vCenter and third, you will need to decide if you have a site that is your main or you want to still have a site on the second.

  If you decide to join at the elementary level, that you will yet choose existing vCenter Single Sign-On for an additional vCenter Server in a site.

  If you choose to have another site, you choose vCentre of Single Sign-On for an additional vCenter Server with a new site.

  The end of it, you will have to make the decision to design. I can only tell you what they mean. Make sure you have adequate connectivity between sites.

• SSO with Apex 4.1.1.00.23

  Hello community of Apex,
  
  I want to implement a solution of SSO between the apex and the non-apex demand. This solution worked with Apex 4.0, but seems not work with current 4.1.1.00.23.
  I've set up a scenario of test on the hosted environment.
  
  Dev user:
  Workspace: authtest
  User: authtest
  Pass: authtest
  
  End user:
  User: test
  Pass: test1
  
  Things I've done:
  
  (1) created a custom authentication, System (shown under the current name) "auth_scheme" with following authentication:
  

  create or replace FUNCTION auth_function(
        p_username IN VARCHAR2,
        p_password IN VARCHAR2)
      RETURN BOOLEAN
    AS
      v_is_authenticated BOOLEAN := false;
    BEGIN
      
        IF lower(p_username)= 'test' OR APEX_UTIL.IS_LOGIN_PASSWORD_VALID(p_username => p_username,
                                                                          p_password => p_password)
      THEN
        v_is_authenticated := true;
      
      ELSE
        v_is_authenticated := false;
      
      END IF;
      
      RETURN v_is_authenticated;
    
    END auth_function;

  (2) created a process of "on the load - before the header' with sequences 5 on page 101:
  

  DECLARE
    v_user                VARCHAR2(4000);
    v_pass                VARCHAR2(4000);
    v_fsp_after_login_url VARCHAR2(4000) := :FSP_AFTER_LOGIN_URL;
  BEGIN
    
    SELECT SUBSTR(v_fsp_after_login_url, instr(v_fsp_after_login_url, 'P101_UNAME') + LENGTH('P101_UNAME') + 1)
    INTO v_user
    FROM dual; 
    
    wwv_flow_custom_auth_std.login(
      P_UNAME       => v_user,
      P_PASSWORD    => v_pass,
      P_SESSION_ID  => v('APP_SESSION'),
      P_FLOW_PAGE   => :APP_ID||':1'
      );
  
  END;

  Treat the condition: request = AUTOMATIC logon:
  
  (3) created a hidden element "P101_UNAME" on page 101.
  
  (4) expected behavior: user loads after the URL:
  

  http://apex.oracle.com/pls/apex/f?p=30964:1::AUTOLOGON:YES::P101_UNAME:test

  schould user logged in without typing in his letters of credence.
  
  What's happening: login user faces page. What I don't understand: set to 'None', automatic logon process condition works. But if you have a look at the debug report, apex recognizes the "AUTOMATIC login" request, even if the automatic connection does not work. On my dev with Apex 4.1.1.00.23 environment change of State process does not help.
  
  I can't understand what I'm doing wrong. With the Group of hotfixes 4.1.1 there is some changes in FSP_AFTER_LOGIN_URL Re: Deep Link (FSP_AFTER_LOGIN_URL) does not work at the APEX 4.1 I would be grateful of any suspicion.
  
  Thank you very much for your answers.
  
  Kind regards
  
  Anton
  
  Edit: Any ideas? I'd appreciate any suspicion.
  
  Edit2: Maybe of any advice? Explicit definition of the FSP_AFTER_LOGIN_URL in the Url is not helped either...
  
  Published by: anton on 20.08.2012 01:26

  Hi Anton,.

  http://Apex.Oracle.com/pls/Apex/f?p=56772:1:P101_UNAME:test

  works fine, after I changed the front header process of

  DECLARE
    v_user                VARCHAR2(4000);
    v_pass                VARCHAR2(4000);
    v_fsp_after_login_url VARCHAR2(4000) := :FSP_AFTER_LOGIN_URL;
    v_user_pos            pls_integer    := instr(v_fsp_after_login_url, 'P101_UNAME:');
  BEGIN
    if v_user_pos is not null then
      v_user := substr(v_fsp_after_login_url, v_user_pos+11);
  
      wwv_flow_custom_auth_std.login(
          P_UNAME       => v_user,
          P_PASSWORD    => v_pass,
          P_SESSION_ID  => v('APP_SESSION'),
          P_FLOW_PAGE   => :APP_ID||':1' );
      :FSP_AFTER_LOGIN_URL := null;
    end if;
  END;
  

  and that is the condition for: FSP_AFTER_LOGIN_URL is not not null.

  Kind regards
  Christian