on 11-13-2008 6:37 AM
Hi ,
I am trying sso for http://www.diamondintelligence.com/include/login.aspx? (Note I have done AppIntegrator for Yahoo)
I have created system,
Name of the server:www.diamondintelligence.com
protocaol: http
URI of web application: /include/login.aspx?
alias: myAlias
I have done user mapping for the system. userid: thillai pass: theatre
Created iView property(the input fields does not have id for the above URL viewsource, I used input name)
System: myAlias
URL Template: <System.protocol>://<System.server><System.uri>?<Authentication>
URL Template fragment for user mapping: inp_username=<MappedUser>&inp_password=<MappedPassword> (here inp_username is input field name)
iView preview shows the same view while open the URL directly.. the SSO is not done here.
I think problem is input field not having id.. please help to solve this issue . it is very urgent.
Regards,
Chinnadurai R
Hi Chinnadurai R,
If you follow the http-redirects etc and play around, you'll see that for example
http://www.diamondintelligence.com/default.aspx?inp_username=thillai&inp_password=theatre
works.
So
URI of web application: /default.aspx
should do the trick.
Hope it helps
Detlev
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Chinnadurai R,
Sorry, I didn't realize that the site sends a persistent cookie (even if "Remember me" is not clicked!).
OK, it might be that the third parameter, "__VIEWSTATE", is needed, too, with the constant value "dDwxMjE3MzgwNjQ0Ozsjfyf5zp/snkpSf5BBhJixSB/os=". Also be sure to set the request method to "POST" (so the link as given probably cannot work).
If you use the /include/login.aspx path, another problem might be the line in the returned html:
parent.location.href = '../default.aspx'
as this will try to access the content pane within the portal and the action won't be allowed for being cross-site-scripting. So you might try to post the values to default.aspx, but maybe the application doesn't log you in with this URL. In that case, you would need some tricky custom development (that might need a second "invisible" iView which reloads the AppIntegrator iFrame after the "logon" happened, to default.aspx (as from then on, you have the auth cookie on the client).
Hope it helps
Detlev
Hi Detlev,
It is not logging me after giving Applicaion Parameters: __VIEWSTAT=dDwxMjE3MzgwNjQ0Ozsjfyf5zp/snkpSf5BBhJixSB/os=
I am facing the same issue for the website: [Removed by moderator.]
is it not possible in configuration?
Regards,
Chinnadurai R
Hi Chinnadurai R,
See my last paragraph: It might need additional custom development. For the problems with https://dtcbpp.com/dtc2.nsf I would have to start a new complete analysis - for which I don't have the time now. Use a tool like httpWatch to analyse what the login page calls, what redirects happen, how they happen (check such weird things as the "parent" call, see above) and so on.
It is a case to case decision how to succeed...
Best regards
Detlev
Hi Detlev,
Thanks for your reply. I am analysis to fix the issue..
1. is this issue occuring bacause the input field does not have id?
2. My Client want to integrate Payroll management System through SSO. is this safe while using POST method also. and is the credentials display in network snipper ?
please reply to decide on the payroll system issue..
Best regards,
Chinnadurai R
Hi Chinnadurai R,
> is this issue occuring bacause the input field does not have id?
No. If you check with httpWatch or similar, you'll see that the name attribute is taken as the parameter name. The problems with the first site I have described above.
> Payroll management System through SSO. is this safe while using POST method
It depends. If you use AppIntegrator, of course the credentials are transferred in plain text. Using https could provide more security for that case.
Anyhow, the better solution might be to use SSO2 cookies, but that possibility depends on the kind of backend (SAP? -> supported; non-SAP? supportable on Java and .NET systems by own development - if you have access to the backend code and are able to extend / manipulate it).
Hope it helps
Detlev
Hi All,
I am trying to do SSO for the websites
1) http://www.diamondintelligence.com/
2) https://dtcbpp.com/dtc2.nsf
As detlev stated,
anybody done custom deveplopment to achieve SSO like these kind of websites, if yes please share with me.
or it is possible through configuration itself?
Please help me regard this.. it is very urgent.
Thanks in advance,
Regards,
Chinnadurai R
Hi All,
Koti :Thanks for your reply.. i already done SSO for Yahoo successfully.
I found the URL by monitoring HTTP Sniffer: http://www.diamondintelligence.com/include/login.aspx?__VIEWSTATE=dDwxMjE3MzgwNjQ0Ozs%2Bt80ls4a1QNgQ...
It showing Login or password is incorrect.
this URL also giving the same error: http://www.diamondintelligence.com/include/login.aspx?__VIEWSTATE=dDwxMjE3MzgwNjQ0Ozs%2Bt80ls4a1QNgQ...
so this VIEWSTATE input field shows the error..
how can i achieve SSO?..
Regards,
Chinnadurai R
Hi Detlev and Jan,
Thanks for Reply.
Detlev: Http Monitor Shows the below message:
POST /include/login.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /
Referer: http://www.diamondintelligence.com/include/login.aspx?
Accept-Language: en-gb
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: www.diamondintelligence.com
Content-Length: 112
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: __utmc=111986961; ASP.NET_SessionId=lcb2qqv1jxwcmc55n3mbjmus
__VIEWSTATE=dDwxMjE3MzgwNjQ0Ozs%2Bt80ls4a1QNgQx%2FMMiG%2F9iYv%2BuSY%3D&inp_username=thillai&inp_password=theatre
Jan: I am not looking SSO With Logon Tickets. only with user mapping.
is possible creating Custom Application Integrator to scccess SSO?
Regards,
Chinnadurai R
Hi Jan,
Thanks for your reply.
The website www.diamondintelligence.com is not my client intranet site. this is maintained by diamondintelligence company.
I cannot imagine with SAP Logon Tickets bacause we need to import (or accept) portal tickets in that site.. that is not possible.
can i customize the Application Integrator to achieve SSO?
is anybody already done customization of Application Integrator?
Regards,
Chinnadurai R
Hi,
> Since __VIEWSTATE is not a constant value but some kind of token, you can simply forget about an automatic login.
This is not necessarily the case. As long as the server (diamond...) does not bind the token to the IP adress used (or as long as the portal client has the same IP to outside sites as the portal server, which is the case if a proxy is used - in this will be the case in many scenarios), of course the server can fetch the token in a first request and pass it to the client within a form which then posts the form data to the diamond-server again.
But as said, this would need some development. And this would be project work in the end. I think that we have discussed this deep enough as far as this can be done in this forum...
Hope it helps
Detlev
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.