cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem in AppIntegrator user mapping parameter

Go to solution
Former Member

on ‎11-13-2008 6:37 AM

0 Kudos

Hi ,

I am trying sso for http://www.diamondintelligence.com/include/login.aspx? (Note I have done AppIntegrator for Yahoo)

I have created system,

Name of the server:www.diamondintelligence.com

protocaol: http

URI of web application: /include/login.aspx?

alias: myAlias

I have done user mapping for the system. userid: thillai pass: theatre

Created iView property(the input fields does not have id for the above URL viewsource, I used input name)

System: myAlias

URL Template: <System.protocol>://<System.server><System.uri>?<Authentication>

URL Template fragment for user mapping: inp_username=<MappedUser>&inp_password=<MappedPassword> (here inp_username is input field name)

iView preview shows the same view while open the URL directly.. the SSO is not done here.

I think problem is input field not having id.. please help to solve this issue . it is very urgent.

Regards,

Chinnadurai R

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

detlev_beutner
Active Contributor
‎11-13-2008 9:07 AM
0 Kudos

Hi Chinnadurai R,

If you follow the http-redirects etc and play around, you'll see that for example

http://www.diamondintelligence.com/default.aspx?inp_username=thillai&inp_password=theatre

works.

So

URI of web application: /default.aspx

should do the trick.

Hope it helps

Detlev

Show replies
Show replies
Former Member
‎11-13-2008 9:41 AM
0 Kudos

Hi Detlev,

It is not working the link which you have sent, and I previewed iView after changing the URI of web application.

Both are asking me user credentials. what will be the issue?

Regards,

Chinnadurai R

detlev_beutner
Active Contributor
‎11-13-2008 10:23 AM
0 Kudos

Hi Chinnadurai R,

Sorry, I didn't realize that the site sends a persistent cookie (even if "Remember me" is not clicked!).

OK, it might be that the third parameter, "__VIEWSTATE", is needed, too, with the constant value "dDwxMjE3MzgwNjQ0Ozsjfyf5zp/snkpSf5BBhJixSB/os=". Also be sure to set the request method to "POST" (so the link as given probably cannot work).

If you use the /include/login.aspx path, another problem might be the line in the returned html:

parent.location.href = '../default.aspx'

as this will try to access the content pane within the portal and the action won't be allowed for being cross-site-scripting. So you might try to post the values to default.aspx, but maybe the application doesn't log you in with this URL. In that case, you would need some tricky custom development (that might need a second "invisible" iView which reloads the AppIntegrator iFrame after the "logon" happened, to default.aspx (as from then on, you have the auth cookie on the client).

Hope it helps

Detlev

Former Member
‎11-13-2008 11:25 AM
0 Kudos

Hi Detlev,

It is not logging me after giving Applicaion Parameters: __VIEWSTAT=dDwxMjE3MzgwNjQ0Ozsjfyf5zp/snkpSf5BBhJixSB/os=

I am facing the same issue for the website: [Removed by moderator.]

is it not possible in configuration?

Regards,

Chinnadurai R

detlev_beutner
Active Contributor
‎11-13-2008 12:09 PM
0 Kudos

Hi Chinnadurai R,

See my last paragraph: It might need additional custom development. For the problems with https://dtcbpp.com/dtc2.nsf I would have to start a new complete analysis - for which I don't have the time now. Use a tool like httpWatch to analyse what the login page calls, what redirects happen, how they happen (check such weird things as the "parent" call, see above) and so on.

It is a case to case decision how to succeed...

Best regards

Detlev

Former Member
‎11-13-2008 2:18 PM
0 Kudos

Hi Detlev,

Thanks for your reply. I am analysis to fix the issue..

1. is this issue occuring bacause the input field does not have id?

2. My Client want to integrate Payroll management System through SSO. is this safe while using POST method also. and is the credentials display in network snipper ?

please reply to decide on the payroll system issue..

Best regards,

Chinnadurai R

detlev_beutner
Active Contributor
‎11-13-2008 2:25 PM
0 Kudos

Hi Chinnadurai R,

> is this issue occuring bacause the input field does not have id?

No. If you check with httpWatch or similar, you'll see that the name attribute is taken as the parameter name. The problems with the first site I have described above.

> Payroll management System through SSO. is this safe while using POST method

It depends. If you use AppIntegrator, of course the credentials are transferred in plain text. Using https could provide more security for that case.

Anyhow, the better solution might be to use SSO2 cookies, but that possibility depends on the kind of backend (SAP? -> supported; non-SAP? supportable on Java and .NET systems by own development - if you have access to the backend code and are able to extend / manipulate it).

Hope it helps

Detlev

Former Member
‎11-24-2008 6:52 AM
0 Kudos

Hi All,

I am trying to do SSO for the websites

1) http://www.diamondintelligence.com/

2) https://dtcbpp.com/dtc2.nsf

As detlev stated,

anybody done custom deveplopment to achieve SSO like these kind of websites, if yes please share with me.

or it is possible through configuration itself?

Please help me regard this.. it is very urgent.

Thanks in advance,

Regards,

Chinnadurai R

Former Member
‎11-24-2008 8:58 AM
0 Kudos

Hi,

did you check below blog

Koti Reddy

Former Member
‎11-24-2008 10:43 AM
0 Kudos

Hi All,

Koti :Thanks for your reply.. i already done SSO for Yahoo successfully.

I found the URL by monitoring HTTP Sniffer: http://www.diamondintelligence.com/include/login.aspx?__VIEWSTATE=dDwxMjE3MzgwNjQ0Ozs%2Bt80ls4a1QNgQ...

It showing Login or password is incorrect.

this URL also giving the same error: http://www.diamondintelligence.com/include/login.aspx?__VIEWSTATE=dDwxMjE3MzgwNjQ0Ozs%2Bt80ls4a1QNgQ...

so this VIEWSTATE input field shows the error..

how can i achieve SSO?..

Regards,

Chinnadurai R

detlev_beutner
Active Contributor
‎11-25-2008 9:14 AM
0 Kudos

Hi Chinnadurai R,

I already wrote that this doesn't work (after I overlooked the cookie through which first I thought it would work); seems that the target only accepts the parameters as POST parameters, not as GET parameters.

Regards

Detlev

Former Member
‎11-25-2008 9:40 AM
0 Kudos

Hi chinnadurai,

Perhaps you can check this blog: It has some interesting links on how to enable .NET applications to accept SAP Logon tickets.

Best regards,

Jan

Former Member
‎11-25-2008 9:54 AM
0 Kudos

Hi Detlev and Jan,

Thanks for Reply.

Detlev: Http Monitor Shows the below message:

POST /include/login.aspx HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /

Referer: http://www.diamondintelligence.com/include/login.aspx?

Accept-Language: en-gb

Content-Type: application/x-www-form-urlencoded

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

Host: www.diamondintelligence.com

Content-Length: 112

Connection: Keep-Alive

Cache-Control: no-cache

Cookie: __utmc=111986961; ASP.NET_SessionId=lcb2qqv1jxwcmc55n3mbjmus

__VIEWSTATE=dDwxMjE3MzgwNjQ0Ozs%2Bt80ls4a1QNgQx%2FMMiG%2F9iYv%2BuSY%3D&inp_username=thillai&inp_password=theatre

Jan: I am not looking SSO With Logon Tickets. only with user mapping.

is possible creating Custom Application Integrator to scccess SSO?

Regards,

Chinnadurai R

Former Member
‎11-25-2008 10:19 AM
0 Kudos

Chinnadurai,

We experienced many problems when trying to enable SSO with usermapping to an ASP.NET intranet site and chose to enable acceptance of SAP Logon Tickets, so I can not advice you on user mapping.

Best regards,

Jan

Former Member
‎11-25-2008 10:43 AM
0 Kudos

Hi Jan,

Thanks for your reply.

The website www.diamondintelligence.com is not my client intranet site. this is maintained by diamondintelligence company.

I cannot imagine with SAP Logon Tickets bacause we need to import (or accept) portal tickets in that site.. that is not possible.

can i customize the Application Integrator to achieve SSO?

is anybody already done customization of Application Integrator?

Regards,

Chinnadurai R

Former Member
‎11-25-2008 1:07 PM
0 Kudos

Hi.

Since __VIEWSTATE is not a constant value but some kind of token, you can simply forget about an automatic login.

Cheers, Karsten

detlev_beutner
Active Contributor
‎11-25-2008 1:28 PM
0 Kudos

Hi,

> Since __VIEWSTATE is not a constant value but some kind of token, you can simply forget about an automatic login.

This is not necessarily the case. As long as the server (diamond...) does not bind the token to the IP adress used (or as long as the portal client has the same IP to outside sites as the portal server, which is the case if a proxy is used - in this will be the case in many scenarios), of course the server can fetch the token in a first request and pass it to the client within a form which then posts the form data to the diamond-server again.

But as said, this would need some development. And this would be project work in the end. I think that we have discussed this deep enough as far as this can be done in this forum...

Hope it helps

Detlev

Former Member
‎11-26-2008 4:44 AM
0 Kudos

Hi Karsten and Detlev,

Thanks for your reply.

I am trying to do custom development for this issue. please give your inputs to solve this issue.

Kind Regards,

Chinnadurai R

Former Member
‎05-18-2010 11:43 AM
0 Kudos

Thanks all for repiles..

Answers (0)

Ask a Question