portalconfig.xml does not effect to the login page - Deployment & Migration(Archived)

I am trying to add another authentication source beside the ALUI User Database and which will be the default auth source. But after adding/modifying necessary parameters in portalconfig.xml and restarting the server and all services, it seems not effected by the new modification!! When I try to access I get the same login page and same auth source (ALUI User Database) as like before modification. Where I made wrong?
I know here are peoples who know the solution, please help me! Thanks in advance.


How to validate the users and passwords from DataBase

Hello Everybody
Can any one tell me how to validate users and their passwords from database (not from JAZN Sever configuration file) ? 
i think, you are talking about OID, in OID case you can simly use LDAP check. 
What I need is to check whether a user existed in my databse and if he/she did, then verify the password entered by the user is valid or not by retrieving those values from the databse.
Acually the method shown in the sa,mple application validates the users which are entered into the
jazn-data.xml . But I need to verify those details from the data base.
Is there anyway we can do this using JAZN/JAAS?
Thanking you for your repoly,
What I need is to check whether a user existed in my databse and if he/she did, then verify the password entered by the user is valid or not by retrieving those values from the databse.
Acually the method shown in the sa,mple application validates the users which are entered into the
jazn-data.xml . But I need to verify those details from the data base.
Is there anyway we can do this using JAZN/JAAS?
Thanking you for your repoly,
What is your setup? DB, AS, OIS, SSO... and versions... etc. 
Hi! Mr.Kivnac,
I'm using JSF/ADF Faces for my presentation and Controller Layer and TopLink for Model
Layer. I'm Planning to use Single Sign-On for my Security Layer.
The Exapmle Applications given for Struts/JSF Security are dealing with users entered into the jazn-data.xml or to DAS and LDAP for OID.
But what I need is
My Web Application has a Sign Up page which lets users create a new user Account and then these accounts have to be added to database or to DAS&OID dynamically, not before Deployment but during RUNTIME and working Phase of the application.
Could you tell meHow to do this?
There is no Example in OTN detailing this approach which is the very basic need of any application.
How can we expect users predefinedat the time of development.
It must have a provision for creating new User Accounts at After deployment and running phase, isn't it?
Can help me out?
Thanks in advance,
Hi! I felt I need to update my Query.
May be My Question is " How to Specify a DataBase as a Resource Provider ( in may be jazn-data.xml) And how to add new users into the database if such a user does not already exist in the database ; or provide access to the protected resource once the user logs in.
And note that the user and his password have to be verified with those in the database; and not from the preconfigured jazn-data.xml or LDAP Directory edited with DAS.Remember I'm Using Single sign On.
Any one knowing the Solution ,please help me! 
As I'm Going through the user guide provided by Oracle, I came to understand that We had to enter users to LDAP resource which is an instance of OID and also oracle AS has to be an istance of OID.
My Question is
How to populate the database or LDAP Resource (what ever it be) with new users, their passwords and thier information as entered in the sign up page ?
I understood how validation is done for exixting users(those entered into the jazn-data.xml or LDAP resource using DAS) but I need my application to accept new users ro register with and validate them if they login next time
The Source of these user Data May be a Database/LDAP resource(instance of OID)
Please Can Any one Help me out?
Thanking you in advance...
I also have the same problem. Can someone please give a solution to this problem? 
I found a Sample application on this topic :
Which describes implememnting Java Security and validating users against Database,(not xml files which is the default).
But what I still could not find is how to populate the Database dynamically with users, i.e enabling new users to register with the database, that part is not dealt in that example.
I'll be glad if anyone can tell me those deatails.
thanking you

DomainA/UserA installed BAM, Buttons in Start Page are Grey

Hello All,
I installed BAM on Win2003 R2/SP1 by DomainA/UserA.
Did the configration in Page29, required for 2003.
Database is on Another machine.
Ran MakeMeAnADCAdmin.sql,
SQL> #c:\temp\MakeMeAnADCAdmin.sql
You are: DomainA/UserA
Your user ID is 2.
Congratulations! You are now an admin... use your powers wisely :-).
Go to start page, still pop-up the auth windows, after input right user/password, the Button still grey in start page.
Anyone could help. What else I need do.
By the way, I can create BAM connection in JDev by using DomainA/UserA.
Thanks and regards,
Are you accessing the BAM url in IE after logging in using DomainA/UserA credentials?
The same credentials used in NTLM authentication are sent by IE when you are accessing BAM.
To change that behavior, you'll have to change the security settings for the appropriate zone (intranet/trusted sites) to prompt for user name and password. It is 'Automatic login only in Intranet zone' by default. 
Yes, I access the BAM url in IE after logging in using DomainA/UserA credentials.
But I already tried to change the security settings for the appropriate zone (intranet/trusted sites) to prompt for user name and password.
Still the same.
A lot people same to have this problem, how they solved it?
Well, you can try this step out then:
Login directly into the W2k3 machine using DomainA/UserA credentials, and access the BAM url using http://localhost/OracleBAM. The buttons should be enabled.
You can go to the Administrator section and have a look at the list of users that are registered. DomianA/UserA should already be in the list, since you've already tried logging in from another machine. All you need to do now is ensure that the required privileges are provided to the user. A difference in casing used in the user name / domain name will also affect the login process. So, ensure that the same case is used when logging in from the remote machine. 
I try to logon today, everything looks fine. I did not make any change.


Hi All,
I have configured OBIEE to work with OSSO refering to the steps in the Deployment guide. However, when I log in I get the following message:
You are not currently logged in to the Oracle BI Server.
If you have already logged in, your connection might have timed out, or a communications or server error may have occurred.
To log back in, click here. If a problem persists, please contact the site's administrator.
When I refered to other posts where the same issue was faced, they say that an init block populating the USER session variable must be added. I am using OID to authenticate users and thats how I am populating the USER session variable. Let me know whether I have to make any changes here.
Also, when I click on the 'click here' link in the msg I get I go to the login page (OSSO) and once I log in I get the message:
404 Not Found
Resource /osso_login_success not found on this server
Please let me know what I need to do to get OSSO successfully working with OBIEE.
You are mixing two different setups which are not compatible. Either you do LDAP Authentication in which case all users will need to login to OBIEE using the OBIEE login screen and will be authenticated to OID or you use SSO to leverage other Portal's authentication. In that case users will be redirected to the Portal's SSO login page for authentication. In the LDAP case your will populate the USER session variable in the LDAP init block. In the SSO case you will need to do an Init Block for that getting the value of the user ID from the server variable/cookie/HTTP header that you have configured in your SSO setup. In both cases you will still need another init block to perform authorisation and populate the GROUP session variable.
Finally you have posted two other questions and have not followed up the responses:
Multi tenancy in webcat
If the issues are solved then close them with brief note: http://catb.org/esr/faqs/smart-questions.html#followup. If you don't follow up your questions people are going to avoid them as it's pointless to reply if we will never know if we helped solving the issue or not.
PS: Change your user handle to something more friendly than user12438396. 
Thanks for your response. 
It's worth mentioning that if you want to SSO OBIEE with an Oracle Application Server (OAS) App and Oracle Internet Directory (OID) running on LDAP then can do so. In that case you will not setup LDAP authentication in OBIEE. You will only need to setup SSO with OAS (as per the documentation). Users will then either be logged in automatically into OBIEE (should they log into OAS first) or will be redirected to OAS login page to login to OAS and then redirected back to OBIEE once they are logged. In that case you will have both SSO and LDAP authentication although only SSO is configured in OBIEE as you can't both configured at the same time. 
If I do that will I still be able to get variables like GROUP and displayname from OID? Right now I am using LDAP for authentication as well as to get values of GROUP, organization etc? Will this still be possible if I use OSSO for authentication? 
Yes, it's still possible but you will need to do some coding. There are many ways to get data from LDAP but the easiest is probably to use Oracle's DBMS_LDAP_UTL package to read the data that you need and output it as a table for OBIEE to initialize all the required variables via standard init blocks. See this post for sample code:
I would think enabling SSO should be a better solution specially if your OBIEE users login to your OAS portal first in which case they won't have to relogin to OBIEE.
As per your message, I removed the init block for LDAP authentication and I created an init block with select ':USER' from dual which populated the variable USER. However, I still get the error I stated in my first message.
Do you know what else could be the problem? 
I realized what I was doing wrong. Ignore the previous post.

SSO with External Apps not working correctly

We have a Portal installation (3.0.6) and we have added an External Application which is also a Portal Login page (3.0.9). The user and password fields are ssousername and password and we are using the GET method.
We enter a username and password and are able to login into the External Portal Application, log out and are logged back in automatically when we click the link. However, if we close the browser for the main Portal page (3.0.6) and open it again and click on the link to the Partner Application, we are asked to Login again.
What is the problem? Is it because of Ver 3.0.6?
Technically if you have two portal then you should be able then to put together using SSO Server(Login Server). I am not sure why you are using one portal as external application? 
Yes, technically we could do that. But we have to migrate a large base of users from 3.0.6 version to 3.0.9 in 2 weeks which we can't do in that time frame.
Hence, the External Application.
Could you give me some information on what I am missing to make External Authentication work?
Can you please list the exact sequence
that you are following to logon/logout?
This will give some idea what's going on. 
Here is the exact problem -
We are having a problem using Extermal Application SSO
feature. It looks like we may be missing something.
This is our situation -
Intranet Page ( - Added an Application Portal
(3.0.9) as an External Application. This uses the
default Login Portlet with 2 fields - ssousername and
Now, in the Intranet Portal, I added the Login Page of
the Application Portal, put in the username and
password, also checked the box for 'Remember the
Password ...' and then enetered the Login Information
the first time. This works fine as long as the
Intranet Portal browser is not closed. However, if I
close the Intranet Portal browser and then open it and
click on the External App link for the Application
Portal, I am prompted again by the Application Portal
for userid and password. I know I should not be
getting this prompt.
What am I missing?

ldap integration queries ...

Hi all,
I have integrated OID with Oracle 9iAS. Now I have 2 queries regarding the same.
1) After creating a particular user in LDAP, how do I assign a portal role to that user using APIs ?? For e.g. if I want to make user1 as PORTAL_ADMINISTRATOR, how do I do it ??? And I do not want to use the portal administration interface.
2) Right now I have assinged the role using the Portal Administration interface. But when I logon, I find that the default previleges are shown. Only after I use the "Refresh Page" link then it shgows the correct portlets.
Has anyone experienced this before ????
You should write a script using the PDK APIs which you should run in the Portal schema.
Without going into the details, which you can do, the sequence of APIs would be something like the following:
On the second issue, make sure your cache settings are appropriate - perhaps it was a caching issue. Make sure your browser checks for changes with the server on each request.