Home > > SSO and portal timeout  -- other bug?

SSO and portal timeout  -- other bug?

...this is very probably related to the other post talking about SSO and portal timeout...
I am having another weird issue with dotnet portlets that uses inline refresh (done automatically by dotnet accelerator) and SSO.
When you let the portal session expire, and then click on a button/link within a portlet (hence generate an inline refresh gatewayed request), the full portal window (header/footer etc...) appears within the portlet, instead of the portlet content alone.
I did some http traces (see below) and it seems the problem is due to the windows SSOLogin.aspx (we are using windows auth SSO) not taking the requested portlet gatewayed request url as a post login redirect info... but taking instead the current page url (which is wrong)
Thus, after the gatewayed portlet request is successfully authenticated by the SSOLogin.aspx component, it is automatically redirected to the wrong urll...making the full portal page refresh into the portlet.
So my question is: have anyone already seen such behavior? And has anything been done to fix this?
It really seems like a bug with the SSO servlet...but maybe i am doing something wrong...Just want to have your thoughts on this.
HTTP Trace:
POST     302     Redirect to /portal/sso/SSOLogin.aspx?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login     http://your.portal.com/portal/server.pt/gateway/PTARGS_0_15046_362_205_0_43/http%3B/your.portletserver.com/yourapp/youraspx.aspx
GET     401     text/html     http://your.portal.com/portal/sso/SSOLogin.aspx?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login
GET     401     text/html     http://your.portal.com/portal/sso/SSOLogin.aspx?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login
GET     302     Redirect to http://your.portal.com/portal/server.pt?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login     http://your.portal.com/portal/sso/SSOLogin.aspx?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login
GET     200     text/html; charset=utf-8     http://your.portal.com/portal/server.pt?in_hi_userid=15046&space=CommunityPage&parentid=1&cached=false&control=SetCommunity&PageID=0&CommunityID=205&parentname=Login
I have this happen in v6.0 sp1. We have worked around the problem with a bit of work and synchronization of settings. Below, I've outlined how we've worked around the problem (which is indeed a problem that should be fixed). Also, if you have a load balancer, you'll need to set your session timeout on the load balancer to a bit more than the refresh rate that you set for your communities and My Pages.
Resolving the Portlet Timeout / Refresh Problem in ALUI Portal_
Problem: Users occasionally receive the portal page within a portlet error
Cause: The root cause has not been determined; however it appears that the primary event that exhibits the behavior is when a teammember’s session has expired on the portal server and they then utilize a .NET form-based portlet which refreshes in place. Because we are using WIA SSO to enable automatic logins to the portal, it makes the error seem to occur randomly.
The workaround solution is to – 1) increase the portal session timeout on the portal web servers from the default 20min to 4 hours, and 2) set the MyPage refresh interval setting for all portal users to 3 hours. The setting name is a bit of a misnomer, as it will actually refresh the entire portal page automatically if the user is idle on either a My Page or a Community Page, as these are the only two places that portlets reside.
Increasing the portal session timeout:
The portal session timeout is controlled in two places, and both settings should match. On the portal virtual directory in IIS, edit the configuration and increase the timeout setting to 240 (minutes). Then, edit the portal application’s web.config file (d:\portal\ptportal\6.0\webapp\portal\web\) and increase the sessionState Timeout variable to 240. Editting the config file will require you to restart the services before you see the change.
Initial setting of the MyPage refresh interval:
The initial setting will need to be done by a SQL script in order to apply it to all existing users. The Default Profile should also be updated so that all new user synched from AD will have this setting applied automatically.
/* Delete refresh interval settings for all users first so that there are no conflicts on the inserts */
DELETE FROM portaldbuser.ptprefs WHERE prefname = 'intMyPageRefreshRate'
/* Insert desired page refresh setting for all users */
INSERT INTO portaldbuser.ptprefs (userid,gadgetid,prefclassid,prefobjectid,prefname,prefvaluetype,prefvalue,pagenumber) SELECT objectid,0,0,0,'intMyPageRefreshRate',3,180,0 FROM portaldbuser.ptusers
From Administration, access the Default Profiles utility. Check the Default Profile entry and click on the Edit Profile Layout link. Click on the My Account link in the Portal Settings portlet and then on the Display Options link on the next page. In the Page and Portlet Settings, update the Your My Page will be updated: setting to 4 hours. Click Finish twice to return to Administration.
Updating the MyPage refresh interval:
To update the setting just modify the insert portion of the SQL script. Change the prefvalue number (180) to the desired timeout in minutes and rerun both statements of the script.
The Default Profile should be also be modified per the instructions above.
I hope this helps...
Read the other 5 answers
Hi all, We are only interating BOBJ with BW/BI and the user experience is as follows: Users login to the SAP Portal using their Windows Active Directory user id and password to gain access to the portal. From my understanding at the moment, the way t
Hi Sdn's  and Nakisa tehnical experts, We have a Portal environment 7.02 , a Nakisa environment 3.0  (CE) and and HR backend environment 701 (604). We are busy setting up SSO between Portal and Nakisa via the, URL iview for the Org chart (http://<hos
Hi Experts, I am using CE 7.2 on localhost and I am very new to SAP. I need to know how can I get SSO between Portal and Java WD.  I have a WD application that displays the logged in user using "IUser currentUser = WDClientUser.getCurrentUser().getSA
Dear all, I have the following situation: 1. I have successfully installed SSO between Portal and the Backend system. That works fine. PORTAL -> D98 (R/3 System with 4.7) 2. The backend system has no ITS because it's SAP R/3 4.7 without ITS. PORTAL -
SSO and Portal is down after upgrade from AS to All others are running fine. Any similiar experience and solution? Thanks. Andycn=XXX information is missing for the SSO Server (orasso) when going to http://servername:7777/pls/ora
Hello All, I am using jsf and Inline navigation in all our portlets and when user leave the browser idle for portal timeout we have 2 problems. 1: Login portlet shows in that specific portlet. 2: we get a javascript alert saying out of memory at line
Hi, We are implementing payroll with the help of ADP. Please let me know different ways of establishing SSO between portal  and ADP Thanks Bala DuvvuriYou may a few issues. SSO with logon tickets is based on accessing web sites in the same domain. So
Hi Guys, I'm a security guy, with CUA, Portal and SSO - but when it comes to installation of CUA and SSO with Portal, I have some gaps in my knowledge, so I could use a little help.  Thanks in advance. My client is implementing a non SAP SSO solution
Hi All, We have a requirement for implementing SSO between a Portal application and Portal admin tool. We are using WL Portal 8.1 SP4. Here is the reason for this requirement - A user logged-into Portal Application needs to login to Portal Admin tool
Hi, We are trying to configure SSO from SAP Enterprise portal with Java based web application(Solaris on SPARC 64 bit). Then we downloaded library files for "Solaris on SPARC 64 bit" from service market place from the path "Support Packages
Hi All, I've done this configuration in the past but it seems that the process has changed a bit and I'm in need of some advice. I have a portal system which I've setup SSO. The SSO is done through Kerberos and the users are pulled from LDAP. Users l
Hi, We want to enable single sign on between Portal 6.0 and  Portal 7.0. Our scenario is, In Portal 7.0 on click of  role or workset, Portal 6.0 have to be opened in a new window without asking user ID and Password. What are the steps, I need to foll
Hello All,         I have a requirement to configure the SSO between Porat & any Website, Does anybody have experience of it. pls provide if any Doc is there or way of doing that ?? thanks SmitaHi Smita, You can follow these steps: UPLOAD: 1.Upload t
Hi, how to impliment sso for applications that i developed. i created tabs and added the channels to container. now i wants to that maintain the session . i.e, once a user enters into portal desktop.and he clicks the tab and enters user name and pass
Hi, how to impliment sso for applications that i developed. i created tabs and added the channels to container. now i wants to that maintain the session . i.e, once a user enters into portal desktop.and he clicks the tab and enters user name and pass
Hi all, We have implemented ESS in Portal. But we need to access the ESS modules outside the portal .. i.e, We need to access ESS applications from a .net portal.. goal is to acheive SSO from a .net portal to SAP Portal.. How to Acheive this. any app
I have successfuly deployed an EAR file(Servlet/JSP) to my OC4J. In my deployment descriptor, I have added security-constraints tag to implement authenticaion using LDAP. In the process of deploying, I have also specified the LDAP associated to my OC
Hello! I have two questions. First, have some of you guys worked with the captive portal in ISE (guestportal)? I have set up a new wireless network for a customer and they want to use the guest portal for som users. The problem that I am expering is
We have set it up so our portal users timeout if they have been inactive for 30 min. The problem is when the comeback from a period of inactivity, click on a link, and then are redirected to a webpage informing them that their session has timed out i