Authentication between Single Sign-On and Web based applications

Hi everyone,
I need to create a way in Portal 10g (10.1.2.0.2) that allow me to do the following:
Once the user is logged on Portal (against Single Sign-On - SSO) he doesn't need to retype his username/password when he access a web based application throught the portal, in my case, an ASP application (not .NET, just ASP).
I made a test creating a External Application in SSO and after publishing this portlet (external application) inside portal.
It worked, BUT I was prompted to inform username/password to log on the aplication.
So, the user end up entering his password twice.
Does anybody know a way to acomplish this task?
The documentation I'm researching is:
Oracle Application Server Single Sign-On
Administrator's Guide
10g Release 2 (10.1.2)
B14078-02
Oracle Application Server Single Sign-On
Security Guide
10g Release 2 (10.1.2)
B13999-03
Thank you very much,
Diogo Santos.

have figured out how to secure any HTML, ASP, PHP, CFM, etc. web page again Portal / OID using the PDK toolkit.
Using AJAX (Asynchronous JavaScript and XML) and one Oracle Stored Procedure just adding a simple Javascript call to any HTML, ASP, PHP, etc. web page can secure it via Oracle SSO (OID). Access to any secured web page will require that it to be linked from an authenticated Portal session or a page opened in an authenticated Portal session.
This process can be easily modified to add in group security etc. This is just my starting point.
1) Create a stored procedure
# Make sure it has access to portal.wwctx_api.is_logged_on
CREATE OR REPLACE PROCEDURE login_ajax_check (
display_error IN number default NULL) AS
BEGIN NULL;
If portal.wwctx_api.is_logged_on = false then
htp.prn('DENY');
ELSE
htp.prn('ALLOW');
END IF;
Exception when others then htp.p('DENY');
END;
2) Use this Javascript in any page you wish to secure.
<-- Begin Paste Here -->
<script>
var allowgo=2
function ajaxCallRemotePage(url)
if (window.XMLHttpRequest)
// Non-IE browsers
req = new XMLHttpRequest();
req.onreadystatechange = processStateChange;
req.open("GET", url, false);
req.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
req.send(null);
else if (window.ActiveXObject)
// IE
req = new ActiveXObject("Msxml2.XMLHTTP");
req.onreadystatechange = processStateChange;
req.open("GET", url, false);
req.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
req.send();
else
return; // Navigateur non compatible
// process the return of the "ajaxCallRemotePage"
function CheckPortal()
ajaxCallRemotePage('[Your page calling the procedure from above]');
function processStateChange()
if (req.readyState == 4)
if (req.status == 200)
if (req.responseText.substring(0,4) == 'ALLO')
allowgo = 0;
else
allowgo = 1;
function doPage()
if (allowgo==1)
window.location='[Your login or error page]';
CheckPortal();
doPage();
</script>
<-- End Paste Here -->
That's it!!! Super easy. It works great too.
Larry Schenavar
[email protected]

Similar Messages

  • How to pass credentials/saml token access sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication

    How to pass credentials/saml token exchange to the sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication 
    Identity provider here is Oracle identity provider 
    harika kakkireni

    Hi,
    The following materials for your reference:
    Consuming List.asmx on a claims based sharepoint site
    http://social.technet.microsoft.com/Forums/sharepoint/en-US/f965c1ee-4017-4066-ad0f-a4f56cd0e8da/consuming-listasmx-on-a-claims-based-sharepoint-site?forum=sharepointcustomizationprevious
    Sharepoint Claims based authentication and Single Sign on
    http://social.technet.microsoft.com/Forums/sharepoint/en-US/2dfc1fdc-abc0-4fad-a414-302f52c1178b/sharepoint-claims-based-authentication-and-single-sign-on?forum=sharepointadminprevious
    Sharepoint Claim Based Authentication Web Service issuehttp://social.msdn.microsoft.com/Forums/office/en-US/dd4cc581-863c-439f-938f-948809dd18db/sharepoint-claim-based-authentication-web-service-issue?forum=sharepointgeneralprevious
    Best Regards
    Dennis Guo
    TechNet Community Support

  • Web Based Application Single Sign on With Enterprise Portal

    Good day Developers,
    My question is really a two part question so forgive me in advance for asking in one post as I think they are relative to each other. My project is currently exlporing the creation of functionality that will allow the following:
    1. We want to allow a secure Web Based application possessing the abilitiy to auithenticate the user into Enterprise Portal and by passing the login screen to get to a landing page/iview in our Enterprise Portal instannce.
    2. We want the abilitity to perform a check of the user and create the user in the enterprise portal on the fly if they do not already exist.
    So far in my research I've come across tools and white papers mentioning the use rof oAuth and OpenID. Is that the right way to tackle these two items. Thanks for your help in advance.
    JD

    Hi
    1. You can do SSO between you application and portal using Verisign or third party authentication tool. I am not pretty sure how landing page and all will work as you mentioned.
    As portal is web based, you can deply your application in portal server. So that you will not need any other authentication tool.Also you can save effort , cost.
    2. By deploying application in portal also you do not have to concentrate on User management, which is itself a huge effort you have to put. Else you can go for third party tools like Identity management or ADS.
    -Yogesh

  • Oracle Single Sign on and Oracle Internet Directory

    Hello Gurus,
    What is the relationship between Oracle Single Sign on and Oracle Internet Directory.
    To my understanding, OID is required to install SSO.
    If OID already exist, can we just install SSO and go on integrating it to existing OID.
    Great Thanks,
    vimal jain.
    [email protected]

    Hi Tim,
    I've been working on this and could reproduce the issue with anonymous binds. A fix will be ready in 4.2.1.
    So what I really need is the password used for login to pass to the is_member call.The P101_PASSWORD item does not save state. However, you can access the value during submit processing of the login page, for example in the post authentication function of your authentication scheme. People sometimes put code in there to query the user's groups (e.g. with apex_ldap.member_of2) and save them in an application. This item value can then be used in the authorization schemes.
    Regards,
    Christian

  • Single Sign-On and Data Visibility Rights

    Hello,
    I was wondering whether anyone has any best practices for implementing single sign on and user identification with Excelsius.
    More specifically, I need to interrogate user role, and limit certain data visibility based on that role.
    For example, a sales rep may only see certain data for their own territories, but the regional and national managers can see more.
    With the emphasis in improving enterprise integration with the new version coming up, I'm also wondering if there are any improvements included for this aspect.
    Thanks in advance.
    Derick

    Hi Derick,
    I want to make our discussion into 2 parts
    1) Sign on
    2) Viewing data based on the Heirarchy
    1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
    2) We can make the second point possible in two ways One is with providing restriction at universe level
    and the other one is through the use of flash variables.
    Using flash variables:
    The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
    I hope this is what you ar looking for....
    If so i have more points to acheive such scenario.
    Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
    Regards,
    AnjaniKumar C.A.

  • Single Sign-On and session information

    I have an Oracle Portal application with many Java Web Applications. I wish to
    provide Single Sign-On to this applications. I know how to configure Single
    Sign-On and how to get the user login in Java. I want to store session
    information such as: User First and Last Name, User Social Security Number. I
    want to get this information from the database after authentication, store it
    in session and then access this information from all my applications.

    Are you familiarized with sys_context function?
    Hope this is useful help.
    BR,
    Marcos

  • Single sign-on and different usernames and passwords

    Hello,
    I am building a Portal with WLPS 3.5 and WLS 6.0. I tried to get
    information about the background of single sign-on.
    I understand, that I need a Realm (i.e. LDAP Realm) to authenticate the
    user for the first login to the portal (with username and password).
    Now I would like to integrate my webmail-programm (to get emails from
    Lotus Notes via Internet) as a portlet.
    For my understanding the user has to authorizate to get access to webmail.
    Therefore I create a ACL for webmail and this ACL is assigned to my
    security Realm.
    I would like the portlet to show after login the number of mails for the
    specific user. But where are the username and password for webmail stored
    and how are they received and forwarded?
    I understand that my ACL included all users that have access to webmail
    (i.e. all users). But I only want emails for the specific user.
    Does WLS get all usernames and passwords while the first login? Do I have to
    implement a algorithmen to get the specific username and password for the
    requested resource in my portlet?
    Has anyone solved a similar problem or can tell me where I can get more
    information. I read the WebLogic Security document but I cant find a
    answer to my questions.
    Thanks
    Lydia

    Lydia,
    I'm not an expert in this area, but I can give you a start.
    As for single sign-on, there are different levels. For single sign-on across web-apps,
    the servlet spec requires this (section 12.6 of th 2.3 spec) and therefore Weblogic
    does this.
    What you are talking about is single sign-on across back-end applications through
    a web-app. BEA has partnered with Securant (just acquired by RSA) to provide this
    kind of functionality. Browse to http://www.rsasecurity.com/products/ and look
    at the ClearTrust product. BEA has also partnered with Netegrity (www.netegrity.com)
    with their SiteMinder product. Neither is included in the Weblogic license. I'm
    sure either vendor would be excited to explain how their product will solve your
    problem if you give them a call.
    As for where the username and passwords are stored, that is up to the realm. If
    you are using the default WLPS RDBMSRealm, the username and encrypted password
    are stored in the WLCS_USER table. If you are using LDAPRealm, they are stored
    in your LDAP server.
    Hope this was useful!
    PJL
    [email protected] wrote:
    Hello,
    I am using PersonalizationServer 3.5 and WLS 6.0 SP 2.
    Now I try to unterstand the functionality of Single sign-on when a user
    has different usernames and passwords for different applications.
    Can someone explain where the usernames and passwords for a user are
    stored (all in the LDAP-realm or a RDBMS-realm?) When a user access the
    application how username and passwords are mapped? Or usernames and
    passwords for all applications are the same and will be equalized?
    Precisely I would like to get access to a mail-account for a specific
    user
    (webmail from Lotus Notes).
    Thanks for any help
    Lydia

  • Single Sign on and Protect URL step

    Hi,
    I have successfully installed Oracle Internet Directory, Identity Server, Web Pass, Policy manager, Access Server and WebGate (attached to Oracle HTTP Server from Oracle Management Infrastructure).
    My questions are:
    - How do I protect URL so the user will need to login to access certain URL?
    - How do I enable single sign on and test it?
    - What are the general steps involve to enable URL protection (so if the url is protected it will prompt for username and password) and single sign on using Oracle Internet Directory?
    Kindly help me if anyone know a solution or can point me to the right documentation. I have tried to read Oracle Access Manager - Access Administration Guide, but keep getting confused.
    Thanks.
    Regards,
    Alfonso

    Hi,
    You can follow Oracle Access Manager Integration Guide (10.1.4.0.1) B25347-01, chapter 4, to achieve this. This document will answer most of your questions.
    Regards,

  • Starting single sign-on and directory service

    i am trying to install oracle 9i infrastructure on my clean win2000 box with 2.4 GHz proc and 1GB RAM.
    i am getting falilure messages for the following:
    infrastructure instance configuration assistant: failed
    oracle 9i application server randomize password: failed
    single sign on configuration assistant: failed
    infrastructure mod-osso configuration assistant: failed
    OPMN configuration assistant: failed
    log file says:
    Configuration failed for IAS
    IAS Instance creation failed
    Configuration failed for JAZN
    JAZN configuration failed: unable to establish a directory context.
    Configuration succeeded for IASProperty
    Configuration failed for IAS
    Configuration failed for JAZN
    after which single sign-on and directory service dont start. which means no connectivity :(
    can somebody please guide me about how to avoid this failure in installation or how to manually start these after installation.
    it would be a great help
    ashish

    Hi,
    we're having exactly the same problem.
    Could you tell me what the problem is with the network ?
    You say configure it properly but what do you mean ?
    It's installed on a Windows 2000 Server machine, it's own DNS.
    Thanks,
    Yuri Arts

  • Want to understand the Difference between Attempt sign in and sign in in Unity Connection

    I would like to understand the difference between Attempt sign in and sign in in Unity Connection.
    If I do a direct routing rule to attempt sign in and another routing rule directly to sign in, what would be the difference for the caller (inside caller with or without voicemail and also outside caller with or without voicemail)?  Thank you!  Lise

    Attempt Sign-In—Sends the call to the user sign in conversation, if the calling number belongs to a user. The calling number is used as the ID. If the call is not from a user, the next rule in the routing table is applied to the call information.
    Sign-In—Sends the call to the user sign in conversation, which prompts the caller to enter an ID.

  • Running Opera, flickr, teashark and web based apps...

    I am unable to run web based applications like opera mini flickr cellity Teashark and others.
    Whereas opera,flickr are some inbuilt apps but still unable to access internet through them.
    Internet accessing is fine via default browser but none of the web browsers like Opera mini, Teashark,etc are not working.
    Its not the problem of Network since on my other mobiles, apps run fine.
    Please reply with the solution for the problem so that i can access web via web based Java Apps.
    Message Edited by aparichit on 11-Oct-2008 12:49 PM

    m so sry my net connection was nt working so couldn't reply
    ok so here is step by step procedure:
    Menu->Settings->Configuration->Personal config. sett->Options->Add New->Access Point:
    now what you hav to do here is dat basically you need to know the access point of the setting you want to use key in the access point there. user name and password are nt needed usually.
    save that access point and go back to the configuration page nw in 'preferred access pt.' set dat access point which you created just nw.
    this process worked for me mayb this works for you all too. (i've presumed dat you all have got your internet services activated from your provider)
    if you don't knw the name of your access point then your operator's customer care centre could be of some help..
    Was this post of some help? Click 'Kudos' star on the right hand side of this post. Your gesture will be highly appreciated!

  • Registering the Web based application as a Partner Application

    Good day
    I went through the suggested documentation of registering a
    web based application as a partner application of the SSO Login Server.
    I installed the SSOSDK.JAR and went through the demo application (JSP Demo)
    which consists of the following programs :
    papp.jsp
    ssoinclude.jsp
    ssoEnablerJspBean
    SSOEnablerBean
    SSOSignon
    As per the technical documentation,I register this demo application as a
    partner application.
    1 - The source code of the papp.jsp checks for the existence of the user
    through method of ssoEnablerJspBean [getSSOUserInfo(request, response)] which
    calls method of SSOEnablerBean [getSSOUserInfo (request, response) and this
    method calls getUserInfo(p_request) of SSOEnablerBean (the same program) to
    check the existence of the application cookie.
    2 - If it doesn't exit , it redirect it to the SSO Login page for user
    authentication.Once the user is authenticated, a SSO login cookie is created on
    the client's browser and redirects back to the SSOSignOn.
    3 - The SSOSignOn program creates the application cookie and redirects back to
    the entry point of the demo application which is papp.jsp.
    My Questions are as follows :
    1 - Instead of creating a session object within my web based application to hold some
    information used between the different pages, can I define them in the
    application cookie? kindly advise? Is there any limitation for the length of
    the application cookie? If yes, what will be the risk?
    2 - The SSOSignOn program is calling a method in the SSOEnablerBean
    [setPartnerAppCookie(response, request). Within this method , it is retrieving
    the parameters values of the request object as :
    request.getParameterValues("urlc")[0];
    What is the role of this [urlc]? Is it hard coded? Can I change it?
    3 - In order to ensure that I am still dealing with the same user, shall I put
    the above security check procedure on each page of my weeb based application? Kindly advise?
    Thanks in advance for your prompt feedback
    regards

    Dear Paul
    I think there is a misunderstanding regarding the last correspondence.
    I am talking about the customized home page of the PORTAL and not the home page of my web based application (JSP) .So in this case, Am I able to use the customized home page which contains a login portlet instead of the default Login page of the SSO Login Server.Kindly advise!!!
    On the other hand, I am facing a problem during the surfing of the web based application.
    The web based application consists mainly of two packages :
    Package I : Bank.counter which contains a set of jsp pages.
    JSP_HOME_COUNTER (MAIN PAGE WHICH CONTAINS 2 FRAMES)
    JSP_LEFT_FRAME_COUNTER
    JSP_MAIN_FRAME_COUNTER
    JSP_MAIN_FRAME_COUNTER_DETAIL
    Package II : Bank.portfolio which contains a set of jsp pages.
    JSP_HOME_PORTFOLIO (MAIN PAGE WHICH CONTAINS 2 FRAMES)
    JSP_LEFT_FRAME_PORTFOLIO
    JSP_MAIN_FRAME_PORTFOLIO
    Please note that the SSO classes are residing under the first package.
    As agreed on in the third question, I am including in each page of my web based application, a security check procedure as follows :
    <%@ include file="ssoinclude.jsp" %>
    <%
    if(usrInfo == null)
    response.getWriter().println("<center>User information not found</center>");
    else
    my jsp code.......
    %>
    Please note that all the jsp page of the portfolio package are pointing to the SSO classes as follows :
    <%@ include file="../counter/ssoinclude.jsp" %>
    <%
    if(usrInfo == null)
    response.getWriter().println("<center>User information not found</center>");
    else
    my jsp code.......
    %>
    Once I invoke the JSP_HOME_COUNTER , it will render the JSP_LEFT_FRAME_COUNTER page and
    JSP_MAIN_FRAME_COUNTER page which invokes the SSO Login page. Once the user has been authenticate, the result of the JSP_MAIN_FRAME_COUNTER is rendered successfully. The result contains an hyperlink to the
    JSP_MAIN_FRAME_COUNTER_DETAIL page. As the user has been authenticated , this page is rendering automatically the result without displaying the SSO Login page. (Perfect as of now!!).
    Once I invoke the JSP_HOME_PORTFOLIO from the JSP_HOME_COUNTER, it runs the security procedure without any rendering of the SSO Login page (fine!!) but redirects me back to JSP_HOME_COUNTER instead of rendering the result of the JSP_HOME_PORTFOLIO.
    please note that the m_requestUrl variable in the SSOEnablerJSPBean class has been assigned the folowing value : JSP_HOME_COUNTER
    Kindly advise .

  • Conversion of forms5.0 to web based application

    dear folks,
    i have an existing application which runs on forms 5.0. i want to
    convert it to a web based application. i do not want to rewrite
    the scripts.if some of you could tell me the details about how to
    go about it.
    null

    I am not sure if there is any tool to do that.
    You can delete WebSphere specific xml files from ear/jar and open it in Weblogic's builder tool. Weblogic Builder is a GUI tool. Helps you assign values for deployment parameters, Transaction attributes, JNDI names and so on. Then you can generate deployment descriptors. Subsequently you can modify the descriptors as and when you want.

  • Client/Server to Web-Based application Conversion

    Hi! Everyone,
    I have couple of questions for you guys.
    Our Client had recently upgraded Forms 4.5 to 6i to move from Client/Server based application to Web based application.
    They are using Forms Server 6i Patch Set 1, OAS 4.0.8.1, Windows NT Service Pack 5 and Oracle 7.3. They are facing the following error every now and then, when they run the forms,
    "FRM-92100: Your connection to the server was interrupted. This may be the result of a network error or a failure on the server.You will need to re-establish your session."
    Please let me know what might be causing the above error. The only problem i can think about might be Oracle 7.3. If i am right only Oracle 8 and above supports Forms 6i.
    Can anyone let me know some tips and/or techniques to upgrade Forms 4.5 to 6i. If there are any important settings/steps which we might have over looked during the upgrade, please list them.
    Any kind of help is greatly appreciated.
    Thanks,
    Jeevan Kallem
    [email protected]

    Most of the code is use with no changes at all.
    See otn.oracle.com/formsupgrade
    Regards
    Grant Ronald

  • How to integrate web based application to windows based application

    Hi,
    Experts,
    we developed web based application in this when we raising
    invoice document after adding this we need to updated Amount
    in integratee SAP B1 then that Amount we need Update The
    Amount  in OACT Table  how we can Update in Amount Field
    in OACT Particular Account Code. plz Guide  me. and how to
    integrate web absed application to windowbased application
    plz help me.
    Regds,
    Samapth.

    Dear sampathdevunuri kumar,
    You may develop the addon based on SDK DIServer for required function.
    The DI Server is an extension of the DI API and supports all its objects. It is intended for high-volume data integration, where numerous client connections must be managed simultaneously and optimized for speed. It is also suitable where Web-services architecture is preferred.
    Please refer to SDK help and SDK DIServer sample for more information.
    Best Regards
    Jane Jing
    SAP Business One Forums team

Maybe you are looking for

  • Uploading data from flat file to table control

    HI All, I want to upload data to OVKK tcode using BDC. For this I wrote Z program as shown below: REPORT ZSD_BDC_OVKK_UPLOAD        NO STANDARD PAGE HEADING LINE-SIZE 255. *INCLUDE bdcrecx1. DATA : BEGIN OF T_DUMMY OCCURS 0,        VAR(100) TYPE C,  

  • Why i can't sync my ipod

    everytime i sync my ipod, it cannot sync completely because the message keeps on like this " the disk could not be written." i tried reinstalling itunes again but it didnt fix the problem. there is one song that i dont' know that it cannot sync. migh

  • Jsp import directive

    i just installed tomcat 4.1.18 and pretty much copied over all my applications and did the configurations in the server and web files...the only problem i noticed was that importing classes not part of the java libraries throws a jsp init() exception

  • Use of Favicons FF3.6.13 on WinXP

    I have some bookmarks in the bookmarks toolbar (I do have the Smart Bookmarks Bar installed). When i start firefox, all the favicons show up as white plain icons. When I click on each favicon and the page loads, the favicons take the actual icon of t

  • Internet Explorer 11 doesn't allow downloads and intermittantly crashes when I try.

    Hello, I have Windows 7, 32 bit on a Dell laptop with 4Gb of RAM.  I've been primarily an IE user all along but I am now using Chrome and Firefox due to problems with IE 10 and 11.  Around the first of the year IE stopped letting me download anything