SSO - login/logout toPortal 'under the covers'

Hi
we are developing a website where users can have their own username/password. Once logged in (via a webpage in our application) they should be able to access Portal pages which require a DIFFERENT username/password (the reason for this is that there will be many application logons, but relatively few Portal ones).
To do this, we want to log them in/out of Portal from our application WITHOUT redirecting them to different pages, or even having them aware this has happened.
Is this possible?
Are there any examples on the oracle site?
I have downloaded the SSO SDK, but its not obvious how this should be coded. I was expected methods with names like logon and logoff. Its made a bit harder by the fact that the SSO SDK zipfile has links to files (in the doc directory) that are missing. I think we want to set up, what is termed by Oracle, an 'External Application' (as distinct from, a 'Partner Application').
Any help appreciated
Bob Sams
null

Bob,
Defining an External Application allows it to be accessed, with Login Server performing an automated login, after the user logs on the the Portal - through the Login Server. This is not what you are asking for, which is more the other way around.
To achieve what you are describing, you may be possible to implement this with the 3.0.9 version of the Portal and Login Server.
In this version, there is a mechanism whereby you can implement a package on the Login Server which will attempt to obtain the user's identity through some user defined mechanism when an authentication request is received. This feature was added to enable integration with other Single Sign-On systems such as Netegrity SiteMinder.
In your case, you would have your web application do the actual authentication, and then set something in the environment that could be obtained by the package implemented on the Login Server to get the user's identity when called for.
The details of implementing something like this will be forthcoming in a white paper. You will need to wait for the 3.0.9 version of the Login Server to avail of this feature.
null

Similar Messages

  • Opens Webmail login page instead of sso login page after changing the webma

    Hi Gurus,
    I have setup notes webmail in portal which uses SSO. I login to portal and click the webmail link which opens the sso page for authentication(Cuz I have integrated the webmail to use SSO). I enter my username and password. Then it shows my emails, inbox..etc. I logout of portal, Go to Notes client on my PC and change my webmail password there. I go back to portal and log in and click the webmail link on the portal. Cuz I have changed the webmail password, I expected that it will open the SSO page and ask me to enter the password again. It didn't happen. Instead of opening eh SSO login page, It opens the Webmail login page with an error saying "Invalid User Name or Password". I am wondering why it opens the webamil login page instead the sso login page. I can still login to webmail If I enter the user name and new password. But it doesn't update the webmail password which is stored in the SSO. Please post a reply if you have some idea about fixing this.
    Thanks
    Raj
    -------------

    Hi Gurus,
    I have setup notes webmail in portal which uses SSO. I login to portal and click the webmail link which opens the sso page for authentication(Cuz I have integrated the webmail to use SSO). I enter my username and password. Then it shows my emails, inbox..etc. I logout of portal, Go to Notes client on my PC and change my webmail password there. I go back to portal and log in and click the webmail link on the portal. Cuz I have changed the webmail password, I expected that it will open the SSO page and ask me to enter the password again. It didn't happen. Instead of opening eh SSO login page, It opens the Webmail login page with an error saying "Invalid User Name or Password". I am wondering why it opens the webamil login page instead the sso login page. I can still login to webmail If I enter the user name and new password. But it doesn't update the webmail password which is stored in the SSO. Please post a reply if you have some idea about fixing this.
    Thanks
    Raj
    -------------

  • Is the Azure Files data highly available/replicated under the covers?

    I am assuming that with Azure Files, under the covers data is replicated multiple times for High Availability.  Is that correct?  For some applications, typically failover application, where the application doesn't assume highly available storage;
    the applications themselves build logic to either replicate/sync data.  An example is Elastic Search.  In these cases, the system lands up making too many copies.  Is the Azure File Semantic the same as blob store, in this regard.

    Hi,
    Would request you to refer to the article below to understand Azure File Service (in preview now):
    Introducing MS Azure File Service
    http://blogs.msdn.com/b/windowsazurestorage/archive/2014/05/12/introducing-microsoft-azure-file-service.aspx
    Below article helps us understand the same better with a "how-to" perspective:
    The Azure File Service
    http://clemmblog.azurewebsites.net/azure-file-service/
    Lastly, would like to keep you informed on the Features Not Supported By The Azure File Service
    http://msdn.microsoft.com/en-us/library/azure/dn744326.aspx
    Thank you,
    Arvind

  • Agent Login Logout timestamps in the database

    Dears,
    In our UCCE environment we need a detailed report that generates information about the agents login and logout times.
    Does anyone have any idea in which table in the database we can view these timestamps?
    Best regards,
    Lara Noueir

    Dear Lara,
    you can get these detaills from Agent_Event_detail table
    you will be getting login date and time from Agent_Event_Detail table along with the duration of the event.
    also agent log out table will give you the logon duration and log out date and time.
    you can refer the ICM DB schema further info.
    http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_8_5_3/reference/guide/icm853schema.pdf
    Rate the post if it usefull.
    Regards,
    Shalid K.C

  • RH under the covers

    We've been looking for ways to improve performance with RH
    and RSC. As part of the analysis, I used a performance monitor to
    see what processes occurred while RH was running. Yikes!
    Even when I am at rest in the project, a seemingly
    endless parade of file accesses goes flying by. Thousands upon
    thousands of them. I see this odd looping through files that are
    associated with the templates, and an ongoing polling of all the
    folders in the project. Once in a while, it will stop. Certain
    activities seem to set the whole thing in motion again.
    Has anybody looked at this? Is there a way to tame this
    behavior to achieve better response time? At a casual glance, it
    looks like RH7 restricts this behavior a little bit. Where RH6 was
    doing its template-related looping more or less constantly, RH7 was
    doing it about once a second. That's not enough to tame the beast,
    though.
    Any hints appreciated!
    G

    It keeps on going even if I'm idle. (Not that I'm admitting
    to being idle!) It's not entirely consistent, though. Sometimes it
    stops and waits. I did see an interesting correlation where the
    entries were just spinning by...until I closed the Single Source
    Layouts pseudofolder. Then it stopped. Opening the folder again -
    not *doing* anything, mind you, just opening the folder - started
    the entries spinning by again. Same behavior with the stylesheet
    folder. Not with the templates folder, interestingly enough.
    Then RH had to mess with my neat theory by starting the
    processes again without me opening a folder or touching anything.
    I haven't established the pattern, but there sure seems to be
    a lot going on.
    G

  • How to change the behaviour of the Cancel-Button of SSO-Login-Page (Forms)?

    Hi Folks,
    we use SSO-Login to authenticate users using Forms. How do I change the URL which is opened when a user clicks on the cancel button on the SSO Login page?
    In the formsweg.cfg file there is a parameter named ssoCancelUrl, but if I define it, it doesn't work anyway. Seems like it has something to do with ssoDynamicResourceCreate, but I don't exactly understand what.
    Can't I simply change the URL which is opened (globally), when a user hits the cancel button on any SSO-Loginpage.
    Thanks in advance.
    Regards.

    Exactly this does not work! Please watch my settings:
    Global Setting in formsweb.cfg
    # Single Sign-On OID configuration parameter: indicates whether we allow
    # dynamic resource creation if the resource is not yet created in the OID.
    ssoDynamicResourceCreate=false
    # Single Sign-On parameter: URL to redirect to if ssoDynamicResourceCreate=false
    ssoErrorUrl=
    # Single Sign-On parameter: Cancel URL for the dynamic resource creation DAS page.
    ssoCancelUrl=
    # Single Sign-On parameter: indicates whether the url is protected in which
    # case mod_osso will be given control for authentication or continue in
    # the FormsServlet if not. It is false by default. Set it to true in an
    # application-specific section to enable Single Sign-On for that application.
    ssoMode=false
    App-Specific settings in formsweb.cfg
    [proz]
    envFile=proz.env
    form=proz.fmx
    title=proz
    separateFrame=true
    width=1280
    height=960
    ssoMode=true
    ssoDynamicResourceCreate=false
    ssoCancelURL=http://machinename:port/zugangsportal/
    otherparams=useSDI=yes P_SERVER_URL=machinename:port P_REP_SERVERNAME=machinename_proz ZP_TARGET_ID=%ZP_TARGET_ID%
    When I now access http://machinename:port/forms/frmservlet?config=proz I got redirected to the SSO-Login-Page but the Cancel-Button still links to Middletier Home. Why?
    Regards.

  • Controlling Login/Logout and Background Sync

    Mac OS X Server 10.5.7
    Mac OS X Client 10.5.7
    Everything setup perfectly and by the book on both Server and Client.
    Problem:
    Why in God's name has Apple COMBINED the sync rules for both Login/Logout and Background Sync??? It's the most illogical thing and it does not work!!!
    Question:
    I know how to prevent Background items from Syncing at Login (through the preference manifest), but how to I get the Background sync NOT to sync LOGIN/LOGOUT items.
    The problem is always and systematically been mostly with the LIBRARY folder giving all sorts of sync errors. I have tried every possible trick combination but nothing seems to work.
    Is this STILL a bug even after a year?? If so, other than skipping the Library folder completely, mobile homes is utterly useless and unreliable. If I skip the Library folder, then mobile homes aren't really complete if a user moves to another machine.
    Has anyone found a reliable solution to this mess?
    PLEASE HELP.

    Something is definitely breaking it. Its as if at some random point in time, the sync stops obeying the background rules. I can only conclude that there is still is a bug somewhere that is not fixed.
    For example, I initially created the mobile home setting using the computer groups. When that started giving me errors, then I figured, let me try it by doing it via groups. So I created a new group and then, undid the settings for mobile homes that I had set for my computer group.
    The first time I logged in, it was working perfectly. Then my laptop's battery died. When I plugged it back, it reconnected to my wireless network and THATS when the bug started showing up again. No matter how many times I restarted, if I have firefox or entourage open, I automatically see that exclamation point in the upper right hand corned (on the mobile homes icon) and its ALWAYS the library files pertaining to those apps that 'are in use'.
    This is really frustrating and most non-apple like. This used to work perfectly under Tiger Server, I don't understand how Apple can mess this up THIS BAD and worse, not have a solid fix after a year.
    This bug even occurred with a brand new installation of Leopard server on a Xserve and a Mac OS X 10.5.7 station. The instant the mobile user logged on, that exclamation point came on complaining about the entourage files being in use even though that entire folder is set to be SKIPPED during Background Syncing.
    Not sure where to look anymore.
    And one more thing; as soon as I encounter that exclamation point, the time/date stamp reporting the last sync stops working as well.
    Could you provide screenshots of your setup? Could it be that Im missing one tiny detail somewhere? I just dont see where though.
    This is an updated output after it breaks (maybe there's a clue in there somewhere)
    excludedItems = (
    comparison = fullPath;
    value = "~/.SymAVQSFile";
    comparison = fullPath;
    value = "~/.Trash";
    comparison = fullPath;
    value = "~/.Trashes";
    comparison = fullPath;
    value = "~/Documents/Microsoft User Data";
    comparison = fullPath;
    value = "~/Library";
    comparison = fullPath;
    value = "~/NAVMac800QSFile";
    excludedPrefItems = (
    comparison = fullPath;
    value = "~/.SymAVQSFile";
    comparison = fullPath;
    value = "~/.Trash";
    comparison = fullPath;
    value = "~/.Trashes";
    comparison = fullPath;
    value = "~/Library/Application Support/SyncServices";
    comparison = fullPath;
    value = "~/Library/Caches";
    comparison = fullPath;
    value = "~/Library/Logs";
    comparison = fullPath;
    value = "~/Library/Printers";
    comparison = startsWith;
    value = "IMAP-";
    comparison = startsWith;
    value = "Exchange-";
    comparison = startsWith;
    value = "Mac-";
    homeSyncCompleted = 1;
    homeSyncTime = 2009-05-25 21:09:29 -0400;
    isNewMobileAccount = 0;
    periodicSyncOn = 1;
    syncPeriodSeconds = 0;
    syncedFolders = (
    path = "~";
    syncedPrefFolders = (
    path = "~/Library";
    path = "~/Documents/Microsoft User Data";
    }

  • APEX 3.2 Associating application with SSO login page.

    Hi
    My requirement is to replace my login page of APEX3.2 application with an SSO login page. Also, the application uses some tables with some history columns like: "Last Updated by", "Created by", "Last Update Time", etc... While create/edit of any table, I want these columns to be automatically populated according to the credentials used in SSO login page to that application. Please help.
    The link given on this forum (http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html) for the purpose seems to be obsolete i.e. for previous versions of APEX.
    Thanks
    Bhavesh

    Bhavesh,
    That how-to explains all the steps you need to set up SSO with Application Express.
    As far as the audit columns, just create triggers on your tables. Referenced v('APP_USER') to get the authenticated username.
    Scott

  • How can I get sso login info ''urlc'' in a portlet?

    For partner-app, when the user tries to access the app through a direct url, the user will be directed to the portal's sso login page. After the portal's sso authenticates the user, it will redirect the user back to the app with the authentication information (urlc to be more specific) appended to the url. The app then can use this urlc information to call the sso-sdk api to get user info and to set cookie etc.
    Instead of having the user to access the app directly by typing the url in the browser, I create a "gateway" portlet to display a link to the app and inport the portlet in a portal page. When the user gets to this portal page, the user has already logged in, therefore when the user clicks on the link, the user should not be redirected to portal's sso login page. In order to do that, I have to insert the urlc information in the link. My question is, how can it get the urlc information, therefore when I create the link dymanically in the gateway portlet, I can insert it into it? FYI - I am writing the gateway portlet in java. Is there any java api in the jpdk that I can use to get the urlc information?
    Thanks
    Vince

    The easiest way would be to set a SESSION of the username, and then insert the contents of that SESSION into the classified table's username field. You need to register a SESSION on every page of your site by placing <?php session_start(); ?> at the top of every page (in code view). This must be the very first line of code. Using SESSIONS is very handy because it stores any information that you want in a cookie - except that this is stored on the server (not the user's hard drive) and is destroyed when the user quits the browser.
    <br />
    <br />Here's a couple of different ways to get you started
    <br />
    <br />
    <code>
    <br /><?php session_start(); ?>
    <br /><?php require_once('Connections/conn.php'); ?>
    <br /><?php<br /> // check to see if the username session is set<br><br /> if(!isset($_SESSION['username'])) {<br />  // it's not, register the username session<br />  $_SESSION['username'] = $username;<br /> }<br /> <br /> // or grab the username from the $_POST of the login form<br /> $username = trim($_POST['username']);<br /> $_SESSION['username'] = $username;<br /> <br /> // insert into classifieds table<br /> $sql = mysql_query("INSERT INTO classifieds (username) VALUES('".$_SESSION['username']."')") or die(mysql_error());<br />?>
    <br />
    </code>

  • Having trouble with SSO Login handling multiple webhost deployments

    We have installed IDM 11g and OAM 10.1.4.3 on RHEL5.6 hosts, respectively. We have successfully installed all the components:
    Environment Details:
    - Server1 -- 64 bit Intel RHEL5
    Fusion Middleware Identity Management - 11.1.1.2
    WLS 10.3.2
    ODSM,OID,OVD
    DB 10.2.0.4
    - Server 2 32-bit Intel RHEL5
    OAM 10.1.4.3
    OHS
    -Server 3 -- WebHost -- 32 bit Windows XP
    WLS 10.3.2 -- with simple war file deplyed
    OHS 11.1.1.2
    -Server 4 -- WebHost -- 64 bit RHEL5.6
    WLS 10.3.2 -- with simple war file deplyed
    OHS 11.1.1.2
    We have created a policy and included both webhost server deploymetnts as protected resources. Individually if we open the war files, they will display the default SSO login screen when opened from the same browser session. After the SSO login is completed, and the first uri diplays, we are expecting that when the second uri is opened the SSO Login will not display... but it does.
    If we open a uri (either one) and enter the SSO Login, subsequent tries to open that same uri in the same browser session does not require the SSO login -- this is the expected result.
    I am sure there is something simple we are missing here, but cannot seem to determine the issue.
    Edited by: OldGuy on Jul 13, 2011 12:27 PM

    If you go to system preferences users&groups, login options do you have "Display login window as:" List of users checked, as opposed to Name and password?
    Try checking List of users.

  • Agent Login Logout Activity report extensions are all blank

    Hi there,
    We are running UCCX ver  8.5.1.11003-32. When we run the Agent Login Logout Activity report the extensions are all blank as seen below.
    Anyone know why this would be?
    Thanks
    Alexis

    In case anyone comes across this.
    This is a bug, resolved in UCCX 8.5.1SU4
    Cheers
    Alexis

  • Accessing portal pagegroup pages without need to SSO login to the portal.

    how do I make an entire page group publicly accessible so that all users who try to access the portal page do not need to SSO login to view the page.
    I changed for the page as PUBLIC and given view privileges..however the portlets do not show up...can anyone tell an easy way to make a created pagegroup publicly accessible.
    It would be good if someone can elaborate on how ppl usually build a pagegroup which is publicly accessible without logging into oracle portal.
    Thanks,
    Prasanth.

    Hey Christian -- I think you left off one piece. He mentioned that the portlets are not showing up. Barring anything like external applications, it could be that the portlets are inheriting from their provider and the provider is not set to be public.
    Prasanth: To check/change this, go to Navigator and the Providers tab. Then drill down to the provider where your portlets are. Click Grant Access on the provider level or drill down to the individual portlet depending on how your portlets are setup.
    If you grant public access on the provider level, everything under that provider will be publicly accessible unless you set them otherwise. To grant public access to a provider, add the user PUBLIC and give them execute rights. To grant public access to an individual portlet, drill to that portlet and click grant access. Clear the check mark that says Inherit Privileges from Portal DB Provider and grant the user PUBLIC execute access to that portlet.
    Rgds/Mark M.

  • I had to reset my Apple password and now my iTunes and iCloud passwords no longer work. How do I get them linked again and under the same password. I've tried my new password on each login screen and it isn't accepted.

    I had to reset my Apple password and now my iTunes and iCloud passwords no longer work. How do I get them linked again and under the same password. I've tried my new password on each login screen and it isn't accepted.

    Hi skippy2012trev,
    Welcome to the Apple Support Communities!
    I understand that you updated your Apple Id and password but now you are being prompted for the old information in iCloud. You are on the right track by changing the Apple ID back to the previous email address temporarily so that you can sign out. You should not need to verify the email address. After you edit the Apple ID back to the old email address and then sign out of iCloud on your iPhone, edit the Apple ID back to the address you would currently like to use. There is no need to change the password again, only the email address, unless you prefer to update the password again.
    If you're asked for the password to your previous Apple ID when signing out of iCloud - Apple Support
    Change your Apple ID temporarily
    If signing out and back in to iMessage or FaceTime didn't help, try these steps:
    Change your Apple ID to the Apple ID you used previously. You shouldn't need to verify the email address.
    Tap Settings > iCloud. Complete these steps only if the Find My [Device] setting is turned on:
    Scroll down and tap Sign Out, then tap Sign Out to confirm. If you're using iOS 7 or earlier, tap Delete Account, then tap Delete to confirm.
    Tap Keep on My [Device] or Delete from My [Device]. In either case, your data remains in iCloud and will be updated on your device when you sign in to iCloud again.
    Enter the password for your previous Apple ID.
    Change your Apple ID to the new email address that you want to use. You'll need to verify the email address.
    Return to Settings > iCloud and sign in with your new Apple ID.
    Cheers,
    Joe

  • I droped my I-touch and cracked the screen, is this covered under the warranty ?

    I droped my I-touch and cracked the screen, is this covered under the warranty

    No
    Apple will exchange your iPod for a refurbished one for this price. They do not fix yours.
    Apple - iPod Repair price
    A third-party place like the following maybe less. Google for more.
    iPhone Repair, Service & Parts: iPod Touch, iPad, MacBook Pro Screens
    Replace the screen yourself
    iPod Touch Repair – iFixit

  • Will the Apple Headphones be covered under the warranty?

    Hey,
    My left ear bud keeps buzzing. Will it be covered under the warranty? I got my iPod Touch 2 weeks ago and I really don't want to buy new apple headphones. Please help I don't have a JOB and my parents are cheap! And I don't want to call apple for nothing! So are the headphones covered or am I 'SOL'?

    They are covered by your warranty.
    You can either stop by an Apple Store Genius Bar http://www.apple.com/retail/geniusbar/
    Or you can order a replacement online http://www.apple.com/support/serviceassistant/overview.html

Maybe you are looking for