About Partner application

Similar Messages

• SSO for partner applications

  Hi All,
  I have installed 10g AS Release 2 on a system. I also have Application Express(formerly HTML DB) installed on the same system. I registered one of the HTML DB applications as partner applications and have put SSO authentication for it.
  When I try to login the AS looks at the OID installed on the system(which I gave during installation). I want it to look at the Oracle gmldap.oraclecorp.com server OID so that only Oracle employees login.
  Can anybody tell me how to change the OID and what are the entries to be give to configure it to gmldap.oraclecorp.com server??
  Thanks,
  Swaroop

  See Task 3 in the Section 9.4 of the Oracle Application Server Administrator's Guide:
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/chginfra.htm#i1014978
  See the following for information about what to specify on each page.
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/reconfig.htm#i1013341

• Partner Application in release 2

  Hello,
  I have to create a new PL/SQL partner application in the release 902.
  Where is the new sso sdk for the new Portal release?
  In the new pdk seems that it is the same of the 309 release (ssosdk307_032101 or ssosdk307)...
  And the pl/sql example code in the Oracle9 iAS Single Sign-On Application Developers Guide is not working...
  Can someone give me some feedback?
  Thank you and regards,
  Lorenzo.

  Lorenzo,
  Did you get any feedback on this posting? I'm also working with Release 2 (9.0.2) and is just about to start implementing the Java SSO SDK. The latest release of SSO SDK I've found is 307. According to the documentation this version supports SSO server 3.0.6 to 3.0.8, thus not Release 2. Please reply if you have any news regarding SSO SDK for Release 2.
  Best Regards,
  Rikard

• Partner application and web clipping.

  Hi All,
  I am trying to add an external application (say my.yahoo.com) to a webclipping and its throwing the below error in the application log.
  WC-517 : SSL handshake failed with the url ...
  I have checked the file ca-bundle.crt and the certificates are in place. Does anybody know how to go about debugging this problem as I am quite new to portals and at my wits end to solve it.
  Also I would be greatful if anybody can suggest me the steps on adding an Apex application configured as partner application with SSO authentication to a web clipping.There seems to be little or no-documentation at all in this regard(as far as my search goes).
  Thanks in advance
  -Venkat

  I finally got it working by VERY CAREFULLY reading the instructions in the install.txt document in the SSO SDK package. You have to set up the partner application with a new schema in the login server database, and run the regapp.sql script AFTER editing it to insert data from the Login Server Partner Application admin screen. After you register the partner app in Portal, it gives you some info (site token, listener token, encryption key, etc). You have to MANUALLY copy these and paste them into the regapp.sql script, then run the script in the partner app schema. Make sure you don't confuse capital I with numeral 1 (like I did, since Oracle so nicely uses a non-serif font where you can not tell the difference).
  Also make sure you copy the exact values for these parameters into your code when you use the SSOEnabler class. The listener token was very confusing since different documents appear to disagree on whether it should include the partner app name or not. It does require the partner app name:
  app-name:hostname:port
  hostname and port are for the web server that is handling http requests for the login server (usually your main portal web server).
  John H.

• How to Submit Partner Application Form to Partner Application

  When creating a partner application as a portlet, when we submit the form it gets submitted to the Portal server instead of the Partner Application server and as that page does not exist on the Portal Server. We get 404 error, Page not Found.
  We wanted to use this application as a portlet without making any changes to the application, but looking at some examples it seems we will have to make some changes to the application to make it work as portlets. The changes I am talking about are following which we don't want to make as applications already exist.
  <form method=post
  action="<%=HttpPortletRendererUtil.htmlFormActionLink(request, HttpPortletRendererUtil.PAGE_LINK)%>" name='mainform' onsubmit='return validateallfields(this)'>
  <%=HttpPortletRendererUtil.htmlFormHiddenFields(request,
  HttpPortletRendererUtil.PAGE_LINK)%>
  <%=UrlUtils.emitHiddenField(HttpPortletRendererUtil.portletParameter request ,
  "next_page"),"/htdocs/sosportlet/createticket.jsp")%>
  Also one more thing is I am not able to use the URL renderer, as with URLRenderer I am not able to get the information about the Single Sign On User.
  So currently I am using the
  <showPage class="oracle.portal.provider.v2.render.http.ResourceRenderer"> in the provider.xml file.

  The servlet or JSP page you are sumbitting to is specified by the action="..." parameter of the form tag...
  In that servlet/page you do a few things:
  1) validate the input:
  String s = request.getParameter("name of formelement here");
  if (s == null) {
  //handle null-string here...
  2) put it in database
  ... create driver
  ... open connection
  ... produce ResultSet

• BC4J, Auditing, Partner Application and SSO

  I am trying to figure out how to set up a BC4J-JSP app to use "database audit trail in entity objects" within a Portal/SSO environment.
  Here is the situation;
  Part 1:
  I am able to partially get the auditing to work on a BC4J App Module in the tester by setting the appropriate history columns in the Entity Object and then setting the jbo.security.enforce property to "Test". Upon entering the tester I am challenged for a "username/password". At this point I can enter any credentials, I can then enter some data. Visually checking the database I find that the history "date" columns (date_created) are ok but the "user" columns (created_by) are not filled in.
  Part 2:
  Now if I set jbo.security.enforce property to "Test". I am not sure what user credential to enter here. I have looked at OID Manager for some clues for what username/password but I'm not sure if this is even in the ballpark.
  Part 3:
  At some point I will deploy this app as an SSO/Partner Application which will be accessed from a Portal page. Since authentication is handled by the SSO login page, I am confused about setting up the "database audit trail in entity objects" (from Part 1) as it talks about creating * another * login page. This seems contradictory so Long postings are being truncated to ~1 kB at this time.

  Part 1:
  When setting jbo.security.enforce property to "Test", BC4J does not throw exception if credential is invalid. You should set it to "Must" if you really want to validate the credential. The "Test" setting does perform the authentication, a warning stating authentication fail is in the diagnostic output if the username/password is invalid. The "Test" setting is just to exercise the authentication but if it fail it does not stop the rest of the application. The "user" column (created_by) does not get fill could be cause by failed authentication or if the column is marked as Refresh on Update or Refresh on Insert, or if the client app insert null or zero length string into it.
  Part 2:
  BC4J default authentication uses the LoginModule from Oracle9iAS JAAS (in j2ee\home\jazn.jar). This LoginModule by default configure to use the lightweight jazn-xml. You can check this by looking "<jazn provider=..." in the j2ee\home\config\jazn.xml. If you are interested in using OID, you need to change it to <jazn provider="LDAP" location="ldap://myoid.us.oracle.com:389" />, "myoid.us.oracle.com:389" should be host address and port of your OID. There are a few predefined users in the lightweight jazn-xml if you wish to test it, there are admin/Long postings are being truncated to ~1 kB at this time.

• OID SSO Logout issue from the partner application

  As per the below link I am trying the logout functionality from the partner application,
  http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14078/tpsso.htm#i1011555
  The article talks about a logout url pattern, I am trying to execute the below from the partner application.
  https://single_sign-on_host:single_sign-on_ssl_port/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=done_url
  The issue I got is OID server is not redirecting to the p_done_url, it just stays in the same OID logout page, Do I have to create any configuration entry to get the redirection working?
  Thanks

  Hi All,
  Providing more information,
  What I get is the OID logout screen with two return buttons on top and bottom of the page.
  If I found is when I click any of those it goes to the p_done_url but What I want is
  instead of stopping in the OID logout page, auto redirection to the p_done_url,
  Can this be done.
  Thanks

• OID Realm Setup for Partner Application in another application server

  This message was also posted under the Identity Management thread.
  We currently have 10.1.2 SSO running and configured to accept a partner application from another app server (10.1.3). A sample application attempts to authenticate a user and then use JAZN to confirm whether the user is in the correct OID group. The user can authenticate successfully, which shows up in the SSO audit table, but the group check fails. I believe this is due to the realm not being visible to the other app server? How do I go about setting up the app server or application on the 10.1.3 platform to be able to check the 10.1.2 SSO server for the right OID group when the user authenticates? I have tried to set up the file-based permissions through the EM console, but seems to be only valid for the local setup. My thought was that the system-jazn-data.xml file would need to identify and point to the SSO server? When I troubleshoot that file, I see the correct realm entry and also the correct JAZN group and the OID GUID for the group. Any suggestions?
  Thanks,
  Leif

  Hi Amit,
  I am also facing the same issue. Could you please share the work around you around to get rid of this issue?
  Mahendra.

• Ideas for flights partner application problem

  Hi!
  We got problem with trying to configure flights demo partner
  application.
  URL: http://orawat5/servlet/flights/
  Error code below:
  An error has occured in this Application
  oracle.security.sso.enabler.SSOEnablerException:
  oracle.security.sso.enabler.SSOEnablerException:
  java.sql.SQLException: ORA-06550: line 1, column 13: PLS-00201:
  identifier 'WWSEC_SSO_ENABLER_PRIVATE.GENERATE_REDIRECT' must be
  declared ORA-06550: line 1, column 7: PL/SQL: Statement ignored
  at
  oracle.portal.devguide.partner.application.PartnerSSOEnabler.getS
  SOUserInfo(PartnerSSOEnabler.java:215) at
  oracle.portal.devguide.partner.application.FlightDispatch.process
  (FlightDispatch.java, Compiled Code) at
  oracle.portal.devguide.partner.application.PartnerServlet.doGet
  (PartnerServlet.java:48) at
  javax.servlet.http.HttpServlet.service(HttpServlet.java:499) at
  javax.servlet.http.HttpServlet.service(HttpServlet.java:588) at
  org.apache.jserv.JServConnection.processRequest
  (JServConnection.java:402) at
  org.apache.jserv.JServConnection.run(JServConnection.java:260)
  at java.lang.Thread.run(Thread.java:479)
  What do you think about what is problem?
  (maybe this java ...PartnerSSOEnabler.getSSOUserInfo calls some
  pl/sql code)
  Regards,
  Olli-Pekka

  Can you please provide me following information so that I can understand the environment clearly?
  1. Login Server version
  2. SSO SDK version (e.g. ssosdk307_011223.zip) etc
  3. Database version for Login Server and SSO SDK partner application
  4. Where did you get the original JPDK zip file and version number?

• How to transfer the language chosen in Portal to a partner application

  Hi,
  I'm having problems transferring the language chosen in Oracle Portal to a partner sso application. The partner application is written in java, and authorizes against SSOServer using the ssosdk902.jar. Using the java api, I should be able to extract information about Locale from the SSOUserInfo class using the method getLocale. The result however is not the language chosen by the user in Portal, but the language setting of the browser (internet explorer 6).
  I would expect to get something corresponding to the result of wwctx_api.get_nls_language in the portal. Am I misunderstanding things here?
  Any help would be greatly appreciated.
  /Mads

  Hi there,
  Have you found an answer for this question? I would be interested in the answer as well.
  Thank you,
  Claudia

• Oracle SSP as a Partner Application

  I've got few questions.
  1- How do I get information regarding the configuration of Oracle Self Service Purchasing ( Release 11i) as a Partner Application?
  2- I'm working on 3.0.8 release but I can't find the "Oracle 9iAS Single Sign-On Application's Developer Guide" paper related.
  On-line I found the one for the Release 3.0.6 and 3.0.9!
  3- Are there any warnings about the release allowed to that process configuration?
  Thanks in advance

  Having XE on a stick being absurd or not. is it
  technically possible. Just to be able to do things
  that you couldn't do before. Maybe it's a waste of
  time. But doesn't alle learning look like a waste of
  time in the first place :-) When you play around a
  discover new things you may be able to help others
  later on.Hi Nicolai!
  If you take a look on my post I accent: that's my opinion.
  I done (as a student) also sometimes things that others looked as absurd.
  E.g. Oracle database for all comets in human history with orbital calculations, etc.
  I'm thinking now more on "production level" - on "student level" everything is OK where you learning new things...
  Cheers!

• Registering the Web based application as a Partner Application

  Good day
  I went through the suggested documentation of registering a
  web based application as a partner application of the SSO Login Server.
  I installed the SSOSDK.JAR and went through the demo application (JSP Demo)
  which consists of the following programs :
  papp.jsp
  ssoinclude.jsp
  ssoEnablerJspBean
  SSOEnablerBean
  SSOSignon
  As per the technical documentation,I register this demo application as a
  partner application.
  1 - The source code of the papp.jsp checks for the existence of the user
  through method of ssoEnablerJspBean [getSSOUserInfo(request, response)] which
  calls method of SSOEnablerBean [getSSOUserInfo (request, response) and this
  method calls getUserInfo(p_request) of SSOEnablerBean (the same program) to
  check the existence of the application cookie.
  2 - If it doesn't exit , it redirect it to the SSO Login page for user
  authentication.Once the user is authenticated, a SSO login cookie is created on
  the client's browser and redirects back to the SSOSignOn.
  3 - The SSOSignOn program creates the application cookie and redirects back to
  the entry point of the demo application which is papp.jsp.
  My Questions are as follows :
  1 - Instead of creating a session object within my web based application to hold some
  information used between the different pages, can I define them in the
  application cookie? kindly advise? Is there any limitation for the length of
  the application cookie? If yes, what will be the risk?
  2 - The SSOSignOn program is calling a method in the SSOEnablerBean
  [setPartnerAppCookie(response, request). Within this method , it is retrieving
  the parameters values of the request object as :
  request.getParameterValues("urlc")[0];
  What is the role of this [urlc]? Is it hard coded? Can I change it?
  3 - In order to ensure that I am still dealing with the same user, shall I put
  the above security check procedure on each page of my weeb based application? Kindly advise?
  Thanks in advance for your prompt feedback
  regards

  Dear Paul
  I think there is a misunderstanding regarding the last correspondence.
  I am talking about the customized home page of the PORTAL and not the home page of my web based application (JSP) .So in this case, Am I able to use the customized home page which contains a login portlet instead of the default Login page of the SSO Login Server.Kindly advise!!!
  On the other hand, I am facing a problem during the surfing of the web based application.
  The web based application consists mainly of two packages :
  Package I : Bank.counter which contains a set of jsp pages.
  JSP_HOME_COUNTER (MAIN PAGE WHICH CONTAINS 2 FRAMES)
  JSP_LEFT_FRAME_COUNTER
  JSP_MAIN_FRAME_COUNTER
  JSP_MAIN_FRAME_COUNTER_DETAIL
  Package II : Bank.portfolio which contains a set of jsp pages.
  JSP_HOME_PORTFOLIO (MAIN PAGE WHICH CONTAINS 2 FRAMES)
  JSP_LEFT_FRAME_PORTFOLIO
  JSP_MAIN_FRAME_PORTFOLIO
  Please note that the SSO classes are residing under the first package.
  As agreed on in the third question, I am including in each page of my web based application, a security check procedure as follows :
  <%@ include file="ssoinclude.jsp" %>
  <%
  if(usrInfo == null)
  response.getWriter().println("<center>User information not found</center>");
  else
  my jsp code.......
  %>
  Please note that all the jsp page of the portfolio package are pointing to the SSO classes as follows :
  <%@ include file="../counter/ssoinclude.jsp" %>
  <%
  if(usrInfo == null)
  response.getWriter().println("<center>User information not found</center>");
  else
  my jsp code.......
  %>
  Once I invoke the JSP_HOME_COUNTER , it will render the JSP_LEFT_FRAME_COUNTER page and
  JSP_MAIN_FRAME_COUNTER page which invokes the SSO Login page. Once the user has been authenticate, the result of the JSP_MAIN_FRAME_COUNTER is rendered successfully. The result contains an hyperlink to the
  JSP_MAIN_FRAME_COUNTER_DETAIL page. As the user has been authenticated , this page is rendering automatically the result without displaying the SSO Login page. (Perfect as of now!!).
  Once I invoke the JSP_HOME_PORTFOLIO from the JSP_HOME_COUNTER, it runs the security procedure without any rendering of the SSO Login page (fine!!) but redirects me back to JSP_HOME_COUNTER instead of rendering the result of the JSP_HOME_PORTFOLIO.
  please note that the m_requestUrl variable in the SSOEnablerJSPBean class has been assigned the folowing value : JSP_HOME_COUNTER
  Kindly advise .

• b OID Realm setup for partner application server /b

  We currently have 10.1.2 SSO running and configured to accept a partner application from another app server (10.1.3). A sample application attempts to authenticate a user and then use JAZN to confirm whether the user is in the correct OID group. The user can authenticate successfully, which shows up in the SSO audit table, but the group check fails. I believe this is due to the realm not being visible to the other app server? How do I go about setting up the app server or application on the 10.1.3 platform to be able to check the 10.1.2 SSO server for the right OID group when the user authenticates? I have tried to set up the file-based permissions through the EM console, but seems to be only valid for the local setup. My thought was that the system-jazn-data.xml file would need to identify and point to the SSO server? When I troubleshoot that file, I see the correct realm entry and also the correct JAZN group and the OID GUID for the group. Any suggestions?
  Thanks,
  Leif

  Hi Amit,
  I am also facing the same issue. Could you please share the work around you around to get rid of this issue?
  Mahendra.

• SSO to partner application running under IIS

  Hi,
  We have a complete set-up for 9iAS Release2 where some applications are running. In parallell we have an application running under IIS, and would now like to enable the IIS application as a partner application to 9iAS letting the 9iAS SSO server handle the authentication.
  In the documentation of Oracle Proxy Plug-in I read that this proxy plug-in can be used to proxy requests from IIS to Oracle http server (OHS) and also in this way enable SSO.
  My question is if this can be done only for applications running under 9iAS but having IIS as web server, or if it is also possible like in our case to enable SSO via the proxy plug-in to applications runnind under IIS?
  If this is not supported is the only available solution to use the SSO SDK in my IIS application?
  Thanks and regards,
  Rikard

  Here's a DIY answer.
  See Metalink Note 269820.1 which shows you how to use Perl to overwrite the host name in the HTTP header and remove the port number.

• HOW TO SET UP PARTNER APPLICATION TO USE SSO OUTSIDE OF PORTAL

  If anyone knows how Portal switches context to run as the db user mapped to the lightweight schema and how it knows the db schema password please let me know.
  Should you have any queries please do not hesitate to contact me on 07775 896738.
  From document Oracle Portal Security Overview on PortalStudio.oracle.com:
  In Single Sign On mode (EnableSSO=Yes in the DAD), mod_plsql determines the name of the light-weight user and mapped database schema by calling
  WPG_SESSION_PRIVATE.GET_LW_USER and WPG_SESSION_PRIVATE.GET_DB_USER respectively.
  ** These calls are done using the Portal Schema (PORTAL30) and Portal schema password **
  mod_plsql then executes the procedure in the requested URL by using the N-Tier Authentication feature to connect to the database as the user returned from
  WPG_SESSION_PRIVATE.GET_DB_USER. ..... Note that N-Tier Authentication requires all schemas to be used for Portal user mappings to be granted 'connect
  through' privleges to the Portal schema (PORTAL30).
  The WWCTX packages are also used.
  So this is how it works with standard Portal
  - the document states that the WPG_SESSION_PRIVATE package is only accessible to the Portal schema
  - but I checked and it is also available to PORTAL30_SSO
  SQL> desc WPG_SESSION_PRIVATE
  PROCEDURE CREATE_SESSION
  Argument Name Type In/Out Default?
  P_COOKIE_NAME VARCHAR2 IN
  FUNCTION GET_DB_USER RETURNS VARCHAR2
  FUNCTION GET_LW_USER RETURNS VARCHAR2
  PROCEDURE GET_SESSION_INFO
  Argument Name Type In/Out Default?
  NUM_PARAMS NUMBER OUT
  PARAM_NAMES TABLE OF VARCHAR2(32000) OUT
  PARAM_VALUES TABLE OF VARCHAR2(32000) OUT
  PROCEDURE RESET_SESSION
  Argument Name Type In/Out Default?
  P_COOKIE_NAME VARCHAR2 IN
  In my case only the Login Server (PORTAL30_SSO) is going to be used/installed
  - the SAMPLE_SSO_PAPP application will only work if the DAD used to access is it set to use Basic authentication, i.e. the actual integration with the Login Server
  is done in the sample application code calls, stored in the database
  - when a DAD has enableSSO=yes it automatically accesses Portal (PORTAL30) packages to implement N-Tier authentication
  I'm currently testing:
  1. Configuring the SAMPLE_SSO_PAPP sample as documented with a DAD with Basic authentication
  2. Amending the ssoapp procedure to set context to another (db) user on successful authentication:
  wwctx_api.set_context (
  p_user_name => 'SCOTT',
  p_password => 'TIGER' );
  3. If this works then set_context with get_lw_user instead
  I have now amended the ssoapp procedure as follows to print out
  1. The userid entered when the login box is presented
  2. The Database user which the Portal Lightweight user is mapped to
  3. The Lightweight user Portal has used for authentication
  Amendments to papp.pkb:
  (ssoapp procedure, declare db_user_info and lw_user_info as VARCHAR2 in declare section)
  htp.p('Congratulations! It is working!<br>');
  db_user_info := wwctx_api.get_db_user;
  lw_user_info := wwctx_api.get_user;
  htp.p('User Information:' || l_user_info || '<br>');
  htp.p('DB User Information:' || db_user_info || '<br>');
  htp.p('LW User Information:' || lw_user_info || '<br>');
  The following shows the interesting results from my testing:
  - if the user owning the sample_sso_papp package is PORTAL30_SSO then the call to wwctx_api.get_db_user succeeds
  - if the user owning the sample_sso_papp package is a non-portal schema e.g. SSOAPP below the call to wwctx_api.get_db_user generates a User Defined exception
  Steps to test:
  Created new schema SSOAPP on the database
  - edited it in Portal and checked the use this schema for Portal users checkbox
  - created new Lightweight user SSO_LW in Portal, mapped it to SSOAPP schema
  - created new Lightweight user SSO_SCOTT in Portal, mapped to SCOTT schema
  - loadjava -user ssoapp/ssoapp@portal30 SSOHash.class
  - sqlplus portal30/portal30@portal30
  @provsyns ssoapp
  - sqlplus ssoapp/ssoapp@portal30
  @loadsdk.sql
  @loadpapp.sql
  Created DAD with basic authentication SAMPLE_SSO_PAPP
  - username: ssoapp
  - default home page: sample_sso_papp.ssoapp
  Registered the Sample SSO Partner Application with the Login Server and ran regapp.sql
  Commented out the calls to get_db_user in papp.pkb to avoid exception
  - called http://<server>/pls/sample_sso_papp
  - logged on as SSO_LW/sso_lw
  - got output:
  Congratulations! It is working!
  User Information: SSO_LW
  LW User Information: PUBLIC
  So the Portal lightweight user is not returned as SSO_LW
  if anyone knows why the Lightweight User in my test is returned as PUBLIC not SSO_LW
  Best Regards
  MIchael

  http://support.mozilla.com/en-US/kb/Changing+the+e-mail+program+used+by+Firefox