APEX as Partner APP in SSO - Post Authentication Process

Similar Messages

• Apex as Partner App using OID SSO

  Hi
  I have setup Apex as a partner App in OAS.
  Registered the partner application.
  Created a simple app that uses the builtin Apex auth as partner app using sso.
  I get the OAS login appearing as expected for authentication however apon entering credentials successfully
  The success url takes me to server:7777/sso/auth and displays page can not be found
  My OAS Partner App success url registered is server:7778/dad/apex/wwv_flow_custom_auth_sso.process_success
  app schema registered details
  My lsnr token is HTML_DB:server:7778
  other details cut and copied from OAS registration page.
  lsnr login url is the oas sso login url is this correct?
  Appears to work apart from the success url finding its way back to my app.
  TIA
  Richard.

  Hello all,
  I'm having somewhat of a similar issue, but I think our setup might be making it a bit more complex.
  First question, simple one:
  1.
  In my authentication method in my apex app, when I set my logout URL to http://{myhost}:{myport}/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=http://www.google.com
  It doesn't automatically redirect. I have to press the Return button on the OAS Single Sign-Off page to redirect to www.google.com
  Is the redirect not automatic? Is there a way to make it automatic?
  2.
  We have the issue where you login via SSO into an APEX application (APEX as a partner app). But the logout url does not truly log the user out. It redirects to our public page as we expect it to, but when they press the login button, it just goes straight back in (as if they were never logged out).
  Now I know this has to do with the cookie, but here's the tricky part.
  Our OAS server (that has Portal) is on a separate box. We've upgraded all our database servers, and they all have now a different domain than the OAS server. So now, OAS is in company1.com domain and our APEX apps are on company2.net domains.
  Our DBA had setup us his own flavor of SSO logout (public synonym for all apex workspaces to use). He has an actually database procedure that used the owa_cookie package to look for the cookie and invalidate it on logout. With the new domains, his logic no longer works, because I believe the cookie is still in company1.com domain and the logout proceduce is running from the company2.net domain and cannot find the cookie (since it's not in it's domain).
  After all that, I am thinking that since we can successfully login to SSO in company2.net domain via the OAS server, then we should also be able to logout of SSO successfully via the OAS server as well. Am I on the right track here? Is it possible with multiple domains?
  Thanks,
  Chris
  Edited by: CDub on Oct 19, 2009 1:55 PM

• Partner App OAS SSO integration does not work

  Hi All,
  I try to make OAS SSO work. I have app I built in HTML DB, I try to make it work as Partner Application for OAS SSO. I've done all requierments to install SSO SDK and try to make it work - it was fruitless.
  Then I try to make Test App work (\ssosdk307_032101\demo\plsql\) - it was fruitless also.
  I received the same error messages in Apache error_logs:
  [Thu Nov  4 12:06:54 2004] [error] [client 192.168.83.43] [ecid: 1099562814:192.168.83.197:9461:0:1,0] mod_plsql: /test2/test_setup HTTP-503 ORA-6550 Call to WPG_SESSION API Failed.
  [Thu Nov  4 12:06:54 2004] [error] [client 192.168.83.43] [ecid: 1099562814:192.168.83.197:9461:0:1,0] mod_plsql: ORA-06550: line 4, column 2:
  PLS-00201: identifier 'FLOWS_010500.WPG_SESSION' must be declared
  ORA-06550: line 4, column 2:
  PL/SQL: Statement ignored
  ORA-06550: line 5, column 16:
  PLS-00201: identifier 'WPG_SESSION_PRIVATE.CREATE_SESSION' must be declared
  ORA-06550: line 5, column 2:
  PL/SQL: Statement ignored
  ORA-06550: line 6, column 15:
  PLS-00201: identifier 'WPG_SESSION_PRIVATE.GET_LW_USER' must be declared
  ORA-06550: line 6, column 2:
  PL/SQL: Statement ignored
  ORA-06550: line 7, column 2:
  PLS-00201: identifier 'FLOWS_010500.WPG_SESSION' must be declared
  ORA-06550: line 7, column 2:
  PL/SQL: Statement ignored
  Could someone point me what to do in order to make it work? I guess I miss some step but I don't know what one I've missed :(((
  Thanks,
  Sergiy

  Scott,
  Thanks for your reply. I double check instruction and re-done all steps. I try to start demo application (I didn't even go further tneh step 4 in Install.txt!)
  from ...\ssosdk307_032101\demo\plsql\Readme.txt 5. To verify the web server setup, go to the following URL to see the test page:
  http://<hostname>:<port>/pls/<dad_name>/<schema_name>.test_setup
  , but I receive the same error messages in IE and in Apache error_logs.
  I see at this point one weak area - this is DAD. As I understand I need to create dad in dads.conf, am I right?
  Maybe I didn't created it right?
  Could you post some working dad for SingleSignOn?
  Thanks,
  Sergiy

• Different partner apps share sso schema?

  Sorry if this is a stupid question.
  Part of the setup and configuration of a partner application is the creation of a database schema, one in which we install the sso pl/sql packages, etc...
  I have several partner applications. Does each partner application need to have it's own unique sso schema? Or can all my partner applications share the same sso schema?
  Any recommendations?
  Thanks!
  Phillip

  To me it clearly looks like Resource forest scenario. The only difference is, you are Migrating the Mailbox into Own Forest, rather creating a New Mailbox for User in Partner AD.
  http://www.msexchange.org/articles-tutorials/exchange-server-2007/planning-architecture/deploying-exchange-resource-forest-part2.html
  http://social.technet.microsoft.com/Forums/exchange/en-US/3f020f35-df27-4a16-b3a9-9b0db7d95b61/exchange-2010-resource-forest-how-do-you-assign-permissions-to-share-linked-mailboxes
  About Single Sign On
  ADFS 2.0 should accomplish it.
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Setting session state post-authentication

  Hi all,
  This application uses DATABASE ACCOUNT authentication, and has a post-authentication process that sets a few application items using code such as
  apex_util.set_session_state('F_MY_ITEM', v_my_value);These items are used to secure certain tab options within the application.
  The post-authentication PL/SQL works fine, I can't see anything wrong the the logic. I've debugged it and I know the values are being set. I'm checking the value of session state straight after using v('F_MY_ITEM'), along with checking my session ID matches up - everything seems ok there.
  The issue is that when I log in, the session state is not set for those items - even though the post-auth process is called with no errors raised. Apex debug states
  ... Session State: Save "MY_ITEM" - saving same value "Y"If I log out, then log in (without closing browser tab), the values are now set as expected (visual confirmation using conditionally displayed tabs, and of course checking session state from developer toolbar)
  Notably, Debug states something slightly different
  ... Session State: Save item "MY_ITEM" newValue="Y" escape_on_input="Y"There are a few other differences with the debug output, this this seems the most pertinent.
  The only difference I've been able to track down is if I'm logged into the application builder in the same browser.
  If I attempt to log in with a freshly opened browser, navigate directly to application URL, the behaviour works as expected. Tabs appear as if items are set.
  Could the fact I'm authenticated in the application builder be messing with session state behaviour?
  This is with Apex 4.0.2.00.07; agnostic to browser (IE/FF/Chrome); 11gr2
  Cheers,
  Scott

  I did consider this because I experienced the same thing with page processes.
  However, in this case my post-auth function is within a package and I don't use bind variables.
  I was essentially doing this in my package:
  apex_util.set_session_state('F_MY_ITEM', 'Y');
  my_log_proc(v('F_MY_ITEM'));And seeing Y in the debug log, yet once on my home page, viewing session state I see F_MY_ITEM as empty - unless in the scenario I described.
  It's not a showstopper since the users won't be logged in to the application builder, but it would be nice to know the cause.

• Error while logging in  `ERR-10740 Unable to run custom post-auth process.'

  Hi there,
  I get the following error only with specific users; some can login, some can't. There is consistency is who receives this error.
  Error      ERR-10740 Unable to run custom post-auth process.
  the text of the "Post-Authentication Process" field in the my authentication schemes is as follows:
  begin
  bare_auth.session_init;
  end;
  The bare_auth package has no errors:
  select object_type, status
  from user_objects
  where object_name = 'BARE_AUTH';
  OBJECT_TYPE STATUS
  PACKAGE VALID
  PACKAGE BODY VALID
  2 rows selected
  The error message isn't very helpful and I can't see why Apex can't run it. Why is Apex unable to run the custom post-auth process?
  Robert

  Thats just the message when you get when there is an unhandled exception in your post-auth process. Apex wraps your code with its own and if you hit any error it just raises that error to the screen. If you were to go into your post-auth and do:
  declare
    v number;
  begin
    v:= 1/0;
  end;You can see that it raises the same error message to the screen instead of an excepted pl/sql exception about dividing by zero.

• SSO Authentication Audit Information for Partner Apps ?

  Hi,
  Is it possible to get Audit Information to show when a users has been authenticated by SSO for a Partner Application ?
  If I look at orasso.wwsso_audit_log_view I can see when a user has been authenticated and a row for Portal and each Partner App that gets authenticated. The question is can you tell which row relates to which Partner App or is there another table with this information ?
  i.e I have two Partner Apps, a user logs onto Portal and only visits pages for one of them, When I log I see 2 rows, I need to know which Partner App they vistied (A or B).
  Thanks
  Simon.

  Well in that case i guess am in luck because i am working with oracle. The thing however is that I don't know where to fetch the information about the installation and all that in order to proceed ahead.
  Besides it seems, the easier it was to make the application and deploy it on the apex, the harder it is to integrate it with the SSO.
  Also i don't understand when you say "public apex.oracle.com", I always thought it was meant only for oracle employees as in it's not accessible through the internet.
  You won't (unless you work for Oracle) be able to do
  that on the public apex.oracle.com site as far as I'm
  aware.

• How to set up ApEx as a SSO partner app?

  I seem to be stuck in something of an endless loop here.
  I'm trying to set up the authentication for an ApEx app to use my Oracle AS SSO. When I start the wizard to create a new authentication scheme I choose "Based on a pre-configured scheme from the gallery". That shows me five choices (open door, ApEx credentials, database credentials, LDAP, and "no authentication"). When I click on the "Information" link at the bottom it displays some text for two more choices which aren't listed above: "Oracle Application Server Single Sign-On (Application Express engine as Partner App)" and "Oracle Application Server Single Sign-On (My application as Partner App)". Those descriptions also say that those choices aren't displayed because "This Application Express site must have already been registered as a partner application with the SSO server."
  OK -- no big deal. I'll just register the ApEx site as a partner app. I found this link explaining how to do that: http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
  Now, reading that page, I get to this step in the process: "Using the Application Express Application Builder, use the create authentication scheme wizard to create an authentication scheme based on the pre-configured
  scheme Oracle Application Server Single Sign-On (Oracle HTML DB Engine as Partner App)."
  And back to the top of my loop. The wizard in Apex tells me that I can't see the SSO choice when I'm creating my app's authentication because it's not registered as a partner application, and the instructions which tell me how to register ApEx as a partner application tell me to pick the SSO choice in the ApEx wizard.
  Has anyone managed to break out of this Groundhog Day documentation loop?

  Well,
  There are 5 choices to choose from on the page. In the description of the choices at the bottom of the page there are 7, and the two additional choices talk about having to first have registered the site with SSO. So...I'm interpreting that as meaning that other 2 possible choices would be displayed if the site is registered with SSO. That, plus the fact that the page which describes how to add the site to SSO seems to think that the SSO choices are displayed in the wizard.
  So, no, there's no "exact launguage" that says what the reason is for the choices not being displayed. Can you point me to some exact language that tells me how to get those choices displayed?

• Logout URL for 9iAS SSO Partner App

  Hi,
  I've successfully set up an HTMLDB application as a Single Sign On partner APP. The login works perfectly, except I'm a little confused about the logout URL. Currently it is set to the default in the Authentication scheme, but it doesn't work too well - I get errors if I navigate back to the single sign on page from the default HTMLDB logout page. What I want it to do is to de-authenticate then automatically go back to the SSO login page. What do I change my logout URL to?
  (curently it is wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=4155:PUBLIC_PAGE)
  Thanks,
  Steve

  Steve - Here's a logout URL that unsets the app's
  session cookie first, then goes to Single Sign-off,
  then back to a public page in the app:
  https://host:port/pls/DAD/wwv_flow_custom_auth_std.log
  out_then_go_to_url?p_args=&APP_ID.:https://login.yourl
  ogin.com/pls/orasso/orasso.wwsso_app_admin.ls_logout?p
  doneurl=https://host:port/pls/DAD/f?p=&APP_ID.:PUBLI
  C_PAGE
  ScottI am quite new to Oracle Apex.
  I have just looked read through your posts, because I am having a similiar problem. I simply want to be able to click the logout link on my application and be able to logout of single sign on.
  I have tried your URL and I am sure it is accurate but I am unable to get it to work. I think the main problem I have is that I cant get to the logout URL on the single sign on page : http://host:port/pls/orasso/orasso.wwsso_app_admin.ls_logout
  Please could you advise ?
  Thanks
  Numan

• Partner Application in SSO logout does'nt synchronize

  Hi All,
  I've setup two separate application on different workspace and different server as partner Application. I've follow the instruction from http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
  . And everything working fine, but the "logout" seen doesn't work correctly.
  Example: I'm login to Application "A" from single sign on homepage, after enter username and password, it direct me to Application "A". After that, i've click on Application "B" which also located on single sign on homepage and direct me to application "B" (that's correct). When I clicked on the "logout" link in Application "A" it work fine, but the other Application (B) doesn't log me out. I can do the normal work on Application "B" even the Application "A" already logout.

  Hi Scott,
  Thank you for your reply. I've read the two link above and I don't figure out how to resolve my problem yet. From the link: Logout URL for 9iAS SSO Partner App
  you said:
  Steve - Here's a logout URL that unsets the app's session cookie first, then goes to Single Sign-off, then back to a public page in the app:
  https://host:port/pls/DAD/wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:https://login.yourlogin.com/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=https://host:port/pls/DAD/f?p=&APP_ID.:PUBLIC_PAGECan set the authentication schema logout URL of application "A" something like: unsets app's session cookies first, then goes to Single Sing-off, then goes to Application "B" sign-off, and then back to a public page in the app. That way will be logout the Application "A", logout the Single Sign-On, and logout the Application "B" when i click on the "logout" link from Application "A". Am I correct?
  The other question is how can i get the SSO cookie. I've used the owa_cookie.get('cookie_name') function, but it doesn't work for SSO.
  Thanks,
  Kevin

• App and SSO SSL-ing with SSLconfigtool

  hello ..
  I need youtr help.
  im trying to configure SSL for application. I read document about SSLconfigtool and it looks easy. First I select correct scenario and run configtool -> scenario Configuring SSL to OracleAS Web Cache for J2EE for SSLing http access with termination on webcache (with oracle sample wallet). It was configured correctly.
  And now I needSSLing SSO. So I select scenario Configuring SSL to Oracle HTTP Server for OracleAS Single Sign-On/Oracle Delegated Administration Services
  After running openssl the Http server cant start. in log I an find any error except owerwriting pid file.
  So is this good idea for SSLing or the is problem in my head ?
  solving technical problem is next step, firstly give me advice about ideas.
  thanks for any help.

  I've just created a new instance on the same server, installed Apex 3.2, created a single page test app, used Application Express as Partner Application as SSO authorisation scheme, accessed the app's url and exactly the same thing happens... I just get a 404 page where the URL http://OID_HOST:port/sso/auth
  I must be overlooking something somewhere but as far as I know, I've followed all the guidance and have created this based on previous installs.
  Again, any help would be greatly appreciated!
  Thanks.

• Is it possible to have custom PL/SQL signoff/logout pages per partner app?

  Hello -
  We are currently using one OID server as our SSO midtier for an Oracle portal and Oracle EnterpriseOne applications. Following document (342942.1) we have successfully been able to create a customized sign-off/logoff page. However this page defined is the same for all partner application. We would like the ability to send the users to one page if they logoff from the portal, and to another page if they logoff EnterpriseOne. Is there a way to determine which partner app is calling for a logoff, and we could populate the p_done_url variable from there?
  Thank you.

  Why not just wait for the request to complete in your PL/SQL?
  function FND_CONCURRENT.WAIT_FOR_REQUEST
  (request_id IN number default NULL,
  interval IN number default 60,
  max_wait IN number default 0,
  phase OUT varchar2,
  status OUT varchar2,
  dev_phase OUT varchar2,
  dev_status OUT varchar2,
  message OUT varchar2) return boolean;
  Trust iguru here.. the users will not notice.

• The test couldn't sign in to Outlook Web App due to an authentication failure. Extest_ account.

  Hi.
  I'm using SCOM 2012 R2 and have imported the Exchange server 2010 MP.
  I have runned the TestCasConnectivityUser.ps1 script and almost everything is okay except for the OWA test login.
  The OWA rule is working for some time until (I think) SCOM is doing a automatic password reset of the extest_ account. Then I get the OWA error below. The other test connectivity are working. Any suggestions.
  One or more of the Outlook Web App connectivity tests had warnings. Detailed information:
  Target: xxx|xxx
  Error: The test couldn't sign in to Outlook Web App due to an authentication failure.
  URL: https://xxx.com/OWA/
  Mailbox: xxxx
  User: extest_xxx
  Details:
  [22:50:08.936] : The TrustAnySSLCertificate flag was specified, so any certificate will be trusted.
  [22:50:08.936] : Sending the HTTP GET logon request without credentials for authentication type verification.
  [22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
  [22:50:09.154] : The sign-in page is from ISA Server, not Outlook Web App.
  [22:50:09.154] : The server reported that it supports authentication method FBA.
  [22:50:09.154] : This virtual directory URL type is External or Unknown, so the authentication type won't be checked.
  [22:50:09.154] : Trying to sign in with method 'Fba'.
  [22:50:09.154] : Sending HTTP request for logon page 'https://xxx.com/CookieAuth.dll?Logon'.
  [22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
  [22:50:09.373] : The test couldn't sign in to Outlook Web App due to an authentication failure.
  URL: https://xxx.com/OWA/
  Mailbox: xxx
  User: extest_xxx
  [22:50:09.373] : Test failed for URL 'https://xxx/OWA/'.
  Authentication Method: FBA
  Mailbox Server: xxx
  Client Access Server Name: xxx
  Scenario: Logon
  Scenario Description: Sign in to Outlook Web App and verify the response page.
  User Name: extest_xxx
  Performance Counter Name: Logon Latency
  Result: Skipped
  Site: xxx
  Latency: -00:00:00.0010000
  Secure Access: True
  ConnectionType: Plaintext
  Port: 0
  Latency (ms): -1
  Virtual Directory Name: owa (Default Web Site)
  URL: https://xxx.com/OWA/
  URL Type: External
  Error:
  The test couldn't sign in to Outlook Web App due to an authentication failure.
  URL: https://xxx.com/OWA/
  Mailbox: xxx
  User: extest_xxx
  Diagnostic command: "Test-OwaConnectivity -TestType:External -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true"
  EventSourceName: MSExchange Monitoring OWAConnectivity External
  Knowledge:
  http://go.microsoft.com/fwlink/?LinkID=67336&id=CB86B85A-AF81-43FC-9B07-3C6FC00D3D42
  Computer: xxx
  Impacted Entities (3):
  OWA Service - xxx, xxx - xxx, Exchange
  Knowledge:     View additional knowledge...
  External Knowledge Sources
  For more information, see the respective topic at the Microsoft Exchange Server TechCenter
  Thanks
  MHem

  Hi,
  Based on the error, it looks like an OWA authentication failure.
  Have you tried post this to LYNC forums?
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Integration of Apex with Oracle Apps R12

  How can I integrate Oracle Apex with Oracle Applications R12? The requirement is like by clicking a menu the user will see an apex report without giving again the user name and password. By simple menu attachment it's asking for apex login credentials. But I want it will redirect to the apex page without asking for user name and password.
  Anyone please tell the step by step procedure of how to integrate apex with oracle apps R12.
  Please help.

  Hi,
  See below my thread this might be of some help to you. We could successfully integrate EBS and OBIEE.
  Logout link missing upon integrating OBIEE 11g with EBS (Not through SSO)
  Thanks,
  Sri

• Second htmldb as partner application in sso

  Hello ,
  I have 2 databases (say A and B) running each their own htmldb instance.
  I have 1 sso server where already 1 htmldb partner application is defined of DB A.
  Now i want to define the second instance of the htmldb on DB B also as partner application on my sso server.
  In the installation guide, i read the following for value of app_name when running regapp.sql
  'You must use HTML_DB as the app_name', but i already have one defined of DB A. Can I use another name or should i use the same name ? Or is it impossible to define 2 htmldb partner applications on 1 SSO.
  Grtz,
  Chris.

  When defining my app_name with the regapp.sql, i have used
  HTML_DB_TEST:servername:443 as listener_token.
  As i already have a HTML_DB:servername:443.
  I also used HTML_DB_TEST in the definition of the partner application.
  Now I'm getting : Expecting p_company or wwv_flow_company cookie to contain security group id of application owner. when trying to run my application.
  Could this be related, and if so, how can i define a second htmldb application as a partner application in sso ?
  Chris.