Apex Configuration with SSO on Database 11g
Hi All,
I am trying to configure Application Express with SSO on 11g and I have followed all the steps mentioned in http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
My partner app configuration is
Site ID: 0F32F8E1
Site Token: JC54XU4Q0F32F8E1
Encryption Key: 61443A93398DC472
Single Sign-On URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
Application Name: Insight Knowledge Manager on New Server
Application Home URL: http://orclinsight.oraclecorp.com
Application Success URL: http://orclinsight.oraclecorp.com/pls/apex/wwv_flow_custom_auth_sso.process_success
Application Logout URL: http://orclinsight.oraclecorp.com
After running the @custom_auth_sso.sql and @custom_auth_sso.plb and doing grant execute on wwv_flow_custom_auth_sso to public; I have also created an authentication scheme in APEX based on the pre-configured scheme on Apex as partner app
this is the URL of the app.... http://orclinsight.oraclecorp.com/pls/apex/f?p=100:1
if I type this URL, I get redirected to the SSO authentication page...however once I have filled the credentials.. it shows me the following error message
*"The requested URL /pls/apex/wwv_flow_custom_auth_sso.process_success was not found on this server."*
The result of this query select lsnr_token||':'||site_token||':'||site_id||':'||urlcookie_version||':'||encryption_key||':'||url_cookie_ip_check||':'||ls_login_url from wwsec_enabler_config_info$
is
'HTML_DB:orclinsight.oraclecorp.com:80:JC54XU4Q0F32F8E1:0F32F8E1:v1.2:61443A93398DC472:Y:https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login'
and the result of begin owa_util.print_cgi_env; end; query in APEX - SQL Workshop is
PLSQL_GATEWAY = WebDb
GATEWAY_IVERSION = 2
SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server
GATEWAY_INTERFACE = CGI/1.1
SERVER_PORT = 80
SERVER_NAME = orclinsight.oraclecorp.com
REQUEST_METHOD = POST
PATH_INFO = /wwv_flow.show
SCRIPT_NAME = /pls/apex
REMOTE_ADDR = 141.144.152.146
SERVER_PROTOCOL = HTTP/1.1
REQUEST_PROTOCOL = HTTP
REMOTE_USER = APEX_PUBLIC_USER
HTTP_CONTENT_LENGTH = 291
HTTP_CONTENT_TYPE = application/x-www-form-urlencoded; charset=UTF-8
HTTP_USER_AGENT = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
HTTP_HOST = orclinsight.oraclecorp.com
HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING = gzip,deflate
HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5
HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_REFERER = http://orclinsight.oraclecorp.com/pls/apex/f?p=4500:1003:1510257042232818::NO:::
HTTP_ORACLE_ECID = 1258784987:64.181.227.33:7900:4328:22,0
WEB_AUTHENT_PREFIX =
DAD_NAME = apex
DOC_ACCESS_PATH = docs
DOCUMENT_TABLE = wwv_flow_file_objects$
PATH_ALIAS =
REQUEST_CHARSET = AL32UTF8
REQUEST_IANA_CHARSET = UTF-8
SCRIPT_PREFIX = /pls
HTTP_COOKIE = [email protected]:insight_workspace; ORA_WWV_USER=BE50DD5881201806; IdcLocale=English-US; IntradocAuth=Internet; oracle.uix=0^^GMT+5:30^p; IntradocLoginState=1; IdcTimeZone=America/Chicago
Please advise what should I do next or where I may be going wrong?
Warm Regards,
Anand
Hi All,
I am trying to configure Application Express with SSO on 11g and I have followed all the steps mentioned in http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
My partner app configuration is
Site ID: 0F32F8E1
Site Token: JC54XU4Q0F32F8E1
Encryption Key: 61443A93398DC472
Single Sign-On URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
Application Name: Insight Knowledge Manager on New Server
Application Home URL: http://orclinsight.oraclecorp.com
Application Success URL: http://orclinsight.oraclecorp.com/pls/apex/wwv_flow_custom_auth_sso.process_success
Application Logout URL: http://orclinsight.oraclecorp.com
After running the @custom_auth_sso.sql and @custom_auth_sso.plb and doing grant execute on wwv_flow_custom_auth_sso to public; I have also created an authentication scheme in APEX based on the pre-configured scheme on Apex as partner app
this is the URL of the app.... http://orclinsight.oraclecorp.com/pls/apex/f?p=100:1
if I type this URL, I get redirected to the SSO authentication page...however once I have filled the credentials.. it shows me the following error message
*"The requested URL /pls/apex/wwv_flow_custom_auth_sso.process_success was not found on this server."*
The result of this query select lsnr_token||':'||site_token||':'||site_id||':'||urlcookie_version||':'||encryption_key||':'||url_cookie_ip_check||':'||ls_login_url from wwsec_enabler_config_info$
is
'HTML_DB:orclinsight.oraclecorp.com:80:JC54XU4Q0F32F8E1:0F32F8E1:v1.2:61443A93398DC472:Y:https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login'
and the result of begin owa_util.print_cgi_env; end; query in APEX - SQL Workshop is
PLSQL_GATEWAY = WebDb
GATEWAY_IVERSION = 2
SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server
GATEWAY_INTERFACE = CGI/1.1
SERVER_PORT = 80
SERVER_NAME = orclinsight.oraclecorp.com
REQUEST_METHOD = POST
PATH_INFO = /wwv_flow.show
SCRIPT_NAME = /pls/apex
REMOTE_ADDR = 141.144.152.146
SERVER_PROTOCOL = HTTP/1.1
REQUEST_PROTOCOL = HTTP
REMOTE_USER = APEX_PUBLIC_USER
HTTP_CONTENT_LENGTH = 291
HTTP_CONTENT_TYPE = application/x-www-form-urlencoded; charset=UTF-8
HTTP_USER_AGENT = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
HTTP_HOST = orclinsight.oraclecorp.com
HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING = gzip,deflate
HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5
HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_REFERER = http://orclinsight.oraclecorp.com/pls/apex/f?p=4500:1003:1510257042232818::NO:::
HTTP_ORACLE_ECID = 1258784987:64.181.227.33:7900:4328:22,0
WEB_AUTHENT_PREFIX =
DAD_NAME = apex
DOC_ACCESS_PATH = docs
DOCUMENT_TABLE = wwv_flow_file_objects$
PATH_ALIAS =
REQUEST_CHARSET = AL32UTF8
REQUEST_IANA_CHARSET = UTF-8
SCRIPT_PREFIX = /pls
HTTP_COOKIE = [email protected]:insight_workspace; ORA_WWV_USER=BE50DD5881201806; IdcLocale=English-US; IntradocAuth=Internet; oracle.uix=0^^GMT+5:30^p; IntradocLoginState=1; IdcTimeZone=America/Chicago
Please advise what should I do next or where I may be going wrong?
Warm Regards,
Anand
Similar Messages
-
Problem registering apex app with sso
I followed the instructions listed in Note:353023.1 to register an apex app as an sso application.
when i go to the url:
http://portal.research.na.admworld.com/pls/REMGThtmldb/f?p=100:1
i get:
Bad Request
Your browser sent a request that this server could not understand.
mod_plsql: /pls/REMGThtmldb/f HTTP-400 Invalid name
i've redone everything several times. i must be missing something simple. any clue as to what this could be?Hi Chris,
I had a lot of problems getting SSO working. The name of the partner application had to be HTML_DB and in the WWSEC_ENABLER_CONFIG_INFO$ table I had to change the port in LSNR_TOKEN to :80. You will find lots of other posts about SSO problems.
One thing you can do is to set debug on as explained in step 6 here: http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
Regards Pete -
Apex application registered with sso as partner application
We have 1 apex app registered with sso and working properly.
I just registered a new apex application with sso. when i authenticate through sso, it directs me to the originally registered application.
I went in through the portal administrator app and verified my settings all pointed to the new application. I verified that my dad is set up correctly.
Any ideas?
APEX 2.0i did register and obtain the keys through portal admin.
to ensure i used the proper keys (i guess there is a possibility i used the keys from db1 registration) i re-ran regapp with the right keys but recieved the following output:
SQL> @regapp
Partner Application Configuration
Enter value for listener_token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
Enter value for site_id: EFBE3E14
Enter value for site_token: MSMXURH1EFBE3E14
Enter value for login_url: https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: 2EBDD126A3A40606
Enter value for ip_check: N
ERROR: Error in registration. Please try again
User-Defined Exception
Registration successful.
Listener token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
Site id : EFBE3E14
Site token : MSMXURH1EFBE3E14
Encryption key: 2EBDD126A3A40606
Login URL :
https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
n.ls_login
Logout URL :
https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
n.ls_logout
IP check : N
PL/SQL procedure successfully completed.
Commit complete.
No errors.
SQL>
...in spite of the error, i aske the app developer to try and use sso for db2. he now recieves:
User-Defined Exception
Error Error in wwv_flow_custom_auth_sso.process_success:l_sso_user_name:l_sess_id:: Please contact administrator.
OK
any ideas? -
Install and configure Oracle AS 10g Business Intelligence Comp with SSO
Hi,
Present setup:
We have a Red hat Linux 3.0 ES (update 4).
Netgrity from Site minder installed over windows server for signle sign on.
Oracle 9i release 2 database on a separate Windows server
What i need:
I want to install Oracle Application Sever Business Intelligence Components 10G over the linux and configure with Netegrity Single Sign on. I am not clear what is the installation process and what is the sequence of installation and configuration.
Can anyone help me with the Installation process and sequence.
What should be the sequence is it like below ?
1) first install the Oracle AS 10g Infrastructure over the Linux
2) Secondly install the Oracle Application Sever Business Intelligence Components 10G and integrate with Infrastructure
3) Configure with SSO
or only install the Oracle Application Sever Business Intelligence Components 10G and Configure with SSO is enough ?
Any help in the installation process and sequence of instlallation and how to configure for external single Sign on.
Thanks..When you want to have SSO you definitly need the infrastructure as the SSO is managed in there.
So first install the infrastructure, then the middle tier (BI components) and then configure the SSO for the BI components.
When this is up and running you have to configure the integration with the SiteMinder. Check out the OID admin guide and the SSO admin guide.
cu
Andreas -
LDAP SSO to database in XI3.1
Hi All,
We are using XI3.1 and trying to find a solution for configuring LDAP single sign on to database and have not been able to find any material on that matter.
Is it possible to configure LDAP SSO to database (Oracle 11) natively? Or is there a third party tool like siteminder that can make that configuration work? Please let me know.
Thanks,
VIt should work natively.
In the CMC > Authentication > LDAP there is an option for propogate credentials at logon time. This option will cause LDAP users to have their username/pw cached in their user account (in fields called DBuser/DBpass). Then you must configure your reports to use these fields. If using reports based of universes you need to set the universe connection to use DB credentials, if crystal then it's a bit more complicated and you may need to log a case to get the instructions.
If using SSO on the front end with siteminder or trusted auth then the LDAP propogate option will not work (it requires users to key in their user/pw).
Regards,
Tim -
Hi All,
We have a requirement to implement custom SSO with OBIEE 11g.
Is configuration of SSO in OBIEE 11g similar to that of OBIEE 10.1.3 ? (10g steps mentioned below)
1. Changing Instanceconfig.xml
2. Adding a user “Impersonate ” in Repository
3. Adding Impersonate user Credentials to Credential Store using cryptotools
4. Add Credential Store information to Instanceconfig .xml file
Are there any additional configurations required to be related to weblogic integration with OBI?What sort of SSO setup are you looking to implement? The security model in 11g is much more complex and unfortunatelly it's all in Weblogic. I don't think that was a good idea but Oracle it's obviously pushing to use all of its products into OBIEE.
On the positive side OBIEE 11g now supports configuring authentication and SSO with Active Directory and Windows Native Authentication using Kerberos (the next generation authentication protocol after NTLM). This SSO solution is sometimes called "silent SSO" as does not require domain authenticated users to login to OBIEE and it's completely transparent. In view it's the "real and proper" SSO solution as it's server side and it's unspoofable. Oracle Support Note ID 1274953.1 provides guidance on how to do that. The configuration process is complex but it provides a way to use Windows Native Authentication out-of-the-box in OBIEE 11g without having to rely on custom/3er party components or any additional license costs. -
Hello,
I have APEX installed already in my database and currently it's catering 2 schemas, say schema1 and schema2. Schema2 has been dropped now and new Schema3 has been created.
I changed dads.conf file and pointed to new schema, Schema3, restarted HTTP server but when trying to access URL I am getting
Error 403: Forbidden
You don't have permission to access /pls/apex_1/apex_admin on this server.
Also upon checking the log file, i could see ORA-1017 error which means apex_public_user doesn't exist in Schema3. So just wondering do I need to go for another installation of APEX or there is other better alternative.
Regards
PankajHello Jari,
I think my last post was not that clear. Here I am not referring to apex internal schemas.
Below is dads.conf which includes two different database, database1 and database3(new).
APEX url for database1 is working fine but I am getting error 403 for database3 as it's newly created.
So My question is how an existing APEX configuration works for new Database.
+<Location /pls/apex_1>+
Order deny,allow
PlsqlDocumentPath docs
AllowOverride None
PlsqlDocumentProcedure wwv_flow_file_mgr.process_download
PlsqlDatabaseConnectString sweden.intranet.calidris.com:1521:database1
PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8
PlsqlAuthenticationMode Basic
SetHandler pls_handler
PlsqlDocumentTablename wwv_flow_file_objects$
PlsqlDatabaseUsername APEX_PUBLIC_USER
PlsqlDefaultPage apex
PlsqlDatabasePassword Abc12345
PlsqlRequestValidationFunction wwv_flow_epg_include_modules.authorize
Allow from all
+</Location>+
+<Location /pls/apex_2>+
Order deny,allow
PlsqlDocumentPath docs
AllowOverride None
PlsqlDocumentProcedure wwv_flow_file_mgr.process_download
PlsqlDatabaseConnectString sweden.intranet.calidris.com:1521:database3 ++
PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8
PlsqlAuthenticationMode Basic
SetHandler pls_handler
PlsqlDocumentTablename wwv_flow_file_objects$
PlsqlDatabaseUsername APEX_PUBLIC_USER
PlsqlDefaultPage apex
PlsqlDatabasePassword Abc12345
PlsqlRequestValidationFunction wwv_flow_epg_include_modules.authorize
Allow from all
+</Location>+
regards
}ankaj -
Oracle Access Manager 11g r2 with Oracle Entitlement Server 11g r2
Hello,
I would like to set up a configuration with Oracle Access Manager 11g r2 where Authentication is against Active Directory, and Authorisation is against Oracle internet Directory
Access Manager has to get authorizations from Oracle internet Directory via Oracle Entitlement Server
I cant find any document describing how to integrate Oracle Access Manager with Oracle Entitlement Server
could any one help ?
RegardsHi all,
I am facing some issue with the distribution of the policy in the security module of OES.
The "application" distribution tab allows me to distribute the policy created but does not generate any distribution ID or address for webservice access.
I am using OES 11.1.5
Thanks in advance. -
Upgrade ERP database 11g and ATG7 with SSO integation
Please let us know how to Perform Upgrade ERP database 11g and ATG7 with SSO integation .
Regards .We have completed to upgrade ERP database from 9.2.0.6 to 11.2.0.1 and also apply ATG 7 on Test instance.
And user finish testing , there is no issue after upgrade and application can work as normal.
On Test instance we didn't implement Single Sign On
But on Production we have Single Sign ON.
Now we plan to upgrade on Production instance. But we afraid that we will found any issue on Production relate to SSO. Becase we don't have a chance to test it.
My question is:
Are there any spacial step we need to do if we have implemented SSO After upgrade DB 11g and ATG 7? -
How to configure my oracle jdeveloper 11g preview 4 with oracle 8i database
hi every one
my requrirement is to configure my oracle jdeveloper 11g preview 4 with oracle 8i database with (thin driver)
thanks in advancePrapan,
JDev 11g TP4 comes with 11g JDBC drivers, which do not support connecting to any database v 9.0.1 or earlier.
So, back to you... depends upon what you want to do. If you want to write your own code to connect to a database using 11g, get ahold of some JDBC drivers that support 8i and have away. If you're talking about getting the database development stuff (e.g. the embedded SQLDeveloper) to work, you're probably out of luck.
So, please define "configure my oracle jdeveloper 11g preview 4 with oracle 8i database"
John -
When running htmldb 2.0.00.29 with SSO , we receive
ORA-06550: line 2, column 1: PLS-00201: identifier 'WWSEC_SSO_ENABLER_PRIVATE.GENERATE_REDIRECT'
must be declared ORA-06550: line 1, column 45: PL/SQL: Statement ignored
Error Unable to run portal_sso_redirect procedure as schema: PL_USER with partner app name: people finder:mercator.hq.ccw.gov.uk:7779.
During debugging the issue we found out that the ssosdk could not be installed into FLOWS_020000 correctly
( error like:
@loadsdk.sql
create table wwsec_enabler_config_info$ OF sec_enabler_config_type
ORA-00955: name is already used by an existing object
CREATE sequence wwsec_log_pk_seq increment BY 1
ORA-00955: name is already used by an existing object
and as followup error in regapp.sql
ERROR: Error in registration. Please try again
ORA-06508: PL/SQL: could not find program unit being called
Now we created in a separate schema the ssosdk and run next steps of
Note:353023.1 CONFIGURING AN APEX (HTMLDB) APPLICATION TO USE SSO:
But bow same error like on starting up the issue.
Question:
Is it possible to install ssosdk in a separate schema and not into FLOWS_02xxx
If yes, what are the steps differennt to the Note:353023.1
thanksHi Scot,
Thank you for your response.
This is what I did for the migration by following the thread in
How can I recovery APEX application from a full database export?
- Create new empty database with APEX installed.
- Disable foreign key constraints in the FLOWS_030100 Schema
- Truncate all tables in the FLOWS_030100 Schema
- Perform user level imports of tables only with IGNORE = Y for FLOWS_030100 Schema
- Enable the constraints.
(everything seems intact including SSO SDK objects)
To register with SSO, this is what I did;
1. Load SSO SDK in FLOWS_030100 Schema anyway
2. Register APEX as Partner in SSO
ID: 1B914F48
Token: F76K433U1B914F48
Encryption Key: F76K433U1B914F48
Login URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
Login URL : http://<hotsname>:7778/pls/apex
Success URL : http://<hotsname>:778/pls/apex/wwv_flow_custom_auth_sso.process_success
Logout URL : http://<hotsname>:7778/pls/apex
3. Run regapp.sql as FLOWS_030100
SQL> @regapp.sql
Partner Application Configuration
4.
Enter value for listener_token: HTML_DB:<hostname>:7778
Enter value for site_id: 1B914F48
Enter value for site_token: F76K433U1B914F48
Enter value for login_url: http://<hostname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: C5EB92724C7C98B8
Enter value for IP check : N
4. Ensure wwv_flow_custom_auth_sso compile successfully and grant it to Public
When I tested it, I did get the page of SSO login. But after logging in, it will just go to Page not found. Initially, I thought there's someting wrong with
wwv_flow_custom_auth_sso.process_success but it did compile successfully and I have granted it to Public.
Yong -
How to get PDF Printing working with APEX packed with 11g
Hi ,
Recently i installed 11g db on one of my systems (Windows XP) ,as it comes with APEX i thought to move my apex app(which were in 10g) to the same .........when i moved my apps , i got everything working but PDF PRINTING .
I have configured Report Printing :
Print server: Advanced
Print server Protocol: HTTP
Print server Host Address: localhost
Print Server Port: 9704
Print server script :/xmlpserver/convert
Your help is appreciated.
Thanks ,
RibhiHi Jes,
Thank you for your reply. BI Publisher is runing on the same server where Database 11g with APEX installed. I loged in to the database as SYS DBA and copied and paste Oracle script below to enable Network services. The script run successfully, still cant print. Pls Help me to solve this problem.
Regards,
Ribhi
DECLARE
ACL_PATH VARCHAR2(4000);
ACL_ID RAW(16);
BEGIN
-- Look for the ACL currently assigned to '*' and give FLOWS_030100
-- the "connect" privilege if FLOWS_030100 does not have the privilege yet.
SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
-- Before checking the privilege, make sure that the ACL is valid
-- (for example, does not contain stale references to dropped users).
-- If it does, the following exception will be raised:
-- ORA-44416: Invalid ACL: Unresolved principal 'FLOWS_030100'
-- ORA-06512: at "XDB.DBMS_XDBZ", line ...
SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
FROM XDB.XDB$ACL A, PATH_VIEW P
WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
EQUALS_PATH(P.RES, ACL_PATH) = 1;
DBMS_XDBZ.ValidateACL(ACL_ID);
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'FLOWS_030100',
'connect') IS NULL THEN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
'FLOWS_030100', TRUE, 'connect');
END IF;
EXCEPTION
-- When no ACL has been assigned to '*'.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
'ACL that lets power users to connect to everywhere',
'FLOWS_030100', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
END;
COMMIT;
Edited by: Ribhi on Nov 13, 2008 1:18 PM -
I am trying to setup APEX 3.1 (fresh installation not upgrade) to work with SSO on Linux.
APEX and AP infrastructure are installed on separate servers and APEX is working with mid tier HTTP server.
I have followed the steps below and I don’t get any error messages at all but when I finally point the browser to an application I get an error:
ERR-7620 Could not determine workspace for application
Expecting p_company or wwv_flow_company cookie to contain security group id
I would appreciate any help
Regards,
Anna
alter user flows_030100 identified by xxxx;
alter user flows_030100 account unlock;
Loaded SSO SDK into the flows_030100 schema @APEX_DB
Registered ApEx as a partner application, supplied values:
HOME URL : http://serverABC.ypgstaging.local:7777/pls/apex
Success URL : http://serverABC.ypgstaging.local:7777/pls/apex/wwv_flow_custom_auth_sso.process_success
Log Out URL : http://serverABC.ypgstaging.local:7777/pls/apex/apex
Application Name APEX
As flows_040100@APEX_DB:
SQL> @regapp.sql
Partner Application Configuration
Enter value for listener_token: apex:serverABC.ypg.local:7777
Enter value for site_id: 6F20F2EF
Enter value for site_token: W201QS2F6F20F2EF
Enter value for login_url: http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: 3F7CD0E25D17A170
Enter value for ip_check: N
Registration successful.
Listener token: apex:serverABC.ypg.local:7777
Site id : 6F20F2EF
Site token : W201QS2F6F20F2EF
Encryption key: 3F7CD0E25D17A170
Login URL :
http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Logout URL :
http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
IP check : N
PL/SQL procedure successfully completed.
Commit complete.
No errors.
SQL> select * from wwsec_enabler_config_info$;
LSNR_TOKEN
SITE_TOKEN
SITE_ID
LS_LOGIN_URL
URLCOOKIE_VERSION
ENCRYPTION_KEY
ENCRYPTION_MASK_PRE
ENCRYPTION_MASK_POST
U
apex:serverABC.ypg.local:7777
W201QS2F6F20F2EF
6F20F2EF
http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
v1.2
3F7CD0E25D17A170
C70C4A8B5227430F37EA0903E8A7C7BC
35B1659E7B2E5FB7BF1C0381B44E1FF9
N
Then on APEX_DB server I ran the following:
[oracle@ATC1SDBYM01 core]$ sqlplus
Enter user-name: / as sysdba
SQL> alter session set current_schema=flows_030100;
Session altered.
SQL> @custom_auth_sso_902.sql
...wwv_flow_custom_auth_sso
Package created.
No errors.
SQL> @custom_auth_sso_902.plb
...wwv_flow_custom_auth_sso
Package body created.
No errors.
SQL> grant execute on wwv_flow_custom_auth_sso to public;
Grant succeeded.
alter user flows_030100 identified by values ‘xxx’;
alter user flows_030100 account lock;
Here is a test application URL:
http:/serverABC.ypgstaging.local:7778/pls/apex/f?p=F101::&c=yellowmart
The application authentication schema is set to SSO.Scott
I have restarted AS and rerun the regapp script successfully. I have noticed I entered the wrong domain name while registering it first time and I have corrected the error this time.
SQL> select * from wwsec_enabler_config_info$;
LSNR_TOKEN
SITE_TOKEN
SITE_ID
LS_LOGIN_URL
URLCOOKIE_VERSION
ENCRYPTION_KEY
ENCRYPTION_MASK_PRE
ENCRYPTION_MASK_POST
U
HTML_DB:serverABC.ypgstaging.local:7777
W201QS2F6F20F2EF
6F20F2EF
http://serverABC.ypgstaging.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_lo
gin
v1.2
3F7CD0E25D17A170
C70C4A8B5227430F37EA0903E8A7C7BC
35B1659E7B2E5FB7BF1C0381B44E1FF9
N
However I still get the same error message in my browser when I point it to the application.
Regards,
Anna -
How to configure Oracle SSO for forms and apex
Hi All,
I am trying to configure oracle SSO for forms and apex using third party external authentication. Please help me how to configure. I a have tried all possible things
from web but I am not able to do it. Is there any doc or links are much appreciated.
Info: Some reason my oiddas web link is not working it used to work fine before and also the from /pls/orasso/ link I am not able to login may be because of my oiddas issue
ThanksHi Andreas,
Thanks you for your help. I am trying to implement third party external LDAP authentication for APEX and Forms.
So I started with OID and SSO setup to create external Partner Applications. Some reason my oid and sso web login links are not working. I didn't find any errors. I need some help in finding the problem and direction, I already read docs on web but no proper direction. I appreciate your help.
Thanks -
Integrating Oracle EBS and ApEx Aplication with Responsibilities and SSO.
Good day all.
I am looking forward from getting somebody 's help, the trouble I am facing is described below:
a) I am currently working on SSO with EBS. I mean, my users can connect and work perfectly.
b) ApEx is Configured as Application Partner with SSO, and the application we built (it's call PR-Auto)
is working good under SSO platform. I mean I am able to login using TEST user and password TEST in
both applications (EBS and PR-Auto).
c) The thing is that I need to call PR-Auto from one responsibility in EBS;
Following my setup for the responsibility:
- I have created a function:
Name: APEX_FA_PR
Properties:
Function type: SSWA plsql
Web HTML :apps.apex_launcher.launch_fa_pr
Web Host agent: pls/apex
- I have created a menu, application and responsibility using the function APEX_FA_PR.
- I have create launcher package:
create or replace package apex_launcher is
procedure launch_fa_pr;
end apex_launcher;
create or replace package body apex_launcher as
procedure launch_fa_pr as
begin
/** 110 Is ID of PR-Auto, my app **/
/** 5 is my home page **/
f(p=>'110:5');
end;
end apex_launcher;
d) New responsibility shows on EBS menu page.
e) Click on responsibility, and the page shows 'redirecting to login server for authentication', but
nothing happens, page goes blank with this url:
http://fahorromex37.fahorro.com.mx:8004/pls/apex/wwv_flow_custom_auth_sso.process_success?urlc=v1.2~42
03F9A8A1D696097BEA96499E6B6845E80C14A56DF724C3FFF879578FC734C5E1DEEA9129A4117E62A3676A409528E8EB927AA55
0EA7B208C34F5A3FDB4472679EDE448F8971966BE9BADD22207FE90BDBA2800E6529F3967A18DEC76DCC17DE21D96A65CA2C424
319F159CC78ED78E8B99F69F1BA8297A1EECF6AD137A6C3896E1C4E8D5F93874A9A08887D3F95058D33F667D7B785FF0A065B53
891B8B393DFD24530BD0720150F05DE63F0CD5AFD86F0267BAF4C9CAE8C5AA693B4E488B3776BF43450FD412167B402C962BABE
A54707043AFA6FBB168B29EDB3BE120FFE0C30683D53283B036E781ABF1A5F7374ADF83463D57D2EE958765B0501CE2B0F4E3DF
24845A54A1CF02526FA39EF60644ED5A0D9D2A05EBFAD3BD01007D0817135989A4B97D68C92C6E2BA767CFDB0AF188054024BB1
EFFA7DEC8699BBA7485A349D87BA1C15475927E52110DF56FCC3FD560D2CBBA1C0D7D9D3ADFCDB975CD2
the address of my application pr-auto is http://fahorromex37.fahorro.com.mx:8004/pls/apex/f?p=110
f) DBA teams follow instructions from the following documentation
"Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On"
and "Note 261914.1 Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and
Oracle Single Sign-On"
g) We are using:
DB: Oracle9i Enterprise Edition Release 9.2.0.6.0 - Production
SO: Linux 2.6.9-42.ELsmp
ApEx: 3.0.1.00.07
Any help will be greatly appreciated.
J.O.Many Thanks Daniel for your prompt reply.
Tried to understand the white Paper and your thread but I am still facing problem,although able to Call ApEX page but now i
want to pass th e session Id where I am stuck.
MY three functions:
CREATE OR REPLACE FUNCTION SYMAPEX.apex_authorise (
p_username IN VARCHAR2
, p_password IN VARCHAR2) RETURN BOOLEAN
AS
BEGIN
IF apex_validate_hash (p_username, p_password) THEN RETURN TRUE;
END IF;
RETURN (FND_WEB_SEC.validate_login@VCSDEV2_QA (p_username, p_password) = 'Y');
END apex_authorise;
CREATE OR REPLACE FUNCTION SYMAPEX.apex_generate_hash (
p_string IN VARCHAR2
, p_offset IN NUMBER DEFAULT 0) RETURN VARCHAR2
IS
BEGIN
IF p_string IS NULL THEN RETURN NULL;
END IF;
RETURN RAWTOHEX(UTL_RAW.cast_to_raw(
DBMS_OBFUSCATION_TOOLKIT.MD5(input_string=>p_string||':'||
TO_CHAR(SYSDATE-(p_offset/24*60*60),'YYYYMMDD HH24MISS'))));
END apex_generate_hash;
CREATE OR REPLACE FUNCTION SYMAPEX.apex_validate_hash (
p_string IN VARCHAR2
, p_hash IN VARCHAR2
, p_delay IN NUMBER DEFAULT 5) RETURN BOOLEAN
IS
BEGIN
FOR i IN 0..p_delay LOOP
IF p_hash = apex_generate_hash (p_string, i) THEN RETURN TRUE; END IF;
END LOOP;
RETURN FALSE;
END apex_validate_hash;
MY Launch Procedure:
CREATE OR REPLACE Package body OAE_PKG1 AS
PROCEDURE LaunchOAE1 (application IN NUMBER DEFAULT 101
, page IN NUMBER DEFAULT 111
, request IN VARCHAR2 DEFAULT NULL
, item_names IN VARCHAR2 DEFAULT NULL
, item_values IN VARCHAR2 DEFAULT NULL)
AS
BEGIN
OWA_UTIL.mime_header('text/html', false);
OWA_COOKIE.send
(name=>'APEX_APPS_'||application,
value=>FND_GLOBAL.user_name||':'||apex_generate_hash@QA_VCSDEV2(FND_GLOBAL.user_name),
domain => '.orvcsd01.symprod',
path=>'/');
OWA_UTIL.redirect_url('http://orvcsd01.symprod.com:7780'||'/pls/apex/f?p='||application||':'||page||'::'||request||':::'||ite
m_names||':'||item_values);
END LaunchOAE1;
END OAE_PKG1;
MY On Load before headre process:
DECLARE
c OWA_COOKIE.cookie;
a wwv_flow_global.vc_arr2;
BEGIN
c := OWA_COOKIE.get('APEX_APPS_101');
a := htmldb_util.string_to_table(c.vals(1));
:P111_USERNAME := a(1);
:P111_PASSWORD := a(2);
IF :P111_PASSWORD IS NOT NULL THEN
wwv_flow_custom_auth_std.login(
P_UNAME => :P111_USERNAME,
P_PASSWORD => :P111_PASSWORD,
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => :APP_ID||':111');
END IF;
END;
I am doing custom authencitaion and calling apex_authorise function there.
Although I am able to Call the ApEX and able to validate application server password,but moment i try taking help off cookies
to pass on my application session details to ApEX so that users would not have to login twice,i am gettign the error.
Second question:
Do we have any other methos of passing session to ApEX from Application server other than cookies.
Please suggest.
Thanks.
Ravijeet
Maybe you are looking for
-
Error while running an Odata service in Advanced Rest Client
Hi Experts, We have created one simple OData model (using Integration gateway) with datasource as SOAP web service. We are able to test the SOAP Web service in STORM tool and getting desired response. But when we run the converted OData URL in Advanc
-
Query related to Internal Table
Hi , I have a small query related to internal table , can we dump millions of records to an internal . The actual requirment is like i need to develop a report in BI side where i have to dump records into an internal table from PSA tables with
-
Production order Basic start date calculation
Hello PP Sapperu2019s, I have an production order for total qty - 865,00.This production order created on 11.08.2011 and I could able to see the Basic start date as 26.06.2011.Please let me know how this basic start date gets calculated. I mean what
-
Hi there My phone is playing up and won't let me receive texts or send any, and is getting mega laggy by the second. Whenever I try and access my messages I get a message saying, "Message storage memory not ready" It has been saying this for over 4 h
-
Generic and Master data delta.
HI, Will you please give me the solution for 'The differenet delats we have in generic delta,what actually is a numeric pointer.. how does it pick delat..is it something like it picks a record which has changes in it or it it each neew record.. if