Apex With SSO not working

When running htmldb 2.0.00.29 with SSO , we receive
ORA-06550: line 2, column 1: PLS-00201: identifier 'WWSEC_SSO_ENABLER_PRIVATE.GENERATE_REDIRECT'
must be declared ORA-06550: line 1, column 45: PL/SQL: Statement ignored
Error Unable to run portal_sso_redirect procedure as schema: PL_USER with partner app name: people finder:mercator.hq.ccw.gov.uk:7779.
During debugging the issue we found out that the ssosdk could not be installed into FLOWS_020000 correctly
( error like:
@loadsdk.sql
create table wwsec_enabler_config_info$ OF sec_enabler_config_type
ORA-00955: name is already used by an existing object
CREATE sequence wwsec_log_pk_seq increment BY 1
ORA-00955: name is already used by an existing object
and as followup error in regapp.sql
ERROR: Error in registration. Please try again
ORA-06508: PL/SQL: could not find program unit being called
Now we created in a separate schema the ssosdk and run next steps of
Note:353023.1 CONFIGURING AN APEX (HTMLDB) APPLICATION TO USE SSO:
But bow same error like on starting up the issue.
Question:
Is it possible to install ssosdk in a separate schema and not into FLOWS_02xxx
If yes, what are the steps differennt to the Note:353023.1
thanks

Hi Scot,
Thank you for your response.
This is what I did for the migration by following the thread in
How can I recovery APEX application from a full database export?
- Create new empty database with APEX installed.
- Disable foreign key constraints in the FLOWS_030100 Schema
- Truncate all tables in the FLOWS_030100 Schema
- Perform user level imports of tables only with IGNORE = Y for FLOWS_030100 Schema
- Enable the constraints.
(everything seems intact including SSO SDK objects)
To register with SSO, this is what I did;
1. Load SSO SDK in FLOWS_030100 Schema anyway
2. Register APEX as Partner in SSO
ID: 1B914F48
Token: F76K433U1B914F48
Encryption Key: F76K433U1B914F48
Login URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
Login URL : http://<hotsname>:7778/pls/apex
Success URL : http://<hotsname>:778/pls/apex/wwv_flow_custom_auth_sso.process_success
Logout URL : http://<hotsname>:7778/pls/apex
3. Run regapp.sql as FLOWS_030100
SQL> @regapp.sql
Partner Application Configuration
4.
Enter value for listener_token: HTML_DB:<hostname>:7778
Enter value for site_id: 1B914F48
Enter value for site_token: F76K433U1B914F48
Enter value for login_url: http://<hostname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: C5EB92724C7C98B8
Enter value for IP check : N
4. Ensure wwv_flow_custom_auth_sso compile successfully and grant it to Public
When I tested it, I did get the page of SSO login. But after logging in, it will just go to Page not found. Initially, I thought there's someting wrong with
wwv_flow_custom_auth_sso.process_success but it did compile successfully and I have granted it to Public.
Yong

Similar Messages

  • Axis bank net secure with webpin not working on ipad2

    Hi,
    Axis bank net secure with webpin not working on ipad2
    Lt me know how to proceed

    Try using their App:
    https://itunes.apple.com/in/app/axis-bank-mobile-application/id517266358?mt=8

  • Since installing Yosemite, Airplay with Freebox not working

    Since installing Yosemite, Airplay with Freebox not working
    With Maverick Airplay working well

    If you haven't done so already, try resetting the printing system.
    OS X Mavericks: Reset the printing system  also Yosemite
    Try deleting the printer and scanner and add them back.
    Also try Applications/Image Capture to see if it can find the printer and scanner.

  • Wifi connection with 4s not working after installing new software ios6

    wifi connection with 4s not working after installing ios 6.

    Go to Settings > WiFi > Select your network and hit the right arrow to "Forget Network"
    Then go to Settings > General > Reset Network Settings  and try connecting again when the phone restarts.

  • I'm having constant problems with pages not working. I.E.: I cannot fill in writeable fields, click on buttons... or anything... nothing on the page works. And, this is not exclusive to a particular site. I can, however, work well in Explorer.

    For the last few weeks I have had constant problems with pages not working. I.E.: I cannot fill in writeable fields, click on buttons... or anything... nothing on the page works. And, this is not exclusive to a particular site. It does seem to be a browser issue, because I can work well in Explorer.

    Both the Yahoo! Toolbar extension and the Babylon extension have been reported to cause an issue like that. Disable or uninstall those add-ons.
    * https://support.mozilla.com/kb/Troubleshooting+extensions+and+themes

  • Applications associated with workstations not working

    Hello,
    I have onld zen 7.x, on netware.
    Applications associated with workstations not working or appearing in one container. Not sure if it every worked. Apps work fine with users.
    I am in a bind, since I need to get the app out in the workstation space.
    It maybe rights or simple install error with the ZEN from the begining.
    thanks for any help or ideas.. Yes I know I need to get to Zen 11.
    Phil

    PhilJannusch,
    > Applications associated with workstations not working or appearing in
    > one container. Not sure if it every worked. Apps work fine with users.
    >
    > I am in a bind, since I need to get the app out in the workstation
    > space.
    Please tell us more as "not working" can mean a lot of things. So:
    Are they user or workstation associated?
    Are those for whick they do not work (users or workstations) all in the
    same container?
    In what way do they not work?
    Any errors?
    Anders Gustafsson (NKP)
    The Aaland Islands (N60 E20)
    Have an idea for a product enhancement? Please visit:
    http://www.novell.com/rms

  • I am getting frustrated with Apple not working with Flash player on some of my favorite web sites. Is there any alternative that will work on I-pad instead of flash?

    I am getting frustrated with Apple not working with Flash Player on some of my favorite web sites! Is there another alternative to watching these site options on my I-pad?

    Flash is not, and probably never will be, supported on the iPad : http://www.apple.com/hotnews/thoughts-on-flash/ . Plus it would be up to Adobe to make a version of their flash player that works on iOS devices - something which they have never managed to do and which they have now given up on trying to do.
    Browser apps such as Skyfire, iSwifter and Puffin 'work' on some sites, but judging by their reviews not all sites. Also some websites, especially news sites, have their own apps in the App Store, so your could try checking there for your sites (and there is the built-in YouTube app).

  • My orignal computer that I sync my iPhone 4 with does not work...can I sync it with a new computer?

    My original computer that I set up my iPhone 4 with
    Does not work.....can I use a new computer to sync
    The phone....how do I do this and is there a risk of
    Of losing any apps, music etc

    Try this:
    Syncing to a "New" Computer or replacing a "crashed" Hard Drive

  • RRMX/SSO not working with Win7/GUI 7.2

    Dear all,
    I'm testing the useability of our BW system with new Windows 7 and SAP GUI version 7.2.
    The only way of launching BEx analyzer is via RRMX or portal (using single sign-on) but this is not working. Once i trigger RRMX, Excel 2007 is opened (with Business Explorer Add-In) but when i try to open a query it opens the SAP Logon! The BEx version used is still the 3.5 (but we are in SAP BI 7.01).
    Does anyone faced this problem? Do you know if there are specific settings for using SSO or RRMX with GUI 7.2/WINN 7?
    Thanks for your help.
    Best Regards,
    Nuno

    Hi Guys,
    I have this issue also - I have used the above gui version and BW updates but still this does not work as such!
    I donu2019t have the reg key values that are mentioned above but works internally but no over direct access?
    We have windows 7 units connecting via a saprouter to a message server inturn connecting them to the application box.
    I have tried to create the key manually but still no joy.
    If go directly to the application server all works fine!
    If I go via the saprouter and then to the application server u2013 again all works fine!
    the error in the log sees an IP address ind=stead of the FQDN name
    The fqdn name of the saprouter and then an IP address????? However this should be a FQDN name
    So the error is something like /H/mysaprouter.co.uk/H/then the IP of application server
    /H/mysaprouter.co.uk/H/10.10.10.2
    There are no errors in the saprouter log file and nothing that I can see via the cisco firewall???
    I can telent on all portsu20263225, 3205 3005
    However please also note that this is not an issue when connecting internally via the saprouter, only an issue with Direct access (TCPIPv6)!
    Io any of you have any ideas why this would return an IP address instead of FQDN name via the sap router.
    This was working a few week oku2026u2026but something has changed and no one know what!
    I would suggest firewall issues but I do get teh above errors when trying to connect either via exel or trying to connect backwords via the tc RRMX

  • SSO with BSP Not Working

    Hi
    I am running Nw2004s Portal with ECC5 as BackEnd.
    I have Configured the ECC5 for SSO using RZ10 and strustsso2.
    The Portal UserIDs are same as those in  ECC5 .
    The SSO is working fine with ESS in the Portal.
    But when i run  a BSP iView then it asks for UID,PWD in a PopUp.
    I am accessing the Portal with FQDN and in the properties of the System
    referred by BSP also maintained FQDN of the backend WebAS.
    How to get rid of this Login PopUp for BSP ?
    Any Help will be highly appreciated !
    Regards,
    Rajendra

    Hi Rajendrakumar,
    You probably haven't updated the ACL properly via STRUSTSS02.
    The portal server digitally signs logon tickets as it issues them to the portal users. SAP Systems need to accept the tickets and verify the portal server’s digital signature. The following information is important for the SAP System to be able to accept and verify logon tickets:
    ·        The SAP System should only accept logon tickets issued from their designated portal server. Therefore, the identity of the portal server needs to be entered in the SAP System’s Single Sign-On (SSO) access control list (ACL).
    ·        The SAP System needs to be able to verify the portal server’s digital signature. The portal server has a self-signed certificate, therefore the SAP System needs access to the portal server’s public-key information, which needs to be entered in the SAP System’s certificate list.
    Check the following procedure
    http://help.sap.com/saphelp_nw70/helpdata/en/78/f1a8490e7011d6999500508b6b8a93/frameset.htm
    Regards,
    Siddhesh

  • Read Only Display of Radio group and Text area with counter not working

    Hello,
    I am using Apex 3.2, with 10g for the database
    I have this form, with fields that will set to read only when status = 'closed'
    All of the fields display as read only except for 2. I cannot figure out why this is not working correctly.
    1st field is Issues that is a text area with character counter, with a sql query behind it, that is set to null unless the query is pulling in the data.
    2nd field is Status which is a radio group that will not display as read only when status = 'closed'
    I have other fields on the form with the same format and they change to read only when the status = 'closed', I have even copied the pl/sql expression from one field to these fields and it still doesn't work correctly. I have also tried javascript for an on load event, which works, but once I click on the save button, it disables all of the page items, which works correctly, but I purposely forget to enter information, to make sure the validations are firing correctly, which it does, but the script disables everything, not allowing me to correct the errors. The javascript is firing on the on page load event.
    Any help on this is greatly appreciated.
    Mary

    Dung,
    That API seems to have a bug, it returns true/false/null, so you could use 'return not nvl(htmldb_util.current_user_in_group(p_group_name => 'APP Admin'),false)' to get a false value.
    Unfortunately there's another problem: using the read-only attributes for checkbox or radiogroup item makes them hidden. My suggestion would be to create another item that has disabled="disabled" in the HTML Form Element attribute in the item definition and display that item or the non-disabled item alternately, using conditions based on the current_user_in_group logic.
    Scott

  • SSO not working when launching the InfoView application

    We are so close to implementing SSO for BO Edge 3.0 using AD and Kerberos.  We can logon to InfoView and CMC using AD authenication and it works fine.  When turning on SSO:
        <context-param>
            <param-name>sso.enabled</param-name>
            <param-value>true</param-value>
        </context-param>
    in the InfoViewApp web.xml it fails with an error message in the Tomcat stdout.log
    Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
    +          [Krb5LoginModule] user entered username: "at"MYCOMPANY.COM+
    User name is missing.
    When done through the application logon screen and able to logon it is
    Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
    +          [Krb5LoginModule] user entered username: dennis"at"MYCOMPANY.COM+
    The username appears in the log file followed by the debug message for Kerberos key being created.
    I am so close, does anyone have an idea?

    Hi Tim,
    The Vintela SSO document for BOE XI 3.1 is very comprehensive, but it has not resolved my issue.
    Under NTLM option I SSO works great with .NET InfoView as long as I have the web site authentication set to Windows Authentication and ASP .NET Authentication enabled.  Once the ASP .NET is disabled, SSO does not work.
    When using the Kerberos option, .NET InfoView SSO does not work due to the error 'propagating the security context between the security server and the client'.
    The Java InfoView SSO does not work either, but I can enter my user credentials and logon fine.
    std.out error:
    Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
              [Krb5LoginModule] user entered username: @OR.PROVIDENCE.ORG
    Acquire TGT using AS Exchange
              [Krb5LoginModule] authentication failed
    Generic error (description in e-text) (60)
    No user name is being passed.  I've been through a multitude of documents and forums ensuring settings are correct and I believe they are including no duplicate SPN's.
    The only issue on the server is that I cannot open the tomcat confi app. due to it not able to start service BOE120Tomcat.  I was able to update the registry with the info for the bsclogin.config and krb5.ini.  I was not able to find anything on getting that service started.
    Any ideas?  Need more info? I have a bunch. 
    Thanks and have fun,
    Phil

  • SSO not working in ESS/MSS in ERP 2004

    I have installed the Business Packages ESS 60.2 and MSS 60.1.2 on EP6 SP9.  Another server has the Web AS ABAP 6.40 system and J2EE running the ESS and MSS Web Dynpro apps.  It all works fine without SSO.  When I change the JCO Destinations for the application data to ticket instead of username/password I get the following error on testing:
    com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: The system is unable to interpret the SSO ticket received
    This error also occurs when accessing the webdynpro app directly or through the portal.  NB. The portal SSO does work in the case of calling an R/3 transaction or calling webdynpro app iview that does not in turn make an RFC call to the ABAP system.  I have followed the SAP help on "Scenario: SSO Between Portal, Web Dynpro, and ABAP Systems".
    Any ideas appreciated
    Fergus

    Hi Prakash
    This is the end of the dev_jrfc.trc from the abap/j2ee webdynpro server:
    Error file opened at 20050608 101523 British Summer Time Rel 6.40
    Error> occured  >Wed Jun 08 10:15:23,406<    >RfcGetException rc (7) message: The system is unable to interpret the SSO ticket received
    <RfcGetException
    Error> occured  >Wed Jun 08 10:17:28,544<    >RfcGetException rc (7) message: The system is unable to interpret the SSO ticket received
    <RfcGetException
    The portal dev_jrfc.trc does not report any errors.
    Other information I should have mentioned: EP uses LDAP for user directory, the ABAP system uses its own user management, the J2EE on the ABAP server uses its own user management.  The user I am testing with is the same name in all 3 systems and has full admin permissions in each.
    Thanks, Fergus

  • CAS SSO not working for VPN Group

    Hello,
    I am trying to get SSO working for a CAS/CAM in a inband virtual gateway for VPN users coming in off a ASA5520. There are two VPN groups each with its own group policy and tunnel group. One group uses a Windows IAS Radius Server and the other a token based RADIUS RSA device.
    Users use the AnyConnect client to connect to the ASA where they are dumped into a vlan. SSO works for the group that uses the Winodws radius server. On the CAS the Cisco VPN Auth server has the Unauthenticated Group as the default group, and then I use mapping rules (Framed_IP_Address) to get the different vpn groups into the right roles. This works for the one group, but since SSO is not working on the second group the CAS never gets the chance to assign them into the correct role.
    The only thing I got is this from the ASA:
    AAA Marking RADIUS server billybob in aaa-server group cas_accounting as ACTIVE
    AAA Marking RADIUS server billybob in aaa-server group cas_accounting as FAILED
    I am so close but cant call this done yet....

    Hey Faisel,
    Thanks for the question.
    This is the stange thing. For days Group A (Windows Radius Server) was working and Group B (RSA Radius Server)  would not work. Then for some reason I had to reboot the CAS and BOOM...Group B started working and Group A STOPPED working.
    So on the ASA I now get these:
    AAA Marking RADIUS server cas2-hvn-3515 in aaa-server group cas_accounting2 as ACTIVE
    AAA Marking RADIUS server cas2-hvn-3515 in aaa-server group cas_accounting2 as FAILED
    Where cas_accounting2 is the AAA server group for Group A
    On the ASA I can see that the FW sends a packet to the cas:
    "send pkt cas2-hvn-3515/1813"
    but the FW never gets an answer back from the CAS for Group A whereas with Group B I can see the response from the CAS.
    "rad_vrfy() : response message verified"
    What can I look for in the CAS logs to see where the problem is. I will try and setup a packet capture on the CAS and debug it too.

  • RD Web Access SSO not working correctly

    I have two Win 2008 r2 sp1 servers.  Both are RD Session host servers.  One of them is also serving as a RD Gateway server AND RD Web access server.  Most everything is working well and as planned.  However, I am having an issue with
    the the RD Web Access.
    In the RD Web access server configuration page, I've set "One or more RemoteApp sources" and I've added two servers there, separated by a semicolon (eg RDServer1;RDServer2), and as expected a long list of RemoteApps hosted on both servers is shown .  The
    issue is that whatever server is listed second (eg RDServer2) won't allow sso to work right  -- when I click a link for a RemoteApp hosted on RDServer1 I am not prompted again for login credentials.  However, when clicking a link for a RemoteApp
    hosted on RDServer2 I am prompted "Enter Your Credentials".  I've tried swapping the order of the "Source Name" servers, and after a reboot indeed links to the RemoteApps hosted on that second server now prompt for me to "Enter your credentials".
    Things I've tried:
    1. Trying various server name formats (IP address, NetBIOS name, FQDN, and more) to no apparent effect.
    2. Applied the hotfix from KB2524668 to both servers.
    3. Flushed the IE caches for the client machines.
    4.  Tried various AD login accounts
    5. Ensuring that the RD Web Access server is added to the local group "TS Web Access Computers" on both servers.
     This is one step that I'm not 100% sure of -- it is clear to me that the RD Session host server that doesn't contain RD Web access should be there, but I'm not totally clear as to whether the dual-duty RD Web server/RD Session host should have this setting.
     I've tried it both ways, but it doesn't seem to make a difference.
    I'm stumped.

    Kevin,
    That's it!  I have a separate SSL cert for each RD Session Host, and used the corresponding certs to sign RemoteApps for each.  I still don't see this requirement in the documentation (although they do mention exporting self-signed certs, but that
    is due to the fact that they are self-signed and not automatically trusted by client machines), but maybe I'm just blind.
    Regardless, the fix to my problem was to export the cert from my RDServer1, import it to RDServer2, then set RDServer2 to use that cert to sign the RemoteApp connections.
    Thanks for your assistance, I was really stuck.
    Chris

Maybe you are looking for

  • CONNECTION OBJECT AND POD

    hi experts, can any one of you explain what is connection object and point of delivery with any example.

  • "Cannot play video with this frame rate&qu

    For reasons that aren't important here I cannot use the Zen video converting software. Instead, I've been using the trial version of the Caniusoft Video to Creative Zen converter. Only once has a video played, but as soon as I closed the video and op

  • 5.1 Surround sound not working in iTunes any suggestions?

    My 5.1 surround sound will not work with iTunes it only plays out of the front left and front right speaker. In other programs it runs fine any suggestions on how to make it work in iTunes?

  • Android sound or image picker ANE help

    Hi folks, We are building an AIR app and working on native extensions. Has anyone done an ANE that calls the native music track picker (to select multiple tracks) or image gallery picker (to select an image)? Mind sharing the source? Would really app

  • Output-Mode paramter is only for jspx

    Dear Friends, Iam setting <output-mode> this paramter value to printable. And in the customised PhaseListner iam able to identify only the id of Jspx. iam unable to get the id of Popup which is inside the jspx in phase listner. I want to set the "Pri