Application Aliases & SSO

Similar Messages

• Second htmldb as partner application in sso

  Hello ,
  I have 2 databases (say A and B) running each their own htmldb instance.
  I have 1 sso server where already 1 htmldb partner application is defined of DB A.
  Now i want to define the second instance of the htmldb on DB B also as partner application on my sso server.
  In the installation guide, i read the following for value of app_name when running regapp.sql
  'You must use HTML_DB as the app_name', but i already have one defined of DB A. Can I use another name or should i use the same name ? Or is it impossible to define 2 htmldb partner applications on 1 SSO.
  Grtz,
  Chris.

  When defining my app_name with the regapp.sql, i have used
  HTML_DB_TEST:servername:443 as listener_token.
  As i already have a HTML_DB:servername:443.
  I also used HTML_DB_TEST in the definition of the partner application.
  Now I'm getting : Expecting p_company or wwv_flow_company cookie to contain security group id of application owner. when trying to run my application.
  Could this be related, and if so, how can i define a second htmldb application as a partner application in sso ?
  Chris.

• Register application with SSO

  Hi all
  I have a APEX install which I have succesfully registered with SSO as a partner application (I have registered APEX/HTMLDB itself). On this machine we host a number of applications which can be accessed as http://myserver.mydomain.com/pls/htmldb/f?p=APP_NAME1 (and so on to APP_NAME_n).
  The business owner of one of these applications wants to have an application-specific URL instead of the generic type URL (eg, http://my-new-app.mydomain.com/....), and to keep the new alias in the browser URL. However, I am sure that this will require me to register the application with SSO as the SSO server won't recognise the new URL.
  I have searched the forum and not found any reference to having the entire HTMLDB engine registered as a partner app, and registering individual apps with SSO at the same time. Perhaps, this is so trivial and straightfoward that no-one has come across any problems with this. But I wonder if there are any "gotchas" in having this kind of set up before I actually start on it.
  regards
  Gerard

  Gerard - That should work as that was the intended purpose of having the two "flavors" of SSO partner app integration - so that a workspace schema could have a local copy of the SSO SDK and could use it independently of the Application Express installation's copy. Do let us know how it goes, especially if it works.
  Scott

• Connectiong to OIM from Webcenter Frame Work application for SSO.

  Hi all ,
  I am trying to connect to OIM from Webcenter Frame Work application for SSO.
  Need help on finding documents regarding that.
  Complete installation of OIM 11g(11.1.1.6) is done.
  Regards,
  Shakir

  Hi Vinay,
  Thanks for your reply ,
  The document you suggested has only installation steps which is already completed.
  I just want to know how you connect your web center frame work application to OIM (for SSO) through API's or some other way,
  so that whenever user try to access any page of your application ..you are redirected to OIM
  Thanks & Regards,
  Shakir

• Partner Application in SSO logout does'nt synchronize

  Hi All,
  I've setup two separate application on different workspace and different server as partner Application. I've follow the instruction from http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
  . And everything working fine, but the "logout" seen doesn't work correctly.
  Example: I'm login to Application "A" from single sign on homepage, after enter username and password, it direct me to Application "A". After that, i've click on Application "B" which also located on single sign on homepage and direct me to application "B" (that's correct). When I clicked on the "logout" link in Application "A" it work fine, but the other Application (B) doesn't log me out. I can do the normal work on Application "B" even the Application "A" already logout.

  Hi Scott,
  Thank you for your reply. I've read the two link above and I don't figure out how to resolve my problem yet. From the link: Logout URL for 9iAS SSO Partner App
  you said:
  Steve - Here's a logout URL that unsets the app's session cookie first, then goes to Single Sign-off, then back to a public page in the app:
  https://host:port/pls/DAD/wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:https://login.yourlogin.com/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=https://host:port/pls/DAD/f?p=&APP_ID.:PUBLIC_PAGECan set the authentication schema logout URL of application "A" something like: unsets app's session cookies first, then goes to Single Sing-off, then goes to Application "B" sign-off, and then back to a public page in the app. That way will be logout the Application "A", logout the Single Sign-On, and logout the Application "B" when i click on the "logout" link from Application "A". Am I correct?
  The other question is how can i get the SSO cookie. I've used the owa_cookie.get('cookie_name') function, but it doesn't work for SSO.
  Thanks,
  Kevin

• Register the partner application through SSO Administer Partner Application

  When should I use the "Administer Partner Applications" link on the SSO Server Administration page to register the application among the following cases?
  1. sign-on SDK integrated application
  2. mod_osso integrated application

  Were you able to resolve the issue???
  Can you pls try Rerunning ssodatan/x with the correct data. The ssodatan script is located in the directory ORACLE_HOME/portal30/admin/plsql/ssodatan.
  Refer following link for more info on SSODATAN , SSODATAX and DIAGNOSTICS scripts in Portal 3.0.x:
  http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=136138.1

• BC4J, Auditing, Partner Application and SSO

  I am trying to figure out how to set up a BC4J-JSP app to use "database audit trail in entity objects" within a Portal/SSO environment.
  Here is the situation;
  Part 1:
  I am able to partially get the auditing to work on a BC4J App Module in the tester by setting the appropriate history columns in the Entity Object and then setting the jbo.security.enforce property to "Test". Upon entering the tester I am challenged for a "username/password". At this point I can enter any credentials, I can then enter some data. Visually checking the database I find that the history "date" columns (date_created) are ok but the "user" columns (created_by) are not filled in.
  Part 2:
  Now if I set jbo.security.enforce property to "Test". I am not sure what user credential to enter here. I have looked at OID Manager for some clues for what username/password but I'm not sure if this is even in the ballpark.
  Part 3:
  At some point I will deploy this app as an SSO/Partner Application which will be accessed from a Portal page. Since authentication is handled by the SSO login page, I am confused about setting up the "database audit trail in entity objects" (from Part 1) as it talks about creating * another * login page. This seems contradictory so Long postings are being truncated to ~1 kB at this time.

  Part 1:
  When setting jbo.security.enforce property to "Test", BC4J does not throw exception if credential is invalid. You should set it to "Must" if you really want to validate the credential. The "Test" setting does perform the authentication, a warning stating authentication fail is in the diagnostic output if the username/password is invalid. The "Test" setting is just to exercise the authentication but if it fail it does not stop the rest of the application. The "user" column (created_by) does not get fill could be cause by failed authentication or if the column is marked as Refresh on Update or Refresh on Insert, or if the client app insert null or zero length string into it.
  Part 2:
  BC4J default authentication uses the LoginModule from Oracle9iAS JAAS (in j2ee\home\jazn.jar). This LoginModule by default configure to use the lightweight jazn-xml. You can check this by looking "<jazn provider=..." in the j2ee\home\config\jazn.xml. If you are interested in using OID, you need to change it to <jazn provider="LDAP" location="ldap://myoid.us.oracle.com:389" />, "myoid.us.oracle.com:389" should be host address and port of your OID. There are a few predefined users in the lightweight jazn-xml if you wish to test it, there are admin/Long postings are being truncated to ~1 kB at this time.

• Registering a partner application with SSO SDK

  Good day
  Since 2 days, I am struggling for the issue of registering a Servlet application as a partner
  application using the SSO Login Server.
  As per the suggested note id 182701.1 in metalink , I implement the following steps :
  - Step A : Create the partner Application Schemas (Succesful & the name of the shemas is : ssopartner)
  - Step B : Load Packages for the partner application (Successful)
  - Step C : Obtain the registration information (Successful)
  - Step D : Run the regapp.sql (successful but they forgot to mention that I should load the
  SSOHash.class )
  - Step E : Compile and Run
  I deploy the application under 9iAS in order to test it.
  I add the ssosdk307.jar the the jserv.properties file.
  I invoke the SSOPartnerServlet java program by entering :
  http://name of the webserver/servlet/SSOPartnerServlet
  I got the message "redirecting to the login server" and I got the
  login page of the SSO Server.
  Once I submit the user/password , I got HTTP 400: Page cannot be
  displayed.
  I check the mod_jserv.log file and find out the following message :
  [08/04/2002 13:54:16:949] (ERROR) ajp12: Servlet Error: POST is not
  supported by this URL
  Could you please advise
  Your prompt feedback is highly appreciated
  regards

  I believe that this is not possible as the mod_osso realizes that the URL is below an URL that you want to protect.
  The only way I see that you can do this is the following modification in the mod_osso.conf:
  <Location /myApp/secure_partA>
  AuthType basic
  Require valid-user
  </Location>
  <Location /myApp/secure_partB>
  AuthType basic
  Require valid-user
  </Location>
  <Location /myApp/secure_partX>
  AuthType basic
  Require valid-user
  </Location>
  So your application /myApp/subApp will not be effected and people can just access this part. However you will have more administration in your mod_osso.conf
  cu
  Andreas

• 10.2 Application Server SSO setup issue.

  Hello,
  I just installed a 10.2 Application Server Infrastructure installation, and I'm trying to set up SSO w/ PKI.
  I followed the following in attempted to set this up:
  http://download.oracle.com/docs/cd/B14099_11/idmanage.1012/b14080/appendixe.htm#sthref2671
  I succeeded in setting up the SSO partner login page on 4443, however when I attempt to log in, I get a 500 error from the HTTP server.
  Looking through the logs, I see the following error from the ssoserver.log:
  Mon Oct 26 13:30:27 EST 2009 [ERROR] AJPRequestHandler-ApplicationServerThread-5 Auth object, null could not be created: null
  Mon Oct 26 13:30:27 EST 2009 [ERROR] AJPRequestHandler-ApplicationServerThread-5 Unexpected Exception received
  java.lang.NullPointerException
  at oracle.security.sso.server.ui.SSOLoginServlet.processSSOPartnerRequest(SSOLoginServlet.java:796)
  at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:328)
  at oracle.security.sso.server.ui.SSOLoginServlet.doGet(SSOLoginServlet.java:285)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
  at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
  at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
  at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
  at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
  at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
  at java.lang.Thread.run(Thread.java:534)
  I suspect something isn't registered correctly, or I need to enable SSL someplace that wasn't mentioned in that document.
  Does anyone have any pointers/docs they could point me at that could help?
  -Dennis

  Thanks a lot, I followed those instructions and it worked.
  You have no idea how long I've been looking for instructions like that.

• APEX 3.2 Associating application with SSO login page.

  Hi
  My requirement is to replace my login page of APEX3.2 application with an SSO login page. Also, the application uses some tables with some history columns like: "Last Updated by", "Created by", "Last Update Time", etc... While create/edit of any table, I want these columns to be automatically populated according to the credentials used in SSO login page to that application. Please help.
  The link given on this forum (http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html) for the purpose seems to be obsolete i.e. for previous versions of APEX.
  Thanks
  Bhavesh

  Bhavesh,
  That how-to explains all the steps you need to set up SSO with Application Express.
  As far as the audit columns, just create triggers on your tables. Referenced v('APP_USER') to get the authenticated username.
  Scott

• Java web application and SSO in Portal

  I have successfuly deployed an EAR file(Servlet/JSP) to my OC4J. In my deployment descriptor, I have added security-constraints tag to implement authenticaion using LDAP. In the process of deploying, I have also specified the LDAP associated to my OC4J as my user manager. This in effect adds up a jazn auth method=sso in orion-application.xml after deployment.
  My application, when accessed independently as http://hostname:port/app/index.jsp, is working fine. Login page pops up when the user hasn't logged in yet and redirects to index.jsp when authenticated.
  however, when I added this exact link to oracle portal so that everytime a user logs into the portal, he/she will be automatically logged-in to my application, it turns out that it isn't recognizing the logged user and keeps flashing an page cannot be accessed error.
  Any idea what to do with this?

  have you tried a javascript forum?

• Multiple instances of the same APEX application under SSO

  Currently we have several applications that are authenticated through Oracle SSO. The apps are authenticating correctly, but I can't be in multiple instances of the same application without having to re-validate through SSO when I move between instances.
  Scenario: I'm successfully signed into my "parent" application, app_id 1 through SSO. I click a custom link that opens the "child" application (app_id 2) to view widget "A". When the page is launched I see the usual "Redirecting to the Login Server for authentication" message (verifying that I'm signed in through SSO) and then it succeeds and takes me into app 2, displaying widget A. I click the next link to launch another instance of app 2 with a different APEX session id for viewing widget "B". This also passes through SSO and redirects me into app 2, displaying widget B as expected. But now if I go back to navigate anywhere on widget A in my first instance, it has to go back through the "Redirecting to Login Server." This now means the widget A window is valid, but the widget B window will have to redirect next time I use it (back & forth & so on...)
  So my question I suppose is: Is it possible/good practice to allow a single user to open multiple separate instances of the same APEX application using different APEX session_ids viewing different data under Oracle Enterprise SSO?
  Guesstimation: It seems like there must be a switch somewhere in SSO that says "allow multiple application instances yes/no"...but my problem may be APEX itself, or how SSO is tied into APEX... Sorry for the super-generic example, I'm not exactly sure where I should be looking to resolve this, and the closest similar problem I found on the forums was here: login to application twice in two seperate IE  windows clears other login

  reset your dock preferences. delete the file homedirectory/library/preferences/com.apple.dock.plist and log out/in. your dock, spaces and exposé will be reset to the defaults. see if the problem goes away.

• Register non web application on SSO

  how can i register non web application ? I have installed app server , oid and was able to sync with active directory. I need to integrate and have a single sign on for all my application . What will be the next step ?

  Thanks Kiran for your prompt response. I dont have any web based application. I have some of the applications where backends are oracle and sybase. How can a provide a single sign on for the application. Once the user enters his user name or password. If he has the prvilege the use multiple apps he dont have to enter username and password for each application. I had syn with windows AD. I have oracle db on unix. I believe i have to sync with EM users for all oracle db. what about sybase ?? how can i have the single sign on . I have OID, IAS installed on a single windows server.
  Yesterda when i restarted the server i got the following error. when i checked the opmnctl status
  ias-component | process-type | pid | status
  ------------------------------------------------+---------
  DSA | DSA | N/A | Down
  LogLoader | logloaderd | N/A | Down
  dcm-daemon | dcm-daemon | N/A | Down
  OC4J | OC4J_SECURITY | N/A | Down
  HTTP_Server | HTTP_Server | 2088 | Alive
  OID | OID | N/A | Down
  earlier oc4j_security and OID was alive now only http_server is alive
  when i tried to start the process i get the following errors
  E:\OraHome_1\opmn\bin>opmnctl startall
  opmnctl: starting opmn and all managed processes...
  ================================================================================
  opmn id=CV2K3TESTAPP02:6200
  1 of 3 processes started.
  ias-instance id=iasrep.cv2k3testapp02.corp.cvpsnet.net
  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  ias-component/process-type/process-set:
  OC4J/OC4J_SECURITY/default_island
  Error
  --> Process (pid=0)
  oid dependency failed
  OID
  failed to start a managed process because a dependency check failed
  Log:
  none
  ias-component/process-type/process-set:
  OID/OID/OID
  Error
  --> Process (pid=0)
  database dependency failed
  iasrep
  failed to start a managed process because a dependency check failed
  Log:
  I would appreciate if anyone could help me

• Hundreds of roles for a J2EE application using SSO/OID

  We are starting to develope a J2EE software that will have hundreds of logical roles. These logical roles must be assignable to users and groups on OID.
  When prototyping this scenario, we were not able to make this work well enough. Namely, in OIDDAS (which will be used by the end users to administrate users), all the "role groups" and user groups are always shown in one listing.
  Ideally, what we would want is to only have configurable user groups visible in OIDDAS and all the fine-grained roles would be assignable to users and groups separately. Tthe "Roles Assignment" section in user/group edit screen is quite close to the idea though having hundreds of low-level roles listed there will make administration a bit complex.
  We have also considered hiding the raw "role groups" from OID by moving the low-level administration to Enterprise Manager, where multiple logical roles would be mapped to composite OID groups. However, we currently don't see this as a viable option since we don't want to allow normal login administrators access to OEM where they can break too many things.
  How have you guys solved the problem of mapping hundreds of roles to user-configurable groups and users? What would you suggest? Is our planned approach (map logical roles to LDAP groups) the wrong way to try to solve the issue? What would be a better way?
  Thanks in advance,
  Keke

  Hi Peter,
  Thanks a lot for your post.
  My requirement is such that I have to fetch nodes from WLP content management system and all the associated data (content, security related info) with that node. Since security for a particular node is in the form of roles, I need to fetch the roles list for the node under processing.
  However my application requirement is such that any user can ask for retrieval of node(its contents). In that case I need to check whether user lies in the list of roles defined for the current node (node for which user asked).
  Thus my requirement becomes: Checking whether a user is in the given list of roles.
  A careful investigation if the API's helped me find out a method isUserInRole(role, rolemap), but this method provides information for the logged in user only.
  My application will login thru admin credentials(weblogic, weblogic) and will chekc other users say bryan, linda are in the roles list of the nodes under procesing.
  Please guide.
  Regards,
  Shakti

• Java Web application with SSO cookie

  Hello All,
  We are having a web-Java application which is interacting with SAP-Web As and then calling RFC'c to get data from backend.
  My scenario should get user name and password from the MYSAPSSO2 cookie generated by the server.
  There are few issues with the application.
  1)When I am launching the application from my browser , a small pop up comes up "The server at Upload Protected area requires a user name and password".When I am providing the user name which is existing on my Java and ABAP stack ,its saying  "403   Forbidden :You are not authorized to view the requested resource."
  But when I am logging in with super user j2ee_admin, its allowing me to enter the application.
  Please let me the what settings are required for my user on the server to bypass this small window of protected area.
  2) Do we have any option to generate MYSAPSSO2 cookie programmatically ?
  3) Do we have any option to modify /add username in existing MYSAPSSO2 cookie?
  Thanks & Regards,
  Abhivyakti
  Edited by: Abhivyakti Srivastava on Jun 17, 2011 8:27 AM

  sorry,I 've got this:
  http://sourceforge.net/forum/forum.php?thread_id=1731549&forum_id=399715
  The problem is solved!
  forget my question...Thanks a lot!