Audit SSO User

Similar Messages

• How to reset the user password in Portal (SSO Users).

  Hi,
  How to let the Portal users (SSO Users) reset their passwords by themselves..?
  - J

  Forgot one another thing,
  Assume that the users have set their required challenge questions (hints).
  How does it work when the user forget his/her password. Is it like something below.
  - click the "Forgot Password" link.
  - Enter your id
  - Answer your Hints.
  Will the new password be emailed to you or you will be allowed access the system and then the user has to choose a new password.
  Could you please shed light on this.
  J.

• How to Identify database sessions used by forms sso user sessions?

  Hi:
  When using forms with SSO, all database sessions are opened by the same OSUSER (usually oracle), from the same machine (usually the forms server) and by the same program (usually [email protected] [TNS V1-V3]).
  I need a way to identify the database session (v$session) that is beeing used by a specific SSO user. By using SSO, we say implicitly that all users using that SSO resource will be connect to the database by a specific database user.
  So, what can I do to identify the database session that a specific forms user is using ?
  Thanks
  Joao Oliveira

  You could try something like the following in a when new form instance trigger:
  declare
  authenticated_username varchar2(30);
  begin
  authenticated_username := get_application_property(`sso_userid');
  DBMS_APPLICATION_INFO.SET_CLIENT_INFO (
  client_info IN VARCHAR2);
  end;
  This will store the sso userid in the client_info field of v$session.
  I hope this works for you.
  Randy McGregor

• How to check SSO user from database?

  Hi:
  I've posted this topic in Forms forum:
  How to check SSO user from database?
  then as I've been told, it's better to post it here, so ...... here is the question:
  I'm writing a "before delete trigger" to insert into log table before delete. Is there a way that I know from database the current SSO user when SSO users share one database user?
  Just like in Oracle Application Express there is v('APP_USER') to know the current user.
  Saad,

  End users are manipulating data through Oracle Forms(and SSO through portal) and the thing I need is to trace the SSO username from database without modifying forms, I mean purely from database taking into consideration that SSO users are sharing one database user. Is it possible?
  Saad,

• Passing SSO user id to database?

  I would like to run my 10g forms in SSO mode and I know that I can get the SSO user id using the get_application_property built-in. How do I pass this user id to the database to be used in a database trigger.

  Thanks Frank,
  I suspected I would have to do something like that, but I have limited experience with calling stored procedures from forms. Would every form need to do this or could I just call the stored procedure and keep it in a variable for the duration of the session? We're probably going to have a form that acts as a menu and calls all other forms.

• How to audit a user at same time it is created?

  Hi, I got a problem and I hope someone can help me.
  Is there any way of auditing a user at same time it is created?
  For example I create the user "Eddy" and I want this account to be automatically audited so I don't have to execute "audit session username;" each time a new user is created.

  I wasn't aware but it seems that most of DDL operations are not available directly from system triggers. Anyway, you can log the user created in a table (stored in ora_dict_obj_name) for being processed later with a scheduled job.
  All in all, it seems much more easier to use two sentences create + audit.

• How to get the SSO user from PL/SQL with Windows native authen

  I connect to a 10g daabase using SSO through Windows Native Authentication wher the OID user mapps to a single Database user.
  I need to get the SSO user from pl/sql
  My fornt end is Portal & Forms

  Hmm, I see.
  Well your problem boils down to being in the database and needing to have access to web environment variables. The SSO sets specific variables in the environment but your stored procedure is not privy to them.
  Now having said that, note that the mod_plsql Web Toolkit has a utility for accessing cgi variables. For instance,
  owa_util.get_cgi_env('Osso-User-Dn')
  If your web application cannot capture the SSO info and pass it to the stored proc in a parameter, OWA may be the only way.
  Check out the Single Sign-On Developers Guide, specifically the part about developing statically protected PLSQL applications.
  Hope this helps.
  regards,
  tt

• Perpetual license upgrades in the future for Audition CS6 users?

  I notice that Adobe is now offering Photoshop CS6 users perpetual license upgrades withjout having to join the CC perpetual rental program.
  I wonder if Adobe will eventually do the same for us Audition CC6 users.
  Ray Edwards

  Unfortunately on re-reading I found the announcement read "update" (bug fixes), not upgrades. I guess I read what I wanted to see.
  http://blogs.adobe.com/photoshopdotcom/2013/11/photoshop-cs6-13-0-5mac-13-0-1-2win-perpetu al-license-updates-now-available.html
  Ray

• How can we access the logged in SSO user email address in websheet app

  Is there any way where we can find the email address of the logged in SSO user, do we have any variables which we can use and if so how can we use in our websheet application?
  could any please guide me on this
  thanks
  srinivas p.

  You can't access it directly. But your applet can make net connections to the server, and the server can provide that kind of functionality. Generally this is easiest by making HTTP connections and having the server provide the functionality via the web server. (So in your case, JSPs or servlets on the server would list/deliver/create/modify/delete files, and the applets would invoke those JSPs and servlets.

• Administering SSO Users

  Hello,
  I am new to Oracle and this group, so please let me know if I should post this question in a different group.
  I am a Java Web application developer (Apache/Tomcat etc.). I have been tasked to use Oracle AS 10g to adminster SSO user activities, such as create, modify, delete users, assigning roles and user groups. To get started, we will populate the OID with a set of users and use an Oracle AS 10g instance as a test platform for development. Where can I find how to architect the system best ? Where to use JSP's to interface with other SSO applications ? I have read a lot of white papers and documentation, but none of them give detailed technical information on how the interaction happens.
  Thanks for any suggestions.

  dba_users is in the database. SSO is in middleware. Not real sure what you need, so I guess start with http://www.oracle.com/technetwork/middleware/id-mgmt/esso-suite-technical-whitepaper-1519077.pdf

• Integrating SSO users and Discoverer users

  Hi,
  I want to integrate SSO user with discoverer users. The discoverer users are database users. Is there any way by which I can authenticate discoverer user via single sign on. And if SSO user changes his password or a new SSO user is added, then the changes are reflected in discoverer users.
  Regards.

  I am having this problem too.
  In fact I would prefeer to have only one shared database user for all SSO users, and use only VPD and database roles for access control. But discoverer uses the database user for controling access to the workbooks. So any user can delete all the workbooks that other users saved when sharing the database account.
  Discoverer plus could have a option to use the SSO user instead of the database user, like it does when using a Applications mode EUL.

• Get the user name of  sso user who  logged in from my partner application

  Hello,
  I have created a jsp web application and i registered it under oracle sso server. How can i get the user_name of the user logged in to the sso server from my web application in order to personalize my web page ???
  Thanks in advance.

  Hi zeliko,
  Have you tried request.getRemoteUser() or request.getHeader("Osso-User-Dn")?
  -Vinod

• How to change SSO user's password: Get LDAP URL

  Hi,
  I would like to add a 'change user SSO password' form to my BC4J application. The form's submit button fires an action that calls a PL/SQL package. This package receives 7 parameters, and uses de dbms_ldap package to change the user's password.
  Parameters:
  - LDAP Host
  - LDAP Port
  - User DN
  - SSO Username
  - Old Password
  - New Password
  - Retyped New Password (for confirmation)
  I'm trying with a DataForwardAction event whose purpose is to get the user's account information and the LDAP location, but I can't get the LDAP Location (ClassCastException) and the SSOUsername (NullPointerException).
  I'm using JDeveloper 10.1.2.0.0 (Build 1811)
  My question is: ¿What am I doing wrong? ¿Is there any easier way to do this?
  The code is below:
  import javax.servlet.http.HttpServletRequest;
  import oracle.adf.controller.struts.actions.DataActionContext;
  import oracle.adf.controller.struts.actions.DataForwardAction;
  import oracle.security.jazn.JAZNConfig;
  import oracle.security.jazn.spi.ldap.LDAPJAZNProvider;
  public class ChgPwdAction extends DataForwardAction
    public void onChange(DataActionContext ctx) throws Exception
      HttpServletRequest request = ctx.getHttpServletRequest();
      String host                = null;
      String port                = null;
      String userDN              = null;
      String SSOUsername         = null;
      String oldPwd              = null;
      String newPwd              = null;
      String confirmNewPwd       = null;
      try
        LDAPJAZNProvider ldapProvider = (LDAPJAZNProvider)JAZNConfig.getJAZNConfig().getJAZNProvider();
        host = ldapProvider.getJAZNConfig().getLocationURL().getHost();
        port = "" + ldapProvider.getJAZNConfig().getLocationURL().getPort();
      catch (ClassCastException e)
        //System.out.println(e);
        throw new Exception("Missing LDAP location");
      try
        userDN = request.getHeader("Osso-User-Dn");
      catch (NullPointerException e)
        //System.out.println(e);
        throw new Exception("Missing User DN.");
      SSOUsername   = request.getRemoteUser();
      oldPwd        = (String)request.getParameter("oldPwd");
      newPwd        = (String)request.getParameter("newPwd");
      confirmNewPwd = (String)request.getParameter("confirmNewPwd");
      request.setAttribute("Host", host);
      request.setAttribute("Port", port);
      request.setAttribute("UserDN", userDN);
      request.setAttribute("SSOUsername", SSOUsername);
      request.setAttribute("OldPwd", (String)ctx.getHttpServletRequest().getParameter("oldPwd"));
      request.setAttribute("NewPwd", (String)ctx.getHttpServletRequest().getParameter("newPwd"));
      request.setAttribute("ConfirmNewPwd", (String)ctx.getHttpServletRequest().getParameter("confirmNewPwd"));
      //System.out.println (userDN + "-" + SSOUsername);
    // To override a method of the lifecycle, go to
    // the main menu "Tools/Override Methods...".
  }Thanks in advance.

  Hi again,
  First of all, thanks for your reply.
  Yes, I know I can use JNDI instead of a call to a PL/SQL package (I visited this link: http://forum.java.sun.com/thread.jspa?threadID=592611&start=0 that explains how to do it), but in both cases I have the same problem: I don't know if it's possible to get the LDAP's environment specifications (PROVIDER_URL, SECURITY_PROTOCOL) dynamically.
  Our production environment's LDAP is not the same as our development environment's LDAP. This is why I want to get this information dynamically.
  I think that this information is stored in the jazn.xml file: Is there any way to get this information?
  Thanks a lot.

• How to get current SSO user in HTMLDB?

  I got SSO working for HTMLDB but I can not get the user name of the current user. I log in to Oracle Portal via SSO and navigate to a HTMLDB page. On the page I call portal.wwctx_api.get_user but I get a portal.wwctx_api.INVALID_COOKIE_EXCEPTION exception.
  If don’t log into Portal but go directly to the HTMLDB page I get a portal.wwctx_api.NO_SESSION_EXCEPTION.
  I have also tried using orasso.wwctx_api.get_user but I always get this exception orasso.wwctx_api.NO_SESSION_EXCEPTION. Anybody got an idea?
  If I put the portal.wwctx_api.get_user call I an procedure in the Portal schema it works fine.

  Thanks Dietmar. Yes this is cool behavior :-) Now I have the user how do I check in the OID if the user is member of a certain group? I was planning to use portal.wwsec_api.is_user_in_group but when this is not possible what then? dbms_ldap?
  I just found another post that suggested using wwv_flow_ldap.is_member. It't works fine:
  wwv_flow_ldap.is_member
  ( p_username => v('APP_USER'),
  p_pass => null,
  p_auth_base => 'cn=users,dc=wmdata,dc=dk',
  p_host => 'wmsi0q2071',
  p_port => 389,
  p_group => '101vis_global_sag',
  p_group_base => 'cn=users,dc=wmdata,dc=dk'
  Message was edited by:
  Peter Lorenzen

• WHAT IS THE MECHANISM FOR AUDITING PORTAL USER ACTIVITY

  Is there any default mechanism for auditing a portal users access to
  tables. At the DB level, we are seeing the portal_public user but we want to see the portal user instead; e.g. we need to report on activity such as: portal user johndoe deleted a row of data from a table.
  johndoe is only a portal user not a database user.
  We are trying to keep from writing additional custom code to auditing. We are
  using wwctx_api.get_user_id in other parts of the application and we would like
  to avoid writing a custom auditing module.

  William,
  I'm not sure if this is what you are looking for, but...
  When you create (or edit) a component in Portal 10g, there is a Log Activity check box. If you check this box, then go to Manage the component (in the Portal Navigator), there are Develop, Manage and Access tabs. The Manage tab has a Monitor icon, which has the information you may be looking for. This does not seem to be available directly for database tables. However, I created a Calendar, based on a database table I created to keep track of the Calendar Events. I also created a form to allow users to add Calendar Event entries. I turned logging on for both components. The Monitoring allows me to see when each user has accessed the Calendar, and who and when they insert, update or delete entries from the Calendar table.
  -Ricky Burke