Authentication mechanism in Oracle Portal

Similar Messages

• Extend the SSO Oracle Portal Authentication Mechanism

  Hi All,
  I need to put some logic just before the Oracle Portal user is authenticated to SSO.
  Specifically I need to collect some information about the user from a database just before the SSOLoginServlet is called with all the parameters it needs. (username, password, sitetoken etc...)
  Is there a class i can extend, an API I can use.... whatever
  In fact I need to extend and put some more logic to the login mechanism of SSO.
  Is there a way to do that?
  If there are many what is the best method?
  Thanks

  I'm not an expert, but I think this might be fairly easy to implement. If you look at Chapter 12 of the SSO Admin Guide (http://download-east.oracle.com/docs/cd/B28196_01/idmanage.1014/b15988/custom.htm), it tells you what parameters and what url to call for the login process to complete. Therefore, you should be able to submit your custom login page to another servlet for your pre-processing, and then forward on to the sso logon servlet.

• Custom DB authentication to an application from Oracle Portal not working.

  Hi All,
  We have a Portal customized and integrated to LDAP for SSO.
  From the portal, we have a link that takes to another custom application that requires another level of authentication. We have implemented this authentication as custom Database based authentication.
  When user login to the portal and access this link, he will be directed for authentication again. This custom application has been installed on a different OC4J instance while Oracle Portal is running in a different OC4J instance.
  Issue is though user details are being propagated to the custom application page, we are receiving an error saying authentication failed.
  In the OC4J instance specific for this custom application, we have configured jazn.xml to use custom authentication.
  Below is the code:
  <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
  <!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
  <jazn provider="XML" location="./jazn-data.xml" default-realm="jazn.com">
  <property name="role.mapping.dynamic" value="true"/>
  <property name="custom.loginmodule.provider" value="true"/>
  </jazn>
  and in jazn-data.xml, we gave the role mapping.
  But the problem is when the link to the custom application is accessed, it seems like the custom autentication mechanism is not working.
  Can anyone throw light on this?
  Do we need to give the same configuration in the j2ee/home/config directory files also?
  Can we use both LDAP and custom DB authentication with in the same OAS setup. Remember as of now, Portal and custom application are running in different OC4J instances but within the same OAS.
  Any help in this regard will be highely appreciated.
  Thanks,
  Sasi Bhushan

  Hi All,
  We have a Portal customized and integrated to LDAP for SSO.
  From the portal, we have a link that takes to another custom application that requires another level of authentication. We have implemented this authentication as custom Database based authentication.
  When user login to the portal and access this link, he will be directed for authentication again. This custom application has been installed on a different OC4J instance while Oracle Portal is running in a different OC4J instance.
  Issue is though user details are being propagated to the custom application page, we are receiving an error saying authentication failed.
  In the OC4J instance specific for this custom application, we have configured jazn.xml to use custom authentication.
  Below is the code:
  <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
  <!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
  <jazn provider="XML" location="./jazn-data.xml" default-realm="jazn.com">
  <property name="role.mapping.dynamic" value="true"/>
  <property name="custom.loginmodule.provider" value="true"/>
  </jazn>
  and in jazn-data.xml, we gave the role mapping.
  But the problem is when the link to the custom application is accessed, it seems like the custom autentication mechanism is not working.
  Can anyone throw light on this?
  Do we need to give the same configuration in the j2ee/home/config directory files also?
  Can we use both LDAP and custom DB authentication with in the same OAS setup. Remember as of now, Portal and custom application are running in different OC4J instances but within the same OAS.
  Any help in this regard will be highely appreciated.
  Thanks,
  Sasi Bhushan

• Oracle Portal for LDAP Authentication using Iplanet directory server

  I have oracle portal on solaries machine and Iplanet directory server 5.1 on windows NT,
  Can i user portal user authentication Iplanet LDAP.
  Regards
  srinivas

  Yes You can. You have to provide the necessary info while running the ssoldap.sql.
  Vinodh R.

• Oracle Portal for LDAP Authentication(Iplanet)

  Oracle portal installed on Solaries machine and LDAP (iplanet) installed on windows NT machine.I am able to take ldif file from portal30 user and add to ldap.( under o=oracle tree)
  Completed all step mentioned in document conf_ldap.pdf as follows
  1. created library pointing to ssoxldap.so in portal30_sso schema
  2. made change to listner.ora and tnsnames.ora file and able tnsping also.
  - tnsping extproc_connection_data
  3. ssoldap.sql also ran in portal30_sso schema with all LDAP information.
  (like ----
  Host: challasv
  Port: 389
  Search Base: cn=Login Server (portal30_sso),o=oracle
  Unique Attribute: cn
  Bind DN: cn=Portal Login
  Bind Password: portal30
  If I am try to login through browser in say Unexpected errors (WWC-41400). Is I am doing any thing wrong.
  Also i am albe run ldapsearch from another machines working fine.user following command
  - ldapsearch -b "cn=Login Server (portal30_sso),o=oracle" -h challasv -p 389 -D "cn=Poral Login" -w portal30 cn=portal30
  my questions is Iplanet(LDAP) can integrate with Portal or any steps missed.
  Please help in this regard,
  Challa

  You may want to use ssoxoid.pkb package that comes with Portal/Login Server 3.0.9 which simplifies the configuration.
  Also, you will not have to run the external procdure listener. Please refer to the Login Server Admin. guide for more details.
  NOTE:
  the 3.0.9.8.0 version of ssoxoid.pkb is not good. You need to download 3.0.9.8.2 patch and get the ssoxoid.pkb file from there.
  Also, you may want to turn on debug for SSO Server to see debug msg.
  DEBUG
  ========
  You need to loginto the Login Server schema and run following commands to see debug msg.
  sqlplus portal30_sso/password
  TO TURN ON DEBUG
  1. Create debug proceure
  CREATE OR replace PROCEDURE debug_print (str VARCHAR2) AS
  PRAGMA autonomous_transaction;
  BEGIN
  INSERT INTO wwsso_log$ VALUES
  (wwsso_log_pk_seq.nextval,
  substr(str, 1, 1000),
  sysdate,
  dbms_session.unique_session_id
  commit;
  END debug_print;
  show errors;
  TO SEE THE DEBUG LOG
  2. Try to login using portal login link
  and see the error msg from the log table
  select msg from wwsso_log$ order by id;
  TO STOP THE DEBUG LOG
  3. Delete the log
  delete from wwsso_log$ ;
  commit;
  4. Turn off debugging
  CREATE OR replace PROCEDURE debug_print (str VARCHAR2)
  AS
  BEGIN
  null;
  END debug_print;
  show errors;

• How to integrate Oracle Portal running on Oracle Application Server 10.1.2

  I have an Oracle Portal running on a Oracle Application Server 10.1.2.
  Portal is responsible ( along with OID ) for the users authentication and authorization.
  There is a new JEE application that was developed recently, which the Portal users must have access to.
  HOW can I put a link into a page of the Portal, that redirects the portal user to a new browser window displaying my new application?
  HOW can this new application, running in a separate weblogic 11g (10.3.5) server, automatically authenticate with the same username/password previously authenticated when the user logged into the portal?
  Any ideas?
  I´ve already thought in a bunch of ways to do it:
  - put a link into the portal with a sessionId, then when opening the new app, it automatically tries to use the same session. How can I configure this session id during the creation of the portal's page? How can I use it from the new app to use the same session?
  - put a link into the portal with a userid, then when opening the new app, it automatically tries to authenticate using a different authentication provider configurated in WL, which points to Portal´s OID. In this situation, how can I ensure that the user is already logged in and the session has not timed out?
  - Should I use OSSO?
  - Should I use OAM?
  Any help would be appreciated!
  Murilo

  Hi Murilo,
  A portletized version of your J2EE app would probably have been ideal for your purpose as it would handle both authentication (through SSO) and session information (through Portal framework as the framework can pass session information to the provider/producer). This would require changes to the application however.
  Easiest approach would be to use mod_osso to protect your J2EE application. SSO would then handle the authentication for your Portal and your J2EE application.
  Thanks,
  EJ

• ADF Application and Oracle Portal Login Page

  We have developed ADF application and deployed it in Oracle AS 10.1.2 along with the custom JAAS module, which is working fine with the application custom login page. As a next page, I want to use Oracle Portal login page for the authentication and authorization.
  How can I accomplished it? Any idea?
  Thanks,
  AP

  Shay,
  1. I created blank ADF project
  2. I copied myreport.jsp file (this one was generated by Oracle Report Builder) under ..ViewController/public_html directory
  3. Created directory 'lib' under ViewController/public_html/WEB-INF/lib
  4. Copied reports_tld.jar file under the directory created in 3.
  5. Created simple jspx page with the af:link (btw af:goLink does not exists in JDev 12c), set 'destination' to myreport.jsp
  After the steps above I could not even compile the application, many problems too many to list here, Basically JDev is trying to build the project with .jsp file generated in Report Builder and is unable to.
  So to be sure we are on the same page: I am trying to embed JSP report files generated by Report Builder into ADF project, then create EAR file and deploy on standalone WLS. Finally execute JSP web only report.

• Oracle Portal 11.1.1.6 with OAM 11.1.1.5

  Hi All,
  I have the following customer requirement.
  Oracle Portal 11.1.1.6 which is deployed on WebLogic Server 10.3.6
  Oracle Access Manager 11.1.1.5.0
  Oracle Internet Directory 11.1.1.6.0
  The customer wants to have Single Sign On for the Oracle Portal Application. This is my understanding about the Architecture.
  Oracle HTTP Server (with WebLogic Proxy Plug-in) talks to Oracle Portal
  Oracle HTTP Server (the same above with WebGate) talks to Oracle Access Manager
  Oracle HTTP Server has Oracle Web Cache
  Oracle Access Manager talks to OID
  Oracle Portal talks to OID with OID Authenticator
  When I went through the Oracle Portal documents, they give steps for Oracle Portal which is deployed on Oracle Application Server but not with WebLogic.
  My questions
  1) Do I need to configure OID Authenticator at myrealm of WebLogic Domain (which hosts Oracle Portal) to connect to OID?
  2) Is there anything more I need to do to integrate Oracle Portal with OID (Meaning running pl/sql scripts or any)?
  3) Kindly advice me about the flow of Oracle HTTP Server, Oracle Web Cache, Oracle Web Gate to OAS and Oracle Portal?
  Thank you
  Regards,
  Somerset

  user8901406 wrote:
  Hi Somerset,
  I am going through the similar problems as you are so was able to find some high level answers (although still have problems implementing.)
  As for the questions:
  1.
  Yes, you can check the details here:
  http://docs.oracle.com/cd/E17904_01/webcenter.1111/e12405/wcadm_security_sso.htm#WCADM8176
  Chapter 30.2.4.1 Configuring the Oracle Internet Directory Authenticator, item 9)
  2.
  This is in no way a complete list, as it is still not working for me, but some of it:
  OAM:You need to set up host identifier, resources(urls) to protect, define schemas and policies
  OHS: Need to set portal name in mod_wl_ohs.CONF
  Domain-level jps-config.xml: Needs to be set as per
  http://docs.oracle.com/cd/E15586_01/doc.1111/e15478/opssadf.htm, appendix c,
  Example C-1 Sample SSO Configuration for OAM 11g
  3.
  This graphic explains it I believe:
  Same doc as above, at the beginning.
  Figure 30-1 OAM Single Sign-On Components and Topology
  You can also check the thread I have started describing my setup/issue:
  OHS/OAM/Portal SSO integration -  mod_wl_ohs.conf problem
  Hope this helps!
  ZoranZoran,
  What you are tryiing to accomplish is the different than what Somerset's. Yours is the Oracle webcenter portal vs. Somerset's is the Oracle Portal.
  For The road map of Oracle Portal integrating with Oracle Access Manager there is no other way than what I explained. ;)

• Unable to set session in Oracle Portal useing reverse proxy

  I have deployed a reverse proxy (using Oracle HTTP Server) in front of a Oracle Portal Install (version 10.1.2.0.2). The steps followed to set this up came from the following documents:
  Steps mentioned in Section 9.2 Configuring a Reverse Proxy for OracleAS Portal and OracleAS Single Sign-On for a reverse proxy on a Oracle HTTP Server.
  http://download-west.oracle.com/docs/cd/B14099_15/core.1012/b13998/variants.htm#ASTED005
  Also performed steps mentioned in -> Section 5.3.7 - Step 7: Enable Session Binding on OracleAS Web Cache of the Oracle® Application Server Portal Configuration Guide 10g Release 2 (10.1.2) -- B14037-03.
  My current (example names shown only)setup details are as follows:
  Reverse Proxy for SSO server (running on internal.oracle.com:7777): proxy.oracle.com:7777
  Reverse Proxy for Portal server (running on internal.oracle.com:7778): proxy.oracle.com:7778
  With the above steps completed, I can successfully use the http://proxy.oracle.com:7777/pls/orasso for login into SSO without any issues.
  Users get authenticated successfully.
  I can also use http://proxy.oracle.com:7778/pls/portal for viewing pages on the portal fine . All self referencing links have also been successfully modified to point to proxy.oracle.com:7778.
  However, an attempt to login in the portal is not successful. Clicking on the 'Login' link successfully redirects to the SSO login page (http://proxy.oracle.com:7777/<login-page>). However, after successful authentication, the success page fails to show up and the user gets shown the initial login portal home page again.
  There are no error messages shown on the screen.But it seems that user session is failing to be initiated/set correctly, as shown by the log file (in $PORTAL_ORACLE_HOME/j2ee/OC4J_Portal/application-deployments/portal/OC4J_Portal_default_island_1/application.log ):
  06/11/21 16:49:31 portal: [module=RepositoryServlet, ecid=83928411196,1] Repository Gateway: LWUser: PUBLIC, Cookie: oracle.uix=0^^GMT+10:00;
  portal=9.0.3+en-au+us+AUSTRALIA+22BC75924EEAD8A2E040007F010019F7+8DAC5E3559C95F5E0090A6F56FFA58192CB0F437CA57A9102A6394F1EB7FAB5DEE3BFA12C65
  91C0C009B6......
  06/11/21 16:49:31 portal: [module=RepositoryServlet, ecid=83928411196,1] ERROR: Repository Gateway error: Database Error: ORA=20001 ORA-20001:
  Unable to obtain session information from the cookie. Please close your browser and reconnect.
  ORA-06512: at "PORTAL.WPG_SESSION", line 149
  ORA-06512: at line 22
  Any help with this will be appreciated.
  Thanks.

  Hi Chris,
  The begin of the expection stack gives you the reason:
  06/11/03 09:13:59 java.sql.SQLException: The method 'setSavepoint' cant be called when a global transaction is active
  The reason is, that either the whole global transaction must be commited or rollbacked.
  I don't know your actual configuration, but between the methods begin() and commit()/rollback() of the UserTransaction instance, OC4J/OracleAS uses a global transaction (= XA transaction) in your configuration. The state of a global transactions is completely under the control of the application server and several restrictions must be considered. One of them is, that you can't use the method setSavePoint/. E.g. you can't also call the method setAutoCommit(true) in this state, or change the transaction isolation level via setTransactionIsolation(newLevel).
  This is NOT a limitation of the OC4J/OracleAS but is true for ALL application servers.
  P.S. I can successfully set savepoints and rollback to savepoints in weblogic 9.0This means, that WebLogic 9.0 doesn't use a global transaction in this case.
  Because I don't know your configurations (Oracle and WebLogic) I can't say, why the behave different in this situation.
  Best,
  Manfred

• Web clipping proxy error oracle.portal.wcs.transport.http.HttpTransportException WCS-519

  When I am trying to change the url it is coming following error .
  An exception has occurred : oracle.portal.wcs.transport.http.HttpTransportException WCS-519 -- HTTP Proxy Authentication failed for  int.domain.co.in:8080 with authentication of type "Basic" at realm "realm1". Update your proxy login information in the Edit Defaults / Personalize page to
  authenticate.
  Can anybody please help me regarding this issue it is very urgent.so please

  I have a similar setup on Linux boxes (MT and Infra) and having the same problem. I can add external application, also able to register Web clipping provider successfully using the external application ID.
  But when I try to clip the external application. It shows me on the page "User authentication failed. Please use the following link to update the information."
  And, The application.log shows in addition to WCS-514 error code 404
  Raising SOAP fault code: AuthenticationFailure
  I get provider Test page without any error. http://xyz.abc.com:7778/portalTools/webClipping/providers/webClipping
  Your help is highly appreciated.
  Thanks,
  -Dhiren Desai
  [email protected]

• ADF with Oracle Portal 11g

  One of our customer has Oracle Portal 11g. We want to create a portlet using ADF taskflow and consume it in Oracle Portal 11g. Is it possible?
  I know how to create ADF task-flow and how to expose it as a portlet. But I don't know how to access them in Oracle Portal 11g.
  Also they want portlet to be secured and should work with SSO (OAM) configured. Is it also possible? If yes, can you please let me know what changes I need to make in my ADF application.
  Thanks
  Sanjeev.

  Hi,
  its not a published example. The way it works is that you create a entry for OID in the jps-config.xml file (note that the three entries below need to get into the right place in the jps-config.xml file - which is not hard to spot)
  <serviceProvider class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider" name="idstore.ldap.provider" type="IDENTITY_STORE">
           <description>LDAP-based ID Store Provider</description>
        </serviceProvider>
  <serviceInstance provider="idstore.ldap.provider" name="idstore.oid">
           <property value="OID" name="idstore.type"/>
           <property value="cn=orcladmin:pword" name="cleartext.ldap.credentials"/>
           <property value="ldap://localhost:389" name="ldap.url"/>
           <property value="cn" name="username.attr"/>
           <property value="cn" name="groupname.attr"/>
           <extendedProperty>
              <name>user.search.bases</name>
              <values>
                 <value>cn=users,dc=us,dc=oracle,dc=com</value>
              </values>
           </extendedProperty>
           <extendedProperty>
              <name>group.search.bases</name>
              <values>
                 <value>cn=Groups,dc=us,dc=oracle,dc=com</value>
              </values>
           </extendedProperty>
  <jpsContext name="CaOIDAuthentication">
           <serviceInstanceRef ref="idstore.oid"/>
           <serviceInstanceRef ref="credstore"/>
           <serviceInstanceRef ref="idstore.loginmodule"/>
        </jpsContext>Note that this is an example for deployment to stand aone OC4J. The application name is "CaOIDAuthentication" thus the name for the context.
  Once you did that and deployed the application, the authentication is against OID. Note however, that I tested this with a later internal build, not with TP3
  Frank

• Integrating Web Services Manager with Oracle Portal and SSO

  Hi,
  I wanted to throw this out there and make sure I was on the right track and also if somebody can point me to some resources online that might help. Basically, we have OWSM acting as a Gateway securing some web services. Oracle Portal is integrated w/ Oracle SSO (as well as using OID). What is the best way to pass the credentials to the OWSM from the Portal for authentication purposes? I believe using SAML voucher token is the way to go, but I'm not positive. Has anybody done this before and if so, what methodology did you use? I'm assuming since using SSO, we don't necessary want to also pass in the password.
  Thanks,
  Nathan

  I have noticed that nobody has same kind of situation and this is not intresting question. Still we have same problem and I have heard many oracle employee saing that this behaviour is wanted situation. In our kind of virtual host enviroment it would be nice to choose behaviour of Single-sign-on server and I request oracle support to find out ways to enable this option... I would be pleased if some oracle development would say opinion about this mater. Waiting for ideas.

• Oracle Portal,Forms,Reports and Discoverer 11G

  Good evening
  I installed the following products
  * Oracle Database(to the 1st computer)
  * Repository Creation Utility
  * WebLogic Server(to the 2nd computer)
  * Oracle Portal,Forms,Reports and Discoverer 11G(to the 2nd computer) – during installation I chose forms and reports
  Identity Management and SSO are not installed, why they are used for?
  While connecting to the base with the help of Visard I open Oracle Forms Builder by and create a primitive form. Everything is good. All are shown. I press Run Form which is written as Oracle Forms in browser and suggests keeping a clear file. Particularly in applied file!
  Print screen of my monitor yo can see: http://www.sql.ru/forum/actualthread.aspx?tid=678852
  Thanks for attention.

  Identity Management and SSO are not installed, why they are used for?IDM and SSO is used for user authentication.
  You can search for details about that.
  >
  While connecting to the base with the help of Visard I open Oracle Forms Builder by and create a primitive form. Everything is good. All are shown. I press Run Form which is written as Oracle Forms in browser and suggests keeping a clear file. Particularly in applied file!
  Print screen of my monitor yo can see: http://www.sql.ru/forum/actualthread.aspx?tid=678852
  Thanks for attention.the port which you have mentioned is it WLS_FORMS_PORT or any other.
  Try running default Forms port WLS_FORMS_PORT that will be 9001
  or check for the WLS_FORMS_PORT in the portlist.ini file.
  Also are you getting any exception in the Java console.?

• Oracle portal forms, links, reports relation table

  I have an oracle portal form.this is has been used by portal Link and this link has been used in portal report.
  Present I know only portal Form name but no idea about which link uses and which report uses this link..
  Is there any way I can find out the portal links and reports names based on form name which I know..Please help me with this..
  I am under impression that, there may be some portal system table/view which will have dependcies of all the forms ,links and reports information...
  Please let me know system table name.I couldn't search in metalink since I don't have access
  Thx
  Lakshmi.V

  Identity Management and SSO are not installed, why they are used for?IDM and SSO is used for user authentication.
  You can search for details about that.
  >
  While connecting to the base with the help of Visard I open Oracle Forms Builder by and create a primitive form. Everything is good. All are shown. I press Run Form which is written as Oracle Forms in browser and suggests keeping a clear file. Particularly in applied file!
  Print screen of my monitor yo can see: http://www.sql.ru/forum/actualthread.aspx?tid=678852
  Thanks for attention.the port which you have mentioned is it WLS_FORMS_PORT or any other.
  Try running default Forms port WLS_FORMS_PORT that will be 9001
  or check for the WLS_FORMS_PORT in the portlist.ini file.
  Also are you getting any exception in the Java console.?

• Can Oracle Portal be an OpenID RP?

  Is it possible to configure Oracle portal to be a Relying Party to an OpenID authentication server?
  Are there any directions for this?

  There are many ways to do this.. Have you tried checking the Portal Developer's Kit and other resources below:
  [list]
  [*]Portal PDK Online - January 2001 Edition. Check in the PDK for links about web portlets, url portlets portlets implemented via dynamic services, and more.. The Portal PDK itself may be downloaded from here.
  [*]How to build a URL Portlet
  [*]The Oracle Portal Studio - Test drive the web portlets that you write here..
  [list]