BC4J, Auditing, Partner Application and SSO

Similar Messages

• Partner application and web clipping.

  Hi All,
  I am trying to add an external application (say my.yahoo.com) to a webclipping and its throwing the below error in the application log.
  WC-517 : SSL handshake failed with the url ...
  I have checked the file ca-bundle.crt and the certificates are in place. Does anybody know how to go about debugging this problem as I am quite new to portals and at my wits end to solve it.
  Also I would be greatful if anybody can suggest me the steps on adding an Apex application configured as partner application with SSO authentication to a web clipping.There seems to be little or no-documentation at all in this regard(as far as my search goes).
  Thanks in advance
  -Venkat

  I finally got it working by VERY CAREFULLY reading the instructions in the install.txt document in the SSO SDK package. You have to set up the partner application with a new schema in the login server database, and run the regapp.sql script AFTER editing it to insert data from the Login Server Partner Application admin screen. After you register the partner app in Portal, it gives you some info (site token, listener token, encryption key, etc). You have to MANUALLY copy these and paste them into the regapp.sql script, then run the script in the partner app schema. Make sure you don't confuse capital I with numeral 1 (like I did, since Oracle so nicely uses a non-serif font where you can not tell the difference).
  Also make sure you copy the exact values for these parameters into your code when you use the SSOEnabler class. The listener token was very confusing since different documents appear to disagree on whether it should include the partner app name or not. It does require the partner app name:
  app-name:hostname:port
  hostname and port are for the web server that is handling http requests for the login server (usually your main portal web server).
  John H.

• Second htmldb as partner application in sso

  Hello ,
  I have 2 databases (say A and B) running each their own htmldb instance.
  I have 1 sso server where already 1 htmldb partner application is defined of DB A.
  Now i want to define the second instance of the htmldb on DB B also as partner application on my sso server.
  In the installation guide, i read the following for value of app_name when running regapp.sql
  'You must use HTML_DB as the app_name', but i already have one defined of DB A. Can I use another name or should i use the same name ? Or is it impossible to define 2 htmldb partner applications on 1 SSO.
  Grtz,
  Chris.

  When defining my app_name with the regapp.sql, i have used
  HTML_DB_TEST:servername:443 as listener_token.
  As i already have a HTML_DB:servername:443.
  I also used HTML_DB_TEST in the definition of the partner application.
  Now I'm getting : Expecting p_company or wwv_flow_company cookie to contain security group id of application owner. when trying to run my application.
  Could this be related, and if so, how can i define a second htmldb application as a partner application in sso ?
  Chris.

• Choosing between external and partner application and problem with login

  We have an application on Oracle App Server 10.1.3.3 and we have an OID server.
  I had taken this for granted that I should define the application as 'Partner Application' and not external application for single sign on.
  Now that we need the 'PASSWORD' retrieved by application, we are considering defining it as an external application.
  There are at least two problems I have encountered defining the application as external:
  1. 'pageConfig:serverDate' is among the login form's inputs in the login page, but I can't set it in orasso 'Edit External Applications' page
  2. After login using SSO as external application and when I click on the application's new link, the login page is shown with the username and password field filled, but I have to click on login button anyway (no automatic and invisible login).
  I will be very grateful if someone gives a general view on the differences between external and partner, whether in this case external has to be used or partner and finally give some comment on my specific problem with login button and manual login.
  Thank you

  Just some information :
  - The problem with LOGIN page exists. I don't have that problem with for example GMAIL when defined as external application, but with my applications in Oracle Application Server.
  - There is also another thing I don't understand. The link to external application is something like:
  javascript:open_jwindow('../ealogin?ID=76D4766','76');
  and couldn't be executed outside pls/orasso
  in other words we can't give that to our users, can we? They should login to orassso and see that?
  We don't want to involve them in Identity Management...
  Any help is appreciated....
  Regards

• Partner Application in SSO logout does'nt synchronize

  Hi All,
  I've setup two separate application on different workspace and different server as partner Application. I've follow the instruction from http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
  . And everything working fine, but the "logout" seen doesn't work correctly.
  Example: I'm login to Application "A" from single sign on homepage, after enter username and password, it direct me to Application "A". After that, i've click on Application "B" which also located on single sign on homepage and direct me to application "B" (that's correct). When I clicked on the "logout" link in Application "A" it work fine, but the other Application (B) doesn't log me out. I can do the normal work on Application "B" even the Application "A" already logout.

  Hi Scott,
  Thank you for your reply. I've read the two link above and I don't figure out how to resolve my problem yet. From the link: Logout URL for 9iAS SSO Partner App
  you said:
  Steve - Here's a logout URL that unsets the app's session cookie first, then goes to Single Sign-off, then back to a public page in the app:
  https://host:port/pls/DAD/wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:https://login.yourlogin.com/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=https://host:port/pls/DAD/f?p=&APP_ID.:PUBLIC_PAGECan set the authentication schema logout URL of application "A" something like: unsets app's session cookies first, then goes to Single Sing-off, then goes to Application "B" sign-off, and then back to a public page in the app. That way will be logout the Application "A", logout the Single Sign-On, and logout the Application "B" when i click on the "logout" link from Application "A". Am I correct?
  The other question is how can i get the SSO cookie. I've used the owa_cookie.get('cookie_name') function, but it doesn't work for SSO.
  Thanks,
  Kevin

• Register the partner application through SSO Administer Partner Application

  When should I use the "Administer Partner Applications" link on the SSO Server Administration page to register the application among the following cases?
  1. sign-on SDK integrated application
  2. mod_osso integrated application

  Were you able to resolve the issue???
  Can you pls try Rerunning ssodatan/x with the correct data. The ssodatan script is located in the directory ORACLE_HOME/portal30/admin/plsql/ssodatan.
  Refer following link for more info on SSODATAN , SSODATAX and DIAGNOSTICS scripts in Portal 3.0.x:
  http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=136138.1

• Partner Application and Login Server

  I have created a partner application using the samples provided in the ssosdk. In the SSOSignServlet I am checking a table to determine if the user returned from the login server has access to the partner application. If the user has access, I set the cookie and the user is redirected to the application. If the user does not have access, am not sure how to handle it. I can use response.sendRedirect(response.encodeUrl(m_cancelUrl), yet would rather display a message indicating that dont have access and are being redirected. If I try to output a message in the SSOSignOnServlet, I get into a loop. ANy ideas?

  I finally got it working by VERY CAREFULLY reading the instructions in the install.txt document in the SSO SDK package. You have to set up the partner application with a new schema in the login server database, and run the regapp.sql script AFTER editing it to insert data from the Login Server Partner Application admin screen. After you register the partner app in Portal, it gives you some info (site token, listener token, encryption key, etc). You have to MANUALLY copy these and paste them into the regapp.sql script, then run the script in the partner app schema. Make sure you don't confuse capital I with numeral 1 (like I did, since Oracle so nicely uses a non-serif font where you can not tell the difference).
  Also make sure you copy the exact values for these parameters into your code when you use the SSOEnabler class. The listener token was very confusing since different documents appear to disagree on whether it should include the partner app name or not. It does require the partner app name:
  app-name:hostname:port
  hostname and port are for the web server that is handling http requests for the login server (usually your main portal web server).
  John H.

• Registering a partner application with SSO SDK

  Good day
  Since 2 days, I am struggling for the issue of registering a Servlet application as a partner
  application using the SSO Login Server.
  As per the suggested note id 182701.1 in metalink , I implement the following steps :
  - Step A : Create the partner Application Schemas (Succesful & the name of the shemas is : ssopartner)
  - Step B : Load Packages for the partner application (Successful)
  - Step C : Obtain the registration information (Successful)
  - Step D : Run the regapp.sql (successful but they forgot to mention that I should load the
  SSOHash.class )
  - Step E : Compile and Run
  I deploy the application under 9iAS in order to test it.
  I add the ssosdk307.jar the the jserv.properties file.
  I invoke the SSOPartnerServlet java program by entering :
  http://name of the webserver/servlet/SSOPartnerServlet
  I got the message "redirecting to the login server" and I got the
  login page of the SSO Server.
  Once I submit the user/password , I got HTTP 400: Page cannot be
  displayed.
  I check the mod_jserv.log file and find out the following message :
  [08/04/2002 13:54:16:949] (ERROR) ajp12: Servlet Error: POST is not
  supported by this URL
  Could you please advise
  Your prompt feedback is highly appreciated
  regards

  I believe that this is not possible as the mod_osso realizes that the URL is below an URL that you want to protect.
  The only way I see that you can do this is the following modification in the mod_osso.conf:
  <Location /myApp/secure_partA>
  AuthType basic
  Require valid-user
  </Location>
  <Location /myApp/secure_partB>
  AuthType basic
  Require valid-user
  </Location>
  <Location /myApp/secure_partX>
  AuthType basic
  Require valid-user
  </Location>
  So your application /myApp/subApp will not be effected and people can just access this part. However you will have more administration in your mod_osso.conf
  cu
  Andreas

• Mod_osso partner application and webcache site to server mapping

  hi, need advice on the following.
  i have an app server container (only OC4J and no portal,forms etc) hostname abc.test.net installed with the option to registered to the sso server (http://mylogin.test.net), which is on a physically seperate machine.
  i have a java application deployed on a 10g app server container. the log in portion is handle by the login server using the mod_osso.conf file.
  thus when i type http://abc.test.net:7777/myapps, i will be prompted to login via the sso server.
  this is working fine.
  then i put a webcache to front this app server, so that users will use a sitename (http://myapps.abc.com) defined in the webcache (mapped to the app server) to access that application.
  so now when users type http://myapps.abc.com, they are still prompted the sso login screen. but after logging in, they are shown a red coloured bold text error message "ORASSO Failure-Unable to Process Request" page. this error page has the url of app server http://abc.test.net:7777/osso_login_successxxxx.
  if i manually replace the 'acb.test.net' to 'myapps.abc.com', my application will be displayed correctly, and i am logged in.
  how can i resolve this problem?
  question:
  1. do i need to re-register http://myapps.abc.com as a partner application?
  2. if so, do i perform the registration from the webcache, the app server or the login server itself?
  pls advice.
  thx.

  Follow the following notes:
  Note:250532.1 Configuring HTTP Server to Use SSL in Oracle Application Server 10g (9.0.4)
  ===> Note:250532.1 Configuring HTTP Server to Use SSL in Oracle Application Server 10g (9.0.4) <===

• SSO Partner Application and Session Time out

  Hi ,
  We have an application on forums.oracle.com which is implementing the Authentication scheme as SSO, that is working well, now we want to implement Session Time out if the user is idle for some time and ask him to login again after the session fails, I have tried to implement this feature as given by Scott in the thread session timeout , well the problem is since we dont have a login page here how do we set the cookies owa_cookie.send(
  name => 'HTMLDB_IDLE_SESSION',
  value => to_char(sysdate+(20/1440),'DD-MON-YYYY HH24:MI:SS'),
  expires => null,
  path => '/',
  domain => null
  and where is the current point to implement it.
  Any help on this is greatly welcome.
  Thanks in Advance.

  Naveen,
  I don't remember how the solution works. But if you don't have a login page you can usually put code in the post-authentication process of your authentication scheme to do whatever the login page process would have done.
  Scott

• Java web application and SSO in Portal

  I have successfuly deployed an EAR file(Servlet/JSP) to my OC4J. In my deployment descriptor, I have added security-constraints tag to implement authenticaion using LDAP. In the process of deploying, I have also specified the LDAP associated to my OC4J as my user manager. This in effect adds up a jazn auth method=sso in orion-application.xml after deployment.
  My application, when accessed independently as http://hostname:port/app/index.jsp, is working fine. Login page pops up when the user hasn't logged in yet and redirects to index.jsp when authenticated.
  however, when I added this exact link to oracle portal so that everytime a user logs into the portal, he/she will be automatically logged-in to my application, it turns out that it isn't recognizing the logged user and keeps flashing an page cannot be accessed error.
  Any idea what to do with this?

  have you tried a javascript forum?

• SSO for partner applications

  Hi All,
  I have installed 10g AS Release 2 on a system. I also have Application Express(formerly HTML DB) installed on the same system. I registered one of the HTML DB applications as partner applications and have put SSO authentication for it.
  When I try to login the AS looks at the OID installed on the system(which I gave during installation). I want it to look at the Oracle gmldap.oraclecorp.com server OID so that only Oracle employees login.
  Can anybody tell me how to change the OID and what are the entries to be give to configure it to gmldap.oraclecorp.com server??
  Thanks,
  Swaroop

  See Task 3 in the Section 9.4 of the Oracle Application Server Administrator's Guide:
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/chginfra.htm#i1014978
  See the following for information about what to specify on each page.
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/reconfig.htm#i1013341

• SSO userid for a partner application

  Hi,
  We have one application deployed on WebLogic Application Server this is registred as Partner application over SSO server.
  On application side we have installed Oracle HTTP Server as webserver and configured mod_osso.
  Now when user attempt to access any secured page SSO askes for the authentication. And on successful login user landed back to application page configured while creating Partner application.
  After login we need userid of user who logged in on sso server. I have tried following and getting null.
  Remote User: <%=request.getRemoteUser() %>,
       Proxy-Remote-User: <%=request.getHeader("Proxy-Remote-User") %>
       Osso-User-Dn: <%=request.getHeader("Osso-User-Dn") %>
       Osso-User-Guid: <%=request.getHeader("Osso-User-Guid") %>
       Osso-Subscriber: <%=request.getHeader("Osso-Subscriber") %>
       Osso-Subscriber-Dn: <%=request.getHeader("Osso-Subscriber-Dn") %>
       Osso-Subscriber-Guid: <%=request.getHeader("Osso-Subscriber-Guid") %>
       Accept-Language: <%=request.getHeader("Accept-Language") %>
  output:
  Remote User: null,
  Proxy-Remote-User: null
  Osso-User-Dn: null
  Osso-User-Guid: null
  Osso-Subscriber: null
  Osso-Subscriber-Dn: null
  Osso-Subscriber-Guid: null
  Accept-Language: en-us,en;q=0.5
  Is any one there knows, what exactly i should do?
  Thanks & Regards,
  Kevin Chheda

  So the user has successfully authenticated and can access protected areas of the application?
  Have you tried using Http headers to see values/attribute names?
  Can you try this:
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
  <html>
  <body>
  <%@ page import = "java.util.*" %>
  <h1>Headers received:</h1>
  Remote user header is: <% out.println(request.getRemoteUser()); %>
  <p>
  <table>
  <%
  Enumeration headerNames = request.getHeaderNames();
  while(headerNames.hasMoreElements()) {
  String headerName = (String)headerNames.nextElement();
  out.println("<tr><td>" + headerName);
  out.println(" <td>" + request.getHeader(headerName));
  %>
  </table>
  </body></html>

• Partner application configuration is missing error on SSO login page

  We have APEX 3.1.2 setup as a partner application and an application within APEX setup to use SSO for authentication. Following a link to the APEX application redirects to the Single Sign-On page, as it should, but it also shows "Error: The partner application configuration is missing or expired." I type in my password and username, click the Login button, and (if I entered my username and password correctly, of course!) then the APEX application is shown. So, I cannot figure out why we're getting the no_papp_err error and I have not found any solutions to that issue on Metalink or anywhere else on the Internet. Any ideas? I'm concerned that we have a misconfiguration somewhere that is causing this error and will affect any other partner application we setup in the future.
  We're on Oracle Portal 10.1.4, SSO 10.1.2, and SSL is setup on both infra and mid tiers.

  Did you try checking the partner application entries on the SSO-login server page?
  please login as orcladmin or some other user with membership in, i beleive, iasadmins group. verify that for this partner application, what you see here corresponds to the application URL. it looks like your login page call may have issues. so check for login url too.
  also check the ORASSO.WWSSO_LS_CONFIGURATION_INFO$ for entries corresponding to Apex application.

• Error: Partner application configuration is missing ... on SSO login page

  We have APEX 3.1.2 setup as a partner application and an application within APEX setup to use SSO for authentication. Going to the APEX application redirects to the Single Sign-On page, as it should, but it also shows "Error: The partner application configuration is missing or expired." I type in my password and username, click the Login button, and (if I entered my username and password correctly), it redirects me to the APEX application just like it should. So, I cannot figure out why we're getting the no_papp_err error and I have not found any solutions to that issue on metalink or anywhere else on the Internet. Any ideas?
  We're on Oracle Portal 10.1.4, SSO 10.1.2, and SSL is setup for both.
  +Closing this topic and opening it in [Oracle Application Server - General|http://forums.oracle.com/forums/thread.jspa?threadID=832022&tstart=0|New Topic]+
  Edited by: oportalist on Nov 28, 2008 10:24 AM

  Did you try checking the partner application entries on the SSO-login server page?
  please login as orcladmin or some other user with membership in, i beleive, iasadmins group. verify that for this partner application, what you see here corresponds to the application URL. it looks like your login page call may have issues. so check for login url too.
  also check the ORASSO.WWSSO_LS_CONFIGURATION_INFO$ for entries corresponding to Apex application.