Bidirectional OID-AD

Dear All,
We have some questions on concept and operations levels. we are in process of setting up
1. SSO + OID for Oracle apps 11.5.10.2.
2. integration of OID to AD (Bidirectional)
we are able to achive the 1 and need your help in setting up 2. The sync between AD to OID is working fine with ActiveImp.map. this imports all AD users to OID while doing bootstriping and sync. But we are unable to export user from OID to AD.
Can some one help us in identifying that
1. how to configure password policy plug-in
2. is it must to confiure OID SSL configuration set
3. is it must to create SSL wallet, DIp server for SSL
4. how to configure SSL module.
Any pointers to OID to AD configuration will be appreciated
Regards,
Rashid

Hi,
we need an assistance /pointers in
1. How to configure password policy plug-in
2. Create OID SSL configset
3. Create SSL wallet
4. Configure DIP server for SSL
5. Configure OID reversible password option
6. Configure SSL mode.
Pointers to document will be appreciated.
Regards,
Rashid

Similar Messages

SSO and iRecruitment

We recently registered our E-Business instance with 10g SSO and everything is working as expected except for iRecruitment. External users can access the iRecruitment home page without any problem. When they attempt to login I expect that they are directed to a local login page, but for some reason they are directed to the SSO login page... which makes no sense for an external user. Has anyone seen this or have any suggestions for resolving the issue? Thanks.
Frank Wright

Our SSO login page is internally accessible only. Apparently, SSO registration is all or nothing for the entire E-Business Suite. We are able to set APPS_SSO_TYPE (the profile option to enable or disable SSO) only at the site level. Looks like this is a relatively recent change, per Metalink note 402122.1:
"If you are on OA Framework 11.5.10 ATG CU 3 the Applications SSO Type
can only be set at site level and no lower. Prior to OA Framework
11.5.10 ATG CU 3, there was the ability to set the system profile
Applications SSO Type at a lower level."
Our SSO server authenticates against Oracle Internet Directory which is synchronizing and externally authenticating with Active Directory. EBS accounts are provisioned unidirectionally from OID. If, as I understand, SSO is all or none with all EBS applications, then I think we will have to:
1) Modify EBS provisioning to be bidirectional, OID->EBS and EBS->OID
2) Configure OID DIT to place reconciled EBS accounts in a container that will not be externally authenticated against AD
3) Put our SSO login server in the DMZ
If we do all these things then I think everything will work right. Is this correct, and/or is there any other way? It seems silly to me that external iRecruitment users should be forced to authenticate with our SSO server...
Thanks,
Frank Wright

EBS is creating users in OID, when it shouldn't. Wrong profiles?

I'm integrating EBS 12.1.6 with OAM 11g and OID11g. I've got Single Sign On working fine, but I noticed that when a user is created in EBS, it automatically gets created in OID too.
My users will be manually created in both OID and EBS through other processes so I really just need them to be linked. I registered the instance and oid with provisionType=4 (bidirectional sync no create).
I have these profile options set:
Applications SSO Auto Link User: Enabled
Applications SSO Login Types: Both
Application SSO LDAP Synchronization: Enabled
Applications SSO Enable OID Identity Add Event: Disabled
Link Applications user with OID user with same username: has no value
But I can't find documentation on what these various options do.
Anyone have any experience with this?
Thanks very much
Alex

I'm integrating EBS 12.1.6 with OAM 11g and OID11g. I've got Single Sign On working fine, but I noticed that when a user is created in EBS, it automatically gets created in OID too.12.1.6?
But I can't find documentation on what these various options do.Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On [ID 376811.1]
Using the Latest Oracle Internet Directory 11gR1 Patchset with Single Sign-on and Oracle E-Business Suite [ID 876539.1]
Troubleshooting Oracle Access Manager and Oracle E-Business Suite AccessGate [ID 1077460.1]
Which Attributes Get Propagated From EBS to OID When One Is Implementing SSO With Applications [ID 1267512.1]
Oracle Application Server 10g with Oracle E-Business Suite Release 12 Troubleshooting [ID 380487.1]
"Applications SSO Auto Link User" (APPS_SSO_AUTO_LINK_USER) Profile option doesn't work and still ask to manually link the user [ID 399117.1]
Thanks,
Hussein

Users not populated into OID from 11i

Hi,
I set up bidirectional integration between OID and 11i. No error and successfully.
The user be created in OID automaticlly populated into 11i.
But, somehow, the user created in 11i is NOT in OID. No any error in oid debug.
The profile 'Applications SSO Enable OID Identity Add Event" is enable.
Anything I have to set it up? how I can trace the event?
Thanks
Paul

2.11 Users created in E-Business Suite not propagated to OID
* Is E-Business Suite set to propagate users to OID?
How To Verify profiles APPS_SSO_IDENTITY and APPS_LDAP_SYNC
If Not See profiles related to Synchronization
* Do the relevant WorkFlow events get created?
How To 5.3.5 Listing Workflow events
If Not 2.19 WF events are not created
* Do the events still exist in WF_ENTITY_CHANGES?
How To WF Pending Events
* Is OIDSRV running?
How To 5.7 ODISRV
If Not See 5.8.1 Start ODISRV
* Does the provisioning profile AppsToOID exist?
How To Look for the cn=AppsToOID in 6.12 List Provisioning Profiles
If Not Proceed to 4.2 Cannot add/remove provisioning profile template 6.14 Reregister the Instance in OID
* Is the provisioning profile AppsToOID enabled?
How To Look for orclstatus and orclsubscriberdisable attributes at 6.12 List Provisioning Profiles
6.12 List Provisioning Profiles
If Not 6.13 Enable/Disable Provisioning Profiles
* Is the last status Event Propagation Successful for the AppsToOID provisioning profile?
How To Follow the steps in 6.12 List Provisioning Profiles.
Check orclodipprofileprocessingstatus, orclodipprofilelastprocessingtime, and orclodipprofilelastappliedappeventid (Apps->OID).
If Not Verify the error shown in the orclODIPProfileProcessingErrors attribute. Most errors are self-explanatory
ODIException: ODI Exception in Filter Processing: ODIException: GUID Not Found in Directory..Fatal Error.. Missing entry at OID, check the AppDN, RealDB and user orclguid.
DIP_DB_ERROR_CONN ODIException: DIP_DB_ERROR_CONN Error trying to connect to database, review that hostname, sid and port are valid. Validate that hostname is valid from the OracleAS 10g host
As of today, no reports have been filed with successful status and failed provisioning from Apps to OID. If this is the case, provide Oracle Support with:
* ODISRV logs generated with debug=2047, see 5.7 ODISRV
* Listener logs, database logs or OID logs (see extensive logs), depending on the exact error.
extensive logs), depending on the exact error.

Error While Provisioning User from OIM to OID

This is the Error I'm getting While Creating a user and provisioning.
DOBJ.THROWABLE_IN_SAVE
Unhandled throwable java.lang.NoClassDefFoundError in com.thortech.xl.dataobj.tcScheduleItem's save
This error happens when i try to provision the user with OID.
Regards,
sudhan

Could you please write down what you have given in ITResource?
May be you are giving some wrong value in IT Resource.
Have you made chnages to OID Prov Lookup. If no check this link :
Re: Problem with OID Connector
And give a try !

Help needed in OID bulkload

Hello experts,
We have OIM enabled with LDAP sync. We have a requirement to bulkload users in OID direclty. I am trying to follow the steps provided in the link http://docs.oracle.com/cd/E25054_01/oid.1111/e10029/bulktools.htm#BEIIFDAG
Could any one help by providing a sample value for the below ?
1. bulkload [connect=connect_string]
{[check="TRUE"|"FALSE" [file=ldif_file]] [generate="TRUE"|"FALSE"
[append="TRUE"|"FALSE"] [restore="TRUE"|"FALSE"] [thread=num_of_threads]
file=ldif_file] [load="TRUE"|"FALSE" [append="TRUE"|"FALSE"]
[threads=num_of_threads]] [index="TRUE"|"FALSE"] [missing="TRUE"|"FALSE"]
[recover="TRUE"|"FALSE"]} [encode=character_set] [debug="TRUE"|"FALSE"]
[verbose="TRUE"|"FALSE"]
Above is the syntax for using bulkload. Can anyone provide an example for the same with say mandatory option alone ?
2. The bulk load managment tool is said to take input data in LDIF or SQL*Loader format. Can anyone provide the sample of both that you guys used before ?
Thanks in advance.
Regards,
DK

Actually, with the -append="TRUE" option, you set the bulkload into append mode which enables the command to run without shutting down the OID instance.
(this is true for OID 11g)
I am however, interested in the answer about what to put into the -connect option as well, as it appears to be the underlying db that the bulkload script is connecting to....
the default command syntax shows up as -connect=orcl (as in the oracle db instance name????)

OID can not display some users - java.lang.ArrayIndexOutOfBoundsException:0

We have set up AD to OID synchronization for users and groups using Import connector, and it worked fine. The users in OID can log into applications protected by OAM. But recently I found that some users that could be displayed in OID before can not be displayed now. If I click on the DN in Oracle Directory Manager, a error window pops up. It is a long error message, and the first a few lines are as follows :
0
java.lang.ArrayIndexOutOfBoundsException:0
at oracle.ldap.admin.AttrOptions.<init>(entry.jave:3151)
at Oracle.ldap.admin.Entry.getProp(entry.java:457)
I don't see any error message in the integration profile or log files. I am testing things on an account that is having this trouble, and the strange thing is that it can not log into application protected by OAM any more, but it can log into OAM console.
We use OID 10.1.2.3 on Windows, and OAM 10.1.4.0.1.
I searched in Metalink but didn't find anything helpful. Any help is appreciated. Thanks for your time.
Hailie

Pramod,
Thank you for your reply. Please see below my answers to your questions:
-> Do you see any pattern in the users (DN) that are unable to be displayed/login?
Yes I do see some pattern. There is one change on the problem user's dn - the "\" after the last name is gone.
Before: cn=smith\, john, cn=users,dc=abc,dc=com
Now: cn=smith, john, cn=users,dc=abc,dc=com
However I check in Active directory "\" is presented. In OID if I right click on cn=smith, john and try to delete it, I got a error message "LDAP: error code 34 - Error in DN Normalization". Is that caused by the missing of "\"?
-> Does ldapsearch on these users (with all attributes) show something (special chars, etc)?
ldapsearch on cn=cn=smith, john,cn=users,dc=abc,dc=com returns no objects:
$ldapsearch -L -D "cn=orcladmin" -w "*****" -h host -p 389 -b "cn=smith, john,cn=users,dc=abc,dc=com" -s sub "objectclass=*"
ldap_search: No such object
ldap_search: matched: cn=Users, dc=abc,dc=com
Ldap search on cn=smith\, john,cn=users,dc=abc,dc=com:
$ldapsearch -L -D "cn=orcladmin" -w "*****" -h host -p 389 -b "cn=smith\, john,cn=users,dc=abc,dc=com" -s sub "objectclass=*"
dn: cn="smith, john",cn=users,dc=abc,dc=com
uid: [email protected]
employeenumber: 916963
cn: smith, john
registeredaddress: 512
krbprincipalname: [email protected]
orclsamaccountname: ABC.COM$JSmith
sn: johnsmith
displayname: John
orclobjectguid: lJO0N+8H4UW/30yHukSfsw==
orclobjectsid: AQUAAAAAAAUVAAAAohxTYWIV3XFeP55cYjwAAA==
orcluserprincipalname: [email protected]
objectclass: oblixorgperson
objectclass: inetorgperson
objectclass: orcluserv2
objectclass: person
objectclass: orcladuser
objectclass: organizationalPerson
objectclass: top
obver: 10.1.4.0
-> Do you see the same behavior when you use any generic LDAP browser (Ex: Apache Directory Studio) instead of ODM?
I don't have Apache Directory Studio installed yet. I will try that later.
-> Does the changelog for the particular synch (for the affected users) show something?
Here is what I found in ActiveChgImp.aud
(weeks ago)
97426524 : Success : MODIFY : cn=smith\, john,cn=users,dc=abc,dc=com
(Recently change - The back slach after smith was gone, and "" showed up)
97469970 : Success : MODIFY : cn="smith, john",cn=users,dc=abc,dc=com
-> If login to OAM is possible, can the user modify his/her profile, and does it save the changes? If it does, can you try logging in to apps?
This user can log into OAM identity system, but when I click on "My profile" under "User manager", I got a error message "You do not have sufficient access rights".
If I log into identity system as orcladmin, I was able to modify it and save the changes. But in OID the user is still not displayed. Same error message. When I tried to add it as administrator, I could search on it, add it, but when I press "done", it didn't show up on the admin list. The users that can be displayed in OID can be added to admin list without a problem.
Thanks,
Hailie

OIDSchemaException: Unable to provision user using OID Java API

Hello,
I'm new to OID and am writing java code for User provisioning in OID.
I went through the documents available and found that I have to have my Application Registered and Provisioning Configuration done for User Provisioning.
Hope I did that correctly using the Oracle Directory manager console. But still when I try to create a user as follows, I'm getting OIDSchemaException.
Configuration cfg = new Configuration ("us");
UserFactory factory = UserFactoryBuilder.createUserFactory(getLdapConnection().getConnection(), cfg);
ModPropertySet mpSet = new ModPropertySet();
mpSet.addProperty("cn", user.getFirstName());
mpSet.addProperty("sn", user.getLastName());
mpSet.addProperty("uid", user.getUserName());
mpSet.addProperty("userPassword", user.getUserPassword());
IdmUser idmUser = factory.createUser(mpSet);
The link provided for sample Code in http://docs.oracle.com/cd/B14099_19/idmanage.1012/b14087/orcl_ext.htm#sthref222
is broken. Can you please help me by providing a sample java application with code. I can go through the samples and check if I'm doing anything wrong.
Thank you,
Sivakumar Manicka
[email protected]

Hi Fred,
Thank you for your reply.
This is the exact error.
Does it means the xlsysadm password is wrong?
If so where would the be changed?
Response: AUTHENTICATION_ERROR
Response Description: Invalid / Incorrect Admin Password
Assigned to: System Administrator[XELSYSADM]
Thanks.

Unable to raise password expiry warning exception in OID using JAVA API

Hi,
We are maintaing the user information for our application in OID(9.2). During logon, it is required that a warning is given to the user according to the value set in "Password Expiration Warning" parameter.
A pl/sql program (using DBMS_LDAP/DBMS_LDAP_UTL packages) written to test password expiry raises the PWD_EXPIRE_WARN exception as expected. However we are unable to simulate the same using the JAVA APIs.
We did try some thing like the following:
public class SampleExpire {
public static void main(String argv[])
throws NamingException {
// Create InitialDirContext
InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx( "TCS-UUODC4",
"4032",
"cn=orcladmin",
"welc0me" );
System.out.println("Hello");
// Create User Objects
User myuser = null,
try {
// Create User using a subscriber DN and the User DN
myuser = new User ( ctx,
Util.IDTYPE_DN,
"uid=C100013, ou=People, o=UUSD",
Util.IDTYPE_DN,
"ou=People, o=UUSD",
false );
catch ( UtilException e ) {
* Exception encountered in User object constructor
System.out.println("User creation failed");
// Authenticate User
try {
myuser.authenticateUser(ctx,User.CREDTYPE_PASSWD,"Z100013");
catch ( UtilException e ) {
* Authenticate fails
System.out.println("Authentication failed");
} // End of SampleExpire.java
The authenticate user does not raise any exception.
Am I missing something ?
Regards -
Adhiraj

Hi,
did you manage to solve this problem? Please let me know

Problems with AS 10g and OID

Hello everyone,
we got problems with starting OC4J_bi_forms component in AS control.
database: 10g R2 (10.2.0.1)
forms and reports: 10g (10.1.2.0.2.)
designer: 10g (10.1.2.0.2.)
1. we tried to start component in AS control but we get this error:
The following components were not started:
OC4J : home - time out while waiting for a managed process to start
OC4J : OC4J_BI_Forms - time out while waiting for a managed process to start
OC4J : OC4J_Portal - time out while waiting for a managed process to start
For more information, look at the logs using the related link below.
Related Link Error Logs
2. then we check the error file that describes problems with OID:
Error displaying Log Files page. Failed to initialize configuration management user session.. The OracleAS Repository API threw an exception when obtaining the connect string to the Metadata Repository
Resolution:
Check the exception thrown by the Repository API for resolution information.
Some common causes of this problem are as follows:
OID is not running or unavailable
the ias.properties file is misconfigured with incorrect OID connection information
OID permissions are incorrectly defined
Base Exception:
oracle.ias.repository.schema.SchemaException
Unable to establish connection to the Oracle Internet Directory Server ldap://server_xy:389/. Base Exception : javax.naming.CommunicationException: server_xy:389 [Root exception is java.net.ConnectException: Connection refused: connect]. Unable to establish connection to the Oracle Internet Directory Server ldap://server_xy:389/. Base Exception : javax.naming.CommunicationException: server_xy:389 [Root exception is java.net.ConnectException: Connection refused: connect]
3. we check the status with opmnctl status, all components are down
4. then we tried to start components manually with opmnctl stopall/startall
but the problem isn't solved.
Any help?

hello Jacco,
thank you very much for your help, we are now able to start oc4j_bi_forms.
We follow your advice, at the end we had to change ODS password with oidpasswd to ias_admin password.
Now all components are started.
We now must solve only one problem:
All AS components are started, but when in Application Server Control we click link for
J2EE Applications we get this error:
An error was encountered while loading page. Failed to initialize configuration management user session.. The OracleAS Repository API threw an exception when obtaining the connect string to the Metadata Repository
Resolution:
Check the exception thrown by the Repository API for resolution information.
Some common causes of this problem are as follows:
OID is not running or unavailable
the ias.properties file is misconfigured with incorrect OID connection information
OID permissions are incorrectly defined
Base Exception:
oracle.ias.repository.schema.SchemaException
Unable to establish connection to the Oracle Internet Directory Server ldap://server_xy:389/. Base Exception : javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]. Unable to establish connection to the Oracle Internet Directory Server ldap://server_xy:389/. Base Exception : javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
Thanks for your help one more time.

OID SSO Logout issue from the partner application

As per the below link I am trying the logout functionality from the partner application,
http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14078/tpsso.htm#i1011555
The article talks about a logout url pattern, I am trying to execute the below from the partner application.
https://single_sign-on_host:single_sign-on_ssl_port/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=done_url
The issue I got is OID server is not redirecting to the p_done_url, it just stays in the same OID logout page, Do I have to create any configuration entry to get the redirection working?
Thanks

Hi All,
Providing more information,
What I get is the OID logout screen with two return buttons on top and bottom of the page.
If I found is when I click any of those it goes to the p_done_url but What I want is
instead of stopping in the OID logout page, auto redirection to the p_done_url,
Can this be done.
Thanks

SSO protected Forms application fails with an OID error.

Hello everyone,
I have a fresh install of Oracle Application Server 10.1.2 on RedHat Enterprise Linux 4. No patches were installed yet.
I've setup Forms to use the Single Sign-On server (SSO). Then created a user with a Resource Access Descriptor (RAD) in the Oracle Internet Directory (OID). I can successfully use the Forms application when I'm not using the SSO.
However, problems arise when I set the Forms application to use SSO. Once I get authenticated, the application.log files fills up with the following lines:
07/05/08 16:30:38 formsweb: In getUserId method: caught oracle.ldap.util.AccessDeniedException: General Error when performing search: getExtendedProperties [LDAP: error code 50 - Insufficient Access Rights]
07/05/08 16:30:38 formsweb: In doRequest method in ue.isNamingException
07/05/08 16:30:38 formsweb: Redirecting to DAS to update the resviewer list
07/05/08 16:30:38 formsweb: UserID is NULL redirecting to DAS
07/05/08 16:30:38 formsweb: Forms Group DN"cn=Logical Application Group, orclApplicationCommonName=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635, cn=forms, cn=Products, cn=OracleContext"
07/05/08 16:30:38 formsweb: The DAS URL generated: http://osielle.notarius.com:7777/oiddas/ui/oracle/ldap/das/mypage/AppCreateResourceInfo?resKey=testrtm&resType=oracleDB&resViewer=%22cn%3DLogical+Application+Group%2C+orclApplicationCommonName%3DformsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635%2C+cn%3Dforms%2C+cn%3DProducts%2C+cn%3DOracleContext%22&doneURL=http%3A%2F%2Fosielle.notarius.com%3A7778%2Fforms%2Ffrmservlet%3Fconfig%3Dtestrtm%26form%3Drtminit.fmx&cancelURL=http%3A%2F%2Fosielle.notarius.com
While $ORACLE_HOME/ldap/log I see some new log files created which also contain erros. Such a log file is oidldapd01s3739.log and contains these lines:
BEGIN
2007/05/08:14:37:13 * ServerWorker (REG):7 * ConnID:194 * OpId:5235 * OpName:modify
ERROR * gslsbzCheckDupAttrValinEntry : Normlztn failed for "cn=Logical Application Group, orclApplicationCommonName=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635, cn=forms, cn=Products, cn=OracleContext"
END
I've RTFM a lot about this but I still can't find a way to fix this. I've found some info in Metalink Note 360341.1 "In Getuserid Method: Caught Error When Logging Into Forms With SSO Enabled". Unfortunately, my formsweb.cfg file is already setup as the workaround that it proposes, so that doesn't help.
It seems like the attribute "orclresourceviewers" does not get created when the RAD is generated? One of you (Sandeep I believe) suggested that it may have to do with a lack of an OID Index and that I should use catalog.sh to fix this. I unfortunately don't know how to proceed.
I've also opened a TAR, but Oracle Support doesn't seem to understand what's going on.
Any ideas anyone?
Many thanks,
David

Hi everyone,
Alright, I solved the problem. It seems like the OID is very very very picky with the formsweb.cfg syntax. Especially with the quotes: don't use them!
For example, I had set the oid_formsid & formsid_group_dn values between double-quotes. Removing them fixed the error.
Here's an RCS output from the modifications.
[[email protected]] server {1008}$ rcsdiff formsweb.cfg
===================================================================
RCS file: RCS/formsweb.cfg,v
retrieving revision 1.10
diff -r1.10 formsweb.cfg
208c208
< oid_formsid="formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635"
oid_formsid=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635214,215c214
< # formsid_group_dn=%GROUP_DN%
< formsid_group_dn="cn=Logical Application Group, orclApplicationCommonName=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635, cn=Forms, cn=Products, cn=OracleContext"
formsid_group_dn=cn=Logical Application Group, orclApplicationCommonName=formsApp_osielle.notarius.com_47F26490FB4311DB8F3BBF0DDB09B635, cn=forms, cn=Products, cn=OracleContextHTH,
David

Deny application access to oid user

Hi
I'm developing an application that implements sso. The user that tries to access the application ( through any page ) is automatically redirected to the sso login page... so far, so good!
What I want to implement is the application access denial when an user, even existing in the OID, shouldn't access the application.
How can I accomplish such task using ADF UIX in JDeveloper 9.0.5.1. ?
Thanks in advanced
Vitor Cardoso

Thanks for reploy,
The way you have defined is better to avoide this issue,could you please tell me one thing,is there any request in application to disconnect all the user forcely on the spot who are connected and allow again to login in application only thoes user who have System Administator Responsibility,
--thanks

OID Realm Setup for Partner Application in another application server

This message was also posted under the Identity Management thread.
We currently have 10.1.2 SSO running and configured to accept a partner application from another app server (10.1.3). A sample application attempts to authenticate a user and then use JAZN to confirm whether the user is in the correct OID group. The user can authenticate successfully, which shows up in the SSO audit table, but the group check fails. I believe this is due to the realm not being visible to the other app server? How do I go about setting up the app server or application on the 10.1.3 platform to be able to check the 10.1.2 SSO server for the right OID group when the user authenticates? I have tried to set up the file-based permissions through the EM console, but seems to be only valid for the local setup. My thought was that the system-jazn-data.xml file would need to identify and point to the SSO server? When I troubleshoot that file, I see the correct realm entry and also the correct JAZN group and the OID GUID for the group. Any suggestions?
Thanks,
Leif

Hi Amit,
I am also facing the same issue. Could you please share the work around you around to get rid of this issue?
Mahendra.

HTMLDB as Partner Application to TWO OID instances - Authentication Schemes

For reasons I won't go into here, we have TWO Oracle OID/SSO instances running - independently.
I am interested in having HTMLDB / APEX applications capable of authenticate against either one. (one at a time, but on the same engine installation)
We have done the PARTNER APPLICATION registration which works well against one of the OID instances. Records have been entered into the WWSEC_ENABLER_CONFIG_INFO$ table and everything works as expected.
What option do I have to register the HTMLDB engine with a SECOND OID/SSO as a partner application and then allow the developers the ability to choose which authentication scheme applies?
What I have observed is that the package given (custom_auth_sso) has built in
g_partner_app_name varchar2(2000) := 'HTML_DB';
Is it possible to duplicate that type of functionality, or is there something deeper ingrained into the engine that I do not understand?
Regards,
Tim

Scott,
I am working under a model similar to your case number two.
Application 1 uses OID A
Application 2 uses OID B
I am going under the assumption that if there were two records in the config_info$ table, that I would need some type of ability to inform the WWV_FLOW_CUSTOM_AUTH_SSO package to switch between them.
I guess what I am missing is the mechanics. I am trying to avoid having to re-write the WWV_FLOW_CUSTOM_AUTH_SSO package by hand. Besides the package body being compiled, I do not know how that authentication scheme is called by HTMLDB/APEX. I have been using the Oracle Application Server Single Sign-On (HTML DB Engine as Partner App) scheme. This leaves most of the Authentication scheme pretty blank with the exception of the Session Not Valid URL ( populated with PORTAL_SSO-) and the logout URL. Magically it works though.
If I had TWO schemes registered in the config_info$, how would I indicate which scheme to use?
Do I have the capability of working with what has already been provided, or am I destined to writing a custom scheme because of the decision which needs to be made?
Many thanks
--Tim

Bidirectional OID-AD

Similar Messages

Maybe you are looking for