BSP to IIS with SSO

Hi,
Is it possible to go from a BSP to a IIS with SSO? Can I use ISAPI for it or are there better solutions? And is there some documentation about it?
KR
Steven

Steven,
Check note 442401 and thread /thread/11711 [original link is broken]
for this.
Eddy

Similar Messages

SSO to BSP using NTLM with application parameters

Hi all,
As part of the CRM activity, the customer's system sends out an email to a user with a link pointing to a bsp. Part of the url is the call id which the bsp needs to display.
The customer does not wish for the users to input user/pass when accessing the bsp.
According to documentation, NetWeaver supports only SAP logon tickets and X.509 SSO methods(http://help.sap.com/saphelp_nw04/helpdata/en/02/
d4d53aa8a9324de10000000a114084/content.htm).
Found this thread that suggest a workaround:
BSP without logon?
Seems like it should work, but ITS forwards to a static URL.
Any ideas on how I can make sure that after the whole sso process is complete, the bsp will still remember which call-id it needs to display?
Regards,
Eric

The goal is to have the changes made inside the bsp recorded to the logged in user. So one user for all is not applicable.
After fiddlig around with the forwarding settings and the ITS, I managed to get this thing working. Almost.
When I access the BSP url, it gets forwarded to and from the ITS and I get a SSO2 ticket. However, when it comes back from the ITS I get a http 404 error page. If I refresh that page, the BSP loads fine, with the transferred parameters and the correct user.
Can't get my head around why it gives me a 404.
Eric
Message was edited by: Eric Labiner

How to protect an application running on IIS with OAM 11gR2

Hello Gurus,
I have a question regarding protecting an application running on IIS with OAM 11gR2. We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page. These is all solaris. I am protecting other applications like pplsoft moduels with this OHS instance and OAM server. There is another application that I need to protect which is itself running on IIS windows machine. I need guidance as to -
1.) Do I need to install a windows version of webgate to protect this IIS based application?
2.) Or I can still protect and proxy requests from this application to current OHS instance? How can I do this?
3.) Or Do I need to proxy requests directly from IIS to OAM weblogic server?
Please advise to the earliest as this is an urgent issue.
Thanks !!

From your description it is not clear how exactly architecture looks like
We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page.
is this OHS centralized login farm ? (Case 1)
OR is this OHS server (with webgate) acting as virtual web server hosting multiple web sites so that request to any site passes through this OHS/webgate (Case 2)
1.) Do I need to install a windows version of webgate to protect this IIS based application?
If case 1 then you need to install 10g webgate on top of IIS server to protect this application
If case 2 then you can just proxy request from OHS to IIS server. As every request passes through OHS user will be authenticated before request hits IIS
Look at Product documentation for virtual web sites : http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/shared.htm#autoId12
It has steps to protect virtual web sites.
Also you need to make sure no one hits IIIS web sites directly.
Hope this helps

Apex application registered with sso as partner application

We have 1 apex app registered with sso and working properly.
I just registered a new apex application with sso. when i authenticate through sso, it directs me to the originally registered application.
I went in through the portal administrator app and verified my settings all pointed to the new application. I verified that my dad is set up correctly.
Any ideas?
APEX 2.0

i did register and obtain the keys through portal admin.
to ensure i used the proper keys (i guess there is a possibility i used the keys from db1 registration) i re-ran regapp with the right keys but recieved the following output:
SQL> @regapp
Partner Application Configuration
Enter value for listener_token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
Enter value for site_id: EFBE3E14
Enter value for site_token: MSMXURH1EFBE3E14
Enter value for login_url: https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: 2EBDD126A3A40606
Enter value for ip_check: N
ERROR: Error in registration. Please try again
User-Defined Exception
Registration successful.
Listener token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
Site id : EFBE3E14
Site token : MSMXURH1EFBE3E14
Encryption key: 2EBDD126A3A40606
Login URL :
https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
n.ls_login
Logout URL :
https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
n.ls_logout
IP check : N
PL/SQL procedure successfully completed.
Commit complete.
No errors.
SQL>
...in spite of the error, i aske the app developer to try and use sso for db2. he now recieves:
User-Defined Exception
Error Error in wwv_flow_custom_auth_sso.process_success:l_sso_user_name:l_sess_id:: Please contact administrator.
OK
any ideas?

Cannot deploy BPEL process with SSO to BPELConsole activated

I cannot deploy BPEL process with SSO to BPELConsole activated. Here is the error I get from JDeveloper (sorry for the french error message):
Problème détecté lors de la connexion au serveur "ssdvoiagu.dev.local.csst.qc.ca" sur le port "7781" : java.security.AccessControlException: access denied (com.collaxa.security.DomainPermission generique read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at com.collaxa.security.OC4JSecurityService.checkAccess(OC4JSecurityService.java:16)
at com.collaxa.security.SecurityService.checkDomainAccess(SecurityService.java:26)
at com.collaxa.cube.fe.util.ServletUtils.getLocatorWithoutUrlRewrite(ServletUtils.java:162)
at deployHttpClientProcess.jspService(_deployHttpClientProcess.java:332)
at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:302)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:190)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
Target BPEL process manager runs under SOA 10.1.3.3. When the SSO to BPELConsole is disabled, the deployment works just fine. Is there any way to make it work with SSO?

Please check:
http://blog.jpoot.com/category/oracle-appserver/oid-ldap/
We had some issues with SSO and SSL but everything is running now.
Marc

Apex Configuration with SSO on Database 11g

Hi All,
I am trying to configure Application Express with SSO on 11g and I have followed all the steps mentioned in http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
My partner app configuration is
Site ID: 0F32F8E1
Site Token: JC54XU4Q0F32F8E1
Encryption Key: 61443A93398DC472
Single Sign-On URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
Application Name: Insight Knowledge Manager on New Server
Application Home URL: http://orclinsight.oraclecorp.com
Application Success URL: http://orclinsight.oraclecorp.com/pls/apex/wwv_flow_custom_auth_sso.process_success
Application Logout URL: http://orclinsight.oraclecorp.com
After running the @custom_auth_sso.sql and @custom_auth_sso.plb and doing grant execute on wwv_flow_custom_auth_sso to public; I have also created an authentication scheme in APEX based on the pre-configured scheme on Apex as partner app
this is the URL of the app.... http://orclinsight.oraclecorp.com/pls/apex/f?p=100:1
if I type this URL, I get redirected to the SSO authentication page...however once I have filled the credentials.. it shows me the following error message
*"The requested URL /pls/apex/wwv_flow_custom_auth_sso.process_success was not found on this server."*
The result of this query select lsnr_token||':'||site_token||':'||site_id||':'||urlcookie_version||':'||encryption_key||':'||url_cookie_ip_check||':'||ls_login_url from wwsec_enabler_config_info$
is
'HTML_DB:orclinsight.oraclecorp.com:80:JC54XU4Q0F32F8E1:0F32F8E1:v1.2:61443A93398DC472:Y:https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login'
and the result of begin owa_util.print_cgi_env; end; query in APEX - SQL Workshop is
PLSQL_GATEWAY = WebDb
GATEWAY_IVERSION = 2
SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server
GATEWAY_INTERFACE = CGI/1.1
SERVER_PORT = 80
SERVER_NAME = orclinsight.oraclecorp.com
REQUEST_METHOD = POST
PATH_INFO = /wwv_flow.show
SCRIPT_NAME = /pls/apex
REMOTE_ADDR = 141.144.152.146
SERVER_PROTOCOL = HTTP/1.1
REQUEST_PROTOCOL = HTTP
REMOTE_USER = APEX_PUBLIC_USER
HTTP_CONTENT_LENGTH = 291
HTTP_CONTENT_TYPE = application/x-www-form-urlencoded; charset=UTF-8
HTTP_USER_AGENT = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
HTTP_HOST = orclinsight.oraclecorp.com
HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING = gzip,deflate
HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5
HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_REFERER = http://orclinsight.oraclecorp.com/pls/apex/f?p=4500:1003:1510257042232818::NO:::
HTTP_ORACLE_ECID = 1258784987:64.181.227.33:7900:4328:22,0
WEB_AUTHENT_PREFIX =
DAD_NAME = apex
DOC_ACCESS_PATH = docs
DOCUMENT_TABLE = wwv_flow_file_objects$
PATH_ALIAS =
REQUEST_CHARSET = AL32UTF8
REQUEST_IANA_CHARSET = UTF-8
SCRIPT_PREFIX = /pls
HTTP_COOKIE = [email protected]:insight_workspace; ORA_WWV_USER=BE50DD5881201806; IdcLocale=English-US; IntradocAuth=Internet; oracle.uix=0^^GMT+5:30^p; IntradocLoginState=1; IdcTimeZone=America/Chicago
Please advise what should I do next or where I may be going wrong?
Warm Regards,
Anand

Hi All,
I am trying to configure Application Express with SSO on 11g and I have followed all the steps mentioned in http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
My partner app configuration is
Site ID: 0F32F8E1
Site Token: JC54XU4Q0F32F8E1
Encryption Key: 61443A93398DC472
Single Sign-On URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
Application Name: Insight Knowledge Manager on New Server
Application Home URL: http://orclinsight.oraclecorp.com
Application Success URL: http://orclinsight.oraclecorp.com/pls/apex/wwv_flow_custom_auth_sso.process_success
Application Logout URL: http://orclinsight.oraclecorp.com
After running the @custom_auth_sso.sql and @custom_auth_sso.plb and doing grant execute on wwv_flow_custom_auth_sso to public; I have also created an authentication scheme in APEX based on the pre-configured scheme on Apex as partner app
this is the URL of the app.... http://orclinsight.oraclecorp.com/pls/apex/f?p=100:1
if I type this URL, I get redirected to the SSO authentication page...however once I have filled the credentials.. it shows me the following error message
*"The requested URL /pls/apex/wwv_flow_custom_auth_sso.process_success was not found on this server."*
The result of this query select lsnr_token||':'||site_token||':'||site_id||':'||urlcookie_version||':'||encryption_key||':'||url_cookie_ip_check||':'||ls_login_url from wwsec_enabler_config_info$
is
'HTML_DB:orclinsight.oraclecorp.com:80:JC54XU4Q0F32F8E1:0F32F8E1:v1.2:61443A93398DC472:Y:https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login'
and the result of begin owa_util.print_cgi_env; end; query in APEX - SQL Workshop is
PLSQL_GATEWAY = WebDb
GATEWAY_IVERSION = 2
SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server
GATEWAY_INTERFACE = CGI/1.1
SERVER_PORT = 80
SERVER_NAME = orclinsight.oraclecorp.com
REQUEST_METHOD = POST
PATH_INFO = /wwv_flow.show
SCRIPT_NAME = /pls/apex
REMOTE_ADDR = 141.144.152.146
SERVER_PROTOCOL = HTTP/1.1
REQUEST_PROTOCOL = HTTP
REMOTE_USER = APEX_PUBLIC_USER
HTTP_CONTENT_LENGTH = 291
HTTP_CONTENT_TYPE = application/x-www-form-urlencoded; charset=UTF-8
HTTP_USER_AGENT = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
HTTP_HOST = orclinsight.oraclecorp.com
HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING = gzip,deflate
HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5
HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_REFERER = http://orclinsight.oraclecorp.com/pls/apex/f?p=4500:1003:1510257042232818::NO:::
HTTP_ORACLE_ECID = 1258784987:64.181.227.33:7900:4328:22,0
WEB_AUTHENT_PREFIX =
DAD_NAME = apex
DOC_ACCESS_PATH = docs
DOCUMENT_TABLE = wwv_flow_file_objects$
PATH_ALIAS =
REQUEST_CHARSET = AL32UTF8
REQUEST_IANA_CHARSET = UTF-8
SCRIPT_PREFIX = /pls
HTTP_COOKIE = [email protected]:insight_workspace; ORA_WWV_USER=BE50DD5881201806; IdcLocale=English-US; IntradocAuth=Internet; oracle.uix=0^^GMT+5:30^p; IntradocLoginState=1; IdcTimeZone=America/Chicago
Please advise what should I do next or where I may be going wrong?
Warm Regards,
Anand

Apex With SSO not working

When running htmldb 2.0.00.29 with SSO , we receive
ORA-06550: line 2, column 1: PLS-00201: identifier 'WWSEC_SSO_ENABLER_PRIVATE.GENERATE_REDIRECT'
must be declared ORA-06550: line 1, column 45: PL/SQL: Statement ignored
Error Unable to run portal_sso_redirect procedure as schema: PL_USER with partner app name: people finder:mercator.hq.ccw.gov.uk:7779.
During debugging the issue we found out that the ssosdk could not be installed into FLOWS_020000 correctly
( error like:
@loadsdk.sql
create table wwsec_enabler_config_info$ OF sec_enabler_config_type
ORA-00955: name is already used by an existing object
CREATE sequence wwsec_log_pk_seq increment BY 1
ORA-00955: name is already used by an existing object
and as followup error in regapp.sql
ERROR: Error in registration. Please try again
ORA-06508: PL/SQL: could not find program unit being called
Now we created in a separate schema the ssosdk and run next steps of
Note:353023.1 CONFIGURING AN APEX (HTMLDB) APPLICATION TO USE SSO:
But bow same error like on starting up the issue.
Question:
Is it possible to install ssosdk in a separate schema and not into FLOWS_02xxx
If yes, what are the steps differennt to the Note:353023.1
thanks

Hi Scot,
Thank you for your response.
This is what I did for the migration by following the thread in
How can I recovery APEX application from a full database export?
- Create new empty database with APEX installed.
- Disable foreign key constraints in the FLOWS_030100 Schema
- Truncate all tables in the FLOWS_030100 Schema
- Perform user level imports of tables only with IGNORE = Y for FLOWS_030100 Schema
- Enable the constraints.
(everything seems intact including SSO SDK objects)
To register with SSO, this is what I did;
1. Load SSO SDK in FLOWS_030100 Schema anyway
2. Register APEX as Partner in SSO
ID: 1B914F48
Token: F76K433U1B914F48
Encryption Key: F76K433U1B914F48
Login URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
Login URL : http://<hotsname>:7778/pls/apex
Success URL : http://<hotsname>:778/pls/apex/wwv_flow_custom_auth_sso.process_success
Logout URL : http://<hotsname>:7778/pls/apex
3. Run regapp.sql as FLOWS_030100
SQL> @regapp.sql
Partner Application Configuration
4.
Enter value for listener_token: HTML_DB:<hostname>:7778
Enter value for site_id: 1B914F48
Enter value for site_token: F76K433U1B914F48
Enter value for login_url: http://<hostname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: C5EB92724C7C98B8
Enter value for IP check : N
4. Ensure wwv_flow_custom_auth_sso compile successfully and grant it to Public
When I tested it, I did get the page of SSO login. But after logging in, it will just go to Page not found. Initially, I thought there's someting wrong with
wwv_flow_custom_auth_sso.process_success but it did compile successfully and I have granted it to Public.
Yong

Integrating Application Express with SSO

Hi,
What's the difference between integrating Apex with SSO as a partner application, and integrating it as an external application. Are there any benefits / drawbacks to either? and in what situation would you use one or the other?
Thanks,
Lee

Hi, I have one more question related to this.
We are currently considering implementing the following:
We are designing a system where the majority of users will have read only access to data. The read only users will NOT have to sign into the system in order to use the system at this privilege level. Other users will have to sign in and once they have done so will then be able to edit and access other functions of the system that are not available to regular read only users. Login links will be available on a number of different screens and once logged in they will be returned to the screen from which they logged in.
We understand that we can use SSO or even Apex's own authentication to acheive this.
There is also another system built using portal, forms and SSO. Once a user signs into the portal there is a main menu where various links to different applications are available/hidden depending on the OID groups that the user is a part of.
Ideally we want to be able to provide a link from the portal system to the apex system from the portal main menu. If a user is signed into the portal then they should be able to enter the apex system without the requirement to sign in again, assuming that they have edit privileges for the apex system. However if the user is signed into the portal but they do not have edit privileges we want to be able to display the apex system in read only mode as we would for anybody else who is not an edit user complete with login links.
Would this be possible using SSO bearing in mind that we do not want to have to create users for the read only users?
Any help would be greatly appreciated.
Thanks,
Lee

APEX not working with SSO

I am trying to setup APEX 3.1 (fresh installation not upgrade) to work with SSO on Linux.
APEX and AP infrastructure are installed on separate servers and APEX is working with mid tier HTTP server.
I have followed the steps below and I don’t get any error messages at all but when I finally point the browser to an application I get an error:
ERR-7620 Could not determine workspace for application
Expecting p_company or wwv_flow_company cookie to contain security group id
I would appreciate any help
Regards,
Anna
alter user flows_030100 identified by xxxx;
alter user flows_030100 account unlock;
Loaded SSO SDK into the flows_030100 schema @APEX_DB
Registered ApEx as a partner application, supplied values:
HOME URL : http://serverABC.ypgstaging.local:7777/pls/apex
Success URL : http://serverABC.ypgstaging.local:7777/pls/apex/wwv_flow_custom_auth_sso.process_success
Log Out URL : http://serverABC.ypgstaging.local:7777/pls/apex/apex
Application Name APEX
As flows_040100@APEX_DB:
SQL> @regapp.sql
Partner Application Configuration
Enter value for listener_token: apex:serverABC.ypg.local:7777
Enter value for site_id: 6F20F2EF
Enter value for site_token: W201QS2F6F20F2EF
Enter value for login_url: http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: 3F7CD0E25D17A170
Enter value for ip_check: N
Registration successful.
Listener token: apex:serverABC.ypg.local:7777
Site id : 6F20F2EF
Site token : W201QS2F6F20F2EF
Encryption key: 3F7CD0E25D17A170
Login URL :
http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Logout URL :
http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
IP check : N
PL/SQL procedure successfully completed.
Commit complete.
No errors.
SQL> select * from wwsec_enabler_config_info$;
LSNR_TOKEN
SITE_TOKEN
SITE_ID
LS_LOGIN_URL
URLCOOKIE_VERSION
ENCRYPTION_KEY
ENCRYPTION_MASK_PRE
ENCRYPTION_MASK_POST
U
apex:serverABC.ypg.local:7777
W201QS2F6F20F2EF
6F20F2EF
http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
v1.2
3F7CD0E25D17A170
C70C4A8B5227430F37EA0903E8A7C7BC
35B1659E7B2E5FB7BF1C0381B44E1FF9
N
Then on APEX_DB server I ran the following:
[oracle@ATC1SDBYM01 core]$ sqlplus
Enter user-name: / as sysdba
SQL> alter session set current_schema=flows_030100;
Session altered.
SQL> @custom_auth_sso_902.sql
...wwv_flow_custom_auth_sso
Package created.
No errors.
SQL> @custom_auth_sso_902.plb
...wwv_flow_custom_auth_sso
Package body created.
No errors.
SQL> grant execute on wwv_flow_custom_auth_sso to public;
Grant succeeded.
alter user flows_030100 identified by values ‘xxx’;
alter user flows_030100 account lock;
Here is a test application URL:
http:/serverABC.ypgstaging.local:7778/pls/apex/f?p=F101::&c=yellowmart
The application authentication schema is set to SSO.

Scott
I have restarted AS and rerun the regapp script successfully. I have noticed I entered the wrong domain name while registering it first time and I have corrected the error this time.
SQL> select * from wwsec_enabler_config_info$;
LSNR_TOKEN
SITE_TOKEN
SITE_ID
LS_LOGIN_URL
URLCOOKIE_VERSION
ENCRYPTION_KEY
ENCRYPTION_MASK_PRE
ENCRYPTION_MASK_POST
U
HTML_DB:serverABC.ypgstaging.local:7777
W201QS2F6F20F2EF
6F20F2EF
http://serverABC.ypgstaging.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_lo
gin
v1.2
3F7CD0E25D17A170
C70C4A8B5227430F37EA0903E8A7C7BC
35B1659E7B2E5FB7BF1C0381B44E1FF9
N
However I still get the same error message in my browser when I point it to the application.
Regards,
Anna

Register application with SSO

Hi all
I have a APEX install which I have succesfully registered with SSO as a partner application (I have registered APEX/HTMLDB itself). On this machine we host a number of applications which can be accessed as http://myserver.mydomain.com/pls/htmldb/f?p=APP_NAME1 (and so on to APP_NAME_n).
The business owner of one of these applications wants to have an application-specific URL instead of the generic type URL (eg, http://my-new-app.mydomain.com/....), and to keep the new alias in the browser URL. However, I am sure that this will require me to register the application with SSO as the SSO server won't recognise the new URL.
I have searched the forum and not found any reference to having the entire HTMLDB engine registered as a partner app, and registering individual apps with SSO at the same time. Perhaps, this is so trivial and straightfoward that no-one has come across any problems with this. But I wonder if there are any "gotchas" in having this kind of set up before I actually start on it.
regards
Gerard

Gerard - That should work as that was the intended purpose of having the two "flavors" of SSO partner app integration - so that a workspace schema could have a local copy of the SSO SDK and could use it independently of the Application Express installation's copy. Do let us know how it goes, especially if it works.
Scott

Upgrade ERP database 11g and ATG7 with SSO integation

Please let us know how to Perform Upgrade ERP database 11g and ATG7 with SSO integation .
Regards .

We have completed to upgrade ERP database from 9.2.0.6 to 11.2.0.1 and also apply ATG 7 on Test instance.
And user finish testing , there is no issue after upgrade and application can work as normal.
On Test instance we didn't implement Single Sign On
But on Production we have Single Sign ON.
Now we plan to upgrade on Production instance. But we afraid that we will found any issue on Production relate to SSO. Becase we don't have a chance to test it.
My question is:
Are there any spacial step we need to do if we have implemented SSO After upgrade DB 11g and ATG 7?

Problem with sso for asp applications

Hi,
i am using the web app integrator to integrate asp application with SSO, i am getting permission denied some times, the permission denied is a small html file on asp server side when userid is null.
I am sure that the user id is not null because i have written small script to respond back with the passed user id like response.write(""), it is giving back the passed user id every time but at the same time i am getting Permission denied.
The permission denied is a small html file on the .net server side when the ui=null in the pssing URL.
How this is happening at the same time, one is giving back the user id and one is taking the user id as null.
some times i am getting right page and some times giving permisssion denied.
the basic URl is
http://abc.xyz.com/sm_log.asp?userid=damodhar
There is no great security behind this only passing user id, they are not passing the password even in the http header authentication. the simple logic is they are hiding the URL from the view source.
if i pass the hard coded url from the browser i am getting the proper page at the same time if i pass the url from portal it is working some times and some times not, i don't know when?
I am using the web application integrator method.
we are operating portal server from internet and .net server is on intranet.
Thanks,
Damodhar.

If you lose sounds for keyboard clicks, games or other apps, email notifications and other notifications, system sounds may have been muted.
System sounds can be muted and controlled two different ways. The screen lock rotation can be controlled in the same manner as well.
Settings>General>Use Side Switch to: Mute System sounds. If this option is selected, the switch on the side of the iPad above the volume rocker will mute system sounds.
If you choose Lock Screen Rotation, then the switch locks the screen. If the screen is locked, you will see a lock icon in the upper right corner next to the battery indicator gauge.
If you have the side switch set to lock screen rotation then the system sound control is in the task bar. Double tap the home button and in the task bar at the bottom, swipe all the way to the right. The speaker icon is all the way to the left. Tap on it and system sounds will return.
If you have the side switch set to mute system sounds, then the screen lock rotation can be accessed via the task bar in the same manner as described above.
This support article from Apple explains how the side switch works.
http://support.apple.com/kb/HT4085

How i get user info from ldap using java after authenticating user with SSO

Hi
I have one jsp/bean application as a partner application with SSO.
It works fine.
Now i need to get other attributes of user from LDAP who has logged into the application through SSO.
using SSO java APIs i only get username, userDN, subscriber info.
To get user's other attribute i have to user LDAP APIs for that i have to create on Directory Context, for the same i need userpassword.
so here i my question, how do i get user password after he has logged in thro SSO.
regards..
and thanking u in advance
samir

Valentina,
there's no way to get the password value from the directory (it's one way). Of course you can get the hashed (MD4,MD5,SHA-1) base64 encoded value (i.e. the value you see in OiD) but not the 'password'.
--Olaf

Unable to view BI Publisher report with SSO configuration enabled

Hi All,
Can anybody let us know the configuration of the BI publisher with SSO enabled. We are unable to see any of the BI Publisher reports. without SSO configuration we have integration working perfectly fine with the OBIEE and Publisher.
We followed the configuration steps to integrate BI Publisher with Oracle SSO. The following are the steps:
1. deploy analytics.ear as a new application 'analyticsSOAP' in OAS
2. protect analyticsSOAP in mod_osso.conf file under OAS
3. change OBIEE Presentation services configuration to use analyticsSOAP/saw.dll
4. run credstore utility to encrypt password
5.restart xmlp server
6.restart http server
7.restart obiee server
8. restart obiee presentation service
Still we have issues when we try to accesses BI Publisher reports by clicking more Products -> BI Publisher or view reports directly on the OBIEE Dashboard
Thanks in advance.

configure one more virtual path which is unprotected from site minder. we had similar issue for Marketing and resolved by this virtual path.
ref:
http://vaandun-analytics.blogspot.com/2009/11/obi-publisher-with-empty-obi-catalog.html
Thanks
Sarathi

APEX 3.1.2 install with sso, error "requested url ../plsapex/f.. not found"

Question: why is sso rewriting the url from .../pls/apex/f?p=.. to .../plsapex/f?p=?
Can anyone help?
Thanks.
Abstract: APEX 3.1.2.00.02 install with sso config, error "requested url ../plsapex/f .. was not found"
Situation:
Upgraded from Apex 3.0.0.00.20 to Apex Application Express 3.1.2.00.02
I get to my apex_admin and apex builder pages with url: [http://machinename:port/pls/apex] or
[http://machinename:port/pls/apex_admin]
When I try to access our application using no authentication scheme everything is fine.
But when I switch to sso authentication, somehow strangely the url [http://machinename:port/pls/apex/f?p=application_number]
is rewritten to sso [http://machinename:port/plsapex/f?p=application_number].
[https://test.insitehome.org/pls/apex/f?p=119]
reappears in browser as
[https://test.insitehome.org/plsapex/f?p=119:1:2095395898953485]
entries of select * from flows_030100.WWSEC_ENABLER_CONFIG_INFO$
"LSNR_TOKEN" "SITE_TOKEN" "SITE_ID" "LS_LOGIN_URL" "URLCOOKIE_VERSION" "ENCRYPTION_KEY" "ENCRYPTION_MASK_PRE" "ENCRYPTION_MASK_POST" "URL_COOKIE_IP_CHECK"
"HTML_DB:test.insitehome.org:443" "LS$XXXXXXXXXXXXXXXX" "6XXXXXXX" "https://testsso.insitehome.org/pls/orasso/orasso.wwsso_app_admin.ls_login" "v1.2" "0AXXXXXXXXXXXXX" "6FXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" "C2XXXXXXXXXXXXXXXXXXXXXXXXXXXXX" "N"
entries of select * from flows_030100.WWSEC_SSO_LOG$ showing ../plsapex/.. rewrite,
after trace turned on with SQL> @secdbg.sql;
ID MSG LOG_DATE
1259 entry: urlencode 15-DEC-08
1260 encoded URL is https%3A%2F%2Ftest.insitehome.org%3A443%2Fplsapex%2Ff%3Fp%3D119%3A1%3A1562268139343648 15-DEC-08
1261 exit: urlencode 15-DEC-08
1262 entry: urlencode 15-DEC-08
1263 encoded URL is https%3A%2F%2Ftest.insitehome.org%3A443%2Fplsapex%2Ff%3Fp%3D119%3A1%3A1562268139343648 15-DEC-08
1264 exit: urlencode 15-DEC-08
copy of last entries Apache log file
[Mon Dec 15 13:30:33 2008|http://forums.oracle.com/forums/] error [http://client 172.18.5.120|http://client%20172.18.5.120/] [ecid: 120704279613,1|http://forums.oracle.com/forums/] File does not exist: /u02/test_10gr2_hm2/Apache/Apache/htdocs/plsapex/f
[Mon Dec 15 13:32:18 2008|http://forums.oracle.com/forums/] error [http://client 172.18.5.120|http://client%20172.18.5.120/] [ecid: 124999354851,1|http://forums.oracle.com/forums/] File does not exist: /u02/test_10gr2_hm2/Apache/Apache/htdocs/favicon.ico
[Mon Dec 15 13:32:18 2008|http://forums.oracle.com/forums/] error [http://client 172.18.5.120|http://client%20172.18.5.120/] [ecid: 120704387543,1|http://forums.oracle.com/forums/] File does not exist: /u02/test_10gr2_hm2/Apache/Apache/htdocs/plsapex/f
[Mon Dec 15 13:32:21 2008|http://forums.oracle.com/forums/] error [http://client 172.18.5.120|http://client%20172.18.5.120/] [ecid: 124999354854,1|http://forums.oracle.com/forums/] File does not exist: /u02/test_10gr2_hm2/Apache/Apache/htdocs/favicon.ico
[Mon Dec 15 13:32:21 2008|http://forums.oracle.com/forums/] error [http://client 172.18.5.120|http://client%20172.18.5.120/] [ecid: 120704387663,1|http://forums.oracle.com/forums/] File does not exist: /u02/test_10gr2_hm2/Apache/Apache/htdocs/favicon.ico
[Mon Dec 15 13:32:25 2008|http://forums.oracle.com/forums/] error [http://client 172.17.241.64|http://client%20172.17.241.64/] ecid: 1229365945:172.17.241.64:23211:0:817,0 \nOSSO E09: No Oracle SSO support for POSTing data to protected resource yet.\n
[Mon Dec 15 13:35:09 2008|http://forums.oracle.com/forums/] error [http://client 172.18.5.120|http://client%20172.18.5.120/] [ecid: 107819660799,1|http://forums.oracle.com/forums/] mod_plsql: /pls/apex/wwv_flow_custom_auth_sso.process_success HTTP-404 \nwwv_flow_custom_auth_sso.process_success: MANY PROCEDURES MATCH NAME, BUT NONE MATCHES SIGNATURE (parameter names)\n
[Mon Dec 15 13:37:25 2008|http://forums.oracle.com/forums/] error [http://client 172.17.241.64|http://client%20172.17.241.64/] ecid: 1229366245:172.17.241.64:19598:0:70,0 \nOSSO E09: No Oracle SSO support for POSTing data to protected resource yet.\n
[Mon Dec 15 13:42:25 2008|http://forums.oracle.com/forums/] error [http://client 172.17.241.64|http://client%20172.17.241.64/] ecid: 1229366545:172.17.241.64:23157:0:832,0 \nOSSO E09: No Oracle SSO support for POSTing data to protected resource yet.\n

1. I am able to get to the SSO page. I am redirected to the sso page first
when unter the url [https://test.insitehome.org/pls/apex/f?p=119:1]
I am able to enter the username and password.
But once I click the login button I get the following message :
" Not Found
The requested URL /plsapex/f was not found on this server.
Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server Server at test.insitehome.org Port 443"
2. The mod_osso.conf file was not changed for our Apex upgrade. The contents of the osso.conf file though are not readable.
I tried commenting out the
#OssoConfigFile /u02/test_10gr2_hm2/Apache/Apache/conf/osso/osso.conf
line in the mod_osso.conf file. url rewrite to ../plsapex/.. did not change.
Thanks.
Douglas
1. The contents of OssoConfigFile /u02/test_10gr2_hm2/Apache/Apache/conf/osso/osso.conf
^E~H/ôMæ~DÑ~I~PG^:~I| u^~T=Èi^V^OÜ.¦Â^PhW^AºÙ·G»?nÓ^MsF~C®Û¶åÌ4Ír^S)±~Y£µìø>oA~W~W~ÌÂ~W²E~^K^Yg~I#\^?^H~U^LÜ æiò
~ËîÁn^S~J@VI³^YªÞ~SÒüc¿ÿ|üw¶ï.Gl^X^U~N31p^Q©»$@~N¤Á_q0beÁ:Ô&ÙÇÁts^[ÓÔsJÌÖ~W£F^W~W^^è3Aµ^[¡>u^D|f^B~SèDÄ¦íþlýÄ^KÕæíUu^Gxg~--D^--^GuÑ-^PAÇ4^H^@Px«Ó^--`Gf^PuJxützþ<¸¡~JÛ¯ýa~^G~G^U^WSk÷u$ßâ´às~@8^Y¨,--^RË2ûçÁëÌó@¦½Jg£Ør^RCs<~@~RÙ·ßóÿÞN@ø0£~Gõr^S~N^R±½^_~W~\fÔ|óÀ^W~F~T^XO~PHvú|^F(·%"4Ýlâ~J¸~H^N0#dÀ¸O^H^@~S^FZN2ìzåäN^Xn[T~\(¥ôy"z~XY¶2~TTg^Yýãæ~V¸ÿ^VUs^B~Hë^S^Z3~A>nzr~[^SlÀ;~D~Hã½Zö~U^C
2. Browser headers- using "Live HTTP headers"
showing the change in the browser url from .../pls/apex/.. to /plsapex/..
[https://testsso.insitehome.org/pls/orasso/orasso.wwsso_home.process_signon?urlc=v1.2~08090C4ABBC838658AA3832B0404A1AD53FA9354A053CD7A3DE65D3F31E756E01249AA25E5D85CFD37C9046C60C1340DF5FCAB898569B6791252608F196074FCD7309A9DC4C6B3D9B88E9255DDCD10E3820D6BEB11294A7A4CF9AE309DB67FEC05A56D5B7C7EC239E3F9D5E27E1F199C7338C333B11E9A672CF9B6DFFC193ABA7CFBD22BAE8726E566690E47127365BCC0E5D7A7A24769A1727E287E06CC7FF4BD9D3680141B849561EADCB0478EC2F48D741652100F6EB08395B3253439783EC02DC9ECF8C0B41B112A4059B88B5C3F7854D687A25CDC423A567466E7D48F06BEDD238B645FE5CE58427DD9A9E692A0C88E4891CD900F9DEE362CDDF84A8A62E4093C95628878785C9C8DD54DC21A297BEC39C7EA28A2AEDE81EA475248E15F1327636295C484FA1246FC5B921D675CD17E9CA00F1138A89E8A82292963EAACFB369C19C75610779033377F7EF340278EBFF6E213D64AD9531E7E24AACDC78EE5F35A149CC3754B]
GET /pls/orasso/orasso.wwsso_home.process_signon?urlc=v1.2~08090C4ABBC838658AA3832B0404A1AD53FA9354A053CD7A3DE65D3F31E756E01249AA25E5D85CFD37C9046C60C1340DF5FCAB898569B6791252608F196074FCD7309A9DC4C6B3D9B88E9255DDCD10E3820D6BEB11294A7A4CF9AE309DB67FEC05A56D5B7C7EC239E3F9D5E27E1F199C7338C333B11E9A672CF9B6DFFC193ABA7CFBD22BAE8726E566690E47127365BCC0E5D7A7A24769A1727E287E06CC7FF4BD9D3680141B849561EADCB0478EC2F48D741652100F6EB08395B3253439783EC02DC9ECF8C0B41B112A4059B88B5C3F7854D687A25CDC423A567466E7D48F06BEDD238B645FE5CE58427DD9A9E692A0C88E4891CD900F9DEE362CDDF84A8A62E4093C95628878785C9C8DD54DC21A297BEC39C7EA28A2AEDE81EA475248E15F1327636295C484FA1246FC5B921D675CD17E9CA00F1138A89E8A82292963EAACFB369C19C75610779033377F7EF340278EBFF6E213D64AD9531E7E24AACDC78EE5F35A149CC3754B HTTP/1.1
Host: testsso.insitehome.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: [https://test.insitehome.org/pls/apex/f?p=119:1]
Cookie: SSO_ID=v1.2~1~B2483914381A0220A727D12C9A8915E0A7D5AC3F5921B83727FF3A769585941BFC92F6ED489A5526E4BA399033EBB1F594C2E5A9651284A756F0266EDADF2788A5646DC849CC31B22EDFF550F9AE8FBAA45D77962089553D126DC23F7C7D2FF5A6DCD07733EC7AE97C49B047498D6007FAE70E0BB737DD71475C47565AC065B460717829838F23206D05E94531F1B214A089889F439700293486A9BA57C9CEBE1D9958AA22C8A11254DE2B99554BEC167ACAEED89A91289AE21D3392F1B4BB8E21F37C087A416488E063FD4E905ACE4532BF5C7AD4BCCC694F46325BFD4B6B61C0530FDFE7E17D5ECABB99B2734D813E8A969B328653110606BD37F85E3E383A2309D69B4792CBD2173695360006B17F; orasso=9.0.3+en-us+us+AMERICA+5E6829A8119E1C0EE04011AC15F572DA+416E61A4441EBFF32F938E43B1C666B24FCDEED0AE4178FB7D0666DF2F8B242E83E304641F7BB27D2447D4235172D9FDAF1AF383E817CC68D3FAC8771CA0D15526CC58AFCA0862435154ABDA250A026D369DCCC3EC1DA333
HTTP/1.x 302 Found
Date: Fri, 19 Dec 2008 14:31:46 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
Location: [https://test.insitehome.org:443/plsapex/f?p=119:1:4439918187386025|https://test.insitehome.org/plsapex/f?p=119:1:4439918187386025]
Set-Cookie: orasso=9.0.3+en-us+us+AMERICA+5E682B3E13BF540BE04011AC15F572DC+D7088454FEBAE9994BE0076646C00462FF614D0247361AC1D38957C467A4BD0B68508FA922065C7512D2DD7BC3BF02EE28F7281585308D54E0BCC5F3E3254F8DB6F3952C0C6D0F5B88B379B6686B1981F7DE4443A83FA03F;path=/;secure
Keep-Alive: timeout=60, max=1000
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
[https://test.insitehome.org/plsapex/f?p=119:1:4439918187386025]
GET /plsapex/f?p=119:1:4439918187386025 HTTP/1.1
Host: test.insitehome.org:443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: [https://test.insitehome.org/pls/apex/f?p=119:1]
Cookie: ORACLE_SMP_CHRONOS_GL=26:1229695773:876325; ORACLE_SMP_CHRONOS_LT=1229697115969
HTTP/1.x 404 Not Found
Content-Type: text/html; charset=iso-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.2.0 (N;ecid=112453569346,0)
Content-Length: 326
Date: Fri, 19 Dec 2008 14:31:46 GMT
-----

BSP to IIS with SSO

Similar Messages

Maybe you are looking for