EP 7.0 with SSO to ITS 6.10
Hello,
we have conacted a EP 7.0 SP12 over an iview to an ITS 6.10, which then use rfc to connect ess/mss from an old sap server 620. We implemented SSO. If we access the ITS over the portal we see the login screen from the ITS. We are able to login without using user/password, only by pressing the button login. So far the sso is working, but we don't want to the the login side from the ITS. This will confuse the users.
Have I configured in the iview the wrong authentication methode? Or shouldn't I use an iview to build the connection to the ITS?
Regards,
Alexander
Hello Alexander,
We are also facing the same problem, a login screen comes up, where just pressing the logon button, opens the desired screen.
Why is this login screen coming up?How did you solve your problem?
Please respond, as it is a very urgent task, which needs to be completed asap.
Thanks,
Sonali.
Similar Messages
-
Ok all knowing people, I have this working in EP5 but, can't get it working in EP6.
Our Portal:
EP6 SP2 Pack3 Hotfix7. Working like a champ. However, SSO to our ITS box will not work.
I have downloaded and am using the SAP application integrator. After creating the ITS System I make an Iview with com.sap.portal.appintergrator.sap with the generic component selection.
Url template is HTTPS://its.server.net/scripts/wgate/webgui/! ?<authentication>
Template fraction for user mapping:
login=<mappeduser>&password=<mappedpassword>
After I run the Iview I get a runtime error.
"Unable to process template https://its.server.net/scripts/wgate/webgui/! ?<authentication> because authentication is an invalid terminal property of the context."
Am I going in the wrong direction? Do you know of anyone that is running a webgui within an Iview with SSO?Hi,
you have to create a "SAP Transaction iView" instead of using the app integrator.
==> right click on the desired folder in the PCD ==> choose "New" and "iView" ==> choose "SAP Transaction iView" ==> enter the ID info ==> choose the GUI type ("SAP Gui for HTML in your case) ==> select your SAP system and enter the desired transaction code ==> save
Regards,
Michael -
Hi Experts,
Here is the issue:
I have 2 Internal Portals SP and EP.
1.If I open SP Portal from Internet Explorer, SSO Tickets are getting generated and I am able to Login using SSO to SP - ITS machines.
2.If I open EP Portal from Internet Explorer and In the same Browser If I open SP Portal,now I am unable to Login using SSO to SP - ITS Machines.It is showing logon screen.
The Issue might be SSO Tickets generated by EP Portal do not subsequently allow SSO to SP ITS Machines.
Could you please let me know where exactly goes wrong,and where should I make changes to rectify this issue.
Any help would be highly appreciated.Thankx in advance.
Regards,
KarthickHi Karthick,
This blog might be interesting for troubleshooting.
/people/dennis.kleymeonov/blog/2005/09/15/connecting-sap-systems-to-enterprise-portal-with-sso
You might also get more information with the hints given in SAP note 495911.
Thanks and regards,
Dieter -
SSO between ITS 620 R/3 and EP
Hi,
I need to use ITS 620 for R/3 4.7 and EP 6.0 for ess/mss implementation
I have to configure SSO between R/3 and EP.
Do I also need to configure SSO between ITS and R/3 , ITS and EP also for this?
If yes can any one tell me the steps in configuring SSO between ITS and R/3, ITS and EP ?
advance thanks,
PKUPDATE:
I have installed a portal (SAp netweaver 7.0 Java stack) and have connected it to a ECC6.0 SR3 backend and I needed only to configure the SSO between portal and backend abap instance, and all worked fine. There was no need to configure the SSO between the integrated ITS and abap instance.
About the error message mentioned in my previous forum entry:
I did not only do the steps for SSO between portal and backend as described in the blog "Configuring the Business Package for Employee Self-Service (ESS)", but I also did all the additional steps as mentioned in "10 golden rules of SSO".
After that the error message "SSO logon not possible; logon tickets not activated on the server" did not appear anymore. (Instead a screen that asks for username and password always appears with the warning "No switch to HTTPS occurred, so it is not secure to send a password". But I think that's ok.) -
Configure SSO for ITS to R/3 using SNC/Kerberos
Our R/3 systems had been configured for SSO using SNC and Kerberos for awhile now. We now have a requirement to configure SSO between ITS and R/3. Since our R/3 env. has been using kerberos library, we won't be able to use SAP Cryptographic library. I had modified the registry, environment and services in itsadmin to point to the kerberos library and principal names for agate and r/3 servers as described in SNC User Guide; also, I updated table SNCSYSACL with the Agate SNC name. That seems to work fine. From the trace file, it recognized GSS-API library for Kerberos and the SNC name for Agate. However, when I tried to logon to R/3 from ITS, I still am being prompted with the logon screen to enter my SAP account/password.
I found several whitepapers and documentations stating that ITS does support Kerberos for SSO but I couldn't find any procedure on how to implement it. Following is the error I'm getting from the sapbasis.trc file but I can't find any document on this error:
=====================================================
[Thr 5284] SncInit(): Initializing Secure Network Communication (SNC)
[Thr 5284] PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
[Thr 5284] SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "C:\WINNT\system32\gsskrb5.dll".
[Thr 5284] File "C:\WINNT\system32\gsskrb5.dll" dynamically loaded as GSS-API v2 library.
[Thr 5284] The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
[Thr 2888] Sun Jan 15 22:44:59 2006
[Thr 2888] <<- ERROR: SncSetParam()==SNCERR_PARAM_DENIED
[Thr 2888] *** WARNING => NO Domain! domain==NULL means: No domain at all within the cookie. [sapss1_loctr 333]
[Thr 2888] Sun Jan 15 22:45:29 2006
[Thr 2888] *** WARNING => NO Domain! domain==NULL means: No domain at all within the cookie. [sapss1_loctr 333]
=====================================================
Does anyone know what am I missing? Any help is greatly appreciated.
Thank you!
DiemHi Markus,
I also just installed/configured PAS for LDAP authentication using the "PAS for External Authentication Mechanisms" documentation. I think the domain problem probably due to not having the external authentication mechanism install (in this case - PAS). Does that sound right to you?
I tried both options for ~extid_type parameter = "LD" and "UN". I added the DN information to table USREXTID when ~extid_type="LD" but both options gave me error of "LDAP authentication failed". I increased the trace level for sapextaut.trc but I don't see enough detail information. Following are the errors/data from the trace file. Can you please let me know how I can tell what string is being passed for authentication?
I'm quite sure the LDAP host and port data is correct since we've been using the same information for the SAP LDAP connector and we've been using our LDAP connector between MS AD and R/3 for a long time without any problem.
To logon to R/3 through ITS, I entered the AD account (CN attribute in AD) when I got the errors.
Thank you very much for all your help.
Diem Tran
Trace:
=====================================================
2006-01-18T01:39:30.734 p001688 t4992 s0158B4E8 [sapextauth, 437]: W sapextauth: PAS session begins...
2006-01-18T01:39:30.734 p001688 t4992 s0158B4E8 [sapextauth, 456]: sapextauth: SncNameR3 is: "p:na1adm/[email protected]"
2006-01-18T01:39:30.734 p001688 t4992 s0158B4E8 [sapextauth, 462]: sapextauth: SncNameAGate is: "p:[email protected]"
2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth, 468]: sapextauth: SNC_LIB is: "C:\WINNT\system32\gsskrb5.dll"
2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth, 568]: sapextauth: XGatConnectSession leaving....
2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth, 616]: sapextauth: XGatHandleLogin called....
2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth, 976]: sapextauth: Entering XGatHandleLogin with LDAP...
2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth, 993]: W Either ~login or ~password missing, returning XGDKRCloginrequired.
2006-01-18T01:39:50.281 p001688 t4992 s00000000 [sapextauth, 398]: sapextauth: XGatEventOpenSession called...
2006-01-18T01:39:50.281 p001688 t4992 s0158B4E8 [sapextauth, 616]: sapextauth: XGatHandleLogin called....
2006-01-18T01:39:50.281 p001688 t4992 s0158B4E8 [sapextauth, 976]: sapextauth: Entering XGatHandleLogin with LDAP...
2006-01-18T01:39:50.296 p001688 t4992 s0158B4E8 [sapextauth, 1059]: sapextauth: LDAP port ist 389
2006-01-18T01:39:50.296 p001688 t4992 s0158B4E8 [sapextauth, 1261]: E sapextauth: LDAP authentication failed.
2006-01-18T01:39:50.296 p001688 t4992 s0158B4E8 [sapextauth, 1277]: E sapextauth: Wrong try for user Tran_Diem
2006-01-18T01:39:59.140 p001688 t4992 s00000000 [sapextauth, 398]: sapextauth: XGatEventOpenSession called...
2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 616]: sapextauth: XGatHandleLogin called....
2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 976]: sapextauth: Entering XGatHandleLogin with LDAP...
2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 1059]: sapextauth: LDAP port ist 389
2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 1261]: E sapextauth: LDAP authentication failed.
2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 1277]: E sapextauth: Wrong try for user Tran_Diem
======================================================= -
Initial password change requested with SSO
Hi all,
we have well working SSO with EP6 SP2 and standalone ITS. SSO is based on SAP logon ticket. Only one annoying thing appears.
If a new user is created in SAP R/3, ITS asks for changing of password.
Does it mean that the user must initially (and later again according to password policy) change the password although we do not use direct access to R/3? If no password change should be required with SSO, how to solve this issue?
EP6 SP2 P4 HF8
ITS 6.2 PL14
R/3 4.7
Thanks in advance for any good idea.
PavolHello,
We are on a very similar setup as above:
EP 6.0 SP12 with ITS.
What we are seeing is that the initial password dialog comes up but there is only the input fields but no "Submit" or "Change" buttons. In summary, new users are not able to change their password through the Portal.
Any ideas why this might be happening?
Thanks,
Siva. -
Apex application registered with sso as partner application
We have 1 apex app registered with sso and working properly.
I just registered a new apex application with sso. when i authenticate through sso, it directs me to the originally registered application.
I went in through the portal administrator app and verified my settings all pointed to the new application. I verified that my dad is set up correctly.
Any ideas?
APEX 2.0i did register and obtain the keys through portal admin.
to ensure i used the proper keys (i guess there is a possibility i used the keys from db1 registration) i re-ran regapp with the right keys but recieved the following output:
SQL> @regapp
Partner Application Configuration
Enter value for listener_token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
Enter value for site_id: EFBE3E14
Enter value for site_token: MSMXURH1EFBE3E14
Enter value for login_url: https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: 2EBDD126A3A40606
Enter value for ip_check: N
ERROR: Error in registration. Please try again
User-Defined Exception
Registration successful.
Listener token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
Site id : EFBE3E14
Site token : MSMXURH1EFBE3E14
Encryption key: 2EBDD126A3A40606
Login URL :
https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
n.ls_login
Logout URL :
https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
n.ls_logout
IP check : N
PL/SQL procedure successfully completed.
Commit complete.
No errors.
SQL>
...in spite of the error, i aske the app developer to try and use sso for db2. he now recieves:
User-Defined Exception
Error Error in wwv_flow_custom_auth_sso.process_success:l_sso_user_name:l_sess_id:: Please contact administrator.
OK
any ideas? -
Cannot deploy BPEL process with SSO to BPELConsole activated
I cannot deploy BPEL process with SSO to BPELConsole activated. Here is the error I get from JDeveloper (sorry for the french error message):
Problème détecté lors de la connexion au serveur "ssdvoiagu.dev.local.csst.qc.ca" sur le port "7781" : java.security.AccessControlException: access denied (com.collaxa.security.DomainPermission generique read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at com.collaxa.security.OC4JSecurityService.checkAccess(OC4JSecurityService.java:16)
at com.collaxa.security.SecurityService.checkDomainAccess(SecurityService.java:26)
at com.collaxa.cube.fe.util.ServletUtils.getLocatorWithoutUrlRewrite(ServletUtils.java:162)
at deployHttpClientProcess.jspService(_deployHttpClientProcess.java:332)
at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:302)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:190)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
Target BPEL process manager runs under SOA 10.1.3.3. When the SSO to BPELConsole is disabled, the deployment works just fine. Is there any way to make it work with SSO?Please check:
http://blog.jpoot.com/category/oracle-appserver/oid-ldap/
We had some issues with SSO and SSL but everything is running now.
Marc -
Apex Configuration with SSO on Database 11g
Hi All,
I am trying to configure Application Express with SSO on 11g and I have followed all the steps mentioned in http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
My partner app configuration is
Site ID: 0F32F8E1
Site Token: JC54XU4Q0F32F8E1
Encryption Key: 61443A93398DC472
Single Sign-On URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
Application Name: Insight Knowledge Manager on New Server
Application Home URL: http://orclinsight.oraclecorp.com
Application Success URL: http://orclinsight.oraclecorp.com/pls/apex/wwv_flow_custom_auth_sso.process_success
Application Logout URL: http://orclinsight.oraclecorp.com
After running the @custom_auth_sso.sql and @custom_auth_sso.plb and doing grant execute on wwv_flow_custom_auth_sso to public; I have also created an authentication scheme in APEX based on the pre-configured scheme on Apex as partner app
this is the URL of the app.... http://orclinsight.oraclecorp.com/pls/apex/f?p=100:1
if I type this URL, I get redirected to the SSO authentication page...however once I have filled the credentials.. it shows me the following error message
*"The requested URL /pls/apex/wwv_flow_custom_auth_sso.process_success was not found on this server."*
The result of this query select lsnr_token||':'||site_token||':'||site_id||':'||urlcookie_version||':'||encryption_key||':'||url_cookie_ip_check||':'||ls_login_url from wwsec_enabler_config_info$
is
'HTML_DB:orclinsight.oraclecorp.com:80:JC54XU4Q0F32F8E1:0F32F8E1:v1.2:61443A93398DC472:Y:https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login'
and the result of begin owa_util.print_cgi_env; end; query in APEX - SQL Workshop is
PLSQL_GATEWAY = WebDb
GATEWAY_IVERSION = 2
SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server
GATEWAY_INTERFACE = CGI/1.1
SERVER_PORT = 80
SERVER_NAME = orclinsight.oraclecorp.com
REQUEST_METHOD = POST
PATH_INFO = /wwv_flow.show
SCRIPT_NAME = /pls/apex
REMOTE_ADDR = 141.144.152.146
SERVER_PROTOCOL = HTTP/1.1
REQUEST_PROTOCOL = HTTP
REMOTE_USER = APEX_PUBLIC_USER
HTTP_CONTENT_LENGTH = 291
HTTP_CONTENT_TYPE = application/x-www-form-urlencoded; charset=UTF-8
HTTP_USER_AGENT = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
HTTP_HOST = orclinsight.oraclecorp.com
HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING = gzip,deflate
HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5
HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_REFERER = http://orclinsight.oraclecorp.com/pls/apex/f?p=4500:1003:1510257042232818::NO:::
HTTP_ORACLE_ECID = 1258784987:64.181.227.33:7900:4328:22,0
WEB_AUTHENT_PREFIX =
DAD_NAME = apex
DOC_ACCESS_PATH = docs
DOCUMENT_TABLE = wwv_flow_file_objects$
PATH_ALIAS =
REQUEST_CHARSET = AL32UTF8
REQUEST_IANA_CHARSET = UTF-8
SCRIPT_PREFIX = /pls
HTTP_COOKIE = [email protected]:insight_workspace; ORA_WWV_USER=BE50DD5881201806; IdcLocale=English-US; IntradocAuth=Internet; oracle.uix=0^^GMT+5:30^p; IntradocLoginState=1; IdcTimeZone=America/Chicago
Please advise what should I do next or where I may be going wrong?
Warm Regards,
AnandHi All,
I am trying to configure Application Express with SSO on 11g and I have followed all the steps mentioned in http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
My partner app configuration is
Site ID: 0F32F8E1
Site Token: JC54XU4Q0F32F8E1
Encryption Key: 61443A93398DC472
Single Sign-On URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
Application Name: Insight Knowledge Manager on New Server
Application Home URL: http://orclinsight.oraclecorp.com
Application Success URL: http://orclinsight.oraclecorp.com/pls/apex/wwv_flow_custom_auth_sso.process_success
Application Logout URL: http://orclinsight.oraclecorp.com
After running the @custom_auth_sso.sql and @custom_auth_sso.plb and doing grant execute on wwv_flow_custom_auth_sso to public; I have also created an authentication scheme in APEX based on the pre-configured scheme on Apex as partner app
this is the URL of the app.... http://orclinsight.oraclecorp.com/pls/apex/f?p=100:1
if I type this URL, I get redirected to the SSO authentication page...however once I have filled the credentials.. it shows me the following error message
*"The requested URL /pls/apex/wwv_flow_custom_auth_sso.process_success was not found on this server."*
The result of this query select lsnr_token||':'||site_token||':'||site_id||':'||urlcookie_version||':'||encryption_key||':'||url_cookie_ip_check||':'||ls_login_url from wwsec_enabler_config_info$
is
'HTML_DB:orclinsight.oraclecorp.com:80:JC54XU4Q0F32F8E1:0F32F8E1:v1.2:61443A93398DC472:Y:https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login'
and the result of begin owa_util.print_cgi_env; end; query in APEX - SQL Workshop is
PLSQL_GATEWAY = WebDb
GATEWAY_IVERSION = 2
SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server
GATEWAY_INTERFACE = CGI/1.1
SERVER_PORT = 80
SERVER_NAME = orclinsight.oraclecorp.com
REQUEST_METHOD = POST
PATH_INFO = /wwv_flow.show
SCRIPT_NAME = /pls/apex
REMOTE_ADDR = 141.144.152.146
SERVER_PROTOCOL = HTTP/1.1
REQUEST_PROTOCOL = HTTP
REMOTE_USER = APEX_PUBLIC_USER
HTTP_CONTENT_LENGTH = 291
HTTP_CONTENT_TYPE = application/x-www-form-urlencoded; charset=UTF-8
HTTP_USER_AGENT = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
HTTP_HOST = orclinsight.oraclecorp.com
HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING = gzip,deflate
HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5
HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_REFERER = http://orclinsight.oraclecorp.com/pls/apex/f?p=4500:1003:1510257042232818::NO:::
HTTP_ORACLE_ECID = 1258784987:64.181.227.33:7900:4328:22,0
WEB_AUTHENT_PREFIX =
DAD_NAME = apex
DOC_ACCESS_PATH = docs
DOCUMENT_TABLE = wwv_flow_file_objects$
PATH_ALIAS =
REQUEST_CHARSET = AL32UTF8
REQUEST_IANA_CHARSET = UTF-8
SCRIPT_PREFIX = /pls
HTTP_COOKIE = [email protected]:insight_workspace; ORA_WWV_USER=BE50DD5881201806; IdcLocale=English-US; IntradocAuth=Internet; oracle.uix=0^^GMT+5:30^p; IntradocLoginState=1; IdcTimeZone=America/Chicago
Please advise what should I do next or where I may be going wrong?
Warm Regards,
Anand -
When running htmldb 2.0.00.29 with SSO , we receive
ORA-06550: line 2, column 1: PLS-00201: identifier 'WWSEC_SSO_ENABLER_PRIVATE.GENERATE_REDIRECT'
must be declared ORA-06550: line 1, column 45: PL/SQL: Statement ignored
Error Unable to run portal_sso_redirect procedure as schema: PL_USER with partner app name: people finder:mercator.hq.ccw.gov.uk:7779.
During debugging the issue we found out that the ssosdk could not be installed into FLOWS_020000 correctly
( error like:
@loadsdk.sql
create table wwsec_enabler_config_info$ OF sec_enabler_config_type
ORA-00955: name is already used by an existing object
CREATE sequence wwsec_log_pk_seq increment BY 1
ORA-00955: name is already used by an existing object
and as followup error in regapp.sql
ERROR: Error in registration. Please try again
ORA-06508: PL/SQL: could not find program unit being called
Now we created in a separate schema the ssosdk and run next steps of
Note:353023.1 CONFIGURING AN APEX (HTMLDB) APPLICATION TO USE SSO:
But bow same error like on starting up the issue.
Question:
Is it possible to install ssosdk in a separate schema and not into FLOWS_02xxx
If yes, what are the steps differennt to the Note:353023.1
thanksHi Scot,
Thank you for your response.
This is what I did for the migration by following the thread in
How can I recovery APEX application from a full database export?
- Create new empty database with APEX installed.
- Disable foreign key constraints in the FLOWS_030100 Schema
- Truncate all tables in the FLOWS_030100 Schema
- Perform user level imports of tables only with IGNORE = Y for FLOWS_030100 Schema
- Enable the constraints.
(everything seems intact including SSO SDK objects)
To register with SSO, this is what I did;
1. Load SSO SDK in FLOWS_030100 Schema anyway
2. Register APEX as Partner in SSO
ID: 1B914F48
Token: F76K433U1B914F48
Encryption Key: F76K433U1B914F48
Login URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
Login URL : http://<hotsname>:7778/pls/apex
Success URL : http://<hotsname>:778/pls/apex/wwv_flow_custom_auth_sso.process_success
Logout URL : http://<hotsname>:7778/pls/apex
3. Run regapp.sql as FLOWS_030100
SQL> @regapp.sql
Partner Application Configuration
4.
Enter value for listener_token: HTML_DB:<hostname>:7778
Enter value for site_id: 1B914F48
Enter value for site_token: F76K433U1B914F48
Enter value for login_url: http://<hostname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: C5EB92724C7C98B8
Enter value for IP check : N
4. Ensure wwv_flow_custom_auth_sso compile successfully and grant it to Public
When I tested it, I did get the page of SSO login. But after logging in, it will just go to Page not found. Initially, I thought there's someting wrong with
wwv_flow_custom_auth_sso.process_success but it did compile successfully and I have granted it to Public.
Yong -
Integrating Application Express with SSO
Hi,
What's the difference between integrating Apex with SSO as a partner application, and integrating it as an external application. Are there any benefits / drawbacks to either? and in what situation would you use one or the other?
Thanks,
LeeHi, I have one more question related to this.
We are currently considering implementing the following:
We are designing a system where the majority of users will have read only access to data. The read only users will NOT have to sign into the system in order to use the system at this privilege level. Other users will have to sign in and once they have done so will then be able to edit and access other functions of the system that are not available to regular read only users. Login links will be available on a number of different screens and once logged in they will be returned to the screen from which they logged in.
We understand that we can use SSO or even Apex's own authentication to acheive this.
There is also another system built using portal, forms and SSO. Once a user signs into the portal there is a main menu where various links to different applications are available/hidden depending on the OID groups that the user is a part of.
Ideally we want to be able to provide a link from the portal system to the apex system from the portal main menu. If a user is signed into the portal then they should be able to enter the apex system without the requirement to sign in again, assuming that they have edit privileges for the apex system. However if the user is signed into the portal but they do not have edit privileges we want to be able to display the apex system in read only mode as we would for anybody else who is not an edit user complete with login links.
Would this be possible using SSO bearing in mind that we do not want to have to create users for the read only users?
Any help would be greatly appreciated.
Thanks,
Lee -
I am trying to setup APEX 3.1 (fresh installation not upgrade) to work with SSO on Linux.
APEX and AP infrastructure are installed on separate servers and APEX is working with mid tier HTTP server.
I have followed the steps below and I don’t get any error messages at all but when I finally point the browser to an application I get an error:
ERR-7620 Could not determine workspace for application
Expecting p_company or wwv_flow_company cookie to contain security group id
I would appreciate any help
Regards,
Anna
alter user flows_030100 identified by xxxx;
alter user flows_030100 account unlock;
Loaded SSO SDK into the flows_030100 schema @APEX_DB
Registered ApEx as a partner application, supplied values:
HOME URL : http://serverABC.ypgstaging.local:7777/pls/apex
Success URL : http://serverABC.ypgstaging.local:7777/pls/apex/wwv_flow_custom_auth_sso.process_success
Log Out URL : http://serverABC.ypgstaging.local:7777/pls/apex/apex
Application Name APEX
As flows_040100@APEX_DB:
SQL> @regapp.sql
Partner Application Configuration
Enter value for listener_token: apex:serverABC.ypg.local:7777
Enter value for site_id: 6F20F2EF
Enter value for site_token: W201QS2F6F20F2EF
Enter value for login_url: http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: 3F7CD0E25D17A170
Enter value for ip_check: N
Registration successful.
Listener token: apex:serverABC.ypg.local:7777
Site id : 6F20F2EF
Site token : W201QS2F6F20F2EF
Encryption key: 3F7CD0E25D17A170
Login URL :
http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Logout URL :
http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
IP check : N
PL/SQL procedure successfully completed.
Commit complete.
No errors.
SQL> select * from wwsec_enabler_config_info$;
LSNR_TOKEN
SITE_TOKEN
SITE_ID
LS_LOGIN_URL
URLCOOKIE_VERSION
ENCRYPTION_KEY
ENCRYPTION_MASK_PRE
ENCRYPTION_MASK_POST
U
apex:serverABC.ypg.local:7777
W201QS2F6F20F2EF
6F20F2EF
http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
v1.2
3F7CD0E25D17A170
C70C4A8B5227430F37EA0903E8A7C7BC
35B1659E7B2E5FB7BF1C0381B44E1FF9
N
Then on APEX_DB server I ran the following:
[oracle@ATC1SDBYM01 core]$ sqlplus
Enter user-name: / as sysdba
SQL> alter session set current_schema=flows_030100;
Session altered.
SQL> @custom_auth_sso_902.sql
...wwv_flow_custom_auth_sso
Package created.
No errors.
SQL> @custom_auth_sso_902.plb
...wwv_flow_custom_auth_sso
Package body created.
No errors.
SQL> grant execute on wwv_flow_custom_auth_sso to public;
Grant succeeded.
alter user flows_030100 identified by values ‘xxx’;
alter user flows_030100 account lock;
Here is a test application URL:
http:/serverABC.ypgstaging.local:7778/pls/apex/f?p=F101::&c=yellowmart
The application authentication schema is set to SSO.Scott
I have restarted AS and rerun the regapp script successfully. I have noticed I entered the wrong domain name while registering it first time and I have corrected the error this time.
SQL> select * from wwsec_enabler_config_info$;
LSNR_TOKEN
SITE_TOKEN
SITE_ID
LS_LOGIN_URL
URLCOOKIE_VERSION
ENCRYPTION_KEY
ENCRYPTION_MASK_PRE
ENCRYPTION_MASK_POST
U
HTML_DB:serverABC.ypgstaging.local:7777
W201QS2F6F20F2EF
6F20F2EF
http://serverABC.ypgstaging.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_lo
gin
v1.2
3F7CD0E25D17A170
C70C4A8B5227430F37EA0903E8A7C7BC
35B1659E7B2E5FB7BF1C0381B44E1FF9
N
However I still get the same error message in my browser when I point it to the application.
Regards,
Anna -
Hi all
I have a APEX install which I have succesfully registered with SSO as a partner application (I have registered APEX/HTMLDB itself). On this machine we host a number of applications which can be accessed as http://myserver.mydomain.com/pls/htmldb/f?p=APP_NAME1 (and so on to APP_NAME_n).
The business owner of one of these applications wants to have an application-specific URL instead of the generic type URL (eg, http://my-new-app.mydomain.com/....), and to keep the new alias in the browser URL. However, I am sure that this will require me to register the application with SSO as the SSO server won't recognise the new URL.
I have searched the forum and not found any reference to having the entire HTMLDB engine registered as a partner app, and registering individual apps with SSO at the same time. Perhaps, this is so trivial and straightfoward that no-one has come across any problems with this. But I wonder if there are any "gotchas" in having this kind of set up before I actually start on it.
regards
GerardGerard - That should work as that was the intended purpose of having the two "flavors" of SSO partner app integration - so that a workspace schema could have a local copy of the SSO SDK and could use it independently of the Application Express installation's copy. Do let us know how it goes, especially if it works.
Scott -
Hi,
Is it possible to go from a BSP to a IIS with SSO? Can I use ISAPI for it or are there better solutions? And is there some documentation about it?
KR
StevenSteven,
Check note 442401 and thread /thread/11711 [original link is broken]
for this.
Eddy -
User assgined to a group, SSO to ITS is not working
We had our security group add a ESS-User group. We imported 500 users and assigned them to that group. When logging into EP, we are getting access to the correct tabs, but ITS is requiring us to login.
But when logging in as a user that is not assigned to this group, the SSo to ITS is working.
What setup step are we missing? Are we supposed to configure something in Visual Administrator.Hi Dena,
A logon trace might provide the cause of the problem. See SAP note 495911 for starting.
Thanks and regards,
Dieter
Maybe you are looking for
-
Many small purchases, or one big one?
Hello, I'm actually really new to the credit world and just got two cards, a Chase Freedom and a Discover IT for Students. I want to get started building my credit and increasing my credit limit. I realize it's a slow process, (and maybe getting two
-
Can i use a 500 gb sata2 on a g5 1,8 dual P?
is possible? i only look for mass storage, i dont need speed.
-
Tolerance Limit for only CHEQUE payments
Hi, We want to put a check that no CHEQUE payment can be made for a amount lower than the check amount (i.e. small value amounts.) If I define the limit in user id, then it will apply to all kind of payments. What to do except the validation? That is
-
Lm_sensors problem (I think)
Hi. I am trying to use lm_sensors to find out what my cpu temp is. I used the wiki and followed all the instructions and all that I am getting as an output is this: $ sudo sensors k10temp-pci-00c3 Adapter: PCI adapter temp1: +39.6°C (high = +70.0°C)
-
Sharing photo library w/ other user "error"
I have shared my iPhoto library with another use on my computer. Everything appears to be working ok, except I am getting the following error message: "An error occurred while trying to save your photo library. Some recent changes may be lost. Make s