EP 7.0 with SSO to ITS 6.10

Hello,
we have conacted a EP 7.0 SP12 over an iview to an ITS 6.10, which then use rfc to connect ess/mss from an old sap server 620. We implemented SSO. If we access the ITS over the portal we see the login screen from the ITS. We are able to login without using user/password, only by pressing the button login. So far the sso is working, but we don't want to the the login side from the ITS. This will confuse the users.
Have I configured in the iview the wrong authentication methode? Or shouldn't I use an iview to build the connection to the ITS?
Regards,
Alexander

Hello Alexander,
We are also facing the same problem, a login screen comes up, where just pressing the logon button, opens the desired screen.
Why is this login screen coming up?How did you solve your problem?
Please respond, as it is a very urgent task, which needs to be completed asap.
Thanks,
Sonali.

Similar Messages

  • SSO to ITS via EP6

    Ok all knowing people, I have this working in EP5 but, can't get it working in EP6.
    Our Portal:
    EP6 SP2 Pack3 Hotfix7.  Working like a champ.  However, SSO to our ITS box will not work.
    I have downloaded and am using the SAP application integrator.  After creating the ITS System I make an Iview with com.sap.portal.appintergrator.sap with the generic component selection. 
    Url template is HTTPS://its.server.net/scripts/wgate/webgui/! ?<authentication>
    Template fraction for user mapping:
        login=<mappeduser>&password=<mappedpassword>
    After I run the Iview I get a runtime error.
    "Unable to process template https://its.server.net/scripts/wgate/webgui/! ?<authentication> because authentication is an invalid terminal property of the context."
    Am I going in the wrong direction?  Do you know of anyone that is running a webgui within an Iview with SSO?

    Hi,
    you have to create a "SAP Transaction iView" instead of using the app integrator.
    ==> right click on the desired folder in the PCD ==> choose "New" and "iView" ==> choose "SAP Transaction iView" ==> enter the ID info ==> choose the GUI type ("SAP Gui for HTML in your case) ==> select your SAP system and enter the desired transaction code ==> save
    Regards,
    Michael

  • SSO To ITS not working

    Hi Experts,
    Here is the issue:
    I have 2 Internal Portals SP and EP.
    1.If I open SP Portal from Internet Explorer, SSO Tickets are getting generated and I am able to Login using SSO to SP - ITS machines.
    2.If I open EP Portal from Internet Explorer and In the same Browser If I open SP Portal,now I am unable to Login using SSO to SP - ITS Machines.It is showing logon screen.
    The Issue might be SSO Tickets generated by EP Portal do not subsequently allow SSO to SP ITS Machines.
    Could you please let me know where exactly goes wrong,and where should I make changes to rectify this issue.
    Any help would be highly appreciated.Thankx in advance.
    Regards,
    Karthick

    Hi Karthick,
    This blog might be interesting for troubleshooting.
    /people/dennis.kleymeonov/blog/2005/09/15/connecting-sap-systems-to-enterprise-portal-with-sso
    You might also get more information with the hints given in SAP note 495911.
    Thanks and regards,
    Dieter

  • SSO between ITS 620 R/3 and EP

    Hi,
    I need to use ITS 620 for R/3 4.7 and EP 6.0 for ess/mss implementation
    I have to configure SSO between R/3 and EP.
    Do I also need to configure SSO between ITS and R/3 , ITS and EP also for this?
    If yes can any one tell me the steps in configuring SSO between ITS and R/3, ITS and EP ?
    advance thanks,
    PK

    UPDATE:
    I have installed a portal (SAp netweaver 7.0 Java stack) and have connected it to a ECC6.0 SR3 backend and I needed only to configure the SSO between portal and backend abap instance, and all worked fine. There was no need to configure the SSO between the integrated ITS and abap instance.
    About the error  message mentioned in my previous forum entry:
    I did not only do the steps for SSO between portal and backend as described in the blog "Configuring the Business Package for Employee Self-Service (ESS)", but I also did all the additional steps as mentioned in "10 golden rules of SSO".
    After that the error message "SSO logon not possible; logon tickets not activated on the server" did not appear anymore. (Instead a screen that asks for username and password always appears with the warning "No switch to HTTPS occurred, so it is not secure to send a password". But I think that's ok.)

  • Configure SSO for ITS to R/3 using SNC/Kerberos

    Our R/3 systems had been configured for SSO using SNC and Kerberos for awhile now.  We now have a requirement to configure SSO between ITS and R/3.  Since our R/3 env. has been using kerberos library, we won't be able to use SAP Cryptographic library.  I had modified the registry, environment and services in itsadmin to point to the kerberos library and principal names for agate and r/3 servers as described in SNC User Guide; also, I updated table SNCSYSACL with the Agate SNC name.  That seems to work fine.  From the trace file, it recognized GSS-API library for Kerberos and the SNC name for Agate.  However, when I tried to logon to R/3 from ITS, I still am being prompted with the logon screen to enter my SAP account/password.
    I found several whitepapers and documentations stating that ITS does support Kerberos for SSO but I couldn't find any procedure on how to implement it.  Following is the error I'm getting from the sapbasis.trc file but I can't find any document on this error:
    =====================================================
    [Thr 5284] SncInit(): Initializing Secure Network Communication (SNC)
    [Thr 5284]       PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)
    [Thr 5284] SncInit(): Trying environment variable SNC_LIB as a
          gssapi library name: "C:\WINNT\system32\gsskrb5.dll".
    [Thr 5284]   File "C:\WINNT\system32\gsskrb5.dll" dynamically loaded as GSS-API v2 library.
    [Thr 5284]   The internal Adapter for the loaded GSS-API mechanism identifies as:
      Internal SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
    [Thr 2888] Sun Jan 15 22:44:59 2006
    [Thr 2888] <<- ERROR: SncSetParam()==SNCERR_PARAM_DENIED
    [Thr 2888] *** WARNING => NO Domain! domain==NULL means: No domain at all within the cookie. [sapss1_loctr 333]
    [Thr 2888] Sun Jan 15 22:45:29 2006
    [Thr 2888] *** WARNING => NO Domain! domain==NULL means: No domain at all within the cookie. [sapss1_loctr 333]
    =====================================================
    Does anyone know what am I missing?  Any help is greatly appreciated.
    Thank you!
    Diem

    Hi Markus,
    I also just installed/configured PAS for LDAP authentication using the "PAS for External Authentication Mechanisms" documentation.  I think the domain problem probably due to not having the external authentication mechanism install (in this case - PAS).  Does that sound right to you?
    I tried both options for ~extid_type parameter = "LD" and "UN".  I added the DN information to table USREXTID when ~extid_type="LD" but both options gave me error of "LDAP authentication failed".  I increased the trace level for sapextaut.trc but I don't see enough detail information.  Following are the errors/data from the trace file.  Can you please let me know how I can tell what string is being passed for authentication? 
    I'm quite sure the LDAP host and port data is correct since we've been using the same information for the SAP LDAP connector and we've been using our LDAP connector between MS AD and R/3 for a long time without any problem. 
    To logon to R/3 through ITS, I entered the AD account (CN attribute in AD) when I got the errors.
    Thank you very much for all your help.
    Diem Tran
    Trace:
    =====================================================
    2006-01-18T01:39:30.734 p001688 t4992 s0158B4E8 [sapextauth,  437]: W sapextauth: PAS session begins...
    2006-01-18T01:39:30.734 p001688 t4992 s0158B4E8 [sapextauth,  456]:     sapextauth: SncNameR3 is:    "p:na1adm/[email protected]"
    2006-01-18T01:39:30.734 p001688 t4992 s0158B4E8 [sapextauth,  462]:     sapextauth: SncNameAGate is: "p:[email protected]"
    2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth,  468]:     sapextauth: SNC_LIB is:      "C:\WINNT\system32\gsskrb5.dll"
    2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth,  568]:     sapextauth: XGatConnectSession leaving....
    2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth,  616]:     sapextauth: XGatHandleLogin called....
    2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth,  976]:     sapextauth: Entering XGatHandleLogin with LDAP...
    2006-01-18T01:39:30.750 p001688 t4992 s0158B4E8 [sapextauth,  993]: W Either ~login or ~password missing, returning XGDKRCloginrequired.
    2006-01-18T01:39:50.281 p001688 t4992 s00000000 [sapextauth,  398]:     sapextauth: XGatEventOpenSession called...
    2006-01-18T01:39:50.281 p001688 t4992 s0158B4E8 [sapextauth,  616]:     sapextauth: XGatHandleLogin called....
    2006-01-18T01:39:50.281 p001688 t4992 s0158B4E8 [sapextauth,  976]:     sapextauth: Entering XGatHandleLogin with LDAP...
    2006-01-18T01:39:50.296 p001688 t4992 s0158B4E8 [sapextauth, 1059]:     sapextauth: LDAP port ist 389
    2006-01-18T01:39:50.296 p001688 t4992 s0158B4E8 [sapextauth, 1261]: E sapextauth: LDAP authentication failed.
    2006-01-18T01:39:50.296 p001688 t4992 s0158B4E8 [sapextauth, 1277]: E sapextauth: Wrong try for user Tran_Diem
    2006-01-18T01:39:59.140 p001688 t4992 s00000000 [sapextauth,  398]:     sapextauth: XGatEventOpenSession called...
    2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth,  616]:     sapextauth: XGatHandleLogin called....
    2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth,  976]:     sapextauth: Entering XGatHandleLogin with LDAP...
    2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 1059]:     sapextauth: LDAP port ist 389
    2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 1261]: E sapextauth: LDAP authentication failed.
    2006-01-18T01:39:59.156 p001688 t4992 s0158B4E8 [sapextauth, 1277]: E sapextauth: Wrong try for user Tran_Diem
    =======================================================

  • Initial password change requested with SSO

    Hi all,
    we have well working SSO with EP6 SP2 and standalone ITS. SSO is based on SAP logon ticket. Only one annoying thing appears.
    If a new user is created in SAP R/3, ITS asks for changing of password.
    Does it mean that the user must initially (and later again according to password policy) change the password although we do not use direct access to R/3? If no password change should be required with SSO, how to solve this issue?
    EP6 SP2 P4 HF8
    ITS 6.2 PL14
    R/3 4.7
    Thanks in advance for any good idea.
    Pavol

    Hello,
    We are on a very similar setup as above:
    EP 6.0 SP12 with ITS.
    What we are seeing is that the initial password dialog comes up but there is only the input fields but no "Submit" or "Change" buttons. In summary, new users are not able to change their password through the Portal.
    Any ideas why this might be happening?
    Thanks,
    Siva.

  • Apex application registered with sso as partner application

    We have 1 apex app registered with sso and working properly.
    I just registered a new apex application with sso. when i authenticate through sso, it directs me to the originally registered application.
    I went in through the portal administrator app and verified my settings all pointed to the new application. I verified that my dad is set up correctly.
    Any ideas?
    APEX 2.0

    i did register and obtain the keys through portal admin.
    to ensure i used the proper keys (i guess there is a possibility i used the keys from db1 registration) i re-ran regapp with the right keys but recieved the following output:
    SQL> @regapp
    Partner Application Configuration
    Enter value for listener_token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
    Enter value for site_id: EFBE3E14
    Enter value for site_token: MSMXURH1EFBE3E14
    Enter value for login_url: https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admin.ls_login
    Enter value for encryption_key: 2EBDD126A3A40606
    Enter value for ip_check: N
    ERROR: Error in registration. Please try again
    User-Defined Exception
    Registration successful.
    Listener token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
    Site id : EFBE3E14
    Site token : MSMXURH1EFBE3E14
    Encryption key: 2EBDD126A3A40606
    Login URL :
    https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
    n.ls_login
    Logout URL :
    https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
    n.ls_logout
    IP check : N
    PL/SQL procedure successfully completed.
    Commit complete.
    No errors.
    SQL>
    ...in spite of the error, i aske the app developer to try and use sso for db2. he now recieves:
    User-Defined Exception
    Error Error in wwv_flow_custom_auth_sso.process_success:l_sso_user_name:l_sess_id:: Please contact administrator.
    OK
    any ideas?

  • Cannot deploy BPEL process with SSO to BPELConsole activated

    I cannot deploy BPEL process with SSO to BPELConsole activated. Here is the error I get from JDeveloper (sorry for the french error message):
    Problème détecté lors de la connexion au serveur "ssdvoiagu.dev.local.csst.qc.ca" sur le port "7781" : java.security.AccessControlException: access denied (com.collaxa.security.DomainPermission generique read)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
    at java.security.AccessController.checkPermission(AccessController.java:427)
    at com.collaxa.security.OC4JSecurityService.checkAccess(OC4JSecurityService.java:16)
    at com.collaxa.security.SecurityService.checkDomainAccess(SecurityService.java:26)
    at com.collaxa.cube.fe.util.ServletUtils.getLocatorWithoutUrlRewrite(ServletUtils.java:162)
    at deployHttpClientProcess.jspService(_deployHttpClientProcess.java:332)
    at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)
    at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)
    at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594)
    at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
    at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
    at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
    at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
    at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
    at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
    at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
    at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:302)
    at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:190)
    at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
    at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
    at java.lang.Thread.run(Thread.java:595)
    Target BPEL process manager runs under SOA 10.1.3.3. When the SSO to BPELConsole is disabled, the deployment works just fine. Is there any way to make it work with SSO?

    Please check:
    http://blog.jpoot.com/category/oracle-appserver/oid-ldap/
    We had some issues with SSO and SSL but everything is running now.
    Marc

  • Apex Configuration with SSO on Database 11g

    Hi All,
    I am trying to configure Application Express with SSO on 11g and I have followed all the steps mentioned in http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
    My partner app configuration is
    Site ID: 0F32F8E1
    Site Token: JC54XU4Q0F32F8E1
    Encryption Key: 61443A93398DC472
    Single Sign-On URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
    Single Sign-Off URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
    Application Name: Insight Knowledge Manager on New Server
    Application Home URL: http://orclinsight.oraclecorp.com
    Application Success URL: http://orclinsight.oraclecorp.com/pls/apex/wwv_flow_custom_auth_sso.process_success
    Application Logout URL: http://orclinsight.oraclecorp.com
    After running the @custom_auth_sso.sql and @custom_auth_sso.plb and doing grant execute on wwv_flow_custom_auth_sso to public; I have also created an authentication scheme in APEX based on the pre-configured scheme on Apex as partner app
    this is the URL of the app.... http://orclinsight.oraclecorp.com/pls/apex/f?p=100:1
    if I type this URL, I get redirected to the SSO authentication page...however once I have filled the credentials.. it shows me the following error message
    *"The requested URL /pls/apex/wwv_flow_custom_auth_sso.process_success was not found on this server."*
    The result of this query select lsnr_token||':'||site_token||':'||site_id||':'||urlcookie_version||':'||encryption_key||':'||url_cookie_ip_check||':'||ls_login_url from wwsec_enabler_config_info$
    is
    'HTML_DB:orclinsight.oraclecorp.com:80:JC54XU4Q0F32F8E1:0F32F8E1:v1.2:61443A93398DC472:Y:https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login'
    and the result of begin owa_util.print_cgi_env; end; query in APEX - SQL Workshop is
    PLSQL_GATEWAY = WebDb
    GATEWAY_IVERSION = 2
    SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server
    GATEWAY_INTERFACE = CGI/1.1
    SERVER_PORT = 80
    SERVER_NAME = orclinsight.oraclecorp.com
    REQUEST_METHOD = POST
    PATH_INFO = /wwv_flow.show
    SCRIPT_NAME = /pls/apex
    REMOTE_ADDR = 141.144.152.146
    SERVER_PROTOCOL = HTTP/1.1
    REQUEST_PROTOCOL = HTTP
    REMOTE_USER = APEX_PUBLIC_USER
    HTTP_CONTENT_LENGTH = 291
    HTTP_CONTENT_TYPE = application/x-www-form-urlencoded; charset=UTF-8
    HTTP_USER_AGENT = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
    HTTP_HOST = orclinsight.oraclecorp.com
    HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    HTTP_ACCEPT_ENCODING = gzip,deflate
    HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5
    HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.7
    HTTP_REFERER = http://orclinsight.oraclecorp.com/pls/apex/f?p=4500:1003:1510257042232818::NO:::
    HTTP_ORACLE_ECID = 1258784987:64.181.227.33:7900:4328:22,0
    WEB_AUTHENT_PREFIX =
    DAD_NAME = apex
    DOC_ACCESS_PATH = docs
    DOCUMENT_TABLE = wwv_flow_file_objects$
    PATH_ALIAS =
    REQUEST_CHARSET = AL32UTF8
    REQUEST_IANA_CHARSET = UTF-8
    SCRIPT_PREFIX = /pls
    HTTP_COOKIE = [email protected]:insight_workspace; ORA_WWV_USER=BE50DD5881201806; IdcLocale=English-US; IntradocAuth=Internet; oracle.uix=0^^GMT+5:30^p; IntradocLoginState=1; IdcTimeZone=America/Chicago
    Please advise what should I do next or where I may be going wrong?
    Warm Regards,
    Anand

    Hi All,
    I am trying to configure Application Express with SSO on 11g and I have followed all the steps mentioned in http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
    My partner app configuration is
    Site ID: 0F32F8E1
    Site Token: JC54XU4Q0F32F8E1
    Encryption Key: 61443A93398DC472
    Single Sign-On URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
    Single Sign-Off URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
    Application Name: Insight Knowledge Manager on New Server
    Application Home URL: http://orclinsight.oraclecorp.com
    Application Success URL: http://orclinsight.oraclecorp.com/pls/apex/wwv_flow_custom_auth_sso.process_success
    Application Logout URL: http://orclinsight.oraclecorp.com
    After running the @custom_auth_sso.sql and @custom_auth_sso.plb and doing grant execute on wwv_flow_custom_auth_sso to public; I have also created an authentication scheme in APEX based on the pre-configured scheme on Apex as partner app
    this is the URL of the app.... http://orclinsight.oraclecorp.com/pls/apex/f?p=100:1
    if I type this URL, I get redirected to the SSO authentication page...however once I have filled the credentials.. it shows me the following error message
    *"The requested URL /pls/apex/wwv_flow_custom_auth_sso.process_success was not found on this server."*
    The result of this query select lsnr_token||':'||site_token||':'||site_id||':'||urlcookie_version||':'||encryption_key||':'||url_cookie_ip_check||':'||ls_login_url from wwsec_enabler_config_info$
    is
    'HTML_DB:orclinsight.oraclecorp.com:80:JC54XU4Q0F32F8E1:0F32F8E1:v1.2:61443A93398DC472:Y:https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login'
    and the result of begin owa_util.print_cgi_env; end; query in APEX - SQL Workshop is
    PLSQL_GATEWAY = WebDb
    GATEWAY_IVERSION = 2
    SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server
    GATEWAY_INTERFACE = CGI/1.1
    SERVER_PORT = 80
    SERVER_NAME = orclinsight.oraclecorp.com
    REQUEST_METHOD = POST
    PATH_INFO = /wwv_flow.show
    SCRIPT_NAME = /pls/apex
    REMOTE_ADDR = 141.144.152.146
    SERVER_PROTOCOL = HTTP/1.1
    REQUEST_PROTOCOL = HTTP
    REMOTE_USER = APEX_PUBLIC_USER
    HTTP_CONTENT_LENGTH = 291
    HTTP_CONTENT_TYPE = application/x-www-form-urlencoded; charset=UTF-8
    HTTP_USER_AGENT = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
    HTTP_HOST = orclinsight.oraclecorp.com
    HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    HTTP_ACCEPT_ENCODING = gzip,deflate
    HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5
    HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.7
    HTTP_REFERER = http://orclinsight.oraclecorp.com/pls/apex/f?p=4500:1003:1510257042232818::NO:::
    HTTP_ORACLE_ECID = 1258784987:64.181.227.33:7900:4328:22,0
    WEB_AUTHENT_PREFIX =
    DAD_NAME = apex
    DOC_ACCESS_PATH = docs
    DOCUMENT_TABLE = wwv_flow_file_objects$
    PATH_ALIAS =
    REQUEST_CHARSET = AL32UTF8
    REQUEST_IANA_CHARSET = UTF-8
    SCRIPT_PREFIX = /pls
    HTTP_COOKIE = [email protected]:insight_workspace; ORA_WWV_USER=BE50DD5881201806; IdcLocale=English-US; IntradocAuth=Internet; oracle.uix=0^^GMT+5:30^p; IntradocLoginState=1; IdcTimeZone=America/Chicago
    Please advise what should I do next or where I may be going wrong?
    Warm Regards,
    Anand

  • Apex With SSO not working

    When running htmldb 2.0.00.29 with SSO , we receive
    ORA-06550: line 2, column 1: PLS-00201: identifier 'WWSEC_SSO_ENABLER_PRIVATE.GENERATE_REDIRECT'
    must be declared ORA-06550: line 1, column 45: PL/SQL: Statement ignored
    Error Unable to run portal_sso_redirect procedure as schema: PL_USER with partner app name: people finder:mercator.hq.ccw.gov.uk:7779.
    During debugging the issue we found out that the ssosdk could not be installed into FLOWS_020000 correctly
    ( error like:
    @loadsdk.sql
    create table wwsec_enabler_config_info$ OF sec_enabler_config_type
    ORA-00955: name is already used by an existing object
    CREATE sequence wwsec_log_pk_seq increment BY 1
    ORA-00955: name is already used by an existing object
    and as followup error in regapp.sql
    ERROR: Error in registration. Please try again
    ORA-06508: PL/SQL: could not find program unit being called
    Now we created in a separate schema the ssosdk and run next steps of
    Note:353023.1 CONFIGURING AN APEX (HTMLDB) APPLICATION TO USE SSO:
    But bow same error like on starting up the issue.
    Question:
    Is it possible to install ssosdk in a separate schema and not into FLOWS_02xxx
    If yes, what are the steps differennt to the Note:353023.1
    thanks

    Hi Scot,
    Thank you for your response.
    This is what I did for the migration by following the thread in
    How can I recovery APEX application from a full database export?
    - Create new empty database with APEX installed.
    - Disable foreign key constraints in the FLOWS_030100 Schema
    - Truncate all tables in the FLOWS_030100 Schema
    - Perform user level imports of tables only with IGNORE = Y for FLOWS_030100 Schema
    - Enable the constraints.
    (everything seems intact including SSO SDK objects)
    To register with SSO, this is what I did;
    1. Load SSO SDK in FLOWS_030100 Schema anyway
    2. Register APEX as Partner in SSO
    ID: 1B914F48
    Token: F76K433U1B914F48
    Encryption Key: F76K433U1B914F48
    Login URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
    Single Sign-Off URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
    Login URL : http://<hotsname>:7778/pls/apex
    Success URL : http://<hotsname>:778/pls/apex/wwv_flow_custom_auth_sso.process_success
    Logout URL : http://<hotsname>:7778/pls/apex
    3. Run regapp.sql as FLOWS_030100
    SQL> @regapp.sql
    Partner Application Configuration
    4.
    Enter value for listener_token: HTML_DB:<hostname>:7778
    Enter value for site_id: 1B914F48
    Enter value for site_token: F76K433U1B914F48
    Enter value for login_url: http://<hostname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
    Enter value for encryption_key: C5EB92724C7C98B8
    Enter value for IP check : N
    4. Ensure wwv_flow_custom_auth_sso compile successfully and grant it to Public
    When I tested it, I did get the page of SSO login. But after logging in, it will just go to Page not found. Initially, I thought there's someting wrong with
    wwv_flow_custom_auth_sso.process_success but it did compile successfully and I have granted it to Public.
    Yong

  • Integrating Application Express with SSO

    Hi,
    What's the difference between integrating Apex with SSO as a partner application, and integrating it as an external application. Are there any benefits / drawbacks to either? and in what situation would you use one or the other?
    Thanks,
    Lee

    Hi, I have one more question related to this.
    We are currently considering implementing the following:
    We are designing a system where the majority of users will have read only access to data. The read only users will NOT have to sign into the system in order to use the system at this privilege level. Other users will have to sign in and once they have done so will then be able to edit and access other functions of the system that are not available to regular read only users. Login links will be available on a number of different screens and once logged in they will be returned to the screen from which they logged in.
    We understand that we can use SSO or even Apex's own authentication to acheive this.
    There is also another system built using portal, forms and SSO. Once a user signs into the portal there is a main menu where various links to different applications are available/hidden depending on the OID groups that the user is a part of.
    Ideally we want to be able to provide a link from the portal system to the apex system from the portal main menu. If a user is signed into the portal then they should be able to enter the apex system without the requirement to sign in again, assuming that they have edit privileges for the apex system. However if the user is signed into the portal but they do not have edit privileges we want to be able to display the apex system in read only mode as we would for anybody else who is not an edit user complete with login links.
    Would this be possible using SSO bearing in mind that we do not want to have to create users for the read only users?
    Any help would be greatly appreciated.
    Thanks,
    Lee

  • APEX not working with SSO

    I am trying to setup APEX 3.1 (fresh installation not upgrade) to work with SSO on Linux.
    APEX and AP infrastructure are installed on separate servers and APEX is working with mid tier HTTP server.
    I have followed the steps below and I don’t get any error messages at all but when I finally point the browser to an application I get an error:
    ERR-7620 Could not determine workspace for application
    Expecting p_company or wwv_flow_company cookie to contain security group id
    I would appreciate any help
    Regards,
    Anna
    alter user flows_030100 identified by xxxx;
    alter user flows_030100 account unlock;
    Loaded SSO SDK into the flows_030100 schema @APEX_DB
    Registered ApEx as a partner application, supplied values:
    HOME URL : http://serverABC.ypgstaging.local:7777/pls/apex
    Success URL : http://serverABC.ypgstaging.local:7777/pls/apex/wwv_flow_custom_auth_sso.process_success
    Log Out URL : http://serverABC.ypgstaging.local:7777/pls/apex/apex
    Application Name APEX
    As flows_040100@APEX_DB:
    SQL> @regapp.sql
    Partner Application Configuration
    Enter value for listener_token: apex:serverABC.ypg.local:7777
    Enter value for site_id: 6F20F2EF
    Enter value for site_token: W201QS2F6F20F2EF
    Enter value for login_url: http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
    Enter value for encryption_key: 3F7CD0E25D17A170
    Enter value for ip_check: N
    Registration successful.
    Listener token: apex:serverABC.ypg.local:7777
    Site id : 6F20F2EF
    Site token : W201QS2F6F20F2EF
    Encryption key: 3F7CD0E25D17A170
    Login URL :
    http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
    Logout URL :
    http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
    IP check : N
    PL/SQL procedure successfully completed.
    Commit complete.
    No errors.
    SQL> select * from wwsec_enabler_config_info$;
    LSNR_TOKEN
    SITE_TOKEN
    SITE_ID
    LS_LOGIN_URL
    URLCOOKIE_VERSION
    ENCRYPTION_KEY
    ENCRYPTION_MASK_PRE
    ENCRYPTION_MASK_POST
    U
    apex:serverABC.ypg.local:7777
    W201QS2F6F20F2EF
    6F20F2EF
    http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
    v1.2
    3F7CD0E25D17A170
    C70C4A8B5227430F37EA0903E8A7C7BC
    35B1659E7B2E5FB7BF1C0381B44E1FF9
    N
    Then on APEX_DB server I ran the following:
    [oracle@ATC1SDBYM01 core]$ sqlplus
    Enter user-name: / as sysdba
    SQL> alter session set current_schema=flows_030100;
    Session altered.
    SQL> @custom_auth_sso_902.sql
    ...wwv_flow_custom_auth_sso
    Package created.
    No errors.
    SQL> @custom_auth_sso_902.plb
    ...wwv_flow_custom_auth_sso
    Package body created.
    No errors.
    SQL> grant execute on wwv_flow_custom_auth_sso to public;
    Grant succeeded.
    alter user flows_030100 identified by values ‘xxx’;
    alter user flows_030100 account lock;
    Here is a test application URL:
    http:/serverABC.ypgstaging.local:7778/pls/apex/f?p=F101::&c=yellowmart
    The application authentication schema is set to SSO.

    Scott
    I have restarted AS and rerun the regapp script successfully. I have noticed I entered the wrong domain name while registering it first time and I have corrected the error this time.
    SQL> select * from wwsec_enabler_config_info$;
    LSNR_TOKEN
    SITE_TOKEN
    SITE_ID
    LS_LOGIN_URL
    URLCOOKIE_VERSION
    ENCRYPTION_KEY
    ENCRYPTION_MASK_PRE
    ENCRYPTION_MASK_POST
    U
    HTML_DB:serverABC.ypgstaging.local:7777
    W201QS2F6F20F2EF
    6F20F2EF
    http://serverABC.ypgstaging.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_lo
    gin
    v1.2
    3F7CD0E25D17A170
    C70C4A8B5227430F37EA0903E8A7C7BC
    35B1659E7B2E5FB7BF1C0381B44E1FF9
    N
    However I still get the same error message in my browser when I point it to the application.
    Regards,
    Anna

  • Register application with SSO

    Hi all
    I have a APEX install which I have succesfully registered with SSO as a partner application (I have registered APEX/HTMLDB itself). On this machine we host a number of applications which can be accessed as http://myserver.mydomain.com/pls/htmldb/f?p=APP_NAME1 (and so on to APP_NAME_n).
    The business owner of one of these applications wants to have an application-specific URL instead of the generic type URL (eg, http://my-new-app.mydomain.com/....), and to keep the new alias in the browser URL. However, I am sure that this will require me to register the application with SSO as the SSO server won't recognise the new URL.
    I have searched the forum and not found any reference to having the entire HTMLDB engine registered as a partner app, and registering individual apps with SSO at the same time. Perhaps, this is so trivial and straightfoward that no-one has come across any problems with this. But I wonder if there are any "gotchas" in having this kind of set up before I actually start on it.
    regards
    Gerard

    Gerard - That should work as that was the intended purpose of having the two "flavors" of SSO partner app integration - so that a workspace schema could have a local copy of the SSO SDK and could use it independently of the Application Express installation's copy. Do let us know how it goes, especially if it works.
    Scott

  • BSP to IIS with SSO

    Hi,
    Is it possible to go from a BSP to a IIS with SSO? Can I use ISAPI for it or are there better solutions? And is there some documentation about it?
    KR
    Steven

    Steven,
    Check note 442401 and thread /thread/11711 [original link is broken]
    for this.
    Eddy

  • User assgined to a group, SSO to ITS is not working

    We had our security group add a ESS-User group.  We imported 500 users and assigned them to that group.  When logging into EP, we are getting access to the correct tabs, but ITS is requiring us to login. 
    But when logging in as a user that is not assigned to this group, the SSo to ITS is working. 
    What setup step are we missing?  Are we supposed to configure something in Visual Administrator.

    Hi Dena,
    A logon trace might provide the cause of the problem. See SAP note 495911 for starting.
    Thanks and regards,
    Dieter

Maybe you are looking for

  • Many small purchases, or one big one?

    Hello, I'm actually really new to the credit world and just got two cards, a Chase Freedom and a Discover IT for Students. I want to get started building my credit and increasing my credit limit. I realize it's a slow process, (and maybe getting two

  • Can i use a 500 gb sata2 on a g5 1,8 dual P?

    is possible? i only look for mass storage, i dont need speed.

  • Tolerance Limit for only CHEQUE payments

    Hi, We want to put a check that no CHEQUE payment can be made for a amount lower than the check amount (i.e. small value amounts.) If I define the limit in user id, then it will apply to all kind of payments. What to do except the validation? That is

  • Lm_sensors problem (I think)

    Hi. I am trying to use lm_sensors to find out what my cpu temp is. I used the wiki and followed all the instructions and all that I am getting as an output is this: $ sudo sensors k10temp-pci-00c3 Adapter: PCI adapter temp1: +39.6°C (high = +70.0°C)

  • Sharing photo library w/ other user "error"

    I have shared my iPhoto library with another use on my computer. Everything appears to be working ok, except I am getting the following error message: "An error occurred while trying to save your photo library. Some recent changes may be lost. Make s