GRC AC 10.0 PSS feature with SSO in scope

Hi,
For one of our customer project, in ARM we have to enable password self-service (PSS) workflow which is in the scope. At the same project we also have single sign on (SSO) (SNC and SSL) in scope for all SAP system landscape.
I understand that I cannot directly connect AC with an LDAP. I would like to know the scenario where password self-service should be utilized, when we already have SSO in the scope. In other way, how PSS feature works when, we have one single passowrd concept will be applicable in whole SAP landscape. Fyi, SAP IDM is not in the scope.
Any suggestion input will be of great help.
Thank you,
Kailash

Hi,
I know one organisation who has established PSS to provide the password reset facility for all users across all their SAP systems (Dev, QAS, Production). They have utilised LDAP/AD as the main data source for verification, so all the end users simply log in with their AD password/ID (i.e. network credentials).
To make it work without any issues, they have ensured that their SAP ID's are the same as their network ID's.
If you already have SSO in scope, then in theory you won't need PSS, unless you are planning to have some third party users log in to SAP systems only etc (even then , third party users are usually provided network login credentials also). I would be surprised if SSO does not get implemented for the whole organisation's IT landscape.
I would say if SSO is being implemented very soon, PSS may not be required at all.

Similar Messages

How to choose input language in system NetWeaver with SSO manually?

Dear All,
How to choose input language in system NetWeaver with SSO to the user manually? If a user is created only in one client.
Thank you.
Best Regards
Vitalii.

If your question is when he logins through Portal/Java side, how to change language
I have faced this kind of an issue in GRC, on the Java side when you create a user language setting rectangle box will be in
make sure to fill it in , another possibility if the configuration are done correctly,
you can browse for the language you need for the user to login from the "Loginpage" if the languages are supported
To make is simple:
Set that user to have a particular lanaguage in UME, or allow the user to have the language box browsable you will need both Basis and Portal teams help on this from the perspective of install(languages) and views
Regards

OnAfterLogin redirect !!!BROKEN!!! with SSO turned on -- Second Attempt at Response

I posted this earlier, but have gotten no response. Any help out there?With SSO turned on, the redirect returned from onAfterLogin does not process. It is ignored. This is a huge issue for us, as we have a "profiling" application that runs from the redirect returned from onAfterLogin. As of right now, in our SSO environment, this is broken.
Please let me know if this is a know issue (hopefully with a fix), or if it's new to you.Thanks,Jason OdomCox Enterprises
PTControls.prepareEventHandlers();
PTControls_Inits[PTControls_Inits.length] = 'topExplorer = PTPanelSet.createFromTextarea(\'_topExplorer_ta\');topExplorer.draw();PTControls.registerMasterComponent(topExplorer);';
document.PCC.RegisterForWindowEvent('onload', 'new Function(\'window.setTimeout(\\\'PTControls.init()\\\',10)\')');
document.PCC.RegisterForEvent('urn:schemas.plumtree.com:jsxml', 'responseError', handleError);

Hi Joe,
That's a very good analysis you did.
As you already suspected, the issue comes from the TLS record fragmentation feature that was introduced in the latest browser versions to overcome a SSL vulnerability (http://www.kb.cert.org/vuls/id/864643). Unfortunately, similar issues are happening with multiple products.
For CSS, the bug tracking this issue is CSCtx68270. The development team is actively working on a fix for it, which should be available (in an interim software release, so to get it you wil have to go through TAC) in the next couple of weeks
In the meantime, as workaround, you can configure the CSS to use only RC4 cyphers (which is what you were suggesting also). These are not affected by the vulnerability, so, browsers don't apply the record fragmentation when they are in use. This workaround has been tested by several customers already, and the results seem to be very positive.
Regards
Daniel

Can anyone recommend a Discussion forum that works with SSO?

Hey,
For a medium sized customer we are in the process of trying to find a discussion forum that they can use.
I was wondering if anyone have any other discussion forums, free or not, that they have implemented and works good with SSO and access restrictions?
We need to implement access restriction based on oracle application server user groups, and have SSO sign you in both to the discussion forum, and to the portal in general.
Grateful for any answers,
Sayeeas

Hi MHaddox
And welcome to apple discussions. LaCie is actually one of the better S-Drives for mac in terms of an external burner (at least from reading this forum). However, I haven't seen too much posted in terms of the Lightscribe feature itself. Perhaps one or more of these links will help (if not just come on back):
http://www.opendrivers.com/driver/293518/lightscribe-system-software-1.18.8.1-ma c-os-x-free-download.html
http://www.lacie.com/products/product.htm?pid=10096
http://www.lightscribe.com/downloadSection/mac/index.aspx?id=813
http://www.lightscribe.com/downloadSection/mac/index.aspx?id=852
http://www.versiontracker.com/macosx/drivers/cd-dvd
Good luck on this.
Disclaimer: Apple does not necessarily endorse any suggestions, solutions, or third-party software / products that may be mentioned in this topic. Apple encourages you to first seek a solution at Apple Support. The following links are provided as is, with no guarantee of the effectiveness or reliability of the information. Apple does not guarantee that these links will be maintained or functional at any given time. Use the information above at your own discretion.

Apex application registered with sso as partner application

We have 1 apex app registered with sso and working properly.
I just registered a new apex application with sso. when i authenticate through sso, it directs me to the originally registered application.
I went in through the portal administrator app and verified my settings all pointed to the new application. I verified that my dad is set up correctly.
Any ideas?
APEX 2.0

i did register and obtain the keys through portal admin.
to ensure i used the proper keys (i guess there is a possibility i used the keys from db1 registration) i re-ran regapp with the right keys but recieved the following output:
SQL> @regapp
Partner Application Configuration
Enter value for listener_token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
Enter value for site_id: EFBE3E14
Enter value for site_token: MSMXURH1EFBE3E14
Enter value for login_url: https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: 2EBDD126A3A40606
Enter value for ip_check: N
ERROR: Error in registration. Please try again
User-Defined Exception
Registration successful.
Listener token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
Site id : EFBE3E14
Site token : MSMXURH1EFBE3E14
Encryption key: 2EBDD126A3A40606
Login URL :
https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
n.ls_login
Logout URL :
https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
n.ls_logout
IP check : N
PL/SQL procedure successfully completed.
Commit complete.
No errors.
SQL>
...in spite of the error, i aske the app developer to try and use sso for db2. he now recieves:
User-Defined Exception
Error Error in wwv_flow_custom_auth_sso.process_success:l_sso_user_name:l_sess_id:: Please contact administrator.
OK
any ideas?

Cannot deploy BPEL process with SSO to BPELConsole activated

I cannot deploy BPEL process with SSO to BPELConsole activated. Here is the error I get from JDeveloper (sorry for the french error message):
Problème détecté lors de la connexion au serveur "ssdvoiagu.dev.local.csst.qc.ca" sur le port "7781" : java.security.AccessControlException: access denied (com.collaxa.security.DomainPermission generique read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at com.collaxa.security.OC4JSecurityService.checkAccess(OC4JSecurityService.java:16)
at com.collaxa.security.SecurityService.checkDomainAccess(SecurityService.java:26)
at com.collaxa.cube.fe.util.ServletUtils.getLocatorWithoutUrlRewrite(ServletUtils.java:162)
at deployHttpClientProcess.jspService(_deployHttpClientProcess.java:332)
at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:302)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:190)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
Target BPEL process manager runs under SOA 10.1.3.3. When the SSO to BPELConsole is disabled, the deployment works just fine. Is there any way to make it work with SSO?

Please check:
http://blog.jpoot.com/category/oracle-appserver/oid-ldap/
We had some issues with SSO and SSL but everything is running now.
Marc

Apex Configuration with SSO on Database 11g

Hi All,
I am trying to configure Application Express with SSO on 11g and I have followed all the steps mentioned in http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
My partner app configuration is
Site ID: 0F32F8E1
Site Token: JC54XU4Q0F32F8E1
Encryption Key: 61443A93398DC472
Single Sign-On URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
Application Name: Insight Knowledge Manager on New Server
Application Home URL: http://orclinsight.oraclecorp.com
Application Success URL: http://orclinsight.oraclecorp.com/pls/apex/wwv_flow_custom_auth_sso.process_success
Application Logout URL: http://orclinsight.oraclecorp.com
After running the @custom_auth_sso.sql and @custom_auth_sso.plb and doing grant execute on wwv_flow_custom_auth_sso to public; I have also created an authentication scheme in APEX based on the pre-configured scheme on Apex as partner app
this is the URL of the app.... http://orclinsight.oraclecorp.com/pls/apex/f?p=100:1
if I type this URL, I get redirected to the SSO authentication page...however once I have filled the credentials.. it shows me the following error message
*"The requested URL /pls/apex/wwv_flow_custom_auth_sso.process_success was not found on this server."*
The result of this query select lsnr_token||':'||site_token||':'||site_id||':'||urlcookie_version||':'||encryption_key||':'||url_cookie_ip_check||':'||ls_login_url from wwsec_enabler_config_info$
is
'HTML_DB:orclinsight.oraclecorp.com:80:JC54XU4Q0F32F8E1:0F32F8E1:v1.2:61443A93398DC472:Y:https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login'
and the result of begin owa_util.print_cgi_env; end; query in APEX - SQL Workshop is
PLSQL_GATEWAY = WebDb
GATEWAY_IVERSION = 2
SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server
GATEWAY_INTERFACE = CGI/1.1
SERVER_PORT = 80
SERVER_NAME = orclinsight.oraclecorp.com
REQUEST_METHOD = POST
PATH_INFO = /wwv_flow.show
SCRIPT_NAME = /pls/apex
REMOTE_ADDR = 141.144.152.146
SERVER_PROTOCOL = HTTP/1.1
REQUEST_PROTOCOL = HTTP
REMOTE_USER = APEX_PUBLIC_USER
HTTP_CONTENT_LENGTH = 291
HTTP_CONTENT_TYPE = application/x-www-form-urlencoded; charset=UTF-8
HTTP_USER_AGENT = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
HTTP_HOST = orclinsight.oraclecorp.com
HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING = gzip,deflate
HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5
HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_REFERER = http://orclinsight.oraclecorp.com/pls/apex/f?p=4500:1003:1510257042232818::NO:::
HTTP_ORACLE_ECID = 1258784987:64.181.227.33:7900:4328:22,0
WEB_AUTHENT_PREFIX =
DAD_NAME = apex
DOC_ACCESS_PATH = docs
DOCUMENT_TABLE = wwv_flow_file_objects$
PATH_ALIAS =
REQUEST_CHARSET = AL32UTF8
REQUEST_IANA_CHARSET = UTF-8
SCRIPT_PREFIX = /pls
HTTP_COOKIE = [email protected]:insight_workspace; ORA_WWV_USER=BE50DD5881201806; IdcLocale=English-US; IntradocAuth=Internet; oracle.uix=0^^GMT+5:30^p; IntradocLoginState=1; IdcTimeZone=America/Chicago
Please advise what should I do next or where I may be going wrong?
Warm Regards,
Anand

Hi All,
I am trying to configure Application Express with SSO on 11g and I have followed all the steps mentioned in http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
My partner app configuration is
Site ID: 0F32F8E1
Site Token: JC54XU4Q0F32F8E1
Encryption Key: 61443A93398DC472
Single Sign-On URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
Application Name: Insight Knowledge Manager on New Server
Application Home URL: http://orclinsight.oraclecorp.com
Application Success URL: http://orclinsight.oraclecorp.com/pls/apex/wwv_flow_custom_auth_sso.process_success
Application Logout URL: http://orclinsight.oraclecorp.com
After running the @custom_auth_sso.sql and @custom_auth_sso.plb and doing grant execute on wwv_flow_custom_auth_sso to public; I have also created an authentication scheme in APEX based on the pre-configured scheme on Apex as partner app
this is the URL of the app.... http://orclinsight.oraclecorp.com/pls/apex/f?p=100:1
if I type this URL, I get redirected to the SSO authentication page...however once I have filled the credentials.. it shows me the following error message
*"The requested URL /pls/apex/wwv_flow_custom_auth_sso.process_success was not found on this server."*
The result of this query select lsnr_token||':'||site_token||':'||site_id||':'||urlcookie_version||':'||encryption_key||':'||url_cookie_ip_check||':'||ls_login_url from wwsec_enabler_config_info$
is
'HTML_DB:orclinsight.oraclecorp.com:80:JC54XU4Q0F32F8E1:0F32F8E1:v1.2:61443A93398DC472:Y:https://login-stage.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login'
and the result of begin owa_util.print_cgi_env; end; query in APEX - SQL Workshop is
PLSQL_GATEWAY = WebDb
GATEWAY_IVERSION = 2
SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server
GATEWAY_INTERFACE = CGI/1.1
SERVER_PORT = 80
SERVER_NAME = orclinsight.oraclecorp.com
REQUEST_METHOD = POST
PATH_INFO = /wwv_flow.show
SCRIPT_NAME = /pls/apex
REMOTE_ADDR = 141.144.152.146
SERVER_PROTOCOL = HTTP/1.1
REQUEST_PROTOCOL = HTTP
REMOTE_USER = APEX_PUBLIC_USER
HTTP_CONTENT_LENGTH = 291
HTTP_CONTENT_TYPE = application/x-www-form-urlencoded; charset=UTF-8
HTTP_USER_AGENT = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
HTTP_HOST = orclinsight.oraclecorp.com
HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING = gzip,deflate
HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5
HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_REFERER = http://orclinsight.oraclecorp.com/pls/apex/f?p=4500:1003:1510257042232818::NO:::
HTTP_ORACLE_ECID = 1258784987:64.181.227.33:7900:4328:22,0
WEB_AUTHENT_PREFIX =
DAD_NAME = apex
DOC_ACCESS_PATH = docs
DOCUMENT_TABLE = wwv_flow_file_objects$
PATH_ALIAS =
REQUEST_CHARSET = AL32UTF8
REQUEST_IANA_CHARSET = UTF-8
SCRIPT_PREFIX = /pls
HTTP_COOKIE = [email protected]:insight_workspace; ORA_WWV_USER=BE50DD5881201806; IdcLocale=English-US; IntradocAuth=Internet; oracle.uix=0^^GMT+5:30^p; IntradocLoginState=1; IdcTimeZone=America/Chicago
Please advise what should I do next or where I may be going wrong?
Warm Regards,
Anand

Apex With SSO not working

When running htmldb 2.0.00.29 with SSO , we receive
ORA-06550: line 2, column 1: PLS-00201: identifier 'WWSEC_SSO_ENABLER_PRIVATE.GENERATE_REDIRECT'
must be declared ORA-06550: line 1, column 45: PL/SQL: Statement ignored
Error Unable to run portal_sso_redirect procedure as schema: PL_USER with partner app name: people finder:mercator.hq.ccw.gov.uk:7779.
During debugging the issue we found out that the ssosdk could not be installed into FLOWS_020000 correctly
( error like:
@loadsdk.sql
create table wwsec_enabler_config_info$ OF sec_enabler_config_type
ORA-00955: name is already used by an existing object
CREATE sequence wwsec_log_pk_seq increment BY 1
ORA-00955: name is already used by an existing object
and as followup error in regapp.sql
ERROR: Error in registration. Please try again
ORA-06508: PL/SQL: could not find program unit being called
Now we created in a separate schema the ssosdk and run next steps of
Note:353023.1 CONFIGURING AN APEX (HTMLDB) APPLICATION TO USE SSO:
But bow same error like on starting up the issue.
Question:
Is it possible to install ssosdk in a separate schema and not into FLOWS_02xxx
If yes, what are the steps differennt to the Note:353023.1
thanks

Hi Scot,
Thank you for your response.
This is what I did for the migration by following the thread in
How can I recovery APEX application from a full database export?
- Create new empty database with APEX installed.
- Disable foreign key constraints in the FLOWS_030100 Schema
- Truncate all tables in the FLOWS_030100 Schema
- Perform user level imports of tables only with IGNORE = Y for FLOWS_030100 Schema
- Enable the constraints.
(everything seems intact including SSO SDK objects)
To register with SSO, this is what I did;
1. Load SSO SDK in FLOWS_030100 Schema anyway
2. Register APEX as Partner in SSO
ID: 1B914F48
Token: F76K433U1B914F48
Encryption Key: F76K433U1B914F48
Login URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: http://<hotsname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
Login URL : http://<hotsname>:7778/pls/apex
Success URL : http://<hotsname>:778/pls/apex/wwv_flow_custom_auth_sso.process_success
Logout URL : http://<hotsname>:7778/pls/apex
3. Run regapp.sql as FLOWS_030100
SQL> @regapp.sql
Partner Application Configuration
4.
Enter value for listener_token: HTML_DB:<hostname>:7778
Enter value for site_id: 1B914F48
Enter value for site_token: F76K433U1B914F48
Enter value for login_url: http://<hostname>:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: C5EB92724C7C98B8
Enter value for IP check : N
4. Ensure wwv_flow_custom_auth_sso compile successfully and grant it to Public
When I tested it, I did get the page of SSO login. But after logging in, it will just go to Page not found. Initially, I thought there's someting wrong with
wwv_flow_custom_auth_sso.process_success but it did compile successfully and I have granted it to Public.
Yong

Integrating Application Express with SSO

Hi,
What's the difference between integrating Apex with SSO as a partner application, and integrating it as an external application. Are there any benefits / drawbacks to either? and in what situation would you use one or the other?
Thanks,
Lee

Hi, I have one more question related to this.
We are currently considering implementing the following:
We are designing a system where the majority of users will have read only access to data. The read only users will NOT have to sign into the system in order to use the system at this privilege level. Other users will have to sign in and once they have done so will then be able to edit and access other functions of the system that are not available to regular read only users. Login links will be available on a number of different screens and once logged in they will be returned to the screen from which they logged in.
We understand that we can use SSO or even Apex's own authentication to acheive this.
There is also another system built using portal, forms and SSO. Once a user signs into the portal there is a main menu where various links to different applications are available/hidden depending on the OID groups that the user is a part of.
Ideally we want to be able to provide a link from the portal system to the apex system from the portal main menu. If a user is signed into the portal then they should be able to enter the apex system without the requirement to sign in again, assuming that they have edit privileges for the apex system. However if the user is signed into the portal but they do not have edit privileges we want to be able to display the apex system in read only mode as we would for anybody else who is not an edit user complete with login links.
Would this be possible using SSO bearing in mind that we do not want to have to create users for the read only users?
Any help would be greatly appreciated.
Thanks,
Lee

APEX not working with SSO

I am trying to setup APEX 3.1 (fresh installation not upgrade) to work with SSO on Linux.
APEX and AP infrastructure are installed on separate servers and APEX is working with mid tier HTTP server.
I have followed the steps below and I don’t get any error messages at all but when I finally point the browser to an application I get an error:
ERR-7620 Could not determine workspace for application
Expecting p_company or wwv_flow_company cookie to contain security group id
I would appreciate any help
Regards,
Anna
alter user flows_030100 identified by xxxx;
alter user flows_030100 account unlock;
Loaded SSO SDK into the flows_030100 schema @APEX_DB
Registered ApEx as a partner application, supplied values:
HOME URL : http://serverABC.ypgstaging.local:7777/pls/apex
Success URL : http://serverABC.ypgstaging.local:7777/pls/apex/wwv_flow_custom_auth_sso.process_success
Log Out URL : http://serverABC.ypgstaging.local:7777/pls/apex/apex
Application Name APEX
As flows_040100@APEX_DB:
SQL> @regapp.sql
Partner Application Configuration
Enter value for listener_token: apex:serverABC.ypg.local:7777
Enter value for site_id: 6F20F2EF
Enter value for site_token: W201QS2F6F20F2EF
Enter value for login_url: http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: 3F7CD0E25D17A170
Enter value for ip_check: N
Registration successful.
Listener token: apex:serverABC.ypg.local:7777
Site id : 6F20F2EF
Site token : W201QS2F6F20F2EF
Encryption key: 3F7CD0E25D17A170
Login URL :
http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Logout URL :
http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
IP check : N
PL/SQL procedure successfully completed.
Commit complete.
No errors.
SQL> select * from wwsec_enabler_config_info$;
LSNR_TOKEN
SITE_TOKEN
SITE_ID
LS_LOGIN_URL
URLCOOKIE_VERSION
ENCRYPTION_KEY
ENCRYPTION_MASK_PRE
ENCRYPTION_MASK_POST
U
apex:serverABC.ypg.local:7777
W201QS2F6F20F2EF
6F20F2EF
http://serverABC.ypg.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
v1.2
3F7CD0E25D17A170
C70C4A8B5227430F37EA0903E8A7C7BC
35B1659E7B2E5FB7BF1C0381B44E1FF9
N
Then on APEX_DB server I ran the following:
[oracle@ATC1SDBYM01 core]$ sqlplus
Enter user-name: / as sysdba
SQL> alter session set current_schema=flows_030100;
Session altered.
SQL> @custom_auth_sso_902.sql
...wwv_flow_custom_auth_sso
Package created.
No errors.
SQL> @custom_auth_sso_902.plb
...wwv_flow_custom_auth_sso
Package body created.
No errors.
SQL> grant execute on wwv_flow_custom_auth_sso to public;
Grant succeeded.
alter user flows_030100 identified by values ‘xxx’;
alter user flows_030100 account lock;
Here is a test application URL:
http:/serverABC.ypgstaging.local:7778/pls/apex/f?p=F101::&c=yellowmart
The application authentication schema is set to SSO.

Scott
I have restarted AS and rerun the regapp script successfully. I have noticed I entered the wrong domain name while registering it first time and I have corrected the error this time.
SQL> select * from wwsec_enabler_config_info$;
LSNR_TOKEN
SITE_TOKEN
SITE_ID
LS_LOGIN_URL
URLCOOKIE_VERSION
ENCRYPTION_KEY
ENCRYPTION_MASK_PRE
ENCRYPTION_MASK_POST
U
HTML_DB:serverABC.ypgstaging.local:7777
W201QS2F6F20F2EF
6F20F2EF
http://serverABC.ypgstaging.local:7777/pls/orasso/orasso.wwsso_app_admin.ls_lo
gin
v1.2
3F7CD0E25D17A170
C70C4A8B5227430F37EA0903E8A7C7BC
35B1659E7B2E5FB7BF1C0381B44E1FF9
N
However I still get the same error message in my browser when I point it to the application.
Regards,
Anna

Register application with SSO

Hi all
I have a APEX install which I have succesfully registered with SSO as a partner application (I have registered APEX/HTMLDB itself). On this machine we host a number of applications which can be accessed as http://myserver.mydomain.com/pls/htmldb/f?p=APP_NAME1 (and so on to APP_NAME_n).
The business owner of one of these applications wants to have an application-specific URL instead of the generic type URL (eg, http://my-new-app.mydomain.com/....), and to keep the new alias in the browser URL. However, I am sure that this will require me to register the application with SSO as the SSO server won't recognise the new URL.
I have searched the forum and not found any reference to having the entire HTMLDB engine registered as a partner app, and registering individual apps with SSO at the same time. Perhaps, this is so trivial and straightfoward that no-one has come across any problems with this. But I wonder if there are any "gotchas" in having this kind of set up before I actually start on it.
regards
Gerard

Gerard - That should work as that was the intended purpose of having the two "flavors" of SSO partner app integration - so that a workspace schema could have a local copy of the SSO SDK and could use it independently of the Application Express installation's copy. Do let us know how it goes, especially if it works.
Scott

BSP to IIS with SSO

Hi,
Is it possible to go from a BSP to a IIS with SSO? Can I use ISAPI for it or are there better solutions? And is there some documentation about it?
KR
Steven

Steven,
Check note 442401 and thread /thread/11711 [original link is broken]
for this.
Eddy

Upgrade ERP database 11g and ATG7 with SSO integation

Please let us know how to Perform Upgrade ERP database 11g and ATG7 with SSO integation .
Regards .

We have completed to upgrade ERP database from 9.2.0.6 to 11.2.0.1 and also apply ATG 7 on Test instance.
And user finish testing , there is no issue after upgrade and application can work as normal.
On Test instance we didn't implement Single Sign On
But on Production we have Single Sign ON.
Now we plan to upgrade on Production instance. But we afraid that we will found any issue on Production relate to SSO. Becase we don't have a chance to test it.
My question is:
Are there any spacial step we need to do if we have implemented SSO After upgrade DB 11g and ATG 7?

Problem with sso for asp applications

Hi,
i am using the web app integrator to integrate asp application with SSO, i am getting permission denied some times, the permission denied is a small html file on asp server side when userid is null.
I am sure that the user id is not null because i have written small script to respond back with the passed user id like response.write(""), it is giving back the passed user id every time but at the same time i am getting Permission denied.
The permission denied is a small html file on the .net server side when the ui=null in the pssing URL.
How this is happening at the same time, one is giving back the user id and one is taking the user id as null.
some times i am getting right page and some times giving permisssion denied.
the basic URl is
http://abc.xyz.com/sm_log.asp?userid=damodhar
There is no great security behind this only passing user id, they are not passing the password even in the http header authentication. the simple logic is they are hiding the URL from the view source.
if i pass the hard coded url from the browser i am getting the proper page at the same time if i pass the url from portal it is working some times and some times not, i don't know when?
I am using the web application integrator method.
we are operating portal server from internet and .net server is on intranet.
Thanks,
Damodhar.

If you lose sounds for keyboard clicks, games or other apps, email notifications and other notifications, system sounds may have been muted.
System sounds can be muted and controlled two different ways. The screen lock rotation can be controlled in the same manner as well.
Settings>General>Use Side Switch to: Mute System sounds. If this option is selected, the switch on the side of the iPad above the volume rocker will mute system sounds.
If you choose Lock Screen Rotation, then the switch locks the screen. If the screen is locked, you will see a lock icon in the upper right corner next to the battery indicator gauge.
If you have the side switch set to lock screen rotation then the system sound control is in the task bar. Double tap the home button and in the task bar at the bottom, swipe all the way to the right. The speaker icon is all the way to the left. Tap on it and system sounds will return.
If you have the side switch set to mute system sounds, then the screen lock rotation can be accessed via the task bar in the same manner as described above.
This support article from Apple explains how the side switch works.
http://support.apple.com/kb/HT4085

How i get user info from ldap using java after authenticating user with SSO

Hi
I have one jsp/bean application as a partner application with SSO.
It works fine.
Now i need to get other attributes of user from LDAP who has logged into the application through SSO.
using SSO java APIs i only get username, userDN, subscriber info.
To get user's other attribute i have to user LDAP APIs for that i have to create on Directory Context, for the same i need userpassword.
so here i my question, how do i get user password after he has logged in thro SSO.
regards..
and thanking u in advance
samir

Valentina,
there's no way to get the password value from the directory (it's one way). Of course you can get the hashed (MD4,MD5,SHA-1) base64 encoded value (i.e. the value you see in OiD) but not the 'password'.
--Olaf

GRC AC 10.0 PSS feature with SSO in scope

Similar Messages

Maybe you are looking for