IronPort SMA: External Spam Quarantine SSO Login

Can external spam quarantine accomodate SSO login, if it's tied with AD? As far as I know- it cannot.

Found the answer:
Accessing the Quarantine via the Quarantine URL
If LDAP Auth is configured, then the users AD username and password get them into the quarantine. There is no SAML SSO integration at this time.
Accessing the quarantine via the Notifcation Digest
When the user clinks on the link of a notification email, the URL has an auth token in it which authenticates the user to the quarantine. No popup login required.
https://sma.quarantine.com:83/Search?h=8d392bb51780c3f7ebe0fa388eb9db2a&email=[email protected]

Similar Messages

  • Adding external SPAM quarantine on C370

    Hi,
    I have C370 with Internal SPAM quarantine up and working.
    Now, we need to use M160 as external SPAM, I have configured both devices and we are waiting for maintenance window to cutover.
    I have one question about it:
    Documents are saying that I need to disable local one (easy, under C370 quarantines, I will go to SPAM and uncheck enable box) but it is a little unclear what comes after that.
    My mail policy will change to deliver or not? If it does, should I put IP address of M160 to Alternate Host, and if I do, will it use port 6025 as configured or 25 for SMTP?
    Since I have external SPAM already configured, shouldn't my mail policy stay that all SPAM & SPAM suspected should still be quarantined?
    Bottom line is, what should be in my mail policy?
    Thanks.
    David

    Hello David,
    Before configuring an external spam quarantine please ensure that the Security Management Appliance (M160)
    is configured to receive quarantined spam messages from this appliance. Once that has been configured, not only will you disable the local Spam Quarantine in your C370(GUI: Monitor tab > Quarantines), but you will need to add an External Quarantine(C370 GUI: Network tab). The IP address that you add as the External Quarantine will be the IP address of the Interface that you would have configured on your Security Management Appliance-as the default Spam Quarantine interface.
    You will not need to change your Mail Policies' Ant-Spam settings. Spam, Suspect Spam, Etc. - will continue to be routed to which ever quarantine the C370 is currentlt set to use. The port number that is used(6025, by default) was determined when you configured an Interface on your Security Management Appliance to accept spam from C370.
    Regards,
    -Jerry Orona

  • ESA - External Auth - Spam Quarantine

    I'm looking to see if anyone has a workaround for admins logging into Spam Quarantine and not being able to set their safelist / block list.  I'm using AD accounts for TACACS+ / Radius on my ACS 5.4 appliance and I found an issue when using Radius for admin access to my ESA.  After enabling Radius, admins who log into the spam quarantine site have access to everyone's spam which is correct, but they no longer have the option field to setup their safelist / block list.
    Thx
    -Kevin

    I also have the same issue.  The only way around it for me was to use different accounts for administrating the IronPort appliances.   This fell into alignment with my organizations practice of setting up seperate Admin accounts for server/workstation administration that is seperate from a server admin's user account. 
    I think the appliance is confused, because when you login with an administrative level account you see the quarantine of all users, so it can't add safelist/blocklist addresses because it doesn't know what mailbox to add these to.
    Be interested to hear what Cisco has to say about it.

  • Ironport C170 Unable to view the Spam Quarantine messages

    I'm new to the Ironport appliance. When I click on Monitor-->Spam Quarantine, then click on Messages a new window appears and I should see all of the emails that were marked "spam". For some reason when the second window opens, I receive a blank page. Everything works fine on my other C170 appliance.

    Hi Billy, if you move mouse cursor over the number of spam messages on page Monitor>Spam quarantine, what URL address you see?
    Something like https://www.domain.com:83/Search?auth=13900f1d2a029b017464c596a88bb7a8?
    Can you resove "www.domain.com" to correct IP address of your ESA server?
    Are Spam Quarantine>Spam Quarantine HTTP & Spam Quarantine HTTPS enabled at Network>IP Interfaces>Interface page? Do interface's IP address & spam quarantine ports match to URL address (does www.domain.com resolve to this IP address) at Monitor>Spam quarantine?
    Is there any firewall blocking this connection?

  • External spam authentication

    I cannot get external SPAM authentication working or SPAM logins. I have a valid LDAP profile configured (tested working), I have added a valid "Spam Quarantine End-User Authentication" with domain assignment working, I have enabled "External Authentication Queries" in the valid LDAP profile with Spam Quarantine End-User Authentication Query enabled, and tested with finding valid results.
    Does anyone know what I am missing, or what I am doing wrong? When I try to login into the SPAM quarantine I get "invalid user" when trying to use any LDAP users.

    I think I found the issue, under "Edit Spam Quarantine" I forgot to enable LDAP as the "End-User Authentication".
    I am now able to login with LDAP users but I will follow-up if there are any further issues.

  • Change central spam quarantine cert?

       We have an internal certificate that I would like to assign to the Central Spam Quarantine on our M670 so that users don't get the self-signed cert error. I don't see anything in the documentation about this, does anyone have any pointers as to how this is done and potential pitfalls? Thanks.

    That post does apply to the SMA.
    Correct - there is not a GUI option on the SMA.  You will need to run the 'certconfig' command on the CLI, and import the certficate --- either one you have, or once you receive this back from the CA.
    http://tools.cisco.com/squish/9b9c9
    How do I install certificates on an Cisco Content Security Management Appliance (SMA)?
    Prerequisites:
    You must have the following items available in PEM format:
    X.509 certificate
    Private key that matches your certificate
    Any intermediate certificates provided by your Certificate Authority
    Certificates can be used for 4 different services:
    Inbound TLS
    Outbound TLS
    HTTPS
    LDAPS
    You can choose to either use the same certificate for all 4 services or use separate certificates for each.
    Installing the Certificates:
    To begin, you will first need to access your IronPort via the Command Line Interface. This can be done either
    via telnet or an SSH client such as PuTTY.
    Once logged into the CLI, please use the following steps:
    Issue the command 'certconfig'
    Issue the command 'setup'
    Choose whether to use the same certificate for all features or separate certificates
    When prompted paste each item into the CLI window
    Enter a '.' on it's own line to indicate that you are done pasting the current item (see example below)
    Be sure to enter any intermediate certificates when prompted to do so
    When you are done, return to the main prompt by hitting enter
    Issue the 'commit' command
    Notes:
    When performing a certificate install on Microsoft Windows you may need to open your certificates with Wordpad instead of Notepad.
    Do not exit the certconfig command with Ctrl+C since this will immediately cancel your changes.
    Example:
    sma.example.com> certconfig
    Currently using one certificate/key for receiving, delivery, HTTPS management access, and LDAPS.
    Choose the operation you want to perform:
          - SETUP - Configure security certificates and keys.
          - PRINT - Display configured certificates/keys.
          - CLEAR - Clear configured certificates/keys.
    []> setup
    Do you want to use one certificate/key for receiving, delivery, HTTPS management access, and LDAPS? [Y]>
    paste cert in PEM format (end with '.'):
    -----BEGIN CERTIFICATE-----
    MIIDmTCCAwKgAwIBAgIJAP3xcsDFYVsFMA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
    VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVNhbiBCcnVubzEiMCAGA1UE
    ChMZSXJvblBvcnQgQ3VzdG9tZXIgU2VydmljZTEXMBUGA1UEAxMOQ2lzY28gSXJv
    blBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAaXJvbnBvcnQuY29tMB4XDTA5
    MTAwMjE5NDkxOVoXDTEwMTAwMjE5NDkxOVowgZAxCzAJBgNVBAYTAlVTMQswCQYD
    VQQIEwJDQTESMBAGA1UEBxMJU2FuIEJydW5vMSIwIAYDVQQKExlJcm9uUG9ydCBD
    dXN0b21lciBTZXJ2aWNlMRcwFQYDVQQDEw5DaXNjbyBJcm9uUG9ydDEjMCEGCSqG
    SIb3DQEJARYUc3VwcG9ydEBpcm9ucG9ydC5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
    gY0AMIGJAoGBAMHw08rHx1a2NeJpwzTeVQH09g77zQelp6vrcVxijhOH4+k3LrfD
    wd+g94X+T6/ZJ/pJNgkjrncEw0I96yvlCwpAeReaWX4rLCyMyU/BGdKfCVNPWK/b
    oNioS91ADh1L+XRyPeBG1YIM+EEK5wuQzOP8NQH3uf7jq1aigsOgV9sHAgMBAAGj
    gfgwgfUwHQYDVR0OBBYEFEYsbf9JvO+AvNalXiORrA3x4D8VMIHFBgNVHSMEgb0w
    gbqAFEYsbf9JvO+AvNalXiORrA3x4D8VoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEL
    MAkGA1UECBMCQ0ExEjAQBgNVBAcTCVNhbiBCcnVubzEiMCAGA1UEChMZSXJvblBv
    cnQgQ3VzdG9tZXIgU2VydmljZTEXMBUGA1UEAxMOQ2lzY28gSXJvblBvcnQxIzAh
    BgkqhkiG9w0BCQEWFHN1cHBvcnRAaXJvbnBvcnQuY29tggkA/fFywMVhWwUwDAYD
    VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCKcMkd1+SMIGs9JcN1IT/o1Qan
    9zd5BkrRAVKq47pJnHbkFpDnGoHGEo2hRhXYXfrCFwpOkkd2b/iRl54ghcK6xwnH
    tF3tvznyBIWBUvt+vPIqHfNlmTCdIVhawz6YVs+0YAQanxObdbCM0T6tI3CaAjul
    0oL+HfZjR4m900PG8A==
    -----END CERTIFICATE-----
    cert = -----BEGIN CERTIFICATE-----
    MIIDmTCCAwKgAwIBAgIJAP3xcsDFYVsFMA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
    VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVNhbiBCcnVubzEiMCAGA1UE
    ChMZSXJvblBvcnQgQ3VzdG9tZXIgU2VydmljZTEXMBUGA1UEAxMOQ2lzY28gSXJv
    blBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAaXJvbnBvcnQuY29tMB4XDTA5
    MTAwMjE5NDkxOVoXDTEwMTAwMjE5NDkxOVowgZAxCzAJBgNVBAYTAlVTMQswCQYD
    VQQIEwJDQTESMBAGA1UEBxMJU2FuIEJydW5vMSIwIAYDVQQKExlJcm9uUG9ydCBD
    dXN0b21lciBTZXJ2aWNlMRcwFQYDVQQDEw5DaXNjbyBJcm9uUG9ydDEjMCEGCSqG
    SIb3DQEJARYUc3VwcG9ydEBpcm9ucG9ydC5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
    gY0AMIGJAoGBAMHw08rHx1a2NeJpwzTeVQH09g77zQelp6vrcVxijhOH4+k3LrfD
    wd+g94X+T6/ZJ/pJNgkjrncEw0I96yvlCwpAeReaWX4rLCyMyU/BGdKfCVNPWK/b
    oNioS91ADh1L+XRyPeBG1YIM+EEK5wuQzOP8NQH3uf7jq1aigsOgV9sHAgMBAAGj
    gfgwgfUwHQYDVR0OBBYEFEYsbf9JvO+AvNalXiORrA3x4D8VMIHFBgNVHSMEgb0w
    gbqAFEYsbf9JvO+AvNalXiORrA3x4D8VoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEL
    MAkGA1UECBMCQ0ExEjAQBgNVBAcTCVNhbiBCcnVubzEiMCAGA1UEChMZSXJvblBv
    cnQgQ3VzdG9tZXIgU2VydmljZTEXMBUGA1UEAxMOQ2lzY28gSXJvblBvcnQxIzAh
    BgkqhkiG9w0BCQEWFHN1cHBvcnRAaXJvbnBvcnQuY29tggkA/fFywMVhWwUwDAYD
    VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCKcMkd1+SMIGs9JcN1IT/o1Qan
    9zd5BkrRAVKq47pJnHbkFpDnGoHGEo2hRhXYXfrCFwpOkkd2b/iRl54ghcK6xwnH
    tF3tvznyBIWBUvt+vPIqHfNlmTCdIVhawz6YVs+0YAQanxObdbCM0T6tI3CaAjul
    0oL+HfZjR4m900PG8A==
    -----END CERTIFICATE-----
    paste key in PEM format (end with '.'):
    -----BEGIN RSA PRIVATE KEY-----
    MIICXgIBAAKBgQDB8NPKx8dWtjXiacM03lUB9PYO+80Hpaer63FcYo4Th+PpNy63
    w8HfoPeF/k+v2Sf6STYJI653BMNCPesr5QsKQHkXmll+KywsjMlPwRnSnwlTT1iv
    26DYqEvdQA4dS/l0cj3gRtWCDPhBCucLkMzj/DUB97n+46tWooLDoFfbBwIDAQAB
    AoGAM/hvKNXkSw5E3kltMAusR/v2vAkp5jSz+9P56sHWRNGTd3l8IW5p05109wkx
    HXRZzC42NrjDFc3G7Udeb8LO9BbVicBzXVW1CRIrfxGr7d/ekkghyN1nBiAbUCaf
    6jUGNItT1ACRdV++aNzESO6JdGBirW/pw0neMgmtRuf0rIECQQDnX/9zUxZuswJN
    0hvEzaVAx2pkpJ6v3us8bG7o5Ce3vDWR9ja3TUH6faOw2azfLv0ND1sLj6USx2j5
    rC8Kj2HhAkEA1pTm+FVbY3YQOSBol1o0831SvCxA/r7fhxTdxHXzhkw1NC3mbZrh
    ZGATaGETM9doyatESVLbcHxu/OYU7nmp5wJBAMbT6fMyjW5nii1RxuciSUYXl8gQ
    5wT/LWrpS436sl7j760UxgRS8cXOPeJ1zGamPHMCpRyUPiibEAyt+Ga8vEECQQC8
    9gMvTHtd6un+ZHu2TMm0YfgpnQ7fRlaxLb7c8sGw0gtIF+ODQZCaQ8DTeijeziKI
    9Tj9GOoE9I8IRdTI7HqhAkEAnXk9GOp201cPK8E7SDgseuSdxuziQH4Tl595wXQX
    CbCI1aqiMwrg5b/B1ZfISxyD1Vth6BARQuuqYvdnstlSkQ==
    -----END RSA PRIVATE KEY-----
    key = -----BEGIN RSA PRIVATE KEY-----
    MIICXgIBAAKBgQDB8NPKx8dWtjXiacM03lUB9PYO+80Hpaer63FcYo4Th+PpNy63
    w8HfoPeF/k+v2Sf6STYJI653BMNCPesr5QsKQHkXmll+KywsjMlPwRnSnwlTT1iv
    26DYqEvdQA4dS/l0cj3gRtWCDPhBCucLkMzj/DUB97n+46tWooLDoFfbBwIDAQAB
    AoGAM/hvKNXkSw5E3kltMAusR/v2vAkp5jSz+9P56sHWRNGTd3l8IW5p05109wkx
    HXRZzC42NrjDFc3G7Udeb8LO9BbVicBzXVW1CRIrfxGr7d/ekkghyN1nBiAbUCaf
    6jUGNItT1ACRdV++aNzESO6JdGBirW/pw0neMgmtRuf0rIECQQDnX/9zUxZuswJN
    0hvEzaVAx2pkpJ6v3us8bG7o5Ce3vDWR9ja3TUH6faOw2azfLv0ND1sLj6USx2j5
    rC8Kj2HhAkEA1pTm+FVbY3YQOSBol1o0831SvCxA/r7fhxTdxHXzhkw1NC3mbZrh
    ZGATaGETM9doyatESVLbcHxu/OYU7nmp5wJBAMbT6fMyjW5nii1RxuciSUYXl8gQ
    5wT/LWrpS436sl7j760UxgRS8cXOPeJ1zGamPHMCpRyUPiibEAyt+Ga8vEECQQC8
    9gMvTHtd6un+ZHu2TMm0YfgpnQ7fRlaxLb7c8sGw0gtIF+ODQZCaQ8DTeijeziKI
    9Tj9GOoE9I8IRdTI7HqhAkEAnXk9GOp201cPK8E7SDgseuSdxuziQH4Tl595wXQX
    CbCI1aqiMwrg5b/B1ZfISxyD1Vth6BARQuuqYvdnstlSkQ==
    -----END RSA PRIVATE KEY-----
    Do you want to add an intermediate certificate? [N]> n
    Currently using one certificate/key for receiving, delivery, HTTPS management access, and LDAPS.
    Choose the operation you want to perform:
          - SETUP - Configure security certificates and keys.
          - PRINT - Display configured certificates/keys.
          - CLEAR - Clear configured certificates/keys.
    []>
    sma.example.com> commit
    Please enter some comments describing your changes:
    []> Installed Certificate
    Changes committed: Fri Oct 02 12:50:47 2009 MST
    sma.example.com>
    Hope that helps, is a little more clear...
    -Robert

  • SSO login page - SSL

    Hello all,
    we have full insatllation of OAS 10G (BI + INFRA, both on 1 server), there are more than 3000 employees using the implemented SSO to login to more than 40 web applications running on more than one server (some as external applications, some on the same server), and we have another installation on the same server which is "SOA Suite OC4J 10.1.3" integrated with the installed INFRA as partner application to utilize the OID authentication through SSO. and 2 Ebusiness suite installations on 2 other servers.
    now for some reason, our top management asks to make the SSO login page to run under HTTPS protocol (SSL).
    can you help out? what is the impact as we have that number of applications? is there any useful documents?
    thanks,
    Sallloum
    Edited by: user7813970 on May 17, 2010 11:45 PM

    The obvious reason to have this arrangement is to get increased security.
    Now SSL implementation on OAS-BI, EBS and SOA Suite should be carefully planned. It needs to be clear what has to be under SSL: SSO or the whole suite of applications. In general, both ways are possible. But each component can be configured for SSL.
    Please note, any changes in configuration here will affect configurations of all applications that are using it.
    Read administration documents for details on each parts configuration with SSL. For SSO, here is the document to follow.
    http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14078/ssl.htm#sthref311
    Also check metalink for additional resources.
    thanks,
    AMN

  • Finally using SPAM quarantine and want to know how many e-mails are being released

    We have two C660s and one M660 and we are finally using the SPAM quarantine functionality on the M660 and so far it has been awesome.   For my pilot group I have the spam thresholds set as low as recommended by the GUI at 50 (positive) and 25 (suspected)...   First off, if I change these numbers will I see noticiable differences in what is allowed through and what isn't?
    My real question is, is there an easy way to see what mail is being released by users from the SPAM quarantine?  Originally I had a content filter setup that was working..   but now it appears that when users are releasing e-mails from the quarantine it is skipping any type of content filtering..  From what I can tell, e-mails are still being routed from the M660 to one of the two C660s for delivery..  but in the mail logs I see information like:
    Wed Aug 15 09:34:32 2012 Info: ISQ: Delivering MID 1592784 to ISQ (skipping work queue)
    And in Message Tracking I see:
    15 Aug 2012 09:32:23 (GMT -05:00)
    Message 116381462 was released from Spam Quarantine, IP address 10.25.211.100.
    15 Aug 2012 09:32:23 (GMT -05:00)
    Message 116381462 released from Spam Quarantine. Work queue skipped.
    15 Aug 2012 09:32:23 (GMT -05:00)
    Message 116381462 queued for delivery.
    15 Aug 2012 09:32:23 (GMT -05:00)
    (DCID 40556495) Delivery started for message 116381462 to
    My outgoing content filter is setup like:
    Conditions
    Apply rule: If one or more conditions match Only if all conditions match
    Order
    Condition
    Rule
    Delete
    1
    Remote IP/Hostname
    remote-ip == XXXXXXXX
    2
    Envelope Sender
    mail-from !=XXXXXXXXXX
    Actions
    Order
    Action
    Rule
    Delete
    1
    Add Log Entry
    log-entry("ReleasedFromSpamQuarantine")
    XXXXXXX = the IP address of our M660..  
    XXXXXXXX = the e-mail address used by our M660 to send out reports/alerts etc..
    Appreciate any input/feedback...
    Jason

    Hello Jason,
    one thing about the trhesholds, the defaults are 50/90 for suspected and positive spam, and that usually works for most customers, in some cases if still spam gets trough we suggest to modify that to 40/80, but you should not get any lower, as this will just increase the number of false positives. In general, the antispam engine delivers a value way above or below the thresholds, means scores are always either below 10 (no spam) or above 90 (spam), very few are inbetween this range, so usually the default setting works.
    About the information of which user released a message, there is unfortunately no direct way to get this done. You might try this approach:
    1. mail_logs: Look for the MID of the message when its getting injected to the SMA, note that this is not the same MID as in message tracking.
    2. mail_logs: Look for the message getting released, and note the time stamp:
    6 Aug 2012 13:29:21 (GMT) Start Message 10054459 ICID 0 release from Spam Quarantine
    3. Do a
    CLI: grep timestamp euqgui_logs
    with the timestamp you retreived  from the mail logs (just use the Day, hour, and minute part), this should get you the log lines for the particular minute, check them for the name of the user who was accessing the GUI at that time.
    Hope that helps,
    Andreas

  • Manually released mail moving from Policy Quarantine to SPAM Quarantine

    We have configured content filter to quarantine mails which are categorized as a 'Suspected Spam'
    hence all mails quarantined by suspected spam content filter are getting quarantined under 'Policy quarantine'
    I have observed that whenever we release mail from Suspected spam content filter, it is moving from Policy quarantine to Spam quarantine instead of getting delivered to the end user. (behavior is only for suspected spam mails. rest of the filters are working fine)
    has anyone experienced such kind of behavior ?? please suggest

    Hi Don,
    Indeed there are two ways to send to ISQ.
    a)  alt-mailhost('the.euq.queue')
    b)  Insert-Header ('X-Ironport-Quarantine: somevalue')
    But both will send the mail to quarantine and stop, even if I have an action such as duplicate-quarantine. No mail is sent to recipient.
    It may sound weird to most because why would we need to ISQ an email but at the same time want to mail be delivered.
    My goal is to just copy it, and send it to ISQ, while let the mail be delivered.
    At this moment, I can't get both done at the same message/content filter.
    MonitorUserADGroupFilter: if mail-from-group == "CN=somegroup, OU=XX, DC=company, dc=com" {
                                   deliver();
                                   alt-mailhost ("the.euq.queue");
    deliver() is now called "skip-filters()", btw.
    The above wont work because once delivered, the message is no long exist and quarantine to 'the.euq.queue' do no effect.
    If I put alt-mailhost higher than deliver, then the message does not deliver.
    Also replaced with "duplicate-quarantine" to deliver(). Same behavior.
    What's the best way to "deliver and copy to ISQ"?
    Regards,
    Chris

  • Accessing portal pagegroup pages without need to SSO login to the portal.

    how do I make an entire page group publicly accessible so that all users who try to access the portal page do not need to SSO login to view the page.
    I changed for the page as PUBLIC and given view privileges..however the portlets do not show up...can anyone tell an easy way to make a created pagegroup publicly accessible.
    It would be good if someone can elaborate on how ppl usually build a pagegroup which is publicly accessible without logging into oracle portal.
    Thanks,
    Prasanth.

    Hey Christian -- I think you left off one piece. He mentioned that the portlets are not showing up. Barring anything like external applications, it could be that the portlets are inheriting from their provider and the provider is not set to be public.
    Prasanth: To check/change this, go to Navigator and the Providers tab. Then drill down to the provider where your portlets are. Click Grant Access on the provider level or drill down to the individual portlet depending on how your portlets are setup.
    If you grant public access on the provider level, everything under that provider will be publicly accessible unless you set them otherwise. To grant public access to a provider, add the user PUBLIC and give them execute rights. To grant public access to an individual portlet, drill to that portlet and click grant access. Clear the check mark that says Inherit Privileges from Portal DB Provider and grant the user PUBLIC execute access to that portlet.
    Rgds/Mark M.

  • Partner application configuration is missing error on SSO login page

    We have APEX 3.1.2 setup as a partner application and an application within APEX setup to use SSO for authentication. Following a link to the APEX application redirects to the Single Sign-On page, as it should, but it also shows "Error: The partner application configuration is missing or expired." I type in my password and username, click the Login button, and (if I entered my username and password correctly, of course!) then the APEX application is shown. So, I cannot figure out why we're getting the no_papp_err error and I have not found any solutions to that issue on Metalink or anywhere else on the Internet. Any ideas? I'm concerned that we have a misconfiguration somewhere that is causing this error and will affect any other partner application we setup in the future.
    We're on Oracle Portal 10.1.4, SSO 10.1.2, and SSL is setup on both infra and mid tiers.

    Did you try checking the partner application entries on the SSO-login server page?
    please login as orcladmin or some other user with membership in, i beleive, iasadmins group. verify that for this partner application, what you see here corresponds to the application URL. it looks like your login page call may have issues. so check for login url too.
    also check the ORASSO.WWSSO_LS_CONFIGURATION_INFO$ for entries corresponding to Apex application.

  • Error: Partner application configuration is missing ... on SSO login page

    We have APEX 3.1.2 setup as a partner application and an application within APEX setup to use SSO for authentication. Going to the APEX application redirects to the Single Sign-On page, as it should, but it also shows "Error: The partner application configuration is missing or expired." I type in my password and username, click the Login button, and (if I entered my username and password correctly), it redirects me to the APEX application just like it should. So, I cannot figure out why we're getting the no_papp_err error and I have not found any solutions to that issue on metalink or anywhere else on the Internet. Any ideas?
    We're on Oracle Portal 10.1.4, SSO 10.1.2, and SSL is setup for both.
    +Closing this topic and opening it in [Oracle Application Server - General|http://forums.oracle.com/forums/thread.jspa?threadID=832022&tstart=0|New Topic]+
    Edited by: oportalist on Nov 28, 2008 10:24 AM

    Did you try checking the partner application entries on the SSO-login server page?
    please login as orcladmin or some other user with membership in, i beleive, iasadmins group. verify that for this partner application, what you see here corresponds to the application URL. it looks like your login page call may have issues. so check for login url too.
    also check the ORASSO.WWSSO_LS_CONFIGURATION_INFO$ for entries corresponding to Apex application.

  • ORA-06502 error after SSO login

    Hi all.
    In our intranet i'm trying to use the AS 10g SSO
    as authentication with my HTML DB application.
    HTML DB is into a 9.2.0.4 database in a Alpha open VMS server.
    AS 10g infrastructure and AS 10g mid-tier on two difference Linux RedHat AS 2.1 servers.
    Infrastructure server: http://giedi.marinarinaldi.it:7779
    Mid-tier server: http://si.marinarinaldi.it:7778
    HTML DB application: http://si.marinarinaldi.it:7778/pls/htmldbSVIL/f?p=106:1
    I followed the related how-to document
    and the SSO login page shows correctly
    but when i click "login":
    Error     Error determining caller of process_success:l_owner::p_partner_app_name:HTML_DB Please contact administrator.
    ORA-06502: PL/SQL: numeric or value error: character to number conversion error
    The SSO logi page is a our custom login page
    but it works perfectly with portal.
    The SSO partner application parameters:
    ID:     97F428BC
    Token:     4PW44GF797F428BC
    Encryption Key:     12E3971BE26C4E5D
    Login URL:     http://giedi.marinarinaldi.it:7779/pls/orasso/orasso.wwsso_app_admin.ls_login
    Single Sign-Off URL:     http://giedi.marinarinaldi.it:7779/pls/orasso/orasso.wwsso_app_admin.ls_logout
    Name:     HTML_DB
    Home URL: http://si.marinarinaldi.it:7778/pls/htmldbSVIL/f?p=106:1
    Success URL: http://si.marinarinaldi.it:7778/pls/htmldbSVIL/wwv_flow_custom_auth_sso.process_success
    Logout URL: http://si.marinarinaldi.it:7778/pls/htmldbSVIL/htmldb
    The parameters of regapp.sql script on the Alpha HTMLDB database:
    Enter value for listener_token: HTML_DB:si.marinarinaldi.it:7778
    Enter value for site_token: 4PW44GF797F428BC
    Enter value for site_id: 97F428BC
    Enter value for login_url: http://giedi.marinarinaldi.it:7779/pls/orasso/orasso.
    wwsso_app_admin.ls_login
    Enter value for cookie_version: v1.0
    Enter value for encryption_key: 12E3971BE26C4E5D
    Enter value for ip_check: N
    Thank you all in advance for help.

    SQL> select * from WWSEC_SSO_LOG$;
    1
    entry: papp_show_config
    05-AUG-04
    2
    IN papp_show_config: after the select.
    05-AUG-04
    3
    site name is 4PW44GF797F428BC
    05-AUG-04
    4
    exit: papp_show_config
    05-AUG-04
    5
    entry: urlencode
    05-AUG-04
    6
    encoded URL is http%3A%2F%2Fsi.marinarinaldi.it%3A7778%2Fpls%2FhtmldbSVIL%2Ff%3F
    p%3D106%3A1%3A6300852000501899701
    05-AUG-04
    7
    exit: urlencode
    05-AUG-04
    8
    entry: urlencode
    05-AUG-04
    9
    encoded URL is http%3A%2F%2Fsi.marinarinaldi.it%3A7778
    05-AUG-04
    10
    exit: urlencode
    05-AUG-04
    11
    entry: encrypt_url_cookie
    05-AUG-04
    12
    Before bake_site2pstore_token: listener token: HTML_DB:si.marinarinaldi.it:7778u
    rlcookie_version: v1.0papp_url_cookie: http%3A%2F%2Fsi.marinarinaldi.it%3A7778%2
    Fpls%2FhtmldbSVIL%2Ff%3Fp%3D106%3A1%3A6300852000501899701~http%3A%2F%2Fsi.marina
    rinaldi.it%3A7778enabler_config.site_token: 4PW44GF797F428BCkey: 12E3971BE26C4E5
    D
    05-AUG-04
    13
    entry: bake_site2pstore_token
    05-AUG-04
    14
    entry get_enabler_config
    05-AUG-04
    15
    site token is 4PW44GF797F428BC
    05-AUG-04
    16
    exit: get_enabler_config
    05-AUG-04
    17
    In hash string. Input is 308-05-2004 10:06:52
    05-AUG-04
    18
    In hash string. Input is ud)xc`8L`GJd~4PW44GF797F428BC~20040805100652~http%3A%2F
    %2Fsi.marinarinaldi.it%3A7778%2Fpls%2FhtmldbSVIL%2Ff%3Fp%3D106%3A1%3A63008520005
    01899701~http%3A%2F%2Fsi.marinarinaldi.it%3A7778
    05-AUG-04
    19
    temp site2pstoretoken is :ud)xc`8L`GJd~4PW44GF797F428BC~20040805100652~http%3A%2
    F%2Fsi.marinarinaldi.it%3A7778%2Fpls%2FhtmldbSVIL%2Ff%3Fp%3D106%3A1%3A6300852000
    501899701~http%3A%2F%2Fsi.marinarinaldi.it%3A7778~5169F5D95694EE7F4EEC7D80056B56
    A5
    05-AUG-04
    20
    entry: encrypt_des
    05-AUG-04
    21
    Key is: 12E3971BE26C4E5D
    05-AUG-04
    22
    before rpad
    05-AUG-04
    23
    pre mask: 503504C465CC51FDD7EBB62850973AF1503504C465CC51FDD7EBB62850973AF1503504
    C465CC51FDD7EBB62850973AF1503504C465CC51FDD7EBB62850973AF1503504C465CC51FDD7EBB6
    2850973AF1503504C465CC51FDD7EBB62850973AF1503504C465CC51FDD7EBB628
    05-AUG-04
    24
    post mask: 45FBB10E9AABB801ABAC1C861EBF9AE645FBB10E9AABB801ABAC1C861EBF9AE645FBB
    10E9AABB801ABAC1C861EBF9AE645FBB10E9AABB801ABAC1C861EBF9AE645FBB10E9AABB801ABAC1
    C861EBF9AE645FBB10E9AABB801ABAC1C861EBF9AE645FBB10E9AABB801ABAC1C86
    05-AUG-04
    25
    exit: bake_site2pstore_token
    05-AUG-04
    26
    After bake_site2_pstore_token. Value is: C061F10FBDDAACCB4A5B536D036656AF013D33B
    17261B66BD9C46A02004CF08081B0EB68834FA1594884A2088A6E1829A35EEA97ECF7B0F9B728B60
    B7DDEFEC846EA96CDB4208783B26F7DE976B3E7912554A8FA2B383EBF0C4221858C88B10A00A2789
    65C85703BEF6C3C1E3F069FF9C41059B5982CBADB7F662D481C9812EBCD7B44A7E24819CD152BB29
    9F2B40F08138F7DAE05BCC58CF87FECFA89B1BEE195FB2A314699AA2C8D406AC52FCE4F5B6DCE910
    A4B31714D99918BEC39E3E067BE031F5E9DF031192064B1ECAE0B100775AD76EF4D478844
    05-AUG-04
    27
    Redirect URL generated is : http://giedi.marinarinaldi.it:7779/pls/orasso/orasso
    .wwsso_app_admin.ls_login?site2pstoretoken=v1.0~97F428BC~C061F10FBDDAACCB4A5B536
    D036656AF013D33B17261B66BD9C46A02004CF08081B0EB68834FA1594884A2088A6E1829A35EEA9
    7ECF7B0F9B728B60B7DDEFEC846EA96CDB4208783B26F7DE976B3E7912554A8FA2B383EBF0C42218
    58C88B10A00A278965C85703BEF6C3C1E3F069FF9C41059B5982CBADB7F662D481C9812EBCD7B44A
    7E24819CD152BB299F2B40F08138F7DAE05BCC58CF87FECFA89B1BEE195FB2A314699AA2C8D406AC
    52FCE4F5B6DCE910A4B31714D99918BEC39E3E067BE031F5E9DF031192064B1ECAE0B100775AD76E
    F4D478844
    05-AUG-04

  • Did any body try to change 10g SSO  login page to custom login page?

    Hi..
    Did any body try to change Oracle 10g SSO login page with custom login Page as we used to do in 902 and 1022 versions by changing wwsso_ls_configuration_info_t table entries?
    It seems that there is now other file policy.properties that has entry for login page.
    Is there any documentation provided by Oracle on this?
    I checked metalink and SSO admin guide?
    Any clue or glue....??
    Thanks
    Sarvesh

    Try 1 & 2 if does not work please file a daycare for further assistance.
    1.   In "Day CQ Login Selector Authentication Handler" for path info add an empty row then verify.
    2.   Delete the existing entry for "Day CQ Login Selector Authentication Handler" , Configure your custom at repository level & verify

  • Opens Webmail login page instead of sso login page after changing the webma

    Hi Gurus,
    I have setup notes webmail in portal which uses SSO. I login to portal and click the webmail link which opens the sso page for authentication(Cuz I have integrated the webmail to use SSO). I enter my username and password. Then it shows my emails, inbox..etc. I logout of portal, Go to Notes client on my PC and change my webmail password there. I go back to portal and log in and click the webmail link on the portal. Cuz I have changed the webmail password, I expected that it will open the SSO page and ask me to enter the password again. It didn't happen. Instead of opening eh SSO login page, It opens the Webmail login page with an error saying "Invalid User Name or Password". I am wondering why it opens the webamil login page instead the sso login page. I can still login to webmail If I enter the user name and new password. But it doesn't update the webmail password which is stored in the SSO. Please post a reply if you have some idea about fixing this.
    Thanks
    Raj
    -------------

    Hi Gurus,
    I have setup notes webmail in portal which uses SSO. I login to portal and click the webmail link which opens the sso page for authentication(Cuz I have integrated the webmail to use SSO). I enter my username and password. Then it shows my emails, inbox..etc. I logout of portal, Go to Notes client on my PC and change my webmail password there. I go back to portal and log in and click the webmail link on the portal. Cuz I have changed the webmail password, I expected that it will open the SSO page and ask me to enter the password again. It didn't happen. Instead of opening eh SSO login page, It opens the Webmail login page with an error saying "Invalid User Name or Password". I am wondering why it opens the webamil login page instead the sso login page. I can still login to webmail If I enter the user name and new password. But it doesn't update the webmail password which is stored in the SSO. Please post a reply if you have some idea about fixing this.
    Thanks
    Raj
    -------------

Maybe you are looking for

  • Getting all mail from a gmail account

    I am trying to download all my old emails from an gmail account via thunderbird. The main reason is for backup. The problem is that each time I push on GET MESSAGES it only downloads a few mails. I need to wait till it ends and then click again and s

  • Pie chart widget

    hi , i have created a pie chart in xml format ....... now how do i go about making a widget out of it ..... i want a widget that is updated online every few days ...... thanks .. karan

  • Converting oracle reports output  to excel format

    i am using Report Builder 9.0.2.0.3, and want to view the results of the report in excel format. I have gone through many discussion forums and don't wish to use the rep2excel software,as suggested in those forums. I wish to know, at the earliest in

  • Workspace display issue

    Hi, when a business rule was set to a web form, and then we open the web form, we can see the business rule in the left section of the form. so if we need to launch the business rule, we just need to double-click the business rule. but someone cannot

  • Cluster ID on multiple VPNv4 RRs

    Hi Sir, In an MPLS Layer 3 VPN environment with two VPNv4 RRs and all the PE routers have iBGP sessions with both RRs, what's the implication if no cluster ID is configured on the RRs? And what's the implication if the same cluster ID is configured o