Mod_osso partner application and webcache site to server mapping

Similar Messages

• Choosing between external and partner application and problem with login

  We have an application on Oracle App Server 10.1.3.3 and we have an OID server.
  I had taken this for granted that I should define the application as 'Partner Application' and not external application for single sign on.
  Now that we need the 'PASSWORD' retrieved by application, we are considering defining it as an external application.
  There are at least two problems I have encountered defining the application as external:
  1. 'pageConfig:serverDate' is among the login form's inputs in the login page, but I can't set it in orasso 'Edit External Applications' page
  2. After login using SSO as external application and when I click on the application's new link, the login page is shown with the username and password field filled, but I have to click on login button anyway (no automatic and invisible login).
  I will be very grateful if someone gives a general view on the differences between external and partner, whether in this case external has to be used or partner and finally give some comment on my specific problem with login button and manual login.
  Thank you

  Just some information :
  - The problem with LOGIN page exists. I don't have that problem with for example GMAIL when defined as external application, but with my applications in Oracle Application Server.
  - There is also another thing I don't understand. The link to external application is something like:
  javascript:open_jwindow('../ealogin?ID=76D4766','76');
  and couldn't be executed outside pls/orasso
  in other words we can't give that to our users, can we? They should login to orassso and see that?
  We don't want to involve them in Identity Management...
  Any help is appreciated....
  Regards

• Error in site-to-server mapping

  I have a Webcache standalone running in load balancer mode. When I try to change something in Site-to-Server Mapping I'm getting the this error:
  Error
  This modification would generate an invalid configuration file, thus it is ignored
  Does someone knows what it means?

  I solved the problem. The error was occuring because de disk was full.
  Tks anyway.

• Partner Application and Login Server

  I have created a partner application using the samples provided in the ssosdk. In the SSOSignServlet I am checking a table to determine if the user returned from the login server has access to the partner application. If the user has access, I set the cookie and the user is redirected to the application. If the user does not have access, am not sure how to handle it. I can use response.sendRedirect(response.encodeUrl(m_cancelUrl), yet would rather display a message indicating that dont have access and are being redirected. If I try to output a message in the SSOSignOnServlet, I get into a loop. ANy ideas?

  I finally got it working by VERY CAREFULLY reading the instructions in the install.txt document in the SSO SDK package. You have to set up the partner application with a new schema in the login server database, and run the regapp.sql script AFTER editing it to insert data from the Login Server Partner Application admin screen. After you register the partner app in Portal, it gives you some info (site token, listener token, encryption key, etc). You have to MANUALLY copy these and paste them into the regapp.sql script, then run the script in the partner app schema. Make sure you don't confuse capital I with numeral 1 (like I did, since Oracle so nicely uses a non-serif font where you can not tell the difference).
  Also make sure you copy the exact values for these parameters into your code when you use the SSOEnabler class. The listener token was very confusing since different documents appear to disagree on whether it should include the partner app name or not. It does require the partner app name:
  app-name:hostname:port
  hostname and port are for the web server that is handling http requests for the login server (usually your main portal web server).
  John H.

• Partner application and web clipping.

  Hi All,
  I am trying to add an external application (say my.yahoo.com) to a webclipping and its throwing the below error in the application log.
  WC-517 : SSL handshake failed with the url ...
  I have checked the file ca-bundle.crt and the certificates are in place. Does anybody know how to go about debugging this problem as I am quite new to portals and at my wits end to solve it.
  Also I would be greatful if anybody can suggest me the steps on adding an Apex application configured as partner application with SSO authentication to a web clipping.There seems to be little or no-documentation at all in this regard(as far as my search goes).
  Thanks in advance
  -Venkat

  I finally got it working by VERY CAREFULLY reading the instructions in the install.txt document in the SSO SDK package. You have to set up the partner application with a new schema in the login server database, and run the regapp.sql script AFTER editing it to insert data from the Login Server Partner Application admin screen. After you register the partner app in Portal, it gives you some info (site token, listener token, encryption key, etc). You have to MANUALLY copy these and paste them into the regapp.sql script, then run the script in the partner app schema. Make sure you don't confuse capital I with numeral 1 (like I did, since Oracle so nicely uses a non-serif font where you can not tell the difference).
  Also make sure you copy the exact values for these parameters into your code when you use the SSOEnabler class. The listener token was very confusing since different documents appear to disagree on whether it should include the partner app name or not. It does require the partner app name:
  app-name:hostname:port
  hostname and port are for the web server that is handling http requests for the login server (usually your main portal web server).
  John H.

• BC4J, Auditing, Partner Application and SSO

  I am trying to figure out how to set up a BC4J-JSP app to use "database audit trail in entity objects" within a Portal/SSO environment.
  Here is the situation;
  Part 1:
  I am able to partially get the auditing to work on a BC4J App Module in the tester by setting the appropriate history columns in the Entity Object and then setting the jbo.security.enforce property to "Test". Upon entering the tester I am challenged for a "username/password". At this point I can enter any credentials, I can then enter some data. Visually checking the database I find that the history "date" columns (date_created) are ok but the "user" columns (created_by) are not filled in.
  Part 2:
  Now if I set jbo.security.enforce property to "Test". I am not sure what user credential to enter here. I have looked at OID Manager for some clues for what username/password but I'm not sure if this is even in the ballpark.
  Part 3:
  At some point I will deploy this app as an SSO/Partner Application which will be accessed from a Portal page. Since authentication is handled by the SSO login page, I am confused about setting up the "database audit trail in entity objects" (from Part 1) as it talks about creating * another * login page. This seems contradictory so Long postings are being truncated to ~1 kB at this time.

  Part 1:
  When setting jbo.security.enforce property to "Test", BC4J does not throw exception if credential is invalid. You should set it to "Must" if you really want to validate the credential. The "Test" setting does perform the authentication, a warning stating authentication fail is in the diagnostic output if the username/password is invalid. The "Test" setting is just to exercise the authentication but if it fail it does not stop the rest of the application. The "user" column (created_by) does not get fill could be cause by failed authentication or if the column is marked as Refresh on Update or Refresh on Insert, or if the client app insert null or zero length string into it.
  Part 2:
  BC4J default authentication uses the LoginModule from Oracle9iAS JAAS (in j2ee\home\jazn.jar). This LoginModule by default configure to use the lightweight jazn-xml. You can check this by looking "<jazn provider=..." in the j2ee\home\config\jazn.xml. If you are interested in using OID, you need to change it to <jazn provider="LDAP" location="ldap://myoid.us.oracle.com:389" />, "myoid.us.oracle.com:389" should be host address and port of your OID. There are a few predefined users in the lightweight jazn-xml if you wish to test it, there are admin/Long postings are being truncated to ~1 kB at this time.

• How to deploy Visual composer applications and set up the server

  Hi ,
  I have SAP Netweaver developer studio client installed on my Laptop and I can use it to create VC applications but I cannot visualise the applications since I don't have server.
  Is there a server that  I can install and configure? and what else do I need before I can successfully deploy visual composer applications.
  thanks

  Hi Bhat,
  Please ping server whether it is reachable or not.
  Please enter IP and host name in the host file (Start>>Drivers>>etc>>host file)
  Then enter host and instance number in NWDS. then open server view through open perspective, it will show you whether server is up or not.
  Hope this will helps you.
  Regards
  Arun

• SSO Partner Application and Session Time out

  Hi ,
  We have an application on forums.oracle.com which is implementing the Authentication scheme as SSO, that is working well, now we want to implement Session Time out if the user is idle for some time and ask him to login again after the session fails, I have tried to implement this feature as given by Scott in the thread session timeout , well the problem is since we dont have a login page here how do we set the cookies owa_cookie.send(
  name => 'HTMLDB_IDLE_SESSION',
  value => to_char(sysdate+(20/1440),'DD-MON-YYYY HH24:MI:SS'),
  expires => null,
  path => '/',
  domain => null
  and where is the current point to implement it.
  Any help on this is greatly welcome.
  Thanks in Advance.

  Naveen,
  I don't remember how the solution works. But if you don't have a login page you can usually put code in the post-authentication process of your authentication scheme to do whatever the login page process would have done.
  Scott

• SSL and webcache on defaut https port

  I have followed the note 338071.1 to configure Discoverer 10g (10.1.2) Plus/Viewer For HTTPS (SSL) Access.
  Now I can access to the OEM in https, only if I put the port 4446
  https://checlas01:4446/
  If I use https://checlas01 the server return an error message (No Response from Application Web Server)
  The port 443 is setted in the webcache to redirect website with port numer 4446 (As described in the howto)
  What's wrong ?
  Thx

  When you try to access https://checlas01 then this assumes that there is something listening on port 80 for this. Try if https://checlas01:443 works, if so then your webcache is probable working as you set it up. To access https://checlas01, you will have to set up a virtual server which is accessible under port 80 and also add the site and the site to server mapping in the web cache.

• Ssodatan and partner application

  Hello,
  I have configured successfully a java partner application.
  The problem is that each time I run ssodatan command all the
  records in the table WWSSO_PAPP_CONFIGURATION_INF_T are removed
  (the one for ny partner application too) and only portal30 and
  portal30_sso are recreated. So I loose all the parameter of the
  my partner application. It does't appears anymore in the partner
  application list...
  Can anyone help me?
  Thank you,
  Lorenzo.

  I didn't understand very well:
  we need to launch ssodatan necessary because the portal url and
  login server url changes often.
  After that, we loose the partner application configuration (of
  the java application), the portal is OK.
  You suggest me to run ssodatax command, but according with the
  comment in ssodatax script, I can't run it without creating
  manually the partner application (ssodatax needs: site id,
  Token, Encryption Key, ...).
  What I want to avoid is to create manually the partner
  application. Is possible to do this step in automatic way (using
  script or something else)?
  Thanks
  Lorenzo.

• Web application and site collection not accessibe

  I have created a web application and a site collection. But when I tried to access the site by browser on the server the page cannot be displayed or the server cannot be found. What should I configure? Please say by detailed steps.

  I created a host header extranet.xxx.xx and alternate access mapping is ok. But still I'm not able to access the site by http://server name:port no. It gives The web page cannot be found or this web page can't be displayed.
  Now when I try with Firefox with http://server name:port no, it gives
  "Bad request - Invalid hostname
  HTTP Error 400. The hostname is invalid."
  More: if I go to Alternate Access Mappings > Add Internal URL:s > Save is grayed out.
  You have two options,
  Option 1 : Accessing the web application without any host header name and  with the port no you have created.  (ex: (http://server1:5500 )
  Option 2. Accessing it with the host header name (ex:http://mywebapp.contoso.com)  you have created for which you need to create a DNS and set an AAM accordingly in the corresponding zone.
  For the option no 1. you need to have a host header in IIS which would be created by default while you create a web application and it should be like this unless you did nit change it. http (Type)---blank host name--All Unassigned in the IP section---and
  the port no in which you have created.
  PS : If you have one more IP address in the server, its good to set the same IP address which is set for server for the name resolution to happen properly.
  If you have n't specified the hostheader while creating the web application, then you need to add it manually with the existing one which is there for option no 1. It should be added as below. http---Mywebapp.contoso.com--IP address in which you have created
  the DNS and Port 80.
  If AAM save is grayed out, check it from some other browser. Also Hostname invalid clearly implies that there is some problem with the name resolution. Check whether you could ping the webapplication from the server where you are trying to access it.
  Veeramani.S

• WebCenter Sites Mobility Server, SSXA and workflows

  Hi all,
  I am trying to evaluate if "WebCenter Sites Mobility Server" adapts to the requirements of a new project. I have been reading the documentation intensively but I have not been able to find the answers to the two questions below.
  1) Is it possible to use Site Studio for External Applications with WebCenter Sites Mobility Server?
  2) Is it possible to use workflows with Mobility Server so that a contributor can accept or reject changes?
  Any help would be really helpful.

  You can not use SSXA or SiteStudio with Mobility Server. Also deep workflow integration is not there.
  You should think about Mobility Server as a preview and publishing extension of Sites. You would create and approve all your assets in WebCenter Sites the way you normally would. Mobility Server accesses those assets via REST but uses it's own pubishing model to deploy the mobile site. It's integrated to via REST and the Preview UI (which sits in the Sites container as a App next to the contributor interface). That is the extent of the integration we have today.
  Mariam Tariq
  WebCenter Sites Product Management

• Register the partner application through SSO Administer Partner Application

  When should I use the "Administer Partner Applications" link on the SSO Server Administration page to register the application among the following cases?
  1. sign-on SDK integrated application
  2. mod_osso integrated application

  Were you able to resolve the issue???
  Can you pls try Rerunning ssodatan/x with the correct data. The ssodatan script is located in the directory ORACLE_HOME/portal30/admin/plsql/ssodatan.
  Refer following link for more info on SSODATAN , SSODATAX and DIAGNOSTICS scripts in Portal 3.0.x:
  http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=136138.1

• Registering a partner application with SSO SDK

  Good day
  Since 2 days, I am struggling for the issue of registering a Servlet application as a partner
  application using the SSO Login Server.
  As per the suggested note id 182701.1 in metalink , I implement the following steps :
  - Step A : Create the partner Application Schemas (Succesful & the name of the shemas is : ssopartner)
  - Step B : Load Packages for the partner application (Successful)
  - Step C : Obtain the registration information (Successful)
  - Step D : Run the regapp.sql (successful but they forgot to mention that I should load the
  SSOHash.class )
  - Step E : Compile and Run
  I deploy the application under 9iAS in order to test it.
  I add the ssosdk307.jar the the jserv.properties file.
  I invoke the SSOPartnerServlet java program by entering :
  http://name of the webserver/servlet/SSOPartnerServlet
  I got the message "redirecting to the login server" and I got the
  login page of the SSO Server.
  Once I submit the user/password , I got HTTP 400: Page cannot be
  displayed.
  I check the mod_jserv.log file and find out the following message :
  [08/04/2002 13:54:16:949] (ERROR) ajp12: Servlet Error: POST is not
  supported by this URL
  Could you please advise
  Your prompt feedback is highly appreciated
  regards

  I believe that this is not possible as the mod_osso realizes that the URL is below an URL that you want to protect.
  The only way I see that you can do this is the following modification in the mod_osso.conf:
  <Location /myApp/secure_partA>
  AuthType basic
  Require valid-user
  </Location>
  <Location /myApp/secure_partB>
  AuthType basic
  Require valid-user
  </Location>
  <Location /myApp/secure_partX>
  AuthType basic
  Require valid-user
  </Location>
  So your application /myApp/subApp will not be effected and people can just access this part. However you will have more administration in your mod_osso.conf
  cu
  Andreas

• SSO for partner applications

  Hi All,
  I have installed 10g AS Release 2 on a system. I also have Application Express(formerly HTML DB) installed on the same system. I registered one of the HTML DB applications as partner applications and have put SSO authentication for it.
  When I try to login the AS looks at the OID installed on the system(which I gave during installation). I want it to look at the Oracle gmldap.oraclecorp.com server OID so that only Oracle employees login.
  Can anybody tell me how to change the OID and what are the entries to be give to configure it to gmldap.oraclecorp.com server??
  Thanks,
  Swaroop

  See Task 3 in the Section 9.4 of the Oracle Application Server Administrator's Guide:
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/chginfra.htm#i1014978
  See the following for information about what to specify on each page.
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/reconfig.htm#i1013341