Mod_osso

Similar Messages

• Mod_osso partner application and webcache site to server mapping

  hi, need advice on the following.
  i have an app server container (only OC4J and no portal,forms etc) hostname abc.test.net installed with the option to registered to the sso server (http://mylogin.test.net), which is on a physically seperate machine.
  i have a java application deployed on a 10g app server container. the log in portion is handle by the login server using the mod_osso.conf file.
  thus when i type http://abc.test.net:7777/myapps, i will be prompted to login via the sso server.
  this is working fine.
  then i put a webcache to front this app server, so that users will use a sitename (http://myapps.abc.com) defined in the webcache (mapped to the app server) to access that application.
  so now when users type http://myapps.abc.com, they are still prompted the sso login screen. but after logging in, they are shown a red coloured bold text error message "ORASSO Failure-Unable to Process Request" page. this error page has the url of app server http://abc.test.net:7777/osso_login_successxxxx.
  if i manually replace the 'acb.test.net' to 'myapps.abc.com', my application will be displayed correctly, and i am logged in.
  how can i resolve this problem?
  question:
  1. do i need to re-register http://myapps.abc.com as a partner application?
  2. if so, do i perform the registration from the webcache, the app server or the login server itself?
  pls advice.
  thx.

  Follow the following notes:
  Note:250532.1 Configuring HTTP Server to Use SSL in Oracle Application Server 10g (9.0.4)
  ===> Note:250532.1 Configuring HTTP Server to Use SSL in Oracle Application Server 10g (9.0.4) <===

• Specify initial page following mod_osso login for JSP application?

  I'm developing a JSP application that is stand-alone from Portal, but that is protected via mod_osso. (What's the proper term for this - its sort of a Partner application, really an External application, but not registered w/ Portal at all...) Following mod_osso validation, if the login page was brought up (ie, the user was not signed when the application page was requested), I'd like the user to be taken to a 'default' application page (where I can retrieve other user info from the db for use in subsequent pages of the app.) Is there a way to specify this w/ mod_osso? (ie, after login, take user to a specific page.) I could put a flag in the session, check it on each page (ie, Boolean hasVisitedHomePage or such), then redirect to the home page if its false, but would rather not do this if there is a smarter method.
  Thanks,
  Jim

  Following are the steps to use SSO with an J2EE application:
  Steps to enable SSO/OID user authentication to your J2EE application
  1)     Deploy your apps to Oracle9iAS mid-tier instance e.g. mid-tier-host
  2)     Connect to your SSO server in your infrastructure host as follows:
  http://inf-host:<port>/pls/orasso/orasso.home and
  Login as orcladmin. The default password should be same as your IAS_ADMIN password
  3)     Click on SSO Server Administration and then Administer Partner Applications
  4)     Click on Add Partner application
  5)     Enter the following information for your environment and click on Apply:
  Home URL: http://inf-host:<port>/osso_login_success
  Success URL: Home Page for URL for your apps which you want to secure
  Logout URL: http:// inf-host :<port>/osso_logout_success
  6)     Logon to EMWebsite for the Mid-tier Oracle9iAS Instance
  Select the HTTP Server -> Advanced Properties -> mod_osso.conf and add the following. Please make appropriate change for your environment
  <Location /context-to-secure >
  AuthType Basic
  require valid-user
  </Location>
  And then restart HTTP Server
  7)     Now when you access your apps, the logon screen will appear
  hope this helps
  Debu

• Loading problem with mod_osso on Apache 2.2.11

  Hi,
  Has anyone ever tried to configure Oracle SSO with a generic Apache server (version 2.2.11 to be exactly) using mod_osso successfully?
  Icopied a mod_osso.so file from OAS 10.1.3 version to my Apache server location that was running in Red Hat Linux environment.
  As I tried to start up the apache I got following undefined symbol error.
  httpd: Syntax error on line 71 of /usr/local/apache/conf/httpd.conf: Syntax error on line 2 of /usr/local/apache/conf/mod_osso.conf: Cannot load /usr/local/apache-2.2.11/modules/mod_osso.so into server: /user/local/apache-2.2.11/modules/mod_osso.so: undefined symbol: ap_configtestonly
  I found the following forum thread with reports on different issues, but no specific solution that is related to above error.
  Does mod_osso work with generic Apache
  From google search, the library symbol ap_configtestonly may be referred to older version of apache library function. I wonder if Apache server that I am using is not compatible with the version mod_osso.so or this is simply not supported to do this type of set up?
  Any pointers on this is great appreciated.
  Thanks in advance for your help,
  James

  Please follow up in the PHP forum http://www.oracle.com/technology/forums/php.html
  But first, check http://wiki.oracle.com/page/PHP+Oracle+FAQ and http://blogs.oracle.com/opal/2010/06/using_php_oci8_with_32-bit_php.html and http://www.oracle.com/technetwork/topics/php/underground-php-oracle-manual-098250.html

• Java sample with mod_osso doesn't work

  Hi,
  I use 9iASR2 and i'm developing an easy sample extracted from "Oracle Single Sign-On Application developer guide" (January 2002)
  I've developed a servlet :
  public class ssotest extends HttpServlet
  public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
  response.setContentType(CONTENT_TYPE);
  PrintWriter out = response.getWriter();
  out.println("Remote User: " + request.getRemoteUser());
  out.println("Osso-User-Dn: " + request.getHeader("Osso-User-Dn"));
  out.println("<a href=/osso_logout?p_done_url=http://www.yahoo.com>Logout</a>" + request.getHeader("OssoUser-Dn"));
  and i've added in mod_osso.conf file :
  <Location /mypath>
  require valid-user
  authType Basic
  <Location>
  So, when i try to access the servlet, i'm redirected to the SSO server (that's good) but when i put a login and password and click, the error message below diplayed :
  Oracle SSO Warning
  Request not granted. Please specify the URL in terms of a fully-qualified host name and try your request again.
  If the problem persists, please notify your administrator as the Oracle SSO configuration may be invalid.
  Thank you for your help.
  Franck

  Also, try using the same value for the hosts in all the directives. And, maybe drop the weights down from 50 each to 1 each, so that it looks like this:
  Oc4jSelectMethod roundrobin:weighted
  Oc4jRoutingWeight FRServices.server1 1
  Oc4jRoutingWeight FRServices.server2 1
  Oc4jMount /forms/frmservlet instance://FRServices.server1:OC4J_BI_Forms,FRServices.server2:OC4J_BI_Forms
  Oc4jMount /forms/frmservlet/* instance://FRServices.server1:OC4J_BI_Forms,FRServices.server2:OC4J_BI_Forms

• Mod_osso behavior differences with 10gR3 Oracle HTTP Server 2

  We have an install of standalone 10gR3 Oracle HTTP Server 2 (i.e. the Apache 2 version), and have noticed that the behavior of mod_osso is different than the regular 10gR3 Oracle HTTP Server (i.e. the Apache 1 version).
  We use the following in our mod_osso.conf:
  <Location /somepath>
  AuthType Basic
  require valid-user
  </Location>
  First Difference: With OHS 2, when we go to /somepath, we get the error "missing AuthName" in the Apache logs.
  So, we set an AuthName. Now, our mod_osso.conf looks like this:
  <Location /OnDemand>
  AuthType Basic
  AuthName "Oracle Single Sign On"
  require valid-user
  </Location>
  Second Difference: Now, we we go to /somepath, Apache returns a 401, which causes the browser to prompt for credentials! We can enter anything we want in the dialog, and everything will continue as normal (i.e. redirects to the Oracle SSO Server to prompt for credentials, etc).
  So, our question is: Why these behavior differences in 10gR3 OHS 2? It almost seems as if it's using an old 9i mod_osso!
  Thanks,
  - Bill

  Okay, we figured it out.
  Apparently, the three "LoadModule mod_auth*" lines in OHS 2 httpd.conf need to be commented out.
  Now mod_osso is working exactly as with OHS 1.
  - Bill

• Mod_osso.conf - sso protected - case sensitive URL not working

  Greetings,
  I have modified my mod_osso.conf (see below) file to protect the following URL "http://host.domain.com:7777/test".
  If you enter the above URL - you are properly challenged for a user-name and password. HOWEVER, if you enter "http://host.domain.com:7777/TEST" or any other variation /Test, /tEst, /teSt etc. SSO does not get enabled.
  I'm missing something, what is it???
  Thanks,
  Bill G...
  mod_osso.conf file
  LoadModule osso_module modules/ApacheModuleOSSO.DLL
  <IfModule mod_osso.c>
  OssoIpCheck on
  OssoIdleTimeout off
  OssoConfigFile D:\oracle\903_j2ee\Apache\Apache\conf\osso\osso.conf
  # BG ADD
  <Location /test>
  AuthType Basic
  Require valid-user
  </Location>
  </IfModule>

  If you are on a UNIX-based server, URLs are always case-sensitive.
  Enter an directive for every possible combination, or create the alias/redirect for each combination in the httpd.conf (recommended)
  HTH
  LLB

• Mod_osso and ssl issue

  running Oracle AS 10g (10.1.2).
  I have protected a directory with mod_osso (in mod_osso.conf).
  <Location /directory/*>
  require valid-user
  AuthType Basic
  </Location>
  I navigate to https://mydomain/directory, and it redirects to the SSO asking for my password as it should. I enter my details and submit... it then hangs and eventually reports "No response from web server....".
  I notice the URL is :
  http://domain/osso_login_success?urlc=v1.4~8DE....
  If I change it to https it works fine... so I need to configure the sso server to redirect to the ssl URL ....any ideas how ???
  thanks.

  I know this thread is over a year old, but I am having this very same issue, so I'd like to revive it and get an answer after all....

• Passing data to mod_osso authentication for IPASAuthInterface

  Hi all,
  I've been a little frustrated recently attempting to create a plugin using mod_osso with Oracle Identity Management suite which automates the login of users on our system.
  What we would like to do is implement an interface for IPASAuthInterface which can authenticate users by picking up custom encrypted base64 encoded data either from an incomming HTTP header or from form values as a result of a HTTP POST. This encrypted information carries a token which can identify the user's nickname/uid to login.
  I can achieve the decryption and login, that's fine. What I can't do is pass any data for any kind into the mod_osso request object which you recieve when overidding the authenticate method i.e.
  public IPASUserInfo authenticate(HttpServletRequest request)
  throws IPASAuthException, IPASInsufficientCredException
  It appears that there is an interim step which creates the site2pstoretoken for holding the original user URL. Howvever this redirect results in any header information or post information I set prior to calling a protected page within mod_osso being stripped from the request. Which is most anoying.
  If anybody has any assistence in this matter that would be of great help. My ideal solution would be to add an Apache directive to somehow make the header or post information available but I've had no luck what-so-ever.
  Thanks again!
  Cheers,
  Dave.

  Hello all,
  I have been unable to use Apache HTTP Server 2.2 to send a custom header to Oracle Single Sign On server. Oracle Single Sign On Server simply refuses to accept any custom headers created with mod_headers either by modifying the request (using RequestHeader) before forwarding or by modifying the response (Header).
  I am certain this has nothing to so with the implementation as I have successfully forwarded to a JSP page where I can render all custom headers to the page output. So the process of setting custom headers clearly works in Apache HTTP Server. It just doesn't work when submitting to Oracle SSO, which I now believe to be a bug with the Oracle SSO product.
  For the purpose of testing custom headers in Oracle SSO I have made a little progress though. Another technique is to use Java's HttpURLConnection along with setRequestProperty to set the custom header.
  Below is an example I have created to send the custom header HTTP_USER_DATA1 to the Oracle SSO server. This appears to work, however I have now noticed that the OC4J~OC4J_SECURITY~default_island~1 log file is now indicating that serveral requests are being made to the SSO plugin authenticate method for the same original request which is a bit odd.
  Anyway just though you guys should know.
  Cheers,
  Dave.
  <%
       java.io.BufferedReader respContent = null;
       java.io.PrintWriter display;
       String respLine;
       java.io.BufferedWriter bWriter = null;
       java.net.HttpURLConnection connection = null;
       String target="http://ssohostname.com:7777/sso/pages/home.jsp";
       try {
            java.net.URL url = new java.net.URL(target);
            connection = (java.net.HttpURLConnection) url.openConnection();
            connection.setRequestProperty("Content-Language", "en-UK");
            connection.setRequestProperty("Cache-Control","max-age=0");
            connection.setRequestProperty("HTTP_USER_DATA1","djones");
            connection.setFollowRedirects(false);
            connection.setUseCaches(false);
            connection.setDoOutput(true);
            out.println("REQUEST to Oracle SSO: " + target);
            out.println("RESPONSE CODE = " + connection.getResponseCode());
            respContent = new java.io.BufferedReader(new java.io.InputStreamReader(connection.getInputStream()));
            display = new java.io.PrintWriter(out);
            while( (respLine = respContent.readLine()) != null)
                 display.println(respLine);
            display.flush();
            respContent.close();
            connection.disconnect();
       } catch ( Exception e ) {}
  %>

• Failed to get mod_osso global context error, please help urgently

  Hi All,
  I have installed Oracle 9ias Infrastructure successfully. I am trying to create new users for OID.I used the url: http://host:7777/oiddas to go to the Internet Directory page.Following the instructions to create new users for OID, I clicked on the Directory tab on the page.It gives an Oracle SSO error.When i checked the error log it says "failed to get mod_osso global context".Can anyone help me here.Thanks in advance.

  Hi,
  Wrap your data refs in {}:
  return lookupFunction('{price}');
  and ensure that you have Spry 1.6.1.

• ADF page with optional login using mod_osso authentication

  Using JDeveloper 10.1.3.2.0
  I am converting a pure jsp page into an ADF page. This page is not restricted but allows a user additional funtionality if they log into Portal. The original jsp used mod_osso authentication to allow a user to log in. Once the user's name was known from the login then the screen could save information specific to a user and if the user had to return later all they had to do was login in once again to get their personal information back. However it was not a requirement for any user to use this functionality.
  In converting to ADF however I can't figure out how to code the mod_osso call successfully. I created a command button and behind the button but the following code:
  public String commandButton_action() throws IOException {
  // Add event code here...
  String userName = getUserSSO();
  userLoginName.setValue(userName);
  return null;
  private String getUserSSO() throws IOException {
  String message = "";
  FacesContext fc = FacesContext.getCurrentInstance();
  ((HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse()).setContentType("text/html");
  String userSignon = (String)((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest()).getAttribute("USER_NAME");
  if(userSignon == null || userSignon.length() <= 0)
  userSignon = ((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest()).getRemoteUser();
  if(userSignon == null || userSignon.length() <= 0)
  ((HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse()).setHeader("Osso-Paranoid", "false");
  ((HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse()).sendError(499, "Oracle SSO");
  } else
  message = "found user name " + userSignon;
  return message;
  Could please comment on whether I am even on the right track or point me to some documentation on mod_osso authentication and ADF such that the authentication is optional? Currenlty I get "No Response from Web Application Server" when I attempt the above.
  Thanks,
  Cathy

  I added a call to FacesContext.getCurrentInstance().responseComplete(); right before the setHeader and sendError but that did not resolve my issue. Any advice on how to further trace down the issue?
  Thanks,
  Cathy

• Re-deploying OC4J overwrites mod_osso.conf

  I followed the instructions for securing OC4J apps with mod_osso. I edited the $ORACLE_HOME/Apache/Apache/conf/mod_osso.conf file, adding the location directive to protect access to my application's virtual path. It works great. But when I re-deploy the OC4J application, somehow it overwrites the mod_osso.conf file with the old version, and I have to re-add my location directive! Can anyone tell me why this is happening, and how to stop it?

  Follow the following notes:
  Note:250532.1 Configuring HTTP Server to Use SSL in Oracle Application Server 10g (9.0.4)
  ===> Note:250532.1 Configuring HTTP Server to Use SSL in Oracle Application Server 10g (9.0.4) <===

• Mod_osso folder protection and file download issue

  We are using 10.1.2.2 AS with SSO. I have a directory under the htdocs directory that I have specified to be protected via SSO. This part works fine.
  I have a protected directory of log files which works fine. Even a log file of 54M downloads fine.
  I have a protected DOCS folder that contains
  1 .doc file 4.9M,
  1 .doc file 78K
  1 .pdf file 2.1M
  After the user logs in via SSO, they can download the .pdf and the small .doc file, but the large .doc file gives the following error message:
  Internet Explorer cannot download largefile.doc from localhost
  Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.
  This has also happened to me in the past with large .zip files.

  Hi!
  I had wondered whether it was the websites issue: i've since managed to get the application-my friend downloaded it onto his phone over the internet and Bluetoothed it to me, so i've got it anyway. Just a bit strange, as i transfereed the file to my Mac and it decompressed into a folder again...
  Oh well-i'm not into fiddling around so it can stay as it is! Thanks for the reply!

• How to change SSO Partner Application Login_url and Logout_url

  As part of a deployment in a different data centre, we needed to change the domain name of an application using SSO for authentication. We have gone through the process of re-registering the SSO server but this does not update the domain name
  By using diagnostic tools from Oracle we have discovered that the file 'osso.conf' in $ORACLE_HOME/Apache/Apache/conf/osso contains incorrect entries for login_url and logout_url.
  These settings are of the form:
  login_url=http://www.ourolddomain.com/pls/orasso/orasso.wwsso_app_admin.ls_login
  logout_url=http://www.ourolddomain.com/pls/orasso/orasso.wwsso_app_admin.ls_logout
  Please can anyone tell me how these settings can be changed.

  Hi,
  [Solved] SSO fails to show success page you can find some information on re registering mod_osso.
  Hope it helps.

• SSO userid for a partner application

  Hi,
  We have one application deployed on WebLogic Application Server this is registred as Partner application over SSO server.
  On application side we have installed Oracle HTTP Server as webserver and configured mod_osso.
  Now when user attempt to access any secured page SSO askes for the authentication. And on successful login user landed back to application page configured while creating Partner application.
  After login we need userid of user who logged in on sso server. I have tried following and getting null.
  Remote User: <%=request.getRemoteUser() %>,
       Proxy-Remote-User: <%=request.getHeader("Proxy-Remote-User") %>
       Osso-User-Dn: <%=request.getHeader("Osso-User-Dn") %>
       Osso-User-Guid: <%=request.getHeader("Osso-User-Guid") %>
       Osso-Subscriber: <%=request.getHeader("Osso-Subscriber") %>
       Osso-Subscriber-Dn: <%=request.getHeader("Osso-Subscriber-Dn") %>
       Osso-Subscriber-Guid: <%=request.getHeader("Osso-Subscriber-Guid") %>
       Accept-Language: <%=request.getHeader("Accept-Language") %>
  output:
  Remote User: null,
  Proxy-Remote-User: null
  Osso-User-Dn: null
  Osso-User-Guid: null
  Osso-Subscriber: null
  Osso-Subscriber-Dn: null
  Osso-Subscriber-Guid: null
  Accept-Language: en-us,en;q=0.5
  Is any one there knows, what exactly i should do?
  Thanks & Regards,
  Kevin Chheda

  So the user has successfully authenticated and can access protected areas of the application?
  Have you tried using Http headers to see values/attribute names?
  Can you try this:
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
  <html>
  <body>
  <%@ page import = "java.util.*" %>
  <h1>Headers received:</h1>
  Remote user header is: <% out.println(request.getRemoteUser()); %>
  <p>
  <table>
  <%
  Enumeration headerNames = request.getHeaderNames();
  while(headerNames.hasMoreElements()) {
  String headerName = (String)headerNames.nextElement();
  out.println("<tr><td>" + headerName);
  out.println(" <td>" + request.getHeader(headerName));
  %>
  </table>
  </body></html>