MVC Applications and ADFS authentication
Hello,
I have a requirement to create a MVC.NET application that uses ADFS for authentication. I already have created the project and it works with our ADFS server (On-Premise). Now, the next requirement is that we have an existing application (App1) that has
a link to the application that I'm working on (App2). The requirement is that once the user is authenticated for App1 and they click the link to go to App2 they shouldn't have to re-enter their credentials. How should I configure App2 to
meet this requirement?
Your help is much appreciated.
Masoud Sharifi
Hello Masoud Sharifi,
MVC application as the WEB application should be asked on ASP.NET forum:
http://forums.asp.net/
Best regards,
Barry
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.
Similar Messages
-
Hi,
How it is possible to develop a UI Framework/ MVC UI Framework which will loads the others MVC Application. The Framework will show the views of loaded MVC app into UI Framework view. At the same time the Framework UI will show the default view of each loaded
MVC app(Module). If user click on any MVC Module on the UI then that MVC module should update itself by calling its own controller and others MVC app view should not disturb due to this operation. The UI Framework layout need to facilitate somehow to show
the default view of each MVC somehow in different DIV. All MVC App will work independently and having communication with UI Framework only. HTML5, CSS3 and MVC 5 can be used
Can anyone please suggest how to proceed on this?That's a strange request, but anyway, the MVC section is at the link below,
http://forums.asp.net/1146.aspx/1?MVC -
ADF Application and Oracle Portal Login Page
We have developed ADF application and deployed it in Oracle AS 10.1.2 along with the custom JAAS module, which is working fine with the application custom login page. As a next page, I want to use Oracle Portal login page for the authentication and authorization.
How can I accomplished it? Any idea?
Thanks,
APShay,
1. I created blank ADF project
2. I copied myreport.jsp file (this one was generated by Oracle Report Builder) under ..ViewController/public_html directory
3. Created directory 'lib' under ViewController/public_html/WEB-INF/lib
4. Copied reports_tld.jar file under the directory created in 3.
5. Created simple jspx page with the af:link (btw af:goLink does not exists in JDev 12c), set 'destination' to myreport.jsp
After the steps above I could not even compile the application, many problems too many to list here, Basically JDev is trying to build the project with .jsp file generated in Report Builder and is unable to.
So to be sure we are on the same page: I am trying to embed JSP report files generated by Report Builder into ADF project, then create EAR file and deploy on standalone WLS. Finally execute JSP web only report. -
How to get ADF authentication and authorization working on server
I am having an issue with deployment & ADF authentication and authorization.
From the below testing results, you can see that I am unable to log in when I have deployed my app to my standalone server with both ADF security authentication and authorization turned on. I have included web.xml, jazn-data.xml and the page/server error I am receiving.
When making an attempt to log in I get the following results:
Running Locally with ADF Authentication: Works Fine
Running Locally with ADF Authentication & Authorization: Works Fine
Deployed to server with ADF Authentication: Works Fine
Deployed to server with ADF Authentication & Authorization: Doesn’t Work
What I have already tried: Removed all anonymous grants, using the same database credentials as the app user, deploying app twice (on the redeploy not including the login credentials & app policies at the application properties). Various modifications to web.xml e.g. welcomefilelist etc
JDeveloper Version: 11.1.2.4
Server Web Logic: 10.3.6
Server ADF: 11.1.1.16
Page Error when trying to log in:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.
Server error when trying to log in:
Servlet failed with Exception oracle.adf.controller.security.AuthorizationException: ADFC-0619: Authorization check failed: 'wpd.mobility.view.pageDefs.homePagePageDef' 'VIEW'.
at oracle.adf.controller.internal.security.AuthorizationEnforcer.handleFailure(AuthorizationEnforcer.java:182)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.internalCheckPermission(AuthorizationEnforcer.java:162)
at oracle.adf.controller.internal.security.AuthorizationEnforcer.checkPermission(AuthorizationEnforcer.java:116)
at oracle.adfinternal.controller.state.ControllerState.checkPermission(ControllerState.java:663)
at oracle.adfinternal.controller.state.ControllerState.initializeUrl(ControllerState.java:700)
at oracle.adfinternal.controller.state.ControllerState.synchronizeStatePart2(ControllerState.java:531)
at oracle.adfinternal.controller.application.SyncNavigationStateListener.afterPhase(SyncNavigationStateListener.java:59)
at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.afterPhase(ADFLifecycleImpl.java:530)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchAfterEvent(LifecycleImpl.java:120)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchAfterPagePhaseEvent(LifecycleImpl.java:168)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchAfterPagePhaseEvent(ADFPhaseListener.java:131)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.afterPhase(ADFPhaseListener.java:74)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.afterPhase(ADFLifecyclePhaseListener.java:53)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:447)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:202)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:508)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:125)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:293)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:199)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Web.xml
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
<param-name>org.apache.myfaces.trinidad.security.FRAME_BUSTING</param-name>
<param-value>differentOrigin</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_XML_INSTRUCTIONS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_DECORATORS</param-name>
<param-value>oracle.adfinternal.view.faces.facelets.rich.AdfTagDecorator</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_RESOURCE_RESOLVER</param-name>
<param-value>oracle.adfinternal.view.faces.facelets.rich.AdfFaceletsResourceResolver</param-value>
</context-param>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
</filter>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>adfAuthentication</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.bc4j.mbean.BC4JConfigLifeCycleCallBack</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGAUGESERVLET</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>MapProxyServlet</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/Pages/homePage.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<url-pattern>/servlet/GraphServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGAUGESERVLET</servlet-name>
<url-pattern>/servlet/GaugeServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MapProxyServlet</servlet-name>
<url-pattern>/mapproxy/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/bi/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>swf</extension>
<mime-type>application/x-shockwave-flash</mime-type>
</mime-mapping>
<mime-mapping>
<extension>amf</extension>
<mime-type>application/x-amf</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/faces/pages/*.</url-pattern>
<url-pattern>/faces/*.</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
</web-app>
Jazn-data.xml
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data.xsd">
<jazn-realm default="jazn.com">
<realm>
<name>jazn.com</name>
<users>
<user>
<name>*****</name>
<display-name>*******</display-name>
<description>******</description>
<credentials>********<credentials>
</user>
</users>
<roles>
<role>
<name>support</name>
<display-name>support</display-name>
<members>
<member>
<type>user</type>
<name>mobile</name>
</member>
</members>
</role>
</roles>
</realm>
</jazn-realm>
<policy-store>
<applications>
<application>
<name> myapp </name>
<app-roles>
<app-role>
<name>mob_mobile_support</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<display-name>mob_mobile_support</display-name>
<description>support role</description>
<members>
<member>
<name>mobile</name>
<class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
</member>
</members>
</app-role>
</app-roles>
<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<name>SUPPORT</name>
<class>oracle.security.jps.internal.core.principals.JpsXmlEnterpriseRoleImpl</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name> myapp.view.pageDefs.*</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<name>mob_mobile_support</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name> myapp.view.pageDefs.addapplicationPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>Pages.addappmsgtypPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>Pages.addoperationPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name> myapp.view.pageDefs.homePagePageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name> myapp.view.pageDefs.loggingSearchPageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>myapp.view.pageDefs.workHistoryPageDef</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
</jazn-policy>
</application>
</applications>
</policy-store>
</jazn-data>Read Frank's article http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html
Then you have to check if the user use use to login are defined in the stand alone server. If you server is running in production mode there is no automatic user or role migration. You have to to this by yourself.
Once you have check that the users are present, you have to check if the enterprise roles are mapped to the corresponding application roles.
Timo -
E-Business Suite Application Dev using OAF and ADF (White Paper Feb. 2008)
Hi,
In Oracle White Paper entitled "E-Business Suite Application Dev using OAF and ADF (Feb. 2008)" it was mentioned on page 7 :
+"When ADF 11g becomes production, we will publish a revised paper that compares OAF with ADF 11g, and discuss development against E-Business Suite."+
I've had no luck finding a new comparison table for OAF R12 with ADF 11g :(
can anyone help me on this?
thanks in advance,
AdrianSrini Chavali wrote:
It is still not clear if your have to use SSO - the scripts loadsdk.sql and regapp.sql specifically are for Oracle Single Sign ON (OSSO) - the authentication schemes referred to on page 20 of the same doc do not require SSO. So, is SSO a requirement in your scenario ? If not, you should be following the steps in the section titled "Confuguring Custom Authentication" (beginning of page 20).Ouch..Sorry Srini, I have completely misinterpreted by the page no.'s in Adobe pdf reader.I was telling you about page 18 of the document.
Anyway i'll start with configuring Custom Authentication as by your suggestion.
But i'll move forward with no understandings about SSO and its implementations.
All I could get is this links
http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405/wcadm_security_sso.htm
http://docs.oracle.com/cd/E15523_01/install.1111/e12002/sso_das.htm
Is this link correct to start learning about SSO or do I need to learn anything (LDAP,OAM,etc..) before that ? -
I've had my farm upgraded from SP2010 to SP2013 for over 6 months now and all is well, however, I was refreshing my staging environment from production and I noticed that one of the databases still shows these errors when I run test-spcontentdatabase:
Category : Configuration
Error : False
UpgradeBlocking : False
Message : The [SharePoint Web App] web application is configured with claims authentication mode however the content database you are trying to attach is intended to be used against
a windows classic authentication mode.
Remedy : There is an inconsistency between the authentication mode of target web application and the source web application. Ensure that the authentication mode setting in upgraded web application is the
same as what you had in previous SharePoint 2010 web application. Refer to the link "http://go.microsoft.com/fwlink/?LinkId=236865" for more information.
This doesn't make sense considering I converted the production web application to claims during the upgrade and then verified all sites were working with claims logins. I also verified that existing AD user identities were converted to claims by checking out
the database tables. Yet test-spcontentdatabase still thinks there is a mismatch here.
My farm is SP1 and no further CUs. The point of this particular refresh is so I can update to the November CUs in my test farm. Anyone else see this? Seems like it's a bug/safe to ignore because my stuff is working.
Thanks,
AaronSee:
http://thesharepointfarm.com/2014/11/test-spcontentdatabase-classic-to-claims-conversion/
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Communication between ADF Application and third party tool
Hi,
JDev 11.1.1.5.0
I am a new bee to SOA Suite :). I am looking for a suggestion on below usecase.
We have Arbortext Editor which is a dynamic publishing tool for creating technical publication. We are planning to develop a UI tool
using ADF/JDev. As POC, we are able to invoke our ADF application from Arbortext Editor as shown below.
AccessURL accessURL = new AccessURL();
String myURL = "http://127.0.0.1:7101/IFS_Object_Selector_1-
ViewController-context-root/faces/object_selector_main?";
java.awt.Desktop myNewBrowserDesktop = java.awt.Desktop.getDesktop();
java.net.URI myNewLocation = new java.net.URI( myURL);
myNewBrowserDesktop.browse( myNewLocation );
So, Arbortext is having it's own JVM and can have standalone java program with main method. If we can able to provide communication between our ADF application and Arbortext JVM, that can solve our issue.
We need to pass some information back to Arbortext editor from ADF application on some action (Button click).
Can you suggest any clue on this?
It would be really helpful, if you can provide some pointers for similar usecases.
Thanks,
Samba.Hi Samba,
I'd suggest better raise it in he ADF forum.
However, this should be possible by calling the Arbortext functions on click of ADF form buttons. Or you may send the information to a placeholder (JMS, File, DB etc.) from where Arbortext can pick that information.
Regards,
Neeraj Sehgal -
Oracle BI and ADF application integration
Hi ,
I am trying to connect BI Presentation Service. but i am getting the following error.
Connection attempt failed.
java.lang.RuntimeException: Unable to retrieve logon token. This version requires a BI build that implements the version 7 SOAP interface. Please verify that you are using the correct BI version.
Sep 25, 2012 5:40:57 PM oracle.bi.presentation.soap.connection.impl.LogonTokenImpl
SEVERE: Perform impersonation was enabled for the BI Presentation Services SOAP connection, but there was no logged in user!
I am using Oracle BI 11.1.1.3 and Jdev 11.1.1.6.
With Regards,
WPThe report which you are trying to execute, can you see the security over there. I doubt that the security is creating a issue here while there is no relation between the BI version and ADF version.
ADF call BI using webservice only, and webservice does not have any version specific things.
--vipC -
Cross Domain error for Silverlight + MVC application with self hosted WCF service on azure
Hi,
We are migrating existing Silverlight application to MVC; existing Silverlight application is hosted on
Azure which is consuming self-hosted WCF service. For authentication we have implemented
ADFS with WIF (passive). The cloud service (<myWebSite>.cloudapp.net) is C Name to (<myWebSite>.<myDomain>.com) and we
are consuming WCF service at <myWebSite>.cloudapp.net/<myService>.svc, as we were getting “Cross Domain” error so we have added “clientaccesspolicy.xml” at the root of “WEB ROLE”.
Existing Silverlight application works fine but the problem occurred when we deploy our migrated application to the same cloud service. We are getting a “Cross Domain” error.
The same migrated application works fine on UAT environment, the only difference is UAT environment is
without ADFS WIF implementation.
Migrated application is half Silverlight and half MVC with initial landing page is Silverlight. MVC web role is used to host the service i.e. .SVC . To go to SL landing page , redirected from home controller. Following is being observed in fiddler for this
application
Existing Silverlight application -
After authentication with ADFS it redirect to Silverlight landing page.
Before calling service method it looks for “clientaccesspolicy.xml”
In response header we are getting the content of “clientaccesspolicy.xml”
And after this everything works fine
Migrated Silverlight-MVC application –
After authentication with ADFS it redirects to “HomeController” and from there we are redirecting to Silverlight landing page.
Before calling service method it looks for “clientaccesspolicy.xml”
In response header we are getting following content - “https://federation-sts.<myDomain>.com/adfs/ls/?wa=wsignin1.0&
wtrealm=https%3a%2f%2f<myWebSite>.<myDomain>.com&
wctx=rm%3d0%26id%3dpassive%26ru%3d%252fclientaccesspolicy.xml&wct=2014-03-17T10%3a36%3a04Z”
4.Throw “Cross Domain” error.
Also we have added filter in
RouteConfig
for .xml file
routes.IgnoreRoute("{*allxml}",
new { allxml = @".*\.xml(/.*)?" });
NOTE: There is no configuration change apart from MVC configuration.
We have done RDP to web role and found that “clientaccesspiolicy.xml” is present at “E:\approot” location and it is also accessible at “https://<myWebSite>.<myDomain>.com/clientaccesspolicy.xml”.
Please help
Thanks,
Rahul PHi,
Please try to configure the cross domain policy file to allow public read access (that is, access it without federation requirement), make sure you can access the address
http://something/clientaccesspiolicy.xml directly in a browser
without redirecting to check whether the cross domain policy file could be anonymous accessed (Please start a new browser session and make sure you're
not logged in. Then test the cross domain policy file.).
Best Regards,
Ming Xu
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Using SqlProvider and Weblogic authenticator in my own login page
Hi All,
I want to use SqlProvider of weblogic server for authentication of users. For the said purpose I have made necessary steps in weblogic server console. now i want to use it in my own login page and authenticate user based on sqlProvider and wls.
Can u suggest me what to do? or where do I move next ?Add ADF Security to your application.
- Add the groups (the ones in your WLS) to 'Enterprise roles' (use the same name).
- Define your 'Application Roles' (the roles you want to use in your application) and add the corresponding Enterprise roles to it.
- Set the resource grants
That should be it. -
Sharepoint 2013 and ADFS 3.0 Multi-Tenancy Problems
Hi
I am hoping someone might be able to help with my scenario.
Architectural Overview:
We have a 3-Tier Sharepoint 2013 deployed. In this infrastructure we have the following Servers (1x ADFS server, 1x TMG Proxy for External Access, 2x Web Front-End servers, 1x Application Server, 2x SQL Servers with P2P replication
On sharepoint we have a multi-tenant setup based on HSNC i.e. with AD integration on domain example.com. We also integrate with a 3rd Party myexample.com which we have ADFS connected to
site1.example.com
site2.exmaple.com
For both of the sites we have configured the required application and run as per requirements of ADFS 3.0.
ADFSserver -> server1.example.com
DefaultRealm -> urn:sharepoint:site
site1.example.com -> "https://site1.example.com/_trust/", urn:sharepoint:site1
with default login page specified /_trust/default.aspx
site2.example.com -> "https://site2.example.com/_trust/", urn:sharepoint:site2
with default login page specified /_trust/default.aspx
On ADFS 3.0 we have realm trusts corresponding to this i.e.
Trust 1:
identifier -> "https://site1.example.com/_trust/" , urn:sharepoint:site1
Endpoint -> "https://site1.example.com/_trust/Pages/Default.aspx
Trust 2:
identifier -> "https://site2.example.com/_trust/", urn:sharepoint:site2
Endpoint -> "https://site2.example.com/_trust/Pages/Default.aspx, urn:sharepoint:site2
The Problem:
When accessing the sites from the client browser to test (using Chrome Incognito mode so cookies terminates at close of browser session), I get weird stuff happening on ADFS and Sharepoint. I try site1.example.com and it fails stating that urn:sharepoint:site1
is not a recognised realm. When looking at the URL request sent to ADFS I can see irrespective of urn set on sharepoint to differentiate, it sends the default urn of urn:sharepoint:site which is not part of the Relay Party Trust in ADFS for site1 or site2.
This causes the SAML authentication to fail. When I add the default Realm to one of the Trusts then it works fine but then It is not a true multi-tenant environment as requests for both sites gets redirected to a single ADFS endpointDid you set the ProviderRealms on the Trusted Identity Token Issuer?
http://sharepointobservations.wordpress.com/2013/08/13/adding-host-name-site-collections-to-existing-saml-claims-token-issuer/
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Store user preferences accessible from view layer and ADF BC
Hi
I'm working with JDeveloper 11.1.2.1
We have an application with an application-level shared application module which contains VOs with bind variables to generate language dependent LOVs. From these VOs have to access the language.
We want to store user language and other user preferences in the future and these can be accessed by the view layer and ADF BC.
In addition, we want that application will be passivation safe and works properly in a cluster environment.
At first we opted to save the language in the HTTP session, but we access it from ADF BC ... and we would not want to break the MVC pattern. This article
Andrejus Baranovskis's Blog: Bad Practice for Session Scope Access in ADF BC
says that the MVC pattern only breaks when our application module can not be executed without the UI. We differentiate when run individually and when run as a logged in user to avoid this rupture. ¿Is this acceptable solution?
Otherwise, what is the best option to preserve the MVC pattern and also the passivation does not affect the proper execution of the application and not cause problems in the cluster (HTTP sessions are replicated, but the rest?)
I have seen that there are 2 more possible methods :
- Transient View Object
- User data map
The user data map discussed in this article seems an option,
Andrejus Baranovskis's Blog: Solution for Sharing Global User Data in ADF BC
but perhaps complicates the development and I don't know if shared application module would work properly. For example, we need the language of the user in the application-level shared application module VOs, but the user data map is available only in the session of the root application module no? If we have a method that gets the language within the shared application module, ¿when the method getSession.getUserData() execute, it will access the user data in the root application module or return null?
If you could tell us if we are correct using the HTTP session or else it is better that we use the user data map, it would be a great help.
ThanksHi,
this sounds like something that belongs in your Application Module. I would create a client method which would do your LDAP checks before calling your view object to create a new row. Have the client method return the result based on the success of your LDAP search.
Call this AM client method from the backing bean of the JSP and return a page flow based on the outcome of your client method.
The actual transaction with the database happens in your doDML method of the Entity Object (override the doDML method). But I would still implement this business logic in the AM.
regards,
Brenden -
OAM and ADF Security with WebLogic 11
WebLogic Server 11, ADF 11, OAM 10.1.4.3
I understand (and have successfully implemented) an ADF application with application roles tied to enterprise roles which are mapped to OAM groups (and users). This appears to use the OAMAuthenticator and OAMIdentityAsserter authentication providers from OAM installed into the WLS.
However, there appears to be a gap in the authorization component beyond simple group membership. Does WLS support roles and policies defined in OAM as they might pertain to an ADF application? In the Oracle Access Manager Integration Guide, the entire section on integration with WLS has been removed between versions 10.1.4.0.1 and 10.1.4.3 (along with several other chapters). What is the future direction here? What would be the best means to create roles and policies (including dynamic roles) which extend beyond simple group membership?
Regards,
Tom GreshamFor a start JDeveloper 10.1.3 uses an older version of JSF that WebLogic 11g. You would be best upgrading your app with JDeveloper 11g and then re-deploying.
-
Questions about ADF Authentication
hello guys, first of all.. am wondering, is it possible to connect the adf authentication system with the database, to be able to add users programmatic ?? , the second question is, can i make the authentication on 2 levels??, in my case am having more that company uses our application and each company has many users.. i want the client to log in into the company account, then to his account.. is it possible using the ADF Authentication system ? am using Jdev 12.c thanks in advanced
Hi,
first of all.. am wondering, is it possible to connect the adf authentication system with the database, to be able to add users programmatic ?? ,
something like this. ADF security for dynamic users.
user can able to do two level of authentication :
1.configure username and password(encrypted) db. that is DB Authentication.
2.ADF-security Authentication.
thanks. -
Partner application and web clipping.
Hi All,
I am trying to add an external application (say my.yahoo.com) to a webclipping and its throwing the below error in the application log.
WC-517 : SSL handshake failed with the url ...
I have checked the file ca-bundle.crt and the certificates are in place. Does anybody know how to go about debugging this problem as I am quite new to portals and at my wits end to solve it.
Also I would be greatful if anybody can suggest me the steps on adding an Apex application configured as partner application with SSO authentication to a web clipping.There seems to be little or no-documentation at all in this regard(as far as my search goes).
Thanks in advance
-VenkatI finally got it working by VERY CAREFULLY reading the instructions in the install.txt document in the SSO SDK package. You have to set up the partner application with a new schema in the login server database, and run the regapp.sql script AFTER editing it to insert data from the Login Server Partner Application admin screen. After you register the partner app in Portal, it gives you some info (site token, listener token, encryption key, etc). You have to MANUALLY copy these and paste them into the regapp.sql script, then run the script in the partner app schema. Make sure you don't confuse capital I with numeral 1 (like I did, since Oracle so nicely uses a non-serif font where you can not tell the difference).
Also make sure you copy the exact values for these parameters into your code when you use the SSOEnabler class. The listener token was very confusing since different documents appear to disagree on whether it should include the partner app name or not. It does require the partner app name:
app-name:hostname:port
hostname and port are for the web server that is handling http requests for the login server (usually your main portal web server).
John H.
Maybe you are looking for
-
Hi ! Our company uses JDeveloper for developing our sollution. We wanted to migrate from 9.0.5.2 to 10.1.2, but we encountered a problem. Encoding can be only set to cp1250. I imagine that this is bug, since in 9.0.5.2 this works ok. Is it possible t
-
Please help! Apple can't..... We have a G5 Xserv, that we desparately need a Graphics Card for. Apple say they can't supply it (their most useful suggestion was to buy one of the new core-duo machines as they ship with a graphics card as standard!).
-
Printing in Russian Language - after ECC 6.0 unicode upgrade
Hello , Earlier users from russia are able to print in SAP 4.6C using SAPWIN Device type in russian language. but after unicode conversion and ECC 6.0 EHP 4 upgrade, they are not able to print in russian using SAPWIN. In print preview ,it is showing
-
Hi, while customer is tring to change Internal order status getting error message: Error message "Balance of ORD Order Number is not zero" for this order: 400001 Message No: KO115 we have identified KOB1 for the t code, in this report value in obje
-
How can I install iBooks Author on a Mac OS version 10.6? Current version with minumum requirements to install iBooks Author on the Apple site is 10.7.2.