Netscape and SSO to partner application
Help!
I have a partner Java app using SSO with a custom login form. All is well in IE 6 but I get problems with Netscape 7.
It authenticates to the Portal OK, but not to the partner app.
The browser displays the following message:
Oracle SSO Failure - Unable to process request
Either the requested URL was not specified in terms of a fully-qualified host name or OHS single sign-on is incorrectly configured.
In the http server error log is the message:
[OSSO] W05: Requested URL is not specified in terms of fully-qualified host name or invalid SSO partner configuration. Host from request kwudeal2.nkw.ac.uk:80, registered host kwudeal2.nkw.ac.uk.
The obvious difference in the host names is the port 80, which is the correct port, but it wasn't in the URL I followed, Netscape appears to have added it.
Any ideas about what is going on and how to fix it?
Is anyone using Netscape 7 with SSO?
Thanks. Rob
Here's a DIY answer.
See Metalink Note 269820.1 which shows you how to use Perl to overwrite the host name in the HTTP header and remove the port number.
Similar Messages
-
SSO to partner application running under IIS
Hi,
We have a complete set-up for 9iAS Release2 where some applications are running. In parallell we have an application running under IIS, and would now like to enable the IIS application as a partner application to 9iAS letting the 9iAS SSO server handle the authentication.
In the documentation of Oracle Proxy Plug-in I read that this proxy plug-in can be used to proxy requests from IIS to Oracle http server (OHS) and also in this way enable SSO.
My question is if this can be done only for applications running under 9iAS but having IIS as web server, or if it is also possible like in our case to enable SSO via the proxy plug-in to applications runnind under IIS?
If this is not supported is the only available solution to use the SSO SDK in my IIS application?
Thanks and regards,
RikardHere's a DIY answer.
See Metalink Note 269820.1 which shows you how to use Perl to overwrite the host name in the HTTP header and remove the port number. -
Hi All,
I have installed 10g AS Release 2 on a system. I also have Application Express(formerly HTML DB) installed on the same system. I registered one of the HTML DB applications as partner applications and have put SSO authentication for it.
When I try to login the AS looks at the OID installed on the system(which I gave during installation). I want it to look at the Oracle gmldap.oraclecorp.com server OID so that only Oracle employees login.
Can anybody tell me how to change the OID and what are the entries to be give to configure it to gmldap.oraclecorp.com server??
Thanks,
SwaroopSee Task 3 in the Section 9.4 of the Oracle Application Server Administrator's Guide:
http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/chginfra.htm#i1014978
See the following for information about what to specify on each page.
http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/reconfig.htm#i1013341 -
Register the partner application through SSO Administer Partner Application
When should I use the "Administer Partner Applications" link on the SSO Server Administration page to register the application among the following cases?
1. sign-on SDK integrated application
2. mod_osso integrated applicationWere you able to resolve the issue???
Can you pls try Rerunning ssodatan/x with the correct data. The ssodatan script is located in the directory ORACLE_HOME/portal30/admin/plsql/ssodatan.
Refer following link for more info on SSODATAN , SSODATAX and DIAGNOSTICS scripts in Portal 3.0.x:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=136138.1 -
Apex application registered with sso as partner application
We have 1 apex app registered with sso and working properly.
I just registered a new apex application with sso. when i authenticate through sso, it directs me to the originally registered application.
I went in through the portal administrator app and verified my settings all pointed to the new application. I verified that my dad is set up correctly.
Any ideas?
APEX 2.0i did register and obtain the keys through portal admin.
to ensure i used the proper keys (i guess there is a possibility i used the keys from db1 registration) i re-ran regapp with the right keys but recieved the following output:
SQL> @regapp
Partner Application Configuration
Enter value for listener_token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
Enter value for site_id: EFBE3E14
Enter value for site_token: MSMXURH1EFBE3E14
Enter value for login_url: https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: 2EBDD126A3A40606
Enter value for ip_check: N
ERROR: Error in registration. Please try again
User-Defined Exception
Registration successful.
Listener token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
Site id : EFBE3E14
Site token : MSMXURH1EFBE3E14
Encryption key: 2EBDD126A3A40606
Login URL :
https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
n.ls_login
Logout URL :
https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
n.ls_logout
IP check : N
PL/SQL procedure successfully completed.
Commit complete.
No errors.
SQL>
...in spite of the error, i aske the app developer to try and use sso for db2. he now recieves:
User-Defined Exception
Error Error in wwv_flow_custom_auth_sso.process_success:l_sso_user_name:l_sess_id:: Please contact administrator.
OK
any ideas? -
Oracle9iAS R2 - Virtual Hosts with Portal and SSO with OIDDAS application
Hi!
I have installed a the machine with name minsk.discover.local. The machine have installed Infrastructure and Portal. The instalation is sucessfull and i work fine. But i have publish Portal to WEB with name intranet.discover.com.br. The Oracle describe:
1 - Create the virtual hosts in SSO and PORTAL - OK
2 - run ptlasst to create SSO Partners Applications - OK
After this steps iwork fine with Portal and SSO, but when i click in portlet to create user to access the application OIDDAS, the Portal redirect to login page of SSO in address mct.com.br, the internal name, when then name not responde in the internet.
I need a help!!!!
Marcio MestiI just spoke to the Oracle App server admins, the two servers in question are clustered.
So my question changes slightly to:
What is the best way to install and configure a webgate for clustered Oracle App servers with mulitple virtual hosts, that are residing behind a load balancer (Traffic Manager)?
Thanks,
Andy -
IdM 7 and SSO for legacy applications
Dear experts,
Per SAP NetWeaver 7 documentation new approach allows SSO for any legacy applications without a need for a 3rd party IdM solution.
Could someone explain how this is handled? Does evary non-SAP application need to become aware of SAP IdM credential store and be able to interact with it, or some other - non-intrusive approach is being used?
Thanks in advance,
Eugene.Hi Eugene,
SAP NetWeaver Identity Management 7.0 handles the provisioning of users (identities) for a heterogeneous landscape. Authentication and Single Sign-On (SSO) is being handled within the SAP NetWeaver platform. So introducing SAP NetWeaver Identity Management itself does not introduce additional SSO functionality. -
Ideas for flights partner application problem
Hi!
We got problem with trying to configure flights demo partner
application.
URL: http://orawat5/servlet/flights/
Error code below:
An error has occured in this Application
oracle.security.sso.enabler.SSOEnablerException:
oracle.security.sso.enabler.SSOEnablerException:
java.sql.SQLException: ORA-06550: line 1, column 13: PLS-00201:
identifier 'WWSEC_SSO_ENABLER_PRIVATE.GENERATE_REDIRECT' must be
declared ORA-06550: line 1, column 7: PL/SQL: Statement ignored
at
oracle.portal.devguide.partner.application.PartnerSSOEnabler.getS
SOUserInfo(PartnerSSOEnabler.java:215) at
oracle.portal.devguide.partner.application.FlightDispatch.process
(FlightDispatch.java, Compiled Code) at
oracle.portal.devguide.partner.application.PartnerServlet.doGet
(PartnerServlet.java:48) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:499) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:588) at
org.apache.jserv.JServConnection.processRequest
(JServConnection.java:402) at
org.apache.jserv.JServConnection.run(JServConnection.java:260)
at java.lang.Thread.run(Thread.java:479)
What do you think about what is problem?
(maybe this java ...PartnerSSOEnabler.getSSOUserInfo calls some
pl/sql code)
Regards,
Olli-PekkaCan you please provide me following information so that I can understand the environment clearly?
1. Login Server version
2. SSO SDK version (e.g. ssosdk307_011223.zip) etc
3. Database version for Login Server and SSO SDK partner application
4. Where did you get the original JPDK zip file and version number? -
1> I want to define a web-based application as partner application for portal.
and define a partner application in portal and set the Home URL and Success URL, the question is from where in portal it can be called ?
2> I want to get portal user within the application and run portal30.wwctx_api.get_user but it returns PUBLIC so I think the authentication is not done.
please let me know what can I do ?1> I want to define a web-based application as partner application for portal.
and define a partner application in portal and set the Home URL and Success URL, the question is from where in portal it can be called ?The portal does not have any partner applications. Partner applications are written for the SSO server. If you want to access a partner application, a URL to any entry point in the application should be acceptable. A properly written partner application can be accessed through any of its entry points and it should automatically obtain authentication from the SSO server when it needs to.
2> I want to get portal user within the application and run portal30.wwctx_api.get_user but it returns PUBLIC so I think the authentication is not done.
please let me know what can I do ? The portal30.wwctx_api calls are only appropriate for identifying a user logged into the portal. If you have your own partner application, you will need to develop your own set of APIs to identify your users as the SSO server has authenticated them, and you have managed their session thereafter. -
Error on registering Flights of Fancy application(Partner Application, JPDK) provide
Hi
When i try to add a provider for Flights of Fancy application i am getting this error
An error occurred when attempting to call the providers register function. (WWC-43134)
The following error occurred during the call to Web provider: Unable to initialize new provider instance: oracle.portal.provider.v1.ProviderException: Portlet PartnerFlightPortlet: Required Renderer not set. (WWC-43147)
i am able to access the URL (http://myhost/servlet/flightsprov) without any problem and is displaying the following information
Congratulations! You have successfully reached your Provider's Test Page.
Checking for components:
Oracle XML parser: detected
Oracle JSP: detected
Recognizing initArgs: Usual initArgs are provider_root and sessiontimeout.
dbhost: myhost
partnerAppCookieDomain: mydomain.com.qa
dbsid: mysid
onCancelUrl: http://myhost
partnerAppCookieDesc: SSO application cookie
partnerAppCookieScope: /
dbSchema: mypartner
requestedUrl: http://myhost/servlet/flights
provider_root: D:\port\partner
dbport: 1521
dbPassword: mypartner1
partnerAppCookieName: SSO_PAPP_SERVLET_ID
sessiontimeout: 1800000
listenerToken: myhost:80
ANd i make sure several times that i am using the same URL for Portal registration page.
In the jserv.log file i am getting the following information
[08/04/2001 13:08:24:642 GMT+03:00] flightsprov/javax.servlet.ServletException: Unable to initialize new provider instance: oracle.portal.provider.v1.ProviderException: Portlet PartnerFlightPortlet: Required Renderer not set.
at oracle.portal.provider.v1.http.HttpProvider.getProvider(HttpProvider.java:339)
at oracle.portal.provider.v1.http.HttpProvider.service(HttpProvider.java:246)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:588)
at org.apache.jserv.JServConnection.processRequest(JServConnection.java, Compiled Code)
at org.apache.jserv.JServConnection.run(JServConnection.java, Compiled Code)
at java.lang.Thread.run(Thread.java:479)
Can anybody help me in solving this problem
thanks in advance
Abdulla
nullYou're not missing anything - it sounds like it's working perfectly.
If a provider is affiliated with a partner application, the provider is automatically authenticated when you authenticate to the portal - because it is also a partner application. You only need to authenticate yourself once.
Now, when you go to the partner application, the application session cookie that was created by the provider is passed to the partner application & so you are not challenged.
Now, if you close your browser and access the partner application first, the login server will challenge you. When you subsequently go to the portal, you will not be challenged - the portal contacts the login server behind the scenes, determines you have already authenticated yourself and proceeds as if you had logged in.
When you visit the partner provider portlet, it will detect the cookie created by the partner application and use that to tie into the same session.
This is the whole point of single sign on. -
How to capture userinfo after a partner application is authenticated through SSOSDK?
I have successfully installed and deployed the Partner application for Portal using SSOSDK. My question is, once the user is authenticated through SSOPartnerServlet.java and gets thrown back to the partner app(PAPP), how do we get the user info(i.e. username) from the PAPP?
Is there an API?
I have already asked this question from oracle tech and they told me to post it
Thanks,
HamidPass the name of a subrotine to handle your user commands to the fm parameter.
I_CALLBACK_USER_COMMAND = 'USER_COMMAND'.
Then code for the user command function,
form user_command using r_ucomm type sy-ucomm.
case r_ucomm.
when '<FCODE of your button>'.
Code your logic....
endcase.
endform.
To add your button using your own pf-status, you should copy a standard gui status and modify it.
To trigger this pf-status you should pass routine name to I_CALLBACK_PF_STATUS_SET.(I_CALLBACK_PF_STATUS_SET = 'SET_PF_STATUS..)
form set_pf_status.
set pf-status 'ZSTAT'. "THis ZSTAT must be created by copying a STANDARD pf-status of say some std program like SAPLKKBL. and then modifying it.
endform. -
BC4J, Auditing, Partner Application and SSO
I am trying to figure out how to set up a BC4J-JSP app to use "database audit trail in entity objects" within a Portal/SSO environment.
Here is the situation;
Part 1:
I am able to partially get the auditing to work on a BC4J App Module in the tester by setting the appropriate history columns in the Entity Object and then setting the jbo.security.enforce property to "Test". Upon entering the tester I am challenged for a "username/password". At this point I can enter any credentials, I can then enter some data. Visually checking the database I find that the history "date" columns (date_created) are ok but the "user" columns (created_by) are not filled in.
Part 2:
Now if I set jbo.security.enforce property to "Test". I am not sure what user credential to enter here. I have looked at OID Manager for some clues for what username/password but I'm not sure if this is even in the ballpark.
Part 3:
At some point I will deploy this app as an SSO/Partner Application which will be accessed from a Portal page. Since authentication is handled by the SSO login page, I am confused about setting up the "database audit trail in entity objects" (from Part 1) as it talks about creating * another * login page. This seems contradictory so Long postings are being truncated to ~1 kB at this time.Part 1:
When setting jbo.security.enforce property to "Test", BC4J does not throw exception if credential is invalid. You should set it to "Must" if you really want to validate the credential. The "Test" setting does perform the authentication, a warning stating authentication fail is in the diagnostic output if the username/password is invalid. The "Test" setting is just to exercise the authentication but if it fail it does not stop the rest of the application. The "user" column (created_by) does not get fill could be cause by failed authentication or if the column is marked as Refresh on Update or Refresh on Insert, or if the client app insert null or zero length string into it.
Part 2:
BC4J default authentication uses the LoginModule from Oracle9iAS JAAS (in j2ee\home\jazn.jar). This LoginModule by default configure to use the lightweight jazn-xml. You can check this by looking "<jazn provider=..." in the j2ee\home\config\jazn.xml. If you are interested in using OID, you need to change it to <jazn provider="LDAP" location="ldap://myoid.us.oracle.com:389" />, "myoid.us.oracle.com:389" should be host address and port of your OID. There are a few predefined users in the lightweight jazn-xml if you wish to test it, there are admin/Long postings are being truncated to ~1 kB at this time. -
HOW TO SET UP PARTNER APPLICATION TO USE SSO OUTSIDE OF PORTAL
If anyone knows how Portal switches context to run as the db user mapped to the lightweight schema and how it knows the db schema password please let me know.
Should you have any queries please do not hesitate to contact me on 07775 896738.
From document Oracle Portal Security Overview on PortalStudio.oracle.com:
In Single Sign On mode (EnableSSO=Yes in the DAD), mod_plsql determines the name of the light-weight user and mapped database schema by calling
WPG_SESSION_PRIVATE.GET_LW_USER and WPG_SESSION_PRIVATE.GET_DB_USER respectively.
** These calls are done using the Portal Schema (PORTAL30) and Portal schema password **
mod_plsql then executes the procedure in the requested URL by using the N-Tier Authentication feature to connect to the database as the user returned from
WPG_SESSION_PRIVATE.GET_DB_USER. ..... Note that N-Tier Authentication requires all schemas to be used for Portal user mappings to be granted 'connect
through' privleges to the Portal schema (PORTAL30).
The WWCTX packages are also used.
So this is how it works with standard Portal
- the document states that the WPG_SESSION_PRIVATE package is only accessible to the Portal schema
- but I checked and it is also available to PORTAL30_SSO
SQL> desc WPG_SESSION_PRIVATE
PROCEDURE CREATE_SESSION
Argument Name Type In/Out Default?
P_COOKIE_NAME VARCHAR2 IN
FUNCTION GET_DB_USER RETURNS VARCHAR2
FUNCTION GET_LW_USER RETURNS VARCHAR2
PROCEDURE GET_SESSION_INFO
Argument Name Type In/Out Default?
NUM_PARAMS NUMBER OUT
PARAM_NAMES TABLE OF VARCHAR2(32000) OUT
PARAM_VALUES TABLE OF VARCHAR2(32000) OUT
PROCEDURE RESET_SESSION
Argument Name Type In/Out Default?
P_COOKIE_NAME VARCHAR2 IN
In my case only the Login Server (PORTAL30_SSO) is going to be used/installed
- the SAMPLE_SSO_PAPP application will only work if the DAD used to access is it set to use Basic authentication, i.e. the actual integration with the Login Server
is done in the sample application code calls, stored in the database
- when a DAD has enableSSO=yes it automatically accesses Portal (PORTAL30) packages to implement N-Tier authentication
I'm currently testing:
1. Configuring the SAMPLE_SSO_PAPP sample as documented with a DAD with Basic authentication
2. Amending the ssoapp procedure to set context to another (db) user on successful authentication:
wwctx_api.set_context (
p_user_name => 'SCOTT',
p_password => 'TIGER' );
3. If this works then set_context with get_lw_user instead
I have now amended the ssoapp procedure as follows to print out
1. The userid entered when the login box is presented
2. The Database user which the Portal Lightweight user is mapped to
3. The Lightweight user Portal has used for authentication
Amendments to papp.pkb:
(ssoapp procedure, declare db_user_info and lw_user_info as VARCHAR2 in declare section)
htp.p('Congratulations! It is working!<br>');
db_user_info := wwctx_api.get_db_user;
lw_user_info := wwctx_api.get_user;
htp.p('User Information:' || l_user_info || '<br>');
htp.p('DB User Information:' || db_user_info || '<br>');
htp.p('LW User Information:' || lw_user_info || '<br>');
The following shows the interesting results from my testing:
- if the user owning the sample_sso_papp package is PORTAL30_SSO then the call to wwctx_api.get_db_user succeeds
- if the user owning the sample_sso_papp package is a non-portal schema e.g. SSOAPP below the call to wwctx_api.get_db_user generates a User Defined exception
Steps to test:
Created new schema SSOAPP on the database
- edited it in Portal and checked the use this schema for Portal users checkbox
- created new Lightweight user SSO_LW in Portal, mapped it to SSOAPP schema
- created new Lightweight user SSO_SCOTT in Portal, mapped to SCOTT schema
- loadjava -user ssoapp/ssoapp@portal30 SSOHash.class
- sqlplus portal30/portal30@portal30
@provsyns ssoapp
- sqlplus ssoapp/ssoapp@portal30
@loadsdk.sql
@loadpapp.sql
Created DAD with basic authentication SAMPLE_SSO_PAPP
- username: ssoapp
- default home page: sample_sso_papp.ssoapp
Registered the Sample SSO Partner Application with the Login Server and ran regapp.sql
Commented out the calls to get_db_user in papp.pkb to avoid exception
- called http://<server>/pls/sample_sso_papp
- logged on as SSO_LW/sso_lw
- got output:
Congratulations! It is working!
User Information: SSO_LW
LW User Information: PUBLIC
So the Portal lightweight user is not returned as SSO_LW
if anyone knows why the Lightweight User in my test is returned as PUBLIC not SSO_LW
Best Regards
MIchaelhttp://support.mozilla.com/en-US/kb/Changing+the+e-mail+program+used+by+Firefox
-
SSO requires double login for partner application
I'm having some trouble with SSO partner applications, when I login to a SSO protected application, the login works fine, but when I try to navigate to another application I'm presented with the login page again, the sso cookie seems to be working since clicking on the login button without entering the user credentials works. For example, I log in to portal and from there I navigate to a forms application that is on the same server and the same port (portal: https://apps.mydomain.com:4444/pls/portal --> forms: https://apps.mydomain.com/forms/frmservlet?config=app) I am presented with the login page and after clicking on the login button without entering any information everything works fine. This is happening for all the middle tiers that are connected to the same OID. Any ideas on what can be wrong on my configuration?
Hi Andrey,
The problem sounds really wierd.
Can you check your SSO settings for your Portal ECC system? I mean, please check the User Management/Administration properties in your System Adminstration of Portal System that points to ECC.
Regards
<i><b>Raja Sekhar</b></i> -
SSO userid for a partner application
Hi,
We have one application deployed on WebLogic Application Server this is registred as Partner application over SSO server.
On application side we have installed Oracle HTTP Server as webserver and configured mod_osso.
Now when user attempt to access any secured page SSO askes for the authentication. And on successful login user landed back to application page configured while creating Partner application.
After login we need userid of user who logged in on sso server. I have tried following and getting null.
Remote User: <%=request.getRemoteUser() %>,
Proxy-Remote-User: <%=request.getHeader("Proxy-Remote-User") %>
Osso-User-Dn: <%=request.getHeader("Osso-User-Dn") %>
Osso-User-Guid: <%=request.getHeader("Osso-User-Guid") %>
Osso-Subscriber: <%=request.getHeader("Osso-Subscriber") %>
Osso-Subscriber-Dn: <%=request.getHeader("Osso-Subscriber-Dn") %>
Osso-Subscriber-Guid: <%=request.getHeader("Osso-Subscriber-Guid") %>
Accept-Language: <%=request.getHeader("Accept-Language") %>
output:
Remote User: null,
Proxy-Remote-User: null
Osso-User-Dn: null
Osso-User-Guid: null
Osso-Subscriber: null
Osso-Subscriber-Dn: null
Osso-Subscriber-Guid: null
Accept-Language: en-us,en;q=0.5
Is any one there knows, what exactly i should do?
Thanks & Regards,
Kevin ChhedaSo the user has successfully authenticated and can access protected areas of the application?
Have you tried using Http headers to see values/attribute names?
Can you try this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body>
<%@ page import = "java.util.*" %>
<h1>Headers received:</h1>
Remote user header is: <% out.println(request.getRemoteUser()); %>
<p>
<table>
<%
Enumeration headerNames = request.getHeaderNames();
while(headerNames.hasMoreElements()) {
String headerName = (String)headerNames.nextElement();
out.println("<tr><td>" + headerName);
out.println(" <td>" + request.getHeader(headerName));
%>
</table>
</body></html>
Maybe you are looking for
-
How do I modify invoice request xml file by adding posting date?
Hi, We import customer invoice requests via xml files from an external data source. Currently the standard SAP xml file does not include the posting date, and invoices enter SAP with a blank posting date. When the invoice is released, the posting dat
-
IDVD burning/multiplexing error
In iDVD 5 I get a message that says "errors were found during the burning process" and then it says "error while burning/multiplexing". I have not been able to burn a DVD thus far and I don't know what the problem is. I would appreciate any suggestio
-
Problem in consuming a webservice.
Hello, I'm not sure this is the correct forum, please let me know if not. I'm having an issue invoking a webservice (request/reply) provided by a external application, getting an error as below " ABAP conversion (Response Message; error ID: CX_ST_GRO
-
How can I get the label to print in one line. I have a label that has 2 words and it prints in two lines. I tried enclosing it in a panel form with a wide enough label width; i tried setting the width in label style and nothing seems to work. I also
-
Removing the special characters...
Hi All, I have a small problem. In one of my city table we have values like this as shown below Moscow - My'tisch'inskaya/1-st, 21 Which contains single quotes in it. is it possible to remove the single quote using a query. There are more than 3000 r