Partner Application and Login Server

Similar Messages

• Choosing between external and partner application and problem with login

  We have an application on Oracle App Server 10.1.3.3 and we have an OID server.
  I had taken this for granted that I should define the application as 'Partner Application' and not external application for single sign on.
  Now that we need the 'PASSWORD' retrieved by application, we are considering defining it as an external application.
  There are at least two problems I have encountered defining the application as external:
  1. 'pageConfig:serverDate' is among the login form's inputs in the login page, but I can't set it in orasso 'Edit External Applications' page
  2. After login using SSO as external application and when I click on the application's new link, the login page is shown with the username and password field filled, but I have to click on login button anyway (no automatic and invisible login).
  I will be very grateful if someone gives a general view on the differences between external and partner, whether in this case external has to be used or partner and finally give some comment on my specific problem with login button and manual login.
  Thank you

  Just some information :
  - The problem with LOGIN page exists. I don't have that problem with for example GMAIL when defined as external application, but with my applications in Oracle Application Server.
  - There is also another thing I don't understand. The link to external application is something like:
  javascript:open_jwindow('../ealogin?ID=76D4766','76');
  and couldn't be executed outside pls/orasso
  in other words we can't give that to our users, can we? They should login to orassso and see that?
  We don't want to involve them in Identity Management...
  Any help is appreciated....
  Regards

• I want to remove the COnlineBank, OnlineBank and csample applications from my application and web server.

  How can I safely do this on Solaris? I've tried "iasdeploy removeapp" and "iasdeploy removemodule" with no luck. I want to clear all of this demo stuff out to make both the web and app server look more production like.
  Thanks
  Eric

  Eric,
  these applications are applogics which are not controlled by the
  iasdeploy tool. Unfortunately, there is no tool available to remove
  these applications for you. What you can do is to manually remove all
  their entries, but be careful if you do that. If you remove the wrong
  keys you might break your ias installation, so be warned and make sure
  you backup the whole ias registry before attempting to remove anything.
  Eric Coleman wrote:
  >
  I want to remove the COnlineBank, OnlineBank and csample applications
  from my application and web server.
  How can I safely do this on Solaris? I've tried "iasdeploy removeapp"
  and "iasdeploy removemodule" with no luck. I want to clear all of
  this demo stuff out to make both the web and app server look more
  production like.
  Thanks
  Eric
  Try our New Web Based Forum at http://softwareforum.sun.com
  Includes Access to our Product Knowledge Base!--
  Han-Dat Luc ([email protected])
  Senior Consultant
  SUN Professional Services (iPlanet)
  o .
  o .
  O _ ____ _ _
  (_) _ \| | __ _ _ __ ___| |_ TM
  | | |_) | |/ _` | '_ \ / _ \ __|
  | | __/| | (_| | | | | __/ |_
  |_|_| |_|\__,_|_| |_|\___|\__|
  e-commerce solutions
  Sun Microsystems Australia Pty Ltd

• Mod_osso partner application and webcache site to server mapping

  hi, need advice on the following.
  i have an app server container (only OC4J and no portal,forms etc) hostname abc.test.net installed with the option to registered to the sso server (http://mylogin.test.net), which is on a physically seperate machine.
  i have a java application deployed on a 10g app server container. the log in portion is handle by the login server using the mod_osso.conf file.
  thus when i type http://abc.test.net:7777/myapps, i will be prompted to login via the sso server.
  this is working fine.
  then i put a webcache to front this app server, so that users will use a sitename (http://myapps.abc.com) defined in the webcache (mapped to the app server) to access that application.
  so now when users type http://myapps.abc.com, they are still prompted the sso login screen. but after logging in, they are shown a red coloured bold text error message "ORASSO Failure-Unable to Process Request" page. this error page has the url of app server http://abc.test.net:7777/osso_login_successxxxx.
  if i manually replace the 'acb.test.net' to 'myapps.abc.com', my application will be displayed correctly, and i am logged in.
  how can i resolve this problem?
  question:
  1. do i need to re-register http://myapps.abc.com as a partner application?
  2. if so, do i perform the registration from the webcache, the app server or the login server itself?
  pls advice.
  thx.

  Follow the following notes:
  Note:250532.1 Configuring HTTP Server to Use SSL in Oracle Application Server 10g (9.0.4)
  ===> Note:250532.1 Configuring HTTP Server to Use SSL in Oracle Application Server 10g (9.0.4) <===

• Partner application and web clipping.

  Hi All,
  I am trying to add an external application (say my.yahoo.com) to a webclipping and its throwing the below error in the application log.
  WC-517 : SSL handshake failed with the url ...
  I have checked the file ca-bundle.crt and the certificates are in place. Does anybody know how to go about debugging this problem as I am quite new to portals and at my wits end to solve it.
  Also I would be greatful if anybody can suggest me the steps on adding an Apex application configured as partner application with SSO authentication to a web clipping.There seems to be little or no-documentation at all in this regard(as far as my search goes).
  Thanks in advance
  -Venkat

  I finally got it working by VERY CAREFULLY reading the instructions in the install.txt document in the SSO SDK package. You have to set up the partner application with a new schema in the login server database, and run the regapp.sql script AFTER editing it to insert data from the Login Server Partner Application admin screen. After you register the partner app in Portal, it gives you some info (site token, listener token, encryption key, etc). You have to MANUALLY copy these and paste them into the regapp.sql script, then run the script in the partner app schema. Make sure you don't confuse capital I with numeral 1 (like I did, since Oracle so nicely uses a non-serif font where you can not tell the difference).
  Also make sure you copy the exact values for these parameters into your code when you use the SSOEnabler class. The listener token was very confusing since different documents appear to disagree on whether it should include the partner app name or not. It does require the partner app name:
  app-name:hostname:port
  hostname and port are for the web server that is handling http requests for the login server (usually your main portal web server).
  John H.

• BC4J, Auditing, Partner Application and SSO

  I am trying to figure out how to set up a BC4J-JSP app to use "database audit trail in entity objects" within a Portal/SSO environment.
  Here is the situation;
  Part 1:
  I am able to partially get the auditing to work on a BC4J App Module in the tester by setting the appropriate history columns in the Entity Object and then setting the jbo.security.enforce property to "Test". Upon entering the tester I am challenged for a "username/password". At this point I can enter any credentials, I can then enter some data. Visually checking the database I find that the history "date" columns (date_created) are ok but the "user" columns (created_by) are not filled in.
  Part 2:
  Now if I set jbo.security.enforce property to "Test". I am not sure what user credential to enter here. I have looked at OID Manager for some clues for what username/password but I'm not sure if this is even in the ballpark.
  Part 3:
  At some point I will deploy this app as an SSO/Partner Application which will be accessed from a Portal page. Since authentication is handled by the SSO login page, I am confused about setting up the "database audit trail in entity objects" (from Part 1) as it talks about creating * another * login page. This seems contradictory so Long postings are being truncated to ~1 kB at this time.

  Part 1:
  When setting jbo.security.enforce property to "Test", BC4J does not throw exception if credential is invalid. You should set it to "Must" if you really want to validate the credential. The "Test" setting does perform the authentication, a warning stating authentication fail is in the diagnostic output if the username/password is invalid. The "Test" setting is just to exercise the authentication but if it fail it does not stop the rest of the application. The "user" column (created_by) does not get fill could be cause by failed authentication or if the column is marked as Refresh on Update or Refresh on Insert, or if the client app insert null or zero length string into it.
  Part 2:
  BC4J default authentication uses the LoginModule from Oracle9iAS JAAS (in j2ee\home\jazn.jar). This LoginModule by default configure to use the lightweight jazn-xml. You can check this by looking "<jazn provider=..." in the j2ee\home\config\jazn.xml. If you are interested in using OID, you need to change it to <jazn provider="LDAP" location="ldap://myoid.us.oracle.com:389" />, "myoid.us.oracle.com:389" should be host address and port of your OID. There are a few predefined users in the lightweight jazn-xml if you wish to test it, there are admin/Long postings are being truncated to ~1 kB at this time.

• Understanding Application and Web Server Integration

  Folks,
  I am relatively new to web development and have some fundamental questions. I have read various articles and posts on these forums that describe the difference between an Application server and web server but haven't seen any on the integration of the two.
  I have recently downloaded the Sun Java System Application Server, built a simple application with a couple of JSPs, servlets and static html pages and deployed it through a deployment tool that came with the application server.
  Now, the application is accessible through my browser, so It seems the application server does everything I need, even for serving static pages. Do i need a web server? If so, would I implement a web server for design reasons and host static pages on that? Any hints on how to do this?
  Your help is appreciated.
  -joe

  No you don not. However, if you had a large site, which experienced thousands of hits a minute, you wouldn't want to burden your application server with the overhead of serving static content. Otherwise, go for it.
  As far as integrating an application server with a web server, I only have access integrating Tomcat with various web servers and it's not difficult at all. There's another post here (today as a matter of fact) where I give details for Tomcat and IIS.

• Can anyone help me know the difference b/w application and web server?

  i tried reading about application and web servers. it appears to me to be the same. please do help me to differentiate. Thanks :-)

  An application server hosts business logic components for an application. A web server is an application which accepts HTTP requests.
  An application server may come packaged with a web server.
  A web server is a very simple process. It's HTTP daemon process that listens for incoming requests over HTTP protocol on a specified port usually, 80. For simple, static web pages the web server has the built in logic to serve them but for a complex operation(say read from database and display some records), it routes the URL to a component like the servlet engine....
  An application server is a much broader term. For example the servlet may need to invoke certain business logic components like beans or activex dlls. The server that hosts these components is the application server.
  Hope you are clear now.

• Error when trying to configure Lync to be a partner application for Exchange Server 2013

  When I attempt to run the Configure-EnterprisePartnerApplication.ps1 script I get the following error:
  The address 'LyncEnterprise-ApplicationAccount@*.domain.com' is invalid:
  "LyncEnterprise-ApplicationAccount@*.domain.com" isn't a valid SMTP address. The domain name can't contain spaces and it has to have a prefix and a suffix, such as example.com.
  The error continues with some more things, but what I can't understand is why it is adding a *. after the @ when it is trying to create the account.
  Any help would be appreciated, thanks!

  Hi ADrake04,
  I found that the script was configured as below:
  $acceptedDomains = Get-AcceptedDomain;
  if ($acceptedDomains -eq $null)
  WriteError ("There is no accepted domain so user can not be created.")
  $acceptedDomain = $acceptedDomains[0].Name;
  if($UseDomainController -eq $true)
  $user = New-MailUser -Name $username -DomainController $DomainController -ExternalEmailAddress $username@$acceptedDomain;
  set-mailuser -Identity $user.Identity -HiddenFromAddressListsEnabled $true -DomainController $DomainController
  else
  $user = New-MailUser -Name $username -ExternalEmailAddress $username@$acceptedDomain;
  set-mailuser -Identity $user.Identity -HiddenFromAddressListsEnabled $true;
  WriteInformation ("Created User <$($user.Identity)> for Partner Application.");
  return $user;
  Please note the variable “$acceptedDomain”,
  this is a very important point.
  (Note: The acceptdomain is used in Exchange, and can be created in Exchange EAC )
  Now what you need to do is to run the following command in Exchange Powershell and see the result.
  $acceptedDomains
  = Get-AcceptedDomain
  $acceptedDomains[0].Name
  If you see the result “*.Domain.com”, then you should check your Exchange Configuration.
  Best regards,
  Eric

• SSO Partner Application and Session Time out

  Hi ,
  We have an application on forums.oracle.com which is implementing the Authentication scheme as SSO, that is working well, now we want to implement Session Time out if the user is idle for some time and ask him to login again after the session fails, I have tried to implement this feature as given by Scott in the thread session timeout , well the problem is since we dont have a login page here how do we set the cookies owa_cookie.send(
  name => 'HTMLDB_IDLE_SESSION',
  value => to_char(sysdate+(20/1440),'DD-MON-YYYY HH24:MI:SS'),
  expires => null,
  path => '/',
  domain => null
  and where is the current point to implement it.
  Any help on this is greatly welcome.
  Thanks in Advance.

  Naveen,
  I don't remember how the solution works. But if you don't have a login page you can usually put code in the post-authentication process of your authentication scheme to do whatever the login page process would have done.
  Scott

• Partner application configuration is missing error on SSO login page

  We have APEX 3.1.2 setup as a partner application and an application within APEX setup to use SSO for authentication. Following a link to the APEX application redirects to the Single Sign-On page, as it should, but it also shows "Error: The partner application configuration is missing or expired." I type in my password and username, click the Login button, and (if I entered my username and password correctly, of course!) then the APEX application is shown. So, I cannot figure out why we're getting the no_papp_err error and I have not found any solutions to that issue on Metalink or anywhere else on the Internet. Any ideas? I'm concerned that we have a misconfiguration somewhere that is causing this error and will affect any other partner application we setup in the future.
  We're on Oracle Portal 10.1.4, SSO 10.1.2, and SSL is setup on both infra and mid tiers.

  Did you try checking the partner application entries on the SSO-login server page?
  please login as orcladmin or some other user with membership in, i beleive, iasadmins group. verify that for this partner application, what you see here corresponds to the application URL. it looks like your login page call may have issues. so check for login url too.
  also check the ORASSO.WWSSO_LS_CONFIGURATION_INFO$ for entries corresponding to Apex application.

• Error: Partner application configuration is missing ... on SSO login page

  We have APEX 3.1.2 setup as a partner application and an application within APEX setup to use SSO for authentication. Going to the APEX application redirects to the Single Sign-On page, as it should, but it also shows "Error: The partner application configuration is missing or expired." I type in my password and username, click the Login button, and (if I entered my username and password correctly), it redirects me to the APEX application just like it should. So, I cannot figure out why we're getting the no_papp_err error and I have not found any solutions to that issue on metalink or anywhere else on the Internet. Any ideas?
  We're on Oracle Portal 10.1.4, SSO 10.1.2, and SSL is setup for both.
  +Closing this topic and opening it in [Oracle Application Server - General|http://forums.oracle.com/forums/thread.jspa?threadID=832022&tstart=0|New Topic]+
  Edited by: oportalist on Nov 28, 2008 10:24 AM

  Did you try checking the partner application entries on the SSO-login server page?
  please login as orcladmin or some other user with membership in, i beleive, iasadmins group. verify that for this partner application, what you see here corresponds to the application URL. it looks like your login page call may have issues. so check for login url too.
  also check the ORASSO.WWSSO_LS_CONFIGURATION_INFO$ for entries corresponding to Apex application.

• Ssodatan and partner application

  Hello,
  I have configured successfully a java partner application.
  The problem is that each time I run ssodatan command all the
  records in the table WWSSO_PAPP_CONFIGURATION_INF_T are removed
  (the one for ny partner application too) and only portal30 and
  portal30_sso are recreated. So I loose all the parameter of the
  my partner application. It does't appears anymore in the partner
  application list...
  Can anyone help me?
  Thank you,
  Lorenzo.

  I didn't understand very well:
  we need to launch ssodatan necessary because the portal url and
  login server url changes often.
  After that, we loose the partner application configuration (of
  the java application), the portal is OK.
  You suggest me to run ssodatax command, but according with the
  comment in ssodatax script, I can't run it without creating
  manually the partner application (ssodatax needs: site id,
  Token, Encryption Key, ...).
  What I want to avoid is to create manually the partner
  application. Is possible to do this step in automatic way (using
  script or something else)?
  Thanks
  Lorenzo.

• SSO for partner applications

  Hi All,
  I have installed 10g AS Release 2 on a system. I also have Application Express(formerly HTML DB) installed on the same system. I registered one of the HTML DB applications as partner applications and have put SSO authentication for it.
  When I try to login the AS looks at the OID installed on the system(which I gave during installation). I want it to look at the Oracle gmldap.oraclecorp.com server OID so that only Oracle employees login.
  Can anybody tell me how to change the OID and what are the entries to be give to configure it to gmldap.oraclecorp.com server??
  Thanks,
  Swaroop

  See Task 3 in the Section 9.4 of the Oracle Application Server Administrator's Guide:
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/chginfra.htm#i1014978
  See the following for information about what to specify on each page.
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/reconfig.htm#i1013341

• SSO userid for a partner application

  Hi,
  We have one application deployed on WebLogic Application Server this is registred as Partner application over SSO server.
  On application side we have installed Oracle HTTP Server as webserver and configured mod_osso.
  Now when user attempt to access any secured page SSO askes for the authentication. And on successful login user landed back to application page configured while creating Partner application.
  After login we need userid of user who logged in on sso server. I have tried following and getting null.
  Remote User: <%=request.getRemoteUser() %>,
       Proxy-Remote-User: <%=request.getHeader("Proxy-Remote-User") %>
       Osso-User-Dn: <%=request.getHeader("Osso-User-Dn") %>
       Osso-User-Guid: <%=request.getHeader("Osso-User-Guid") %>
       Osso-Subscriber: <%=request.getHeader("Osso-Subscriber") %>
       Osso-Subscriber-Dn: <%=request.getHeader("Osso-Subscriber-Dn") %>
       Osso-Subscriber-Guid: <%=request.getHeader("Osso-Subscriber-Guid") %>
       Accept-Language: <%=request.getHeader("Accept-Language") %>
  output:
  Remote User: null,
  Proxy-Remote-User: null
  Osso-User-Dn: null
  Osso-User-Guid: null
  Osso-Subscriber: null
  Osso-Subscriber-Dn: null
  Osso-Subscriber-Guid: null
  Accept-Language: en-us,en;q=0.5
  Is any one there knows, what exactly i should do?
  Thanks & Regards,
  Kevin Chheda

  So the user has successfully authenticated and can access protected areas of the application?
  Have you tried using Http headers to see values/attribute names?
  Can you try this:
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
  <html>
  <body>
  <%@ page import = "java.util.*" %>
  <h1>Headers received:</h1>
  Remote user header is: <% out.println(request.getRemoteUser()); %>
  <p>
  <table>
  <%
  Enumeration headerNames = request.getHeaderNames();
  while(headerNames.hasMoreElements()) {
  String headerName = (String)headerNames.nextElement();
  out.println("<tr><td>" + headerName);
  out.println(" <td>" + request.getHeader(headerName));
  %>
  </table>
  </body></html>