Partner Application in SSO logout does'nt synchronize

Similar Messages

• Second htmldb as partner application in sso

  Hello ,
  I have 2 databases (say A and B) running each their own htmldb instance.
  I have 1 sso server where already 1 htmldb partner application is defined of DB A.
  Now i want to define the second instance of the htmldb on DB B also as partner application on my sso server.
  In the installation guide, i read the following for value of app_name when running regapp.sql
  'You must use HTML_DB as the app_name', but i already have one defined of DB A. Can I use another name or should i use the same name ? Or is it impossible to define 2 htmldb partner applications on 1 SSO.
  Grtz,
  Chris.

  When defining my app_name with the regapp.sql, i have used
  HTML_DB_TEST:servername:443 as listener_token.
  As i already have a HTML_DB:servername:443.
  I also used HTML_DB_TEST in the definition of the partner application.
  Now I'm getting : Expecting p_company or wwv_flow_company cookie to contain security group id of application owner. when trying to run my application.
  Could this be related, and if so, how can i define a second htmldb application as a partner application in sso ?
  Chris.

• BC4J, Auditing, Partner Application and SSO

  I am trying to figure out how to set up a BC4J-JSP app to use "database audit trail in entity objects" within a Portal/SSO environment.
  Here is the situation;
  Part 1:
  I am able to partially get the auditing to work on a BC4J App Module in the tester by setting the appropriate history columns in the Entity Object and then setting the jbo.security.enforce property to "Test". Upon entering the tester I am challenged for a "username/password". At this point I can enter any credentials, I can then enter some data. Visually checking the database I find that the history "date" columns (date_created) are ok but the "user" columns (created_by) are not filled in.
  Part 2:
  Now if I set jbo.security.enforce property to "Test". I am not sure what user credential to enter here. I have looked at OID Manager for some clues for what username/password but I'm not sure if this is even in the ballpark.
  Part 3:
  At some point I will deploy this app as an SSO/Partner Application which will be accessed from a Portal page. Since authentication is handled by the SSO login page, I am confused about setting up the "database audit trail in entity objects" (from Part 1) as it talks about creating * another * login page. This seems contradictory so Long postings are being truncated to ~1 kB at this time.

  Part 1:
  When setting jbo.security.enforce property to "Test", BC4J does not throw exception if credential is invalid. You should set it to "Must" if you really want to validate the credential. The "Test" setting does perform the authentication, a warning stating authentication fail is in the diagnostic output if the username/password is invalid. The "Test" setting is just to exercise the authentication but if it fail it does not stop the rest of the application. The "user" column (created_by) does not get fill could be cause by failed authentication or if the column is marked as Refresh on Update or Refresh on Insert, or if the client app insert null or zero length string into it.
  Part 2:
  BC4J default authentication uses the LoginModule from Oracle9iAS JAAS (in j2ee\home\jazn.jar). This LoginModule by default configure to use the lightweight jazn-xml. You can check this by looking "<jazn provider=..." in the j2ee\home\config\jazn.xml. If you are interested in using OID, you need to change it to <jazn provider="LDAP" location="ldap://myoid.us.oracle.com:389" />, "myoid.us.oracle.com:389" should be host address and port of your OID. There are a few predefined users in the lightweight jazn-xml if you wish to test it, there are admin/Long postings are being truncated to ~1 kB at this time.

• Register the partner application through SSO Administer Partner Application

  When should I use the "Administer Partner Applications" link on the SSO Server Administration page to register the application among the following cases?
  1. sign-on SDK integrated application
  2. mod_osso integrated application

  Were you able to resolve the issue???
  Can you pls try Rerunning ssodatan/x with the correct data. The ssodatan script is located in the directory ORACLE_HOME/portal30/admin/plsql/ssodatan.
  Refer following link for more info on SSODATAN , SSODATAX and DIAGNOSTICS scripts in Portal 3.0.x:
  http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=136138.1

• Registering a partner application with SSO SDK

  Good day
  Since 2 days, I am struggling for the issue of registering a Servlet application as a partner
  application using the SSO Login Server.
  As per the suggested note id 182701.1 in metalink , I implement the following steps :
  - Step A : Create the partner Application Schemas (Succesful & the name of the shemas is : ssopartner)
  - Step B : Load Packages for the partner application (Successful)
  - Step C : Obtain the registration information (Successful)
  - Step D : Run the regapp.sql (successful but they forgot to mention that I should load the
  SSOHash.class )
  - Step E : Compile and Run
  I deploy the application under 9iAS in order to test it.
  I add the ssosdk307.jar the the jserv.properties file.
  I invoke the SSOPartnerServlet java program by entering :
  http://name of the webserver/servlet/SSOPartnerServlet
  I got the message "redirecting to the login server" and I got the
  login page of the SSO Server.
  Once I submit the user/password , I got HTTP 400: Page cannot be
  displayed.
  I check the mod_jserv.log file and find out the following message :
  [08/04/2002 13:54:16:949] (ERROR) ajp12: Servlet Error: POST is not
  supported by this URL
  Could you please advise
  Your prompt feedback is highly appreciated
  regards

  I believe that this is not possible as the mod_osso realizes that the URL is below an URL that you want to protect.
  The only way I see that you can do this is the following modification in the mod_osso.conf:
  <Location /myApp/secure_partA>
  AuthType basic
  Require valid-user
  </Location>
  <Location /myApp/secure_partB>
  AuthType basic
  Require valid-user
  </Location>
  <Location /myApp/secure_partX>
  AuthType basic
  Require valid-user
  </Location>
  So your application /myApp/subApp will not be effected and people can just access this part. However you will have more administration in your mod_osso.conf
  cu
  Andreas

• Partner App OAS SSO integration does not work

  Hi All,
  I try to make OAS SSO work. I have app I built in HTML DB, I try to make it work as Partner Application for OAS SSO. I've done all requierments to install SSO SDK and try to make it work - it was fruitless.
  Then I try to make Test App work (\ssosdk307_032101\demo\plsql\) - it was fruitless also.
  I received the same error messages in Apache error_logs:
  [Thu Nov  4 12:06:54 2004] [error] [client 192.168.83.43] [ecid: 1099562814:192.168.83.197:9461:0:1,0] mod_plsql: /test2/test_setup HTTP-503 ORA-6550 Call to WPG_SESSION API Failed.
  [Thu Nov  4 12:06:54 2004] [error] [client 192.168.83.43] [ecid: 1099562814:192.168.83.197:9461:0:1,0] mod_plsql: ORA-06550: line 4, column 2:
  PLS-00201: identifier 'FLOWS_010500.WPG_SESSION' must be declared
  ORA-06550: line 4, column 2:
  PL/SQL: Statement ignored
  ORA-06550: line 5, column 16:
  PLS-00201: identifier 'WPG_SESSION_PRIVATE.CREATE_SESSION' must be declared
  ORA-06550: line 5, column 2:
  PL/SQL: Statement ignored
  ORA-06550: line 6, column 15:
  PLS-00201: identifier 'WPG_SESSION_PRIVATE.GET_LW_USER' must be declared
  ORA-06550: line 6, column 2:
  PL/SQL: Statement ignored
  ORA-06550: line 7, column 2:
  PLS-00201: identifier 'FLOWS_010500.WPG_SESSION' must be declared
  ORA-06550: line 7, column 2:
  PL/SQL: Statement ignored
  Could someone point me what to do in order to make it work? I guess I miss some step but I don't know what one I've missed :(((
  Thanks,
  Sergiy

  Scott,
  Thanks for your reply. I double check instruction and re-done all steps. I try to start demo application (I didn't even go further tneh step 4 in Install.txt!)
  from ...\ssosdk307_032101\demo\plsql\Readme.txt 5. To verify the web server setup, go to the following URL to see the test page:
  http://<hostname>:<port>/pls/<dad_name>/<schema_name>.test_setup
  , but I receive the same error messages in IE and in Apache error_logs.
  I see at this point one weak area - this is DAD. As I understand I need to create dad in dads.conf, am I right?
  Maybe I didn't created it right?
  Could you post some working dad for SingleSignOn?
  Thanks,
  Sergiy

• SSO logout not working properly (cookie remains set)

  Hi, I've just implemented single sign-on authentication for my APEX 2.2 applications with help of these two howtos:
  http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html#INSTALL
  http://becomeappsdba.blogspot.com/2007/01/apex-apps-configure-sso-ii.html
  It quite works smoothly, e.g. for pages that require authentication the user is redirected
  ("Redirecting to the Login Server for authentication...") to the SSO server (another machine, a part of Oracle Collaboration Suite infrastructure). There on the login screen, the user enters the credentials and after submit (if the credentials are OK) is redirected back to the APEX application as an authenticated user.
  When the user clicks "Logout", the application redirects him (her) to the page specified in the "Logout URL" attribute of the SSO authentication scheme and the displayed username changes to "nobody". So far so good.
  However, the problem is that the user is in fact not logged out. On a subsequent attempt to get to an authenticated page within the same browser window the application displays for a short while "Redirecting to the Login Server for authentication..." but it doesn't really get the user to the SSO logon screen to enter username and password and instead it redirects him (her) directly to the required page as the previously authenticated user (the user who clicked the "Logout" sign). The only workaround is to close the browser window and start over again as the other user, which is not very convenient nor secure. It seems that despite the seeming logout the cookie remains set and I don't how to force the application to get rid of the cookie upon logout.
  Has anybody faced this behaviour and has some assistance for me?
  Thanks in advance.
  Zdenek

  Scott,
  thank you very much for your prompt explanation and pointing to the right thread. There, I was able to quickly find what I was looking for - the logout URL:
  https://host:port/pls/DAD/wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:https://login.yourlogin.com/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=https://host:port/pls/DAD/f?p=&APP_ID.:PUBLIC_PAGE
  Having that, it took me just 5 minutes to adopt it to my conditions (change machine names & page number), paste it to the SSO authentication scheme's logout URL field and sucessfully test it.
  To summarize for others in need, these are relevant links to this topic:
  Re: Partner Application in SSO logout does'nt synchronize
  SSO authentication
  Logout URL for 9iAS SSO Partner App
  Thanks again & appologies for asking this question without preceding proper searching for answer in this excelent & useful forum.
  Zdenek

• SSO userid for a partner application

  Hi,
  We have one application deployed on WebLogic Application Server this is registred as Partner application over SSO server.
  On application side we have installed Oracle HTTP Server as webserver and configured mod_osso.
  Now when user attempt to access any secured page SSO askes for the authentication. And on successful login user landed back to application page configured while creating Partner application.
  After login we need userid of user who logged in on sso server. I have tried following and getting null.
  Remote User: <%=request.getRemoteUser() %>,
       Proxy-Remote-User: <%=request.getHeader("Proxy-Remote-User") %>
       Osso-User-Dn: <%=request.getHeader("Osso-User-Dn") %>
       Osso-User-Guid: <%=request.getHeader("Osso-User-Guid") %>
       Osso-Subscriber: <%=request.getHeader("Osso-Subscriber") %>
       Osso-Subscriber-Dn: <%=request.getHeader("Osso-Subscriber-Dn") %>
       Osso-Subscriber-Guid: <%=request.getHeader("Osso-Subscriber-Guid") %>
       Accept-Language: <%=request.getHeader("Accept-Language") %>
  output:
  Remote User: null,
  Proxy-Remote-User: null
  Osso-User-Dn: null
  Osso-User-Guid: null
  Osso-Subscriber: null
  Osso-Subscriber-Dn: null
  Osso-Subscriber-Guid: null
  Accept-Language: en-us,en;q=0.5
  Is any one there knows, what exactly i should do?
  Thanks & Regards,
  Kevin Chheda

  So the user has successfully authenticated and can access protected areas of the application?
  Have you tried using Http headers to see values/attribute names?
  Can you try this:
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
  <html>
  <body>
  <%@ page import = "java.util.*" %>
  <h1>Headers received:</h1>
  Remote user header is: <% out.println(request.getRemoteUser()); %>
  <p>
  <table>
  <%
  Enumeration headerNames = request.getHeaderNames();
  while(headerNames.hasMoreElements()) {
  String headerName = (String)headerNames.nextElement();
  out.println("<tr><td>" + headerName);
  out.println(" <td>" + request.getHeader(headerName));
  %>
  </table>
  </body></html>

• SSO logout issue with APEX

  I am trying to resolve the logout URL issue with our APEX application configured as a partner application with SSO. The partner application name is SSO_APEX and the logout URL is defined in partner application as
  http://OID_Server:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout where OID_Server is our OID server name.
  In the APEX application page, I tried to open the application that was imported from another apex server.
  Home>Application Builder>Application 107>Shared Components>Authentication Schemes
  SSO_Auth - current is
  &INFRA_NAME./pls/orasso/ORASSO.wwsso_app_admin.ls_logout?p_done_url=&SERVER_NAME./pls/htmldb/f?p=&APP_ID.
  The logout link is http://INFRA_NAME:7777/pls/orasso/ORASSO.wwsso_app_admin.ls_logout?p_done_url=http://SERVER_NAME/pls/cms/f?p=107 , The application is retrieving the INFRA_NAME and SERVER_NAME values from a database table and they correspond to the OID and 10g application servers respectively.
  The logout link should take it to the login page where the user will be prompted to enter login credentials again however it is currently taking to the above logout link page from APEX. It is not changing even though I specified a different logout link in partner application page. Moreover the check box beside SSO_APEX in the logout page is unchecked.
  The authentication scheme of application is overriding the partner application configuration. How can I make sure the logout is actually happening? Thanks in advance for any suggestions.
  Pavan.

  Scott,
  I am having the same issue, and have posted on another thread about this same thing. I know that's inappropriate to post the same thing in multiple threads, but I was searching the forum again today, and Pavan described exactly what I'm experiencing.
  We have been using SSO for about 4 years or so now, and haven't had logout issues. Our DBA at the time had written his own logout function for SSO where he invalidated the cookie with owa_cookie calls. It's worked until now. We have upgraded our database servers and all URLs referencing those servers are now in a different domain than our OAS server. Now the logic in the logout function is no longer invalidating the cookie for SSO (because it's in a different domain). SSO login and authentication still work, it's just the logout that does not.
  I'd like to just alter the logout URL to redirect to the OAS server for logout as you described. But here's what's happening. I press logout link, and it takes me to the OAS Single Sign-Off page where it shows the services it's logging you out of, but it doesn't automatically redirect (just sits there until I press the Return button).
  Is that expected (no automatic redirect)?
  And as Pavan mentioned, the Partner application name (APEX_SERVERNAME_SSO) doesn't show a checkmark next to it. If I go back to my application, I get right back in without being prompted for SSO (ie, not logging out successfully then).
  I know there are a lot of question marks here, but I'm not sure if there's something obvious I am missing or if there's something else I need to fix that I don't know about.
  Can you offer any guidance?
  Thank you for your time,
  Chris

• Partner application and web clipping.

  Hi All,
  I am trying to add an external application (say my.yahoo.com) to a webclipping and its throwing the below error in the application log.
  WC-517 : SSL handshake failed with the url ...
  I have checked the file ca-bundle.crt and the certificates are in place. Does anybody know how to go about debugging this problem as I am quite new to portals and at my wits end to solve it.
  Also I would be greatful if anybody can suggest me the steps on adding an Apex application configured as partner application with SSO authentication to a web clipping.There seems to be little or no-documentation at all in this regard(as far as my search goes).
  Thanks in advance
  -Venkat

  I finally got it working by VERY CAREFULLY reading the instructions in the install.txt document in the SSO SDK package. You have to set up the partner application with a new schema in the login server database, and run the regapp.sql script AFTER editing it to insert data from the Login Server Partner Application admin screen. After you register the partner app in Portal, it gives you some info (site token, listener token, encryption key, etc). You have to MANUALLY copy these and paste them into the regapp.sql script, then run the script in the partner app schema. Make sure you don't confuse capital I with numeral 1 (like I did, since Oracle so nicely uses a non-serif font where you can not tell the difference).
  Also make sure you copy the exact values for these parameters into your code when you use the SSOEnabler class. The listener token was very confusing since different documents appear to disagree on whether it should include the partner app name or not. It does require the partner app name:
  app-name:hostname:port
  hostname and port are for the web server that is handling http requests for the login server (usually your main portal web server).
  John H.

• Register external application as partner application on OSSO

  Hi All,
  I am using OracleAS Single Sign-On. I want to integrate Stellent Universal Content Management(UCM) with OracleAS Single Sign-On.
  Can someone please let me know how to achieve this?
  Also I would like to know, how can I register external application as a partner application in OracleAS Single Sign-on?
  Thanks & Regards,
  Yash Shah

  Hi,
  Thanks for your quick response. I have gone through the document which you suggested. the document says to register through sooreg.sh script. I would like to register partner application using SSO Administration UI.
  When I log in to OSSO server, I have a option of registering the partner application, there in UI I have to specify, Home URL, Success URL and Logout URL.
  For me, my sso server and my application server resides on the different servers (systems). Please let me know which URLs I shoudl specify to register my partner application using UI.
  I mean, I want to know what should I specify in Home URL, Success URL and Logout URL
  Thanks & Regards,
  Yash Shah

• OID SSO Logout issue from the partner application

  As per the below link I am trying the logout functionality from the partner application,
  http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14078/tpsso.htm#i1011555
  The article talks about a logout url pattern, I am trying to execute the below from the partner application.
  https://single_sign-on_host:single_sign-on_ssl_port/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=done_url
  The issue I got is OID server is not redirecting to the p_done_url, it just stays in the same OID logout page, Do I have to create any configuration entry to get the redirection working?
  Thanks

  Hi All,
  Providing more information,
  What I get is the OID logout screen with two return buttons on top and bottom of the page.
  If I found is when I click any of those it goes to the p_done_url but What I want is
  instead of stopping in the OID logout page, auto redirection to the p_done_url,
  Can this be done.
  Thanks

• SSO Partner Application not working

  Hi,
  I have OBIEE running on a different box. I need to enable SSO for OBIEE. I deployed the analytics.war file in the home oc4j container of Oracle Portal and manually registered it as a Partner Application, made following changes in mod_osso.conf inside ORACLE_PORTAL_HOME/Apache/Apache/conf and restarted the apache server. But when I access the application it does shows me the SSO login page but after entering the credentials it throws internal server error. I checked the log files but don't see any errors in there so wondering what could be wrong.
  Here is what I have added in the mod_osso.conf
  <Location /analytics>
    Header unset Pragma
    OssoSendCacheHeaders off
    AuthType Basic
    require valid-user
  </Location>Any help is appreciated.
  Thanks

  please check your $ORACLE_HOME/sso/log/ssoreg.err and $ORACLE_HOME/sso/log/ssoreg.log and see if you have errors in your sso-registration.
  thanks!
  AMN

• Apex application registered with sso as partner application

  We have 1 apex app registered with sso and working properly.
  I just registered a new apex application with sso. when i authenticate through sso, it directs me to the originally registered application.
  I went in through the portal administrator app and verified my settings all pointed to the new application. I verified that my dad is set up correctly.
  Any ideas?
  APEX 2.0

  i did register and obtain the keys through portal admin.
  to ensure i used the proper keys (i guess there is a possibility i used the keys from db1 registration) i re-ran regapp with the right keys but recieved the following output:
  SQL> @regapp
  Partner Application Configuration
  Enter value for listener_token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
  Enter value for site_id: EFBE3E14
  Enter value for site_token: MSMXURH1EFBE3E14
  Enter value for login_url: https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admin.ls_login
  Enter value for encryption_key: 2EBDD126A3A40606
  Enter value for ip_check: N
  ERROR: Error in registration. Please try again
  User-Defined Exception
  Registration successful.
  Listener token: HTML_DB:050iasphttp.xxx.na.xxx.com:7777
  Site id : EFBE3E14
  Site token : MSMXURH1EFBE3E14
  Encryption key: 2EBDD126A3A40606
  Login URL :
  https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
  n.ls_login
  Logout URL :
  https://050iaspdb.xxx.na.xxx.com:4443/pls/orasso/orasso.wwsso_app_admi
  n.ls_logout
  IP check : N
  PL/SQL procedure successfully completed.
  Commit complete.
  No errors.
  SQL>
  ...in spite of the error, i aske the app developer to try and use sso for db2. he now recieves:
  User-Defined Exception
  Error Error in wwv_flow_custom_auth_sso.process_success:l_sso_user_name:l_sess_id:: Please contact administrator.
  OK
  any ideas?

• Registering a Partner application with Oracle SSO 10gR2

  Hi Everybody
  I'd like to ask a question around registering a partner application with Oracle SSO.
  I have entered my home_url, logout_url and cancel_url e.g. home_url is https://vevopuitest1.co.uk/vevo_test1 and so on for the other fields.
  When I save the details some information is automatically created e.g. Site Id, Site Token etc.
  The bit that I am particularly interested in are the fields Single Sign-On URL and Single Sign-Off URL.
  For my purposes these fields are respectively: https://cwassotest1.co.uk/pls/orasso/orasso.wwsso_app_admin.ls_login and https://cwassotest1.co.uk/pls/orasso/orasso.wwsso_app_admin.ls_logout
  My questions are:
  1. Where do these values come from?
  2. Can I view them anywhere, say, in Oracle Directory Manager or using ldif queries?
  I would like to be able to verify these values.
  Many Thanks
  Andy

  I'm afraid this won't answer your question completely, but AFAIK in principle it does not matter on which machine SSO is running, as long as it passes the user id and credentials properly through the HTTP Header. Even more: in practice it is very common to have SSO running on a different machine than where your app runs.
  So what I would do is find out how to use ADF Faces with SSO. Perhaps someone else can provide pointers on that.
  Jan Kettenis