Partner Application

Similar Messages

• SSO to partner application running under IIS

  Hi,
  We have a complete set-up for 9iAS Release2 where some applications are running. In parallell we have an application running under IIS, and would now like to enable the IIS application as a partner application to 9iAS letting the 9iAS SSO server handle the authentication.
  In the documentation of Oracle Proxy Plug-in I read that this proxy plug-in can be used to proxy requests from IIS to Oracle http server (OHS) and also in this way enable SSO.
  My question is if this can be done only for applications running under 9iAS but having IIS as web server, or if it is also possible like in our case to enable SSO via the proxy plug-in to applications runnind under IIS?
  If this is not supported is the only available solution to use the SSO SDK in my IIS application?
  Thanks and regards,
  Rikard

  Here's a DIY answer.
  See Metalink Note 269820.1 which shows you how to use Perl to overwrite the host name in the HTTP header and remove the port number.

• HOW TO SET UP PARTNER APPLICATION TO USE SSO OUTSIDE OF PORTAL

  If anyone knows how Portal switches context to run as the db user mapped to the lightweight schema and how it knows the db schema password please let me know.
  Should you have any queries please do not hesitate to contact me on 07775 896738.
  From document Oracle Portal Security Overview on PortalStudio.oracle.com:
  In Single Sign On mode (EnableSSO=Yes in the DAD), mod_plsql determines the name of the light-weight user and mapped database schema by calling
  WPG_SESSION_PRIVATE.GET_LW_USER and WPG_SESSION_PRIVATE.GET_DB_USER respectively.
  ** These calls are done using the Portal Schema (PORTAL30) and Portal schema password **
  mod_plsql then executes the procedure in the requested URL by using the N-Tier Authentication feature to connect to the database as the user returned from
  WPG_SESSION_PRIVATE.GET_DB_USER. ..... Note that N-Tier Authentication requires all schemas to be used for Portal user mappings to be granted 'connect
  through' privleges to the Portal schema (PORTAL30).
  The WWCTX packages are also used.
  So this is how it works with standard Portal
  - the document states that the WPG_SESSION_PRIVATE package is only accessible to the Portal schema
  - but I checked and it is also available to PORTAL30_SSO
  SQL> desc WPG_SESSION_PRIVATE
  PROCEDURE CREATE_SESSION
  Argument Name Type In/Out Default?
  P_COOKIE_NAME VARCHAR2 IN
  FUNCTION GET_DB_USER RETURNS VARCHAR2
  FUNCTION GET_LW_USER RETURNS VARCHAR2
  PROCEDURE GET_SESSION_INFO
  Argument Name Type In/Out Default?
  NUM_PARAMS NUMBER OUT
  PARAM_NAMES TABLE OF VARCHAR2(32000) OUT
  PARAM_VALUES TABLE OF VARCHAR2(32000) OUT
  PROCEDURE RESET_SESSION
  Argument Name Type In/Out Default?
  P_COOKIE_NAME VARCHAR2 IN
  In my case only the Login Server (PORTAL30_SSO) is going to be used/installed
  - the SAMPLE_SSO_PAPP application will only work if the DAD used to access is it set to use Basic authentication, i.e. the actual integration with the Login Server
  is done in the sample application code calls, stored in the database
  - when a DAD has enableSSO=yes it automatically accesses Portal (PORTAL30) packages to implement N-Tier authentication
  I'm currently testing:
  1. Configuring the SAMPLE_SSO_PAPP sample as documented with a DAD with Basic authentication
  2. Amending the ssoapp procedure to set context to another (db) user on successful authentication:
  wwctx_api.set_context (
  p_user_name => 'SCOTT',
  p_password => 'TIGER' );
  3. If this works then set_context with get_lw_user instead
  I have now amended the ssoapp procedure as follows to print out
  1. The userid entered when the login box is presented
  2. The Database user which the Portal Lightweight user is mapped to
  3. The Lightweight user Portal has used for authentication
  Amendments to papp.pkb:
  (ssoapp procedure, declare db_user_info and lw_user_info as VARCHAR2 in declare section)
  htp.p('Congratulations! It is working!<br>');
  db_user_info := wwctx_api.get_db_user;
  lw_user_info := wwctx_api.get_user;
  htp.p('User Information:' || l_user_info || '<br>');
  htp.p('DB User Information:' || db_user_info || '<br>');
  htp.p('LW User Information:' || lw_user_info || '<br>');
  The following shows the interesting results from my testing:
  - if the user owning the sample_sso_papp package is PORTAL30_SSO then the call to wwctx_api.get_db_user succeeds
  - if the user owning the sample_sso_papp package is a non-portal schema e.g. SSOAPP below the call to wwctx_api.get_db_user generates a User Defined exception
  Steps to test:
  Created new schema SSOAPP on the database
  - edited it in Portal and checked the use this schema for Portal users checkbox
  - created new Lightweight user SSO_LW in Portal, mapped it to SSOAPP schema
  - created new Lightweight user SSO_SCOTT in Portal, mapped to SCOTT schema
  - loadjava -user ssoapp/ssoapp@portal30 SSOHash.class
  - sqlplus portal30/portal30@portal30
  @provsyns ssoapp
  - sqlplus ssoapp/ssoapp@portal30
  @loadsdk.sql
  @loadpapp.sql
  Created DAD with basic authentication SAMPLE_SSO_PAPP
  - username: ssoapp
  - default home page: sample_sso_papp.ssoapp
  Registered the Sample SSO Partner Application with the Login Server and ran regapp.sql
  Commented out the calls to get_db_user in papp.pkb to avoid exception
  - called http://<server>/pls/sample_sso_papp
  - logged on as SSO_LW/sso_lw
  - got output:
  Congratulations! It is working!
  User Information: SSO_LW
  LW User Information: PUBLIC
  So the Portal lightweight user is not returned as SSO_LW
  if anyone knows why the Lightweight User in my test is returned as PUBLIC not SSO_LW
  Best Regards
  MIchael

  http://support.mozilla.com/en-US/kb/Changing+the+e-mail+program+used+by+Firefox

• SSO for partner applications

  Hi All,
  I have installed 10g AS Release 2 on a system. I also have Application Express(formerly HTML DB) installed on the same system. I registered one of the HTML DB applications as partner applications and have put SSO authentication for it.
  When I try to login the AS looks at the OID installed on the system(which I gave during installation). I want it to look at the Oracle gmldap.oraclecorp.com server OID so that only Oracle employees login.
  Can anybody tell me how to change the OID and what are the entries to be give to configure it to gmldap.oraclecorp.com server??
  Thanks,
  Swaroop

  See Task 3 in the Section 9.4 of the Oracle Application Server Administrator's Guide:
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/chginfra.htm#i1014978
  See the following for information about what to specify on each page.
  http://download-west.oracle.com/docs/cd/B14099_17/core.1012/b13995/reconfig.htm#i1013341

• SSO requires double login for partner application

  I'm having some trouble with SSO partner applications, when I login to a SSO protected application, the login works fine, but when I try to navigate to another application I'm presented with the login page again, the sso cookie seems to be working since clicking on the login button without entering the user credentials works. For example, I log in to portal and from there I navigate to a forms application that is on the same server and the same port (portal: https://apps.mydomain.com:4444/pls/portal --> forms: https://apps.mydomain.com/forms/frmservlet?config=app) I am presented with the login page and after clicking on the login button without entering any information everything works fine. This is happening for all the middle tiers that are connected to the same OID. Any ideas on what can be wrong on my configuration?

  Hi Andrey,
  The problem sounds really wierd.
  Can you check your SSO settings for your Portal ECC system? I mean, please check the User Management/Administration properties in your System Adminstration of Portal System that points to ECC.
  Regards
  <i><b>Raja Sekhar</b></i>

• SSO userid for a partner application

  Hi,
  We have one application deployed on WebLogic Application Server this is registred as Partner application over SSO server.
  On application side we have installed Oracle HTTP Server as webserver and configured mod_osso.
  Now when user attempt to access any secured page SSO askes for the authentication. And on successful login user landed back to application page configured while creating Partner application.
  After login we need userid of user who logged in on sso server. I have tried following and getting null.
  Remote User: <%=request.getRemoteUser() %>,
       Proxy-Remote-User: <%=request.getHeader("Proxy-Remote-User") %>
       Osso-User-Dn: <%=request.getHeader("Osso-User-Dn") %>
       Osso-User-Guid: <%=request.getHeader("Osso-User-Guid") %>
       Osso-Subscriber: <%=request.getHeader("Osso-Subscriber") %>
       Osso-Subscriber-Dn: <%=request.getHeader("Osso-Subscriber-Dn") %>
       Osso-Subscriber-Guid: <%=request.getHeader("Osso-Subscriber-Guid") %>
       Accept-Language: <%=request.getHeader("Accept-Language") %>
  output:
  Remote User: null,
  Proxy-Remote-User: null
  Osso-User-Dn: null
  Osso-User-Guid: null
  Osso-Subscriber: null
  Osso-Subscriber-Dn: null
  Osso-Subscriber-Guid: null
  Accept-Language: en-us,en;q=0.5
  Is any one there knows, what exactly i should do?
  Thanks & Regards,
  Kevin Chheda

  So the user has successfully authenticated and can access protected areas of the application?
  Have you tried using Http headers to see values/attribute names?
  Can you try this:
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
  <html>
  <body>
  <%@ page import = "java.util.*" %>
  <h1>Headers received:</h1>
  Remote user header is: <% out.println(request.getRemoteUser()); %>
  <p>
  <table>
  <%
  Enumeration headerNames = request.getHeaderNames();
  while(headerNames.hasMoreElements()) {
  String headerName = (String)headerNames.nextElement();
  out.println("<tr><td>" + headerName);
  out.println(" <td>" + request.getHeader(headerName));
  %>
  </table>
  </body></html>

• Sso session timeout per partner application

  Hello,
  I was just wondering if it is possible to configure SSO session timeouts per partner application? I'm looking to log out users of a particular application after 15 minutes, but don't want this change to affect any of my other SSO enabled applications. Is this possible?
  Thanks,

  Hi,
  I do not think so, you can not specify specail parameter for one application in SSO.
  Why because SSO is one component (within your Infra) through which you logon different apps.
  Another solution may be it will expensive is that you 'll need to use different infra for this specific application.
  Regards,
  Hamdy

• Partner Application Registration

  When using the Administer Partner Applications page, it appears the application is not being registered completely. The information does not appear in the WWSEC_ENABLER_CONFIG_INFO$ table, as has been suggested in prior posts (everything is fine in WWSSO_PAPP_CONFIGURATION_INFO$).
  I am attempting to deploy the SSO SDK demo PL/SQL application, which works fine when logged into Portal. However, when not logged into Portal, I receive the following errors:
  "Error in application: missing application registration information
  Please register this application as described in installation guide"
  This error is driven by the PL/SQL exception:
  "wwsec_sso_enabler_private.enabler_config_not_found"
  What am I missing? I have created several Partner applications, and none of them appear in the WWSEC_ENABLER_CONFIG_INFO$ table. I have sucessfully loaded the SSOHash into my partner schemas.
  Environment:
  Win2000
  Portal 3.0.7
  Thanks in advance...
  Dean

  Paul,
  Thanks for the info; however, I'm still unable to get the SSO SDK sample, or any partner app, to work.
  I have read the docs, what little there is, and followed the steps closely. Everything executes ok.
  I have several questions:
  1. When executing the REGAPP.SQL script that comes with the SDK, it indicates to login as the partner schema. I have noticed when running this script, the entry is stored in the partner schema table WWSEC_ENABLER_CONFIG_INFO$, not the one owned by Portal. Is this correct?
  2. My partner app is really a PL/SQL Server Page (PSP) application which uses the same server as Portal. When entering the Listener Token name, I have been using the same server name as Portal. Is this a problem? What is this token used for? Must it be unique for each partner application?
  3. In your response you mentioned changes to the REGAPP script. I found no mention of any changes in the docs with SSO SDK. Am I missing something?
  Finally, is there any better documentation for the SDK and/or partner application configuration. The readme and install files do not, in my opinion, pass as documentation.
  Thanks...
  Dean

• Partner application single sign-on and Oc4j

  hello,
  I'm trying to test portal's partner application single sign-on, following the examples inside the "Oracle9 iAS Single Sign-On Application Developers Guide":
  With Tomcat as jsp engine everything works fine, but with Oc4j when I try to enter the protected jsp page i have this exception:
  oracle.security.sso.enabler.SSOEnablerException: java.lang.IllegalStateException: OutputStream already retrieved
       at SSOEnablerBean.getSSOUserInfo(SSOEnablerBean.java:153)
       at SSOEnablerJspBean.getSSOUserInfo(SSOEnablerJspBean.java:57)
       at /protetta.jsp._jspService(/protetta.jsp.java:37) (JSP page line 4)
  Any suggestion?
  Thanks in advance.

  I get the same problem with my partner application. It runs fine on JServer but I get the following problem on oc4j:
  oracle.security.sso.enabler.SSOEnablerException: java.lang.IllegalStateException: OutputStream already retrieved     
  at oracle.br.aerochain.sso.SSOEnablerBean.getSSOUserInfo(SSOEnablerBean.java, Compiled Code)     
  at oracle.br.aerochain.sso.SSOEnablerJspBean.getSSOUserInfo(SSOEnablerJspBean.java, Compiled Code)     
  at /jsp/papp.jsp._jspService(/jsp/papp.jsp.java, Compiled Code)     
  at com.orionserver[Oracle9iAS (9.0.2.0.0) Containers for J2EE].http.OrionHttpJspPage.service(OrionHttpJspPage.java, Compiled Code)     
  at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.HttpApplication.serviceJSP(HttpApplication.java, Compiled Code)     
  at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.JSPServlet.service(JSPServlet.java, Compiled Code)     
  at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java, Compiled Code)     
  at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java, Compiled Code)     
  at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java, Compiled Code)     at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].server.http.HttpRequestHandler.run(HttpRequestHandler.java, Compiled Code)     
  at com.evermind[Oracle9iAS (9.0.2.0.0) Containers for J2EE].util.ThreadPoolThread.run(ThreadPoolThread.java, Compiled Code)
  Did anyone get a solution for this?
  TIA

• Partner Application in release 2

  Hello,
  I have to create a new PL/SQL partner application in the release 902.
  Where is the new sso sdk for the new Portal release?
  In the new pdk seems that it is the same of the 309 release (ssosdk307_032101 or ssosdk307)...
  And the pl/sql example code in the Oracle9 iAS Single Sign-On Application Developers Guide is not working...
  Can someone give me some feedback?
  Thank you and regards,
  Lorenzo.

  Lorenzo,
  Did you get any feedback on this posting? I'm also working with Release 2 (9.0.2) and is just about to start implementing the Java SSO SDK. The latest release of SSO SDK I've found is 307. According to the documentation this version supports SSO server 3.0.6 to 3.0.8, thus not Release 2. Please reply if you have any news regarding SSO SDK for Release 2.
  Best Regards,
  Rikard

• Partner application logoff not working

  We have a partner application registered with sso with custom login screen. The login works fine. We use the following code to logoff the partner application in logoff.jsp
  response.setHeader("Osso-Return-Url", "http://my.oracle.com" );
  response.sendError(470, "Oracle SSO");
  session.invalidate();
  but the logoff is not working properly. It is not invalidating the session and the logout http request is not going from the application server to the sso server.
  Are there any additional configurations for SSO logoff.Any help is appreciated.
  Thanks

  Hi
  The WF should also trigger if i add the Partner function in UI.If i change any Attribute the WF triggers but i dont want to change the attribute when i add the partner function.
  If i have only one event for WF that is Partner Change the WF will not trigger it for the 1st time when i save the UI. But next i come to the same saved doc and add a partner function then the Wf triggers.
  So this means that Partner change is active.
  the issue here is i need to trigger the WF on , the 1st time i save the UI, for which i wil be using Attribute Change and next time when i come back to saved doc the and add only the partner function and no changes are made to attributes the WF should again trigger.
  Thanks
  Tarmeem

• Partner application and web clipping.

  Hi All,
  I am trying to add an external application (say my.yahoo.com) to a webclipping and its throwing the below error in the application log.
  WC-517 : SSL handshake failed with the url ...
  I have checked the file ca-bundle.crt and the certificates are in place. Does anybody know how to go about debugging this problem as I am quite new to portals and at my wits end to solve it.
  Also I would be greatful if anybody can suggest me the steps on adding an Apex application configured as partner application with SSO authentication to a web clipping.There seems to be little or no-documentation at all in this regard(as far as my search goes).
  Thanks in advance
  -Venkat

  I finally got it working by VERY CAREFULLY reading the instructions in the install.txt document in the SSO SDK package. You have to set up the partner application with a new schema in the login server database, and run the regapp.sql script AFTER editing it to insert data from the Login Server Partner Application admin screen. After you register the partner app in Portal, it gives you some info (site token, listener token, encryption key, etc). You have to MANUALLY copy these and paste them into the regapp.sql script, then run the script in the partner app schema. Make sure you don't confuse capital I with numeral 1 (like I did, since Oracle so nicely uses a non-serif font where you can not tell the difference).
  Also make sure you copy the exact values for these parameters into your code when you use the SSOEnabler class. The listener token was very confusing since different documents appear to disagree on whether it should include the partner app name or not. It does require the partner app name:
  app-name:hostname:port
  hostname and port are for the web server that is handling http requests for the login server (usually your main portal web server).
  John H.

• Partner application configuration is missing error on SSO login page

  We have APEX 3.1.2 setup as a partner application and an application within APEX setup to use SSO for authentication. Following a link to the APEX application redirects to the Single Sign-On page, as it should, but it also shows "Error: The partner application configuration is missing or expired." I type in my password and username, click the Login button, and (if I entered my username and password correctly, of course!) then the APEX application is shown. So, I cannot figure out why we're getting the no_papp_err error and I have not found any solutions to that issue on Metalink or anywhere else on the Internet. Any ideas? I'm concerned that we have a misconfiguration somewhere that is causing this error and will affect any other partner application we setup in the future.
  We're on Oracle Portal 10.1.4, SSO 10.1.2, and SSL is setup on both infra and mid tiers.

  Did you try checking the partner application entries on the SSO-login server page?
  please login as orcladmin or some other user with membership in, i beleive, iasadmins group. verify that for this partner application, what you see here corresponds to the application URL. it looks like your login page call may have issues. so check for login url too.
  also check the ORASSO.WWSSO_LS_CONFIGURATION_INFO$ for entries corresponding to Apex application.

• Partner Application in SSO logout does'nt synchronize

  Hi All,
  I've setup two separate application on different workspace and different server as partner Application. I've follow the instruction from http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
  . And everything working fine, but the "logout" seen doesn't work correctly.
  Example: I'm login to Application "A" from single sign on homepage, after enter username and password, it direct me to Application "A". After that, i've click on Application "B" which also located on single sign on homepage and direct me to application "B" (that's correct). When I clicked on the "logout" link in Application "A" it work fine, but the other Application (B) doesn't log me out. I can do the normal work on Application "B" even the Application "A" already logout.

  Hi Scott,
  Thank you for your reply. I've read the two link above and I don't figure out how to resolve my problem yet. From the link: Logout URL for 9iAS SSO Partner App
  you said:
  Steve - Here's a logout URL that unsets the app's session cookie first, then goes to Single Sign-off, then back to a public page in the app:
  https://host:port/pls/DAD/wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:https://login.yourlogin.com/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=https://host:port/pls/DAD/f?p=&APP_ID.:PUBLIC_PAGECan set the authentication schema logout URL of application "A" something like: unsets app's session cookies first, then goes to Single Sing-off, then goes to Application "B" sign-off, and then back to a public page in the app. That way will be logout the Application "A", logout the Single Sign-On, and logout the Application "B" when i click on the "logout" link from Application "A". Am I correct?
  The other question is how can i get the SSO cookie. I've used the owa_cookie.get('cookie_name') function, but it doesn't work for SSO.
  Thanks,
  Kevin

• Partner application access to portal login info

  How can an SSO partner application (Java) tell whether or not a user has logged in to Portal?
  I need to log activity in a public application servlet, so I'd like to log the user as PUBLIC if not logged in or as their actual userid.
  I don't seem to have access to this info until the user has visited a secure part of the app.
  Any pointers would be appreciated.
  Thanks
  Rob

  DIY answer ...
  The cludge I used to get round this was ...
  Make a PL/SQL item which displays a Login or Logout link as appropriate, based on the current userid from portal.wwctx_api.get_user.
  The login link goes to a secure portal page called FORCE_LOGIN, passing a URL parameter called nextPageURL which contains the URL of the next page to show after the login is complete. You can use portal.wwpro_api_parameters.get_value( '_pageid', 'a'); to help build the current page URL if you want to retun to the current page.
  The FOIRCE_LOGIN page contains a PL/SQL item which builds an IFRAME whos src is a URL to my app servlet ForceLoginServlet, passing on the nextPageURL parameter. Use portal.wwpro_api_parameters.get_value( 'nextPageURL', 'a'); to help with that.
  The ForceLoginServlet is a secure servlet (set up in web.xml) so that forces a silent authentication to my app. All the servlet does is display HTML to redirect back to the URL in nextPageURL.
  Horrible! But it does the job.
  Anyone who know a better way of doing this, please tell me.
  Rob

• SSO Partner Application not working

  Hi,
  I have OBIEE running on a different box. I need to enable SSO for OBIEE. I deployed the analytics.war file in the home oc4j container of Oracle Portal and manually registered it as a Partner Application, made following changes in mod_osso.conf inside ORACLE_PORTAL_HOME/Apache/Apache/conf and restarted the apache server. But when I access the application it does shows me the SSO login page but after entering the credentials it throws internal server error. I checked the log files but don't see any errors in there so wondering what could be wrong.
  Here is what I have added in the mod_osso.conf
  <Location /analytics>
    Header unset Pragma
    OssoSendCacheHeaders off
    AuthType Basic
    require valid-user
  </Location>Any help is appreciated.
  Thanks

  please check your $ORACLE_HOME/sso/log/ssoreg.err and $ORACLE_HOME/sso/log/ssoreg.log and see if you have errors in your sso-registration.
  thanks!
  AMN