SSO and external applications

Hello folks,
Due to my inexperience with PS6, I'm looking for some high-level outline that will help me look in the right places and understand things better here.
I have an external application that requires authentication via a web form (or by attaching the username and password on the URL as parameters).
What I want to do is have a channel of this application and utilize information from the SSO mechanism to redirect the request to that remote app and provide the credentials for a transparent login.
From what I understand this can be done by having a servlet in that channel to retrieve the credentials of the user for that remote application from the SSO and then redirect to the external application, attaching the credentials to the URL.
Is the above correct? I would appreciate any pointers or considerations since my experience with PS is minimal.
Thanks in advance,
Manos

I don't see a way to that servlet to retrieve a password for the user - it's not stored in the session.
There are following options:
1. OpenText LiveLink way: You have some "hidden" password for every user (based on user's ID and a shared key) known only to your server and this servlet. Servlet will supply this password.
2. Normal way - web server: Implement login module to this application, which will trust REMOTE_USER variable provided by the agent on the web server.
3. Normal way - standalone app: Implement login module to this application which will validate DSAME session cookie on the DSAME server. You can use example code in the SUNWam/samples/ of your server.

Similar Messages

  • Single Sign-On and External Applications Portlet

    I would like to know how complicated would be to call an External Application with SSO (like Hotmail), outside the External Applications Portlet.
    We have defined around 10 external applications with SSO,they worked fine.
    but due to look&feel issues, we would like to put them in a content area , like items that when the user clicks, takes them to the external application and performs the single sign-on.
    Any advice will be appreciated.
    tks!!

    Maria, I was experimenting with this last night, to answer your question, and I think a cool way of doing this would be the following:
    Create a custom attribute called "App ID" - make this a NUMBER type. This is where the external application id will be stored.
    Create a custom item type: "External Application"
    You have two options for the base type: either "URL" or "<None>". If you pick URL, then you can have the item contain the URL for fapp_process_login, but this is not advisable because it will require the administrator to type in this long URL every time a new application is added.
    If you select base type URL, you should use that URL to let the administrator provide a URL to the application's homepage, or a help page or something of that sort.
    Edit the newly created item to set the Attribute and Procedure properties.
    Add the "App ID" attribute - no default.
    On the Procedure tab, add the following procedures (called as HTTP), each with the App ID passed as "p_app_id":
    Login http://server.domain.com/pls/portal30_sso/portal30_sso.wwsso_app_admin.fapp_process_login
    Edit http://server.domain.com/pls/portal30_sso/portal30_sso.wwsso_app_admin.edit_fappuser
    That's it!
    Add the new custom item type to a folder, and all the administrator needs to do is set the title, and App ID for the new item.
    Excercise for the Reader
    You will notice that clicking on the Edit link will take you to the login server when you are done editing the credentials. To avoid this, pass another parameter to the edit procedure - p_done_url, and set a value for that to point to the page that you want to go to after editing credentials.

  • Single Sign-on and external applications

    Hi,
    Someone might be able to point me in the right direction about this.
    I have registered each of my applications as external applications within Oracle Portal in order to avail of single sign-on.
    This is fine to a point, but registering applications in this way still requires the user to enter a username and password once in order to login to the application the first time they use it, even though they have already logged into the Portal. As long as the user doesn't log out of the application they can close their browser and when they come back to the application they are still logged in.
    None of the applications I use are oracle partner applications.
    My problem is that I want to avoid the user having to log in to the application the first time they use it.
    Ideally they should login to Portal once and then any subsequent applications they access, they are automatically logged into them without having to enter a username and password.
    Is there a way to do this or will I have to write a custom login for each application to circumnavigate this first time using the application login issue ?
    Are there any docs that someone could point me at.
    Many thanks,

    Maria, I was experimenting with this last night, to answer your question, and I think a cool way of doing this would be the following:
    Create a custom attribute called "App ID" - make this a NUMBER type. This is where the external application id will be stored.
    Create a custom item type: "External Application"
    You have two options for the base type: either "URL" or "<None>". If you pick URL, then you can have the item contain the URL for fapp_process_login, but this is not advisable because it will require the administrator to type in this long URL every time a new application is added.
    If you select base type URL, you should use that URL to let the administrator provide a URL to the application's homepage, or a help page or something of that sort.
    Edit the newly created item to set the Attribute and Procedure properties.
    Add the "App ID" attribute - no default.
    On the Procedure tab, add the following procedures (called as HTTP), each with the App ID passed as "p_app_id":
    Login http://server.domain.com/pls/portal30_sso/portal30_sso.wwsso_app_admin.fapp_process_login
    Edit http://server.domain.com/pls/portal30_sso/portal30_sso.wwsso_app_admin.edit_fappuser
    That's it!
    Add the new custom item type to a folder, and all the administrator needs to do is set the title, and App ID for the new item.
    Excercise for the Reader
    You will notice that clicking on the Edit link will take you to the login server when you are done editing the credentials. To avoid this, pass another parameter to the edit procedure - p_done_url, and set a value for that to point to the page that you want to go to after editing credentials.

  • SSO for External application not part of the portal framework

    Greetings,
    I am desperate!!!
    I am trying to do the following:
    I have a pl/sql application that presents to the user a set of external applications links.When the user activates a link, I would like to make a call the SSO server so it can do external application login.
    I know I can configure the external applications as described in the SSO admin guide.
    Unfortunately the API to query the SSO server for external application mapping is not public.
    ANY IDEAS ON WHERE I CAN GET THIS INFO??
    Every thing I have read says that external applications can be accessed through Portal. This is not my case. I can use any packages or classes available by the SSO server to portal, but MY APPLICATION IS NOT A PORTAL.

    I have similar kind of requirements for Single sign-on to external web applications.
    But in my applications I have to auto-generate random userid & password for different external web applications.
    These uids & password are exported to external applications, which upon recieving creates user in their applications.
    So, actual user will never have access to these credentials(uid &pwd).
    So, how can I cutomize the Portlets to do the first time SSO when user is created & their credentials to external apps are stored to OID.
    Any idea Barry..
    Bye

  • SSO for external applications

    Hi,
    We are using SSO to integrate with external applications. There is a need to open the third party application from eBusiness Center when we click on a button. Can anyone guide me how SSO invokes the external application when you click on any link for the same. I need to invoke the URL same way from the button click as well.
    Thanks,
    Viral

    Hi,
    Can anybody help regarding the same?
    Thanks,
    Viral

  • Login URL and External Applications

    Are there any guidelines for finding the login URL's for External Applications? For example, if you want to set up E*Trade as an External Application, you go to https://www.etrade.com and look at the source. You find that form that submits the user id and password is thus:
    <form name="myForm" action="/login.fcc" method="post" autocomplete="off" onsubmit="return populateTarget();">
    However, setting the login URL to https://www.etrade.com/login.fcc fails.
    Any suggestions on how to form this?

    I went to https://www.etrade.com and looked at the source. I didn't get the same source that you got -- pI don't know why. I am in the United States, and perhaps you are notm and that makes the difference.
    In the source I saw, the login <form> tag was:
    <form name="myForm" onSubmit="doMagic()" method="post" autocomplete="off">
    Looking at the javascript function "doMagic" I noticed that it sets two cookies before doing the submission. The "login.fcc" page may be failing the login request for lack of these cookies.
    I also noticed that the script sets the action HREF with
    document.myForm.action = "https://us.etrade.com/login.fcc";
    (in the case where the locale is US).
    Perhaps you need a specific country host for "login.fcc", not www.etrade.com.
    -- Joshua

  • Problem with Web Clipping and External Application

    When I use Web clipping with INLINE rendering on usual sites I can move under links, not leaving a portal.
    But if I try to make it via the self-made provider with External Application then links do not work.
    I press them and it appear in the same place!
    Authorization via External Application passes successfully, that is the page is displayed correctly.
    But links do not work.
    In what there can be a problem?
    Oracle Application Server 10g Release 2 (10.1.2)

    In order to prevent some urls and internal websites from being cached use url bypassing. This way these urls will not be cached and the users can directly use them without being asked to log in.
    To enable transparent error handling and dynamic authentication bypass, and to configure static bypass lists, use the bypass global configuration command. To disable the bypass feature, use the no form of the command.

  • Internal and External application tier File move

    Hi all,
    I am new oracle apps R12 with 3 tier instance.
    We are created the oracle apps R12 instance with 3 tier. Two tier is Application tier and one tier is Database tier.
    The data base tier is common for both application tier. The issue is, we are moved the all customized Development works into only one application tier (i.e. Internal tier). So we are not moved the all customized Development work into second application tier (i.e. External tier).
    My question is, we are not moving all customized work into both application tier means , is there any issue will occur ?
    How can we handle my customized works both application tiers( i.e. Internal and external tiers) ?
    Please help,
    Thanks,
    Prab.

    Hi;
    They are questioning me why we have to do that.Answer is easy, You can mention for ebs stability all nodes should be on same level :) If they push you more please show metalink notes which is already sharing by Hussein Sawwan. If they still persist say them you will go wiht SR and confirm wiht support ;)
    PS:Please dont forget to change thread status to answered if it possible when u belive your thread has been answered, it pretend to lose time of other forums user while they are searching open question which is not answered,thanks for understanding
    Regard
    Helios

  • Choosing between external and partner application and problem with login

    We have an application on Oracle App Server 10.1.3.3 and we have an OID server.
    I had taken this for granted that I should define the application as 'Partner Application' and not external application for single sign on.
    Now that we need the 'PASSWORD' retrieved by application, we are considering defining it as an external application.
    There are at least two problems I have encountered defining the application as external:
    1. 'pageConfig:serverDate' is among the login form's inputs in the login page, but I can't set it in orasso 'Edit External Applications' page
    2. After login using SSO as external application and when I click on the application's new link, the login page is shown with the username and password field filled, but I have to click on login button anyway (no automatic and invisible login).
    I will be very grateful if someone gives a general view on the differences between external and partner, whether in this case external has to be used or partner and finally give some comment on my specific problem with login button and manual login.
    Thank you

    Just some information :
    - The problem with LOGIN page exists. I don't have that problem with for example GMAIL when defined as external application, but with my applications in Oracle Application Server.
    - There is also another thing I don't understand. The link to external application is something like:
    javascript:open_jwindow('../ealogin?ID=76D4766','76');
    and couldn't be executed outside pls/orasso
    in other words we can't give that to our users, can we? They should login to orassso and see that?
    We don't want to involve them in Identity Management...
    Any help is appreciated....
    Regards

  • External Application without portal ?

    Hi all
    I have several applications built in JSP + BC4J , deployed in Oracle Application Server 10G (9.0.4) , operating system is windows 2000 server.
    Application server middle tier and infrastruture are in the same server.
    I have added all applications to SSO as External Application
    I'm not using Portal, so, how can i make this applications "visible" to end user ?
    Should i built and JSP page wich lists all External Applications, asks for login/password if authentication cookie not exits ??
    is there any other way of doing it without portal ???
    Best Regards
    Rui Madaleno

    Rui,
    actually the External Applications implementation is completely separate from the Portal and does not require it to function. (The external Applications Portlet is a simple interface to expose the list of external applications.
    If you are looking for a simple interface to expose the list, it is much as you describe. Building a simple Partner application which has links referencing the appropriate SSO server URLs. Storing the links in a table and simply querying them allows for a simple interface that can be secured/modified withour haveing to change the page itself.

  • Username and Password is sent as clear text while accessing external Application

    While accessing external application from SSO, the username and the password is sent as a clear text even though the form method is given as POST. Actually the potal opens a new window and it disables the address bar. Still the user name and password is visible in the status bar. Is there any wor around for the same

    <S12:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu= "...">
    <S12:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:Username>TestUser</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TestPassword</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    </S12:Header>
    </S12:Envelope>

  • Load username and password for external application?

    How to load username and password for external application?
    For each user, we should take its Portal username and password for one specific external application. How to do that ?
    Regards.

    ABSOLUTLY YES !!!!
    We already know the external application login information for each user and we want to by pass this user task. (Specially because the user itself doesn't know its username/password for the external appli). In fact we are trying to integrate IStore product to Portal by using this mechanism.
    <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by Kamalendu Biswas ([email protected]):
    If you define an external application then SSO users can populate user information by themselves.
    Are you syaing that you want to populate user information automatically (bulk lodad)?<HR></BLOCKQUOTE>
    null

  • External Application username and password

    Hi All,
    I need a specific requirement. When the user login to externa application first time, whether it stores this username password in any table or somewhere.. Actually i need external application username and password for other purpose. I need that in another application i.e. outside of the External Application. How to call that API to get that info. Is there any otherway to get that.
    I thought of doing that, with the use of ExternalPrincipal class, but for we need SSO username and password to instatiate that class. I got some info that, we cannnot get the SSO password. Is there any way to get SSO password. Please help me in this regard.. It is very urgent for me..
    Thanks
    Damodar

    The username and password for a particular external application is stored in the WWSSO_APPUSERINFO_T table in the ORASSO schema. The external application is referenced via the app_id, which corresponds to an external application identified in the WWSSO_APPLICATION_INFO_T table in the ORASSO schema.
    To get the ORASSO password in OID, use my GETPASS.CMD file found in my Knowledge Exchange. This file also extracts the passwords for PORTAL, ORASSO_PA and ORASSO_PS.
    HTH
    LLB

  • Oracle9iAS R2 - Virtual Hosts with Portal and SSO with OIDDAS application

    Hi!
    I have installed a the machine with name minsk.discover.local. The machine have installed Infrastructure and Portal. The instalation is sucessfull and i work fine. But i have publish Portal to WEB with name intranet.discover.com.br. The Oracle describe:
    1 - Create the virtual hosts in SSO and PORTAL - OK
    2 - run ptlasst to create SSO Partners Applications - OK
    After this steps iwork fine with Portal and SSO, but when i click in portlet to create user to access the application OIDDAS, the Portal redirect to login page of SSO in address mct.com.br, the internal name, when then name not responde in the internet.
    I need a help!!!!
    Marcio Mesti

    I just spoke to the Oracle App server admins, the two servers in question are clustered.
    So my question changes slightly to:
    What is the best way to install and configure a webgate for clustered Oracle App servers with mulitple virtual hosts, that are residing behind a load balancer (Traffic Manager)?
    Thanks,
    Andy

  • Register external application as partner application on OSSO

    Hi All,
    I am using OracleAS Single Sign-On. I want to integrate Stellent Universal Content Management(UCM) with OracleAS Single Sign-On.
    Can someone please let me know how to achieve this?
    Also I would like to know, how can I register external application as a partner application in OracleAS Single Sign-on?
    Thanks & Regards,
    Yash Shah

    Hi,
    Thanks for your quick response. I have gone through the document which you suggested. the document says to register through sooreg.sh script. I would like to register partner application using SSO Administration UI.
    When I log in to OSSO server, I have a option of registering the partner application, there in UI I have to specify, Home URL, Success URL and Logout URL.
    For me, my sso server and my application server resides on the different servers (systems). Please let me know which URLs I shoudl specify to register my partner application using UI.
    I mean, I want to know what should I specify in Home URL, Success URL and Logout URL
    Thanks & Regards,
    Yash Shah

Maybe you are looking for

  • Opening Sony's ARA (RAW) format in PS Elements 9

    I use PS Elements 9, with the Adober Camera Raw plug-in installed (ver. 6.5.0.216) but cannot open Sonly's ARW format file, (RAW from Sony's a6000 mirrorless camera). The Adobe support page for this plug-in shows that it's compatible with PSE 9 and a

  • Operating a Waveform Chart Backwards and Forwards

    I want to acquire data to a waveform chart. I want to be able to reverse the direction of my acquisition so as to overwrite the data that I have just acquired when needed and then go back forward - and so on. Does anybody know how I might be able to

  • How to disable Refresh,Reload in browser and user should not allow to multiple browser sessions ?

    Dear All, How to disable Refresh,Reload in browser and end user should not allow to multiple browser sessions in portal.Where we need to configure the settings or any code in masthead or any other component. My server version is 7.4 - SP5 .Please hel

  • Why my ipad 2 battery won't charged to 100 but only 50

    Hi guys, I just bought my iPad 2 a month ago and now realized it that the battery life only 50 . It was 100 percent when I first charged . Then it dropped to 90 , 85, 75 NOW 50 . I bought my iPad with my dad but his iPad doesn't seem to have this pro

  • Stress out Java Compiler API

    any1 know how to display the error message when the compilation is not done?? the compiltion process is ok, but, if the compilation isnt done, there will be no error messages..           JavaCompiler JCompile=ToolProvider.getSystemJavaCompiler();