SSO Enabling a custom application with OAM
Hi All !
Am a bit stuck on a problem and need some urgent help. Actually we are trying to launch some custom-built (J2EE/.NET) web applications from the Oracle Portal with SSO i.e. once the user logs into the portal he would not have to log-in again to the applications which would be launched from the portal home page.
We have successfully integrated the Oracle Portal with the OAM SSO, but facing some problems with SSO enabling the custom applications. Any help on what should be the ideal integration architecture and approach for SSO enabling the apps with minimum amount of modification of the application code.
The licenses are available for OID, OVD, OAM.
Thanks in advance. Any views/comments/links to useful material appreciated.
Cheers
Soumak
If your custom application uses its own database for Authentication, then you have to modify the login process for your application. i.e. you have to trust the OAM to have done the authentication and then create any custom cookie that your application might use in its landing page.
I am assuming that your custom application have some way of tracking if the user has logged in or not. You can protect the Custom application URL within OAM and once the user has logged in you can then generate your custom application cookie.
Even if you use OVD, you stil have to modify login process in your custom appliation to trust the third party to have done the authentication.
Thanks
Ram
Similar Messages
-
Customizing Applications with MDS
I have been investigating static customization using MDS and have read through [Customizing Applications with MDS|http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/customize.htm] (and the seemingly identical copy in JDeveloper's Help Center). However, I have been unable to customize my application because I get this error (some parts have been abbreviated) when starting JDeveloper with the Customization Developer Role:
Error initializing MDS configuration for application "file:/C:/Documents and Settings/..._adf_main.jws". Customizations disabled for this application. MDS-00035: cannot load the class: oracle....uiview.IndustryCC.
The problem is that I do not know how to add the particular class to JDeveloper's classpath as instructed in section 33.2.1.4 of the documentation. I have added my class to JDeveloper's classpath via dropping a .jar into lib/ext of the JRE but then had horrible dependency troubles.
While walking through the documentation, I discovered that Example 33-1 and its surrounding documentation are out-of-date because getIDPrefix() is final in CustomizationClass and thus cannot be overridden as the documentation instructs.
I am using JDeveloper Version 11.1.1.1.0 Build JDEVADF_11.1.1.1.0_GENERIC_090421.1521.5361.
How do I successfully enter customization mode for my application?Thank you. I got it working.
All I needed was the path provided at Create and Deploy a Customization Class, item 7.
I will note that the documentation does not have any slashes in its path:
<JDEVELOPER_HOME>jdeveloperjdevlibpatches<jar_file_name>
I got it to work after I copied the jar file I had already prepared to:
<JDEVELOPER_HOME>/jdeveloper/jdev/lib/patches/<jar_file_name> -
Customizing Application with MDS
Dear OTN users,
I have read maybe everything in the web what can found for MDS and find many solutions but can`t solve my problem. I want very simple thing - to have one user to change for example columns in one table and after that this table to be visible for all other users with this view. But when other users make some change I don`t want to reflect to view. I am using JDeveloper 11.1.1.1.0 and use my own user authentication and authorization. I thing for solving this problem maybe must write my customization classes to provide this functionality. Maybe if I can revert the example of layered customization with two page`s will be work for me. Other way that I was thinking is to put component "Select Many Shuttle" and some other for customize the tables columns and dimensions. So my question is can I solve my problem with MDS or is better to find some other features in Oracle ADF. Thank you for help.
Best Regards!
Radostin StefanovHi,
it sounds that you would need to change the MDS layer directly for a specific customization layer since there is no setting that allows only a single person to perform changes for the rest of the users. Looking at the MDS JavaDoc published on OTN
http://download.oracle.com/docs/cd/E15523_01/doc.1111/e14776/toc.htm
it seems that the runtime APIs are not public. Any chance for you to use seeded customization and have the changes applied using Oracle JDeveloper - or is the customization something that needs to be created dynamically on the fly
Frank -
Hello,
We're currently using PLSQL toolkit developed applications with Oracle SSO. We're looking to upgrade to OAM in the near future and would like to verify if we can use these PLSQL toolkit applications with OAM. Will this be a problem for us?
Thanks for any information or insight.
ArielColin,
One more question pertaining to this is
earlier i was not using any valid host:port combinations in host identifier. it was generic string equal to the the name of host identifier.
But now after changing servercache to form and modifying the login form to return OAM_REQ, i have to put valid combinations in the host identifier. without that it shown Bad Access Manager error and in the logs:
[2013-10-29T08:27:41.002-06:00] [oam_server2] [WARNING] [OAM-02073] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c72ab7e1931dad2b:-ad6b939:1420484d41b:-8000-0000000000000014,1:27010] [APP: oam_server#11.1.2.0.0] Error while checking if the resource is protected or not.
[2013-10-29T08:27:41.003-06:00] [oam_server2] [ERROR] [OAM-04029] [oracle.oam.proxy.oam] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c72ab7e1931dad2b:-ad6b939:1420484d41b:-8000-0000000000000014,1:27010] [APP: oam_server#11.1.2.0.0] Error in generating AMEvent. Details Event Response status is STATUS_FAIL for GET_AUTHN_SCHEME event. Error code OAM-02073 status fail isExcluded false
Could you please explain the behaviour.
Thanks in advance. -
hi friends
I want to find custom application with all information by using database
thanks
Yogeshuser11972687 wrote:
hi friends
I want to find custom application with all information by using database
thanks
YogeshThere is no direct way to get this list unless you have it documented or you followed the naming conventions -- https://forums.oracle.com/forums/search.jspa?threadID=&q=Custom+AND+List&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
Please search the forum before posting similar questions.
Thanks,
Hussein -
Location for class files for the custom application
Hello everyone.
I want to create new custom application with the short name as "myapp". According to convention what should be the namespace? Should it be mycompany.app.myapp or should it have oracle somewhere in the namespace?
- YoraHi Yora,
Package Structure for Standard Application like below
oracle.apps.myapp.webui //Structure for Page and Region.xml(PG.xml,RN.xml,CO.class)
oracle.apps.myapp.server //Structure for .class files(VO,AM)
Package Structure for custom Application like below
mycompany.oracle.apps.myapp.webui //Structure for Page and Region.xml
mycompany.oracle.apps.myapp.server //Structure for .class files
Thanks,
Dilip -
SecurityContext userName with OAM SSO
Hi,
We need to get the logged in userName property from the securityContext(). We are using OAM for SSO.
The code #{securityContext.userName} works fine when we used Basic login process with OAM and we get the logged user info, but we need to use Form based login and when we change to Form based we keep getting "anonymous" and can't get any property from the securityContext.
Didn't find any solution for this.
Has anyone dealt with similar issue?
ThanksThanks for all the replies.
I am working with another colleague who is configuring OAM and so have been testing different configurations.
We are using WebCenter 11.1.1.5 and OAM 10g (10.1.4.3) and OAM is used as the SSO for OBIEE and other oracle apps. My application is a custom Portal app and we are not yet using Spaces.
Access to all applications URLs, including WebCenter are protected by OAM configuation and Webgate. users for now will use an ID/pwd to login. But later they can also use a certificate.
No security configuration was done at the WebCenter app side and the Login Authentication in web.xml was not set.
In the WebCenter admin console we configured the OAM as a provider and added
- "OAM ID Asserter" configured OAM_REMOTE_USER as the SSO Header Name and as the Active type assertor (didn't add obSSOCookie) and "OIDAuthenticator".
We have no issues to login and if we used OAM Basic authentication. We always get the logged user fine in the securityContext.
When changed OAM to use Form based authentication the loggin worked but get anonymous in securityContext.
I am trying to get the securityContext from a custom JSPX page and from a Managed Bean (both work with Basic but not Form based)
I will test with the:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
The question I have is do I need to configure WebCenter in other ways than to what I mentioned above? (currently don't see the need since OAM does the work of the authenticating and Asserting and worked with Basic authn.)
1. I see in Jdev in the web.xml security has: Login Authentication (which will test with CLIENT-CERT), security roles and security Constraints. DON'T see for the need to configure the last two since will have the user roles in OID and securityContext have a method to get the user Roles.
2. Do I need to enable for the WebCenter application ADF security and add "ADF Authentication and Authorization" ?
Will provide more updates when we validate and tests the configurations.
Thanks -
SSO login for custom BO SDK Application
Hi,
I am trying to build custom application using BO SDK. Requirement is application should be SSO configured.
Below is my sample code of JSP
<%@ page import = "com.crystaldecisions.sdk.framework.ISessionMgr"%>
<%@ page import = "com.crystaldecisions.sdk.framework.IEnterpriseSession"%>
<%@ page import = "com.crystaldecisions.sdk.exception.SDKException"%>
<%@ page import = "com.crystaldecisions.sdk.occa.infostore.IInfoStore"%>
<%@ page import="com.crystaldecisions.sdk.framework.CrystalEnterprise" %>
<%@ page import="org.ietf.jgss.GSSCredential"%>
<%@ page import="org.ietf.jgss.GSSManager"%>
<%@ page import="com.businessobjects.sdk.credential.CredExtractor"%>
<%
GSSCredential creds = null;
GSSManager manager = null;
CredExtractor credExtractor = new CredExtractor(request);
creds = credExtractor.GetCredential();
manager = credExtractor.GetManager();
ISessionMgr sm = CrystalEnterprise.getSessionMgr();
IEnterpriseSession enterpriseSession = sm.logon(creds, manager, cms, authentication);
IInfoStore infoStore = (IInfoStore)enterpriseSession.getService("", "InfoStore");
String token=enterpriseSession.getLogonTokenMgr().getDefaultToken();
String myUserID=enterpriseSession.getUserInfo().getUserName().toString();
session.setAttribute("myUserID",myUserID);
session.setAttribute("token", token);
session.setAttribute("InfoStore", infoStore);
session.setAttribute("enterpriseSession",enterpriseSession);
response.sendRedirect("home.jsp");
%>
i am redirecting to home.jsp and on home.jsp page i am just displaying userID whish is set in above code
I am deploying my application on server which is SSO enable (Vintela)i have made the necessary changes in web.xml file also
below is my web.xml file
<filter>
<filter-name>authFilter</filter-name>
<filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>
<init-param>
<param-name>idm.realm</param-name>
<param-value>abcd.AD.some.COM</param-value>
</init-param>
<init-param>
<param-name>idm.princ</param-name>
<param-value>abso/SYSBODEV.abcd.ad.some.com</param-value>
</init-param>
<init-param>
<param-name>idm.keytab</param-name>
<param-value>C:\winnt\sysbodev.keytab</param-value>
</init-param>
<init-param>
<param-name>idm.allowUnsecured</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>idm.allowNTLM</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>idm.logger.name</param-name>
<param-value>simple</param-value>
<description>The unique name for this logger.</description>
</init-param>
<init-param>
<param-name>idm.logger.props</param-name>
<param-value>error-log.properties</param-value>
<description> Configures logging from the specified file. </description>
</init-param>
<init-param>
<param-name>error.page</param-name>
<param-value>/frame/errorSSO.jsp</param-value>
<description>The URL of the page to show if an error occurs during authentication.</description>
</init-param>
</filter>
<filter-mapping>
<filter-name>authFilter</filter-name>
<url-pattern>/frame/frameset.jsp</url-pattern>
</filter-mapping>
but i am getting error saying VSJ authentication was not performed for this request.
can any one help me ouot where i am going wrong
Edited by: Asraf_Shaikh on Aug 25, 2011 6:39 PMHi ivan,
since i was busy with something else, so i could not logging to the forum and reply on time, anyways if your problem is still not solved.
then follow the approach ( this is for java only)
1. see if you can access infoview application , if yes then check web.xml file and try to uncomment the comment elements in web.xml file.
2. check the jar file needed for sso , like credential.jar. you can take all the jar file from infoview application
below is my code for sso login( only the important things i am putting rest you can manage)
imports
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import com.businessobjects.sdk.credential.CredExtractor;
import com.crystaldecisions.sdk.framework.CrystalEnterprise;
import com.crystaldecisions.sdk.framework.IEnterpriseSession;
import com.crystaldecisions.sdk.occa.infostore.IInfoStore;
code
GSSCredential myCredential = null;
GSSManager myManager = null;
CredExtractor myCredExtractor = new CredExtractor(request);
myCredential = myCredExtractor.GetCredential();
myManager = myCredExtractor.GetManager();
String myCmsName = getServlet().getServletContext().getInitParameter("cms.default");
IEnterpriseSession myIEnterpriseSession = CrystalEnterprise.getSessionMgr().logon(myCredential,myManager, myCmsName, SEC_WINAD);
IInfoStore myIInfoStore = (IInfoStore) myIEnterpriseSession.getService(PortalConstants.EMPTYSTRING, PortalConstants.INFOSTORE);
you can put try catch block -
web.xml file
<filter>
<filter-name>authFilter</filter-name>
<filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>
<init-param>
<param-name>idm.realm</param-name>
<param-value>HODC.AD.abc.COM</param-value>
</init-param>
<init-param>
<param-name>idm.princ</param-name>
<param-value>BOSSO/SYSBODEV.hodc.ad.abc.com</param-value>
</init-param>
<init-param>
<param-name>idm.keytab</param-name>
<param-value>C:\winnt\sysbodev.keytab</param-value>
</init-param>
<init-param>
<param-name>idm.allowUnsecured</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>idm.allowNTLM</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<description>The unique name for this logger.</description>
<param-name>idm.logger.name</param-name>
<param-value>simple</param-value>
</init-param>
<init-param>
<description>Configures logging from the specified file.</description>
<param-name>idm.logger.props</param-name>
<param-value>error-log.properties</param-value>
</init-param>
<init-param>
<description>The URL of the page to show if an error occurs during authentication.</description>
<param-name>error.page</param-name>
<param-value>/JSP/failure.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>authFilter</filter-name>
<url-pattern>/logon.do</url-pattern>
</filter-mapping>
above code is working , so if you can follow the same,it should work for you also.and it for secWinad and sso is vintela
let me know the status -
How to protect an application running on IIS with OAM 11gR2
Hello Gurus,
I have a question regarding protecting an application running on IIS with OAM 11gR2. We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page. These is all solaris. I am protecting other applications like pplsoft moduels with this OHS instance and OAM server. There is another application that I need to protect which is itself running on IIS windows machine. I need guidance as to -
1.) Do I need to install a windows version of webgate to protect this IIS based application?
2.) Or I can still protect and proxy requests from this application to current OHS instance? How can I do this?
3.) Or Do I need to proxy requests directly from IIS to OAM weblogic server?
Please advise to the earliest as this is an urgent issue.
Thanks !!From your description it is not clear how exactly architecture looks like
We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page.
is this OHS centralized login farm ? (Case 1)
OR is this OHS server (with webgate) acting as virtual web server hosting multiple web sites so that request to any site passes through this OHS/webgate (Case 2)
1.) Do I need to install a windows version of webgate to protect this IIS based application?
If case 1 then you need to install 10g webgate on top of IIS server to protect this application
If case 2 then you can just proxy request from OHS to IIS server. As every request passes through OHS user will be authenticated before request hits IIS
Look at Product documentation for virtual web sites : http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/shared.htm#autoId12
It has steps to protect virtual web sites.
Also you need to make sure no one hits IIIS web sites directly.
Hope this helps -
How enabled Single Sign-On with a System SAP WAS ABAP (Run application BSP)
Hi.
I need to run any application BSP from a System SAP WAS ABAP, without entering SAP user and password. Using the windows authentication and without SAP Enterprise Portal.
What authentication methods I have to apply for enabled Single Sign-On with a System SAP WAS ABAP?.
And How can I enabled this method?.
Best regards.
Luis Gomez.Hi Ticiano,
SAP WebAS ABAP supports a number of authenticaiton mechanisms. See
[http://help.sap.com/saphelp_nw04s/helpdata/en/02/d4d53aa8a9324de10000000a114084/frameset.htm]
A number of these authentication mechanisms can be combined with Windows authentication (e.g. SNC, client certificates, ...).
The decision what mechanism fits best depends on critieria like
- SAP server platform
- security requirements
- extensibility (should same authentication mechanism be used for future SAP environments, which will be E-SOA based)
- authentication from outside company domain
- Use of SAP security library (SAPcryptolib)
You may want to look at the SAP Software Solution Partner Catalog, if you look for certified SSO solution vendors for SAP.
Best regards,
Peter -
Hi,
I am integrating OBIEE 11.1.1.5 with OAM 11gR1 (11.1.1.5).
I have configured as per section 12.3 of following link:
http://docs.oracle.com/cd/E22203_01/doc.31/e20664/chapter_12.htm#CHDFAFHH
After making all these configurtions, when i access:
http://<OHS server>:<OHS port>/analytics
User is getting prompted for auth from OAM. After successful auth, request gets redirected to WebLogic server hosting the OBIEE app. I have verified in OBI logs that the header value OAM_REMOTE_USER gets passed to OBI.
But even with all this, after successful OAM authentication, user is getting prompted with OBI login page.
Pls help.
ThanksHi Abhinay,
I have already make the following configurations as per the documentation:
To enable SSO:
1.Log in to OBIEE at
http://[OBIEE server:port]/em.
2.Click Farm_<OBIEEDomain>_domain > Business Intelligence > Coreapplication.
3.Click the Security tab.
4.Select Enable SSO.
5.Select SSO Provider: Oracle Access Manager.
6.Click Apply and Activate Changes.
Do we need to make some other configurations also at OBIEE EM ?
Thanks -
Integrating Webcenter 11g (Discussions) with OAM for SSO
Hi,
I need some help in integrating Webcenter 11g with OAM 10g.
Objective:
=========
My customer is using Webcenter 11.1.1.2.0 and they are primarily using Discussions and wiki .I would like to integrate OAM with Webcenter for providing SSO.
Steps Followed:
============
I have followed the steps mentioned in the section 23.7.1 and 23.7.1.7 in the doc
http://download.oracle.com/docs/cd/E15523_01/webcenter.1111/e12405/wcadm_security.htm#BGBCEHGE
and also referred metalink note ID 829122.1
Scenario after integrating with OAM:
===========================
1.Accessed the dicussions url through OHS proxy http://<ohs_host>:<ohs_proxy>/owc_discussions
2.Click on Login button
3.OAM Login page appears
4.Provide credentials for orcladmin (admin user of OAM OID LDAP)
5.Discussions default login screen appears ( I dont expect this default login page,as I have already authenticated with OAM)
6.Provide orcladmin credentials
7.Login screen is keep on popping and not able to login
if i set owc_discussions.sso.mode=false,then looping (Step 7) is not occuring and could able to login.
Am I doing anything wrong here? Or is there a way I can make it work.
Thanks in Advance.Did you setup weblogic as per this doc? - http://download.oracle.com/docs/cd/E17904_01/webcenter.1111/e12405/wcadm_security_sso.htm#WCADM8175
-
Apex Application With Oralce SSO (inbuilt) application integration
Hi,
Installed oracle 11g, configured Application Express Release 3.0.
I developed application in APEX.
Now I want to authenticate my application with Oracle SSO login.
Please help me on this.
Thanks in advance.
Thanks,
SuryaHello Surya,
If you follow the instructions here you should be able to connect to your SSO.
http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
Peter -
Hi all
I have a APEX install which I have succesfully registered with SSO as a partner application (I have registered APEX/HTMLDB itself). On this machine we host a number of applications which can be accessed as http://myserver.mydomain.com/pls/htmldb/f?p=APP_NAME1 (and so on to APP_NAME_n).
The business owner of one of these applications wants to have an application-specific URL instead of the generic type URL (eg, http://my-new-app.mydomain.com/....), and to keep the new alias in the browser URL. However, I am sure that this will require me to register the application with SSO as the SSO server won't recognise the new URL.
I have searched the forum and not found any reference to having the entire HTMLDB engine registered as a partner app, and registering individual apps with SSO at the same time. Perhaps, this is so trivial and straightfoward that no-one has come across any problems with this. But I wonder if there are any "gotchas" in having this kind of set up before I actually start on it.
regards
GerardGerard - That should work as that was the intended purpose of having the two "flavors" of SSO partner app integration - so that a workspace schema could have a local copy of the SSO SDK and could use it independently of the Application Express installation's copy. Do let us know how it goes, especially if it works.
Scott -
Registering a Partner application with Oracle SSO 10gR2
Hi Everybody
I'd like to ask a question around registering a partner application with Oracle SSO.
I have entered my home_url, logout_url and cancel_url e.g. home_url is https://vevopuitest1.co.uk/vevo_test1 and so on for the other fields.
When I save the details some information is automatically created e.g. Site Id, Site Token etc.
The bit that I am particularly interested in are the fields Single Sign-On URL and Single Sign-Off URL.
For my purposes these fields are respectively: https://cwassotest1.co.uk/pls/orasso/orasso.wwsso_app_admin.ls_login and https://cwassotest1.co.uk/pls/orasso/orasso.wwsso_app_admin.ls_logout
My questions are:
1. Where do these values come from?
2. Can I view them anywhere, say, in Oracle Directory Manager or using ldif queries?
I would like to be able to verify these values.
Many Thanks
AndyI'm afraid this won't answer your question completely, but AFAIK in principle it does not matter on which machine SSO is running, as long as it passes the user id and credentials properly through the HTTP Header. Even more: in practice it is very common to have SSO running on a different machine than where your app runs.
So what I would do is find out how to use ADF Faces with SSO. Perhaps someone else can provide pointers on that.
Jan Kettenis
Maybe you are looking for
-
.Vsd to PDF layer control with LiveCycle
I am currently working on a project involving drawings created in Visio with Multiple layers. I have Acrobat 8 and have converted these drawings to PDF, which brings all layers in the drawing with it. I am creating a form for users to fill out, and w
-
Cross-References Text Dropped?
I'm having a problem with cross-references exporting to XML. I'm using Frame 8, and I have associated an element as a FrameMaker "cross-reference". I then go to insert that element and everything seems to work properly (no errors).<br /><br />But t
-
Help, Exception using Web Service with Web Dynpro
Hello All, Can someone please help me with this exception: com.sap.tc.webdynpro.progmodel.context.ContextException: NodeInfo(path=CalculatorComp/CalculatorCompView, class=com.sap.tc.webdynpro.progmodel.context.DataNodeInfo): cannot modify Number1 bec
-
Clarification regarding set newname
Hi, We have an Oracle 10g Database (10.2.0.4) on AIX (6.1). We taken backup from another and then moved to the files to the new machine. First the backup files catalog as follows; RMAN> run 2> { 3> catalog backuppiece '/u01/backup/TESTENV_06lpi3e4.bk
-
My iPhone capacity is devided into apps,photos,books and other Now would any one kindely till me what exactly is OTHER ?