SSO Enabling a custom application with OAM

Similar Messages

• Customizing Applications with MDS

  I have been investigating static customization using MDS and have read through [Customizing Applications with MDS|http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/customize.htm] (and the seemingly identical copy in JDeveloper's Help Center). However, I have been unable to customize my application because I get this error (some parts have been abbreviated) when starting JDeveloper with the Customization Developer Role:
  Error initializing MDS configuration for application "file:/C:/Documents and Settings/..._adf_main.jws". Customizations disabled for this application. MDS-00035: cannot load the class: oracle....uiview.IndustryCC.
  The problem is that I do not know how to add the particular class to JDeveloper's classpath as instructed in section 33.2.1.4 of the documentation. I have added my class to JDeveloper's classpath via dropping a .jar into lib/ext of the JRE but then had horrible dependency troubles.
  While walking through the documentation, I discovered that Example 33-1 and its surrounding documentation are out-of-date because getIDPrefix() is final in CustomizationClass and thus cannot be overridden as the documentation instructs.
  I am using JDeveloper Version 11.1.1.1.0 Build JDEVADF_11.1.1.1.0_GENERIC_090421.1521.5361.
  How do I successfully enter customization mode for my application?

  Thank you. I got it working.
  All I needed was the path provided at Create and Deploy a Customization Class, item 7.
  I will note that the documentation does not have any slashes in its path:
  <JDEVELOPER_HOME>jdeveloperjdevlibpatches<jar_file_name>
  I got it to work after I copied the jar file I had already prepared to:
  <JDEVELOPER_HOME>/jdeveloper/jdev/lib/patches/<jar_file_name>

• Customizing Application with MDS

  Dear OTN users,
  I have read maybe everything in the web what can found for MDS and find many solutions but can`t solve my problem. I want very simple thing - to have one user to change for example columns in one table and after that this table to be visible for all other users with this view. But when other users make some change I don`t want to reflect to view. I am using JDeveloper 11.1.1.1.0 and use my own user authentication and authorization. I thing for solving this problem maybe must write my customization classes to provide this functionality. Maybe if I can revert the example of layered customization with two page`s will be work for me. Other way that I was thinking is to put component "Select Many Shuttle" and some other for customize the tables columns and dimensions. So my question is can I solve my problem with MDS or is better to find some other features in Oracle ADF. Thank you for help.
  Best Regards!
  Radostin Stefanov

  Hi,
  it sounds that you would need to change the MDS layer directly for a specific customization layer since there is no setting that allows only a single person to perform changes for the rest of the users. Looking at the MDS JavaDoc published on OTN
  http://download.oracle.com/docs/cd/E15523_01/doc.1111/e14776/toc.htm
  it seems that the runtime APIs are not public. Any chance for you to use seeded customization and have the changes applied using Oracle JDeveloper - or is the customization something that needs to be created dynamically on the fly
  Frank

• PLSQL toolkit with OAM 11gR2

  Hello,
  We're currently using PLSQL toolkit developed applications with Oracle SSO. We're looking to upgrade to OAM in the near future and would like to verify if we can use these PLSQL toolkit applications with OAM. Will this be a problem for us?
  Thanks for any information or insight.
  Ariel

  Colin,
  One more question pertaining to this is
  earlier i was not using any valid host:port combinations in host identifier. it was generic string equal to the the name of host identifier.
  But now after changing servercache to form and modifying the login form to return OAM_REQ, i have to put valid combinations in the host identifier. without that it shown Bad Access Manager error and in the logs:
  [2013-10-29T08:27:41.002-06:00] [oam_server2] [WARNING] [OAM-02073] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c72ab7e1931dad2b:-ad6b939:1420484d41b:-8000-0000000000000014,1:27010] [APP: oam_server#11.1.2.0.0] Error while checking if the resource is protected or not.
  [2013-10-29T08:27:41.003-06:00] [oam_server2] [ERROR] [OAM-04029] [oracle.oam.proxy.oam] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c72ab7e1931dad2b:-ad6b939:1420484d41b:-8000-0000000000000014,1:27010] [APP: oam_server#11.1.2.0.0] Error in generating AMEvent. Details Event Response status is STATUS_FAIL for GET_AUTHN_SCHEME event. Error code OAM-02073 status fail isExcluded false
  Could you please explain the behaviour.
  Thanks in advance.

• Custom Application In EBS 11i

  hi friends
  I want to find custom application with all information by using database
  thanks
  Yogesh

  user11972687 wrote:
  hi friends
  I want to find custom application with all information by using database
  thanks
  YogeshThere is no direct way to get this list unless you have it documented or you followed the naming conventions -- https://forums.oracle.com/forums/search.jspa?threadID=&q=Custom+AND+List&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  Please search the forum before posting similar questions.
  Thanks,
  Hussein

• Location for class files for the custom application

  Hello everyone.
  I want to create new custom application with the short name as "myapp". According to convention what should be the namespace? Should it be mycompany.app.myapp or should it have oracle somewhere in the namespace?
  - Yora

  Hi Yora,
  Package Structure for Standard Application like below
  oracle.apps.myapp.webui  //Structure for Page and Region.xml(PG.xml,RN.xml,CO.class)
  oracle.apps.myapp.server  //Structure for .class files(VO,AM)
  Package Structure for custom Application like  below
  mycompany.oracle.apps.myapp.webui  //Structure for Page and Region.xml
  mycompany.oracle.apps.myapp.server  //Structure for .class files
  Thanks,
  Dilip

• SecurityContext userName with OAM SSO

  Hi,
  We need to get the logged in userName property from the securityContext(). We are using OAM for SSO.
  The code #{securityContext.userName} works fine when we used Basic login process with OAM and we get the logged user info, but we need to use Form based login and when we change to Form based we keep getting "anonymous" and can't get any property from the securityContext.
  Didn't find any solution for this.
  Has anyone dealt with similar issue?
  Thanks

  Thanks for all the replies.
  I am working with another colleague who is configuring OAM and so have been testing different configurations.
  We are using WebCenter 11.1.1.5 and OAM 10g (10.1.4.3) and OAM is used as the SSO for OBIEE and other oracle apps. My application is a custom Portal app and we are not yet using Spaces.
  Access to all applications URLs, including WebCenter are protected by OAM configuation and Webgate. users for now will use an ID/pwd to login. But later they can also use a certificate.
  No security configuration was done at the WebCenter app side and the Login Authentication in web.xml was not set.
  In the WebCenter admin console we configured the OAM as a provider and added
  - "OAM ID Asserter" configured OAM_REMOTE_USER as the SSO Header Name and as the Active type assertor (didn't add obSSOCookie) and "OIDAuthenticator".
  We have no issues to login and if we used OAM Basic authentication. We always get the logged user fine in the securityContext.
  When changed OAM to use Form based authentication the loggin worked but get anonymous in securityContext.
  I am trying to get the securityContext from a custom JSPX page and from a Managed Bean (both work with Basic but not Form based)
  I will test with the:
  <login-config>
  <auth-method>CLIENT-CERT</auth-method>
  </login-config>
  The question I have is do I need to configure WebCenter in other ways than to what I mentioned above? (currently don't see the need since OAM does the work of the authenticating and Asserting and worked with Basic authn.)
  1. I see in Jdev in the web.xml security has: Login Authentication (which will test with CLIENT-CERT), security roles and security Constraints. DON'T see for the need to configure the last two since will have the user roles in OID and securityContext have a method to get the user Roles.
  2. Do I need to enable for the WebCenter application ADF security and add "ADF Authentication and Authorization" ?
  Will provide more updates when we validate and tests the configurations.
  Thanks

• SSO login for custom BO SDK Application

  Hi,
  I am trying to build custom application using BO SDK. Requirement is application should be SSO configured.
  Below is my sample code of JSP
  <%@ page import = "com.crystaldecisions.sdk.framework.ISessionMgr"%>
  <%@ page import = "com.crystaldecisions.sdk.framework.IEnterpriseSession"%>
  <%@ page import = "com.crystaldecisions.sdk.exception.SDKException"%>
  <%@ page import = "com.crystaldecisions.sdk.occa.infostore.IInfoStore"%>
  <%@ page import="com.crystaldecisions.sdk.framework.CrystalEnterprise" %>
  <%@ page import="org.ietf.jgss.GSSCredential"%>
  <%@ page import="org.ietf.jgss.GSSManager"%>
  <%@ page import="com.businessobjects.sdk.credential.CredExtractor"%>
  <%
                 GSSCredential creds = null;
                 GSSManager manager = null;
                 CredExtractor credExtractor = new CredExtractor(request);
                   creds = credExtractor.GetCredential();
                   manager = credExtractor.GetManager();     
                 ISessionMgr sm = CrystalEnterprise.getSessionMgr();
                 IEnterpriseSession enterpriseSession = sm.logon(creds, manager, cms, authentication);
                 IInfoStore infoStore = (IInfoStore)enterpriseSession.getService("", "InfoStore");
                 String token=enterpriseSession.getLogonTokenMgr().getDefaultToken();
                 String myUserID=enterpriseSession.getUserInfo().getUserName().toString();
                 session.setAttribute("myUserID",myUserID);
                 session.setAttribute("token", token);
                 session.setAttribute("InfoStore", infoStore);
                 session.setAttribute("enterpriseSession",enterpriseSession);
              response.sendRedirect("home.jsp");
  %>
  i am redirecting to home.jsp and on home.jsp page i am just displaying userID whish is set in above code
  I am deploying my application on server which is SSO enable (Vintela)i have made the necessary changes in web.xml file also
  below is my web.xml file
  <filter>
            <filter-name>authFilter</filter-name>
            <filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>
            <init-param>
                 <param-name>idm.realm</param-name>
                 <param-value>abcd.AD.some.COM</param-value>
            </init-param>
            <init-param>
                 <param-name>idm.princ</param-name>
                 <param-value>abso/SYSBODEV.abcd.ad.some.com</param-value>
            </init-param>
            <init-param>
                 <param-name>idm.keytab</param-name>
                 <param-value>C:\winnt\sysbodev.keytab</param-value>
            </init-param>
            <init-param>
                 <param-name>idm.allowUnsecured</param-name>
                 <param-value>true</param-value>
            </init-param>
            <init-param>
                 <param-name>idm.allowNTLM</param-name>
                 <param-value>false</param-value>
            </init-param>
            <init-param>
                 <param-name>idm.logger.name</param-name>
                 <param-value>simple</param-value>
                 <description>The unique name for this logger.</description>
            </init-param>
            <init-param>
                 <param-name>idm.logger.props</param-name>
                 <param-value>error-log.properties</param-value>
            <description>                Configures logging from the specified file.            </description>       
            </init-param>
            <init-param>
                 <param-name>error.page</param-name>
                 <param-value>/frame/errorSSO.jsp</param-value>
                 <description>The URL of the page to show if an error occurs during authentication.</description>
            </init-param>
       </filter>
  <filter-mapping>
          <filter-name>authFilter</filter-name>
          <url-pattern>/frame/frameset.jsp</url-pattern>
      </filter-mapping>
  but i am getting error saying VSJ authentication was not performed for this request.
  can any one help me ouot where i am going wrong
  Edited by: Asraf_Shaikh on Aug 25, 2011 6:39 PM

  Hi ivan,
  since i was busy with something else, so i could not logging to the forum and reply on time, anyways if your problem is still not solved.
  then follow the approach ( this is for java only)
  1. see if you can access infoview application , if yes then check web.xml file and try to uncomment the comment elements in web.xml file.
  2. check the jar file needed for sso , like credential.jar. you can take all the jar file from infoview application
  below is my code for sso login( only the important things i am putting rest you can manage)
  imports
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import org.apache.log4j.Logger;
  import org.apache.struts.action.Action;
  import org.apache.struts.action.ActionForm;
  import org.apache.struts.action.ActionForward;
  import org.apache.struts.action.ActionMapping;
  import org.ietf.jgss.GSSCredential;
  import org.ietf.jgss.GSSManager;
  import com.businessobjects.sdk.credential.CredExtractor;
  import com.crystaldecisions.sdk.framework.CrystalEnterprise;
  import com.crystaldecisions.sdk.framework.IEnterpriseSession;
  import com.crystaldecisions.sdk.occa.infostore.IInfoStore;
  code
  GSSCredential myCredential = null;
  GSSManager myManager = null;
  CredExtractor myCredExtractor = new CredExtractor(request);               
  myCredential = myCredExtractor.GetCredential();
  myManager = myCredExtractor.GetManager();
  String myCmsName = getServlet().getServletContext().getInitParameter("cms.default");
  IEnterpriseSession myIEnterpriseSession = CrystalEnterprise.getSessionMgr().logon(myCredential,myManager, myCmsName, SEC_WINAD);
  IInfoStore myIInfoStore = (IInfoStore) myIEnterpriseSession.getService(PortalConstants.EMPTYSTRING, PortalConstants.INFOSTORE);
  you can put try catch block -
  web.xml file
       <filter>
            <filter-name>authFilter</filter-name>
            <filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>
            <init-param>
                 <param-name>idm.realm</param-name>
                 <param-value>HODC.AD.abc.COM</param-value>
            </init-param>
            <init-param>
                 <param-name>idm.princ</param-name>
                 <param-value>BOSSO/SYSBODEV.hodc.ad.abc.com</param-value>
            </init-param>
            <init-param>
                 <param-name>idm.keytab</param-name>
                 <param-value>C:\winnt\sysbodev.keytab</param-value>
            </init-param>
            <init-param>
                 <param-name>idm.allowUnsecured</param-name>
                 <param-value>true</param-value>
            </init-param>
            <init-param>
                 <param-name>idm.allowNTLM</param-name>
                 <param-value>false</param-value>
            </init-param>
            <init-param>
                 <description>The unique name for this logger.</description>
                 <param-name>idm.logger.name</param-name>
                 <param-value>simple</param-value>
            </init-param>
            <init-param>
                  <description>Configures logging from the specified file.</description> 
                 <param-name>idm.logger.props</param-name>
                 <param-value>error-log.properties</param-value>
            </init-param>
            <init-param>
                 <description>The URL of the page to show if an error occurs during authentication.</description>
                 <param-name>error.page</param-name>
                 <param-value>/JSP/failure.jsp</param-value>
            </init-param>
       </filter>
            <filter-mapping>
            <filter-name>authFilter</filter-name>
            <url-pattern>/logon.do</url-pattern>
       </filter-mapping>
  above code is working , so if you can follow the same,it should work for you also.and it for secWinad and sso is vintela
  let me know the status

• How to protect an application running on IIS with OAM 11gR2

  Hello Gurus,
  I have a question regarding protecting an application running on IIS with OAM 11gR2. We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page. These is all solaris. I am protecting other applications like pplsoft moduels with this OHS instance and OAM server. There is another application that I need to protect which is itself running on IIS windows machine. I need guidance as to -
  1.) Do I need to install a windows version of webgate to protect this IIS based application?
  2.) Or I can still protect and proxy requests from this application to current OHS instance? How can I do this?
  3.) Or Do I need to proxy requests directly from IIS to OAM weblogic server?
  Please advise to the earliest as this is an urgent issue.
  Thanks !!

  From your description it is not clear how exactly architecture looks like
  We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page.
  is this OHS centralized login farm ? (Case 1)
  OR is this OHS server (with webgate) acting as virtual web server hosting multiple web sites so that request to any site passes through this OHS/webgate (Case 2)
  1.) Do I need to install a windows version of webgate to protect this IIS based application?
  If case 1 then you need to install 10g webgate on top of IIS server to protect this application
  If case 2 then you can just proxy request from OHS to IIS server. As every request passes through OHS user will be authenticated before request hits IIS
  Look at Product documentation for virtual web sites : http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/shared.htm#autoId12
  It has steps to protect virtual web sites.
  Also you need to make sure no one hits IIIS web sites directly.
  Hope this helps

• How enabled Single Sign-On with a System SAP WAS ABAP (Run application BSP)

  Hi.
  I need to run any application BSP from a System SAP WAS ABAP, without entering SAP user and password. Using the windows authentication and without SAP Enterprise Portal.
  What authentication methods I have to apply for enabled Single Sign-On with a System SAP WAS ABAP?.
  And How can I enabled this method?.
  Best regards.
  Luis Gomez.

  Hi Ticiano,
  SAP WebAS ABAP supports a number of authenticaiton mechanisms. See
  [http://help.sap.com/saphelp_nw04s/helpdata/en/02/d4d53aa8a9324de10000000a114084/frameset.htm]
  A number of these authentication mechanisms can be combined with Windows authentication (e.g. SNC, client certificates, ...).
  The decision what mechanism fits best depends on critieria like
  - SAP server platform
  - security requirements
  - extensibility (should same authentication mechanism be used for future SAP environments, which will be E-SOA based)
  - authentication from outside company domain
  - Use of SAP security library (SAPcryptolib)
  You may want to look at the SAP Software Solution Partner Catalog, if you look for certified SSO solution vendors for SAP.
  Best regards,
  Peter

• OBIEE 11.1.1.5 SSO integration with OAM 11gR1 (11.1.1.5)

  Hi,
  I am integrating OBIEE 11.1.1.5 with OAM 11gR1 (11.1.1.5).
  I have configured as per section 12.3 of following link:
  http://docs.oracle.com/cd/E22203_01/doc.31/e20664/chapter_12.htm#CHDFAFHH
  After making all these configurtions, when i access:
  http://<OHS server>:<OHS port>/analytics
  User is getting prompted for auth from OAM. After successful auth, request gets redirected to WebLogic server hosting the OBIEE app. I have verified in OBI logs that the header value OAM_REMOTE_USER gets passed to OBI.
  But even with all this, after successful OAM authentication, user is getting prompted with OBI login page.
  Pls help.
  Thanks

  Hi Abhinay,
  I have already make the following configurations as per the documentation:
  To enable SSO:
  1.Log in to OBIEE at
  http://[OBIEE server:port]/em.
  2.Click Farm_<OBIEEDomain>_domain > Business Intelligence > Coreapplication.
  3.Click the Security tab.
  4.Select Enable SSO.
  5.Select SSO Provider: Oracle Access Manager.
  6.Click Apply and Activate Changes.
  Do we need to make some other configurations also at OBIEE EM ?
  Thanks

• Integrating Webcenter 11g (Discussions)  with OAM  for SSO

  Hi,
  I need some help in integrating Webcenter 11g with OAM 10g.
  Objective:
  =========
  My customer is using Webcenter 11.1.1.2.0 and they are primarily using Discussions and wiki .I would like to integrate OAM with Webcenter for providing SSO.
  Steps Followed:
  ============
  I have followed the steps mentioned in the section 23.7.1 and 23.7.1.7 in the doc
  http://download.oracle.com/docs/cd/E15523_01/webcenter.1111/e12405/wcadm_security.htm#BGBCEHGE
  and also referred metalink note ID 829122.1
  Scenario after integrating with OAM:
  ===========================
  1.Accessed the dicussions url through OHS proxy http://<ohs_host>:<ohs_proxy>/owc_discussions
  2.Click on Login button
  3.OAM Login page appears
  4.Provide credentials for orcladmin (admin user of OAM OID LDAP)
  5.Discussions default login screen appears ( I dont expect this default login page,as I have already authenticated with OAM)
  6.Provide orcladmin credentials
  7.Login screen is keep on popping and not able to login
  if i set owc_discussions.sso.mode=false,then looping (Step 7) is not occuring and could able to login.
  Am I doing anything wrong here? Or is there a way I can make it work.
  Thanks in Advance.

  Did you setup weblogic as per this doc? - http://download.oracle.com/docs/cd/E17904_01/webcenter.1111/e12405/wcadm_security_sso.htm#WCADM8175

• Apex Application With Oralce SSO (inbuilt) application integration

  Hi,
  Installed oracle 11g, configured Application Express Release 3.0.
  I developed application in APEX.
  Now I want to authenticate my application with Oracle SSO login.
  Please help me on this.
  Thanks in advance.
  Thanks,
  Surya

  Hello Surya,
  If you follow the instructions here you should be able to connect to your SSO.
  http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
  Peter

• Register application with SSO

  Hi all
  I have a APEX install which I have succesfully registered with SSO as a partner application (I have registered APEX/HTMLDB itself). On this machine we host a number of applications which can be accessed as http://myserver.mydomain.com/pls/htmldb/f?p=APP_NAME1 (and so on to APP_NAME_n).
  The business owner of one of these applications wants to have an application-specific URL instead of the generic type URL (eg, http://my-new-app.mydomain.com/....), and to keep the new alias in the browser URL. However, I am sure that this will require me to register the application with SSO as the SSO server won't recognise the new URL.
  I have searched the forum and not found any reference to having the entire HTMLDB engine registered as a partner app, and registering individual apps with SSO at the same time. Perhaps, this is so trivial and straightfoward that no-one has come across any problems with this. But I wonder if there are any "gotchas" in having this kind of set up before I actually start on it.
  regards
  Gerard

  Gerard - That should work as that was the intended purpose of having the two "flavors" of SSO partner app integration - so that a workspace schema could have a local copy of the SSO SDK and could use it independently of the Application Express installation's copy. Do let us know how it goes, especially if it works.
  Scott

• Registering a Partner application with Oracle SSO 10gR2

  Hi Everybody
  I'd like to ask a question around registering a partner application with Oracle SSO.
  I have entered my home_url, logout_url and cancel_url e.g. home_url is https://vevopuitest1.co.uk/vevo_test1 and so on for the other fields.
  When I save the details some information is automatically created e.g. Site Id, Site Token etc.
  The bit that I am particularly interested in are the fields Single Sign-On URL and Single Sign-Off URL.
  For my purposes these fields are respectively: https://cwassotest1.co.uk/pls/orasso/orasso.wwsso_app_admin.ls_login and https://cwassotest1.co.uk/pls/orasso/orasso.wwsso_app_admin.ls_logout
  My questions are:
  1. Where do these values come from?
  2. Can I view them anywhere, say, in Oracle Directory Manager or using ldif queries?
  I would like to be able to verify these values.
  Many Thanks
  Andy

  I'm afraid this won't answer your question completely, but AFAIK in principle it does not matter on which machine SSO is running, as long as it passes the user id and credentials properly through the HTTP Header. Even more: in practice it is very common to have SSO running on a different machine than where your app runs.
  So what I would do is find out how to use ADF Faces with SSO. Perhaps someone else can provide pointers on that.
  Jan Kettenis