SSO logout issue with APEX

Similar Messages

• OID SSO Logout issue from the partner application

  As per the below link I am trying the logout functionality from the partner application,
  http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14078/tpsso.htm#i1011555
  The article talks about a logout url pattern, I am trying to execute the below from the partner application.
  https://single_sign-on_host:single_sign-on_ssl_port/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=done_url
  The issue I got is OID server is not redirecting to the p_done_url, it just stays in the same OID logout page, Do I have to create any configuration entry to get the redirection working?
  Thanks

  Hi All,
  Providing more information,
  What I get is the OID logout screen with two return buttons on top and bottom of the page.
  If I found is when I click any of those it goes to the p_done_url but What I want is
  instead of stopping in the OID logout page, auto redirection to the p_done_url,
  Can this be done.
  Thanks

• Issue with Apex and IE , losing data for items on submit

  Hi All,
  I am facing one problem in APEX when i run my page on IE 8. When i submit the page i lose the data for all my items while the same does not happen on Firefox mozila and Google chorme.
  Actually i have one select list which has one dynamic action associated with it when i select the options from this list other object become enable and disable with that action and page get submit.
  but when i select this list in IE page get submit and my value which i selected also get lost.
  Please let me know if this is some issue with IE or Apex as soon as possible.
  This is bit urgent.
  Thanks

  Modify your code as below and run the page in debug mode and note the value shown for p610_x DECLARE
  l_vc_arr2 APEX_APPLICATION_GLOBAL.VC_ARR2;
  BEGIN
  wwv_flow.debug('value for p610_x is ' || :p610_x);
  l_vc_arr2 := APEX_UTIL.STRING_TO_TABLE(:P610_X,'~');
  FOR z IN 1..l_vc_arr2.count LOOP
  htp.p(l_vc_arr2(z) || '
  END LOOP;
  END;varad

• Performance issues ..with apex in reports version 3.1

  Hello All,
  I am using apex 3.1 oracle 10g.
  I am facing with performance issues with apex . I am generating iteractive reports with apex and the number of records are huge - running in 30 to 40 thousands of records and the reports is taking almost 30 minutes.
  How I can improve the performance of this kind of report. I am using apex collections.
  How apex works in terms of retrieving the records -?
  Please let me know .
  Thanks/kumar
  Edited by: kumar73 on Jun 18, 2010 10:21 AM

  Hello Tony ,
  The following are the sequence of steps to run the test case.
  Note:- All the schemas , tables and variables are populated from database.
  From Schema and Relations tab choose the following:
  1)     Select P3I2008Q4 as schema.
  2)     Choose Relation as query path.
  3)     Select ECLA, ECLB, MTAB as relations.
  From Variables choose the following:
  4)     Choose the variables AGE_SEXA,CLODESCA,ALCNO from ECLA relation.
  5)     Choose the variables AGE_SEXB, ALCNO, CLODESCB from ECLB relation.
  6)     Choose the variables EXPNAME, ALCNO, COST_, COST from MTAB relation.
  From Conditions: Click the Run Report button this generated standard report ( Total no of records in report – 30150 )
  Click on Interactive report button –to generate an interactive report. ( Error occurred )
  We are using return sql statement in generationg the standard report and collections for interactive report.
  thanks/kumar

• APEX Listener with APEX 3.0 on 11gR2

  Yes, I am crazy.
  We have many many APEX applications in APEX 3.0 running on a 10.2.0.4 database that needs desperately to be upgraded. As a test, I've set up a clean 11gR2 database and copied the production APEX database into it via datapump. I set up APEX Listener, as I don't have any OAS sitting around and the EPG doesn't seem to be supported for APEX 3.0... the Listener doesn't say one way or the other.
  When trying to log in, I get the login page, but it tries to reference files such as apex_get_3_1.js while I only have files such as htmldb_get.js in my images directory in production. I noticed it is looking for what appears to be 3.1 files instead of 3.0 files... which concerns me.
  The APEX listener appears to be more than just a Java PL/SQL gateway.
  Is there a minimum version of APEX the APEX Listener supports?
  Interested in pointers!
  Rob

  Hi Rob,
  Yes, I am crazy.Why would that be? ;)
  We have many many APEX applications in APEX 3.0 running on a 10.2.0.4 database that needs desperately to be upgraded. As a test, I've set up a clean 11gR2 database and copied the production APEX database into it via datapump. I set up APEX Listener, as I don't have any OAS sitting around and the EPG doesn't seem to be supported for APEX 3.0... the Listener doesn't say one way or the other.APEX 3.0 is supprted by EPG. See the [url http://docs.oracle.com/cd/B32472_01/doc/install.300/b32468/post_inst.htm#CHDBEJDA]APEX 3.0 Installation Guide for details.
  APEX Listener is capable of hosting APEX 3.0 as well, though APEX 3.0 wasn't supported anymore when APEX Listener was initially released. The current APEX release at that time was 4.0, so this would be the first version to be known as really stable, whereas you won't get any support for older releases anymore. From personal experience I know that there are now issues with APEX 3.1 and APEX Listener, so it'll probably also work with 3.0.
  Concerning your database release, the minimum for APEX Listener is 10.2.0.3, so you're definetly safe on that part, though I'd recommend to upgrade as regular support for 10.2 databases ended.
  When trying to log in, I get the login page, but it tries to reference files such as apex_get_3_1.js while I only have files such as htmldb_get.js in my images directory in production. I noticed it is looking for what appears to be 3.1 files instead of 3.0 files... which concerns me.This indicates that your APEX would actually be a 3.1 and you should update you images directory.
  The APEX listener appears to be more than just a Java PL/SQL gateway.It is, but this has nothing to do with your 3.1 JS files, if this is why you stated this.
  Is there a minimum version of APEX the APEX Listener supports?As mentioned above, 4.0 would be a safe approach, but 3.1 will definetly work, 3.0 probably will as well. I'd recommend you find out which APEX version is actually installed on your database before you consider any upgrade operations. Run the following query as privileged user:
  SELECT comp_name, version, status
    FROM dba_registry
  WHERE comp_id = 'APEX';-Udo

• Issue with Data Load Table

  Hi All,
         i am facing issue with apex 4.2.4 ,using the  Data Load Table concept's and in this look up used the
        Where Clause option  ,it seems to be not working this where clause ,Please help me on this

  hi all,
      it looks this where clause not filter with 'N'  data ,Please help me ,how to solve this or help me on this

• ApEx SSO logout

  Hello everyone,
  I need ApEx to authenticate via Single Sign On (SSO). I am able to login to ApEx via SSO but logging out fails. I am properly routed to my logout page but an actual logout does not happen.
  I followed instructions per Metalink Note 562807.1, "Configuring an APEX Application to Use SSO With SDK in Separate Schema". After searching the web, it appears that other people are having the same problem but I have not seen a posted solution.
  I am using ApEx version 4.0.2, and Oracle's Application Server version 10.1.2. ApEx is installed in an Oracle 11.2.0.1.
  Has anyone had this problem or does anyone have some information that may help guide me past this logout issue?
  Nate

  I have found that two procedures will log my application out of SSO (Single Sign On).
  1) wwv_flow_custom_auth_std.logout - This procedure does sucessfully log me out of SSO but it does not bring an application back to the SSO login page.
  2) wwv_flow_custom_auth_std.logout_then_go_to_url - This procedure seems to work better than the above procedure with SSO. This procedure logs an application out of SSO then redirects the application to a page of your choice, in my case, the SSO login page.
  Procedure wwv_flow_custom_auth_std.logout_then_go_to_url is used as follows:
  wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:http://<IDMANAGEMENT_SERVER>:<IDMANAGEMENT_SERVER_PORT>/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=http://<APEX_MACHINE_NAME>/pls/apex/f?p=&APP_ID.Note:
  Your ApEx operation must to be registered with SSO

• Issue with normal page link redirecting to SSO page / forbidden page

  Hi,
  I am having an issue with a number of pages within my portal.
  I have a 'List of Objects' that has been working for some time, each link in the list linked to another page.
  Just lately a number of pages that are linked to within this list are not loading correctly.
  When one of the items is selected, the correct page is initially displayed, but then after a couple of seconds the page is redirected to the 'Single Sign-On' page, or alternatively the page is redirected to a 'Forbidden' page with this error:
  Forbidden
  You don't have permission to access /pls/orasso/orasso.wwsso_app_admin.ls_login on this server.
  (This page will also show up after the user tries to login when the page is redirected to the SSO page).
  As well as this issue occuring at the front end, the same issue is happening when the pages are loaded from the back end, in the Navigator.
  This issue is even happening when the page is opened up in 'edit' mode using the ORCLADMIN user.
  Any help is greatly appreciated!!
  Amanda.

  Figured it out...

• Issue with parallel operation of SAP NW SSO 2.0 and SNC Client Encryption (Logon Groups)

  Hi!
  One of our customers is using the SNC Client Encryption solution to ensure encryption using SNC (based on Kerberos Technology) for their SAP GUI Dialog connections. They have lots of SAP backends DEV, QAS, PRD all with the SNC Client Encryption SNC Lib installed. The profile parameter snc/identity/as contains the following value: p:CN=SAP/<ServiceAccount>@<DOMAIN>.
  Example: p:CN=SAP/[email protected]
  The customer is using one AD Service Account "SNCServiceUser" with one registered SPN "SAP/SNCServiceUser" for all systems (yes, this is not recommended... but the case).
  Important: All users use group entries in the SAP Logon (saplogin.ini). Means, for SAP logon the SNC name can not be manually configured on the SAP Front End. With group logons, the application server's SNC name is dynamically requested by the message server each time a SAP GUI connection is started. The SNC Name is greyed out in this case as dynamically obtained from the applications servers profile parameter snc/identity/as.
  Now our customer implements SAP NetWeaver Single Sign-On 2.0 within his landscape. Based on the Secure Login Server 2.0 (SP3) he likes to use X.509 based authentication to his AS ABAP backends using SAP GUI SNC while others still use SNC Client Encryption.
  Replacing the SNC Library on the AS ABAP
  The Secure Login Library 2.0 (SP3) has been installed on one of the ABAP systems and the SNC Client Encryption SNC Library (which is based on SSO 1.0) is no longer used, thus we changed the parameter snc/gssapi_lib to point to the new SNC library. We removed the old PSE.ZIP containing the keytab and created the new SAPSNCSKERB.PSE incl. the keytab and proper credentials. To ensure parallel operation, we kept the snc/identity/as value as is =  p:CN=SAP/[email protected].
  After restarting the system with initialized Secure Login Library 2.0, still the SNC client encryption works fine for existing users.
  The problem
  We created on the Secure Login Server an SNC certificate for the AS ABAP which has the following X.509 Distinguised Name Fomat: CN=SAP/[email protected] This is to avoid having to change the snc/identity/as to an "real" X.509 DN which would lead to non-working SNC Client Encryption for all the other users using SAP GUI and logon groups.
  As soon as we install the PSE via STRUST on the system the SNC Client Encryption solution stops working with error „Server refuses kerberos key exchange“.
  As part of an pilot implementation we have installed Secure Login Client 2.0 (SP3) on some test PCs. The test PC with SLC is able to perform Single Sign-On with SNC based on X.509 (incl. Encryption) to the ABAP system.
  Seems the SAP System now only tries to do X.509 based authentication thus key exchange fails. The problem is, we cannot change the snc/identity/as value because of the logon groups. If we were able to do so, we would in any case set the server identity to X.509 DN and in addition create the SAPSNCSKERB.PSE incl. keytab. This should work, as confirmed by SAP see this post.  
  Any ideas how to solve this and have both solutions in parallel?
  Appreciate any help.
  Regards,
  Carsten

  Hi all,
  we was able to fix the issue. It was an issue with the customers cluster configuration and the  $SECUDIR variable. This tricky issue leads to non working or sporadic working SNC Client Encryption...
  This was how the configuration looks before:
  Environment variable $SECUDIR is defined:
  "/ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec“
  sapgenpse seclogin -l -v
  running seclogin with USER="<SID>adm"
  Credentials for username '<SID>adm':
  0 (LPS:OFF):
           (LPS:OFF): /ABCDEF<SID>/usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCSKERB.pse
  1 (LPS:OFF):
           (LPS:OFF): /usr/sap/<SID>/DVEBMGSxx/sec/SAPSNCS.pse
  After changing the $SECUDIR to "/usr/sap/<SID>/DVEBMGSxx/sec“ and re-creating the credentials, it worked like a charm.
  As a result of this we can confirm, this configuration and SNC Client Encryption works with CommonCryptoLib in parallel to the SSO configuration.
  And Valerie was right with 2. SLC starting from V. 1.0 SP2 PL3 was able to convert the CN= part of the SNC Name into an SPN, was my mistake. In addition SNC Client Encryption starting from Version 1 SP1 PL1 does this also.. just to make this clear
  Thread closed hope this helps someone
  Carsten

• APEX Listener 1.1.4 install issue with listener configuration

  Oracle XE 11gR2
  APEX 4.1.1
  APEX Listener 1.1.4
  Glassfish 3.0.1
  =============
  Installing APEX Listener 1.1.4 to replace APEX Listener 1.0.2. Deployed apex.war file but now:
  (1) http://10.10.1.111:8080/apex/listenerConfigure web page comes up but with no frames/windows rendered, as if it can not find images. Still I can enter data into fields. Wonder why the graphics/images are missing when page is rendered.
  (2) after entering Listener connection information for user APEX_PUBLIC_USER, I get "Permission denied". I can connect via SQL Developer to APEX_PUBLIC_USER with same credentials. I was able to connect before with previous APEX Listener.
  Any ideas?

  Hi,
  (1) http://10.10.1.111:8080/apex/listenerConfigure web page comes up but with no frames/windows rendered, as if it can not find images.
  You either have to clean your browser cache or your browser is too old/not capable of rendering the css of APEX Listener correctly.
  (2) after entering Listener connection information for user APEX_PUBLIC_USER, I get "Permission denied". "Permission denied" doesn't sound an issue with your database configuration. Do you have anything in your APEX Listeners log (probably within your GFs server.log) for that issue?
  But perhaps the error disappears as soon as you also get a proper configuration page.
  -Udo

• TMG SSO issue with Windows 7 clients

  I have very strange problem with Forefront TMG 2010 Single Sign On feature.
  SSO settings:
  I'm publishing two websites (https://site1.domain.com and https://site2.domain.com) by using the same web listener with SSO enabled for *.domain.com
  SSO is working as charm for Windows 8.1 clients
  The issue when accessing sites from Windows 7 clients:
  On the first access to any of the sites (i.e. site1), I'm getting TMG forms login form - as expected.
  I login, then visit few pages of the same site (i.e. site1), and everything works as expected. I'm logged in, and I can surf.
  The problem arises when I try to open the other site (i.e. site2). I'm getting TMG forms login form again! And even worse - as soon as new TMG login form opens -
  I'm logged off from the first site also. So not just I must login separately for both sites - I can't be logged to both sites in the same time because as soon as I login to one site, the session with other site is terminated!
  Interesting thing is that behavior is the same in any browser. I've tried with IE, Chrome and Mozilla - the problem is the same.
  When external client tries to open the second site, TMG logs one interesting message:
  Req ID: 0ae9f57b; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ;
  FBA cookie: exists=yes, valid=no, updated=no, logged off=no, client type=private, user activity=yes
  It looks that TMG finds that cookie is not valid and deletes it, terminating this way existing session with all sites.
  My setup:
  Array of two TMG's 2010 SP2 RU4, on Windows Server 2008 R2, all updates installed.
  Published websites (site1.domain.com and site2.domain.com) are residing on two different servers (srv1 and srv2)
  Websites are published over https by using SSL certificate gotten from local PKI. All clients and servers do have PKI CA in their "Trusted Root Certificates" storage. No client or server reports any certificate issue. Websites are "green"
  in address bar.
  I'm really confused with this behavior. Especially due to the fact that the same third-party browser (Chrome), can be used with SSO without any problem when installed on Windows 8.1, but not when installed on Windows 7!?!?
  Any help would be appreciated...
  Thanks!
  Fat Dragon

  Hahah! Shame on me! The problem is not related to Windows 8.1 / Windows 7. Client OS coincides with DNS server settings... To explain:
  My two-server TMG array has two public IPs (each server having one) - 1.1.1.1 and 1.1.1.2.
  In order to avoid setting the same IPs for all my websites, I've decided to create one common A record, and to define all websites as CNAME records pointing to this common A record. (This way I have just one place where I should change IP if it changes.)
  My common A record is defined as follows:
  a.domain.com -> 1.1.1.1, 1.1.1.2
  And websites as follows:
  site1.domain.com -> a.domain.com
  site2.domain.com -> a.domain.com
  When multiple IPs are bound to the same host some DNS servers will round robin them, and some will not. For example, when I do nslookup on the PC with google's public DNS server (8.8.8.8) I'm getting the following result:
  C:\Windows\System32>nslookup site1.domain.com
  Server: google-public-dns-a.google.com
  Address: 8.8.8.8
  Non-authoritative answer:
  Name: a.domain.com
  Addresses: 1.1.1.1
  1.1.1.2
  Aliases: site1.domain.com
  No matter how many times I execute nslookup, I'm getting the same answer, with IP addresses in the same sequence. But when I do nslookup on the PC that uses local DNS service on the router, sequence of IP addresses changes with each subsequent call:
  C:\Windows\System32>nslookup site1.domain.com
  Server: UnKnown
  Address: 192.168.1.1
  Non-authoritative answer:
  Name: a.domain.com
  Addresses: 1.1.1.1
  1.1.1.2
  Aliases: site1.domain.com
  C:\Windows\System32>nslookup site1.domain.com
  Server: UnKnown
  Address: 192.168.1.1
  Non-authoritative answer:
  Name: a.domain.com
  Addresses: 1.1.1.2
  1.1.1.1
  Aliases: site1.domain.com
  In my case Windows 8.1 machines were using Google's public DNS server, so all of them were resolving both websites in the same way, always using the first IP gotten - 1.1.1.1. In the other words, both websites were pointing to the same TMG array member 1.1.1.1.
  And SSO was working as expected.
  On the other side, my Windows 7 machines were setup to dynamically get network settings from the DHCP service (the router), and they were using its DNS service (second example). So when the browser opens site1.domain.com it queries DNS for site1.domain.com,
  gets two IPs, as always selects the first one (1.1.1.1), makes request to the first member of my TMG array and successfully creates session. Browser caches site1.domain.com -> 1.1.1.1, so each subsequent call goes to the same address without querying DNS
  server. But when the browser opens site2.domain.com it queries DNS server again, this time getting the same IP addresses, but reordered. As always it selects the first one (1.1.1.2), and sends the request (with authentication cookie) to
  the second TMG array member. The second TMG validates the cookie and doesn't recognize it, so
  rejects it and deletes it, and redirects the browser to login form. Since the cookie is deleted, browser cannot access site1.domain.com (through 1.1.1.1) anymore.
  Huuuhhh.
  The new question: can SSO be setup with TMG arrays and DNS round robin? Is there any way to "force" array members to accept cookies distributed by other members?
  I guess that I must open new question...
  Sorry for my stupidity!
  Fat Dragon

• Strange Issue  with Logout | Shared Library in WebCenter

  For our customer, we have written a couple of task flows. We deployed this as an ADF Library JAR and included the JAR into our WebCenter Portal project (using IDE Connection -> File System Connection). We then placed the task flows onto a few portal pages and everything works fine.
  Now to avoid redeploying the portal application each time we make a small change to the task flows, we decided to go ahead with the shared library approach. We create a new “Generic application” in ADF, added the ADF Library JAR to this application and created a WAR deployment profile. We then deployed this application as a “shared library” to the Weblogic server.
  We then made the necessary entry to weblogic.xml of our custom WebCenter Portal application and deployed it.
  The task flows were getting consumed properly and all functionality was working fine. Just to test, I even deployed an updated version of the shared library and noticed that the portal application picked up the new task flow code. Everything seemed perfect 
  But now when I click on logout of the Portal application, I am getting a error dialog which indicates a server 404 error.
  To eliminate any issue with our custom code, I repeated the same steps with a very basic task flow application and a new WebCenter portal application.
  1.     I ran the application, and logged in as “weblogic” and saw the task flow was displaying correctly
  2.     Click on Logout. Got an error dialog (A connection to server has failed (Status=404))
  3.     Click on OK in the dialog. Then click on Logout again. Got another error dialog ("Because of inactivity your session has timed out" )
  4.     Click on OK in the dialog. Got logged out (saw the page without the secure content i.e. my task flow)
  Ideally, I would like to get logged out the first time I get logged out (without having to see those two dialogs). The logout was working perfectly fine before we switched to the Shared Library approach.
  Am I missing something? Any pointers?
  Note – My Jdev/ADF/WebCenter versions are 11.1.1.5.0

  Sometimes resetting an Apple ID password can help >  Apple - My Apple ID
  If that doesn't help, from the iTunes menu bar click Store > Sign Out
  Restart the Mac, launch iTunes then sign in again.

• SSO with Apex 4.1.1.00.23

  Hello Apex community,
  i want to implement a SSO solution between an apex and non-apex application. This solution worked with Apex 4.0 but seems not to work with current 4.1.1.00.23.
  I've set up a test case on hosted environment.
  Dev User:
  Workspace: authtest
  User: authtest
  Pass: authtest
  End User:
  User: test
  Pass: test1
  Things i've done:
  (1) Created a custom authentication scheme (marked as current) "auth_scheme" with following authentication function:
  create or replace FUNCTION auth_function(
        p_username IN VARCHAR2,
        p_password IN VARCHAR2)
      RETURN BOOLEAN
    AS
      v_is_authenticated BOOLEAN := false;
    BEGIN
        IF lower(p_username)= 'test' OR APEX_UTIL.IS_LOGIN_PASSWORD_VALID(p_username => p_username,
                                                                          p_password => p_password)
      THEN
        v_is_authenticated := true;
      ELSE
        v_is_authenticated := false;
      END IF;
      RETURN v_is_authenticated;
    END auth_function;(2) Created an "On Load - Before Header" process with sequence 5 on page 101:
  DECLARE
    v_user                VARCHAR2(4000);
    v_pass                VARCHAR2(4000);
    v_fsp_after_login_url VARCHAR2(4000) := :FSP_AFTER_LOGIN_URL;
  BEGIN
    SELECT SUBSTR(v_fsp_after_login_url, instr(v_fsp_after_login_url, 'P101_UNAME') + LENGTH('P101_UNAME') + 1)
    INTO v_user
    FROM dual;
    wwv_flow_custom_auth_std.login(
      P_UNAME       => v_user,
      P_PASSWORD    => v_pass,
      P_SESSION_ID  => v('APP_SESSION'),
      P_FLOW_PAGE   => :APP_ID||':1'
  END;Process condition: request = AUTOLOGON:
  (3) Created a hidden item "P101_UNAME" on page 101.
  (4) Expected behaviour: user loads following URL:
  http://apex.oracle.com/pls/apex/f?p=30964:1::AUTOLOGON:YES::P101_UNAME:testuser schould be logged in without typing in his credentials.
  What happens: user faces login page. What I don't understand: setting process condition to "none", autologon works. But if you have a look into debug report, apex recognizes the request "AUTOLOGON" even if autologon doesn't work. On my dev environment with Apex 4.1.1.00.23 changing process condition doesn't help.
  I can't figure out what I'm doing wrong. With the patchset 4.1.1 there were certain changes concerning FSP_AFTER_LOGIN_URL Re: Deep Link (FSP_AFTER_LOGIN_URL) Not Working in APEX 4.1 I would appreciate any hint.
  Thank you very much for your answers.
  Kind regards,
  Anton
  Edit: Any ideas? I would appreciate any hint.
  Edit2: Any hints maybe? Explicitly setting the FSP_AFTER_LOGIN_URL in the Url doesn't help either...
  Edited by: anton on 20.08.2012 01:26

  Hi Anton,
  that's why I added the IF statement around the code block, to guarantee that it only runs if the URL contains auto-login data (i.e. P101_UNAME). Setting FSP_AFTER_LOGIN_URL to null avoids a loop when the login fails. If we keep FSP_AFTER_LOGIN_URL, the wwv_flow_custom_auth_std.login procedure will redirect to page 101 and the before header process will run again, re-executing wwv_flow_custom_auth_std.login , etc.
  It might be clearer to put the before header code into the authentication itself. The invalid session procedure is the right place for that, but it's use is very sparsely documented yet.
  I created a 2nd copy of your original application (22274), where I removed the before header process and added this invalid session procedure:
  procedure autologon_on_invalid_session
  is
    v_user                VARCHAR2(4000);
    v_pass                VARCHAR2(4000);
    v_fsp_after_login_url VARCHAR2(4000) := :FSP_AFTER_LOGIN_URL;
    v_user_pos            pls_integer    := instr(v_fsp_after_login_url, 'P101_UNAME:');
  BEGIN
    if apex_application.g_flow_step_id != 101 and v_user_pos > 0 then
      v_user := substr(v_fsp_after_login_url, v_user_pos+11);
      wwv_flow_custom_auth_std.login(
          P_UNAME       => v_user,
          P_PASSWORD    => v_pass,
          P_SESSION_ID  => v('APP_SESSION'),
          P_FLOW_PAGE   => :APP_ID||':1' );
      apex_application.stop_apex_engine;
    end if;
  END;If the current page is not 101 (the login page) and the URL (which was copied into the deep link item) contains the autologin credentials, call login. The finall call to apex_application.stop_apex_engine stops Apex from continuing it's default invalid session handling, which is to redirect to the login page.
  Regards,
  Christian

• Mime Type issue with .docx Files in Apex 4.0

  We are having issues with windows 2007 .docx documents that are when they are viewed on windows 2007 machines with ie8. If I look in the storage table the mime type is not set correctly. It is being set as application/octet-stream. When we download the file one windows 7/IE8 either the browser thinks it is a zip file or it does not recognize it.
  If I go into the back end and update the table with the correct mime type application/vnd.openxmlformats-officedocument.wordprocessingml.document it works fine.
  We have tried to update mime types on the apache server but this does not help.
  Apex seems to be deciding what mime type to populate the table with.
  It seems like I need to update apex somehow to recognize that a .docx extension should be stored as type mime type application/vnd.openxmlformats-officedocument.wordprocessingml.document.
  Does anyone know how I would do this?
  We are running Apex 4 on 10g IAS with mod/plsql
  are application is setup very similar to what is describe in this document by David Peak
  http://www.oracle.com/technetwork/issue-archive/2009/09-jan/o19browser-087025.html
  Edited by: user7660930 on Apr 18, 2011 7:40 AM

  I thought about trying to do something similar to the code above but would prefer that apex would work properly.
  I created a page with the sql region and added this code
  owa_util.print_CGI_ENV
  when I run it it shows the following environment variables. It look like the WebDB environment HTTP_ACCEPT value needs to be updated. Does any one know how to update this information on a 10gIAS server and were it is stored? I have some documenation on WebDB but none of it seems to point to the correct location of the files and there are no admin pages
  PLSQL_GATEWAY = WebDb
  GATEWAY_IVERSION = 2
  SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server
  GATEWAY_INTERFACE = CGI/1.1
  SERVER_PORT = 4445
  SERVER_NAME = admsunxapp04.ad.jocoks.com
  REQUEST_METHOD = GET
  QUERY_STRING = p=301:1:3167922978599440:::::
  PATH_INFO = /f
  SCRIPT_NAME = /pls/apex/sand
  REMOTE_ADDR = 172.16.14.100
  SERVER_PROTOCOL = HTTP/1.1
  REQUEST_PROTOCOL = HTTPS
  REMOTE_USER = APEX_PUBLIC_USER
  HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; Tablet PC 2.0)
  HTTP_HOST = admsunxapp04.ad.jocoks.com:4445
  HTTP_ACCEPT = image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
  HTTP_ACCEPT_ENCODING = gzip, deflate
  HTTP_ACCEPT_LANGUAGE = en-US
  HTTP_ORACLE_ECID = 1303315270:172.16.2.9:3032:0:2526,0
  WEB_AUTHENT_PREFIX =
  DAD_NAME = apex/sand
  DOC_ACCESS_PATH = docs
  DOCUMENT_TABLE = wwv_flow_file_objects$
  PATH_ALIAS =
  REQUEST_CHARSET = AL32UTF8
  REQUEST_IANA_CHARSET = UTF-8
  SCRIPT_PREFIX = /pls
  HTTP_COOKIE = ORA_WWV_R1=%23ALL; ORA_WWV_R2=%23ALL; ORA_WWV_R3=%23ALL; ORA_WWV_ATTRIBUTE_PAGE=4651%2C%23ALL; ORA_WWV_REMEMBER_UN=ADMIN:apex_app; ORA_WWV_USER=8A32E6579024A4F4; oracle.uix=0^^GMT-5:00; DEVL=WaSkGBNfJ6-Vgpw-6HXpHvM8:S

• SSO logout not working properly (cookie remains set)

  Hi, I've just implemented single sign-on authentication for my APEX 2.2 applications with help of these two howtos:
  http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html#INSTALL
  http://becomeappsdba.blogspot.com/2007/01/apex-apps-configure-sso-ii.html
  It quite works smoothly, e.g. for pages that require authentication the user is redirected
  ("Redirecting to the Login Server for authentication...") to the SSO server (another machine, a part of Oracle Collaboration Suite infrastructure). There on the login screen, the user enters the credentials and after submit (if the credentials are OK) is redirected back to the APEX application as an authenticated user.
  When the user clicks "Logout", the application redirects him (her) to the page specified in the "Logout URL" attribute of the SSO authentication scheme and the displayed username changes to "nobody". So far so good.
  However, the problem is that the user is in fact not logged out. On a subsequent attempt to get to an authenticated page within the same browser window the application displays for a short while "Redirecting to the Login Server for authentication..." but it doesn't really get the user to the SSO logon screen to enter username and password and instead it redirects him (her) directly to the required page as the previously authenticated user (the user who clicked the "Logout" sign). The only workaround is to close the browser window and start over again as the other user, which is not very convenient nor secure. It seems that despite the seeming logout the cookie remains set and I don't how to force the application to get rid of the cookie upon logout.
  Has anybody faced this behaviour and has some assistance for me?
  Thanks in advance.
  Zdenek

  Scott,
  thank you very much for your prompt explanation and pointing to the right thread. There, I was able to quickly find what I was looking for - the logout URL:
  https://host:port/pls/DAD/wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:https://login.yourlogin.com/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=https://host:port/pls/DAD/f?p=&APP_ID.:PUBLIC_PAGE
  Having that, it took me just 5 minutes to adopt it to my conditions (change machine names & page number), paste it to the SSO authentication scheme's logout URL field and sucessfully test it.
  To summarize for others in need, these are relevant links to this topic:
  Re: Partner Application in SSO logout does'nt synchronize
  SSO authentication
  Logout URL for 9iAS SSO Partner App
  Thanks again & appologies for asking this question without preceding proper searching for answer in this excelent & useful forum.
  Zdenek