Sso session timeout per partner application

Hello,
I was just wondering if it is possible to configure SSO session timeouts per partner application? I'm looking to log out users of a particular application after 15 minutes, but don't want this change to affect any of my other SSO enabled applications. Is this possible?
Thanks,

Hi,
I do not think so, you can not specify specail parameter for one application in SSO.
Why because SSO is one component (within your Infra) through which you logon different apps.
Another solution may be it will expensive is that you 'll need to use different infra for this specific application.
Regards,
Hamdy

Similar Messages

  • How to configure a session timeout for DynPro applications?

    Hello,
    1. Where can I configure the session timeout of the DynPro applications?
    2. Can I configure a session timeout per application and how do I do that?

    Hello Heidi,
    I am not familiar with this property:
    1. Where can I configure it?
    2. Does it apply to every application at the portal?
    3. What if I would like to configure just one application?
    By the way, I have noticed that the DynPro application has an expirationTime property. The documentation says this:
    Specifies the lifetime in seconds of a Web application on the server before the Web application is terminated by the server. The value of the DefaultExpirationTime parameter of the system configuration is used as the default value.
    My question is if someone tried to use this property?
    Message was edited by: Roy Cohen

  • How to set session timeout per user

    Hi,
    Ho do I set the session timeout per User in the
    Application.cfm File??
    I tried using
    <cfif SESSION.UID EQ 1>
    <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
    sessiontimeout="#CreateTimeSpan(0,0,20,0)#">
    </cfelse>
    <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
    sessiontimeout="#CreateTimeSpan(1,0,0,0)#">
    </cfif>
    But this didnt work because the cfapplication seems to have
    to be at the top before I call the variable SESSION.UID which
    I set on my login page..
    Someone know how to do this??
    Regards
    Martin

    Martin,
    Your code example cannot work because the "session" scope
    doesn't exist until your application scope is defined. So you have
    to handle this manually. Here's how you can get it done. First,
    define your application to the maximum sessiontimeout you want to
    have.
    <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
    SESSIONTIMEOUT="#CreateTimeSpan(1,0,0,0)#">
    Then, I don't know how you are doing your login
    authentication but when you have authenticated the user, you need
    to define the userid and the most recent activity in the session.
    Also determine your timeout value based on the userid. See example:
    <CFIF IS_AUTHENTICATED>
    <CFSET session.user.uid = form.userid>
    <CFSET session.user.most_recent_activity = now()>
    <CFIF session.user.id eq 1>
    <CFSET session.user.timeout_mins = 20>
    <CFELSE>
    <CFSET session.user.timeout_mins = 1440>
    </CFIF>
    </CFIF>
    Now, all you have to do is check whether the user has been
    idle for too long and kill the session by purging all session
    variables. For example:
    <!--- if user id is defined, this means user is logged in
    --->
    <CFIF structKeyExists(session, "user") and
    structKeyExists(session.user, "id")>
    <!--- check if timeout has expired --->
    <CFIF datediff("n", session.user.most_recent_activity,
    now()) gt session.user.timeout_mins>
    <!--- timeout has expired, kill the session and log the
    user out --->
    <CFSET StructClear(session)>
    <!--- insert your logout code here --->
    <CFELSE>
    <!--- user hasn't timed out, so reset the most recent
    activity to now --->
    <CFSET session.user.most_recent_activity = now()>
    </CFIF>
    </CFIF>

  • SSO userid for a partner application

    Hi,
    We have one application deployed on WebLogic Application Server this is registred as Partner application over SSO server.
    On application side we have installed Oracle HTTP Server as webserver and configured mod_osso.
    Now when user attempt to access any secured page SSO askes for the authentication. And on successful login user landed back to application page configured while creating Partner application.
    After login we need userid of user who logged in on sso server. I have tried following and getting null.
    Remote User: <%=request.getRemoteUser() %>,
         Proxy-Remote-User: <%=request.getHeader("Proxy-Remote-User") %>
         Osso-User-Dn: <%=request.getHeader("Osso-User-Dn") %>
         Osso-User-Guid: <%=request.getHeader("Osso-User-Guid") %>
         Osso-Subscriber: <%=request.getHeader("Osso-Subscriber") %>
         Osso-Subscriber-Dn: <%=request.getHeader("Osso-Subscriber-Dn") %>
         Osso-Subscriber-Guid: <%=request.getHeader("Osso-Subscriber-Guid") %>
         Accept-Language: <%=request.getHeader("Accept-Language") %>
    output:
    Remote User: null,
    Proxy-Remote-User: null
    Osso-User-Dn: null
    Osso-User-Guid: null
    Osso-Subscriber: null
    Osso-Subscriber-Dn: null
    Osso-Subscriber-Guid: null
    Accept-Language: en-us,en;q=0.5
    Is any one there knows, what exactly i should do?
    Thanks & Regards,
    Kevin Chheda

    So the user has successfully authenticated and can access protected areas of the application?
    Have you tried using Http headers to see values/attribute names?
    Can you try this:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <html>
    <body>
    <%@ page import = "java.util.*" %>
    <h1>Headers received:</h1>
    Remote user header is: <% out.println(request.getRemoteUser()); %>
    <p>
    <table>
    <%
    Enumeration headerNames = request.getHeaderNames();
    while(headerNames.hasMoreElements()) {
    String headerName = (String)headerNames.nextElement();
    out.println("<tr><td>" + headerName);
    out.println(" <td>" + request.getHeader(headerName));
    %>
    </table>
    </body></html>

  • Can SSO work with a partner application on different domain

    We have outsourced one of application to an external company(outsource.com). Is it possible to make that application a partner application to our sso server (xilinx.com)

    RAW? No. Compatible formats are JPEG, PNG, PSD and PSDX (PS Touch's own file format).
    Wouldn't be surprised to see some sort of "RAW file syncing" like Adobe just did with Lightroom on mobile, though.
    12 Megapixels is correct...for import, anyway. Oddly enough, I think you can create a 4096 by 4096 pixel project, which is a little bigger than 12 Megas.

  • Using SSO Session

    Hi,
    We are using AS 10.1.3.5 to deploy our EAR.(platfoem is OEL 5)
    In our EAR we are Hibernate 3.0 and Struts 2.0 Framework,using JDeveloper 10.1.3.5 and also we are using the SessionAware Interface of Struts 2 to implement session management.
    We have configured this as a partner Application with SSO and OID(10.1.4.3) using "Note 403164.1 " and invoking AS 10.1.2 Reports from our EAR.
    So,we need to use the same SSO session throughout our J2EE Application.
    Where as we need to add some session attribute to the SSO session which we are picking from our custom db table and we need to use those session attributes throughout our application (as long as the SSO session is valid).
    We do not have any idea on using this SSO sessions.(before making this a partner application we were using Servlet Sessions)
    Please suggest how to set some attibutes in the SSO session and retireve the same in our EAR.
    Edited by: Susmit on Jun 14, 2011 7:05 PM

    Susmit
    There are 2 ways you will be configuring SSO in OHS of OAS.
    Static and dynamic.
    Which one you are using ?
    If you are using dynamic i.e using java program, you have the control of the flow. You can make entries of that after successful authentication and delete the entries when the session expires.
    You can always check the session status using java api.
    If you are using static, you should have one servlet filter to track the session.
    Regards
    Chinna

  • Wrong Partner Application Site ID

    Hi,
    i deleted a partner application by mistake and i tried to re-create it.
    When i created a new one, it automatically got assigned a new and different SITE_ID, Site Token AND Encryption Key.
    The problem is that when i go to mu home URL, it is looking for my OLD SITE_ID.
    It also checks the orasso.wwsso_papp_configuration_inf_t table for it.
    How can i redirect mu site to look for the new SITE_ID, not the old one??
    HELP
    SEE BOLD PARTS IN ERROR BELOW:
    Tue Jun 29 15:40:57 VET 2010 [INFO] AJPRequestHandler-ApplicationServerThread-7 Entered doPost method ...
    Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 SSOLoginServlet.doPost     l_sassoToken null
    Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 SSOLoginServlet.doPost     l_site2psToken v1.2~9F18AD84~A4B36BC53EF5BC3E7C21ABB6F8213EC2AED4A7629F12222BC9DCEBEED4DB7A02BCDFD5A007B4F98370E51977E2858541756B0B5DF8DA6009F4029E669822E00FEBA1C569C5FB5A30ADE11D2084A79C8C2F1485C12864282D935624BB76878F3ACDF6AB3154C1818335224362B30DA83975B6F5FCD39AFC18A8C8EA7F2B48A7622F6A8693A3AE5074A9505CF0B152BCAC1D7C0ED05EEC195F426A8F9ABB9056CA40DA6B2615C2A64F6CC9E4204A5A9D2BA36E1B9420D7E9CC1905F2C0F286952C68E801F6A7E6886D5940BCBCE377F349C8A05EFC2D2DA9F230465D96C7D15DCDAF4105C114CB08B5
    Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 URI received is: /sso/auth
    Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Partner Type: SSOPartner
    Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Auth URI = : /sso/auth
    Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 URI received is: /sso/auth
    Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 getAuthIntegrationType l_sassoToken null
    Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 getAuthIntegrationType l_site2psToken v1.2~9F18AD84~A4B36BC53EF5BC3E7C21ABB6F8213EC2AED4A7629F12222BC9DCEBEED4DB7A02BCDFD5A007B4F98370E51977E2858541756B0B5DF8DA6009F4029E669822E00FEBA1C569C5FB5A30ADE11D2084A79C8C2F1485C12864282D935624BB76878F3ACDF6AB3154C1818335224362B30DA83975B6F5FCD39AFC18A8C8EA7F2B48A7622F6A8693A3AE5074A9505CF0B152BCAC1D7C0ED05EEC195F426A8F9ABB9056CA40DA6B2615C2A64F6CC9E4204A5A9D2BA36E1B9420D7E9CC1905F2C0F286952C68E801F6A7E6886D5940BCBCE377F349C8A05EFC2D2DA9F230465D96C7D15DCDAF4105C114CB08B5
    *Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Partner Type: SSOPartner*
    *Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Partner Site ID: 9F18AD84*
    *Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 entry: getPartnerConfiguration. p_site_id 9F18AD84*
    *Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 site id not in cache. try in database*
    *Tue Jun 29 15:40:57 VET 2010 [INFO] AJPRequestHandler-ApplicationServerThread-7 Entered DBConnectionPool.getConnection method *
    *Tue Jun 29 15:40:57 VET 2010 [INFO] AJPRequestHandler-ApplicationServerThread-7 Leaving DBConnectionPool.getConnection method *
    Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 DatabaseConfigReadergetting partner apps
    configs: select site_id, site_token, site_name, home_url, success_url, logout_url, encryption_key, encryption_mask_pre, encryption_mask_post,
    start_date, end_date, administrator_id, administrator_info from wwsso_papp_configuration_inf_t where site_id = '9F18AD84'*
    Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Partner Site ID: 9F18AD84
    Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 exception before getAuthLevel
    oracle.security.sso.server.conf.ConfigurationException:* Partner application configuration not found:9F18AD84*
         at oracle.security.sso.server.conf.DatabaseConfigReader.getPartnerConfiguration(DatabaseConfigReader.java:143)
         at oracle.security.sso.server.auth.AuthDirector.getAuthLevel(AuthDirector.java:213)
         at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:480)
         Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Calling getAuthLevel for /sso/auth
    Tue Jun 29 15:40:57 VET 2010 [INFO] AJPRequestHandler-ApplicationServerThread-7 Entered FilePolicyManager.getAuthLevel: authUri=/sso/auth
    Tue Jun 29 15:40:57 VET 2010 [ERROR] AJPRequestHandler-ApplicationServerThread-7 Unexpected Exception received
    java.lang.NullPointerException
         at oracle.security.sso.server.policy.FilePolicyManager.getAuthLevel(FilePolicyManager.java:396)
         at oracle.security.sso.server.auth.AuthDirector.getAuthLevel(AuthDirector.java:234)
         at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:480)
    ...

    Hi Rhonda,
    You are sending PO to a vendor. In this case, the system is right in saying that the partner needs to be Vendor or Customer.
    You may be sending this to your XI system, which will translate and send it to the vendor/customer. In this case, please maintain a port and the RFC destination to the port as your XI system.
    In your partner profile for the Vendor/Customer, please specify the ALE port.
    Please let me know if I can provide additional info.
    Thanks
    Ganesh.S

  • Help with Partner Application

    Hello,
         I am looking for some help with the �Administer Partner Application� page ( This can be reached from Portlet Repository : Administration : SSO/OID: SSO Server Administration: Administer Partner Applications).
         This page contains the list of partner applications authenticated through the SSO Server.
         I am looking for a way to add specific applications from this list (not all of them but only a few) to another page. Is there a way to do this either programmatically or through the GUI?
    Thanks in advance,
    Karthik Paliniappan.

    Hi
    can you be little more expalinatory with you sentance
    I am looking for a way to add specific applications from this list (not all of them but only a few) to another page. Is there a way to do this either programmatically or through the GUI?
    Regards
    Samir

  • Help with Partner Applications

    Hello,
    I am looking for some help with the �Administer Partner Application� page ( This can be reached from Portlet Repository : Administration : SSO/OID: SSO Server Administration: Administer Partner Applications).
    This page contains the list of partner applications authenticated through the SSO Server.
    I am looking for a way to add specific applications from this list (not all of them but only a few) to another page. Is there a way to do this either programmatically or through the GUI?
    Thanks in advance,
    Karthik Paliniappan.

    Hi,
    Please post this question on login server and sso forum.
    Thanks,
    Sharmila

  • Session Timeout and DAD Authentication

    My application uses the authentication scheme 'No authentication (using DAD)'. The users log in from an external program and the user IDs are captured in the variable remote_user. My authorization scheme checks that the user ID exists in a database table. All this seems to work fine.
    However, I need to implement a session timeout on the application. I've followed the steps described in the "Automatic Session Timeouts" utility in the Application Express Studio but when I tried to modify the authentication scheme by adding:
    return auth_pkg.check_timeout;
    to the Session Verify Function I got the following errors:
    No functional attributes may be set when page sentry function is '-DATABASE-'.
    and
    Session verification function may not be specified if page sentry function is specified.
    I'm new to Apex and I don't know where to go from here. Any advice please?
    Thanks
    Maria

    Maria,
    The usual way to do the authentication part is to use a custom page sentry function. Many examples have been posted on the forum based on the ntlm page sentry code. Search for those keywords here (ntml page sentry) and you should find it easily. Then you can modify it by adding the session timeout logic in that function.
    Scott

  • How are session timeouts handled

    Hi,
    Can anyone tell me how session timeouts are handled by the Servlet
    Engine.
    What is the exact role of the SessionInvalidator class. Are sessions
    correctly timed
    out by iAS, because I get strange behaviour in handling session timeouts
    in my application
    which is following MVC architecture.
    What I am observing is that sessions dont seem to timeout after the
    length of
    time specified and sometimes they do timeout correctly. The difference
    between the
    time the session should have timed out and when it actually does is too
    high, which is
    really a concern for us.
    Thanks in advance to evryone.
    Amar bhat.

    Hi AmarBhat,
    Actually this is a bug in iAS (bug id: 556909, Status: Fixed ). This is
    happeninig because iAS has a bad ( late) cleanup of timed out sessions. The
    getSession method (HttpSession) calls IsRequestedSessionIdValid() as a check
    for timeout and this check returns "Valid" even after a couple of seconds of
    timeout. Thus, the getSession from Java layer returns the valid session. So
    you are still able to read and write data on the session.
    We can specify iAS the session to invalidate itself after being timeout.
    Alternately, we can do it manually with HttpSession method, invalidate().
    Plese get back if you have any issues.
    Thanks,
    Rakesh.
    Developer -support, iAS.
    amar bhat wrote:
    Hi,
    Can anyone tell me how session timeouts are handled by the Servlet
    Engine.
    What is the exact role of the SessionInvalidator class. Are sessions
    correctly timed
    out by iAS, because I get strange behaviour in handling session timeouts
    in my application
    which is following MVC architecture.
    What I am observing is that sessions dont seem to timeout after the
    length of
    time specified and sometimes they do timeout correctly. The difference
    between the
    time the session should have timed out and when it actually does is too
    high, which is
    really a concern for us.
    Thanks in advance to evryone.
    Amar bhat.

  • Forms sessions timeout

    Team,
    i was asked to look over the forms sessions timeout in oracle applications.can anyone provide me some valid points and solutions regarding that.
    Thanks,
    aram
    Edited by: aram on Jul 28, 2011 1:44 PM

    Pl identify OS, database and EBS versions. Pl see these MOS Docs
    Tips and Queries for Troubleshooting Forms Session Timeout Issues          [Document 402674.1]
    R12: Forms Timeout More Than 2 Hrs Is Not Working After R12 Upgrade          [Document 734077.1]
    How To Fix The Forms Timeout Issue In Oracle Applications 11i          [Document 269884.1]
    HTH
    Srini

  • SSO Partner Application and Session Time out

    Hi ,
    We have an application on forums.oracle.com which is implementing the Authentication scheme as SSO, that is working well, now we want to implement Session Time out if the user is idle for some time and ask him to login again after the session fails, I have tried to implement this feature as given by Scott in the thread session timeout , well the problem is since we dont have a login page here how do we set the cookies owa_cookie.send(
    name => 'HTMLDB_IDLE_SESSION',
    value => to_char(sysdate+(20/1440),'DD-MON-YYYY HH24:MI:SS'),
    expires => null,
    path => '/',
    domain => null
    and where is the current point to implement it.
    Any help on this is greatly welcome.
    Thanks in Advance.

    Naveen,
    I don't remember how the solution works. But if you don't have a login page you can usually put code in the post-authentication process of your authentication scheme to do whatever the login page process would have done.
    Scott

  • Partner Application in SSO logout does'nt synchronize

    Hi All,
    I've setup two separate application on different workspace and different server as partner Application. I've follow the instruction from http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
    . And everything working fine, but the "logout" seen doesn't work correctly.
    Example: I'm login to Application "A" from single sign on homepage, after enter username and password, it direct me to Application "A". After that, i've click on Application "B" which also located on single sign on homepage and direct me to application "B" (that's correct). When I clicked on the "logout" link in Application "A" it work fine, but the other Application (B) doesn't log me out. I can do the normal work on Application "B" even the Application "A" already logout.

    Hi Scott,
    Thank you for your reply. I've read the two link above and I don't figure out how to resolve my problem yet. From the link: Logout URL for 9iAS SSO Partner App
    you said:
    Steve - Here's a logout URL that unsets the app's session cookie first, then goes to Single Sign-off, then back to a public page in the app:
    https://host:port/pls/DAD/wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:https://login.yourlogin.com/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=https://host:port/pls/DAD/f?p=&APP_ID.:PUBLIC_PAGECan set the authentication schema logout URL of application "A" something like: unsets app's session cookies first, then goes to Single Sing-off, then goes to Application "B" sign-off, and then back to a public page in the app. That way will be logout the Application "A", logout the Single Sign-On, and logout the Application "B" when i click on the "logout" link from Application "A". Am I correct?
    The other question is how can i get the SSO cookie. I've used the owa_cookie.get('cookie_name') function, but it doesn't work for SSO.
    Thanks,
    Kevin

  • Registering a partner application with SSO SDK

    Good day
    Since 2 days, I am struggling for the issue of registering a Servlet application as a partner
    application using the SSO Login Server.
    As per the suggested note id 182701.1 in metalink , I implement the following steps :
    - Step A : Create the partner Application Schemas (Succesful & the name of the shemas is : ssopartner)
    - Step B : Load Packages for the partner application (Successful)
    - Step C : Obtain the registration information (Successful)
    - Step D : Run the regapp.sql (successful but they forgot to mention that I should load the
    SSOHash.class )
    - Step E : Compile and Run
    I deploy the application under 9iAS in order to test it.
    I add the ssosdk307.jar the the jserv.properties file.
    I invoke the SSOPartnerServlet java program by entering :
    http://name of the webserver/servlet/SSOPartnerServlet
    I got the message "redirecting to the login server" and I got the
    login page of the SSO Server.
    Once I submit the user/password , I got HTTP 400: Page cannot be
    displayed.
    I check the mod_jserv.log file and find out the following message :
    [08/04/2002 13:54:16:949] (ERROR) ajp12: Servlet Error: POST is not
    supported by this URL
    Could you please advise
    Your prompt feedback is highly appreciated
    regards

    I believe that this is not possible as the mod_osso realizes that the URL is below an URL that you want to protect.
    The only way I see that you can do this is the following modification in the mod_osso.conf:
    <Location /myApp/secure_partA>
    AuthType basic
    Require valid-user
    </Location>
    <Location /myApp/secure_partB>
    AuthType basic
    Require valid-user
    </Location>
    <Location /myApp/secure_partX>
    AuthType basic
    Require valid-user
    </Location>
    So your application /myApp/subApp will not be effected and people can just access this part. However you will have more administration in your mod_osso.conf
    cu
    Andreas

Maybe you are looking for

  • Can't See Camera Connected via USB in CS2 Bridge

    I've connected a Canon PowerShot (as previously) via a USB port. When I open "My PC' in WinXP, I see the Canon along with my other drives and can view the jpeg image files. When I navigate to "My PC" in CS2 Bridge, I can see all drives except the Can

  • PPDS Order Deletion

    Hi All, Is there a method to perform Order No. wise PPDS order deletion.As the standard report /sapapo/delete_pp_order does not support order wise processing. Couldnt find any BAPI for the same either. Thanks Renjith

  • Insert or Update method - removed from Web Services v2.0?

    Was the "insert or update" method on standard objects taken out of Web Services v2.0 for a reason? Is there an equivalent of this functionality in Web Services v2.0? Thanks, -Kevin

  • Immediate Utilization

    Dear all, When I am doing excise for export under rebate, where I am doing immediate utilization. The accounts that are getting hit are CENVAT SUSPENSE debit CENVAT I/P BED CREDIT CENVAT I/P ECS CREDIT CENVAT I/P SECESS CREDIT Please note :- AS THIS

  • TWO clips snap together after deleting the one between them without command

    Hi, Someone at an Apple store workshop asked today about a gap in a timeline which one usually closes by clicking "close gap", but in this case, the gap is closing immediately after the deletion without a command being entered. Does anyone know if th