SSO userid for a partner application

Similar Messages

• Sso session timeout per partner application

  Hello,
  I was just wondering if it is possible to configure SSO session timeouts per partner application? I'm looking to log out users of a particular application after 15 minutes, but don't want this change to affect any of my other SSO enabled applications. Is this possible?
  Thanks,

  Hi,
  I do not think so, you can not specify specail parameter for one application in SSO.
  Why because SSO is one component (within your Infra) through which you logon different apps.
  Another solution may be it will expensive is that you 'll need to use different infra for this specific application.
  Regards,
  Hamdy

• Using SSO for 2 partner application that different domainname

  Dear expert,
  I have to implement the Oracle SSO with 2 existing Web Application that separate domainname (eg. domainA.com and domainB.com). I have read from OTN the SSO using HTTP Cookie for partner applications but the standard cookie can not be accessed from different domainname.
  Please, Who can help me on this case?
  Thanks in advance,
  Kotaro

  Reading and googling through much unclear RMAN content I came to the conclusion that it simply is not possible to use RMAN to copy SCHEMA_A from INSTANCE_A in MACHINE_A into INSTANCE_B without blowing away SCHEMA_B in INSTANCE_B on MACHINE_B.
  So, I need to use RMAN to set up INSTANCE_A_COPY on MACHINE_B. Then I can have both INSTANCE_B and INSTANCE_A_COPY on MACHINE_B. If MACHINE_A should fail then I can switch over to MACHINE_A_COPY and run both instances, no problem.
  Question: I would like to save time and disk space by not copying a 1TB reference tablespace/schema into INSTANCE_A_COPY. When I run INSTANCE_A_COPY it will need to join to the read-only reference tablespace/schema in INSTANCE_B. What will be the performance of a “distributed join” on tables across two instances in the same machine?

• Using APEX as SSO redirect for existing web application

  Hi,
  I have an existing PHP based Web Application hosted on an Apache server. I want to protect these web pages by authenticating users via Oracle SSO.
  I tested this by creating a simple APEX web page with redirect <Meta> tag to route traffic to my application upon successful SSO login. This works fine if request comes directly to APEX page....
  So my question is how do I protect php pages from being directly accessed and still be able to get sso user login information (like username) coming from APEX page?
  Do I still need to set up mod_sso.so in osso.conf for my Apache Server or should I just register my php web application as partner application with SSO server without going through APEX?
  Any advice on this is greatly appreciate.
  Thanks,
  james

  Tony,
  Sorry for taking so long to respond as I got side tracked with other tasks.
  Thank you so much for the link. The provided link is very helpful.
  One difference in my situation is that I am using a generic Apache installation (version 2.2.11) and not Oracle Apache Server from OAS.
  So I copied mod_osso.so from OAS 10.1.3.1.0 installation to my generic Apache location. As I tried to startup Apache instance I got following error while loading mod_osso.so.
  ... Cannot load /apache-2.2.11/modules/mod_osso.so into server: /apache-2.2.11/modules/mod_osso.so: undefined symbol: ap_configtestonly
  I did some search and found that other folks are reporting success of using mod_osso.so on generic Apache (without saying which version of Apache). I wonder if mod_osso.so can only work with older version of Apache?
  Do you have insights on this by any chance?
  Thanks again,
  James

• Ideas for flights partner application problem

  Hi!
  We got problem with trying to configure flights demo partner
  application.
  URL: http://orawat5/servlet/flights/
  Error code below:
  An error has occured in this Application
  oracle.security.sso.enabler.SSOEnablerException:
  oracle.security.sso.enabler.SSOEnablerException:
  java.sql.SQLException: ORA-06550: line 1, column 13: PLS-00201:
  identifier 'WWSEC_SSO_ENABLER_PRIVATE.GENERATE_REDIRECT' must be
  declared ORA-06550: line 1, column 7: PL/SQL: Statement ignored
  at
  oracle.portal.devguide.partner.application.PartnerSSOEnabler.getS
  SOUserInfo(PartnerSSOEnabler.java:215) at
  oracle.portal.devguide.partner.application.FlightDispatch.process
  (FlightDispatch.java, Compiled Code) at
  oracle.portal.devguide.partner.application.PartnerServlet.doGet
  (PartnerServlet.java:48) at
  javax.servlet.http.HttpServlet.service(HttpServlet.java:499) at
  javax.servlet.http.HttpServlet.service(HttpServlet.java:588) at
  org.apache.jserv.JServConnection.processRequest
  (JServConnection.java:402) at
  org.apache.jserv.JServConnection.run(JServConnection.java:260)
  at java.lang.Thread.run(Thread.java:479)
  What do you think about what is problem?
  (maybe this java ...PartnerSSOEnabler.getSSOUserInfo calls some
  pl/sql code)
  Regards,
  Olli-Pekka

  Can you please provide me following information so that I can understand the environment clearly?
  1. Login Server version
  2. SSO SDK version (e.g. ssosdk307_011223.zip) etc
  3. Database version for Login Server and SSO SDK partner application
  4. Where did you get the original JPDK zip file and version number?

• Can SSO work with a partner application on different domain

  We have outsourced one of application to an external company(outsource.com). Is it possible to make that application a partner application to our sso server (xilinx.com)

  RAW? No. Compatible formats are JPEG, PNG, PSD and PSDX (PS Touch's own file format).
  Wouldn't be surprised to see some sort of "RAW file syncing" like Adobe just did with Lightroom on mobile, though.
  12 Megapixels is correct...for import, anyway. Oddly enough, I think you can create a 4096 by 4096 pixel project, which is a little bigger than 12 Megas.

• How to get Win NT userid for setting VPD application context?

  We are planning to implement row-level security using VPD. For that to happen, we need to capture the Windows NT userid since all the applications connect through a generic Oracle userid which will not help us.
  Has anyone done this before? Your responses are appreciated.
  Thanks.

  SELECT osuser
  FROM v$session
  WHERE audsid = (SELECT USERENV ('sessionid') FROM dual)

• Partner application configuration is missing error on SSO login page

  We have APEX 3.1.2 setup as a partner application and an application within APEX setup to use SSO for authentication. Following a link to the APEX application redirects to the Single Sign-On page, as it should, but it also shows "Error: The partner application configuration is missing or expired." I type in my password and username, click the Login button, and (if I entered my username and password correctly, of course!) then the APEX application is shown. So, I cannot figure out why we're getting the no_papp_err error and I have not found any solutions to that issue on Metalink or anywhere else on the Internet. Any ideas? I'm concerned that we have a misconfiguration somewhere that is causing this error and will affect any other partner application we setup in the future.
  We're on Oracle Portal 10.1.4, SSO 10.1.2, and SSL is setup on both infra and mid tiers.

  Did you try checking the partner application entries on the SSO-login server page?
  please login as orcladmin or some other user with membership in, i beleive, iasadmins group. verify that for this partner application, what you see here corresponds to the application URL. it looks like your login page call may have issues. so check for login url too.
  also check the ORASSO.WWSSO_LS_CONFIGURATION_INFO$ for entries corresponding to Apex application.

• Registering a partner application with SSO SDK

  Good day
  Since 2 days, I am struggling for the issue of registering a Servlet application as a partner
  application using the SSO Login Server.
  As per the suggested note id 182701.1 in metalink , I implement the following steps :
  - Step A : Create the partner Application Schemas (Succesful & the name of the shemas is : ssopartner)
  - Step B : Load Packages for the partner application (Successful)
  - Step C : Obtain the registration information (Successful)
  - Step D : Run the regapp.sql (successful but they forgot to mention that I should load the
  SSOHash.class )
  - Step E : Compile and Run
  I deploy the application under 9iAS in order to test it.
  I add the ssosdk307.jar the the jserv.properties file.
  I invoke the SSOPartnerServlet java program by entering :
  http://name of the webserver/servlet/SSOPartnerServlet
  I got the message "redirecting to the login server" and I got the
  login page of the SSO Server.
  Once I submit the user/password , I got HTTP 400: Page cannot be
  displayed.
  I check the mod_jserv.log file and find out the following message :
  [08/04/2002 13:54:16:949] (ERROR) ajp12: Servlet Error: POST is not
  supported by this URL
  Could you please advise
  Your prompt feedback is highly appreciated
  regards

  I believe that this is not possible as the mod_osso realizes that the URL is below an URL that you want to protect.
  The only way I see that you can do this is the following modification in the mod_osso.conf:
  <Location /myApp/secure_partA>
  AuthType basic
  Require valid-user
  </Location>
  <Location /myApp/secure_partB>
  AuthType basic
  Require valid-user
  </Location>
  <Location /myApp/secure_partX>
  AuthType basic
  Require valid-user
  </Location>
  So your application /myApp/subApp will not be effected and people can just access this part. However you will have more administration in your mod_osso.conf
  cu
  Andreas

• Error: Partner application configuration is missing ... on SSO login page

  We have APEX 3.1.2 setup as a partner application and an application within APEX setup to use SSO for authentication. Going to the APEX application redirects to the Single Sign-On page, as it should, but it also shows "Error: The partner application configuration is missing or expired." I type in my password and username, click the Login button, and (if I entered my username and password correctly), it redirects me to the APEX application just like it should. So, I cannot figure out why we're getting the no_papp_err error and I have not found any solutions to that issue on metalink or anywhere else on the Internet. Any ideas?
  We're on Oracle Portal 10.1.4, SSO 10.1.2, and SSL is setup for both.
  +Closing this topic and opening it in [Oracle Application Server - General|http://forums.oracle.com/forums/thread.jspa?threadID=832022&tstart=0|New Topic]+
  Edited by: oportalist on Nov 28, 2008 10:24 AM

  Did you try checking the partner application entries on the SSO-login server page?
  please login as orcladmin or some other user with membership in, i beleive, iasadmins group. verify that for this partner application, what you see here corresponds to the application URL. it looks like your login page call may have issues. so check for login url too.
  also check the ORASSO.WWSSO_LS_CONFIGURATION_INFO$ for entries corresponding to Apex application.

• SSO for multiple APEX applications on the same instance

  Hi All,
  We have an APEX instance with 2 applications configured in 2 workspaces.
  The instance is already configured to use SSO. I have followed thee Metalink note #562807.1 to do the SSO wiring.
  We are planning to incorporate SSO authentication for both the applications.
  Also planning to use different URLs (2 aliases for the server) for the applications.
  eg:-
  App1 will be using http://app1.us.oracle.com/pls/apex/f?p=100:10
  App2 will be using http://app2.us.oracle.com/pls/apex/f?p=200:10
  Is it possible to register SSO on 2 URLs for the same instance?
  Can I execute regapp.sql multiple times on the same instance?
  Please advice me.
  Thanks,
  Sajeesh

  Is it possible to register SSO on 2 URLs for the same instance?You should be able to register as many partner applications as you like. I suggest that you try it.
  Can I execute regapp.sql multiple times on the same instance?Yes, but the lsnr_token value must be unique. That's HTML_DB:hostname:port.
  Your applications in different workspaces will not be able to share sessions but you will probably get the single-sign-on behavior you need.
  Scott

• Partner Application Registration

  When using the Administer Partner Applications page, it appears the application is not being registered completely. The information does not appear in the WWSEC_ENABLER_CONFIG_INFO$ table, as has been suggested in prior posts (everything is fine in WWSSO_PAPP_CONFIGURATION_INFO$).
  I am attempting to deploy the SSO SDK demo PL/SQL application, which works fine when logged into Portal. However, when not logged into Portal, I receive the following errors:
  "Error in application: missing application registration information
  Please register this application as described in installation guide"
  This error is driven by the PL/SQL exception:
  "wwsec_sso_enabler_private.enabler_config_not_found"
  What am I missing? I have created several Partner applications, and none of them appear in the WWSEC_ENABLER_CONFIG_INFO$ table. I have sucessfully loaded the SSOHash into my partner schemas.
  Environment:
  Win2000
  Portal 3.0.7
  Thanks in advance...
  Dean

  Paul,
  Thanks for the info; however, I'm still unable to get the SSO SDK sample, or any partner app, to work.
  I have read the docs, what little there is, and followed the steps closely. Everything executes ok.
  I have several questions:
  1. When executing the REGAPP.SQL script that comes with the SDK, it indicates to login as the partner schema. I have noticed when running this script, the entry is stored in the partner schema table WWSEC_ENABLER_CONFIG_INFO$, not the one owned by Portal. Is this correct?
  2. My partner app is really a PL/SQL Server Page (PSP) application which uses the same server as Portal. When entering the Listener Token name, I have been using the same server name as Portal. Is this a problem? What is this token used for? Must it be unique for each partner application?
  3. In your response you mentioned changes to the REGAPP script. I found no mention of any changes in the docs with SSO SDK. Am I missing something?
  Finally, is there any better documentation for the SDK and/or partner application configuration. The readme and install files do not, in my opinion, pass as documentation.
  Thanks...
  Dean

• Partner application authorization model missing

  We have written our own portal using j2ee technologies. Based upon user identity, we construct a launch pad for the applications that a user has authorization to. It have 260 different applications.
  We want to migrate to Oracle Portal. I would like to make each of these applications a partner application. They all share the same user repository.
  The problem is that Oracle does not have a user to Partner application authorization model.
  I could encapsulate all the applications as portlets, then Oracle portal would be able to manage the authorization to the portlets. To do this would be a major effort, changing thousands of JSP's and classes that render links. But this is not possible if they are just partner applications.
  I know, Oracle is going to say "Portal is just a launch pad, it does not handle menuing of individual applications. That is the individual application's responsibility."
  THIS does not apply. I thought long and hard on this issue. I am not asking Oracle Portal to take over menuing of an application, rather, I am asking it to be a launchpad to my 260 different applications, and to provide the facility that would allow the assignment of user and groups to execute partner applications.
  One thing I may have to do is on the initialization of the partner application is to make a call back to the login server and check whether they are authorized to use the partner application.
  There is a big difference between authentication and authorization.
  Thanks,
  Phillip

  Did you try checking the partner application entries on the SSO-login server page?
  please login as orcladmin or some other user with membership in, i beleive, iasadmins group. verify that for this partner application, what you see here corresponds to the application URL. it looks like your login page call may have issues. so check for login url too.
  also check the ORASSO.WWSSO_LS_CONFIGURATION_INFO$ for entries corresponding to Apex application.

• Wwc- 41653 The partner application configuration is missing or expired.

  We have the following scenerio.
  Application server 9iR1, apache server, login server, portal3.0.9.8.4 on 9iR2 database on host A. There is another database in 9iR2 where portal3.0.9.8.4 installed on host B. I want to use this database for another website configuring apache on host A as virtual host. I want to use same login server on host A.
  The website on host A is working fine while the website on host B does not allow me to log into the login server.
  I have run ssodatan script for associating portal schema on host B. I have created partner application on host A portal for accessing portal on host B and run ssodatax script for associating partner application.
  when I try to log into the another web site created for host B, I get portal welcome page. when I click on login, I get sso page but i am unable to log into it, getting error The partner application configuration is missing or expired. Please contact the administrator. (WWC-41653)
  How to resolve this?

  Were you able to resolve the issue???
  Can you pls try Rerunning ssodatan/x with the correct data. The ssodatan script is located in the directory ORACLE_HOME/portal30/admin/plsql/ssodatan.
  Refer following link for more info on SSODATAN , SSODATAX and DIAGNOSTICS scripts in Portal 3.0.x:
  http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=136138.1

• Wrong Partner Application Site ID

  Hi,
  i deleted a partner application by mistake and i tried to re-create it.
  When i created a new one, it automatically got assigned a new and different SITE_ID, Site Token AND Encryption Key.
  The problem is that when i go to mu home URL, it is looking for my OLD SITE_ID.
  It also checks the orasso.wwsso_papp_configuration_inf_t table for it.
  How can i redirect mu site to look for the new SITE_ID, not the old one??
  HELP
  SEE BOLD PARTS IN ERROR BELOW:
  Tue Jun 29 15:40:57 VET 2010 [INFO] AJPRequestHandler-ApplicationServerThread-7 Entered doPost method ...
  Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 SSOLoginServlet.doPost     l_sassoToken null
  Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 SSOLoginServlet.doPost     l_site2psToken v1.2~9F18AD84~A4B36BC53EF5BC3E7C21ABB6F8213EC2AED4A7629F12222BC9DCEBEED4DB7A02BCDFD5A007B4F98370E51977E2858541756B0B5DF8DA6009F4029E669822E00FEBA1C569C5FB5A30ADE11D2084A79C8C2F1485C12864282D935624BB76878F3ACDF6AB3154C1818335224362B30DA83975B6F5FCD39AFC18A8C8EA7F2B48A7622F6A8693A3AE5074A9505CF0B152BCAC1D7C0ED05EEC195F426A8F9ABB9056CA40DA6B2615C2A64F6CC9E4204A5A9D2BA36E1B9420D7E9CC1905F2C0F286952C68E801F6A7E6886D5940BCBCE377F349C8A05EFC2D2DA9F230465D96C7D15DCDAF4105C114CB08B5
  Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 URI received is: /sso/auth
  Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Partner Type: SSOPartner
  Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Auth URI = : /sso/auth
  Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 URI received is: /sso/auth
  Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 getAuthIntegrationType l_sassoToken null
  Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 getAuthIntegrationType l_site2psToken v1.2~9F18AD84~A4B36BC53EF5BC3E7C21ABB6F8213EC2AED4A7629F12222BC9DCEBEED4DB7A02BCDFD5A007B4F98370E51977E2858541756B0B5DF8DA6009F4029E669822E00FEBA1C569C5FB5A30ADE11D2084A79C8C2F1485C12864282D935624BB76878F3ACDF6AB3154C1818335224362B30DA83975B6F5FCD39AFC18A8C8EA7F2B48A7622F6A8693A3AE5074A9505CF0B152BCAC1D7C0ED05EEC195F426A8F9ABB9056CA40DA6B2615C2A64F6CC9E4204A5A9D2BA36E1B9420D7E9CC1905F2C0F286952C68E801F6A7E6886D5940BCBCE377F349C8A05EFC2D2DA9F230465D96C7D15DCDAF4105C114CB08B5
  *Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Partner Type: SSOPartner*
  *Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Partner Site ID: 9F18AD84*
  *Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 entry: getPartnerConfiguration. p_site_id 9F18AD84*
  *Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 site id not in cache. try in database*
  *Tue Jun 29 15:40:57 VET 2010 [INFO] AJPRequestHandler-ApplicationServerThread-7 Entered DBConnectionPool.getConnection method *
  *Tue Jun 29 15:40:57 VET 2010 [INFO] AJPRequestHandler-ApplicationServerThread-7 Leaving DBConnectionPool.getConnection method *
  Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 DatabaseConfigReadergetting partner apps
  configs: select site_id, site_token, site_name, home_url, success_url, logout_url, encryption_key, encryption_mask_pre, encryption_mask_post,
  start_date, end_date, administrator_id, administrator_info from wwsso_papp_configuration_inf_t where site_id = '9F18AD84'*
  Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Partner Site ID: 9F18AD84
  Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 exception before getAuthLevel
  oracle.security.sso.server.conf.ConfigurationException:* Partner application configuration not found:9F18AD84*
       at oracle.security.sso.server.conf.DatabaseConfigReader.getPartnerConfiguration(DatabaseConfigReader.java:143)
       at oracle.security.sso.server.auth.AuthDirector.getAuthLevel(AuthDirector.java:213)
       at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:480)
       Tue Jun 29 15:40:57 VET 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Calling getAuthLevel for /sso/auth
  Tue Jun 29 15:40:57 VET 2010 [INFO] AJPRequestHandler-ApplicationServerThread-7 Entered FilePolicyManager.getAuthLevel: authUri=/sso/auth
  Tue Jun 29 15:40:57 VET 2010 [ERROR] AJPRequestHandler-ApplicationServerThread-7 Unexpected Exception received
  java.lang.NullPointerException
       at oracle.security.sso.server.policy.FilePolicyManager.getAuthLevel(FilePolicyManager.java:396)
       at oracle.security.sso.server.auth.AuthDirector.getAuthLevel(AuthDirector.java:234)
       at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:480)
  ...

  Hi Rhonda,
  You are sending PO to a vendor. In this case, the system is right in saying that the partner needs to be Vendor or Customer.
  You may be sending this to your XI system, which will translate and send it to the vendor/customer. In this case, please maintain a port and the RFC destination to the port as your XI system.
  In your partner profile for the Vendor/Customer, please specify the ALE port.
  Please let me know if I can provide additional info.
  Thanks
  Ganesh.S