Using Oracle SSO

Similar Messages

• Getting error like "Error in portal_sso_redirect: missing application registration information" while trying to run application using Oracle SSO

  Hi All,
  I am trying to implement SSO authentication for my APEX application. I have registered the application as a SSO partner application.
  I have set the authentication scheme to Oracle Application server Single Sign On.
  When i run the application i am getting the below error.
  Error in portal_sso_redirect: missing application registration information: p_partner_app_name:g_listener_token:HTML_DB:ofss220104.in.oracle.com:5050Please register this application as described in the installation guide.
  Please help me to resolve this.
  Thanks and Regards,
  Suhas

  Suhas,
  After you registered your application as a SSO partner application did you use the information from Oracle SSO (home URL, success URL, Logout URL, app_name etc) and loaded it into the APEX_SSO schema using the regapp.sql script from the ssosdk?
  Step 4 of http://www.oracle.com/technetwork/testcontent/sso-partner-app-100552.html#INSTALL
  Ricker

• Oracle JAAS with roles from database tables and Oracle SSO integration

  I have the following requirement for user authentication and authorization. The applications are build using ADF Faces and BC4J. User authentication should be done using Oracle SSO. User roles and functions will be stored in custom tables. These roles will be used on ADF application pages to restrict access to the UI components on a page. Example: User will "Employee" role cannot create a new employee; however, user with "HR" role can create a new employee.
  In this case, "Create" button will be visible on the ADF page.
  1. How can we use Oracle JAAS to use custom tables for roles instead of using flat XML files?
  2. How does ADF applications use these roles to restrict components on a page?
  3. For authentication, I guess we should be able to use SSO and integrate with Oracle JAAS?
  Thanks.

  Hi,
  I can give you the answers to 1 and 2 but haven't tried 3.
  1) Oracle OC4J since 10.1.3.1 has a database LoginModule that is explained in the OC4J security guide.
  I have a how-to document in review that will be published probaby next week and that explains how to set this LogiNModule up for JDeveloper and stand alone OC4J, though the OC4J documentation is pretty good as well
  http://download-west.oracle.com/docs/cd/B32110_01/web.1013/b28957/loginmod.htm#BABCDDAI
  2) Create a managed bean with boolan methods like isUserManager, isUserEmployee, isUserTechnician etc. In this methods check for the security role on teh request object's isUserInRole() method. Then access this methods from the disabled or rendered property using ExpressionLanguage
  A custom Login ModuleDoesn't use Oracle JAAS but plugs into it. So I am not sure if SSO would work with this because the custom LoginModule wouldn't get a username password pair but only a username that it has to trust.
  Frank

• SSO and how to Managing User Roles/Privileges with Forms using Oracle db

  We are in the process of implementing Oracle Application Server SSO with our custom Forms application using Oracle database -- all 10.2.0.1.0 version.
  In our Forms Applications, we have about a dozen roles we have assigned to various users. We need to identify each user using our Forms because we are using the GLOBAL USER throughout the application.
  Questions:
  -- Do we have to create users/passwords in both OID and application database?
  -- Is there a way to easily manage the user and passwords between SSO and Forms App/database in one place? For example, how does a user change their password once, but actually change it in both the database and SSO?
  Any advice and/or direction would be greatly appreciated.
  Thank you,
  Mika
  Edited by: user11846198 on Sep 1, 2009 1:41 PM
  Edited by: user11846198 on Sep 1, 2009 1:53 PM

  Yes, you can have global roles in the DB and assign this roles to specific OID users, and the will heritage the privilages, you can do this using Oracle Identity Management Web Tool http://hostname:7777/oiddas is not complicated.
  Greetings.

• How to make use of SSO login credentials of oracle in Authentication shema using APEX

  Hi
  I am using SSO login for Authorizations. Would like make use of SSO for creating authentication schema. I would appreciate if someone can help me on this. My main requirement is to assign privilege based on users using SSO loging.

  Here's an example.
  I create a new application in APEX called Master with Application ID = 100. I modify some templates, create some LOV's in this master template.
  I create a 2nd application in APEX called Subscriber with Application ID = 101.
  In 101 I go to Shared Components => List of Values => Create. Choose to create as a copy of an existing list of values. In the dropdown, I choose Master (100) and click Next. You then are presented with all of the LOV's from your master application. First off you want to change the name from Copy of <LOV> to just <LOV> more because it is kind of confusing if you don't. In the copy drop-down, this where you choose Copy and Subscribe.
  The way it works is that once an object subscribes, you always make changes to that object in Master (100), and there is a button to push that change to all subscribing applications. So if you have 30 applications subscribing to that one LOV, you just make the change once, push it to the subscribers and they are now up to date.
  Keep in mind it doesn't work with all objects and only certain objects may be subscribed to. Objects like Application Processes for instance do not have a subscription feature, but you could use packages to keep common logic and just reference the same package anywhere you need it.
  What I ended up doing was to create a master and a subscription application. The subscription template has no actual pages, just subscriptions to templates and LOV's that I need. Whenever I need a new application, I just create a new application as a copy of that subscription application and my subscriptions are already setup for me.
  Check out the documentation and just search for Subscribe or Subscription and it should explain pretty much what I did above.

• Error on generating reports from forms -- 499 Oracle SSO

  hai friends..
  while am tryng to generate a report from a form(without passing any parameters), am
  geting the following message:
  *499 Oracle SSO*
  Oracle SSO
  am posting my code used:
  PROCEDURE RUN_REP_RRO
  ( ip_report_name_incl_path VARCHAR2,
  ip_report_object_name VARCHAR2,
  ip_report_server_name VARCHAR2,
  ip_parameters VARCHAR2
  ) IS
  v_user_name VARCHAR2(60);
  v_password VARCHAR2(60);
  v_database VARCHAR2(60);
  v_report_id REPORT_OBJECT;
  v_report_job_id VARCHAR2(100);
  v_report_status VARCHAR2(100);
  BEGIN
  v_user_name := GET_APPLICATION_PROPERTY(USERNAME);
  v_password := GET_APPLICATION_PROPERTY(PASSWORD);
  v_database := GET_APPLICATION_PROPERTY(CONNECT_STRING);
  v_report_id := FIND_REPORT_OBJECT(ip_report_object_name);
  SET_REPORT_OBJECT_PROPERTY(v_report_id, REPORT_EXECUTION_MODE, RUNTIME);
  SET_REPORT_OBJECT_PROPERTY(v_report_id, REPORT_COMM_MODE, SYNCHRONOUS);
  SET_REPORT_OBJECT_PROPERTY(v_report_id, REPORT_DESTYPE, CACHE);
  SET_REPORT_OBJECT_PROPERTY(v_report_id, REPORT_DESFORMAT, 'HTML');
  SET_REPORT_OBJECT_PROPERTY(v_report_id, REPORT_FILENAME,ip_report_name_incl_path);
  SET_REPORT_OBJECT_PROPERTY(v_report_id, REPORT_SERVER,ip_report_server_name);
  Web.show_document ('/reports/rwservlet?server=rep_auh0030482_app_serv3&paramform=no&REPORT=C:\TESTFORM.rdf&destype=cache&desformat=html&userid=scott/tiger@orcl','_blank');
  pls help me on this issue...

  Steve,
  can you check the Reports cache directory if the Reports file got created? I would assume yes, but better check.
  Frank

• Registering a Partner application with Oracle SSO 10gR2

  Hi Everybody
  I'd like to ask a question around registering a partner application with Oracle SSO.
  I have entered my home_url, logout_url and cancel_url e.g. home_url is https://vevopuitest1.co.uk/vevo_test1 and so on for the other fields.
  When I save the details some information is automatically created e.g. Site Id, Site Token etc.
  The bit that I am particularly interested in are the fields Single Sign-On URL and Single Sign-Off URL.
  For my purposes these fields are respectively: https://cwassotest1.co.uk/pls/orasso/orasso.wwsso_app_admin.ls_login and https://cwassotest1.co.uk/pls/orasso/orasso.wwsso_app_admin.ls_logout
  My questions are:
  1. Where do these values come from?
  2. Can I view them anywhere, say, in Oracle Directory Manager or using ldif queries?
  I would like to be able to verify these values.
  Many Thanks
  Andy

  I'm afraid this won't answer your question completely, but AFAIK in principle it does not matter on which machine SSO is running, as long as it passes the user id and credentials properly through the HTTP Header. Even more: in practice it is very common to have SSO running on a different machine than where your app runs.
  So what I would do is find out how to use ADF Faces with SSO. Perhaps someone else can provide pointers on that.
  Jan Kettenis

• How to configure Oracle SSO for forms and apex

  Hi All,
  I am trying to configure oracle SSO for forms and apex using third party external authentication. Please help me how to configure. I a have tried all possible things
  from web but I am not able to do it. Is there any doc or links are much appreciated.
  Info: Some reason my oiddas web link is not working it used to work fine before and also the from /pls/orasso/ link I am not able to login may be because of my oiddas issue
  Thanks

  Hi Andreas,
  Thanks you for your help. I am trying to implement third party external LDAP authentication for APEX and Forms.
  So I started with OID and SSO setup to create external Partner Applications. Some reason my oid and sso web login links are not working. I didn't find any errors. I need some help in finding the problem and direction, I already read docs on web but no proper direction. I appreciate your help.
  Thanks

• Oracle SSO error while trying to access a report

  Hi All,
  I am using Oracle 11g reports and forms.My adf application(using JDeveloper 11.1.1.4) will use oracle reports through url.
  From adf application we form a url for the reports like https://<server>:<port>/reports/rwservlet?server=devstage11g&destype=cache&desformat=pdf&report=spore001…
  we send the userid parameter as a hidden parameter in the request as we do not want the userid information to be visible in the URL. It works fine in one environment. But in another environment when we hit the url it always give a page with a single line saying  "Oracle SSO". When we hit the same url with userid parameter appended to it directly, it works fine.
  Checked the configuration difference, but not able to find any difference in the configuration. Please help me to find why it always gives "Oracle SSO" error.
  Thanks,
  Priya.

  Hi ;
  pelase check below which could be similar error like yours
  Troubleshooting of Runtime Errors of Customer Intelligence Reports [ID 284829.1]
  Regard
  Helios

• Problem configuring SSO: "Oracle SSO Warning - Unable to process request"

  I'm having difficulty getting a sample application to work with SSO, and I was hoping someone could point me in to the right direction.
  We've got 2 separate systems, call them ASserver and SSOserver. ASserver is running Oracle 9i AS, SSOserver is the infrastructure server (e.g. OID and SSO).
  The application runs just fine on ASserver without SSO.
  I made the change to mod_osso.conf so that the URL for the application is now protected, and added a partner application entry to the application (more on that in a moment).
  When I go to the URL for the partner application, the browser is properly redirected to the SSO server and I am prompted to log in. After logging in, I get an error page with the error "Oracle SSO Warning - Unable to process request" (the URL is something like http://<ASserver>/osso_login_success?urlc=... etc).
  Several questions:
  - can my servlet just be a plain servlet, or does it need to do the various things described in the "SSO Application Developer's Guide"?
  - when configuring the partner application on the SSO server, are success url and logout url supposed to be the osso_login_success and osso_logout_success URLs? Should they be on the ASserver or the SSOserver?
  Any other recommendations?
  Thanks,
  dwh

  Okay, solved. I am pretty sure I was suffering from the condition described in metalink Note:227221.1, "Oracle SSO Warning Logging On to Midtier Using Mozilla Based Browser" (http://metalink.oracle.com/metalink/plsql/ml2_documents.showNOT?p_id=227221.1)
  although it was happening in IE as well.
  Essentially, I modified the entry for the partner application to change the port numbers from 7778 to 7777, and now it works.
  I think I also had several entries for the app server in the SSO server, and I don't know which one it was using. I got rid of all of them except the one named <oraclehome>.<restofdomain>, e.g. oas.foobar.com, where "oas" is the name of my app server's Oracle home.

• Oracle SSO Warning Helper!!!

  When I tried to configure and deploy the JAZN demo callerInfo of Oracle9iAS R2. I was able to get the SSO login page, but after I type my user info, i.e., "ray/welcome", I got the following message
  "Oracle SSO Warning - Unable to process request
  Either the requested URL was not specified in terms of a fully-qualified host name or OHS single sign-on is incorrectly configured.
  Please notify your administrator."
  The domain controller of the Windows NetWork is still under NT4, to use the SSO, is it required the domain controller to run Win2k? How can I work around the fully-qualified host name problem?
  Thanks a lot.

  Please us ethe below workaround
  For Providergroup, webproviders:
  To create providers etc., you have to give privileges to users in the following XML file:
  <OH>/j2ee/OC4J_Portal/applications/portalTools/providerBuilder/WEB-INF/deployment_providerui/provideruiacls.xml
  To give privilege do the following:
  <providerui xmlns="http://www.oracle.com/portal/providerui/1.0">
  <objectType name="ALL_OBJECTS">
  <object name="ANY_PROVIDER" owner="providerui">
  <user name="orcladmin" privilege="500"/>
  <user name="portal" privilege="500"/>
  <user name="any_provider_manage_user" privilege="500"/>
  <user name="any_provider_edit_user" privilege="400"/>
  <user name="any_provider_execute_user" privilege="300"/>
  <user name="any_provider_create_user" privilege="100"/>
  </object>
  <object name="ANY_PORTLET" owner="providerui">
  <user name="orcladmin" privilege="500"/>
  <user name="portal" privilege="500"/>
  <user name="any_portlet_manage_user" privilege="500"/>
  <user name="any_portlet_edit_user" privilege="400"/>
  <user name="any_portlet_execute_user" privilege="300"/>
  </object>
  </objectType>

• Oracle SSO not showing up status after rebooting the 10gapplication server

  Hi all,
  I installed 10g R2 10.1.2.0.2 application server RHEL AS 4.0 2.6.9-11 kernel.
  After the successful installation IM and MR and MT (BI). All the components in the MT and infrastructure was showing up status. After rebooting the machine i executed the following commands
  For Infrastructure
  1.     To make the metadata repository up and running
  Log in as an oracle user
  #cd /home/oraASInfra/bin
  #export ORACLE_HOME=/home/oraASInfra
  #export ORACLE_SID=mamcinfr
  #./lsnrctl start
  #./sqlplus
  Enter userame: sys as sysdba
  Sql>startup
  Sql>Exit
  2.     To start the other components of the infrastructure
  Log in as an oracle user
  #cd /home/oraASInfra/opmn/bin
  #./opmnctl startall
  3.     To start the iasconsole
  #cd /home/oraASInfra/bin
  #./emctl start iasconsole
  For Middle tier
  1.     To start the middle tier components
  Log in as an oracle user
  #cd /home/oraASmt/opmn/bin
  #./opmnctl startall
  2.     To start the iasconsole
  #./emctl start iasconsole
  In the MT all the components is showing up status
  In the Infrastructure except oracle sso OID , HTTP server and OC4J security is showing up status.
  There is no any port conflicts between the infrastructure and MT.
  Is there any post installation tasks has to be done after the installation?
  please help me to sort out the issue.
  thanks,
  C Saju

  1. After RapidWiz with 11.5.10.2 CDs, do we need to
  do any post installation step to make the browser
  load Oracle Forms. Do we need to create our own
  certificate using envshell.cmd and then adjkey. And,
  apply that to Jinitiator using adjbuild.sh and
  regenerate JAR files using ADADMIN Jar ( I am so far
  assuming that these steps are not necessary after for
  rapidwiz install of 11.5.10.2 )Your assumption is right. You do not have to do anything
  2. Do I need to apply the Oracle App 11i 11.5.10.2
  Maintenance Pack after installing using RapidWiz from
  the main set of CDs labeled as 11.5.10.2No
  3. Should I try by installing manually latest
  Jinitiator 1.3.1.21 or 1.3.1.25You do not have to upgrade your jinitiator version unless you want to go with the latest one.
  Since (adsign.txt, appltop.cer, and identitydb.obj) do not exist in your system, you just need to initialize the java certificate as follows:
  adjkey -initialize
  This will create the following files:
  - adsign.txt directory $APPL_TOP/admin
  - appltop.cer direcotry $APPL_TOP/admin
  - identitydb.obj directory $HOME of the user that launch adjkey
  Metalink note: 365735.1 should be helpful.
  Good luck

• OracleAS SSO - Microsoft Active Directory External Authentication Plug-in

  hi ,
  I recently inherited support of a Oracle SSO/OID environment where we use AD and a external Authentication Plug-
  in to talk to it as user credentials are managed in AD,
  We have a lot of domain controllers for AD in our env , so my questions is
  1) How do I find out which AD server is the plugin currently referring to ,
  I need to know this info ASAP as lot of AD servers are getting decomissioned and I want to make sure the SSO env
  is not talking to a AD server that would get decomissioned soon

  hi,
  Look in the integration part in oidadmin. ActiveChgImp
  $ORACLE_HOME/bin/oidadmin
  or look for ad2oid.properties
  or look at this URL http://www.oracle.com/technology/obe/obe_as_10g/im/ads_import/import.htm
  is what I used to configure ours
  Regards

• Oracle -- SSO (single signon)

  I am planning to use Oracle's SSO to setup multiple apps that pass login info from one app to the other when building an ERP with OrderEntry, AP, GL, Warehousing, Food Production Scheduling, etc.
  Can I post my 5MB app and pay you to
  show me how to add another app OR do you
  have any sample apps or URLs you can post
  so I can learn ?

  Hi,
  you could read the Oracle Application Server documentation and get this for free. Oracle SSO is configured on the OracleAs and doesn't need anything special on the application. You just implement J2EE container managed security using basic authentication.
  Documentation is at: otn.oracle.com
  Frank

• "Oracle SSO Failure - Unable to process request" - help please

  We are doing a test switchover from our primary site to a DR site and in the DR site, we are not able to access BI Publisher, which we need to do in order to update the data source connection strings so they point to the databases at the DR site instead of the primary site.
  When I try to login to BI Publisher (at http://hostname:7777/xmlpserver), I just get the error “Oracle SSO Failure – Unable to process request”. We are running OBIEE 10.1.3.4 with Application Server 10.1.3. I've opened an SR already, but it's been a week with no solution yet. Please let me know if you have any ideas what the problem could be, or if there is any other information I can provide to help with troubleshooting.
  Thanks!

  I just wanted to provide an update on this issue now that it's resolved. I'm not even sure if I understand it exactly, but it turns out that if I access BI Publisher by using the virtual hostname that points to our load balancer instead of using the actual hostname of the app server, then I'm able to get logged into BI Publisher successfully and I don't get the SSO error. I think it has to do with how it was registered with SSO. Thanks a lot Srini and SSVS for your help.