Wwsso_auth_external in 9.0.2

The authenticate_user (p_user,p_password) in the 3.0.9 version of wwsso_auth_external has to be implemented via an OID plugin in 9.0.2, which I have done.
However, in 3.0.9, we were able to set a browser cookie to a value we determine in the authenticate_user function, by setting a private package variable to the desired value, then have the set_external_cookies procedure read that value.
Now I get the value I need to set the cookie to in the OID plugin. I have not found a way to set a browser cookie with that value. The set_external_cookies executes after the plugin package, but cannot get the value from the plugin package.
Thanks for any help.

Hi Amine,
thank you very much for the procedure you posted. It is very helpful.
I have been trying the same exact steps you mentioned, but for some reason my plug-in procedure never called.
Here is what i did:
1)
trying to insert a record into a log table i created with the parameters from the plug-in procedure like...
l_session DBMS_LDAP.session;
l_retval PLS_INTEGER:=-1;
l_bind_error EXCEPTION;
BEGIN
     INSERT INTO ods.when_comp_log VALUES (to_char(sysdate, 'Month DD, YYYY HH24:MI:SS'), dn, attrname, attrval);
     COMMIT;
IF attrname = 'userpassword' THEN
-- call your own authentication here, then
IF success THEN
result := DBMS_LDAP.compare_true;
ELSE
and granted
grant execute on ods.oid_wsl_plugin to ods_server;
2)Registered the plugin with an ldif file:
cn=when_compare_replace,cn=plugin,cn=subconfigsubentry
objectclass=orclPluginConfig
objectclass=top
orclPluginName=OID_WSL_PLUGIN
orclPluginType=operational
orclPluginTiming=when
orclPluginLDAPOperation=ldapcompare
orclPluginEnable=1
orclPluginSubscriberDNList=cn=users,dc=localhost,dc=com;dc=localhost,dc=com;o=localhost,dc=com;
orclPluginVersion=1.0.1
orclPluginIsReplace=1
cn=when_compare_replace
orclPluginKind[i]Long postings are being truncated to ~1 kB at this time.

Similar Messages

  • Error to PACKAGE BODY WWSSO_AUTH_EXTERNAL

    hi to all,
    i followed the paper 'Configuring Oracle9iAS Portal for LDAP
    Authentication' in order to redirect authentication Login Server
    to OID.
    After all steps i have to run ssoldap.sql from sqlplus.
    Firstly, i got this errors (when the sql file called to package
    ssoxldap.pkb):
    Errors to PACKAGE BODY WWSSO_AUTH_EXTERNAL:
    LINE/COL ERROR
    0/0 PL/SQL: Compilation unit analysis terminated
    1/14 PLS-00201: identity 'WWSSO_AUTH_EXTERNAL' must be
    declared
    1/14 PLS-00304: if would not compile the body
    'WWSSO_AUTH_EXTERNAL' without its specification.
    after those errors it ask me for ldap configuration.
    if i filled out all the info it will show, afterwards, the same
    error.
    going to portal... works fine .. but the authentication does not
    redirect to oid.
    any suggestions will be appreciated,
    thanks in advance,
    marcos

    Hello Marcos
    Oracle Corporation recommends that you use ssoxoid.pkb
    package if you are using Oracle 8i (8.1.7) or later
    wbr

  • External authentication (wwsso_auth_external)

    I understand (I think) how I can use wwsso_auth_external to use e.g. a cookie to authenticate a user. However, our scenario is slightly more convoluted:
    The directory contains users from several distinct companies:
    a) Some of these companies have SSO-solutions in place. If we find a relevant cookie, we want to implement "auto-logon" based on information from that cookie.
    b) Some companies don't, and for these users we need to use the standard Oracle SSO-mechanisms (as if we didn't implement wwsso_auth_external).
    Any ideas?

    You should implement your 3rd party SSO integration module to process the cookies that you may be receiving. For those requests that do not contain cookies, just raise a EXT_AUTH_FAILURE_EXCEPTION exception. This will cause the SSO server to fallback to issuing a login page to get the user's credentials.

  • Error in OID ldap integration

    I'm trying to integrate Portal and OID authentication.
    I followed all the documentation in conf_ldap.pdf but I get the error:Unexpected errors (WWC-41400).
    Both the tnsping exproc_connection_data
    and lsnrctl status give the right result as stated in the document.
    So I've tryed to launch from portal30_sso user this command:
    select WWSSO_AUTH_EXTERNAL.authenticate_user('portal30','portal30') from dual
    and I get the error:
    ORA-28576: lost RPC connection to external procedure agent
    ORA-06512: at "PORTAL30_SSO.WWSSO_AUTH_EXTERNAL", line 281
    ORA-06512: at line 1
    Both tnsnames.ora and lisner.ora seems to be configures fine.
    I'm using OID coming from Oracle 8.1.7.0 and OiAS 1.0.2.1 for NT on a win 2000 sp1,
    Where is the problem?
    Thank's in advance
    Mauro
    null

    Here are some things to check:
    I beleive that some of the newer versions of Portal have a user
    called "portal309_sso" instead of "portal30_sso". My examples
    below use portal30_sso". Use whatever user is appropriate for
    your version of Portal.
    If you have not yet installed OID (Oracle's LDAP server) none of
    this will work. Make sure OID is installed and running. OID can
    be installed in the same database that Portal uses.
    All of the following sql command steps must be executed as
    portal30_sso schema user, NOT portal30.
    Examples for NT:
    Copy the appropriate library file (ssoxldap.dll) used for the
    LDAP API callouts from the $PORTAL_HOME/portal30/admin/plsql/sso
    directory of the product installation into the appropriate place
    on the Login Server machine:
    Examples for NT copy:
    F:\>copy \PORTAL_HOME\portal30\admin\plsql\sso\ssoxldap.dll
    ORACLE_HOME\bin
    F:\>sqlplus portal30_sso/portal30_sso create or replace library
    auth_ext as F:\Oracle\Ora8db\bin\ssoxldap.dll';
    Notice that you must type a forward slash on a line by itself
    after you execute the command.
    Make sure that your network connectivity is working.
    Make sure you have at least 1 service handler for PLSExtProc:
    Example:
    F:\>set ORACLE_HOME=F:\Oracle\Ora8db
    F:\>lsnrctl status
    PLSExtProc has 1 service handler(s)
    Make sure you can tnsping extproc_connection_data.
    Example:
    F:\>tnsping extproc_connection_data
    Attempting to contact (ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0))
    OK (80 msec)
    F:\>
    If either of these two network connectivity checks fail nothing
    else will work.
    Next make sure you enter the correct information for the
    ssoldap.sql script. One small typing error will cause the problem
    you had. In the example below there are a couple of common
    mistakes people make. Make sure you type the full Search base.
    The value for the search base should be "cn=Login Server
    (portal30_sso)". Don't forget the cn= and be sure to put in the
    spaces and capitol letters where you see them. In the "Bind DN"
    make sure you dont forget to put in the "cn=" in front of the
    "orcladmin".
    Example:
    sqlplus portal30_sso/portal30_sso
    @\oracle\isuites9i\portal30\admin\plsql\sso\ssoldap
    Host: 144.25.95.92
    Port: 389
    Search Base: cn=Login Server (portal30_sso)
    Unique Attribute: cn
    Bind DN: cn=orcladmin
    Bind Password: welcome
    Note: If you have already changed the password for cn=orcladmin
    in the OID LDAP server you must use that password instead of
    "welcome" for the "Bind Password:".
    Creating the users.ldif file for migrating existing users in the
    portal30 database schema.
    sqlplus portal30_sso/portal30_sso
    @f:\oracle\isuites9i\portal30\admin\plsql\sso\ssoldif
    Generating 'users.ldif' file for existing Portal users.
    Enter the desired file location.
    F:\oracle\admin\oiddb2\udump
    NOTE: The file location must be specified in the appropriate
    parameter in the init.ora file.
    Example (you should see a line like this in the init.ora file):
    UTL_FILE_DIR = F:\Oracle\admin\oid2111\udump
    This line specifies where to dump data the you want to migrate.
    If this line was not present in the init.ora file before you
    started your database you will have to restart the database for
    this step to succeed.
    Using the file that was created in the last step (users.ldif),
    add the entries to the LDAP directory. This example uses Oracle
    Internet Directory's ldapadd command line utility:
    Note. The following command is one long line. If you have already
    done this next step before you may want to go into OID and delete
    the existing data that is already in OID. Use the ODM (Oracle
    Directory Manager) tool to do this. Under "Entry management" make
    sure you delete any entries that you may have already created. If
    the directory entries already exist you will get an error when
    you run the next command indicating that the entries already
    exist. Because any previous entries you may have created may not
    be good those entries should be deleted.
    ldapadd -h 144.25.95.92 -p 389 D cn=orcladmin -w welcome f
    f:\oracle\admin\oiddb2\udump\users.ldif
    Once these users are successfully added, you are ready to log
    into the Portal through the Login Server, authenticating against
    this LDAP directory.
    Make sure you login as a valid user that is under the "cn=Login
    Server (portal30_sso)" directory of your LDAP server.
    Example:
    Open your browser and go to the URL:
    http://ip_or_hostname:80/pls/portal30
    Click on the Login link
    Login as portal30_sso/portal30_sso
    Note: Assuming portal30_sso is a valid user in the LDAP server. I
    beleive that some of the newer versions of Portal have a user
    called "portal309_sso" instead of "portal30_sso".
    Hope this helps.
    Jay

  • How to turn on external Authentication

    I have replaced the wwsso_auth_external package to authenticate against over user repository. Now how do I turn on the external authentication instead of local in Portal.
    Thanks for Help.
    Vikas

    Please see the following post for how to turn on EXTERNAL authentication... http://technet.oracle.com:89/ubb/Forum83/HTML/000105.html

  • About OID and PORTAL?

    When I run the sql 'c:\oracle\portal\plsql\admin\sso\ssoldap.sql',
    the system reported the following error:
    0/0 pls/sql:complication unit analysis termited
    0/14 pls-00201 ???? wwsso_auth_external
    0/14 pls-00304 ???? wwsso_auth_external.
    I found that the error was cause by @@ssoxldap.pkb,how can I do about it?
    Can the *.pkg file be modified?
    Thank you.

    I'm not 100% positive but I do not think the portal account activation/deactivation calls change the orclIsEnabled attribute in OID since there are times when a user in OID may still be enabled for SSO purposes but that same user may be deactivated as a portal user.

  • Activating Portal Users

    Hi,
    I am working with the private APIs to add SSO and Portal Users. I have created users and am able to log into the portal. Even though I activate the portal users in my portlet, they are not added to the PORTAL30.PERSON$ table until after the users' first login. I have been unable to edit users' profiles programmatically since they don't exist in the table. Is there a way that I could programmatically log new users in so they are truly activated?
    Thanks,
    Judy

    Hi Michael,
    Thanks for the assistance. I think there are a few packages that have activate procedures and I don't know what they do. I was looking at portal30_sso.wwsso_auth_external.authenticate_user, portal30_sso.wwsso_auth_internal.authenticate_user, and
    portal30_sso.wwsso_api.authenticate_user. Hope that helps.
    Thanks,
    Judy
    Hi,
    we have used
    *)Re: Oracle 9i forms ( Adding User to Group Programatically? ) and
    *)Exercise 5.3 (Automatied Procedures to Create eXYZ Zsers and Groups) from the book : Oracle 9i
    Applicatio Server Portal Handbook (S. Vandivier, K. Cox, ORACLE/OSBORNE).
    BTW: Where have You found the "activate_user API"?
    Regards Michael

Maybe you are looking for

  • Does exist a way to read data from IP planning cube with ABAP?

    Hello All. My scenario is as follows: I have an ODS where we store costcenters to be planned. This ODS is loaded via a manual falt file load (regular dta transfer process).  In order to avoid inconsisten data in the planning cube, I want to check in

  • Exchange 2013 - CAS Server Multi Namespace & Site Deployment

    Hello, I am currently designing the new Excahnge 2013 environment that I am looking to deploy by the end of the month. And I have come up with two designs on what could be deployed. The first being an active/passive design with a single namespace acr

  • Call RFC dynamically

    Hi, I require calling 2 different RFC in the same receiver dynamically based on one of the content in my Message. How can I do this. Basically, assume i have a message with Create='Y', need to call a one RFC and if Create='N', need to call another RF

  • Data Type to use for Fiscal Year Period selection screen parameter

    I need to accept user input in the format YYYY.PP where YYYY is the Fiscal year and PP is the Period. Is there a data type ( element / domain ) for such a field ?

  • Is the lasso tool no longer available in Cc

    i just downloaded the trail version of CC. I can't seem to find the lasso tool. Is it no longer available? what did you replace it with?