Wwsso_auth_external in 9.0.2
The authenticate_user (p_user,p_password) in the 3.0.9 version of wwsso_auth_external has to be implemented via an OID plugin in 9.0.2, which I have done.
However, in 3.0.9, we were able to set a browser cookie to a value we determine in the authenticate_user function, by setting a private package variable to the desired value, then have the set_external_cookies procedure read that value.
Now I get the value I need to set the cookie to in the OID plugin. I have not found a way to set a browser cookie with that value. The set_external_cookies executes after the plugin package, but cannot get the value from the plugin package.
Thanks for any help.
Hi Amine,
thank you very much for the procedure you posted. It is very helpful.
I have been trying the same exact steps you mentioned, but for some reason my plug-in procedure never called.
Here is what i did:
1)
trying to insert a record into a log table i created with the parameters from the plug-in procedure like...
l_session DBMS_LDAP.session;
l_retval PLS_INTEGER:=-1;
l_bind_error EXCEPTION;
BEGIN
INSERT INTO ods.when_comp_log VALUES (to_char(sysdate, 'Month DD, YYYY HH24:MI:SS'), dn, attrname, attrval);
COMMIT;
IF attrname = 'userpassword' THEN
-- call your own authentication here, then
IF success THEN
result := DBMS_LDAP.compare_true;
ELSE
and granted
grant execute on ods.oid_wsl_plugin to ods_server;
2)Registered the plugin with an ldif file:
cn=when_compare_replace,cn=plugin,cn=subconfigsubentry
objectclass=orclPluginConfig
objectclass=top
orclPluginName=OID_WSL_PLUGIN
orclPluginType=operational
orclPluginTiming=when
orclPluginLDAPOperation=ldapcompare
orclPluginEnable=1
orclPluginSubscriberDNList=cn=users,dc=localhost,dc=com;dc=localhost,dc=com;o=localhost,dc=com;
orclPluginVersion=1.0.1
orclPluginIsReplace=1
cn=when_compare_replace
orclPluginKind[i]Long postings are being truncated to ~1 kB at this time.
Similar Messages
-
Error to PACKAGE BODY WWSSO_AUTH_EXTERNAL
hi to all,
i followed the paper 'Configuring Oracle9iAS Portal for LDAP
Authentication' in order to redirect authentication Login Server
to OID.
After all steps i have to run ssoldap.sql from sqlplus.
Firstly, i got this errors (when the sql file called to package
ssoxldap.pkb):
Errors to PACKAGE BODY WWSSO_AUTH_EXTERNAL:
LINE/COL ERROR
0/0 PL/SQL: Compilation unit analysis terminated
1/14 PLS-00201: identity 'WWSSO_AUTH_EXTERNAL' must be
declared
1/14 PLS-00304: if would not compile the body
'WWSSO_AUTH_EXTERNAL' without its specification.
after those errors it ask me for ldap configuration.
if i filled out all the info it will show, afterwards, the same
error.
going to portal... works fine .. but the authentication does not
redirect to oid.
any suggestions will be appreciated,
thanks in advance,
marcosHello Marcos
Oracle Corporation recommends that you use ssoxoid.pkb
package if you are using Oracle 8i (8.1.7) or later
wbr -
External authentication (wwsso_auth_external)
I understand (I think) how I can use wwsso_auth_external to use e.g. a cookie to authenticate a user. However, our scenario is slightly more convoluted:
The directory contains users from several distinct companies:
a) Some of these companies have SSO-solutions in place. If we find a relevant cookie, we want to implement "auto-logon" based on information from that cookie.
b) Some companies don't, and for these users we need to use the standard Oracle SSO-mechanisms (as if we didn't implement wwsso_auth_external).
Any ideas?You should implement your 3rd party SSO integration module to process the cookies that you may be receiving. For those requests that do not contain cookies, just raise a EXT_AUTH_FAILURE_EXCEPTION exception. This will cause the SSO server to fallback to issuing a login page to get the user's credentials.
-
I'm trying to integrate Portal and OID authentication.
I followed all the documentation in conf_ldap.pdf but I get the error:Unexpected errors (WWC-41400).
Both the tnsping exproc_connection_data
and lsnrctl status give the right result as stated in the document.
So I've tryed to launch from portal30_sso user this command:
select WWSSO_AUTH_EXTERNAL.authenticate_user('portal30','portal30') from dual
and I get the error:
ORA-28576: lost RPC connection to external procedure agent
ORA-06512: at "PORTAL30_SSO.WWSSO_AUTH_EXTERNAL", line 281
ORA-06512: at line 1
Both tnsnames.ora and lisner.ora seems to be configures fine.
I'm using OID coming from Oracle 8.1.7.0 and OiAS 1.0.2.1 for NT on a win 2000 sp1,
Where is the problem?
Thank's in advance
Mauro
nullHere are some things to check:
I beleive that some of the newer versions of Portal have a user
called "portal309_sso" instead of "portal30_sso". My examples
below use portal30_sso". Use whatever user is appropriate for
your version of Portal.
If you have not yet installed OID (Oracle's LDAP server) none of
this will work. Make sure OID is installed and running. OID can
be installed in the same database that Portal uses.
All of the following sql command steps must be executed as
portal30_sso schema user, NOT portal30.
Examples for NT:
Copy the appropriate library file (ssoxldap.dll) used for the
LDAP API callouts from the $PORTAL_HOME/portal30/admin/plsql/sso
directory of the product installation into the appropriate place
on the Login Server machine:
Examples for NT copy:
F:\>copy \PORTAL_HOME\portal30\admin\plsql\sso\ssoxldap.dll
ORACLE_HOME\bin
F:\>sqlplus portal30_sso/portal30_sso create or replace library
auth_ext as F:\Oracle\Ora8db\bin\ssoxldap.dll';
Notice that you must type a forward slash on a line by itself
after you execute the command.
Make sure that your network connectivity is working.
Make sure you have at least 1 service handler for PLSExtProc:
Example:
F:\>set ORACLE_HOME=F:\Oracle\Ora8db
F:\>lsnrctl status
PLSExtProc has 1 service handler(s)
Make sure you can tnsping extproc_connection_data.
Example:
F:\>tnsping extproc_connection_data
Attempting to contact (ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0))
OK (80 msec)
F:\>
If either of these two network connectivity checks fail nothing
else will work.
Next make sure you enter the correct information for the
ssoldap.sql script. One small typing error will cause the problem
you had. In the example below there are a couple of common
mistakes people make. Make sure you type the full Search base.
The value for the search base should be "cn=Login Server
(portal30_sso)". Don't forget the cn= and be sure to put in the
spaces and capitol letters where you see them. In the "Bind DN"
make sure you dont forget to put in the "cn=" in front of the
"orcladmin".
Example:
sqlplus portal30_sso/portal30_sso
@\oracle\isuites9i\portal30\admin\plsql\sso\ssoldap
Host: 144.25.95.92
Port: 389
Search Base: cn=Login Server (portal30_sso)
Unique Attribute: cn
Bind DN: cn=orcladmin
Bind Password: welcome
Note: If you have already changed the password for cn=orcladmin
in the OID LDAP server you must use that password instead of
"welcome" for the "Bind Password:".
Creating the users.ldif file for migrating existing users in the
portal30 database schema.
sqlplus portal30_sso/portal30_sso
@f:\oracle\isuites9i\portal30\admin\plsql\sso\ssoldif
Generating 'users.ldif' file for existing Portal users.
Enter the desired file location.
F:\oracle\admin\oiddb2\udump
NOTE: The file location must be specified in the appropriate
parameter in the init.ora file.
Example (you should see a line like this in the init.ora file):
UTL_FILE_DIR = F:\Oracle\admin\oid2111\udump
This line specifies where to dump data the you want to migrate.
If this line was not present in the init.ora file before you
started your database you will have to restart the database for
this step to succeed.
Using the file that was created in the last step (users.ldif),
add the entries to the LDAP directory. This example uses Oracle
Internet Directory's ldapadd command line utility:
Note. The following command is one long line. If you have already
done this next step before you may want to go into OID and delete
the existing data that is already in OID. Use the ODM (Oracle
Directory Manager) tool to do this. Under "Entry management" make
sure you delete any entries that you may have already created. If
the directory entries already exist you will get an error when
you run the next command indicating that the entries already
exist. Because any previous entries you may have created may not
be good those entries should be deleted.
ldapadd -h 144.25.95.92 -p 389 D cn=orcladmin -w welcome f
f:\oracle\admin\oiddb2\udump\users.ldif
Once these users are successfully added, you are ready to log
into the Portal through the Login Server, authenticating against
this LDAP directory.
Make sure you login as a valid user that is under the "cn=Login
Server (portal30_sso)" directory of your LDAP server.
Example:
Open your browser and go to the URL:
http://ip_or_hostname:80/pls/portal30
Click on the Login link
Login as portal30_sso/portal30_sso
Note: Assuming portal30_sso is a valid user in the LDAP server. I
beleive that some of the newer versions of Portal have a user
called "portal309_sso" instead of "portal30_sso".
Hope this helps.
Jay -
How to turn on external Authentication
I have replaced the wwsso_auth_external package to authenticate against over user repository. Now how do I turn on the external authentication instead of local in Portal.
Thanks for Help.
VikasPlease see the following post for how to turn on EXTERNAL authentication... http://technet.oracle.com:89/ubb/Forum83/HTML/000105.html
-
When I run the sql 'c:\oracle\portal\plsql\admin\sso\ssoldap.sql',
the system reported the following error:
0/0 pls/sql:complication unit analysis termited
0/14 pls-00201 ???? wwsso_auth_external
0/14 pls-00304 ???? wwsso_auth_external.
I found that the error was cause by @@ssoxldap.pkb,how can I do about it?
Can the *.pkg file be modified?
Thank you.I'm not 100% positive but I do not think the portal account activation/deactivation calls change the orclIsEnabled attribute in OID since there are times when a user in OID may still be enabled for SSO purposes but that same user may be deactivated as a portal user.
-
Hi,
I am working with the private APIs to add SSO and Portal Users. I have created users and am able to log into the portal. Even though I activate the portal users in my portlet, they are not added to the PORTAL30.PERSON$ table until after the users' first login. I have been unable to edit users' profiles programmatically since they don't exist in the table. Is there a way that I could programmatically log new users in so they are truly activated?
Thanks,
JudyHi Michael,
Thanks for the assistance. I think there are a few packages that have activate procedures and I don't know what they do. I was looking at portal30_sso.wwsso_auth_external.authenticate_user, portal30_sso.wwsso_auth_internal.authenticate_user, and
portal30_sso.wwsso_api.authenticate_user. Hope that helps.
Thanks,
Judy
Hi,
we have used
*)Re: Oracle 9i forms ( Adding User to Group Programatically? ) and
*)Exercise 5.3 (Automatied Procedures to Create eXYZ Zsers and Groups) from the book : Oracle 9i
Applicatio Server Portal Handbook (S. Vandivier, K. Cox, ORACLE/OSBORNE).
BTW: Where have You found the "activate_user API"?
Regards Michael
Maybe you are looking for
-
Does exist a way to read data from IP planning cube with ABAP?
Hello All. My scenario is as follows: I have an ODS where we store costcenters to be planned. This ODS is loaded via a manual falt file load (regular dta transfer process). In order to avoid inconsisten data in the planning cube, I want to check in
-
Exchange 2013 - CAS Server Multi Namespace & Site Deployment
Hello, I am currently designing the new Excahnge 2013 environment that I am looking to deploy by the end of the month. And I have come up with two designs on what could be deployed. The first being an active/passive design with a single namespace acr
-
Hi, I require calling 2 different RFC in the same receiver dynamically based on one of the content in my Message. How can I do this. Basically, assume i have a message with Create='Y', need to call a one RFC and if Create='N', need to call another RF
-
Data Type to use for Fiscal Year Period selection screen parameter
I need to accept user input in the format YYYY.PP where YYYY is the Fiscal year and PP is the Period. Is there a data type ( element / domain ) for such a field ?
-
Is the lasso tool no longer available in Cc
i just downloaded the trail version of CC. I can't seem to find the lasso tool. Is it no longer available? what did you replace it with?