SSO with Apex 4.1.1.00.23
Hello community of Apex,I want to implement a solution of SSO between the apex and the non-apex demand. This solution worked with Apex 4.0, but seems not work with current 4.1.1.00.23.
I've set up a scenario of test on the hosted environment.
Dev user:
Workspace: authtest
User: authtest
Pass: authtest
End user:
User: test
Pass: test1
Things I've done:
(1) created a custom authentication, System (shown under the current name) "auth_scheme" with following authentication:
create or replace FUNCTION auth_function(
p_username IN VARCHAR2,
p_password IN VARCHAR2)
RETURN BOOLEAN
AS
v_is_authenticated BOOLEAN := false;
BEGIN
IF lower(p_username)= 'test' OR APEX_UTIL.IS_LOGIN_PASSWORD_VALID(p_username => p_username,
p_password => p_password)
THEN
v_is_authenticated := true;
ELSE
v_is_authenticated := false;
END IF;
RETURN v_is_authenticated;
END auth_function;
(2) created a process of "on the load - before the header' with sequences 5 on page 101:DECLARE
v_user VARCHAR2(4000);
v_pass VARCHAR2(4000);
v_fsp_after_login_url VARCHAR2(4000) := :FSP_AFTER_LOGIN_URL;
BEGIN
SELECT SUBSTR(v_fsp_after_login_url, instr(v_fsp_after_login_url, 'P101_UNAME') + LENGTH('P101_UNAME') + 1)
INTO v_user
FROM dual;
wwv_flow_custom_auth_std.login(
P_UNAME => v_user,
P_PASSWORD => v_pass,
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => :APP_ID||':1'
);
END;
Treat the condition: request = AUTOMATIC logon:(3) created a hidden element "P101_UNAME" on page 101.
(4) expected behavior: user loads after the URL:
http://apex.oracle.com/pls/apex/f?p=30964:1::AUTOLOGON:YES::P101_UNAME:test
schould user logged in without typing in his letters of credence.What's happening: login user faces page. What I don't understand: set to 'None', automatic logon process condition works. But if you have a look at the debug report, apex recognizes the "AUTOMATIC login" request, even if the automatic connection does not work. On my dev with Apex 4.1.1.00.23 environment change of State process does not help.
I can't understand what I'm doing wrong. With the Group of hotfixes 4.1.1 there is some changes in FSP_AFTER_LOGIN_URL I would be grateful of any suspicion.
Thank you very much for your answers.
Kind regards
Anton
Edit: Any ideas? I'd appreciate any suspicion.
Edit2: Maybe of any advice? Explicit definition of the FSP_AFTER_LOGIN_URL in the Url is not helped either...
Published by: anton on 20.08.2012 01:26
Hi Anton,.
http://Apex.Oracle.com/pls/Apex/f?p=56772:1:P101_UNAME:test
works fine, after I changed the front header process of
DECLARE
v_user VARCHAR2(4000);
v_pass VARCHAR2(4000);
v_fsp_after_login_url VARCHAR2(4000) := :FSP_AFTER_LOGIN_URL;
v_user_pos pls_integer := instr(v_fsp_after_login_url, 'P101_UNAME:');
BEGIN
if v_user_pos is not null then
v_user := substr(v_fsp_after_login_url, v_user_pos+11);
wwv_flow_custom_auth_std.login(
P_UNAME => v_user,
P_PASSWORD => v_pass,
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => :APP_ID||':1' );
:FSP_AFTER_LOGIN_URL := null;
end if;
END;
and that is the condition for: FSP_AFTER_LOGIN_URL is not not null.
Kind regards
Christian
Tags: Database
Similar Questions
-
Configure multiple HTTP servers with APEX SSO
Hello
We currently have APEX configured to work with SINGLE sign-on using the URL http://server.com:7777/pls/apps. Some companies prevent users to go to the URL with the port 7777. We set up a new server http https rather than just current http implementation. All applications that use the SSO do not work with the new URL. I've added the new partner application in the SSO admin and tried running @regapp.sql. APEX may be configured to run multiple servers http with APEX engine registered as a partner app? We are finally going to a single server but need both up during the transition period. Thanks for any help.
BrianBrian,
Yes. As long as the value of lsnr_token inserted by regapp is unique. It looks like HTML_DB:hostname:port.
Scott
-
Absent from the SSO for APEX 4.2 Developer toolbar
Hey guys,.
We have improved the environment of the APEX to the latest version (4.2.0.0.27) last week and we have seen that the developer toolbar is available only if we use the Application Express authentication. If we use SSO, it does not work (nothing is displayed on the page or in the source). Can you please help us with this problem? This is quite annoying since we use only SSO for all our applications.
Thank you very much
Alex
Published by: user13109803 on November 5, 2012 07:21
Published by: user13109803 on November 6, 2012 03:18
Published by: user13109803 on November 6, 2012 03:19Hi Alex,
DNS checking is fairly trivial. The hostname in the URL changes after SSO authentication if that is the case. Given that g_edit_cookie_session_id is set to NULL, Apex probably can't see the builder (ORA_WWV_USER_xxxxx) session cookie. I would use Firebug or Chrome developer expansion, to traffic network trace (especially guests, paths, and cookies).
There are also cases where the application causes inadvertently beg /apex/ which translate to f/apex /? p = 4550:1 and start a new session of generator (and thus breaking the old, because the generating session cookie changes). For example, I met who with Apex independent auditor (a bug road favicon.ico worms/apex /) and a notification plugin (demand was hidden somewhere in the CSS, IIRC).
Kind regards
Christian -
SSO with Cloud-based deployments hybrid
Hello
I m wondering, how SSO works with the Hybrid Cloud-Based deployments.
I want to use Jabber for Windows with WebEx Connect and unified with Cisco WebEx Communications integration.
Issues related to the:
- How can I configure Jabber for Windows to use SSO with WebEx Connect after Installation of the Client?
- I ve read, that the SSO with WebEx Connect username will be [email protected] / * /. Fix?
- I ve read, that I need to create a jabber - config.xml with a following to apply Jabber for Windows to use the connection information Webex-Connect also for telephone Services. Fix?
presence - If this is correct, Jabber for Windows will use [email protected] / * / to authenticate with CUCM, but CUCM would need only the name without the domain name user. From my point of view, Jabber for Windows will not be able to authenticate with CUCM Telephony Services.
Any thoughts?
Thank you
Tino
Hi Tino,
You can use the command line arguments to specify the SSO with WebEx presence server. There is no real soloution SSO at present for hybrid mode (CUCM, unit Cxn). See the answer online for other issues.
- I ve read, that the SSO with WebEx Connect username will be [email protected] / * /. Fix?
>> Fix
- I ve read, that I need to create a jabber - config.xml with a following to apply Jabber for Windows to use the connection information Webex-Connect also for telephone Services. Fix?
>> Attribute 'PhoneService_UseCredentialsFrom' can only be used in the deployment prem No.. Check the section plan for authentication of the administration of Jabber for Windows for more information guide.
Thank you
Ménard
-
Hello
I use SSO with HTTP POST parameters for SINGLE sign-on for web applications behind my ASA.
I am currently playing with cactus.
My settings are:
action = login
login_username = CSCO_WEBVPN_USERNAME
login_password = CSCO_WEBVPN_PASSWORD
Realm = ldap
The connection works fine, but after the post OFFICE, the Web server sends a HTTP "302 OK code." Normally, it should be "302 moved" or "200 OK".
The ASA does not include what to do, to do nothing and replies with an error "Server
is not available >. When I press the 'Home' button and click again on the bookmark of cactus, I'm connected to cactus. It seems that there is a cookie or something missing.
When I do exactly the same with a browser, it sends after the "302 OK" normal GET and I am connected.
Me seems a mistake in cactus, but I'm not also sure if ASA does not respond properly?
Also, when I change the type of bookmark of https to post, it works! BUT: post plugin only supports http and not https, so my connections has send in clear on the internal network.
Any ideas?
Thank you
MB
configure the POST plugin for HTTPS by using the csco_proto=https parameter
in the Post-Plugin URL -
Hello
I work with APEX 5.0.
I would like a report (classic) display a report of details (also classical report) using a hyperlink, but not a "text-hyperlink" like 'click here for details'.
Instead, I want to use a small icon which will occur the same result when you click on.
It works fine, when the hyperlink is defined as text like: 'click here for details'.
When I try to use an image, I don't get the desired result.
Here's what I tried to Hare:
1)
Link-> Link attributes, then filled column: src = "& WORKSPACE_IMAGES. "" #ICON_NAME # "width ="40"height = 40 ' or img src =" & WORKSPACE_IMAGES. " "" #ICON_NAME # "width ="40"height = 40.
= > no picture for the items in the column, but the link already created for each column of the remains (and works)
2)
Formatting of column-> HTML Expression, then filled: < img src = "& WORKSPACE_IMAGES. "" #ICON_NAME # "width ="40"height = 40" >
= > the image appears for each column element, but the hyperlink is gone.
Somone has idea how to use a picture/icon to have a hyperling in screens reported a detail?
Thank you in advance for sharing your experience.
Kimd cordially
Hi Patrick,
Link to the column-> then filled:
Link text = #ICON_IS #
Link attributes =.
Target = this Application Page
Page = 5
Article 1 = P5_DEPTNO
Value 1 = #DEPTNO #.
Article 2 = P5_DEPARTMENT
Value 2 = #DNAME #.
Put this in the link text not in attributes of link
Remove the code from the link attributes.
I don't have how to make it the way that describe you.
Apex. Oracle.com is a hosted version of application Express, you can build online applications.
Go to this link and the application workspace https://apex.oracle.com/en/
Hope this helps you,
Kind regards
Jitendra
-
Print PDF with APEX 5.0
Hello
I would use option to print pdf with APEX 5.0 and Oracle 12 c, what web listener configuration should I choose?
Kind regards
Devi
Hi Devi b.
Devi B says:
I would use option to print pdf with APEX 5.0 and Oracle 12 c, what web listener configuration should I choose?
If you want the port to listen web in APEX as print PDF, ADR 2.0 engine and later (last ADR 3.0) is a good option to consider:
Reference:
- Marc Sewtz: PDF printing with Oracle Application Express 4.2.2
- http://www.Oracle.com/technetwork/developer-tools/Apex/learnmore/custom-PDF-reports-1953918.PDF
NOTE: The links are for APEX 4.2, but they still apply for APEX 5.0 and Oracle 12 c, if you plan to use ADR 2.0 and later versions.
Kind regards
Kiran
-
implementation of SSO with r12
Hello Experts,
I must apply sso with our installation r12.
the details are:
Operating system: HP-UX Itanium
EBS: 12.1.3
DB: 11.2.0.2
Next Note: Integration Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On [376811.1 ID]
According to the note, need to install 10 g AS (10.1.4.0.1)
can it go to 10.1.4.0.3
I am facing problem to download s/w for 10g As.
http://www.Oracle.com/technetwork/middleware/IAS/downloads/101401-099957.html
but not able to understand which I take download to do the first installation. (10.1.4.0.1)
Please suggest.
Thanks in ADV!
Hello
The issue is discussed previously and answered in the forum, please visit:
https://forums.Oracle.com/message/10403374
HTH!
Thank you &
Best regards
-
Hello world!
I configured an OAM (webgate) + DIO + OBIEE + OHS system.
The OBIEE is protected via OHS(weblogic module) and webgate. It works very well.
The CAO authenticates OID (default user identity store).
The * "User research Base" * is the same (* "cn = Users, dc is mydomain, dc = com" *) in the store of identity and authentication provider OID of OBIEE too.
SSO is enabled in OBIEE and suppliers are:
OID (provider that performs authentication LDAP 1.0) JUST
REQUIRED OAM (Oracle Access Manager identity Asserter 1.0) provider
DefaultAuthenticator (WebLogic Authentication Provider 1.0) SUFFICIENT
DefaultIdentityAsserter
IF the * "User name attribute" * is * '' cn '' * in-store OAM of identity of the users and the provider of the OID of the OBIEE * "user name attribute" * is * "cn" * (by default) also, everything works fine.
But I have to use * "orclSAMAccountName" * instead of * "cn" * (OAM and OID provider). And in this case, I have the problem.
The OID of the OBIEE provider are:
All users filter: (& (orclSAMAccountName = *)(objectclass=person))
The user of the name filter: (&(orclSAMAccountName=%u)(objectclass=person)))
Username attribute: orclSAMAccountName
I did a test user:
CN = test
SN = test_sn
orclsamaccountname = test_sama
UID = test_uid
krbprincipalname = test_krb
I can authenticate with test_sama OAM, but OBIEE say: * "" you are not logged here: Oracle BI Server. "*"
The bi log shows that:
+ By default (self-adjusting)' > < BISystemUser > <>< 00093dFuR ^ HFW7PMye7i6G00052S000Tt7 > < 1345642607333 > < BEA-000000 > < javax.security.auth.login.FailedLoginException: [Security: 090304] authentication failed: User test javax.security.auth.login.LoginException: identity [Security: 090300] Assertion failure: test user does not exist +.
+ oracle.security.jps.internal.api.jaas.AssertionException: javax.security.auth.login.FailedLoginException: [Security: 090304] authentication failed: User test javax.security.auth.login.LoginException: [Security: 090300] identity Assertion failure: test user does not exist.
Why does search OBIEE the * '' cn '' * and why does not use the * "orclsamaccountname?"
Any idea?
Best regards, JaniHello Joseph,.
This is a known issue in OBIEE 11.1.1.6.0, please see: OBIEE 11.1.1.6 Agent failed with error code: IHVF6OM7:OPR4ONWY:U9IM8TAC [nQSError: 13039] the imposter does not exist in the BI [1446877.1 ID] Security Service
We have configured OBIEE 11.1.1.6 on Linux and use Single Sign On (SSO) with authentication Native for Windows (Ondaaah).
Configured authenticator AD, select sAMAccountName instead of CN for the attribute of the user. SSO in MS license. When you try to access the OBIEE presentation services we met the below error.
«You are not logged here: Oracle BI Server.»
When to check the logfile biserver1 found: failure of the Assertion of identity [Security: 090300]: user OracleSystemUser does not exist
After you apply the hotfix 13553428 on top of 11.1.1.6.0 OBIEE we connected in OBIEE presentation services.
It works very well with OBIEE, 11.1.1.5.0 and 11.1.1.6.1
OBIEE fixed in 11.1.1.6.1. Apply Patch 13742915.
If you want to stay in OBIEE 11.1.1.6.0. Apply Patch 13553428.
Let me know if this solves the problem of Asserter.
Pls mark so useful or response.
Thank you
SVS- -
All fortune we have Oracle integrated with APEX Social Network
Hello friends,
A fortune for us have Oracle Social Network integrated with APEX, or having any kind of cat for end users.
Kind regards
FatehChat in APEX tool: http://apextoday.blogspot.com/2008/05/adding-im-xmppjabber-messaging-to-apex.html
Thank you
Tony Miller
Dallas, TX -
Hi all
execution of 11.5.10.2 with 10.2.0.4 db multi-user.
intalled 10g as another break with the OID/SSO.
application server 10.1.2.0.2
DB server: 10.1.0.4
need to integrate SSO with ebs
following mos 233436.1
has confused with authentication UNIQUE task 2, step 5: run the registration script
as this mos says that:
A perl script is used to register the instance of Oracle E-Business Suite Oracle Internet Directory and Oracle Single Sign-On
txkrun.pl - script = SetSSOReg.
-provtmp = $FND_TOP/admin/template / < TemplName >
and a lot of google search wrote 3 steps:
-Registration of oracle home
$FND_TOP/bin/txkrun.pl-script = SetSSOReg - registerinstance = yes
-SSO registration
$FND_TOP/bin/txkrun.pl-script = SetSSOReg - registersso = yes
-Record OID
$FND_TOP/bin/txkrun.pl-script = SetSSOReg - registeroid = yes
What is the good?
If both are right, then how decide what trake should I take?
Please suggest!Salvation;
If you have doupt that its go with sr. But if you follow google and if you hit error and if you mention your steps which is not covered in metalink with that you may have a support problem
Respect of
HELIOS -
Hello
Has anyone use SSO with OBIEE? We have restricted MSAD/Windows with OBIEE SSO.
Let us know that it is possible to do with the authentication of the RPD?
Thank you!Yes, as long as you're not on the v.3 version where the roles session variable cannot be initialized the. If you're on v.5, Yes, it's quite possible.
-
GTT - Global temporary Table - problem with Apex
Hello
I'm having a problem using TWG with Apex. The data generated by a session can be selected by another user in another session. How can this happen?
Thank you
Márcio GoncalezSounds like the connection pooling. You might want to try to change your TWG flush on the end of session to flush the commit.
-
Is that what someone has successfully used jUpload with Apex 3?
I got jUpload actually upload files in a directory on the server, but I can't seem to understand the next step...
I need to be able to obtain the names of downloaded files so I can then load into the database...
Someone at - it samples?We use jupload with apex listener. Listener of the apex, you could set up a model of resource http-post. The model of resource url is the url target of the jupload applet:
<>
Code = "wjhk.jupload2.JUploadApplet"
name = "JUpload".
Archive="/i/wjhk.jupload.jar".
Width = "640".
Height = "300".
MAYSCRIPT = 'true '.
ALT = "the pugin java must be installed." >
Java 1.5 or higher plugin required.
Definition of the resource with name 'download' model, type PL/SQL:
Start
Insert into table1 (contenttype, contentblob) values (: contentType,: body);
commit;
: status: = 200;
exception when others then
: status: = 500;
end;We have changed the jupload applet to be able to transfer the file names as parameters to jupload to the listener of the apex.
Published by: services on 12.02.2012 13:17
-
Software needed to achieve SSO with Webcenter Suite 11.1.1.2
Hi all
I installed Web center suite 11.1.1.2 on my Machine. Can someone suggest, what software I need to install in order to achieve
Oracle SSO with E-Business Suite and OBIEE.
Concerning
Nanfack marzolf
Published by: user11965597 on 15 Sep 2011 03:58Using these business applications with WebCenter spaces? If you start a new project, why don't you use WebCenter 11 G PS3 or PS4 because there are a number of new features? Also the Oracle Access Manager (OAM) is the recommended method to achieve the goal of SSO.
Although Oracle SSO (OSSO) is the main solution for Oracle 10 G Infrastructure but Weblogic also support OSSO. Anyway, if you want to use Oracle SSO (OSSO) in WebCenter 11.1.1.2, you need after 2 software: -.
1 oracle HTTP Server (OHS)
2 oracle Internet Directory (OID)You can find the configuration details in http://download.oracle.com/docs/cd/E15523_01/webcenter.1111/e12405/wcadm_security.htm#BGBDADFE.
You don't need additional software for E-business Suite as well.
Maybe you are looking for
-
Office jet pro l7590 ink cartridges HP.
How canI say when and what cartrdgeis low on ink and must set the example? DD39
-
Failover with VPN concentrator
Hi all We have unique VPN concentrator which is the single point of failure, so need your help to mitigate the same The topology diagram is attached Site A and Site B. Site B has internet gateways where we have existing VPN. The intention to introduc
-
I bought the Windows of Adobe Creative Suite 6 Design & Web Premium version, but received the Mac OS. I didn't know it until the problems occurred and Amazon will not exchange it for the correct version. I paid $750,00 for this software, and I can'
-
Open the file with Buddy API... and WITH...
HelloIt works well:on exitFrame memyFile = the moviePath & "IMBNRadio.M3U".OK = baOpenFile (myFile, "normal")endIt opens the multimedia file. M3u with Windows Media Player, but what happens if I want to open the file with another player?How can I do?
-
Automate the feature in After Effects
Hey guys!I am new to AE so this question may seem simple to you, but if you help me find the answer I'll be very grateful. I wonder if we can automate certain actions applied to its different definitions for the other group of clips? What I'm saying.