Configure SSO for Apex Application

Hi,

I am at the point where I need to create a DAD file. I have tried several things – related to another DAD file I had created for the APEX installation but its not working.

Could anybody give me some guidance within this:

– create a DAD for your application ( where do I create the file in)
– make sure you set the authentication mode no to Single Sign-On (okey )
– Provide other necessary information such as DAD name, ( I have tried inserting this kind of information but not sure if correct, could someone provide a clear example of the code I need to put)

I also don´t fully understand the whole success address thing. What is it? Why I am doing that? What do I have to replace with my own information?

Thank you,

Javier Rincon

– create a DAD for your application ( where do I create the file in)

You can create it anywhere and call this dads.conf from httpd.conf (Usual place is $ORACLE_HOME/Apache/modplsql/conf)

– make sure you set the authentication mode no to Single Sign-On (okey )
PlsqlAuthenticationMode SingleSignOn

This line in dads.conf means you are using sso (don’t use this)

– Provide other necessary information such as DAD name

Sample is in Apex configuration guide as well
Example is

SetHandler pls_handler
Order allow,deny
Allow from All
AllowOverride None
PlsqlDatabaseUsername [schema_name]
PlsqlDatabasePassword [schema_password]
PlsqlDatabaseConnectString [replace with connect string like hostname port]
PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8
PlsqlDocumentPath docs

Okey,

The thing is that I already had a dads file I configured at the start of APEX with almost same characteristics:

Alias /i/ “d:/MICC/product/10.1.3.1/OracleAS_1/Apache/images/”
AddType text/xml xbl
AddType text/x-component htc

Order deny,allow
PlsqlDocumentPath docs
AllowOverride None
PlsqlDocumentProcedure wwv_flow_file_mgr.process_downloadd
PlsqlDatabaseConnectString mier-es.es.oracle.com:1521:MISOAS SIDFormat
PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8
PlsqlAuthenticationMode Basic
SetHandler pls_handler
PlsqlDocumentTablename wwv_flow_file_objects$
PlsqlDatabaseUsername APEX_PUBLIC_USER
PlsqlDefaultPage apex
PlsqlDatabasePassword adouser
PlsqlRequestValidationFunction wwv_flow_epg_include_modules.authorize
Allow from all

I guess thats resolved, or is there anything wrong in there?

Thank you

Can you connect to database using

APEX_PUBLIC_USER/adouser@mier-es.es.oracle.com:1521:MISOAS

from middle tier ?

If yes check error message in error_log in $OH/Apache/Apache/logs on HTTP server

Hi Atul,

The following link redirects to http://www.beenverified.com/pls/orasso

http: // ssoserver.com/pls/orasso

Please help

Yvon,
I am not clear what you are trying to achieve and what is problem ?

I’m trying to Configure Apex as Partner application in Oracle SSO Server

Type URL as http: // ssoserver.com/pls/orasso & login as orcladmin, you will see screen like

When I type http://ssoserver.com/pls/orasso I get http://www.beenverified.com/pls/orasso

I’m trying to Configure Apex as Partner application in Oracle SSO Server

(Type URL as http://ssoserver.com/pls/orasso & login as orcladmin, you will see screen like)

When I type http://ssoserver.com/pls/orasso I end up at this site http://www.beenverified.com/pls/orasso

What is you SSO server URL ?
Did you install Oracle SSO server ?
You have to replace ssoserver.com in URL http://ssoserver.com/pls/orasso with your SSO server name 🙁

That’s one of the problems I’ve… I’m new to this. I know I have to register the application with the SSO Server, create Authentication Scheme, etc… I searched for SSO SDK to install unfortunately didn’t come across anything useful. Please provide me the steps.

Yvon,

SSO SDK is available in ssosdk902.zip which is part of 10g AS R2 software (10g Application server release 2 i.e. 10.1.2.X )

– Apex is installed on 10g AS , if you don’t see ssosdk902.zip then get it from 10g AS middle tier

[if you don’t see ssosdk902.zip then get it from 10g AS middle tier]

May you please guide me; Steps on how to get ssosdk902.zip I mean the exact location on 10g AS.

Thanks

Found the path for ssosdk902.zip online. $ORACLE_HOME/sso/lib/ssosdk902.zip

Will check if i can find it.

Hi Atul,

I had tried to do this before but as it wasn´t a priority I left it.

I have know retaken it, and started to do exactly like pointed in your page only.

1 – Alread in the first step I have a question. For the SSOServer, do I need to have one installed in the computer, or not.

I thought that I would go to the oracle sso server main page and then do it from there. I actually tried it but it redirects me to :

https://login.oracle.com/sso/pages/index.jsp

It also doesn’t let me login with the login you provided.

Regards,

Javier

Javier,

You definately need your own SSO, Oracle would never allow any one to register applicatio against their SSO server.

Atul

For APEX integration with SSO the following error after successfull logon on SSO,the APEX report does not show, any idea what to do

Unknown exception in parse_url_cookie: User-Defined Exception

Have check,
Cookie version v1.2
No other errors in logs
No HttpHeader errors

vdmerwj6, check if there are any invalid objects in apex database.

Update with steps you did for registrtion (Is SSO with Apex working fine with other apex pages i.e. issue is with specific reports or for all apex pages/reports)

Hi Atul

All Apex database packages compiled successful
Apex (no authentication) reports is 100%
Apex LDAP authentication reports is 100%
Apex SSO authentication (via partner app) does not show.

I have followed the installation steps as describe above. Do not know what to check anymore.

Thanks

vdmerwj6,
Update apex version , sso version and steps you did for SSO integration (Did this sso/apex integration ever work ?)

Atul
Already on the latest APEX 3.1.2/SSO10.1.2 version, it seems that I cannot get APEX with SSO to work. Please look at HTTPHeaders perhaps you see something ? On the APEX logs is just Unknown exception in parse_url_cookie: User-Defined Exception

Latest httpHeaders after SSO logon (XXX replace some stuff)

GET /pls/apex/wwv_flow_custom_auth_sso.process_success?urlc=v1.2~68F1EDXXX HTTP/1.1
Accept: */*
Referer: http://XXX.co.za:7778/x-sso/login.jsp?site2pstoretoken=v1.2~B6D956E8~F73B5684AXXX &p_error_code=&p_submit_url=http%3A%2F%2FXXX.co.za%3A7778%2Fsso%2Fauth&p_cancel_url=http%3A%2F%2Fsp04XXX.co.za%3A7779%2Fplsapex%2Ff%3Fp%3D114%3A1%3A3979834998421869&ssousername=
Accept-Language: en-za
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; QS 4.2.1.0; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: XXX.co.za:7778
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: oracle.uix=0^^GMT+2:00; SSO_ID=v1.2~1~1837987CBFXXXXXXX

HTTP/1.1 200 OK
Date: Thu, 29 Jan 2009 14:10:15 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain

Thanks

Confirm that you followed
Metalink Note 562807.1 Configuring an APEX Application to Use SSO With SDK in Separate Schema

Once done please reconfigure using above note.

If you still hit this issue enable debugging using 562840.1 Troubleshooting Apex SSO Related Error ERR-7620

I have logged a SR with Oracle that is called APEX SSO MIGRATION USING NOTE 562807.1 and
We have compared the following (servername.domain = host)

1) Oracle Application Partner APP
ID: B6D956E8
Token: KCIUEE6JB6D956E8
Encryption Key: 80946AAFA6FF9366
Login URL: http://host:7778/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: http://host:7778/pls/orasso/orasso.wwsso_app_admin.ls_logout
Name: HTML_DB:host.co.za:7779
Home URL: http://host:7779/pls/apex
Success URL: http://host:7778/pls/apex/wwv_flow_custom_auth_sso.process_success
Logout URL: http://host:7778/osso_logout_success

2) with APEX database objects FLOWS_030100.WWSEC
_ENABLER_CONFIG_INFO$ (PS all packages compiled

100%)
LSNR_TOKEN: HTML_DB:host:7779
SITE_TOKEN : KCIUEE6JB6D956E8
SITE_ID : B6D956E8
LS_LOGIN_URL: http://host:7778/pls/orasso/orasso.wwsso_app_admin.ls_login
URLCOOKIE_VERSION: v1.2
ENCRYPT_KEY: 80946AAFA6FF9366
ENCRYPTION_MASK_PRE: A063ED57EFF37FD2AAF2CBFC80A08BD7
ENCRYPTION_MASK_POST: 379A1B3FADA689A21E794EE3AF59783A
URL_COOKIE_IP_CHECK:N

3) with APEX Report Authentication schema
Name : SSOSchema
Description : Based on authentication scheme from gallery:
Oracle Application Server Single Sign-On (Application

Express as Partner Application)
SSO Partner Application Name : HTML_DB:host:7779
Or- Session Not Valid URL : -PORTAL_SSO-
Authentication Function: -PORTAL_SSO-

4) with SQL Script begin owa_util.print_cgi_env; end;
PLSQL_GATEWAY = WebDb
GATEWAY_IVERSION = 3
SERVER_SOFTWARE = Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
GATEWAY_INTERFACE = CGI/1.1
SERVER_PORT = 7779
SERVER_NAME = host (NAME in CAPS)
REQUEST_METHOD = POST
PATH_INFO = /wwv_flow.show
SCRIPT_NAME = /pls/apex
REMOTE_ADDR = 10.251.23.25
SERVER_PROTOCOL = HTTP/1.1
REQUEST_PROTOCOL = HTTP
REMOTE_USER = APEX_PUBLIC_USER
HTTP_CONTENT_LENGTH = 312
HTTP_CONTENT_TYPE = application/x-www-form-urlencoded
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; QS 4.2.1.0; .NET CLR 2.0.50727;

InfoPath.1; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
HTTP_HOST = wblv-ep-sp04.telkom.co.za:7779
HTTP_ACCEPT = */*
HTTP_ACCEPT_LANGUAGE = en-za
HTTP_REFERER = http://host:7779/pls/apex/f?p=4500:1003:2019680589286::NO:::
HTTP_ORACLE_ECID = 81785605246,1
HTTP_ORACLE_CACHE_VERSION = 10.1.2
WEB_AUTHENT_PREFIX =
DAD_NAME = apex
DOC_ACCESS_PATH = docs
DOCUMENT_TABLE = wwv_flow_file_objects$
PATH_ALIAS =
REQUEST_CHARSET = AL32UTF8
REQUEST_IANA_CHARSET = UTF-8
SCRIPT_PREFIX = /pls
HTTP_COOKIE = ORA_WWV_REMEMBER_UN=ADMIN:portalcontext; ORA_WWV_USER=AD79F01027CA62FB;

oracle.uix=0^^GMT+2:00;

SSO_ID=v1.2~1~66C47A0EF5ECDA16BEE2D2B3D875B609BEF
88CC8C5A9B6DE6FCED1EF42C0700D232DBB74D2566B8

E1F871F3BE8F9F3A108C634AA4C049C18DE2BEE6DD88EDFAB
931968DD1226E7BBB22112DC2E5016556E0C851C346F6

85C539FAA4FBAA40A94CC94223BEF2F8755B1836CFA60A0FBF
9B029F56F7BDD19117A2A8B6FC6366CE6E014036D09C

F77212637924C27E4C3CC191DB21D7901F02CA1D3CC4E62AD06
B37CFB8EE571D580A2ADA0CFD3EC407665F7EA4FD8

0725C259C0800BBC9948DC17220AB9BE9E4630B206AA1A770D8
A48ADD575C282C759CBEA4DD35F39B49D91B79D30A

901391A908B40DBB6A2E83F0F0491631197B0E196FF4AE635590A60
A307BC73B70D357BB020A31003941E6EC846288BC

9C685079A2E
Statement processed.

5) iefHHTPHearders
GET

/pls/apex/wwv_flow_custom_auth_sso.process_success?urlc=v1.2~
5166CCE7D700251E9FDDC9ED2E7A4BDD3E7241F

024A3B25C26C7C4B7B57F23849DDDEA7EE7D2B63CED0C30A976F70EC
BADBE27412810F03F8A6F4305963E8B8E90854

4FF6E4EE26D6EB67DAD5A886408CE28660E269738F0786834908C7
D89A28A382272BB6FFE0A2681A632826FE488183CC

4490E36AACE24006ECF49EDAA7738EE1BE77DFC1D7F6DC141496D8
83EB31F7AB9903DB9BFB85F6534F9268A9604AF2

AD7835AAC6CB398CDA368971101A3C7A5E27CA0458BBDAF09951C2
4A31FA3BD5FE0BE4F443855036950C95CCFAFAB

D906D757C6B3954DC93BFF2EC5C2678FED2E08F67C4BA6A709C137B2
8902FEAEF45D80FF793F7D1C21D9A8DB78F3D

E87F4DFD0797F60355F076F15F453A510FCB2B7A290D8A93E1312247
D89694C17A4D4AA9EFB6DBC82863C77DB85CEC

2B63474C2BEE8DC859158066D503EFDD8FEF815C0480B1D15BE6957E
43BDAE82CE74B745F230E777F7D1D5433E892E3

4B3AD60B7899DD7FB658081D5589364502B9C8 HTTP/1.1
Accept: /
Referer:

http://host:7778/eportal-sso/login.jsp?site2pstoretoken=v1.2~B6D956
E8~83DF44FED781E1B7B0FE47F92165670343425

AFB455C52D842E19B6D898DD1611006523736AA86D462F387EDA2EA81D
A610ABC8958966DEDC1E0FB3959DB2FFFDA

A7A3499EE7A288582B72DFC7CFEB9529A0E1BFCE7A865D8A8824A49E3
0F0AE65804691F632EF80735684749328A49142

6AF445A8EE7E9ADF8866123815D2E455C053A5E0F20150C52F062AE9D74
A46A7A840FB21D719014760C0E45B29986A5E

8597377B8C2CB5F149B6F4F62E02AC45593C30E8D318DD25ABDF3BBE8BC3
6AA0942801951AB5C1B4B312AE23931C51

C24A1FB7AE436CE3BB3B5DCDE0DB3954FB924887410E91E040CA319623482
30200BB9827FECDA428CDAD919C88C777

7342AC8003A7B3613E4ACD73A69E55BCA2&p_error_code=&p_submit_
url=http%3A%2F%2Fhost%3A7778%2Fsso%2Fa

uth&p_cancel_url=http%3A%2F%2Fhost%3A7779%2Fplsapex%2Ff%
3Fp%3D114%3A1%3A3590921397020205&ssousern

ame=
Accept-Language: en-za
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; QS 4.2.1.0; .NET CLR 2.0.50727; InfoPath.1; .NET

CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Host: host:7778
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ORA_WWV_REMEMBER_UN=ADMIN:portalcontext; oracle.uix=0^^GMT+2:00;

SSO_ID=v1.2~1~66C47A0EF5ECDA16BEE2D2B3D875B6
09BEF88CC8C5A9B6DE6FCED1EF42C0700D232DBB74D2566B8

E1F871F3BE8F9F3A108C634AA4C049C18DE2BEE6DD88EDF
AB931968DD1226E7BBB22112DC2E5016556E0C851C346F6

85C539FAA4FBAA40A94CC94223BEF2F8755B1836CFA60A0F
BF9B029F56F7BDD19117A2A8B6FC6366CE6E014036D09C

F77212637924C27E4C3CC191DB21D7901F02CA1D3CC4E62AD0
6B37CFB8EE571D580A2ADA0CFD3EC407665F7EA4FD8

0725C259C0800BBC9948DC17220AB9BE9E4630B206AA1A770D8A
48ADD575C282C759CBEA4DD35F39B49D91B79D30A

901391A908B40DBB6A2E83F0F0491631197B0E196FF4AE635590A60
A307BC73B70D357BB020A31003941E6EC846288BC

9C685079A2E

URL Used : http://host:7779/pls/apex/f?p=114 , report only display hello screen or other display 1 table with no

authorization

Can logon to SSO successful but after APEX stored prod the error , no HTTP or SSO server errors, Any help ?

[…] Oracle Apex 4.1 integration with Oracle Access Manager (OAM) 11g for Single Sign-On (SSO) Posted in January 12th, 2012 byAtul Kumar in apex, oam, sso  Print This Post This post covers integration of Apex 4.1 with Oracle Access Manager 11g for Single Sign-On. For previous version of Apex integration with Oracle Single Sign-On click here […]