Oracle SSO provisioning for APEX

This section deals with provisioning Oracle SSO for APEX application.
1. Register APEX as partner application in Oracle Application server.
Note some of the details as shown below.
ID: 80F63272
Token: 51J0903680F63272
Encryption Key: EBBD933BC541FAFF
Login URL: http://directory_server_hostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: http://directory_server_hostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
Name : APEX
Home URL : http://apex_hostname:8080/apex
Success URL : http://apex_hostname:8080/apex/wwv_flow_custom_auth_sso.process_success
Logout URL :http://apex_hostname:8080/apex
This Application Name APEX will be used in 5th step while associating SSO application name in the Authentication scheme.
2. Next step is to install SDK package and configuration.
Extract the sdk902.zip file present in middle tier to the local machine.
Login as FLOWS_xxxx user and execute @loadsdk.sql.
Then logout and login again, and execute @regapp.sql by inputting some parameters of Partner application.
Enter value for listener_token: HTML_DB:sbpdb.idc.oracle.com:8080
Enter value for site_id: 80F63272
Enter value for site_token: 51J0903680F63272
Enter value for login_url: http://directory_server_hostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: EBBD933BC541FAFF
Enter value for ip_check: N
It is important that listener_token should be in the format HTML_DB:hostname_where_apex_installed:port_no_apex_listens.
When the registration is successful, then the result will be as shown below:
Registration successful.
Listener token: HTML_DB:sbpdb.idc.oracle.com:8080
Site id : 80F63272
Site token : 51J0903680F63272
Encryption key: EBBD933BC541FAFF
Login URL : http://directory_server_hostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Logout URL : http://directory_server_hostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
IP check : N
3. Third step is to execute custom_auth_sso_902.sql and custom_auth_sso_902.plb as FLOWS_xxxx user.
4. Grant execute permissions as shown below:
grant execute on wwv_flow_custom_auth_sso to APEX_PUBLIC_USER;
5. Login to APEX console, and create Authentication scheme with name CUSTOM SSO and map the SSO Partner application as APEX (as in the first step).

Congrats, you have finished SSO configurations for APEX.
Now login to apex application (for eg, http://apex_hostname:8080/apex/f?p=104:2) and check SSO login page will be displayed.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

8 comments
Ferry says June 28, 2010

Hello
I need to knw the configuration for OAM with APEX. Any help would be appreciated.

Regards,

Reply
Mahendra says June 28, 2010

Hi Ferry,

Please follow this post and let me know if you face any issues.

Mahendra.

Reply
Ferry says June 28, 2010

Hello Mahendra,

Thank you for the reply. This post explains the SSO for APEX with OSSO. Is that mean there is no direct integration for APEX with OAM? If I configure OSSO with APEX then I need to integrate OSSO with OAM which in turn lead to OID-AD synchronization as users reside in AD.

Please provide your valuable comments

Regards,
Ferry.

Reply
Mahendra says June 28, 2010

Ferry,

Yes, you would need to do OSSO-Apex and OSSO-OAM integrations. Also user sync between OID and AD is necessary. I dont know any other solution other than this.

Mahendra.

Reply
Ferry says June 28, 2010

Thank You Very Much for the clarification Mahendra… Appreciated !!!!!!!

Reply
Ferry says July 12, 2010

Hello Mahendra,

Have one more question !! The client has installed OID 11g and the latest OAS is 10gR3. How do I go about the OSSO implementation for APEX.

Reply
Mahendra says July 13, 2010

Hi Ferry,

I have done this integration long time ago and literally dont remember it. However, I can say that you need to check supportability of OID11g with OAS 10gR3 in certification matrix and please check for the integration as well.

You can still use OSSO 10g for OAM 10.1.4.3 integration.

Reply
rakesh says November 8, 2010

Hi Mahendra,

I have used Weblogic in place of OAS. Any idea how to configure SSO on this???

Reply
Add Your Reply