Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: access an sso partner application through an iframe without reauthenticating

Re: access an sso partner application through an iframe without reauthenticating

From: <danny.roach_at_oracle.com>
Date: 4 Jan 2007 08:46:01 -0800
Message-ID: <1167929161.676764.319570@s34g2000cwa.googlegroups.com> 







On Jan 4, 2:21 pm, "What's in a namespace" <x..._at_ns.com> wrote:


> <danny.ro..._at_oracle.com> schreef in berichtnews:1167917004.498279.109890_at_6g2000cwy.googlegroups.com...

>

>

>

>

>

> > On Jan 4, 1:08 pm, "What's in a namespace" <x..._at_ns.com> wrote:

> >> <danny.ro..._at_oracle.com> schreef in

> >> berichtnews:1167832603.851662.227880_at_v33g2000cwv.googlegroups.com...

>

> >> >I have an application (written using apex) that is an sso partner app.

> >> > I want to be able to embed the application within a portlet (probably a

> >> > dynamic page portlet generating an iframe) in my portal.  When a user

> >> > access the portal page that contains the iframe they are initially

> >> > forced to reauthenticate within the iframe.

>

> >> > The problem lies in the sso session.  I think when you access an

> >> > application through an iframe it treats everything in the iframe as if

> >> > it were in a separate browser session.  This means that when you try to

> >> > access the application in the iframe it still redirects you to the sso

> >> > server even though you are already authenticated via portal.

>

> >> > So this is the problem, has anyone got any ideas on what the solution

> >> > might be?Danny,

>

> >> I performed a test, starting with a public page, this works fine. I think

> >> there's something wrong with your configuration.

>

> >> Shakepeare.

>

> > Okay, here are the results of that query you suggested I ran:

>

> > SITE_TOKEN


> > ---------------------------------------------------------------------------­-------------------------

> > SUCCESS_URL


> > ---------------------------------------------------------------------------­-------------------------

> > FAILURE_URL


> > ---------------------------------------------------------------------------­-------------------------

> > HOME_URL


> > ---------------------------------------------------------------------------­-------------------------

> > LOGOUT_URL


> > ---------------------------------------------------------------------------­-------------------------

> > 92WCVH1H9BC43B23


> >http://pmdemo-vm1.us.oracle.com:7777/pls/apex/wwv_flow_custom_auth_ss...

> >http://pmdemo-vm1.us.oracle.com:7777/pls/apex

> >http://pmdemo-vm1.us.oracle.com:7777/pls/apex

> >http://pmdemo-vm1.us.oracle.com:7777/pls/apex

>

> > The reason that the first page is public is that unregistered users are

> > allowed access to certain pages in the portal and application (such as

> > the catalogue) however in order to buy something they have to be a

> > registered user (hence the need to authenticate if they try and

> > navigate to the cart page).

>

> > The system I am running this on is a vmware image installed on red hat

> > linux with app server 10.1.2 portal 10.1.4 and apex 2.2.

>

> > The only other work around I can think of is to have the entire app as

> > public. but then run a custom procedure for each page that requires

> > authentication that just checks if the user is logged on (using the

> > portal wwsec_api).  That way I might avoid the sso nightmare!  Have you

> > any thoughts on this?

>

> > Thanks

>

> > DannyLet's not give up so quickly! I think you will make your application a bit

> more complex doing this. Using the standard way of authentication, you can

> still swap to default apex authentication (for testing etc). If you change

> your app, this won't work anymore.

>

> So:

>

> Please check this: is your procedure

> wwv_flow_custom_auth_sso.process_success (in the FLOW_020200 schema on your

> apex database) valid?

> Could you check for any invalid objects in this database? Check using the

> system account, and all_objects where object_name like '%FLOW%'. I had some

> invalid public synonyms.

>

> In my configuration, I have url's like yours, but for the url's ending with

> /apex I have /apex/htmldb (which should not make a difference, but still...)

>

> When you ran regapp.sql, did you get any errors? In detail: did you prefix

> your siteid with HTML_DB? (like in your case:

> HTML_DB:pmdemo-vm1.us.oracle.com:7777  ?)

>

> And as a last resort: could you locate (on the apex http server) the file

> marvel.conf, and post it contents?  It's somewhere in the modplsql

> directories.

>

> Looks like a lot of work, but I can learn from this too ;-)

>

> Shakespeare

> (what's in a flow?)- Hide quoted text -- Show quoted text -




Im gonna look at this tomorrow now, with fresh (ish) eyes.  I'll post
all the info when I have it.



Once again thanks for taking the time to advise on this.



Danny
Received on Thu Jan 04 2007 - 10:46:01 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US