Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: access an sso partner application through an iframe without reauthenticating
On Jan 4, 2:21 pm, "What's in a namespace" <x..._at_ns.com> wrote:
> <danny.ro..._at_oracle.com> schreef in berichtnews:1167917004.498279.109890_at_6g2000cwy.googlegroups.com...
>
>
>
>
>
> > On Jan 4, 1:08 pm, "What's in a namespace" <x..._at_ns.com> wrote:
> >> <danny.ro..._at_oracle.com> schreef in
> >> berichtnews:1167832603.851662.227880_at_v33g2000cwv.googlegroups.com...
>
> >> >I have an application (written using apex) that is an sso partner app.
> >> > I want to be able to embed the application within a portlet (probably a
> >> > dynamic page portlet generating an iframe) in my portal. When a user
> >> > access the portal page that contains the iframe they are initially
> >> > forced to reauthenticate within the iframe.
>
> >> > The problem lies in the sso session. I think when you access an
> >> > application through an iframe it treats everything in the iframe as if
> >> > it were in a separate browser session. This means that when you try to
> >> > access the application in the iframe it still redirects you to the sso
> >> > server even though you are already authenticated via portal.
>
> >> > So this is the problem, has anyone got any ideas on what the solution
> >> > might be?Danny,
>
> >> I performed a test, starting with a public page, this works fine. I think
> >> there's something wrong with your configuration.
>
> >> Shakepeare.
>
> > Okay, here are the results of that query you suggested I ran:
>
> > SITE_TOKEN
> > ----------------------------------------------------------------------------------------------------
> > SUCCESS_URL
> > ----------------------------------------------------------------------------------------------------
> > FAILURE_URL
> > ----------------------------------------------------------------------------------------------------
> > HOME_URL
> > ----------------------------------------------------------------------------------------------------
> > LOGOUT_URL
> > ----------------------------------------------------------------------------------------------------
> > 92WCVH1H9BC43B23
> >http://pmdemo-vm1.us.oracle.com:7777/pls/apex/wwv_flow_custom_auth_ss...
> >http://pmdemo-vm1.us.oracle.com:7777/pls/apex
> >http://pmdemo-vm1.us.oracle.com:7777/pls/apex
> >http://pmdemo-vm1.us.oracle.com:7777/pls/apex
>
> > The reason that the first page is public is that unregistered users are
> > allowed access to certain pages in the portal and application (such as
> > the catalogue) however in order to buy something they have to be a
> > registered user (hence the need to authenticate if they try and
> > navigate to the cart page).
>
> > The system I am running this on is a vmware image installed on red hat
> > linux with app server 10.1.2 portal 10.1.4 and apex 2.2.
>
> > The only other work around I can think of is to have the entire app as
> > public. but then run a custom procedure for each page that requires
> > authentication that just checks if the user is logged on (using the
> > portal wwsec_api). That way I might avoid the sso nightmare! Have you
> > any thoughts on this?
>
> > Thanks
>
> > DannyLet's not give up so quickly! I think you will make your application a bit
> more complex doing this. Using the standard way of authentication, you can
> still swap to default apex authentication (for testing etc). If you change
> your app, this won't work anymore.
>
> So:
>
> Please check this: is your procedure
> wwv_flow_custom_auth_sso.process_success (in the FLOW_020200 schema on your
> apex database) valid?
> Could you check for any invalid objects in this database? Check using the
> system account, and all_objects where object_name like '%FLOW%'. I had some
> invalid public synonyms.
>
> In my configuration, I have url's like yours, but for the url's ending with
> /apex I have /apex/htmldb (which should not make a difference, but still...)
>
> When you ran regapp.sql, did you get any errors? In detail: did you prefix
> your siteid with HTML_DB? (like in your case:
> HTML_DB:pmdemo-vm1.us.oracle.com:7777 ?)
>
> And as a last resort: could you locate (on the apex http server) the file
> marvel.conf, and post it contents? It's somewhere in the modplsql
> directories.
>
> Looks like a lot of work, but I can learn from this too ;-)
>
> Shakespeare
> (what's in a flow?)- Hide quoted text -- Show quoted text -
Okay, here goes.
system_at_mrdb.us.oracle.com> select object_name, object_type, status from
all_objects where object_nam
e like '%FLOW%' and status = 'INVALID';
OBJECT_NAME OBJECT_TYPE STATUS ------------------------------ ------------------- ------- WWV_FLOW_CUSTOM_AUTH_SSO SYNONYM INVALID WWV_FLOW_CUSTOM_AUTH_SSO PACKAGE BODY INVALID
system_at_mrdb.us.oracle.com>
contents of Marvel.conf
Alias /i/ "/opt/oracle/mr1014/Apache/Apache/"
AddType text/xml xbl AddType text/x-component htc
<Location /pls/apex>
Order deny,allow
PlsqlDocumentPath docs
AllowOverride None
PlsqlDocumentProcedure wwv_flow_file_manager.process_download
PlsqlDatabaseConnectString pmdemo-vm1.us.oracle.com:1521:mrdb
PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8 PlsqlAuthenticationMode Basic SetHandler pls_handler PlsqlDocumentTablename wwv_flow_file_objects$ PlsqlDatabaseUsername APEX_PUBLIC_USER PlsqlDefaultPage apex PlsqlDatabasePassword password
As far as I remember regapp.sql ran fine. It seems like you have hit the nail on t he head with the invalid objects. I tried recompiling them:
system_at_mrdb.us.oracle.com> alter package flows_020200.WWV_FLOW_CUSTOM_AUTH_SSO compile body;
Warning: Package Body altered with compilation errors.
system_at_mrdb.us.oracle.com> show errors
Errors for PACKAGE BODY FLOWS_020200.WWV_FLOW_CUSTOM_AUTH_SSO:
LINE/COL ERROR
Any ideas on that one?
Thanks
Danny Received on Mon Jan 08 2007 - 08:35:00 CST