Re: access an sso partner application through an iframe without reauthenticating

<danny.roach_at_oracle.com> schreef in bericht news:1167902993.972194.63540_at_v33g2000cwv.googlegroups.com...
>
>
> On Jan 4, 8:23 am, "What's in a namespace" <x..._at_ns.com> wrote:
>> <danny.ro..._at_oracle.com> schreef in
>> berichtnews:1167832603.851662.227880_at_v33g2000cwv.googlegroups.com...
>>
>> >I have an application (written using apex) that is an sso partner app.
>> > I want to be able to embed the application within a portlet (probably a
>> > dynamic page portlet generating an iframe) in my portal. When a user
>> > access the portal page that contains the iframe they are initially
>> > forced to reauthenticate within the iframe.
>>
>> > The problem lies in the sso session. I think when you access an
>> > application through an iframe it treats everything in the iframe as if
>> > it were in a separate browser session. This means that when you try to
>> > access the application in the iframe it still redirects you to the sso
>> > server even though you are already authenticated via portal.
>>
>> > So this is the problem, has anyone got any ideas on what the solution
>> > might be?Danny, just to check:
>> 1) does your applciation work with SSO when not called from Portal? So if
>> you type the app. link in your browser, log in, retype the link, do you
>> have
>> to login again then?
>> 2) If yes, if you create an URL item in Portal with this link, click it,
>> login, logout, click it again, does it work?
>>
>> Shakespeare
>
> My application has a couple of public pages that the user can navigate
> to before logging in (It is a shopping cart application). Once they
> have made there choices from the catalogue (public - page 2) they
> navigate to the shopping cart page (requires login - page 3). The
> system then prompts for login and shows the sso login page. They log
> in and then can see the shopping cart.
>
> I did this once and it worked fine if I then copied the link (page 3 -
> including session) it worked without logging in again. If i copied the
> link (page 3 - withou t session ) then it tried to redirect me to the
> sso login page and then failed with a page 404 not found error.
>
> The access log entry from apache looks like this
>
> 192.168.197.1 - PUBLIC [04/Jan/2007:01:15:14 -0800] "GET
> /pls/orasso/orasso.wwsso_app_Admin.ls_login?site2pstoretoken=v1.2%7E9BC43B23%7E1D54FD1AAE1CC89BE87ED353FA937CB568FD93E06BF40633F8AF5849FE79F2C9B661BEB03425F1535BF858B928DCE9B208EFD647EB84F61349BB6AECCDE074FC3D36435913B2A8107FBC553739BC697C0AE43614DDE31493025917A2C46D306FD0DA4362532B4882942A7C004EEDA9A1F7EFD8D0F30E6D56AE43449404D20F2E3F2F5EB08A9F7B9EFA39B3ACB8E5A7D8B2F41E92FCCF00068E2E34A98E68EF999D1585B29179F0EE7FE1E118BD5B55F7859FBD5D40546D1C65A207523B1D1CC617B7F0DB3C50C80EEA062FF31EF18B9559629C6D0752358134F54FA1F421A9F1DB343D48266869046B8F6F6205DD70EEFFC49C9AF6C81A998032410D77B6D14C91F37CE90FF9C6611EA3E2F8F63C172B
> HTTP/1.1" 404 377
>
> The error log entry looks like this
>
> [Thu Jan 4 01:15:14 2007] [error] [client 192.168.197.1] [ecid:
> 1167902113:192.168.197.100:2057:0:15,0] mod_plsql:
> /pls/orasso/orasso.wwsso_app_Admin.ls_login HTTP-404 ORA-06502: PL/SQL:
> numeric or value error\nORA-06512: at "ORASSO.WWSSO_LS_PRIVATE", line
> 870\nORA-06512: at "ORASSO.WWSSO_VPD_PRIVATE", line 41\nORA-06512: at
> "ORASSO.WPG_SESSION", line 66\nORA-06512: at line 22\n
>
> All this was done on apex stand alone without portal.
>
> Thanks for looking at this for me.
>
> Danny
>

Danny,

I get a bit confused here (but it's still morning). The problem you describe now doesn't seem to have anything to do with iframes, am I correct? For your not using Portal now...

I presume your logs are from the infrastructure server (where OID resides), correct?
By the way: what version and edition (express, standard, enterprise) DB is your APEX on? I know SSO has problems with APEX on Oracle Express Edition.

Apparently, your redirect is working, but is redirecting to a page that is not found because of an error in buidling the page in plsql. For what I can see, your site2pstoretoken is longer than in my logfiles.

Did you change anything in your SSO-configuration on the SSO-server between success and failure?

Shakespeare   Received on Thu Jan 04 2007 - 04:19:08 CST