Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: access an sso partner application through an iframe without reauthenticating

Re: access an sso partner application through an iframe without reauthenticating

From: What's in a namespace <xml_at_ns.com>
Date: Thu, 4 Jan 2007 15:21:07 +0100
Message-ID: <459d0d56$0$327$e4fe514c@news.xs4all.nl>

<danny.roach_at_oracle.com> schreef in bericht news:1167917004.498279.109890_at_6g2000cwy.googlegroups.com...
>
>
> On Jan 4, 1:08 pm, "What's in a namespace" <x..._at_ns.com> wrote:
>> <danny.ro..._at_oracle.com> schreef in
>> berichtnews:1167832603.851662.227880_at_v33g2000cwv.googlegroups.com...
>>
>> >I have an application (written using apex) that is an sso partner app.
>> > I want to be able to embed the application within a portlet (probably a
>> > dynamic page portlet generating an iframe) in my portal. When a user
>> > access the portal page that contains the iframe they are initially
>> > forced to reauthenticate within the iframe.
>>
>> > The problem lies in the sso session. I think when you access an
>> > application through an iframe it treats everything in the iframe as if
>> > it were in a separate browser session. This means that when you try to
>> > access the application in the iframe it still redirects you to the sso
>> > server even though you are already authenticated via portal.
>>
>> > So this is the problem, has anyone got any ideas on what the solution
>> > might be?Danny,
>>
>> I performed a test, starting with a public page, this works fine. I think
>> there's something wrong with your configuration.
>>
>> Shakepeare.
>
> Okay, here are the results of that query you suggested I ran:
>
> SITE_TOKEN
> ----------------------------------------------------------------------------------------------------
> SUCCESS_URL
> ----------------------------------------------------------------------------------------------------
> FAILURE_URL
> ----------------------------------------------------------------------------------------------------
> HOME_URL
> ----------------------------------------------------------------------------------------------------
> LOGOUT_URL
> ----------------------------------------------------------------------------------------------------
> 92WCVH1H9BC43B23
> http://pmdemo-vm1.us.oracle.com:7777/pls/apex/wwv_flow_custom_auth_sso.process_success
> http://pmdemo-vm1.us.oracle.com:7777/pls/apex
> http://pmdemo-vm1.us.oracle.com:7777/pls/apex
> http://pmdemo-vm1.us.oracle.com:7777/pls/apex
>
> The reason that the first page is public is that unregistered users are
> allowed access to certain pages in the portal and application (such as
> the catalogue) however in order to buy something they have to be a
> registered user (hence the need to authenticate if they try and
> navigate to the cart page).
>
> The system I am running this on is a vmware image installed on red hat
> linux with app server 10.1.2 portal 10.1.4 and apex 2.2.
>
> The only other work around I can think of is to have the entire app as
> public. but then run a custom procedure for each page that requires
> authentication that just checks if the user is logged on (using the
> portal wwsec_api). That way I might avoid the sso nightmare! Have you
> any thoughts on this?
>
> Thanks
>
> Danny
>

Let's not give up so quickly! I think you will make your application a bit more complex doing this. Using the standard way of authentication, you can still swap to default apex authentication (for testing etc). If you change your app, this won't work anymore.

So:

Please check this: is your procedure
wwv_flow_custom_auth_sso.process_success (in the FLOW_020200 schema on your apex database) valid?
Could you check for any invalid objects in this database? Check using the system account, and all_objects where object_name like '%FLOW%'. I had some invalid public synonyms.

In my configuration, I have url's like yours, but for the url's ending with /apex I have /apex/htmldb (which should not make a difference, but still...)

When you ran regapp.sql, did you get any errors? In detail: did you prefix your siteid with HTML_DB? (like in your case: HTML_DB:pmdemo-vm1.us.oracle.com:7777 ?)

And as a last resort: could you locate (on the apex http server) the file marvel.conf, and post it contents? It's somewhere in the modplsql directories.

Looks like a lot of work, but I can learn from this too ;-)

Shakespeare
(what's in a flow?) Received on Thu Jan 04 2007 - 08:21:07 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US