Path: news.f.de.plusline.net!news-fra1.dfn.de!news.tele.dk!feed118.news.tele.dk!postnews.google.com!31g2000cwt.googlegroups.com!not-for-mail From: danny.roach@oracle.com Newsgroups: comp.databases.oracle.server Subject: Re: access an sso partner application through an iframe without reauthenticating Date: 4 Jan 2007 03:03:19 -0800 Organization: http://groups.google.com Lines: 157 Message-ID: <1167908599.457075.3490@31g2000cwt.googlegroups.com> References: <1167832603.851662.227880@v33g2000cwv.googlegroups.com> <459cb96e$0$322$e4fe514c@news.xs4all.nl> <1167902993.972194.63540@v33g2000cwv.googlegroups.com> <459cd49f$0$335$e4fe514c@news.xs4all.nl> NNTP-Posting-Host: 193.32.3.83 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1167908605 9527 127.0.0.1 (4 Jan 2007 11:03:25 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Thu, 4 Jan 2007 11:03:25 +0000 (UTC) In-Reply-To: <459cd49f$0$335$e4fe514c@news.xs4all.nl> User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727),gzip(gfe),gzip(gfe) X-HTTP-Via: 1.0 emea-nc01 (NetCache NetApp/6.0.1) Complaints-To: groups-abuse@google.com Injection-Info: 31g2000cwt.googlegroups.com; posting-host=193.32.3.83; posting-account=Qgz7Bw0AAACbNlyCOGuJYkNgKNxpCdRU Xref: news.f.de.plusline.net comp.databases.oracle.server:191672 On Jan 4, 10:19 am, "What's in a namespace" wrote: > schreef in berichtnews:1167902993.972194.63540@v= 33g2000cwv.googlegroups.com... > > > > > > > > > On Jan 4, 8:23 am, "What's in a namespace" wrote: > >> schreef in > >> berichtnews:1167832603.851662.227880@v33g2000cwv.googlegroups.com... > > >> >I have an application (written using apex) that is an sso partner app. > >> > I want to be able to embed the application within a portlet (probabl= y a > >> > dynamic page portlet generating an iframe) in my portal. When a user > >> > access the portal page that contains the iframe they are initially > >> > forced to reauthenticate within the iframe. > > >> > The problem lies in the sso session. I think when you access an > >> > application through an iframe it treats everything in the iframe as = if > >> > it were in a separate browser session. This means that when you try= to > >> > access the application in the iframe it still redirects you to the s= so > >> > server even though you are already authenticated via portal. > > >> > So this is the problem, has anyone got any ideas on what the solution > >> > might be?Danny, just to check: > >> 1) does your applciation work with SSO when not called from Portal? So= if > >> you type the app. link in your browser, log in, retype the link, do you > >> have > >> to login again then? > >> 2) If yes, if you create an URL item in Portal with this link, click i= t, > >> login, logout, click it again, does it work? > > >> Shakespeare > > > My application has a couple of public pages that the user can navigate > > to before logging in (It is a shopping cart application). Once they > > have made there choices from the catalogue (public - page 2) they > > navigate to the shopping cart page (requires login - page 3). The > > system then prompts for login and shows the sso login page. They log > > in and then can see the shopping cart. > > > I did this once and it worked fine if I then copied the link (page 3 - > > including session) it worked without logging in again. If i copied the > > link (page 3 - withou t session ) then it tried to redirect me to the > > sso login page and then failed with a page 404 not found error. > > > The access log entry from apache looks like this > > > 192.168.197.1 - PUBLIC [04/Jan/2007:01:15:14 -0800] "GET > > /pls/orasso/orasso.wwsso_app_Admin.ls_login?site2pstoretoken=3Dv1.2%7E9= BC43B2=AD3%7E1D54FD1AAE1CC89BE87ED353FA937CB568FD93E06BF40633F8AF5849FE79F2= C9B661BEB=AD03425F1535BF858B928DCE9B208EFD647EB84F61349BB6AECCDE074FC3D3643= 5913B2A8107F=ADBC553739BC697C0AE43614DDE31493025917A2C46D306FD0DA4362532B48= 82942A7C004EEDA=AD9A1F7EFD8D0F30E6D56AE43449404D20F2E3F2F5EB08A9F7B9EFA39B3= ACB8E5A7D8B2F41E92=ADFCCF00068E2E34A98E68EF999D1585B29179F0EE7FE1E118BD5B55= F7859FBD5D40546D1C65A=AD207523B1D1CC617B7F0DB3C50C80EEA062FF31EF18B9559629C= 6D0752358134F54FA1F421A9=ADF1DB343D48266869046B8F6F6205DD70EEFFC49C9AF6C81A= 998032410D77B6D14C91F37CE90=ADFF9C6611EA3E2F8F63C172B > > HTTP/1.1" 404 377 > > > The error log entry looks like this > > > [Thu Jan 4 01:15:14 2007] [error] [client 192.168.197.1] [ecid: > > 1167902113:192.168.197.100:2057:0:15,0] mod_plsql: > > /pls/orasso/orasso.wwsso_app_Admin.ls_login HTTP-404 ORA-06502: PL/SQL: > > numeric or value error\nORA-06512: at "ORASSO.WWSSO_LS_PRIVATE", line > > 870\nORA-06512: at "ORASSO.WWSSO_VPD_PRIVATE", line 41\nORA-06512: at > > "ORASSO.WPG_SESSION", line 66\nORA-06512: at line 22\n > > > All this was done on apex stand alone without portal. > > > Thanks for looking at this for me. > > > DannyDanny, > > I get a bit confused here (but it's still morning). The problem you descr= ibe > now doesn't seem to have anything to do with iframes, am I correct? For y= our > not using Portal now... > > I presume your logs are from the infrastructure server (where OID resides= ), > correct? > By the way: what version and edition (express, standard, enterprise) DB is > your APEX on? I know SSO has problems with APEX on Oracle Express Edition. > > Apparently, your redirect is working, but is redirecting to a page that is > not found because of an error in buidling the page in plsql. > For what I can see, your site2pstoretoken is longer than in my logfiles. > > Did you change anything in your SSO-configuration on the SSO-server betwe= en > success and failure? > > Shakespeare- Hide quoted text -- Show quoted text - Hi Shakepeare Sorry for the confusion. I had corrupted my apex logout url. I have put that right and the app now works fine stand alone as you describe above (i.e. login, copy/paste url etc). I have then bounced the server and connected to portal and attempted to access the app through the iframe. The public pages worked fine but as soon as I clicked on a page requiring authentication it didnt even redirect to the sso login page it just gave a 'The page cannot be found' error. The access and error log entries are access log 192.168.197.1 - PUBLIC [04/Jan/2007:02:48:07 -0800] "GET /pls/orasso/orasso.wwsso_app_Admin.ls_login?site2pstoretoken=3Dv1.2%7E9BC43= B23%7E0F334AC4B696604A9EF79B10AB204E534960904A5F99B4F4CD0556967A3A790913D89= C7031320174524C60435A40016B5213FA08D49F567E0BC839E1B0C077A6AAF1FBE8F328F33B= 5267402FBBE98B1BCA49F21BD7E8E40F35E9CD20C0B319420B83DF032220F46289F80A965B8= 63361C42471CED83352F8DD1A984EA0252259E8F7B9F8E093F6C9770244B2EC368A997BE768= 21F42380AEAC7F3B0D553AB150B2074DB24B70453E88098C7F8E36302EE077923D67003BEEB= 35D26D81EAB5E2F9D5BA68D244D74BB345121391A31763316638F6CEE79519F258AD88F553C= 76B5ADEC64AB18F9AD04D6B3E97B41F5ACD61F9F2D70467AAC17E5121574048D9BDAC02600F= 54424A938C739F71398ED5228 HTTP/1.1" 404 377 error log [Thu Jan 4 02:48:07 2007] [error] [client 192.168.197.1] [ecid: 1167907687:192.168.197.100:3929:0:14,0] mod_plsql: /pls/orasso/orasso.wwsso_app_Admin.ls_login HTTP-404 ORA-06502: PL/SQL: numeric or value error\nORA-06512: at "ORASSO.WWSSO_LS_PRIVATE", line 870\nORA-06512: at "ORASSO.WWSSO_VPD_PRIVATE", line 41\nORA-06512: at "ORASSO.WPG_SESSION", line 66\nORA-06512: at line 22\n Logs are indeed from the infrastructure server. Apex version is 2.2 Portal 10.1.4 Database 10g R1 Enterprise No I have not touched the SSO configuration. Thanks, Danny