Monday, April 20, 2009

Oracle Single Sign-On and apex.oracle.com

Application Express on apex.oracle.com is now registered as a Partner Application for Oracle Single Sign-On. This means that you can now create demonstration and sample applications, hosted on apex.oracle.com, and have the users authenticate via the Oracle Single Sign-On Login Server.

Who is registered on Oracle.com? Well, if you have ever asked or answered a question on the wildly popular Oracle Application Express discussion forum on OTN, then you already have an account.

To enable SSO authentication to Oracle.com in your application on apex.oracle.com, simply follow these steps:

  1. Shared Components -> Authentication Schemes
  2. Click Create button
  3. Choose “Based on a pre-configured scheme from the gallery” and click Next
  4. Choose “Oracle Application Server Single Sign-On (Application Express Engine as Partner App)” and click Next
  5. Give it a name like SSO and click Create Scheme
  6. In the subsequent report of authentication schemes, click the “make current” link for your newly created SSO one
  7. Click the Make Current button on the confirmation page
  8. Go get a beer (or coffee or tea) to celebrate
It's that simple.

To see this in action, here's a very brief sample application with a public and non-public page, using SSO authentication.

Important note:  As of August 2012, SSO is no longer available on apex.oracle.com.

16 comments:

  1. When clicking on the sample link I get the "redirecting to login page" message, but then I get a HTTP 500 error page.

    ReplyDelete
  2. Joel,
    I am having the same issue the prior poster has.. We are getting the following error when running your sample:

    500 Internal Server Error..

    Thank you,

    Tony Miller
    Webster, TX

    ReplyDelete
  3. Thanks for your feedback. Are you saying that you're not even getting to the application on apex.oracle.com? Or are you saying that once you run the application (on the public page) and you click on the link to go to the SSO authenticated page, that it results in HTTP-500?

    Joel

    ReplyDelete
  4. If you click on the "Click Here" link, which points to
    https://apex.oracle.com/pls/otn/f?p=63701:2
    , the server is giving the 500 Internal Server Error.
    Here is the final URL:
    https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?site2pstoretoken=v1.2~7CF76FEC~13F692306B43E028064CC6CF41230C438BB101C7F1DE312926A7BBED2B1B7953E9E020F2C6D27D8A5A6209664A51CD67E13D0D34C1BC2307CBF22D63A52B583040079701DE984F54DC24B75E71CE67CCF9953070189F1A0127A4E7DFB286A56073954387CBF39C42581D5804B2AFDBA9DE6D4A08BF89884ABA5209D6AB1AFADFA57363D9E23B1E1ECC37B58D438C877E5D68CDDC733B7CD7D0C45F3B108B2E4649999B82B88776EB8FEF6B924573DBC6A507543A5C5B7E03CC3032EF76C85CCE95E0689ECA5DE2ABE621A9A3D0830FBAE0E1F9FDE10276BA375F83B3B6FDAF6E2D89C1A0251BEBA524C7D6027E97E05BF62DDE58ACE792E7

    ReplyDelete
  5. When clicking on the link in the application, that is supposed to re-direct to the sso secured page, that is when the is occurring..

    Thank you,

    Tony Miller
    Webster, TX

    ReplyDelete
  6. Thanks Tony and Rama (and Francis). I'm looking at the issue now. Everyone within Oracle hasn't had an issue.

    ReplyDelete
  7. Sorry for the hassle. I contacted the necessary group within Oracle to have apex.oracle.com registered on the external Login Server (before yesterday, I never knew there was such a thing). I guess I pulled the trigger on this post a little too early.

    I have now tested this both from within Oracle and externally to Oracle. All appears to function well.

    Thanks for the feedback.

    ReplyDelete
  8. Hi,

    How do I register my APEX site as a Partner application with the SSO server?

    Does anyone know who or which group should I contact?

    I'm trying to set this up but whenever I test the LDAP with the LDAP test tool with the following configuration:

    LDAP Host: ldap.oracle.com
    Port:389
    USE SSL: No SSL
    Use exact DN: yes
    DN String: cn=%LDAP_USER%,l=amer,dc=oracle,dc=com

    But then, when clicking on the TEST button providing my SSO email and pass, a red message appears above stating that "Authentication Failed !"

    What am I missing or doing wrong ?

    Thank you very much.

    Daniel Villegas.

    PS: I'm within Oracle's network.

    ReplyDelete
  9. @Daniel,

    Registering your APEX instance with SSO has nothing to do with calling out to an LDAP server.

    Joel

    ReplyDelete
  10. Hi,

    I'm to use SSO to login to my APEX app. I used this guide but now when I run the application i get the following error:

    ORA-06550: line 1, column 7: PLS-00201: identifier 'WWV_FLOW_CUSTOM_AUTH_SSO.PORTAL_SSO_REDIRECT' must be declared ORA-06550: line 1, column 7: PL/SQL: Statement ignored
    Error Error executing wwv_flow_custom_auth_sso.portal_sso_redirect.

    ReplyDelete
  11. Hi Stephen,

    Ensure you don't specify any for "Partner Application Name".

    This flow has changed a little bit for Application Express 4.1 and later. It's now:

    1) Shared Components -> Authentication Schemes
    2) Click Create button
    3) Choose “Based on a pre-configured scheme from the gallery” and click Next
    4) Enter a name, like "SSO"
    5) For Scheme Type, choose “Oracle Application Server Single Sign-On” and click Next. No need to specifying anything for "Partner Application Name".
    6) This newly created authentication scheme will automatically become your current authentication scheme for your application. Go get a beer (or coffee or tea) to celebrate.

    Joel

    ReplyDelete
  12. Hi Joel,

    I followed your steps, but I still hit error:

    Error processing SSO authentication.

    ORA-06550: line 1, column 7: PLS-00201: identifier 'WWV_FLOW_CUSTOM_AUTH_SSO.PORTAL_SSO_REDIRECT' must be declared ORA-06550: line 1, column 7: PL/SQL: Statement ignored

    I am using Apex4.2

    Thanks for your help.
    Maggie

    ReplyDelete
  13. Hi Maggie,

    Is this on your instance or apex.oracle.com? If on apex.oracle.com, public availability of SSO is no longer available (a policy decision, not a software defect).

    Joel

    ReplyDelete
  14. Hi,

    When I am trying to run the application after performing all the steps to enable SSO, I am getting below error

    Error processing SSO authentication.ORA-06550: line 2, column 1: PLS-00201: identifier 'WWSEC_SSO_ENABLER_PRIVATE' must be declared ORA-06550: line 1, column 45: PL/SQL: Statement ignored

    ReplyDelete
  15. Rajeev,

    Do you have the SSO SDK installed and configured on your instance? It doesn't sound like it.

    Joel

    ReplyDelete