Thursday, January 7, 2010

Oracle SSO provisioning for APEX

This section deals with provisioning Oracle SSO for APEX application.
1. Register APEX as partner application in Oracle Application server.
Note some of the details as shown below.
ID: 80F63272
Token: 51J0903680F63272
Encryption Key: EBBD933BC541FAFF
Login URL: http://directory_server_hostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: http://directory_server_hostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
Name : APEX
Home URL : http://apex_hostname:8080/apex
Success URL : http://apex_hostname:8080/apex/wwv_flow_custom_auth_sso.process_success
Logout URL :http://apex_hostname:8080/apex
This Application Name APEX will be used in 5th step while associating SSO application name in the Authentication scheme.
2. Next step is to install SDK package and configuration.
Extract the sdk902.zip file present in middle tier to the local machine.
Login as FLOWS_xxxx user and execute @loadsdk.sql.
Then logout and login again, and execute @regapp.sql by inputting some parameters of Partner application.
Enter value for listener_token: HTML_DB:sbpdb.idc.oracle.com:8080
Enter value for site_id: 80F63272
Enter value for site_token: 51J0903680F63272
Enter value for login_url: http://directory_server_hostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Enter value for encryption_key: EBBD933BC541FAFF
Enter value for ip_check: N
It is important that listener_token should be in the format HTML_DB:hostname_where_apex_installed:port_no_apex_listens.
When the registration is successful, then the result will be as shown below:
Registration successful.
Listener token: HTML_DB:sbpdb.idc.oracle.com:8080
Site id : 80F63272
Site token : 51J0903680F63272
Encryption key: EBBD933BC541FAFF
Login URL : http://directory_server_hostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Logout URL : http://directory_server_hostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
IP check : N
3. Third step is to execute custom_auth_sso_902.sql and custom_auth_sso_902.plb as FLOWS_xxxx user.
4. Grant execute permissions as shown below:
grant execute on wwv_flow_custom_auth_sso to APEX_PUBLIC_USER;
5. Login to APEX console, and create Authentication scheme with name CUSTOM SSO and map the SSO Partner application as APEX (as in the first step).

Congrats, you have finished SSO configurations for APEX.
Now login to apex application (for eg, http://apex_hostname:8080/apex/f?p=104:2) and check SSO login page will be displayed.

2 comments:

  1. hi Mahendra,

    I have used Weblogic Server instead of OAS as the midlle-tier.

    Can you please let me know how to configure SSO.

    Thanks in advance,
    Rakesh

    ReplyDelete
  2. Hi Rakesh,

    I recently found a document for direct APEX integration with OAM without OSSO. Please check this.

    http://www.google.co.in/url?sa=t&source=web&cd=2&ved=0CB8QFjAB&url=http%3A%2F%2Fapex.oracle.com%2Fpls%2Fapex%2Fwwv_flow_file_mgr.get_file%3Fp_security_group_id%3D586597513792283195%26p_fname%3DOracle%2520Access%2520Manager%2520Integration%2520with%2520Oracle%2520Application%2520Express.doc%26p_inline%3DNO&rct=j&q=APEX%20OAM%20integration&ei=RwwaTcXpI8yGrAeTtIjDCw&usg=AFQjCNH3809fV3xQuaDDdx-aXUHHsX9b8Q&sig2=SxJsoJnaA4y6U8lg4p7CwA&cad=rja

    ReplyDelete