| How-To Document
Configure an Application Express Application as a Partner Application in Oracle AS Single Sign-On
Last Updated: 14-March-2008
After completing this How-To, you should understand:
Table of Contents
For a given Oracle Application Express site, you can create as many different applications in as many different workspaces as you need to
The SSO Methodology and steps listed in this How To are only supported if the SSO SDK specified below is used.Software Requirements
a. As shown in the Using the PL/SQL and Java APIs section of the Oracle Application Server 10g R1 Single Sign-On Application Developer's Guide, locate the single sign-on software developer kit at $ORACLE_OAS_HOME/sso/lib/ssosdk902.zip and unzip it into a local directory. (Please note that it is not necessary to install the full Oracle Application Server 10gR1 to acquire the ssosdk902.zip file. During the installation process an option to install only the "10as Developer Kits" is provided.) b. Load the SSO SDK objects into the FLOWS_xxxxxx schema as shown in step Aii of the ReadMe.txt document provided in ssosdk902.zip, and then log out of sqlplus. c. Follow the directions provided in Step D also in the provided ReadMe.txt
Step 5 - (only necessary if SSO SDK was installed after installing Application Express)
a. Locate the custom_auth_sso source files for your Application Express installation. b. Connect as SYS and from the location of the files run: alter session set current_schema = flows_xxxxxx; @custom_auth_sso.sql @custom_auth_sso.plb grant execute on wwv_flow_custom_auth_sso to public;
With the approach just described you only have to install the SSO SDK once per Oracle Application Express instance, and you only need to register one application. No matter which application is accessed,
This alternative approach allows you to install the SSO SDK into Oracle Application Express workspace schemas controlled by workspace developers, so you don't have to allow access to the FLOWS_xxxxxx schema to developers who are trying to debug SSO authentication. It also gives developers more flexibility if they want to tweak the configuration without affecting other users/workspaces in the Oracle Application Express site, for example, if they want to test their SSO-authenticated applications with their own AS/SSO infrastructure. Note: This option will not work in Application Express versions prior to 1.5.1.
Multiple applications in a workspace can refer to the same registered partner application "record" in their authentication schemes. No matter which application is accessed, the SSO server will redirect back to registered 'success' procedure after login which will, in turn, redirect to the requested application/page.. At this time, applications must use the same protocol, host, port, and DAD as those used in the partner application's success url, as registered. After you get SSO working for one application, create an authentication scheme for the next application as a copy of the first (copy and subscribe works too). The partner application name is the key to the registration "record" in the SSO SDK schema.
Repeat the steps in this procedure for each application schema for which you want to register partner applications. Be sure to use a different partner name each time, while ensuring that the name used in each process_success procedure matches the name you entered in regapp.sql.
Discuss this how-to in the Oracle Application Express Discussion Forum.