SSO - Trails and Tribulations

Hi,

Single Sign-On not working. Newby, never seen it work. Looking for config feedback and help.

I get JDE Menu Sign-in page error (after SSO redirect) with "invalid User ID or Password". The error in the JAS log is interesting "user nullSecurityToken", but is the problem JAS to JDE Enterprise, or OID login redirect to JAS, or both?

I have included most of the config, I am sure I am doing something wrong, just not sure what.

Attached: E1Menu screenshot.

ERROR in target JAS Log:
------------------------
22 Mar 2009 15:47:28,864 [SEVERE] - [JAS] User nullSecurityToken is not Validated.Security Server return error status: 1/Unknown User
------------------------

Current Environment:
-----------------------------
JDE Enterprise 8.12 / AS400
Tool Set 8.97
#
OID 10.1.4.3 on RHEL4.7 Standalone server
OAS - JAS/HTTP 10.1.3 on RHEL4.7
#
JDE Security Server enabled / AS400
-----------------------------

JDE SSO Config:
-----------------------------
JDE USer ID mapping is configured for test users
_LocalNode setup in Nodes, with timeout setting.
No Trusts
-----------------------------

TokenGen.ini :
---------------------------
NodeName=_GLOBALNODE
NodePwd=_GLOBALPWD
# 1=ENTERPRISE CLIENT
CLIENTTYPE=1
# 0=UNICODE, 1=UTF8
CODEPAGE=0
VERSION=700
TOOLSVERSION=8.10
SIGNATURETYPE=N
MNRD=0
---------------------------

Virtual Host: OAS_8084
---------------------------
# The following configuration was added by the JD Edwards
# Server Configuration Framework
Listen 8084
<VirtualHost *:8084>
Oc4jMount /jde oas20_8084
Oc4jMount /jde/* oas20_8084
OssoConfigFile /opt/oracle/jdeoas/Apache/Apache/conf/osso/8084_osso.conf
OssoIpCheck off
OssoIdleTimeout off
</VirtualHost>
---------------------------

mod_osso.conf
----------------------------
LoadModule osso_module libexec/mod_osso.so
<IfModule mod_osso.c>
# OssoConfigFile /opt/oracle/jdeoas/Apache/Apache/conf/osso/8084_osso.conf
OssoIpCheck off
OssoIdleTimeout off
</IfModule>
Note:http.conf has mod_osso.conf included, not commented out.
----------------------------


Jas.ini
---------------------------
[SECURITY]
NumServers=1
SecurityServer=DSCBLT
SecurityServer1=NONE
SecurityServer2=NONE
SecurityServer3=NONE
SecurityServer4=NONE
UseLogonCookie=false
CookieLifeTime=7
SSOEnabled=false
OracleAccessSSO=false
OracleSSO=true
StrictVersionSecurity=0
OracleAccessSignOffURL=
OracleSignOffURL=http://jdeoid21.mydomain.net/sso/pages/login.jsp
----------------------------

OID Registration:
-----------------------------
$ORACLE_HOME/sso/bin/ssoreg.sh
-oracle_home_path $ORACLE_HOME
-update_mode MODIFY
-config_mod_osso TRUE
-mod_osso_url http://jdeoas20.mydomain.net:8084/
-remote_midtier
-virtualhost
-site_name jde8084.mydomain.net
-config_file /home/oracle/oas20_8084_osso.conf
-home_url http://jdeoas20.mydomain.net:8084/jde
-success_url http://jdeoas20.mydomain.net:8084/jde
-logout_url http://jdeoas20.mydomain.net:8084/jde

note: config file was copied to JAS/HTTP and renamed 8084_osso.conf
-----------------------------

My apologies, this configuration does work. The test user I was using in OID and in SSO ID mapping was not setup by the CNC to have access to the sandbox environment.

Now I move on to making this work with the load balancer.

Ok, spoke too soon. I am able to login now. But when I sign out I get a page cannot be displayed. If I refresh the page is goes right back into the JDE application.

Only if I allow the session to time out, do I get redirected back to SSO to sing in again.

The OracleSignOffURL in JAS.ini does not seem to change anything. What effect does this setting have?

Has anyone seen this, what else should I try?

I'm experiencing the exact same issue. Everything works but the logoff. Have you found a workaround / fix?

HI,
I am also facing same kind of issue, where i am getting session timeout error and when i click ok it just refreshes and login back to the JDE screen automatically without asking the user id and password.

If you have found any workaround, please share..

Thanks in advance.
Hemant

I am getting the exact same thing. Login works and redirects but log out page does not redirect to sso logout and session drop, and then redirect to sign in page. Just sits on the standard JDE log out... http://e1web01.sierrawireless.local:90/jde/E1Menu.maf?jdeLoginAction=LOGOUT&RENDER_MAFLET=E1Menu

Wierd thing is, I have another instance, configured in the exact same way and it works! Drops the session and redirects to the SSO log in page. The Partner Application set ups are identical.

If you guys figured out the magic setting please let me know.

Steve

We have the same issue and have an SR open with Oracle support that is being looked into by Development for the last 2 months.

The workaround is to look at your web server in settings and turn compression OFF. You will then get the correct page in SSO.

It appears that the SSO server cannot interpret what is being sent to it when JDE runs with compression switched on.

Needless to say as we are deployed in 30+ different countries we have stalled this project until we get a fix.

You may want to look at our SSO solution...

Good news - Oracle development have produced a fix for the logout not going to where it should and just sending you back into JDE.

We have received a POC fix to the WebLogin_JAR.jar file for tools release 8.98.3.2.

For those of you with tickets open with Oracle support you need to reference POC for BUG 11690786 and SR 3-2303791191