Summary
These instructions assume that you have a standalone Oracle
Application Server midtier (J2EE & WebCache) and you want to register it as
a partner application to Oracle SSO.
Details
1. Register the partner application from the target OHS
midtier. The commands below should be on one line (if they are too long, you
may have to script it).
Set the appropriate environment
variables (for the midtier application server, not the SSO server):
export
ORACLE_HOME=<oracle_home_on_app_server>
export
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib
Run the
following command from the midtier server (for Oracle Application Server 9i):
$ORACLE_HOME/jdk/bin/java
-jar $ORACLE_HOME/sso/lib/ossoreg.jar
-oracle_home_path
<oracle_home_on_app_server>
-host
<host_of_sso_server>
-port
<port_of_sso_database>
-sid
<sid_of_sso_database>
-site_name
<site_name_no_spaces>
-success_url
https://<external_url>/osso_login_success
-logout_url
https://<external_url>/osso_logout_success
-cancel_url
failure_url
-home_url
https://<external_url>/<home_url>
-admin_id
<email_address>
-admin_info
<description_of_admin_no_spaces>
-config_mod_osso
TRUE
-u root
-sso_server_version
v1.2
-verbose TRUE
Run the
following command from the midtier server (for Oracle Application Server 10g):
$ORACLE_HOME/jdk/bin/java
-jar $ORACLE_HOME/sso/lib/ossoreg.jar
-oracle_home_path
$ORACLE_HOME
-site_name
<site_name_no_spaces>
-config_mod_osso
TRUE
-mod_osso_url
https://<external_url>
-u ssoadmin
-update_mode CREATE
-admin_info
<description_of_admin_no_spaces>
-admin_id
<email_address>
The
output may be similar to:
SSO
Registration Successful.
2. Retrieve the following information from the IASDB
database where the SSO application resides.
Log in as database user ORASSO and
execute the following SQL statement (there is another note that describes how
to retrieve the ORASSO password):
SELECT
p.urlcookie_version sso_server_version,
p.encryption_key cipher_key,
p.site_id site_id,
p.site_token site_token
FROM orasso.wwsso_papp_configuration_inf_t p
WHERE UPPER(site_name) LIKE '%';
This
information is required for the next step.
3. Use the values from the step above to populate $ORACLE_HOME/Apache/Apache/conf/osso/osso.cnf.clr.src
accordingly:
sso_server_version=v1.2
cipher_key=
site_id=
site_token=
login_url=https://<sso_hostname>/pls/orasso/orasso.wwsso_app_admin.ls_login
logout_url=https://<sso_hostname>/pls/orasso/orasso.wwsso_app_admin.ls_logout
cancel_url=https://<external_url>/<cancel_url>
sso_timeout_cookie_name=SSO_TIMEOUT_ID
sso_timeout_cookie_key=
Get the values of login_url,
logout_url,
cancel_url
from osso.cnf.clr.reg
from the corresponding midtier.
4. Run the following commands to obfuscate osso.cnf.clr.src
for security:
cd
$ORACLE_HOME/Apache/Apache/conf/osso
$ORACLE_HOME/Apache/Apache/bin/iasobf
osso.cnf.clr.src osso.conf root
rm -f
$ORACLE_HOME/Apache/Apache/conf/osso/osso.cnf.clr.src
5. Add the following to mod_osso.conf to reference
the newly obfuscated file:
<IfModule
mod_osso.c>
OssoIpCheck off
OssoIdleTimeout off
OssoConfigFile
<fully_qualified_path_to_oracle_home>/Apache/Apache/conf/osso/osso.conf
<IfModule>
6. Optionally, you can update mod_osso.conf to protect
certain location.
Inside the <IfModule mod_osso.c>
tag, add something similar to the following (you can protect multiple
locations):
<LocationMatch
/protectthispath>
require valid-user
AuthType Basic
</LocationMatch>
Applicable Versions
Oracle Application Server 9i
Oracle Application Server 10g
No comments:
Post a Comment