Monday, June 6, 2005

SSO enable on Oracle Application Server 9i/10g midtier with an Oracle SSO 9i server

These instructions assume that you have a standalone Oracle Application Server midtier (J2EE & WebCache) and you want to register it as a partner application to Oracle SSO.

1. Register the partner application from the target OHS midtier. The commands below should be on one line (if they are too long, you may have to script it).

Set the appropriate environment variables (for the midtier application server, not the SSO server):
            export ORACLE_HOME=<oracle_home_on_app_server>
            Run the following command from the midtier server (for Oracle Application Server 9i):
        $ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoreg.jar
        -oracle_home_path <oracle_home_on_app_server>
        -host <host_of_sso_server>
        -port <port_of_sso_database>
        -sid <sid_of_sso_database>
        -site_name <site_name_no_spaces>
        -success_url https://<external_url>/osso_login_success
        -logout_url https://<external_url>/osso_logout_success
        -cancel_url failure_url
        -home_url https://<external_url>/<home_url>
        -admin_id <email_address>
        -admin_info <description_of_admin_no_spaces>
        -config_mod_osso TRUE
        -u root
        -sso_server_version v1.2
        -verbose TRUE

            Run the following command from the midtier server (for Oracle Application Server 10g):
        $ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoreg.jar
        -oracle_home_path $ORACLE_HOME
        -site_name <site_name_no_spaces>
        -config_mod_osso TRUE
        -mod_osso_url https://<external_url>
        -u ssoadmin
        -update_mode CREATE
        -admin_info <description_of_admin_no_spaces>
        -admin_id <email_address>
            The output may be similar to:
            SSO Registration Successful.

2. Retrieve the following information from the IASDB database where the SSO application resides.

Log in as database user ORASSO and execute the following SQL statement (there is another note that describes how to retrieve the ORASSO password):
        SELECT p.urlcookie_version sso_server_version,
               p.encryption_key cipher_key,
               p.site_id site_id,
               p.site_token site_token
        FROM   orasso.wwsso_papp_configuration_inf_t p
        WHERE  UPPER(site_name) LIKE '%';
            This information is required for the next step.
3. Use the values from the step above to populate $ORACLE_HOME/Apache/Apache/conf/osso/osso.cnf.clr.src accordingly:
Get the values of login_url, logout_url, cancel_url from osso.cnf.clr.reg from the corresponding midtier.
4. Run the following commands to obfuscate osso.cnf.clr.src for security:
            cd $ORACLE_HOME/Apache/Apache/conf/osso
        $ORACLE_HOME/Apache/Apache/bin/iasobf osso.cnf.clr.src osso.conf root
        rm -f $ORACLE_HOME/Apache/Apache/conf/osso/osso.cnf.clr.src
5. Add the following to mod_osso.conf to reference the newly obfuscated file:
        <IfModule mod_osso.c>
            OssoIpCheck off
            OssoIdleTimeout off
            OssoConfigFile <fully_qualified_path_to_oracle_home>/Apache/Apache/conf/osso/osso.conf
6. Optionally, you can update mod_osso.conf to protect certain location.
Inside the <IfModule mod_osso.c> tag, add something similar to the following (you can protect multiple locations):
        <LocationMatch /protectthispath>
            require valid-user
            AuthType Basic
Applicable Versions
Oracle Application Server 9i

Oracle Application Server 10g

No comments: