This is Ahmed

Title

SSO enable an Oracle Application Server 10g midtier with an Oracle SSO 10g server

Date

2007-04-04

Summary

This note describes how to SSO enable a web application deployed to a standalone Oracle Application Server 10g 10.1.2.0.2 J2EE & Web Cache installation on Windows to authenticate against an Oracle SSO Infrastructure 10g 10.1.2.0.2.

Prerequisites

Make sure both servers (midtier and SSO server) can see each other (i.e., add appropriate entries to local host files or configure DNS).

Shutdown all midtier services.

Make sure that the infrastructure (metadata repository, SSO, OID) is up and running.

Details

1.	Retrieve the password of the ORASSO_PA user from OID (single line command): $ORACLE_HOME/bin/ldapsearch -h ssoserver -p 389 -D "cn=orcladmin" -w "pwd" -b "cn=IAS Infrastructure Databases,cn=IAS,cn=Products,cn=OracleContext" -s sub "orclResourceName=orasso_pa" orclpasswordattribute
2.	Register the partner application from the target OHS server. a. Create a script with the following on the midtier server (make it all one long line) (minus the comments): %ORACLE_HOME%\jdk\bin\java -jar %ORACLE_HOME%\sso\lib\ossoreg.jar -oracle_home_path C:/oracle/product/OracleAS_1 <-- of midtier -host oradev1.sawft.com <-- of infra -port 1521 -sid orclmr -site_name WebApp10 -success_url http://midtier.thisisahmed.com:7778/osso_login_success -logout_url http://midtier.thisisahmed.com:7778/osso_logout_success -cancel_url failure_url -home_url http://midtier.thisisahmed.com:7778/webapp10 <-- web app context -admin_id someemailaddress@thisisahmed.com -admin_info Webapp10_Admin -pass Wo6YGAB4 <-- ORASSO_PA -virtualhost <-- required -config_file C:/oracle/product/OracleAS_1/Apache/Apache/conf/osso.conf -config_mod_osso TRUE -mod_osso_url http://midtier.thisisahmed.com:7778 -u root -sso_server_version v1.2 -verbose TRUE b. Open a command prompt window on the midtier server: set ORACLE_HOME=C:\oracle\product\OracleAS_1 set PATH=%ORACLE_HOME%\bin;%ORACLE_HOME%\opmn\bin;%PATH% set LD_LIBRARY_PATH=%ORACLE_HOME%\lib;%LD_LIBRARY_PATH% c. Run the script created in Step (a): register_sso_app.bat d. Confirm that application is successfully registered and use one of the following two methods to retrieve required values for next steps: On the metadata repository, run the following query: SELECT urlcookie_version sso_server_version, encryption_key cipher_key, site_id, site_token FROM orasso.wwsso_papp_configuration_inf_t WHERE UPPER(site_name) = 'WEBAPP10' Navigate to http://oradev1.sawft.com:7777/pls/orasso: - Log in as orcladmin - Click on SSO Administration - Click on Administer Partner Applications - Edit WebApp10
3.	On the midtier, using the values retrieved from Step (2d), create the file C:\oracle\product\OracleAS_1\Apache\Apache\conf\osso\osso.conf.clr.txt: sso_server_version=v1.2 cipher_key=787099BA8074F068 site_id=32F9712A site_token=122983PB37F94J5A login_url=http://oradev1.sawft.com:7777/pls/orasso/orasso.wwsso_app_admin.ls_login logout_url=http://oradev1.sawft.com:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout cancel_url=http://midtier.sawft.com:7778/webapp10
4.	Obfuscate the osso.conf file and delete the cleartext file: cd C:\oracle\product\OracleAS_1\Apache\Apache\conf\osso ../../bin/apobfuscate.exe osso.conf.clr.txt osso.conf del osso.conf.clr.txt
5.	Edit C:\oracle\product\OracleAS_1\Apache\Apache\conf\mod_osso.conf and protect the app: <Location /webapp10/priv> require valid-user AuthType Basic </Location>
6.	Restart the midtier: opmnctl startall

Applicable Versions

Oracle Application Server 10g (10.1.2.0.2)

Ahmed Aboulnaga

.com