Title
SSO enable on Oracle Application Server 9i/10g midtier with an Oracle SSO 9i server

Date
2005-06-06

Summary
These instructions assume that you have a standalone Oracle Application Server midtier (J2EE & WebCache) and you want to register it as a partner application to Oracle SSO.

Details
1. Register the partner application from the target OHS midtier. The commands below should be on one line (if they are too long, you may have to script it).

Set the appropriate environment variables (for the midtier application server, not the SSO server): 
export ORACLE_HOME=<oracle_home_on_app_server>
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib

Run the following command from the midtier server (for Oracle Application Server 9i): 
$ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoreg.jar
-oracle_home_path <oracle_home_on_app_server>
-host <host_of_sso_server>
-port <port_of_sso_database>
-sid <sid_of_sso_database>
-site_name <site_name_no_spaces>
-success_url https://<external_url>/osso_login_success
-logout_url https://<external_url>/osso_logout_success
-cancel_url failure_url
-home_url https://<external_url>/<home_url>
-admin_id <email_address>
-admin_info <description_of_admin_no_spaces>
-config_mod_osso TRUE
-u root
-sso_server_version v1.2
-verbose TRUE

Run the following command from the midtier server (for Oracle Application Server 10g): 
$ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoreg.jar
-oracle_home_path $ORACLE_HOME
-site_name <site_name_no_spaces>
-config_mod_osso TRUE
-mod_osso_url https://<external_url>
-u ssoadmin
-update_mode CREATE
-admin_info <description_of_admin_no_spaces>
-admin_id <email_address>

The output may be similar to: 
SSO Registration Successful.

2. Retrieve the following information from the IASDB database where the SSO application resides.

Log in as database user ORASSO and execute the following SQL statement (there is another note that describes how to retrieve the ORASSO password): 
SELECT p.urlcookie_version sso_server_version,
       p.encryption_key cipher_key,
       p.site_id site_id,
       p.site_token site_token
FROM   orasso.wwsso_papp_configuration_inf_t p
WHERE  UPPER(site_name) LIKE '%';

This information is required for the next step.

3. Use the values from the step above to populate $ORACLE_HOME/Apache/Apache/conf/osso/osso.cnf.clr.src accordingly: 
sso_server_version=v1.2
cipher_key=
site_id=
site_token=
login_url=https://<sso_hostname>/pls/orasso/orasso.wwsso_app_admin.ls_login
logout_url=https://<sso_hostname>/pls/orasso/orasso.wwsso_app_admin.ls_logout
cancel_url=https://<external_url>/<cancel_url>
sso_timeout_cookie_name=SSO_TIMEOUT_ID
sso_timeout_cookie_key=

Get the values of login_url, logout_url, cancel_url from osso.cnf.clr.reg from the corresponding midtier.

4. Run the following commands to obfuscate osso.cnf.clr.src for security: 
cd $ORACLE_HOME/Apache/Apache/conf/osso
$ORACLE_HOME/Apache/Apache/bin/iasobf osso.cnf.clr.src osso.conf root
rm -f $ORACLE_HOME/Apache/Apache/conf/osso/osso.cnf.clr.src

5. Add the following to mod_osso.conf to reference the newly obfuscated file: 
<IfModule mod_osso.c>
    OssoIpCheck off
    OssoIdleTimeout off
    OssoConfigFile <fully_qualified_path_to_oracle_home>/Apache/Apache/conf/osso/osso.conf
<IfModule>

6. Optionally, you can update mod_osso.conf to protect certain location.

Inside the <IfModule mod_osso.c> tag, add something similar to the following (you can protect multiple locations): 
<LocationMatch /protectthispath>
    require valid-user
    AuthType Basic
</LocationMatch>

Applicable Versions
Oracle Application Server 9i
Oracle Application Server 10g
Ahmed Aboulnaga
.com .com