Wednesday, 23 May 2007

Oracle IAS 10g 10.1.3.x Enabling and using SSO Authentication

Reading again from the manual, enabling Single-Sign-On for deployed applications on a new 10.1.3.x application server midtier is a three step process For this example my new instance uses the DNS name lachesis.shelman.int and the HTTP server listens at port 80, while my 10.1.2 infrastructure host is named eudoxia:
  1. Create the SSO configuration file on the host running infrastructure services in my case this is a 10.1.2 Oracle IAS infrastructure. 
    oracle@eudoxia:~/sso_reg> $ORACLE_HOME/sso/bin/ssoreg.sh 
           -oracle_home_path $ORACLE_HOME 
           -config_mod_osso TRUE 
           -site_name lachesis.shelman.int 
           -remote_midtier 
           -config_file lachesis_osso.conf 
           -mod_osso_url http://lachesis.shelman.int
CLASSPATH=/home/oracle/OraHome_1/jlib/repository.jar:/home/oracle/OraHome_1/sso/lib/ossoca.jar:/home/oracle/OraHome_1/sso/lib/ossoreg.jar:/home/oracle/OraHome_1/lib/xmlparserv2.jar:/home/oracle/OraHome_1/jdbc/lib/classes12.jar:/home/oracle/OraHome_1/jdbc/lib/nls_charset12.jar:/home/oracle/OraHome_1/jlib/jndi.jar:/home/oracle/OraHome_1/jlib/ojmisc.jar:/home/oracle/OraHome_1/j2ee/home/jazn.jar:/home/oracle/OraHome_1/j2ee/home/jaas.jar:/home/oracle/OraHome_1/jdk/lib/rt.jar:/home/oracle/OraHome_1/jdk/lib/i18n.jar:.:/home/oracle/OraHome_1/sysman/webapps/emd/WEB-INF/lib/emd.jar:/home/oracle/OraHome_1/dcm/lib/dcm.jar:/home/oracle/OraHome_1/sysman/j2ee/lib/portalSMI.jar:/home/oracle/OraHome_1/jlib/emConfigInstall.jar:/home/oracle/OraHome_1/lib/dms.jar:/home/oracle/OraHome_1/opmn/lib/ons.jar:/home/oracle/OraHome_1/j2ee/home/oc4j.jar
Parameters passed to SSO registration tool :
param0:-oracle_home_path param1:/home/oracle/OraHome_1 param2:-oracle_home_path param3:/home/oracle/OraHome_1 param4:-config_mod_osso param5:TRUE param6:-site_name param7:lachesis.shelman.int param8:-remote_midtier param9:-config_file param10:lachesis_osso.conf param11:-mod_oso_url param12:http://lachesis.shelman.int
-DinstallType=
-DoldOracleHome=
-DoldOHSUser=root
Wed May 23 15:07:20 EEST 2007  Invalid argument -mod_oso_url
Wed May 23 15:07:20 EEST 2007  Missing value for parameter: http://lachesis.shelman.int
oracle@eudoxia:~/sso_reg> $ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path $ORACLE_HOME -config_mod_osso TRUE -site_name lachesis.shelman.int -remote_midtier -config_file lachesis_osso.conf -mod_osso_url http://lachesis.shelman.int
CLASSPATH=/home/oracle/OraHome_1/jlib/repository.jar:/home/oracle/OraHome_1/sso/lib/ossoca.jar:/home/oracle/OraHome_1/sso/lib/ossoreg.jar:/home/oracle/OraHome_1/lib/xmlparserv2.jar:/home/oracle/OraHome_1/jdbc/lib/classes12.jar:/home/oracle/OraHome_1/jdbc/lib/nls_charset12.jar:/home/oracle/OraHome_1/jlib/jndi.jar:/home/oracle/OraHome_1/jlib/ojmisc.jar:/home/oracle/OraHome_1/j2ee/home/jazn.jar:/home/oracle/OraHome_1/j2ee/home/jaas.jar:/home/oracle/OraHome_1/jdk/lib/rt.jar:/home/oracle/OraHome_1/jdk/lib/i18n.jar:.:/home/oracle/OraHome_1/sysman/webapps/emd/WEB-INF/lib/emd.jar:/home/oracle/OraHome_1/dcm/lib/dcm.jar:/home/oracle/OraHome_1/sysman/j2ee/lib/portalSMI.jar:/home/oracle/OraHome_1/jlib/emConfigInstall.jar:/home/oracle/OraHome_1/lib/dms.jar:/home/oracle/OraHome_1/opmn/lib/ons.jar:/home/oracle/OraHome_1/j2ee/home/oc4j.jar
Parameters passed to SSO registration tool :
param0:-oracle_home_path param1:/home/oracle/OraHome_1 param2:-oracle_home_path param3:/home/oracle/OraHome_1 param4:-config_mod_osso param5:TRUE param6:-site_name param7:lachesis.shelman.int param8:-remote_midtier param9:-config_file param10:lachesis_osso.conf param11:-mod_osso_url param12:http://lachesis.shelman.int
-DinstallType=
-DoldOracleHome=
-DoldOHSUser=root
Check /home/oracle/OraHome_1/sso/log/ssoreg.log for details of this registration
SSO registration tool finished successfully.
oracle@eudoxia:~/sso_reg>
  2. Now we have the file named lachesis_osso.conf that we need to copy to the actual host running the 10.1.3.x instance.
    oracle@eudoxia:~/sso_reg> scp lachesis_osso.conf oracle@lachesis:/home/oracle
Password:
lachesis_osso.conf                                                         100%  417     0.4KB/s   00:00
oracle@eudoxia:~/sso_reg>
  3. Back in the middle tier host, we only need to run file osso1013 located in the $ORACLE_HOME/Apache/Apache/bin directory, passing it the new file as an argument. 
    racle@lachesis:~> $ORACLE_HOME/Apache/Apache/bin/osso1013 lachesis_osso.conf

/home/oracle/product/10.1.3.1/OracleAS_1/Apache/Apache/conf/httpd.conf successfully updated.
/home/oracle/product/10.1.3.1/OracleAS_1/Apache/Apache/conf/mod_osso.conf successfully updated.

oracle@lachesis:~>
Now when we want to SSO protect any deployed application we usually edit the file mod_sso.conf located in $ORACLE_HOME/Apache/Apache/conf. Let's suppose now that an already installed application uses a web content root like /MyApp. In this case users would invoke it via a URL like http://my_host:my_post/myApp.
Protecting this application with SSO requires that you enter the following in the mod_osso.file. 
<Location /MyApp>
    require valid-user
    AuthType Basic
</Location>
As always bouncing the instance is the last step.
Posted by at
Labels: ,

2 comments :

Michael A. Fons said...

Can you please tell me which document you got this out of? I am doing something pretty similar...I have a 10.1.3 iAS instance that I want to use SSO to maintain a SSO relationship with. But we are not as far along as you are yet. We do not have SSO implemented in the first place on the 10.1.2 portal/infra instances. so I need to implement SSO here and then also turn it on for the 10.1.3 instance. my email is michael_fons@yahoo.com

24 March 2009 at 00:44
Athanassios Bakalidis said...

Hi the info I am posting comes straight out of the Oracle Application Server 10g Release 10.1.3.1.0 Administrator's Guide.
Document number B28940-01, section 6.5, available from here.

I will send you an e-mail with my conduct details.

Athanassios

24 March 2009 at 12:19

Post a Comment

Subscribe to: Post Comments ( Atom )