Oracle Consulting Oracle Training Oracle Support Development
Home
Catalog
Oracle Books
SQL Server Books
IT Books
Job Interview Books
eBooks
Rampant Horse Books
911 Series
Pedagogue Books

Oracle Software
image
Write for Rampant
Publish with Rampant
Rampant News
Rampant Authors
Rampant Staff
 Phone
 800-766-1884
Oracle News
Oracle Forum
Oracle Tips
Articles by our Authors
Press Releases
SQL Server Books
image
image

Oracle 11g Books

Oracle tuning

Oracle training

Oracle support

Remote Oracle

STATSPACK Viewer

Privacy Policy

 

  
 

Single Sign On (SSO) Server Configuration for Oracle 10gAS Application Server

Article by Rampant Author Ben Prusinski

What is the best way to configure and manage Oracle 10gAS Single Sign On (SSO) with Portal? Compared to the complex nature of OID and SSL, Single Sign On is fairly straight forward and simple to configure and administer. This article will provide a summary of how SSO works within 10gAS and Portal and then some exercises to configure, administer and monitor its operations with Oracle 10gAS (10.1.2.0.2) on Linux platform.

How Does Single Sign On Work?

Single Sign On (SSO) is part of the Oracle 10gAS identity management (IdM) technology that is stored within the Oracle 10g Application Server database repository called the Infrastructure. The way it works is based on the concept of web browser cookies which are authenticated by the Oracle 10gAS server and reciprocated to partner and external applications on the end user web browser. Partner applications are internal web based applications such as Oracle 10g Portal, Forms and Reports within the Oracle 10gAS application server environment. In other words, users accessing applications within Oracle Application Server must be authenticated by the Oracle 10gAS Single Sign On Server. External applications are third party external web based applications that can be included in the 10gAS environment in terms of authentication via single sign on. Single Sign On (SSO) is based on the mod_osso module of the OHS (Oracle HTTP Server ie: Apache 1.3.x) within the Oracle 10gAS application server. Getting back to the difference between partner applications and external applications in terms of how SSO behaves is that external applications retain their usernames and passwords without delegating responsibility for authentication to the SSO server.

mod_osso and SSO

The mod_osso module is contained within the OHS (Oracle HTTP Server) and transmits simple header values to Oracle 10g Application Server applications as part of user validation and authentication procedures. These header values include the following:
-username
-userid GUID
- language information
- user DN (distinguished name) used with OID (Oracle Internet Directory)

The SSO server issues a challenge to the application and once the user and application have been authenticated, the redirect occurs back to the user browser which sets the SSO cookie in the user's browser with the authorization token. Now that we have given the summary on SSO concepts, lets examine how to setup, configure and administer a basic SSO environment with Oracle 10gAS (10.1.2.0.2) and Portal on Linux (OEL 5.3) platform.

Configure Single Sign On Server (SSO)

Single Sign On server (SSO) is composed of the OHS module mod_osso which provides a database access descriptor (DAD) that is stored as metadata configuration information in the Oracle 10gAS infrastructure database. SSO interfaces with OC4J (Oracle Container for Java) and OHS (Oracle HTTP Server or Oracle's implementation of Apache 1.3) to provide the mechanism for single user and password access to Portal and other Oracle 10g Application Server applications.

Single Sign On Concepts

Single Sign On (SSO) Server provides the mechanism for users to logon to Oracle Portal and Oracle Application Server applications by using a single username and password which is stored in the user's browser via a SSO cookie that has been authenticated against the SSO server. The components of Single Sign On (SSO) for Oracle 10gAS are the mod_osso module based in the OHS (Oracle HTTP Server) which is Oracle's version of the popular Apache 1.3 web server as well as metadata in the Oracle 10gAS infrastructure database.

How to Configure Single Sign On Server (SSO) for Oracle 10g Application Server

Our examples will user Oracle 10gAS (10.1.2.0.2) release on Linux (OEL 5.3) platform.

Single Sign On Server provides many customization options for both partner and external applications. Partner applications are authenticated directly from within Oracle 10gAS while external applications have their own username and password authentication which are registered to the SSO server. Portal is a partner application for example.

Next, lets examine how to configure SSO Server settings for Oracle 10gAS. This allows us to change settings for Single Sign On session duration as well as an additional session
policy setting that requires us to verify IP addresses for requests made to the SSO server.

For managing applications with Single Sign On (SSO) Server, we can access the link to Partner and External Applications.For example, if we wish to modify configuration for exiting Portal applications, we can select the edit Partner application.

We have a plethora of configuration options for our Portal based applications for Oracle 10g Application Server with SSO.We can configure our URL settings as well as login timeframe details as well as application administrator account information. Now let's examine how to add and manage external applications with Single Sign On Server (SSO) for Oracle 10gAS.

Of particular interest to us is the login URL, username and password field name as well as the next subheading for Authentication Method for SSO with the external application. We have a few options here: POST, GET or BASIC AUTHENTICATION. Let's offer a brief explanation of these three methods below.

-POST allows data to be posted to the Single Sign On (SSO) server and submits login credentials within the body of the application form.

- GET presents the page request to the server and submits the login credentials in the application part of the URL

- BASIC AUTHENTICATION submits the login credentials within the application's
URL protected by HTTP basic authentication.

How to Access SSO Server from Oracle Portal

During installation for a midtier application server instance with Portal, Oracle automatically adds Portal as one of the new partner applications for SSO. We can access SSO server from Portal.  Of note is to choose the second main section that shows Edit SSO Server Administration.

Single Sign On is simple to configure and administer. It is easier to manage and setup than the far more complex items within Oracle Identity Manage such as OID and SSL which require far more steps. To monitor SSO server components from the operating system, we can use the OPMN (Oracle Process Monitor and Notification) facility. The command to obtain a status check for all of the Oracle 10gAS components is to run opmnctl status as shown in the following example.

Here we want to make sure that OC4J_SECURITY, OID, OC4J_Portal, and OID are in Alive status or SSO Server will not function correctly. We will provide future discussions on Oracle Fusion Middleware topics for Troubleshooting Oracle 10gAS, Webcache, Performance tuning and additional topics on Identity Management as well as coverage of the newest member of the Oracle Application Server family: Weblogic.

 

 
   

 Copyright © 1996 -2017 by Burleson. All rights reserved.


Oracle® is the registered trademark of Oracle Corporation. SQL Server® is the registered trademark of Microsoft Corporation. 
Many of the designations used by computer vendors to distinguish their products are claimed as Trademarks