Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.
Single sign-off is the reverse property whereby a single action of signing out terminates access to multiple software systems.
As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication.
This post will show how you enable oracle single sign on
Prerequisites :
- You have installed Oracle HTTP server 2.0 & Oracle Weblogic server 10.3 with application deployed.
You can download Oracle HTTP server 2.0 from Oracle 10g R3 Companion Disc
- Single Sign on Server & OID 10.1.2
Download and Configure MOD_Weblogic
- Download MOD_Weblogic from the below mention link using valid oracle account.
- extract the corresponding platform mod_wl_20_so. Copy it to
$ORACLE_HOME/ohs/modules
- Edit $ORACLE_HOME/ohs/conf/httpd.conf and add the following line under the last loadModule directive: LoadModule weblogic_module modules/mod_wl_20.so
- At the end of $ORACLE_HOME/ohs/conf/httpd.conf file add the following directives <ifModule mod_weblogic.c>
Weblogichost <Server_Name> e.g (localhost.oracle.com)
Weblogic Port 7001 (default)
this should match with HTTP server port where Weblogic server is running
<Location/sample>
SetHandler weblogic-handler
</Location>
- Stop and start the HTTP_Server to pick up the changes
Configure MOD_OSSO
- Manually register the application url with SSO
$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path
$ORACLE_HOME -site_name localhost.oracle.com -config_mod_osso
TRUE -mod_osso_url http://localhost.oracle.com:7010 -verdose TRUE (Plase the conf file in the target Apache/conf/osso/
- Add the below line in $ORACLE_HOME/ohs/conf/httpd.conf
LoadModule osso_module modules/mod_osso.so (Should be on TOP in DSO section).
- Edit $ORACLE_HOME/ohs/conf/mod_osso.conf and lines to look like
<IfModule mod_osso.c>
OssoldleTimeout off
OssolpCheck off
#OssoRedirectByForm off
#OssoRedirectByForm off
#OssoSecureCookies on
#OssoProtectedOnly on
#OssoSendCacheHeaders on
#OssoHttpFrontend on
#UseWebCachelp on
#OssoProtectedOnly on
#OssoSendCacheHeaders on
#OssoHttpFrontend on
#UseWebCachelp on
OssoConfigFile /oracle/ohs/conf/osso/osso.conf
<Location /ssotest>
Require valid-user
AuthType Basic
</Location>
<Location /private>
AuthType Basic
Require valid-user
</Location>
</IfModule>
<Location /sample>
Require valid-user
AuthType Basic
</Location>
- Stop and start the Weblogic HTTP_Server to pick up the changes.
Configure OSSO Identity Asserter.
Login Weblogic Server Control Console as weblogic user
- Add the following Providers to weblogic Domain for OSSO
OSSO Identity Asserter, DefaultAuthenticator & OID Autherticator
Adding OSSO Identity Asserter
- Click Security Realms, Default Realm Name, Providers
- Select New under the Authentication Provider table.
- Enter a name for the new provider,select its type, and then click OK. e.g:
Name:OSSO Identity Asserter
Type: OSSOIdentityAsserter
OK
In settings for OSSO Identity Assserter
- Click Default Authentication Provider.
- Set the control flag to OPTIONAL, and Save
- Adding OIDAuthenticator.
Click New, and enter a name and type:
Name: OID Authenticator
- Click the provider Specific tab & specify the following settings User Name Attribute: orcladmin (e.g)
Host : The Oracle Internet Directory hostname
Group Base DN: cn=Group,dc=cse,dc=oracel,dc=com
User Base DN: cn=users,dc=cse,dc=oracle,dc=com
Port: Oracle Internet Directory port
- Reorder Provider After Stop & Restart Weblogic Server
Establishing Trust between Oracle Weblogic Server and other entities
- Enter the syntax for the connection filter rules & Restart the weblogic server.
- Configuring the application for the OSSO identity asserter
- Locate the web.xml file the application EAR file.
- Locate the auth-method for hte appropriate realm and enter CLIENT-CERT. e.g
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>myRealm</realm-name>
</login-config>
- Save the file. redeploy & restart the application.
After this you can enjoy the SSO implementation using Weblogic.
No comments:
Post a Comment