print Printer View e-mail E-mail this page Bookmark Bookmark

Single Sign-On in Oracle9iAS using digital certificates

Table Of Contents

Overview of the Sample Application 
Back To Top

Oracle9iAS Single Sign-On is a component of Oracle9i Application Server (Oracle9iAS) that enables users to log in to all features of the Oracle9iAS product, as well as to other Web applications by signing in only once. This sample application demonstrates the use of digital certificates for signing in to the Web application secured under SSO server. 

SSO server uses an encrypted login cookie to identify the users who have been authenticated. It uses an encrypted SSL channel to pass the login cookie to the client Web browser which will be used by the applications to authenticate the user without asking him to sign in again. 

To use the Single Sign-On, the application has to be registered as either a partner application or as an external application with the SSO server. This sample demonstrates creation of external applications. External applications use their own authentication logic and SSO server is used only to provide the mapping for SSO server usernames and existing application usernames. 

The sample consists of a Web application which require the user to login. The applications is a office store where user can order items. The application is deployed as an external application to the SSO server. When the user accesses the application for the first time, he will have to provide the application specific username and password to log into it. The user can instruct the SSO server to remember the credentials so that on subsequent accesses he will not have to login. The SSO server will login on behalf of user using the remembered (stored) credentials. 

Two users are provided for the application. The differ in the way they authenticate with the SSO server :: 

  1. One user logs in with an SSO username and password.
  2. Second user uses digital certificate to authenticate with the SSO server. The user's personal certificate is installed in the browser. This certificate is matched against the certificate stored in the Oracle Internet Directory(OID) for the user and a successful match allows him to access the application. 

Required Software 
Back To Top
  1. Oracle9i Application Server version 2 Infrastructure Install.
  2. Oracle9i Application Server version 2 Middle tier with portal installed.
  3. JDK 1.3
  4. Internet Explorer 6.0

User Notes with Screen Shots
Back To Top

The following use case diagram depicts the functionality of the sample.  

                          Fig 1
Following are some sample screens demonstrating the User Interface part of this application. 
  • The main screen of the application which displays the login page to the user is as shown in Fig 2:


    •                             Fig 2
  • When the user successfully logs into the application, a list of products is displayed from which he or she can choose to buy. The screen looks as shown in Fig 3.


    •                                               Fig 3

Installation and Configuration
Back To Top

Refer Install.html in the sample jar file for installing and configuring the sample to use digital certificates.
 

Running the Sample 
Back To Top

  1. From the browser in which you have client certificate installed, start the Portal application by entering following URL in address bar : 
    2. https://hostname:SSLport/pls/portal

    Substitute the hostname and SSLport for your middle tier installation of Oracle9iAS. This will bring up the Portal home page. Click on the Login link at top right. If all the configuration was done correctly, you will not be prompted for Single Sign-On username and password. The certificate installed in your browser will be used for authentication and you will be shown the home page for the user. Otherwise you will be redirected to Single Sign-On page. 

  2. Click on "My Content" tab. This shows the Favorite portlet added previously. Click on "OTN Web Store" link. 


    3. This brings up the login page for external application OTN Web Store. Enter username as "C103" and password and "welcome". Check "Remember My Login Information For This Application" checkbox. The application will use its own authentication logic to log you in and on successful login you can do further operations in the application.

    For all the subsequent visits to OTN Web Store application, SSO server will take care of logging you in as "C103" user and you will not have to login again. 

Troubleshooting 
Back To Top

If selecting the "Login" link results in a prompt for a username and password, then the client certificate authentication is not properly configured. The file debug.sql is provided with the sample to identify what is going wrong. 

Perform the following steps. 

  1. Log into the Oracle9iAS infrastructure database as orasso user through SQL *Plus. Refer section "Configuring OID" to get the password for orasso schema.

  2. Execute the debug.sql file provided in <Extract_dir>/SSOCertificateSample/config/debug.sql as follows : 

    3. SQL>@<Extract_dir>/SSOCertificateSample/config/debug.sql

  3. Perform the steps mentioned in "Running the Sample" section.

  4. Run following query on SQL prompt as orasso user : 
    5. SELECT msg from wwsso_log$ ORDER BY id;

  5. Run the following query to delete the debug records : 

    6. DELETE wwsso_log$;
COMMIT;

  6. To stop debug data from being stored in database, run the <Extract_dir>/SSOCertificateSample/config/debugoff.sql as follows : 

    7. SQL>@<Extract_dir>/SSOCertificateSample/config/debugoff.sql

Description of Sample Files 
Back To Top
Directory Filename Description
SSOCertificateSample\docs  Readme.html  This file
Install.html This file explains steps to install and configure the sample. 
UsingDAS.html This file tells how to use DAS for creating users in OID 
DeployApp.html This file explains steps to deploy Web application to Oracle9iAS. 
GettingCertificate.html This file gives instructions to get and install client and server certificates.
ConfigExtApp.html This file tells how to configure an application as external application to Oracle9iAS
SSOCertificateSample/OTNStore  setup.sql  This file creates the table in database required by OTNStore application.
 Login.jsp  This JSP file prompts the user to log in.
 ShowProducts.jsp  This JSP file displays the list of products to buy from.
ConfirmOrder.jsp This JSP file handles all the error of application.
SSOCertificateSample/OTNStore/oracle /otnsamples /sso/security/SecuredSSO ConnectionParams.java This class defines the parameters to connect to database.
AuthenticationManager.java This class includes the code to authenticate the user.
PersistenceManager.java This class includes the code to persist data to the database. 
SSOCertificateSample/OTNStore/Web-inf/ web.xml This file is used to define the web application deployment parameters and is included in the WAR file. 
SSOCertificateSample/config usercert.sql This file defines the procedure to give client certificate in Base64 format.
ssodnmap.pkb This sql file modifies the mapping module to match client certificate email address with SSO username.
debug.sql This file defines the PLSQL procedure to debug the SSO for certificate configuration.
debugoff.sql This SQL file removes the PLSQL procedure used for debugging.
loadcert.ldif This is sample LDIF file to load client certificate data into OID.

In addition, directory images contains all the images used by HTML files 

Revision history :August 26, 2002 

Please enter your comments about this sample in the OTN Sample code discussion forum.
 
E-mail this page
Printer View Printer View
Oracle Is The Information Company About Oracle | Oracle RSS Feeds | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Privacy