Single Sign-On in Oracle9iAS using mod_osso

Table Of Contents

• Overview of the sample application
• Required Software
• User Notes with Screen Shots
• Installation and Configuration
• Description of Sample files

Oracle9iAS Single Sign-On is a component of Oracle9i Application Server (Oracle9iAS) that enables users to log in to all features of the Oracle9iAS product, as well as to other Web applications, using a single user name and password. This sample application demonstrates securing Web application using Oracle9iAS SSO and allowing users to access multiple secured Web applications by logging in only once.

SSO server uses an encrypted login cookie to identify the users who have been authenticated. It uses an encrypted SSL channel to pass the login cookie to the client Web browser which will be used by the applications to authenticate the user without asking him to sign in again.

To use the Single Sign-On, the application has to be registered as either a partner application or as an external application with the SSO server. This sample demonstrates creation of partner applications. Partner applications work within the SSO framework and delegate the authentication to the SSO server.

This sample uses mod_osso to register the applications with SSO server. mod_osso is a plug-in to the HTTP server which enables the HTTP server to be a partner application of the SSO server.

The sample consists of two separate Web applications which require the user to login before proceeding further. The applications are as follows :

1. Employee Information System : This application allows a user to see his information and update some of the information like email, phone number and address.
2. Meeting Scheduler System : This application allows the user to view meetings scheduled by him and schedule new meeting.

The user will have to sign in only once to access both the applications. User information is stored in Oracle Internet Directory that acts as SSO repository. The sample also demonstrates the use of Delegated Administrative Service (DAS) utility to create users in OID.

1. Oracle9i Application Server version 2 (Infrastructure Install).
2. JDK 1.3

The sample contains two applications, the Employee information system and the Scheduler system . When the user tries to access any of these application for the first time, he will be presented with an SSO login screen. The user can access the applications as show below :

• Employee Information System :

On successful login the user will be shown his information as shown in Fig. 1. The user information is retrieved from OID and displayed through a Java Server Page.



                                  Fig 1

The user can edit some of the information like address, phone number and email. The edit screen will be as shown in Fig 2:



                               Fig 2

• Scheduler System :

The scheduler system also requires user to log in. If the user has already signed in, he will be allowed toaccess the application without signing in again. The scheduler system, at start up, shows all the meetings scheduled by the employee as shown in Fig 3.



                            Fig 3

The user can schedule a new meeting by clicking 'New Schedule' button. This brings up the screen as shown in Fig 4:



                             Fig 4

This sample is provided as jar file named SSOSample.jar. The steps to install the sample are as follows:

• Creating users in OID using DAS

  The file UsingDAS.html in sample jar file gives detailed instructions to create users for the application in OID.

• Preparing the Sample
  
  
  1. Extract the sample using following command :

     jar xvf SSOSample.jar

     This will create a directory called SSOSample. This directory contains jar files (EmployeeInfo.jar and Scheduler.jar) for two applications of sample. Extract them using similar command in SSOSample directory. This will create directories named EmpInfo and Scheduler.
  
  
  
  2. Creating war file for Employee Information application.

  Go to EmpInfo\src\oracle\otnsamples\sso directory. Edit the ConnectionParams.java file to change the host name on which OID is installed and the port number.

  Compile the java files with -d option as follows :

  javac -d . *.java

  This will create the class files with package structure as oracle/otnsamples/sso. Copy the whole oracle directory to EmpInfo\Web-inf\classes directory. Now you are ready to create the war file.

  Execute the following command from EmpInfo directory from the command prompt:

  jar -cvfM EmployeeInfo.war WEB-INF *.jsp

  3. Creating war file for Scheduler application

  Go to Scheduler\src\oracle\otnsamples\sso directory. Make sure to have classes12.jar in classpath. Compile the Java files with -d option as follows :

  javac -d . *.java

  This will create the class files with package structure as oracle\otnsamples\sso. Copy the whole oracle directory to Scheduler\Web-inf\classes directory. Now you are ready to create the war file.

  Execute the following command from Scheduler directory from the command prompt:

  jar -cvfM Scheduler.war WEB-INF *.jsp *.gif *.txt

• Preparing the database

  1. Connect to the database you will use for the application as scott/tiger user from SQL *Plus.
  2. The install.sql file is provided in SSOSample directory. From the SQL prompt, execute the following command to create the database table required by Scheduler application.

     @<Extract_dir>\SSOSample\install.sql

     <Extract_dir> is path of the directory where you have extracted the sample.

     Now you are ready to deploy the two applications to Oracle9iAS.

• Deploying the applications to Oracle9iAS

  The steps to deploy the application war files to Oracle9iAS are as follows:

  1. From your favourite browser, go to the Enterprise Manager at following address :

  http:/<hostname>:1810

  This will prompt you for username and password to log in. Provide the administrator credentials to log in.

  Successful login will bring up the front page of Enterprise Manager which shows the running instance of Oracle9iAS. Click on the instance name to go to next page.

  This displays all the system components in Oracle9iAS and their status (running or not) as shown in Fig 5. Click on OC4J_home component.

  

                                             Fig 5

  This displays all the applications running under OC4J as shown in Fig 6. Click on "Deploy War" button to deploy sample applications to OC4J.

  

                                       Fig 6

  This brings up the screen shown in Fig 7.
  

                                             Fig 7

  Supply the path of EmployeeInfo.war file as created in step 1.

  Application Name : EmployeeInfo

  Map to URL : /empinfo

  Click the Deploy button. This will deploy the EmployeeInfo application to OC4J.

  Follow similar steps to deploy the scheduler application to OC4J. Specify the path of Scheduler.war file this time and give :

  Application Name : Scheduler

  Map to URL : /scheduler

• Creating the DataSource

  The Scheduler application uses DataSource to connect to database. Create the datasource as explained in following steps :

  1. Go to OC4J home page as show in Fig 6 above. Click on the DataSources link under "Application Defaults" in Administration section.

  This shows all the existing datasources. Click on the button named "Create Data Source". This shows Create DataSource page as shown in Fig 8 :

  

                                          Fig 8

  Enter the information as below:

   
  Name              : jdbc/OracleDS
  Description       : Datasource for scheduler application
  DataSource Class  : oracle.jdbc.pool.OracleDataSource
  Schema            : Scott
  Username          : Scott
  Password          : tiger
  JDBC URL          : jdbc:oracle:thin:@host_name:port:sid
  JDBC Driver       : oracle.jdbc.driver.OracleDriver
  Location          : jdbc/OracleCoreDSXA
  Location          : jdbc/xa/OracleXADS
  
  EJB Location      : jdbc/OracleDS
  

  Note : In JDBC URL specify the specify the host name, port and sid of your database.

  Click the Create button. This will create the datasource. Allow the instance to restart to use this datasource.

• Configuring Applications with mod_osso

  The configuration steps are as follows :

  1. In Enterprise Manager, go to the page shown in Fig 5 above. Click on the HTTP Server component link. This will bring up the page showing Virtual Hosts, Performance and Administration section.

  Under Administration section, click on "Advanced Server Properties" link. This will show all the server configuration files as in Fig 9:

  

                               Fig 9 

  Click on mod_osso.conf file. This displays the contents of file in text editor. Add the following in <IfModule> tag.

  <IfModule>
  
  ..
  ..
  <Location /empinfo>
     require valid-user
     AuthType Basic
  </Location>
  
  <Location /scheduler>
    require valid-user
    AuthType Basic
  </Location>
  </IfModule>

  Click Apply. This will save the configuration changes and ask you for a restart. Allow the HTTP server to restart to let the new changes take effect.

  Alternatively, mod_osso.conf file can be opened in a text editor to do the above modification. The mod_osso.conf file is located at IAS_HOME/Apache/Apache/conf directory. Restart the server after these changes.

  where IAS_HOME is the directory where Oracle9iAS is installed.

Now you are ready to run the sample applications.

1. From your favourite browser run the EmployeeInfo application by entering following URL in address bar:

   http://host_name:7777/empInfo/EmployeeInfo.jsp

   This will bring up the Single Sign-On page. Enter username as userA and password as userA1. This will show the information of employee having username as userA. You can edit the information if required.



2. Open a new browser window and enter following URL in address bar:

   http://host_name:7777/scheduler/ViewSchedule.jsp

   This will invoke the Scheduler application and take you to the first page of application without asking for username and password. You can view existing meeting schedules and create new ones here.

Directory	Filename	Description
SSOSample\docs	Readme.html	This file
	UsingDAS.html	This file tells how to use DAS for creating users in OID
SSOSample	EmployeeInfo.jar	Jar file for EmployeeInfo application.
	Scheduler.jar	Jar file for Scheduler application.
	install.sql	This file creates the table in database required by Scheduler application.
EmpInfo\	EmployeeInfo.jsp	This JSP file displays the information of employee.
	UpdateInfo.jsp	This JSP file allows updation of employee information.
	Logout.jsp	This JSP file logs out the user from single sign-on.
	Error.jsp	This JSP file handles all the error of application.
EmpInfo\src\oracle\otnsamples\sso\	EmployeeBean.java	This class handles all database functions of the application.
	ConnectionParams.java	This class file defines the parameters to connect to OID.
EmpInfo\Web-inf\	web.xml	This file is used to define the web application deployment parameters and is included in the WAR file.
Scheduler	NewSchedule.jsp	This JSP file creates a new meeting schedule.
	ViewSchedule.jsp	This JSP file displays all the existing meeting schedules of the employee.
	Logout.jsp	This JSP file logs out the user from single sign-on.
	Error.jsp	This JSP file handles all the error of application.
	Calendar.txt	This file contains javascript for popup calendar
Scheduler\src\oracle\otnsamples\sso\	SchedulerBean.java	This class files handles the code to persist data in OID.
Scheduler\Web-inf\	web.xml	This file is used to define the web application deployment parameters and is included in the WAR file.

In addition, SSOSample directory contains images directory which contains all the images used by Readme.html and UsingDAS.html

Revision history:August 26, 2002

Please enter your comments about this sample in the OTN Sample code discussion forum.