In the previous post, we went through the structure of the integration and the procedure of installing oracle web tier. Now we are going to review the configuration of SSO Integration with J2EE application.
PREQUISITES:
I assume you have deployed your J2EE applicaiton onto webLogic server and it could be reached by the link:
(Suppose your J2EE application is deployed on to Admin Server, by default the port number is 7001.)
http://<host_name>:7001/<Your_J2EEAPP_Name>
Note: Port number would be vary if you deploy J2EE application on to managed server. For more information about this, you should check the following posts:
Deploy application to Managed Server on 11g WebLogic Server (Part 1)
Deploy application to Managed Server on 11g WebLogic Server (Part 2)
SOLUTION:
The following solution is basically a summary from oracle document: (If you would like a more detailed explanation of what and why)
http://docs.oracle.com/cd/E25054_01/core.1111/e10043/osso_d_10g.htm
For how to install oracle web tier, check previous post:
SSO Integration with J2EE application deployed on 11g WebLogic Server(Part 1)
STEPS:
J2EE Application Code Change
The idea is to enable the fuctionality of enabling OID users login into your J2EE application directly.
Set up mod_osso
Find the mod_wl_ohs.conf. This file should reside under the following directory:
<Fusion_Middleware_Home>/Oracle_WT1/instances/instance1/config/OHS/ohs1
The following code snippet comes from mod_wl_ohs.conf file.
Modify the line marked in red. Uncomment the line starting with “MatchExpression…” to below
Restart ohs1 after editing:
cd /Oracle_WT1/opmn/bin
opmnctl stopall
opmnctl startall
Registering Oracle HTTP Server mod_osso with OSSO Server 10.1.4
The mod_osso module is an Oracle HTTP Server module that provides authentication to OracleAS applications. This module resides on the Oracle HTTP Server that enables applications protected by OracleAS Single Sign-On to accept HTTP headers in lieu of a user name and password once the user has logged into the OracleAS Single Sign-On server. The values for these headers are stored in a mod_osso cookie. The mod_osso module enables single sign-on for Oracle HTTP Server by examining incoming requests and determining whether the requested resource is protected. If it is, then it retrieves the Oracle HTTP Server cookie. Under certain circumstances, you must register Oracle HTTP Server mod_osso using the 10.1.4 Oracle Identity Manager single sign-on registration tool .
To register mod_osso:
Go to the following 10.1.4 Oracle Identity Manager directory path: (This could be your OSSO server)
<ORACLE_HOME>/sso/bin/ssoreg
Run ssoreg with the following parameters and values for your environment:
./ssoreg.sh -oracle_home_path $ORACLE_HOME -config_mod_osso TRUE -site_name <host_name>:7777 -remote_midtier -config_file $ORACLE_HOME/osso.conf -mod_osso_url http://<host_name>:7777
(Note: the osso.conf would be generated under specified directory: $ORACLE_HOME/osso.conf)
Ftp osso.conf file from the directory above to the application server where web tier is installed.
Put osso.conf under directory: (Note: create directory osso if it does not exist)
<Fusion_Middleware_Home>/Oracle_WT1/instances/instance1/config/OHS/ohs1/osso
Copy mod_osso.conf from disabled directory to the moduleconf directory for editing.
From directory:
<Fusion_Middleware_Home>/Oracle_WT1/instances/instance1/config/OHS/ohs1/disabled/mod_osso.conf
To directory:
<Fusion_Middleware_Home>/Oracle_WT1/instances/instance1/config/OHS/ohs1/moduleconf
The orignial mod_osso.conf file should look like :
Modify the red line and add the corresponding code into this file. It should look like :
Note: Httpd.conf for Oracle http server 11g is not in need for further modification, for it has already included the following:
Restart ohs1 after editing:
cd /Oracle_WT1/opmn/bin
opmnctl stopall
opmnctl startall
To be Continued with:
SSO Integration with J2EE application deployed on 11g WebLogic Server(Part 3)
Insightful Life 