Oracle SSO and BEA Aqualogic (Plumtree)

Sorry about the delay folks, I was off the last week planning my December wedding. Below you will find exactly how to integrate Oracle SSO into the portal. Some of you may ask what the big deal is, but if you ever dealt with Oracle's SSO, then you will know that it is unlike anything else. I can't wait for them to start using Oblix. First let me describe how this sso works. There are two ways to put something under sso in Oracle. The first is easy, and done through a proxy. There is a mod_osso module installed on the sso box. If you add the proxy for your application, you can then pull the user information out of the header. Check this link out: Oracle sso. Now that is a horrible way to do it. You are always bound to the sso box as a proxy.

Here is the second way: the request hits your app, your app tries to lookup the user information using Oracles SSOSDK. If the user information is not found, your app should then redirect the user to a special url given by the SSOSDK. This is the oracle login page, where the user enters their info. Then they user is rediricted to your app again, where you look up the user info. If the user info is found you log them in. This is absolutely horrible for sso, but after a few weeks I finally figured it out. So please see what I did below. This works for 5-6x

Updated Code:

SSOLoginPage. You have to change the code in this page to alter the call to the sso vendor specific page. Locate the line: SSOLoginInfo info = SSOIntegrator.GetLoginInfo(request); You must change it to: SSOLoginInfo info = SSOIntegrator.GetLoginInfo(request, response); This sends the response object so that you can redirect the user from the sso vendor specific code.

ISSOIntegration. override GetLoginInfo function by adding the IXPResponse parameter.

New code:

OracleSSOVendor. This is the new code that you must write for integration with any SSO vendor. You are going to need to add the following to the GetLoginInfo function. This is after you add the response object to the declaration of course.

OraclePlumtreeSSOEnabler wSSO = new
OraclePlumtreeSSOEnabler(getListenerToken(request), m_pappCookieName, "SSO");

lUserName = wSSO.getUserInfo(request);

if (lUserName == null){
lUserName = wSSo.getSSOUserInfo(request);
if (lUserName == null){
//user has not logged in
response.sendRedirect(wSSO.getSSORedirect(p_requestUrl, p_request));
}
else{
//user has a session, but not in a cookie. add it to a cookie
wSSO.setPartnerAppCookie(p_request, p_response);
}
}


return lUserName;

Now the above only gets you half way. You still need the OraclePlumtreeSSOEnable class. If anyone wants it let me know (andrew.morris@bdg-online.com) I will be glad to send it to you. It is just very confusing to put on a blog. Once you put this in, you are up and running with oracle SSO in no time. I did leave out some information in the set up and all, but I am assuming the user can get a straight forward sso config to work, but just having trouble with oracle. Let me know what you would like me to talk about next. I have done just about everything under the sun, and thinking of where to start is hard. See you next week.

Andrew Morris

Who I am and what is this blog about

I have been working with Plumtree, err Aqua Logic User Inter-something, since 2001. I started off in the support department with Plumtree, and worked my way up in the industry. If you worked with Plumtree in the ’01-’03 range, you probably spoke to me on the phone or via email. So if you don’t remember me, that is ok. I have a very bland name that is easy to forget. I mean how bad is Andrew Morris (andrew.morris@bdg-online.com)… Currently I am running the west coast operations for bdg. My job entails gaining clients and getting gigs for my team in the West. I got the idea for this blog from a couple of things; 1) Chris Bucchere, would not stop bugging me about writing my own blog (if you know Chris, you know how he can be.), 2) there are really no blogs out there which have what I feel a Plumtree blog should have.

First I am totally open to questions or suggestions so feel free to post them. Unlike Chris’s blog, look at the links section; I am not going to chat specifically about bdg or Plumtree. I will try and keep my focus on Plumtree, but I may talk about Oracle Portal, or many other things. I think of myself as a .Net guy, but I have been doing Java for the last 2 years. And ohhh does it kill me. You will probably see some rants on this, or even on Plumtree. I want to blog about what everyone who ever used, developed, or sold Plumtree thought, but never had the guts to write it down.

Now don’t get me wrong. Plumtree is a great product. In fact the best I have ever worked with, but that does not mean it has its flaws. However, the one thing Plumtree has is the ability to allow people such as myself to fix these flaws. I mean, come on. How many of you have deployed customizations to just fix bugs? Over the course of my blog entries I will go over talk about what I do for a living. That is designing, implementing things for Plumtree. I could talk about the code I am writing or Plumtree bugs or any number of other applications. So let me know what you think about this, or any suggestions you may have. Stay tuned for the next post, as I will probably rant about the whole SSO Login procedures with Plumtree and Oracle. The rant will include why the Oracle SSO was used, and finally how to do it.