Thursday, October 19, 2006

Oracle SSO and BEA Aqualogic (Plumtree)

Sorry about the delay folks, I was off the last week planning my December wedding. Below you will find exactly how to integrate Oracle SSO into the portal. Some of you may ask what the big deal is, but if you ever dealt with Oracle's SSO, then you will know that it is unlike anything else. I can't wait for them to start using Oblix. First let me describe how this sso works. There are two ways to put something under sso in Oracle. The first is easy, and done through a proxy. There is a mod_osso module installed on the sso box. If you add the proxy for your application, you can then pull the user information out of the header. Check this link out: Oracle sso. Now that is a horrible way to do it. You are always bound to the sso box as a proxy.

Here is the second way: the request hits your app, your app tries to lookup the user information using Oracles SSOSDK. If the user information is not found, your app should then redirect the user to a special url given by the SSOSDK. This is the oracle login page, where the user enters their info. Then they user is rediricted to your app again, where you look up the user info. If the user info is found you log them in. This is absolutely horrible for sso, but after a few weeks I finally figured it out. So please see what I did below. This works for 5-6x

Updated Code:

SSOLoginPage. You have to change the code in this page to alter the call to the sso vendor specific page. Locate the line: SSOLoginInfo info = SSOIntegrator.GetLoginInfo(request); You must change it to: SSOLoginInfo info = SSOIntegrator.GetLoginInfo(request, response); This sends the response object so that you can redirect the user from the sso vendor specific code.

ISSOIntegration. override GetLoginInfo function by adding the IXPResponse parameter.

New code:

OracleSSOVendor. This is the new code that you must write for integration with any SSO vendor. You are going to need to add the following to the GetLoginInfo function. This is after you add the response object to the declaration of course.

OraclePlumtreeSSOEnabler wSSO = new
OraclePlumtreeSSOEnabler(getListenerToken(request), m_pappCookieName, "SSO");

lUserName = wSSO.getUserInfo(request);

if (lUserName == null){
lUserName = wSSo.getSSOUserInfo(request);
if (lUserName == null){
//user has not logged in
response.sendRedirect(wSSO.getSSORedirect(p_requestUrl, p_request));
}
else{
//user has a session, but not in a cookie. add it to a cookie
wSSO.setPartnerAppCookie(p_request, p_response);
}
}


return lUserName;

Now the above only gets you half way. You still need the OraclePlumtreeSSOEnable class. If anyone wants it let me know (andrew.morris@bdg-online.com) I will be glad to send it to you. It is just very confusing to put on a blog. Once you put this in, you are up and running with oracle SSO in no time. I did leave out some information in the set up and all, but I am assuming the user can get a straight forward sso config to work, but just having trouble with oracle. Let me know what you would like me to talk about next. I have done just about everything under the sun, and thinking of where to start is hard. See you next week.

Andrew Morris

posted by Andrew Morris @ 2:59 PM   1 comments

1 Comments:

At 4:19 AM, Blogger durga.john said...

Hi Andrew,I've tried installing plumtree for .NEt and MSSQL.I ran all scripts which need to in the MSSQL 2000,but still it is showing database connection error.
Any advise regarding this installation.

 

Post a Comment

<< Home