Integrating ESOE with Oracle Single Sign-On

Please note: This documentation is written for integrating the Oracle SSO product, not ordinary applications running under OC4J.

IMPORTANT This document refers to an old version of the SPEP libraries, as the newer build has not been successfully tested with Oracle SSO.
The distribution files related to this document can be found at http://esoeproject.org/releases/0.4/java4/

Note: It is important that the SPEP war be deployed in the same container as Oracle SSO, as the SPEP filter relies on cross context communication to operate.

SPEP Setup

Download the SPEP archive

Download the spep.tar.gz and spepfilter.tar.gz files for your version of Java from the [Downloads] page, and extract to a temporary folder. This will create the files spep.config spep-endorsed.tar.gz spep-shared.tar.gz spep.war and the SPEP filter jar file for use during installation.

Preparing SPEP data directory

Make the following directories under $ORACLE_HOME
spep spep/lib spep/config spep/logging

Installing shared libraries

Extract the spep-shared.tar.gz archive from the distribution into $ORACLE_HOME/spep/lib

Installing endorsed libraries

Under $ORACLE_HOME/jdk/jre/lib ensure that a directory called endorsed exists. If not, create it. Then extract the spep-endorsed.tar.gz archive from the distribution into $ORACLE_HOME/jdk/jre/lib/endorsed

Performing SPEP configuration

Set up the SPEP according to the SPEP Registration section of Java SPEP Installation Guide. Copy your spep.config file to $ORACLE_HOME/spep/config/

Configuring OC4J

Adding the shared library directory

In the Oracle Enterprise Manager admin control webpage, select the container for 'Oracle SSO (OC4J_SECURITY)' and navigate to the Applications page.

Follow the link to the default application. Usually this is called "default". Down the bottom under Administration click the General link under the Properties header.

Add a new library path and point this at the SPEP library directory created in step 1. In a default installation this can be "../../../spep/lib"

Configuring Java VM arguments

Navigate to the Administration page for the OC4J_SECURITY container. Scroll down to the section labelled "Command Line Options" and add the following options (on the same line, seperated by spaces):

-Dspep.data=$ORACLE_HOME/spep
-Djavax.xml.validation.SchemaFactory:http://www.w3.org/2001/XMLSchema=org.apache.xerces.jaxp.validation.XMLSchemaFactory
-Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser
-Djavax.xml.transform.TransformerFactory=org.apache.xalan.processor.TransformerFactoryImpl

Note that you will need the absolute path to $ORACLE_HOME for the spep.data property, not the shell variable.

Deploying the SPEP webapp

Navigate back to the Applications page for the OC4J_SECURITY container. Click the "Deploy WAR file" link and proceed to deploy the spep.war file from the distribution.

Filtering the Oracle SSO URL

[oraas@oraashost ~]$ cd $ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/WEB-INF
[oraas@oraashost WEB-INF]$ cp /path/to/spepfilter.jar ./lib/
Edit web.xml in this directory and add the following:
<filter>
        <filter-name>spep-filter</filter-name>
        <filter-class>com.qut.middleware.spep.filter.SPEPFilter</filter-class>

        <init-param>
                <param-name>spep-context</param-name>
                <param-value>/spep</param-value>
        </init-param>
</filter>
<filter-mapping>
        <filter-name>spep-filter</filter-name>
        <url-pattern>/auth</url-pattern>
</filter-mapping>

Change to the directory $ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/META-INF

Edit context.xml there to add the attribute crossContext="true" to the Context element. If the META-INF directory or the context.xml file do not exist, create them, and give the context.xml file the following content:

<?xml version="1.0" encoding="UTF-8"?>
<Context path="/sso" crossContext="true">
  <WatchedResource>WEB-INF/web.xml</WatchedResource>
  <WatchedResource>META-INF/context.xml</WatchedResource>
</Context>

Installing the Oracle SSO plugin

Download the Oracle SSO Integrator tarball and extract it into $ORACLE_HOME/sso/plugin/

Edit the file $ORACLE_HOME/sso/plugin/com/qut/middleware/spep/integrators/oracle/spep.oraclesso.properties and ensure that the SPEP attributes name is set to the name that the SPEP filter gives to the attribute map in a session (by default this is "attributes"). Also, set the user identifier attribute value to the name of the attribute that you want to be passed to Oracle SSO.

Also available in: HTML TXT