14 Replies Latest reply on Apr 27, 2010 1:15 PM by User576121-Oracle

    Oracle SSO Integration with WebLogic Server

    Ahmadin-Oracle
      We already have applications deployed on Oracle Application Server (OAS) and secured by Oracle SSO (OSSO) server. The OSSO uses Oracle Internet Directory (OID) to get user identity information.

      I have an ADF 11g application that I deployed on WebLogic Server(WLS). I would like to secure the application with OSSO. Has anybody done this? I am thinking several options:

      1. Install Oracle Http Server (OHS) as proxy server for WLS and make the application as partner application of OSSO. The challenge here is to integration OHS with WLS where we need to disable mod_oc4j and install WLS plugin into OHS.
      2. Direct integration between OSSO and WLS. This is I am not sure how to do it.

      Please share with me how we can do the above.

      Thanks.
        • 1. Re: Oracle SSO Integration with WebLogic Server
          605835
          Hi Ahmadin,


          I'm facing the same problem as you and I have tried the option 1 as you mentioned.

          I installed Oracle Http Server standalone and WLS plugin for Apache and then register the OHS with Oracle SSO server. After do that, I still can not get the REMOTE_USER from the http header but get the PROXY_REMOTE_USER instead.

          Have you solve the problem or do you have any other solution?

          Thanks.
          • 2. Re: Oracle SSO Integration with WebLogic Server
            bkummel
            Hi Ahmadin, Bozhou,

            Is there any news on this topic? I'd think there should be some blog post explaining how to implement WebLogic with OSSO out there right now, but Google did not find anything userful...

            Best regards,
            Bart Kummel
            • 3. Re: Oracle SSO Integration with WebLogic Server
              user161771 - oracle
              I don't think this integration (WebLogic and OSSO) has been productized yet. See this roadmap deck from OOW, specifically slide 10, that shows future planned integration in the 11g timeframe, but that it's not committed yet. There may be options to do integration via API's, but I'm not aware of how that would be done as I don't know how OSSO works.
              http://www.slideshare.net/guest1cd368/oracle-open-world-2008-app-server-roadmap-presentation
              • 4. Re: Oracle SSO Integration with WebLogic Server
                712226
                Hi

                Please let us know how the SSO integration issue with WebLogic Server has been resolved.

                Regards
                KSK.
                • 5. Re: Oracle SSO Integration with WebLogic Server
                  eladner
                  Bump... Any news?
                  • 6. Re: Oracle SSO Integration with WebLogic Server
                    Chris Johnson-Oracle
                    In the Oracle Fusion Middleware Security Guide there's a section which discusses OSSO with WebLogic Server
                    http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/osso.htm#CHDDGEJG

                    In that documentation it discusses installing an OHS server in front of WLS, adding the mod_wl module to connect OHS to WLS and then installing an Oracle SSO (OSSO) Identity Asserter for Weblogic Server to convey the identity to WLS.

                    Hope this helps,
                    Chris
                    • 7. Re: Oracle SSO Integration with WebLogic Server
                      727467
                      Hi,

                      We configured mod_wl and mod_osso plug to protect ADF application with Oracle Signle Signon 10.1.2 server. This is working fine with us as per the authentication part is concerned.

                      Steps for protecting ADF application using Oracle SSO

                      1. Install Oracle HTTP Server 2.0/11g
                      2. Configure mod_wl plugin for redirecting the requests to weblogic server from the HttpServer. Then specify the url to be redirected. This confguration is part httpd.conf file
                      3. Generate osso file using ssoreg command on sso server
                      4. Configure mod_osso plugin to protect the specified urls using osso

                      Please refer the Oracle fusion middleware Security guide (section 10.3) for more information about this topic.


                      **Can some one help us in mapping the application roles with the OID server roles.** We would like to leverage ADF security features for setting read/update permissions on entity objects. This requires mapping the application roles with OID roles.

                      Thanks and Regards,

                      S R Prasad
                      • 8. Re: Oracle SSO Integration with WebLogic Server
                        725570
                        hii all
                        can any one Integrated OID with WebLogic Server? Please let me know...any helpfull docs or links

                        Thanks
                        Vish

                        Edited by: SoftUser on Nov 26, 2009 11:09 PM
                        • 9. Re: Oracle SSO Integration with WebLogic Server
                          727467
                          Hi,

                          We finished the last step also. Now we are relying on OID for both authentication and autherization. Please let me know if you have any specific doubts about the configuration.

                          You can follow chapter 10 and section 3 for configurating the sso with OID. If you are just relying on only authentication with OID and not SSO then you need not configure Oracle HTTP Server. You need to configure just OID authenticator.

                          http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/osso.htm#CHDDGEJG


                          Thanks,

                          S R Prasad

                          Edited by: Prasad Challagundla on Dec 3, 2009 12:05 PM
                          • 10. Re: Oracle SSO Integration with WebLogic Server
                            Mac_chu
                            Hi All,

                            I try to integration WebCenter 11.1.1.2 and ERP R12.
                            Im setting OSSO with Weblogic Server now, but i cant find 'OSSOIdentityAsserter' in Weblogic Admin Console - Security Provider.
                            Reference: http://download.oracle.com/docs/cd/E15523_01/core.1111/e10043/osso.htm#CHDDGEJG

                            Anyone try it before??

                            Regards,
                            Mac
                            • 11. Re: Oracle SSO Integration with WebLogic Server
                              gencon
                              Hi all,

                              Where is OSSOIdentityAsserter gone in 10.3.2 ???

                              Anyone who know how to get the OSSO Identity Asserter for Weblogic 10.3.2 ? Is there a patch or something ?

                              Regards.
                              Jean-Marc
                              • 12. Re: Oracle SSO Integration with WebLogic Server
                                gencon
                                Ok got it.
                                It's a bug filed in Support.oracle.com under ID 974951.1.

                                Resolution :

                                1. Stop WLS Admin server.
                                2. Backup setDomainEnv.sh file.
                                3. Edit setDomainEnv.sh, find all occurances of $ORACLE_HOME setting for weblogic.alternateTypesDirectory and replace them with $COMMON_COMPONENTS_HOME
                                4. Start WLS Admin server.
                                5. Re-execute steps under section 23.7.2.3...verify that Provider of Type "OSSOIdentityAsserter" is now a part of the drop down list.

                                Regards,
                                Jean-Marc
                                • 13. Re: Oracle SSO Integration with WebLogic Server
                                  731902
                                  Can you please share information how you
                                  Steps for protecting ADF application using Oracle SSO

                                  --> Configure mod_wl plugin for redirecting the requests to weblogic server from the HttpServer. Then specify the url to be redirected. This confguration is part httpd.conf file
                                  --> Generate osso file using ssoreg command on sso server
                                  -->Configure mod_osso plugin to protect the specified urls using osso

                                  I already have OAS 10g Rel2 OID,SSO & Portal.
                                  Now want to configure BPM deployed on WLS for SSO authentication with link in Portal.
                                  • 14. Re: Oracle SSO Integration with WebLogic Server
                                    User576121-Oracle
                                    Hi,

                                    I couldn't find any lines with $ORACLE_HOME in the file setDomainEnv.sh. We are using this for a J2EE based application with WLS (10.3.2) as midtier. I think the steps mentioned here are specific to Webcenter.
                                    Any clues?

                                    Regards,
                                    SK