Oracle9iAS Forms Services Deployment Guide Release 9.0.2 Part Number A92175-01 |
|
Oracle9iAS Forms Services applications can be run in a single sign-on (SSO) environment using Oracle Login Server (Single Sign-On Server) and Oracle Internet Directory (OID) to store user name and password information. SSO is designed to work in a portal environment such as that provided by Oracle9i Application Server, where multiple Web-based applications are accessible through the portal . Without SSO, each user must maintain a separate identity and password for each application they access. Maintaining multiple accounts and passwords for each user is insecure and expensive.
You can also use
This chapter contains the following sections:
A detailed description of SSO is available from the Oracle9i Application Server Security Guide (Chapter 6 - "Configuring Oracle9iAS Single Sign-On"). This section will explore the features which are relevant to Oracle9i Forms development.
To use single sign-on support:
<Location forms90/f90servlet> require valid-user authType Basic </Location>
The default Forms URL is "forms90/f90servlet".
... [customers] form=customers.fmx ... [orders] form=orders.fmx ...
If a different configuration parameter (for example, http://.../forms90/f90servlet?config=orders) is used, the DB credentials configured for this user with resource name "orders" will be used by the Forms Server to login to the DB.
The following is the authentication flow of SSO support in Forms the first time that the user requests a Forms Services URL:
Text description of the illustration chap05a.gif
The following is the authentication flow of SSO support in Oracle9i Forms when a user, authenticated through another Partner Application, requests an Oracle9iAS Forms Services URL.
Text description of the illustration chap052.gif
Oracle9iAS Forms Services allows you to run both single sign-on and publicy viewed applications simultaneously. In order to enable this functionality, you need to add a second alias name for the Forms Servlet. This second Forms Servlet name is required to build a second Forms Services instance.
For security reason it is not recommended you have two Forms Servlet names sharing the same formsweb.cfg file when one of them is registered with SSO. For example: If applicationA is protected by Single Sign-On authentication while applicationB is not, then it must be guaranteed that applicationA cannot be run by the second Forms Services instance , which is not using SSO. The only way to distinguish SSO-protected applications from those being publicly available is to use separate configuration files. ApplicationA will not share the same formsweb.cfg file with applicationB.
The following steps will allow you to run single sign-on and publicly viewed applications:
1. Add another alias name for the Forms Servlet to the OC4J web.xml file.
2. Register the aliased Forms Servlet with mod_oc4j.
Navigate to the \applications\forms90app\forms90web\WEB-INF\ directory of your Oracle9iAS Forms Services OC4J installation. Open the web.xml configuration file in a text editor and add the following lines to the appropriate location:
<servlet> <servlet-name>f90</servlet-name> <servlet-class>oracle.forms.servlet.FormsServlet</servlet-class> <init-param> <param-name>configFileName</param-name> <param-value><your configuration file name goes here></param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>f90</servlet-name> <url-pattern>/f90*</url-pattern> </servlet-mapping>
In this example the new Forms Servlet name is "f90", but you can give it any name. The servlet initialization parameter configFileName takes the name and location of the formsweb.cfg file to be used with this servlet. The best way to create the new configuration file is to copy the formsweb.cfg file from the forms90/server directory and to rename the copy. Edit the copied configuration file and remove all the application configurations that should not be accessible without SSO. Replace "<your configuration file name goes here>" in above example with the location and the name of the formsweb.cfg copy you created.
For the new Forms Servlet name to be recognized by Oracle9iAS and served by OC4J, you need to register the servlet with mod_oc4j. This registration is done using the forms90.conf file located in the forms90/server directory of your Oracle9iAS Forms Services installation.
The following entry for the f90servlet and l90servlet alias names (in regular type) is at the end forms90.conf. Add the lines in bold type:
# Config. for OC4J <IfModule mod_oc4j.c> Oc4jMount /forms90 ProductGroup2 Oc4jMount /forms90/f90servlet ProductGroup2 Oc4jMount /forms90/f90servlet/* ProductGroup2 Oc4jMount /forms90/f90 ProductGroup2 Oc4jMount /forms90/f90/* ProductGroup2 Oc4jMount /forms90/l90servlet ProductGroup2 Oc4jMount /forms90/l90servlet/* ProductGroup2 </IfModule>
After stopping and restarting the Oracle HTTP Server, the Forms Servlet will be accessible by using:
http://<hostname>:<port>/forms90/f90servlet and http://<hostname>:<port>/forms90/f90.
The difference is that the forms90/f90servlet root might be protected by single sign-on and the forms90/f90 path uses a different Forms configuration file (other than formsweb.cfg).
Note: The Forms Listener Servlet "l90servlet" can be used with both configurations, so there is no need to create an alias name for this servlet too. The Forms Listener Servlet does not directly read from the formsweb.cfg file and thus, security is not affected when using the same Listener Servlet for both instances.
You can test the configuration by typing
http://<hostname>:<port>/forms90/f90/admin which should bring up the Listener Servlet test page.
|
Copyright © 2002 Oracle Corporation. All Rights Reserved. |
|