Jason Bennett's Developer Corner

 






Click to see the XML version of this web page.

>


View David Jason Bennett's profile on LinkedIn

 

 

A Little About Jason Bennett ...

I've had an interest in publishing technical articles and HELPFUL code for a few years.  I am (by trade and hobby) a developer who specializes in Oracle technologies and web based architectures.  I have been an employee of both TUSC and Oracle Corporation.  My intent here is to share my ideas and coding experiences with the developer community as a whole.  As with all developers some of my ideas are great and some of them are ....  well you know.  Anyway, I hope you find something here that will aid in your endeavor, or spark a new idea. 

I am more than happy to assist with technical issues and will even write a little code if need be. If you find something on the site that is really useful and you'd like to make a contribution (absolutely up to you and absolutely not required), just click the "Make a Donation" button on the left!

Good luck and good coding !




  Sunday, May 16, 2004


Extending OracleAS 10g SSO to IIS and ASP.NET via Apache MOD_PROXY and MOD_OSSO

By Jason Bennett

 

Sometimes it’s just fun to do things the hard way.  My goal was to demonstrate how an ASP.NET application can be protected under the OracleAS 10g Single Sign-On umbrella without using the osso_proxy plugin for IIS provided by Oracle Corporation.  As usual, I found a way to do it.  Using Apache’s mod_proxy and OracleAS 10g’s mod_osso, we simply create a reverse proxy from Apache to IIS and protect the proxy redirect url pattern (a pattern in the URL that tells Apache to redirect this request to IIS) with mod_osso.  The SSO specific HTTP headers such as HTTP_OSSO_USER_DN and HTTP_OSSO_SUBSCRIBER_DN are forwarded to IIS and retained for the life of the session.  What’s the catch?  This only works if you are accessing the ASP.NET page through the proxy URL.  It’s a small catch, and it allows the integration of web based .NET applications with your SSO protected web based J2EE applications running under OracleAS 10g.  The next few sections detail the steps required to perform this integration.

 

Create and Deploy an ASP.NET page

The first thing we need to do is create and deploy a simple ASP.NET page such as the following (testpage.aspx):

 

<%@ Page Language="C#" %>

 

<html>

<body>

 

<%if (Request.ServerVariables["HTTP_OSSO_USER_DN"] == null){%>

 

<B> You are not authenticated via OracleAS 10g SSO Server.</B>

 

<%}else{%>

 

<TABLE>

<TR><TD><B>Server Variable</B></TD><TD><B>Value</B></TD></TR>

 

<% foreach(string name in Request.ServerVariables){%>

 

<TR><TD> <%= name %> </TD><TD>  <%= Request.ServerVariables[name] %> </TD></TR>

 

<%}%>

</TABLE>

<%}%>

</body>

</html>

 

Next, deploy the page to an IIS server (5.0 or 6.0).

 

Configure OracleAS 10g OHS (Apache 1.3) as a Reverse Proxy

The next step is to configure the OracleAS 10g OHS to act as a reverse proxy to IIS for any request containing a specific URL pattern such as ‘/asptest/’.  To do this, we add the following lines to the httpd.conf file:

 

ProxyRequests off

ProxyPass /asptest/ http://<;IIS server host>/<application virtual directory>/

ProxyPassReverse /asptest/ http://<;IIS server host>/<application virtual directory>/

 

In my case it was:

 

ProxyRequests off

ProxyPass /asptest/ http://192.168.0.4/ASPApplications/

ProxyPassReverse /asptest/ http://192.168.0.4/ASPApplications/

 

(Note: mod_proxy must be loaded for this to work.)

 

Now, any request to OracleAS 10g OHS with a format like ‘http://<;server>:<port>/asptest/<pagename>.aspx’ will be redirected to ‘http://<;IIS server host>/<application virtual directory>/<pagename>.aspx’.  The hostname and port in the browser will remain unchanged.  It will appear to the user as if OracleAS 10g executed the ASP.NET page.

 

Register the Proxy URL Pattern with MOD_OSSO

Since our goal is to SSO enable the ASP.NET page, we need to register the proxy url pattern, ‘/asptest’ (or whatever you have chosen) with mod_osso.  To do this, simply add lines similar to these to the mod_osso.conf file on the same OHS instance that you previously modified:

 

    <Location /asptest>

        require valid-user

        AuthType Basic

    </Location>

 

Restart the OHS and any request containing ‘/asptest/’ will require be required to authenticate to the OracleAS 10g SSO Server.

 

Execute the Page ……

Execute the page, http://<;myserver>:<port>/asptest/testpage.aspx, through OracleAS 10g. After authenticating with a valid SSO user account, you should get these results along with many others including the SSO cookie:

 

Server Variable Value

HTTP_HOST  192.168.0.4 

HTTP_USER_AGENT  Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) 

HTTP_CHRONOS  aggregate 

HTTP_CLIENTIP  192.168.0.2 

HTTP_ORACLE_CACHE_VERSION  9.0.4 

HTTP_ORACLE_ECID  75708589919,1 

HTTP_SSL_HTTPS  off 

HTTP_SURROGATE_CAPABILITY  orcl="webcache/1.0 Surrogate/1.0 ESI/1.0 ESI-Inline/1.0 ESI-INV/1.0 ORAESI/9.0.4" 

HTTP_OSSO_USER_GUID  D2F642ED97E88476E030007F010077D7 

HTTP_OSSO_USER_DN  cn=portal,cn=users, dc=jbennett,dc=com 

HTTP_OSSO_SUBSCRIBER  DEFAULT COMPANY 

HTTP_OSSO_SUBSCRIBER_DN  dc=jbennett,dc=com 

HTTP_OSSO_SUBSCRIBER_GUID  D2F4E032B08D05C5E030007F010046F6 

HTTP_X_FORWARDED_FOR  127.0.0.1 

HTTP_X_FORWARDED_HOST  jbennett:7778 

HTTP_X_FORWARDED_SERVER  jbennett 


11:11:15 PM    

Click here to visit the Radio UserLand website. © Copyright 2008Jason Bennett.
Last update: 8/28/2008; 9:44:05 PM.

May 2004
Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          
Apr   Aug