Need help !! Non-portal9iAS forms & reports with SSO

[sedan76]

Hi guru's

I'm doing the upgrade of d2k to non-portal 9ias. Rightnow i have around 50 forms
which are called from one menu. We have given the security to access
individual forms by creating the DB roles which has table rights(DML)
and these rights again given to individual users in the database. In the
fornt end we have procedures that will track the user rights according to
the tables and give the access to the forms.

My question is
1) I have no idea about SSO and started reading documentations to how to implement.
In order to move to SSO what would be the best approach to give the same security
features.
2) can i use the same user_id for both database as well SSO.
3) With non-portal9ias can i integrate forms and reports in SSO.

Any help regarding this will be highly appreciated and also please give me
some related links if there are any.

Thanks a lot.
sedan.

 

[donkeyhote]

Well you did ask -
Step-by-Step Instructions:
OID CONFIGURATION:
1. Add the SSO user to the OID. Assuming you have accepted all the defaults you can access OID page at

http://<machinename>.<domainname>:7777/oiddas

2. Click on the &quot;Directory&quot; tab found at the top right hand corner of the page.
3. Login using &quot;orcladmin&quot; as the user and the password that you have selected during installation of 9iAS V2
4. Click on &quot;Create&quot; to create a new user.
5. Select a username lets say &quot;ssotest&quot; with a password of &quot;ssotest1&quot;
6. You can choose to add all other details.
7. Scroll down to the bottom of the page to &quot;Resource Access Information&quot;
8. Click on &quot;Create&quot; to create a new resource file
9. Enter a Resource Name, for example, &quot;ssotest_db&quot;
10. Click next and fill the userid/password and connect string for the database and submit it.
11. You will come back to the Create User. Click Submit to create a new SSO user and Resource file.

FORMSWEB.CFG CONFIGURATION:
This file can be found under $ORACLE_HOME\forms90\server directory. You have to create a new configuration section in the formsweb.cfg file with the same resource name that you had created in OID configuration. In our case it is &quot;ssotest_db&quot;
1. Open the formsweb.cfg file.
2. Scroll down to the bottom and add a configuration as below:
[ssotest_db]
pageTitle=SSO Test Page
form=emp.fmx
3. Save the file and exit. Check that the oid_formsid parameter in the formsweb.cfg is set to &quot;formsApp&quot; and oracle home is set. (the oid_formsid parameter may be set to &quot;formsApp1&quot; if you have installed middle_tier(Oracle9i Application Server) and the Infrastructure on different hosts.)

FORMS90.CONF CONFIGURATION:
This file can be found under $ORACLE_HOME/forms90/server directory. The mod_osso authentication entry is already present in the forms90.conf file, but it is commented out. Uncomment it to enable Single Sign On (SSO).

# Forms mod_osso authentication directive
<IfModule mod_osso.c>
<Location /forms90/f90servlet>
require valid-user
authType Basic
</Location>
</IfModule>
3. Save the file and exit Now you will have to restart the HTTP Server for the changes in the forms90.conf file to take effect. forms90.conf is an HTTP Server configuration file, hence, you have to restart the HTTP Server after having modified this file. [Note: mod_osso.conf file (located in $ORACLE_HOME/Apache/Apache/conf directory) is central location for all URL's that can be SSO enabled. If you have other applications(not forms) which need SSO, you can put all of them in the mod_osso.conf. forms90.conf file is used only for forms.]
All the required configuration has now been completed. Lets try to run the form:
1.

http://<machinename>.<domainname>:7778/forms90/f90servlet?config=ssotest_db

2. You will see the single sign-on page, enter ssotest and ssotest1 as the username and password.(This is the same username and password that you created in OID)
3. You will now be able to see the form come up.
4. You should not be asked to enter the username/password@connect_string as this was already entered while creating the ssotest user.
5. Now to test that SSO really works. Lets login to portal.
6.

http://<machinename>.<domainname>:7778/pls/portal

7. Login using userid: ssotest and password: ssotest1.
8. After logging in type in the URL:

http://<machinename>.<domainname>:7778/forms90/f90servlet?config=ssotest_db

9. It should display the form without asking for any userid and password.
10. Forms used the SSO to authenticate the username and password of &quot;ssotest&quot; and accesses the database authentication. If you want to check the SSO user, you can use the SSO_USERID built-in. You are now able to run Forms Application successfully, using SSO.

IMPORTANT: there is BUG 2489506 for Windows platform. The database username/pwd and the connect string are not passed. This is expected to be fixed in Patch 1 of Forms 9i. Also, note HP-Unix users might encouter BUG 2795170. This problem comes up when you apply the core-patch. You might get &quot;SSO-Warning&quot; errors. If you have not applied the core-patch SSO works fine. A new core patch will be released to include the patch to resolve SSO warning errors in HP-UX. Note 229146.1 discusses this issue.

Related Documents ----------------- SSO/OID Integration under Forms Services Demos at

http://technet.oracle.com/sample_code/products/forms/content.html

Note 229146.1