
 Oracle Web Single Sign-On
 Partner Application SDK
 Login Server Compatibility: 3.0.6, 3.0.7, 3.0.8
 Copyright (c) 1999-2001 Oracle Corporation. All rights Reserved.
==================================================================


REQUIREMENTS

The following software components are required for developing Single
Sign-On enabled partner applications:

  * Oracle database Release 2 (8.1.6) with the Java option
  * Oracle9i Application Server
  * Oracle Login Server
  * Oracle Web Single Sign-On Partner Application SDK



INSTALLATION STEPS

Notes:
   * For Servlet or Java Server Page application development, the
     Java SDK jar file must be in the classpath of the web server.
   * The Java SDK jar file (ssosdk307.jar) is located in the jlib
     directory.
   * All Java bean class files  and Java SDK jar file must be in
     the partner application web server classpath.

Step 1: Load the PL/SQL Crypto Packages if required
   If you are using Oracle 8i Release 3 (8.1.7) or above, go to
   Step 3. 

   If you are using Oracle 8i Release 2 (8.1.6), load the PL/SQL
   crypto packages as follows:

   1. Change to the $ORACLE_HOME/rdbms/admin directory.
   2. Launch SQL*Plus and enter the following:
        sqlplus connect sys/<sys_password> as sysdba
        SQL> @catobtk.sql
        SQL> @catoctk.sql
        SQL> grant execute on dbms_obfuscation_toolkit to public;
        SQL> grant execute on dbms_crypto_toolkit to public;
        
        Note: You may see error messages when you run these scripts
        you may ignore them.  You can check if those packages are 
        loaded correctly;

        sqlplus connect sys/<sys_password> as sysdba
        SQL> desc dbms_obfuscation_toolkit;
        SQL> desc dbms_crypto_toolkit;

Step 2: Run owaload.sql to Load the OWA Packages
   Note: If you have the Oracle9i Application Server installed, the OWA
   packages are located in the $ORACLE_HOME/Apache/modplsql/owa
   directory.

   Use SQL*Plus to load the OWA packages as follows:

      sqlplus connect sys/<sys_password> as sysdba
      SQL> @owaload.sql <log_file_name>

   Note: You should enter the log file name otherwise it will prompt for
      log file name. See the owaload.sql file for more information.

Step 3: Create the Partner Application Schema
   Use SQL*Plus to create a schema for the partner application as follows:
      sqlplus connect sys/<password>@<tnsname> as sysdba
      SQL> create user <schema_name> identified by <schema_password>
      SQL> grant connect, resource  to <schema_name>

Step 4: Load Packages for the Partner Application
   Load packages for the partner application as follows:
   1. Change to the packages/oracle/security/sso directory of the unzipped 
      SSO SDK file.
   2. Enter the following command:
         loadjava -user <partner_schema_name>/<password>@<tnsname> SSOHash.class
      Note: loadjava is in your bin directory of ORACLE_HOME
   3. Change to the packages directory of unzipped SSO SDK file.
      Use SQL*Plus to load the PL/SQL packages to the partner application
      schema as follows:
         sqlplus <partner_schema_name>/<password>@<tnsname>
         SQL>@loadsdk.sql
      Note: This generates the loadsdk.lst and on.lst spool files.

Step 4: Obtain Registration Information
   Obtain registration information for the partner application from the Login
   Server administrator.

   If you are the Login Server administrator, register the partner application
   with the Login Server as follows:
   1. Login to Oracle Portal with Login Server administrator privileges, as
      in the following example: portal30_sso/<password>
   2. Click the Administrator tab.
   3. Navigate to the Services->Login Server Administration link.
   4. Click Administrator Partner Application.
   5. Click Add Partner Application.
   5. Enter the name of the partner application, as in the following example:
         Sample Partner Application 3.0.7
   7. Enter the home URL for the application, as in the following example:
         http://www.<your_webserver_name.domain>
      Note: The home URL should be publicly accessible and thus not require any
      authentication. The home URL will be listed on the Login Server home page.
   8. Enter the success URL for the partner application.
      Note: The success URL will be implemented by the application developer.
      PL/SQL example:
         http://www.<your_webserver_name.domain>/pls/<sample_dad>/
            <partner_application_schema_name>.sample_sso_papp.sign_on
      Servlet example:
         http://www.<your_webserver_name.domain>/servlet/SSOSignOnServlet
      JSP example:
         http://www.<your_webserver_name.domain>/jsp/ssosignon.jsp
   9. Optionally change the start and end date.
  10. Enter the partner application administrator's name and email address.
  11. Click the Apply button. The Login Server displays registration
      information for the partner application.
  12. Record the following registration information for use in Step 5:
      * Site ID
      * Site Token
      * Encryption Key

Step 5: Run the regapp.sql file
   Run the regapp.sql file and update required information.

   Note: You must perform this task even if you have already registered the
   partner application with the Login Server. This task stores Login
   Server registration information in the partner application's configuration
   table.

   1. Go to packages directory of unzipped SSO SDK file
      Use SQL*Plus to start regapp.sql as follows:
      sqlplus connect <partner_schema_name>/<password>@<tnsname>
      SQL> @regapp.sql

   2. Enter values for the following parameters, as prompted by regapp.sql:

         listener_token: Listener token for the partner application
         Syntax:        <partner application host name>:<port>
         Example:       www.myserver.com:80
         Description:   Used to identify a partner application from the
                        configuration information. The name is used in the
                        sample application code.

         site_token:   Site token for your application
         Description:  Supplied by the administrator

         site_id:      Site ID for the application
         Description:  Supplied by the administrator

         login_url:    The login URL of the Login Server
         Example:
http://www.ssosvr.com/pls/portal30_sso/portal30_sso.wwsso_app_admin.ls_login
         Description:  Set the value for the login URL. If you don't know the
                       value, click the login link in Oracle Portal to
                       access the Login page. Copy the link from the browser
                       window and use it as the Login Server login URL.

         cookie_version: Version of the SSO server cookie
         Example:        v1.0
         Description:    Set the cookie version for this version of the SSO SDK
                         to v1.0

         encryption_key: Encryption key for the application
         Description:    Supplied by the administrator

         ip_ckeck:     The IP address check flag for security purposes
         Example:      Y
         Description:  Set the value to Y for added security; otherwise set
                       the value to N.




