Oracle9iAS Portal Developer Kit
PDK-URL Services Basic Authentication Readme

Using the Basic Authentication feature in PDK-URL Services, you can portletize the contents of any 3rd party application which is authenticated using the BASIC Authentication method. It is very similar to creating a standard External  Application portlet with less details and fewer steps to follow.  This article describes Basic Authentication using PDK-URL Services.  For more information about Basic Authentication, review the following links.

• Basic Authentication Portlet Using Oracle Metalink

• Source code:  provider.xml for Metalink Portlet Samples

CHANGES

PROVIDER.XML

Changes to be incorporated in provider.xml for this purpose are as follows :

1. When using BASIC Authentication, specify the following in the Authentication tag.
   
   <authentication class="oracle.portal.provider.v1.http.Authentication">
   <authType>basic</authType>
   </authentication>

EXTERNAL APPLICATION CREATION

Oracle9iAS Portal 3.0.9.8.0 (supports basic authentication)

1. Application Name : urlservices_basic_authentication

2. Login URL:  <basic authenticated url> 

   This is the URL that prompts the authentication pop-up window.

3. User Name/ID Field Name:  <leave blank>

4. Password Field Name:  <leave blank>

5. Click OK after this step.

6. Click on the External Application link "urlservices_basic_authentication" and provide your username and password when prompted.

Portal Version prior to 3.0.9.8.0

External Applications using Basic Authentication is not support in Oracle9iAS Portal prior to 3.0.9.8.0.  However, since BASIC Authentication only requires username and password, you can fill in some values in the external application fields to work around this.  These fields are only to allow you to create the External Application and will not be used by PDK-URL Services.

1. Application Name : urlservices_basic_authentication

2. Login URL : <basic_authenticated_url>

3. User Name/ID Field Name : login (This is not used in URLServices. Just for creating external application.)

4. Password Field Name : passwd (This is not used in URLServices. Just for creating external application.)

5. Click "OK" after this step.

6. Click on the External Application link "urlservices_basic_authentication" and provide your username and password when prompted.

LIMITATIONS

In order to authenticate deep links existing in URL Content, user information is attached to the URL, in-line. 

Example :

Deep links points to : http://my.server.com/site/myindex.html
After authenticating it : http://<username>:<password>@my.server.com/site/myindex.html

This way the user is automatically authenticated through each link, but the user information is also exposed outside (in the URL).

In order to suppress this deep link authentication mechanism, you will need to set <useAuthLinks> to false in provider.xml

Example:

<filter class="oracle.portal.provider.v1.http.HtmlFilter">
<useAuthLinks>false</useAuthLinks>
. . . 
</filter>

Revision History:

• September 27, 2001