Friday, July 04, 2008

Oracle AS SSO : How to get important user information from SSO and OID

The Oracle AS 10.1.2 Single Sign on places useful user information in the HTTP request Headers. The partner application can access these request headers & get this useful information.

We can use this information provided by the Oracle AS 10.1.2 Single Sign on and query the underlying Oracle Internet Directory ( OID ) directly to obtain useful user information.

The three critical assumptions that we need to make at this point are :-

1. We are able to get the OSSO-User-Dn value from the request header.

2. We are able to connect to the OID anonymously, to read the user information ( so that we need to unnecessarily authenticate again. ).

3. We have access to the underlying OID ( usually, the OID is protected by a DMZ layer & ports may need to be opened at the firewall ).


We can proceed to write a simple JNDI code ( simple garden variety code, obtained from the Sun JNDI Tutorial Trail ) to get important user information from OID :-

DirContext objRootContext = null;
Hashtable objHashtable = null;
Attributes objUserAttributes = null;
Attribute objEmail = null;
Attribute objPhone = null;
String strEmail = null;
String strPhone = null;

objHashtable = new Hashtable();

// Let's get the User DN from Single Sign On.
// CRITICAL ASSUMPTION : We get the User DN value from the SSO.
strUserDN = request.getHeader(“Osso-User-Dn”);

// Let's connect to the OID used by Oracle AS Single Sign on
// CRITICAL ASSUMPTION : We can access the OID objHashtable.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
objHashtable.put(Context.PROVIDER_URL,"ldap://localhost:389/");
objHashtable.put(Context.SECURITY_PRINCIPAL,strUserDN);
// CRITICAL ASSUMPTION : The OID should provide anonymous access.
objHashtable.put(Context.SECURITY_CREDENTIALS,"");

// Let's lookup the user from the root node.
objRootContext = new InitialDirContext(objHashtable);
objRootContext = (DirContext) objRootContext.lookup(strUserDN);

// Let's get all the attributes
objUserAttributes = objRootContext.getAttributes("");

// Let's pull out only the attributes we are interested in.
objEmail = objUserAttributes.get("mail");
objPhone = objUserAttributes.get("phone");

if(objEmail!=null)
{
strEmail = (String) objEmail.get();
}

if(objPhone!=null)
{
strPhone = (String) objPhone.get();
}
We can now comfortably get the user information & use it further downstream in our applications.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)