4
Application Management

This chapter explains how to use Oracle9iAS Single Sign-On to log in to partner and external applications.

This chapter contains the following topics:

Administering Partner Applications

The Administer Partner Applications page is used to add, edit, or delete a partner application. Partner applications delegate authentication services to the Login Server. The user logs in to a partner application by providing the username and password for the Login Server when required. The Oracle9iAS Single Sign-On feature of the Login Server ensures that, regardless of how many partner applications are accessed through the Login Server, the user has to provide a username and password only once to the Login Server for that Login Server session.

Table 4-1 described the fields in the Administer Partner Applications page.

Table 4-1 Administer Partner Applications Page

Field	Description
Add Partner Application	Click this link to create a new partner application.
Edit/Delete Partner Applications	Displays existing partner applications. You can: Click the Edit link next to a partner application to view or edit it. Click the Delete link next to a partner application to delete it. Click an application name to go to the application's home URL

Field

Description

Add Partner Application

Click this link to create a new partner application.

Edit/Delete Partner Applications

Displays existing partner applications. You can:

Click the Edit link next to a partner application to view or edit it.
Click the Delete link next to a partner application to delete it.
Click an application name to go to the application's home URL

Administering External Applications

The Administer External Applications page is used to add, edit, or delete an external application. External applications are Web-based applications that perform their own username and password authentication through HTML login forms. External applications that use HTML login forms include Yahoo! Mail and Oracle Mobile.

After you add an external application to the Login Server, users can provide their username and password for the application to the Login Server's password store. To store a password, the user selects the Remember My Login Information For This Application checkbox when logging into the external application through the Login Server. Once the username and password are stored, the user is not prompted for them when logging into the application.

Table 4-2 describes the fields in the External Applications page.

Table 4-2 External Applications Page

Field	Description
Add External Application	Click this link to create a new external application.
Edit/Delete External Applications	Displays existing external applications. You can: Click the Edit link next to an external application to view or edit it. Click the Delete link next to an external application to delete it. Click an application name to test the login

Field

Description

Add External Application

Click this link to create a new external application.

Edit/Delete External Applications

Displays existing external applications. You can:

Click the Edit link next to an external application to view or edit it.
Click the Delete link next to an external application to delete it.
Click an application name to test the login

Adding Partner and External Applications

Partner applications delegate authentication services to the Login Server. A user logs into a partner application using the same username and password that was used for the Login Server. After a user is logged on to the Login Server, the partner application does not request further authentication from the user.

External applications, by comparison, are not fully integrated into Oracle9iAS Portal. Instead, they perform their own authentication. When they are registered with the Login Server, they are visible in Oracle9iAS Portal as links in the External Applications portlet. Adding an external application enables the Login Server to submit an HTML login form with the user's credentials to the application.

To add a partner or external application:

You must have Full Administrator privileges on the Login Server to change any of its settings.
You must be an Oracle9iAS Portal administrator to access the Administer tab of the Oracle9iAS Portal home page.

This section contains the following topics:

Adding a Partner Application

Partner applications are added in the Create Partner Application page.

Table 4-3 describes the fields in the Create Partner Application page.

Table 4-3 Create Partner Application Page

Field	Description
Partner Application Login
Name	Enter a unique name for the partner application.
Home URL	Enter the URL of the application's home page.
Success URL	Enter the URL to the routine responsible for establishing the partner application's session and session cookies. This routine should redirect the browser to the URL that the user originally requested. The URL must point to a procedure that processes the user identification information from the Login Server. Include the `http://` prefix in the URL, as in the following example: `http://server.domain.com:5000/pls/DAD/portal.wwsec_app_priv.process_signon`
Valid Login Timeframes
Start Date	Enter the date when users will first be able to access the partner application through the Login Server. Use the format shown next to the field label.
End Date	Enter the end date when users will last be able to access the partner application through the Login Server. Use the format shown next to the field label. Note: If you leave this field blank, users can log into the partner application using the Login Server indefinitely.
Application Administrator
Administrator E-mail	Enter the e-mail address for the administrator responsible for this partner application.
Administrator Information	Enter any additional information you want to include about the administrator responsible for this partner application.

Perform the following steps to add a partner application using Oracle9iAS Portal.

Navigate to the Oracle9iAS Portal home page.
Click the Administer tab.
In the Login Server Administration portlet, click Administer Partner Applications.
Click Add Partner Application.

The Create Partner Application page displays.
In the Partner Application Login section, enter the partner application's name, the URL to the application's home page, and a Success URL. The Success URL points to a Web page where the browser should be redirected after a successful login. It must correspond to the procedure that processes the user identification information from the Login Server.
In the Valid Login Timeframe section, enter the dates when users can log in to the application through the Login Server. If you leave the End Date field blank, users can log into the application indefinitely.
In the Application Administrator section, enter the e-mail address and other information for the application's contact person or administrator.
Click OK. The new partner application appears in the Edit/Delete Partner Application list on the Partner Application page.

Adding an External Application

External applications are added in the Create External Application page.

Table 4-4 describes the fields in the Create External Application page.

Table 4-4 Create External Application Page

Field	Description
External Application Login
Application Name	Enter a name that you want to use to identify the external application. This is the default name for the external application.
Login URL	Enter the URL to which the external application credentials are submitted for authentication. For example, the login URL for Yahoo!Mail is: `http://login.yahoo.com/config/login?6p4f5s403j3h0`
Username/ID Field Name	Enter the name that identifies the username or user ID field of the external application's login form. You can find this name by viewing the HTML source for the login form. Note: This field is not applicable if you are using Basic authentication.
Password Field Name	Enter the name that identifies the password field of the external application's login form. You can find this name by viewing the HTML source for the login form. Note: This field is not applicable if you are using Basic authentication.
Authentication Method
Type of Authentication Used	Select the type of credential submission method to use for the external application. This specifies how message data is sent by the browser. POST: Submits the login credentials to the login URL of the external application using the HTTP POST method GET: Submits the login credentials to the login URL of the external application using the HTTP GET method BASIC AUTHENTICATION: Submits the login credentials in the application URL, which is protected by HTTP Basic Authentication
Additional Fields
Field Name	Enter the name of any additional fields on the external application HTML login form that may require user input in order to log into the application Note: This field is not applicable if you are using Basic authentication.
Field Value	Enter a default value for a corresponding Field Name value, if applicable. Note: This field is not applicable if you are using Basic authentication.

Warning:

If the external application uses the Basic authentication method, the username and password may be stored in clear text in the browser cache and browser URL history.

Perform the following steps to add an external application from Oracle9iAS Portal.

Navigate to the Oracle9iAS Portal home page.
Click the Administer tab.
In the Login Server Administration portlet, click Administer External Applications.
Click Add External Application.

The Create External Application page displays.
In the External Application Login section, enter the name of the external application and the URL to which the application's HTML login form is submitted or the protected URL to access if you are using Basic authentication.
If the application uses HTTP POST or HTTP GET authentication, in the User Name/ID Field Name, enter the name that identifies the username or user ID field of the external application's HTML login form. You can find the name by viewing the HTML source for the external application's login form.

If the application uses the Basic authentication method, the User Name/ID Field Name should be empty.
If the application uses HTTP POST or HTTP GET authentication, in the Password Field Name, enter the name that identifies the password field of the external application. You must view the HTML source for the login form for this information as well.

If the application uses the Basic authentication method, the Password Field Name should be empty.
In the Additional Fields section, enter the name and default values for any additional fields on the external application HTML login form that may require user input to log into the application.

If the application uses the Basic authentication method, these fields should be empty.
Select the related Display to User checkbox to allow the default value of an Additional Field to be changed by the user on the external application HTML login form.
Click OK. The new external application appears in the Edit/Delete External Application list on the External Application page.
Optionally, in the Edit/Delete Partner Application list, click an application name to test the log in.

The following example shows the source for the values that are used for the External Application Login section for Yahoo! Mail.

<form method=post action="http://login.yahoo.com/config/login?6p4f5s403j3h0" autocomplete=off name=a> 
...
<td><input name=login size=20 maxlength=32></td> 
.... 
<td><input name=passwd type=password size=20 maxlength=32></td> 
...
<input type=checkbox name=".persistent" value="Y" >Remember my ID & password 
...
</form>

The source provides values for the following:

Login URL: http://login.yahoo.com/config/login?6p4f5s403j3h0
Username/ID Field Name: login
Password Field Name: passwd
Type of Authentication Used: POST
Field Name: .persistent Y
Field Value: [off]

Editing Partner and External Applications

This section contains the following topics:

Editing a Partner Application

The Edit Partner Application page is used to edit configuration information for external applications.

The Edit Partner Application page contains all of the fields that are in the Create Partner Application page, plus three additional display fields in the Partner Application Login section. The additional display fields are described in Table 4-5.

Table 4-5 Display Fields in the Edit Partner Application Page

Field	Description
ID	Displays only when you are editing a partner application. The ID value is automatically set when a partner application is added. It is used by the Login Server to identify the partner application.
Token	Displays only when you are editing a partner application. The token is automatically set when a partner application is added. It is used by the Login Server to identify the partner application. The partner application must use the application token to identify itself to the Login Server when requesting authentication.
Encryption Key	Displays only when you are editing a partner application. The encryption key is automatically set when a partner application is added. When a user tries to log in using Oracle9iAS Single Sign-On, the Login Server generates a cookie that indicates a user's identity and whether the user has been authenticated. This key is used to encrypt the login cookie.

Perform the following steps to edit a partner application from Oracle9iAS Portal.

Click the home link to navigate to the Oracle9iAS Portal home page.
Click the Administer tab.
In the Services portlet, click Login Server Administration.
Click Administer Partner Applications.
Click the Edit link next to the Application Name.

The Edit Partner Application page displays.
Edit the appropriate field values, as described in Table 4-3.
Click Apply to store changes for the current screen and redisplay the screen with updated values, or click OK to store all changes and return to the previous screen.

Editing an External Application

The Edit External Application page is used to edit configuration information for external applications.

Perform the following steps to edit an external application from Oracle9iAS Portal.

Click the home link to navigate to the Oracle9iAS Portal home page.
Click the Administer tab.
In the Services portlet, click Login Server Administration.
Click Administer External Applications.
Click Edit link next to the Application Name.

The Edit External Application page displays.
Edit the appropriate field values, as described in Table 4-4.
Click Apply to store changes for the current screen and redisplay the screen with updated values, or click OK to store all changes and return to the previous screen.

Adding External Applications to the External Applications Portlet

The Edit External Applications Portlet Settings page is used to add external applications to the External Applications portlet.

Table 4-6 describes the fields in the Edit External Applications Portlet Settings page.

Table 4-6 Edit External Applications Portlet Settings Page

Field	Description
External Applications Portlet Banner
Banner	Enter a new name to customize the title of the External Applications portlet banner
Select External Applications
Display	Select this checkbox to display the application name in the External Applications portlet
Change Stored Password	Click this icon to display the Edit External Applications Login Information page to change your username, password, or additional field information, as applicable.
Application Name	Displays the name of the external application.
Preferred Name	Enter a name for the application for display in the External Applications portlet (optional)

Perform the following steps to access the Edit External Applications Portlet Settings page.

In the external applications portlet banner, click Customize.

By default, the external applications portlet is located on the Administer tab of the Oracle9iAS Portal home page and is called External Applications

The Edit External Applications Portlet Settings page displays.
Change the values as described in Table 4-6.
Click OK to save changes, or click Reset to Defaults to revert to the original values.

Specifying External Application Login Information

The External Application Login page is used to specify your username and password for the application. If you select the Remember My Login Information For This Application checkbox, Oracle9iAS Portal automatically logs on for you each time you launch the application.

Note:

If you change your password in the external application, be sure to update your password on this page as well. Otherwise, Oracle9iAS Portal cannot log in for you and the external application's error message is displayed.

Table 4-7 described the fields in the External Application Login page.

Table 4-7 External Application Login Page

Name	Description
Application Name	Displays the name of the application you are logging on to.
User Name/ID	Enter your username for this application.
Password	Enter your password for this application.
Remember My Login Information For This Application	Select to keep this information permanently within Oracle9iAS Portal. The next time you launch the application, Oracle9iAS Portal automatically logs you in without displaying a login screen.

Perform the following steps to access the External Application Login page.

In the External Applications portlet, click the name of the external application.

Note:
By default, the external application portlet is located on the Administer tab of the Oracle9iAS Portal home page, and the banner name is External Applications.

Note:
If the name of the external application is not displayed in the External Application portlet, it must be added using the Edit External Applications Portlet Settings page.

See Also:
"Adding External Applications to the External Applications Portlet" for information about adding an external application to the external Applications portlet.

The External Application Login page displays.
Enter your username and password.
Click Login to log in to the application or Close to cancel.

4 Application Management