6
Developing Applications Integrated with Oracle Delegated Administration Services

This chapter explains how developers can use the Oracle Delegated Administration Services URL service units to achieve integration with Oracle Delegated Administration Services.

It contains the following sections:

Introduction to the Delegated Administration Services

Oracle Delegated Administration Services are a set of pre-defined, Web-based service units for performing directory operations on behalf of a user. Oracle Delegated Administration Services units enable Oracle Internet Directory to use the self-service model for directory users to, for instance, update their own information in an employee directory.

Delegated Administration Services enable you to more easily develop tools for administering application data in the directory. They provide most of the functionality that directory-enabled applications require, such as creating a user entry, creating a group entry, searching for entries, and changing user passwords.

You can embed Delegated Administration Service units into your applications. For example, if you are building a Web portal, you can add Oracle Delegated Administration Services units to enable users to change application passwords stored in the directory. Each service unit has a corresponding URL stored in the directory. An application can invoke an Oracle Delegated Administration Services unit by URL discovery at runtime by querying the directory.

Figure 6-1 Overview of Delegated Administration Services

Text description of oiddg016.gif follows

Text description of the illustration oiddg016.gif

Benefits of Oracle Delegated Administration Services-Based Applications

There are three main areas where applications based on Oracle Delegated Administration Services are more advanced than those based on earlier types of APIs.

First, because Oracle Delegated Administration Services units are Web-based, an application developed with them are language-independent. In practice, this means that the application can handle input and requests from any type of user or application, eliminating the need for a costly custom solution or configuration.

Second, Oracle Delegated Administration Services comes with the Oracle Internet Directory Self-Service Console, a GUI development tool that automates many of the directory-oriented application requirements (such as Create, Edit, and Delete). This tool reduces design and development time for these basic functions.

Third, Oracle Delegated Administration Services is integrated with Oracle Application Server Single Sign-On, so an application based on Oracle Delegated Administration Services is automatically authenticated with Oracle Application Server Single Sign-On. This means that an application using Oracle Delegated Administration Services can proxy as a user to query the directory on behalf of a user, for better security.

Developing Applications Integrated with Oracle Delegated Administration Services

This section contains these topics:

Prerequisites for Integration with Oracle Delegated Administration Services

For an application to integrate with Oracle Delegated Administration Services units, the following must be true:

The application must be a Web-based GUI.
The application must be integrated with Oracle Application Server Single Sign-On either through mod_osso or through partner application.
The application has certain operations that need to be performed as the currently signed on user that can be leveraged from Oracle Delegated Administration Services.
The application has users or groups stored in Oracle Internet Directory and can leverage Oracle Delegated Administration Services for user and group management.
The application needs to be run under an Oracle Application Server infrastructure or middle-tier environment such that the discovery mechanism for the Oracle Delegated Administration Services URL is accessible.

Oracle Delegated Administration Services Integration Methodology and Considerations

Table 6-1discusses the various considerations for integrating an application with Oracle Delegated Administration Services.

Table 6-1 Condiserations for Integrating an Application with Oracle Delegated Administration Services

Point in Application Lifecycle	Considerations
Application design time	Examine the various services that Oracle Delegated Administration Services provides and identify integration points within the application GUI. Make necessary code changes to pass parameters to the Oracle Delegated Administration Services self-service units and also process return parameters from Oracle Delegated Administration Services. Introduce code in the bootstrap and installation logic to dynamically discover the location of Oracle Delegated Administration Services units from configuration information in Oracle Internet Directory. To do this, use Oracle Internet Directory Service Discovery APIs.
Application installation time	Determine the location of Oracle Delegated Administration Services units and store them in local repository.
Application runtime	Display Oracle Delegated Administration Services URLs in application GUI shown to users. Pass the appropriate parameters to the Oracle Delegated Administration Services by using URL encoding. Process return codes from Oracle Delegated Administration Services through the URL return.
Ongoing administrative activities	Provide the capability to refresh the location of Oracle Delegated Administration Services and its URLs in the administrator screens. Do this in case the deployment moves the location of Oracle Delegated Administration Services after the application has been installed.

Use Case 1: Create User

This use case shows how to integrate the Create User Oracle Delegated Administration Services unit with a custom application. In the custom application page, Create User is shown as a link.

Identify the Oracle Delegated Administration Services URL base, by using the Java API string:
```
baseUrl = Util.getDASUrl(ctx,DASURL_BASE). 
```
This API returns the Oracle Delegated Administration Services base URL in the following form: http://host_name:port/

Get the specific URL for the Create User Oracle Delegated Administration Services unit, by using the string:

relUrl = Util.getDASUrl ( ctx , DASURL_CREATE_USER )

The return value is the relative URL to access the Create User unit.

The specific URL is the information needed to generate the link dynamically for our application.

Next we will look at the parameters that can be customized for this unit. This unit takes following parameters:

Table 6-2 Oracle Delegated Administration Services URL Parameters

Parameter	Description
`homeURL`	The URL which is linked to the global button Home in the Oracle Delegated Administration Services unit. When the calling application specifies this value, you can click the Home button to redirect the Oracle Delegated Administration Services unit to the URL specified by this parameter.
`doneURL`	This URL is used by Oracle Delegated Administration Services to redirect the Oracle Delegated Administration Services page at the end of each operation. In case of Create User, once the user is created clicking on OK redirects the URL to this location. Hence the user navigation experience will be smooth.
`cancelURL`	This URL is linked with all the Cancel buttons shown in the Oracle Delegated Administration Services units. Any time the user clicks Cancel, the page is redirected to the URL specified by this parameter.
`enablePA`	This parameter takes a Boolean value of true/false. This will enable the section Assign Privileges in User or Group operation. If the enablePA is passed with value of true in the Create User page, then Assign Privileges to User section will also appear in the Create User Page.

Build the link with the parameters set to the following values:

baseUrl = http://acme.mydomain.com:7777/
relUrl =  oiddas/ui/oracle/ldap/das/admin/AppCreateUserInfoAdmin
homeURL = http://acme.mydomain.com/myapp
cancelURL = http://acme.mydomain.com/myapp
doneURL = http://acme.mydomain.com/myapp
enablePA = true

The complete URL looks like the following:

http://acme.mydomain.com:7777/oiddas/ui/oracle/ldap/das/admin/AppCreateUserI
nfoAdmin? homeURL=http://acme.mydomain.com/myapp& 
cancelURL=http://acme.mydomain.com/myapp
& doneURL=http://acme.mydomain.com/myapp& enablePA=true

You can now embed this URL in the application.

Use Case 2: User LOV

Oracle Delegated Administration Services List of Values (LOV) is implemented using JavaScript to invoke and pass values between the LOV calling window and Oracle Delegated Administration Services LOV page. The application invoking the LOV needs to open a popup window using JavaScript. Since the Java scripts have the security restrictions, data passing across the domains is not possible. Due to this limitation, only the pages in the same domain can access the Oracle Delegated Administration Services LOV units.

The base and the relative URL can be invoked the same way as Create User. Sample files are located at:

$ORACLE_HOME/ldap/das/samples/lov

This sample illustrates how the LOV can be invoked and data can be passed between the calling application and Oracle Delegated Administration Services unit. Complete illustration of the LOV invocation is beyond the scope of this chapter.

Java APIs Used to Access URLs

To discover the Oracle Delegated Administration Services URLs, Java APIs can be used. More details about the Java API are described in Chapter 3, "Developing Applications with Oracle Extensions to the Standard LDAP APIs" and Chapter 10, "DAS_URL Interface Reference". The API functions which address the Oracle Delegated Administration Services URL discovery are:

getDASUrl( DirContext ctx, String urlTypeDN )
getAllDASUrl( DirContext ctx )

6 Developing Applications Integrated with Oracle Delegated Administration Services