Oracle® Access Manager Developer Guide 10g (10.1.4.3) Part Number E12491-01 |
|
|
View PDF |
Several components, such as IdentityXML and AccessXML, allow you to gain access to Oracle Access Manager by using SOAP (Simple Object Access Protocol). To do this, you build a properly formatted SOAP request, with the Oracle Access Manager-related information contained within it.
SOAP provides a way to exchange information in a decentralized, distributed environment. It uses XML as a basis for its protocol, which consists of three parts:
An envelope
This defines a framework for describing what is in a message and how to process it. IdentityXML relies heavily upon this part.
A set of encoding rules
This provides a way to create application-defined data types. Both IdentityXML and AccessXML use this.
A convention for communication
SOAP defines a set of remote procedure calls and responses. Content for these can be established using the encoding rules. SOAP could be used in combination with almost any protocols. For Oracle Access Manager, the focus is on its use in combination with HTTP and servers.
A full discussion of the protocol can be found at:
Though SOAP provides the means to communicate with Oracle Access Manager, it is still necessary to transport the message content using the Web to the Identity or Access System Server that will process it. This requires the use of an HTTPClient.The HTTPClient is an application that simulates the HTTP communication capabilities of a browser, without an HTML presentation.
Though such a client could be written from scratch, toolkits are available that provide the necessary components. One such toolkit is available from Innovation:
http://www.innovation.ch/java/HTTPClient/
The toolkit is free and internally documented. It includes support for the request methods HEAD, GET, POST and PUT, and contains modules that support automatic handling of authorization, redirection requests, and cookies.
You use the toolkit to provide the HTTP communication modules that will be the back end of an HTTPClient that you write. The front end of your client will have these features:
Host Identification
You need to be able to identify the full Host URL that you want to communicate to, including the port number, and provide this information to the back end.
Data Transmission
You need a way to pick up and send data to the host. The data to be picked up could be the entire SOAP envelope with data, or just the data, with the envelope being applied by your client, or could be assembled almost entirely within the client. You provide the data to the back end for transmission, and expect the back end to return the response to you. You can include modules in the back end that will work with redirection responses and maintain cookies to support single sign-on.
Response Interpretation
You need a way to parse and use the information returned by Oracle Access Manager.
A sample of such a client is provided in the following directory:
Identity_install_dir /unsupported/integsvcs
in the file ObSoapClient.java. You need to compile this file into a class version, within the HTTPClient build environment.
The resulting example enables you to send a selected request file to a selected port of a selected host. The command line arguments are:
java ObSoapClient -h hostname -p port -f file
where hostname is the URL you want to communicate with, por t is the port number, and file is the name of the request file you want to send. The response is displayed to the screen. You will probably want to pipe this to a file, or modify the example to print to a file you name on the command line.
The file ObSoapClient.pl provides a similar example for use with PERL.
Several example request files are provided for you, also in the location:
Identity_install_dir /unsupported/integsvcs
You will not be able to use these files as is. You will need to change at least the login and password information in each one to information matching a valid user on the system you are trying to access. And, you will probably need to change the uid information in each file to match your directory structure and content.