Bookshelf Home | Contents | Index | PDF     

Integration Guide for Oracle Billing Insight > Using an External Authentication System > Configuring Oracle Billing Insight to use a Single Sign-on System >

Example of Integrating Oracle Billing Insight with CAS

This topic gives one example of integrating Oracle Billing Insight with CAS on Oracle WebLogic. The specific steps and files required for your SSO implementation will vary. For the Assisted Service and Web Services applications, additional examples of how to integrate Oracle Billing Insight with CAS are located in the following directory:

  • UNIX. EDX_HOME/samples/sso/cas
  • Windows. EDX_HOME\samples\sso\cas

To integrate Oracle Billing Insight with CAS on Oracle WebLogic

  1. Verify that the following requirements have been met:
    • The CAS SSO system is set up.
    • The Oracle Billing Insight installation and configuration is complete.
  2. Import the SSO user in the Oracle Billing Insight database.
  3. Access your LDAP server, and add a user and group for the Self-Service and Assisted Service applications.
  4. Download the libraries required to support integrating your SSO implementation with the CAS Server 3.4.11 to the EDX_HOME\J2EEApps\selfservice\weblogic\selfservice-weblogic-7.0.ear\lib directory. These are open source resources and can be accessed from any public maven repository, CAS Web site, and so on. These can include files such as:
    • cas-client-core-3.1.10.jar
    • opensaml-1.1b.jar
    • spring-security-cas-3.1.0.RELEASE.jar
    • xmlsec-1.3.0.jar
    • httpcore-4.1.jar (For the Assisted Service application only)
    • Add the JAR file paths to the MANIFEST.MF file found in the EDX_HOME\J2EEApps\selfservice\webcear\APP-INF\lib\xma-classpath.jar\META-INF\ directory, such as:

    ../../lib/xmlsec-1.3.0.jar ../../lib/opensaml-1.1b.jar ../../lib/spring-security-cas-3.1.0.RELEASE.jar ../../lib/cas-client-core-3.1.10.jar

  5. If there are any conflicts among third party library versions, then add the following statement to the weblogic-application.xml file found in the EDX_HOME\J2EEApps\selfservice\weblogic\selfservice-weblogic-7.0.ear\META-INF\ directory:

    <package-name>{jar path}</package-name>

    For example:

    <package-name>org.opensaml.*</package-name>

  6. Add the following content to the web.xml file found in the EDX_HOME\J2EEApps\selfservice\weblogic\selfservice-weblogic-7.0.ear\selfservice-web-1.0-SNAPSHOT.war\WEB-INF directory:

    <filter><filter-name>characterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class><init-param><param-name>encoding</param-name>
    <param-value>UTF-8</param-value></init-param>
    </filter><filter-mapping><filter-name>characterEncodingFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
    <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class></listener>

  7. Edit the session time-out filter in the web.xml file to specify j_spring_cas_security_logout as the parameter value:

    <param-value>(/j_spring_security_check|/nonAuth/logout.action|/j_spring_cas_security_logout).*</param-value>

  8. Edit the spring-security.xml file found in the EDX_HOME\config\security\selfservice\. Update the following:
    • Add a CAS entry point to the security:http statement:

    <security:http entry-point-ref="casEntryPoint" access-decision-manager-ref="accessDecisionManager">

    • Add a CAS custom filter to the security:http statement:

    <security:custom-filter position="CAS_FILTER" ref="casFilter" />

    • Add beans serviceProperties, casFilter, and casEntryPoint, specifying the server and ports for your implementation:

    <bean id="serviceProperties"
    class="org.springframework.security.cas.ServiceProperties">
    <property name="service"> <value>https://
    your_server_name:your_application_port/SelfService/
    j_spring_cas_security_check </value> </property>
    <property name="sendRenew" value="false"/>
    </bean>
    <bean id="casFilter"
    class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    </bean>
    <bean id="casEntryPoint"
    class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    <property name="loginUrl" value="https://your_server_name:8443/cas-
    server-webapp-3.4.11/login"/> <property name="serviceProperties"
    ref="serviceProperties"/>
    </bean>

    • Set the service value to the URL of your Oracle Billing Insight application. Set the login URL value to the URL of your CAS server login.
    • Update the authentication provider:

    <security:authentication-provider ref="casAuthenticationProvider" />

    • Add the casAuthenticationProvider bean:

    <bean id="casAuthenticationProvider"
    class="org.springframework.security.cas.authentication.CasAuthentication
    Provider"> <property name="authenticationUserDetailsService">
    <bean class="org.springframework.security.core.userdetails.UserDetails
    ByNameServiceWrapper"><constructor-arg ref="userDetailsService" />
    </bean></property> <property name="serviceProperties"
    ref="serviceProperties" /> <property name="ticketValidator">
    <bean class="org.jasig.cas.client.validation.Saml11TicketValidator">
    <constructor-arg index="0" value="https://your_server_name:8443/
    cas-server-webapp-3.4.11" /></bean></property> <property
    name="key"value="an_id_for_this_auth_provider_only"/>
    </bean>

    • Add a custom filter for single logout:

    <security:custom-filter ref="requestSingleLogoutFilter"
    before="LOGOUT_FILTER"/>
    <security:custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>

    • Remove the following:

    <security:logout logout-success-url="/nonAuth/logout.action"/>
    <security:form-login login-page="/nonAuth/login.action" default-target-url="/reporting/reportStart.action" authentication-failure-url="/nonAuth/login.action?login_error=1"/>

    • Add the filter definitions:

    <!-- This filter handles a Single Logout Request from the CAS Server -->
    <bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
    <bean id="requestSingleLogoutFilter"
    class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <constructor-arg value="https://your_server_name:8443/cas-server-webapp-3.4.11/logout?service=https://your_server_name:your_server_port/selfservice"/><constructor-arg>
    <bean class="org.springframework.security.web.authentication.logout.Security
    ContextLogoutHandler"/></constructor-arg>
    <property name="filterProcessesUrl" value="/j_spring_cas_security_logout"/></bean>

    • Set the URL of your CAS server.
  9. Install the certification file for both the SSO system and Oracle Billing Insight if the SSL connection is enabled.
  10. Configure Oracle Billing Insight to work in SSO enabled mode, which turns on and off the appropriate UI features. Make the following edits in the globalConfig.xma.xml file, found in the EDX_HOME/xma/config/modules folder:
    • Turn on the global configuration flags for SSO. Change the following property values to true:

    <property name="ebillingSingleSignOnEnabled"><value>false</value></property>
    <property name="csrSingleSignOnEnabled"><value>false</value></property>

    • If you use Web Services, then set the following SSO flag to true:

    <property name="ebillingWebServiceSingleSignOnEnabled"><value>false</value></property>

    • Add a URL for single sign-out. The default value for CAS is j_spring_cas_security_logout:

    <property name="singleSignOutUrl"><value>j_spring_cas_security_logout</value></property>

    • Add home page links for the Self-Service and Assisted Service applications:

    <property name="ebillingHomePageUrl"><value>http://localhost:7001/portlet</value></property>
    <property name="csrHomePageUrl"><value>http://localhost:7001/portlet</value></property>

  11. Run the automated configuration script:
    1. Go to the following directory:
      • UNIX. EDX_HOME/samples/sso/CAS
      • Windows. EDX_HOME\samples\sso\CAS

        In the directory, EDX_HOME is the location where you installed Oracle Billing Insight.

    2. Update the spring-security-sso.properties files found in each of the following directories:

      UNIX:

      • EDX_HOME/samples/sso/CAS/conf/selfservice
      • EDX_HOME/samples/sso/CAS/conf/csr
      • EDX_HOME/samples/sso/CAS/conf/rs

        Windows: EDX_HOME\samples\sso\CAS

      • EDX_HOME\samples\sso\CAS\conf\selfservice
      • EDX_HOME\samples\sso\CAS\conf\csr
      • EDX_HOME\samples\sso\CAS\conf\rs

        In the property files, set the following parameters for your implementation.

        Property
        Description

        protocol

        The connection protocol, such as HTTPS.

        hostname

        The name of the server host where the Self-Service application resides.

        application_name

        The name of your Self-Service application.

        port

        The port number for accessing the Self-Service application.

        sso_protocol

        The name of the single sign-on protocol, such as HTTPS.

        sso_server_hostname

        The name of the server host of the single sign-on system.

        sso_application_name

        The name of the single sign-on application.

        sso_application_port

        The single sign-on port number.

        sso_login_url

        The login URL of the single sign-on application.

        sso_logout_url

        The logout URL of the single sign-on application.
        f
    3. Enter Ant. The script automatically runs Options 5 - 10.
  12. Copy the following EAR files from the EDX_HOME/samples/sso/CAS/target directory to the EDX_HOME/J2EEApp folder, and then redeploy the files:
    • selfservice-weblogic-7.0.ear
    • rs-weblogic-7.0.ear
    • csr-app-7.0.ear
    
Integration Guide for Oracle Billing Insight Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Legal Notices.