Partner applications are those which are deployed in one of the OC4J instances of Oracle Application Server. Also External applications are those which are external to you oracle application server, example gmail client. Suppose that you have installed an Oracle Application Server and one of your product team hands over you an EAR file for deploying on a newly installed application server. You will quickly create an OC4J instance and deploy the EAR file. This application which you deployed in you application server becomes partner application.
We can register such partner application and make them SSO enabled. Below are the steps for doing so.
Enabling SSO for Partner Applications:
Follow the below steps for enabling SSO for partner applications.
1) Login to SSO administration application using orcladmin/<password>
SSO Administration URL: http://(hostname):(port)/pls/orasso
2) Click on “SSO Server Administration”
3) Click on “Administer Partner Applications”
4) Click on “Add Partner Application”
5) Enter the information in the fields present under “Partner Application Login”. You can leave the other fields as it is default.
If you see here, we are using logout URL as http://www.google.com. This is just to verify that logout is taking us to the desired URL that we enter here. If we put again our application URL then you wont know the difference. However many applications has there own logout URLs, you can put the same here.
Click on Apply.
It will generate following information.
Encryption Key: 73A5A67FE93E03D8
Login URL: http://ap101fam.us.oracle.com:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: http://ap101fam.us.oracle.com:7777/pls/orasso/orasso.wwsso_app_admin.ls_logout
Click on OK
You can see that your application got added in list of registered applications in SSO.
oho Wait wait !! we are not done yet.
Once you do this and try to access the application, it won’t ask for SSO login. why?? how does your HTTP server know that this application is been registered in SSO? For this you need tell HTTP server that this applicaiton is now registered in SSO and if a user tries to access this applicaiton he should be diverted to SSO login page. This is done by mod_osso.conf. We put the entry of our application in mod_osso.conf and bounce HTTP_Server component. But be careful to make changes in mod_osso.conf file of tier where your original application (which you registered in SSO) belongs. My application was deployed in one of the OC4J instance of mid tier. So will make changes in mid tier mod_osso.conf file and will bounce mid-tier Apache.
You need to make following changes in mod_osso.conf file
Here /hrapp is the application context root of applicaiton we deployed.
Bounce HTTP Server in mid tier
bash-2.05$ ./opmnctl stopproc ias-component=HTTP_Server
opmnctl: stopping opmn managed processes…
bash-2.05$ ./opmnctl startproc ias-component=HTTP_Server
opmnctl: starting opmn managed processes…
Now try accessing the application hrapp and this time it will ask for SSO login and password. So even though there was no login required for this application, by registering in SSO we made it SSO enabled.
Hope this helps !!