Next: Build a JSP That Reads and Stores X.509 Certs

Now that my OAS 10g R2 10.1.2.0.2 App server is configured for client-side authentication, I am moving on to the next problem, which is figuring out how to register first-time users.

The Oracle Single Sign-On server requires a copy of the client certificate be stored in Oracle Internet Directory. That means each user must have an entry in OID to store the certificate in.

This is sequence of steps required to register a first-time user of our reduced sign-on enabled Forms application:

1. User opens JSP
2. JSP pulls user's X.509 certificate from the user's browser
3. JSP reads user's DN from certificate
4. JSP searches for user's DN in OID
5. If DN is found, cert is passed to SSO for authentication
6. If DN is NOT found, user is redirected to a registration page
7. User is prompted for their username (this step requires a personnel record containing the username be created for the user by an administrator in the backend database prior to registration)
8. Personnel records searched for username
9. If username not found, prompt user to re-enter username or contact administrator
   
10. If username found, create an entry in OID for user containing the following
1. DN
2. X.509 Cert
3. Resource Access Descriptor (database connect string for backend database)
11. User logged into account

I'm guessing the main page will be a JSP, the username prompt page either a JSP or a simple HTML form, and there will be a servlet that handles the OID and backend database queries and user entry creation on OID. At least that's the plan. . .

For experienced programmers, I'm sure this would be a trivial task. But because I've spent 98% of my time configuring and installing database and application servers, this is non-trivial for me. I have downloaded the latest version of JDeveloper, and am refreshing my scant knowledge by re-doing several of the beginning tutorials. Don't know how long this will take, but it at least its something new to work on.