SSO, OID, Multiple Realms, and Windows - A Sob Story

Was in the process of setting up a test environment to test my PKI certificate Forms/SSO login module's ability to login users who's DNs didn't match the default realm and discovered I would need to register the second realm with SSO after creating it in OID.

Dug into section 10 of the Oracle Application Server Single Sign-On Administrator's Guide and lo and behold the two scripts provided by Oracle to register a second realm with SSO are C shell scripts, specifically enblhstg.csh and addsub.csh.

C shell scripts don't run on a Windows box. In fact, the guide helpfully tells you this. No .bat files, no perl, just C shell scripts.

I worked until 10:00 p.m. last night (we're on a Monday deadline to deliver this solution) de-coding the scripts. I found two PL/SQL scripts and one procedure that applied to SSO (the rest are for Portal, which we don't use). I did some further de-coding and figured out what parameters these scripts needed. I got one of the scripts to run successfully from SQL*Plus, the second I de-coded further and did a manual insert into orasso.wwsub_model$ of what I assumed to be the correct values. But it didn't work, SSO does not recognize the second realm and now I'm waiting while my OAS 1012 installation wipes itself out. I'll rebuild it and set the default OID realm at the highest level possible (dc=com) and hope that the containers I create under it for the different DN's works - but I'm not too optimistic and I've kissed my weekend goodbye.

I discovered this blog has been linked to an Oracle blog aggregator - if anyone from Oracle is reading this please tell us WHY you would ship a product for a Windows platform but provide scripts that can only be run on UNIX/LINUX platforms?

I mean really - what the hell?

LDAP Connections and OID DAS Redirect

Well.

I somehow slapped together enough Java and html code to register a new user for our Oracle Forms application in Oracle Internet Directory (OID) and create a Resource Access Descriptor (RAD) for them containing her back-end database connect string information. This is the "proof-of-concept" version though, I still have some work to do before its ready for release. Two questions remain:

1. Where/how do I create and store the LDAP-server (OID) connection information the servlet needs to create a new user and their RAD? Right now it's all hard-coded and of course that won't fly since this application needs to be portable.
2. After a new user's RAD is created in OID, they are re-directed to the following URL when passed-off to the Forms application:

http://hostname:oid port/oiddas/ui/oracle/ldap/das/mypage/AppCreateResourceInfo

Because we're configured for SSL, this gives a 404 Page Not Found error. I need to know where and how to change the http:// to https://. I have posted the question on the OTN forums, but it's always 50-50 if you'll get a response. Anybody here know?

These are minor problems compared to building the registration module. It's only two Java servlets and an html page, but it works. As soon as this release goes out the door I'll start working on converting this into a JSP page(s). But for right now I'm just relieved its done and thankful for everything I've learned in the process about JDev 10.1.3 and OAS 10.1.2