HomeOracle Page 8 - Oracle Application Server 10g Architecture and Administration
Single Sign-On (SSO) - Oracle
Get an overview of the Oracle Application Server 10g architecture, its functional components, the administrative tools for application development, and examples of commands that are used to perform frequent Application Server 10g administrative functions. This chapter is from the book, Oracle Application Server 10g Administration Handbook, by John Garmany and Donald K. Burleson (McGraw-Hill/Osborne, ISBN: 0072229586, 2004).
With Single Sign-On, a client can sign onto the application once and be automatically authenticated for other components within the application server, as well as to external applications if properly set up. SSO provides a central authentication repository rather than having a separate authentication for each application on the server. SSO uses the Infrastructure instance to validate users as they move from application to application without forcing them to reauthenticate.
The SSO component interacts with the Oracle HTTP Server (OHS) and allows the formatting of Single Sign-On information as an open source Apache header. Note that SSO only functions within the domain of your Oracle system. Many distributed e-commerce systems communicate with third-party portals, and SSO cannot be extended to service these external clients. For example, an Oracle e-commerce site might need to process a payment request with Cybercash, and Cybercash would require its own independent SSO mechanism. Hence, many Application Server 10g administrators must develop XML Data Type Definition (DTD) protocols for communication with external third-party systems.
We will discuss SSO and other components of Application Server 10g security in great detail in Chapter 12.
Oracle Internet Directory
The Oracle Internet Directory (OID) is a Lightweight Directory Access Protocol (LDAP) directory service that provides centralized storage of information about users, applications, and resources in your enterprise. Coupled with SSO, OID allows end users to sign on one time and use their predefined OID credential (set up by the DBA). This credential defines those components of Application Server 10g with which the end user is allowed to interface.
Because it is LDAP-compliant, OID can be viewed as a simple lookup mechanism for web services. For example, LDAP entries can be used instead of entries in the traditional tnsnames.ora file, thereby allowing connectivity for clients anywhere on your network. This technique has replaced the obsolete Oracle*Names tool as a method for defining services for Oracle.
In sum, OID is an easy-to-configure tool for defining end-user access with Application Server 10g. Because it is tightly coupled with SSO and advanced security, OID is a critical component of Oracle security management. OID is managed with a GUI called Oracle Directory Manager (ODM). We will discuss this tool for managing data access rules in great detail in Chapter 12, along with other security topics.
Metadata Repository (Infrastructure)
The metadata repository is a critical component of Application Server 10g because it allows for a common management interface between multiple instances of Application Server 10g and the other components. The metadata repository is commonly referred to as the Infrastructure, which is common to all Application Server 10g farms and components that share a common definition. We will discuss the Infrastructure in great detail in Chapter 3.
Oracle Management Server (OMS)
With the Oracle Management Server, administrators can include the Application Server in a centrally managed configuration using Oracle Enterprise Manager (OEM--a separate product). OMS is a component of the Oracle Enterprise Manager console, used to manage Application Server 10g instances, databases, and other components. The foremost feature of OMS is its ability to store OEM data inside the metadata repository. This storage ability of OMS allows administrators to share server configuration information, scheduled events and jobs, and notifications of failures. To start OMS, you use the emctl command and issue the emctl start oms command to start the web servers and OMS processes.
Because OMS is the “glue” that binds all of the Application Server 10g components together, we will be visiting OMS functionality throughout this book. OMS provides the important functions of user administration, and manages the flow of information between the OEM console and all managed nodes. OEM allows for any server to become a managed node by installing an Oracle intelligent agent (OIA), thereby making it accessible with the central administrative GUI. An OIA is a daemon process that interfaces with the database and operating system on each server within each Application Server 10g farm. The intelligent agent performs localized execution of tasks as directed by the OMS, and for Oracle servers, the OIA performs time-based database monitoring. The concept of managed nodes adds power to OEM, allowing the Application Server 10g DBA to quickly apply configuration changes to many server components.
For Java developers, TopLink provides a mechanism for making Java objects persistent across sessions. In object-oriented (OO) languages such as Java, C#, or C++, objects can be instantiatedand destroyed according to the needs of the program.
The problem is that OO languages like Java create objects in the RAM heap, and upon termination of the program, all of the program’s objects are destroyed. Oracle Application Server TopLink 10g is a persistence framework that enables object persistence by supplying routines that can be invoked to store Java objects in relational database tables (in any relational database that supports JDBC). In addition, TopLink provides a GUI tool, the Mapping Workbench, that greatly simplifies the task of mapping Java objects and their attributes to database tables. TopLink also provides powerful features like a query framework, object-level transaction support, relationship mappings, object caching, and much more. Prior to TopLink, the programmer would have to write custom JDBC code to store and retrieve the Java object’s attributes to/from a relational table. This is not only extremely time consuming and error prone but also difficult to change. TopLink is built on top of JDBC but does not require developers to use JDBC (or even SQL!). TopLink supports all J2EE compliant application servers, and can be used to store object data from standard Java objects, as well as entity beans. Please refer to the Oracle Application Server TopLink 10g documentation for more information.
This chapter is from Oracle Application Server 10g Administration Handbook, by Garmany and Burleson. (McGraw-Hill/Osborne, 2004, ISBN: 0072229586). Check it out at your favorite bookstore today. Buy this book now.