Skip to main content

Add a user to the JavaSSO

In AS 10.1.3.x Oracle came up with the JavaSSO. Seems to be (from a high level perspective) a poor man's version of the SSO from the AS 10.1.2.x.

Having said this it strikes me how little documentation is available for this feature.

But we're explorers, aren't we?

JavaSSO is based on a file based security provider. The two main files are:
- jazn.xml
- system-jazn-data.xml

Both exist in the $OH/j2ee/ directory. This means that if you have more than one OC4J instance you need to edit both.

The most basic task is to add a user. You can - of course try to do this by editing the xml files, but luckily Oracle provides the jazn.jar tool.

Make sure that you use the correct java executable and start it:

java -jar jazn.jar -adduser jazn.com andreas welcome1

You will be asked for the AbstractLoginModule username (oc4jadmin) and its password.

Now we have a user but usually this has to be added to a role before it can do something useful:

java -jar jazn.jar -grantrole users jazn.com andreas

Now the user is added and we will prevent the ugly errors - such as:
Labels:

Comments

Unknown said…
Actually JavaSSO works with any security provider, not just XML i.e., users in system-jazn-data.xml. That is where it differs from the more enterprisey Oracle SSO. You can configure Oracle provided LDAP security provider for OID or use any custom login module (say, something based on a database - try the DBTableOraDataSourceLoginModule).
Just make sure that JavaSSO and the partner application are both configured for the same login module.
4:57 AM
Andreas said…
Yes, but I'm still struggeling to use OpenLDAP for that matter. It seems that the authorisation works but apparently Oracle uses some more group based entries in the LDAP before an application like the Wiki of WebCenter will work.
1:26 PM
Jamie Kinney said…
Thanks for the very helpful post! You saved me some time.
6:56 PM
Vidya said…
How can we create groups in jazn.com. This can be created from admin console in 10.1.2 but in 10.1.3 I am not able to see any provision for creating groups.
1:20 PM
Post a Comment

Popular posts from this blog

Oracle Fusion Middleware Forum in Valencia

Last week the 22nd Fusion Middleware and PaaS Partner Community Forum took place in Valencia, Spain. For me this was a very valuable experience - again as I have visited a number of #ofmForum before. Let me recap here the highlights of this meeting. After a great Welcome-Reception the evening before, where everybody had the chance to catch up with a large number of old (and soon-to-be new) friends, the conference started with a kind of the state of the union by Jürgen Kress. The community already has more than 8000 people. This - in a fact - is a tremendous achievement. Everybody agrees that this is only possible by the relentless work of Jürgen who puts a big effort into this. It shows that other areas inside the Oracle technology stack do not benefit by equivalent communities. Even other communities, when they exist at all, do not compete in the same league. So a VERY BIG THANK YOU for Jürgen is at its place here. After the opening a keynote from Alistair Hopkins showed ver...
Post a Comment
Read more

Paas Summercamp 2017 in Lisbon

So – another summer camp is over. What was the outcome of this? Was there more to it than meeting some old friends, dive into some slides, get your hands dirty on new versions and finally talk about it over a glass of Portuguese wine or beer? So let’s start at the beginning – where are we right now? In the Process Cloud Service track the global PM Nathan Angstadt kicked of the session by asking how many projects we are on that use PCS and how we get along selling the product. The outcome was somewhat predictable: about one or two participants were on PCS projects, and selling is still a big issue. We discussed the various reasons for that. The main essence was that the PCS is often positioned at previous BPM customers who still have to deal with large BPM implementations and are somewhat afraid of the new PCS-style. BPM and PCS are two different things. They target different customer issues. BPM is still useful when it comes to large scale implementation...
Post a Comment
Read more

USB2 for Logitech wireless keyboard/mouse

I have bought an Acer E17 laptop. Also I redecorated my study room - so I wanted to get rid of all the clutter, plus sharing the desk with my wife and use the big screen I have - which sat idle on my old desk. So I thought to get a docking station. Just a brief check on the underside of the Acer's (I have three now) showed me that they are not in the league of grown-ups when it comes to the point of supplying docking station slots. So I tried to use a wireless keyboard and mouse from Logitech which I bought a year ago. However there was sometime a big lag in the keyboard and also the mouse did not react that well. Looking on the internet I found a number of folks who complained about this but only little help in solving the problem. Finally I stumbled over a posting that stated that USB2 would be a better choice than USB3, as this scans more devices on more frequencies. So I put the receiver in the USB2 port and since then I am a happy computer user again, not wishing to ...
Post a Comment
Read more