[Yale] CAS Detailed Solution

Design Document
Prepared by Shane Anderson
Author:

Ken Konopka

Creation Date:

02-DEC-2002

Last Updated:

02-DEC-2002

Updated by:

Ken Konopka

Control Number:
Version: 1.1

/var/www/apps/conversion/tmp/scratch_6/235785991.doc
Page i

doc Page ii .Reviewers Name Position Anne Anderson Distribution Copy No. Name Location 1 2 3 Library Master Project Library /var/www/apps/conversion/tmp/scratch_6/235785991.

.....................................................................................................................................................................................................................................................................................8 Procurement Email Login...............................................................................................................................6 Technical Specification ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................9 CAS Recreate Session Login Flowchart.....................................................................................................................................................4 Technical Resources and Contacts......................................................................................................11 /var/www/apps/conversion/tmp/scratch_6/235785991...........................................................................................5 Functional Specification .............................................................................6 Purpose.............................................................................................................7 New Packages............................................10 CAS Procurement Email Login Flowchart...............8 Recreate Session Login.................Contents Introduction..............................................7 Changed Packages.............................................6 Objective:...............................................................................................................................................................................6 Requirement.....................................................................................................................7 Purpose............................................................................................................................8 Main Login.......................8 CAS Main Login Flowchart.................................................................................................................................................................................7 Other changes....................................7 CAS Calling Trees..................................................doc Page iii .........................................................................................................................................................................

configuration options. /var/www/apps/conversion/tmp/scratch_6/235785991. The solutions may include use of standard features. database extensions. and business process changes. This document serves as a confirmation that both the functional and technical teams understand the application requirements. and sets out the solution for each requirement. Each business requirement includes a summary of specific requirements. and the recommended approach to satisfy the stated requirements.Introduction This document summarizes the business requirements of Yale implementation of the CAS login for the R11i Oracle Applications. assumptions.doc Page 4 . product customizations (new or modified programs). a description of the functionality.

432-6687 Andy Newman Director Technology & Planning – 432-6696 /var/www/apps/conversion/tmp/scratch_6/235785991. Technical Lead .436-3902 Ken Konopka.432-6635 Shawn Bayern. Programmer/Analyst . Programmer/Analyst (CAS Team) .Technical Resources and Contacts Anne Anderson.doc Page 5 .

6. 5. /var/www/apps/conversion/tmp/scratch_6/235785991.doc Page 6 . and to replace the seeded Oracle Self Service login page with the CAS login.Functional Specification Purpose Yale University is attempting to move to a “single signon” model for all Web based applications. the decision was made to use the Oracle Self Service menu structure as the preferred default for the Oracle R11i Applications. Objective: Replace all entry point authentications into the Oracle R11i Applications with the CAS login authentication. Update all existing active Oracle Applications passwords to the 16 character string originally created for START Web User passwords. Provide code for re-validation of user password for Effort Reporting. Requirement 1. In an effort to comply with this directive. 3. 7. Disable the Change Password option within the Oracle Forms applications to avoid confusion for the end users. Authenticate Oracle Applications user through CAS. Yale’s Central Authentication Service (CAS) is the main component of this push toward single signon. Change the error handling seeded code to point to the CAS login for re-authentication when an error condition is encountered in the applications. 4. 2. Change the default home URL for the applications to the CAS login URL. Make sure all application entry points use CAS authentication.

YUAPPS_CAS – Package containing the redirects to CAS and the CAS processing.Technical Specification Purpose Outline the coding changes needed to implement the CAS login for the Oracle Applications. /var/www/apps/conversion/tmp/scratch_6/235785991. If not call the CAS login to establish a session and then pass control back to this procedure. Changed Packages 1.doc Page 7 . YUAPPS_ORACLE_LOGIN – Package containing the entry points into the Applications. POR_REDIRECT – Change the REQSERVER procedure to check to see if the user has a session established. 2. Other changes 1. New Packages 1. An Oracle Wallet needs to be created on the Database Server in the following path: /etc/ORACLE/WALLETS/oracle with a password of ‘oracle’. 2. ORACLEAPPS – Changed the displayLogin procedure to call the CAS login in error conditions and in situations where an expired session is being recreated.

and the end user being brought to the main menu.DIRECT_LOGIN YUAPPS_CAS.RECREATE_SESSION YUAPPS_ORACLE_LOGIN.HOME (only if session information is no longer in ICX_SESSIONS table) Procurement Email Login This is the call path that would be used if a user attempts to view or edit a Requisition from one of the Procurement Workflow Email notifications. create a session.HTML YUAPPS_ORACLE_LOGIN. the first time to create a CAS Authentication ticket.HOME ORACLEMYPAGE.DIRECT_LOGIN YUAPPS_ORACLE_LOGIN.HOME procedure is only called in this tree if the session row in the ICX_SESSIONS table has already been deleted when the recreate session is attempted.HOME procedure passes control of the processing back to Oracle seeded code. YUAPPS_ORACLE_LOGIN.RECREATE YUAPPS_CAS. This will result in a new session being created.LOGIN YUAPPS_ORACLE_LOGIN. the processing is bypassed.REQSERVER /var/www/apps/conversion/tmp/scratch_6/235785991.DO_LOGIN YUAPPS_ORACLE_LOGIN. If the user is already logged into the Oracle Applications.HOME Recreate Session Login This is the call path that would be used if a user’s session had timed-out. The YUAPPS_ORACLE_LOGIN.CAS Calling Trees Main Login This is the call path for the main entry point into the Oracle Applications.DISPLAYLOGIN YUAPPS_ORACLE_LOGIN.DO_LOGIN procedure is actually called twice. and the second time to validate the ticket that was passed back from the first call. and then passes control back to the entry procedure to process the request.doc Page 8 .LOGIN YUAPPS_CAS. POR_REDIRECT.DO_LOGIN YUAPPS_ORACLE_LOGIN.RECREATE YUAPPS_ORACLE_LOGIN. otherwise it calls CAS to authenticate the user. and they were attempting to re-establish the connection.DISPLAYLOGIN procedure. The YUAPPS_CAS. I have consolidated this to one call in the calling tree because this process is entirely controlled by CAS and not a point of concern in the login process. The entry point here is the customized ORACLEAPPS.HOME POR_REDIRECT.REQSERVER YUAPPS_ORACLE_LOGIN.DO_LOGIN YUAPPS_ORACLE_LOGIN. The call to the ORACLEMYPAGE. ORACLEAPPS.

login Call YUAPPS_CAS.html Does the Browser have Javascript enabled? No Display warning that Javascript is required Yes Does the browser have Cookies enabled? No Display warning that Cookies are required Yes Call YUAPPS_ORACLE_LOGIN.do_login Redirect to CAS login URL. Return to YUAPPS_ORACLE_LOGIN.Home. Validate User NetID and Password. Yes No Is User ID still effective? /var/www/apps/conversion/tmp/scratch_6/235785991.login Was the user successfully validated? No Display error message Call YUAPPS_ORACLE_LOGIN.doc Page 9 Display error message .CAS Main Login Flowchart Start Call YUAPPS_ORACLE_LOGIN.Home Get User record from FND_USER Establish session and call OracleMyPage.

login.recreate Was the user successfully validated? No Display error message Yes Call YUAPPS_ORACLE_LOGIN.recreate Call YUAPPS_CAS. Return to YUAPPS_ORACLE_LOGIN. Proceed with normal login. .do_login Redirect to CAS login URL.CAS Recreate Session Login Flowchart Start Call ORACLEAPPS.RecreateSession Is the session information still in the ICX_SESSIONS table? Yes Get Session record from ICX_SESSIONS Re-establish session and pass control back to page that the session timed out on.displayLogin Call YUAPPS_ORACLE_LOGIN.doc Page 10 No Call YUAPPS_ORACLE_LOGIN. /var/www/apps/conversion/tmp/scratch_6/235785991. Validate User NetID and Password.

Redirect to POR_REDIRECT. Validate User NetID and Password.do_login Redirect to CAS login URL. Return to YUAPPS_ORACLE_LOGIN.doc .REQSERVER Call YUAPPS_ORACLE_LOGIN.Home Get User record from FND_USER Is User ID still effective? Yes Establish session.direct_login Call YUAPPS_CAS.direct_login Was the user successfully validated? No Display error message No Display error message Yes Call YUAPPS_ORACLE_LOGIN.CAS Procurement Email Login Flowchart Start Call PRO_REDIRECT. Page 11 [Yale] CAS Detailed Solution Design Document 235785991.REQSERVER.

Page 12 [Yale] CAS Detailed Solution Design Document 235785991.doc .

doc .Page 13 [Yale] CAS Detailed Solution Design Document 235785991.

Sign up to vote on this title
UsefulNot useful