Simple queries on ALUI - ALUI CodeShare(Archived)

Hi All,
I am newbie to AquaLogic Portal and have some queries.
1-Do we need to worry about session synchronization of any means between the portal and tomcat?
2-Can we validate that we do not receive any requests from users who are signed-off or session timed out on the portal server?
Looking forward for your support.


Java Servlet Get Portal Username

I have perused through many of these forums looking for a clear answer to a problem I desperately need an answer to. There are a lot of interesting ideas, but nothing clear or definitive in my mind. I have a Java servlet loaded onto the Application Server that my Portal instance is on. I need to be able to pass the portal username to the servlet when it is executed from Portal. How is the best and most secure way of handling this? 
Are you using the Java Portlet Development Kit (JPDK) for developing your portlet?
You can get the identity from an instance of the oracle.portal.provider.v2.http.ServletProviderUser class.
You can secure integrity of the information by configuring for Message Authentication, as described in the Portal Developer's Guide.
The short answer is no, I am not user the JPDK, primarily because I don't want a portlet. In my thinking there is just no reason to create an entire portlet out of this. My situation is as follows. I have developed a servlet that has the sole purpose of getting the username, and some additional preconfigured info in order to send encrypted login information to a completely different server in order to authenticate to a third party application. Hopefully, this will shed a little more light on this. 
In this case, why don't you just configure the servlet to use single sign-on (JAZN-LDAP), and thereby obtain the username through the standard HttpServletRequest.getRemoteUser?
Information on configuring a Servlet for Single Sign-On authentication is available in the OC4J Security Guide:

ALUI 6.5 SSO Performance Issues

We have ALUI 6.5 running on WebLogic 10, with IIS as the Image Server. We enabled basic SSO options by modifying the portalconfig.xml and setting up the Aqualogic Authentication Source in the portal. This works and allows users on the same domain to be logged in automatically.
However, the performance is extremely slow. It takes over 1 minute from the time that the URL is entered in to be logged in. I read some posts elsewhere that say that performance can be improved by limiting SSO protection to only the SSOServlet.
Can someone provide some help on how to do this?
Thanks in advance. 
I'd try to isolate where the delay is occurring, using log files or network tracing.
Are you using WIA?
protecting only the SSO servlet may be useful depending on your configuration (do you want to allow guest access, for example), but shouldn't make login times jump to 1 minute. I think you have another issue. 
How do we make sure we are only protecting the SSOServlet?
How do we make sure our portal session timeout is slightly shorter than our SSO session timeout? 
its dependent on your environment, you're going to have to be more specific.
whats your web server / sso provider? 
What are you using for SSO?
If you're using Siteminder you need to adjust your policy server to only protect SSOServlet 
1 minute eeeh?
Not sure if I am completely off the mark here, but have you checked to see whether your portlets are cached on the first page? This is quite common. To try and isolate where the problem is as the previous posts have recommended just disable all the webservices for the portlets on the first page this way you can at least rule out the portal/portlet possibility. 
I was using basic SSO and WIA for the single sign-on. The environment consisted of ALUI 6.5 deployed in Active Directory and WebLogic 10 MP1. However, I am now testing deploying the web application in .Net IIS and not using WebLogic.
Can someone point me to the SSO documentation to implement this with .Net on WebCenter 10.3 Interaction?
to protect only the sso servlet, you would set IIS to allow anonymous on the portal subdir but disable anonymous and turn on integrated auth on the SSO subdir.
look in the admin docs for the SSO configuration details. you have to edit portalconfig.xml. 
I was able to improve the performance by deploying in .Net versus WebLogic and protecting only the SSO virtual directory in IIS. Login is almost instantaneous now.
Thanks for all the responses.

Help dealing with Firewall, and URL Services

We have recently installed the PDK URL Services for Portal to help
fulfill a requirement to enable Single Sign-On to access web sites
outside our client's network. We have hit a snag though, in that the
client has in place a firewall that challenges the browser at each
request to access an outside site. URL Services does not seem equipped
to handle these extra challenges in addition to the Single Sign-On
Username and Password requirements.
Has anyone dealt effectively with this problem? Is there an effective
remedy or technique using SSO /URL Services providers that will allow
this to take place? Can we more effectively use the built in proxy
services to help us with this?
We are currently using the latest URL Services download under Portal on Solaris.
Thanks in advance for any help on this, our need is urgent, and time is
Stuart Dautrich

want  JSP-Appl. authenticated by Portal vs. SSO-Partner-Appl.

iAS 112
Solaris 2.7/SuSE-Linux 7.2
DB 8.1.7/
Hello, we have developed an JSP based application. There should be a maximum on security with respect to permit access the JSPs only to authenticated users. On the other hand, it should be as comfortable to the user as possible. The application should only be accessible as a portlet. With respect to the comfortability, the user should need only to log in to the portal. There should be no need to log in twice.
So, how to realize that?
If I studied the documentation (eg. A90343-01) and if we would use ssoinclude.jsp. we would not get the link to use the application cookie for the portal itself (in its role as an partner application itself).
How can we (re-)-use the Portal cookie?
What migt be security issues doing it this way?
Thanks in advance for your prompt feedback
with best regards
M. Schwarz

Portal as an External Application

I'd like to refer from a portal instance to another one. They're independent, the Login Servers are managed independently too.
I remember having seen a document how to set up the remote portal as an external application, but can't find it any more.
Is there any easier way to integrate the two portals?
We're working on an enhanced way of doing this for V2. In essence, you will be able to expose one portal as a provider of portlets to another. But, you will likely be required to share one login server to do this. Is there a specific issue with sharing a single login server? 
This sounds quite reasonable in an enterprise environment, I'm looking fw excited!
However, it doesn't solve the (minor) issue when having portal on a laptop, and want to take advantage of SSO against an other portal (+Login Server) instance.
Can a parameter be passed to the Login Server authentication page/form what URL I want to access after having been authenticated?
That would help me, I suppose.