Connecting with mod_osso

January 23,  2004
John Garmany


As SSO expanded into the Oracle9iAS architecture, Oracle recognized that the Oracle HTTP Server (OHS) should be included in the SSO framework.  Starting with Oracle9iAS version 2, the mod_osso module was created to allow SSO to function within OHS.

Before mod_osso, specific logic would have to be embedded into the Java application if the application was to use SSO.  The mod_osso module now makes it easy for incoming users to connect directly to SSO, become authorized, and get the required information to access their applications (Figure 2.1).  The mod_osso utility also allows for a single security point, thereby relieving the tedious and cumbersome problem of maintaining multiple security for each Oracle9iAS component.

To see SSO in action, letís look at the steps that happen when an Oracle9iAS client connects to their application:

  1. The user requests a URL through a Web browser.  This URL is intercepted by the Oracle HTTP server.  
  1. The HTTP server calls mod_osso to locate a cookie for the user on the HTTP server. If the cookie exists, the Web server extracts the user's information and uses it to log the user in to the requested application. At this point the connection is established.
  1. If the cookie does not exist on the HTTP server, mod_osso redirects the user to the Single Sign-On server.
  1. The Single Sign-On server makes a request back to the users browser to see if a local cookie exists on the users PC. If it finds no remote cookie, SSO tries to authenticate the user with a user name and password. If authentication is successful, the Single Sign-On server creates a cookie in the browser as a reminder that the user has been authenticated. If a cookie exists, the Single Sign-On server will authenticate using the cookie.
  1. Upon successful sign-on, the SSO server then returns the user's encrypted information to mod_osso.
  1. Mod_osso creates a cookie for the user and send it to the browser PC.  It then redirects the user to their original URL page.

As we see, mod_osso simplifies external authentication and removes the need to write custom code for connection and authentication purposes.  Now that we see how mod_osso is used, letís drill-down and look at how the Oracle9iAS administrator installs, manages and configures SSO.

  The above text is an excerpt from

Oracle Application Server 10g Administration Handbook

by Oracle Press.

Need Oracle App Server Support?

We continue to offer personal app server mentoring for Oracle DBAs who must quickly learn the intricate details of Oracle Application Server.  You can have an Oracle expert right at your fingertips, anytime day or night.

We work with dozens of App Server Oracle databases every year, so we know exactly how to quickly assist you with any Oracle Application Server question. 

Call 800-766-1884 for a custom evaluation.

Burleson Oracle Consulting 






Burleson Consulting

Email: ē Phone (800)

Copyright © 1996 - 2015 by Burleson . All rights reserved.