Help - Search - Members - Calendar
Full Version: SSO Integration with Microsoft Outlook
Oracle DBA Forums > Oracle > Oracle Forum
Balasubramanian
Hello All,

Could anybody let me know how to integrate SSO/OID with Microsoft Outlook?

SSO/OID Bi-directional provisioning has been integrated successfully with E-Business Suite 11.5.10 CU2.

To move forward, please refer me any document that explains about SSO/OID integration with Microsoft Outlook.

Thanks n advance.

Bala
HAL9000
Hi Bala,

SSO was designed for Oracle products, and you can incorporate it into web-based e-mail with external SSO.

But Outlook? I don't see how it would work? Let’s look at the steps that happen when an OracleAS client connects to their application with SSO:

1 - The user requests a URL through a Web browser. This URL is intercepted by the Oracle HTTP server.

2 - The HTTP server calls mod_osso to locate a cookie for the user on the HTTP server. If the cookie exists, the Web server extracts the user's information and uses it to log the user in to the requested application. At this point the connection is established.

3 - If the cookie does not exist on the HTTP server, mod_osso redirects the user to the Single Sign-On server.

4 - The Single Sign-On server makes a request back to the users browser to see if a local cookie exists on the users PC. If it finds no remote cookie, SSO tries to authenticate the user with a user name and password. If authentication is successful, the Single Sign-On server creates a cookie in the browser as a reminder that the user has been authenticated. If a cookie exists, the Single Sign-On server will authenticate using the cookie.

5 - Upon successful sign-on, the SSO server then returns the user's encrypted information to mod_osso.
Mod_osso creates a cookie for the user and send it to the browser PC. It then redirects the user to their original URL page.


As stated, external SSO identification allows any third-party products to be incorporated in a Oracle9iAS system. External applications use the Oracle Internet Directory and Oracle9iAS handles authentication using standard LDAP entries. At connect time, Oracle9iAS binds to OID and looks up the remote users credentials in the appropriate directory on the server.

This links show how to use SSO with an external e-mail application, gmail:

http://advait.wordpress.com/2008/05/08/reg...ion-server-10g/

I have tried registering gmail as external application and I can access gmail without providing username and password once I login into SSO of my application server.

Here are the steps to do the same.

1) Connect to orasso application using http://(hostname):(infra http port)/Please/orasso

Example: http://ap101fam.us.oracle.com:7777/Please/orasso

login using orcladmin userID

2) Click on “SSO Server Administration”

3) Click on “Administer External Applications“

4) Click on “Add External Application“

On this page you have to provide following information

Application Name: Google Mail
Login URL: https://www.google.com/accounts/ServiceLogi...th?service=mail
User Name/ID Field Name: Email
Password Field Name: Passwd
Type of Authentication Used: POST

Here Application Name is any name that you can give.

Login URL you can find by going to mail.google.com in you browser and view -> Page Source. In this you can search for “action=” and you will get the URL. Put this URL in “Login URL” field.



For User Name/ID field, you can again view the source and seach for “Username“. You can put the name for this field in source file into User Name/ID field.



Note that name for Username field on gmail home page is “Email”. Also you have to put all other hidden attributes in “Additional Fields” section as given below.



Similarly, search for “Password” in the source page and put the name of Password field in “Password Field Name” in orasso page.

Once done, you can click on OK. You can see “Google Mail” link will appear in “Edit/Delete External Application” section. You can now click on that link and it will ask you for you Gmail username and password, you can provide the same as given below.



If you check “Remember My Login Information For This Application”, then you wont be asked for Gmail username and password from next time. SSO will store these username and password in OID and when even you login to SSO and click on “Google Mail” in external application, you will be taken to your inbox, without logging into google mail.
Balasubramanian
QUOTE (HAL9000 @ Jun 15 2008, 07:13 PM) *
Hi Bala,

SSO was designed for Oracle products, and you can incorporate it into web-based e-mail with external SSO.

But Outlook? I don't see how it would work? Let’s look at the steps that happen when an OracleAS client connects to their application with SSO:

1 - The user requests a URL through a Web browser. This URL is intercepted by the Oracle HTTP server.

2 - The HTTP server calls mod_osso to locate a cookie for the user on the HTTP server. If the cookie exists, the Web server extracts the user's information and uses it to log the user in to the requested application. At this point the connection is established.

3 - If the cookie does not exist on the HTTP server, mod_osso redirects the user to the Single Sign-On server.

4 - The Single Sign-On server makes a request back to the users browser to see if a local cookie exists on the users PC. If it finds no remote cookie, SSO tries to authenticate the user with a user name and password. If authentication is successful, the Single Sign-On server creates a cookie in the browser as a reminder that the user has been authenticated. If a cookie exists, the Single Sign-On server will authenticate using the cookie.

5 - Upon successful sign-on, the SSO server then returns the user's encrypted information to mod_osso.
Mod_osso creates a cookie for the user and send it to the browser PC. It then redirects the user to their original URL page.
As stated, external SSO identification allows any third-party products to be incorporated in a Oracle9iAS system. External applications use the Oracle Internet Directory and Oracle9iAS handles authentication using standard LDAP entries. At connect time, Oracle9iAS binds to OID and looks up the remote users credentials in the appropriate directory on the server.

This links show how to use SSO with an external e-mail application, gmail:

http://advait.wordpress.com/2008/05/08/reg...ion-server-10g/

I have tried registering gmail as external application and I can access gmail without providing username and password once I login into SSO of my application server.

Here are the steps to do the same.

1) Connect to orasso application using http://(hostname):(infra http port)/Please/orasso

Example: http://ap101fam.us.oracle.com:7777/Please/orasso

login using orcladmin userID

2) Click on “SSO Server Administration”

3) Click on “Administer External Applications“

4) Click on “Add External Application“

On this page you have to provide following information

Application Name: Google Mail
Login URL: https://www.google.com/accounts/ServiceLogi...th?service=mail
User Name/ID Field Name: Email
Password Field Name: Passwd
Type of Authentication Used: POST

Here Application Name is any name that you can give.

Login URL you can find by going to mail.google.com in you browser and view -> Page Source. In this you can search for “action=” and you will get the URL. Put this URL in “Login URL” field.
For User Name/ID field, you can again view the source and seach for “Username“. You can put the name for this field in source file into User Name/ID field.
Note that name for Username field on gmail home page is “Email”. Also you have to put all other hidden attributes in “Additional Fields” section as given below.
Similarly, search for “Password” in the source page and put the name of Password field in “Password Field Name” in orasso page.

Once done, you can click on OK. You can see “Google Mail” link will appear in “Edit/Delete External Application” section. You can now click on that link and it will ask you for you Gmail username and password, you can provide the same as given below.
If you check “Remember My Login Information For This Application”, then you wont be asked for Gmail username and password from next time. SSO will store these username and password in OID and when even you login to SSO and click on “Google Mail” in external application, you will be taken to your inbox, without logging into google mail.



Hal,

Wow wow.. Nice, i wish i would try it this week-end. Before that i would like to thank you for such a note.


Thanks,
Bala
Balasubramanian
QUOTE (Balasubramanian @ Jun 17 2008, 11:40 AM) *
Hal,

Wow wow.. Nice, i wish i would try it this week-end. Before that i would like to thank you for such a note.
Thanks,
Bala



Hi,

It did work but still looking out for integrating Outlook.

Thanks,

Bala
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.