[Yale] CAS Detailed Solution Design Document

[Yale] CAS Detailed Solution Design DocumentPrepared by Shane Anderson

Author: Ken Konopka

Creation Date: 02-DEC-2002

Last Updated: 02-DEC-2002

Updated by: Ken Konopka

Control Number:

Version: 1.1

/tt/file_convert/577cc7cd1a28aba711a1bd61/document.doc

Page i

Reviewers

Name Position

Anne Anderson

Distribution

Copy No.

Name Location

1 Library Master Project Library23


Page ii

Contents

Introduction.....................................................................................................................................................................................4

Technical Resources and Contacts................................................................................................................................................5

Functional Specification.................................................................................................................................................................6Purpose.........................................................................................................................................................................................6Objective:......................................................................................................................................................................................6Requirement..................................................................................................................................................................................6

Technical Specification...................................................................................................................................................................7Purpose.........................................................................................................................................................................................7New Packages...............................................................................................................................................................................7Changed Packages........................................................................................................................................................................7Other changes...............................................................................................................................................................................7

CAS Calling Trees..........................................................................................................................................................................8Main Login...................................................................................................................................................................................8Recreate Session Login.................................................................................................................................................................8Procurement Email Login.............................................................................................................................................................8

CAS Main Login Flowchart...........................................................................................................................................................9

CAS Recreate Session Login Flowchart.....................................................................................................................................10

CAS Procurement Email Login Flowchart.....................................................................................................................................11


Page iii

Introduction

This document summarizes the business requirements of Yale implementation of the CAS login for the R11i Oracle Applications, and sets out the solution for each requirement. This document serves as a confirmation that both the functional and technical teams understand the application requirements.

Each business requirement includes a summary of specific requirements, a description of the functionality, assumptions, and the recommended approach to satisfy the stated requirements. The solutions may include use of standard features, configuration options, database extensions, product customizations (new or modified programs), and business process changes.


Page 4

Technical Resources and Contacts

Anne Anderson, Technical Lead - 436-3902

Ken Konopka, Programmer/Analyst - 432-6635

Shawn Bayern, Programmer/Analyst (CAS Team) - 432-6687

Andy Newman Director Technology & Planning – 432-6696


Page 5

Functional Specification

Purpose

Yale University is attempting to move to a “single signon” model for all Web based applications. Yale’s Central Authentication Service (CAS) is the main component of this push toward single signon. In an effort to comply with this directive, the decision was made to use the Oracle Self Service menu structure as the preferred default for the Oracle R11i Applications, and to replace the seeded Oracle Self Service login page with the CAS login.

Objective:

Replace all entry point authentications into the Oracle R11i Applications with the CAS login authentication.

Requirement

1. Authenticate Oracle Applications user through CAS. 2. Make sure all application entry points use CAS authentication.3. Change the error handling seeded code to point to the CAS login for re-authentication

when an error condition is encountered in the applications. 4. Change the default home URL for the applications to the CAS login URL. 5. Disable the Change Password option within the Oracle Forms applications to avoid

confusion for the end users. 6. Update all existing active Oracle Applications passwords to the 16 character string

originally created for START Web User passwords. 7. Provide code for re-validation of user password for Effort Reporting.


Page 6

Technical Specification

Purpose

Outline the coding changes needed to implement the CAS login for the Oracle Applications.

New Packages

1. YUAPPS_ORACLE_LOGIN – Package containing the entry points into the Applications.

2. YUAPPS_CAS – Package containing the redirects to CAS and the CAS processing.

Changed Packages

1. ORACLEAPPS – Changed the displayLogin procedure to call the CAS login in error conditions and in situations where an expired session is being recreated.

2. POR_REDIRECT – Change the REQSERVER procedure to check to see if the user has a session established. If not call the CAS login to establish a session and then pass control back to this procedure.

Other changes

1. An Oracle Wallet needs to be created on the Database Server in the following path: /etc/ORACLE/WALLETS/oracle with a password of ‘oracle’.


Page 7

CAS Calling Trees

Main LoginThis is the call path for the main entry point into the Oracle Applications. The YUAPPS_CAS.DO_LOGIN procedure is actually called twice, the first time to create a CAS Authentication ticket, and the second time to validate the ticket that was passed back from the first call. I have consolidated this to one call in the calling tree because this process is entirely controlled by CAS and not a point of concern in the login process. The call to the ORACLEMYPAGE.HOME procedure passes control of the processing back to Oracle seeded code.

YUAPPS_ORACLE_LOGIN.HTML YUAPPS_ORACLE_LOGIN.LOGIN

YUAPPS_CAS.DO_LOGINYUAPPS_ORACLE_LOGIN.LOGIN

YUAPPS_ORACLE_LOGIN.HOMEORACLEMYPAGE.HOME

Recreate Session LoginThis is the call path that would be used if a user’s session had timed-out, and they were attempting to re-establish the connection. The entry point here is the customized ORACLEAPPS.DISPLAYLOGIN procedure. The YUAPPS_ORACLE_LOGIN.HOME procedure is only called in this tree if the session row in the ICX_SESSIONS table has already been deleted when the recreate session is attempted. This will result in a new session being created, and the end user being brought to the main menu.

ORACLEAPPS.DISPLAYLOGINYUAPPS_ORACLE_LOGIN.RECREATE

YUAPPS_CAS.DO_LOGINYUAPPS_ORACLE_LOGIN.RECREATE

YUAPPS_ORACLE_LOGIN.RECREATE_SESSIONYUAPPS_ORACLE_LOGIN.HOME (only if session information is no longer in ICX_SESSIONS table)

Procurement Email LoginThis is the call path that would be used if a user attempts to view or edit a Requisition from one of the Procurement Workflow Email notifications. If the user is already logged into the Oracle Applications, the processing is bypassed, otherwise it calls CAS to authenticate the user, create a session, and then passes control back to the entry procedure to process the request.

POR_REDIRECT.REQSERVERYUAPPS_ORACLE_LOGIN.DIRECT_LOGIN

YUAPPS_CAS.DO_LOGINYUAPPS_ORACLE_LOGIN.DIRECT_LOGIN

YUAPPS_ORACLE_LOGIN.HOMEPOR_REDIRECT.REQSERVER


Page 8

CAS Main Login Flowchart


Page 9

CAS Recreate Session Login Flowchart


Page 10

CAS Procurement Email Login Flowchart

[Yale] CAS Detailed Solution Design Documentdocument.doc

Page 11


Page 12


Page 13

Documents

[Yale] CAS Detailed Solution Design Document