Upload
tcskumar
View
29
Download
5
Embed Size (px)
DESCRIPTION
saSAs
Citation preview
[Yale] CAS Detailed Solution Design DocumentPrepared by Shane Anderson
Author: Ken Konopka
Creation Date: 02-DEC-2002
Last Updated: 02-DEC-2002
Updated by: Ken Konopka
Control Number:
Version: 1.1
/tt/file_convert/577cc7cd1a28aba711a1bd61/document.doc
Page i
Reviewers
Name Position
Anne Anderson
Distribution
Copy No.
Name Location
1 Library Master Project Library23
/tt/file_convert/577cc7cd1a28aba711a1bd61/document.doc
Page ii
Contents
Introduction.....................................................................................................................................................................................4
Technical Resources and Contacts................................................................................................................................................5
Functional Specification.................................................................................................................................................................6Purpose.........................................................................................................................................................................................6Objective:......................................................................................................................................................................................6Requirement..................................................................................................................................................................................6
Technical Specification...................................................................................................................................................................7Purpose.........................................................................................................................................................................................7New Packages...............................................................................................................................................................................7Changed Packages........................................................................................................................................................................7Other changes...............................................................................................................................................................................7
CAS Calling Trees..........................................................................................................................................................................8Main Login...................................................................................................................................................................................8Recreate Session Login.................................................................................................................................................................8Procurement Email Login.............................................................................................................................................................8
CAS Main Login Flowchart...........................................................................................................................................................9
CAS Recreate Session Login Flowchart.....................................................................................................................................10
CAS Procurement Email Login Flowchart.....................................................................................................................................11
/tt/file_convert/577cc7cd1a28aba711a1bd61/document.doc
Page iii
Introduction
This document summarizes the business requirements of Yale implementation of the CAS login for the R11i Oracle Applications, and sets out the solution for each requirement. This document serves as a confirmation that both the functional and technical teams understand the application requirements.
Each business requirement includes a summary of specific requirements, a description of the functionality, assumptions, and the recommended approach to satisfy the stated requirements. The solutions may include use of standard features, configuration options, database extensions, product customizations (new or modified programs), and business process changes.
/tt/file_convert/577cc7cd1a28aba711a1bd61/document.doc
Page 4
Technical Resources and Contacts
Anne Anderson, Technical Lead - 436-3902
Ken Konopka, Programmer/Analyst - 432-6635
Shawn Bayern, Programmer/Analyst (CAS Team) - 432-6687
Andy Newman Director Technology & Planning – 432-6696
/tt/file_convert/577cc7cd1a28aba711a1bd61/document.doc
Page 5
Functional Specification
Purpose
Yale University is attempting to move to a “single signon” model for all Web based applications. Yale’s Central Authentication Service (CAS) is the main component of this push toward single signon. In an effort to comply with this directive, the decision was made to use the Oracle Self Service menu structure as the preferred default for the Oracle R11i Applications, and to replace the seeded Oracle Self Service login page with the CAS login.
Objective:
Replace all entry point authentications into the Oracle R11i Applications with the CAS login authentication.
Requirement
1. Authenticate Oracle Applications user through CAS. 2. Make sure all application entry points use CAS authentication.3. Change the error handling seeded code to point to the CAS login for re-authentication
when an error condition is encountered in the applications. 4. Change the default home URL for the applications to the CAS login URL. 5. Disable the Change Password option within the Oracle Forms applications to avoid
confusion for the end users. 6. Update all existing active Oracle Applications passwords to the 16 character string
originally created for START Web User passwords. 7. Provide code for re-validation of user password for Effort Reporting.
/tt/file_convert/577cc7cd1a28aba711a1bd61/document.doc
Page 6
Technical Specification
Purpose
Outline the coding changes needed to implement the CAS login for the Oracle Applications.
New Packages
1. YUAPPS_ORACLE_LOGIN – Package containing the entry points into the Applications.
2. YUAPPS_CAS – Package containing the redirects to CAS and the CAS processing.
Changed Packages
1. ORACLEAPPS – Changed the displayLogin procedure to call the CAS login in error conditions and in situations where an expired session is being recreated.
2. POR_REDIRECT – Change the REQSERVER procedure to check to see if the user has a session established. If not call the CAS login to establish a session and then pass control back to this procedure.
Other changes
1. An Oracle Wallet needs to be created on the Database Server in the following path: /etc/ORACLE/WALLETS/oracle with a password of ‘oracle’.
/tt/file_convert/577cc7cd1a28aba711a1bd61/document.doc
Page 7
CAS Calling Trees
Main LoginThis is the call path for the main entry point into the Oracle Applications. The YUAPPS_CAS.DO_LOGIN procedure is actually called twice, the first time to create a CAS Authentication ticket, and the second time to validate the ticket that was passed back from the first call. I have consolidated this to one call in the calling tree because this process is entirely controlled by CAS and not a point of concern in the login process. The call to the ORACLEMYPAGE.HOME procedure passes control of the processing back to Oracle seeded code.
YUAPPS_ORACLE_LOGIN.HTML YUAPPS_ORACLE_LOGIN.LOGIN
YUAPPS_CAS.DO_LOGINYUAPPS_ORACLE_LOGIN.LOGIN
YUAPPS_ORACLE_LOGIN.HOMEORACLEMYPAGE.HOME
Recreate Session LoginThis is the call path that would be used if a user’s session had timed-out, and they were attempting to re-establish the connection. The entry point here is the customized ORACLEAPPS.DISPLAYLOGIN procedure. The YUAPPS_ORACLE_LOGIN.HOME procedure is only called in this tree if the session row in the ICX_SESSIONS table has already been deleted when the recreate session is attempted. This will result in a new session being created, and the end user being brought to the main menu.
ORACLEAPPS.DISPLAYLOGINYUAPPS_ORACLE_LOGIN.RECREATE
YUAPPS_CAS.DO_LOGINYUAPPS_ORACLE_LOGIN.RECREATE
YUAPPS_ORACLE_LOGIN.RECREATE_SESSIONYUAPPS_ORACLE_LOGIN.HOME (only if session information is no longer in ICX_SESSIONS table)
Procurement Email LoginThis is the call path that would be used if a user attempts to view or edit a Requisition from one of the Procurement Workflow Email notifications. If the user is already logged into the Oracle Applications, the processing is bypassed, otherwise it calls CAS to authenticate the user, create a session, and then passes control back to the entry procedure to process the request.
POR_REDIRECT.REQSERVERYUAPPS_ORACLE_LOGIN.DIRECT_LOGIN
YUAPPS_CAS.DO_LOGINYUAPPS_ORACLE_LOGIN.DIRECT_LOGIN
YUAPPS_ORACLE_LOGIN.HOMEPOR_REDIRECT.REQSERVER
/tt/file_convert/577cc7cd1a28aba711a1bd61/document.doc
Page 8
CAS Main Login Flowchart
/tt/file_convert/577cc7cd1a28aba711a1bd61/document.doc
Page 9
CAS Recreate Session Login Flowchart
/tt/file_convert/577cc7cd1a28aba711a1bd61/document.doc
Page 10
CAS Procurement Email Login Flowchart
[Yale] CAS Detailed Solution Design Documentdocument.doc
Page 11
[Yale] CAS Detailed Solution Design Documentdocument.doc
Page 12
[Yale] CAS Detailed Solution Design Documentdocument.doc
Page 13