Posts Tagged ‘sso’

Customize IIS error pages to augment WIA authentication

Wednesday, March 30th, 2011

When you configure SSO (Single Sign-On) in the WCI portal, you’re basically telling the portal to redirect to the /portal/sso/SSOLogin.aspx page, and configuring your SSO product to “protect” that page.  I could write volumes about this topic – and probably will at some point – but for this post let’s consider Windows Integrated Authentication (WIA).

The trick to configuring Windows Integrated Authentication for the portal is to enable Integrated Windows authentication on the “sso” folder like this:

This allows IIS to authenticate the user and pass the username to the portal through the portal session.  But, if the user can’t authenticate for some reason, they may see a screen like this:

While I’ll call out a portal bug any day of the week, this isn’t one of them: the portal is doing exactly what it’s supposed to, and in this case that is NOTHING.  The above error comes from IIS, and the portal never even sees the request to take action on it. [side note: in my last post, I mentioned working on a WebDav fix for Collab; it’s looking like the problems with Windows 7/Office 2010 aren’t Collab’s “fault”, but – like this issue – are the fault of the application server handling the requests.]

Now that we’ve established the issue is with IIS and not the portal, the “fix” is pretty straight-forward.  Just craft a custom HTML error page that redirects the browser back to the portal with this code:


… then, configure IIS to use that error page when the unauthorized message is generated:

This way, if IIS can’t authenticate the user, instead of presenting the error page, it’ll send a redirect to the browser to bounce back to the portal – which will know that it’s already attempted SSO and just present the user with the forms-based login.

Cool Tools 15: Atlassian Crowd

Wednesday, February 23rd, 2011

It’s official: I’m pretty much out of the kind of “Cool Tools” that started the feature in the first place.  I’m pretty sure I’ve covered every tool that I regularly use during the administration of the Plumtree/ ALUI/ WCI portal.  So while I may have a genuine new “Cool Tool” at some point, this category will mostly apply to different applications that augment or replace pieces of functionality in the out-of-the-box WebCenter Interaction product stack.

It’s also (mostly) official that WebCenter Interaction is winding down as a product line, and many clients are formulating their strategy for the next couple years.  While WCI isn’t going to go away tomorrow, at Integryst we’ve been working with a lot of different technologies to help clients evaluate “what’s next”.  It’s clear that there are pretty much three directions clients may pursue:

  1. Stay on the Oracle Gravy Train and work on a migration plan to WebCenter Spaces and the rest of the Oracle stack
  2. Move to a similar competitive enterprise project – particularly, Microsoft SharePoint
  3. Look at building a best-of-breed open-source/inexpensive solution by tying together a bunch of great products

None of these are bad approaches, and in fact all of them are appropriate in different client situations, depending on the portal profile and business requirements.  But expect to see more of option #3 in these pages in the coming months.

As such, let me introduce you to Atlassian’s Crowd.  Crowd is a Single Sign-on product that allows you to stitch together a bunch of disparate web applications together by allowing users to log into one application and navigate to another without having to log in again.  It allows you to create various directories (LDAP, AD, custom sources), and surface those user accounts to different applications (Confluence, Jira, and even – with some custom code – applications like WebCenter Interaction), and has integration points at pretty much every level of the stack.

You’ll be hearing more about Crowd in upcoming posts, as well as some pretty slick hybrid integration solutions that won’t completely lock you in to the Oracle stack, if that’s the way you might be rolling.  Stay tuned!

Oracle Support Master Notes and Webinars

Saturday, October 2nd, 2010

I’ve been critical of Oracle Support in the past, but recently had a great experience with some of the old Plumtree support buddies that are still around – specifically, Merrick Huang in Oracle Support was able to provide a tremendous amount of assistance on a very thorny search issue I was having at a client site and will be writing about here in upcoming posts.  Before we get into the nitty gritty of that problem, I want to share with you a great resource I didn’t know existed until now: Oracle Support Master Notes and Webinars (login required).

The purpose of “Master Notes” is to “provide the most important links that users will need to install and support the product”, and there are some pretty decent pages in there if you know where to look.  For example, the IDK Master Note is a collection of a bunch of documentation, KB articles, known issues, and bug fixes all in one place.

But what I really wanted to highlight here is the Webinars provided by Oracle Support – with one in particular being the best Oracle Webinar I’ve seen: the Search Webinar, by Eno Gjerasi.  Eno shows that there’s still life left from the Plumtree support group, and demonstrates a level of knowledge of the Search Server that rivals most engineers or consultants.  There was one tip in particular that I’ll focus on in upcoming posts (about how to communicate directly with Search), but I encourage you to check out all three Webinars (Search, Portal / SSO, and Analytics) and the other Master Notes – you may just find a gem in there and wonder how you made it all these years without knowing “that one thing” you never knew you needed.

Keep up the good work, Oracle support!