Jive Forum支持LDAP的認證方式,它有兩種基本模式,一是Mixed Ldap模式,即與認證相關的用戶信息存放在LDAP數據庫中,而用戶的其它信息仍存儲于關系數據庫中;另一種是Pure Ldap模式,即所有用戶信息都存放于LDAP中,但其在部署實現上較為繁瑣,需要擴展LDAP數據庫的Schema。本文主要針對第一種模式部署的Jive Forum進行SSO測試,對于后一種模式效果應該完全相同。
在Jive Forum部署時,需使用Oracle Internet Directory(OID)作為LDAP目錄數據庫,位于搜索路徑下的所有用戶都可以登錄Jive Forum,在配置時可以指定一名管理員,并在Oracle數據庫JIVEUSERPREP表中用相應用戶的USERID替換原本admin的USERID。隨后按以下步驟實施即可。
Introduction
This document describes how you should configure Jive Forums Enterprise Edition to leverage Oracle Identity Management for maintaining the user credentials. It also describes how you can register the OracleAS Provider for Jive Forums with your OracleAS Portal and how to add the provider's portlets to your portal page. You should use these instructions if your Jive Forum Enterprise Edition Application is deployed on the OracleAS instance.
Note: This feature is not available on the Professional Editions of Jive Forums.
Configuring Jive Forums to Leverage Oracle Identity Management
Oracle Identity Management
It is possible to configure Jive Forums to use Oracle Identity Management as an external LDAP server to authenticate and store user profile information. This configuration ensures that the user entries are managed by a single server. Please refer to your Jive Forums Installation Document for further information on how to configure the Jive Forums application to work in the LDAP mode. In order to configure the LDAP mode, you will require to gather the following information about the Oracle Identity Management, against which you are authenticating your users.
- The Identity Management host
- The Identity Management port
- The base DN for searching the users.
The above information can be obtained from OracleAS Portal, available on the Builder Page, under Administer->Global Settings.
Once you have your Jive Forums application running successfully in the LDAP mode, make the following changes to the jive_config.xml file in your jiveHome directory. Replace the existing entry for the <AuthFactory> element with the following one.
<AuthFactory>
<className>oracle.webdb.ohs.forum.security.PortalLdapAuthFactory</className>
</AuthFactory>
Single Sign-On
It is also possible to have an Oracle Single Sign-On (SSO) server authenticate the users for the Jive Forums application. This functionality can be achieved by modifying the login / logout actions of the Jive Forums application. In order to enable the SSO feature, you have to create a file named custom-actions.xml file in the WEB-INF/classes directory, with the following content:
<?xml version="1.0" encoding="UTF-8"?>
<actions>
<!-- Base actions -->
<action name="oracle.webdb.ohs.forum.actions.SSOLoginAction" alias="login">
<view name="success">doRedirect.jspa?url={jive.login.successURL}</view>
<view name="cancel">doRedirect.jspa?url={jive.login.cancelURL}</view>
<view name="fatal">doRedirect.jspa?url=index.jsp</view>
</action>
<action name="oracle.webdb.ohs.forum.actions.SSOLogoutAction" alias="logout">
<view name="success">logout-success.jsp</view>
<view name="error">error.jsp</view>
</action>
</actions>
Note: If the file already exists, then Copy and Paste the content within the <actions> tag, into the custom-actions.xml file.
The <OC4J_Instance> would need to be restarted for the changes to take effect, where <OC4J_Instance> is the OC4J instance where Jive Forum is installed.
Registering the Provider
- Login to OracleAS Portal as an OracleAS Portal Administrator. Go to the Administer tab of the OracleAS Portal Builder page.
- Under the Portlets tab, click on Register a Provider within the Remote Providers portlet.
-
Fill out provider information for the Provider:
- Name: OracleAS_Provider_for_Jive_Forums
- Display Name: OracleAS Provider for Jive Forums
- Timeout: 30
- Timeout Message: OracleAS Provider for Jive Forums Timed Out
- Implementation Style: Web
- Click on the Next button to enter the Web Provider specific information
-
Enter the Web Provider location
- URL: http://<server>:<port>/<jiveContext>/providers/forum
example: if your jive url looks like, http://my.company.com/jive3, then your web provider location is http://my.company.com/jive3/providers/forum
- Select the radio button labeled The user has the same identity in the Web providers application as in the Single Sign-On identity.
- Scroll down to the User/Session Information section and specify the login frequency as Once Per Session.
- Click on the Finish button to complete the registration
Note: When registering a new provider with OracleAS Portal, only the user who registered the provider has privileges to see the provider/portlets. If necessary, go to the Folder with the name of the provider within the Portlet Repository content area and update the provider privileges as required.
Adding the OracleAS Provider for Jive Forums' Portlets to a Portal Page
You are now ready to add the OracleAS Provider for Jive Forums Portlets to a page.