作为Pattern Application集成Jive Forum的单点登录

Jive Forum支持LDAP的认证方式，它有两种基本模式，一是Mixed Ldap模式，即与认证相关的用户信息存放在LDAP数据库中，而用户的其它信息仍存储于关系数据库中；另一种是Pure Ldap模式，即所有用户信息都存放于LDAP中，但其在部署实现上较为繁琐，需要扩展LDAP数据库的Schema。本文主要针对第一种模式部署的Jive Forum进行SSO测试，对于后一种模式效果应该完全相同。

在Jive Forum部署时，需使用Oracle Internet Directory（OID）作为LDAP目录数据库，位于搜索路径下的所有用户都可以登录Jive Forum，在配置时可以指定一名管理员，并在Oracle数据库JIVEUSERPREP表中用相应用户的USERID替换原本admin的USERID。随后按以下步骤实施即可。

Introduction

This document describes how you should configure Jive Forums Enterprise Edition to leverage Oracle Identity Management for maintaining the user credentials.  It also describes how you can register the OracleAS Provider for Jive Forums with your OracleAS Portal and how to add the provider's portlets to your portal page.  You should use these instructions if your Jive Forum Enterprise Edition Application is deployed on the OracleAS instance.

Note: This feature is not available on the Professional Editions of Jive Forums.

Configuring Jive Forums to Leverage Oracle Identity Management

Oracle Identity Management

It is possible to configure Jive Forums to use Oracle Identity Management as an external LDAP server to authenticate and store user profile information. This configuration ensures that the user entries are managed by a single server. Please refer to your Jive Forums Installation Document for further information on how to configure the Jive Forums application to work in the LDAP mode. In order to configure the LDAP mode, you will require to gather the following information about the Oracle Identity Management, against which you are authenticating your users.

• The Identity Management host
  
• The Identity Management port
  
• The base DN for searching the users.

The above information can be obtained from OracleAS Portal, available on the Builder Page, under Administer->Global Settings.

Once you have your Jive Forums application running successfully in the LDAP mode, make the following changes to the jive_config.xml file in your jiveHome directory. Replace the existing entry for the <AuthFactory> element with the following one.

<AuthFactory>
     <className>oracle.webdb.ohs.forum.security.PortalLdapAuthFactory</className>
</AuthFactory>

Single Sign-On

It is also possible to have an Oracle Single Sign-On (SSO) server authenticate the users for the Jive Forums application. This functionality can be achieved by modifying the login / logout actions of the Jive Forums application. In order to enable the SSO feature, you have to create a file named custom-actions.xml file in the WEB-INF/classes directory, with the following content:

<?xml version="1.0" encoding="UTF-8"?>

<actions>

  <!-- Base actions -->
  <action name="oracle.webdb.ohs.forum.actions.SSOLoginAction" alias="login">
    <view name="success">doRedirect.jspa?url={jive.login.successURL}</view>
    <view name="cancel">doRedirect.jspa?url={jive.login.cancelURL}</view>
    <view name="fatal">doRedirect.jspa?url=index.jsp</view>
  </action>
 
  <action name="oracle.webdb.ohs.forum.actions.SSOLogoutAction" alias="logout">
    <view name="success">logout-success.jsp</view>
    <view name="error">error.jsp</view>
  </action>

</actions>

Note: If the file already exists, then Copy and Paste the content within the <actions> tag, into the custom-actions.xml file.

The <OC4J_Instance> would need to be restarted for the changes to take effect, where <OC4J_Instance> is the OC4J instance where Jive Forum is installed.

Registering the Provider

1. Login to OracleAS Portal as an OracleAS Portal Administrator.  Go to the Administer tab of the OracleAS Portal Builder page.
2. Under the Portlets tab, click on Register a Provider within the Remote Providers portlet.
3. Fill out provider information for the  Provider:
   • Name: OracleAS_Provider_for_Jive_Forums
   • Display Name: OracleAS Provider for Jive Forums
   • Timeout: 30
   • Timeout Message: OracleAS Provider for Jive Forums Timed Out
   • Implementation Style: Web
4. Click on the Next button to enter the Web Provider specific information
5. Enter the Web Provider location
   • URL: http://<server>:<port>/<jiveContext>/providers/forum

example: if your jive url looks like, http://my.company.com/jive3, then your web provider location is http://my.company.com/jive3/providers/forum

6. Select the radio button labeled The user has the same identity in the Web providers application as in the Single Sign-On identity.
7. Scroll down to the User/Session Information section and specify the login frequency as Once Per Session.
8. Click on the Finish button to complete the registration

Note: When registering a new provider with OracleAS Portal, only the user who registered the provider has privileges to see the provider/portlets. If necessary, go to the Folder with the name of the provider within the Portlet Repository content area and update the provider privileges as required.

Adding the OracleAS Provider for Jive Forums' Portlets to a Portal Page

You are now ready to add the OracleAS Provider for Jive Forums Portlets to a page.