[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

installation of radius authentication plugin for Oracle Portal SSO

 
    
==================================================================
installation of radius authentication plugin for Oracle Portal SSO
==================================================================

 0. change variable $conffilename in library file - radiusbind.c, point to, e.g:

        /servers/oracle/etc/radius.conf

 1. compile radius C library to libradius-plugin.so
 2. place libradius-plugin in lib directory, e.g: /servers/oracle/lib
 3. update create_library.sql to point to installed libradius-plugin.so

        CREATE OR REPLACE LIBRARY C_radius_auth AS '/servers/oracle/lib/libradius-plugin.so';

 4. place radius.conf under directory, e.g: 

        /servers/oracle/etc

        [oracle@portal bin]$ cat /servers/oracle/etc/radius.conf 
        radiusstaffserver igloo.its.unimacq.edu.au
        radiusstaffport 1645
        radiusstaffsecret Damn!!!
        radiusstafftimeout 10
        radiusstudentserver igloo.its.unimacq.edu.au
        radiusstudentport 1645
        radiusstudentsecret Shit!!!
        radiusstudenttimeout 10

 5. start oracle database, directory (LDAP) server, login database as 
    user "sysdba"

[oracle@portal bin]$ ./sqlplus 

SQL*Plus: Release 9.0.1.3.0 - Production on Thu Feb 27 15:05:18 2003

(c) Copyright 2001 Oracle Corporation.  All rights reserved.

Enter user-name: / as sysdba

Connected to:
Oracle9i Enterprise Edition Release 9.0.1.3.0 - Production
With the Partitioning option
JServer Release 9.0.1.3.0 - Production

SQL> select * from all_users;

USERNAME                          USER_ID CREATED
------------------------------ ---------- ---------
...
ODS                                    51 28-MAY-02
...

change password for user ODS:

SQL> password ODS
Changing password for ODS
New password: **Famous password for CWIS**
Retype new password: **Famous password for CWIS**
Password changed

grant create library privillege to ODS:

SQL> grant CREATE ANY LIBRARY to ODS;

Grant succeeded.


Login as User ODS:

[oracle@eclectic bin]$ ./sqlplus 

SQL*Plus: Release 9.0.1.3.0 - Production on Thu Feb 27 15:26:02 2003

(c) Copyright 2001 Oracle Corporation.  All rights reserved.

Enter user-name: ODS
Enter password: 

Connected to:
Oracle9i Enterprise Edition Release 9.0.1.3.0 - Production
With the Partitioning option
JServer Release 9.0.1.3.0 - Production

SQL> @/servers/oracle.addon/plugins/radius-auth/plsql/add_radius_auth.sql       
                 
Library created.

Grant succeeded.

Grant succeeded.

Grant succeeded.

Function created.

Grant succeeded.

Grant succeeded.

Grant succeeded.

Table dropped.

Table created.

Grant succeeded.

Grant succeeded.

Grant succeeded.

Package created.

Package created.

Package body created.

Grant succeeded.

Grant succeeded.

Commit complete.

Commit complete.

Commit complete.
 
SQL> quit

Add ldap entry in Directory Server:

[oracle@portal bin]$ cat /servers/oracle.addon/plugins/radius-auth/plsql/register_when_compare.ldif 
cn=when_compare_replace,cn=plugin,cn=subconfigsubentry
objectclass=orclPluginConfig
objectclass=top
orclPluginName=ldap_test_compare
orclPluginType=operational
orclPluginTiming=when
orclPluginLDAPOperation=ldapcompare
orclPluginEnable=1
orclPluginIsReplace=1
orclPluginVersion=1.0.1
cn=when_compare_replace
orclPluginKind=PLSQL

[oracle@portal bin]$ /servers/oracle/9ias/bin/ldapadd -h portal -p 4032 -D cn=orcladmin -w Iwonttell -f /servers/oracle.addon/plugins/radius-auth/plsql/register_when_compare.ldif 
do modify ****
adding new entry cn=when_compare_replace,cn=plugin,cn=subconfigsubentry

 6. Restart Directory Server and Database

 7. Use oidadmin add unimacq attributes and object classes in LDAP server:

Attributes:
==========
Name: unimacqdateofbirth
Object ID: 137.111.2.20
Description: User Defined Attribute
Syntax: Directory String

Name: unimacqlastnameflag
Object ID: 137.111.2.21
Description: User Defined Attribute
Syntax: Directory String

Name: unimacqpostgrad
Object ID: 137.111.0.13
Description: User Defined Attribute
Syntax: Directory String
Single Value

Name: unimacqpublisheamil
Object ID: 137.111.0.14
Description: User Defined Attribute
Syntax: Directory String
Single Value

Name: unimacqstudentnumber
Object ID: 137.111.0.16
Description: User Defined Attribute
Syntax: Directory String
Single Value

Name: unimacqsubjectcode
Object ID: 137.111.0.17
Description: User Defined Attribute
Syntax: Directory String

Object classes:
==============
Name: unimacqperson
Object ID: 137.111.16
Description: User Defined ObjectClass
Type: None
        Super Class: top
        Mandatory Attributes: ObjectClass, cn, sn
        Optional Attributes: unimacqdateofbirth, unimacqlastnameflag, unimacqpublishemail

Name: unimacqstaff
Object ID: 137.111.4
Description: User Defined ObjectClass
Type: None
        Super Class: top
        Mandatory Attributes: ObjectClass, employeeNumber 

Name: unimacqstudent
Object ID: 137.111.12
Description: User Defined ObjectClass
Type: None
        Super Class: top
        Mandatory Attributes: ObjectClass, unimacqpostgrad, unimacqstudentnumber
        Optional Attributes: unimacqsubjectcode

 8. Add user entries into the LDAP server:

[oracle@portal bin]$ cat /servers/oracle.addon/plugins/radius-auth/plsql/users.ldif 
cn=terrence,cn=users,dc=its,dc=unimacq,dc=edu,dc=au
orclactivestartdate=20020814000000z
mail=terrence@xxxxxxxxxxxxxx
unimacqpublishemail=Y
employeenumber=027064
objectclass=top
objectclass=person
objectclass=inetorgperson
objectclass=organizationalperson
objectclass=orcluser
objectclass=orcluserv2
objectclass=unimacqperson
objectclass=unimacqstaff
displayname=Terrence Miao
departmentnumber=IT Strategies & Developments (Emerging Technologies)
sn=Miao
givenname=Tianxi
middlename=(Terrence)
cn=terrence

[oracle@portal bin]$ /servers/oracle/9ias/bin/ldapadd -h portal -p 4032 -D cn=orcladmin -w goaway -f /servers/oracle.addon/plugins/radius-auth/plsql/users.ldif 
do modify ****
adding new entry cn=terrence,cn=users,dc=its,dc=unimacq,dc=edu,dc=au


Testing and debugging:
=====================

There is test C code file in library directory, just run:

[oracle@portal lib]$   ./test terrence a1b2c3 staff

And tail the log file at:

[oracle@portal lib]$ tail -f /servers/oracle/log/radius.log 

In SQL/Plus, login as "ods", check:

SQL> select * from bind_log order by LOG_DATE;

and

SQL> select auth_radius_proc('terrence', 'a1b2c3', 'staff' ) from dual;

to see what cause the problem.

Good lucks...
Google