An external application is any application that implements its own authentication process. Specifically, it is an application that does not take part in your WebCenter application's single sign-on process.
System administrators can use Fusion Middleware Control or the WLST command-line tool to register and manage external applications for WebCenter application deployments. Application administrators can also register and manage external applications at runtime through out-of-the-box administration pages or using external application task flows.
All external application changes that you make for WebCenter applications, post deployment, are stored in the MDS repository as customizations.
External application configuration is dynamic. Configuration changes are immediately reflected in the WebCenter application; it is not necessary to restart the application or the managed server.
This chapter includes the following sections:
The content of this chapter is intended for Fusion Middleware administrators (users granted the Admin or Operator role through the Oracle WebLogic Server Administration Console). See also, Section 1.8, "Understanding Administrative Operations, Roles, and Tools."
If your WebCenter application interacts with an application that handles its own authentication, you can associate that application with an external application definition to allow for credential provisioning. In doing so, you use an external application definition to provide a means of accessing content from these independently authenticated applications.
To replicate a single sign-on experience from the end user's perspective, the external application service captures the user name and password, and any other credentials for the external application, and supplies it to the WebCenter service or application requiring the credentials. The WebCenter service or other application then uses this information to log in on behalf of the end user. This username and password combination is securely stored in a credential store configured for the WebLogic domain where the application is deployed.
The user provides login credentials when prompted, and these credentials are mapped to the WebCenter application user and stored in the credential store configured for the domain. The credential store subsequently supplies that information during authentication to the external application. Unless the external application's credentials change, the user supplies the credentials only once as the mapped information is read from the credential store for future requests.
When logging in to an external application, if you clear the Remember My Login Information check box, then the credentials provisioned for that user session are lost in the event of a failover in a high availability (HA) environment. You are prompted to specify the credentials again if you try to access the external application content in the same user session.
The external applications that are to be used by a WebCenter Portal application can be specified before deployment through a wizard in Oracle JDeveloper, or after deployment through Fusion Middleware Control Console (Figure 25-1) or using WLST commands. Post-deployment, external applications specified at design time in JDeveloper display automatically. However, after deployment you must reprovision design-time shared and public credentials using Fusion Middleware Control or WLST commands. For information, see Chapter 28, "Configuring the Identity Store," and Chapter 29, "Configuring the Policy and Credential Store."
In WebCenter Spaces, you can register external applications using the External Application task flow available by default, or you can add a task flow to register and manage your applications. For information about registering external applications using External Application task flows in WebCenter Spaces, see the sections "Registering External Applications Through WebCenter Administration" and "Working with the External Application Task Flow" in the Oracle Fusion Middleware User's Guide for Oracle WebCenter .
Figure 25-1 Edit External Application
You can register external applications for WebCenter applications through Fusion Middleware Control or using WLST commands.
Before registering an external application, access the application's login page and examine the HTML source for the application's login form. All the registration details you require are located in the .
For example, the underlying code for the Yahoo! Mail login form looks something like this:
In this example, to provide WebCenter users with a direct link to the Yahoo! Mail application, the following sample registration information is required:
| Registration Information | Sample Value | HTML Source |
|---|---|---|
| Login URL | https://login.yahoo.com/config/login? | action |
| User Name / User ID Field | login | name |
| Password Field Name: | passwd | name="passwd" |
| Authentication Method | post | method |
External application configuration is dynamic. New external applications and updates to existing applications are immediately available; there is no need to restart the WebCenter application.
For information about services that use external applications, see the section "Secured Service Connections" in Oracle Fusion Middleware Developer's Guide for Oracle WebCenter .
This section includes the steps for:
To register an external application:
| Field | Description |
|---|---|
| Application Name | Enter a name for the application. The name must be unique (across all connection types) within the WebCenter application. For example: yahoo Note: Once registered, you cannot edit the Application Name. |
| Display Name | Enter a user friendly name for the application that WebCenter users will recognize. WebCenter end-users working with this external application will see the display name you specify here. For example: My Yahoo If you leave this field blank, the Application Name is used. |
Enter the login URL for the external application.
To determine the URL, navigate to the application's login page and record the URL.
For example: http://login.yahoo.com/config/login
Note: A login URL is not required if the sole purpose of this external application is to store and supply user credentials on behalf of another service.
HTML User ID Field Name
Enter the name that identifies the "user name" or "user ID" field on the login form.
Tip: To find this name, look at the HTML source for the login page.
This property does not specify user credentials.
Mandatory if the Authentication Method is GET or POST. Leave this field blank if the application uses BASIC authentication (see Authentication Method ).
HTML User Password Field Name
Enter the name that identifies the "password" field on the login form.
Tip: To find this name, look at the HTML source for the login page.
Mandatory if the Authentication Method is GET or POST. Leave this field blank if the application uses BASIC authentication (see Authentication Method ).
Table 25-3 External Application Connection - Authentication DetailsThe Authentication Method specifies how message data is sent by the browser. You can find this value by viewing the HTML source for the external application's login form, for example,
Table 25-4 External Application Connection - Additional Login FieldsClick Delete to remove a login field.
Table 25-5 External Application Connection - Shared User and Public User Credentials| Field | Description |
|---|---|
| Enable Shared Credentials | Indicate whether this external application enables shared user credentials, and specify the credentials. Select Enable Shared Credentials , and then enter User Name and Password credentials for the shared user. When shared credentials are specified, every user accessing this external application, through the WebCenter application, is authenticated using the user name and password defined here. WebCenter users are not presented with a login form. Because WebCenter users do not need to define personal credentials of their own, external applications with shared credentials are not listed in the external application's change password task flows such as My Accounts . See also "Providing Login Information for External Applications" in Oracle Fusion Middleware User's Guide for Oracle WebCenter . |
| Enable Public Credentials | Indicate whether unauthenticated users (public users) may access this external application. Select Enable Public Credentials , and then enter User Name and Password credentials for the public user. When public credentials are specified, public users accessing this external application through the WebCenter application's public pages are logged in using the username and password defined here. If public credentials are not specified, public users will see an authorization error indicating this external application is not accessible to public users. |
Use the WLST command createExtAppConnection to create an external application connection. For command syntax and examples, see createExtAppConnection in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference .
Use the WLST command addExtAppCredential to add shared or public credentials for an existing external application connection. For details, see addExtAppCredential in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference .
Use the WLST command addExtAppField to define additional login criteria for an existing external application connection. For details, see addExtAppField in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference .
For information about registering external applications in WebCenter Portal applications, see section "Managing External Applications" in Oracle Fusion Middleware Developer's Guide for Oracle WebCenter .
This section shows you how to modify the external application connection details by:
To update external application connection details:
Use the WLST command setExtAppConnection to edit existing external application connection details. For command syntax and examples, see setExtAppConnection in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference .
T o edit details relating to an additional login field, use setExtAppField . To edit existing shared or public credentials, use setExtAppCredential .
To delete an additional login field, use removeExtAppField . To delete shared or public credentials, use removeExtAppCredential .
For information about modifying external applications in WebCenter Spaces, see the section "Editing External Application Connection Details" in Oracle Fusion Middleware User's Guide for Oracle WebCenter .
For external applications that are created using login URLs, ensure that their login URLs are accessible. For information about direct URLs, see the section "Automated Single Sign-On" in Oracle Fusion Middleware Developer's Guide for Oracle WebCenter .
Take care when deleting an external application connection as WebCenter application users will no longer have access to that application, and any services dependent on the external application may not function correctly.
In WebCenter Spaces, links to external applications are not automatically removed from the Application Navigator task flow when an external application is deleted. To prevent unsuccessful access attempts, administrators are advised to remove links to unavailable applications.
This section includes the following subsections:
To delete an external application connection:
Use the WLST command deleteConnection to remove an external application connection. For command syntax and examples, see deleteConnection in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference .
To delete an additional login field, use removeExtAppField . To delete shared or public credentials, use removeExtAppCredential .
For information about deleting external applications in WebCenter Spaces, see the section "Deleting External Applications" in Oracle Fusion Middleware User's Guide for Oracle WebCenter .