[Webtest] Oracle SSO
Dierk Koenig
webtest@lists.canoo.com
Fri, 7 Jul 2006 12:32:54 +0200
This is a multi-part message in MIME format.
------=_NextPart_000_001B_01C6A1C1.78342080
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Hi Melvin,
redirections and cookie handling is all done transparently by Canoo WebTest.
The question is how the initial authentication to the SSO infrastructure is
done in the first place.
Do you have any info about that?
Basic authentication? Client side certificates? Windows CAPI? Keystore
managers?
cheers
Mittie
-----Original Message-----
From: webtest-admin@lists.canoo.com
[mailto:webtest-admin@lists.canoo.com]On Behalf Of MELVIN CHEE
Sent: Freitag, 7. Juli 2006 11:30
To: webtest@lists.canoo.com
Subject: [Webtest] Oracle SSO
Hi gurus,
I intend to test my j2ee application with Webtest. The
application is deployed on a Oracle 10g Application Server.
All users need to login via Oracle Single-Sign On. I hit a brick
wall when I discovered that Oracle Single-Sign uses several
redirections and cookie injections to authenticate users.
I have found a article describing how to "follow" the redirections
using httpunit.
See http://www.fm-berger.de/ora_webtest/ch06.php
As you can see Oracle uses a lot of page redirects as well as
cookies to handle SSO. However, I am not sure how the same
can be done with Webtest.
My webtest script keep returning with a 401 error when i reference
the first page of my application. In a typical user scenario,
the browser will be redirected to the Oracle SSO Login page first.
I suspect that Webtest stalled at the login page.
The Webtest script always stall when it is trying to establish the
connection to the deployed application (the waitfor tag).
I am never able to reach the first webtest case.
Any ideas guys?
----------------------------------------------------------------------------
--
Now you can scan emails quickly with a reading pane. Get the new Yahoo!
Mail.
------=_NextPart_000_001B_01C6A1C1.78342080
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2912" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D667352510-07072006><FONT face=3DArial color=3D#0000ff =
size=3D2>Hi=20
Melvin,</FONT></SPAN></DIV>
<DIV><SPAN class=3D667352510-07072006><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D667352510-07072006><FONT face=3DArial color=3D#0000ff =
size=3D2>redirections and cookie handling is all done transparently by =
Canoo=20
WebTest.</FONT></SPAN></DIV>
<DIV><SPAN class=3D667352510-07072006><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D667352510-07072006><FONT face=3DArial color=3D#0000ff =
size=3D2>The=20
question is how the initial authentication to the SSO infrastructure is =
done in=20
the first place.</FONT></SPAN></DIV>
<DIV><SPAN class=3D667352510-07072006><FONT face=3DArial color=3D#0000ff =
size=3D2>Do you=20
have any info about that?</FONT></SPAN></DIV>
<DIV><SPAN class=3D667352510-07072006><FONT face=3DArial color=3D#0000ff =
size=3D2>Basic=20
authentication? Client side certificates? Windows CAPI? Keystore=20
managers?</FONT></SPAN></DIV>
<DIV><SPAN class=3D667352510-07072006><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D667352510-07072006><FONT face=3DArial color=3D#0000ff =
size=3D2>cheers</FONT></SPAN></DIV>
<DIV><SPAN class=3D667352510-07072006><FONT face=3DArial color=3D#0000ff =
size=3D2>Mittie</FONT></SPAN></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B>=20
webtest-admin@lists.canoo.com =
[mailto:webtest-admin@lists.canoo.com]<B>On=20
Behalf Of </B>MELVIN CHEE<BR><B>Sent:</B> Freitag, 7. Juli 2006=20
11:30<BR><B>To:</B> webtest@lists.canoo.com<BR><B>Subject:</B> =
[Webtest]=20
Oracle SSO<BR><BR></FONT></DIV>
<DIV><BR>Hi gurus,</DIV>
<DIV><BR>I intend to test my j2ee application with Webtest. The=20
<BR>application is deployed on a Oracle 10g Application Server. </DIV>
<DIV> </DIV>
<DIV>All users need to login via Oracle Single-Sign On. I hit a =
brick<BR>wall=20
when I discovered that Oracle Single-Sign uses several<BR>redirections =
and=20
cookie injections to authenticate users.</DIV>
<DIV>I have found a article describing how to "follow" the=20
redirections<BR>using httpunit. </DIV>
<DIV><BR>See <A=20
=
href=3D"http://www.fm-berger.de/ora_webtest/ch06.php">http://www.fm-berge=
r.de/ora_webtest/ch06.php</A></DIV>
<DIV> </DIV>
<DIV>As you can see Oracle uses a lot of page redirects as well as =
<BR>cookies=20
to handle SSO. However, I am not sure how the same<BR>can be done with =
Webtest.</DIV>
<DIV>My webtest script keep returning with a 401 error when i =
reference<BR>the=20
first page of my application. In a typical user scenario,<BR>the =
browser will=20
be redirected to the Oracle SSO Login page first.</DIV>
<DIV>I suspect that Webtest stalled at the login page.</DIV>
<DIV> </DIV>
<DIV>The Webtest script always stall when it is trying to establish=20
the<BR>connection to the deployed application (the waitfor tag).<BR>I =
am never=20
able to reach the first webtest case.</DIV>
<DIV> </DIV>
<DIV>Any ideas guys?<BR></DIV>
<DIV> </DIV>
<P>
<HR SIZE=3D1>
Now you can <A=20
=
href=3D"http://us.rd.yahoo.com/mail/uk/taglines/default/nowyoucan/reading=
_pane/*http://us.rd.yahoo.com/evt=3D40565/*http://uk.docs.yahoo.com/nowyo=
ucan.html">scan=20
emails quickly with a reading pane</A>. Get the new <A=20
=
href=3D"http://us.rd.yahoo.com/mail/uk/taglines/default/nowyoucan/reading=
_pane/*http://us.rd.yahoo.com/evt=3D40565/*http://uk.docs.yahoo.com/nowyo=
ucan.html">Yahoo!=20
Mail</A>.</BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_001B_01C6A1C1.78342080--