CASifying Oracle Calendar web client with mod_cas

Installing mod_cas to work with the Oracle Calendar web client.

The intention of this work is to enable single sign on between CASified services. In our case we wanted to achieve integration of our uPortal instance and the Oracle Calendar web client. This will allow you to login to the portal and click on a link to the Oracle Calendar web client without having to login to the Calendar separately.

This document only concerns the CASification of the Oracle Web Client and does not explain how to access the Calendar Server content so that its data can be displayed inside another application (i.e. a portlet). Accessing the Oracle Calendar server content for use in other applications will be the subject of another document.

Based on the following documentation:

Oracle® Calendar Administrator's Guide Release 2 (9.0.4) Appendix C Security

mod_cas documentation from ESUP

and the responses to an Oracle Metalink enquiry that was made.

We are working with a standalone instance of Oracle Calendar with an Apache front end. If you are using a full Oracle Collaboration Suite installation then the instructions may differ slightly. I am assuming you will have a fully functioning installation of Oracle Calendar and its web client and that mod_cas is installed appropriately in your web clients Apache configuration.

Note: the sections below highlight the parts of the configuration files where changes are needed, they are NOT intended to be replacement files!

SERVER SIDE configuration

unison.ini is a calendar server engine configuration file.

Add web:CAL to the supported parameter in the [AUTHENTICATION] section (I believe web:OTMT might also work but it didn't for us). Add a shared password so that server and client sides trust each other.

ORACLE_HOME/ocal/misc/unison.ini
[AUTHENTICATION]

supported = {cs-standard, cs-basic, web:CAL}

[ACE_PLUGINS_SERVER]

web_CAL_sharedkey=<mypassword>

CLIENT SIDE configuration

The following are web server side web client configuration files. I don't actually know if you need all the web_* settings in both files but it works!

ORACLE_HOME/ocas/conf/ocas.conf
[ACE_PLUGINS_CLIENT]

web_CAL_sharedkey=<mypassword>
web_attribute_type=userid
web_attribute_name=REMOTE_USER
ORACLE_HOME/ocas/conf/ocwc.conf
[ACE]

Authentication=web:CAL

[ACE_PLUGINS_CLIENT]

web_CAL_sharedkey=<mypassword>
web_attribute_type=userid
web_attribute_name=REMOTE_USER

Configure the "ocas-bin" section as you would any other web server location using mod_cas. As ocal.conf is read directly by the Apache server. Make sure the section is being read by the web server (i.e. it is not inside <IfModule mod_osso.c> section).

ORACLE_HOME/ocas/conf/ocal.conf
<Location /ocas-bin/>
  AuthType CAS
  Require valid-user
  Require user <user>
</Location>