menu

Monday, October 27, 2014

Configuring and Using LDAP In SOA

Introduction:

     Today, I will explain how to achieve and configure a ldap connection in Oracle Soa Suite and to create a ldap adapter to add, search, and compare entities in ldap in a bpel process.We'll use compare operation along with a Java Embedding component that include a SSHA digest operation to achieve authentication of a user through Ldap. However, lets first see how to enable the LdapAdapter in Soa Suite environment using the application console, and see how to build a Ldap environment using the Apache Directory Studio to use in our examples.

Configure the Application Console to Use Ldap:

     Open the address http://localhost:7101/console in your browser after starting the integrated weblogic server. Enter the credentials you stated during the installation, and click the 'Deployments' in the left menu.Find the LdapAdapter in the Deployements list like in Figure 1.


Configuring and Using LDAP In SOA
Figure 1

Then go to the Targets tab and check the DefaultServer to target the LdapAdapter to your default server.See in Figure 2.


Configuring and Using LDAP In SOA
Figure 2
Next, go to the Configuration -> OutBound Connection Pools and choose one of the Jndi configuration.Say eis/ldap/master.Then configure the Jndi properties specifying bindDN, hostName, password and port.See in Figure 3 and 4.

Configuring and Using LDAP In SOA
Figure 3

Configuring and Using LDAP In SOA
Figure 4

Install and Configure Apache Directory Studio:

     Download and install the Apache Directory Studio from the link below.
http://directory.apache.org/studio/download/download-windows.html
Open the directory studio and start the ApacheDS server.We'll create the users under         ou=users,ou=system directory.The default password type will be SSHA.You can see the Ldap Browser view in the Apache Directory Studio's schema editor.


Configuring and Using LDAP In SOA
Figure 5

Create the SOA Project to Achieve Add Ldap Operation:
   
     To add an entity to the Ldap we have to assing the dn, cn, sn, uid and userPassword properties of Ldap configuration.So, let's create a synchron bpel process that has a xsd file with these properties like in Figure 6.


Configuring and Using LDAP In SOA
Figure 6

Dn is the 'Distinguished Name' that identifiy the user's entity in the entire Ldap environment.Cn is the 'Common Name', Sn is the 'Surname', uid is the 'User Identifier' and the userPassword is the 'Password' field.
Now, create a Ldap adapter by right clicking the external references part of your composite page and rename it like in Figure 7.

Configuring and Using LDAP In SOA
Figure 7

On the next page, click to the plus sign and create a Ldap connection and test it entering the connection properties like in Figure 8.

Configuring and Using LDAP In SOA
Figure 8


Choose the Jndi name eis/ldap/master that we configured in the application console in the next page of the wizard.See in Figure 9 and 10.

Configuring and Using LDAP In SOA
Figure 9

Configuring and Using LDAP In SOA
Figure 10

Choose the Add operation in the next page, then choose the object classes 'inetOrgPerson' and 'person' and their attributes cn, sn, uid and userPassword to insert like in Figure 11 and 12.

Configuring and Using LDAP In SOA
Figure 11

Configuring and Using LDAP In SOA
Figure 12

After completing the Ldap adapter wizard, you will get the xsd file like in Figure 13 for the input of Ldap add operation and the final composite will look like in Figure 14.Also see how to configure the input variable of the Ldap component in Figure 15 and 16.

Configuring and Using LDAP In SOA
Figure 13

Configuring and Using LDAP In SOA
Figure 14

Configuring and Using LDAP In SOA
Figure 15

Configuring and Using LDAP In SOA
Figure 16

Example input and output of this bpel process can be seen in Figure 17.

Configuring and Using LDAP In SOA
Figure 17

You can see the added user in the ldap schema editor like in Figure 18.

Configuring and Using LDAP In SOA
Figure 18

Create the SOA Project to Achieve Search Ldap Operation:

    To search an entity in the Ldap we have to define a baseDN and a searchFilter.Create a synchron bpel process that has just a uid in xsd and create a Ldap adapter in the composite page, rename it and choose the Search operation.See in Figure 19.

Configuring and Using LDAP In SOA
Figure 19

In the next page choose the default search base and the default search filter and then choose the response objects and the attributes that you want to return from the operation like in Figure 20 and 21.We just want to return the userPassword attribute of the person object.

Configuring and Using LDAP In SOA
Figure 20

Configuring and Using LDAP In SOA
Figure 21

At the end we get the following composite.

Configuring and Using LDAP In SOA
Figure 22

This time choose both input and output variables in the invoke component of search operation like in Figure 23 and drag and drop two assign activities after receiveInput and after invokeForSearch components for search and return values respectively.See in Figure 24, 25 and 26.In Figure 24, you can see we just use the concat function to obtain a search filter in the format 'uid=testUser'.

Configuring and Using LDAP In SOA
 Figure 23

Configuring and Using LDAP In SOA
 Figure 24

Configuring and Using LDAP In SOA
 Figure 25

The final bpel process will be the following.

Configuring and Using LDAP In SOA
Figure 26

Example input and output of this bpel process can be seen in Figure 27.

Configuring and Using LDAP In SOA
Figure 27

Create the SOA Project to Achieve Compare Ldap Operation to Use in Authentication:

     We'll now use a Compare Ldap operation to authenticate a user.Firstly, create a bpel process with a xsd file with two input variables uid and userPassword.

Configuring and Using LDAP In SOA
Figure 28

Create a Ldap adapter with compare operation like in Figure 29.

Configuring and Using LDAP In SOA
Figure 29

Define the input and output variables of the compare invoke component.

Configuring and Using LDAP In SOA
Figure 30

Since the password is kept as SSHA digest value in the Ldap server, before compare it we have to obtain the digest of the user password.SSHA is an acronomy for Salted Secure Hash Algorithm and used to obtain a more secure digest value with the help of a salt value.We'll use Java Embedding component to get the SSHA digest of the password input and use the digest of password and the uid together to authenticate a user.We'll need sun.misc.Base64Decoder.jar so obtain it from the internet if you don't have it.Then put the Base64Decoder.jar to the $PROJECT_DIR\SOA\SCA-INF\lib folder, set the jar file to the classpath from the Project Properties -> Libraries and Classpath.See in Figure 31.

Configuring and Using LDAP In SOA
Figure 31

We need to get the salt value that used in the Ldap server.Thus look for the password editor in the Apache Directory Studio to get the salt value.We'll use it in our SSHA class.

Configuring and Using LDAP In SOA
Figure 32

Now, create a java class named SSHA like in Figure 33.

Configuring and Using LDAP In SOA
Figure 33

We can then use this class in our Java Embedding code.Drag and drop a Java Embedding component after the receiveInput component and type the following codes in it.

Configuring and Using LDAP In SOA
Figure 34

Remember to put the required imports to the bpel source for the XMLElement and SSHA classes using the import tag.

Now, drag and drog two assing activities after the Java Embedding and InvokeForCompare components to set the compare and result values respectively.The assing activity for the InvokeForCompare component can be seen in Figure 32.We use concat function to set the dn attribute of the compare request as in the form 'uid=testUser,ou=users,ou=system' and we set the name as 'userPassword' and set the value from the result of the Java Embedding component.

Configuring and Using LDAP In SOA
Figure 35

The final bpel process for the Compare ldap operation will be the following.

Configuring and Using LDAP In SOA
Figure 36

The possible inputs and outputs of this bpel process can be seen in Figure 37 and 38.Also you can see the return value in the debug screen in Figure 39.

Configuring and Using LDAP In SOA
 Figure 37

Configuring and Using LDAP In SOA
 Figure 38

Configuring and Using LDAP In SOA
Figure 39

Conclusion:

     I try to explain the usage of Ldap in SOA Suite using add, search and compare operations of bpel ldap adapter.Before that we saw how to configure Ldap adapter in application console and also see how to install and configure the Apache Directory Studio.In the compare example we see how to authenticate a user with the help of a Java Embedding including a SSHA digester class.To test and debug the projects developed in this write, you can see the detail of debugging and testing a project in this write. 

You can download the source code from here.