noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Pennsylvania Department of[...]

Route 982 New Derry Road Bridge Replacement Upcoming in Westmoreland County
Motorsport Games Inc.

Supplemental Prospectus - Form 424B5
U.S. Department of Defense

Austin's 11th Visit to Indo-Pacific Builds Upon Sustained Momentum With[...]

Finance

Oracle Corporation

04/27/2024 | Press release | Archived content

Configuring Multiple Docker Containers for SAML and Kerberos SSO on a ...

Using a hybrid custom SSO environment approach, you can configure SAML 2.0 and Kerberos single sign-on (SSO) for Oracle Analytics Server (OAS). The custom SSO configuration follows the steps documented in the blog SAML 2.0 and Kerberos Single Sign-On (SSO) for Oracle Analytics Server (and Oracle Sypport Doc ID 2761678.1).

This blog explores how to set up multiple Docker containers housed on a single host to enable SAML 2.0 and Kerberos SSO across various OAS environments.

Prerequisites

Configure SSO for each OAS environment. Follow the steps in the blog (or Doc ID 2761678.1).

NOTE: An OAS environment can consist of either a single OAS server or a cluster of OAS server nodes.

Complete the prerequisites listed in Doc ID 2761678.1 to configure SAML 2.0 and Kerberos SSO Docker containers on a compute instance.

Architecture

This diagram shows the authentication flow in the SAML SSO Docker container:

This diagram shows the authentication flow in the Kerberos SSO Docker container:

Scalability

This section illustrates the scalability of the Docker host machine, which hosts multiple Docker containers to configure SAML 2.0 or Kerberos SSO for Oracle Analytics Server environments.

For example, consider a scenario with three OAS environments: OAS DEV, OAS UAT, and OAS PROD. Each environment is configured with one SAML 2.0 or Kerberos SSO Docker container, and all three containers run on a single Docker host machine.

Configuration

OAS DEV Environment

Following the steps in Oracle Support Doc ID 2761678.1.

1. Copy the oassodocker.tar.gzfile to ${Docker_Zip_Extracted_Location}and extract it.

tar -xzf ${Docker_Zip_Extracted_Location}/oassdocker.tar.gz

This extracts a folder oasso. For example: ${Docker_Zip_Extracted_Location}/oasso

2. Rename the folder to oasso-dev. For example: ${Docker_Zip_Extracted_Location}/oasso-dev

3. Perform the Docker Image creation step and run the config utility.

4. During configuration, enter the DEV load balancer details, DEV load balancer certificates, and SAML IDP Metadata XML file.

NOTE: If the DEV environment doesn't have a load balancer, enter the Docker host name and the port where the DEV container is running. For example: 8443.

5. Assume that the configuration and test are successful for the OAS DEV environment.

The OASSO Docker Image is loaded into the Docker repository, the oasso-ctl service is created, and the Docker container runs on port 80 and 443.

6. Modify a few files to accommodate easy configuration for the next container.

For SAML SSO

Change the Docker Container Scripts:

cd ${Docker_Zip_Extracted_Location}/oasso-dev/saml/scripts

Edit the scripts below.

Rename the script name from oasso-ctl to oassodev-ctl.
Edit shibdapache_on_oasso.sh.
1. Change the Docker container name from oasso to oassodev.
2. Don't change the script name shibdapache as it's inside the Docker container.
Edit the start.py script.
1. Change the Docker container name from oasso to oassodev.
2. Change the Docker Host Listen Ports from 80 to 8080 and 443 to 8443.
3. Don't change the name of shibdapache in this script.
Edit the stop.py script.
1. Change the Docker container name from oasso to oassodev.
Edit the status.py script.
1. Change the Docker container name from oasso to oassodev.

Change the Service Name

cd /etc/init.d

Rename the script name from oasso-ctl to oassodev-ctl.
Rename the script from shibdapache to shibdapache-dev.
Edit the oassodev-ctl script.
1. Change the extracted zip folder name from oasso to oassodev.
2. Change the script and log name from oasso-ctl to oassodev-ctl.
Edit the shibdapache-dev script.
1. Change the Docker container name from oasso to oassodev.
2. Do not change the name of shibdapache.

Change the script name added to chkconfig as a service

List the services (command: chkconfig --list).
Delete the service name oasso-ctl (command: chkconfig --del oasso-ctl).
Add the service name oassodev-ctl (command: chkconfig --add oassodev-ctl).
Set the Run Levels for the service name (command: chkconfig --level 12345 oassodev-ctl on).
List the services (command: chkconfig --list) .

Test the service by starting it and checking the OAS URL:

Command: service oassodev-ctl start
URL: https://oas.subxxxxxxxxxx.oasvcn.oraclevcn.com:8443/dv

OAS DEV Summary

The Docker image name continues to be oasso.

The Docker container name for the OAS DEV environment is oassodev.

The service command to start the Docker container for OAS DEV is: service oassodev-ctl stop|start|restart

Inside the Docker container, the services run at ports 80 and 443; these services are listened to by the Docker host at ports 8080 and 8443.

Tasks to be done before proceeding to the next Docker container configuration

Before deploying another container, perform the following tasks:

Stop the oassodev container (command: oassodev-ctl stop).
Delete the Docker Image oasso (command: docker rmi oasso).

OAS UAT Environment

Following the steps in the Support Doc ID 2761678.1.

1. Copy the oassodocker.tar.gzfile to ${Docker_Zip_Extracted_Location}and extract it.

tar -xzf ${Docker_Zip_Extracted_Location}/oassdocker.tar.gz

This extracts a folder oasso. For example: ${Docker_Zip_Extracted_Location}/oasso

2. Rename the folder to oasso-uat. For example: ${Docker_Zip_Extracted_Location}/oasso-uat

3. Perform the Docker Image creation step and run the config utility.

4. During configuration, enter the UAT load balancer details, UAT load balancer certificates, and SAML IDP Metadata XML file.

NOTE: If the UAT environment doesn't have a load balancer, enter the docker host name and the port at which the UAT container needs to run. For example: 9443

5. Assume that the configuration and test are successful for the OAS UAT environment.

The OASSO Docker Image is loaded to the Docker repository, the oasso-ctl service is created, and the Docker container runs on port 80 and 443.

6. Modify a few files to accommodate easy configuration for the next container.

7. Repeat the same steps discussed in the OAS DEV environment. After configuring oasso, change the name to oassouat for the UAT environment.

You can use the automation script oasso_container_host_scalability.sh (available below) to perform the steps you completed in the OAC DEV environment in the UAT environment:

Automation Script

Test the service by starting it and checking the OAS URL.

Command: service oassouat-ctl start
URL: https://oas.subxxxxxxxxxx.oasvcn.oraclevcn.com:9443/dv

OAS UAT Summary

The Docker image name continues to be oasso.

The Docker container name for the OAS UAT environment is oassouat.

The service command to start the Docker container for OAS UAT is: service oassouat-ctl stop|start|restart

Inside the Docker container, the services run at ports 80 and 443; these services are listened to by the Docker host at ports 9080 and 9443.

OAS PROD Environment

Following the steps in the Support Doc ID 2761678.1.

Since it's in production, there's no need to use an automation script or a manual approach to edit the files. Use the configuration without any modification.

NOTE: If you need customization for this PROD environment, proceed to run the automation script.

Test the service by starting it and checking the OAS URL.

Command: service oasso-ctl start
URL: https://oas.subxxxxxxxxxx.oasvcn.oraclevcn.com/dv

OAS PROD Summary

The Docker image name continues to be oasso.

The Docker container name for the OAS PROD environment is oasso.

The service command to start the Docker container for OAS PROD is: service oasso-ctl stop|start|restart

Inside the Docker container, the services run at ports 80 and 443; these services are listened to by the Docker host at ports 80 and 443.

OAS DEV Environment for Kerberos

1. Change the downloaded and extracted oasso folder name to oassodev for the DEV environment and oassouat for the UAT environment.

2. Edit the files for each environment after Docker configuration.

3. Change the Docker container scripts:

cd ${Docker_Zip_Extracted_Location}/oasso-dev/kerb/scripts

4. Edit the scripts below.

Rename the script from oasso-ctl to oassodev-ctl.
Edit kerbapache_on_oasso.sh.
1. Change the Docker container name from oasso to oassodev.
2. Don't change the script name shibdapache as it's inside the Docker container.
Edit the start.py script.
1. Change the Docker container name from oasso to oassodev.
2. Change the Docker Host Listen Ports from 80 to 8080 and 443 to 8443.
3. Don't change the name of kerbapache in this script.
Edit the stop.py script.
1. Change the Docker container name from oasso to oassodev.
Edit the status.py script.
1. Change the Docker container name from oasso to oassodev.

Change the Service Name

cd /etc/init.d

Rename the script from oasso-ctl to oassodev-ctl.
Rename the script from kerbapache to kerbapache-dev.
Edit the oassodev-ctl script.
1. Change the extracted zip folder name from oasso to oasso-dev.
2. Change the script and log name from oasso-ctl to oassodev-ctl.
Edit the kerbapache-dev script.
1. Change the Docker container name from oasso to oassodev.
2. Don't change the name of kerbapache.

Change the script name added to chkconfig as a service

List the services (command: chkconfig --list).
Delete the service name oasso-ctl (command: chkconfig --del oasso-ctl).
Add the service name oassodev-ctl (command: chkconfig --add oassodev-ctl).
Set the Run Levels for the service name (command: chkconfig --level 12345 oassodev-ctl on).
List the services (command: chkconfig --list).

Test the service by starting it and checking the OAS URL.

Command: service oassodev-ctl start
URL: https://oas.subxxxxxxxxxx.oasvcn.oraclevcn.com:8443/dv

OAS DEV Kerberos Summary

The Docker image name continues to be oasso.

The Docker container name for the OAS DEV environment is oassodev.

The Service command to start the Docker container for OAS DEV is: service oassodev-ctl stop|start|restart

Inside the Docker container, the services run at ports 80 and 443; these services are listened to by the Docker host at ports 8080 and 8443.

Tasks to be done before proceeding to the next Docker container configuration

Before deploying another container, perform the following tasks:

Stop the oassodev container (command: oassodev-ctl stop).
Delete the Docker Image oasso (command: docker rmi oasso).

Repeat the same steps for the Kerberos UAT environment.

Call to Action

This blog describes how to configure SAML 2.0 and Kerberos SSO using Docker containers and customize the services to manage multiple oasso Docker containers to run on the same Docker host machine.

Once you've tried this yourself, share your results and feedback in the Oracle Analytics Community.

Sharing and Personal Tools

Please select the service you want to use:

Back

View original format