RH-SSO with Oracle Back-end Database

Why this article ?

Working with RH-SSO is multiple customers sites raised a very interesting question. “can we deploy RH-SSO on OpenShift with an external DB?”
It took a while but finally the answer to this question is “YES”. from version 7.3 we can create update the current set of files which RH-SSO uses in order to direct it to a different DATABASE

Connect with Environment variables ?

Yes , we can update the connection string so it will expect the connection credentials from the environment variables.

Where to start ?

Create a new project that will store our rh-sso application

# oc new-project rh-sso

Deploy the rh-sso from the Openshift template :

# oc new-app --template=sso75-x509-postgresql-persistent \
--param=SSO_ADMIN_USERNAME=admin \
--param=SSO_ADMIN_PASSWORD="<your password>"

Now let’s delete the postgreSQL database :

# oc delete dc/sso-postgresql

Create the directories :

# mkdir rh-sso-oracle && cd rh-sso-oracle
# mkdir extensions

Now we need to create our Jdbc extension for Oracle database with environment variables.
We will create the following file in the directory structure :

.
├── Containerfile
└── extensions
├── actions.cli
├── ojdbc7.jar
└── postconfigure.sh

Download Oracle JDBC driver

  1. Download the required JDBC driver for your version of Oracle.
  2. Important: Make sure the file name is “ojdbc7.jar”

Configuration files

First we will create the postconfigure.sh file which is a very simple SHELL command that will be run by the rh-sso in order to connect to the DB :

# cat > extensions/postconfigure.sh << EOF
$JBOSS_HOME/bin/jboss-cli.sh — file=/opt/eap/extensions/actions.cli
EOF

Next our actions.cli is a simple connection string for ojdbc. We will setup so it will look for environment variables that we are going to provide from the deployment config :

with your favorite editor create the file “extensions/actions.cli” and paste the following content :

## admin cli commands to edit the configuration
embed-server --std-out=echo --server-config=standalone-openshift.xml
batch
module add --name=com.oracle --resources=/extensions/ojdbc7.jar dependencies=javax.api,javax.resource.api
/subsystem=datasources/jdbc-driver=oracle:add
(driver name=oracle,driver-module-name=com.oracle,driver-xa-datasource class-name=oracle.jdbc.xa.client.OracleXADataSource)
/subsystem=datasources/data-source=KeycloakDS:remove()
/subsystem=datasources/data-source=KeycloakDS:add(jndi-name=java:jboss/datasources/KeycloakDS,enabled=true,use-java-context=true,connection-url=”jdbc\:
oracle\:thin\:@(DESCRIPTION\=(LOAD_BALANCE\=on)(ADDRESS\=(PROTOCOL\=TCP)(HOST\=${env.ORACLE_SERVICE_HOST})(PORT\=1521))(ADDRESS\=(PROTOCOL\=TCP)(HOST\=
${env.ORACLE_SERVICE_HOST})(PORT\=1521))(CONNECT_DATA\=(SERVICE_NAME\=${env.ORACLE_SERVICE_NAME})))”,driver-name=oracle,user-name=${env.ORACLE_USERNAME
},password=${env.ORACLE_PASSWORD})
run-batch
quit

The Key environment variable are :

  • ORACLE_SERVICE_HOST
  • ORACLE_SERVICE_NAME
  • ORACLE_USERNAME
  • ORACLE_PASSWORD
  • DB_VENDOR

Next we will create a Containerfile that will compile everything together to a single image :

# cat > Containerfile << EOF
FROM registry.redhat.io/rh-sso-7/sso75-openshift-rhel8:latest
COPY extensions/ojdbc7.jar /opt/eap/extensions/
COPY extensions/postconfigure.sh /opt/eap/extensions/
COPY extensions/actions.cli /opt/eap/extensions/
USER root
RUN chmod 774 /opt/eap/extensions/*.sh
USER jboss
CMD [“/opt/eap/bin/openshift-launch.sh”]
EOF

Build the Image

To build the image we are going to use buildah and push it to our internal registry :

First login to registry.redhat.io with your credentials :

#podman login registry.redhat.io

Now build the image :

# buildah bud -f Containerfile -t <internal registry>/rh-sso/rh-sso-oracle# buildah push <internal registry>/rh-sso/rh-sso-oracle

Edit the DeploymentConfig

For our final step we need to update the deploymentConfig with the environment variables and our new image. more so any reference to postgreSQL should be removed.

# oc edit deploymentconfig.apps.openshift.io/sso
spec:

template:

spec:
containers:
- image: <internal registry>/rh-sso/rh-sso-oracle:latest
env:
- name: DB_VENDOR
value: ORACLE
- name: ORACLE_SERVICE_HOST
value: < oracle hostname>
- name: ORACLE_SERVICE_NAME
value: < oracle SID>
- name: ORACLE_USERNAME
value: < oracle username >
- name: ORACLE_PASSWORD
value: < oracle password >

Save and close the deploymentConfig editing mode and Now wait for the rh-sso to start successfully with a connection to the Oracle database.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store