17-10 Oracle Fusion Middleware Application Security Guide 8. Proceed to Adding Providers to a WebLogic Domain for OSSO . 17.1.2.3.2 Protecting URLs and Logout Dynamically without mod_osso Applications that use dynamic directives require no entry in mod_osso.conf because mod_osso protection is written directly into the application as one or more dynamic directives. Dynamic directives are HTTP response headers that have special error codes that enable an application to request granular functionality from the single sign-on system without having to implement the intricacies of the single sign-on protocol. Upon receiving a directive as part of a simple HTTP response from the application, mod_ osso creates the appropriate single sign-on protocol message and communicates it to the single sign-on server. OracleAS supports dynamic directives for Java servlets and JSPs. The product does not currently support dynamic directives for PLSQL applications. The JSPs that follow show how such directives are incorporated. Like their static counterparts, these sample dynamic applications generate user information: ■ Example 17–1, SSO Authentication with Dynamic Directives ■ Example 17–2, SSO Logout with Dynamic Directives Example 17–1 SSO Authentication with Dynamic Directives The home.jsp includes ssodynauth.jsp that uses the request.getUserPrincipal.getName method to check the user in the session. If the user is absent, it issues dynamic directive 499, a request for simple authentication. The key lines are in boldface. home.jsp include file=ssodynauth.jsp page content goes here ssodynauth.jsp response.setHeaderCache-Control, no-cache; response.setHeaderPragma, no-cache; response.setHeaderExpires, 0; Check for user String ssoUser = null; try ssoUser = request.getRemoteUser; ssoUser = request.getUserPrincipal .getName ; ssoUser = ssoUser.trim ; Tip: If the interception of requests is not working properly, consider placing the include statement for mod_osso.conf before the LoadModule weblogic_module statement in the httpd.conf. Note: After adding dynamic directives, be sure to restart the Oracle HTTP Server, and the proceed to Adding Providers to a WebLogic Domain for OSSO .