Saturday, September 20, 2008

How to configure 10.1.3.x mid-tier instance to use Oracle Single Sign On Server?

Step 1:
On the host where the Oracle Internet Directory is available, set the variables ORACLE_HOME & ORACLE_SID
Step 2:
On the Identity Management host, run the ssoreg script, using the -remote_midtier
option. The file is located at: ORACLE_HOME/sso/bin/ssoreg.sh.
For e.g

$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path $ORACLE_HOME
-config_mod_osso TRUE
-site_name hostname.com:7778
-remote_midtier
-config_file $ORACLE_HOME/Apache/Apache/conf/osso/myosso.conf
-mod_osso_url http://hostname.com:7778

Step 3:
Running the above scripts, results in creation of an obfuscated file,myosso.conf in the following location,ORACLE_HOME/Apache/Apache/conf/osso

Step 4:
Copy the obfuscated osso configuration file to the following location 10.1.3.x middle-tier instance in the following location
ORACLE_HOME/Apache/Apache/conf/osso
NOTE: You must do a binary transfer

Step 5:
On the middle-tier host, set the PERL5LIB environment variable before running the osso1013 script as follows:

$ PERL5LIB=$ORACLE_HOME/perl/lib/5.8.3/sun4-solaris-threadmulti:$ORACLE_HOME/perl/lib/5.8.3:$ORACLE_HOME/perl/5.8.3/lib
$ export PERL5LIB

Step 6:
Run the following script to complete the registration,
ORACLE_HOME/Apache/Apache/bin/osso1013 config_file

For example,
ORACLE_HOME/Apache/Apache/bin/osso1013 ../conf/osso/mysso.conf

Step 7:
Once the above script runs successfully, you should find an entry similar to the
one shown below in ORACLE_HOME /Apache/Apache/conf/mod_osso.conf

OssoConfigFile
/user1/soa/product/10.1.3.1/OracleAS_1/Apache/Apache/conf/osso/myosso.conf

Protecting the URL/Web Context Root
Now, you can protect URLs with mod_osso by applying directives to the mod_osso.conf
file. This file is found at $ORACLE_HOME/Apache/Apache/conf.
In the example that follows, an application available in the mid-tier with context root
/TestUI is protected by this directive:

<IfModule mod_osso.c> 
<Location /TestUI > AuthType Basic
require valid-user </Location> </IfModule>

After making the entry, restart the Oracle HTTP Server: $ORACLE_HOME/opmn/bin/opmnctl restartproc type=ohs 
Now, when a user accesses the TestUI application from the mid-tier host like the one shown below, http://hostname.com:7778/TestUI, the default SSO page shows up.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)