Oracle® Collaboration Suite SSL Configuration Release 2 (9.0.4) Part Number B15611-01 |
|
|
View PDF |
This chapter explains how to configure SSL connections to the Oracle Collaboration Suite Infrastructure, which includes the Oracle9iAS Single Sign-On server and Oracle Delegated Administration Services. This involves the following steps:
Section 6.1, "Reregistering HTTP Server with Oracle9iAS Single Sign-On Server"
Section 6.2, "Changing the Oracle Delegated Administration Services URL"
The Oracle9iAS Single Sign-On module for the Oracle HTTP Server, mod_osso,
is registered automatically with the Oracle9iAS Single Sign-On server when Oracle9i Application Server is installed. However, when SSL is enabled on the Oracle9iAS Single Sign-On server after installation, the mod_osso
component must be registered again manually with the Oracle9iAS Single Sign-On server. This ensures that the Oracle9iAS Single Sign-On server listens for all requests on the SSL port. If this registration is not done, then the user will be redirected to the Oracle9iAS Single Sign-On page using HTTP rather than HTTPS.
Running the Oracle9iAS Single Sign-On registration tool updates the mod_osso
registration record in the osso.conf
file to reflect SSL settings on the Oracle9iAS Single Sign-On server. The Oracle9iAS Single Sign-On registration tool generates this file whenever it is run.
Before running this tool, you must remove all partner applications from the Oracle9iAS Single Sign-On server except the Oracle9iAS Single Sign-On server and Wireless. You will be re-creating these partner applications later on.
To remove the partner applications:
Log in to the Oracle9iAS Single Sign-On Administration as orcladmin
at:
For a single-box installation at:
https://webcacheipaddress/pls/orasso
For a distributed installation at:
https://infratierhostname/pls/orasso
Click SSO Server Administration, and then click Administer Partner Applications.
Delete all partner applications except the Oracle9iAS Single Sign-On server and Wireless.
To run the Oracle9iAS Single Sign-On registration tool, perform the following steps on your Infrastructure tier:
Update your LD_LIBRARY_PATH
environment variable as follows:
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib:$ORACLE_HOME/jlib export LD_LIBRARY_PATH
Run the Oracle9iAS Single Sign-On registration tool by running the following command.
Note: Replace the placeholder information (denoted by text in italic font) with the correct information for your environment. For example, for a single-box installation usewebcacheipaddress . For a distributed installation, use infratierhostname . |
$ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoreg.jar -oracle_home_path infrastructure $ORACLE_HOME -host infrastructure_hostname \ -port 1521 \ -sid iasdb \ -site_name infra_webcacheipaddress|infratierhostname \ -success_url https://webcacheipaddress|infratierhostname/osso_login_success \ -logout_url https://webcacheipaddress|infratierhostname/osso_logout_success \ -cancel_url https://webcacheipaddress|infratierhostname/ \ -home_url https://webcacheipaddress|infratierhostname/ \ -config_mod_osso TRUE \ -u root \ -sso_server_version v1.2
After the script is run, you should see the "SSO Registration Successful" message.
Restart the HTTP server for the Infrastructure tier by running the following commands:
dcmctl stop –ct ohs dcmctl start –ct ohs -v
To access the Oracle Delegated Administration Services interface over SSL, you must change the DAS URL within Oracle Internet Directory to use the HTTPS protocol rather than HTTP.
The high-level steps are as follows:
Change the Oracle Delegated Administration Services URL in the ldapserver (OIDADMIN)
for the attribute orcldasurlbase
in the context cn=OperationURLs, cn=DAS, cn=Products, cn=OracleContext
Update the orclbase
entry to reflect the HTTPS URL used for the Infrastructure. For a single-box installation use https://
webcacheipaddress
. For a distributed installation use https://
infratierhostname
. For example:
https://123.44.555.66 https://infratier_host.company.com
After changing the Oracle Delegated Administration Services URL in Oracle Internet Directory, stop and restart OC4J_DAS by running the following commands:
dcmctl stop -co OC4J_DAS dcmctl start -co OC4J_DAS -v
Your Infrastructure tier should now be configured to listen for requests on port 443 (SSL). Check the following URLs to confirm that you can access them without errors:
For a single-box installation:
https://webcacheipaddress/pls/orasso https://webcacheipaddress/oiddas https://webcacheipaddress:443
For a distributed installation:
https://infratierhostname/pls/orasso https://infratierhostname/oiddas https://infratierhostname:443