Skip Headers
Oracle® Collaboration Suite SSL Configuration
Release 2 (9.0.4)
Part Number B15611-01
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Master Index
Master Index		 Go to Feedback page
Feedback
Go to previous page
Previous		 Go to next page
Next
View PDF

6 Configuring SSL for the Infrastructure

This chapter explains how to configure SSL connections to the Oracle Collaboration Suite Infrastructure, which includes the Oracle9iAS Single Sign-On server and Oracle Delegated Administration Services. This involves the following steps:

6.1 Reregistering HTTP Server with Oracle9iAS Single Sign-On Server

The Oracle9iAS Single Sign-On module for the Oracle HTTP Server, mod_osso, is registered automatically with the Oracle9iAS Single Sign-On server when Oracle9i Application Server is installed. However, when SSL is enabled on the Oracle9iAS Single Sign-On server after installation, the mod_osso component must be registered again manually with the Oracle9iAS Single Sign-On server. This ensures that the Oracle9iAS Single Sign-On server listens for all requests on the SSL port. If this registration is not done, then the user will be redirected to the Oracle9iAS Single Sign-On page using HTTP rather than HTTPS.

Running the Oracle9iAS Single Sign-On registration tool updates the mod_osso registration record in the osso.conf file to reflect SSL settings on the Oracle9iAS Single Sign-On server. The Oracle9iAS Single Sign-On registration tool generates this file whenever it is run.

Before running this tool, you must remove all partner applications from the Oracle9iAS Single Sign-On server except the Oracle9iAS Single Sign-On server and Wireless. You will be re-creating these partner applications later on.

To remove the partner applications:

  1. Log in to the Oracle9iAS Single Sign-On Administration as orcladmin at:

    For a single-box installation at:

    https://webcacheipaddress/pls/orasso

    For a distributed installation at:

    https://infratierhostname/pls/orasso

  2. Click SSO Server Administration, and then click Administer Partner Applications.

  3. Delete all partner applications except the Oracle9iAS Single Sign-On server and Wireless.

To run the Oracle9iAS Single Sign-On registration tool, perform the following steps on your Infrastructure tier:

  1. Update your LD_LIBRARY_PATH environment variable as follows:

    LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib:$ORACLE_HOME/jlib
export LD_LIBRARY_PATH

  2. Run the Oracle9iAS Single Sign-On registration tool by running the following command.


    Note:

    Replace the placeholder information (denoted by text in italic font) with the correct information for your environment. For example, for a single-box installation use webcacheipaddress. For a distributed installation, use infratierhostname.    		 

    $ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoreg.jar
-oracle_home_path infrastructure $ORACLE_HOME
-host infrastructure_hostname \
-port 1521 \
-sid iasdb \
-site_name infra_webcacheipaddress|infratierhostname \
-success_url https://webcacheipaddress|infratierhostname/osso_login_success \
-logout_url https://webcacheipaddress|infratierhostname/osso_logout_success \
-cancel_url https://webcacheipaddress|infratierhostname/ \
-home_url https://webcacheipaddress|infratierhostname/ \
-config_mod_osso TRUE \
-u root \
-sso_server_version v1.2

  3. After the script is run, you should see the "SSO Registration Successful" message.

  4. Restart the HTTP server for the Infrastructure tier by running the following commands:

    dcmctl stop –ct ohs
dcmctl start –ct ohs -v

6.2 Changing the Oracle Delegated Administration Services URL

To access the Oracle Delegated Administration Services interface over SSL, you must change the DAS URL within Oracle Internet Directory to use the HTTPS protocol rather than HTTP.


See Also:

Oracle Internet Directory Administrator's Guide

The high-level steps are as follows:

  1. Change the Oracle Delegated Administration Services URL in the ldapserver (OIDADMIN) for the attribute orcldasurlbase in the context cn=OperationURLs, cn=DAS, cn=Products, cn=OracleContext

  2. Update the orclbase entry to reflect the HTTPS URL used for the Infrastructure. For a single-box installation use https://webcacheipaddress. For a distributed installation use https://infratierhostname. For example:

    https://123.44.555.66
https://infratier_host.company.com

  3. After changing the Oracle Delegated Administration Services URL in Oracle Internet Directory, stop and restart OC4J_DAS by running the following commands:

    dcmctl stop -co OC4J_DAS
dcmctl start -co OC4J_DAS -v

  4. Your Infrastructure tier should now be configured to listen for requests on port 443 (SSL). Check the following URLs to confirm that you can access them without errors:

    For a single-box installation:

    https://webcacheipaddress/pls/orasso
https://webcacheipaddress/oiddas
https://webcacheipaddress:443

    For a distributed installation:

    https://infratierhostname/pls/orasso
https://infratierhostname/oiddas
https://infratierhostname:443
Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Master Index
Master Index		 Go to Feedback page
Feedback