Skip Headers

Table of Contents Image Oracle® Application Server Single Sign-On Administrator's Guide
10g (9.0.4)
Part Number B10851-01
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Index
Index

Go to next page

Contents

Title and Copyright Information

List of Figures

List of Tables

Send Us Your Comments

Preface

Audience
Organization
Related Documentation
Conventions
Documentation Accessibility

What's New in OracleAS Single Sign-On?

New Features in OracleAS Single Sign-On
New Features in Oracle9iAS Single Sign-On

1 Components and Processes: an Overview

Key Components in the Single Sign-On System
Single Sign-On Server
Partner Applications
External Applications
mod_osso
Oracle Internet Directory
Oracle Identity Management Infrastructure
Single Sign-On Processes
Accessing the Single Sign-On Server
Accessing a Partner Application
Accessing an External Application
Accessing the External Applications Portlet in OracleAS Portal
Authenticating to an External Application for the First Time
Authenticating to an External Application After the First Time
Logging Out of an External Application
Single Sign-Off
Changing Passwords
Global User Inactivity Timeout
Signing On Using the Wireless Option

2 Basic Administration

The Single Sign-On Administrator's Role
Granting Administrative Privileges
policy.properties
Stopping and Starting Single Sign-On Components
Stopping and Starting the Oracle HTTP Server
Stopping and Starting the OC4J_SECURITY Instance
Stopping and Starting the Single Sign-On Middle Tier
Stopping and Starting All Components
Setting Browser Preferences for OracleAS Single Sign-On
Accessing the Administration Pages
Using the Edit SSO Server Page to Configure the Server
Configuring Globalization Support
Configuring the Global User Inactivity Timeout
Obtaining the Sample Files

3 Directory-Enabled Single Sign-On

Managing Users in Oracle Internet Directory
Password Policies
Password Rules
Configuring Password Life
Change Password Page Behavior
Password Has Expired
Password Is About to Expire
Grace Login Is in Force
Force Change Password
Configuring Account Lockout
Unlocking Users
Configuring Password Policies
Directory Tree for OracleAS Single Sign-On
Changing Single Sign-On Server Settings for Directory Access
Updating the Single Sign-On Server with Directory Changes

4 Configuring and Administering Partner Applications

Registering a Partner Application: What It Means
Registering mod_osso
Syntax and Parameters for ossoreg.jar
Command Example
Restarting the Oracle HTTP Server
Deploying Multiple Partner Applications with a Load Balancer
Usage Scenario
Configuration Steps
Installing the Partner Applications
Configuring the Oracle HTTP Servers on the Partner Application Middle Tiers
Configuring the HTTP Load Balancer
Reregistering mod_osso on the Partner Application Middle Tiers
Configuring mod_osso with Virtual Hosts

5 Configuring and Administering External Applications

Using the Interface to Deploy and Manage External Applications
Adding an External Application
Editing an External Application
Storing External Application Credentials in the Single Sign-On Database
Proxy Authentication for Basic Authentication Applications
Configuring the Oracle HTTP Server as a Proxy for Basic Authentication
Configuration Requirements
Configuration Steps

6 Multilevel Authentication

What Is Multilevel Authentication?
How Multilevel Authentication Works
Components of a Multilevel System
Authentication Levels
Authentication Plugins
Configuring Multilevel Authentication
Usage Scenario
Configuration Steps

7 Signing On with Digital Certificates

How Certificate-Enabled Authentication Works
System Requirements
Configuring the Single Sign-On System for Certificates
Oracle HTTP Server
Setting SSL Parameters
Choosing a Certificate Authority
Single Sign-On Server
Configure the Server to Receive Parameters for Client Certificates
Configure policy.properties with the Default Authentication Plugin
Modify the Configuration File for the Authentication Plugin (Optional)
Customize the User Name Mapping Module (Optional)
Restart the Single Sign-On Middle Tier
Oracle Internet Directory
Maintaining a Certificate Revocation List

8 Windows Native Authentication

Overview of Windows Native Authentication
How Windows Native Authentication Works
System Requirements
Configuring Windows Native Authentication
Verify That Microsoft Active Directory Is Set Up and Working
Install Oracle Internet Directory and OracleAS Single Sign-On
Synchronize Oracle Internet Directory with Microsoft Active Directory
Configure Oracle Internet Directory to Use Windows Authentication Plugin
Configure the Single Sign-On Server
Set Up a Kerberos Service Account for the Single Sign-On Server
Configure the Single Sign-On Server to Use the Sun JAAS Login Module
Configure the Single Sign-On Server as a Secured Application
Configure the End User Browser
Internet Explorer 5.0 and Greater
Internet Explorer 6.0 Only
Fallback Authentication
Login Scenarios

9 Advanced Configurations

Enabling SSL
Enable SSL on the Single Sign-On Middle Tier
Reconfigure the Identity Management Infrastructure Database
Protect Single Sign-On URLs
URLs for Java Links
URLs for PL/SQL Links
Restart the Oracle HTTP Server and the Single Sign-On Middle Tier
Reregister Partner Applications
Configuring SSL Between the Single Sign-On Server and Oracle Internet Directory
Deployment Scenarios
One Single Sign-On Middle Tier, One Oracle Internet Directory
Multiple Single Sign-On Middle Tiers, One Oracle Internet Directory
Usage Scenario
Configuration Steps
Using OracleAS Active Failover Clusters for the Identity Management Infrastructure
Usage Scenarios and Configuration Steps
Multiple Single Sign-On Middle Tiers, Replicated Oracle Internet Directory
Usage Scenario
Configuration Steps
Multiple, Geographically Distributed Single Sign-On Instances
Usage Scenario
Configuration Steps
Other High Availability Deployments
OracleAS Cold Failover Cluster
Disaster Recovery
Backup and Recovery
Replicating the Identity Management Database
The Replication Mechanism
Configuring the Identity Management Database for Replication
Adding a Node to a Replication Group
Deleting a Node from a Replication Group
Deploying OracleAS Single Sign-On with a Proxy Server
Turn Off IP Checking
Enable the Proxy Server
Setting Up Directory Synchronization for User Nickname Changes

10 Enabling Support for Application Service Providers

Application Service Providers: Deciding to Deploy Multiple Realms
Setting Up and Enabling Multiple Realms
How the Single Sign-On Server Enables Authentication to Multiple Realms
Locating Realms in Oracle Internet Directory
Validating Realm-Affiliated Users to Partner Applications
Configuring the Single Sign-On Server for Multiple Realms
Granting Administrative Privileges for Multiple Realms

11 Monitoring the Single Sign-On Server

Accessing the Monitoring Pages
Interpreting and Using the Home Page on the Standalone Console
Interpreting and Using the Details of Login Failures Page
Updating the Port Property for the Single Sign-On Monitoring Target

12 Creating Deployment-Specific Pages

How the Single Sign-On Server Uses Deployment-Specific Pages
How to Write Deployment-Specific Pages
Login Page Parameters
Forgot My Password
Change Password Page Parameters
Single Sign-Off Page Parameters
Page Error Codes
Login Page Error Codes
Change Password Page Error Codes
Adding Globalization Support
Deciding What Language to Display the Page In
Use the Accept-Language Header to Determine the Page
Use Page Logic to Determine the Language
Rendering the Page
Guidelines for Deployment-Specific Pages
Installing Deployment-Specific Pages
Using policy.properties to Install Login and Change Password Pages
Using policy.properties to Install Wireless Login and Change Password Pages
Using WWSSO_LS_CONFIGURATION$ to Install the Single Sign-Off Page
Examples of Deployment-Specific Pages

13 Integrating with Third-Party Access Management Systems

How Third-Party Access Management Works
Scenario 1: The user has not yet authenticated to the third-party server
Scenario 2: The user has already authenticated to the third-party server
Synchronizing the Third-Party Repository with Oracle Internet Directory
Third-Party Integration Modules
Authentication Using a Token
Set External Cookies
Integration Case Study: Third-Party Access Manager
Sample Integration Package
Logging Out of the Integrated System
Migrating the Release 9.0.2 Sample Implementation to Release 9.0.4
New Authentication Interface
Get User Name from HTTP Header
Error Handling if User Name Not Present
Get User Name from HTTP Header
Return User Name to Single Sign-On Server

14 Exporting and Importing Data

What's Exported and Imported?
Export and Import Script: Syntax and Parameters
Script Syntax
Script Parameters
Exporting Data from One Server to Another
Export and Import Scenarios and Script Examples
Export Scenarios
Import Scenarios
Running the Script
Verifying that Export and Import Succeeded
Consolidating Multiple Servers
Error Messages

A Troubleshooting

Log Files
Error Messages and Other Problems
Basic Error Messages and Problems
Windows Native Authentication
Certificate Authentication
Debugging certificate sign-on
Error Messages
Password Policies
Increasing the Debug Level
Enabling the Debug Option on the Single Sign-On Database
Enabling LDAP Tracing for UI Operations
Refreshing the LDAP Connection Cache
Restarting OC4J After Modifying Oracle Internet Directory
Troubleshooting Replication
Verifying Oracle9i Advanced Replication Configuration
Verifying and Rectifying Oracle9i Advanced Replication Configuration

B Obtaining the Single Sign-On Schema Password

C policy.properties

Glossary

Index

Go to next page
Oracle
Copyright © 1996, 2003 Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Solution Area		 Go To Index
Index