Oracle® Application Server Release Notes 10g Release 2 (10.1.2) for hp-ux Itanium B25195-09 |
|
Previous |
Next |
This chapter describes issues associated with Oracle Application Server Single Sign-On (OracleAS Single Sign-On). It includes the following topic:
This section describes configuration issues and their workarounds for Oracle Application Server Single Sign-On. It includes the following topic:
Section 24.1.3, "Additional High Availability Configuration Instructions"
Section 24.1.4, "Issues and Workarounds Related to the Oracle Database"
This section contains the following topic:
The "Single sign-on session duration" parameter should not be set to less than one hour. For more information on setting this parameter, refer to the section titled "Using the Edit SSO Server Page to Configure the Server," in Chapter 2, "Basic Administration," in Oracle Application Server Single Sign-On Administrator's Guide.
This section describes browser-related issues for Oracle Application Server Single Sign-On. It contains the following topic:
This problem prevents you from making changes to Oracle Application Server Single Sign-On server configuration . The problem is observed in the following circumstance:
You are using the Internet Explorer 6 browser on a platform running Microsoft Windows Service Pack 2.
In the OracleAS Single Sign-On administration pages, you click Edit SSO Server Configuration.
Try to change server properties like session duration. Click Apply.
There is no response from the browser.
Note: Other versions of the browser, such as Internet Explorer 7, do not exhibit this problem. |
To resolve the problem, you need to add the OracleAS Single Sign-On server to the list of trusted websites after you apply Windows SP2.
Take these steps:
In Internet Explorer, click Tools, then Internet Options.
Click on the Security tab and choose Trusted Sites.
Click on the Sites button, and add the address of the OracleAS Single Sign-On server site to the list of trusted sites.
Additional configuration steps are required after OracleAS Infrastructure is installed with the "OracleAS Cluster (Identity Management)" option. There are two sets of instructions to follow:
The first set of instructions, in Section 24.1.3.1, "Update the mod_rewrite Entry for SSO", must be followed in all cases.
The second set of instructions, Section 24.1.3.2, "Update targets.xml", are needed in only one installation case as described in that section.
Take the following steps:
Back up the sso_apache.conf
file:
cp ORACLE_HOME/sso/conf/sso_apache.conf ORACLE_HOME/sso/conf/sso_apache.conf.BACKUP
Edit the file. Locate the mod_rewrite entry that contains the following text:
<IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^/pls/orasso/orasso.wwsso_app_admin.ls_login$ /sso/auth [PT] </IfModule>
Add the following line:
RewriteRule ^/pls/orasso/orasso.home$ PROTOCOL: //LBR_HOST:LBR_PORT/pls/orasso/orasso.home [R,L]
replacing the placeholders in italics with the following values:
Replace LBR_HOST with the full hostname for the HTTP load balancer.
Replace LBR_PORT with the SSL listening port. If SSL is enabled, enter the SSL port value. If using the default ports of 80 or 443, do not specify a port value.
Replace PROTOCOL with either HTTPS
(if using the SSL port) or HTTP
(if using the non-SSL port).
For example, the entry might look like this when using a non-default SSL port:
<IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^/pls/orasso/orasso.wwsso_app_admin.ls_login$ /sso/auth [PT] RewriteRule ^/pls/orasso/orasso.home$ https: //lbr.mydomain.com:4443/pls/orasso/orasso.home [R,L] </IfModule>
As another example, the entry might look like this when using a default SSL port:
<IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^/pls/orasso/orasso.wwsso_app_admin.ls_login$ /sso/auth [PT] RewriteRule ^/pls/orasso/orasso.home$ https: //lbr.mydomain.com/pls/orasso/orasso.home [R,L] </IfModule>
Save and close the file.
Restart Oracle HTTP Server.
The following configuration steps are needed only in the installation scenario where communications between clients and the load balancer use HTTPS, and communications between the load balancer and Oracle HTTP Server also use HTTPS:
Client ---[HTTPS]---> Load Balancer ---[HTTPS]---> Oracle HTTP Server
In this case the oracle_sso_server
entry in the targets.xml
file, on each physical host of the cluster, must be reconfigured to monitor the local SSL port.
Note: Keep in mind that the hostname should remain the same. Do not change the hostname. |
Perform the following steps to update targets.xml
on each node of the cluster:
Back up the targets.xml
file:
cp ORACLE_HOME/sysman/emd/targets.xml ORACLE_HOME/sysman/emd/targets.xml.BACKUP
Open the file and find the oracle_sso_server
target type. Within this target entry, locate and edit the following two attributes:
HTTPPort - the server SSL port number
HTTPProtocol - the server protocol, which in this case is HTTPS
For example, you could update the two attributes this way:
<Property NAME="HTTPPort" VALUE="4443"/> <Property NAME="HTTPProtocol" VALUE="HTTPS"/>
Save and close the file.
Reload the OracleAS console:
ORACLE_HOME/bin/emctl reload
This section describes issues and workarounds for Oracle Application Server Single Sign-On that are triggered by the Oracle Database. It includes the following topic:
After upgrading your Metadata Repository from Oracle Database 9.2.0.6 to 10.1.x, the following error is reported on the Discoverer Plus Connection pages, the Discoverer Viewer Connection pages, and the Public Connection definition page in Application Server Control:
The connection list is currently unavailable. ORA-06510: PL/SQL: unhandled user-defined exception ORA-06512: at "ORASSO.WWSSO_API_PRIVATE," line 258 ORA-06510: PL/SQL: unhandled user-defined exception ORA-06512: at "ORASSO.WWSSO_UTL" line 728 ORA-28231: no data passed to obfuscation toolkit ORA-06512: at line 1 Unable to retrieve connection list
The same problem will be encountered with external applications on the server hosting Oracle Application Server Single Sign-On.
To resolve this issue, make the following changes in your Metadata Repository Database:
Edit the init%ORACLE_SID%.ora
file in the following location:
Windows—DB_install_home
/database/
Linux—DB_install_home
/dbs
Add the following line to this file:
event="10946 trace name context forever, level 36"
If an spfile%ORACLE_SID%.ora
exists in either the dbs
folder or the database
folder, rename the file to spfile%ORACLE_SID%.bak
.
Changes to init%ORACLE_SID%.ora
are not loaded if the database server finds an spfile.
Log in as a sysadmin.
At the SQL prompt, shut down then start up the database server.
Restart the Discoverer server using the command opmnctl restartall
.