5 Installing and Configuring Oracle Single Sign-On and Oracle Delegated Administration Services

Installing the Oracle HTTP Servers on WEBHOST3 and WEBHOST4

Installing and Configuring Oracle Single Sign-On

Reconfiguring Oracle Single Sign-On and Oracle Delegated Administration Services with the Oracle HTTP Servers

Configuring Session State Replication for the OC4J_SECURITY Instance

Disabling the Oracle HTTP Server on the Identity Management Tier

5.1 Setting up the Load Balancing Router

Before installing the Identity Management components, you must set up the Load Balancing Router to listen for requests to sso.mycompany.com on port 443 (https), and balance the requests to the Oracle HTTP Servers' listening port 7777 (http). The Load Balancing Router should perform the protocol conversion, and must be configured for persistent HTTP sessions.

5.2 Installing the Oracle HTTP Servers on WEBHOST3 and WEBHOST4

Use the Advanced option of the Oracle Universal Installer to install the Oracle HTTP Server instances.

Ensure that the system, patch, kernel and other requirements are met as specified in the Oracle Application Server Installation Guide for the platform you are using. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Copy the staticports.ini file from the Disk1/stage/Response directory to a local directory, such as TMP. You will provide the path to this file during installation.
Edit the staticport.ini file to assign the following custom ports:
```
Oracle HTTP Server port = 7777
```
Note:
Ensure that these ports are not already in use by any other service on the computer. Using the Static Ports feature to install the the Application Server Tier ensures that the port assignments will be consistent, if the ports are correctly specified in the file and the port is not already in use. If a port is incorrectly specified, the Oracle Universal Installer will assign the default port. If a port is already in use, the Oracle Universal Installer will select the next available port.
Start the Oracle Universal Installer as follows:

On UNIX, issue this command: runInstaller

On Windows, double-click setup.exe

The Oracle Application Server 10.1.3.1.0 Installation screen appears.
Specify an installation directory for the instance.
Select Advanced Installation Mode.
Click Install.

The Select Installation Type screen appears.
Select Web Server and click Next.

The Specify Port Configuration Options screen appears.
Select Manual, specify the location of the staticports.ini file, and click Next.

The Specify Instance Name screen appears.
Specify the instance name and click Next.

The Cluster Topology Configuration screen appears.
Check the box to configure the instance to be part of an Oracle Application Server cluster.
Specify the multicast address and port.

Note:
An example of a multicast address is 225.0.0.20, with port 8001. The address and port should be the same for each computer in a farm.
Click Next.

The Summary Screen apears.
click install.
The Configuration Assistants screen appears. When the configuration process completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
Verify that the installation was successful by viewing the Oracle HTTP Server instance. Start a browser and access:

http://hostname:7777

Note:
The ORACLE_HOME/install/readme.txt file contains the URLs for the installation and a command to verify the status of processes.

5.2.1 Renaming Apache 2.0 Web Server Instances

If you installed the Oracle HTTP Server based on Apache 2.0 from the Companion CD on WEBHOST3 and WEBHOST4, the instance name on both computers will be the default name assigned by the installer. In a cluster, you will want the instance names to be unique when you view the instances with the opmnctl @cluster status command. Follow these steps to rename an instance:

Stop the instance by issuing this command:

opmnctl stopall
Modify the ORACLE_HOME/opmn/conf/opmn.xml file to change the instance id and name as shown:
```
<ias-instance id="IAS-1 
 name="IAS-1">
```
Replace both occurrences of the existing instance name (IAS-1 in the example) with a unique instance name.
Save and close the file.
Restart the instance by issuing this command:

opmnctl startall

5.2.2 Configuring the Oracle HTTP Server with the Load Balancing Router

The Load Balancing Router (soa.mycompany.com, shown in Figure 1-1, "mySOACompany with JSSO and Oracle Internet Directory") must be configured to receive client requests and balance them to the two Oracle HTTP Server instances on the Web tier. See the load balancing router documentation for instructions on configuring the load balancer, and follow the instructions in this section configure the Oracle HTTP Server.

Incoming requests must be associated with the Load Balancing Router hostname and port in the mySOACompany configuration. To configure this, perform these steps on WEBHOST3 and WEBHOST4:

Open the Oracle HTTP Server configuration file:

Apache 1.3:

ORACLE_HOME/Apache/Apache/conf/httpd.conf

Apache 2.0:

ORACLE_HOME/ohs/conf/httpd.conf

Perform the following steps:

Add the LoadModule certheaders_module directive for the appropriate platform.

UNIX Apache 1.3:

LoadModule certheaders_module libexec/mod_certheaders.so

UNIX Apache 2.0; use this directive if you plan to use Apache 2.0 on UNIX:

LoadModule certheaders_module modules/mod_certheaders.so

Windows:

LoadModule certheaders_module modules/ApacheModuleCertHeaders.dll

Add the lines shown for the Apache version you are using to create a NameVirtualHost directive and a VirtualHost container for soa.mycompany.com and port 443.

Apache 1.3:

NameVirtualHost *:7777
<VirtualHost *:7777>
  ServerName soa.mycompany.com
  Port 7777
  ServerAdmin you@your.address 
  RewriteEngine On 
  RewriteOptions inherit
</VirtualHost>

NameVirtualHost *:7777
<VirtualHost *:7777>
  ServerName soa.mycompany.com:443
  Port 443
  ServerAdmin you@your.address
  RewriteEngine On 
  RewriteOptions inherit
  SimulateHttps On
</VirtualHost>

Apache 2.0 (UNIX):

NameVirtualHost *:7777
<VirtualHost *:7777>
  ServerName soa.mycompany.com:7777
  ServerAdmin you@your.address 
  RewriteEngine On 
  RewriteOptions inherit
</VirtualHost>

NameVirtualHost *:7777
<VirtualHost *:7777>
  ServerName soa.mycompany.com:443
  ServerAdmin you@your.address
  RewriteEngine On 
  RewriteOptions inherit
  SimulateHttps On
</VirtualHost>

Notes:

The LoadModule directives (in particular, the LoadModule rewrite_module directive) must appear in the httpd.conf file at a location preceding the VirtualHost directives. The server must load all modules before it can execute the directives in the VirtualHost container.

It is a good idea to create the VirtualHost directives at the end of the httpd.conf file.

The LoadModule rewrite_module directive must appear before the LoadModule certheaders_module directive.

Save the httpd.conf file.
Restart the components using these commands in ORACLE_HOME/opmn/bin:

opmnctl stopall

opmnctl startall
Verify that you can access these URLs:

http://soa.mycompany.com:7777/j2ee

https://soa.mycompany.com/j2ee

5.2.3 Configuring the esbd.myco.com URL for Internal Use

The Load Balancing Router must be configured to provide internal access to the ESBD instances on the Web tier. See the load balancing router documentation for instructions on configuring the load balancer, and follow the instructions in this section configure the Oracle HTTP Server for this URL.

Incoming requests must be associated with the Load Balancing Router hostname and port in the mySOACompany configuration. To configure this, perform these steps on WEBHOST3 and WEBHOST4:

Open the Oracle HTTP Server configuration file:

Apache 1.3:

ORACLE_HOME/Apache/Apache/conf/httpd.conf

Apache 2.0:

ORACLE_HOME/ohs/conf/httpd.conf
Perform the following steps:
1. Add the LoadModule certheaders_module directive for the appropriate platform.
  
  UNIX Apache 1.3:
```
LoadModule certheaders_module libexec/mod_certheaders.so
```
  UNIX Apache 2.0; use this directive if you plan to use Apache 2.0 on UNIX:
```
LoadModule certheaders_module modules/mod_certheaders.so
```
  Windows:
```
LoadModule certheaders_module modules/ApacheModuleCertHeaders.dll
```
2. Add the lines shown for the Apache version you are using to create a NameVirtualHost directive and a VirtualHost container for esb.mycompany.com.
  
  Apache 1.3:
```
NameVirtualHost *:7777
<VirtualHost *:7777>
  ServerName esbd.myco.com
  Port 7777
  ServerAdmin you@your.address 
  RewriteEngine On 
  RewriteOptions inherit
</VirtualHost> 
```
  Apache 2.0 (UNIX):
```
NameVirtualHost *:7777
<VirtualHost *:7777>
  ServerName esbd.myco.com:7777
  ServerAdmin you@your.address 
  RewriteEngine On 
  RewriteOptions inherit
</VirtualHost> 
```
  Notes:
  The LoadModule directives (in particular, the LoadModule rewrite_module directive) must appear in the httpd.conf file at a location preceding the VirtualHost directives. The server must load all modules before it can execute the directives in the VirtualHost container.
  It is a good idea to create the VirtualHost directives at the end of the httpd.conf file.
  
  The LoadModule rewrite_module directive must appear before the LoadModule certheaders_module directive.
Save the httpd.conf file.
Restart the components using these commands in ORACLE_HOME/opmn/bin:

opmnctl stopall

opmnctl startall
Verify that you can access these URLs:

http://esbd.myco.com:7777/j2ee

https://esbd.myco.com/j2ee

5.3 Installing and Configuring Oracle Single Sign-On

Follow these steps to install the Identity Management components and configure Oracle Single Sign-On on IDMHOST1 and IDMHOST2.

5.3.1 Installing the First Identity Management Configuration

Follow these steps to install Identity Management on IDMHOST1:

Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Application Server Quick Installation Guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Copy the staticport.ini file from the Disk1/stage/Response directory to the Oracle home directory.

Edit the staticport.ini file and uncomment these entries:

Oracle HTTP Server port = 7777
Oracle HTTP Server Listen port = 7777
Application Server Control port = 1810

Start the Oracle Universal Installer as follows:

On UNIX, issue this command: runInstaller

On Windows, double-click setup.exe

The Welcome screen appears.
Click Next.

On UNIX systems, the Specify Inventory Directory and Credentials screen appears.
Specify the directory you want to be the oraInventory directory and the operating system group that has permission to write to it.
Click Next.

On UNIX systems, a dialog appears, prompting you to run the oraInstRoot.sh script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.

The Specify File Locations screen appears with default locations for:
- The product files for the installation (Source)
- The name and path to an Oracle home (Destination)
  
  Note:
  Ensure that the Oracle home directory path for IDMHOST1 is the same as the path to the Oracle home location of IDMHOST2. For example, if the path to the Oracle home on IDMHOST1 is:
  /u01/app/oracle/product/AS10gSSO
  
  then the path to the Oracle home on IDMHOST2 must be:
  
  /u01/app/oracle/product/AS10gSSO
Specify the Destination Name and Path, if different from the default, and click Next.

The Select a Product to Install screen appears.
Select OracleAS Infrastructure 10g and click Next.

The Select Installation Type screen appears.
Select Identity Management and click Next.

The Confirm Pre-Installation Requirements screen appears.
Ensure that the requirements are met and click Next.

The Select Configuration Options screen appears.
Select Oracle Single Sign-On, Oracle Delegated Administration Services, and High Availability and Replication

The Specify Port Configuration Options screen appears.
Select Manual, specify the location of the staticports.ini file, and click Next.

The Select High Availability Option screen appears.
Select OracleAS Cluster (Identity Management) and click Next.

The Create or Join an OracleAS Cluster (Identity Management) screen appears.
Select Create a New OracleAS Cluster and click Next.

The Specify New OracleAS Cluster Name screen appears.
Complete the New OracleAS Cluster Name field with a name for the cluster and click Next.

Note:
Write down the cluster name. You will need to provide it in subsequent installations of instances that will join the cluster.

The Specify LDAP Virtual Host and Ports screen appears.
Enter the name of the Load Balancing Router, the SSL port, and the non-SSL port.
Click Next.

The Specify OID Login screen appears.
Complete the fields and click Next.

The Specify HTTP Load Balancer and Listen Ports screen appears.
Enter the listen port of the HTTP Server and the host name and port of the HTTP Load Balancer, enabling the SSL option for the load balancer.
Click Next.

The Specify Instance Name and ias_admin Password screen appears.
Specify the instance name and password and click Next.

The Summary screen appears.
Review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install.

The Install screen appears with a progress bar. On UNIX systems, a dialog opens prompting you to run the root.sh script.
Open a window and run the script.

The Configuration Assistants screen appears. Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.

5.3.2 Testing the Identity Management Components With Oracle Internet Directory

Follow these steps to test the first Identity Management installation with the Oracle Internet Directory:

Stop all components on OIDHOST1, using this command:

ORACLE_HOME/opmn/bin/opmnctl stopall
Ensure that all components on OIDHOST2 are running:

ORACLE_HOME/opmn/bin/opmnctl status
Access the following URL:

https://IDMHOST1.mycompany.com/pls/orasso
Stop all components on OIDHOST2, using this command:

ORACLE_HOME/opmn/bin/opmnctl stopall
Ensure that all components on OIDHOST1 are running:

ORACLE_HOME/opmn/bin/opmnctl status
Access the following URL:

https://IDMHOST2.mycompany.com/pls/orasso

5.3.3 Installing the Second Identity Management Configuration

Follow these steps to install Identity Management on IDMHOST2:

Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Application Server Quick Installation Guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Copy the staticport.ini file from the Disk1/stage/Response directory to the Oracle home directory.

Edit the staticport.ini file and uncomment these entries:

Oracle HTTP Server port = 7777
Oracle HTTP Server Listen port = 7777
Application Server Control port = 1810

Start the Oracle Universal Installer as follows:

On UNIX, issue this command: runInstaller

On Windows, double-click setup.exe

The Welcome screen appears.
Click Next.

On UNIX systems, the Specify Inventory Directory and Credentials screen appears.
Specify the directory you want to be the oraInventory directory and the operating system group that has permission to write to it.
Click Next.

On UNIX systems, a dialog appears, prompting you to run the oraInstRoot.sh script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.

The Specify File Locations screen appears with default locations for:
- The product files for the installation (Source)
- The name and path to an Oracle home (Destination)
  
  Note:
  Ensure that the Oracle home directory path for IDMHOST1 is the same as the path to the Oracle home location of IDMHOST2. For example, if the path to the Oracle home on IDMHOST1 is:
  /u01/app/oracle/product/AS10gSSO
  
  then the path to the Oracle home on IDMHOST2 must be:
  
  /u01/app/oracle/product/AS10gSSO
Specify the Destination Name and Path, if different from the default, and click Next.

The Select a Product to Install screen appears.
Select OracleAS Infrastructure 10g, and click Next.

The Select Installation Type screen appears.
Select Identity Management and click Next.

The Confirm Pre-Installation Requirements screen appears.
Ensure that the requirements are met and click Next.

The Select Configuration Options screen appears.
Select Oracle Single Sign-On, Oracle Delegated Administration Services, and High Availability and Replication.
Click Next.

The Select High Availability Option screen appears.
Select OracleAS Cluster (Identity Management) and click Next.

The Create or Join an OracleAS Cluster (Identity Management) screen appears.
Select Join an Existing OracleAS Cluster and click Next.

The Specify Existing OracleAS Cluster Name screen appears.
Complete the Existing OracleAS Cluster Name field with the name you provided for the cluster when installing the first instance and click Next.

The Specify LDAP Virtual Host and Ports screen appears.
Enter the name of the Load Balancing Router, the SSL port, and the non-SSL port.
Click Next.

The Specify OID Login screen appears.
Complete the fields and click Next.

The Specify HTTP Load Balancer and Listen Ports screen appears.
Enter the listen port of the HTTP Server and the host name and port of the HTTP Load Balancer, enabling the SSL option for the load balancer.
Click Next.

The Specify Instance Name and ias_admin Password screen appears.
Specify the instance name and password and click Next.

The Summary screen appears.
Review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install.

The Install screen appears with a progress bar. On UNIX systems, a dialog opens prompting you to run the root.sh script.
Open a window and run the script.

The Configuration Assistants screen appears. Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
Repeat the tests in Section 5.3.2, "Testing the Identity Management Components With Oracle Internet Directory".

5.4 Reconfiguring Oracle Single Sign-On and Oracle Delegated Administration Services with the Oracle HTTP Servers

Follow the steps in this section to reconfigure Oracle Single Sign-On and Oracle Delegated Administration Services.

Ensure that:
- The Oracle Identity Management instance is started (status is Up).
- You have the Oracle Internet Directory host and port numbers.
- You have the password for cn=orcladmin, or another user who is a member of the iASAdmins group
Issue the command ssocfg.sh (UNIX) or (Windows) in IDMHOST1_ORACLE_HOME/sso/bin and IDMHOST2_ORACLE_HOME/sso/bin:

ssocfg.sh https sso.mycompany.com 443

In the preceding command, sso.mycompany.com is the VIP hostname for the Load Balancing Router.
On IDMHOST1 and IDMHOST2, set the environment variables ORACLE_HOME and ORACLE_SID.
Issue the command ssoreg.sh (UNIX), or ssoreg.bat (Windows) in IDMHOST1_ORACLE_HOME/sso/bin:

ssoreg.sh -oracle_home_path $ORACLE_HOME

-config_mod_osso TRUE

-site_name sso.mycompany.com:443

-remote_midtier

-config_file $ORACLE_HOME/Apache/Apache/conf/osso/myosso.conf

-mod_osso_url https://sso.mycompany.com:443

In the example, myossof.conf is the name of the resulting obfuscated osso configuration file created.
Copy the myosso.conf file to WEBHOST3_ORACLE_HOME/Apache/Apache/conf/osso and WEBHOST4_ORACLE_HOME/Apache/Apache/conf/osso.
Configure mod_osso by following the instructions for the Oracle HTTP Server version in use:

Release 3 (10.1.3):
1. Issue this command on WEBHOST3 and WEBHOST4:
  
  (UNIX) ORACLE_HOME/Apache/Apache/bin/osso1013 config_file
  
  (Windows) perl ORACLE_HOME/Apache/Apache/bin/osso1013 config_file
Release 3 (10.1.2):
1. Copy the obfuscated osso configuration file created in Step 4 to the ORACLE_HOME/Apache/Apache/conf/osso directory in WEBHOST3 and WEBHOST4:
2. Modify the ORACLE_HOME/Apache/Apache/conf/httpd.conf file by uncommenting the Include mod_osso.conf directive.
3. Modify the ORACLE_HOME/Apache/Apache/conf/mod_osso.conf file to add this directive:
```
OssoConfigFile $ORACLE_HOME/Apache/Apache/conf/osso/osso.conf
```
Copy the IDMHOST1_ORACLE_HOME/sso/conf/sso_apache.conf file to WEBHOST3.
Modify the WEBHOST3_ORACLE_HOME/Apache/Apache/conf/httpd.conf file to add this directive:
```
Include sso_apache.conf
```
Modify the sso_apache.conf file on WEBHOST3 to enable the SSL section and comment out the rewrite section (only the section shown in the example is enabled).
```
<IfDefine SSL>
   Oc4jExtractSSL on
   <Location /sso>
       SSLOptions +ExportCertData +StdEnvVars
   </Location>
</IfDefine>
```
Copy the sso_apache.conf file from WEBHOST3 to WEBHOST4.
Modify the WEBHOST4_ORACLE_HOME/Apache/Apache/conf/httpd.conf file to add this directive:
```
Include sso_apache.conf
```
Use these commands to identify the AJP port on IDMHOST1 and IDMHOST2:

IDMHOST1_ORACLE_HOME/opmn/bin/opmnctl status -l

IDMHOST2_ORACLE_HOME/opmn/bin/opmnctl status -l

Modify the WEBHOST3_ORACLE_HOME/Apache/Apache/conf/mod_oc4j.conf and WEBHOST4_ORACLE_HOME/Apache/Apache/conf/mod_oc4j.conf files by substituting the port values obtained in Step 21 for AJP port 1 and AJP port 2 in the Oc4jMount directives). This configuration directs Oracle Single Sign-On and Oracle Delegated Administration Services requests to the identity management server using the AJP protocol.

<IfModule mod_oc4j.c>
...
Oc4jMount /oiddas ajp13://IDMHOST1:AJP port1,IDMHOST2:AJP port2
Oc4jMount /oiddas/* ajp13://IDMHOST1:AJP port1,IDMHOST2:AJP port2
Oc4jMount /sso ajp13://IDMHOST1:AJP port1,IDMHOST2:AJP port2
Oc4jMount /sso/* ajp13://IDMHOST1:AJP port1,IDMHOST2:AJP port2
Oc4jMount /ssohelp ajp13://IDMHOST1:AJP port1,IDMHOST2:AJP port2
Oc4jMount /ssohelp/* ajp13://IDMHOST1:AJP port1,IDMHOST2:AJP port2
Oc4jMount /pls ajp13://IDMHOST1:AJP port1,IDMHOST2:AJP port2
Oc4jMount /pls/* ajp13://IDMHOST1:AJP port1,IDMHOST2:AJP port2
...
</IfModule>

Configure Oracle Delegated Administration Services by adding the following to WEBHOST3_ORACLE_HOME/Apache/Apache/conf/mod_osso.conf:

<IfModule mod_osso.c>
# for oiddas protected region
  <Location /oiddas/ui/oracle/ldap/das>
   require valid-user
   AuthType Basic
  </Location>
</IfModule>
<IfModule mod_alias.c>
# Define the alias which maps the "/uixi/" URI to
# the current version of the UIX installables
  Alias /uixi/ "ORACLE_HOME/uix/cabo/"
# Turn on browser caching for the UIX installables
  <Location /uixi>
# Use mod_headers to set the cache-control header
   Header set cache-control "Public"
# Use mod_expires to set the expires header to some
# date in the distant future
    ExpiresActive on
    ExpiresDefault "access plus 364 days"
  </Location>
</IfModule>

Copy WEBHOST3_ORACLE_HOME/Apache/Apache/conf/mod_osso.conf to WEBHOST4_ORACLE_HOME/Apache/Apache/conf/, changing the ORACLE_HOME value in Alias /uixi/ "ORACLE_HOME/uix/cabo/" to specify WEBHHOST4_ORACLE_HOME.
Configure the Oracle HTTP Server with the Load Balancing Router by adding the following to WEBHOST3_ORACLE_HOME/Apache/Apache/conf/httpd.conf:
1. Add the LoadModule certheaders_module directive for the appropriate platform.
2. UNIX Apache 1.3:
```
LoadModule certheaders_module libexec/mod_certheaders.so
```
  UNIX Apache 2.0; use this directive if you plan to use Apache 2.0 on UNIX:
```
LoadModule certheaders_module modules/mod_certheaders.so
```
  Windows:
```
LoadModule certheaders_module modules/ApacheModuleCertHeaders.dll
```
3. Add the following lines to create a NameVirtualHost directive and a VirtualHost container for sso.mycompany.com and port 443.
  
  Apache 1.3:
```
NameVirtualHost *:7777
<VirtualHost *:7777>
  ServerName sso.mycompany.com
  Port 443
  ServerAdmin you@your.address 
  RewriteEngine On 
  RewriteOptions inherit
  SimulateHttps On
</VirtualHost> 
```
  Apache 2.0:
```
NameVirtualHost *:7777
<VirtualHost *:7777>
  ServerName sso.mycompany.com:443
  ServerAdmin you@your.address 
  RewriteEngine On 
  RewriteOptions inherit
  SimulateHttps On
</VirtualHost> 
```
  Notes:
  The LoadModule directives (in particular, the LoadModule rewrite_module directive) must appear in the httpd.conf file at a location preceding the VirtualHost directives. The server must load all modules before it can execute the directives in the VirtualHost container.
  It is a good idea to create the VirtualHost directives at the end of the httpd.conf file.
Copy WEBHOST3_ORACLE_HOME/Apache/Apache/conf/httpd.conf to WEBHOST4_ORACLE_HOME/Apache/Apache/conf/.
Restart the Oracle HTTP Server.

5.5 Testing the Identity Management Tier Components

After both Identity Management configurations are complete, test the configurations as follows:

Stop all components on IDMHOST1, using this command:

ORACLE_HOME/opmn/bin/opmnctl stopall
Ensure that all components on IDMHOST2 are running, using this command:

ORACLE_HOME/opmn/bin/opmnctl status
Access the following URLs from two browsers:

https://sso.mycompany.com/pls/orasso

https://sso.mycompany.com/oiddas
Start all components from IDMHOST1, using this command:

ORACLE_HOME/opmn/bin/opmnctl startall
Stop all components on IDMHOST2, using this command:

ORACLE_HOME/opmn/bin/opmnctl stopall
Ensure that the login session is still valid for the orasso and oiddas logins.

5.6 Configuring Session State Replication for the OC4J_SECURITY Instance

Access the Application Server Control Console at:

http://mycompany.com:8888/em

A login dialog opens.
Provide the user name and password that was set during installation and click Login.

The Farm page appears.
Select the application server instance.

A login dialog opens.
Provide the user name and password that was set during installation and click OK.
Select the OC4J_SECURITY OC4J instance.

The OC4J_SECURITY page appears.
Click Administration.
Click Replication Properties.
Check the Replicate session state box and enter values for Multicast Host and Multicast Port.
Click Apply.
Restart the OC4J_SECURITY instance.

5.7 Disabling the Oracle HTTP Server on the Identity Management Tier

Follow these instructions on IDMHOST1 and IDMHOST2 to disable the Oracle HTTP Server on the Identity Management tier.

Edit the ORACLE_HOME/opmn/bin/opmn.xml file to change the Oracle HTTP Server status to disabled, as shown in bold.

<ias-component id="HTTP_Server" status="disabled" >     <process-type id="HTTP_Server" module-id="OHS">         <module-data>...</ias-component>

Issue this command in ORACLE_HOME/opmn/bin:

opmnctl stopall
Issue this command in ORACLE_HOME/opmn/bin:

opmnctl startall