6 Oracle Application Server Single Sign-On

This chapter provides information about known issues and workarounds for Oracle Application Server Single Sign-On (OracleAS Single Sign-On). The following topics are included:

• Section 6.1, "Installation and Upgrade Issues"

• Section 6.2, "General Issues"

6.1 Installation and Upgrade Issues

This section describes the following issues and workarounds related to installation and upgrade:

• Section 6.1.1, "Directory Considerations During Installation"

• Section 6.1.2, "Directory Considerations After Installation"

• Section 6.1.3, "Identity Management Grid Control Considerations During Uninstallation"

6.1.1 Directory Considerations During Installation

You must perform the following steps when installing Oracle Application Server 10.1.4.0.1 Identity Management infrastructure components in an environment that uses an Identity Management High Availability (IMHA) Oracle Internet Directory LDAP cluster with a load balancing router. Failure to perform these steps can cause issues during installation.

This should also be the case for all Identity Management mid-tier installations in a distributed configuration.

To install when using an IMHA Oracle Internet Directory LDAP cluster with a load balancer or virtual server:

1. Prior to starting the installation, ensure that the load balancing router or Oracle Internet Directory virtual server sends all traffic to just one active Oracle Internet Directory instance for the duration of the installation process.

   For example, you can configure for affinity (IP-based) routing to ensure that traffic from one IP address is always routed to the same destination.

2. After installation is complete, you can reconfigure your load balancer to use any routing algorithm that you want.

6.1.2 Directory Considerations After Installation

After you install and configure an OracleAS Cluster (Identity Management) environment, Application Server Control incorrectly indicates that some of the Identity Management components are down and not available. To remedy this problem, stop and then start the Application Server Control.

See Also: "Starting and Stopping the Application Server Control" in the Oracle Application Server Administrator's Guide

6.1.3 Identity Management Grid Control Considerations During Uninstallation

After uninstalling the Identity Management Grid Control plug-in for Oracle Management Service (Management Service), you must create a new configuration file in the Management Service Oracle home directory. Failure to create this file can cause problems after uninstalling the plug-in. The file enables Oracle Enterprise Manager 10g Grid Control (Grid Control) to find the configuration class for specific single sign-on monitoring pages. These pages are used for default Grid Control Management Service installations that do not have Identity Management Grid Control 10.1.4IM.

To avoid issues after uninstalling the Identity Management Grid Control Management Service plug-in:

1. Open a text editor and create a file with the following contents:

   <consoleConfig>
      <integration name="oracle_sso_server"
          class="oracle.oimcontrol.sso.em.SSOIntegration"/>
   </consoleConfig>
   
   

2. Save the file in the following location:

   $ORACLE_HOME/j2ee/OC4J_EM/applications/em/em/WEB-INF/config/sso_server_intg.xml
   
   

3. Restart the Management Service server.

6.2 General Issues

This section describes the following general issues and workarounds:

• Section 6.2.1, "A "Host Unavailable" Entry Appears on Non-English Monitoring Pages"

• Section 6.2.2, "Dynamic Global Logout Directives Must Pass the String "Oracle SSO""

6.2.1 A "Host Unavailable" Entry Appears on Non-English Monitoring Pages

This bug applies only to the monitoring pages for single sign-on in Grid Control.In browsers that are configured for non-English languages (for example, ja, zh_CN, zh_TW, ko_KR, or fr), an entry labeled "HOST Unavailable" is displayed in the general section of the Single Sign-On Service monitoring home page. This string appears in the language configured for the browser. The "HOST Unavailable" entry is a link. If you click this link, the browser displays the message, "Error finding target UNAVAILABLE from the repository. The target does not exist or you may not have the access to the target."

You can safely ignore this error and its associated link.

6.2.2 Dynamic Global Logout Directives Must Pass the String "Oracle SSO"

If you use mod_osso for dynamic directive-based global logout, you must pass the string "Oracle SSO" as the response error message. The following is an example of a properly constructed directive:

request.getSession().invalidate();
response.setHeader("Osso-Return-Url",redirectURL);
response.sendError(470, "Oracle SSO"); 
 

If any string other than "Oracle SSO" is passed as the parameter to sendError, global logout does not occur.