6 Securing a Deployment

This chapter describes how to use Oracle Application Server Single Sign-On to secure an Oracle Identity Manager deployment.

This chapter discusses the following topics:

• Securing the Administrative and User Console

• Securing Oracle Identity Manager While Leaving the Self-Registration and Forgot Password Pages Unprotected

See Also:

Oracle Application Server Single Sign-On Administrator's Guide for information about how to protect URLs

Securing the Administrative and User Console

To secure the Administrative and User Console, use Oracle Application Server Single Sign-On to protect the following URLs:

http://hostname:port/xlWebApp
http://hostname:port/Nexaweb

Securing Oracle Identity Manager While Leaving the Self-Registration and Forgot Password Pages Unprotected

To secure Oracle Identity Manager while leaving the Self Registration and Forgot Password pages unprotected, use Oracle Application Server Single Sign-On to protect the following URL:

http://hostname:port/xlWebApp/Logon.do

After using Oracle Application Server Single Sign-On to protect the Self Registration and Forgot Password pages, you can use the following URLs to directly access the pages:

http://hostname:port/xlWebApp/selfRegister.do?method=New%20Registration
http://hostname:port/xlWebApp/forgetPassword.do?method=displayVerifyUserId