26 Configuring Oracle Application Server Single Sign-On with Oracle Beehive

This chapter describes how to register Oracle Beehive as a partner application with Oracle Application Server Single Sign-On (OSSO), which means that you may delegate the authentication function to the single sign-on server. For more information, refer to Chapter 4, "Configuring and Administering Partner Applications" in Oracle Application Server Single Sign-On Administrator's Guide.

Note:

If you configured OSSO with HTTP, then disable SSL by running the following commands:

beectl list_components --type HttpServerCluster
beectl modify_property
  --component <identifier returned from the previous command>
  --name HttpServerSslEnabled --value false
beectl modify_property
  --component _VIRTUAL_SERVER
  --name  HttpSslEnabled
  --value false
beectl activate_configuration
beectl modify_local_configuration_files

For more information about disabling SSL, refer to steps 2 and 3 in "Installing Non-SSL Oracle Beehive Site" in "Configuring SSL".

OSSO requires Oracle Internet Directory. Consequently, integrate Oracle Internet Directory with Oracle Beehive as described in "Integrating an External User Directory with Oracle Beehive" in Oracle Beehive Integration Guide.

In the _AuthenticationService component, set the property SsoType to osso, then activate the configuration:

beectl modify_property
  --component _AuthenticationService
  -–name SsoType
  --value osso

beectl activate_configuration

Set the environment ORACLE_HOME to the full path of the directory of the Oracle product that comes with OSSO.
Run the OSSO registration tool, <OSSO home>\sso\bin\ssoreg.bat to register Oracle Beehive with the OSSO server:
```
ssoreg.bat
  -oracle_home_path C:\oracle\appserver
  -site_name example.com>
  -config_mod_osso TRUE
  -mod_osso_url http://example.com:7777
  -remote_midtier
  -config_file
    C:\oracle\appserver\Apache\Apache\conf\osso\osso.example.conf
```
- oracle_home_path: Specify the installation directory of the Oracle product that comes with OSSO (in this example, OSSO is installed in C:\oracle\appserver\sso.
- site_name: Specify the host name (including domain) of your Oracle Beehive instance.
- config_mod_osso: Specify TRUE so that a configuration file is generated.
- mod_osso_url: Specify the effective URL of your Oracle Beehive instance. Use the following format:
```
http[s]://<Oracle Beehive HTTP host>.<domain>:<port>
```
  For example:
```
https://application.mydomain.com:4443
```
  Omit the port number if the HTTP server is listening on the default HTTP port of 80 or the default HTTPS port of 4443. To determine the HTTP or HTTPS listening port, run the beectl list_ports command.
- remote_midtier: You must specify this option because Oracle Beehive is installed in a different home than OSSO.
- config_file: The specified configuration file will be created.
Copy the configuration file you created in the previous step (osso.example.com) to <Oracle Beehive home>\Apache\Apache\conf\osso. Rename the file to osso.conf.

In the _AuthenticationService component, set the property OssoConfigFile to <Oracle Beehive home>\Apache\Apache\conf\osso\osso.conf, activate the configuration, then commit changes:

beectl modify_property
  --component _AuthenticationService
  -–name OssoConfigFile
  --value <Oracle Beehive home>\Apache\Apache\conf\osso\osso.conf

beectl activate_configuration
beectl modify_local_configuration_files

Restart the HTTP server:

beectl list_components --type HttpServer

-----------------+-------------------------------------------------------------
Component type   | Component identifier                
-----------------+-------------------------------------------------------------
HttpServer       | ohs_site1.example.com
-----------------+-------------------------------------------------------------
beectl restart --component ohs_site1.example.com