16.5 Postinstallation Configuration

This section describes some postinstallation steps. These steps are optional and the user may be required to perform these steps depending on the choices that the user has made in Section 16.2.2, "Setup Process". This section includes the following topics:

• Generating the Access Client File

• Enabling SSO by Registering mod_osso as a Partner Application

• Installing and Configuring Webgate with OAM

16.5.1 Generating the Access Client File

The access client file must be generated for the authentication servers. The procedure for generating the access client file are different depending on whether you are using OracleAS Single Sign-On 10g or Oracle Access Manager 11g.

Generating the osso.conf file for the OracleAS Single Sign-On Server 10g

Perform the following steps to generate the osso.conf file for the OSSO Server:

1. Run the ssoreg.sh script located at ORACLE_HOME/sso/bin on the authentication server.

   ORACLE_HOME/sso/bin/ssoreg.sh
   -oracle_home_path <ORACLE_HOME>
   -site_name www.example.com
   -config_mod_osso TRUE
   -mod_osso_url http://www.oidtierexample.com:7777
   -config_file osso.conf
   -remote_midtier
   

   Note:

   On Windows, run the ssoreg.bat file.

2. Copy the generated osso.conf file to ORACLE_INSTANCE/config/OHS/<OHS_INSTANCE>. For more information, see Oracle Application Server Single Sign-On Administrator's Guide.

3. Restart OHS for the changes to take effect.

Generating the osso.conf file for the Oracle Access Manager

Perform the following steps to generate the osso.conf file for the OAM Server using the OAM console:

1. Log in to the OAM console.

2. Navigate to the System Configuration tab. Select Agents and navigate to the OSSO Agents node. Click Create.

3. Provide all the details such as the Base URL. Ensure that the Auto Create Policies check box is checked.

4. Click Apply.

   The osso.conf file is generated for the OAM server. The location of the file is mentioned in the OAM console.

5. Copy the generated osso.conf file to ORACLE_INSTANCE/config/OHS/<OHS_INSTANCE>.

6. Restart OHS for the changes to take effect.

   For more information about generating the osso.conf file using the OAM console, see Registering and Managing OSSO Agents Using the Administration Console in Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager.

16.5.2 Enabling SSO by Registering mod_osso as a Partner Application

You must perform this task if you have chosen to install and configure Reports in non-SSO mode and want to enable SSO later. To be able to enable SSO later, you must register mod_osso as a partner application in OHS with authentication server. To achieve this, perform the following steps:

1. Follow the steps to generate and copy the osso.conf file as described in Section 16.5.1, "Generating the Access Client File".

2. Create a mod_osso.conf file in the ORACLE_INSTANCE/config/OHS/<OHS_INSTANCE>/moduleconf directory. The file looks similar to the following example:

   LoadModule osso_module ${ORACLE_HOME}/ohs/modules/mod_osso.so
   <IfModule mod_osso.c>
   OssoIpCheck off
   OssoSecureCookies off
   OssoIdleTimeout off
   OssoConfigFile osso.conf
   # 
   # Insert Protected Resources: (see Notes below for 
   # how to protect resources) 
   # 
   #______- 
   # 
   # Notes 
   # 
   #______- 
   # 
   # 1. Here's what you need to add to protect a resource, 
   #    e.g. <ApacheServerRoot>/htdocs/private: 
   # 
   <Location /reports/rwservlet>
   require valid-user 
   AuthType Osso 
   </Location> 
    
   </IfModule>  # # If you would like to have short hostnames redirected to # fully qualified hostnames to allow clients that need # authentication via mod_osso to be able to enter short # hostnames into their browsers uncomment out the following # lines # #PerlModule Apache::ShortHostnameRedirect #PerlHeaderParserHandler Apache::ShortHostnameRedirect
   

3. Restart the Oracle WebLogic Managed Server (WLS_REPORTS) and the front-end OHS for the changes to take effect.

16.5.3 Installing and Configuring Webgate with OAM

For webgate to work with Oracle Access Manager 11g, you must install and configure webgate manually. For information about installing and configuring webgate as the access client, see Installing and Configuring Oracle HTTP Server 11g Webgate for OAM in Oracle Fusion Middleware Installation Guide for Oracle Identity Managment.

Postinstallation, you must register webgate with OAM 11g so that webgate can directly communicate with Oracle Access Manager 11g services. Registration with OAM can be done by creating OAM 11g agent by using either RREG tool or through OAM console.

For information about registering webgate as an agent by using either OAM console or RREG tool, see Register the New Webgate Agent in Oracle Fusion Middleware Installation Guide for Oracle Identity Managment.

Note:

You can register mod_osso as an access client with OAM server, and can later change to webgate access client. To do this, copy the osso.conf file and the mod_osso.conf file to the backup folder located at ORACLE_INSTANCE/config/OHS/ohs1.