Go to main content
1/15
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Before You Install
Oracle Enterprise Single Sign-On Suite
1.1
Overview of the Oracle Enterprise Single Sign-On Suite Installation Process
1.2
Required Supporting Software
1.3
Contents of the Oracle Enterprise Single Sign-On Suite Master Archive
1.4
Contents of the Logon Manager Folder
1.4.1
Contents of the Password Reset Folder
1.4.2
Contents of the Provisioning Gateway Folder
1.4.3
Contents of the Universal Authentication Manager Folder
1.4.4
Contents of the Anywhere Folder
1.4.5
Contents of the Reporting Folder
2
Installing the Oracle Enterprise Single Sign-On Administrative Console
2.1
Installing the Console
3
Installing Logon Manager
3.1
Prerequisites for Installing Logon Manager
3.1.1
Prerequisites for Installing Logon Manager
3.1.2
Prerequisites for Unattended ("Silent") Installations
3.2
Upgrading an Existing Logon Manager Installation
3.3
Installing the Logon Manager Client-Side Software
3.4
MSI Package Components
3.5
Completing the Installation of Logon Manager
3.5.1
Completing the Installation of the Mozilla Firefox Support Component
4
Installing Password Reset
4.1
Prerequisites for Installing Password Reset
4.1.1
Prerequisites for Installing the Password Reset Client
4.1.2
Prerequisites for Installing the Password Reset Server
4.1.3
Prerequisites for Unattended ("Silent") Installations
4.2
Upgrading an Existing Password Reset Installation
4.3
Configuring IIS for Password Reset on Windows Server 2008/2008 R2
4.4
Configuring IIS for Password Reset on Windows Server 2012
4.5
Installing the Password Reset Server Component
4.6
Completing the Installation of the Password Reset Server-Side Component
4.6.1
Configuring the Password Reset Authentication and Password Reset Services
4.6.1.1
Creating the Required Service Accounts
4.6.1.2
Assigning the Required Service Account to the Password Reset System Service
4.6.1.3
Adding SSPRWEB Account Credentials to the Password Reset Server Configuration
4.6.1.4
Configuring Access for the Password Reset Web Service's IIS Web Site Contents
4.6.1.5
Configuring the Password Reset Web Service's Access to the Password Reset Registry Settings
4.6.2
Configuring Password Reset Server to Store Data in Active Directory
4.6.3
Limiting the Inherited Permissions for the SSPRRESET Account to the Required Minimum
4.6.3.1
Planning Your Privilege Hierarchy
4.6.3.2
Delegating Control at the OU Level
4.6.4
Configuring the Password Reset Web Service's IIS Site as a Trusted Site in Active Directory
4.6.5
Restricting Access to the Password Reset Web Console
4.6.6
Configuring Password Reset for SSL Connectivity
4.6.6.1
Installing the X.509 Certificate in Microsoft IIS
4.6.6.2
Modifying the Password Reset Server Configuration Files
4.6.6.3
Granting Password Reset Server Access to the WebServices Directory
4.6.6.4
Restricting Password Reset Connectivity to SSL Only
4.6.6.5
Testing the New Connectivity Configuration
4.7
Installing Password Reset Client-Side Software
4.8
Installing Password Reset Language Packs
4.8.1
Reverting to the Original Language Pack After Installing Another
4.8.2
Installing Language Packs at the Command Line
4.8.2.1
ADDLOCAL Options
4.8.3
Installing the Password Reset Client-Side Software from the Command Line
4.8.4
Installing Password Reset without Logon Manager
4.8.5
Completing the Installation of the Password Reset Client
4.8.5.1
Enabling the Password Reset Quiz on Windows Server 2008/2012
4.8.5.2
(Optional) Running the Reset Client Under a Specified User Account
4.8.5.3
Disabling the "Redirection" Popup
4.8.5.4
Specifying a Custom Window Title
4.8.5.5
Using Password Reset Client With a Custom Reset Web Application
5
Installing Provisioning Gateway
5.1
Prerequisites for Installing Provisioning Gateway
5.1.1
Prerequisites for Unattended ("Silent") Installations
5.2
Configuring IIS for Provisioning Gateway on Windows Server 2008/2008 R2
5.3
Configuring IIS for Provisioning Gateway on Windows Server 2012
5.4
Upgrading an Existing Provisioning Gateway Installation
5.5
Installing the Provisioning Gateway Server-Side Component
5.6
(Optional) Installing the Client-Side Provisioning Gateway Command-Line Interface (CLI)
5.7
Completing the Installation of Provisioning Gateway
5.7.1
Granting the Required Permissions to the PMSERVICE Account
5.7.2
Setting the Automatic Resynchronization Interval
5.7.3
Granting Provisioning Rights to Domain Users
5.7.4
Configuring Syslog
5.7.5
Creating or Identifying a User Account for Anonymous Logon
5.7.6
Granting the IIS Anonymous Account Access to AD LDS (ADAM)
5.7.7
Configuring Provisioning Gateway for SSL Connectivity
5.7.7.1
Installing the X.509 Certificate in Microsoft IIS
5.7.7.2
Modifying the Provisioning Gateway Server Configuration File
5.7.7.3
Restricting Provisioning Gateway Connectivity to SSL Only
5.7.7.4
Testing the New Connectivity Configuration
5.7.8
Configuring Provisioning Gateway Server for Connectivity with Oracle Privileged Account Manager
5.7.9
Configuring Oracle Internet Directory for Provisioning Gateway
6
Installing Universal Authentication Manager
6.1
Prerequisites for Installing Universal Authentication Manager
6.1.1
Prepare the Universal Authentication Manager Repository
6.1.2
Prerequisites for Universal Authentication Manager Logon Methods
6.1.2.1
Prerequisites for Using Smart Cards
6.1.2.2
Prerequisites for Using Proximity Cards
6.1.2.3
Prerequisites for Using Fingerprint Readers
6.1.3
Prerequisites for Unattended ("Silent") Installations
6.2
Configuring Universal Authentication Manager for Synchronization with Microsoft Active Directory
6.2.1
Preparing the Repository when Logon Manager is Already Deployed
6.2.2
Creating a Universal Authentication Manager Service Account
6.2.3
Extending the Schema
6.2.4
Enabling Data Storage Under User Objects
6.2.5
Initializing Universal Authentication Manager Storage
6.2.6
Understanding the Universal Authentication Manager Repository Data Structures and Permissions
6.2.7
Configuring the Universal Authentication Manager Synchronizer
6.2.8
Configuring Universal Authentication Manager Synchronization for Administrative Users
6.3
Configuring Universal Authentication Manager for Synchronization with Microsoft AD LDS (ADAM)
6.3.1
Preparing the Repository when Logon Manager is Already Deployed
6.3.2
Creating the AD LDS (ADAM) Instance and Partition
6.3.3
Configuring the AD LDS (ADAM) Default Naming Context
6.3.4
Creating a Universal Authentication Manager Service Account
6.3.5
Extending the Schema
6.3.6
Creating the People Container
6.3.7
Initializing Universal Authentication Manager Storage
6.3.8
Understanding the Universal Authentication Manager Repository Data Structures and Permissions
6.3.9
Configuring the Universal Authentication Manager Synchronizer
6.4
Upgrading an Existing Universal Authentication Manager Installation
6.4.1
Migrating from Logon Manager with Strong Authenticators to Universal Authentication Manager
6.5
Installing the Universal Authentication Manager Client-Side Software
6.6
Performing an Unattended (Silent) Installation
6.6.1
Command Line Syntax
6.6.2
Custom Universal Authentication Manager Installer Properties
6.6.3
Examples
6.7
Completing the Installation of Universal Authentication Manager
6.7.1
Configuring the Universal Authentication Manager Service Account
6.7.1.1
Step 1: Grant the Service Account Local Administrator Privileges
6.7.1.2
Step 2: Configure the Service
6.7.1.3
Step 3: Restart the Service
6.7.1.4
Reverting Your Changes After Uninstalling Universal Authentication Manager
6.7.2
First-Time Logon for Enterprise Mode Users
7
Installing Anywhere
7.1
Prerequisites for Installing Anywhere
7.1.1
Prerequisites for Installing the Anywhere Console
7.2
Prerequisites for Unattended ("Silent") Installations
7.3
Installing the Anywhere Console
8
Troubleshooting Oracle Enterprise Single Sign-On Suite Installations
8.1
Windows Installer Error 1720
8.2
Troubleshooting Provisioning Gateway Installations
8.2.1
Provisioning Gateway Does Not Support File Synchronization
8.2.2
Multiple Locators Require an Entlist at Each Locator Site
8.2.3
Using Active Directory or AD LDS (ADAM) and IIS Web Services on Different Servers
8.2.4
Internet Security Settings (Windows Domain and Citrix MetaFrame® Users)
8.2.5
Deploying Provisioning Gateway With Multiple Oracle Internet Directory (OID) Servers
8.3
Troubleshooting Password Reset Installations
8.3.1
Server Error in "/vGOSelfServiceReset/ManagementClient" Application
8.3.2
Group Security Policy: Password History Setting Should Be Increased
9
Uninstalling Oracle Enterprise Single Sign-On Suite Components
10
Appendix A: Deploying Oracle Enterprise Single Sign-On Suite Products for Offline Use via Anywhere
11
Appendix B: Packaging Oracle Enterprise Single Sign-On Suite for Mass Deployment
11.1
Overview of the Packaging Process
11.2
Creating a Customized Agent Installation Package
11.3
Testing the Customized Package in a Pilot Deployment
12
Appendix C: Oracle Enterprise Single Sign-On Suite Configuration Reference
12.1
Additional Password Reset Configuration Procedures
12.1.1
Modifying the DCOM Permissions of the Password Reset Reporting Service
12.1.2
Installing and Configuring an AD LDS (ADAM) Instance for Password Reset
Scripting on this page enhances content navigation, but does not change the content in any way.