29.4 Performing Remote Registration for OSSO Agents

Here is a brief review of remote registration using the Oracle-provided tool (oamreg) with OSSO Agents.

• About Request Templates for OSSO Remote Registration

• Performing In-Band Remote Registration of OSSO Agents

• Performing Out-of-Band Remote Registration for OSSO Agents

29.4.1 About Request Templates for OSSO Remote Registration

This topic provides the OSSO Registration Request for use with the remote registration tool oamreg.sh (Linux) or oamreg.bat (Windows).

The information highlighted in bold must be modified for a mod_osso agent. However, all other fields can use the default values.

Both inband and outofband remote registration modes require a request file with the input argument, as listed in Table 29-6.

Table 29-6 OpenSSO Request Files for Remote Registration

Templates for . . .	Description
Register OSSO Agents (mod_osso)	$OAM_REG_HOME/input/OSSORequest.xml
Other Templates
Update Agent:	$OAM_REG_HOME/input/OSSOUpdateAgentRequest.xml See Also: "Updating Agents Remotely"
Create Policies: Create New Host Identifiers and an Application Domain without Registering an Agent	$OAM_REG_HOME/input/CreatePolicyRequest.xml See Also: "Managing Policies and Application Domains Remotely"
Update Policies: Existing Host Identifiers and Application Domain (not associated with an Agent Registration)	$OAM_REG_HOME/input/UpdatePolicyRequest.xml See Also: "Managing Policies and Application Domains Remotely"

Table 29-7 describes elements in the OSSO request file: OSSORequest.xml.

Table 29-7 OSSO-Specific Elements in a Remote Registration Request

Elements	Description	Example
<serverAddress> <agentName> <hostIdentifier> <agentBaseUrl> <autoCreatePolicy> <applicationDomain> <virtualhost>	Elements common to all remote registration request templates.	See Table 15-8
<ssoServerVersion>	SSO Token version values: v3.0: Most secure token using AES encryption standard for encrypting tokens exchanged between OAM Server and mod_osso. This is the default value. This was supported by OSSO 10.1.4.3 patch set. v1.4: This is supported by OSSO 10g prior to OSSO 10.1.4.3 patch set. Uses DES encryption standard. v1.2: This used to be version of tokens exchanged between OSSO partners prior to OSSO 10.1.4.0.1. Uses DES.	<ssoServerVersion> >...</ssoServerVersion> >
<OracleHomePath>	The absolute file system directory path to the mod_osso agent.	<oracleHomePath> $ORACLE_HOME </oracleHomePath>
<updateMode>	Default: None specified	<updateMode></updateMode>
<adminInfo>	Optional. Administrator details for this mod_osso instance. For example, Application Administrator. Default: None specified	<adminInfo></adminInfo>
<adminId>	Optional. Administrator log in ID for this mod_osso instance. For example, SiteAdmin. Default: None specified	<adminId></adminId>
<logoutUrl>	Include the Logout URLs for consumption during remote registration. Default: None specified	<logoutUrl>logout1.html</logoutUrl>
<failureUrl>	Include the Failure URLs for consumption during remote registration. Default: None specified	<failureUrl>failure1.html</failureUrl>

Remote OSSO Agent registration automatically:

• Creates the agent page for the Oracle Access Management Console

• Creates an Application Domain and basic policies to protect applications

• Updates the OSSO configuration file on the client to be consumed by the agent at run time

29.4.2 Performing In-Band Remote Registration of OSSO Agents

Here is a brief summary of tasks required to perform in-band remote registration for your OSSO agent.

Full details are provided in Registering and Managing OAM 11g Agents.

You must have familiarized yourself with OAM Remote Registration before you proceed.

To perform in-band remote registration of OSSO Agents:

1. Acquire the registration tool and set environment variables.

   See "Acquiring and Setting Up the Remote Registration Tool".

   $ORACLE_HOME/oam/server/rreg/client/RREG.tar.gz 
   

2. Create your input file with unique values for the agent and Application Domain.

   See "Creating Your Remote Registration Request".

   • From: OSSORequest.xml
   • To: myossoagent_request.xml
3. Run the registration tool to configure the Agent, create a default Application Domain for the resources, and copy the updated agent configuration file as described in "Performing In-Band Remote Registration".

   From AdminServer (Console) host:

   $DOMAIN_HOME/output/$Agent_Name/osso.conf

   To: mod_osso directory path on the Agent host: $OHS_dir/osso.conf. For example:

   • $WebTier_MW_HOME/Oracle_WT1/instances1/config/OHS/ohs1/config/ osso.conf
4. Validate the configuration as described in "Validating Remote Registration and Resource Protection".
5. Perform access checks to validate that the configuration is working.

   See "Verifying Authentication and Access After Remote Registration".

29.4.3 Performing Out-of-Band Remote Registration for OSSO Agents

The term out-of-band registration refers to manual registration that involves coordination and actions by both the in-band Administrator and the out-of-band Administrator.

In outofband mode, the in-band Administrator uses the starting request file submitted by the out-of-band Administrator, and returns a generated response file to the out-of-band Administrator for additional processing. The out-of-band Administrator runs the remote registration tool with the response file as input to update the agent configuration file.

This is a brief summary of tasks required to perform out-of-band remote registration for your OSSO agent. Full details are provided in other topics.

You must have familiarized yourself with the "OAM Remote Registration" before you can proceed.

To perform an out-of-band remote registration for out-of-network OSSO Agents:

1. Out-of-band Administrator: Creates a starting request input file containing specific application and agent details and submits it to the in-band Administrator.

   • Acquire the registration tool and set environment variables.

     See "Acquiring and Setting Up the Remote Registration Tool".

     $ORACLE_HOME/oam/server/rreg/client/RREG.tar.gz 
     

   • Copy and edit a template to input unique values for the agent and Application Domain as described in "Creating Your Remote Registration Request".

     $OAM_REG_HOME/input/OSSORequest.xml
     

   • Submit the starting request input file to the in-band Administrator using a method you choose (email or file transfer).

2. In-band Administrator:

   • Acquire the registration tool and set environment variables.

     See "Acquiring and Setting Up the Remote Registration Tool".

     $ORACLE_HOME/oam/server/rreg/client/RREG.tar.gz 
     

   • Use the out-of-band starting request with the registration tool to register the agent and create the response and native agent configuration files to return to the out-of-band Administrator.

     See "Performing Out-of-Band Remote Registration":

     • osso_Response.xml is generated for the out of band Administrator to use in Step 3.

     • osso.conf is modified for the out-of-band Administrator to bootstrap the OSSO module.

3. Out-of-band Administrator: Use the registration tool with the response file and copy artifacts to the appropriate file system directory.

   • osso_Response.xml.

   • osso.conf

4. In-band Administrator: Validates the configuration as described in "Validating Remote Registration and Resource Protection".
5. Out-of-band Administrator: Performs several access checks to validate that the configuration is working.

   See "Verifying Authentication and Access After Remote Registration".