1. Installation Guide
  2. Installing and Configuring SSO Authentication Integration

4 Installing and Configuring SSO Authentication Integration

This chapter describes the procedure for installing and configuring the Oracle HTTP server. This is an optional part of the RUEI installation process, and is only required if you intend to use the Oracle Single Sign-On (SSO) service to authenticate RUEI users. The Oracle SSO service must be fully installed and configured before it can be used for RUEI user authentication.

The procedure to configure the Reporter system for Oracle SSO user authentication is described in the Oracle Real User Experience Insight User's Guide. RUEI must be fully installed before it can be configured for Oracle SSO user authentication.

Note:

From RUEI 13.2.3.1.0 and above, Oracle HTTP Server version 11.1.1.9.0 or above is required.

Turning off the Default Web Server

The Oracle SSO server uses its own web server in order to prevent conflicts with the currently installed web server. Therefore, the currently installed web server needs to be turned off by running the following commands:

/sbin/service httpd stop
/sbin/chkconfig --del httpd

Note:

It is recommended that you do not un-install the default Linux Apache web server because this would also un-install the PHP module.

Reporter System Without Local Database

The procedure described in this section should only be followed if you are installing and configuring the oracle HTTP server for a Reporter that does not have a local database. Otherwise, the procedure described in Reporter System With Local Database should be followed.

Creating the Oracle User

This section is only relevant for RUEI installations configured to use a remote database. In this case, the oracle user does not yet exist, and so must be created by running the following commands: 

/usr/sbin/groupadd oinstall oinstall
/usr/sbin/useradd -g oinstall oracle

Setting up the Oracle HTTP Server Environment

This section is only relevant for RUEI installations configured to a remote database. In this case, the following lines need to be added to the /etc/security/limits. conf file: 

oracle soft nofile 16384
oracle hard nofile 65536

Creating the Installation Directory

Run the following commands to create the Oracle HTTP server installation directory:

mkdir -p /u01/app/oracle
chown -R oracle:oinstall /u01/app/oracle

Reporter System With Local Database

The procedure described in this section should only be followed if you are installing and configuring the oracle HTTP server for a Reporter that is configured with a local database. Otherwise, the procedure described in Reporter System Without Local Database should be followed.

Increase the number of open files limit. Edit the following line in the /etc/security/limits.conf file: 

oracle soft nofile 16384

Installing Oracle HTTP Server

To install the Oracle HTTP Server, do the following:

  1. Log in to the Reporter server as the oracle user, and unzip the Oracle HTTP server zip file. Ensure that your X Window environment is properly set up. In addition, when logging on remotely with SSH, ensure X forwarding is enabled. The installation of Oracle HTTP server needs to be performed as the oracle user (only certain parts of this chapter require root privileges). Run the following commands: 

    unzip ofm_webtier_linux_11.1.1.9.0_64_disk1_1of1.zip
cd webtier/Disk1
export ORACLE_BASE=/u01/app/oracle
./runInstaller

  2. As the installation script runs, you should accept all default values, except for step 5. Here, you must uncheck the two check boxes Oracle Web Cache and Associate selected components with weblogic domain shown in Figure 4-1.

    Figure 4-1 Configure Components Dialog


    Description of Figure 4-1 follows
    Description of "Figure 4-1 Configure Components Dialog"

  3. After exiting the installation script, set the following environment variables:

    export ORACLE_HOME=$ORACLE_BASE/middleware/oracle_WT1
export ORACLE_INSTANCE=$ORACLE_HOME/instances/instance1

  4. Stop the Oracle HTTP server and Oracle Process Manager Notification (OPMN) running the following command:

    $ORACLE_INSTANCE/bin/opmnctl stopall

  5. Edit the $ORACLE_INSTANCE/config/OPMN/opmn/opmn.xml file to use the httpd.prefork in order so that the PHP module can be loaded. Ensure that the following variables are set in the /etc/ruei.conf configuration file: 

    <environment>
      <variable id="TEMP" value="/tmp"/>
      <variable id="TMP" value="/tmp"/>
      <variable id="OHSMPM" value="prefork"/>
</environment>

    Where, timezone is the value of time zone you set in the /etc/ruei.conf file.

  6. Log in as the root user, and change the permissions for the .apachectl file so that the Oracle HTTP server can run as the Apache user. Run the following commands: 

    chown root $ORACLE_HOME/ohs/bin/.apachectl
chmod 6750 $ORACLE_HOME/ohs/bin/.apachectl

  7. Add apache to the oinstall group running the following command: 

    usermod -aG oinstall apache

  8. Log in as the oracle user and edit the $ORACLE_INSTANCE/config/OHS/ohs1/httpd.conf file for the Oracle HTTP server to run as the Apache user. Edit the following lines: 

    User apache
Group apache

  9. Create the $ORACLE_INSTANCE/config/OHS/ohs1/moduleconf/php5.conf file, and edit it to contain the following: 

    LoadModule php5_module "/usr/lib64/httpd/modules/libphp5.so"
AddHandler php5-script php
AddType    text/html   php

  10. Copy the /etc/httpd/conf.d/uxinsight.conf file, and make it available to the Oracle HTTP server running the following command: 

    cp /etc/httpd/conf.d/uxinsight.conf $ORACLE_INSTANCE/config/OHS/ohs1/moduleconf

  11. Start Oracle Process Manager Notification (OPMN) and the Oracle HTTP server running the following command: 

    $ORACLE_INSTANCE/bin/opmnctl startall

  12. Stop the HTTP server running the following command:

    $ORACLE_INSTANCE/bin/opmnctl stopproc ias-component=ohs1

  13. In order to have RUEI running on the default HTTPS port, edit the $ORACLE_INSTANCE/config/OHS/ohs1/ssl.conf file, and change the line with the Listen directive to the following: 

    Listen 443

    In addition, edit the VirtualHost definition as follows: 

    <VirtualHost *:443>

  14. Comment out the LoadModule settings in the config/OHS/ohs1/moduleconf/plsql.conf and config/OHS/ohs1/mod_wl_ohs.conf files.

  15. Create the $ORACLE_INSTANCE/config/OHS/ohs1/moduleconf/mod_osso.conf file: 

    LoadModule osso_module "${ORACLE_HOME}/ohs/modules/mod_osso.so"

<IfModule osso_module>
   OssoConfigFile /u01/app/oracle/product/11.1.1/as_1/instances/instance1/config/OHS/ohs1/osso.conf
   OssoIpCheck off
   OssoIdleTimeout off
</IfModule>

  16. Copy the osso.conf file that you received after registering RUEI with the Oracle SSO server to the $ORACLE_INSTANCE/config/OHS/ohs1 directory. This is described in Registering RUEI with the Oracle SSO Server.

  17. Start the Oracle HTTP server running the following command:

    $ORACLE_INSTANCE/bin/opmnctl startproc ias-component=ohs1

Registering RUEI with the Oracle SSO Server

In order to create the required osso.conf file, you need to register RUEI with the Oracle SSO server. The procedure to do this differs depending on whether you are using Oracle SSO version 10.1.4 or 11.1.

Registering with Oracle SSO Version 10.1.4

Use the 10.1.4 Oracle Identity Manager registration tool ssoreg.sh to update the registration record in the osso.conf file. Do the following:

  1. Go to the Oracle Identity Manager directory:

    ORACLE_HOME/sso/bin/ssoreg

  2. Run the ssoreg.sh tool with the following parameters and values: 

    ./ssoreg.sh -site_name hostname:4443 \
-config_mod_osso TRUE \
-mod_osso_url hostname:4443 \
-config_file location

    Where,

    • hosthame specifies the full URL of the RUEI Reporter system (for example, https://ruei.us.myshop.com).

    • location specifies the location to which the osso.conf file will be written (for example, tmp/osso.conf).

  3. Copy the created osso.conf file to the $ORACLE_INSTANCE/config/OHS/ohs1 directory on the RUEI Reporter system.

For more information, see http://docs.oracle.com/cd/E14571_01/core.1111/e10043/osso.htm#autoId89.

Registering with Oracle SSO Version 11.1

To register RUEI as a partner application within Oracle SSO version 11.1, do the following:

  1. On Oracle Access Manager console, click the Policy Configuration tab. The screen shown in Figure 4-2 appears.

    Figure 4-2 OAM Policy Configuration Screen.


    Description of Figure 4-2 follows
    Description of "Figure 4-2 OAM Policy Configuration Screen."

  2. Click the New OSSO Agent item. The screen shown in Figure 4-3 appears.

    Figure 4-3 Create OSSO Agent Screen


    Description of Figure 4-3 follows
    Description of "Figure 4-3 Create OSSO Agent Screen"

  3. Enter the required parameters and click Apply. The screen shown in Figure 4-4 appears.

    Figure 4-4 OSSO Agent Creation Confirmation.


    Description of Figure 4-4 follows
    Description of "Figure 4-4 OSSO Agent Creation Confirmation."

  4. Copy the osso.conf file from the indicated location to the $ORACLE_INSTANCE/config/OHS/ohs1 directory on the RUEI Reporter system.

Verifying the Oracle HTTP Server Configuration

You can test the Oracle HTTP server for integration with RUEI by directing your browser to https://Reporter/ruei. When you select System, then User management, the Configure SSO connection option should be enabled.

For information about enabling Oracle SSO user authentication within RUEI, see the Oracle Real User Experience Insight User's Guide.