4 Installing and Configuring SSO Authentication Integration
The procedure to configure the Reporter system for Oracle SSO user authentication is described in the Oracle Real User Experience Insight User's Guide. RUEI must be fully installed before it can be configured for Oracle SSO user authentication.
Note:
From RUEI 13.2.3.1.0 and above, Oracle HTTP Server version 11.1.1.9.0 or above is required.
Turning off the Default Web Server
The Oracle SSO server uses its own web server in order to prevent conflicts with the currently installed web server. Therefore, the currently installed web server needs to be turned off by running the following commands:
/sbin/service httpd stop /sbin/chkconfig --del httpd
Note:
It is recommended that you do not un-install the default Linux Apache web server because this would also un-install the PHP module.
Reporter System Without Local Database
The procedure described in this section should only be followed if you are installing and configuring the oracle HTTP server for a Reporter that does not have a local database. Otherwise, the procedure described in Reporter System With Local Database should be followed.
Creating the Oracle User
This section is only relevant for RUEI installations configured to use a remote database. In this case, the oracle
user does not yet exist, and so must be created by running the following commands:
/usr/sbin/groupadd oinstall oinstall /usr/sbin/useradd -g oinstall oracle
Reporter System With Local Database
The procedure described in this section should only be followed if you are installing and configuring the oracle HTTP server for a Reporter that is configured with a local database. Otherwise, the procedure described in Reporter System Without Local Database should be followed.
Increase the number of open files limit. Edit the following line in the /etc/security/limits.conf
file:
oracle soft nofile 16384
Installing Oracle HTTP Server
To install the Oracle HTTP Server, do the following:
-
Log in to the Reporter server as the
oracle
user, and unzip the Oracle HTTP server zip file. Ensure that your X Window environment is properly set up. In addition, when logging on remotely with SSH, ensure X forwarding is enabled. The installation of Oracle HTTP server needs to be performed as theoracle
user (only certain parts of this chapter requireroot
privileges). Run the following commands:unzip ofm_webtier_linux_11.1.1.9.0_64_disk1_1of1.zip cd webtier/Disk1 export ORACLE_BASE=/u01/app/oracle ./runInstaller
-
As the installation script runs, you should accept all default values, except for step 5. Here, you must uncheck the two check boxes Oracle Web Cache and Associate selected components with weblogic domain shown in Figure 4-1.
-
After exiting the installation script, set the following environment variables:
export ORACLE_HOME=$ORACLE_BASE/middleware/oracle_WT1 export ORACLE_INSTANCE=$ORACLE_HOME/instances/instance1
-
Stop the Oracle HTTP server and Oracle Process Manager Notification (OPMN) running the following command:
$ORACLE_INSTANCE/bin/opmnctl stopall
-
Edit the
$ORACLE_INSTANCE/config/OPMN/opmn/opmn.xml
file to use thehttpd.prefork
in order so that the PHP module can be loaded. Ensure that the following variables are set in the/etc/ruei.conf
configuration file:<environment> <variable id="TEMP" value="/tmp"/> <variable id="TMP" value="/tmp"/> <variable id="OHSMPM" value="prefork"/> </environment>
Where,
timezone
is the value of time zone you set in the/etc/ruei.conf
file. -
Log in as the
root
user, and change the permissions for the .apachectl
file so that the Oracle HTTP server can run as the Apache user. Run the following commands:chown root $ORACLE_HOME/ohs/bin/.apachectl chmod 6750 $ORACLE_HOME/ohs/bin/.apachectl
-
Add
apache
to theoinstall
group running the following command:usermod -aG oinstall apache
-
Log in as the
oracle
user and edit the$ORACLE_INSTANCE/config/OHS/ohs1/httpd.conf
file for the Oracle HTTP server to run as the Apache user. Edit the following lines:User apache Group apache
-
Create the
$ORACLE_INSTANCE/config/OHS/ohs1/moduleconf/php5.conf
file, and edit it to contain the following:LoadModule php5_module "/usr/lib64/httpd/modules/libphp5.so" AddHandler php5-script php AddType text/html php
-
Copy the
/etc/httpd/conf.d/uxinsight.conf
file, and make it available to the Oracle HTTP server running the following command:cp /etc/httpd/conf.d/uxinsight.conf $ORACLE_INSTANCE/config/OHS/ohs1/moduleconf
-
Start Oracle Process Manager Notification (OPMN) and the Oracle HTTP server running the following command:
$ORACLE_INSTANCE/bin/opmnctl startall
-
Stop the HTTP server running the following command:
$ORACLE_INSTANCE/bin/opmnctl stopproc ias-component=ohs1
-
In order to have RUEI running on the default HTTPS port, edit the
$ORACLE_INSTANCE/config/OHS/ohs1/ssl.conf
file, and change the line with theListen
directive to the following:Listen 443
In addition, edit the
VirtualHost
definition as follows:<VirtualHost *:443>
-
Comment out the
LoadModule
settings in theconfig/OHS/ohs1/moduleconf/plsql.conf
andconfig/OHS/ohs1/mod_wl_ohs.conf
files. -
Create the
$ORACLE_INSTANCE/config/OHS/ohs1/moduleconf/mod_osso.conf
file:LoadModule osso_module "${ORACLE_HOME}/ohs/modules/mod_osso.so" <IfModule osso_module> OssoConfigFile /u01/app/oracle/product/11.1.1/as_1/instances/instance1/config/OHS/ohs1/osso.conf OssoIpCheck off OssoIdleTimeout off </IfModule>
-
Copy the
osso.conf
file that you received after registering RUEI with the Oracle SSO server to the$ORACLE_INSTANCE/config/OHS/ohs1
directory. This is described in Registering RUEI with the Oracle SSO Server. -
Start the Oracle HTTP server running the following command:
$ORACLE_INSTANCE/bin/opmnctl startproc ias-component=ohs1
Registering RUEI with the Oracle SSO Server
In order to create the required osso.conf
file, you need to register RUEI with the Oracle SSO server. The procedure to do this differs depending on whether you are using Oracle SSO version 10.1.4 or 11.1.
Registering with Oracle SSO Version 10.1.4
Use the 10.1.4 Oracle Identity Manager registration tool ssoreg.sh
to update the registration record in the osso.conf
file. Do the following:
-
Go to the Oracle Identity Manager directory:
ORACLE_HOME/sso/bin/ssoreg
-
Run the
ssoreg.sh
tool with the following parameters and values:./ssoreg.sh -site_name
hostname
:4443 \ -config_mod_osso TRUE \ -mod_osso_urlhostname
:4443 \ -config_filelocation
Where,
-
hosthame
specifies the full URL of the RUEI Reporter system (for example,https://ruei.us.myshop.com
). -
location
specifies the location to which theosso.conf
file will be written (for example,tmp/osso.conf
).
-
-
Copy the created
osso.conf
file to the$ORACLE_INSTANCE/config/OHS/ohs1
directory on the RUEI Reporter system.
For more information, see http://docs.oracle.com/cd/E14571_01/core.1111/e10043/osso.htm#autoId89
.
Registering with Oracle SSO Version 11.1
To register RUEI as a partner application within Oracle SSO version 11.1, do the following:
-
On Oracle Access Manager console, click the Policy Configuration tab. The screen shown in Figure 4-2 appears.
Figure 4-2 OAM Policy Configuration Screen.
-
Click the New OSSO Agent item. The screen shown in Figure 4-3 appears.
-
Enter the required parameters and click Apply. The screen shown in Figure 4-4 appears.
Figure 4-4 OSSO Agent Creation Confirmation.
-
Copy the
osso.conf
file from the indicated location to the$ORACLE_INSTANCE/config/OHS/ohs1
directory on the RUEI Reporter system.
Verifying the Oracle HTTP Server Configuration
You can test the Oracle HTTP server for integration with RUEI by directing your browser to https://
Reporter
/ruei
. When you select System, then User management, the Configure SSO connection option should be enabled.
For information about enabling Oracle SSO user authentication within RUEI, see the Oracle Real User Experience Insight User's Guide.