Oracle® Application Server Release Notes
10g Release 2 (10.1.2) for hp-ux PA-RISC (64-Bit) B25187-02 |
|
Previous |
Next |
This chapter describes issues associated with Oracle Application Server Single Sign-On (OracleAS Single Sign-On). It includes the following topic:
This section describes configuration issues and their workarounds for Oracle Application Server Single Sign-On. It includes the following topic:
Additional configuration steps are required after OracleAS Infrastructure is installed with the "OracleAS Cluster (Identity Management)" option. There are two sets of instructions to follow:
The first set of instructions, in Section 18.1.1.1, "Update the mod_rewrite Entry for SSO", must be followed in all cases.
The second set of instructions, Section 18.1.1.2, "Update targets.xml", are needed in only one installation case as described in that section.
Take the following steps:
Back up the sso_apache.conf
file:
cp ORACLE_HOME/sso/conf/sso_apache.conf ORACLE_HOME/sso/conf/sso_apache.conf.BACKUP
Edit the file. Locate the mod_rewrite entry that contains the following text:
<IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^/pls/orasso/orasso.wwsso_app_admin.ls_login$ /sso/auth [PT] </IfModule>
Add the following line:
RewriteRule ^/pls/orasso/orasso.home$ PROTOCOL: //LBR_HOST:LBR_PORT/pls/orasso/orasso.home [R,L]
replacing the placeholders in italics with the following values:
Replace LBR_HOST with the full hostname for the HTTP load balancer.
Replace LBR_PORT with the SSL listening port. If SSL is enabled, enter the SSL port value. If using the default ports of 80 or 443, do not specify a port value.
Replace PROTOCOL with either HTTPS
(if using the SSL port) or HTTP
(if using the non-SSL port).
For example, the entry might look like this when using a nondefault SSL port:
<IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^/pls/orasso/orasso.wwsso_app_admin.ls_login$ /sso/auth [PT] RewriteRule ^/pls/orasso/orasso.home$ https: //lbr.mydomain.com:4443/pls/orasso/orasso.home [R,L] </IfModule>
As another example, the entry might look like this when using a default SSL port:
<IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^/pls/orasso/orasso.wwsso_app_admin.ls_login$ /sso/auth [PT] RewriteRule ^/pls/orasso/orasso.home$ https: //lbr.mydomain.com/pls/orasso/orasso.home [R,L] </IfModule>
Save and close the file.
Restart Oracle HTTP Server.
The following configuration steps are needed only in the installation scenario where communications between clients and the load balancer use HTTPS, and communications between the load balancer and Oracle HTTP Server also use HTTPS:
Client ---[HTTPS]---> Load Balancer ---[HTTPS]---> Oracle HTTP Server
In this case the oracle_sso_server
entry in the targets.xml
file, on each physical host of the cluster, must be reconfigured to monitor the local SSL port.
Note: Keep in mind that the hostname should remain the same. Please do not change the hostname. |
Perform the following steps to update targets.xml
on each node of the cluster:
Back up the targets.xml
file:
cp ORACLE_HOME/sysman/emd/targets.xml ORACLE_HOME/sysman/emd/targets.xml.BACKUP
Open the file and find the oracle_sso_server
target type. Within this target entry, locate and edit the following two attributes:
HTTPPort - the server SSL port number
HTTPProtocol - the server protocol, which in this case is HTTPS
For example, you could update the two attributes this way:
<Property NAME="HTTPPort" VALUE="4443"/> <Property NAME="HTTPProtocol" VALUE="HTTPS"/>
Save and close the file.
Reload the OracleAS console:
ORACLE_HOME/bin/emctl reload