In this module, you configure three files and reregister all
SSO applications that are PKI protected. The three files you will configure
are sso_apache.conf, orion-web.xml,
and policy.properties. As a result
of this exercise, the SSO server, the DAS server, and the OCA Server will be
SSL protected.
In this file configuration, you add two directives. The first
one sets up the URLs for your Java links. The second directive allows the single
sign-on server to receive client certificate parameters. To add the two directives,
perform the following steps:
1.
Open the browser and enter the following URL:
http://host.domain:1810
Log in as ias_admin user. This starts the Oracle Application Server Control.
2.
Click the HTTP_Server link in the System Components section.
3.
Click Administration.
4.
Click Advanced Server Properties.
5.
Click the sso_apache.conf link.
6.
Add the directive for the URLs of your Java links to the end of the file.
Example:
<IfDefine SSL>
<location "/sso/auth">
SSLRequireSSL
</location>
<location "/sso/ChangePwdServlet">
SSLRequireSSL
</location>
</IfDefine>
7.
Add the second directive, which allows the single sign-on server to receive
client certificate parameters, to the end of the same file.
Example:
<IfModule mod_ossl.c>
Oc4jExtractSSL on
<location "/sso">
SSLOptions +ExportCertData +StdEnvVars
</location>
</IfModule>
After you finish editing this file, click the Apply button to
commit your edits.
8.
You are prompted to restart the HTTP Server. Click Yes to restart
the HTTP Server.
9.
HTTP Server has been restarted. Click OK.
Configuring
the orion-web.xml and policy.properties Files
The only way to edit these files is by using
the command line. Perform the following steps to configure them:
1.
Set ORACLE_HOME to point to your Application Server install directory.
Change the directory to /$ORACLE_HOME/j2ee/OC4J_SECURITY/application-deployments/sso/web.
Make a backup copy of the orion-web.xml file. Open the orion-web.xml
file in a text editor. Open a new line above the closing tag </orion-web-app>
and enter the following text:
<jazn-web-app runas-mode="true"
/>
Save the changes and exit from the editor.
2.
Change the directory to /$ORACLE_HOME/sso/conf.
Make a copy of the policy.properties file. Open the policy.properties
file in a text editor. Change the DefaultAuthLevel value from MediumSecurity
to MediumHighSecurity.
Example: DefaultAuthLevel
= MediumHighSecurity
In the same file, change the Authentication plugin:
Now you must register your SSO applications with
the SSO server. Perform the following steps to register:
1.
At the command prompt, enter the following command:
Make sure to substitute your own hostname, domain, and port information
in this command.
2.
Now register the OCA application with the following command:
Note: Some operating systems have a maximum limit on the number
of characters in a command at the command prompt. This may hinder you
from properly running this command. If this problem occurs, create a new
file and enter this command into the file and make the file executable
before running it.
3.
Now you must update the Distributed Configuration Management (DCM). If
you fail to do so, you may experience problems authenticating to your
Virtual Host applications such as OCA. Execute the following command to
do so:
4.
Now you must restart the infrastructure. In the browser, navigate to
the Application Server Control URL. Click the Restart All button.
5.
Final step is to restart Oracle Certificate Authority. Execute the following
command to do so:
Place the cursor on this icon to hide all screenshots.
Bookmark
