 |
|
|
|
|
|
|
|
|
|
|
 |
 |
|
||||||||
 |
    |
|
||||||||
 |
|
|
||||||||
|
|
|||||||||
|
SSL
enabling the SSO Server In this section we will be configuring three files and reregistering all SSO applications that will be PKI protected. The three files we will be configuring are "sso_apache.conf", "orion-web.xml" and "policy.properties". The result of this exercise will be that the SSO server, the DAS server and the OCA Server will be SSL protected. Configuring the sso_apache.conf file Configuring the orion-web.xml file Configuring the policy.properties file Registering your SSO Applications with mod_osso
Configuring the sso_apache.conf file In this file configuration we will add two directives. The first one will setup the URL's for your Java links. The second directive will allow the single sign-on server to receive client certificate parameters. There are two ways to modify this file. EM AS Control and Manual Edit. EM Application Server Control edit of the "sso_apache.conf" file (Recomended method) Editing the configuration files with the EM Application Server Control gives you the ability to easily revert back to old configurations should you change your mind. More importantly, you will not have to manually run the dcmctl command to update the Distributed Configuration Management (DCM) every time you make a change to a configuration file. In a browser, navigate to the EM Application Server Control URL. Example: http://aspen.us.oracle.com:1810 Click on the "HTTP_Server" link in the "System Components" section.
On the page that follows click on the "Administration" link at the top of the page.
On the page that follows click on the "Advanced Server Properties" link.
In the list of files that follows click on the "sso_apache.conf" link.
Add the directive for the URL's of your Java links to the end of this file. Example:
Add the second directive that will allow the single sign-on server to receive client certificate parameters to the end of the same file. Example:
After you finish editing this file, click the "Apply" button to commit your edits. You will be prompted to restart the HTTP Server. Make sure you select "Yes" to restart the HTTP Server.
Manual edit of the "sso_apache.conf" file (Not Recomended) If you decide to manually edit this file without the EM Application Server Control you will have to manually update the Distributed Configuration Management (DCM) at the end of this procedure in order to make the changes permanent. Change directory to $ORACLE_HOME/sso/conf Make a backup copy of the sso_apache.conf file Open the file "sso_apache.conf" in a text editor. Add the directive for the URL's of your Java links to the end of this file. Example:
Run the following commands to update the Distributed Configuration Management (DCM): dcmctl updateconfig -co OC4J_SECURITY dcmctl updateconfig -ct ohs
Restart OC4J_SECURITY and the HTTP server. opmnctl restartproc process-type=OC4J_SECURITY opmnctl restartproc process-type=HTTP_Server Make a backup copy of the orion-web.xml file. Open the file orion-web.xml in a text editor. Open a new line above the closing tag "</orion-web-app>" and enter the following line there: <jazn-web-app runas-mode="true" /> Example:
Save the changes made to the file and exit the editor.
Configuring the policy.properties file Change directory to $ORACLE_HOME/sso/conf Make a copy of the policy.properties file. Open the file policy.properties in a text editor. Change the "DefaultAuthLevel" value from MediumSecurity to MediumHighSecurity Example: DefaultAuthLevel = MediumHighSecurity In the same file also change the Authentication plugin From: MediumSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOServerAuth To: MediumHighSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOX509CertAuth Example:
Save the changes to the file and exit the editor.
In a browser, navigate to the EM Application Server Control URL. Example: http://aspen.us.oracle.com:1810 Click the "Restart" all button.
|
 |
|
||||||||
 |
 |
 |
 |
 |
|
|||||
 |
|
|||||||||
