 |
|
|
|
|
|
|
|
|
|
|
 |
 |
|
||||||||
 |
    |
|
||||||||
 |
WNA File Configuration |
|
||||||||
|
|
|||||||||
|
Windows
Native Authentication Easy Configuration The final configuration steps require you to make extensive edits to 6 different files. You will also have to run a few lengthy commands. To make it easier for you to configure this feature we have provided you with two files. One is a file called "ossoca.jar" and the other is called "runwan.sh". These two files can be downloaded here (samplefiles.zip) If you chose to do the Easy Configuration, follow these instructions and then skip to the last page to configure your browser and test your WNA authentication. Make backup copies of the following files: $ORACLE_HOME/sso/lib/ossoca.jar $ORACLE_HOME/opmn/conf/opmn.xml $ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn.xml $ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn-data.xml $ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/WEB-INF/web.xml Replace the old "ossoca.jar" file with the new "ossoca.jar" file that is included with the samplefiles.zip file Next we need to modify the "runwna.sh" file which is included in the samplefiles.zip file This files contents look like this: #!/bin/sh $ORACLE_HOME/jdk/bin/java -jar \ $ORACLE_HOME/sso/lib/ossoca.jar wna \ -mode sso -oh $ORACLE_HOME -ad_realm ACME.COM \ -kdc_host_port dude.us.oracle.com:88 \ -keytab $ORACLE_HOME/j2ee/OC4J_SECURITY/config/hostname.keytab \ -verbose Replace $ORACLE_HOME with your full Oracle home path. Replace dude.us.oracle.com with the FQDN of your AD server including the port number that the KDC server is listening on. In the example above we used port number 88. Replace "hostname.keytab" with the name of the keytab file you generated earlier in this WNA exercise. Before you run this script it is important to note that the script will shutdown your 10g AS OC4J_SECURITY processes. The script takes about 1 minute to complete the WNA configuration. Now run the script Example: # ./runwna.sh After the script completes you should will need to restart your infrastructure. Go to the Oracle 10g AS console URL to restart your infrastructure: Example: http://hostname.domain.com:1810 Start any processes in your 10g AS instance that are not up. You should now skip to the last page of this exercise.
You may find it necessary to configure WNA manually. If this is your choice follow the direction below and those on the next two pages. If you chose the Easy Configuration as described at the beginning of this page, you can skip these steps and go to the last page to configure your browser and test your WNA configuration. Next, we need to modify two files on the SSO server. A sample file called wna.examples.txt is here for you to copy and paste from. Configuring the "opmn.xml" file In a text editor, edit the file $ORACLE_HOME/opmn/conf/opmn.xml In this file search for the value: 'process-type id="OC4J_SECURITY" module-id="OC4J' About seven lines down from this line you will see an opening tag called '<data id="Java-options" value="server'. Near the end of this line we need to add two values. The first value is: -Djavax.security.auth.useSubjectCredsOnly=false The second value which should be added is: -Doracle.security.jazn.config=$ORACLE_HOME/j2ee/OC4J_ SECURITY/config/jazn.xml Both of these values are added at the end of this tag but before the last double quote in the line. Each value should be seperated by a space. Use the sample file to copy from if you like. Replace the $ORACLE_HOME with your true Oracle home directory path. Save and exit the file. Watch a viewlet to see how its done.
Editing the "jaxn.xml" file Open the $ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn.xml file in a text editor Make sure you have a tag line that looks like this in it: <jazn provider="XML" location="./jazn-data.xml" /> This line
may already exist in the file. |
 |
|
||||||||
 |
 |
 |
 |
 |
|
|||||
 |
|
|||||||||
