Oracle® Application Server Single Sign-On Administrator's Guide
10g Release 2 (10.1.2) Part No. B14078-01 |
|
![]() Previous |
![]() Next |
Oracle Application Server Single Sign-On Administrator's Guide contains concepts and procedures for managing user authentication to Oracle Application Server (OracleAS). The material presented in this book applies to UNIX and Windows platforms.
This preface contains these topics:
Oracle Application Server Single Sign-On Administrator's Guide is intended for the following users:
Administrators charged with configuring and managing authentication to OracleAS.
Developers of features for which OracleAS Single Sign-On is the authentication mechanism. The book is particularly for those who want to integrate these features with mod_osso, an authentication module on the Oracle HTTP Server.
Anyone who wants to understand how to use OracleAS Single Sign-On to protect access to Web applications.
This document assumes that the reader has a rudimentary knowledge of OracleAS and has installed, or is able to install, release 10.1.2.
Our goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For additional information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
Accessibility of Code Examples in Documentation
JAWS, a Windows screen reader, may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, JAWS may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
This book has the following structure:
Chapter 1, "Components and Processes: an Overview"
Takes a high-level, abbreviated look at salient aspects of OracleAS Single Sign-On. Intended as a quick reference.
Chapter 2, "Basic Administration"
Examines essential administration tasks such as stopping and starting the single sign-on server, enabling applications for single sign-on, and assigning administrative privileges.
Chapter 3, "Directory-Enabled Single Sign-On"
Examines the role that Oracle Internet Directory plays in single sign-on. The directory is the native repository for OracleAS users. As such, it plays a key role in user management.
Chapter 4, "Configuring and Administering Partner Applications"
Explains how to register partner applications with the single sign-on server. Shows how to deploy multiple partner applications with a load balancer.
Chapter 5, "Configuring and Administering External Applications"
Explains how to use the single sign-on UI to add and delete external applications. Shows how to configure these applications for proxy authentication using the Oracle HTTP Server.
Chapter 6, "Multilevel Authentication"
Explains how to assign specific authentication levels and adapters to specific applications. This feature enables you to tailor authentication behavior to the security needs of the application.
Chapter 7, "Signing On with Digital Certificates"
Explains how to configure OracleAS Single Sign-On to use X.509 certificates over SSL.
Chapter 8, "Advanced Deployment Options"
Presents nondefault ways to configure OracleAS Single Sign-On. Shows how to deploy the single sign-on server in ways that make it more available. Other topics include SSL-enabled single sign-on and single sign-on using proxy servers.
Chapter 9, "Enabling Support for Application Service Providers"
Explains how OracleAS Single Sign-On enables multiple identity management realms to be deployed within one instance of the Oracle Identity Management infrastructure. Shows how to enable the server for login to multiple realms.
Chapter 10, "Monitoring the Single Sign-On Server"
Explains how to use Oracle Enterprise Manager, the Oracle system management console, to monitor server load and user activity.
Chapter 11, "Creating Deployment-Specific Pages"
Explains how single sign-on pages are invoked. Explains how to rework these pages to suit enterprise needs. Includes guidelines for globalizing pages.
Chapter 12, "Integrating with Third-Party Access Management Systems"
Explains how to integrate OracleAS Single Sign-On with a third-party single sign-on system. By integrating, the third-party system gains access to the OracleAS product complement. Includes a fictional case study.
Chapter 13, "Exporting and Importing Data"
Explains how to move data between two or more single sign-on servers. Uses different scenarios to describe the conditions under which data must be moved.
Provides tips for handling error messages and other problems. Groups error messages and problems by feature. Also lists and describes the single sign-on log files.
Appendix B, "Obtaining the Single Sign-On Schema Password"
Provides an LDAP command that returns the single sign-on schema password. You need this password to run single sign-on scripts.
Appendix C, "policy.properties"
Provides the policy.properties
file in its entirety. This is a multipurpose configuration file that contains basic parameters. It is used to configure multilevel authentication.
Defines terms used in the book.
For more information, see these Oracle resources:
Printed documentation is available for sale in the Oracle Store at
http://oraclestore.oracle.com/
To download free release notes, installation documentation, white papers, or other collateral, please visit the Oracle Technology Network (OTN). You must register online before using OTN; registration is free and can be done at
http://www.oracle.com/technology/membership
If you already have a user name and password for OTN, then you can go directly to the documentation section of the OTN Web site at
http://www.oracle.com/technology/documentation/
To keep abreast of the latest developments in OracleAS Single Sign-On, see the following link:
http://www.oracle.com/technology/products/id_mgmt/osso/index.html
This section describes the conventions used in the text and code examples of this documentation set. It describes:
Conventions in Text
We use various conventions in text to help you more quickly identify special terms. The following table describes those conventions and provides examples of their use.
Convention | Meaning | Example |
---|---|---|
Bold | Bold typeface indicates terms that are defined in the text or terms that appear in a glossary, or both. | When you specify this clause, you create an index-organized table. |
Italics | Italic typeface indicates book titles or emphasis. | Oracle Database Concepts
Ensure that the recovery catalog and target database do not reside on the same disk. |
UPPERCASE monospace (fixed-width) font |
Uppercase monospace typeface indicates elements supplied by the system. Such elements include parameters, privileges, datatypes, RMAN keywords, SQL keywords, SQL*Plus or utility commands, packages and methods, as well as system-supplied column names, database objects and structures, usernames, and roles. | You can specify this clause only for a NUMBER column.
You can back up the database by using the Query the Use the |
lowercase monospace (fixed-width) font |
Lowercase monospace typeface indicates executables, filenames, directory names, and sample user-supplied elements. Such elements include computer and database names, net service names, and connect identifiers, as well as user-supplied database objects and structures, column names, packages and classes, usernames and roles, program units, and parameter values.
Note: Some programmatic elements use a mixture of UPPERCASE and lowercase. Enter these elements as shown. |
Enter sqlplus to open SQL*Plus.
The password is specified in the Back up the datafiles and control files in the The Set the Connect as The |
lowercase italic monospace (fixed-width) font
|
Lowercase italic monospace font represents placeholders or variables. | You can specify the parallel_clause .
Run |
Conventions in Code Examples
Code examples illustrate SQL, PL/SQL, SQL*Plus, or other command-line statements. They are displayed in a monospace (fixed-width) font and separated from normal text as shown in this example:
SELECT username FROM dba_users WHERE username = 'MIGRATE';
The following table describes typographic conventions used in code examples and provides examples of their use.
Convention | Meaning | Example |
---|---|---|
[ ] |
Brackets enclose one or more optional items. Do not enter the brackets. |
DECIMAL (digits [ , precision ]) |
{ } |
Braces enclose two or more items, one of which is required. Do not enter the braces. |
{ENABLE | DISABLE} |
| |
A vertical bar represents a choice of two or more options within brackets or braces. Enter one of the options. Do not enter the vertical bar. |
{ENABLE | DISABLE} [COMPRESS | NOCOMPRESS] |
... |
Horizontal ellipsis points indicate either:
|
CREATE TABLE ... AS subquery; SELECT col1, col2, ... , coln FROM employees; |
. . . |
Vertical ellipsis points indicate that we have omitted several lines of code not directly related to the example. |
SQL> SELECT NAME FROM V$DATAFILE; NAME ------------------------------------ /fsl/dbs/tbs_01.dbf /fs1/dbs/tbs_02.dbf . . . /fsl/dbs/tbs_09.dbf 9 rows selected. |
Other notation | You must enter symbols other than brackets, braces, vertical bars, and ellipsis points as shown. |
acctbal NUMBER(11,2); acct CONSTANT NUMBER(4) := 3; |
Italics
|
Italicized text indicates placeholders or variables for which you must supply particular values. |
CONNECT SYSTEM/system_password DB_NAME = database_name |
UPPERCASE |
Uppercase typeface indicates elements supplied by the system. We show these terms in uppercase in order to distinguish them from terms you define. Unless terms appear in brackets, enter them in the order and with the spelling shown. However, because these terms are not case sensitive, you can enter them in lowercase. |
SELECT last_name, employee_id FROM employees; SELECT * FROM USER_TABLES; DROP TABLE hr.employees; |
lowercase |
Lowercase typeface indicates programmatic elements that you supply. For example, lowercase indicates names of tables, columns, or files.
Note: Some programmatic elements use a mixture of UPPERCASE and lowercase. Enter these elements as shown. |
SELECT last_name, employee_id FROM employees; sqlplus hr/hr CREATE USER mjones IDENTIFIED BY ty3MU9; |
Conventions for Windows Operating Systems
The following table describes conventions for Windows operating systems and provides examples of their use.
Convention | Meaning | Example |
---|---|---|
Choose Start > | How to start a program. | To start the Database Configuration Assistant, choose Start > Programs > Oracle - HOME_NAME > Configuration and Migration Tools > Database Configuration Assistant. |
File and directory names | File and directory names are not case sensitive. The following special characters are not allowed: left angle bracket (<), right angle bracket (>), colon (:), double quotation marks ("), slash (/), pipe (|), and dash (-). The special character backslash (\) is treated as an element separator, even when it appears in quotes. If the file name begins with \\, then Windows assumes it uses the Universal Naming Convention. |
c:\winnt"\"system32 is the same as C:\WINNT\SYSTEM32 |
C:\> |
Represents the Windows command prompt of the current hard disk drive. The escape character in a command prompt is the caret (^). Your prompt reflects the subdirectory in which you are working. Referred to as the command prompt in this manual. |
C:\oracle\oradata> |
Special characters | The backslash (\) special character is sometimes required as an escape character for the double quotation mark (") special character at the Windows command prompt. Parentheses and the single quotation mark (') do not require an escape character. Refer to your Windows operating system documentation for more information on escape and special characters. |
C:\>exp scott/tiger TABLES=emp QUERY=\"WHERE job='SALESMAN' and sal<1600\"
C:\>imp SYSTEM/password FROMUSER=scott TABLES=(emp, dept)
|
HOME_NAME
|
Represents the Oracle home name. The home name can be up to 16 alphanumeric characters. The only special character allowed in the home name is the underscore. |
C:\> net start OracleHOME_NAMETNSListener
|
ORACLE_HOME and ORACLE_BASE
|
In releases prior to Oracle8i release 8.1.3, when you installed Oracle components, all subdirectories were located under a top level ORACLE_HOME directory. For Windows NT, the default location was C:\orant .
This release complies with Optimal Flexible Architecture (OFA) guidelines. All subdirectories are not under a top level All directory path examples in this guide follow OFA conventions. Refer to Oracle Database Platform Guide for Windows for additional information about OFA compliances and for information about installing Oracle products in non-OFA compliant directories. |
Go to the ORACLE_BASE \ ORACLE_HOME \rdbms\admin directory.
|