Getting Started After Installing 11g Release 1 11.1.1

Getting Started with Administering Oracle Virtual Directory 8-3 ■ Understanding Oracle Virtual Directory Access Control on page 6-4 ■ Chapter 16, Configuring Oracle Virtual Directory Access Control

8.3 Getting Started With Oracle Directory Services Manager

This topic explains how to set up the Oracle Directory Services Manager interface for use with Oracle Virtual Directory and contains the following sections: ■ Understanding Oracle Directory Services Manager ■ Configuring SSO Integration ■ Configuring the SSO Server for Oracle Directory Services Manager Integration ■ Configuring the Oracle HTTP Server for ODSM-SSO Integration ■ Invoking Oracle Directory Services Manager ■ Connecting to the Server from Oracle Directory Services Manager ■ Managing Oracle Directory Services Manager’s Key Store ■ Configuring Oracle Directory Services Manager Session Timeout ■ Configuring Oracle HTTP Server to Support Oracle Directory Services Manager in an Oracle WebLogic Server Cluster

8.3.1 Understanding Oracle Directory Services Manager

Oracle Directory Services Manager is the unified browser-based graphical user interface GUI for Oracle Virtual Directory and Oracle Internet Directory. Oracle Directory Services Manager simplifies the administration and configuration of Oracle Virtual Directory and Oracle Internet Directory by allowing you to use web-based forms and templates.

8.3.1.1 Supported Browsers

For information about supported browsers for Fusion Middleware Control and Oracle Directory Services Manager, refer to the Oracle JDeveloper and Application Development Framework 11g Certification and Support Matrix at: http:www.oracle.comtechnetworkmiddlewaredownloadsfmw-11gr1 certmatrix.xls

8.3.1.2 Using the JAWS Screen Reader with Oracle Directory Services Manager

When you use JAWS with Oracle Directory Services Manager, and a new window pops up, JAWS reads popup. To read the entire page, enter the keystrokes Insert+b.

8.3.1.3 Understanding Single Sign-On Integration with Oracle Directory Services Manager

You can configure Oracle Directory Services Manager to use Single Sign-On SSO. When configured with SSO, Oracle Directory Services Manager allows a user who has been authenticated by the SSO server to connect to an SSO-enabled directory without logging in, provided that user has privileges to manage the directory. Notes: Only users with Oracle Directory Services Manager Administrator access usually cn=orcladmin can log in to Oracle Directory Services Manager. 8-4 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory Oracle Directory Services Manager maintains a list of Oracle Virtual Directory servers that SSO-authenticated users can manage. To validate whether an SSO-authenticated user has the required privileges to manage Oracle Virtual Directory, Oracle Directory Services Manager maps the SSO-authenticated user to a DN in the Oracle Virtual Directory server. Oracle Directory Services Manager uses proxy authentication to connect to the directory. The proxy users DN and password are stored in a secure storage framework called the Credential Store Framework CSF. To map an SSO-authenticated user, Oracle Directory Services Manager authenticates to the Oracle Virtual Directory server using the credentials of a user with proxy privileges. Oracle Directory Services Manager then tries to map the SSO-authenticated users unique identifier to the Oracle Virtual Directory users unique identifier. The WLS Administrator configures the proxy users credentials, unique identifier attribute, and the base DN under which Oracle Directory Services Manager searches for the user, which are stored in the CSF. If Oracle Directory Services Manager gets a valid DN, it maps the SSO-authenticated user to that DN. When the SSO-authenticated user is mapped to a valid DN, Oracle Directory Services Manager uses proxy authentication to connect to the Oracle Virtual Directory server with the SSO-authenticated users mapped DN. You configure the proxy identity, look-up attribute, user container, and other information by using the Oracle Directory Services Manager Proxy Bind Configuration Screen as described in Configuring SSO Integration .

8.3.2 Configuring SSO Integration

To configure Oracle Directory Services Manager-SSO integration, use the Oracle Directory Services Manager Proxy Bind Configuration Screen, at http:host:portodsm-config. Log in as the WebLogic administrator. On this screen, you provide Oracle Directory Services Manager with the set of directory servers that SSO users can manage. This screen lists the Single Sign-On accessible directories. Use the View list to modify the number and order of the columns. To remove an existing directory, click Remove. To modify an existing directory, click Modify. To add a new Single Sign-On accessible directory, click Add. When you click Modify or Add, the Directory Details screen appears. Proceed as follows:

1. Select Non-SSL or SSL from the Port Type list.

2. Select OID or OVD from the Directory Type list.

Note: SSO-authenticated users must be members of the Oracle Virtual Directorys admin group to manage Oracle Virtual Directory. Even with a valid DN, users cannot manage Oracle Virtual Directory unless they are in the admin group. The container DN under which Oracle Directory Services Manager searches for a users DN can be from any adapter configured in Oracle Virtual Directory.