Managing Security 2-25 b. Configure an Authentication provider. This is necessary to specify the user store, such as Oracle Internet Directory or an external LDAP server. See Installing and Setting Up Authentication Providers for OAM 10g and Configuring the Authenticator for Oracle Access Manager 10g in Oracle Fusion Middleware Application Security Guide. See Table 12-1 in Oracle Fusion Middleware Application Security Guide for information on the differences when deploying the Authentication Provider with OAM 10g versus OAM 11g. c. Configure the OPSS OAM Single Sign-On provider. See Oracle Fusion Middleware Security Guide: Configuring Single-Sign On in Oracle Fusion Middleware. For more information, see Oracle Fusion Middleware Administrators Guide for Oracle Access Manager.

2.3.7 Configuring Oracle Single Sign-On for Oracle IPM

Oracle Single Sign-On OSSO is part of the 10g Oracle Application Server suite. OSSO is an enterprise-level single sign-on solution that works with the OC4J application server in conjunction with Oracle Internet Directory and Oracle HTTP Server OHS 11g. If OSSO is already in place as the enterprise solution for your existing Oracle deployment, Oracle Fusion Middleware continues to support the existing OSSO as a solution. However, Oracle recommends that you consider upgrading to Oracle Access Manager 11g Single Sign-On solution. This section provides information for integrating Oracle IPM with Oracle Single Sign-On. See also Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management, Oracle Fusion Middleware Application Security Guide, Oracle Fusion Middleware Upgrade Planning Guide, and Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management. Before you can configure Oracle Single Sign-On OSSO, ensure that the software is installed. Oracle Single Sign-On and Oracle Delegated Administration Service are not part of the 11g release. Customers must download the 10.1.4. versions of these products, which are compatible with 11g Oracle Internet Directory and Oracle Directory Integration Platform, to form what was known in 10g as the Application Server Infrastructure. For deployment instructions on these 10g products, read Chapter 4 Installing and Configuring JAZN-SSODAS in the Oracle Application Server Enterprise Deployment Guide B28184-02 for Oracle Identity Management release 10.1.4.0.1. This manual is available on Oracle Technology Network at: http:download.oracle.comdocscdB28196_ 01core.1014b28184toc.htm 1. Configure Oracle Single Sign-On OSSO. See Oracle Fusion Middleware Application Security Guide. a. Append entries to the mod_wl_ohs.conf file for Oracle IPM to add Enterprise Content Management ECM Uniform Resource Identifiers URIs to forward. Use the appropriate location entries from the following example. Each entry in the example maps the incoming path to the appropriate Oracle WebLogic Server on which Oracle IPM resides. 2-26 Administrators Guide for Oracle Imaging and Process Management In the following list of entries, hostname represents the name of the computer hosting the Oracle IPM server, and portnumber represents the port number of the Oracle WebLogic Server on which Oracle IPM. Replace hostname and portnumber with your systems host name and port name. IPM Location imaging SetHandler weblogic-handler WebLogicHost hostname WebLogicPort portnumber Location b. Append entries to the mod_osso.conf file at ORACLE_HOMEohsconf to include Oracle IPM URIs to protect. Use the appropriate Location entries from the following example. Each entry in the following example maps the incoming path to the appropriate Oracle WebLogic Server on which Oracle IPM resides. IPM Location imagingfaces require valid-user AuthType Osso Location 2. Configure the Oracle IPM domain by ensuring you perform these tasks. See Configuring Single Sign-On using OracleAS SSO 10g in Oracle Fusion Middleware Application Security Guide. a. Add and configure the OSSO Identity Asserter for the Oracle WebLogic Server for Oracle UCM. Oracle recommends the following Authentication Providers: OSSO Identity Asserter, OID Authenticator, Default Authenticator. The OID Authenticator provider is for the Oracle Internet Directory server, which is used in production-level systems. The Default Authenticator provider is for the Oracle WebLogic Server embedded LDAP server. Ensure that OSSOIdentityAsserter is set as the primary provider authenticator for the domain, so that user profile can be retrieved from the associated Oracle Internet Directory server. If necessary, reorder the providers so they appear in the following order, with control flags set as listed: OSSOIdentityAsserter REQUIRED OIDAuthenticator SUFFICIENT DefaultAuthenticator SUFFICIENT Caution: The Oracle IPM location ipm can be customized, so the ipm designation can not guarantee that HTTP requests will include the correct location. If ipm has been changed, then forward the location the administrator has configured. Managing Security 2-27 b. Configure the Authentication provider. This is necessary to specify the external LDAP server for the user store, such as Oracle Internet Directory OID or Oracle Virtual Directory OVD, to match the LDAP server used by OAM. For example, if OSSO is using OID, then an OID Authentication provider must be added to the Oracle UCM domain.

2.3.8 Configuring Oracle IPM and Single Sign-On for Windows Native Authentication