Configuring Single Sign-On Using Oracle Access Manager 10g 16-19 ldap_userpassword Password of LDAP administrative user. Passwords appear in clear text but are not captured in a log file. See Also: -noprompt later in this table. See Also: -noprompt later in this table and the discussion Passwords on page 16-16. oam_aaa_host DNS name of the computer hosting an accessible Access Server. After making appropriate changes to the Directory Server, a Cache flush request would be sent to this Access Server so that Access Servers refresh their appropriate caches. If the primary_oam_servers parameter is not specified, then the WebGate profile being created would be configured to use the Access Server, specified as part of oam_ aaa_host, as the Primary Access Server. Number of connections would default to 1. See Also: primary_oam_servers and secondary_oam_servers, later in this table. oam_aaa_port Listening port on the accessible Access Server Optional Parameters Optional Parameter Values help Provides a list of parameters and descriptions. version Lists the version of the OAMCfgTool. web_domain Primarily used to specify the host identifier. Note: OAMCfgTool either creates a host identifier and Webgate profile together or does not create either of them, as described in the following two scenarios: Creation of a Fresh Web Tier : If the host identifier specified by the parameter web_ domain or app_domain if web_domain is not specified does not exist in OAM, then the following would be created in OAM: 1. A new host identifier is created with the value specified by web_domain or app_domain if web_domain is not specified. 2. A new WebGate profile, the name of which is derived using the following rules: a. If webgate_id is specified, then the WebGate profile is created with the value specified in webtate_id b. If webgate_id is not specified, then the WebGate profile is created with the value specified in web_domain with _AG appended to it. For example: web_ domain_AG. c.If webgate_id and web_domain are not specified, then the WebGate profile is created with the value specified in app_domain with _AG appended to it. For example: app_domain_AG. 3. The value of the Preferred Http Host field of the WebGate profile and the hostname variations as part of the Host Identifier created in step 1 above are automatically populated with a same value. See Also: The hostname_variations parameter in this table for configuring virtual hosts. Using an existing Web Tier Join a web domain: If the host identifier specified as part of web_domain or app_domain, if web_domain is not specified exists in OAM, then: ■ A host identifier is not created ■ A WebGate profile is not created Note: The host identifier created in a fresh Web Tier is used in the policy domain being used. If virtual Web hosting is supported, supply a reserved name in the Preferred HTTP Host field instead of a host name variation. See Also: The hostname_variations parameter in this table and the Oracle Access Manager Access Administration Guide. Table 16–5 Cont. OAMCfgTool CREATE Mode Parameters and Values Parameters CREATE Mode Values 16-20 Oracle Fusion Middleware Application Security Guide cookie_domain Name of the domain to use for the ObSSOCookie. Within the AccessGate Profile in the Access System Console, this is known as the Primary HTTP Cookie Domain. Use this parameter when you create a new WebGate profile in a fresh Web Tier. public_uris URIs that must be unprotected using the Anonymous authentication scheme. You can identify public URIs by providing a comma separated list: uri1,uri2,uri3, for example. See Also: The uris_file parameter in this table. ldap_base Base from which all LDAP searches are performed. oam_aaa_mode Transport security mode of the accessible Access Server: OPEN, SIMPLE, or CERT. Default presumes OPEN. oam_aaa_passphrase Passphrase required for SIMPLE mode transport security mode only. The passphrase appears in clear text but is not captured in a log file. See Also: The discussion Passwords on page 16-16. log_file Name of the OAMCfgTool log file. Output to the screen is the default. log_level Level for OAMCfgTool logging: ALL, SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, OFF. Default = WARNING output_ldif_file Name of the LDIF file in which to store details from OAMCfgTool operations to load into the LDAP directory server later. If none is specified, changes are written immediately to the LDAP directory server and caches in Oracle Access Manager are flushed to make new information available. noprompt Disables password prompts from OAMCfgTool and enables password checks as follows: ■ If no password was passed from the command line, then OAMCfgTool checks for passwords passed from System.in. See Also: Passwords on page 16-16 for more information. ■ If no password is passed from System.in, OAMCfgTool stops execution with an exception indicating that the required password was not provided. authenticating_wg_url URI containing the host and port of the authenticating WebGate when you have both an authenticating and a resource WebGate. For example: authenticating_wg_uri=http:host:port This parameter configures the Challenge Redirect Parameter of both the following authentication schemes: ■ OraDefaultFormAuthenNScheme ■ OraDefaultI18NformAuthenNScheme Note: The Challenge Redirect parameter is added when the authentication scheme is created. The Challenge Redirect parameter of an existing authentication scheme is not updated. configOIMPwdPolicy Creates the Oracle Identity Manager OIM password policy to automate integration with Oracle Access Manager. Also, the corresponding authentication scheme used by the policy is enabled to check password policies. See Also: OIM Integration-Related Parameters and Values on page 16-25. Table 16–5 Cont. OAMCfgTool CREATE Mode Parameters and Values Parameters CREATE Mode Values