16-20 Oracle Fusion Middleware Application Security Guide cookie_domain Name of the domain to use for the ObSSOCookie. Within the AccessGate Profile in the Access System Console, this is known as the Primary HTTP Cookie Domain. Use this parameter when you create a new WebGate profile in a fresh Web Tier. public_uris URIs that must be unprotected using the Anonymous authentication scheme. You can identify public URIs by providing a comma separated list: uri1,uri2,uri3, for example. See Also: The uris_file parameter in this table. ldap_base Base from which all LDAP searches are performed. oam_aaa_mode Transport security mode of the accessible Access Server: OPEN, SIMPLE, or CERT. Default presumes OPEN. oam_aaa_passphrase Passphrase required for SIMPLE mode transport security mode only. The passphrase appears in clear text but is not captured in a log file. See Also: The discussion Passwords on page 16-16. log_file Name of the OAMCfgTool log file. Output to the screen is the default. log_level Level for OAMCfgTool logging: ALL, SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, OFF. Default = WARNING output_ldif_file Name of the LDIF file in which to store details from OAMCfgTool operations to load into the LDAP directory server later. If none is specified, changes are written immediately to the LDAP directory server and caches in Oracle Access Manager are flushed to make new information available. noprompt Disables password prompts from OAMCfgTool and enables password checks as follows: ■ If no password was passed from the command line, then OAMCfgTool checks for passwords passed from System.in. See Also: Passwords on page 16-16 for more information. ■ If no password is passed from System.in, OAMCfgTool stops execution with an exception indicating that the required password was not provided. authenticating_wg_url URI containing the host and port of the authenticating WebGate when you have both an authenticating and a resource WebGate. For example: authenticating_wg_uri=http:host:port This parameter configures the Challenge Redirect Parameter of both the following authentication schemes: ■ OraDefaultFormAuthenNScheme ■ OraDefaultI18NformAuthenNScheme Note: The Challenge Redirect parameter is added when the authentication scheme is created. The Challenge Redirect parameter of an existing authentication scheme is not updated. configOIMPwdPolicy Creates the Oracle Identity Manager OIM password policy to automate integration with Oracle Access Manager. Also, the corresponding authentication scheme used by the policy is enabled to check password policies. See Also: OIM Integration-Related Parameters and Values on page 16-25. Table 16–5 Cont. OAMCfgTool CREATE Mode Parameters and Values Parameters CREATE Mode Values Configuring Single Sign-On Using Oracle Access Manager 10g 16-21 OimOhsHostPort Required when integrating Oracle Identity Manager OIM with Oracle Access Manager and an authentication WebGate and resource WebGate. See Also: OIM Integration-Related Parameters and Values on page 16-25. Not required without an authenticating WebGate. In this case, Oracle Identity Manager OIM password policy OraOIMDefPasswdPolicy automates integration with Oracle Access Manager and the corresponding authentication scheme used by the policy is enabled to check password policies. Default values are used for the password policy-related parameters with the value in OimOhsHostPort prepended to these. For example: -OimLostPwdRedirectUrl Lost Password Redirect URL: OimOHSHostPortadminfacespagesforgotpwd.jspx -OimPwdRedirectUrl Password Change Redirect URL: OimOHSHostPortadminfacespagespwdmgmt.jspx?backUrl=RESOURCE -OimLockoutRedirectUrl Account Lockout Redirect URL: OimOHSHostPortApplicationLockoutURI OimOhsHostPort parameter is applicable only if the -configOimPwdPolicy flag is present. See Also: OIM Integration-Related Parameters and Values on page 16-25. logouturi Facilitates configuration of LogoutRedirectUrl on the Resource WebGate by pointing to the URL location on the Authenticating WebGate where the perl script for logout is configured. The value of logouturi parameter must be a URI. The WebGate LogoutRedirectUrl parameter is configured using the authenticating_wg_url and logouturi parameters: http:awghost:awgportcgi-binlogout.pl LogoutRedirectUrl http:myhost.us.myco.com:7777cgi-binlogout.pl. Note: Do not configure the LogoutRedirectUrl parameter on the authenticating WebGate itself. Instead, leave the LogoutRedirectUrl blank on the authenticating WebGate. To configure the logout URI when you create an application domain and provision a fresh WebGate: echo ldapUserPwd; echo appAgentPwd; echo OAMModePwd; echo TestUserPwd java -jar oamcfgtool.jar app_domain=app_domain protected_uris=protUri ldap_host=ldap-host ldap_port=3899 ldap_userdn=cn=Directory Manager oam_aaa_host=aaa_host oam_aaa_port=7054 oam_aaa_mode=simple ldap_ base=o=company,c=us oam_aaa_passphrase=welcome1 authenticating_wg_ url=http:myhost.us.myco.com:7777 -logouturi=cgi-binlogout.pl -noprompt Note : To use an existing WebGate, use the webgate_id parameter as described next. Table 16–5 Cont. OAMCfgTool CREATE Mode Parameters and Values Parameters CREATE Mode Values