Getting Started with Administering Oracle Virtual Directory 8-5 3. Provide the following information: ■ Host and Port of the directory. ■ Proxy Users DN and Password: The DN and password that Oracle Directory Services Manager uses for proxy authentication. ■ User Container DN : The DN under which user entries are located in the directory. ■ User Lookup Attribute : A unique attribute for looking up a users DN in the directory. For example, if the SSO server sends the user’s mail ID to Oracle Directory Services Manager as the user’s unique identifier, you can configure mail as the user look-up attribute.

4. Click Validate to verify your directory connection details.

Oracle Directory Services Manager authenticates to the directory server with the credentials provided.

5. Click Apply to apply your selections.

Click Revert to abandon your selections. 6. Specify the SSO server’s Logout URL in the SSO Logout URL text box. For example, http:myoamhost.mycompany.com:14100oamserverlogout is the default Logout URL for the Oracle Access Manager 11g server. If you only configure this field, Oracle Directory Services Manager displays the Login link at the top right corner of the Oracle Directory Services Manager page.

8.3.3 Configuring the SSO Server for Oracle Directory Services Manager Integration

To make SSO-Oracle Directory Services Manager integration work correctly, you must configure specific Oracle Directory Services Manager URLs as protected or unprotected. Oracle Directory Services Managers home page must be an unprotected URL. That is, all users must be able to access the Oracle Directory Services Manager home page, including those who have not gone through the SSO authentication process. The URL odsmodsm-sso.jsp must be protected by the SSO server. When a user clicks the Login link appearing on the top right corner of the home page, Oracle Directory Services Manager redirects the user to odsmodsm-sso.jsp. The SSO server challenges the user for a username and password, if the user is not already authenticated. Upon successful authentication, the user is directed back to the Oracle Directory Services Manager home page. You must configure odsmodsm-sso.jsp as a protected URL. In addition you must configure the following URLs as unprotected URLs: ■ odsmfacesodsm.jspx ■ odsm... You can use either Oracle Access Manager 11g or Oracle Access Manager 10g as your SSO provider. You must configure an Oracle Access Manager server to send the SSO-authenticated users unique identifier through an HTTP header to Oracle Directory Services Manager. Oracle Directory Services Manager looks for the OAM_REMOTE_USER HTTP header. The Oracle Access Manager server sets the OAM_REMOTE_USER header by default. If this header is not available, Oracle Directory Services Manager looks for the odsm-sso-user-unique-id HTTP header. If Oracle Directory Services Manager 8-6 Oracle Fusion Middleware Administrators Guide for Oracle Virtual Directory cannot find any of these headers, Oracle Directory Services Manager SSO integration will not work. In addition to sending the users unique identifier through HTTP header, you can optionally configure Oracle Access Manager to send following HTTP headers: ■ Configure the odsm-sso-user-firstname HTTP header to send the users first name. ■ Configure the odsm-sso-user-lastname HTTP header to send the users last name. If these headers are available, Oracle Directory Services Manager displays the users first name and last name in the Logged in as section located in the top right corner of Oracle Directory Services Manager. If the first name or the last name is not available, Oracle Directory Services Manager displays the users unique identifier in the Logged in as section. To configure Oracle Access Manager 11g, see Deploying the OAM 11g SSO Solution in Oracle Fusion Middleware Security Guide. To configure Oracle Access Manager 10g, see Deploying SSO Solutions with OAM 10g in Oracle Fusion Middleware Security Guide.

8.3.4 Configuring the Oracle HTTP Server for ODSM-SSO Integration