Configuring Single Sign-On Using Oracle Access Manager 10g 16-3 ■ Hostname —The name of the computer where the WebGateAccessGate is or will be installed. With OAMCfgTool the app_domain value is used as the host name. ■ AccessGate Password—A unique password to verify and identify the component. This prevents unauthorized AccessGates from connecting to Access Servers and obtaining policy information. With OAMCfgTool, this is specified with the app_agent_password parameter. This should differ for each WebGateAccessGate instance. ■ Transport Security —The level of transport security between the Access Server and associated WebGates these must match. The default value is Open. You can specify a different value with OAMCfgTool oam_aaa_mode value. ■ Preferred HTTP Host —The host name as it appears in all HTTP requests as users attempt to access the protected Web server. The host name in the HTTP request is translated into the value entered into this field, regardless of the way it was defined in a users HTTP request. With OAMCfgTool the Preferred HTTP Host is the app_domain value. The Preferred Host function prevents security holes that can be inadvertently created if a hosts identifier is not included in the Host Identifiers list. However, it cannot be used with virtual Web hosting. For virtual hosting, you must use the Host Identifiers feature. ■ Primary HTTP Cookie Domain: The Web server domain on which the WebGate is deployed. The cookie domain is required to enable single sign-on among Web servers; each must have the same Primary HTTP Cookie Domain value. Use the cookie_domain parameter with the OAMCfgTool to set this value. About Administrative Requirements for AccessGate Profiles and Policy Domains This topic introduces the administrative rights needed for the methods you can use when creating new WebGate and AccessGate profiles and policy domains for Oracle Access Manager. An Oracle Access Manager Master Access Administrator must create the first policy domain after the policy domain root is defined. He or she can then create policy domains for URLs beneath the first one and delegate administration of those policy domains to other administrators. Access System Console Method : You must be a Master or Delegated Access Administrator can use the Access System Console to create a new AccessGate profile, associate it with an Access Server, and create an authentication scheme. Master or Delegated Access Administrators can also use the Policy Manager to create a policy domain. The following deployments require this method: ■ Authenticator ■ Identity Asserter when Oracle Web Services Manager is protecting Web services OAMCfgTool Method : You do not need specific Oracle Access Manager administration rights for OAMCfgTool, which automates creating and associating a See Also: ■ About Administrative Requirements for AccessGate Profiles and Policy Domains on page 16-3 ■ Introduction to OAMCfgTool on page 16-15 ■ Configuring WebGates and Access Servers in the Oracle Access Manager Access Administration Guide