Configuring Oracle Information Rights Management 8-9

8.2 Validating the Oracle IRM Installation

When the Oracle IRM Managed Server is running, the Oracle IRM application is deployed to the Oracle WebLogic Server domain. You can validate that the installation was successful by accessing this URL: https:managedServerHost:managedServerPortirm_desktop For example: https:myhost.example.com:16101irm_desktop

8.3 Configuring the Identity Store

Oracle IRM uses OPSS to obtain user and group details from the external LDAP authentication provider. For information about configuring the identity store, see Section 4.9, Reassociating the Identity Store with an External LDAP Authentication Provider.

8.4 Integrating Oracle IRM with Oracle Access Manager 11g

Oracle Access Manager is the recommended single sign-on SSO solution for Oracle Enterprise Content Management Suite applications. It provides flexible and extensible authentication and authorization, as well as audit services. You can integrate Oracle IRM with Oracle Access Manager by configuring both of them for the integration. Oracle IRM supports Basic authentication with Oracle Access Manager, which contains an authorization engine that grants or denies access to particular resources based on properties of the user requesting access as well as on the environment from which the request was made. Oracle IRM currently has limited support for SSO through Oracle Access Manager 11g, as described in this section. Public URIs need to be specified for Oracle Access Manager 11g: ■ irm_rights ■ irm_rights... IRM Desktop does not support Oracle Access Manager 11g. You also need to protect the following URI: ■ irm_rightsfaces Implementation of single sign-on SSO with the Oracle IRM 11g server management console will enable access to applications as expected. Input of a valid user name and password combination during the same SSO session will be recognized. Implementation of SSO for Oracle IRM Desktop with Oracle Access Manager 10g is possible but will not enable access to multiple applications in the same session by entry of a single username and password combination. Oracle IRM Desktop users will be prompted for a user name and password even if they have already supplied a valid user name and password within the same SSO session. This level of support for SSO is provided so that users can be shown a recognizable sign-on dialog that will indicate the correct user name and password combination to be entered. 8-10 Oracle Fusion Middleware Installation Guide for Oracle Enterprise Content Management Suite After you install and configure Oracle Access Manager 11g, you can configure it and Oracle IRM to work together. To configure Oracle IRM and Oracle Access Manager 11g to work together: 1. Install Oracle Access Manager 11g, as described in Installing the Oracle Identity Management 11g Software in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. 2. Configure Oracle Access Manager 11g, as described in Configuring Oracle Access Manager in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. 3. Install and configure Oracle HTTP Server OHS, as described in Installing Oracle Web Tier in the Oracle Fusion Middleware Installation Guide for Oracle Web Tier. 4. Install and configure WebGate, as described in Installing and Configuring Oracle HTTP Server 11g Webgate for OAM in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. 5. Append Oracle ECM URIs to forward to the mod_wl_ohs.conf file, as in the following example: IRM management web site Location irm_rights SetHandler weblogic-handler WebLogicHost managedServerHost WebLogicPort managedServerPort Location In the preceding example, managedServerHost represents the host name of the machine hosting Oracle IRM, and managedServerPort represents the port number of the Oracle WebLogic Server instance hosting Oracle IRM. Notes: ■ Oracle IRM Desktop is supported only with Oracle Access Manager 10g and not with Oracle Access Manager 11g for Release 11.1.1.4.0. ■ For information about Oracle Access Manager 10g, see the Oracle Access Manager Access Administration Guide. ■ For information about configuring Windows Native Authentication WNA, see Configuring Single Sign-On with Microsoft Clients in Oracle Fusion Middleware Securing Oracle WebLogic Server. Note: The following procedure should be performed only after you have installed Oracle Enterprise Content Management Suite described in Chapter 3, Installing Oracle Enterprise Content Management Suite and configured an Oracle IRM Managed Server described in Chapter 4, Configuring Oracle Enterprise Content Management Suite . You should also have configured and tested any required connections. Configuring Oracle Information Rights Management 8-11 The Location element in the next example specifies a host and port number: Location irm_rights SetHandler weblogic-handler WebLogicHost irm.example.com WebLogicPort 16100 Location 6. Log in to the Oracle Access Manager console, as described in Oracle Fusion Middleware Administrators Guide for Oracle Access Manager, and follow the instructions in the administrator’s guide to do these tasks: a. Create a new Application Domain called IRM Domain.

b. Select IRM Domain, then Resources, and then create entries for all the Oracle