17-18 Oracle Fusion Middleware Application Security Guide The following procedure gives some tips about modifying the SSO Sync filter properties and behavior. To modify the SSO Sync Filter properties and behavior 1. Disable the Filter : Change the system property sso.filter.enable to false pass as -D to the jvm and restart the Oracle WebLogic Server. This toggles the filter status.

2. User-Identifying Header Differs from Pre-Configured Sync Filter Tokens

: Over-ride the SSO token that the Sync Filter looks for using the system property sso.filter.ssotoken. For example, pass to the WebLogic Server jvm in the WebLogic Server startup script -Dsso.filter.ssotoken=HEADERNAME, and restart the server. When you contact Oracle Support you might be requested to set up debugging, as described in Setting Up Debugging in the WebLogic Administration Console on page 14-13.

17.3 Troubleshooting for an OSSO Identity Asserter Deployment

The troubleshooting items described in this section are grouped into the following categories: ■ SSO-Related Problems ■ OSSO Identity Asserter-Related Problems ■ URL Rewriting and JSESSIONID ■ About mod_osso, OSSO Cookies, and Directives ■ About Using IPv6

17.3.1 SSO-Related Problems

This section addresses the following troubleshooting items: ■ OHS Is Not Redirecting to SSO - Internal Server Error 500 ■ Is Attribute AuthName Required? ■ URL Request not Redirected to SSO ■ Error 404 - Not Found is Issued OHS Side ■ Error 404 - Not Found is Issued Oracle WebLogic Server Side ■ Oracle SSO Failure - Unable to process request ■ OSSO Solution for Applications Deployed on a Stand-alone WebLogic Server ■ See Also: ■ Setting Up Debugging in the WebLogic Administration Console on page 14-13 ■ Oracle Application Server Single Sign-On Administrators Guide for 10g, Troubleshooting, on the Oracle Technology Network at: http:www.oracle.comtechnologydocumentationoi m1014.html Configuring Single Sign-On using OracleAS SSO 10g 17-19 OHS Is Not Redirecting to SSO - Internal Server Error 500 The most likely source of this problem is an incorrect configuration. The following sample uses Oracle HTTP Server 11g. Path names are different if you have Oracle HTTP Server 10g. To address it, proceed as follows: 1. Open the file mod_osso.conf and ensure that the resource is protected. For example: ORACLE_INSTANCEconfigOHSohs_namemoduleconfmod_osso.conf Location protected-resource-uri require valid-user AuthType Basic Location 2. Ensure that osso.conf is present and included in mod_osso.conf. For example, using Oracle HTTP Server 11g paths are different for 10g OssoConfigFile ORACLE_INSTANCEconfigOHSohs_nameossoosso.conf 3. Ensure that httpd.conf includes mod_osso.conf. For example, using Oracle HTTP Server 11g paths are different for 10g: ORACLE_INSTANCEconfigOHSohs_namehttpd.conf include ORACLE_INSTANCEconfigOHSohs_namemoduleconfmod_osso.conf 4. If all of the above were correctly specified, the SSO registration did not complete successfully and you must re-register SSO. To register SSO, proceed as follows using the appropriate ssoreg tool for your platform. For example: a. Run ssoreg.sh in 10.1.4 ORACLE_HOMEssobin to produce the file osso.conf. The following is a sample usage of this utility that produces the file in tmposso.conf the arguments are displayed in different lines only for illustration: ssoreg.sh -oracle_home_path OraHome -site_name wls_server -config_mod_osso TRUE -mod_osso_url http:host.domain.com:6666 -update_mode CREATE -remote_midtier -config_file tmposso.conf b. Copy the generated osso.confto another file system directory. For example: ORACLE_INSTANCEconfigOHSohs_nameosso. c. Restart OHS. Note: There is no set location for osso.conf. The value is determined at registration time; it can be any absolute path.