Setup Procedure
You set up SSO in the mod_osso.conf file.
To set up SSO:
- Modify the application server configuration file to protect the xmlpserver. See Securing Applications with Oracle Platform Security Services.
- In the mod_osso.conf add a new "Location" directive as follows:
<!-- Protect xmlpserver --> <Location /xmlpserver> require valid-user AuthType Basic </Location> - To allow Web service communication between Publisher and its client component (the Template Builder) you must make additional modifications to the mod_osso.conf file. To open up the xmlpserver to allow these Web services, enter the following directives:
<Location /xmlpserver/services/> require valid-user AuthType Basic Allow from All Satisfy any </Location> <Location /xmlpserver/report_service/> require valid-user AuthType Basic Allow from All Satisfy any </Location> Location /xmlpserver/ReportTemplateService.xls/> require valid-user AuthType Basic Allow from All Satisfy any </Location> - For integration with Oracle BI Presentation Services, you must disable SSO for Web services between the BI Presentation Services server and the Publisher. If you made this entry when performing the previous step, then you do not need to repeat this setup.
To open up the xmlpserver to allow the Web service, enter the following directive in the mod_osso.conf file:
<Location /xmlpserver/services/> require valid-user AuthType Basic Allow from All Satisfy any </Location>A sample mod_osso.conf file with the entries discussed in this section is shown below:
LoadModule osso_module libexec/mod_osso.so <IfModule mod_osso.c> OssoIpCheck off OssoIdleTimeout off OssoConfigFile /home/as1013/ohome/Apache/Apache/conf/osso/osso.conf <Location /xmlpserver> require valid-user AuthType Basic </Location> <Location /xmlpserver/services/> require valid-user AuthType Basic Allow from All Satisfy any </Location> <Location /xmlpserver/report_service/> require valid-user AuthType Basic Allow from All Satisfy any </Location> Location /xmlpserver/ReportTemplateService.xls/> require valid-user AuthType Basic Allow from All Satisfy any </Location> <Location /xmlpserver/Guest/> require valid-user AuthType Basic Allow from All Satisfy any </Location> # # Insert Protected Resources: (see Notes below for how to protect resources) # #______- # # Notes # #______- # # 1. Here's what you need to add to protect a resource, # e.g. <ApacheServerRoot>/htdocs/private: # # <Location /private> # require valid-user # AuthType Basic # </Location> # </IfModule> # # If you would like to have short hostnames redirected to # fully qualified hostnames to allow clients that need # authentication through mod_osso to be able to enter short # hostnames into their browsers uncomment out the following # lines # #PerlModule Apache::ShortHostnameRedirect #PerlHeaderParserHandler Apache::ShortHostnameRedirect - Restart the HTTP server.
- In Publisher, set up the Single Sign-Off URL on the Publisher Security Configuration page.
On the Administration page, click Security Configuration. In the Authentication region:
-
Select Use Single Sign-On.
-
From the Single Sign-On Type list, select Oracle Single Sign On.
-
Enter the Single Sign-Off URL with the value you wrote down in the preceding step. The remaining fields are not applicable to Oracle SSO.
-
- Create a Publisher Local Superuser to ensure access to Publisher regardless of your selected security configuration. See Enable a Local Superuser for more information.
- Click Apply.
- Restart the application through the Oracle Fusion Middleware Control page.
- Enter the URL to access the Publisher application, and you're redirected to the SSO login page.