Form Authentication Active Directory Containers' title='Form Authentication Active Directory Containers' />Form Authentication Active Directory Container Vs OuIntegrating with Microsoft Active Directory.This section describes the system requirements and tasks for configuring Windows Native Authentication.It contains these topics 1.What are the System Requirements for Windows Native Authentication Windows Native Authentication is intended for intranet Web applications.Your intranet deployment must include the following Windows 2.Microsoft Active Directory.Kerberos service account established for Oracle.AS Single Sign On Server.Oracle Application Server 1.Release 1 1.Note Although the sample configurations in this section are for UNIXLinux, Oracle Fusion Middleware can also be installed on Microsoft Windows.Oracle.AS Single Sign On Server middle tier configured to use a Kerberos realm.Learn about Azure Active Directory, a powerful identity and access management service IDaaS for onpremises and cloudbased apps.Synchronization of Microsoft Active Directory with the Oracle back end directory.The Oracle back end directory configured to use the Windows external authentication plug in Note Your back end directorymust be Oracle Internet Directory to use the external authentication plug in.Form Authentication Active Directory Container' title='Form Authentication Active Directory Container' />If your back end directory is either Oracle Unified Directory or Oracle Directory Server Enterprise Edition, the external authentication plug in is not supported.Avoiding HTTP 4.Errors and Repeat Login Challenges for External Users.If only one Single Sign On SSO server is configured, you cannot avoid the HTTP 4.SSO server that is configured for Windows Native Authentication WNA for a website that can be accessed both internally by users who are Windows authenticated and also externally by users who are not in a Windows domain.QzKwU4L8tQ/SSfMC__okKI/AAAAAAAAAEY/NY4lrwEERkA/s400/12.JPG' alt='Form Authentication Active Directory Container' title='Form Authentication Active Directory Container' />If you are planning to use Windows Native Authentication, consider using a configuration comprised of two SSO servers, each with different IP addresses, to avoid HTTP 4.See Also Refer to Note 4.My Oracle Support formerly Meta.Link for more information.You can access My Oracle Support at http metalink.Configuring Windows Native Authentication with a Single Microsoft Active Directory Domain.To set up Windows Native Authentication, configure the Oracle back end directory, the Oracle.AS Single Sign On Server, and the users browser by performing the following tasks in the order listed.Task 1 Configure the Oracle.AS Single Sign On Server.To configure the single sign on server, complete the tasks described in these topics Set Up a Kerberos Service Account for the Oracle.AS Single Sign On Server.Create a service account for the Oracle.AS Single Sign On Server in Microsoft Active Directory, then create a keytab file for the server, and map the service principal the server to the account name.The keytab file stores the servers secret key.This file enables the server to authenticate to the KDC.The service principal is the entity, in this case, the single sign on server, to which the KDC grants session tickets.Synchronize system clocks.Blue Man Group Rapidshare Download Free .The Oracle. AS Single Sign On Server middle tier and the Windows 2.If you omit this step, then authentication fails because there is a difference in the system time.Be sure the time, the date, and the time zones are synchronized.Check the port number of the Kerberos server on the Microsoft Active Directory host.The port where the Kerberos server listens is selected from etcservices by default.On Windows systems, the services file is found at systemdrive WINNTsystem.The service name is Kerberos.Typically the port is set to 8.Windows 2.When added correctly to the services file, the entries for these port numbers are.Kerberos key server.Kerberos key server.In the hosts file located in the same directory as the services file, check the entry for the single sign on middle tier.The fully qualified host name, which refers to the physical host name of the Oracle Application Server Single Sign On server, must appear after the IP address and before the short name.The following is an example of a correct entry.My. Pc Activity Monitor 6 5 1 Keygen Music . Company. com sso loghost.Perform the following tasks to create a user account and keytab file in Microsoft Active Directory that will be used by the logical Oracle Application Server Single Sign On host Log in to the Microsoft Active Directory Management tool on the Windows 2.Users, then New, then user.Enter the name of the Oracle.AS Single Sign On Server host, omitting the domain name.For example, if the host name is sso.My.Company. com, then enter sso.This is the account name in Microsoft Active Directory.Note the password that you assigned to the account.You will need it later.Do not select User must change password at next logon.Create a keytab file for the Oracle.AS Single Sign On Server, and map the account name to the service principal name.You perform both tasks by running the following command on the Windows 2.C Ktpass princ HTTPsso.My.Company. comMy.Company.The princ argument is the service principal.Specify the value for this argument by using the format HTTPsinglesign onhostnameKERBEROSREALMNAME.Note that HTTP and the Kerberos realm must be uppercase.Note that singlesign onhostname can be either the Oracle.AS Single Sign On Server host itself or the name of a load balancer where multiple Oracle.AS Single Sign On Server middle tiers are deployed.My.Company. com is a fictitious Kerberos realm in Microsoft Active Directory.The user container is located within this realm.The pass argument is the account password, the mapuser argument is the account name of the Oracle.AS Single Sign On Server middle tier, and the out argument is the output file that stores the service key.Be sure to replace the example values given with values suitable for your installation.These values appear in boldface in the example.Note If the Ktpass is not found on your computer, then download the Windows Resource Kit from Microsoft to obtain the utility.The default encryption type for Microsoft Kerberos tickets is RC4 HMAC.Microsoft also supports DES CBC and DES CBC MD5, two DES variants used in MIT compliant implementations.Ktpass converts the key type of the KDC account from RC4HMAC to DES.For each Oracle Application Server Single Sign On host, copy or FTP the keytab file, sso.Oracle.AS Single Sign On Server middle tier, placing it in ORACLEHOMEj.OC4.JSECURITYconfig.If you use FTP, be sure to transfer the file in binary mode.Be sure to give the Web server a unique identifier UID on the Oracle.AS Single Sign On Server middle tier and to grant read permission for the file.Update the krb.File. You must update the krb.Windows with the following information.If you do not update the krb.Windows Native Authentication in Oracle.AS Single Sign On Server.Update the krb.The default realm of the Active Directory, for example AD.UK.ORACLE. COMThe hostname of the server where Active Directory resides, for example active.The hostname of the server where Oracle.AS Single Sign On Server resides, for example sso.For example, replace the marked up text in the following text with the relevant default realm and KDC hostname, that is, the server where Active Directory resides Note The krb.AD.UK. ORACLE. COM.AD.UK. ORACLE. COM.AD.UK. ORACLE. COMRun the Oracle.AS Single Sign On Server Configuration Assistant on each Oracle Application Server Single Sign On Host Running the ossoca.Configures the Oracle Application Server Single Sign On server to use the Sun JAAS login module.Configures the server as a secured application.To run the ossoca.Oracle.AS Single Sign On Server middle tier Back up the following configuration files ORACLEHOMEssoconfpolicy.ORACLEHOMEj.OC4.JSECURITYconfigjazn.ORACLEHOMEopmnconfopmn.ORACLEHOMEj.OC4.JSECURITYconfigjazn data.ORACLEHOMEj.OC4.JSECURITYapplicationsssowebWEB INFweb.ORACLEHOMEj.OC4.JSECURITYapplication deploymentsssoorion application.Run the ossoca.UNIXLinux.ORACLEHOMEssobinssoca.ORACLEHOME.ADREALM.ORACLEHOMEjdkbinjava jar ORACLEHOMEssolibossoca.ORACLEHOME.ADREALM.ADREALM is the Kerberos realm in Microsoft Active Directory.This is the user container.Note from the syntax that this value must be entered in uppercase.The default port number for the KDC is usually 8.To confirm this, see step 2 in the section Set Up a Kerberos Service Account for the Oracle.AS Single Sign On Server.Step 2 shuts down the Oracle.AS Single Sign On Server.Restart it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |