Manualshelf

Technical data

ManualsBrandsU-Line ManualsKitchen AppliancesB12115
31323334353637383940
Multiple Single Sign-On Middle Tiers with One Oracle Internet Directory
Configuring Single Sign-On in an Enterprise Deployment Topology 3-5
Configure the HTTP load balancer
The HTTP load balancer used can be hardware such as BigIP, Alteon, or Local Director
or software such as Oracle Application Server Web Cache.
Hardware Load Balancer
If you are using a hardware load balancer, configure one pool of real servers with
the addresses 138.1.34.172 and 138.1.34.173. Configure one virtual server with the
address 138.1.34.234. This virtual server is the external interface of the load
balancer. For instructions, consult the documentation provided by your load
balancer vendor.
Software Load Balancer
If you are using Oracle Application Server Web Cache to load balance connection
requests, see both of the following links:
"Routing Single Sign-On Server Requests" and "Leveraging Oracle Identity
Management Infrastructure" in Oracle Application Server Web Cache
Administrator’s Guide.
Configure the identity management infrastructure database
Run the script ssocfg on one of the single sign-on middle tiers. This script configures
the single sign-on server to accept authentication requests from the externally
published address of the single sign-on server. Using the example provided, the script
would be executed in the following way:
UNIX:
$ORACLE_HOME/sso/bin/ssocfg.sh http sso.mydomain.com 80
Windows NT/2000:
%ORACLE_HOME%\sso\bin\ssocfg.bat http sso.mydomain.com 80
Note that the command example provides the listener protocol, host name, and port
number of the load balancer as arguments. Recall that the load balancer address is the
externally published address of the single sign-on server. If the load balancer is
configured to use SSL, replace non-SSL port 80 with SSL port 443 and http with
https.
After executing ssocfg, restart the single sign-on middle tiers:
$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
Finally, test the application:
http://sso.mydomain.com/pls/orasso
Reregister mod_osso on the single sign-on middle tiers
On both middle tier machines, reregister mod_osso as the partner application
sso.mydomain.com.
To reregister mod_osso on sso1.mydomain.com:
1. On the computer sso1.mydomain.com, log in to the single sign-on administration
pages as the single sign-on administrator. Be sure to log in to
http://sso.mydomain.com/pls/orasso.
Note: For optimal performance, use a hardware load balancer.