· Mod_plsql
Configuring the plsql module for certificate-based authentication entails adding environment variables to the database access descriptor (DAD) for the Single Sign-On server. To add these variables, navigate to the DAD configuration file, using the following path:
IAS_HOME/Apache/modplsql/conf/dads.conf
When configured properly, the relevant section of the dads.conf file looks
something like this:
<IfModule mod_plsql.c>
<Location /pls/orasso>
SetHandler pls_handler
Order deny,allow
PlsqlDatabaseConnectString host
ort:database_sid
PlsqlDatabasePassword orasso
PlsqlDatabaseUsername orasso
PlsqlDefaultPage orasso.home
PlsqlDocumentTablename orasso.wwdoc_document
PlsqlDocumentPath docs
PlsqlDocumentProcedure orasso.wwdoc_process.process_download
PlsqlEnableConnectionPooling On
PlsqlAuthenticationMode SingleSignOn
PlsqlPathAlias url
PlsqlPathAliasProcedure orasso.wwpth_api_alias.process_download
PlsqlSessionCookieName orasso
PlsqlCGIEnvironmentList SSL_CLIENT_S_DN_CN,SSL_CLIENT_S_DN_O,SSL_CLIENT_S_DN, SSL_CLIENT_CERT
</Location>
<IfDefine SSL>
<Location /pls>
SSLOptions +ExportCertData +StdEnvVars
</Location>
</IfDefine>
· Single Sign-On Server
To enable the SSO server for SSL, all references to HTTP in SSO URLs must be changed to HTTPS. The script ssocfg.sh is provided for this purpose. To run ssocfg.sh:
1. Go to the directory that contains the script. The path is as follows:
IAS_HOME/sso/bin
2. Enter the command, using the following syntax:
ssocfg.sh protocol host port [sso_schema_name]
In this case, protocol is https. (To change back to HTTP, use http.) The parameter new_host is the host name of the HTTP listener for the Single Sign-On server. You can either assign a new host name or use an existing one. The parameter new_port is the port number of the listener, and sso_schema_name is the name of the SSO schema. The default schema name is orasso. This last parameter is optional. Here is an example:
ssocfg.sh https login.acme.com 443
Port 443 is the default port number for single sign-on over SSL.
