To edit virtual directory time-out and security settings:
Open Internet Information Services.
Expand the IIS hierarchy as necessary, right-click the adaws virtual directory, and select Properties.
In the Properties dialog box, click Configuration.
In the Application Configuration dialog box, click the Options tab. The ASP Script timeout can be left at the default of 90 seconds.
The Session timeout should be set to the same value as the timeout value specified in the web.config file. See Editing the Web.config File for more information.
For synchronizations of large user directories, a timeout between 120 and 240 minutes is recommended.
Return to the Properties dialog box and click the Directory Security tab to edit anonymous access and authentication control. The account used for anonymous access can be either a local or domain user, but in most circumstances the local user IUSR is recommended.
When you are done, close the Properties dialog box.
Windows Installation Directory Settings
The Windows installation directory settings are located in <install_dir>\ptadaws\10.3.0\webapp\adaws (for example, C:\bea\alui\ptadaws\10.3.0\webapp\adaws).
The following security settings are the minimum requirements needed for Oracle WebCenter Interaction Identity Service for Active Directory and logging to work correctly:
The local ASPNET user must have Full Control rights. Allow ASPNET and the SYSTEM group Full Control rights on the folder.
The account used for anonymous access, described in IIS Virtual Directory Settings, must have Read and Execute, List Folder Contents, and Read rights on the folder. Whether this is a domain user or the local IUSR user, this account will be a member of the Authenticated Users group. Allow Authenticated Users these rights on the folder.
Administrators will want to be able to view and modify the content of the folder, so allow the Administrators group Full Control rights on the folder.
Registering the Oracle WebCenter Interaction Identity Service for Active Directory in the Portal
After completing installation, you must register the Oracle WebCenter Interaction Identity Service for Active Directory in the portal. To register the Oracle WebCenter Interaction Identity Service for Active Directory in the portal, perform the following steps:
To import the Oracle WebCenter Interaction Identity Service for Active Directory migration package (pte) into the portal:
Log on to the portal as a user with administrative rights.
Click Administration.
In the Select Utility menu, click Migration-Import.
On the Package Settings page, leave File Path selected and click Browse to locate the pte file (for example, C:\bea\alui\ptadaws\10.3.0\serverpackages\IdentityService-ActiveDirectory.pte).
Click Load Package.
Click Finish.
New portal objects are imported into the Active Directory folder.
Create a Remote Authentication Source
After importing the pte file, you must create an authentication source:
In the Administrative Object Directory, open the Active Directory folder.
In the Create Object menu, click Authentication Source - Remote.
In the Choose Web Service dialog box, select Active Directory (the Web service created during import), and click OK.
On the Remote Active Directory Agent Configuration page, fill out the information specific to your Active Directory server. For more information, refer to online help.
Create a job to run your authentication source:
Open an administrative folder.
In the Create Object menu, click Job.
Complete the Job Editor. For more information, refer to online help.
Create a Remote Profile Source
After importing the pte file and creating a remote authentication source, you must create a remote profile source:
In the Administrative Object Directory, open the Active Directory folder.
In the Create Object menu, click Profile Source - Remote.
In the Choose Web Service dialog box, select Active Directory (2) (the Web service created during import), and click OK.
On the Remote Active Directory Configuration page, fill out the information specific to your Active Directory server. For more information, refer to online help.
Create a job to run your profile source:
Open an administrative folder.
In the Create Object menu, click Job.
Complete the Job Editor. For more information, refer to online help.