Hi all,

As you might have observed that the integration between Oracle Access Manager and WebLogic server varies with different versions of Oracle Access Manager and hence it’s architecture varies.

So I would like to give a brief on how the architecture looks like and what are the components needed for this integration.

Until OAM 10.1.4.2, the connector used between OAM and WebLogic is the SSPI and is available for download seperately. It is evident that SSPI Connector configuration is not very easy to get it working as customers will end up with running into lot of issues with access privileges or weblogic startup etc., . However there is no difference in components used for this integration in both WebLogic versions except the separate SSPI Connector. You would need a proxy infront of WebLogic if you want to achieve Single Sign-On and just an access gate if you want to authenticate to the WebLogic as an OAM user. If you are just looking for authentication only, you dont need a webgate for proxying. From architecture perspective, you will need a Connector (installed explicitly) sitting inside the WebLogic server.  The working authentication schemes are Basic and Form.

Moving to the new version, from OAM 10.1.4.3 onwards, the connector has been removed. Therefore the integration becomes very easy and so the architecture is.  Here, a jar file called oamAuthnProvider.jar (for OAM 10.1.4.3) has been introduced which acts as an alternative to SSPI connector. Internally, it contains classes to talk to WebLogic Server and OAM access server. This jar file has to be copied to lib directory of weblogic server for which we are attempting to do the integration. An Identity Asserter has to be created in the WebLogic server which listens to the ObSSOCookie. The recommended authentication scheme for WLS 10.3.1 is Form Login.

References:

Blog by Josh Bregman

OAM Documentation

Any comments/suggestions are highly appreciated.