OAM– Oracle Access Manager is recommended Single Sign-On solution for Fusion Middleware products (SOA, WebCenter, OSB, UCM ….)
ObSSOCookie – is cookie generated by OAM for users authenticated via OAM.
What is Authentication Provider in WebLogic Server ?
WebLogic Server includes numerous Authentication security providers: given a username and password credential pair, the provider attempts to find a corresponding user in the provider’s data store (LDAP, Database or other data store). In addition to these username/password based security providers, WebLogic Server includes identity assertion Authentication providers, which use certificates or security tokens, rather than username/password pairs, as credentials.
More on authentication providers in WebLogic server here . For steps on how to configure Authentication Providers in WebLogic Server check Configure Authentication and Identity Assertion providers in Administration Console Online Help for weblogic here
- To configure OID (Oracle Internet Directory) as Authentication Provider in WebLogic click here
OAM Authentication Provider for WebLogic
Oracle Access Manager Authentication Provider (oamAuthnProvider.jar – part of OAM 10.1.4.3) provides two features/functions (“Identity Assertion for Single Sign-On” and “Authenticator“) which can be integrated with WebLogic Server.
a) OAM Identity Assertion for Single Sign-On – This authentication provider in WebLogic Server, uses OAM authentication service and also validate already-authenticated (users with ObSSOCookie) users and creates a WebLogic-authenticated session. This function (OAM Identity Assertion) also provides single sign-on between WebGates and portals (webcenter, soa…)
b) OAM Authenticator – This authentication provider in WebLogic Server, uses OAM authentication service to authenticate users who access applications deployed in WebLogic Server.
- If you have Oracle Fusion Middleware 11g of type WebCenter, SOA or Identity Management then “OAM Identity Assertion for Single Sign-On” and “OAM authenticator” should already be available in your weblogic authentication providers.
- If you have standalone weblogic server (NO – SOA, WebCenter or Identity Management) then you can get these two providers (“OAM Identity Assertion for Single Sign-On” and “OAM authenticator“) by downloading oamAuthnProvider.jar from OTN (Oracle Technology Network)
a) oamAuthnProvider.jar: Includes files for both the Oracle Access Manager Identity Asserter for single sign-on and the Authenticator for Oracle WebLogic Server 10.3.1
b) oamauthenticationprovider.war: (optional component) Restricts the list of providers that you see in the Oracle WebLogic Server Console to only those needed for use with Oracle Access Manager. (This application is required “only if” you wish to restrict weblogic console to see only two authentication provider in weblogic)
c) oamcfgtool.jar: (optional component) – is script that automates creation of the Oracle Access Manager form-based authentication scheme, policy domain, access policies, and WebGate profile for the Identity Asserter for single sign-on. For more information on oamcfgtool.jar click here – You can configure all steps (as done by oamcfgtool.jar) manually too.
More on OAM Identity Assertion for Single Sign-On & OAM Authenticator coming soon.
Related Posts for Learn WebLogic with Us
- Oracle WebLogic Installation Steps
- Domain , Administration & Managed Server, Cluster in Oracle WebLogic
- Create Domain in Oracle WebLogic
- Oracle WebLogic Server – Startup/Shutdown
- Oracle WebLogic Server 10g R3 10.3 is out now
- Deploy Application on Oracle WebLogic Server
- Cluster Architecture : Oracle WebLogic Server
- Start WebLogic Server on Linux on port 80, 443 <= 1024
- JDBC (Java DataBase Connectivity ) in Oracle WebLogic – Overview
- WebLogic Server JDBC for Database connection : Step by Step
- Security in Oracle WebLogic : Realm, Security Provider, Authentication, Authorization, Users
- Deploy ADF application to Oracle WebLogic Server
- Node Manager in Oracle WebLogic Server
- Configure Oracle HTTP Server infront of Oracle WebLogic Server mod_wl_ohs
- How to install weblogic server on 64 bit O.S. (Linux /Solaris) ?
- Oracle WebLogic Login Issue : Password is not correct (Password Lock Policy)
- Oracle WebLogic Server : Node Manager in nutshell
- Certification : 1Z0-108 Oracle WebLogic Server 10g System Administrator Certified Expert
- How to integrate WebLogic with Oracle Internet Directory for Login : Authentication
- opatch, adpatch and now “smart update” (BSU) to apply weblogic patches
- Disater Recovery documentation for Oracle WebLogic Server 11g (Fusion Middleware)
- Authentication Providers in #WebLogic – Oracle Access Manager Identity Assertion for Single Sign-On and OAM Authenticator
- Error while starting WebLogic Server : java.lang.NumberFormatException: null
- #WebLogic startup prompting from username password : boot.properties
- BEA-000286 : Failed to invoke startup class “JRF Startup Class” oracle.jrf.wls.JRFStartup
- WebLogic Kerberos (SSO) Authentication Issue : Error 401 Forbidden : No Configuration was registered that can handle the configuration named com. sun. security. jgss. krb5. accept
- How to reset Lost Oracle WebLogic Password for Fusion Middleware Applications
- Oracle WebLogic Server Certification : 1Z0-108 Practice Question and Dumps
- WebLogic Startup fails with Unable to obtain lock on Server may already be running
- Oracle Weblogic 12c Launch : Attend online on 1 Dec 2011
- Oracle WebLogic 12c (12.1.1) is now available to download
- How to Install WebLogic 12C (12.1.1) on Mac
- Oracle #WebLogic Server 12c : SE vs EE vs Suite License Options
- SSL in WebLogic (CA, KeyStore, Identity & Trust Store) : Things you must know – Part I
- SSL in WebLogic Server – Part II : Create KeyStore, generate CSR, Import CERT and configure KeyStore with WebLogic
- WebLogic Admin Server Start-up hanging at “Initializing self-tuning thread pool”
- Error in WebLogic Clustering : socket MaxMessage Size Exceeded Exception
- Changed or New Features in WebLogic 12.1.2
- WebLogic SSL configuration : Inconsistent security configuration Cannot convert identity certificate
- Dynamic Cluster in WebLogic 12.1.2 : New Features in WebLogic 12c
- Identity Propagation between two WebLogic Domains : Cross Domain Security VS Global Trust
- WebLogic Admin Server Start Up hangs at ‘Log Management’ BEA-170019 IIOP subsystem enabled
- Security:090294 could not get connection javax. net. ssl. SSLKeyException FATAL Alert BAD_CERTIFICATE – A corrupt or unuseable certificate was received
- WLST connecting to WebLogic Admin Server failed : Bootstrap to [IP:Port] failed. It is likely that the remote side declared peer gone on this JVM