Leave a Comment:
25 comments
Hi Mahendra,
I have a query in OAM. Will it be possible to populate the fields in the self registration page, before the self registration page gets loaded.
Reply@ Bharathi,
You mean some default values to few fieolds ? Yes this is possible. Could you please elaborate which attribute (field) you wish to populate in self registration screen.
Are you using default self registration page or creating your own page and using IdentityAPI for self registration ?
ReplyThanks for the reply. I am using the default self reg page.
I need to populate dynamic values in the fields for role. Actually the requirement is like, the end user will recieve the self registration link to his mail. When the user clicks on the link the user should be redirected to the self reg page and the role related fields should be populated.
ReplyHi Bharathi,
If I understood your scenario correctly, you want to pre-populate some fields based on their Role ? If so, the user doing the self registration is a new user and has no Roles defined in the system already. If you are talking about some fields pre-populate by default, YES, you can do this. As Atul said, you will be achieving the Self Registration using Identity XML API. So, when you use the API to construct the Self Registration page with various fields, you can play with the code as per your wish to pre-populate the fields.
Does this answer your question?
ReplyWill it not be possible to invoke the code using the ppp type = “pre” in the oblixpppcatalog.lst file. I am trying to do in this way actually.
ReplyHi Bharathi,
Can you please elaborate what exact code are you invoking and which attributes do you want to pre-populate?
Thanks,
Mahendra.
For example, if i want to populate a default role “employee” for all the user who are getting registered using the self registration procedure. How can populate that value when the self reg page gets loaded and the user should not be able to change that field.
ReplyHi Mahendra
Can you attach the architecture diagram please?? I have many questions about your scheme of integration.
May be if i see the diagram i would resolve my questions.
What type of SSM it was used to integrate??, is it a WLS_SSM?? or you was used another type of SSM??
What information
ReplyHi Edward,
I dont have architecture diagram as of now. I have used WLS_SSM. Please shoot with your questions.
-Mahendra.
ReplyHi Mahendra
If not there is an architecture diagram, let me explain my case.
I’m try to do an integration between OAM and OES to secure an a java application, i have installed:
Weblogic 10.3 (server1)
OAM 10.1.4.3 (server2)
OES 10.1.4.3 (server3)
OID (LDAP) (server4)
Now, what configuration i need to do in the access manager??
What information is necesary populate in the provider specific of OAM identity asserter.
The LDAP Authenticator works with the OID or is necessary configure an OID authenticator??.
What information is necesary in the provider specific of LDAP??
Is necesary install another type of SSM or only the WLS SSM is sufficient??
Thanks
ReplyHi Edward,
Sorry for late response.
You can either protect your java app using Java SSM or WLS SSM. I dont have much exposure in Java SSM, so I would deploy java app in WLS.
You can follow the below approach.
1. Install WLS SSM and configure it.
2. Ensure that application is being protected by OES.
3. Create OID Authenticator in WLS realm and make java app authenticate against OID users.
4. Do the OAM WebLogic server integration. Since this is OAM 10.1.4.3, you may copy the oamAuthnProvider.jar available with OAM downloads into WLS server directory. A seperate post is written for this integration and you can follow that.
5. Ensure to have OAM Identity Asserter created in WLS realm.
6. Use a proxy server infront of WLS required for SSO.
7.Test the application and it should authenticate & page level atz against OAM and fine grained atz against OES.
Let me know if you have any questions.
ReplyHi Mahendra
Thank for your answer
I installed and configured the WLS SSM, I ensure the java app.
But the OID Authenticator does not appear in the list box when i try to create a new provider.
Is there any jar file to enable the OID Authenticator??.
Maybe, am i missing some type of configuration?, I need to do a previous configuration with the OID or the OAM?
Thanks
ReplyHi Edward,
The OIDAUthenticator is present from WLS 10.3.1 onwards. So you may use LDAPAuthenticator and provide OID configurations.
M
ReplyHi Mahendra
I have a question about the OES configuration.
I need to use the OID user’s to secure the java app, but, i don’t know how i can integrate the OID and OES to create new policies based on OID user’s.
Is necesary create a new authorization provider in OES asi console??
ReplyHi Edward,
All you need to do is to create LDAP Authentication in the Authenticator section of asi console. You should provide OID details there.
Goto eui console, and create Groups or users for your specific java app. Ideally we would create groups instead of users as the user count will be huge.
Please note that the group name should be same as it is in OID. It automatically maps the OID groups to the OES groups you created and will authorize the users.
Now, you can play with the java app by specifying authorization/Role policies assigned to specific Group created in OES.
Hope this helps.
Mahendra.
ReplyHi Mahendra
What type of LDAP, i need to create?, I review my asi console and only appears the next options:
Configure a new WebLogic Authenticator
Configure a new Open LDAPAuthenticator
Configure a new Database Authenticator
Configure a new iPlanet Authenticator
Configure a new Novell Authenticator
Configure a new ASIDirectory Resolver
Configure a new Active Directory Authenticator
Configure a new ALESIdentity Asserter
Configure a new Single Pass Negotiate Identity Asserter
Configure a new FGACIdentity Asserter
Configure a new SAML Identity Asserter
Configure a new X509 Identity Asserter
I’m not sure if OPEN LDAP is the correct option because i don’t know if OPEN LDAP is the Sun LDAP or is for any LDAP.
Regards
ReplyHi Edward,
I think there must be LDAP Authenticator available.
Open LDAP may not be the right one for your SUN LDAP.
Hi Mahendra,
We need to set up the integration between Oracle Access Manager and Oracle Entitlements Server but we are not using Weblogic.
The applications we are securing are deployed in WebSphere Application Server.
We need to know how OES can authenticate an user already authenticated in OAM. Is there any way OES can use the ObSSOCookie to assert the identity of the user who is trying to access a resource in an application protected by OES (Autorization) and OAM (Authentication)?
Thanks in advance.
ReplyHi Mahendra
I’m not using SUN LDAP, i’m using OID.
When i access to ASI Console -> Administration console-> Security configuration-> Service Control Manager-> “appSCM” -> Authentication
Only appears the next options:
Configure a new WebLogic Authenticator
Configure a new Open LDAPAuthenticator
Configure a new Database Authenticator
Configure a new iPlanet Authenticator
Configure a new Novell Authenticator
Configure a new ASIDirectory Resolver
Configure a new Active Directory Authenticator
Configure a new ALESIdentity Asserter
Configure a new Single Pass Negotiate Identity Asserter
Configure a new FGACIdentity Asserter
Configure a new SAML Identity Asserter
Configure a new X509 Identity Asserter
What authenticator is the right option for connect the OES with OID LDAP to map the groups or users created in OID to configurate policy rules?
Once created the LDAP authenticator is it possible to see groups and users in the OES eui console automatically?
Thanks in advance.
Reply@Edward,
I think there must be an LDAP Authenticator available. However, you can try with open LDAP Authenticator, though it is not right option to select.
Please get back to me in case of any issues.
@Morion,
First of all, you would need to install SSM on WebSphere (not sure if its certified).
Later, get the authentication and authorization working with OES alone for the applications deployed on WebSphere.
If you are using OAM 10.1.4.3, oamidentityasserter jar file is provided OOTB (not sure if its applicable for WebSphere). So, you can copy that jar file websphere directory. Put a proxy server infront and protect the websphere application in OAM.
When you access the application, OAM authenticates the user and OES authorizes the user. Though I have not tested the WebSphere stuff yet, this is my understanding of how the integration works.
Reply@Edward
Use iPlanet if you are using Sun or Oracle Identity Directories. Sun had acquired it long time from Netscape and they haven’t bothered to change it.
Hi Mahendra,
i would like to integrate OES, OAM to protect JBoss applications. Could you please let me know the procedure and configurations..
thanks,
Hema
Hi Mahendra
I have a problem with my weblogic protected by OES,
I have intalled a weblogic 10.3.2 and a WLS-SSM 10.3.4.1 + CP4.
When i try to create a new attribute of the an attribute retriever in the weblogic console, the screen of the weblogic console send a error message:
2010-11-23 11:05:57,497 [[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] ERROR com.bea.retrievers.action.utils.BaseActionUtils –
java.lang.NullPointerException
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:205)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1032_WLStub.getAttribute(Unknown Source)
at
To reproduce the error in the weblogic console navigate to:
home>Summary of Security Realms >”oes_realm” >ASIAuthorizationProvider > Attributes (TAB)
Previously i created an attribute and works fine but when i try to modify or create a new attribute the screen sends an error.
Do you have had a similar problem?, do you have any recomendations? or do you have any idea about this?.
Regards
Reply