Oracle Access Manager and Weblogic Portal integration.

This post will bring out the key points involved in the integration between Weblogic Portal and Oracle Access Manager using SSPI Connector.

Major Products involved:

1. Weblogic Portal 10.3.0

2. OAM

3. SSPI Connector

Key Points:

1. Create portaldmin user in OAM (as in user store) and assign Admin rights.

2. Create group BEA_Administrators and assign portaladmin user a member of that group.

3. Create NetPointRealm using the command as shown below.

./ portal

4. The param “portal” provided in the above command is essential to create realm necessary for Weblogic portal with specific providers.

5. Ensure to add the p13DataSource in the SQLAuthenticator DataSource field. This makes the users weblogic and portaladmin which are part of myrealm to be available in NetPointRealm. Mark SQLAuthenticator as REQUIRED and OblixAuthenticator as OPTIONAL followed by a weblogic server restart.

6. You should be able to see the group BEA_Administrators in the NetpointRealm Users and Groups column. Copy the group name (eg., cn:EBEA_Administrators:Cdc:Eus:Cdc:Eoracle::Cdc:Ecom).

7. Goto the location, NetpointRealm -> Roles and Policies -> Global Roles -> Roles.

8. Goto the Admin Role and add the conditions to include BEA_Administrators.

9. Goto the PortalSystemAdministrator Role and add the conditions to include BEA_Administrators.

10. Delete the SQLAuthenticator and mark OblixAuthenticator as REQUIRED. SQLAuthenticator is no longer needed as weblogic and portaladmin users are part of OblixAuthenticator.

11. Now login as OAM user to the weblogic portal server.

Note: Follow the key steps 12 & 13 of section 10.5.9 Preparing the WebLogic Environment in the SSPI integration guide .

Contact me if you have any queries.

Share This Post with Your Friends over Social Media!

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog:

Leave a Comment:

OAMUSer says August 9, 2010

I have done exact same steps, but when I try to boot the portal server, it errors out saying user
“portaladmin” is not allowed to boot the server.
As it seems user portaladmin is being authenticated by OAM correctly. Any help would be greatly appreciated.

Mahendra says August 10, 2010


Please check if portaladmin is part of OAM user store.

If not, create portaladmin user and proceed


OAMuser says August 10, 2010

Hi Mahendra,

Thanks for the reply. As i mentioned portaladmin is being authenticated by OAM, shouldn’t it imply that user portaladmin exists in OAM?

Anyway, user portaladmin was created in OAM and was added to BEA_Administrators group, and this group was added for “admin” “portal system administrator” roles in weblogic.

Atul Kumar says August 10, 2010

@ OAMUser,

Try this

Create group (BEA_Administrators) in ldap repository of OAM and add user portaladmin (in LDAP store) to BEA_Administrators (in LDAP Store) .

Here is LDAP store is userstore for OAM.

Are you following Oracle’s Standard document to integrate OAM with Weblogic Portal (update Oracle link you are following) ?

or update version of WebLogic Portal & OAM server

Mahendra says August 11, 2010


FYI, even if you are using WLP 10.3.0 and above, you must use ./ portal for creating realm.

As Atul mentioned, please give the document you are following and version of components being used.

Add Your Reply