Leave a Comment:
21 comments
[…] Oracle Access Manager 10.1.4.3 integration with WebLogic Server Posted in May 13th, 2010 byMahendra in idm, installation, integration, oam, sso, troubleshooting, weblogic Print This Post Until many people have asked me for the integration process and flow of Oracle Access Manager 10.1.4.3 (latest version) with WebLogic Server, it did not strike in my mind to do a write up on this. Anyway better late than never. Before we go into the integration process, check this. […]
Reply
Hi Mahendra, I have installed OAM 10.1.4.3 using OHS Standalone webserver. and I have WLS 10.3.2. I am trying to integrate OAM with WLS, but i did not find the oamAuthnProvider.jar with in OAM 10.1.4.3. Can you please let me know the location of the jar and also the procedure for integration.
Reply
Hi Bharathi,
You will find the jar file with the webgate installable. It will be ofm_oam_webgates_win_10.1.4.3.0_disk1_1of1.zip.
You can follow the post http://onlineappsdba.com/index.php/2010/05/13/oracle-access-manager-10143-integration-with-weblogic-server/ . This will be comprehensive enough.
Let me know if you face any issues.
Reply hi mahendra,
When I try to run the following command,
C:\Oracle\Middleware\jdk160_14_R27.6.5-32\bin>java -jar C:\oamAuthnProvider.jar mode=CREATE app_domain=SamplePolicy web_domain=WLS protected_uris=”/example/failure.jsp,/example/success.jsp” ldap_host=10.154.18.240 ldap_port=451 ldap_userdn=”cn=Directory Manager” ldap_userpassword=password oam_aaa_host=10.154.18.240 oam_aaa_port=6021
I am getting the error message – “Failed to load Main-Class manifest attribute from C:\oamAuthnProvider.jar”
Please help in resolving this error. I have my application in the WLS and I have made a reverse proxy for WLS and OHS Standalone WebServer and installed Webgate on this OHS. Please suggest the solution.
Reply Hi Bharathi,
Can you please tell me what you are trying to achieve?
Could you please explain the reason for executing the java with those params ?
If you are trying for SSO for apps deployed in WLS 10.3.1 or 10.3.2 using OAM 10.1.4.3. Then I would suggest you to go through this post http://onlineappsdba.com/index.php/2010/05/13/oracle-access-manager-10143-integration-with-weblogic-server/
You will be achieving this using Identity Asserter as explained in the post.
Also, the current configuration in your environment i.e., OHS as reverse proxy with webgate is correct.
So, what I guess you need to do is to configure the WLS realm with Identity Asserter and LDAP Authenticator.
Let me know if you have any issues.
HTH.
Mahendra.
Reply
@ Brarti,
It seems you are trying to use automatic method on FMW integration with OAM
You can do these steps manually as well , let me know which component (soa, webcenter or idm) you are trying to integrate with OAM and I’ll give you steps.
Do you have oamAuthnProvider.jar in c drive ? If yes from where did you get this jar file ?
Reply
Hi
i have to integrate OAM 10.1.4.3 with WebLogic 10 MP1.
I have to use SSPI or with auth provider ?
Reply The version of Oracle WebLogic is 10 MP1 64 bit, but on OAM certmatrix seem to be compatible only to 32 bit version of web logic . Is it correct ?
Reply
hi Mahendra,
Excellent post. I was looking for this issue from long time and was not finding anything precise.
I am trying to integrate OAM 10.1.4 (different machine) with Weblogic 10.3.5. (actually IPM 11.1.1.5)
I am looking for list of components to be installed on my weblogic server machine so that it can talk with OAM server machine. I guess following are the components
1. SSPI connector
2. Web server – Oracle HTTP server 11g
3. Webgate 11g in the web server.
4. Create security provider in Weblogic
Right?
Regards,
Vikrant Korde
@ Vikrant,
With FMW 11g (including IPM), SSPI connector is not required any more. Here are steps
1. Web server – Oracle HTTP server 11g
2. Webgate 11g in the web server.
3. Create identity provider in Weblogic to point to LDAP server
4. Configure OAM identity asserter in weblogic (on which IPM is hosted)
5. Protect IPM url and ADF authentication URI in OAM
You can see OAM integration with OBIEE or WebCenter http://onlineappsdba.com/index.php/2011/12/05/integrate-obiee-11g-with-oam-11g-for-single-sign-on-in-13-steps/ (change URIs to point to IPM)
Reply Vikrant,
You will get oam identity asserter jar available OOTB so you don’t have to install any SSPI connector here. All you need is to check the certification matrix whether versions are certified for integration.
-M
Reply Thanks Atul and Mahendra for the response.
I am still struggling with the integration. Here are the details of my environment
1. I have Weblogic installed on M1
2. IPM 11g is also installed in weblogic present in M1
3. I have installed OHS 11g on M1.
4. Added the entries in mod_wl_ohs.conf so now when i type URL http://M1:7777/imaging/ this shows the page as if i have entered http://M1:16000/imaing. I believe i have configured Reverse proxy properly
5. OAM 10g is already installed on other machine M2 and it has been configured with other systems like EBS, etc.
6. I have configured Host Identifiers, Access gate and policy domain using console method as oamcfgtool was not available.
7. Using “access tester” link available on Machine M2 under Policy domain i tested the URL i.e. http://M1:7777/imaing. It picked up the policy properly and says user is authorized
8. I believe policy manager is properly configured.
9. I have installed Webgate (ofm_oam_webgates_win_10.1.4.3.0_64_disk1_1of1.zip) on machine M1 and added the details which i used for configuring Access manager on M2 (where OAM is installed). It game me a success message.
10. Then it modified the httpd.conf file of OHS 11g on the same machine i.e. M1.
11. Configured OID authenticator in weblogic
12. Configured OAM identity asserter in weblogic
Here are the problems.
1. I can not see users from OID authenticator in “users & groups” tab of weblogic
2. I can not see users from OAM in “users & groups” tab of weblogic
3. When i enter http://M1:7777/imaing it is not sending me to OAM login page. It is sending me to IPM login page.
Please help.
Reply @ Vikrant Korde,
Your issue is that you can’t see OID users/groups under weblogic (after weblogic OID integration).
This could be because of wrong entry in OID Authenticator screen or weblogic machine is unable to contact OID server.
To find root cause enable logging in welogic admin server like
WebLogic Console -> Expand Environment -> Servers -> on right panel click AdminServer -> select tab Debug -> expand WebLogic -> Security -> select atn & atz and click on button Debug
Now go to tab users & groups on security realm
Check Admin Server log file for errors related to OID users/groups
Reply @ Atul
Yes i found the reason behind this. I was not giving the correct values in Base DN, All Users Filter & User From Name Filter values.
I could find out the correct values with the help of LDAP browser production and tried different searches till i get the list of users and groups.
I am still not able to figure out the mistakes behind OAM Identity asserter provider.
Regards,
Vikrant Korde
Hi Mahendra,
I have the following environment:
Oracle Weblogic Portal 10.3.0
Oracle Weblogic 10.3.0 & 10.3.6
I want to use OAM11gR2 to protect the portal & SSO to apps. Which Auth & Identity Asserter should I use?
Regards,
Bruno
Bruno,
You can download the oamAuthnProvider.zip file from OTN for 10g webgates with OAM 11gR2.
Thereafter you would need to copy oamAuthnProvider.jar to location $BEA_HOME/wlserver_10.x/server/lib/mbeantypes/oamAuthnProvider.jar
and follow other steps as described in OAM 11gR2 administration guide.
Hope this helps.
-Mahendra.
Reply
Hi Mahendra,
I have a question for you.
Can we integrate Oracle Forms Application with OAM 11g using 11g webgate?
or
Is it the only way we have, is to use OAM sso agent?
Please let me know.
I need to integrate it with 11g webgate. How ?
Thanks in advance.
– Narendra
Reply