Authentication Providers in #WebLogic – Oracle Access Manager Identity Assertion for Single Sign-On and OAM Authenticator

OAM– Oracle Access Manager is recommended Single Sign-On solution for Fusion Middleware products (SOA, WebCenter, OSB, UCM ….)

ObSSOCookie – is cookie generated by OAM for users authenticated via OAM.

.
What is Authentication Provider in WebLogic Server ?
WebLogic Server includes numerous Authentication security providers: given a username and password credential pair, the provider attempts to find a corresponding user in the provider’s data store (LDAP, Database or other data store). In addition to these username/password based security providers, WebLogic Server includes identity  assertion Authentication providers, which use certificates or security tokens, rather than username/password pairs, as credentials.

More on authentication providers in WebLogic server here . For steps on how to configure Authentication Providers in  WebLogic Server check Configure Authentication and Identity Assertion providers in  Administration Console Online Help for weblogic here

  • To configure OID (Oracle Internet Directory) as Authentication Provider in WebLogic click here

.

OAM Authentication Provider for WebLogic

Oracle Access Manager Authentication Provider (oamAuthnProvider.jar – part of OAM 10.1.4.3) provides two features/functions (“Identity Assertion for Single Sign-On” and  “Authenticator“) which can be integrated with WebLogic Server.

a) OAM Identity Assertion for Single Sign-On – This authentication provider in WebLogic Server, uses OAM authentication service and also validate already-authenticated (users with ObSSOCookie) users and creates a WebLogic-authenticated session. This function (OAM Identity Assertion) also provides single sign-on between WebGates and portals (webcenter, soa…)

b) OAM Authenticator – This authentication provider in WebLogic Server, uses OAM authentication service to authenticate users who access applications deployed in WebLogic Server.

  • If you have Oracle Fusion Middleware 11g of type WebCenter, SOA or Identity Management then “OAM Identity Assertion for Single Sign-On” and “OAM authenticator” should already be available in your weblogic authentication providers.
  • If you have standalone weblogic server (NO – SOA, WebCenter or Identity Management) then you can get these two providers (“OAM Identity Assertion for Single Sign-On” and “OAM authenticator“) by downloading oamAuthnProvider.jar from OTN (Oracle Technology Network)

.

a) oamAuthnProvider.jar: Includes files for both the Oracle Access Manager Identity Asserter for single sign-on and the Authenticator for Oracle WebLogic Server 10.3.1
b) oamauthenticationprovider.war: (optional component) Restricts the list of providers that you see in the Oracle WebLogic Server Console to only those needed for use with Oracle Access Manager. (This application is required “only if” you wish to restrict weblogic console to see only two authentication provider in weblogic)
 

c) oamcfgtool.jar: (optional component) – is script that automates creation of the Oracle Access Manager form-based authentication scheme, policy domain, access policies, and WebGate profile for the Identity Asserter for single sign-on.  For more information on oamcfgtool.jar click here  – You can configure all steps (as done by oamcfgtool.jar) manually too.

.

More on OAM Identity Assertion for Single Sign-On   &  OAM Authenticator  coming soon.

About the Author Masroof Ahmad

Leave a Comment:

49 comments
Add Your Reply