How to integrate OAM 11g with OID 11g for User/Identity Store
- Oracle Access Manager (OAM) is Oracle’s recommended Single Sign-On solution, for step by step installation of OAM 11g click here
- Oracle Internet Directory (OID) is LDAP version 3 complaint directory server from Oracle. For high level steps to install OID 11.1.1.4 click here
Why should you integrate OAM with OID ?
OAM’s default user store is weblogic’s embedded ldap server which is not recommended user store for production environment. After OAM installation it is recommended to set Oracle Internet Directory as OAM’s primary identity store.
Pointing OAM’s user store to Oracle Internet directory including integration with Oracle Identity Manager is also explained in my Book “Oracle Identity and Access Manager 11g for Administrators”
Steps to configure OAM to use OID as Identity Store
1. Create a groups “Administrators” in OIDunder dc=[your_domain], cn=groups using ODSM
2. Create a user weblogicoid in OID under dc=[your_domain] , cn=users (This user will then be used to connect to login to weblogic console) – Ensure that attribute userPassword is set for this user.
3. Add user weblogicoid in OID to group “Administrator“. Use ODSM to create user/group in OID 11g. More on ODSM here
4. Login to OAM Console ( http://server:7001/oamconsolewhere 7001 is weblogic admin server port on which OAM is deployed)
5. Click tab “System Configuration” and select User Identity Stores under Data Source
6. From Actions -> select Create
.
.
7. Enter OID server details and click on Test Connections
.
.
If you get “failed to connect to Identity Store : Invalid Role Security Admin” make sure that group Administrators is created in OID
.
8. Click Apply when connection is successful
9. Select newly create User Store from OAM Console and click on button “Set as Primary” on top right
10. Log out from OAM console and login using newly created user in OID (weblogicoid)
Note: You can also use WebLogic Scripting Tool (WLST) to manage identity store in OAM using createUserIdentityStore, deleteUserIdentityStore, displayUserIdentityStore, editUserIdentityStore
.
How to use WLST commands for OAM ?
1.set environment – DOMAIN_HOME/bin/setDomainEnv.sh
2.Start WLST – cd $ORACLE_HOME/common/bin/wlst.sh
3.Connect to WebLogic Server – connect()
4. List all OAM commands – help(‘oam’)
5.To list User Identity Store with name UserIdentityStore1 – displayUserIdentityStore( name=”UserIdentityStore1″)
.
References
If you are looking for commonly asked interview questions for Oracle Access Manager then just click below and get that in your inbox.
