How to create Authentication Module in OAM 11g without using OAM Admin console?

Recently I had worked on a requirement where OAM 11g configurations has to be exported and imported from one environment to the other without using any of the UI consoles. This is case of migration but the execution is entirely different compared to Oracle Documentation (supported procedure). I’ll explain the complete steps of export and import in a different post but for now I’d like to brief how OAM configurations such as Authentication Module can be created in OAM 11g without using Admin console. It is assumed that OAM 11g server is setup in Target environment.

In OAM 11g all the configuration details are stored in oam-config.xml located at $WL_DOMAIN/config/fmwconfig. Please note that it is neither recommended nor supported to edit this file.

Creating authentication Module:

  • Stop the OAM and weblogic admin servers.
  • Open the oam-config.xml and goto the authentication modules block by traversing to the xpath /Configuration/Setting [Name=”NGAMConfiguration”]/Setting [Name=”DeployedComponent“]/Setting [Name=”Server“]/Setting [Name=”NGAMServer“]/Setting [Name=”Profile“]/Setting [Name=”AuthenticationModules“]/Setting [Name=”LDAPModules“].
  • For creating a new authentication module with Name say OVDAuthModule, use the XML block as shown below.
<Setting Name=”93466CB4BD01D60C32” Type=”htf:map“>
  <Setting Name=”staticMemberDNAttribute” Type=”xsd:string“>uniqueMember</Setting>
  <Setting Name=”connectionPool” Type=”xsd:string“>100</Setting>
  <Setting Name=”VALIDATE_PASSWORD” Type=”xsd:boolean“>false</Setting>
  <Setting Name=”ldapProtocol” Type=”xsd:string“>sslv3</Setting>
  <Setting Name=”jaasControlFlag” Type=”xsd:string“>SUFFICIENT</Setting>
  <Setting Name=”domainCredential” Type=”xsd:string“>test-credential</Setting>
  <Setting Name=”domainName” Type=”xsd:string“>my-domain</Setting>
  <Setting Name=”serverName” Type=”xsd:string“>my-server</Setting>
  <Setting Name=”domainRealmName” Type=”xsd:string“>my-realm</Setting>
  <Setting Name=”dynamicGroupNameAttribute” Type=”xsd:string“>ou=people,ou=myrealm,dc=base_domain</Setting>
  <Setting Name=”dynamicMemberURLAttribute” Type=”xsd:string“>memberURL</Setting>
  <Setting Name=”sslEnabled” Type=”xsd:string“>false</Setting>
  <Setting Name=”ldapid” Type=”xsd:string“>032E2D6DEBDF1B0786</Setting>
  <Setting Name=”rootDirectory” Type=”xsd:string“>.</Setting>
  <Setting Name=”name” Type=”xsd:string“>OVDAuthModule</Setting>
  <Setting Name=”groupBaseDN” Type=”xsd:string“>ou=groups,ou=myrealm,dc=base_domain</Setting>
  <Setting Name=”dynamicGroupObjectClass” Type=”xsd:string“>groupofURLs</Setting>
  </Setting>

Key things to remember:

  1. Notice the random alpha numeric string provide for name of the Setting XML block 93466CB4BD01D60C32. OAM server creates this random value when it is created through Admin console. In the similar fashion specify a random value as 001MAHI001 but the value should be unique in the XML.
  2. Specify the Authentication Module name in the parameter <Setting Name=”name” Type=”xsd:string“>.
  3. Specify the identity store name in the parameter <Setting Name=”ldapid” Type=”xsd:string“>. Please note that this value is also a random alphanumeric string that can be taken from oam-config.xml by searching for specific identity store name.

We’re done. No other parameter values need to be specified here. Start the weblogic and OAM servers and login to OAM console to see if the new authentication module is created succesfully.

NOTE: Make sure that XML block added has right syntax as otherwise OAM server fails to start.

 

 

 

 

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

2 comments
itsras says January 31, 2013

Hi,

This is very useful to me. As part of automating the webgate 11g registration with OAM 11.1.2, I have used this techniq, but using Config MBean.

The same steps that you have mentioned in this post, I have implemented them in Java using Config MBean, and is successfully creating the authentication module. But the only thing is it is now visible in UI, until you re-start the oam console.

Reply
Kiran says July 17, 2019

Hi itsras,

can you share sample code to create an authentication module with Mbeans.

Reply
Add Your Reply