OAM 10g integration with Cisco Prime Service Catalog

I’ve got an opportunity to integrate Cisco Prime Service Catalog application 10.1 with Oracle Access Manager 10g.  FYI: OAM 10g is not certified with Cisco Prime Service Catalog product for SSO integration.

Here is the requirement:

There are lot of applications in the organizations which are integrated with OAM 10g for SSO. Cisco Prime Service Catalog is another application added to SSO applications spectrum.

Background of Cisco Prime Service Catalog:

Service Catalog Directory Integration simplifies security administration and enhances user convenience and productivity by implementing centralized user authentication and synchronization with an enterprise directory.

This product is capable of talking to External directories for authentication purpose and external products for Single Sign-On purpose. However for SSO, it expects header variables or cgi variables.

Integration Process:

  1. Cisco Prime Service Catalog is installed in JBOSS application server front ended by IIS web server.
  2. Install WebGate on IIS web server and this is as usual.
  3. Create Policies in OAM for protecting the root URL.
  4. Change the SSO configuration at Cisco Prime Service Catalog product. Login into Cisco Prime Service Catalog and goto Administration.
  5. Goto Directories. Click on Events.
  6. Edit the Login functionality. Make sure that Login event is enabled. Select Operation as Single Sign-On from the drop-down.
  7. Click on Additional Options button. Select the Header Variable Radio button.
  8. Specify the Login ID Mapping as OAM_REMOTE_USER. This is the header variable name specified in OAM authorization rule Actions and it returns user id.
  9. Specify the Authentication Failure URL in Redirect URL text box.
  10. Click Update. Please refer the below screenshot.

This completes the SSO configuration changes at Cisco Prime Service Catalog application.

Testing:

Access the application URL http://host:port/RequestCenter/ which prompts for authentication configured in policy. Submit the credentials and it will redirect to application home page.

Observations:

While working on this integration, Cisco product was honoring OAM_REMOTE_USER header variable and not REMOTE_USER which was interesting. It may be possible that this header variable name was specified in one of the product configuration files or it is how the product is configured.

Helpful links:

Documentation is here.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment: