Monday, April 6, 2009

Form-Based Authentication Single Sign On for Oracle SOA suite 10.1.3.x asconsole, Netpoint/Oblix/CoreId/Oracle Access Manager

I will explain how SSO / OAM / Oracle SOA suite 10.1.3 asconsole can be configured.

1. Configure asconsole with OAM /em
First I will configure the asconsole, this is very easy. Before you can start configuring you need to create the user and groups in the OID this can be achieved with a trick.

1.1 Add User and Groups in the OID
Log in on the asconsole of the SOA suite with the oc4jadmin user:

http://hostname:port/em
Click on the home container > tab Administration > Identity Management

Fill in the OID settings of your OID, then automaticly the users and groups are added to the OID.

After this it is easy (see my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application)

All the files that need to be changed are located in the directory: $ORACLE_HOME/j2ee/home/*

1.2 system-jazn-config.xml
Change the system-jazn-config.xml see Chapter 3.5 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application

The application name should be: asconsole

1.3 orion-application.xml
Change the orion-application.xml files in both directories: (applications and application-deployments) see Chapter 3.3 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

Replace this code: 


    <!-- %BEGINGOVERNSSO%

    <jazn provider="XML">
        <jazn-web-app auth-method="CUSTOM_AUTH"/>
    </jazn>

    %ENDGOVERNSSO% -->


By the following code:


<jazn provider="XML" default-realm="jazn.com" jaas-mode="doAsPrivileged">
   <jazn-web-app auth-method="COREIDSSO"/>
</jazn>


1.3 web.xml
Change the web.xml see Chapter 3.1 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

In the web.xml the following code must be replaced:


  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>ascontrol</realm-name>
    <form-login-config>
      <form-login-page>/console/logon</form-login-page>
      <form-error-page>/logon_failed.html</form-error-page>
    </form-login-config>
  </login-config>


Replace by:


    <login-config>
        <realm-name>ascontrol</realm-name>
        <auth-method>BASIC</auth-method>
    </login-config>


1.4 opmn.xml
Change the opmn.xml see Chapter 2.1 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

1.5 Policy Domain
Configure a policy domain for /em see Chapter 3.4 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

The only difference is that /em needs to be protected instead of: /callerInfo/callerInfoB
on Monday, April 06, 2009 Labels:

1 comment:

comment

Subscribe to: Post Comments (Atom)