Monday, April 6, 2009

Form-Based Authentication Single Sign On for Oracle SOA suite 10.1.3.x asconsole, Netpoint/Oblix/CoreId/Oracle Access Manager

I will explain how SSO / OAM / Oracle SOA suite 10.1.3 asconsole can be configured.

1. Configure asconsole with OAM /em
First I will configure the asconsole, this is very easy. Before you can start configuring you need to create the user and groups in the OID this can be achieved with a trick.

1.1 Add User and Groups in the OID
Log in on the asconsole of the SOA suite with the oc4jadmin user:

http://hostname:port/em
Click on the home container > tab Administration > Identity Management

Fill in the OID settings of your OID, then automaticly the users and groups are added to the OID.

After this it is easy (see my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application)

All the files that need to be changed are located in the directory: $ORACLE_HOME/j2ee/home/*

1.2 system-jazn-config.xml
Change the system-jazn-config.xml see Chapter 3.5 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application

The application name should be: asconsole

1.3 orion-application.xml
Change the orion-application.xml files in both directories: (applications and application-deployments) see Chapter 3.3 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

Replace this code:


<!-- %BEGINGOVERNSSO%

<jazn provider="XML">
<jazn-web-app auth-method="CUSTOM_AUTH"/>
</jazn>

%ENDGOVERNSSO% -->


By the following code:


<jazn provider="XML" default-realm="jazn.com" jaas-mode="doAsPrivileged">
<jazn-web-app auth-method="COREIDSSO"/>
</jazn>


1.3 web.xml
Change the web.xml see Chapter 3.1 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

In the web.xml the following code must be replaced:


<login-config>
<auth-method>FORM</auth-method>
<realm-name>ascontrol</realm-name>
<form-login-config>
<form-login-page>/console/logon</form-login-page>
<form-error-page>/logon_failed.html</form-error-page>
</form-login-config>
</login-config>


Replace by:


<login-config>
<realm-name>ascontrol</realm-name>
<auth-method>BASIC</auth-method>
</login-config>


1.4 opmn.xml
Change the opmn.xml see Chapter 2.1 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

1.5 Policy Domain
Configure a policy domain for /em see Chapter 3.4 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

The only difference is that /em needs to be protected instead of: /callerInfo/callerInfoB

1 comment:

comment