Search This Blog

Wednesday, August 7, 2013

Authentication/Authorization managed by OAM in Weblogic

Configuration from Weblogic Console

Security Configuration

1. Login to weblogic console.

2. Click on Security Realms -> myrealm -> Providers.
    Click New.
    Enter Name : WebLogic_IdentityAsserter
    Type: "OAM Identity Asserter"
    Click OK.

3. Once done, Click on WebLogic_IdentityAsserter.
    Make the Control Flag to “SUFFICIENT”
    Add “OAM_REMOTE_USER” to chosen side of Active Types.
    Save the changes.

4. Go to the Provider Specific tab.
    And update the SSOHeadername to OAM_REMOTE_USER
    Save the changes.

5. Go to Security Realms -> myrealm -> Providers.
    Click New.
    Name: DSX
    Type: OpenLDAPAuthenticator.
    Click OK

6. Go to provider page and click on DSX.
    Mark the Control Flag as “OPTIONAL”

7. Click on Provider Specific tab.
    Update the following details for LDAP configuration.

Host :
Port 389 (Default port)
Principal
Credentials
Confirm Credentials
User Base DN O=<>
User From Name Filter (&(uid=%u)(objectclass=person))
User Name Attribute uid
User Object Class person
Use Retrieved User Name as Principal
Group Base DN ou=GROUPS,o=<>
Group From Name Filter (&(cn=%g)(objectclass=group))
Static Group Name Attribute cn
Static Group Object Class group
Static Member DN Attribute member
Static Group DNs From Member DN Filter (&(member=%M)(objectclass=group))
GUID Attribute objectGUID

Save the changes.


8. Go to Security Realms -> myrealm ->Providers.
    Click on DefaultAuthenticator
    Make the Control Flag as “OPTIONAL”.
    Save the changes.

9. Make sure Provider Specific setting is a below:
    Go to Security Realms -> myrealm -> Providers.
    Select the check box for DefaultIdentityAsserter.
    Click Delete.

10. Activate the changes & Restart all servers.