Oracle SSO solution for Weblogic Server
This post will show a way to enable oracle single sigon(SSO) on Oracle Weblogic Server(10.3.0)
Prerequisites
1. You have installed Oracle HTTP Server 2.0 & Oracle Weblogic Server 10.3 with application deployed.
You can download Oracle HTTP Server 2.0 from Oracle 10gR3 Companion Disc
http://www.oracle.com/technology/software/products/ias/htdocs/101310.html
2. Single Sign on Server & OID 10.1.2
Download and Configure MOD_WEBLOGIC
a. Download MOD_WEBLOGIC from http://download.oracle.com/otn/bea/weblogic/server103/server103_apacheplugins.zip.
b. extract the corresponding platform mod_wl_20.so. Copy it to $ORACLE_HOME/ohs/modules.
c. Edit $ORACLE_HOME/ohs/conf/httpd.conf and add the following line under the last LoadModule directive: LoadModule weblogic_module modules/mod_wl_20.so
d. At the end of $ORACLE_HOME/ohs/conf/httpd.conf file add the following directives
<IfModule mod_weblogic.c>
WebLogicHost linux2.oracle.com
WebLogicPort 7001 (this should match with HTTP Server port where Weblogic Server is running)
<Location /sample>
SetHandler weblogic-handler
</Location>
e. Stop and start the HTTP_Server to pick up the changes.
Configure MOD_OSSO.
a. Manually register the application url with SSO
$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path $ORACLE_HOME -site_name linux2.oracle.com -config_mod_osso TRUE -mod_osso_url http://linux2.oracle.com:7010 -verbose TRUE ( Place the conf file in target Apache/conf/osso/
b. Add below line in $ORACLE_HOME/ohs/conf/httpd.conf
LoadModule osso_module modules/mod_osso.so (Should be on TOP in DSO section).
c. Edit $ORACLE_HOME/ohs/conf/mod_osso.conf and lines to look like
<IfModule mod_osso.c>
OssoIdleTimeout off
OssoIpCheck off
#OssoRedirectByForm off
#OssoSecureCookies on
#OssoProtectedOnly on
#OssoSecureCookies on
#OssoSendCacheHeaders on
#OssoHttpsFrontend on
#UseWebCacheIp on
OssoConfigFile /oracle/ohs/ohs/conf/osso/osso.conf
<Location /ssotest>
Require valid-user
AuthType Basic
</Location>
<Location /private>
AuthType Basic
Require valid-user
</Location>
</IfModule>
<Location /sample>
Require valid-user
AuthType Basic
</Location>
d. Stop and start the Weblogic HTTP_Server to pick up the changes.
Configure OSSO Identity Asserter.
Login Weblogic Server Control Console as weblogic user
a) Add following Providers to a weblogic Domain for OSSO
OSSO Identity Asserter, DefaultAuthenticator & OID Authenticator
Adding OSSO Identity Asserter
1. Click Security Realms, Default Realm Name, Providers
2.Select New under the Authentication Providers table.
3. Enter a name for the new provider, select its type, and then click OK. For example:
Name: OSSO Identity Asserter
Type: OSSOIdentityAsserter
Ok
In settings for Settings for OSSO Identity Asserter
4. Click Default Authentication Provider.
5. Set the control flag to OPTIONAL, and click Save
6. Adding OIDAuthenticator
Click New, and enter a name and type:.
Name. OID Authenticator
7. Click the provider Specific tab & specify the following settings
User Name Attribute: orcladmin(Example)
Host: The Oracle Internet Directory hostname
Group Base DN: cn=Groups,dc=cse,dc=oracle,dc=com
User Base DN: cn=users,dc=cse,dc=oracle,dc=com
Port: Oracle Internet Directory port
8. Reorder Providers After Stop & Restart WebLogic Server
b. Establishing Trust between Oracle WebLogic Server and Other Entities
1. Enter the syntax for the connection filter rules & Restart the WebLogic Server.
c. Configuring the Application for the OSSO Identity Asserter
1. Locate the web.xml file in the application EAR file.
2. Locate the auth-method for the appropriate realm and enter CLIENT-CERT. For example:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>myRealm</realm-name>
</login-config>
3. Save the file. redeploy & restart the Application.
References:
1) Metalink ID: 796072.1 How to Integrate OHS 2.0 with MOD_WEBLOGIC and MOD_OSSO
2) Oracle Fusion Middleware Release Notes 11g Release 1
Related Links
1. Weblogic Server Installation
3. Weblogic Server Administrator password
4. Increasing the Heap Size in Weblogic Server
Other Links
1. Configuring Webcenter with Proxy HTTP Server and SSO
Trackbacks & Pingbacks