Integration WebLogic 9.2 with OAM 10.1.4.3(using Proxy)

最新推荐文章于 2022-04-26 10:59:47 发布

leoly521

最新推荐文章于 2022-04-26 10:59:47 发布

阅读量1.4k

点赞数

文章标签： weblogic access security oracle server authentication

本文链接：https://blog.csdn.net/leoly521/article/details/6138806

版权

Environment:

OAM and WebLogic 9.2 installed on same RHEL5.4 system.

OAM Installed information:

Hostname: oiam.sttg-poc.com

OAM installed folder: /app/OAM

Identity Server: /app/OAM/identity

Access Server: /app/OAM/access, port is 6201, name is AccessSvr_OIAM

WebPass and Policy Manager: /app/OAM/webcomponent (using Apache, port is 80)

OAM Admin user: orcladmin/abcd1234

All OAM components are installed in Open Security Mode.

User and Policy Store use OID, Base DN: dc=sttg-poc,dc=com

WebLogic Installed information:

Hostname: wls.sttg-poc.com

WLS9.2 installed folder: /app/BEA, port is 7001, install user is oracle, group is oinstall.

WebLogic Admin user: weblogic/abcd1234

WebLogic Application Domain: base_domain, in:

/app/BEA/user_projects/domains/base_domain

In the OID Admin Console, copy uid=orcladmin to uid=weblogic

Solution

Create Proxy Server for WebLogic using Apache2.0.x

1. Install Apache2.0.x

2. Copy mod_wl_20.so to Apache modules directory

[root@oiam ~]# cp app/BEA/weblogic92/server/plugin/linux/i686/mod_wl_20.so /opt/lampp/modules/

3. Add proxy setting into httpd.conf

[root@oiam ~]# vi /opt/lamp/etc/httpd.conf

LoadModule weblogic_module modules/mod_wl_20.so

Listen 88

NameVirtualHost *:88

ServerName wls.sttg-poc.com:88

ErrorLog logs/wls.sttg-poc.com-error_log

WebLogicHost localhost

WebLogicPort 7001

SetHandler weblogic-handler

DEBUG ERR

WLLogFile /tmp/wlproxy.log

</IfModule>

</VirtualHost>

WebLogicHost localhost

WebLogicPort 7001

DEBUG ERR

WLLogFile /tmp/wlproxy.log

SetHandler weblogic-handler

PathTrim console

ErrorPage http://error.sttg-poc.com

</Location>

SetHandler weblogic-handler

PathTrim myapp

ErrorPage http://error.sttg-poc.com

</Location>

</IfModule>

#>> Create Master Administrator in Access System Console
http://oiam.sttg-poc.com/access/oblix

1. Click Access System Console.
2. Authenticate as orcladmin/abcd1234.
3. Click System Configuration.
4. Click Administrators.
5. Click Master Access Administrators.
6. Click Select User.
7. Locate and add weblogic.
8. Click Done.

#>> Create Master Administrator in Identity System Console
http://oiam.sttg-poc.com/access/oblix

1. Click Identity System Console.
3. Click System Configuration.
4. Click Administrators.
5. Click Master Identity Administrators.
6. Click Select User.
7. Locate and add weblogic.
8. Click Done.
9. Click Save.
10. Click Master Administrators.
11. Click Select User.
12. Locate and add weblogic.
13. Click Done.
14. Click Save

#>> Add WebLogic Connector Resource Type Definitions
1. Click Access System Console.
2. Click Access System Configuration.
3. Click Common Information Configuration.
4. Click Resource Type Definitions
5. Click Add
A) WL_URL Resource Type Definition:

Parameter	Value
Name	wl_url
Display Name	wl_url
Resource Matching	Case Insensitive
Resource Operation(s)	GET
	POST

B) WL_SVR Resource Type Definition:

Parameter	Value
Name	wl_svr
Display Name	wl_svr
Resource Matching	Case Insensitive
Resource Operation(s)	BOOT
	DEFAULT

C) WL_ADM Resource Type Definition:

Parameter	Value
Name	wl_adm
Display Name	wl_adm
Resource Matching	Case Insensitive
Resource Operation(s)	DEFAULT

D) WL_EJB Resource Type Definition:

Parameter	Value
Name	wl_ejb
Display Name	wl_ejb
Resource Matching	Case Insensitive
Resource Operation(s)	EXECUTE

E) WL_AUTHEN Resource Type Definition:

Parameter	Value
Name	wl_authen
Display Name	wl_authen
Resource Matching	Case Insensitive
Resource Operation(s)	LOGIN

#>> Create WebLogic Specific Authentication Schemes.
1. Click Authentication Management.
2. Click Add.
A) OAM WebLogic Server Basic Authentication:

Parameter	Value
Name	OAM WebLogic Server Basic Authentication
Description	Used to authenticate users who access WebLogic resources
Level	1
Challenge Method	<Basic>
Challenge Parameter(s)	realm:Oracle Access and Identity
SSL Required	<No>
Challenge Redirect	<blank>
Enabled	Yes
Plugin credential_mapping	obMappingBase="dc=sttg-poc,dc=com",obMappingFilter="(&(&(objectclass=inetorgperson)(uid=%userid%))(\|(!(obuseraccountcontrol=*))(obuseraccountcontrol=ACTIVATED)))"
Plugin validate_password	obCredentialPassword="password"

B) OAM WebLogic Anonymous Authentication:

Parameter	Value
Name	OAM WebLogic Anonymous Authentication
Description	Used to un-protect GIFs, etc.
Level	0
Challenge Method	<None>
Challenge Parameter(s)	<blank>
SSL Required	<No>
Challenge Redirect	<blank>
Enabled	Yes
Plugin credential_mapping	obMappingBase="dc=sttg-poc,dc=com",obMappingFilter="(uid=OblixAnonymous)"

#>>Define AccessGate for BEA WebLogic Server Connector
1. Click Host Identifiers and click Add to define a new host identifier for WebLogic AccessGate, Host identifier details as following:

Parameter	Value
Name	wls.sttg-poc.com
Description
Hostname variations	wls.sttg-poc.com
	wls.sttg-poc.com:7001

2. Click Add New AccessGate. Define a new AccessGate for the BEA WebLogic Application Server.
A) WebLogic AccessGate Configuration.

Parameter	Value
AccessGate Name	AccessGate_WLS
Description	AccessGate to protect WebLogic Server(non-proxied)
Hostname	wls.sttg-poc.com
Port	<no port specified>
AccessGate Password	abcd1234
Debug	<off>
Maximum user session time (seconds)	3600
Idle Session Time (seconds)	3600
Maximum Connections	1
Transport Security	<open>
IP Validation	<On>
IP Validation Exception	<Leave Blank>
Maximum Client Session Time (hours)	24
Failover Threshold	<Leave Blank>
Access server timeout threshold	<Leave Blank>
Sleep for (seconds)	60
Maximum elements in cache	100000
Cache timeout (seconds)	1800
Impersonation Username	<leave blank>
Impersonation Password	<leave blank>
Access Management Service	<On>
Preferred HTTP Cookie Domain	.sttg-poc.com
Preferred HTTP Host	wls.sttg-poc.com
Deny on not protected	<Off>
CachePragmaHeader	no-cache
CacheControlHeader	no-cache
LogOutURLs	<leave blank>
User Defined Parameters	<leave blank>
Primary Access Server	oiam.sttg-poc.com:6021

2. Save the new AccessGate configuration.
3. Close the browser
4. Restart the Access Server Services.

#>>OAM BEA WebLogic SSPI Connector Installation
1. Start the WebLogic SSPI Connector installer.

[root@oiam ~]# ./Oracle_Access_Manager10_1_4_2_2_linux_BEA_WL_SSPI

2. Click Next.
3. In case of Linux enter the user name and group WebLogic Server runs as, (username is oracle, group is oinstall).

The product that you are about to install needs to be owned by the same user

as the WebLogic server is running as. Most of the time it is run as `root' or

`nobody'. Doing a `ps' on the server process is a quick way to find out who

the owner is.

Enter the username the WebLogic server is running as [nobody] oracle

Enter the Group for the above username [nobody] oinstall

4. Click Next.
5. Provide the installation directory. Incase of Linux /app/OAM/webgate. ( SSPI installation directory is /app/OAM/webgate/NetPointSecuProvForWeblogic)

Please specify the installation directory for Oracle Access Manager 10.1.4.2.2

Security Provider For WebLogic.

Please specify a directory name or press Enter [/opt/netpoint] /app/OAM/webgate

6. If you are installing on Linux provide the location of GCC libraries.

To proceed with installation of Oracle Access Manager 10.1.4.2.2 Security

Provider For WebLogic and for successfully running the product, you must

install additional GCC runtime libraries, namely libgcc_s.so.1 and

libstdc++.so.5. Note that these libraries should be compatible with GCC 3.3.2.

The libraries are available for download from either of the following

locations - http://metalink.oracle.com (requires login), or

http://www.oracle.com/technology/products/ias/index.html. Once these libraries

are locally available, please specify the directory containing the files and

proceed with the installation.

Location of GCC runtime libraries []: /tmp/gcc32

7. Click Next.
8. Select Advanced Configuration option.

Configuration options. Typical option will require minimal inputs. Advanced

option enables overriding of all defaults.

[ ] 1 - Typical

[X] 2 - Advanced

9. Examine the Action Type and other Security Provider configurations for this installation and click Next.
10. Confirm that the wl_authen resource type and the authentication scheme configurations matched the configuration you did in the Add WebLogic Connector Resource Type Definitions step above.

Oracle Access Manager Security Provider uses a special policy to

authenticate users in WebLogic. Please specify the following configuration

to setup this policy.

Resource type [wl_authen]

Resource name [/Authen/Basic]

Resource name used for anonymous access [/Authen/Anonymous]

Resource operation [LOGIN]

LoginId parameter used in credential_mapping plugin of authentication

scheme [userid]

Password parameter used in validate_password of authentication scheme

[password]

Action Type (action is configured to get the loginId from ObSSOCookie)

[WL_REALM]

Action Name (action is configured to get the loginId from ObSSOCookie)

[uid]

Dummy username used by form login for doing SSO when there is no WebGate

on proxy HTTP server [obdummyuser]

WebLogic resource types used for web applications(comma separated)

[<url>,<web>]

Oracle Access Manager Security Provider uses a special policy to get

roles for a user. Please specify the following configuration to setup this

policy.

TTL(time to live) of elements in roles cache [60]

Time to delete expired elements of cache (in seconds) [60]

Resource type [wl_authen]

Resource name [/Authen/Roles]

Resource operation [LOGIN]

Action Type in authorization rule to get roles. [WL_REALM]

11. Click Next.
12. Configure the connector using the following settings.

Parameter	Value
Default access to resources NOT protected	allow
Map authorization abstain	allow
Debug	<on>

Default access to resources not protected by Oracle Access Manager

(allow,deny,abstain) [allow]

Map the authorization result abstain to (allow,deny) [] allow

Set debugging (This should be set to Off for production systems)

[X] 1 - On

[ ] 2 - Off

13. Click Next.
14. Configure the BEA WLS Connector WebPass Communication using the following settings.

Parameter	Value
WebPass Hostname	oiam.sttg-poc.com
WebPass Port	80
Protected by WebGate	<no>

Hostname of WebPass. [] oiam.sttg-poc.com

Port Number of WebPass. [] 80

Is WebPass protected by WebGate ?

[ ] 1 - Yes

[X] 2 - No

15. Click Next.
16. Configure more of the BEA WLS Connector WebPass Configuration using the following settings.

Parameter	Value
Connect via HTTPS	<no>
User Attribute	uid
User Search Attribute	cn
Group Search Attribute	cn

Do you want the Oracle Access Manager Connector to connect to WebPass using

https ?

[ ] 1 - Yes

[X] 2 - No

To select an item enter its number, or 0 when you are finished [0]:

User attribute. [uid]

User search attribute. [cn]

Group search attribute. [cn]

17. Click Next.
18. Select <Mode> for the Transport Security Mode and click Next.

Security provider uses AccessGate internally to communicate with Access

Server. Following configuration sets up the AccessGate. Please create

AccessGate entry through Access System console before proceeding.

Specify the transport security mode

[X] 1 - Open Mode: No Encryption

[ ] 2 - Simple Mode: Encryption through SSL and a Public Key Certificate

[ ] 3 - Cert Mode: Encryption through SSL and a Public Key Certificate

19. Configure the AccessGate for the BEA WLS Connector using the following settings:

Parameter	Value
AccessGate ID	AccessGate_WLS
Password	abcd1234
Access Server ID	AccessSvr_OIAM
Hostname of Access Server	oiam.sttg-poc.com
Access Server Port	6021

Please provide the Access Gate ID, host name, and port number for the Access

Gate connection. You must use a unique ID for each Access Gate you install.

Access Gate ID [] AccessGate_WLS

Password for Access Gate

Access Server ID [] AccessSvr_OIAM

Host name where an Access Server is installed [] oiam.sttg-poc.com

Port number the Access Server listens to [6021]

20. Click Next.

Configuring Access Gate...

-------------------------------------------------------------------------------

Oracle Access Manager Security Provider For WebLogic Configuration

Please do the following manual tasks to complete the setup

- Setup Access System policies used by Oracle Access Manager Security Provider

for internal purposes. This can be done manually through access console or

automatically using a tool. To use the tool go to

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools directory

and follow the instructions from the readme file

- Modify the following environment variables in the weblogic server startup

script.

- PATH - Add /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib

- CLASSPATH - Add

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/wlNetPoint.jar,

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/bcprov-jdk14-125.jar,

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/xerces.jar and

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/jobaccess.jar

21. Click Next.

- Copy the configuration files to Weblogic domain folder

- Copy

/app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointProvidersConfig.properties

and /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointResourceMap.conf to

Weblogic domain. (e.g. <Weblogic installdir>/user_projects/domains/mydomain).

Copy only the NetPointProvidersConfig.properties file for Portal Domain. (e.g.

<Weblogic installdir>/user_projects/domains/portalDomain).

- Copy the MJF (mbean jar file) to <Weblogic server

installdir>/server/lib/mbeantypes

- If you are using Weblogic 8.1 then copy

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/mbeantypes/wl8NetPointSecurityProviders.jar

- If you are using Weblogic 7.0 (atleast sp2 is required) then copy

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/mbeantypes/wl7NetPointSecurityProviders.jar

- Start the Weblogic server with the default security realm. When the server is

running execute the script /setupNetPointRealm.cmd (or setupNetPointRealm.sh on

unix). You may have to modify the admin username/password inside the script.

The script will setup the NetPoint security realm and switch the default realm

to NetPointRealm. Now, restart the Weblogic server. Provide the Oracle Access

Manager user credentials during startup. If startup fails then look into the

server logs for details.

NOTE: If the script fails then configure the security realm manually through

Weblogic admin console to use the Oracle Access Manager security provider.

Instructions to configure it manually can be found in

/app/OAM/webgate/NetPointSecuProvForWeblogic/readme.htm

22. Click Finish to close the installer.

#>>Policy/Security Domain Pre-Deployment Environment Configuration

[root@oiam ~]# su - oracle

1. Backup the files NetPointResourceMap.conf and NetPointProvidersConfig.properties from “/app/OAM/webgate/NetPointSecuProvForWeblogic” directory.

[oracle@oiam ~]$ cp /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointProvidersConfig.properties /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointProvidersConfig.properties.backup

[oracle@oiam ~]$ cp /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointResourceMap.conf /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointResourceMap.conf.backup

2. Edit /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointProvidersConfig.properties and modify the below mentioned values.

[oracle@oiam ~]$ vi /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointProvidersConfig.properties

Parameter	Value
ObDebugMode	true
OB_ServerLogLevel	debug
ObAuthorization.OnDenyRedirectToUrl	http://oiam.sttg-poc.com/AuthzFailure.html
OB_InstallDir	/app/OAM/webgate/NetPointSecuProvForWeblogic
OB_LogLevel	debug
OB_LogFileName	/app/OAM/webgate/NetPointSecuProvForWeblogic /base_domain.log
OB_WebPassHost	oiam.sttg-poc.com
OB_WebPassPost	80
OB_AdminUserName	weblogic
OB_AdminUserCreds	abcd1234
OB_CookieDomain	.sttg-poc.com
OB_CookiePath	/
OB_WebPassSSLEnabled	false

3. Save the changes and exit the editor.

4. Copy the NetPointResourceMap.conf and NetPointProvidersConfig.properties files to the WebLogic APPDOMAIN directory: /app/BEA/user_projects/domains/base_domain.

[oracle@oiam ~]$ cp /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPoint* /app/BEA/user_projects/domains/base_domain/

5. Copy the file from
/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/mbeantypes/wlNetPointSecurityProviders.jar to the directory /app/BEA/weblogic92/server/lib/mbeantypes.

[oracle@oiam ~]$ cp /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/mbeantypes/wlNetPointSecurityProviders.jar /app/BEA/weblogic92/server/lib/mbeantypes/

6. Backup the /app/BEA/user_projects/domains/base_domain/bin/setDomainEnv.sh

[oracle@oiam ~]$ cp /app/BEA/user_projects/domains/base_domain/bin/setDomainEnv.sh /app/BEA/user_projects/domains/base_domain/bin/setDomainEnv.sh.backup

7. Edit the /app/BEA/user_projects/domains/base_domain/bin/setDomainEnv.sh.

[oracle@oiam ~]$ vi /app/BEA/user_projects/domains/base_domain/bin/setDomainEnv.sh

8. Search for JAVA_OPTIONS before #set the classpath section.
9. Enter the follwoing script after "export JAVA_OPTIONS" section near end of the file setDomainEnv.sh.

# SET WLSConnector CLASSPATH and other paths

OAMWLC="/app/OAM/webgate/NetPointSecuProvForWeblogic"; export OAMWLC

OAMWLCDIR="${OAMWLC}/oblix/lib"; export OAMWLCDIR

LD_LIBRARY_PATH="${OAMWLCDIR}:${LD_LIBRARY_PATH}"; export LD_LIBRARY_PATH

PATH="${PATH}:${OAMWLCDIR}"; export PATH

WLC_LIB_CLASSPATH="${OAMWLCDIR}/wlNetPoint.jar${CLASSPATHSEP}${OAMWLCDIR}/bcprov-jdk14-125.jar${CLASSPATHSEP} ${OAMWLCDIR}/xerces.jar${CLASSPATHSEP}${OAMWLCDIR}/jobaccess.jar"; export WLC_LIB_CLASSPATH

10. Comment the existing classpath seting and enter the follwoing classpath setting.

CLASSPATH="${PRE_CLASSPATH}${CLASSPATHSEP}${WLC_LIB_CLASSPATH}${CLASSPATHSEP}${WEBLOGIC_CLASSPATH}${CLASSPATHSEP}${POST_CLASSPATH}${CLASSPATHSEP}${WLP_POST_CLASSPATH}"

11. Save the changes and exit the editor.
12. Stop and start the WebLogic Server.

[root@oiam ~]# /app/BEA/user_projects/domains/base_domain/bin/stopWebLogic.sh

[root@oiam ~]# /app/BEA/user_projects/domains/base_domain/bin/startWebLogic.sh

13. Backup /app/OAM/webgate/NetPointSecuProvForWeblogic/setupNetPointRealm.properties file.

[oracle@oiam ~]$ cp /app/OAM/webgate/NetPointSecuProvForWeblogic/setupNetPointRealm.properties /app/OAM/webgate/NetPointSecuProvForWeblogic/setupNetPointRealm.properties.backup

Change the following entries to the new values to reflect the current WebLogic Server Administrative user accounts.

[oracle@oiam ~]$ vi /app/OAM/webgate/NetPointSecuProvForWeblogic/setupNetPointRealm.properties

Parameter	Value
exitonerror	false
adminServerListenAddress	wls.sttg-poc.com
adminServerName	AdminServer
domName	base_domain
passWord	abcd1234
overWriteRootDir	true
TimeOut	240000
startedNewServer	0
domainDir	WLSTConfigToScriptDomain
userName	weblogic
adminServerListenPort	7001
startServerJvmArgs	<empty>

14. Save the changes and exit the editor.

#>> Deploying OAM Security Realm to WebLogic Application Server
1. In case of Windows. Set Environment variable JAVA_VENDOR=Sun. In case of Linux run below mentioned commands.

[oracle@oiam ~]$ export JAVA_VENDOR=Sun

[oracle@oiam ~]$ source /app/BEA/user_projects/domains/base_domain/bin/setDomainEnv.sh

[oracle@oiam ~]$ cd /app/OAM/webgate/NetPointSecuProvForWeblogic/
[oracle@oiam ~]$ export PATH=/app/BEA/jdk150_12/bin:$PATH
[oracle@oiam ~]$ /app/OAM/webgate/NetPointSecuProvForWeblogic/setupNetPointRealm_wl92.sh

2. In case of windows execute setupNetPointRealm_wl92.cmd file.
3. You will receive message that “Activation Completed”.
4. Close the command window.

#>>Deploying OAM Policy Domains
1. Backup the file /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/NetPointWeblogicTools.properties

[oracle@oiam ~]$ cp /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/NetPointWeblogicTools.properties /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/NetPointWeblogicTools.properties.backup

2. Edit the NetPointWeblogicTools.properties file and change the following entries to the new values.

[oracle@oiam ~]$ vi /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/NetPointWeblogicTools.properties

Parameter	Value
ObWLTools.Debug	true
ObPolicyDomain.Name	WebLogic Server Security Provider
ObPolicyDomain.LoginAttribute	uid
ObWLTools.SetupInitialNetpointSSPIPolicies	true
ObWLTools.DeployPolicy	false
ObWLToolsUnDeployPolicy	false
ObWLSDomain.Dir	/app/BEA/user_projects/domains/base_domain
ObWLAuthenticationScheme.Name	OAM WebLogic Server Basic Authentication
ObWLNoneAuthenticationScheme.Name	OAM WebLogic Anonymous Authentication
ObWLWebResource.usingIdentityAssertion	true

3. Create and edit a new text file in the /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools directory called runDeployerTool.sh for linux and windows create runDeployerTool.bat.

[oracle@oiam ~]$ vi /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/runDeployerTool.sh

4. Make the contents of the file as follows:

export CLASSPATHSEP=":"
export OAMWLC="/app/OAM/webgate/NetPointSecuProvForWeblogic"
export OAMWLCDIR="${OAMWLC}/oblix"
export CLASSPATH="${CLASSPATH}${CLASSPATHSEP}${OAMWLCDIR}/lib/jobaccess.jar${CLASSPATHSEP}${OAMWLCDIR}/tools/npWLTools${CLASSPATHSEP}${OAMWLCDIR}/tools/npWLTools/npWLTools.jar"
export PATH="${PATH}:${OAMWLCDIR}/lib"
export LD_LIBRARY_PATH="${OAMWLCDIR}/lib"
echo $CLASSPATH

cd ${OAMWLCDIR}/tools/npWLTools/

/app/BEA/jdk150_12/bin/java com.oblix.weblogic.tools.NetPointPolicyDeployer orcladmin abcd1234

5. Save the changes and exit the editor.

[oracle@oiam ~]$ chmod 775 /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/runDeployerTool.sh

6. Execute the file runDeployerTool.sh for linux and runDeployerTool.bat for Windows.
Note: run as OAM installed user ( root ).

[root@oiam ~]# cd /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/

[root@oiam ~]# /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/runDeployerTool.sh

7. Examine the NetPointWeblogicTools.log file for details or error messages .
8) Browse to http://oiam.sttg-poc.com/access/oblix
9) Click Policy Manager.
10) Authenticate as orcladmin/abcd1234 or weblogic/abcd1234.
11) Click My Policy Domains.
12) Select the checkbox next to the “WebLogic Server Security Provider” policy domain.
13) Click “Enable”.
14) Locate and click WebLogic Server Security Provider policy domain.
15) Verify if “/Authen/Basic”, “/Authen/Roles” and “/Authen/Anonymous” resources are created.
16) Verify if Authorization Rule for Admin, Anyone, Authen and Role are created.
17) Click on Policies and verify if “Authen Policy”, “Authen Anonymous Policy”, “Role Policy” and “Common policy to unprotect gif files” are created.
18) Restart OAM Access Server.

#>> Examine WLS Server Security Providers
1) Goto http://wls.sttg-poc.com:7001/console
2) Log in as username weblogic/abcd1234.
3) Click Security Realms in Left Window pane.
4) Click Netpoint Realm in Right window pane.
5) Click Providers Tab > Certification Path > WebLogicCertPathProvider and select current builder as true and save.
6) Click “base_domain” of the Tree Structure on the left hand side.
7) Click Security Tab on the Right hand side.
8) Select default realm as NetpointRealm.
9) Stop WebLogic Server.

[root@oiam ~]# /app/BEA/user_projects/domains/base_domain/bin/stopWebLogic.sh

10) Remove /app/BEA/user_projects/domains/base_domain/servers/AdminServer/security/boot.properties or Edit it and change the username as weblogic and password as abcd1234.
11) start the BEA WebLogic Application Server. If prompted for user name and password, use weblogic/abcd1234.

[root@oiam ~]# /app/BEA/user_projects/domains/base_domain/bin/startWebLogic.sh

12) Open http://wls.sttg-poc.com:7001/console in browser.
13) Log in as weblogic/abcd1234.
14) Navigate to base_domain > Security > Realms > NetPointRealm and expand NetPointRealm.
15) Examine Users and note that users from the OAM Identity repository are now listed.

For detailed steps and more information on the Integration of Weblogic with OAM refer Weblogic.pdf file that it provided along with the installers.