Integration WebLogic 9.2 with OAM 10.1.4.3(using Proxy)

Environment:

OAM and WebLogic 9.2 installed on same RHEL5.4 system.

OAM Installed information:

       Hostname: oiam.sttg-poc.com

       OAM installed folder: /app/OAM

              Identity Server: /app/OAM/identity

              Access Server: /app/OAM/access, port is 6201, name is AccessSvr_OIAM

              WebPass and Policy Manager: /app/OAM/webcomponent (using Apache, port is 80)

       OAM Admin user: orcladmin/abcd1234

All OAM components are installed in Open Security Mode.

User and Policy Store use OID, Base DN: dc=sttg-poc,dc=com

WebLogic Installed information:

Hostname: wls.sttg-poc.com

WLS9.2 installed folder: /app/BEA, port is 7001, install user is oracle, group is oinstall.

       WebLogic Admin user: weblogic/abcd1234

       WebLogic Application Domain: base_domain, in:

              /app/BEA/user_projects/domains/base_domain

 

In the OID Admin Console, copy uid=orcladmin to uid=weblogic

 

Solution

Create Proxy Server for WebLogic using Apache2.0.x

1. Install Apache2.0.x

2. Copy mod_wl_20.so to Apache modules directory

[root@oiam ~]# cp app/BEA/weblogic92/server/plugin/linux/i686/mod_wl_20.so /opt/lampp/modules/

3. Add proxy setting into httpd.conf

[root@oiam ~]# vi /opt/lamp/etc/httpd.conf

LoadModule weblogic_module modules/mod_wl_20.so

 

Listen 88

NameVirtualHost *:88

<VirtualHost *:88>

    ServerName wls.sttg-poc.com:88

    ErrorLog logs/wls.sttg-poc.com-error_log

    <IfModule mod_weblogic.c>

        WebLogicHost localhost

        WebLogicPort 7001

        SetHandler weblogic-handler

        DEBUG ERR

        WLLogFile /tmp/wlproxy.log

    </IfModule>

</VirtualHost>

 

<IfModule mod_weblogic.c>

    WebLogicHost localhost

    WebLogicPort 7001

    DEBUG ERR

    WLLogFile /tmp/wlproxy.log

    <Location /console>

        SetHandler weblogic-handler

        PathTrim console

        ErrorPage http://error.sttg-poc.com

    </Location>

 

    <Location /myapp>

        SetHandler weblogic-handler

        PathTrim myapp

        ErrorPage http://error.sttg-poc.com

    </Location>

</IfModule>

 

#>> Create Master Administrator in Access System Console
http://oiam.sttg-poc.com/access/oblix

1. Click Access System Console.
2. Authenticate as orcladmin/abcd1234.
3. Click System Configuration.
4. Click Administrators.
5. Click Master Access Administrators.
6. Click Select User.
7. Locate and add weblogic.
8. Click Done.


#>> Create Master Administrator in Identity System Console
http://oiam.sttg-poc.com/access/oblix

1. Click Identity System Console.
3. Click System Configuration.
4. Click Administrators.
5. Click Master Identity Administrators.
6. Click Select User.
7. Locate and add weblogic.
8. Click Done.
9. Click Save.
10. Click Master Administrators.
11. Click Select User.
12. Locate and add weblogic.
13. Click Done.
14. Click Save

#>> Add WebLogic Connector Resource Type Definitions
1. Click Access System Console.
2. Click Access System Configuration.
3. Click Common Information Configuration.
4. Click Resource Type Definitions
5. Click Add
A) WL_URL Resource Type Definition:

Parameter

Value

Name

wl_url

Display Name

wl_url

Resource Matching

Case Insensitive

Resource Operation(s)

GET

 

POST

B) WL_SVR Resource Type Definition:

Parameter

Value

Name

wl_svr

Display Name

wl_svr

Resource Matching

Case Insensitive

Resource Operation(s)

BOOT

 

DEFAULT

C) WL_ADM Resource Type Definition:

Parameter

Value

Name

wl_adm

Display Name

wl_adm

Resource Matching

Case Insensitive

Resource Operation(s)

DEFAULT

D) WL_EJB Resource Type Definition:

Parameter

Value

Name

wl_ejb

Display Name

wl_ejb

Resource Matching

Case Insensitive

Resource Operation(s)

EXECUTE

E) WL_AUTHEN Resource Type Definition:

Parameter

Value

Name

wl_authen

Display Name

wl_authen

Resource Matching

Case Insensitive

Resource Operation(s)

LOGIN


#>> Create WebLogic Specific Authentication Schemes.
1. Click Authentication Management.
2. Click Add.
A) OAM WebLogic Server Basic Authentication:

Parameter

Value

Name

OAM WebLogic Server Basic Authentication

Description

Used to authenticate users who access WebLogic resources

Level

1

Challenge Method

<Basic>

Challenge Parameter(s)

realm:Oracle Access and Identity

SSL Required

<No>

Challenge Redirect

<blank>

Enabled

Yes

Plugin credential_mapping

obMappingBase="dc=sttg-poc,dc=com",obMappingFilter="(&(&(objectclass=inetorgperson)(uid=%userid%))(|(!(obuseraccountcontrol=*))(obuseraccountcontrol=ACTIVATED)))"

Plugin validate_password

obCredentialPassword="password"

B) OAM WebLogic Anonymous Authentication:

Parameter

Value

Name

OAM WebLogic Anonymous Authentication

Description

Used to un-protect GIFs, etc.

Level

0

Challenge Method

<None>

Challenge Parameter(s)

<blank>

SSL Required

<No>

Challenge Redirect

<blank>

Enabled

Yes

Plugin credential_mapping

obMappingBase="dc=sttg-poc,dc=com",obMappingFilter="(uid=OblixAnonymous)"


#>>Define AccessGate for BEA WebLogic Server Connector
1. Click Host Identifiers and click Add to define a new host identifier for WebLogic AccessGate, Host identifier details as following:

Parameter

Value

Name

wls.sttg-poc.com

Description

 

Hostname variations

wls.sttg-poc.com

 

wls.sttg-poc.com:7001


2. Click Add New AccessGate. Define a new AccessGate for the BEA WebLogic Application Server.
A) WebLogic AccessGate Configuration.

Parameter

Value

AccessGate Name

AccessGate_WLS

Description

AccessGate to protect WebLogic Server(non-proxied)

Hostname

wls.sttg-poc.com

Port

<no port specified>

AccessGate Password

abcd1234

Debug

<off>

Maximum user session time (seconds)

3600

Idle Session Time (seconds)

3600

Maximum Connections

1

Transport Security

<open>

IP Validation

<On>

IP Validation Exception

<Leave Blank>

Maximum Client Session Time (hours)

24

Failover Threshold

<Leave Blank>

Access server timeout threshold

<Leave Blank>

Sleep for (seconds)

60

Maximum elements in cache

100000

Cache timeout (seconds)

1800

Impersonation Username

<leave blank>

Impersonation Password

<leave blank>

Access Management Service

<On>

Preferred HTTP Cookie Domain

.sttg-poc.com

Preferred HTTP Host

wls.sttg-poc.com

Deny on not protected

<Off>

CachePragmaHeader

no-cache

CacheControlHeader

no-cache

LogOutURLs

<leave blank>

User Defined Parameters

<leave blank>

Primary Access Server

oiam.sttg-poc.com:6021


2. Save the new AccessGate configuration.
3. Close the browser
4. Restart the Access Server Services.

#>>OAM BEA WebLogic SSPI Connector Installation
1. Start the WebLogic SSPI Connector installer.

[root@oiam ~]# ./Oracle_Access_Manager10_1_4_2_2_linux_BEA_WL_SSPI

2. Click Next.
3. In case of Linux enter the user name and group WebLogic Server runs as, (username is oracle, group is oinstall).

The product that you are about to install needs to be owned by the same user

as the WebLogic server is running as. Most of the time it is run as `root' or

`nobody'. Doing a `ps' on the server process is a quick way to find out who

the owner is.

 

   Enter the username the WebLogic server is running as [nobody] oracle

 

   Enter the Group for the above username [nobody] oinstall

4. Click Next.
5. Provide the installation directory. Incase of Linux /app/OAM/webgate. ( SSPI installation directory is /app/OAM/webgate/NetPointSecuProvForWeblogic)

Please specify the installation directory for Oracle Access Manager 10.1.4.2.2

Security Provider For WebLogic.

 

   Please specify a directory name or press Enter [/opt/netpoint] /app/OAM/webgate

6. If you are installing on Linux provide the location of GCC libraries.

To proceed with installation of Oracle Access Manager 10.1.4.2.2 Security

Provider For WebLogic and for successfully running the product, you must

install additional GCC runtime libraries, namely libgcc_s.so.1 and

libstdc++.so.5. Note that these libraries should be compatible with GCC 3.3.2.

The libraries are available for download from either of the following

locations - http://metalink.oracle.com (requires login), or

http://www.oracle.com/technology/products/ias/index.html. Once these libraries

are locally available, please specify the directory containing the files and

proceed with the installation.

 

   Location of GCC runtime libraries []: /tmp/gcc32

7. Click Next.
8. Select Advanced Configuration option.

Configuration options. Typical option will require minimal inputs. Advanced

option enables overriding of all defaults.

 [ ]  1  -  Typical 

 [X]  2  -  Advanced

9. Examine the Action Type and other Security Provider configurations for this installation and click Next.
10. Confirm that the wl_authen resource type and the authentication scheme configurations matched the configuration you did in the Add WebLogic Connector Resource Type Definitions step above.

   Oracle Access Manager Security Provider uses a special policy to

   authenticate users in WebLogic. Please specify the following configuration

   to setup this policy.

  

    Resource type [wl_authen]

 

   Resource name [/Authen/Basic]

 

   Resource name used for anonymous access [/Authen/Anonymous]

 

   Resource operation [LOGIN]

 

   LoginId parameter used in credential_mapping plugin of authentication

   scheme [userid]

 

   Password parameter used in validate_password of authentication scheme

   [password]

 

   Action Type (action is configured to get the loginId from ObSSOCookie)

   [WL_REALM]

 

   Action Name (action is configured to get the loginId from ObSSOCookie)

   [uid]

 

   Dummy username used by form login for doing SSO when there is no WebGate

   on proxy HTTP server [obdummyuser]

 

   WebLogic resource types used for web applications(comma separated)

   [<url>,<web>]

 

   Oracle Access Manager Security Provider uses a special policy to get

   roles for a user. Please specify the following configuration to setup this

   policy.

  

    TTL(time to live) of elements in roles cache [60]

 

   Time to delete expired elements of cache (in seconds) [60]

 

   Resource type [wl_authen]

 

   Resource name [/Authen/Roles]

 

   Resource operation [LOGIN]

 

   Action Type in authorization rule to get roles. [WL_REALM]

11. Click Next.
12. Configure the connector using the following settings.

Parameter

Value

Default access to resources NOT protected

allow

Map authorization abstain

allow

Debug

<on>

   Default access to resources not protected by Oracle Access Manager

   (allow,deny,abstain) [allow]

 

   Map the authorization result abstain to (allow,deny) [] allow

 

Set debugging (This should be set to Off for production systems)

 [X]  1  -  On

 [ ]  2  -  Off

13. Click Next.
14. Configure the BEA WLS Connector WebPass Communication using the following settings.

Parameter

Value

WebPass Hostname

oiam.sttg-poc.com

WebPass Port

80

Protected by WebGate

<no>

   Hostname of WebPass. [] oiam.sttg-poc.com

 

   Port Number of WebPass. [] 80

 

Is WebPass protected by WebGate ?

 [ ]  1  -  Yes

 [X]  2  -  No 

15. Click Next.
16. Configure more of the BEA WLS Connector WebPass Configuration using the following settings.

Parameter

Value

Connect via HTTPS

<no>

User Attribute

uid

User Search Attribute

cn

Group Search Attribute

cn

Do you want the Oracle Access Manager Connector to connect to WebPass using

https ?

 [ ]  1  -  Yes

 [X]  2  -  No

   To select an item enter its number, or 0 when you are finished [0]:

 

   User attribute. [uid]

 

   User search attribute. [cn]

 

   Group search attribute. [cn]

17. Click Next.
18. Select <Mode> for the Transport Security Mode and click Next.

Security provider uses AccessGate internally to communicate with Access

Server. Following configuration sets up the AccessGate. Please create

AccessGate entry through Access System console before proceeding.

 

 Specify the transport security mode

 [X]  1  -  Open Mode:    No Encryption                                       

 [ ]  2  -  Simple Mode:  Encryption through SSL and a Public Key Certificate 

 [ ]  3  -  Cert Mode:    Encryption through SSL and a Public Key Certificate

19. Configure the AccessGate for the BEA WLS Connector using the following settings:

Parameter

Value

AccessGate ID

AccessGate_WLS

Password

abcd1234

Access Server ID

AccessSvr_OIAM

Hostname of Access Server

oiam.sttg-poc.com

Access Server Port

6021

Please provide the Access Gate ID, host name, and port number for the Access

Gate connection. You must use a unique ID for each Access Gate you install.

 

   Access Gate ID [] AccessGate_WLS

 

   Password for Access Gate

 

   Access Server ID [] AccessSvr_OIAM

 

   Host name where an Access Server is installed [] oiam.sttg-poc.com

 

   Port number the Access Server listens to [6021]

20. Click Next.

Configuring Access Gate...

 

-------------------------------------------------------------------------------

Oracle Access Manager Security Provider For WebLogic Configuration

 

Please do the following manual tasks to complete the setup

 

 

- Setup Access System policies used by Oracle Access Manager Security Provider

for internal purposes. This can be done manually through access console or

automatically using a tool. To use the tool go to

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools directory

and follow the instructions from the readme file

 

 

- Modify the following environment variables in the weblogic server startup

script.

  -  PATH - Add /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib

- CLASSPATH - Add

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/wlNetPoint.jar,

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/bcprov-jdk14-125.jar,

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/xerces.jar and

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/jobaccess.jar

21. Click Next.

  -  Copy the configuration files to Weblogic domain folder

- Copy

/app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointProvidersConfig.properties

and /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointResourceMap.conf to

Weblogic domain. (e.g. <Weblogic installdir>/user_projects/domains/mydomain).

Copy only the NetPointProvidersConfig.properties file for Portal Domain. (e.g.

<Weblogic installdir>/user_projects/domains/portalDomain).

 

 

 

- Copy the MJF (mbean jar file) to <Weblogic server

installdir>/server/lib/mbeantypes

- If you are using Weblogic 8.1 then copy

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/mbeantypes/wl8NetPointSecurityProviders.jar

- If you are using Weblogic 7.0 (atleast sp2 is required) then copy

/app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/mbeantypes/wl7NetPointSecurityProviders.jar

 

- Start the Weblogic server with the default security realm. When the server is

running execute the script /setupNetPointRealm.cmd (or setupNetPointRealm.sh on

unix). You may have to modify the admin username/password inside the script.

The script will setup the NetPoint security realm and switch the default realm

to NetPointRealm. Now, restart the Weblogic server. Provide the Oracle Access

Manager user credentials during startup. If startup fails then look into the

server logs for details.

 

NOTE: If the script fails then configure the security realm manually through

Weblogic admin console to use the Oracle Access Manager security provider.

Instructions to configure it manually can be found in

/app/OAM/webgate/NetPointSecuProvForWeblogic/readme.htm

22. Click Finish to close the installer.

#>>Policy/Security Domain Pre-Deployment Environment Configuration

[root@oiam ~]# su - oracle

1. Backup the files NetPointResourceMap.conf and NetPointProvidersConfig.properties from “/app/OAM/webgate/NetPointSecuProvForWeblogic” directory.

[oracle@oiam ~]$ cp /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointProvidersConfig.properties /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointProvidersConfig.properties.backup

[oracle@oiam ~]$ cp /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointResourceMap.conf /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointResourceMap.conf.backup

 

2. Edit /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointProvidersConfig.properties and modify the below mentioned values.

[oracle@oiam ~]$ vi /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPointProvidersConfig.properties

Parameter

Value

ObDebugMode

true

OB_ServerLogLevel

debug

ObAuthorization.OnDenyRedirectToUrl

http://oiam.sttg-poc.com/AuthzFailure.html

OB_InstallDir

/app/OAM/webgate/NetPointSecuProvForWeblogic

OB_LogLevel

debug

OB_LogFileName

/app/OAM/webgate/NetPointSecuProvForWeblogic /base_domain.log

OB_WebPassHost

oiam.sttg-poc.com

OB_WebPassPost

80

OB_AdminUserName

weblogic

OB_AdminUserCreds

abcd1234

OB_CookieDomain

.sttg-poc.com

OB_CookiePath

/

OB_WebPassSSLEnabled

false

 

3. Save the changes and exit the editor.

4. Copy the NetPointResourceMap.conf and NetPointProvidersConfig.properties files to the WebLogic APPDOMAIN directory: /app/BEA/user_projects/domains/base_domain.

[oracle@oiam ~]$ cp /app/OAM/webgate/NetPointSecuProvForWeblogic/NetPoint* /app/BEA/user_projects/domains/base_domain/

 

5. Copy the file from
 /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/mbeantypes/wlNetPointSecurityProviders.jar to the directory /app/BEA/weblogic92/server/lib/mbeantypes.

[oracle@oiam ~]$ cp /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/lib/mbeantypes/wlNetPointSecurityProviders.jar /app/BEA/weblogic92/server/lib/mbeantypes/

 

6. Backup the /app/BEA/user_projects/domains/base_domain/bin/setDomainEnv.sh

[oracle@oiam ~]$ cp /app/BEA/user_projects/domains/base_domain/bin/setDomainEnv.sh /app/BEA/user_projects/domains/base_domain/bin/setDomainEnv.sh.backup

 

7. Edit the /app/BEA/user_projects/domains/base_domain/bin/setDomainEnv.sh.

[oracle@oiam ~]$ vi /app/BEA/user_projects/domains/base_domain/bin/setDomainEnv.sh

8. Search for JAVA_OPTIONS before #set the classpath section.
9. Enter the follwoing script after "export JAVA_OPTIONS" section near end of the file setDomainEnv.sh.

# SET WLSConnector CLASSPATH and other paths

OAMWLC="/app/OAM/webgate/NetPointSecuProvForWeblogic"; export OAMWLC

OAMWLCDIR="${OAMWLC}/oblix/lib"; export OAMWLCDIR

LD_LIBRARY_PATH="${OAMWLCDIR}:${LD_LIBRARY_PATH}"; export LD_LIBRARY_PATH

PATH="${PATH}:${OAMWLCDIR}"; export PATH

WLC_LIB_CLASSPATH="${OAMWLCDIR}/wlNetPoint.jar${CLASSPATHSEP}${OAMWLCDIR}/bcprov-jdk14-125.jar${CLASSPATHSEP} ${OAMWLCDIR}/xerces.jar${CLASSPATHSEP}${OAMWLCDIR}/jobaccess.jar"; export WLC_LIB_CLASSPATH

10. Comment the existing classpath seting and enter the follwoing classpath setting.

CLASSPATH="${PRE_CLASSPATH}${CLASSPATHSEP}${WLC_LIB_CLASSPATH}${CLASSPATHSEP}${WEBLOGIC_CLASSPATH}${CLASSPATHSEP}${POST_CLASSPATH}${CLASSPATHSEP}${WLP_POST_CLASSPATH}"

11. Save the changes and exit the editor.
12. Stop and start the WebLogic Server.

[root@oiam ~]# /app/BEA/user_projects/domains/base_domain/bin/stopWebLogic.sh

[root@oiam ~]# /app/BEA/user_projects/domains/base_domain/bin/startWebLogic.sh

 

13. Backup /app/OAM/webgate/NetPointSecuProvForWeblogic/setupNetPointRealm.properties file.

[oracle@oiam ~]$ cp /app/OAM/webgate/NetPointSecuProvForWeblogic/setupNetPointRealm.properties /app/OAM/webgate/NetPointSecuProvForWeblogic/setupNetPointRealm.properties.backup

 

Change the following entries to the new values to reflect the current WebLogic Server Administrative user accounts.

[oracle@oiam ~]$ vi /app/OAM/webgate/NetPointSecuProvForWeblogic/setupNetPointRealm.properties

Parameter

Value

exitonerror

false

adminServerListenAddress

wls.sttg-poc.com

adminServerName

AdminServer

domName

base_domain

passWord

abcd1234

overWriteRootDir

true

TimeOut

240000

startedNewServer

0

domainDir

WLSTConfigToScriptDomain

userName

weblogic

adminServerListenPort

7001

startServerJvmArgs

<empty>

14. Save the changes and exit the editor.

#>> Deploying OAM Security Realm to WebLogic Application Server
1. In case of Windows. Set Environment variable JAVA_VENDOR=Sun. In case of Linux run below mentioned commands.

[oracle@oiam ~]$ export JAVA_VENDOR=Sun

[oracle@oiam ~]$ source /app/BEA/user_projects/domains/base_domain/bin/setDomainEnv.sh

[oracle@oiam ~]$ cd /app/OAM/webgate/NetPointSecuProvForWeblogic/
[oracle@oiam ~]$ export PATH=/app/BEA/jdk150_12/bin:$PATH
[oracle@oiam ~]$ /app/OAM/webgate/NetPointSecuProvForWeblogic/setupNetPointRealm_wl92.sh

2. In case of windows execute setupNetPointRealm_wl92.cmd file.
3. You will receive message that “Activation Completed”.
4. Close the command window.

#>>Deploying OAM Policy Domains
1. Backup the file /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/NetPointWeblogicTools.properties

[oracle@oiam ~]$ cp /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/NetPointWeblogicTools.properties /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/NetPointWeblogicTools.properties.backup

 

2. Edit the NetPointWeblogicTools.properties file and change the following entries to the new values.

[oracle@oiam ~]$ vi /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/NetPointWeblogicTools.properties

Parameter

Value

ObWLTools.Debug

true

ObPolicyDomain.Name

WebLogic Server Security Provider

ObPolicyDomain.LoginAttribute

uid

ObWLTools.SetupInitialNetpointSSPIPolicies

true

ObWLTools.DeployPolicy

false

ObWLToolsUnDeployPolicy

false

ObWLSDomain.Dir

/app/BEA/user_projects/domains/base_domain

ObWLAuthenticationScheme.Name

OAM WebLogic Server Basic Authentication

ObWLNoneAuthenticationScheme.Name

OAM WebLogic Anonymous Authentication

ObWLWebResource.usingIdentityAssertion

true


3. Create and edit a new text file in the /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools directory called runDeployerTool.sh for linux and windows create runDeployerTool.bat.

[oracle@oiam ~]$ vi /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/runDeployerTool.sh

4. Make the contents of the file as follows:

export CLASSPATHSEP=":"
export OAMWLC="/app/OAM/webgate/NetPointSecuProvForWeblogic"
export OAMWLCDIR="${OAMWLC}/oblix"
export CLASSPATH="${CLASSPATH}${CLASSPATHSEP}${OAMWLCDIR}/lib/jobaccess.jar${CLASSPATHSEP}${OAMWLCDIR}/tools/npWLTools${CLASSPATHSEP}${OAMWLCDIR}/tools/npWLTools/npWLTools.jar"
export PATH="${PATH}:${OAMWLCDIR}/lib"
export LD_LIBRARY_PATH="${OAMWLCDIR}/lib"
echo $CLASSPATH

cd ${OAMWLCDIR}/tools/npWLTools/

/app/BEA/jdk150_12/bin/java com.oblix.weblogic.tools.NetPointPolicyDeployer orcladmin abcd1234

5. Save the changes and exit the editor.

[oracle@oiam ~]$ chmod 775 /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/runDeployerTool.sh

6. Execute the file runDeployerTool.sh for linux and runDeployerTool.bat for Windows.
Note: run as OAM installed user ( root ).

[root@oiam ~]# cd /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/

[root@oiam ~]# /app/OAM/webgate/NetPointSecuProvForWeblogic/oblix/tools/npWLTools/runDeployerTool.sh

7. Examine the NetPointWeblogicTools.log file for details or error messages .
8) Browse to http://oiam.sttg-poc.com/access/oblix
9) Click Policy Manager.
10) Authenticate as orcladmin/abcd1234 or weblogic/abcd1234.
11) Click My Policy Domains.
12) Select the checkbox next to the “WebLogic Server Security Provider” policy domain.
13) Click “Enable”.
14) Locate and click WebLogic Server Security Provider policy domain.
15) Verify if “/Authen/Basic”, “/Authen/Roles” and “/Authen/Anonymous” resources are created.
16) Verify if Authorization Rule for Admin, Anyone, Authen and Role are created.
17) Click on Policies and verify if “Authen Policy”, “Authen Anonymous Policy”, “Role Policy” and “Common policy to unprotect gif files” are created.
18) Restart OAM Access Server.

#>> Examine WLS Server Security Providers
1) Goto http://wls.sttg-poc.com:7001/console
2) Log in as username weblogic/abcd1234.
3) Click Security Realms in Left Window pane.
4) Click Netpoint Realm in Right window pane.
5) Click Providers Tab > Certification Path > WebLogicCertPathProvider and select current builder as true and save.
6) Click “base_domain” of the Tree Structure on the left hand side.
7) Click Security Tab on the Right hand side.
8) Select default realm as NetpointRealm.
9) Stop WebLogic Server.

[root@oiam ~]# /app/BEA/user_projects/domains/base_domain/bin/stopWebLogic.sh

10) Remove /app/BEA/user_projects/domains/base_domain/servers/AdminServer/security/boot.properties or Edit it and change the username as weblogic and password as abcd1234.
11) start the BEA WebLogic Application Server. If prompted for user name and password, use weblogic/abcd1234.

[root@oiam ~]# /app/BEA/user_projects/domains/base_domain/bin/startWebLogic.sh

12) Open http://wls.sttg-poc.com:7001/console in browser.
13) Log in as weblogic/abcd1234.
14) Navigate to base_domain > Security > Realms > NetPointRealm and expand NetPointRealm.
15) Examine Users and note that users from the OAM Identity repository are now listed.

For detailed steps and more information on the Integration of Weblogic with OAM refer Weblogic.pdf file that it provided along with the installers.

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值