2-22 Administrators Guide for Oracle Imaging and Process Management OracleMiddlewarewlserver_10.3commonbin. From the ORACLE_ HOMEcommonbin, run wlst.sh Linux or wlst.cmd Windows and the run connect. The full set credential store commands are documented in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference, but the main two used in these examples are: createCredmap=oracle.wsm.security, alias=alias, user=user, password=pwd and listCredmap=map, key=key The credential store can store any userid and password pair accessed by an alias. For WSM policies, the acsf aliases are used to obtain keystore aliases and passwords. These CSF aliases are configured in the jps-config.xml file in the following element. -- KeyStore Service Instance -- serviceInstance name=keystore provider=keystore.provider location=.default-keystore.jks descriptionDefault JPS Keystore Servicedescription property name=keystore.type value=JKS property name=keystore.csf.map value=oracle.wsm.security property name=keystore.pass.csf.key value=keystore-csf-key property name=keystore.sig.csf.key value=enc-csf-key property name=keystore.enc.csf.key value=enc-csf-key serviceInstance The keystore needs one alias named keystore-csf-key that includes the password for the key store. In this example, it is the first password entered in the keytool, above. The username here is ignored. Then the keystore needs a second alias named enc-csf-key. The username is a keystore alias and the password is the private password for that keystore alias, which is the second password in the keytool, above.

2.3.5 Integrating Oracle IPM With Oracle Access Manager 11g

This section describes how to configure Oracle IPM to work with Oracle Access Manager OAM 11g. For more information on deploying Oracle IPM and OAM within an enterprise, see the Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Enterprise Content Management Suite. To integrate OAM 11g with Oracle IPM, do the following: 1. Install and configure Oracle Access Manager OAM, Oracle HTTP Server OHS, and WebGate as described in Installing the Oracle Identity Management 11g Software in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. 2. Append Oracle IPM entries to mod_wl_ohs.conf, using the example below. Replace hostname with the name of the machine hosting the Oracle IPM instance, and portnumber with the port of the Oracle WebLogic Server domain hosting Oracle IPM: Forwarding URLs: Location imaging SetHandler weblogic-handler WebLogicHost hostname WebLogicPort portnumber Location Managing Security 2-23 3. Use the Oracle OAM remote registration tool oamreg to register an Oracle OAM Agent, specifying protected and public Oracle IPM URIs. For more information, see Provisioning an ORACLE OAM Agent with Oracle Access Manager 11g in Oracle Fusion Middleware Application Security Guide and Setting Up OAM Agents in Oracle Fusion Middleware Installation Guide for Oracle Identity Management. 4. Configure the Oracle IPM domain by ensuring you perform these tasks. See Deploying the Oracle Access Manager 11g SSO Solution in Oracle Fusion Middleware Application Security Guide. a. Configure the OAM Identity Asserter. The control flag for the OAM Identity Asserter must be set to REQUIRED, and both OAM_REMOTE_USER and ObSSOCookie must be selected as Active Types. See Identity Asserter for Single Sign-on Function, About Using the Identity Asserter for SSO with OAM 11g and 11g WebGates, and Configuring Identity Assertion for SSO with Oracle Access Manager 11g in Oracle Fusion Middleware Application Security Guide. b. Configure an Authentication provider. This is necessary to specify the user store, such as Oracle Internet Directory OID or another external LDAP server. For example, if OAM is using OID, then an OID Authentication provider must be added to the Oracle IPM domain. See Installing the Authentication Provider with Oracle Access Manager 11g and Setting Up Providers for Oracle Access Manager Identity Assertion in Oracle Fusion Middleware Application Security Guide. See Table 12-1 in Oracle Fusion Middleware Application Security Guide for information on the differences when deploying the Authentication Provider with OAM 10g versus OAM 11g. c. Configure the OPSS OAM Single Sign-On provider. See Oracle Fusion Middleware Security Guide: Configuring Single-Sign On in Oracle Fusion Middleware. 5. After installing and configuring OAM 11g, check that you can access all of the configured Oracle IPM applications, and that the login is giving you access to all of your configured Oracle IPM applications without prompting you to sign in Oracle IPM Public URI Oracle IPM Private URI imaging imagingfaces Note: When the Oracle WebLogic Server domain for Oracle IPM is configured to use an authentication provider other than the DefaultAuthenticator provider, the new authentication provider must be the first authentication provider listed in the security realm configuration, or Oracle IPM will fail to load any user privileges. Make sure to re-order the authentication providers so the new authentication provider is listed before the DefaultAuthenticator provider. Also ensure that the DefaultAuthenticator control flag is set to SUFFICIENT. For more information, see the section, Configuring the First Authentication Provider. in the Oracle Fusion Middleware System Administrators Guide for Oracle Content Server. 2-24 Administrators Guide for Oracle Imaging and Process Management again. Also test global logout where available and make sure you are logged out of all other related applications. For more information, see Oracle Fusion Middleware Administrators Guide for Oracle Access Manager and Oracle Fusion Middleware Application Security Guide.

2.3.6 Integrating Oracle IPM With Oracle Access Manager 10g