Creating a Test Page Configuring Oracle Access Manager to Delegate Authentication to Oracle Identity Federation
1. Click the Policy Configuration tab.
2. Expand Authentication Schemes under the Shared Components tree.
3. Select OIFScheme from under the Authentication Schemes and then select Open
from the menu. 4. On the Authentication Schemes page, provide the following information ■ Challenge URL : https:sso.mycompany.com:443fedusersposso ■ Context Type : Select external from the list. Accept the defaults for all other values5. Click Apply to update the OIFScheme.
18.4.3.3 Creating an Oracle Identity Federation Authentication Policy in Oracle Access Manager
Create an authentication policy in Oracle Access Manager to enable OIF to authenticate the user. To create an authentication policy, log in to the OAM console at http:admin.mycompany.comoamconsole as the OAM administration user. Then perform the following steps:1. Click the Policy Configuration tab.
2. Expand IAM Suite under the Application Domains section.
3. Click Authentication Policies, and then select Create from the menu.
4. On the Authentication Policy page, provide the following details: ■ Name : The name of the authentication policy, for example: OIF Policy. ■ Description : The description for the policy ■ Authentication Scheme : Select OIF Scheme from the menu5. Click Apply.
18.4.3.4 Creating a Test Page
Create a test page to validate that Oracle Identity Federation is integrated with Oracle Access Manager. Create a file called oif_sso.html on WEBHOST1 and WEBHOST2, in the directory ORACLE_INSTANCE configOHScomponenthtdocs with the following content: html body center p h2 OIF Protected Resource h2 p center body html 18-32 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management18.4.3.5 Creating a Resource in Oracle Access Manager
Create a resource for the Oracle Identity Federation URL to be protected by Oracle Access Manager. In SP mode, Oracle Identity Federation authenticates the user and then propagates the authentication state to Oracle Access Manager. The resource created here is for the purposes of testing. To create a resource, log in to the OAM console at http:admin.mycompany.comoamconsole as the OAM administration user. Then perform the following steps:1. Click the Policy Configuration tab.
2. Expand IAM Suite under the Application Domains section.
3. Click Resources, and then select Open from the menu.
4. On the IAM Suite Resources page, click New Resources to bring up the Resources
page.5. On the Resources page, provide the following details:
■ Type : Select HTTP ■ Host Identifier : IAMSuiteAgent ■ Resource URL : oif_sso.html ■ Protection Level : Protected ■ Authorization Policy : Protected Resource Policy ■ Authentication Policy : Select the Authentication Policy created in Section 18.4.3.3, Creating an Oracle Identity Federation Authentication Policy in Oracle Access Manager, for example: OIF Policy. 6. Click Apply.18.4.3.6 Configuring Oracle Access Manager to Delegate Authentication to Oracle Identity Federation
The Oracle Identity Federation resources protected by Oracle WebGate are directed to Oracle Access Manager for authentication. In SP Mode, Oracle Identity Federation authenticates the user and propagates the authentication state to Oracle Access Manager. To enable Oracle Identity Federation to authenticate the user, Oracle Access Manager must be configured to redirect the user to Oracle Identity Federation for authentication. This is done by registering Oracle Identity Federation as Delegated Authentication Protocol DAP partner with Oracle Access Manager. Proceed as follows on IDMHOST1 to register Oracle Identity Federation as DAP Partner with Oracle Access Manager: 1. Ensure that the keystore generated in the previous section is available on IDMHOST1. 2. Start the wlst shell from the IAM_ORACLE_HOMEcommonbin directory. For example, on Linux and UNIX-based systems, you would type: .wlst.sh On Windows you would type: .wlst.cmd 3. Connect to the WebLogic Administration Server using the following wlst connect command: Integrating Components 18-33 connectAdminUser,AdminUserPassword,t3:hostname:port For example: connectweblogic,admin_password,t3:ADMINVHN.mycompany.com:7001 4. Use the registerOIFDAPPartner command to register Oracle Identity Federation as a DAP partner with Oracle Access Manager. The syntax is: registerOIFDAPPartnerkeystoreLocation=path_to_keystore, logoutURL=OIF_ logout_URL , rolloverTime= where: ■ path_to_keystore is the location of the Keystore file on IDMHOST1, for example: u01apporacleproductfmwkeystoreskeystore ■ OIF_logout_URL is the OIF Servers logout URL. Use https:oifhost:oifportfeduserspsloosso?doneURL=https: oamhost:oam portoamlogout.jsp as the logout URL Use sso.mycompany.com as the value for oifhost and oamhost. Use 443 as the value for oifport and oamport. ■ rollover_time is the rollover interval for the keys used to encrypt ordecrypt SASSO tokens. For example: wls:IDMDomainserverConfig registerOIFDAPPartnerkeystoreLocation=u01apporacleproductfmwkeystoresk eystore, logoutURL=https:sso.mycompany.comfeduserspsloosso?doneURL=https:sso.myc ompany.comoamlogout.jsp Registration Successful 5. Restart the Administration Server and the Oracle Access Manager and Oracle Identity Federation Managed Servers by following the steps in Section 20.1, Starting and Stopping Oracle Identity Management Components.18.4.4 Validating Oracle Identity Federation Integration with Oracle Access Manager
Before the configuration can be validated, obtain the provider metadata and register the providers. For the purposes of validating, Oracle Identity Federation will act as both an Identity Provider and a Service Provider.18.4.4.1 Generating Provider Metadata
Proceed as follows to generate the IdP and SP metadata. Note: Once all of the Oracle Access Manager managed servers are shut down, it is not possible to access the WebLogic Administration console. Once single sign-on has been configured, access to the WebLogic Administration console is controlled through Oracle Access Manager, which requires at least one Oracle Access Manager managed server to be running.Parts
» Oracle Fusion Middleware Online Documentation Library
» What is an Enterprise Deployment? Terminology
» Understanding the Directory Tier
» Architecture Notes Understanding the Application Tier
» Architecture Notes Security Provisions
» Using This Guide Oracle Fusion Middleware Online Documentation Library
» Hardware Resource Planning Oracle Fusion Middleware Online Documentation Library
» Load Balancers Network Prerequisites
» Configuring Virtual Server Names and Ports on the Load Balancer
» Virtual IP Addresses Managing Oracle Fusion Middleware Component Connections
» Firewall and Port Configuration
» Directory Structure Terminology and Environment Variables
» Recommended Locations for the Different Directories
» WebLogic Domain Considerations Real Application Clusters
» Creating Database Services for 11.2.x Databases Database Tuning
» RCU Example Executing the Repository Creation Utility
» Introduction Using this Guide Software Installation Summary
» Installation Installing Oracle HTTP Server
» Installing Oracle Fusion Middleware Components Installing Oracle Fusion Middleware Home
» Installing JRockit Installing Oracle Identity Management
» Upgrading the Oracle Homes for Oracle Identity Management from 11.1.1.2 to 11.1.1.5
» Installing the Oracle SOA Suite
» Installing Oracle Identity and Access Management
» Validating the Installation Backing up the Web Tier Configuration
» Enabling ADMINVHN on IDMHOST1 Running the Configuration Wizard on IDMHOST1 to Create a Domain
» Failing over the Administration Server to IDMHOST2
» Failing the Administration Server Back to IDMHOST1
» Configuring the First Oracle Internet Directory Instance
» Configuring an Additional Oracle Internet Directory Instance
» Registering Oracle Internet Directory with the WebLogic Server Domain
» Extending the Oracle WebLogic Domain with Oracle Directory Integration Platform and ODSM
» Installing and Configuring Oracle Directory Integration Platform and ODSM on IDMHOST2
» Provisioning the Managed Servers in the Managed Server Directory
» Validating Oracle Directory Services Manager Validating Oracle Directory Integration Platform
» Backing Up the Application Tier Configuration
» Configuring the First Oracle Virtual Directory Instance
» Configuring an Additional Oracle Virtual Directory
» Registering Oracle Virtual Directory with the Oracle WebLogic Server Domain
» Creating Policy Store Users and the Policy Container
» Reassociating the Policy and Credential Store
» Extending Directory Schema for Oracle Access Manager
» Creating Users and Groups for Oracle Access Manager
» Creating Users and Groups for Oracle Adaptive Access Manager
» Creating Users and Groups for Oracle Identity Manager
» Creating Users and Groups for Oracle WebLogic Server
» Creating Access Control Lists in Non-Oracle Internet Directory Directories
» Extending Domain with Oracle Access Manager
» Removing IDM Domain Agent Propagating the Domain Changes to the Managed Server Domain Directory
» Changing Oracle Access Manager Security Model
» Configuring Oracle Access Manager by Using the IDM Automation Tool
» Adding the oamadmin Account to Access System Administrators Validating Oracle Access Manager
» Setting up Keystore with the SSL Certificate and Private Key file of the Access Client
» Extending Domain for Oracle Adaptive Access Manager
» Prerequisites Loading Oracle Adaptive Access Manager Seed Data
» Backing Up the Application Tier Configuration Backing Up the Application Tier Configuration
» Prerequisites Enabling Virtual IP Addresses on OIMHOST1 and OIMHOST2
» Extending the Domain to Configure Oracle Identity Manager and Oracle SOA Suite on IDMHOST1
» Propagating the Oracle Identity Manager and SOA Managed Servers to OIMHOST1 and OIMHOST2
» Prerequisites Configuring Oracle Identity Manager to Work with the Oracle Web Tier
» Configuring an IT Resource Instance for Email
» Creating and Importing New Rules
» Tuning Oracle Platform Security Backing Up the Application Tier Configuration
» Prerequisites Oracle Fusion Middleware Online Documentation Library
» Configuring Oracle Identity Federation on OIFHOST1
» Configuring Oracle Identity Federation on OIFHOST2
» Provisioning the Managed Servers on the Local Disk
» Validating Oracle Identity Federation Backing Up the Application Tier Configuration
» Generating Self-Signed Certificates Using the utils.CertGen Utility
» Configuring Node Manager to Use the Custom Keystores
» Starting Node Manager Configuring Managed WebLogic Servers to Use the Custom Keystores
» Configuring Server Migration Targets Click the Migration tab.
» Updating Existing LDAP Users with Required Object Classes
» Integrating Oracle Access Manager with Oracle Identity Manager by Using idmConfigTool
» Updating Oracle Virtual Directory Authenticator Manually Creating CSF Keys
» Managing the Password of the xelsysadm User Validating Integration
» Validating Oracle Adaptive Access Manager
» Prerequisites Creating Oracle Directory Authenticator
» On the Configure Web Server screen, click Yes to automatically update the web
» Validating WebGate Validating the Oracle Access Manager Single Sign-On Setup
» Monitoring Oracle Virtual Directory
» Monitoring Oracle Directory Integration Platform
» Scaling Up the Directory Tier
» Click the SSL tab. Click Advanced. Set Hostname Verification to None. Click Save.
» Click Save. Oracle Fusion Middleware Online Documentation Library
» Patching an Oracle Fusion Middleware Source File Patching Identity Management Components
» Troubleshooting Oracle Internet Directory
» Troubleshooting Oracle Virtual Directory
» Troubleshooting Oracle Directory Integration Platform
» Troubleshooting Oracle Directory Services Manager
Show more