Showing posts with label Impersonation. Show all posts
Showing posts with label Impersonation. Show all posts

Tuesday, November 17, 2015

WATCH: Oracle Access Manager(OAM) 11g R2 PS3 Impersonation Demo

Oracle Access Manager 11g R2 PS3 Impersonation Demo

Pre-requisites:
  1. OAM 11g R2 PS3 environment is up and running with OUD as user store & protected sample resource called “spokuri.html” with LDAPSchema
  2. Enabled Impersonation in OAM & Extend OAM LDAP schema into OUD directory server
  3. Created user “kpokuri”(Impersonatee) with “orclIDXPerson” object class in OUD
  4. Created user “spokuri”(Impersonator) in OUD
  5. Added an attribute “orclImpersonationGrantee” to “kpokuri” and value as “8c69d7465afc406a947669204ad88ecf|20100324163000Z|20180524172000Z”

Description: orclImpersonationGrantee attribute value has 3 parameters separated by pipe “|”.

1.     Impersonator orclguid. In this case, it’s “spokuri” user orclguid.
2.     Impersonation start date
3.     Impersonation end date


Demo Video: 




Test Case:

  1. Access OAM LDAP Schema protected resource http://pokuri.demo.com:7777/spokuri.html
  2. Enter impersonator credentials spokuri/<<password>>
  3. Open a new tab and access http://pokuri.demo.com:14100/oam/server/impersonate/start?userid=kpokuri&success_url=http://pokuri.demo.com:7777/kpokuri.html&failure_url=http://pokuri.demo.com:7777/error.html
  4. When prompted enter impersonator password again
  5. Up on successful impersonation to user “kpokuri” new session will be created in OAM for user “kpokuri”.
  6. Check the “kpokuri” user session in OAM admin console “session management” and notice that impersonation field will be “true”.



Hope this helps some one out there!!

-- Siva Pokuri.