Showing posts with label Windows 2008 Server. Show all posts
Showing posts with label Windows 2008 Server. Show all posts

Monday, May 26, 2014

Integrate Oracle Entitlements Servers 11g + Java Application using OES custom tag libraries

HiAll,

From last couple of days, I have been trying different options to integrate Java Application using Oracle Entitlements Server custom java tag libs and finally able to make it work.

Thought to share high level steps:

-- Oracle Entitlements Server 11g 11.1.1.5.0
-- OES Weblogic Security module (Installed on separate Weblogic domain) with Java application running in that domain
-- Java Application which has JAAS authentication module enabled

Note: Since there is no way to pass the User ID as part of authorization check JAAS authentication is mandatory.

-- Define application policies according to the requirement in OES APM console
-- Distribute the application policies to Weblogic Security module
-- Use samples provided in OES documentation
    Ref: http://docs.oracle.com/cd/E21764_01/security.1111/e14097/jsp_tags.htm#sthref305

-- Siva Pokuri.
Posted by No comments:
Labels: , , , , , , ,

Wednesday, April 2, 2014

Windows Native Authentication(WNA) configuration in Oracle Access Manager 11g R2 PS2


Agenda: Process to configure WNA Authentication in Oracle Access Manager 11GR2 PS2.

Process:

  • Create new service account in Active Directory domain controller. User should not have any password expiry.


  • Open the command prompt in AD machine and  execute the below command to generate the keytab file.
"ktpass -princ HTTP/<oamHostName>@<adDomainName> -mapuser <adDomain>\<username> -pass <userPassword> -out <path>"


  •  Check the success message as shown in the below screen shot. 


  •  Open the user account in AD and click on the Account tab. Verify that principle name as shown in the below screen.

  • Copy the keytab file from AD machine to OAM machine. 

  •  Login as a root user and edit the /etc/krb5.conf file


  •  Please verify the below screen for your reference.


  •  Execute the klist command in OAM machine as shown in the below screen.  Find the Syntax below.
"klist -k -t -K -e FILE:/<keytab file path>"


  •  Execute the kinit command in OAM machine as shown in the below screen. Find the syntax below.
"kinit -V <Principle Name> -k -t <keytab file path>"

  •  Execute the klist command in OAM machine as shown in the below screen. 


  •  Login to the access manager admin console.
  • Navigate to Authentication modules > Kerberos
  • Provide the required parameters as shown below.


  •  Create new data store for AD in OAM.


  •  Create Authentication policy with Kerberos schema.


  •  For your reference verify the Kerberos authentication schema as shown in the below screen. 


  •  NTLM Changes.
  • Login to the server and navigate to the directory /<weblogic_domain>/config/fmwconfig/
  • Modify the NTLM Response from DEFAULT to BASIC. 


  •  Restart the Weblogic Admin server and OAM Managed server.

Testing:


  • Login to the AD Domain machine. 
  • Open command prompt and execute command "klist" to check the kerberos tokens are generated or not.


  •  Open IE browser then open Internet options and navigate to Advanced tab. Scroll down and verify "Enable Integrated Windows Authentication" is selected. 

  • Try to access the application which is protected by OAM Kerberos authentication.

-- Kiran Pokuri 
Posted by 8 comments:
Labels: , , , , , , , , , , ,
Subscribe to: Posts (Atom)