Skip to content

Oracle SSO solution for Weblogic Server

March 5, 2010

This post will show a way to enable oracle single sigon(SSO) on Oracle Weblogic Server(10.3.0)

Prerequisites

1.  You have installed Oracle HTTP Server 2.0 & Oracle Weblogic Server 10.3 with application deployed.

You can download Oracle HTTP Server 2.0 from Oracle 10gR3 Companion Disc

http://www.oracle.com/technology/software/products/ias/htdocs/101310.html

2. Single Sign on Server & OID 10.1.2

Download and Configure MOD_WEBLOGIC

a. Download MOD_WEBLOGIC from http://download.oracle.com/otn/bea/weblogic/server103/server103_apacheplugins.zip.

b. extract the corresponding platform  mod_wl_20.so. Copy it to $ORACLE_HOME/ohs/modules.

c. Edit $ORACLE_HOME/ohs/conf/httpd.conf and add the following line under the last LoadModule directive: LoadModule weblogic_module modules/mod_wl_20.so

d. At the end of  $ORACLE_HOME/ohs/conf/httpd.conf file add the following directives

<IfModule mod_weblogic.c>

WebLogicHost  linux2.oracle.com

WebLogicPort 7001 (this should match with HTTP Server port where Weblogic Server is running)

<Location /sample>

SetHandler weblogic-handler

</Location>

e. Stop and start the HTTP_Server to pick up the changes.

Configure MOD_OSSO.

a. Manually register the application url with SSO

$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path $ORACLE_HOME -site_name linux2.oracle.com -config_mod_osso TRUE -mod_osso_url http://linux2.oracle.com:7010  -verbose TRUE ( Place the conf file in target Apache/conf/osso/

b. Add below line in   $ORACLE_HOME/ohs/conf/httpd.conf

LoadModule osso_module modules/mod_osso.so (Should be on TOP in DSO section).

c. Edit $ORACLE_HOME/ohs/conf/mod_osso.conf and lines to look like

<IfModule mod_osso.c>

OssoIdleTimeout off

OssoIpCheck off

#OssoRedirectByForm off

#OssoSecureCookies on

#OssoProtectedOnly on

#OssoSecureCookies on

#OssoSendCacheHeaders on

#OssoHttpsFrontend on

#UseWebCacheIp on

OssoConfigFile /oracle/ohs/ohs/conf/osso/osso.conf

<Location /ssotest>

Require valid-user

AuthType Basic

</Location>

<Location /private>

AuthType Basic

Require valid-user

</Location>

</IfModule>

<Location /sample>

Require valid-user

AuthType Basic

</Location>

d. Stop and start the Weblogic HTTP_Server to pick up the changes.

Configure OSSO Identity Asserter.

Login Weblogic Server Control Console as weblogic user

a) Add following Providers to a weblogic Domain for OSSO

OSSO Identity Asserter, DefaultAuthenticator & OID Authenticator

Adding OSSO Identity Asserter

1. Click Security Realms, Default Realm Name, Providers

2.Select New under the Authentication Providers table.

3. Enter a name for the new provider, select its type, and then click OK. For example:

Name: OSSO Identity Asserter

Type: OSSOIdentityAsserter

Ok

In settings for Settings for OSSO Identity Asserter

4. Click Default Authentication Provider.

5. Set the control flag to OPTIONAL, and click Save

6. Adding OIDAuthenticator

Click New, and enter a name and type:.

Name. OID Authenticator

7. Click the provider Specific tab & specify the following settings

User Name Attribute: orcladmin(Example)

Host: The Oracle Internet Directory hostname

Group Base DN: cn=Groups,dc=cse,dc=oracle,dc=com

User Base DN: cn=users,dc=cse,dc=oracle,dc=com

Port: Oracle Internet Directory port

8. Reorder Providers After Stop & Restart WebLogic Server

b. Establishing Trust between Oracle WebLogic Server and Other Entities

1. Enter the syntax for the connection filter rules  & Restart the WebLogic Server.

c. Configuring the Application for the OSSO Identity Asserter

1. Locate the web.xml file in the application EAR file.

2. Locate the auth-method for the appropriate realm and enter CLIENT-CERT. For example:

<login-config>

<auth-method>CLIENT-CERT</auth-method>

<realm-name>myRealm</realm-name>

</login-config>

3. Save the file. redeploy & restart the Application.

References:

1) Metalink ID: 796072.1 How to Integrate OHS 2.0 with MOD_WEBLOGIC and MOD_OSSO

2) Oracle Fusion Middleware Release Notes 11g Release 1

Related Links

1. Weblogic Server Installation

2. Weblogic Server Clustering

3. Weblogic Server Administrator password

4.  Increasing the Heap Size in Weblogic Server

Other Links

1. Configuring Webcenter with Proxy HTTP Server and SSO


Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s