A portal provides a single point of access to enterprise data and applications by presenting a unified and personalized view of that information to employees, customers, and business partners.
This chapter describes how to use the Oracle Access Manager Identity Assertion Provider with IBM WebSphere Portal v7. It includes the following topics:
Integrating IBM WebSphere Portal v7.0 with Oracle Access Manager
Configuring a Stand Alone LDAP Registry for OAM in IBM WebSphere
See Also:
Chapter 6, "Managing Oracle Access Manager Identity Assertion on IBM WebSphere" in the Oracle Fusion Middleware Third-Party Application Server Guide, which contains much of the information you need to set up IBM WebSphere.
The IBM WebSphere Portal Server runs on top of the IBM WebSphere Application Server (WAS) and uses the WAS security infrastructure to enforce access control. Integrating with the IBM WebSphere Portal provides the following Oracle Access Manager functionality for the portal:
User and group management
Password management
Single sign-on (SSO) to the portal
Unified logout between Oracle Access Manager, WAS, and the IBM WebSphere Portal
The same platforms and versions that are supported for Oracle Access Manager and the IBM WebSphere Application Server are supported with IBM WebSphere Portal.
Note:
In this chapter, IBM WebSphere Portal Server is abbreviated to IBM WebSphere Portal.
IBM WebSphere Portal v7.0 can be integrated with both:
Oracle Access Manager 11g
Oracle Access Manager 10g
For the latest support information, see:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
Regardless of the Oracle Access Manager release you are integrating with the IBM WebSphere Portal v7.0, a series of installation and configuration steps must be performed as outlined here.
integrating IBM WebSphere Portal with Oracle Access Manager
Install IBM WebSphere Application Server and Portal Server as described in Section 9.2, "Installing Components for the Oracle Access Manager IAP for IBM WebSphere" in the Oracle Fusion Middleware Third-Party Application Server Guide:
See Also:
See the IBM WebSphere Portal Infocenter documentation for installation details.
Provision Webgate: Perform steps as described for:
Oracle Access Manager 11g: Section 9.5, "Provisioning and Configuring OAM 11g for the IAP and IBM WebSphere".
Oracle Access Manager 10g: Section 9.4, "Provisioning WebGate, Configuring OAM 10g (10.1.4.3) and the IAP for IBM WebSphere".
Install Webgate: Install Webgate as described in Section 9.6, "Installing the Required WebGate for the IHS Web Server".
Prepare Login Form: Use instructions in Section 9.8, "Preparing the Login Form for WebGate".
Configure IBM WebSphere Application Server for OAM SSO and the Portal Server Domain Profile as described in Section 9.9, "Configuring IBM WebSphere for OAM SSO and the IAP".
Configure a stand-alone LDAP registry for OAM within IBM WebSphere Portal Server, as described in this chapter: Section 7.4, "Configuring a Stand Alone LDAP Registry for OAM in IBM WebSphere".
This section describes how to configure a stand-alone LDAP registry for Oracle Access Manager within IBM WebSphere Portal Server.
To configure a stand alone LDAP registry for OAM in IBM WebSphere Portal
Locate the wp_security_<ldaptype>.properties file in the following path:
was_portal_profile_dir/ConfigEngine/config/helpers/wp_security_<ldaptype>.properties
Here, <ldaptype> refers to the directory server type (vendor) in use with Oracle Access Manager. For example, for a Sun One directory server the file name is: wp_security_sunone.properties.
Open wp_security_<ldaptype>.properties for editing.
Update the following entries with values that reflect your deployment:
standalone.ldap.id=<ldap server id> standalone.ldap.host=host id name standalone.ldap.port=host port standalone.ldap.bindDN= <LDAP bind DN> standalone.ldap.bindPassword= ldappwd standalone.ldap.serverId=<full DN of ldap admin user> standalone.ldap.serverPassword=admin user password standalone.ldap.realm=<realm name> standalone.ldap.primaryAdminId=<full DN of ldap admin user> standalone.ldap.primaryAdminPassword= admin user password standalone.ldap.primaryPortalAdminId= admin user password standalone.ldap.primaryPortalAdminPassword=oblix standalone.ldap.primaryPortalAdminGroup=<full DN of admin group> standalone.ldap.baseDN= <LDAP base DN> standalone.ldap.et.group.objectClasses=group object class standalone.ldap.personAccountParent=<ldap base DN> standalone.ldap.groupParent=<ldap base DN>
Execute the following command to validate properties:
ConfigEngine.sh validate-standalone-ldap -DWasPassword=<admin user passwd> -DparentProperties =<path to wp_security_<ldaptype>.properties>
Execute the following command to change the portal-file-based repository to the defined LDAP type.
ConfigEngine.sh wp-modify-ldap-security -DWasPassword=<admin user passwd> -DparentProperties =<path to wp_security_<ldaptype>.properties>
Upon successful completion of steps 4 and 5, restart the IBM WebSphere Portal and Application Servers.