Skip Navigation Links | |
Exit Print View | |
Oracle Identity Analytics System Integrator's Guide 11g Release 1 |
1. Integrating With Oracle Identity Manager, Preferred Method
2. Integrating With Oracle Identity Manager, Deprecated Method
3. Integrating With Oracle Waveset (Sun Identity Manager)
4. Integrating With Other Provisioning Servers
6. Integrating With Intellitactics Security Manager
7. Configuring Oracle Identity Analytics For Web Access Control
To Access Oracle Identity Analytics When Using Web Access Control
The following two configuration changes need to be made in Oracle Identity Analytics:
Setting up the correct HTTP header variable name in security-context.xml
Setting up the logout URL
Web Access Control Solutions send user information as part of the http header variable. This header variable, which is the user name, holds a unique identity for the user being authenticated. This user name should be the same as the Oracle Identity Analytics user.
As shown in the following snippet from the security-context.xml configuration file (under the WEB-INF folder in Oracle Identity Analytics), Oracle Identity Analytics is configured to use the value of the "sm-user" http header variable to authorize a user. Change the property of preAuthEnabled to true and also change sm-user for preAuthUsernameHeaderKey and preAuthPasswordHeaderKey to the header variable sent by the Web Access Control Solution.
<bean id="preAuthAwareAuthenticationProcessingFilter" class="com.vaau.commons.springframework.security.filter.PreAuthAwareAuthenticationProcessi / ngFilter"> <property name="authenticationManager"> <ref bean="authenticationManager"/> </property> <property name="authenticationFailureUrl" value="/welcome.action?login_error=true"/> <property name="defaultTargetUrl" value="/secure/checkExpiredCredentials.action"/> <property name="filterProcessesUrl" value="/j_acegi_security_check"/> <property name="formUsernameParameterKey" value="j_username"/> <property name="formPasswordParameterKey" value="j_password"/> <property name="preAuthEnabled" value="true"/> <property name="preAuthUsernameHeaderKey" value="sm-user"/> <property name="preAuthPasswordHeaderKey" value="sm-user"/> <!--SM_USER --> <property name="exceptionMappings"> <props> <prop key="org.springframework.security.BadCredentialsException"> / /welcome.action?login_error=true</prop> <prop key="org.springframework.security.CredentialsExpiredException"> / /passwordExpired.action</prop> </props> </property> </bean>
For a user to completely log out from the session, the Oracle Identity Analytics default logout URL needs to be modified with the logout URL for the Web Access Control Solution.
To configure the logout URL in Oracle Identity Analytics, change the following entry in the header.jspf file under the WEB-INF/jspf folder.
Current information in line 111-122 in the header.jspf file:
<tr> <td height="22"> <div align="center" style="font-size:10px;"> <a href="<%=ctx%>/secure/home/home.action" class="hoverUnderline" style="color:#000000">Home</a> <a href="<%=ctx%>/logout.action" class="hoverUnderline" style="color:#000000">Logout</a> <a href="<%=ctx%>/docs/userguide/index.html" target="_blank" class="hoverUnderline" style="color:#000000">Help</a> </div> </td> </tr>
Line 111-122 in the header.jspf file after the modification:
<tr> <td height="22"> <div align="center" style="font-size:10px;"> <a href="<%=ctx%>/secure/home/home.action" class="hoverUnderline" style="color:#000000">Home</a> | <a href="www.vaau.com/logout.jsp" class="hoverUnderline" style="color:#000000">Logout</a> | <a href="<%=ctx%>/docs/userguide/index.html" target="_blank" class="hoverUnderline" style="color:#000000">Help</a> </div> </td> </tr>