7 Integrating Oracle Access Manager Identity Assertion with IBM WebSphere Portal

A portal provides a single point of access to enterprise data and applications by presenting a unified and personalized view of that information to employees, customers, and business partners.

This chapter describes how to use the Oracle Access Manager Identity Assertion Provider with IBM WebSphere Portal v7. It includes the following topics:

• Integrating IBM WebSphere Portal with Oracle Access Manager

• Supported Versions and Platforms

• Integrating IBM WebSphere Portal v7.0 with Oracle Access Manager

• Configuring a Stand Alone LDAP Registry for OAM in IBM WebSphere

See Also:

Chapter 6, "Managing Oracle Access Manager Identity Assertion on IBM WebSphere" in the Oracle Fusion Middleware Third-Party Application Server Guide, which contains much of the information you need to set up IBM WebSphere.

7.1 Integrating IBM WebSphere Portal with Oracle Access Manager

The IBM WebSphere Portal Server runs on top of the IBM WebSphere Application Server (WAS) and uses the WAS security infrastructure to enforce access control. Integrating with the IBM WebSphere Portal provides the following Oracle Access Manager functionality for the portal:

• User and group management

• Password management

• Single sign-on (SSO) to the portal

• Unified logout between Oracle Access Manager, WAS, and the IBM WebSphere Portal

7.2 Supported Versions and Platforms

The same platforms and versions that are supported for Oracle Access Manager and the IBM WebSphere Application Server are supported with IBM WebSphere Portal.

Note:

In this chapter, IBM WebSphere Portal Server is abbreviated to IBM WebSphere Portal.

IBM WebSphere Portal v7.0 can be integrated with both:

• Oracle Access Manager 11g

• Oracle Access Manager 10g

For the latest support information, see:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

7.3 Integrating IBM WebSphere Portal v7.0 with Oracle Access Manager

Regardless of the Oracle Access Manager release you are integrating with the IBM WebSphere Portal v7.0, a series of installation and configuration steps must be performed as outlined here.

integrating IBM WebSphere Portal with Oracle Access Manager

1. Install IBM WebSphere Application Server and Portal Server as described in Section 9.2, "Installing Components for the Oracle Access Manager IAP for IBM WebSphere" in the Oracle Fusion Middleware Third-Party Application Server Guide:

   See Also:

   See the IBM WebSphere Portal Infocenter documentation for installation details.

2. Provision Webgate: Perform steps as described for:

   • Oracle Access Manager 11g: Section 9.5, "Provisioning and Configuring OAM 11g for the IAP and IBM WebSphere".

   • Oracle Access Manager 10g: Section 9.4, "Provisioning WebGate, Configuring OAM 10g (10.1.4.3) and the IAP for IBM WebSphere".

3. Install Webgate: Install Webgate as described in Section 9.6, "Installing the Required WebGate for the IHS Web Server".

4. Prepare Login Form: Use instructions in Section 9.8, "Preparing the Login Form for WebGate".

5. Configure IBM WebSphere Application Server for OAM SSO and the Portal Server Domain Profile as described in Section 9.9, "Configuring IBM WebSphere for OAM SSO and the IAP".

6. Configure a stand-alone LDAP registry for OAM within IBM WebSphere Portal Server, as described in this chapter: Section 7.4, "Configuring a Stand Alone LDAP Registry for OAM in IBM WebSphere".

7.4 Configuring a Stand Alone LDAP Registry for OAM in IBM WebSphere

This section describes how to configure a stand-alone LDAP registry for Oracle Access Manager within IBM WebSphere Portal Server.

To configure a stand alone LDAP registry for OAM in IBM WebSphere Portal

1. Locate the wp_security_<ldaptype>.properties file in the following path:

   was_portal_profile_dir/ConfigEngine/config/helpers/wp_security_<ldaptype>.properties 
   

   Here, <ldaptype> refers to the directory server type (vendor) in use with Oracle Access Manager. For example, for a Sun One directory server the file name is: wp_security_sunone.properties.

2. Open wp_security_<ldaptype>.properties for editing.

3. Update the following entries with values that reflect your deployment:

   standalone.ldap.id=<ldap server id> 
   
   standalone.ldap.host=host id name
   standalone.ldap.port=host port
   standalone.ldap.bindDN= <LDAP bind DN>
   standalone.ldap.bindPassword= ldappwd
   standalone.ldap.serverId=<full DN of ldap admin user>
   
   standalone.ldap.serverPassword=admin user password
   standalone.ldap.realm=<realm name>
   standalone.ldap.primaryAdminId=<full DN of ldap admin user>
   standalone.ldap.primaryAdminPassword= admin user password
   standalone.ldap.primaryPortalAdminId= admin user password
   standalone.ldap.primaryPortalAdminPassword=oblix
   
   standalone.ldap.primaryPortalAdminGroup=<full DN of admin group>
   standalone.ldap.baseDN= <LDAP base DN>
   
   standalone.ldap.et.group.objectClasses=group object class      
   standalone.ldap.personAccountParent=<ldap base DN>
   standalone.ldap.groupParent=<ldap base DN>
   

4. Execute the following command to validate properties:

   ConfigEngine.sh validate-standalone-ldap -DWasPassword=<admin user passwd> 
   -DparentProperties =<path to wp_security_<ldaptype>.properties> 
   

5. Execute the following command to change the portal-file-based repository to the defined LDAP type.

   ConfigEngine.sh wp-modify-ldap-security -DWasPassword=<admin user passwd> 
   -DparentProperties =<path to wp_security_<ldaptype>.properties> 
   

6. Upon successful completion of steps 4 and 5, restart the IBM WebSphere Portal and Application Servers.