59.11 Setting Up Access Manager and Windows Native Authentication

This section provides the following topics:

• Setting Up Access Manager WNA

• Setting Up WNA With SharePoint Server

• Installing Access Manager for WNA and SharePoint Server

• Testing Your WNA Implementation

59.11.1 Setting Up Access Manager WNA

Configure Access Manager to use Windows Native Authentication.

59.11.2 Setting Up WNA With SharePoint Server

The following overview outlines the tasks that must be performed to set up WNA with Access Manager and the SharePoint Server.

Task overview: Setting up WNA with SharePoint Server

1. Complete the following prerequisite tasks:

   • Perform tasks in "Required Microsoft Components".

   • Create a SharePoint Web site, as described in "Creating a New Web Application in Microsoft SharePoint Server".

   • Configure the SharePoint site collection, as described in "Creating a New Site Collection for Microsoft SharePoint Server".

   • Test the configuration to ensure that users who are present in the directory server can log in to the SharePoint Web site and get proper roles, as described in your SharePoint documentation.

2. Install Access Manager as described in "Installing Access Manager for WNA and SharePoint Server".

   This step includes installing the WebGate for IIS and configuring Webgate.dll for the individual SharePoint Web site.

3. Configure the Active Directory authentication provider, as follows:

   1. Login to the WebLogic Console.

   2. Go to Security Realm and click the realm being used.

   3. Go to the Provider tab provider, click New.

   4. Enter the provider name, select the Type ActiveDirectoryAuthenticator, click OK.

   5. Select the newly created Provider, change Control Flag to Sufficient, and Save.

   6. Go to Provider Specific tab, enter details for your Active Directory, and save these.

4. Perform "Testing Your WNA Implementation".

59.11.3 Installing Access Manager for WNA and SharePoint Server

You perform this task after you perform all prerequisites described in step 1 of the "Setting Up WNA With SharePoint Server". Installing most Access Manager components for this integration scenario is the same as for any other situation.

Installing the IIS WebGate is similar to installing any other WebGate. The WebGate should be installed with the IIS v7 Web server; later it can be configured at the specific SharePoint Web site level to be protected. For IIS, the WebGate must be configured at the "web sites" level. For Microsoft SharePoint Server, you must configure the WebGate for the specific SharePoint Web site level to be protected.

To install Access Manager for WNA and SharePoint Server

1. Install Access Manager as described in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.

2. Install the ISAPI WebGate as follows:

   • Installing WebGates

   • Installing Web components for the IIS Web server

     Next, you configure Webgate.dll at the SharePoint Web site that yo want to protect. Configuring Webgate.dll at the "Website level" protects all Web sites on the IIS Web server. However, configuring Webgate.dll at the "SharePoint Website" protects only the expected Web site.

3. Configure Webgate.dll at the SharePoint Web site that you want to protect. For example:

   1. Start the Internet Information Services (IIS) Manager: Click Start, Programs, Administrative Tools, Internet Information Services (IIS) Manager.

   2. Select the hostname from the Connections pane.

   3. From the host name Home pane, double-click ISAPI Filters, look for any Webgate.dll; if it is present, select it and click Remove from the Action pane.

   4. In the Connection pane, under Sites, click the name of the Web Site for which you want to configure a WebGate filter.

   5. In the Home pane, double-click ISAPI Filters.

   6. In the Actions pane, click Add…

   7. In the Filter name text box of the Add ISAPI Filter dialog box, type WebGate as the name of the ISAPI filter.

   8. In the Executable box, type the file system path of the WebGate ISAPI filter file or click the ellipsis button (...) to go to the folder that contains the Webgate.dll ISAPI filter file, and then click OK.

      WebGate_install_dir\access\oblix\apps\Webgate\bin\Webgate.dll
      

4. Creating a Virtual Directory

   1. Expand the Sites pane and select the Web Site for which you just configured the ISAPI filter (Webgate.dll).

   2. On the Action pane, click View Virtual Directories and then select Add Virtual Directory.

   3. In the Alias field, specify access and the physical path to the WebGate \access folder (or click the ellipsis button (...), go to the \access folder, then click OK).

      WebGate_install_dir\access\
      

5. Set permissions on the Virtual Directory:

   1. Select the "access" virtual directory created in Step 3.

   2. From the access Home pane, double click Handler Mappings; from the Action pane, select Edit Feature Permissions….

   3. Select Read, Script, and Execute, then click OK

6. Configure Access Manager to use Windows Native Authentication.

7. Configure Microsoft SharePoint Server Authentication to Classic Mode Authentication while creating a new Web Application in Microsoft SharePoint. In the Authentication Provider section, select Negotiate(Kerberos).

8. Go to IIS newly created SharePoint site and:

   1. Open Authentication, Windows Authentication, Advance Settings.

   2. Select Enable Kernel mode authentication.

   3. Select providers, delete NTLM provider.

   4. Add Negotiate:Kerberos and move it to the top level.

   5. Restart IIS.

9. Proceed to "Testing Your WNA Implementation".

59.11.4 Testing Your WNA Implementation

Use the following steps to confirm your WNA implementation is working properly.

To test your WNA implementation

1. Log in to the machine as the Windows domain user (or AD user or AD user account).

   The login account must also be a user of Access Manager.

2. Enter the URL of the protected resource.