Integration Guide for Oracle Billing Insight > Using an External Authentication System > Configuring Oracle Billing Insight to use a Single Sign-on System >
Example of Integrating Oracle Billing Insight with OIM
This topic provides one example of integrating Oracle Billing Insight with Oracle Identity and Access Manager (OIM) on Oracle WebLogic. The specific steps and files required for your SSO implementation will vary. To integrate Oracle Billing Insight with OIM on Oracle WebLogic
- Verify that the following requirements have been met:
- The OIM SSO system is set up.
- The Oracle Billing Insight installation and configuration is complete.
- Open the globalConfig.xma.xml file, located in the following directory:
- Import the SSO user in the Oracle Billing Insight database.
- Access Oracle Directory Services Manager (ODSM), and add a user group for the Self-Service and Assisted Service applications, and assign users to groups.
- Edit the web.xml and weblogic.xml files in the Oracle Billing Insight EAR file, located in the following directory:
- UNIX.
EDX_HOME /J2EEApps/selfservice/weblogic/selfservice-weblogic-7.0.ear/selfservice-1.0-SNAPSHOT.war/WEB-INF
- Windows.
EDX_HOME \J2EEApps\selfservice\weblogic\selfservice-weblogic-7.0.ear\selfservice-1.0-SNAPSHOT.war\WEB-INF
- Add the following content to the web.xml file:
<login-config><auth-method>CLIENT-CERT</auth-method><realm-name>myRealm</realm-name></login-config> <security-role><role-name>AUTH_USER</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>All areas</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint><role-name>AUTH_USER</role-name></auth-constraint> </security-constraint>
- Add the following content to the weblogic.xml file, where the value of principal-name is the group to be created in your LDAP server:
<security-role-assignment> <principal-name>EBilling_USERS</principal-name> <principal-name>CSR_USERS</principal-name> <role-name>AUTH_USER</role-name> </security-role-assignment>
- Edit the Spring Security configuration file, spring-security.xml, located in the following directory:
- A samples JAR file, ebilling-sso-oam-1.0-SNAPSHOT.jar, is located in the following directory:
- UNIX.
EDX_HOME/samples/sso/OAM/xma
- Windows.
EDX_HOME\samples\sso\OAM\xma
Move the file into the following directory:
- UNIX.
EDX_HOME/J2EEApps/selfsevice/weblogic/selfservice-weblogic-7.0.ear/xma
- Windows.
EDX_HOME\J2EEApps\selfsevice\weblogic\selfservice-weblogic-7.0.ear\xma
Add the jar file path to the MANIFEST.MF file, located in the following directory:
- UNIX.
EDX_HOME/J2EEApps/selfsevice/weblogic/selfservice-weblogic-7.0.ear/APP-INF/lib/xma-classpath.jar/META-INF
- Windows.
EDX_HOME\J2EEApps\selfsevice\weblogic\selfservice-weblogic-7.0.ear\APP-INF\lib\xma-classpath.jar\META-INF
Samples provide minimal functionality only. Additional requirements can be implemented by extending Spring Security.
- Change the following beans:
- Replace "FORM_LOGIN_FILTER" with "PRE_AUTH_FILTER" in the following section:
<security:http entry-point-ref="EBillingEntryPoint" access-decision-manager-ref="accessDecisionManager"> <security:custom-filter position="PRE_AUTH_FILTER" ref="j2eePreAuthFilter" /> </security:http>
- Define the "j2eePreAuthFilter" bean as follows:
<bean id="j2eePreAuthFilter" class="com.edocs.common.security.authenticate.sso.EBillingPreAuthenticatedProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationDetailsSource"> <bean class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource"> <property name="mappableRolesRetriever" ><bean class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever" /> </property> <property name="userRoles2GrantedAuthoritiesMapper"> bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper"><property name="convertAttributeToUpperCase" value="true"/></bean></property> </bean> </property> <property name="ebllingAuthenticationDetailsSource"><bean class="com.edocs.common.security.authenticate.EBillingWebAuthenticationDetailsSource" /> </property> </bean>
- Replace preAuthenticatedAuthenticationProvider with daoAuthenticationProvider at each occurrence in the following section:
<security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="impersonateAuthenticationProvider" /> <security:authentication-provider ref='preAuthenticatedAuthenticationProvider'/> </security:authentication-manager> <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider"> <property name="preAuthenticatedUserDetailsService"ref="userDetailsService"/></bean>
- Change the bean ID userDetailsService to "com.edocs.common.security.authenticate.EBillingPreAuthUserDetailsService" in the following section:
<bean id="userDetailsService" class="com.edocs.common.security.authenticate.EBillingUserDetailsService" />
- Define the logout URL in <security:logout>:
<security:http entry-point-ref="EBillingEntryPoint" access-decision-manager-ref="accessDecisionManager"> security:logout logout-url="/j_spring_security_logout" logout-success-url="${logout_link}" invalidate-session="true" /> </security:http>
- Configure the Oracle WebLogic domain for the Self-Service application to support OIM single sign-on:
- Add the OIM dependency into the application domain. Copy the oamAuthnProvider.jar file from the OAM_HOME directory to the following directory:
- UNIX.
WL_HOME /server/lib/mbeantypes
- Windows.
WL_HOME \server\lib\mbeantypes
- Add providers to the security realms in the domain. In the Oracle Weblogic console, click Home, Summary of Security Realms, myrealm, and then Providers. Add OAMIdentityAsserter, OIDAuthenticator in Configure OAMIdentityAsserter and OIDAuthenticator.
- Reorder the providers. On the console, click Home, Summary of Security Realms, myrealm, and then Providers. Reorder the providers as follows:
- OAMIdentityAsserter
- OIDAuthenticator
- DefaultAuthenticator
- DefaultIdentityAsserter
- Install and configure Oracle HTTP Server and a WebGate:
- Install and configure Oracle HTTP Server. For information about implementing Oracle HTTP Server (OHS), see Oracle® Fusion Middleware Installing and Configuring Oracle HTTP Server.
- In the ${INSTANCE_HOME}/config/OHS/${YOUR OHS INSTANCE NAME}/moduleconf, create a file called ebilling.conf, with the following content:
NameVirtualHost *:${your port} <VirtualHost *:${your port}> # ServerName admin.mycompany.com:80 # ServerAdmin you@your.address RewriteEngine On RewriteOptions inherit # RewriteRule ^/console/jsp/common/logout.jsp /oamsso/logout.html [PT] # RewriteRule ^/em/targetauth/emaslogout.jsp /oamsso/logout.html [PT] # Admin Server and EM <Location/selfservice> SetHandler weblogic-handler WebLogicHost ${your SelfService host name} WeblogicPort ${your SelfService port} </Location> </VirtualHost>
- Restart OHS.
- Run the automated configuration script:
- Go to the following directory:
- UNIX.
EDX_HOME /samples/sso/OAM/build
- Windows.
EDX_HOME \samples\sso\OAM\build
- In the build.properties file, set the following parameters for your implementation.
|
|
edx_home |
The location where you installed Oracle Billing Insight. |
wls_home |
The location where Oracle WebLogic is installed. |
wls_user |
The name of the Oracle WebLogic user. |
wls_password |
The password of the Oracle WebLogic user. |
app_host |
The name of your application host server. |
ebilling_domain_name |
Your Self-Service application domain name. |
csr_domain_name |
Your Assisted Service application domain name. |
ebilling_port |
The port number of your Self-Service application. |
csr_port |
The port number of your Assisted Service application. |
rs_port |
The port number of your RESTful Web services. |
f
- Enter Ant. The script automatically runs Options 2 - 9.
- Update the spring-security-sso.properties file, found in each of the following folders:
logout_link=http://your_OAM_server_name:your_OAM_server_port/oam/server/logout?end_url=http://your_OHS_server_name:your_OHS_server_port/csr
- Copy the following EAR files from the EDX_HOME
/samples/sso/OAM/build/target directory to the EDX_HOME/J2EEApp folder, and then redeploy the files:
- selfservice-weblogic-7.0.ear
- rs-weblogic-7.0.ear
- csr-app-7.0.ear
|