Bookshelf Home | Contents | Index | PDF     

Integration Guide for Oracle Billing Insight > Using an External Authentication System > Configuring Oracle Billing Insight to use a Single Sign-on System >

Example of Integrating Oracle Billing Insight with OIM

This topic provides one example of integrating Oracle Billing Insight with Oracle Identity and Access Manager (OIM) on Oracle WebLogic. The specific steps and files required for your SSO implementation will vary.

To integrate Oracle Billing Insight with OIM on Oracle WebLogic

  1. Verify that the following requirements have been met:
    • The OIM SSO system is set up.
    • The Oracle Billing Insight installation and configuration is complete.
  2. Open the globalConfig.xma.xml file, located in the following directory:
    • UNIX. EDX_HOME/xma/config/modules
    • Windows. EDX_HOME\xma\config\modules

      Set the Set ebillingSingleSignOnEnabled property to True. Set the singleSignOutUrl property to j_spring_security_logout.

  3. Import the SSO user in the Oracle Billing Insight database.
  4. Access Oracle Directory Services Manager (ODSM), and add a user group for the Self-Service and Assisted Service applications, and assign users to groups.
  5. Edit the web.xml and weblogic.xml files in the Oracle Billing Insight EAR file, located in the following directory:
    • UNIX. EDX_HOME/J2EEApps/selfservice/weblogic/selfservice-weblogic-7.0.ear/selfservice-1.0-SNAPSHOT.war/WEB-INF
    • Windows. EDX_HOME\J2EEApps\selfservice\weblogic\selfservice-weblogic-7.0.ear\selfservice-1.0-SNAPSHOT.war\WEB-INF
    1. Add the following content to the web.xml file:

    <login-config><auth-method>CLIENT-CERT</auth-method><realm-name>myRealm</realm-name></login-config>
    <security-role><role-name>AUTH_USER</role-name> </security-role>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>All areas</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint><role-name>AUTH_USER</role-name></auth-constraint>
    </security-constraint>

    1. Add the following content to the weblogic.xml file, where the value of principal-name is the group to be created in your LDAP server:

    <security-role-assignment>
    <principal-name>EBilling_USERS</principal-name>
    <principal-name>CSR_USERS</principal-name>
    <role-name>AUTH_USER</role-name>
    </security-role-assignment>

  6. Edit the Spring Security configuration file, spring-security.xml, located in the following directory:
    • UNIX. EDX_HOME/config/security/selfservice
    • Windows. EDX_HOME\config\security\selfservice

      Sample configuration files can be found in the following directories:

    • UNIX. EDX_HOME/samples/sso/OAM/conf/selfservice
      and EDX_HOME/samples/sso/OAM/conf/csr
    • Windows. EDX_HOME\samples\sso\OAM\conf\selfservice
      and EDX_HOME\samples\sso\OAM\conf\csr
  7. A samples JAR file, ebilling-sso-oam-1.0-SNAPSHOT.jar, is located in the following directory:
    • UNIX. EDX_HOME/samples/sso/OAM/xma
    • Windows. EDX_HOME\samples\sso\OAM\xma

      Move the file into the following directory:

    • UNIX. EDX_HOME/J2EEApps/selfsevice/weblogic/selfservice-weblogic-7.0.ear/xma
    • Windows. EDX_HOME\J2EEApps\selfsevice\weblogic\selfservice-weblogic-7.0.ear\xma

      Add the jar file path to the MANIFEST.MF file, located in the following directory:

    • UNIX. EDX_HOME/J2EEApps/selfsevice/weblogic/selfservice-weblogic-7.0.ear/APP-INF/lib/xma-classpath.jar/META-INF
    • Windows. EDX_HOME\J2EEApps\selfsevice\weblogic\selfservice-weblogic-7.0.ear\APP-INF\lib\xma-classpath.jar\META-INF

      Samples provide minimal functionality only. Additional requirements can be implemented by extending Spring Security.

  8. Change the following beans:
    • Replace "FORM_LOGIN_FILTER" with "PRE_AUTH_FILTER" in the following section:

    <security:http entry-point-ref="EBillingEntryPoint"
    access-decision-manager-ref="accessDecisionManager">
    <security:custom-filter position="PRE_AUTH_FILTER"
    ref="j2eePreAuthFilter" />
    </security:http>

    • Define the "j2eePreAuthFilter" bean as follows:

    <bean id="j2eePreAuthFilter" class="com.edocs.common.security.authenticate.sso.EBillingPreAuthenticatedProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationDetailsSource">
    <bean class="org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
    <property name="mappableRolesRetriever"
    ><bean class="org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever" />
    </property> <property name="userRoles2GrantedAuthoritiesMapper">
    bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper"><property name="convertAttributeToUpperCase" value="true"/></bean></property> </bean> </property> <property name="ebllingAuthenticationDetailsSource"><bean class="com.edocs.common.security.authenticate.EBillingWebAuthenticationDetailsSource" /> </property> </bean>

    • Replace preAuthenticatedAuthenticationProvider with daoAuthenticationProvider at each occurrence in the following section:

    <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="impersonateAuthenticationProvider" /> <security:authentication-provider ref='preAuthenticatedAuthenticationProvider'/>
    </security:authentication-manager>
    <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    <property name="preAuthenticatedUserDetailsService"ref="userDetailsService"/></bean>

    • Change the bean ID userDetailsService to "com.edocs.common.security.authenticate.EBillingPreAuthUserDetailsService" in the following section:

    <bean id="userDetailsService" class="com.edocs.common.security.authenticate.EBillingUserDetailsService" />

    • Define the logout URL in <security:logout>:

    <security:http entry-point-ref="EBillingEntryPoint"
    access-decision-manager-ref="accessDecisionManager">
    security:logout logout-url="/j_spring_security_logout"
    logout-success-url="${logout_link}" invalidate-session="true" />
    </security:http>

  9. Configure the Oracle WebLogic domain for the Self-Service application to support OIM single sign-on:
    1. Add the OIM dependency into the application domain. Copy the oamAuthnProvider.jar file from the OAM_HOME directory to the following directory:
      • UNIX. WL_HOME/server/lib/mbeantypes
      • Windows. WL_HOME\server\lib\mbeantypes
    2. Add providers to the security realms in the domain. In the Oracle Weblogic console, click Home, Summary of Security Realms, myrealm, and then Providers. Add OAMIdentityAsserter, OIDAuthenticator in Configure OAMIdentityAsserter and OIDAuthenticator.
    3. Reorder the providers. On the console, click Home, Summary of Security Realms, myrealm, and then Providers. Reorder the providers as follows:
      • OAMIdentityAsserter
      • OIDAuthenticator
      • DefaultAuthenticator
      • DefaultIdentityAsserter
  10. Install and configure Oracle HTTP Server and a WebGate:
    1. Install and configure Oracle HTTP Server. For information about implementing Oracle HTTP Server (OHS), see Oracle® Fusion Middleware Installing and Configuring Oracle HTTP Server.
    2. In the ${INSTANCE_HOME}/config/OHS/${YOUR OHS INSTANCE NAME}/moduleconf, create a file called ebilling.conf, with the following content:

    NameVirtualHost *:${your port}
    <VirtualHost *:${your port}>
    # ServerName admin.mycompany.com:80
    # ServerAdmin you@your.address
    RewriteEngine On
    RewriteOptions inherit
    # RewriteRule ^/console/jsp/common/logout.jsp /oamsso/logout.html [PT]
    # RewriteRule ^/em/targetauth/emaslogout.jsp /oamsso/logout.html [PT]
    # Admin Server and EM
    <Location/selfservice>
    SetHandler weblogic-handler
    WebLogicHost ${your SelfService host name}
    WeblogicPort ${your SelfService port}
    </Location>
    </VirtualHost>

    1. Restart OHS.
  11. Run the automated configuration script:
    1. Go to the following directory:
      • UNIX. EDX_HOME/samples/sso/OAM/build
      • Windows. EDX_HOME\samples\sso\OAM\build
    2. In the build.properties file, set the following parameters for your implementation.
      Property
      Description

      edx_home

      The location where you installed Oracle Billing Insight.

      wls_home

      The location where Oracle WebLogic is installed.

      wls_user

      The name of the Oracle WebLogic user.

      wls_password

      The password of the Oracle WebLogic user.

      app_host

      The name of your application host server.

      ebilling_domain_name

      Your Self-Service application domain name.

      csr_domain_name

      Your Assisted Service application domain name.

      ebilling_port

      The port number of your Self-Service application.

      csr_port

      The port number of your Assisted Service application.

      rs_port

      The port number of your RESTful Web services.
      f
    3. Enter Ant. The script automatically runs Options 2 - 9.
  12. Update the spring-security-sso.properties file, found in each of the following folders:
    • EDX_HOME/samples/sso/OAM/conf/selfservice
    • EDX_HOME/samples/sso/OAM/conf/csr
    • EDX_HOME/samples/sso/OAM/conf/rs

      In each file, set the logout_link property as follows, specifying the OIM and OHS server and ports for your implementation:

    logout_link=http://your_OAM_server_name:your_OAM_server_port/oam/server/logout?end_url=http://your_OHS_server_name:your_OHS_server_port/csr

  13. Copy the following EAR files from the EDX_HOME/samples/sso/OAM/build/target directory to the EDX_HOME/J2EEApp folder, and then redeploy the files:
    • selfservice-weblogic-7.0.ear
    • rs-weblogic-7.0.ear
    • csr-app-7.0.ear

    
Integration Guide for Oracle Billing Insight Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Legal Notices.