Configure SSO in an Oracle Access Manager Environment
Configure Oracle Access Manager as the SSO authentication provider for Oracle Fusion Middleware with WebLogic Server.
See Securing Applications with Oracle Platform Security Services .
After the Oracle Fusion Middleware environment is configured, in general the following must be done to configure Publisher:
-
Configure the SSO provider to protect the Publisher URL entry points.
-
Configure the web server to forward requests from Publisher to the SSO provider.
-
Configure the new identity store as the main authentication source for the Oracle WebLogic Server domain in which Publisher has been installed. For more information, see Configure a New Authenticator for Oracle WebLogic Server.
-
Configure the Oracle Access Manager domain in which Publisher is installed to use an Oracle Access Manager asserter. For more information, see Configure OAM as a New Identity Asserter for Oracle WebLogic Server.
-
After configuration of the SSO environment is complete, enable SSO authentication for Publisher. For more information, see Configure Publisher for Oracle Fusion Middleware Security.
Configure a New Authenticator for Oracle WebLogic Server
After installing Publisher, the Oracle WebLogic Server embedded LDAP server is the default authentication source (identity store). To use a new identity store (for example, OID), as the main authentication source, you must configure the Oracle WebLogic Server domain (where Publisher is installed).
For more information about configuring authentication providers in Oracle WebLogic Server, see Administering Security for Oracle WebLogic Server.
Configure OAM as a New Identity Asserter for Oracle WebLogic Server
The Oracle WebLogic Server domain in which Publisher is installed must be configured to use an Oracle Access Manager asserter.
For more information about creating a new asserter in Oracle WebLogic Server, see Oracle WebLogic Server Administration Console Online Help.
To configure Oracle Access Manager as the new asserter for Oracle WebLogic Server:
-
Log in to Oracle WebLogic Server Administration Console.
-
In Oracle WebLogic Server Administration Console, select Security Realms from the left pane and click the realm you're configuring. For example, myrealm. Select Providers.
-
Click New. Complete the fields as follows:
-
Name: OAM Provider, or a name of your choosing.
-
Type: OAMIdentityAsserter.
-
-
Click OK.
-
Click Save.
-
In the Providers tab, perform the following steps to reorder Providers:
-
Click Reorder
-
In the Reorder Authentication Providers page, select a provider name, and use the arrows beside the list to order the providers as follows:
-
OID Authenticator (SUFFICIENT)
-
OAM Identity Asserter (REQUIRED)
-
Default Authenticator (SUFFICIENT)
-
-
Click OK to save your changes.
-
-
In the Change Center, click Activate Changes.
-
Restart Oracle WebLogic Server.
You can verify that Oracle Internet Directory is the new identity store (default authenticator) by logging back into Oracle WebLogic Server and verifying the users and groups stored in the LDAP server appear in the console.
-
Use Fusion Middleware Control to enable SSO authentication.