Posts

OAM - Failover URL, Primary/Secondary, Chained Authentication

In this post, I will talk about the different strategies to configure the failover URL for authentication in case the primary mode of authentication fails. This also allows you to configure a kind of chained authentication. 1) Failure URL: Via the Application Domain through the authentication policies The standard way to redirect to a particular URL on authentication or authorization failure is to set the Failure URL value in the Application Domain Protected Resource Policy for authentication (or authorization). 2) Custom Plugin: Via the Authentication Module-> Steps-> Oechestration-> Authentication Plugin -> Java Code. In Authentication policy with LDAPScheme you have to configure the Failure URL to point to a static JSP/HTML page/URL.  Make sure this is the absolute full address eg. http://server/index.htm.  That static HTML page/URL should be protected with another authentication policy that is configured for BasicScheme authentication. When you attempt to

OHS 12c - Adding Self Generated Custom Cert in OHS 12c

In this post, I will cover the steps required to generate and add self signed certs in OHS. My OHS 12c is installed at  /app/oracle/deepakdubeyfusion mkdir /var/oracle/deepakdubeywallets/ cd /var/oracle/deepakdubeywallets/ export JAVA_HOME=/app/oracle/deepakdubeyjava/jdk1.7.0_40/ /app/oracle/deepakdubeyfusion/oracle_common/bin/orapki wallet create -wallet /var/oracle/deepakdubeywallets/test1 -auto_login -pwd Welcome1 /app/oracle/deepakdubeyfusion/oracle_common/bin/orapki wallet add -wallet /var/oracle/deepakdubeywallets/test1 -dn cn=hostname.domainname.com -keysize 2048 -self_signed -validity 3650 /app/oracle/deepakdubeyfusion/oracle_common/bin/orapki wallet display -wallet /var/oracle/deepakdubeywallets/test1 then  in ssl.conf file add this line uncomment the existing SSLWallet   SSLWallet "/var/oracle/deepakdubeywallets/test1" restart the ohs server

Oracle Access Manager Authentication Model

In this post, I will talk about the top down authentication flow that starts from a URL and goes all the way down to an authentication plug in which handles the authentication and authorization logic. To start with when a user enter a URL and requests for a resource. Web gate intercept and looks for that URL  in the application domain.  Remember that application domain is tightly coupled to the Web gate. Web gate matches all the URL or resources to say and matches with closest resource defined. Next it looks for authentication scheme that is defined to protect that resource. Authentication scheme in turn invokes Authentication module that is defined.  It is here that you can define identification, Authentication, success, failure or any other steps or work flow that you want. Authentication module finally invokes Authentication plug in that points to a java code that performs the Auth or any other logic that you want to perform.  You can pass in input parameters and get

Apache Web Server 2.2.31 installation on unix host

In this post, I will talk about the how to build/install apache web server from the source and install it on a unix machine (RHEL in my case).  tar -zxvf httpd-2.2.31.tar.gz ./configure --prefix=/opt/apache-2.2/apache_2.2.31 --enable-mods-shared=all --enable-proxy --enable-expires --enable-vhost-alias configure: error: no acceptable C compiler found in $PATH yum install gcc yum install zlib-devel make make install mount -o remount,noexec /tmp/ /usr/sbin/groupadd oinstall /usr/sbin/useradd -g oinstall oracle passwd oracle export LD_LIBRARY_PATH=/oracle/apps/webgate/webgate/apache/lib/ ./deployWebGateInstance.sh -w /oracle/apps/webgateinstance -oh /oracle/apps/webgate -ws apache

OHS 12c (12.1.3) webgate deployment and configuration

In this post, I will cover the deployment and configuration of webgate 12c webgate. OHS 12c comes pre-bundled with a webgate so we don't have to separately download and install any webgate. If you have installed OHS then you have a webgate which you can configure to protect OHS. Also there is no gui screens involved as all configurations are done via command line tools. In the previous post i covered installation and configuration of OHS 12c. This post builds on top of that. Step 1 deploy webgate ./deployWebGateInstance.sh -w /OHS_12c_WEBSERVER_HOME/webserver/instances/instance1/config/fmwconfig/components/OHS/ohs1 -oh /OHS_12c_MW_HOME/ Copying files from WebGate Oracle Home to WebGate Instancedir Step 2 Config webgate export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/OHS_12c_MW_HOME/lib cd /OHS_12c_MW_HOME/webgate/ohs/tools/setup/InstallTools/ ./EditHttpConf -w /OHS_12c_WEBSERVER_HOME/webserver/instances/instance1/config/fmwconfig/components/OHS/ohs1 -oh /OHS_12c_MW_HO

OAM 11G - Custom Authentication Module

Jar needed for compilation felix.jar"/>              identity-provider.jar"/>  oam-plugin.jar"/>         utilities.jar"/>          package deepakdubey; import java.util.ArrayList; import java.util.List; import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; import oracle.security.am.engines.common.identity.api.IdentityStoreContext; import oracle.security.am.engines.common.identity.api.IdmUser; import oracle.security.am.plugin.ExecutionStatus; import oracle.security.am.plugin.GenericTransportContext; import oracle.security.am.plugin.MonitoringData; import oracle.security.am.plugin.PluginConfig; import oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn; import oracle.security.am.plugin.authn.AuthenticationContext; import oracle.security.am.plugin.authn.AuthenticationException; import oracle.security.am.plugin.authn.Credential; import oracle.security.am.plugin.authn.CredentialParam; import

OAM OBIEE SSO Integration

Image
Add new providers as below in obiee server Update the obiee via /em console Modify the instanceconfig.xml /OBIEE_MW_HOME/instances/instance1/config/OracleBIPresentationServicesComponent/coreapplication_obips1 <Authentication> <!--This Configuration setting is managed by Oracle Enterprise Manager Fusion Middleware Control--> <EnabledSchemas>UidPwd,Impersonate,UidPwd-soap,Impersonate-soap,SSO</EnabledSchemas> </Authentication> Restart the obiee servers and AdminServers Restart the opmnctl stopall and startall