1 Reply Latest reply: May 17, 2012 3:03 AM by karishma RSS

    Authorization Problem when integrating CC&B with SSO product

      Hi Friends,

      Weblogic server contains CC&B application. It is ouaf (Oracle Utilities Application Framework) based product.
      Authetication for this application is done using Weblogic server and Authorization is done in application.
      For authorization to be done it requires the users along with thiers roles.

      We are implementing the perimeter authorization.

      For this we done the following:

      1. Installed the siteminder web agent in weblogic server.

      2. Configured Host configuration object, agent,agentconfiguration object, domain (for weblogic),policies,realms in Policy server.

      3. Defined the Siteminder authentication provider, siteminder IdentityAsserter in weblogic console under security realms->myrealms->providers
      And reordered them

      4. Both Siteminder authentication provider and Default authorization provider are given with 'SUFFICIENT' in 'provider specific' tab.

      5. Installed and Apache Http server and configured as Proxy for weblogic server

      6. Configured Host configuration object, agent,agentconfiguration object, domain (for Apache),policies,realms in Policy server.

      7. Created the same user names,passwords,user groups in User store(LDAP), weblogic server and CC&B application.

      Now after configuring all,
      When the application is accessed through proxy. It challenging the credentials to be given for authentication.
      After entering username and passwords authentication is being done with SiteMinder authentication.
      Then In order to do get authorization process done it requires Usergroup(role) of the user.

      The problem here is:

      If we have a user in Weblogic server but not in LDAP then when credentials are given it goes to default authentication provider and succeeded
      and authorization is also done and Applications(CC&B) Home page is landing.

      But as we create the same user in LDAP also (for implementing SSO), when credentials are given it goes to SiteMinder authentication provider and succeeded
      But the authorization is not succeeded.

      Here in this case we are assuming that,
      Since the authentication is done through SiteMinder authentication provider, CC&B is not able to take the details(Username,Role and password) from the token and hence unable to through the Authorization