1 2 Previous Next 23 Replies Latest reply on May 13, 2010 6:08 AM by 752248

    Weblogic SSPI integration

    752248
      Hi all,

      Can anyone please suggest a way to integrate weblogic SSPI with oracle access manager,
      I have installed Oracle Access Manager 10.1.4.01,weblogic server 10.3 and SSPI

      Now I need to integrate the security provider for weblogic SSPI

      I have followed the steps in the below mentioned website

      http://download.oracle.com/docs/cd/E12530_01/oam.1014/e10356/weblogic.htm#BHCHDCDD

      But still i couldnt get NetPointRealm which will be set by default in the WebLogic Admin Console when we run setupNetPointRealm.cmd.

      Could anyone please suggest me a way out of the situation.

      Thanks & Regards,

      Swathi
        • 1. Re: Weblogic SSPI integration
          700524
          look up the log @ \wlsConnector\OAMSecurityProviderForWeblogic or \OAM\wlsConnector where ever you installed the component.

          Did you see any errors while you run setupNetPointRealm.cmd ?

          Go to Policy Manager and look for Weblogic Security Provider Policy Domain; if it exists, delete it and run the setupNetPointRealm.cmd again.

          Starting with WebLogic 10.3.1 the connector has been decommissioned. oamAuthnProvider.jar (comes with OAM 10.1.4.3) is the alternative to SSPI connector. All you need to do is dump this .jar into lib directory of your WebLogic and create a Identity Asserter to consume ObSSOCookie. When using OAM 10.1.4.3 with WebLogic, only Form Based AU is recommended.

          See if this can be of any help: http://download.oracle.com/docs/cd/E15523_01/core.1111/e10043/osso.htm#CHDIJFIG
          1 person found this helpful
          • 2. Re: Weblogic SSPI integration
            752248
            Hi Notorious Non-Confirmist,

            Thanks for your reply.I have a basic doubt on versions. I am using 10.1.4.0.1and weblogic 10.3.0 version and the SSPI connector i was using is Oracle_Access_Manager10_1_4_0_1_Win32_BEA_WL_SSPI.

            So do i need to upgrade OAM to 10.1.4.2 version, because when i install the connector I can see the wl8NetPointSecurityProviders.jar and wl7NetPointSecurityProviders.jar. Are these jars supported with WL 10.3.0 version.

            Thanks & Regards,

            Swathi

            Edited by: user9116523 on Apr 14, 2010 9:46 PM
            • 3. Re: Weblogic SSPI integration
              ColinPurdon-Oracle
              Hi Swathi,

              You will need a 10.1.4.2 version of the SSPI connector - this will give you a wlNetPointSecurityProviders.jar file that can be used with WebLogic 10. There is a very useful link:

              http://www.oracle.com/technology/products/id_mgmt/coreid_acc/pdf/oam_3rd%20party_oracle_integrations_package_list.xls

              that shows the location of the packages that you need for the WebGate or integration that you require ("3rdParty Oracle Integrations" tab for the SSPI connector). I would also recommend upgrading the other OAM components to 10.1.4.3 (or at least 10.1.4.2 with Bundle Patches) in order to get the benefit of the fixes.

              Regards,
              Colin
              • 4. Re: Weblogic SSPI integration
                752248
                Hi Colin,

                Thanks for your reply.

                I have upgraded OAM 10.10.1.4.01 to OAM 10.1.4.02.
                And i'm trying with the new version of web logic server(9.2) and SSPI 10.1.4.02

                Thanks & Regards,

                Swathi

                Edited by: user9116523 on Apr 15, 2010 10:54 PM
                • 5. Re: Weblogic SSPI integration
                  752248
                  Hi all,

                  I installed upgraded version of Oracle Access Manager10.1.4.02 and used web logic server 9.2 for the SSPI Connector.
                  When i run the SetNetPointRealm.cmd file after making the required modifications i'm getting the following error:

                  For more help, use help(edit)

                  Starting an edit session ...
                  Started edit session, please be sure to save and activate your
                  changes once you are done.
                  No stack trace available.
                  Error cding to the MBean
                  creating mbean of type Realm ...
                  No stack trace available.
                  Error cding to the MBean
                  creating mbean of type RoleMapper ...
                  Done executing the script.
                  Problem invoking WLST - Traceback (innermost last):
                  File "C:\oam\SSPI\NetPointSecuProvForWeblogic\setupNetPointRealm_wl92.py", lin
                  e 183, in ?
                  File "C:\oam\SSPI\NetPointSecuProvForWeblogic\setupNetPointRealm_wl92.py", lin
                  e 95, in create_RoleMapper_4
                  AttributeError: lookupRoleMapper

                  Can anyone please help me to solve this error..

                  Thanks & Regards,

                  Swathi
                  • 6. Re: Weblogic SSPI integration
                    752248
                    Hi all,

                    I couldn't get the NetPointRealm as a security realm in weblogic server console.
                    Hence i tried to configure a new realm named NetPointRealm manually.
                    But couldnt set that realm as default realm.

                    Could anyone please let me know how to set a new realm as default realm.

                    Thanks & Regards,

                    Swathi
                    • 7. Re: Weblogic SSPI integration
                      user10417700
                      Hi all,

                      Could configure NetPointRealm as default realm in weblogic console.
                      But couldnot log in the weblogic server using OAM Master Administrators credentials.

                      Can anyone please provide any information on how to solve the issue.

                      Thanks & Regards,

                      Swathi
                      • 8. Re: Weblogic SSPI integration
                        752248
                        Hi all,

                        Can anyone please provide a information whether OAM 10.1.4.01 is compatable with weblogic server 9.2 to integrate weblogic server with oam using SSPI connector.

                        Thanks and Regards

                        Swathi.
                        • 9. Re: Weblogic SSPI integration
                          700524
                          Refer to:

                          http://www.oracle.com/technology/products/id_mgmt/coreid_acc/pdf/oracle_access_manager_certification_10.1.4_r3_matrix.xls

                          Check TAB: 3rdParty Oracle Integrations

                          Select OAM Version and WebLogic Version for the filters and you will see the data related to if it is feasible and what all version of JDK and OS is supported.
                          • 10. Re: Weblogic SSPI integration
                            752248
                            Hi Notorious Non-Confirmist,

                            Thanks a lot for your reply.
                            Could you please provide the link from where we can upgrade 10.1.4.01 weblogic SSPI connector to 10.1.4.02 weblogic SSPI connector.

                            Thanks & Regards,

                            Swathi
                            • 11. Re: Weblogic SSPI integration
                              ColinPurdon-Oracle
                              Hi Swathi,

                              For that version, you can go to the Patches & Updates tab on My Oracle Support, and search for patch 6776024.

                              Regards,
                              Colin
                              1 person found this helpful
                              • 12. Re: Weblogic SSPI integration
                                752248
                                Hi Colin,

                                Thanks a lot for your reply.
                                I tried with the patch you have mentioned.But i'm getting the following error message

                                04/27/10 13:24:51 --- Oracle Access Manager System install ---
                                04/27/10 13:24:51 Error: You can apply a message patch for Oracle BEA SSPI version 10.1.4.2.0 RC 6.2
                                only after the binary and/or parameter files have been patched.
                                Please try again after applying the patch for binary and parameter files.

                                Thanks & Regards,
                                Swathi
                                • 13. Re: Weblogic SSPI integration
                                  ColinPurdon-Oracle
                                  Hi Swathi,

                                  Did you run the patchinst from the ...binary_parameter directory, or the ...message_en-us directory?

                                  Regards,
                                  Colin
                                  • 14. Re: Weblogic SSPI integration
                                    752248
                                    Hi Colin,

                                    Thaks a lot for your reply.
                                    There is only install_info in binary_parameter So i used patchinst from message_en-us directory.

                                    Thanks & Regards,
                                    Swathi
                                    1 2 Previous Next