9 Replies Latest reply: Sep 13, 2012 12:26 PM by Daniel Merchán RSS

    securityContext userName with OAM SSO

    user8769031
      Hi,
      We need to get the logged in userName property from the securityContext(). We are using OAM for SSO.
      The code #{securityContext.userName} works fine when we used Basic login process with OAM and we get the logged user info, but we need to use Form based login and when we change to Form based we keep getting "anonymous" and can't get any property from the securityContext.
      Didn't find any solution for this.

      Has anyone dealt with similar issue?

      Thanks
        • 1. Re: securityContext userName with OAM SSO
          416249
          Are you trying to get the userName in portlet?
          • 2. Re: securityContext userName with OAM SSO
            user8769031
            I am trying to get in from a JSPX page where we place WebCenter services.
            I also tried from a managed bean using: ADFContext.getCurrent().getSecurityContext().getUserName();

            But can't get the logged user name. (note that it worked when used Basic loggin with OAM)

            Thanks
            • 3. Re: securityContext userName with OAM SSO
              416249
              where is jspx file? is it part of webcenter portal application?
              • 4. Re: securityContext userName with OAM SSO
                Daniel Merchán
                Verify if after your OAM Login you have next cookies:

                OAMAuthnCookie if your configured Webgate is 11g
                ObSSOCookie if your Webgate is 10g

                I suggest you first try the default OAM Login that appears with a basic OAM configurations with WebCenter.

                We had a similar problem and i'm going to ask how we solve it to help you (i don't remeber if was a cookies issue).

                Here you have a Sample from Oracle of a Custom OAM Login Bean for WebCenter Spaces that redirects default Login to OAM Login: http://www.oracle.com/technetwork/middleware/webcenter/owcs-ps3-wcs-ext-samples-wp-308576.pdf (but isn't necessary, is only a programmatic sample).

                Tomorrow i'll try to answer you :).
                • 5. Re: securityContext userName with OAM SSO
                  Daniel Merchán
                  Ok.

                  We added to Custom WebCenter Portal Application next config in web.xml:

                  <login-config>
                  <auth-method>CLIENT-CERT</auth-method>
                  </login-config>

                  It solved a lot of problems that we had have to integrate our WebCenter Application with OAM.

                  Kind regards.
                  • 6. Re: securityContext userName with OAM SSO
                    user8769031
                    Thanks for all the replies.
                    I am working with another colleague who is configuring OAM and so have been testing different configurations.
                    We are using WebCenter 11.1.1.5 and OAM 10g (10.1.4.3) and OAM is used as the SSO for OBIEE and other oracle apps. My application is a custom Portal app and we are not yet using Spaces.

                    Access to all applications URLs, including WebCenter are protected by OAM configuation and Webgate. users for now will use an ID/pwd to login. But later they can also use a certificate.
                    No security configuration was done at the WebCenter app side and the Login Authentication in web.xml was not set.
                    In the WebCenter admin console we configured the OAM as a provider and added
                    - "OAM ID Asserter" configured OAM_REMOTE_USER as the SSO Header Name and as the Active type assertor (didn't add obSSOCookie) and "OIDAuthenticator".

                    We have no issues to login and if we used OAM Basic authentication. We always get the logged user fine in the securityContext.
                    When changed OAM to use Form based authentication the loggin worked but get anonymous in securityContext.
                    I am trying to get the securityContext from a custom JSPX page and from a Managed Bean (both work with Basic but not Form based)

                    I will test with the:
                    <login-config>
                    <auth-method>CLIENT-CERT</auth-method>
                    </login-config>

                    The question I have is do I need to configure WebCenter in other ways than to what I mentioned above? (currently don't see the need since OAM does the work of the authenticating and Asserting and worked with Basic authn.)
                    1. I see in Jdev in the web.xml security has: Login Authentication (which will test with CLIENT-CERT), security roles and security Constraints. DON'T see for the need to configure the last two since will have the user roles in OID and securityContext have a method to get the user Roles.
                    2. Do I need to enable for the WebCenter application ADF security and add "ADF Authentication and Authorization" ?

                    Will provide more updates when we validate and tests the configurations.

                    Thanks
                    • 7. Re: securityContext userName with OAM SSO
                      user8769031
                      Adding:
                      <login-config>
                      <auth-method>CLIENT-CERT</auth-method>
                      </login-config>

                      Did solve our problem.

                      Thanks a lot !
                      • 8. Re: securityContext userName with OAM SSO
                        781262
                        Brilliant stuff ...

                        Worked for me too ... Thanks for the solution ... !!!

                        But i wonder why only CLIENT-CERT works with OAM ... any info on this would be great ...

                        Regards,
                        Harsha
                        • 9. Re: securityContext userName with OAM SSO
                          Daniel Merchán
                          Hi.

                          Basically a WebCenter Portal Framework application is configured by default for form-based authentication and isn't prepared for OAM authentication that creates a client certification.

                          Regards.