6 Replies Latest reply: Nov 5, 2012 7:58 AM by Jiri.Machotka-Oracle RSS

    UCM SSO using LDAP posible ?

    917885
      Hi Experts,

      I have a requirement to implement Single Sign On in UCM such that I can login to UCM from my custom application. I am using LDAP for authentication with weblogic server. Now I want to implement SSO for UCM. I have gone through many sites and forum but little bit confused.

      Can I implement SSO in UCM using LDAP ? Or I require third party like IDM or OAM application for this.
      If we can implement with LDAP then please provide me the steps or process to implement.
      This will be really helpful for me.
      I am using UCM 11g.

      Regards,
      Santanu

      Edited by: 914882 on Oct 19, 2012 4:15 AM
        • 1. Re: UCM SSO using LDAP posible ?
          Jiri.Machotka-Oracle
          You will need OAM - LDAP is just an identity store.
          • 2. Re: UCM SSO using LDAP posible ?
            Srinath Menon-Oracle
            Hi ,

            Using the 10g OID you can enable SSO mechanism since that includes the SSO module . This has been segregated as OAM module for 11g . So when using OID 10g , you can have SSO mechanism implemented on UCM 11g .

            Thanks
            Srinath
            • 3. Re: UCM SSO using LDAP posible ?
              917885
              Hi,

              Thanks for your input.
              Could you give me some details or step to configure OAM, Weblogic and UCM for it ?

              Regards,
              Santanu
              • 4. Re: UCM SSO using LDAP posible ?
                Jiri.Machotka-Oracle
                Just go through this: http://docs.oracle.com/cd/E23943_01/doc.1111/e15483/oam.htm#CACJADGI
                • 5. Re: UCM SSO using LDAP posible ?
                  917885
                  Thanks.
                  I have already gone through these documents and came to know that I can use OAM for implementing SSO. But I was very confused so I want to say my requirement first:

                  I have one ADF/J2EE based Apllication which is using UCM as content server and my requirement is to do SSO in such way that no need to login UCM when I will call UCM window from my application. I have LDAP for common authentication to the application and UCM. I do not want to use any licenced product for SSO (If no option then I will use any licence product). Now should I use OAM 11g for this requirement ?

                  I have seen the steps are like:

                  •Section 5.2.3.1, "Configuring Oracle Access Manager 11g with Oracle UCM"
                  •Section 5.2.3.2, "Configuring Oracle Access Manager 10g with Oracle UCM"
                  •Section 5.2.3.3, "Configuring Oracle Single Sign-On for Oracle UCM"
                  •Section 5.2.3.4, "Configuring the First Authentication Provider"
                  •Section 5.2.3.5, "Configuring the Oracle UCM URL for Single Sign-On"
                  •Section 5.2.3.6, "Configuring Oracle UCM and Single Sign-On for WNA"

                  Now should I follow the only step 5.2.3.1 or all of the above ?

                  Regards,
                  Santanu
                  • 6. Re: UCM SSO using LDAP posible ?
                    Jiri.Machotka-Oracle
                    I have one ADF/J2EE based Apllication which is using UCM as content server and my requirement is to do SSO in such way that no need to login UCM when I will call UCM window from my application. I have LDAP for common authentication to the application and UCM. I do not want to use any licenced product for SSO (If no option then I will use any licence product). Now should I use OAM 11g for this requirement ?
                    If you want to SSO to UCM from a 3rd party application you will have to have additional licenses - WLS in UCM is restricted as "host for only WebCenter Content, including run-time components to provide java runtime environment and http support, as well as configuration and administration components used for the setup and management of these runtime components."

                    Now, the question is where your ADF app runs. It could be a Weblogic Server, or even an iAS Server. The latter contains also OID, but restricted to "provided for use with Oracle Single Sign-On and with other iAS components to provision, store and manage users and groups, their associated security credentials and privileges; to synchronize data with 3rd party directory services; and to store other component-specific metadata."

                    So, either way to have SSO with UCM will need a separate license of OAM (most likely under "Access Manager" license). Depending on your version, you will go either with OAM 11g , or 10g - this is more a question to this forum Identity Manager

                    Thinking aloud:
                    - do you really need SSO? (With RIDC you could use Intradoc protocol, which does not require the password, and you should be able to obtain username - see http://docs.oracle.com/cd/E23943_01/doc.1111/e10807/c23_ridc.htm#BABDCJAA )
                    - alternatively, couldn't you port your app to UCM as a component?