Showing posts with label LDAP. Show all posts
Showing posts with label LDAP. Show all posts

Tuesday, November 17, 2015

WATCH: Oracle Access Manager(OAM) 11g R2 PS3 Impersonation Demo

Oracle Access Manager 11g R2 PS3 Impersonation Demo

Pre-requisites:
  1. OAM 11g R2 PS3 environment is up and running with OUD as user store & protected sample resource called “spokuri.html” with LDAPSchema
  2. Enabled Impersonation in OAM & Extend OAM LDAP schema into OUD directory server
  3. Created user “kpokuri”(Impersonatee) with “orclIDXPerson” object class in OUD
  4. Created user “spokuri”(Impersonator) in OUD
  5. Added an attribute “orclImpersonationGrantee” to “kpokuri” and value as “8c69d7465afc406a947669204ad88ecf|20100324163000Z|20180524172000Z”

Description: orclImpersonationGrantee attribute value has 3 parameters separated by pipe “|”.

1.     Impersonator orclguid. In this case, it’s “spokuri” user orclguid.
2.     Impersonation start date
3.     Impersonation end date


Demo Video: 




Test Case:

  1. Access OAM LDAP Schema protected resource http://pokuri.demo.com:7777/spokuri.html
  2. Enter impersonator credentials spokuri/<<password>>
  3. Open a new tab and access http://pokuri.demo.com:14100/oam/server/impersonate/start?userid=kpokuri&success_url=http://pokuri.demo.com:7777/kpokuri.html&failure_url=http://pokuri.demo.com:7777/error.html
  4. When prompted enter impersonator password again
  5. Up on successful impersonation to user “kpokuri” new session will be created in OAM for user “kpokuri”.
  6. Check the “kpokuri” user session in OAM admin console “session management” and notice that impersonation field will be “true”.



Hope this helps some one out there!!

-- Siva Pokuri.
Posted by 5 comments:
Labels: , , , , , ,

Friday, September 25, 2015

How to integrate OBIEE with OAM

OBIEE Integration with Oracle Access Manager

Demo:

Quick Demo is HERE

Prerequisites

1. Install and Configure Oracle Access Manager. Steps here
2. Install and configure OBIEE. Steps here.
3. Install and configure LDAP. Steps here
4. Install Webserver/Webgate and register webgate with Oracle Access Manager. 

Integration Steps:

1. Configure reverse proxy for OBIEE applications. In my case I am using OHS as proxy server and i have OHS webgate on top of it. 

   
2. Create required OBIEE Groups in LDAP.


3. Login to Weblogic admin console and navigate to Security realm > my realm > providers.
    Create two new providers (LDAP provider and OAM Asserter) as per the below screen shot 









4. Reorder the providers as per the below screen shot. and Restart weblogic Admin server and Managed servers.


5. Login to the http://<hostname>:<port>/em. 
6. Navigate to Weblogic domain> bifoundation_domain> Security> Security provider configuration.
7. Scroll down to Single sign on provider and click on Configure.
8. Configure as per below screen shot.


9. Login to http://<hostname>:<port>/analytics.
10. Navigate to Administration> Manage BI Publisher> Security Configuration.
11. In Authentication section do the changes as per the below screen shot.


12. Login to http://<hostname>:<port>/em
13. Click on coreapplication under Business Inteligence.
14. Perform the changes as per the below screen shot. and click on Apply and click on Activate changes.


15. Login to workspace http://<hostname>:<port>/workspace.
16. Go to Navigate> Administer> Workspace Settings> Server Settings.
17. Modify Log off URL and select Yes in Enable Single Sign on as per the below screen shot.


18. Restart Weblogic Admin server and Managed Servers.
19. Now try to access the application with proxy URL. User will get OAM login page for Authentication.

http://dev.kiran.com:7777/analytics









Hope this is helpful. 

Thanks
Kiran Pokuri
Posted by 4 comments:
Labels: , , , , , , ,

Wednesday, November 12, 2014

Extend OAM 11g Password Policy Schema into OUD and Test Force Change password scenario


Steps:
  1. Login into OUD Server
  2. Navigate to /home/oracle/Oracle/Middleware_OUD/asinst_1/OUD/bin
  3. Execute below command
./ldapmodify -h pokuri.demo.com -D "cn=Directory Manager" -w Abcd1234 -p 10389 -f /opt/oracle/Oracle/Middleware_OAM/Oracle_IDM1/oam/server/pswdservice/ldif/OUD_PWDPersonSchema.ldif –v

Note:
- OAM & OUD installed in same machine.

- “OUD_PWDPersonSchema.ldif” is the schema file which will come by default with OAM product


Success Message:

4. Login to ODSM console and validate extended schema.

5. Add “oblixorgperson” & “oblixPersonPwdPolicy” object classes to user entry

6. Login to OAM console and click on “Authentication Modules”



7. Search and click on “Password Policy Validation Module”

8. Update Steps as shown below and click on “Apply”

User Identification Step  
   KEY_IDENTITY_STORE_REF - OUD
   KEY_SEARCH_BASE_URL - ou=People,dc=demo,dc=com

User Authentication step
   KEY_IDENTITY_STORE_REF - OUD
   KEY_PROP_AUTHN_EXCEPTION - true

User Password status Step
   PLUGIN_EXECUTION_MODE - PSWDONLY
   KEY_IDENTITY_STORE_REF - OUD
   URL_ACTION - REDIRECT_POST
   NEW_USERPSWD_BEHAVIOR - FORCECHANGEPASSWORD
   POLICY_SCHEMA - OAM10G
   CHALLENGES_SUPPORTED – FALSE
   DISABLED_STATUS_SUPPORT - TRUE

     9. Now add “PasswordPolicyValidationSchema” in Application Domain

     10. Restart OAM Service

Testing

  1. Add “obpasswordchangeflag” and add value as “true” which will force the user to change password as soon as user tries to access the OAM protected resource.


2. Access Protected Resource http://pokuri.demo.com:7777/ and enter user credentials


3. Enter current and new passwords

4. Password Reset Success Screen and click on “Continue” to land in application welcome page



5. Now check LDAP attribute for change password flag. It will be updated to “false”

Hope this helps some one out there!!

-- Siva Pokuri.

Posted by 1 comment:
Labels: , , , , , ,
Subscribe to: Posts (Atom)