Using OAM With WLS Applications

16 9 0
  • Loading ...
1/16 trang

Thông tin tài liệu

Ngày đăng: 25/11/2016, 21:15

7 Using Oracle Access Manager With WebLogic Applications Copyright © 2010, Oracle and/or its affiliates All rights reserved Road Map • • • • 7-2 Objectives Protecting WLS applications with OAM Identity assertion providers OAM authenticator Copyright © 2010, Oracle and/or its affiliates All rights reserved Objectives After completing this lesson, you should be able to: • Describe scenarios in which Oracle Access Manager protects WebLogic applications • Configure a WebLogic identity assertion provider • Describe a WebLogic OAM authenticator 7-3 Copyright © 2010, Oracle and/or its affiliates All rights reserved Road Map • • • • 7-4 Objectives Protecting WLS applications with OAM Identity assertion providers OAM authenticator Copyright © 2010, Oracle and/or its affiliates All rights reserved Java EE Authentication and Authorization • The following can be hard-coded in Java EE applications: – Users and roles – Authentication – Authorization • • The more authentication and authorization details coded into applications, the more cumbersome the applications are to maintain Using Java EE-compliant servers, such as WebLogic Server, you can delegate security deployment: – Users and roles can be stored in external data stores, such as LDAP databases – Authentication and authorization can be performed outside of the application, either by the web container or by products that reside on the perimeter of the web container 7-5 Copyright © 2010, Oracle and/or its affiliates All rights reserved Using OAM for Perimeter Authentication and Authorization With a WebGate • You can configure authentication and authorization for WebLogic applications as follows: – Define policies in Oracle Access Manager – Configure the mod_wl_ohs.conf file • 7-6 You can then configure WebLogic Server to return the identity of the authenticated user to WebLogic applications by deploying an Oracle Access Manager identity assertion provider in the WebLogic security realm Copyright © 2010, Oracle and/or its affiliates All rights reserved Using OAM for Perimeter Authentication Without a WebGate You can also configure authentication for WebLogic applications by configuring an OAM authenticator: • WebLogic Server collects the user name and password and passes them to the Oracle Access Manager server • The Oracle Access Manager server validates the credentials 7-8 Copyright © 2010, Oracle and/or its affiliates All rights reserved Road Map • • • • 7-9 Objectives Protecting WLS applications with OAM Identity assertion providers OAM authenticator Copyright © 2010, Oracle and/or its affiliates All rights reserved Identity Assertion Providers Called by WebLogic Server when: • Configured as authentication providers in the security realm • A token is present in the user’s HTTP request • Java EE application’s authentication method is set to the CLIENT-CERT method in the application's deployment descriptor - 10 Copyright © 2010, Oracle and/or its affiliates All rights reserved Oracle Access Manager Identity Assertion Provider • Must be configured to expect one of the following tokens in the user's HTTP request: – The OAM_REMOTE_USER header variable (for 10g and 11g WebGates) – The ObSSOCookie cookie (for OAM 10g WebGates and OAM 10g deployments without WebGates) • - 11 Makes identities available to Java EE applications Copyright © 2010, Oracle and/or its affiliates All rights reserved OAM Identity Assertion Provider Event Sequence User Web Server with 10g or 11g WebGate Oracle Access Manager Server Request protected Java EE application Authenticate Insert OAM_REMOTE_USER header variable in HTTP request and forward request to run application - 12 Copyright © 2010, Oracle and/or its affiliates All rights reserved WebLogic Server Road Map • • • • - 14 Objectives Protecting WLS applications with OAM Identity assertion providers OAM authenticator Copyright © 2010, Oracle and/or its affiliates All rights reserved OAM Authenticator • • • - 15 Java EE application's authentication method is set to a method that collects the user name and password For example, the BASIC method When the application is accessed, the Java EE container invokes the authentication method to collect the credentials The Java EE container then calls the Oracle Access Manager server for credential validation Copyright © 2010, Oracle and/or its affiliates All rights reserved Quiz Which of the following steps must you perform when configuring a Oracle Access Manager identity assertion provider: a Verify that the application's deployment descriptor uses the BASIC authentication method b Configure the Oracle Access Manager server to set the ObSSOCookie cookie in all users' browser after successful authentication The ObSSOCookie cookie is required by the OAM identity asserter c Add the OAM identity assertion provider to the WebLogic Server security realm d Configure any 11g WebGates in your deployment to write the OAM_REMOTE_USER HTTP header variable - 16 Copyright © 2010, Oracle and/or its affiliates All rights reserved Summary In this lesson, you should have learned how to: • Describe scenarios in which Oracle Access Manager protects WebLogic applications • Configure a WebLogic identity assertion provider • Describe a WebLogic OAM authenticator - 17 Copyright © 2010, Oracle and/or its affiliates All rights reserved Practice Overview: Using an Identity Assertion Provider This practice covers the following topics: • Review a sample application that uses HTTP basic authentication provided by WebLogic Server • Modify the deployment descriptor so the application uses an external authenticator • Configure the OHS instance protected by the 11g WebGate to access the sample application • Configure WebLogic Server to use the identity assertion provider - 18 Copyright © 2010, Oracle and/or its affiliates All rights reserved
- Xem thêm -

Xem thêm: Using OAM With WLS Applications, Using OAM With WLS Applications, Using OAM With WLS Applications

Gợi ý tài liệu liên quan cho bạn

Nạp tiền Tải lên
Đăng ký
Đăng nhập