1. Securing Oracle Enterprise Data Quality
  2. Configuring Single Sign On with Oracle Access Manager (OAM)

B Configuring Single Sign On with Oracle Access Manager (OAM)

When EDQ is integrated with Oracle Access Manager, a user can login on a common access page and have automatic access to EDQ applications and the web console without additional Logins (assuming or course that the user has the required EDQ permissions). If there are multiple EDQ installations using the same OAM configuration, the login will work for each. For more information, see Oracle Access Management.

This section covers the configuration steps to integrate EDQ with OAM. It does not cover installation and basic configuration or OAM or installation of the Web Tier front end (OHS). This appendix contains the following sections:

Prerequisites

This section provides information about the prerequisites required for installing OAM.

The following are the prerequisites for installing OAM:

  • OAM must be configured with an Authentication Scheme using an identity store supported by WebLogic (typically LDAP - Active Directory or Oracle Internet Directory).

  • WebLogic must be configured to authenticate EDQ using the same identity store. See Integrating External User Management (LDAP) using WebLogic and OPSS. This should be configured and tested with EDQ before proceeding with the OAM integration steps.

  • A web server front end (OHS or Apache) must be installed and configured with Webgate software and the WebLogic plugin (mod_wl_ohs). These are bundled with OHS 14 releases.

Parent topic: Configuring Single Sign On with Oracle Access Manager (OAM)

OAM configuration

This section describes how to configure OAM.

To configure OAM, follow the steps below:

  1. Create a Webgate in OAM using the authentication schema which refers to the identity store configured in WebLogic.

    Create these HTTP resources in the Webgate:

    Table B-1 Creating HTTPS resources in the Webgate

    RESOURCE POLICY

    /edq/ui/**

    Protected Resource Policy

    /edq/**

    Public Resource Policy (or Excluded)
  2. Copy the Webgate artefacts to your OHS installation and place in the webgate/config directory.

Parent topic: Configuring Single Sign On with Oracle Access Manager (OAM)

WebLogic plugin configuration

This section describes how to configure WebLogic plugin.

Ensure that the WebLogic plugin (mod_wl_ohs) is configured in the web server front end. Add this entry to the plugin configuration file (normally mod_wl_ohs.conf):

<Location /edq>
  SetHandler weblogic-handler
  WebLogicPort managed server port
  WebLogicHost hostname
</Location>

If you are using a WebLogic cluster, replace the host and port settings with a cluster definition:

WebLogicCluster host1:port1, host2:port2, ...

Ensure that the WebLogic Plug-In enabled option is set for the EDQ servers. This can be done at the domain, cluster, server template or server level. For the domain the option is present in the Configuration/Web Applications tab. For the other items the option is present in the Advanced area of the General Configuration tab.

Parent topic: Configuring Single Sign On with Oracle Access Manager (OAM)

WebLogic Configuration

This section describes how to configure WebLogic.

To configure WebLogic, follow the steps below:

  1. Login to the WebLogic Remote Console.
  2. In the Edit Tree, go to Security > Realms > Authentication Providers.
  3. Click New to add a new provider.
  4. In the Name field, enter a name. For example, OAM.
  5. Click the Type drop-down and select Oracle Access Manager Identity Asserter.

    You must set the following values:

    • Active Types - OAM_REMOTE_USER

    • SSO Header Name - OAM_REMOTE_USER

  6. Click the Control Flag and set the value of all other providers as SUFFICIENT.
  7. Click the move up button to reorder the providers so that the OAM Identity Asserter is displayed as the first provider.
  8. Click shopping cart on top right corner and select commit changes.

Parent topic: Configuring Single Sign On with Oracle Access Manager (OAM)