Friday, January 8, 2010

Integration between OAM 10.1.4.3 and E-Business suite

I have been watching lot of posts about the integration of Oracle Access Manager 10.1.4.3 with E-Business suite. It is an essential integration as it provides Single Sign-On for E-Business applications using Oracle Access Manager. However, the integration was straight forward with Oracle Access Manager 10.1.4.2. The integration included 2 individual sub-integrations which are OAM-OSSO and OSSO-Ebz. Since Oracle Fusion Middleware 11g is introduced, Oracle Access Manager has been the recommended solution for authentication mechanism. Who will forget the implementation time of almost 1.5 yrs that Oracle took to get the integration working between EBusinessSuite and OSSO. Though the OSSO is not released in Fusion Middleware 11g, the backward compatibility of OAM with older webgates helps here. So the solution is simple and it is to integration OAM 10.1.4.3 with older OSSO and integrate OSSO-Ebz.

Though I have not done this practically, but I know this can be done.

Here is some more documentation on it.
http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12492/osso.htm#BJFJBCHB.

Oracle Access Manager and Weblogic Portal integration

This post will bring out the key points involved in the integration between Weblogic Portal and Oracle Access Manager using SSPI Connector.
Major Products involved:
1. Weblogic Portal 10.3.0
2. OAM 10.1.4.3
3. SSPI Connector 10.1.4.2.2
Key Points:
1. Create portaldmin user in OAM (as in user store) and assign Admin rights.
2. Create group BEA_Administrators and assign portaladmin user a member of that group.
3. Create NetPointRealm using the command as shown below.
      ./setupNetPointRealm_wl92.sh portal
4. The param "portal" provided in the above command is essential to create realm necessary for Weblogic portal with specific providers.
5. Ensure to add the p13DataSource in the SQLAuthenticator DataSource field. This makes the users weblogic and portaladmin which are part of myrealm to be available in NetPointRealm. Mark SQLAuthenticator as REQUIRED and OblixAuthenticator as OPTIONAL followed by a weblogic server restart.
6. You should be able to see the group BEA_Administrators in the NetpointRealm Users and Groups column. Copy the group name (eg., cn:EBEA_Administrators:Cdc:Eus:Cdc:Eoracle::Cdc:Ecom).
7. Goto the location, NetpointRealm -> Roles and Policies -> Global Roles -> Roles.
8. Goto the Admin Role and add the conditions to include BEA_Administrators.
9. Goto the PortalSystemAdministrator Role and add the conditions to include BEA_Administrators.
10. Delete the SQLAuthenticator and mark OblixAuthenticator as REQUIRED. SQLAuthenticator is no longer needed as weblogic and portaladmin users are part of OblixAuthenticator.
11. Now login as OAM user to the weblogic portal server.

Note: Follow the key steps 12 & 13 of section 10.5.9 Preparing the WebLogic Environment in the SSPI integration guide .

For Viewlet, please contact me @mahi.babu@gmail.com