Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Integrating Oracle Identity manager 11g ps3 with CA siteminder R12

user1175091Jan 4 2016 — edited Jan 4 2016

Dear All,

We are trying to achieve the CA Siteminder R12 integration with OIM11g which is running on a solaris 11 sparc 64 bit architecture. The reference guide for implementation from both CA and Oracle is given below. We have also achieved this OIM11g PS2. The current architecture having some difference than the POC, now we have 2 weblogic servers. One as admin and another as managed server.

The flow we are trying establish is sso to identity console /identity and /console. So expected flow is below,

Oracle general guide: https://docs.oracle.com/cd/E27559_01/admin.1112/e27149/ssoint.htm#OMADM5013

Oracle doc id: 1318938.1

CA guide which is general to weblogic level integration: https://support.ca.com/cadocs/0/CA%20SiteMinder%20Agent%20for%20WebLogic%20r12%20SP2-ENU/Bookshelf_Files/PDF/SMWebLogicA…

1) User request going to OHS server where weblogic proxy plug-in configured

2) Siteminder webagent on OHS intercept, redirect to siteminder, created a Siteminder session

3) OHS proxy plug-in resend the user to respected weblogic managed server:port with sm session.

4) CA Application agent intercept the request, trigger the CA identity asserter and authentication provider, validate the user.

5) User landed to respected /sysadmin or /identity URL.

The above approach is breaking when we are going with 2 web-logic servers. CA has confirmed that we need 2 weblogic application agent, one for admin server which load the CA Identity assert-er and authentication provider, also protect the resource on the weblogic admin server. The other CA application agent on the weblogic managed server, which suppose to protect the resource on the weblogic managed servers ( example, oim resource like /identity and /sysadmin). But we are able to observe that the CA application agent on the managed server is not monitoring any of the OIM urls. We need some help on this.

In order to answer our query, CA has installed a hello-word application on their weblogic managed server and able to see that its not protecting the URL by default. So they have specifically written a URL protection for achieving that. Please find the blog below.

https://communities.ca.com/docs/DOC-231163795

So my query is,what exactly I may need to perform on the weblogic managed server to protect the oim urls which are /sysadmin and /identity

Also some understanding on web.xml and weblogic.xml, is web.xml only part of a web application deployment?
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Feb 1 2016
Added on Jan 4 2016
#identity-management, #identity-manager, #sso
0 comments
503 views