README.html revision 4fe4e4f798a84a46e567f64ceadd3648eb0582d4
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<h1><small><span style="font-weight: bold;">OpenSSO
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterIntegration with Oracle OpenSSO</span></small><br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster===============================================================================<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThis README explains the OpenSSO SSO
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterIntegration with Oracle Access Manager (OAM) previously known as Oblix.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterbe read in the context of OpenSSO Integration Document
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterwhere the use cases, possible integrations and configurations are
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterdescribed in detail.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThis README explains the custom codes for e.g. Authentication
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterModules, compilation instructions and the configuration of the
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterauth modules for OpenSSO context. The OpenSSO custom
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterauthentication enables the SSO integration between legacy OAM and
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOpenSSO especially when the
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterdeployment contains OAM for protecting existing applications.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster1. Pre-requisites :<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster==========<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster1. opensso.zip - This zip file contains all
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterthe integration souce code, configuration files and ofcourse this
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster2. Oracle Access Manager 10g (10.1.4.0.1) - The Oracle
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterAccess Manager must be installed and configured. For more details,
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercheck the<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster Oracle Access Manager Documenation. You can download
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterWeb site for evaluation.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster3. Oracle Access Manager SDK
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster10g(10.1.4.0.1) - The Oracle Access Manager SDK
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostermust be installed and configured. The SDK is required to compile and
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster build OpenSSO Authentication
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterModules for Oracle Access Manager. <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster4. Oracle Web Gate installed and configured.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster5. OpenSSO C-SDK 2.2<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster2. Brief Description of Contents:<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster======================<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThe opensso/integrations directory contains source and configurations
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterto compile and build the custom authentication modules and other
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterplugins.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterCheck the OpenSSO integration document for your use case and
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterconfigure accordingly. This document provides instructions on how to
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterconfigure authentication modules<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThe opensso.zip contains "opensso/integrations/oracle" directory
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterwhere the source code and configurations are in place..<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterbuild.xml - This file is a build script for building <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterconfig - This directory contains auth module configuration files.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOblixAuthService.xml - This is OAM auth
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostermodule configuration file that must be imported into OpenSSO<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOblixAuthModule.xml - This file is used for auth
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercall backs for theOAM Auth module it is empty. However, the
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfile must be used.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOblixAuth.properties - This file is a
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterproperties file that stores i18n keys for OAM authentication
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostermodule configuration lables.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterlib - This directory is by default empty . However, this lib directory
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostermust contain all the necessary libraries to compile the source
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterlibraries. They are:<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster jobaccess.jar (Oracle
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOpenSSO SDK jar file)<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster openfedlib.jar,
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteramserver.jar, opensso-sharedlib.jar (OpenSSO jar files)<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster servlet .jar file (If
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostersource - This directory contains all the source files<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercom/sun/identity/authentication/oblix/OAMAuthModule.java <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercom/sun/identity/authentication/oblix/OAMPrincipal.java<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster The above java source
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfiles are the custom authentication module classes that would be
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterplugged into OpenSSO for generating OpenSSO Session by<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster using OAM session.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercom/sun/identity/saml2/plugins/OAMAdapter.java - This class is a
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterSAML2 Plugin Adapter for SAML service providers to do the remote
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterauthentication to<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster Oracle OpenSSO using OpenSSO
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterEssentially these java files are used for usecase2 in OpenSSO
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterdocument.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteroamauth- This directory contains source files for OAM Auth
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterScheme for OpenSSO. This is a C-based auth module and
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterleverages OpenSSO C-SDK for validation.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster oam/solaris/authn_api.c- This file
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterimplements OAM custom authentication for OpenSSO.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster oam/solaris/include/*.h - All the
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterheader files that are required to compile auth scheme.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster oam/solaris/AMAgent.properties -
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterSample OpenSSO Agent Configuration file. This is required for the auth
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterscheme to validate OpenSSO session.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster3: How to build:<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster===========<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster1. Make sure all the Oracle Access Manager libraries and OpenSSO
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterpresent in lib directory as mentioned above.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster2. Use "ant" script to build the source files. A compatible
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterant must be installed and configured in the PATH.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster3. cd $openssozipdir/integrations/oracle and type ant. This
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostershould build all the source files and generates fam_oam_integration.jar
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster$openssozipdir/integrations/oracle/dist directory. <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterFor building OAM authentication scheme, you must customize the
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostermakefile. Also since this is C-based auth module, it is OS dependent.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster1. The auth scheme files are located under
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster$openssozipdir/integrations/oracle/oamauth/solaris<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster2. Download and configure OpenSSO C-SDK 2.2 version. The authn_api.c
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercontains a reference to AMAgent.propeties file , so modify accordingly.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster3. Customize makefile for your environment for e.g. gcc compile
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterlocation. Also edit the LDFLAGS to point to your OpenSSO C-SDK lib
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterdirectory.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster4. make command should result in authn_api.so file.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster4. OpenSSO Installation and Configuration with OAM AuthModule:<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster==============================================<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster1. Create a temporary directory for e.g. /export/tmp and unwar
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterthe opensso.war using jar -xvf opensso.war. <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster From now on, /export/tmp is called as a war staging
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterarea and is represented with a marco $WAR_DIR <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster$openssozipdir/integrations/oracle/dist/fam_oam_integration.jar to
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster3. Copy $openssozipdir/integrations/oracle/config/OblixAuth.properties
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster4. Copy $openssozipdir/integrations/oracle/config/OAMAuthModule.xml
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterto $WAR_DIR/config/auth/default and also to the directory<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster5. Re-war opensso.war using jar cvf opensso.war from $WAR_DIR<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster6. Deploy opensso.war onto OpenSSO web container. The deployment is
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterexplanatory. Please check the web container documentation for war<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterdeployment.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster7. Access the deployed opensso directory <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster8. Accessing deployed application redirects to opensso configurator.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterChoose custom configuration. By default OpenSSO uses embedded directory<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterserver for configuration, however, you could choose to use existing or
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostera new directory server instance for configuration. <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterNote: The OpenSSO can be configured to use various
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteruser repository for validating the user existance, however, you could
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteralso choose to ignore profile. <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster9. After successful configuration, the configuration redirects to a
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteruser login and verify your administrator credentials. <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster5. OAM Auth module configuration:<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster========================<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterNow we have to load the OAM authentication module service
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterinto Open SSO and configure for the SSO integration. The auth
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostermodule service<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteris loaded from a OpenSSO command line utility called as "ssoadm". For
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterthe ssoadm utitily is exposed in both console mode and browser based<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterinterfaces. Here we will use use browser based ssoadm for OpenSSO
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterconfiguration changes.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster1. Login into OpenSSO using amadmin<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster2. Now access the following URL<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterhttp://<host>:<port>/opensso/ssoadm.jsp<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster3. Choose create-service option. <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster4. Copy and paste the xml file from
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster$openssozipdir/integrations/oracle/config/OblixAuthService.xml and
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThis will load the auth module service into OpenSSO configuration.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster5. Register the auth module into the authentication core framework. <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterhttp://<host>:<port>/opensso/ssoadm.jsp<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterChoose register-auth-module option.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterEnter "com.sun.identity.authentication.oblix.OAMAuthModule" as the
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterauth module class name.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster6. Now verify that the auth module is registered to the default realm.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterhttp://<host>:<port>/opensso, click on default realm, and
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster"authentication" tab, create new AuthModule as "OblixAuth" and choose
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOblixAuthModule<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster7. Click on OblixAuth auth module<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster8. Most of the Oblix Auth params are self explanatory. This requires
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOAM SDK directory and make sure that ObAccessClient.xml
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster(located under $OAMSDK/<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster oblix/lib) is configured properly. For details on Oracle
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOpenSSO SDK, check the Oracle Documentation<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster6. OAM Auth Module Testing:<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster====================<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThe testing of OAM auth module assumes that Oracle Access Manager SDK
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterinstalled and configured. <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster1. Set the LD_LIBRARY_PATH for loading Oblix SDK libraries.They
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterare located under $OAM_SDK_INSTALL/oblix/lib<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster2. Restart the OpenSSO web container with LD_LIBRARY_PATH set and make
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostersure that container is loaded with these Oblix SDK shared libs.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster3. Now access the Oblix protected application and login with
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOblix configured user to establish ObSessionCookie. The configuration<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterof oblix policy and authentication schemes are outside scope of
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterthis documentation and please check Oracle Access Manager documentation
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfor more <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterinformation. Also, check the OpenSSO integration guide for sample
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterconfiguration.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster4. By default OpenSSO authentication framework looks for user profile
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterexistance in it's known data repositories. However, you could use
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterignoreProfile<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteroption if your integration does not require a user to be searched from
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOblix's user repository. Check the OpenSSO documentation for more info<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterabout ignoreProfile/dynamic profile creation option.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterAdmin Console -> Configuration -> Global -> Authentication
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster-> Core -> User Profile required : Change it to dynamic or
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterignored option<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif the repository of Oracle Access Manager is not same as OpenSSO.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster5. After successful authentication at Oracle OpenSSO, access the
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterauth module url as follows:<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterhttp://<host>:<port>/opensso/UI/Login?module=OblixAuth<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThis should provide a valid OpenSSO session.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterNote: Assumption here is that OAM and OpenSSO are in the same
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterphysical domain. <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterBy default OpenSSO authentication framework looks for user profile
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterexistance in it's known data repositories. However, you could use
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterignoreProfile<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteroption if your integration does not require a user to be searched from
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOracle Access Manager's user repository. Check the OpenSSO documentation<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfor more info about ignoreProfile option.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster7. Installation of OAM AuthScheme into Oracle OpenSSO:<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster=========================================<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThis section is for a use case where the OAM session needs to be
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostergenerated upon validating OpenSSO session. Check the integration
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterdocument for<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteruse case descriptions. The OAM Auth Schemes are exposed as C Auth
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostermodules and this auth scheme uses OpenSSO C-SDK 2.2 version to validate<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOpenSSO Session.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThe OpenSSO Auth Scheme in OAM uses a configuration OpenSSO client side
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterconfiguration in AMAgent.properties and this must need to be customized<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterbefore configuring the auth module. The build instructions specify the
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterlocation of this file.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThe compiled authn_api.so and other C-SDK libraries must need to be
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercopied to $OAM_INSTALL_DIR/access/oblix/lib before configuring the<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster Auth Scheme. The integration guide shows a sample screen shot how
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterto configure the Oracle Auth Scheme.<br>