Home
Posts Tagged "oracle application server"
Posted
on Apr 26, 2011 in Industry Trends, Offerings, Technical Tips | 0 comments
I have been running Oracle Identity Management 10g with heavy use of 10g SSO capabilities. Much of our web security architecture along with application authentication relies on this infrastructure. What do I do as development begins to shift from OracleAS to WebLogic, and our middleware stack goes from 10g to 11g? We will need to run 10g and 11g in production side-by-side for some period of time.
This is a question many of our customers are asking and it is understandable that there is confusion around this. Oracle hasn’t provided the clearest of answers, and in general, identity management initiatives are not for the faint of heart to tackle. The fact is that 11g identity management has begun a paradigm shift away from the 10g approach. The good news is that customers have options as they inevitably run 10g and 11g together in their environments since identity management solutions span across applications and nobody [I know of] decides to upgrade all of their enterprise applications at once.
In 11g, you have the option of integrating applications (i.e. ADF 11g applications) running on WebLogic with 10g SSO through identity asserters. This approach basically passes in header information to WebLogic that enables it to “trust” a user authenticated via 10g SSO much like it would trust AD or any other form of identity assertion. As you move to an 11g identity management stack, nowhere will you find 10g SSO as you know it. You will need to buy into the OAM (Oracle Access Manager) 11g model, which includes a robust enterprise access management approach in line with 11g applications that rely on J2EE security standards like JAAS.
Posted
on Mar 21, 2011 in Technical Tips | 0 comments
There could be a number of reasons you want to verify the value of the REMOTE_USER variable in an app you are running in WebLogic. A quick way to check is by dropping in a JSP file that prints the value:
<html>
<body>
REMOTE_USER: <%= request.getRemoteUser() %>
</body>
</html>
Posted
on Mar 21, 2011 in Technical Tips | 0 comments
There are a couple of different ways you can verify you are running Oracle Application Server 10.1.2.3. Perhaps the simplest is to navigate to the EM Consile about page typically found at:
http://[domain]:18101/emd/console/aboutApplication
Another option is to use oPatch by running the following command:
[ORACLE_HOME]/opatch/opatch lsinventory -detail
Then, navigate to [ORACLE_HOME]/.patch_storage and look for the latest log file. You will have a full listing of products installed in your ORACLE_HOME.
If you have just upgraded Oracle Portal to 10.1.4.2 and want to verify its version as well, you can simply navigate to Portal Administer tab > Global Settings.
Posted
on Mar 3, 2011 in Technical Tips | 0 comments
For Fusion Middleware Control to be able to manage and monitor Oracle HTTP Server instances, they must be registered with the domain. To do this, you must register Oracle HTTP Server with Oracle WebLogic Server using the following command:
WEBHOST1> cd ORACLE_INSTANCE/bin
WEBHOST1> ./opmnctl registerinstance -adminHost -adminPort 7001 -adminUsername weblogic
Posted
on Jan 28, 2011 in Technical Tips | 0 comments
Of all the wonderfulness that comes with Oracle’s latest product releases, there are always those little thing that make you scratch your head. This one is funny. Be VERY careful with your buttons in WebLogic server. If you accidentally click Delete, there NO confirmation prompt. Nothing that asks “Are you sure?”. So, in a heartbeat, you could simply delete your managed server.
Posted
on Jan 26, 2011 in Technical Tips | 1 comment
This video walks through the JDeveloper 11g PS3 (11.1.1.4) — with integrated WebLogic Server — installation on Windows 2008 R2 64-bit. All in 3 minutes.
High Level Steps
- Download JDeveloper
- Run .exe
- Configure Installation Options
- Install Extension
Posted
on Jan 20, 2011 in Technical Tips | 0 comments
I documented the steps I took to complete an install of WebLogic 11g PS3 (10.3.4) — sometimes also called 11gR3 — on my Windows 7 Ultimate 64-bit OS. There is only a 32-bit version of WebLogic available for Windows, but it runs fine on Windows 7 64-bit and, as I understand, the same way with other version of the Windows OS as well (Vista, XP, Servers, etc.).
Note: The WebLogic Server version is 10.3.4, but this release coincides with other Oracle Fusion Middleware products released with a version numbering of 11.1.1.4.
This walk-through covers:
- WebLogic 11g Install on Windows
- One Admin Server and one Managed Server
Free Download
Please complete the following for access to the free download.
Posted
on Jan 10, 2011 in Business Strategy, Technical Tips | 0 comments
As part of our Oracle Identity Management services, we are consistently configuring environments running WebLogic and integrating deeply with the WLS Security architecture. The following information from the Oracle documentation is a good description of how this is accomplished. It is referred to by Oracle as Perimeter Authentication.
WebLogic Server is designed to extend the single sign-on concept all the way to the perimeter through support for identity assertion. Provided as a critical piece of the WebLogic Security Framework, the concept of identity assertion allows WebLogic Server to use the authentication mechanism provided by perimeter authentication schemes such as the Security Assertion Markup Language (SAML), the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO), or enhancements to protocols such as Common Secure Interoperability (CSI) v2 to achieve this functionality.
This graphic illustrates perimeter authentication. Support for perimeter authentication requires the use of an Identity Assertion provider that is designed to support one or more token formats. Multiple and different Identity Assertion providers can be registered for use. The tokens are transmitted as part of any normal business request, using the mechanism provided by each of the various protocols supported by WebLogic Server. Once a request is received with WebLogic Server, the entity that handles the processing of the protocol message recognizes the existence of the token in the message. This information is used in a call to the WebLogic Security Framework that results in the appropriate Identity Assertion provider being called to handle the verification of the token. It is the responsibility of the Identity Assertion provider implementation to perform whatever actions are necessary to establish validity and trust in the token and to provide the identity of the user with a reasonable degree of assurance, without the need for the user to re-authenticate to the application.
Click here to learn more
Following is a diagram of the normal authentication process offered in WebLogic:
Following is a diagram of the perimeter authentication process we follow when configuring customers with SSO, including Windows Native Authentication. You will notice the addition of the Identity Asserter, which sends back a username to WebLogic:
Recent Comments