X

Deep dive into various configurations with Oracle Weblogic Server

Configuring WLS Web Server Proxy Plug-In for Apache HTTP Server

I will be covering the following topics in the blog post : Apache Plug-in configuration with Weblogic over HTTP Apache Plug-in configuration with Weblogic over HTTPS - OneWaySSL Apache Plug-in configuration with Weblogic over HTTPS - TwoWaySSL     Before we Begin : Download the Supported Configuration matrix from the following link and verify that you are using a supported version of Apache, WLS plugin and Weblogic Server in your environment. Link: http://www.oracle.com/technetwork/mi...

Friday, November 3, 2017 | Read More

Steps to create partitions in WLS 12.2.1

Below are the steps to create partitions in Weblogic Server 12.2.1 : Step 1 : - Create a weblogic domain (say Partition_From_Windows_Domain) FMW control is the recommended console for Partition management, so it is good to enable it at the time of  domain creation.   To enable FMW control select "Oracle Enterprise Manager-Restricted JRF - 12.2.1 [em]" template in the configuration wizard, as shown below : To access FMW control access : http://<host>:<port>/em NOTE : We will...

Monday, May 30, 2016 | Read More

Steps to configure SAML 2.0 with Okta as IDP and Weblogic as SP

Below are the steps to configure SAML 2.0 with Okta as Identity Provider and Weblogic as a Service Provider. Okta IDP configuration : Step 1 : Log-in to your Okta subdomain homepage to access the Application Dashboard. Now click on Applications -> Add Application -> Create New App -> select SAML 2.0 -> create Step 2 : Follow the on-screen instructions. Create a SAML integration as shown below : Enter the following : Single sign on URL...

Friday, March 11, 2016 | Weblogic Security | Read More

How to store database credentials in Oracle Wallet (for WLS datasource definitions)

Oracle Wallet can be used to securely store the database credentials. Multiple credentials for multiple database can be stored in a single wallet file. Below are the steps to create a datasource which uses Oracle wallet to store database credentials : Step 1 : Create a wallet in a secured location : Command :   $ORACLE_HOME/oracle_common/bin/mkstore -wrl <wallet_location> -create   Step 2: Add database login credentials to the wallet  Command :  $ORACLE_HOME/oracle_common/bin/mkstore...

Friday, February 5, 2016 | Read More

Steps to modify analytics application ( OBIEE 11.1.1.7) to work with SSO

Below are the steps to modify the analytics application to login using SSO :  - Create a new folder (say "modified") and copy the analytics.ear file to it. NOTE : analytics.ear file is located @ Eg : "/refresh/home/app/obiee/Oracle_BI1/bifoundation/jee/"  - Now run the following command to explode the analytics.ear file : Command : jar -xvf analytics.ear  Delete the analytics.ear file from "modified" folder.  You should have the following files in "modified" folder now :  1....

Sunday, November 15, 2015 | Read More

Steps to configure SAML SSO with ADFS (as IDP) and Weblogic Server (as SP)

Below are the steps to configure SAML 2.0 SSO using ADFS as Identity Provider and WLS as Service Provider. In this example I am using ADFS 2.0 on Windows Server 2008R2. Let's have a look at the ADFS IDP configuration first : Step 1 : Download and install ADFS 2.0 - Create a Federation Server  Step 2 : - Create a self signed certificate and configure SSL on IIS  Step 3 : - Start ADFS 2.0 Management / Configuration Wizard  - Create a new Federation Service  - Select the self-signed...

Monday, September 7, 2015 | Weblogic Security | Read More

X509 Certificate Revocation Checking using OCSP (Online Certificate Status Protocol) in Weblogic Server

In this post we will see how to configure OCSP based certificate revocation check in Weblogic Server : - First we need to create a self-signed certificate and get it signed from an internal CA (created using openssl) - Then create another self-signed certificate and get it signed from the same CA. Now lets revoke this certificate. - Establish a two-way SSL communication between browser and WLS. - Configure WLS to enable OCSP (Online Certificate Status Protocol) check. - Connect to...

Monday, August 31, 2015 | Weblogic Security | Read More

Steps to create a self-signed certificate using OpenSSL

Below are the steps to create a self-signed certificate using OpenSSL : STEP 1 : Create a private key and public certificate using the following command : Command : openssl req -newkey rsa:2048 -x509 -keyout cakey.pem -out cacert.pem -days 3650  In the above command : - If you add "-nodes" then your private key will not be encrypted. - cakey.pem is the private key - cacert.pem is the public certificate STEP 2 : Use the following java utility to create a JKS keystore :  Command : java...

Tuesday, August 18, 2015 | Read More

Steps to configure Kerberos / SPNEGO / NTLM authentication with Weblogic Server running on IBM JDK (AIX machine)

AD Machine (Windows Server 2012 R2) used in this configuration is : slads.slab.bea.com  WLS 10.3.6 is installed on AIX 6.1 : celbealnx4.us.oracle.com kerberos_aix is the user created in AD which will represent the weblogic server machine.  *****************************  Step 1 : - Create a new user say, " kerberos_aix " on AD which will represent your Weblogic server instance.  Note : - The account type should be "User", not a "Computer" in the AD. - Check password never expires...

Tuesday, July 14, 2015 | Weblogic Security | Read More

How to configure a Custom IDP login page for SAML SSO in Weblogic

Configure SAML SSO with Weblogic as mentioned in the following blog post : Link :  https://blogs.oracle.com/blogbypuneeth/entry/steps_to_configure_saml_21 Lets test the IDP initiated SSO first :  In the source application if you have an <auth-method>  set to form then you would get a custom form login page. web.xml :   <login-config> <auth-method>CLIENT-CERT,FORM</auth-method> <realm-name>myrealm</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page><form-er...

Tuesday, March 31, 2015 | Weblogic Security | Read More

Steps to create a .jks keystore from .pfx file

Windows Server makes use of the pfx file to store the public and private key files. Consider a scenario where in you are exporting a pfx file from IIS server, and you need to use the same in Weblogic Server. When you are exporting a PFX file make sure you select the following option : " export the private key and include all certificates in certificate path if possible. "  So, now your PFX file contains the private key along with the other public certificates. You need to convert...

Wednesday, March 4, 2015 | Weblogic Security | Read More

Steps to configure Custom Identity and Custom Trust with Weblogic Server

Below are the steps to configure Custom Identity and Custom Trust with Weblogic Server : Step 1 : Login to Weblogic Admin console --> Environment --> Servers --> < server_name_where_ssl_has_to_be_configured > --> Configuration -> General --> SSL Listen Port Enabled ( Check ) Note : The default SSL Listen Port would be 7002, change it if required.  Step 2 : Click on Keystores tab under " Configuration " tab : Step 2a : Click on the drop down menu next to Keystores and select " Custom...

Monday, May 5, 2014 | Weblogic Security | Read More

Steps to configure Multiple AD Kerberos Domain with Weblogic Server

Multi Domain AD - Kerberos with WLS : ____________________________________ In this example I am using two AD domains : UP.COM and DOWN.COM I have configured a forest trust between these two AD boxes. I have created a user " up_user " in UP.COM and " down_user " in DOWN.COM. The two users I created above will represent the Weblogic Server Machine. I will now create user " test_up " in UP.COM and " test_down " in DOWN.COM I will use test_up and test_down users to check if Forest...

Tuesday, April 29, 2014 | Weblogic Security | Read More

Steps to configure SAML 2.0 with Shibboleth ( deployed on WLS ) as IDP and Weblogic as SP.

In the example below we will see how to configure SAML 2.0 SSO using Shibboleth ( deployed on WLS ) as Identity Provider and Weblogic as Service provider. * I am using Shibboleth v2.3.8 as identity provider and Weblogic 10.3.6 as Service Provider  * and Active Directory for LDAP authentication in this example.  Step 1 : Create two domains in WLS 10.3.6, namely : " shibboleth-idp_domain " --> For Shibboleth IDP --> Admin server http port 7001 and https port 7002. " sp_domain " -->...

Wednesday, April 2, 2014 | Weblogic Security | Read More

Steps to create a csr ( certificate signing request ) using keytool and get it signed from an external CA ( Certificate Authority - Thawte )

Step 1 : Create a certficate pair using keytool genkeypair command  Command :  keytool -genkeypair -alias mykey -keyalg RSA -keysize 2048 -validity 365 -keypass privatepassword -keystore identity.jks -storepass password Step 2 : Now create a certificate signing request ( csr ) which has to be passed on to your external / third party CA ( Certificate Authority ). Command :  keytool -certreq -alias mykey -file certreq.pem -keystore identity.jks Note: - The above command Generates a...

Wednesday, December 18, 2013 | Weblogic Security | Read More

Steps to configure SAML 2.0 with Weblogic Server (using Oracle DB as a RDBMS security store)...

Note : - To setup SAML 2 with Weblogic 10.3.x we need to create a security database even before creating domain. - The RDBMS security store is required by the SAML 2.0 security providers in production environments so that the data they manage can be synchronized across all the WebLogic Server instances that share that data. - Note that Oracle does not recommend upgrading an existing domain in place to use the RDBMS security store. If you want to use the RDBMS security store, you...

Wednesday, December 11, 2013 | Weblogic Security | Read More

Steps to create a .jks keystore using .key and .crt files...

F5 load balancers generate .crt and .key files, which has to be converted to a .jks keystore to configure it with Weblogic Server. Here .crt is the signed certificate from a CA and .key contains the private key. These are in PEM format. Step 1 : Copy the crt contents to a notepad and save this file with .pem extension. Eg : cert.pem Contents : —–BEGIN CERTIFICATE—– MIIFMDCCBBigAwIBAgIDDCucMA0GCSqGSIb3DQEBCwUAMDwxCzAJBgNVBAYTAlVT . . . EMJj7aen/ouZThhszQ7lYbvCsQRQlGkKHR0byY4TBoq7kIG5nb64tX...

Friday, October 4, 2013 | Weblogic Security | Read More

Steps to create a self-signed certificate and configure Custom Identity and Custom Trust with Weblogic Server using Keytool...

Below are the steps to create a self signed certificate : Command 1 :  keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -validity 365 -keypass privatepassword -keystore identity.jks -storepass password Note : List of keytool commands which are changed in java 1.6 : -export, renamed to -exportcert -genkey, renamed to -genkeypair -import, renamed to -importcert All previous commands are still supported in this release ( keytool in java 1.6 ) and will continue to be supported in...

Friday, August 23, 2013 | Read More

Steps to DeInstall Oracle Weblogic Server 12.1.2.0.0...

Below are the steps to deinstall Oracle Weblogic Server 12.1.2.0.0 : Note : - You can deinstall Weblogic Server in two ways : * Silent Mode * GUI Mode   - The deinstaller does not remove the JDK or any user-created data such as WebLogic domains or custom application data. Only the components that were installed by the installation program are removed by the deinstaller.  Deinstalling WLS 12.1.2 in Silent mode : Deinstall WLS 12.1.2 in GUI mode : Step 1 : Go to " ORACLE_HOME\oui\bin "...

Friday, August 16, 2013 | Read More

Steps to create a new domain on Weblogic Server 12.1.2.0.0...

Note : - Prior to running the Configuration Wizard to create a domain on a UNIX or Linux operating system, if you have not already done so, set the CONFIG_JVM_ARGS environment variable to the following value:     " -Djava.security.egd=file:/dev/urandom " This decreases the amount of time it takes for the Configuration Wizard to create or update a domain. - Quick Start Configuration Wizard can be used only to configure the various sample domains, such as MedRec and the Examples...

Friday, August 16, 2013 | Read More

Steps to install Oracle Weblogic Server 12.1.2.0.0...

We can install WLS 12.1.2.0.0 in two modes : - GUI mode - Silent mode Note : - We donot have the console mode option anymore - JDK is not bundled along with the installer, so install JDK first and then install Weblogic Server. - If this is the first time you are installing Weblogic Server on your machine then an Oracle Inventory is created first and then WLS is installed. If Oracle Inventory is already present then the new installation details would be appended to this file. -...

Thursday, August 15, 2013 | Read More

Steps to configure SAML 2.0 with Weblogic Server (using embedded LDAP as a security store - Only for Dev Environment)...

NOTE : - A WebLogic Server instance that is configured for SAML 2.0 SSO cannot sent a request to a server instance configured for SAML 1.1, and vice-versa.  - WebLogic Server does not support encrypted assertions in SAML.  - It is always recommended to create a domain in which the RDBMS security store is configured.  - The RDBMS security store is required by the SAML 2.0 security providers in production environments so that the data they manage can be synchronized across all the...

Tuesday, July 30, 2013 | Weblogic Security | Read More

Steps to configure Kerberos / SPNEGO / NTLM authentication with Weblogic Server running on Oracle JDK :

* The AD machine used in this configuration is :  SLKRBTRN6-01.slkrbtrn6.bea.com ( Windows 2008 R2 ) * Weblogic Server is on machine : SLKRBTRN6-03. ( Windows XP ) ------- Step 1 : - Create a new user say, " wlsclient " on AD for your Weblogic server instance.         Note : - The account type should be "User", not a "Computer" in the AD. - Check password never expires option for the user.  - DES encryption type is disabled by default on Windows 2008 AD and hence donot check this option...

Friday, July 19, 2013 | Weblogic Security | Read More
Oracle

Integrated Cloud Applications & Platform Services