Monday May 30, 2016

Steps to create partitions in WLS 12.2.1

Below are the steps to create partitions in Weblogic Server 12.2.1 :

Step 1 :

- Create a weblogic domain (say Partition_From_Windows_Domain)

FMW control is the recommended console for Partition management, so it is good to enable it at the time of  domain creation.  

To enable FMW control select "Oracle Enterprise Manager-Restricted JRF - 12.2.1 [em]" template in the configuration wizard, as shown below :

To access FMW control access : http://<host>:<port>/em

NOTE : We will continue using Weblogic Admin console to create partitions in this example.

Partition names : coke-partition and pepsi-partition

Partition specific realms : coke_realm and pepsi_realm

Partition specific Admin Users : coke_admin and pepsi_admin

Virtual Targets for these partitions : coke-vt and pepsi-vt

Partition Specific Resource Groups : coke-rg1 and pepsi-rg1

Step 2 :

Before creating a partition, you need to create a security realm (then create an Admin user inside this realm, say coke_admin and pepsi_admin) and virtual target for this partition :

To create a new security realm :

Login to console -> Security Realms -> new (say 'coke_realm' and 'pepsi_realm') -> "create default providers within this new realm" (check)

Now create a Virtual target :

Login to console -> + Environment -> Virtual Targets -> new (say coke-vt) and target it to Weblogic Server (say Admin Server) -> specify a URI Prefix

Step 3 :

Lets create a partition now :

Login to console -> Domain Partitions -> new (say coke-partition)-> then target it to a Virtual target (say coke-vt) -> select the security realm for this partition from the drop down menu (say coke_realm)

 Step 4 :

Create a Resource Group inside domain partition


 Step 5 : 

Check the Identity Domains of the partitions :

Step 6 :

You can now deploy applications to Global scope / to a resource group of a partition

To access the application deployed to your partition use the following URL :

http://<host>:<port>/coke/Weblogic_SP_sample_App/login.jsp  ==> Try to login with the coke Admin and also test the login using weblogic user.

Perform similar tests with application deployed on pepsi-partition and global scoped deployment.


Monday May 05, 2014

Steps to configure Custom Identity and Custom Trust with Weblogic Server

What are the different ways keystore can be configured with Weblogic Server ?

What is the default keystore configuration in Weblogic ? 

Weblogic is configured with DemoIdentity and DemoTrust by default.

If you have generated any of the following certficate / keystores then you need to configure a CustomIdentity and CustomTrust as shown in this blog post :

 - Self signed certificate / keystore

- Generated a csr and got a certificate signed from a 3rd party Certificate Signing Authority ( CA ) 

- Generated a csr and got the certificate signed by an internal CA.

 You can also configure a Custom Identity and Java Standard Trust when you have any of the above certificates.

 In case of CustomIdentity and JavaStandardTrust, we create a Identity keystore and for the Trust keystore we make use of the default JDK Trust store i.e cacerts.

We need to import the root/intermediate certificate to cacerts using the following command :

keytool -import -file <root_certificate> -keystore <JDK>/lib/security/cacerts -storepass changeit 

In this post we will see how to configure a Custom Identity and Custom Trust with Weblogic Server.........

[Read More]

Wednesday Apr 30, 2014

Steps to configure Multiple AD Kerberos Domain with Weblogic Server

Say you have x number of users in AD1 and y number of users in AD2.

You can configure Kerberos with multi domain AD and Weblogic Server, provided you have a Forest Trust configured between the two AD domains.

After this setup, we should be able to login to application deployed on Weblogic Server using any user who are a part of AD1 or AD2 - using Kerberos SSO. 

In this post we will see how to configure a multi-domain AD with Weblogic Server using Kerberos for SSO......

[Read More]

Wednesday Dec 11, 2013

Steps to configure SAML 2.0 with Weblogic Server (using Oracle DB as a RDBMS security store)...

 What is SAML 2.0 ?

Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization data between security domains.

SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, that is an identity provider, and a SAML consumer, that is a service provider

It enables cross-platform authentication between Web applications or Web services running in a WebLogic domain and Web browsers or other HTTP clients.

When users are authenticated at one site that participates in a single sign-on (SSO) configuration, they are automatically authenticated at other sites in the SSO configuration and do not need to log in separately.

One who generated the SAML token is called the Identity Provider OR Asserting Party OR Source Site.

And the one accepts the token is called the Service Provider OR Relying Party OR Destination Site.
Trust has to be established between them for SAML to work hence details of the Service Provider has to be with the Identity Provider and details of Identity Provider has to be with the Service Provider.

SAML can be classified into two types depending on the manner in which requests are obtained.

- IDP initiated ( Identity Provider Initiated )

- SP initiated ( Service Provider initiated )

-------------------------- 

- The RDBMS security store is required by the SAML 2.0 security providers in production environments so that the data they manage can be synchronized across all the WebLogic Server instances that share that data.

- Note that Oracle does not recommend upgrading an existing domain in place to use the RDBMS security store. If you want to use the RDBMS security store, you should configure the RDBMS security store at the time of domain creation. If you have an existing domain with which you want to use the RDBMS security store, create the new domain and migrate your existing security realm to it.

- For testing purpose you can use embedded LDAP instead of an external RDBMS store. 

In this post we will see how to configure SAML2 with Weblogic Server using Oracle DB as a RDBMS security store. 

[Read More]

Wednesday Jul 31, 2013

Steps to configure SAML 2.0 with Weblogic Server (using embedded LDAP as a security store - Only for Dev Environment)...

 What is SAML 2.0 ?

Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization data between security domains.


SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, that is an identity provider, and a SAML consumer, that is a service provider

It enables cross-platform authentication between Web applications or Web services running in a WebLogic domain and Web browsers or other HTTP clients.

When users are authenticated at one site that participates in a single sign-on (SSO) configuration, they are automatically authenticated at other sites in the SSO configuration and do not need to log in separately.

One who generated the SAML token is called the Identity Provider OR Asserting Party OR Source Site.

And the one accepts the token is called the Service Provider OR Relying Party OR Destination Site.
Trust has to be established between them for SAML to work hence details of the Service Provider has to be with the Identity Provider and details of Identity Provider has to be with the Service Provider.

SAML can be classified into two types depending on the manner in which requests are obtained.

- IDP initiated ( Identity Provider Initiated )

- SP initiated ( Service Provider initiated )

In this post we will see how to configure Single sign-on (SSO) using SAML 2.0 in Weblogic Server. 

[Read More]
About

Oracle Fussion Middleware - WebLogic

Search

Archives
« June 2016
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  
       
Today