A long story of products integration continues in 12c.
We've seen how Oracle Forms 11g can be integrated with Oracle Access Manager in A Case Study - Setting Up Oracle Forms 11g with OAM (Oracle Access Manager)
Now, Oracle Forms 12c can be protected by Oracle Access Managed (OAM) 11gR2 patch set 3.
Oracle Access Manager 11g is a Java Platform, Enterprise Edition (Java EE) - based enterprise - level security application that provides restricted access to confidential information and centralized authentication and authorization services.
Oracle Access Manager 11g, a component of Oracle Fusion Middleware 11g, is a Single Sign-On solution for authentication and authorization.
Authentication servers enable an application to authenticate users by means of a shared authentication token or authentication authority. That means that a user authenticated for one application is automatically authenticated for all other applications within the same authentication domain.
Forms applications use a single sign-on solution only for obtaining database connection information from Oracle Internet Directory or Oracle Platforms Security Services (OPSS).
Once the database information is obtained, interaction with the authentication server no longer occurs.
Exiting a Forms application does not perform a single sign-on logout unless the application has been coded with one of the SSO logout features introduced in Oracle Forms 12c.
Conversely, logging out of a single sign-on session does not terminate an active Forms session unless the application has been coded with one of the SSO logout features introduced
in Oracle Forms 12c. The database session exists until the Forms Runtime (for example, frmweb.exe) on the server terminates, usually by explicitly exiting the form.
As a prerequisite of the integration, following installations have to be complete:
Next, the integration is separated in sections as follows:
I. Integrate Webtier HTTP Server with Oracle Forms
If a remote HTTP Server is used, an additional step of integration with Forms has to be completed by following the steps in 220.127.116.11 Configuring OHS on a Separate Host.
After the Webtier HTTP Server is restarted, the integration can be tested through URL: http://hostname:port/forms/frmservlet? , where hostname is the hostname where the Webtier HTTP Server is installed and the port is the Webtier HTTP Server listen port. Once Forms is accessible this way, the integration can proceed.
If the HTTP Server that comes with the Forms installation is used, only the accessibility test of Forms through HTTP Server is needed.
II. Install and configure Oracle HTTP Server Webgate for OAM
There are two ways to integrate the HTTP Server with Webgate.
1. Manually: follow the steps from B.2 Configuring Oracle HTTP Server 12c WebGate.
2. Automatically: Run the E.1 Oracle Forms Configuration Helper Script
III. Select the partner application registration approach
A. Manual Method - Use OAM Admin Console
1. Log in to the OAM console. - http://hostname:port/oamconsole
2. On the Welcome page, click on New OAM 11g Webgate
3. Provide all the details such as the Base URL, which should be http://hostname:port , where hostname is the hostname of the Webtier HTTP Server machine and the port is the Webtier HTTP Server listen port. Ensure that the Auto Create Policies check box is checked.
While creating the webgate agent, add the following URL to the Protected Resource List:
The parameter values for the Webgate agent will be created on the OAM machine in DOMAIN_HOME/output/<agent name>. There will be two files created, cwallet.sso and ObAccessClient.xml. These files need to be copied to the Webtier machine in WEBTIER_INSTANCE/config/OHS/ohs1/webgate/config. The cwallet.sso file needs to be copied in BINARY mode and the ObAccessClient.xml file needs to be copied in TEXT mode (for UNIX systems). After copying the files a restart of the Webtier HTTP Server is necessary.
B. Automatically using the Forms Configuration Helper Script
a. Download RREG.tar located on the Oracle Access Manager Server in OAM_HOME/oam/server/rreg/client and untar under the Oracle FMW 12c $FMW_HOME directory.
b. Set the MW_HOME and JAVA_HOME environment variables.
UNIX: export MW_HOME=/u01/Oracle/Middleware/Oracle_Home
Windows: set MW_HOME=D:\Oracle\Middleware\Oracle_Home
c. Run the script:
./frmconfighelper.sh enable_sso OAM_hostname OAM_adminport Forms_hostname httpserver_port Forms_DOMAINHOME httpserver_instance
where OAM_hostname is the hostname where OAM is installed, OAM_adminport is the Admin server port for OAM, Forms_hostname is the hostname where Forms is installed, httpserver_port is the listen port of the HTTP Server that is used to access Forms, Forms_DOMAINHOME is the Forms domain home and httpserver_instance is the name of the instance of the HTTP Server.
Note: If running the frmconfighelper.sh script, the webgate agent will be created automatically and all the necessary files will be copied to the HTTP Server instance, so no extra manual steps are required.
After running the script, a restart of the environment is required: Node Manager, Admin server, WLS_FORMS and HTTP Server (in this order)
C. Choose the Forms Identity Store type for storing Resource Access descriptors.
If choosing Oracle Internet Directory (OID) as the Forms Identity Store, proceed with accessing the Associate/Disassociate page:
|OID Host||Select the Oracle Internet Directory Host from the list or select New
Oracle Internet Directory (OID) host to add new host details.
|New OID Host||Host name of the Oracle Internet Directory server. This field is enabled
if you have selected to add new Oracle Internet Directory (OID) Host.
|New OID Port||Port number on which Oracle Internet Directory is listening. This field
is enabled if you have selected to add new Oracle Internet Directory
|Username||Oracle Internet Directory Administrator username|
|Password||Oracle Internet Directory Administrator password|
|Use SSL Port||Select this box if the connection to the Oracle Internet Directory Host
should use SSL (in which case the port number provided should be the SSL
IV. Enable SSO for Forms applications in formsweb.cfg
In order to protect Forms applications via SSO, the formswerb.cfg file needs to be modified.
Using the recommended method of managing formsweb.cfg, open Fusion Middleware Control and enable single sign-on for an application: