Supporting CLIENT-CERT

One of the additional configuration options for the authentication of the product is to implement a Single Sign On solution or implement client certificates. Whilst most of the configuration for these features is performed in the Single Sign On product and/or J2EE Application Server, the Oracle Utilities Application Framework has to be configured to use that facility.

In most cases, to use these facilities the login configuration for the product has to be changed from FORM or BASIC to CLIENT-CERT. This informs the product that the credentials will be passed directly from the J2EE Application Server (via the Single Sign On solution, security providers or via client certificates).

To make this change the following process must be performed:

  • Logon to the machine that houses the environment to change as the product administrator.
  • Take a copy of  the web.xml.template to cm.web.xml.template in the same directory the original is located (in Oracle Utilities Application Framework V2.x it is located in the etc directory of the environment; in Oracle Utilities Application Framework V4.x it is located in the templates directory). This will inform the Oracle Utilities Application Framework to use this new template instead of the base template.
  • Edit the cm.web.xml.template file and replace the login-config section with a section configuring the CLIENT-CERT configuration. For example:

Replace:

    <login-config>
      <auth-method>@WEB_WLAUTHMETHOD@</auth-method>
      <form-login-config>
         <form-login-page>@WEB_FORM_LOGIN_PAGE@</form-login-page>
         <form-error-page>@WEB_FORM_LOGIN_ERROR_PAGE@</form-error-page>
      </form-login-config>
   </login-config>

With:

    <login-config>
      <auth-method>CLIENT-CERT</auth-method>
   </login-config> 

Note: For Oracle Utilities Application Framework V4.x customers this may need to be repeated for the templates for AppViewer (web.xml.appViewer.template) and online help (web.xml.help.template) if you wish to include those components in the same solution.

  • Ensure the environment is shutdown prior to implementing any changes.
  • Execute the initialSetup[.sh] utility to implement the changes and rebuild the EAR files.

Note: As the web.xml file has been changed and EAR file rebuilt, customers using native mode will have to redeploy the SPLWeb application to reflect the change.

  • Optionally, changes can be verified by viewing the web.xml files generated under the etc\conf subdirectory.
  • Restart the product.

The product now is configured to use the CLIENT-CERT option.

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Anthony Shorten
Hi, I am Anthony Shorten, I am the Principal Product Manager for the Oracle Utilities Application Framework. I have been working for over 20+ years in the IT Business and am the author of many a technical whitepaper, manual and training material. I am one of the product managers working on strategy and designs for the next generation of the technology used for the Utilities and Tax markets. This blog is provided to announce new features, document tips and techniques and also outline features of the Oracle Utilities Application Framework based products. These products include Oracle Utilities Customer Care and Billing, Oracle Utilities Meter Data Management, Oracle Utilities Mobile Workforce Management and Oracle Enterprise Taxation and Policy Management. I am the product manager for the Management Pack for these products.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
9
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today