This post is about configuring Weblogic server to assert the authentication information sent by IBM Security Access Manager(TAM) in HTTP Header. TAM is equivalent of OAM(Oracle Access Manager).
Configuration is the two step process as any other SSO solution -
1. Configure the Asserter that asserts the HTTP header token populated by the access manager
2. Configure the Authenticator that establishes the authenticated Subject in the container. Also, populate the prinicipals/groups for the authenticated Subject.
TAM can be configured to send authentication information to WLS in an HTTP header. TAM can populate two types of encrypted tokens in HTTP header -
iv-user - Contains only the authenticated userID
iv-creds - Contains the authenticated userID and the associated groups
IBM provides a Security Provider jar which includes both Identity Asserter and Authenticator to read the encrypted tokens and assert the user. Download the jar from link. This jar needs to copied to <WL_SERVER_HOME>/server/lib/mbeantypes. For more details on configuring security provider refer Oracle Document.
Configuring TAMIdentityAsserter and selecting iv-user token.
List and order of configured Security providers -
Configuration is the two step process as any other SSO solution -
1. Configure the Asserter that asserts the HTTP header token populated by the access manager
2. Configure the Authenticator that establishes the authenticated Subject in the container. Also, populate the prinicipals/groups for the authenticated Subject.
TAM can be configured to send authentication information to WLS in an HTTP header. TAM can populate two types of encrypted tokens in HTTP header -
iv-user - Contains only the authenticated userID
iv-creds - Contains the authenticated userID and the associated groups
IBM provides a Security Provider jar which includes both Identity Asserter and Authenticator to read the encrypted tokens and assert the user. Download the jar from link. This jar needs to copied to <WL_SERVER_HOME>/server/lib/mbeantypes. For more details on configuring security provider refer Oracle Document.
Configuring TAMIdentityAsserter and selecting iv-user token.
No comments:
Post a Comment