WLPS and SiteMinder

Similar Messages

• OIM and SiteMinder

  Hi All, I searched the threads but didn't see anything specific to this topic.
  I am (in the near future) planning on implementing OIM. In this case, I have SiteMinder already in place. I know that OIM and OAM are easy to integrate, but what about OIM and SiteMinder? In theory, they should work fine together.
  Has anyone had any experience with this? Any advice or gotchas I need to be aware of?
  Thanks in advance!

  Check the post installation steps for Enabling Single Sign on in Oracle Identity Manager
  http://download.oracle.com/docs/cd/B32479_01/doc.903/b32459/post_install.htm#CBHIHACD
  Hope this helps,
  Sagar

• BEA 8.1 and Siteminder Integration

  Does anybody have code sample and/or implementation for BEA 8.1 and Siteminder 6.0 integration?

  Does anybody have code sample and/or implementation for BEA 8.1 and Siteminder 6.0 integration?

• ADF and SiteMinder not working

  Hi,
  I'm working on a project where the CA SiteMinder Authenticator and IdentityAsserter have been configured in a clustered environment alongside the Default Authenticator and IdentityAsserter. An ADF app using a combination basic J2EE security (isUserInGroup/Role type calls to show/hide tabs depending on user's role) and ADF Security roles and policies (used to lock down task flows to specific roles/groups/users).
  The J2EE security call works fine, proving that SiteMinder has populated the security Subject with the correct Principals and authorised correctly.
  However, ADF Security does not work at all, even though I can see the groups that originated in the SiteMinder Authenticator in the Enterprise Manager security config screens.
  I have mapped the ADF Application Roles to J2EE groups successfully, but when I access the application having successfully logged in as a user who is a member of that group, the taskflows don't show up...
  When I run this in a non-clustered WLS environment with only DefaultAuthenticator/IdentityAsserter, all is well, TaskFlows show/hide as expected.
  This falls neatly between Oracle and CA in terms of problem solving, can't get much help from either at the moment.
  Any thoughts or possible lines of enquiry are welcome.
  Edited by: 893022 on 27-Oct-2011 04:23

  Hi Frank,
  I'm just trying that now - reducing the variables seems like a good plan.
  A couple of things we're unsure of:
  1. Does ADF support Siteminder R12? My feeling is that the two are probably not related as ADF accesses the security realm via OPSS and the SiteMinder app server agent is an implementation of the WLS SSPIs, which would never be directly accessed from ADF (as far as I can tell).
  2. I've seen an example on redstack where an ADF application is deployed into an environment that is configured to use an Acitive Directory provider. There is a step includes that involves editing jps-config.xml on the server to include username.attr and user.login.attr properties to the idstore.ldap service instance. Is there similar any FMW-level config I'd need to do for SiteMinder?
  3. When JDeveloper builds the ADF app, it changes the class uses Groups and Users from:
  oracle.seurity.jps.internal.core.principals.JpsXmlEnterpriseroleImpl
  to:
  weblogic.security.principal.WLSUserImpl
  We did some debugging on on our app and saw that the SiteMinder 'Groups' that are fed into WLS by the SSPI are actually of a different class althoghether:
  com.netegrity.siteminder.weblogic.sspi.auth.SmWLSGroupImpl
  I'm building my ADF app with Maven so have used XMLTask to make this change to jazn-data.xml on deploy, but still no joy. ADF just doesn't appear to be able to 'see' the users and groups that have come from SiteMinder providers.

• Issue in WLP and UCM integration using VCR adapter

  Hi All,
  I am working on a priority customer POC .
  I was trying to integrate WLP with UCM and done all the installation and configuration according to VCR adapter guide.
  The version of WLP is 10GR3 and UCM is 10GR3.
  I am getting the following error in connecting the the UCM repository:
  An exception has been thrown while attempting to persist changes for the service: Repository Configuration.
  Error authenticating to repository: UCM Repository. Possible cause could include, but is not limited to a bad repository configuration or the repository is unknown.
  I have done the repository configuration from Portal Admin console not from the Workshop.
  Please look into this.
  Thanks and Regards
  Rahul

  <Aug 27, 2009 11:47:56 PM CDT> <Error> <ContentManagement> <BEA-000000> <Unable
  to connect to repository UCM Repository
  com.bea.content.RepositoryRuntimeException
  at com.oracle.content.spi.ucm.ObjectClassOps.<init>(ObjectClassOps.java:
  46)
  at com.oracle.content.spi.ucm.TicketImpl.initInterfaces(TicketImpl.java:
  43)
  at com.oracle.content.spi.ucm.TicketImpl.<init>(TicketImpl.java:145)
  at com.oracle.content.spi.ucm.RepositoryImpl.connect(RepositoryImpl.java
  :56)
  at com.bea.content.federated.internal.delegate.RepositoryManagerDelegate
  .connectToRepository(RepositoryManagerDelegate.java:914)
  Truncated. see log file for complete stacktrace
  com.bea.content.NoSuchObjectClassException
  at com.oracle.content.spi.ucm.factory.ObjectClassFactory.buildObjectClas
  s(ObjectClassFactory.java:289)
  at com.oracle.content.spi.ucm.factory.ObjectClassFactory.buildAllObjectC
  lasses(ObjectClassFactory.java:207)
  at com.oracle.content.spi.ucm.factory.ObjectClassFactory.getAllObjectCla
  sses(ObjectClassFactory.java:84)
  at com.oracle.content.spi.ucm.factory.ObjectClassFactory.<init>(ObjectCl
  assFactory.java:54)
  at com.oracle.content.spi.ucm.factory.ObjectClassFactory.getInstance(Obj
  ectClassFactory.java:71)
  Truncated. see log file for complete stacktrace
  oracle.stellent.ridc.protocol.ServiceException: Could not load information about
  VCR content type. Unable to retrieve information for 'ELDEF_LIST_LINKS_PLAINTEX
  T'. Unable to find latest released revision of 'ELDEF_LIST_LINKS_PLAINTEXT'.
  at oracle.stellent.ridc.protocol.ServiceResponse.getResponseAsBinder(Ser
  viceResponse.java:116)
  at oracle.stellent.ridc.protocol.ServiceResponse.getResponseAsBinder(Ser
  viceResponse.java:92)
  at com.oracle.content.spi.ucm.UCMBridge.executeRequest(UCMBridge.java:37

• Wlp and apache load balancing

  Hi,
            I have been trying to understand webloigc clustering and load balancing capabilities. I have been through the edocs but it does not explain how things work, instead they only emphasis on how to configure.
            Consider the following scenario:
            --------cisco firewall/load balancer------------
            apatche1 apache2 apache3
            -------------------firewall-------------------------
            WLP1 WLP2 WLP3 WLP4
            My questions are:
            (1) how apache servers load balance incoming requests amongst the four portal instances? I understand that it will use weblogic proxy plug-in. the httpd.config also should be configured to proxy requests to WLP instances by adding the corresponding address:prot entries for each instance, using WebLogicCluster keyword.
            (2) Weblogic cluster will have nothing to do with load balancing? The only benefit I get of configuring weblogic cluster is session replication, right?
            (3) even failover is going to be handled by apache servers?
            (4) if I need to use SSL and I need to have my SSL encryption/decryption to be done on WLP instances; apache servers will only forward requests, no encryption/decryption to be done on the web tier. Is this possible?
            See in WebSphere the edge component will handle the load balancing and through it I can assign load weights for each appserver instance.
            (5) Are there any best practice to implement load balancing and failover on weblogic portal?
            I appreciate any input in this regards.

  1. yes, configure the apache plugin. put your 4 servers in the WeblogicCluster property (host:port,host:port...). The proxy will round robin requests between the servers in the cluster, although sessions are pinned to a single server. So if a request with a session (jsessionid cookie) comes in, it will read the primary server from the cookie and route it to that server.
  note that we have had trouble with keep alives ON and load balancing. we had to turn keep alives off to get load balancing working.
  2. right, the cluster allows failover by replication. apache plugin will perform the failover.
  3. the plugin will keep a dynamic server list so if a server goes down, it will update the cluster list and not route to it. it will also retry requests on another server on an error or timeout connecting. you can tweak timeout settings like WLSocketTimeoutSecs and ConnectTimeoutSecs. and keep idempotent ON which allows failover, unless you aplpication can't handle this.

• WebCenter and SiteMinder

  Hello,
  we have latest webcenter and weblogic installed. we have siteminder installed. we will be creating webcenter
  application and want to integrate siteminder with our application for security (authenticate / authorize etc)
  we have limited know how to integrate siteminder with application ...pl any help appreciated.
  thx.

  Hi.
  If you have access to MoS (My Oracle Support) read Certification of CA SiteMinder with Oracle WebCenter 11g (Doc ID 1485179.1)
  Basically it requires to install the CA Siteminder WebLogic Agent and configure the Identity Providers for Siteminder in WebLogic.
  If you require further support on this the correct forum is WebLogic Server - General
  I hope this helps
  Regards.

• Weblogic and siteminder

  Hi, I am using SiteMinder to authenticate a user to a web service deployed in a war file in weblogic 7.0 server. SiteMinder does a HTTP Basic authentication and allows the user to invoke the service. But, Weblogic also tries to authenticate the user id.
  Is there a way to stop weblogic from trying to authenticate the user? It does not work unless I create a user in the default realm.
  Any help in this regard is appreciated.
  Thanks,
  David

  David <[email protected]> wrote:
  Hi, I am using SiteMinder to authenticate a user to a web service deployed
  in a war file in weblogic 7.0 server. SiteMinder does a HTTP Basic authentication
  and allows the user to invoke the service. But, Weblogic also tries
  to authenticate the user id.
  Is there a way to stop weblogic from trying to authenticate the user?
  It does not work unless I create a user in the default realm.
  Any help in this regard is appreciated.
  Thanks,
  DavidIt sounds like an issue in your asa agent configuration.

• WLPS and WebGain Studio

  Good morning,
  I would like to integrate WebGain Studio with WLPS for development purposes.
  The current installation of WebGain Studio provides support for the standard
  server.
  Does any have any information that they can share on this topic.
  Thanks in advance.
  Steve Whatmore
  [email protected]

  Michael,
  Here is a copy of a message that I recieved on one of the WebGain
  newsgroups, obviously there is a little bit of work required. I have yet to
  actually try/confirm the attached solution.
  included message follows:
  It's working well for me,
  I haven't gone too deep into Dreamweaver/WLCS work yet, but as for
  VisualCafe/WLS here is what I did:
  1) Edited StartCommerce script adding "echo" to the beginning of my
  startup line. I then ran the script to get the command line I was using
  to start WLCS.
  2) Tried to start the commerce server using VisualCafe, and got the
  command line it was using from the Messages window.
  3) Compared the two startup lines to see what "-D" properties,
  weblogic.class.path entries, and Java system classpath entries I was
  missing in VisualCafe.
  4) Added the missing items in Manage Deployment Target section of the
  EJB setting in VisualCafe.
  The items I ended up adding where:
  Additional classpath Entries:
  C:\Programs\Weblogic\lib\Weblogic510sp4boot.jar
  Additional weblogic.class.path Entries:
  D:\dev\packages\oracle\classes12.zip;C:\Programs\Weblogic\lib\Weblogic510sp4
  .jar;C:\Programs\Weblogic\lib\Weblogic_RDBMS.jar;C:\Programs\Weblogic\lib\rm
  i-iiop12.jar;C:\Programs\Weblogic\lib\collections.zip;C:\Programs\Weblogic\l
  ib\foundation-bmp-deploy.jar;C:\Programs\Weblogic\lib\axiom-bmp-deploy.jar;C
  :\Programs\Weblogic\lib\ebusiness-bmp-deploy.jar;C:\Programs\Weblogic\lib\ex
  amples-bmp-deploy.jar;C:\Programs\Weblogic\lib\Helper-bmp.jar;C:\Programs\We
  blogic\lib\wljsp.jar;C:\Programs\Weblogic\lib\um_tags.jar;C:\Programs\Weblog
  ic\lib\esjsp.jar;C:\Programs\Weblogic\lib\rules.jar;C:\Programs\Weblogic\lib
  \jrulesserviceprovider.jar;C:\Programs\Weblogic\lib\esportal.jar;C:\Programs
  \Weblogic\lib\pt_admin.jar;C:\Programs\Weblogic\lib\foundation.jar;C:\Progra
  ms\Weblogic\lib\axiom.jar;C:\Programs\Weblogic\lib\bridge.jar
  Optional VM Arguments: -Dweblogic.system.name=server
  -Dcommerce.properties=C:\Programs\Weblogic\weblogiccommerce.properties
  Yours may be very different (in fact they most likely will be as I have
  WLCS installed into the same directory as WLS, which is rather
  unconventional). Debugging requires you to get ddservices, debugvm, and
  Visual Cafe debug settings in order. On windows this is pretty
  automatic I think.
  Good Luck,
  Ian
  Steve Whatmore wrote:
  >
  Hello all,
  Currently what is the support for Weblogic Personalization Server (WLPS).
  I have seen a couple of postings related to connecting WebGain to Commerce
  Server. Has anyone had any success with connecting the IDE to the commerce
  server. If so please share a quick cheat-sheet on how this isaccomplished.
  >
  Thanks in advance.
  Steve Whatmore
  [email protected]
  Ian R. Brandt
  Software Engineer
  Genomics Collaborative, Inc.
  99 Erie Street
  Cambridge, MA 02139
  (617)661-2400 Ext.2244
  (617)661-8899 FAX
  [email protected]
  "Michael Girdley" <[email protected]> wrote in message
  news:[email protected]...
  >
  >
  It should work fine because the personalization server is simplycomponents
  built on top of the standard server.
  Thanks,
  Michael
  Michael Girdley
  BEA Systems Inc
  "Steve Whatmore" <[email protected]> wrote in message
  news:[email protected]...
  Good morning,
  I would like to integrate WebGain Studio with WLPS for developmentpurposes.
  The current installation of WebGain Studio provides support for thestandard
  server.
  Does any have any information that they can share on this topic.
  Thanks in advance.
  Steve Whatmore
  [email protected]

• Weblogic 81 sp6 and siteminder authentication

  I am running into a puzzling issue after upgrding to weblogic8.1 sp6. I am not sure if any experienced this and how to remedy the problem.
  1- background : I had weblogic8.1 sp5 installed and I had a deployed web application on a managed server. There is a siteminder protection for the anything under the context root of this web application. The siteminder plugin is installed on Iplanet( SUN WEB Server 6.1sp3). When a user tries to access this webapplication though the webserver. Siteminder interrupt the request and authenticate the user. if the user is authorized to access the application, siteminder will change the headers and add other header variables and redirect it again to the application. All was working fine and no changes were needed.
  Once I upgraded to weblogic 8.1 sp6. User gets authenticated by sinteminder but the weblogic server tries to authenticate the user again using its own form. If siteminder is disabled, then the user can access the application fine without weblogic authentication. There are no configuration changes at all in this upgrade. I only reference the new JDK and new weblogic 8.1sp6 files to restart the servers.
  If you have any idea, please reply to this post.
  thank you.

  after opening a support ticket, it's been resolved for me.
  Patch CR287255 has been created and allow you to add a new parameter in the config.xml of your domain: EnforceValidBasicAuthCredentials = "False".
  Hope this helps.

• Safari 2 and Siteminder

  Hi,
  I found a relevant issue upgrading from Panther to Tiger. The issue is Safari 2 (build 412 and 412.5) .
  Most of homebanking systems use Siteminder. Siteminder is very popular in home banking and ecommerce big sites.
  I tried to authenticate myself in my homebanking and in more than one ecommerce website.
  Same results. It doesn't work anymore. I receive back always "authentication error".
  This means that Safari 2 users cannot use homebanking or ecommerce anymore.
  Did anyone find a solution? Or is there any setting to be changed?
  Thx
  Flavio

  My guess is that this is a problem with Safari. When I use Firefox, I don't have any trouble with quicken files. Safari downloads them to the default download location, but there is some sort of file extension problem that prevents the OS from recognizing the file as a quicken file. It's infuriating! Others have posted Apple Scripts to deal with this, but I don't see the point of going to all that trouble if Firefox works. It's too bad, though, because--as a general matter--I like Safari and would prefer it over Firefox, were it not for this issue.
  Perhaps someone at Apple is paying attention.

• ADF and Siteminder

  Our team filed a support ticket for this, but I thought maybe someone might be able to provide some support here.
  We have a logout link in our custom webcenter portal application and need to configure SSO logout with our siteminder access manager. SSO log-in works correctly with siteminder, but logout does not. We have configured our logout link to direct the user to faces/oracle/webcenter/portalapp/pages/logout.jspx, however when we are directed to this page the URL contains dynamic ADF parameters that prevent siteminder from killing the session cookie. Siteminder needs our application to hit the specific URL w/o those parameters in order to kill the cookie.
  Here is an example of what the URL looks like right now:
  faces/oracle/webcenter/portalapp/pages/logout.jspx?_afrLoop=711738125060229&_afrWindowMode=0&_afrWindowId=di8an041y_14#%40%3F_afrWindowId%3Ddi8an041y_14%26_afrLoop%3D711738125060229%26_afrWindowMode%3D0%26_adf.ctrl-state%3D11vbfe1fc1_4
  Here is what we want:
  faces/oracle/webcenter/portalapp/pages/logout.jspx

  You can help me in SSO login. I have webcenter portal URL , How do i make it SSO Enabled plus inside my ADF application
  I am using security context to access user profile.Is it possible.

• Admin Console and Siteminder

  All,
  Has anybody had any experiencesof including the Admin Console user and password in Siteminder ?
  Can it be done ?
  Thanks,
  Eric.

  I'm runing the Sun Java System Console 5.2 - Build number: 2005.192.1908
  All of the latest patches have been installed, including a few updates that have not been formerly released as full patch.
  Thanks,
  -r

• OIA and Siteminder integration

  Has anyone integrated OIA(11g BP6) with Siteminder for authentication purposes? Can you please helo me with the configurations to be done in OIA and in Siteminder for this integration.
  Inputs from integration done in any version of OIA will be helpful.
  Let me know if you need more information.
  Thanks,
  JK

  The files are located in the deployment path used by Weblogic. In my case that is $RBACX_HOME/rbacx/WEB-INF/lib where $RBACX_HOME = C:\OIA_11gR1.
  Have I set it right?
  I tried changing the variable to $RBACX_HOME to C:\OIA_11gR1\rbacx but the Application won't start when I change the variable RBACX_HOME.
  Thanks!!!

• BPC and SiteMinder

  Our Client has this application which is SiteMinder based. All the users would first login to this Siteminder based app and then login to SAP portal etc.,
  We wanted to do the same with BPC . We wanted the user to see the siteminder app based page - user inputs the credentials and then sees  the Launch page after which the user would click on any of  the icons to get into either BPC for excel etc,.,
  Any Help on this would be appreciated.
  I have atleast 8 yrs of Outlooksoft exp but never came accross a client with this need and was needing some help.
  Thanks
  Surajit

  It is quite interesting to me because SiteMinder is one of enterprise software which can be underlying platform of BPC customer.
  BPC's web services are typical SOAP protocol web service. Of course BPC has own structure and format of xml document because we are using SOAP but also using document based function handling than RPC style.
  Essential of this issue is handling HTTP authentication header from SiteMinder based log on page. If redirected request from log on page to BPC web page has correct NTLM authentication header, there is no reason to fail.
  I like to help you to make that customized login. If you are fine, please let me know.