However we realized that integrating with webgate was not enough, the user has to be authenticate in the weblogic container also, in order that different deployed web applications can use the same container authentication/authorization services.
Interesting posts on this here and here
The options for us was to use SSPI connector to OAM, however we couldn't use that as the enterprise-wide OAM deployment was not supporting it yet.
So the other option was to use weblogic custom identity assertion and authentication. To understand identity assertion good post here
so we got the sample code from here
After making necessary code changes to read our header variable (Please check the readme.pdf to build/deploy the jar), we were ready to go. We didn't use token or cookie decryption and for authentication we used a LDAP authenticator. This is a bit of duplication on authentication but we need the roles/groups that the user belongs. And for creating a LDAP authenticator very good entry here
Next is to build the portal and see how it performs with these users/groups.
update:may17
I had to SSO ruleauthor applictaion which is on SOA10.1.3.4/Weblogic9.2. So easiest way to SSO weblogic applications was to use the Identity assertion. The Default weblogic identity assertion would work fine, only requirement was to use
No comments:
Post a Comment