Oracle Access Manager Integration User Guide
Contents
1. Authorized Date Time 2012 01 06 12 33 04 humbe Open Specify all the details such as Directory Server Host Name Port Number LDAP Admin User ID Admin Password LDAP Base and Login Time Out Duration in seconds 2 17 ORACLE 2 4 4 3 Maintaining Branch Level DN Template Branch Maintenance Go to the Branch Maintenance screen of Oracle FLEXCUBE UBS You need to maintain LDAP DN template for each branch This is used in the Oracle FLEXCUBE user maintenance form to populate corresponding LDAP user ID automatically from this template Go to Branch Parameters screen and click Preferences button Branch Parameters Preferences Netting Suspense General Ledger Walk In Customer Internal Swap Customer Clearing Account Offset Clearing Account Weekly Holiday 1 Weekly Holiday 2 Clearing Bank Code MIS Group For Currency Interdict Timeout Interval Status Processing Basis Provisioning Frequency Uncollected Funds Basis Uncollected Funds Minor Age Limit Yrs Notification Days Cheque Stale Days Limit Expiry Advice Notification Days Back Value Details Back Value Days 233200804 000003171 000003171 Saturday Sunday Interdict Validation Required Contract Level Daily Deferred Statement Generation Enterprise General Ledger 18 Back Valued Check Required Specify the LDAP DN Template Profit and Loss Adjustment Track Previous Year Profit And Loss Adjustment Revaluation S2. SDOMAIN_HOME output Agent_Name ObAccessClient xml 2 Onthe OAM Agent host copy artifacts to the following Webgate directory path Example 11gWebgate_instance_dir webgate config ObAccessClient xml for instance WebTier_Middleware_Home Oracle_WT1 instances instance1 config OHS ohs1 webgate config ObAccessClient xml 2 4 3 5 Creating Authentication Scheme Navigate to Policy Configuration gt gt Authentication Schemes Click Create button to create a new Authentication Scheme 2 8 ORACLE ORACLE Access Manager Policy Configuration System Configuration All EI Search Boose Ch View v Ge Ei ut X FCUBS_Auth_Scheme Authentication Schemes Confirmation Authentication Scheme FCUBS_Auth_Scheme created successfully Accessibility Help Son Out Signed in as weblogic a Set As Default Apply Ki S Shared Components y EH Resource Type bo HTTP Name FCUBS_Auth_Scheme TokenServiceRP Description e wi_authen y a Host Identifiers E 1amsuiteAgent v H Authentication Schemes Challenge Method BASIC xz EZ AnonymousScheme Challenge Redirect URL oam server EI BasicScheme EI BasicSessionlessScheme E FAAuthScheme EE les Aug Scheme EI KerberosScheme a LDAPNoPasswordValidationScheme K LDAPScheme a OAAMAdvanced Gel OAAMBasic EE OAM 10gScheme a OAMAdminConsoleScheme ll oF Scheme E oImscheme el tapscheme gt BE xsooscheme VM Application Domains gt L Fusion Apps Integration gt Gr su
3. Oracle FLEXCUBE login to the application and check SSO Enabled check box in Bank Parameters Maintenance screen 2 16 ORACLE Bank Parameters Maintenance Bank Code 000 Head Office Branch Code 000 Financial Preferences General Preferences Format Masks CIF Mask bbbnnnnnn General Ledger Mask nnnnnnnnn Spread x Spread Application BothLeg Spool File Purge Days Inter Pay Lead days Cheque Numbering Details _ Cheque Numbers Unique for Branch TRS Details Input ByLC32702 Date Time 2012 02 29 13 26 22 2 4 4 2 SSO Parameters Authorized ByLC32702A403 Date Time 2012 02 29 15 20 45 CustomerName BANK FUTURA Description BANK FUTURA Year End Profit and Loss General Ledger 241000801 Transaction Code 000 General Ledger Purge Days _ Auto Batch __ User Restriction For Batch 7 550 Enabled Checksum Algorithm _ Lodgment Numbers Unique For Branch Suspense Account Modification 152 Number Authorized open Ok Exit After enabling SSO you need to maintain the parameters required for SSO Go to Security Maintenance gt Sys Administration gt SSO Maintenance Single Sign On Maintenance LDAP Host padsrini pec LDAP Port 3060 LDAP Admin Id cn orcladmin LDAP Password geg LDAP Base cn Users dc oracle de c om Time Out Duration Seconds 600 Input BySARAN Date Time 2012 01 06 12 33 04 Authorized By SARAN Modification 4
4. link on the Welcome page 2 7 ORACLE Accessibility Help Sign Out Ka ORACLE Access Manager Signed in as weblogic E Policy Configuration System Configuration SE Create OAM 11G Webgate Actions View s Ww Create OAM 11g Webgate n a P a gt gt az Available Services gt Common Settings Version 11g User Defined Parameters t gt server Instances Name FCUBSWebgate gt B Session Management Base URL http ifichw ap 21 7001 gt Lg Certificate Validation gt Data Sources gt Sib Plugins Virtual host C Access Client Password Auto Create Policies V Security Open IP Validation E Simple Cert Host Identifier Resource Lists Protected Resource List op X Public Resource List Relative URI Relative URI ES ia gt Access Manager Settings gt Security Token Service Specify a name for Webgate and the Base URL the host and port of the computer on which the Web server for the Webgate is installed Click Apply button Once the OAM 11g Webgate created add filterOAMAuthnCookie false parameter along with default parameters in User Defined Parameters Click Apply button to save the changes 2 4 3 4 Post OAM Webgate 11g Creation Steps Complete the following steps to copy the artifacts to the Webgate installation directory 1 On the Oracle Access Manager Console host locate the updated OAM Agent ObAccessClient xml configuration file and any certificate artifacts For example
5. steps are provided in this section based on the following assumptions e Oracle FLEXCUBE has already been deployed and is working without single sign on e Oracle Access Manager and the LDAP server are installed and the requisite setup for connecting them along Weblogic s Identity Asserter is completed 2 4 2 Changing web xml file Locate the file web xml in the application FCUBS EAR file Add the following lines under ogin config EE EE lt auth method gt CLIENT CERT lt auth method gt lt realm name gt myRealm lt realm name gt lt LOGin Ccontrig gt D Oracle Middleware user_projects domains FCDomain servers FCServer imp _WL_user FCUBS105 f9bfxy war WEB INFiweb xml iew Search Document Project Tools Window Help Lh ee Y EF e beid E eee Aaah amp lt local gt com ilex Ece ejb FOJEJBLocals local gt lt ejb link gt FCJEJE lt rejb link gt lt r ejb local ref gt lt ejb local ref gt lt eqjb ret name gt FCUBS BATCHEJB LOCAL lt ejb ref name gt lt eqb ref type gt sessions eqyb reft type gt local home gt com iflex icc ejb batch BatchEJBLocalHome lt local home gt local com iflex fcc ejh batch BatchEJBLocal lt local gt lt eqbh link gt BatchEJB lt eqh link gt lt 2 7b local reft gt auth method gt CLIENT CERT auth method gt realu nane gt nyRealm realm name gt lt login contige lt eb app Save the file and redeploy it Restart the application 2 4 3 Configuring SSO
6. 2 13 ORACLE ORACLE Access Manager Policy Configuration System Configuration ai A Search Ze Browse Th View v J B X V S Shared Components y 6 Resource Type HTTP E FCUBSWebgate Protected Resource Policy Authorization Policy Name Protected Resource Policy Description Policy set during domain creation Add resources to this policy to protect them Success URL Accessibility Help Sign Out Oo Signed in as weblogic E EIS Apply Failure URL Use Implied Constraints Identity Assertion L op TokenServiceRP wi_authen d g Host Identifiers E FcuBSwebgate E 1amsuiteagent V EA authentication Schemes Name Type value AnonymousScheme TDN Header user attr dn EI BasicScheme EI BasicSessionlessScheme Fey FA amp AuthScheme GE FCUBS_Auth_Scheme EI KerberosScheme E LDAPNoPasswordalidationScheme A Loapscheme EI OAAMAdvanced Del oaamBasic a OAM10gS5Scheme a OAMAdminConsoleScheme GB o1Fscheme Ga OIMScheme a TAPScheme Gl xsogscheme Ki application Domains 7 Fcusswebgate gt Resources Ki el Authentication Policies gt Gd Protected Resource Policy Ki E authorization Policies E Protected Resource Policy Resources Constraints Responses Ze Responses gt La Token Issuance Policies gt Fusion Apps Integration t gt Garam Suite Add DN in the Responses tab Enter the value as user attr dn The responses maintained in the tab will be added in the response header duri
7. Name Protected Resource Policy Success URL iew v ER inti e A e d A view H ER Description Policy set during domain creation Add resources to this policy to Failure URL V Ef shared Components protect them Identity Assertion y 0 Resource Type 63 HTTP Z TokenServiceRP Authentication Scheme FCUBS_Auth_Scheme EN 0 wi_authen y OI Host Identifiers Responses FCUBSWebgate TAMSuiteAgent y E authentication Schemes i E AnonymousScheme f Header user attr dn E BasicScheme l BasicSessionlessScheme EI F utb cheme 2 FcUBS_Auth_Scheme EI KerberosScheme 2 LoAPNoPasswordValidationScheme LDAPScheme E OA4MAdvanced OAAMBasic H cami ogScheme H oAMAdminConsoleScheme E OIFScheme OIMScheme E TAPScheme x509Scheme y Application Domains y GrFcusswebgate gt Z Resources Ki Gi Authentication Policies gt fa Protected Resource Policy gt E authorization Policies gt La Token Issuance Policies 3 Responses gt Fusion Apps Integration gt Gram Suite Enter the value as user attr dn The responses maintained in this tab will be added in the response header at the time of authentication 2 4 3 7 Adding Resources Navigate to Policy Configuration gt gt Application Domains gt gt CUBSWebgate gt gt Resources Click Create New Resource button 2 11 ORACLE ORACLE Access Manager Accessibility Help Sign Out Signed in as weblogic Policy Configuration System Con
8. Oracle Access Manager Integration Oracle FLEXCUBE Universal Banking Release 12 1 0 0 0 October 2015 Part No E64763 01 ORACLE FINANCIAL SERVICES ORACLE Oracle Access Manager Integration Table of Contents l Gd CA ME E EE 1 1 1 1 INTRODUC Ke 1 1 1 2 AE O scarce E ak ig a EA A E EE 1 1 1 3 APERP E IO A E E A A E EEE 1 1 1 4 DOCUMENTATION ACCESS BU ITY sirisser in aree E EEA EE 1 1 1 5 BE rA EE 1 1 1 6 MES El ee 1 1 1 6 1 Kelod DOUN S eebe l 2 2 ENABLING SINGLE SIGN ON WITH ORACLE ACCESS MANAGER ccccsscccscccssccccccccscceees 2 1 2 1 INTRODUCTION secsi a E aa a 2 1 PAPI EE E E a 2 1 2 BACKGROUND OF SSO RELATED COMPONENTS 2 2 2 3 1 Oracle Access Manager OAAT 2 2 Se EE eegene 2 2 SE Bes WED GGIC ACCESS GE ee EE EE 2 2 2 3 4 n E 2 2 2 4 NIG TION E 2 3 2 4 1 EE 2 3 2 4 2 errereen 2 3 2 4 3 Configuring SSO in OAM Console cccccccccccccccccssessccccceeeeeeeeseeeeeeeeeeaesseeeeeeeeeaaeeeeeeeeeeeaaaaseeeeeeeeaaaaaeeeeees 2 3 2 4 4 First Launch of Oracle FLEXCUBE after Justoallotton 2 16 ORACLE 1 Preface 1 1 Introduction This manual discusses the integration Oracle FLEXCUBE Universal Banking and the Oracle Access Manager system The configurations required for the proper functioning of this integration and further processing are documented in this manual 1 2 Audience This manual is intended for the following User User Roles Back office data entry Clerks Input functions for maint
9. cifically using the Access Manager component of Oracle Identity Management This feature is available in the releases Oracle FLEXCUBE UBS V UM 7 3 0 0 0 0 0 and onwards This document explains the method to enable single sign on for Oracle FLEXCUBE UBS deployment using Oracle Fusion Middleware 11g You will also find backgrounds of various components of deployment and the configurations in Oracle FLEXCUBE and Oracle Access Manager that enable single sign on using Oracle Internet Directory as a LDAP server Prerequisites Software Requirements Oracle Access Manager OAM 11 1 1 5 e Access Server e Webtier Utilities 11 1 1 5 e Web Gate 11 1 1 5 e Http Server LDAP Directory Server Ensure that the LDAP used for Oracle FLEXCUBE Single Sign on deployment is certified to work with OAM some of the LDAP directory servers supported as per OAM document are as follows Note This is an indicative list You can find the conclusive list in Oracle Access Manager Documentation e Oracle Internet Directory e Active Directory e ADAM e ADSI e Data Anywhere Oracle Virtual Directory e IBM Directory Server e NDS e Sun Directory Server WebLogic 10 3 5 For achieving single sign on for Oracle FLEXCUBE UBS in FMW 11gR1 the Weblogic instance must have an explicit Oracle HTTP server OHS 2 1 ORACLE 2 3 2 3 1 2 3 2 2 3 3 2 3 4 Background of SSO Related Components Oracle Access Manager OAM Oracle Access Manager consis
10. e without notice and is not warranted to be error free If you find any errors please report them to us in writing This software or hardware and documentation may provide access to or information on content products and services from third parties Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third party content products and services Oracle Corporation and its affiliates will not be responsible for any loss costs or damages incurred due to your access to or use of third party content products or services
11. enance related to the interface Back office Managers Officers Authorization functions 1 3 Abbreviations Unless specified it shall always refer to Oracle FLECUBE Oracle Access Manager Universal Banking Solutions LDAP Lightweight Directory Access Protocol 1 4 Documentation Accessibility For information about Oracle s commitment to accessibility visit the Oracle Accessibility Program website at http www oracle com pls topic lookup ctx acc amp id docacc 1 5 Organization This manual is organized into the following chapters Chapter 1 Preface gives information on the intended audience It also lists the various chapters covered in this User Manual Chapter 2 Enabling Single Sign on SSO with Oracle Access Manager discusses the method to integrate Oracle FLEXCUBE with Oracle Access Manager for Single Sign on 1 6 Glossary of Icons This User Manual may refer to all or some of the following icons 1 ORACLE Sl Delete row Option List 1 6 1 Related Documents You may refer the following manuals for more information e Procedures User Manual e Oracle Access Manager User Manual not included with Oracle FLEXCUBE User Manuals 1 2 ORACLE 2 1 2 2 2 2 1 1 2 Enabling Single Sign on with Oracle Access Manager Introduction Single sign on capability of Oracle FLEXCUBE Universal Banking Solution UBS is qualified with Oracle Identity Management 11 1 1 Fusion Middleware 11gR1 spe
12. figuration All X Welcome FCUBSWebgate Resources POH FCUBSWebgate FCUBSWebgate FCINeoWeb search SH Resources Ia gees Gh Ven Wo amp V S Shared Components V 0 Resource Type 6 HTTP 46 TokenServiceRP Host Identifier FCUBSWebgate e 46 wi_authen V Pl Host Identifiers FCUBSWebgate Query String g IAMSuiteAgent V E Authentication Schemes EE Authentication Policy Protected Resource Policy w Resource URL FCJNeoWeb Protection Level Protected v 2 BasicScheme Authorization Policy Protected Resource Policy w a BasicSessionlessScheme KE FAAuthScheme FCUBS_Auth_scheme fl KerberosScheme LDAPNoPasswordValidationScheme ge LDAPScheme el OAAMAdvanced ge OAAMBasic KE OAM 10gScheme ge CAMAdminConsoleScheme OIFScheme ge OIMScheme ge TAPScheme K xS09Scheme V Application Domains V Fcusswebgate Z Resources gt El Authentication Policies gt EN Authorization Policies gt L Token Issuance Policies gt G Fusion Apps Integration gt IAM Suite Type Select HTTP Host Identifier Select FCUBSWebgate Resource URL Specify FCJNeoWeb Protection Level Select Protected Click Apply button to update the resource added Authentication Policy Select the authentication policy and authorisation policy as Protected Resource Policy 2 4 3 8 Adding Authorization Policy Check whether the resources available in the authentication policies a
13. in OAM Console After installing OAM Webtier Utilities and Webgate extend the Weblogic domain to create OAM server Follow the post installation scripts deployWebGate and EditHttpConf as explained in the page http docs oracle com cd E17904 01 install 1111 e12002 webgate004 htm 2 4 3 1 Identity Store Creation Create a new User Identity Store Login to OAM Console and navigate to System Configuration gt gt Common configuration gt gt Data Sources gt gt User Identity Store 2 3 ORACLE ORACLE Access Manager Accessibility Help Sign Out Signed in as weblogic E Policy Configuration System Configuration x Common Configuration Welcome FCUBSWebgate oam server User Identity Stores Actions View yok WwW Create User Identity Store Test Connection y Data Sources Store Name FCUBSIdentityStore V SE User Identity Stores gt 2 UserIdentityStore1 gt 5 pPlugins x Access Manager Settings Actions View v ON W v Location and Credentials gt P Access Manager Settings Location ifichw ap 21 3061 Bind DN n ordadmin V X550 Agents gt S OAM Agents gt 0550 Agents V SS Authentication Modules V EBS LDAP Authentication module User Name Attribute uid LDAP User Search Base cn Users dc orade dc com gt EF LDAPNoPasswordAuthModule SC User Filter Object Classes gt SS Kerberos Authentication module gt BP x509 Authentication module Group Name Attribute gt BF custom Authentication module Gro
14. ite EN Authentication Level Le Default Authentication Module FCUBS_Authentication_Module Le z gt gt b b gt gt gt gt 2 gt b gt gt gt gt Name Specify a name to identify Authentication Scheme Challenge Method Select BASIC Challenge Redirect URL Specify oam server Authentication Module Select the authentication module that you had created in an earlier step Creating Authentication Module If it is a basic authentication scheme you need to add the enforce valid basic auth credentials tag to the config xmI file located under user_projects domains lt MyDomain gt config Insert the tag before the end of the lt security configuration gt tag as follows lt enforce valid basic auth credentials gt false lt enforce valid basic auth credentials gt lt SeCUriTY cOonrtiguracion gt 2 9 ORACLE 2 4 3 6 Creating Authentication Scheme Navigate to Policy Configuration gt gt Application Domains gt gt Webgate agent name gt gt Authentication Policies Click New button and specify the following information ORACLE Access Manager Accessibility Help Sign Out Signed in as weblogic P Policy Configuration System Configuration All E Create Authentication Policy Search Authentication Policy D Browse GEER Name FCUBSWebPolicy Success URL Ven QQ WS x Description Failure URL y Ef Shared Components Identit
15. l Banking Default x ORACLE 2 4 4 6 Signoff in a SSO Situation Oracle FLEXCUBE does not provide for single signoff When a user signs off from Oracle FLEXCUBE the session established with Oracle Access Manager by the user will not be modified in any manner In an SSO situation the Signoff action in Oracle FLEXCUBE functions as Exit On clicking Signoff the user will exit Oracle FLEXCUBE The user needs to re launch Oracle FLEXCUBE using the FLEXCUBE launch URL to use it again 2 21 ORACLE ORACLE Oracle Access Manager Integration October 2015 Version 12 1 0 0 0 Oracle Financial Services Software Limited Oracle Park Off Western Express Highway Goregaon East Mumbai Maharashtra 400 063 India Worldwide Inquiries Phone 91 22 6718 3000 Fax 91 22 6718 3001 www oracle com financialservices Copyright 2007 2015 Oracle and or its affiliates All rights reserved Oracle and Java are registered trademarks of Oracle and or its affiliates Other names may be trademarks of their respective owners U S GOVERNMENT END USERS Oracle programs including any operating system integrated software any programs installed on the hardware and or documentation delivered to U S Government end users are commercial computer software pursuant to the applicable Federal Acquisition Regulation and agency specific supplemental regulations As such use duplication disclosure modification a
16. nd adaptation of the programs including any operating system integrated software any programs installed on the hardware and or documentation shall be subject to license terms and license restrictions applicable to the programs No other rights are granted to the U S Government This software or hardware is developed for general use in a variety of information management applications It is not developed or intended for use in any inherently dangerous applications including applications that may create a risk of personal injury If you use this software or hardware in dangerous applications then you shall be responsible to take all appropriate failsafe backup redundancy and other measures to ensure its safe use Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws Except as expressly permitted in your license agreement or allowed by law you may not use copy reproduce translate broadcast modify license transmit distribute exhibit perform publish or display any part in any form or by any means Reverse engineering disassembly or decompilation of this software unless required by law for interoperability is prohibited The information contained herein is subject to chang
17. ng authorization 2 4 3 9 Configuring mod_wi_ohs for Oracle Weblogic Server Clusters In order to enable the Oracle HTTP Server instances to route to applications deployed on the Oracle Weblogic Server Clusters add the below directive to the mod wl obs ab file in directory lt Weblogic Home gt Oracle_WT1 instances instance1 config OHS ohs1 lt Location console gt SetHandler weblogic handler WebLogicHost idmhost1l mycompany com WeblogicPort 7001 lt LOCat Lvon gt 2 4 3 10 Checking the Webgate 11g Agent Creation After configuration of webgate 11g agent go to the URL http lt hostname gt lt ohs Port gt ohs modules webgate cgi progid 1 and verify whether the webgate configuration is fine If the URL launches the following screen then it indicates that the webgate configuration works fine ORACLE 2 14 i a T Diagnostic View of Oracle Access Manag ds i padsrini pc7780 0hs modules webga Co SC OH Google DI ft GA eh Ka Fd 2 4 3 11 Using OAM Test Too This step is not mandatory Oracle Access Manager Test Tool helps you check the response parameter values The test tool is available in lt OAM Install Dir gt oam server tester Eg D weblogic Middleware Oracle_IDM1 oam server tester Use java jar oamtest jar to launch the OAM test tool 2 15 ORACLE CO Oracle Access Manager Test Tool File Edit Test Help SAlZ Server Connection IP Address Agent ID Prima
18. plit Details Revaluation Split Required Suspense Product Maintenance Debit Product Description Credit Product Description International Banking Account Number Masks Bank Code aaaann Account Number aann FGL Integration FGL Handoff Required ELCM Integration ELCM Replication LDAP DN Template LDAP DN Template cn lt FCCUSR cn User dc oracle dc com Eg LDAP DN Template cn lt FCJUSR gt cn Users dc i flex dc com In the above template cn lt FCJUSR gt part must be there without alteration However the rest of the DN name can be changed based on the configuration 2 4 4 4 Maintaining LDAP DN for FCUBS users For each user ID in Oracle FCUBS a user has to be created in the LDAP 2 18 ORACLE When creating the user in LDAP ensure that the DN is same as the LDAP DN specified in User Maintenance Once the user is created in LDAP go to the User Maintenance in Oracle FCUBS If the Oracle FCUBS user already exists then unlock the user maintenance and update the LDAP DN value which was set while creating the user in LDAP Click Validate button to check whether any other user has the same LDAP DN value User Maintenance User Details User Status Enabled User Identification FCUBSUSER Hold Name FCUBS User Disabled Locked User Reference ae i ae Classification Staff elt hg l Branch Home Branch 004 Status Changed On Customer No Last Signed On Department Code Staff Customer Res
19. re available in Authorization Policy 9 12 ORACLE ORACLE Access Manager Accessibility Help Sign Out Signed in as weblogic System Configuration Welcome T FCUBSWebgate FCUBS_Auth_Policy FCUBSWebgate Protected Resource Policy search Authorization Policy 1 Browse gt Name Protected Resource Policy Failure URL vwe DQ WOR Description policy set during domain creation Add resources to this policy to Use Implied Constraints Wi V GBR shared Components protect them Identity Assertion E y Z Resource Type 463 HTTP 63 TokenServiceRP Success URL 03 wi_authen y Host Identifiers Resources Constraints Responses FCUBSWebgate El 1amsuiteAgent ZE Resources P X y E Authentication Schemes Resource URL EE AnonymousScheme i FCUBSWebgate FCJNeoWeb EN 22 BasicScheme ECUBSW ehgate J H BasicSessionlessscheme j 2 FAAuthScheme cae ma a D z 2 FCUBS_Auth_Scheme KerberosScheme LDAPNoPasswordValidationScheme 2 LoAPScheme S i OAAMAdvanced OAAMBasic OAM 10gScheme OAMAdminConsoleScheme Kl OIF Scheme H oImscheme el TAPScheme x509Scheme y Application Domains y GFcusswebgate gt 03 Resources y ld Authentication Policies i FCUBS_Auth_Policy gt Eb Protected Resource Policy y E Authorization Policies gt E lProtected F gt Token Issuance Policies gt Fusion Apps Integration gt Gem suite During web gate creation these values are defaulted
20. ry padsrini pc 5575 FCUBSWebgate Agent Password Secondary Min Conn Timeout ms 1 20000 Protected Resource URI D e Scheme est http e FCUBSWebgate a Get Auth Scheme Resource Operation l w aes User Identity IP Address Password e 0000000008 H User Certificate Store Status Messages S2712 11 17 AM response Redirect URL https padsrini pe 1410 1 0amv server S212 11 17 AM response Credentials expected 0x1 basic 2712 11 17 AM reguest authenticate yes S212 11 17 AM response User DN cen SARAHN cn users dc oracle dc com amp 2T12 11 17 AM response SessionlD 96539Gea 751d 456c ach0 90f0 7 cfidels 2712 11 17 AM response action DN cn SARAN cn users dc oracle dc com ev2712 11 17 AM responsel action OAM_IMPERSONATOR_USER e272 11 17 AM request authorize 8 27 12 11 17 AMJ responsel action 2712 11 17 AM responselfaction GANM_IM VG IER IOC 2 11 17 AM responsel action OAM_REMOTE_USER SARAN ev2712 11 17 AM responsel action OAM_IDENTITY_DOMAIN FCUBSIdentityStore Elapsed ms 47 Capture Queue Empty 2 4 4 First Launch of Oracle FLEXCUBE after Installation After installing Oracle FLEXCUBE and launching it for the first time you will see the Oracle FLEXCUBE UBS login screen which prompts for user ID and password This is because the parameter sso installed is set to N during installation 2 4 4 1 Bank Parameter maintenance In order to enable SSO for
21. s gt gt LDAP Authentication Module ORACLE Access Manager Policy Configuration System Configuration x Common Configuration actions V DS a y Data Sources v gt 2 UserIdentityStore1 gt SBFcussidentityStore x Access Manager Settings Actions View OOX I Access Manager Settings y 550 Agents CG OAM Agents gt 0550 Agents V S Authentication Modules V Es LDAP Authentication module HF LDAP gt S LDAPNoPasswordAuthModule gt S FCUBS_Authentication_Module gt HF Kerberos Authentication module gt fF xso9 Authentication module gt HBF custom Authentication module FCUBSWebgate OAM Agents oam server FCUBSIdentityStore FCUBS_Authentication_Module Li Confirmation LDAP Authentication Module FCUBS_Authentication_Module created successfully Name FCUBS_Authentication_Module User Identity Store FCUBSIdentityStore Le Click New button to create new Authentication Module Name Specify the name of the authentication module User Identity Store Specify the user identity store you had created in the previous step 2 6 FCUBS_Authentication_Module Accessibility Help Sign Out Oo Signed in as weblogic a ORACLE 2 4 3 3 Creating OAM 11g Webgate Navigate to System Configuration gt gt Access Manager Settings gt gt SSo Agents gt gt OAM Agents ORACLE Access Manager Accessibilty Help Sign Out Signed in as weblogic Policy Configuration System Config
22. ss Manager The WebGate intercepts HTTP requests from users for Web resources and forwards it to the Access Server for authentication and authorization Whether you need a WebGate or an AccessGate depends on your use of the Oracle Access Manager Authentication provider For instance the Identity Asserter for Single Sign On Requires a separate WebGate and configuration profile for each application to define perimeter authentication Ensure that the Access Management Service is On Authenticator or Oracle Web Services Manager Requires a separate AccessGate and configuration profile for each application Ensure that the Access Management Service Is On Identity Asserter Identity Asserter uses Oracle Access Manager Authentication services and also validates already authenticated Oracle Access Manager Users through the ObSSOCookie and creates a WebLogic authenticated session It also provides single sign on between WebGates and portals You can get more details on Identity asserter at http download oracle com docs cd E12839 01 core 1111 e10043 osso htm CHDGCACEF Note This document contains the configuration of Oracle Internet Directory as LDAP server and its configuration in Weblogic This document does not discuss the configuration and setup of OAM and LDAP directory server of other LDAP servers Such details are provided by the corresponding Software provider 2 2 ORACLE 2 4 Configuration 2 4 1 Pre requisites The configuration
23. triction Department Description Required Tax Identifier ELCM UserID LDAF DN FCUBSUSER Multi Branch Access ime Leve Amount Format Date Format Auto Authorization Validate Start Date 2012 01 06 Password sesesesseee End Date Password Changed On 2012 01 06 11 01 33 Email Invalid Logins Cumulative SUCCESSIVE General Ledgers Limits Branches Products Maker KANNAN1 Date Time 2012 01 06 13 29 56 Mod Mo 3 Checker SARAN Date Time 2012 01 06 143426 Record Status Closed Exit Authorization Status Authorized 2 4 4 5 Launching Oracle FLEXCUBE After setting up Oracle FLEXCUBE to work on Single Sign on mode navigate to the interim servlet URL from your browser Eg http lt hostname gt port FCJNeoWeb Since the resource is protected the WebGate challenges the user for credentials as shown below 2 19 ORACLE Zi Y C Connecting Authentication Required Q A username and password are being requested by S The site says OAM 11g UserName SARAN Password eeeeeeeeee Waiting for padsrini pc vn m 7 gt 11 54 AM Ba gt R N Links Favourite a DI ts re i a H fe on Once the user is authenticated and authorized to access the resource the servlet gets redirected to Oracle FLEXCUBE application server URL You can see the new sign on screen The application automatically redirects to Oracle FLEXCUBE home page 2 20 ORACLE ORACLE FLEXCUBE Universa
24. ts of the Access System and the Identity System The Access System secures applications by providing centralized authentication authorization and auditing to enable single sign on and secure access control across enterprise resources The Identity System manages information about individuals groups and organizations It enables delegated administration of users as well as self registration interfaces with approval workflows These systems integrate seamlessly The backend repository for the Access Manager is an LDAP based directory service that can be a combination of a multiple directory servers which is leveraged for two main purposes e As the store for policy configuration and workflow related data which is used and managed by the Access and Identity Systems e As the identity store containing the user group and organization data that is managed through the Identity System and is used by the Access System to evaluate access policies LDAP Directory Server When Oracle FLEXCUBE is integrated with OAM to achieve Single Sign on feature Oracle FLEXCUBE password policy management such as password syntax and password expiry parameters can no longer be handled in Oracle FLEXCUBE Instead the password policy management can be delegated to the Directory Server All password policy enforcements will be based on LDAP user IDs and passwords WebGate AccessGate A WebGate is a Web server plug in that is shipped out of the box with Oracle Acce
25. up Search Base cn Groups dc orade dc com Group Filter Classes Store Type OID Oracle Internet Directory E Enable SSL yv Users and Groups Group Cache Size Mb Group Cache TTL Seconds d Connection Details Minimum Pool Size 10 Si Results time limit seconds o Maximum Pool Size 50 gt Retry Count 3 Wait Timeout seconds 120 Referral Policy follow Le a Inactivity Timeout seconds gt Security Token Service Specify the following details in the User Identity Store Store Type Select Oracle Internet Directory Location Specify the LDAP server Host name and Port Number in lt HOSTNAME gt PORT format Bind DN Specify the user name to connect to the LDAP Server Password Specify the password to connect to the LDAP Server User Name Attribute Specify the attribute created in LDAP which is the user name for the other application in this example it is treated as the FCUBS Username User Search Base Specify the container of the user name in the LDAP server Group Search Base Specify the container of the group name in the LDAP server 2 4 ORACLE After entering the above details click Apply button On Successful creation click Test Connection button to verify whether the LDAP connection is working fine 2 4 3 2 Creating Authentication Module Navigate to System Configuration gt gt Access Manager Settings gt gt Authentication Module
26. uration x Common Configuration welcome Create OAM 11G Webgate Actions View SRo WA Welcome to Oracle Access Manager 11g gt BF Available Services Use this console to E Common Settings Manage the Access Manager policies already configured in the system pe Bac bastseeee Manage the agent profiles and server profiles of the configured Access Manager servers Register new applications that need single sign on integration with Oracle Access Manager gt Ea Session Management e Manage and create trust between partners for Orade Security Token Service gt A Certificate Validation e Manage common settings and configuration for Oracle Access Manager and Oracle Security Token Service gt Data Sources gt Sip Plugins Click any of the links below to start using the console Alternatively you can use the navigation tree on the left as well 550 Agents 2 Trust Partners Manage Partner applications Manage the trust between partners Ei New OAM 10g Webgate Ei New Requester Partner Ei New OAM 11g Webgate Ki New Relying Party Partner Ki New OSSO Agent Gi Policies Configuration Manage policy components and application domains Manage the common settings and configurations Ei New Application Domain Available Services Common Settings Access Manager Settings Security Token Service Settings gt Access Manager Settings gt Security Token Service Click Create 11g webgate button or New OAM 11g Webgate
27. y Assertion T V Resource Type 6 HTTP 46 TokenServiceRP Authentication Scheme FCUBS_Auth_Scheme 03 wi_authen y g Host Identifiers Resources Bespnuses E FcuBsWwebgate ramsuiteAgent Ki E Authentication Schemes Si AnonymousScheme FCUBSWebgate F BasicScheme a BasicSessionlessScheme RA FaAuthScheme H FCUBS_Auth_Scheme Fe KerberosScheme Si LDAPNoPasswordValidationScheme Si LDAPScheme H OAAMAdvanced H OAAMBasic El OAM 10gScheme a OAMAdminConsoleScheme H OIF Scheme El oImscheme 2 TAPScheme K xso9scheme V Application Domains y FcuBSWebgate gt Resources y E Authentication Policies gt Fe Protected Resource Policy t gt E authorization Policies gt Token Issuance Policies FCUBSWebgate gt Fusion Apps Integration gt Gi suite Name Specify a name to identify the Authentication Policy Eg FCUBSWebPolicy Authentication Scheme Select the authentication scheme you created in the previous step Creating Authentication Scheme Resources Add the resources which should be protected If you add lt WebgateName gt and lt WebgateName gt in the resources then all the sources are protected Add DN in the Responses section 2 10 ORACLE ORACLE Access Manager Accessibility Help Sign Out CH Signed in as weblogic E Policy Configuration System Configuration All f Li FCUBSWebgate Protected Resource Policy Search Authentication Policy t Browse Search H
Download Pdf Manuals
Related Search