Oracle Access Manager Integration Oracle FLEXCUBE Universal
Contents
1. Create 8 Delete f F Create Self Signed wallet f j Import 7 Export 6d Manage 3 Enter the Details as below amp Click on OK ORACLE Enterprise Manager 11g Fusion Middleware Control Setup Help Log Out Q oid1 o Logged in as weblogic Host padsrini pc E Oracle Internet Directory v Page Refreshed Feb 15 2013 4 40 45 PM IST C Application Deployments E WebLogic Domain Wallets gt Create Self Signed Wallet Identity and Access Create Self Signed Wallet OK Cancel E OAM A self signed wallet is not signed by a well known CA A self signed wallet is not recommended in a production environment The wallet name should be unique for a given component The wallet type can be auto4ogin or password protected Passwords if specified have a minimum length of eight characters and contain alphabetic characters combined with numeric or special characters Autologin wallet is an obfuscated form of PKCS 12 wallet that provides PKI based to services and applications without requiring a password at runtime Auto login wallet don t need a password to modify or delete the wallet File system permissions OIM provide the necessary security for Auto4ogin wallets ovdi Metadata Repositories Self Signed Wallet Details Web Tier Wallet Name gidselfsigned V Auto ogin Add Self Signed Certificate Add a self signed certificate that becomes part of the wallet Common2. 2 6 Configuring SSO in OAM Console After installing OAM Webtier Utilities and Webgate extend the weblogic domain to create OAM server Follow the post installation scripts deployWebGate and EditHttpoConf as provided in http docs oracle com cd E17904 01 install 1111 e12002 webgate004 htm 2 6 1 Identity Store Creation 2 6 1 1 To create new User Identity Store Login to OAM Console and navigate to System Configuration gt gt Common configuration gt gt Data Sources gt gt User Identity Store e Click New icon to create new Identity Store e Input below information in the new User Identity Store Choose Store Type as Oracle Internet Directory Location LDAP server Host name and Port Number in lt HOSTNAME gt PORT format Select Enable SSL check box Bind DN User name to connect the LDAP Server Password Password to connect the LDAP Server User Name Attribute The attribute created in LDAP which will be the User Name for the other application here it will be treated as the FCUBS Username gt User Search Base The container of the User Name in the LDAP server gt Group Search Base The container of the Group Name in the LDAP server Vv V Y Y V WV e Click on Apply Note User Identity Store will be created only if valid LDAP Parameters are passed 2 8 ORACLE ORACLE Access Manager Accessibility Help Sign Out Signed in as weblq Policy Configuration System Configuration Common Configuration Welcome Flexcub
3. e Configure identity and trust e Configure keystores Setup SSL System Status Health of Running Servers Failed 0 fo Critical 0 f Overloaded 0 fo Warning 0 E o Home Log Out Preferences 2 Record Help Home gt Summary of Servers gt AdminServer Settings for AdminServer Configuration Protocols Logging Debug Monitoring Control Deployments Services Security Notes General Cluster Services Keystores ss Federation Services Deployment Migration Tuning Overload Health Monitoring Server Start Web Services ea Keystores ensure the secure storage and management of private keys and trusted certificate authorities CAs This page lets you view and define various keystore configurations These settings help you to manage the security of message transmissions 2 5 Which configuration rules should be used for finding the server s identity and trust keystores More Info ORACLE 2 5 2 4 Follow the steps in Keystores Tab as shown below e Enter Custom Identity Keystore and Custom Trust Keystore as same as the Keystore Name created in step 3 2 1 1 with full path e Enter Custom Identity Keystore Type and Custom Trust Keystore Type as jks e Enter Custom Identity Keystore Passphrase Confirm Custom Identity Keystore Passphrase Custom Trust Keystore Passphrase and Confirm Custom Trust Keystore Passphrase as same as the Store Password entered in step 3 2 1 1 e Click on Save
4. Help Log Out Gran ZS Topology X Q oid1 Logged in as weblogic Host padsrini pc E Farm_base_domain Orade Internet Directory v Page Refreshed Feb 15 2013 4 35 59 PM IST CA CH Application Deployments WebLogic Domain Identity and Access ue Load Security OAM oidi om 220 Operations Completed Failed Super User Logins E ovdi E Metadata Repositories 65 Operations in progress Sucessful Super User Logins E Web Tier 121 Total LDAP Connections Failed Bind Operations E Server Response ms E Total Operations CPU Utilization E Farm_base_domain asinst_1 oid1 E padsrini pc BEE EE EE Memory Utilization 9 E Farm_base_domain asinst_1 oid1 E padsrini pc o 16 22 16 23 16 24 16 25 16 26 16 27 16 28 16 29 16 30 16 31 16 32 16 33 16 34 16 35 16 36 February 15 2013 Table View 2 Click on Create Self Signed Wallet 2 9 ORACLE ORACLE Enterprise Manager 11g Fusion Middleware Control tom A Topology Q oidi o J ES Farm_base_domain Oracle Internet Directory e Setup Help Log Out Logged in as weblogic Host padsrini pc Page Refreshed Feb 15 2013 4 39 54 PM IST ZX Wallets A Wallet is a Keystore that stores X 509 certificates and private keys in industry standard PKCS 12 format To create a wallet dick Create To create a wallet with a self signed certificate dick Create Self Signed Wallet To manage the contents of a wallet select a wallet and dick Manage
5. 7 1 Bank Parameter maintenance To enable SSO in FLEXCUBE login into the application and enable SSO Enabled Check box in Bank Maintenance SMDBANKP screen 2 23 ORACLE Bank Parameters Maintenance Bank Code 000 Customer Name BANK FUTURA Head Office Branch Description BANK FUTURA Code 000 Financial Preferences General Preferences Format Masks Year End Profit and Loss CIF Mask bbbnnnnnn General Ledger 241000801 General Ledger Mask nnnnnnnnn Transaction Code 000 Spread General Ledger Purge Days Spread Application Both Leg Auto Batch Spool File Purge Days User Restriction For Batch Inter Pay Lead days Humbe 550 Enabled Cheque Numbering Details Checksum Algorithm Td Lodgment Numbers Cheque Numbers Unique Unique For Branch for Branch TRS Details suspense Account Fields Input ByLC32702 Authorized ByLC32 702403 Modification 152 Authorized Date Time 2012 02 29 13 26 22 Date Time 2012 02 29 15 20 45 Number Open oe Exit 2 2 Maintaining Branch Level DN Template Branch Maintenance Go to the Branch Maintenance of FLEXCUBE UBS For each branch LDAP DN template should be maintained which is used in the FLEXCUBE user maintenance Form to populate corresponding LDAP userid automatically from this template Go to branch level parameter screen and Click on Preferences Icon E g LDAP DN Template cn lt FCJUSR gt cn Users dc i flex dc com Here in this above template cn lt FCJUSR
6. BLdwAKCyVcRqXkj SwRs8Xi7B4x s9kD FKY kj laKaRyYQIDAQABMAOGCSqGSIb3DQEBBAUAA4IB 7 Click on Server Properties ORACLE Enterprise Manager 11g Fusion Middleware Control Fame JA Topology a Q oid1 E Farm_base_domain Orade Internet Directory w E Application Deployments pome SSS WebLogic Domain E Identity and Access EEN E OAM Set E om E ovdi Metadata Repositories Web Tier OU Class 2 Public Primary Certification Certificate Type Certificate Request Certificate t C US Trusted Certificate c O GTE Corporation C US Trusted Certificate Trusted Certificate IR C US Trusted Certificate OU Class 1 Public Primary Certification Authority O VeriSign Inc C US Trusted Certificate Click on Change SSL Settings ORACLE Enterprise Manager 11g Fusion Middleware Control Bram ZS Topology a Q oidlz E Farm_base_domain E Oracle Internet Directory v 4 Application Deployments E WebLogic Domain S D ER Identity and Access Server Properties E OAM General Performance SASL Statistics Logging E loid1 E om Server Mode a Maximum number of entries to be returned by a search 10000 ovdi Non SSL Port 3960 SSL Port 3131 Metadata Repositori Maximum time allowed for a search to complete sec 3600 Web Tier Preserve Case of Required Attribute Name specified in Search Request F Anonymous Bind Disallow
7. ORACLE Oracle Access Manager Test Tool File Edit Test Help H amp Server Connection IP Addr Port Max C groe Prim Agent Pa Secon Min C Timeou o Global Passo Protected Resource URI sche SH Por D e https Flexcubewebaate ki Get Auth 5 Resour e DE Sg FCINeoWeb Get Validate User Identity IF Address semame b Password e SARAN Footed eee Ca 4 L Authenti User Certifica Authorize Status Messages 1 11 13 5 33 PM response Connected to primary access server 1 11 13 5 34 PM request validate yes 1 11 13 5 34 PM response Authentication scheme FlexcubeAuthnScheme level 1 1 11 13 5 34 PM response Redirect URL https ofss220028 in oracle com 14101l oam server 1 11 13 5 34 PMjlresponse Credentials expected Ox1 basic 1 11 13 5 34 PM request authenticate yes 1 11 13 5 34 PM response User DN cn SARAN cn users dc orade dc com 1 11 13 34 PMilresponse sessio WO 6e53 Jd G 1 11 13 5 34 PMJlresponsejlaction DLS 9 34 PM bre ouestllLauthonzeLves Elapsed B6 Capture Q Empty o 2 7 First launch of FLEXCUBE after installation After installing FLEXCUBE and while launching it for first time the normal FCUBS login screen with userid and password will appear this is because when installing the sso installed parameter will be set to N 2
8. ORACLE WebLogic Server Administration Console Home Log Out Preferences Led Record Help Welcome weblogic Connected to iam_domain Change Center Home gt Summary of Servers gt AdminServer View changes and restarts Configuration editing is enabled Future changes will automatically be activated as you Settings for AdminServer Configuration Protocols Logging Debug Monitoring Control Deployments Services Security Notes modify add or delete items in this domain General Cluster services Keystores SSL Federation Services Deployment Migration Tuning Overload Health Monitoring Server Start Web Services Keystores ensure the secure storage and management of private keys and trusted certificate authorities CAs This page lets you view and define various keystore configurations These settings help you to manage the security of message transmissions Domain Structure iam_domain Environment Servers Clusters Virtual Hosts Migratable Targets Coherence Servers i r Coherence Clusters Machines Work Managers Startup and Shutdown Classes Deployments E Services Leit Realms Which configuration rules should be used for finding the server s identity and trust keystores More Info scratch app fmw115 oam1115 BaseKeyStore AdminFlexcubeKeyStore jks The type of the keystore Generally this is JKS More Info Keystores Custom Identity and Custom Trust Change Identit
9. Oracle Access Manager OAM 11 1 1 5 e Access Server 11 1 1 5 e Webtier Utilities 11 1 1 6 e Web Gate 11 1 1 5 e Http Server LDAP Directory Server Please make sure that the LDAP which has been used for Flexcube Single Signon deployment is certified to work with OAM List of few LDAP Directory servers supported as per OAM document note this is an indicative list The conclusive list can be obtained from the Oracle Access Manager documentation Though we have only use OID for our testing purposes e Oracle Internet Directory e Active Directory e ADAM e ADSI e Data Anywhere Oracle Virtual Directory e IBM Directory Server e NDS e Sun Directory Server Web Logic 10 3 5 For the purpose of achieving single sign on for FCUBS in FMW 11gR1 it is necessary for the weblogic instance to have an explicit Oracle HTTP server OHS 2 1 ORACLE 2 3 2 3 1 2 3 2 2 3 3 2 3 4 Background of SSO related components Oracle Access Manager OAM Oracle Access Manager consists of the Access System and the Identity System The Access System secures applications by providing centralized authentication authorization and auditing to enable single sign on and secure access control across enterprise resources The Identity System manages information about individuals groups and organizations It enables delegated administration of users as well as self registration interfaces with approval workflows These systems integra
10. ensure that the DN used is same as the LDAP DN value that will be updated in user maintenance form Once the user is created in LDAP go to the user maintenance form in FCUBS If the FCUBS user already exists then unlock the user and update the LDAP DN value which was set when creating the user in LDAP Click on Validate button to check whether any other user is having the same LDAP DN value LDAP DN value should be entered as complete DN value eg cn FCUSR cn Users dc oracle dc com ORACLE 2 25 User Maintenance User Details User Status Enabled User Identification FCUBSUSER Hold Name FCUBS User ane Locked User Reference pb IPE Classification Staff gt e Branch JL Home Branch 004 Status Changed On Customer No Last Signed On Department Code _ Staff Customer Restriction Department Description Required Tax Identifier ELCH User ID Multi Branch Access Amount Format Date Format C Auto Authorization Validate User Password gt o Start Date 2012 01 06 Password seseseseune End Date Password Changed On 2012 01 06 11 01 33 Email Invalid Logins Cumulative SUCCeSSive Maker KANNAN Date Time 2012 01 06 13 29 56 Mod No 3 Checker SARAN Date Time 2012 01 06 13 34 26 Record Status Closed Exit Authorization Status Authorized 2 7 4 Launching FLEXCUBE After setting up FLEXCUBE to work on Single Sign on mode navigate to the interim servle
11. gt part preferably must be there and it should not be altered but the rest of the DN name can change based on the configuration 2 24 ORACLE Branch Parameters Preferences Netting Suspense General Ledger Walk In Customer Internal Swap Customer Clearing Account Offset Clearing Account Weekly Holiday 1 Weekly Holiday 2 Clearing Bank Code MIS Group For Currency Interdict Timeout Interval Status Processing Basis Provisioning Frequency Uncollected Funds Basis Uncollected Funds Minor Age Limit rei Notification Days Cheque Stale Days Limit Expiry Advice Notification Days Back Value Details Back Value Days 233200804 000003171 000003171 saturday sunday Interdict Validation Required Contract Level Daily Deferred Statement Generation Enterprise General Ledger 18 Back Valued Check Required Profit and Loss Adjustment Track Previous Year Profit And Loss Adjustment Revaluation Split Details Revaluation Split Required Suspense Product Maintenance Debit Product Description Credit Product Description International Banking Account Number Masks Bank Code aaaann Account Number aann FGL Integration FGL Handoff Required ELCM Integration ELCH Replication LDAP DN Template LDAP DN Template cn lt FCCUSR cn User S dc oracle dc com 2 7 3 Maintaining LDAP DN for FCUBS users For each user id in FCUBS a user has to be created in the LDAP When creating the user in LDAP
12. mode WebLogic requires a keystore which contains private and trusted certificates We have to use the same version of JDK which is used by Weblogic Domain to create the keystore and certificates otherwise it may lead to many difficulties suggested by Oracle Support Keytool utility available in Java JDK will be used to create Keystore In command prompt set PATH to the JDK bin location Follow the below steps to create keystore and self signed certificates 2 5 1 1 Keystore Creation keytool genkey keystore lt keystore_name jks gt alias lt alias_ name gt dname CN lt hostname gt OQU lt Organization Unit gt O lt Organization gt L lt Location gt ST lt State gt C lt Country_Code gt keyalg lt Key Algorithm gt sigalg lt Signature Algorithm gt keysize lt key size gt validity lt Number of Days gt keypass lt Private key Password gt storepass lt Store Password gt For example keytool genkey keystore AdminFlexcubeKeyStore jks alias FlexcubeCert dname CN ofss00001 in oracle com OU OFSS O OFSS L Chennai ST TN C IN keyalg RSA sigalg SHA1withRSA keysize 2048 validity 3650 keypass Password 123 storepass Password 123 Note CN ofss00001 in oracle com is the Host Name of the weblogic server 2 5 1 2 Export private key as certificate keytool export v alias lt alias_name gt file lt export_certificate_file_name_with_location cer gt keystore lt keystore_name jks gt gt keypass lt Pr
13. L 2 28 ORACLE ORACLE Oracle Access Manager Integration October 2013 Version 12 0 2 0 0 Oracle Financial Services Software Limited Oracle Park Off Western Express Highway Goregaon East Mumbai Maharashtra 400 063 India Worldwide Inquiries Phone 91 22 6718 3000 Fax 91 22 6718 3001 www oracle com financialservices Copyright 2007 2013 Oracle and or its affiliates All rights reserved Oracle and Java are registered trademarks of Oracle and or its affiliates Other names may be trademarks of their respective owners U S GOVERNMENT END USERS Oracle programs including any operating system integrated software any programs installed on the hardware and or documentation delivered to U S Government end users are commercial computer software pursuant to the applicable Federal Acquisition Regulation and agency specific supplemental regulations As such use duplication disclosure modification and adaptation of the programs including any operating system integrated software any programs installed on the hardware and or documentation shall be subject to license terms and license restrictions applicable to the programs No other rights are granted to the U S Government This software or hardware is developed for general use in a variety of information management applications It is not developed or intended for use in any inherently dangerous applications including applications that may create a risk of
14. Name hostname in orade com Organizational Unit OFSS Organization Orade City Chennai State Country Key Size 4 Click on 2 10 ORACLE ORACLE Enterprise Manager 11g Fusion Middleware Control A Wallet is a Keystore that stores X 509 certificates and private keys in industry standard PKCS 12 format To create a wallet dick Create To create a wallet with a self signed certificate click Create Self Signed Wallet To manage the contents of a wallet select a wallet and dick Manage 3 Create Delete Cf Create Self Signed Wallet y Import yExport Go Manage 5 Select the Trusted Certificate amp Click on Export ORACLE Enterprise Manager g Fusion Middleware Control d E Farm_base_domain re II E Application Deployments Wallets gt Manage Certificates Manage Certificates oidselfsigned To generate a certificate signing request CSR click Add Certificate Request After you create a CSR send it to your CA who will verify your identity and return the signed certificate To import the CA signed certificate or trusted cert dick Import You can only import the CA signed certificate into the same wallet from which the CSR was generated Subject Name Start Date Expiration Date CN padsrini pc OU OFSS O0 Orade L Chennai ST TN C IN CN padsrini pc OU OFSS O 0rade L Chennai ST TN C IN February 15 2013 February 14 2018 OQU Class 3 Public Primary Certification Authority O
15. Oracle Access Manager Integration Oracle FLEXCUBE Universal Banking Release 12 0 2 0 0 October 2013 ORACLE FINANCIAL SERVICES 1 1 ORACLE 1 Table of Contents PREPS e D 1 3 1 1 WTR OPU Te 1 3 1 2 EELER 1 3 1 3 ABEREVIATIONS EE 1 3 1 4 DOCUMENTATION ACCESSIBINETT EE 1 3 1 5 ORGANI NEE 1 3 1 6 GTO SS Eer 1 3 1 6 1 PROVED EE 1 4 ENABLING SINGLE SIGN ON WITH ORACLE ACCESS MANAGER 00 cccccoccsssscccccscssccccceccscoes 2 1 2 1 EE 2 1 2 2 BACKGROUND AND BRERPOUISITES 2 1 Lydd Software Requirements ooooonnnnennsnnnnnsseensssseersssseersssseersssseresssetrosssseresssstesssseresssseressseeeossseresssseressses 2 1 2 BACKGROUND OF SSO RELATED COMPONENTS 2 2 KS GI Oracle Access Manager OAAT 2 2 Ae e LDAP Direclory Server saccsadasasuncevaravnshinranehesiasnisvesaancnesiauastvsnavegepaianaed EEEE ENEAS 2 2 2 3 3 WebGate ACCesSs Gal sosaicnnasvessivarosrinnchvndavacdneSannshanciesaustauassvatineusvalesqedseiedonbsarduncttaiduxdvelacasttessseaeatdse 2 2 2 3 4 TACHTIIN A SSOP ICT ocine rainei Er aE EEE E A TE EE E EAS EEIN E RA EES ieS 2 2 2 4 CON DIG UIA TION ENEE 2 3 2 4 1 PT COU E ee 2 3 SE ENABLING SSL FOR WEBLOGIC AND OAM CONSOLE 2 3 Zad Self Sened Cerificate Creaon rein ccusenadsitnutheadtuenea sid EEEa AEEA ERASE NSA ENARA ENTA 2 3 2 5 2 Configuring Weblogic Console 2 4 230 CONFIGURING SSO IN OAM CONSOLE ccsicsscecoicicnessicdisvesteduesiohiadbcacnindraseniaiieresiabnensdsoibenesindustehiiitenesiainen
16. P IP port at which this server listens for SSL connection requests More Info Specifies whether the HttpClusterServiet proxies the dient certificate in a specal header More Info The Java compiler to use for all applications hosted on this server that need to compile Java code More Info Specifies the volume of diagnostic data that is automatically produced by WebLogic Server at run time Note that the WLDF diagnostic volume setting does not affect explicitly configured diagnostic modules For example this controls the volume of events generated for JRockit Flight Recorder More Info When WLS is running on JRVE this specifies the name of the virtual machine running this server More Info Specifies whether this server uses the proprietary WL Proxy Client IP header which is recommended if the server instance will receive requests from a proxy plug in More Info e Click Change and select Keystores as Custom Identity and Custom Trust e Click on Save e Note Keystores as Custom Identity and Custom Trust is as suggested by Oracle Support Team ORACLE WebLogic Server Administration Console Change Center View changes and restarts Configuration editing is enabled Future changes will automatically be activated as you modify add or delete items in this domain Domain Structure iam_domain E Environment Work Managers Startup and Shutdown Classes Deployments E Services t Garuritu Realme
17. VeriSign Inc C US January 29 1996 August 2 2028 CN GTE CyberTrust Global Root OU GTE CyberTrust Solutions Inc O GTE Corporation C US August 13 1998 August 14 2018 OU Class 2 Public Primary Certification Authority O VeriSign Inc C US January 29 1996 August 2 2028 QU Class 1 Public Primary Certification Authority O VeriSign Inc CAS January 29 1996 January 8 2020 The Trusted Certificate with Subject Name CN padsrini pc OU OFSS O Orade L Chennai ST TN C IN is shown below You can cut and paste the entire text in the box from BEGIN CERTIFICATE to END CERTIFICATE to the intended location or dick Export Trusted Certificate to export the certificate to a file You may want to do this if another party BEGIN CERTIFICATE MIIDODCCALACAQAWDQY JKoZ IhvcNAQEEBQAwY j ELMAkGA1UEBhMCSU4xCzAJBgNVBAgTALROMRAW DgYDVQQHEwdDaGVubmFpMQ8wDQYDVQQKEwZPcmF j bGUxDTALBgNVBAsTBE9GU1MxFDASBgNVBAMT C3BhZHNyaWSpLXBjMB4XDTEzMDIxNTA4NTMyNVoXDT 4MDIxNDA4NTMyNVowY j ELMAkGA1UEZBhMC SU4xCzAJBgNVBAgTA1ROMRAwDgYDVQQHEWdDaGVubmFpMQs jbGUxDTALBgNV BAsTBE9GU1MxFDASBgNVBAMTC3BhZHNyaWSpLXBjMIIBIjANBgkqhkiGSwOBAQE FAAOCAQSAMIIB CgKCAQEAr MDEOWbIxe TNMj1un90467st YWM1 6MSr9WdoYkRVkqt45e 0 6ucrChV2MZ2RQk Bp OT clWxIorVHIEym t shellswgPOFCTjxJyO73hV0PvyCrC 12 PnpNj qkBox1KplidxYLsyzehOhmz NmeqNiYP18Wbf095BdmpenHpBcu0 DKmBztB HuQJpSt 0EzHqJ11xsYkpwqT dKQofwy8LnRNnF4 xcdNUcTkGF8 sphG1wBoL1XMnOeRv z3U1 fuMZ 31d8B Gy n8k9zsNf CcNjELg4 uL 0SpIrdE 3
18. Zi Access Manager Settings y S sso Agents E OAM Agents gt Sosso Agents gt BP Authentication Modules gt Security Token Service System Configuration Welcome Webgates OAM Agents v Search Name Version Ai Le Preferred Host Search Results Actions v View v Name d X Version Accessibility Help Sign Out R reste 109 choat Preferred Host No data to display 2 15 ORACLE Enter the Custom Webgate Name in Name Enter the Base URL as in Weblogic Server s non ssI URL Select Security as Simple Add the application context root under Protected Resource List which we have to enable SSO Add filterOAM AuthnCookie false in User Defined Parameters Click on Apply ORACLE Access Manager Accessibility Help Sign Out Cc Signed in as weblogic E Policy Configuration System Configuration gt Common Configuration Welcome OAM Agents Create 11g Webgate x Access Manager Settings Create OAM 11g Webgate Actions View ox wl Version 11g User Defined Parameter filterOAMAuthnCookie false gt E Access Manager Settings V sso Agents Name FlexcubeWebgate S OAM Agents Base URL http ofss220028 in orace com 7 gt BSosso Agents gt FBP Authentication Modules Virtual host Access Client Password Auto Create Policies T l EEN IP Validation E er Host Identifier Resource Lists Protected Resource List op x Public Resource List FCISNeoWeb FCIN
19. cation Ensure that the Access Management Service is On Authenticator or Oracle Web Services Manager Requires a separate AccessGate and configuration profile for each application Ensure that the Access Management Service is On Identity Asserter Identity Asserter uses Oracle Access Manager Authentication services and also validates already authenticated Oracle Access Manager Users through the ObSSOCookie and creates a WebLogic authenticated session It also provides single sign on between WebGates and portals We can get more details on Identity asserter at http download oracle com docs cd E12839 01 core 1111 e10043 osso htm CHDGCACEF Note This document containts the configuration of Oracle Interner Directory as LDAP server and its configuration in weblogic This document will not discuss the configuring and setting up of OAM and LDAP directory server of other LDAP servers This will be provided by the corresponding Software provider 2 2 ORACLE 2 4 2 4 1 2 5 2 5 1 Configuration Pre requisites e The steps provided below assume that FLEXCUBE has already been deployed and is working without single sign on e The provided below steps assume that Oracle Access Manager and the LDAP server have been installed already and the requisite setup already done with respect to connecting the two along Weblogic s Identity Asserter Enabling SSL for Weblogic and OAM Console Self signed Certificate Creation To enable SSL
20. certificatefile into OAM server s JAVA_HOME jre lib security cacerts Default Password is changeit keytool import v trustcacerts alias Idapcacert file Idap_server_certificate cer keystore JAVA_HOME jre lib security cacerts storepass changeit Restart Both OID amp OAM Server 12 Import LDAP Server SSL Certificate into OIM Server Import the Exported Certificate into wlserver_10 3 server lib DemoTrust jks of OIM Server Domain using the below command Store Password is DemoTrustKeyStorePassPhrase keytool import keystore MW HOME wlserver 10 3 server lib DemoTrust jks file home testoc4j OIM globalv crt storepass DemoTrustKeyStorePassPhrase ORACLE 2 13 Restart Both OID amp OIM Server 2 6 2 Creating Authentication Module Navigate to System Configuration gt gt Access Manager Settings gt gt Authentication Modules gt gt LDAP Authentication Module Click New Button to create new Authentication Module Input the Name of the authentication module and choose the User Identity Store we created in step 1 Accessibility Help Sign Out J ORACLE Access Manager Signed in as weblogiq a Policy Configuration System Configuration gt Common Configuration tere xi Access Manager Settings FlexcubeAuthnModule Actions View a ox W Confirmation gt E Access Manager Settings gt 550 Agents 7 BP Authentication Modules 3a ae 7 BE LDAP Authentication module Name FlexcubeAuthnModule LDAP Aut
21. eIDStore E Actions View Bx wW FlexcubeIDStore Test Connection gt BS Available Services Store Name FlexcubeIDStore I gt Common Settings Store Type OID Orade Internet Directory gt g Server Instances gt E Session Management gt LY Certificate Validation M GData Sources V 2 User Identity Stores zi Location and Credentials gt Rios Location 10 180 218 161 3131 Bind DN cn ordadmin gt 2 UserIdentityStore 1 Password eeeeee CG Sib Plugins zi Default and System Store Options Set as default store Current Default Store UserIdentityStore 1 Set as system store Current System Store UserIdentityStore 1 v Users and Groups User Name Attribute o User Search Base cn users dc oracle dc com User Filter Object Classes Group Name Attribute Group Search Base cn groups dc oracle dc com Group Filter Classes Group Cache Size Mb 10000 Group Cache TTL Seconds 0 zc Connection Details Minimum Pool Size 10 S Results time limit seconds o S Maximum Pool Size 50 j Retry Count 36 Wait Timeout seconds 120 4 Referral Policy follow EN a m gt Access Manager Settings Inactivity Timeout seconds gt Security Token Service To enable SSL for OID LDAP Server refer follow the below steps 1 Login to the Enterprise Manager Console of the domain in which Oracle Internet Directory is associated ORACLE Enterprise Manager 11g Fusion Middleware Control Setup
22. ed audience It also lists the various chapters covered in this User Manual Chapter 2 Enabling Single Sign on SSO with Oracle Access Manager discusses the method to integrate Oracle FLEXCUBE with Oracle Access Manager for Single Sign on 1 6 Glossary of Icons This User Manual may refer to all or some of the following icons 1 3 ORACLE Sl Delete row Option List 1 6 1 Related Documents You may refer the following manuals for more information e Procedures User Manual e Oracle Access Manager User Manual not included with Oracle FLEXCUBE User Manuals 1 4 ORACLE 2 2 1 2 2 2 2 1 Enabling Single Sign on with Oracle Access Manager Introduction For the purpose of single sign on FLEXCUBE UBS is qualified with Oracle Identity Management 11 1 1 Fusion Middleware 11gR1 specifically using the Access Manager component of Oracle Identity Management This feature is available in the releases FC UBS V UM 7 3 0 0 0 0 0 and onwards of FLEXCUBE UBS This document is expected to provide an understanding as to how single sign on can be enabled for a FLEXCUBE UBS deployment using Oracle Fusion Middleware 11g In addition to providing a background to the various components of the deployment this document also talks about Configuration in FLEXCUBE and Oracle Access Manager to enable single sign on using Oracle Internet Directory as a LDAP server Background and Prerequisites Software Requirements
23. eoWeb a ia Relative URI gt Security Token Service Once the OAM 11g Webgate created Change the proxySSLHeaderVar IS_SSL to proxySSLHeaderVarsssl parameter along with other parameters in User Defined Parameters Click on Apply 2 16 ORACLE ORACLE Access Manager Policy Configuration System Configuration gt Common Configuration xl Access Manager Settings ox WW Actions View v gt di Access Manager Settings Vv 550 Agents 0AM Agents gt BSosso Agents gt S Authentication Modules gt Security Token Service Welcome OAM Agents FlexcubeWebgate FlexcubeWebgate Name FlexcubeWebgate Access Client Password Security Open Cert State Enable Disable Max Cache Elements 100000 Cache Timeout Seconds 1800 Token Validity Period Seconds 3600 Max Connections 1 Max Session Time 3600 Failover Threshold 1 AAA Timeout Threshold 1 Preferred Host FlexcubeWebgate Logout URL Server Lists Primary Server List r Server Name Host Name Host Port Man Numbet Host Name Logout Callback URL Logout Redirect URL Logout Target URL User Defined Parameters Sleep for Cache Pragma Header Cache Control Header Debug E IP Validation Deny On Not Protected Allow Management Operations Accessibility Help Sign Out co Signed in as weblogic E oam_logout_success https ofss220028 in oracle com 1 proxySSLHeader Var ssl URLIO O LH LZ UO d
24. es Deployments Hi Services t Garuritu Realms e Configure default network connections Create and configure machines Configure dusters Start and stop servers Configure WLDF diagnostic volume System Status Health of Running Servers Failed 0 Critical 0 Ir Overloaded 0 Ir Warning 0 Wm 2 5 2 3 Follow the steps in Keystores Tab as shown below General Cluster Services Keystores SSL Federation Services Deployment Migration Tuning Use this page to configure general features of this server such as default network communications View JNDI Tree amp amp F Listen Address Java Compiler Diagnostic Volume Advanced Virtual Machine Name iam_domain_AdminSe Overload Health Monitoring Server Start Web Services An alphanumeric name for this server instance More Info The WebLogic Server host computer machine on which this server is meant torun More Info The duster or group of WebLogic Server instances to which this server belongs More Info The IP address or DNS name this server uses to listen for incoming connections More Info Specifies whether this server can be reached through the default plain text non SSL listen port More Info The default TCP port that this server uses to listen for regular non SSL incoming connections More Info Indicates whether the server can be reached through the default SSL listen port More Info The TC
25. es t Work Managers Startup and Shutdown Classes Deployments Services z Serurity Realms How do L e Create Managed Servers e Clone Servers e Delete Managed Servers Delete the Administration Server e Start and stop servers System Status Health of Running Servers Failed 0 Critical 0 Overloaded 0 Home gt Summary of Servers Summary of Servers Configuration Control A server is an instance of WebLogic Server that runs in its own Java Virtual Machine JVM and has its own configuration This page summarizes each server that has been configured in the current WebLogic Server domain n P Customize this table Servers Filtered More Columns Exist Welcome weblogic Connected to iam_domain Showing 1 to 4of4 Previous Next State F AdminServer admin RUNNING oam_server1 RUNNING Listen Port 7001 14100 om server RUNNING 14000 lena server LocalMachine SHUTDOWN New Clone Delete 8001 Showing 1 to 4of4 Previous Next 2 5 2 2 Follow the steps in General Tab as shown below e Select SSL Listen Port Enabled Client Cert Proxy Enabled Weblogic Plug In Enabled e Click on Save 2 4 ORACLE Domain Structure iam_domain Environment Servers Clusters Virtual Hosts Migratable Targets Coherence Servers Coherence Clusters Machines Work Managers i t Startup and Shutdown Class
26. except for Read Access on the root DSE EN Maximum time allowed in a Transaction sec 0 Maximum Number of Operations allowed in a Transaction 0 Port Numbers Wi A Change SSL Settings Setup Help Log Out Logged in as weblogic Host padsrini pc Page Refreshed Feb 15 2013 4 45 58 pm IST EA Start Date Expiration Date February 15 2013 February 14 2018 January 29 1996 August 2 2028 August 13 1998 August 14 2018 February 15 2013 February 14 2018 January 29 1996 August 2 2028 January 29 1996 January 8 2020 Setup Help Log Out Logged in as weblogic Host padsrini pc Page Refreshed Feb 15 2013 4 54 17 PM IST C Apply Revert Select the Wallet SSL Authentication as Server Authentication Cipher Suite SSL Protocal Version as below amp Click on OK 2 12 ORACLE ORACLE Enterprise Manager 11g Fusion Middleware Control Setup v Help Log Out Q oid1 o E Oracle Internet Directory v Logged in as weblogic Host padsrini pc E Farm_base_domain DI Application Deployments E CH WebLogic Domain E Identity and Access E OAM E et E om DI ovdi E Metadata Repositories E Web Tier Page Refreshed Feb 15 2013 4 55 50 PM IST CA G Information All changes made in this page require a server restart to take effect SSL Configuration dl Enable SSL oidselfsigned ot required for no auth mode but is needed in other modes ElAdvanced SSL serma Server SSL properties SSL Authe
27. hentication Module FlexcubeAuthnModule modified successfully a LDAP gt g User Identity Store FlexcubeIDStore A gt FBP LDAPNoPasswordAuthModule gt FlexcubeAuthnModule gt Kerberos Authentication module gt S x509 Authentication module D S Custom Authentication module gt Security Token Service 2 6 3 Creating OAM 11g Webgate Navigate to System Configuration gt Common Configuration gt Server Instances gt oam server Change the Mode under Proxy Tab to Simple Click on Apply 2 14 ORACLE ORACLE Access Manager Policy Configuration System Configuration x Common Configuration AS U Actions v View v gt BF Available Services gt amp Common Settings VM Server Instances oam server gt Session Management gt Be Certificate Validation gt Data Sources gt Sp Plugins gt Access Manager Settings gt Security Token Service oam_server oam_serverl1 Server Name oam_server1 Port 14101 Si zem View v Module Name Accessibility Host ofss220028 in orade com Help Sign Out Signed in as webic VY OAM Proxy Port Proxy Server Id Mode 5575 AccessServerConfigProxy Open Sg Navigate to System Configuration gt gt Access Manager Settings gt gt SSO Agents gt gt OAM Agents Click on Create 11g Webgate ORACLE Access Manager Policy Configuration gt Common Configuration xl Access Manager Settings Actions View Box gt
28. ient_request_retry_attempts 1 inactiveReconfigPeriod 10 filter OAMAuthnCookie false 60 Si no cache no cache Host Port Max Numbet 1 oam Servere ofss220028 in o 5575 Dr Server Name 1 Navigate to System Configuration gt Common Configuration gt Server Instances gt oam server Change the Mode under Proxy Tab to Open Click on Apply ORACLE Access Manager Policy Configuration System Configuration x Common Configuration Actions View Boxe WA gt BS Available Services gt Common Settings v g Server Instances oam server gt E Session Management gt BA certificate Validation gt Data Sources gt SpPlugins gt Access Manager Settings gt Security Token Service BEEN oam_servert oam_serverl1 Server Name oam_server1 Port 14101 j gem View Module Name Value Accessibility Help Sign Out Signed in as weblog Host ofss220028 in orade com yV OAM Proxy Port 5575 S Proxy Server Id AccessServerConfigProxy Mode 2 17 ORACLE 2 6 4 Post OAM Webgate 11g Creation Steps Perform the following steps to copy the artifacts to the Webgate installation directory 2 6 4 1 On the Oracle Access Manager Console host locate the OAM Agent folder lt DOMAIN_ HOME gt output Agent_Name Copy the below files to lt ORACLE_MIDDLEWARE gt lt ORACLE_WIBTIER_HOMEsS instances instance1 config OHS ohs1 webgate config ObAccessClien
29. ivate key Password gt storepass lt Store Password gt For example keytool export v alias FlexcubeCert file AdminFlexcubeCert cer keystore AdminFlexcubeKeyStore jks keypass Password 123 storepass Password 123 2 5 1 3 Import as trusted certificate keytool import v trustcacerts alias rootcacert file lt export_certificate_file_name_with_location cer gt keystore lt keystore_name jks gt gt keypass lt Private key Password gt storepass lt Store Password gt For example 2 3 ORACLE 2 5 2 2 5 2 1 keytool import v trustcacerts alias rootcacert file AdminFlexcubeCert cer keystore AdminFlexcubeKeyStore jks keypass Password 123 storepass Password 123 References Oracle Support Articles Article ID 1281035 1 Article ID 1218695 1 in case of Certificates issued by the Trusted Authorities Configuring Weblogic Console After domain creation follow the below steps to enable SSL in weblogic Admin server and OAM Server Select Admin Server to enable SSL options ORACLE WebLogic Server Administration Console Home Log Out Preferences 2 Record Help Change Center View changes and restarts Configuration editing is enabled Future changes will automatically be activated as you modify add or delete items in this domain Domain Structure iam_domain E Environment Servers Clusters Virtual Hosts Migratable Targets i Coherence Servers t Coherence Clusters i Machin
30. nnected to iam_domain Home Log Out Preferences S Record Help Home gt Summary of Servers gt AdminServer Settings for AdminServer changes will automatically be activated as you modify add or delete items in this domain Configuration Protocols Logging Debug Monitoring Control Deployments Services Security Notes Domain Structure iam_domain Ei Environment 1 Servers Clusters Virtual Hosts Migratable Targets Coherence Servers Coherence Clusters Machines Work Managers Identity i t Startup and Shutdown Classes Deployments tH Services t Seruritu Realms EI Identity and Trust Locations Keystores Change Private Key Location from Custom Identity Keystore Private Key Alias e Configure identity and trust e Setup SSL Verify host name verification is enabled aF Private Key Passphrase Configure a custom host name verifier es Confirm Private Key Passphrase Configure two way SSL Certificate Location from Custom Identity Keystore System Status Health of Running Servers Fated 0 from Custom Trust Keystore Critical 0 Overloaded 0 geg arning 0 eg WE o Custom Hostname Verifier Genera Cluster Services Keystores eg frederaton services Deployment Migration Tuning Overload Health Monitoring Server Start Web Services This page lets you view and define various Secure Sockets Layer SSL settings for this serve
31. ntication Server Authentication J All D J SSL_RSA_WITH_RC4_128 MD5 R 7 SSL_RSA_WITH_RC4_128_5HA J SSL_RSA_WITH_3DES_EDE_CBC_SHA J SSL_RSA_WITH_DES_CBC_SHA Z TLS_RSA_WITH_AES_128_CBC_SHA Cipher Suite SSL Protocol Version All bd 10 Click on Apply ORACLE Enterprise Manager 11g Fusion Middleware Control Setup e Help Log Out Q oidi o E Oracle Internet Directory v Logged in as weblogic Host padsrini pc S Farm_base_domain Page Refreshed Feb 15 2013 4 56 40 PM IST EA H Application Deployments 9 WebLogic Domain H Identity and Access oam ia E om E ovd1 9 Metadata Repositories B Web Tier Information SSL configuration updated for Farm_base_domain asinst_1 oid1 Restart component for this change to be effective Server Properties General Performance Apply Revert SASL Statistics Logging Server Mode Read Write EN Maximum number of entries to be returned by a search Maximum time allowed for a search to complete sec Preserve Case of Required Attribute Name specified in Search Request Anonymous Bind Maximum time allowed in a Transaction sec Maximum Number of Operations allowed in a Transaction Port Numbers Non SSL Port 3960 SSL Port 3431 Disallow except for Read Access on the root DSE E 0 0 Wi change SSL Settings 11 Import LDAP Server SSL Certificate into OAM Server We have to import the LDAP Server
32. on Add resources to this policy to 7 SS Shared Components protect them gt oF Resource Type gt Host Identifiers Vv Authentication Schemes gt AnonymousScheme gt H BasicScheme gt H BasicSessionlessScheme gt H FAAuthScheme gt A FlexcubeAuthnScheme gt El KerberosScheme gt LDAPNoPasswordValidationScheme gt RELDAPScheme gt H OAAMAdvanced gt BB oaamBasic gt loam i10gScheme gt E OAMAdminConsoleScheme gt EB oiFscheme gt E oImscheme gt el TAPScheme gt Bi xsooscheme Vv L Application Domains y FlexcubeWebgate gt ZE Resources gt E Authentication Policies VM a Authorization Policies EI Protected Resource Policy gt W Token Issuance Policies gt L Fusion Apps Integration gt Gram Suite 2 20 ORACLE 2 6 4 4 Add the Application Certificates to Oracle HTTP Server to work with SSL mode Use the ORAPKI tool to import the Flexcube and OAM Server certificates to Oracle HTTP Server Add lt Oracle_MIDDLEWARE gt oracle_common bin to PATH environment variable and also set JAVA_HOME environment variable Execute the below command in the command line orapki wallet add wallet lt Oracle_MIDDLEWARE gt lt ORACLE_WEBTIER_HOME gt instances instance1 config OHS ohs1 keystore S default trusted_cert cert lt export_certificate_file_name_with_location cer gt auto_login_only Note Certificate has to be imported into OHS Wallet 2 6 4 5 Configuring mod wl ohs for Oracle HTTP se
33. personal injury If you use this software or hardware in dangerous applications then you shall be responsible to take all appropriate failsafe backup redundancy and other measures to ensure its safe use Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws Except as expressly permitted in your license agreement or allowed by law you may not use copy reproduce translate broadcast modify license transmit distribute exhibit perform publish or display any part in any form or by any means Reverse engineering disassembly or decompilation of this software unless required by law for interoperability is prohibited The information contained herein is subject to change without notice and is not warranted to be error free If you find any errors please report them to us in writing This software or hardware and documentation may provide access to or information on content products and services from third parties Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third party content products and services Oracle Corporation and its affiliates will not be responsible for any loss costs or damages incu
34. r instance These settings help you to manage the security of message transmissions Indicates where SSL should find the server s identity certificate and private key as well as the server s trust trusted CAs More Info The keystore attribute that defines the location of the private key file More Info The keystore attribute that defines the string alias used to store and retrieve the server s private key More Info The keystore attribute that defines the passphrase used to retrieve the server s private key More Info The keystore attribute that defines the location of the trusted certificate More Info The keystore attribute that defines the location of the certificate authorities More Info Specifies whether to ignore the installed implementation of the weblogic security SSL HostnameVerifier interface when this server is acting as a dient to another application server More Info The name of the dass that implements the weblogic security SSL HostnameVerifier interface More Info Indicates the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key The more secure you want WebLogic Server to be the fewer times the key should be used before generating anew key More Info 2 5 2 6 Select OAM Server to enable SSL options and Repeat the steps performed in 2 2 2 2 to 2 2 2 9 ORACLE WebLogic Server Administration Con
35. rred due to your access to or use of third party content products or services 2 1 ORACLE
36. rver Routing To enable the Oracle HTTP Server instances to route to applications deployed on the Oracle Weblogic Server add the directive shown below to the mod_wl_ohs conf file available in lt ORACLE_MIDDLEWARE gt lt ORACLE_WEBTIER_HOME gt instances instance1 config OHS ohs1 lt Location FCJNeoWeb gt SetHandler weblogic handler WebLogicHost ofssOO0002 in oracle com WeblogicPort 7002 WLProxySSL ON SecureProxy ON WLSSLWallet lt ORACLE_MIDDLEWARE gt lt ORACLE_WEBTIER_HOME gt instances instance1 config OHS ohs 1 keystores default lt Location gt Note in the above example ofssO0002 in oracle com is the server name where the Flexcube Application deployed 7002 is the SSL port and FCJNeoWeb is the context root of the FLEXCUBE application 2 6 4 6 Checking the Webgate 11g Agent Creation After configuration of webgate 11g agent launch the URL https lt hostname gt lt ohs_Port gt ohs modules webgate cgi progid 1 to verify whether the webgate configuration is fine If the URL launches a screen as below then the webgate configuration is working fine 2 21 ORACLE 2 6 4 7 Using OAM Test Tool This step is not mandator There is a test tool provided in OAM software which helps us to check the response parameter values The test tool is available in lt OAM Install Dir gt oam server tester For eg D weblogic Middleware Oracle_IDM1 oam server tester Use java jar oamtest jar to launch the OAM test tool 9 29
37. sbic 2 8 2 6 1 MTU E 2 8 2 6 2 CTC Autheniicotion Ee 2 14 2 6 3 Crean QAM 112 EE 2 14 2 6 4 Post OAM Webgate 116 EE 2 18 2 7 FIRST LAUNCH OF FLEXCUBE AFTER INSTALLATION 2 23 ve ie EE 2 23 La Maintaining Branch Level DN Template Branch Maintenance 2 24 2 2 Maintaining LDAP DN for FCUBS US 7S vissecesitzecsssetesesazecicacdeiareceasdicadsssdadenassaiecreeedareagnsdasateccaa tenes 2 2 2 7 4 EE EE EE 2 26 27D KEREN 2 28 1 2 ORACLE 1 Preface 1 1 Introduction This manual discusses the integration Oracle FLEXCUBE Universal Banking and the Oracle Access Manager system The configurations required for the proper functioning of this integration and further processing are documented in this manual 1 2 Audience This manual is intended for the following User User Roles Back office data entry Clerks Input functions for maintenance related to the interface Back office Managers Officers Authorization functions 1 3 Abbreviations Unless specified it shall always refer to Oracle FLECUBE Oracle Access Manager Universal Banking Solutions LDAP Lightweight Directory Access Protocol 1 4 Documentation Accessibility For information about Oracle s commitment to accessibility visit the Oracle Accessibility Program website at http www oracle com pls topic lookup ctx acc amp id docacc 1 5 Organization This manual is organized into the following chapters Chapter 1 Preface gives information on the intend
38. sole Change Center Home Log Out Preferences E Record Help Home gt Summary of Servers gt AdminServer gt Summary of Servers View changes and restarts Configuration editing is enabled Future changes will automatically be activated as you modify add or delete items in this domain Summary of Servers Configuration Control Domain Structure iam_domain Environment Servers Clusters Virtual Hosts Q Migratable Targets Coherence Servers gt Customize this table Coherence Clusters Machines Servers Filtered More Columns Exist Work Managers Startup and Shutdown Classes Deployments E Services Garuritu Dese E AdminServer admin E S E oim_server 1 Clone Servers soa_server1 Clone Delete Create Managed Servers Delete Managed Servers Delete the Administration Server KL Start and stop servers System Status Health of Running Servers Fad Critical 0 Overloaded 0 fo Warning 0 Rm o A server is an instance of WebLogic Server that runs in its own Java Virtual Machine JVM and has its own configuration This page summarizes each server that has been configured in the current WebLogic Server domain 2 Welcome weblogic Connected to iam_domain Showing 1 to 4of4 Previous Next Showing 1 to 4of4 Previous Next ORACLE e Now the admin server and oam servers are SSL enabled Restart both the servers
39. t URL https lt hostname gt lt OHS SSL Port gt lt Context Root gt from your browser eg https ofss00001 in oracle com 4443 FCJNeoWeb Since the resource is protected the WebGate challenges the user for credentials as shown below 2 26 ORACLE Firefox C Connecting Authentication Required S User Name Password A username and password are being requested by https ofss220028 in oracle com 14101 The site says OAM 11g SARAN Waiting for ofss220028 in oracle com Once the user is authenticated and authorized to access the resource the servlet gets redirected to normal FLEXCUBE application server URL and now the new signon form will appear as below The application will automatically redirect FLEXCUBE home page 2 2 ORACLE Wi Oracle FLEXCUBE UBS Oracle FLEXCUBE Investor Servicing v 12 0Login Mozilla Firefox https ofss220028 in oracle com 4445 FCJ NeoWeb Logit ORACLE ORACLE FLEXCUBE UNIVERSAL BANKING Login 2 7 5 Signoff ina SSO situation FLEXCUBE does not provide for single signoff currently i e when a user signs off in FLEXCUBE the session established with Oracle Access Manager by the user will not be modified in any manner In a SSO situation the Exit and Logoff actions in FLEXCUBE will function as Exit i e on clicking these the user will exit FLEXCUBE and will need to re launch FLEXCUBE using the FLEXCUBE launch UR
40. t xml password xml cwallet sso And copy remaining below files to lt ORACLE_MIDDLEWARE gt lt ORACLE_WIBTIER_HOME gt instances instance1 config OHS ohs1 webgate config simple aaa_key pem aaa_cert pem 2 6 4 2 Creating Authentication Scheme To create Authentication Scheme navigate to Policy Configuration gt gt Authentication Schemes Click on Create button to create new Authentication Scheme Name Any name to identify Authentication Scheme Authentication Level 1 Challenge Method BASIC Challenge Redirect URL oam server Authentication Module Choose the authentication module created in step 2 Challenge Parameters ssoCookie secure 2 18 ORACLE ORACLE Access Manager Policy Configuration System Configuration All EN D browse GEER View v H B X v S Shared Components gt 0 Resource Type E g Host Identifiers 7 Authentication Schemes Search gt AnonymousScheme gt BasicScheme gt BasicSessionlessScheme gt FAAuthScheme gt FlexcubeAuthnScheme gt ai KerberosScheme gt LDAPNoPasswordValidationScheme t gt lt apscheme gt OAAMAdvanced gt GB oaameBasic gt 0am 10qScheme gt OAMAdminConsoleScheme gt GB orrscheme gt EB omscheme gt Bel tapscheme gt BExso9scheme gt Lei Application Domains FlexcubeAuthnScheme Authentication Schemes El Confirmation Authentication Scheme FlexcubeAuthnScheme modified successfully Name FlexcubeAuthnScheme Description A
41. te seamlessly The backend repository for the Access Manager is an LDAP based directory service that can be a combination of a multiple directory servers which is leveraged for two main purposes e As the store for policy configuration and workflow related data which is used and managed by the Access and Identity Systems e As the identity store containing the user group and organization data that is managed through the Identity System and is used by the Access System to evaluate access policies LDAP Directory Server To integrate Flexcube with OAM to achieve Single Sign on feature Flexcube s password policy management like password syntax and password expiry parameters will no longer be handled by Flexcube Instead the password policy management can be delegated to the Directory Server All password policy enforcements would be on the LDAP user id s password and NOT Flexcube application users passwords WebGate AccessGate A WebGate is a Web server plug in that is shipped out of the box with Oracle Access Manager The WebGate intercepts HTTP requests from users for Web resources and forwards it to the Access Server for authentication and authorization Whether you need a WebGate or an AccessGate depends on your use of the Oracle Access Manager Authentication provider For instance the Identity Asserter for Single Sign On Requires a separate WebGate and configuration profile for each application to define perimeter authenti
42. this policy to Failure URL v GBH shared Components protect them Identity Assertion gt 0 Resource Type gt Host Identifiers Ki Authentication Schemes Authentication Scheme FlexcubeAuthnScheme EN gt AnonymousScheme gt H BasicScheme Responses gt Rl BasicSessionlessScheme gt Bel Faauthscheme gt FlexcubeAuthnScheme i gt el KerberosScheme i user att dn gt E LDAPNoPasswordValidationScheme gt ELLDAPScheme gt H OAAMAdvanced gt GB oaamBasic gt R oamiogScheme gt HE CAMAdminConsoleScheme gt BB olFscheme gt BB ommscheme b gt el tapscheme b gt E xso9scheme Y Application Domains y L FlexcubeWebgate gt E Resources vV E authenticati gt EN authoriza ion Policies a gt W Token Issuance Policies E Fusion Apps Integration gt Gam Suite Navigate to Policy Configuration gt gt Application Domains gt gt Webgate agent name gt gt Authorization Policies gt gt Protected Resource Policy e Click on Responses Tab e Add a Response as Name DN Type Header Value user attr dn e Click on Apply ORACLE Access Manager Accessibility Help SignOut 4 Signed in as weblo Policy Configuration System Configuration All EN Welcome E FlexcubeWebgate Protected Resource Policy a FlexcubeWebgate Protected Resource Policy Search Authorization Policy A Browse Search Wy Name Protected Resource Policy View H B X Description Policy set during domain creati
43. uthentication Level 1 E Default Challenge Method Bast im Challenge Redirect URL oam server Authentication Module FlexcubeAuthnModule Challenge Parameters lt secure Accessibility Help Sign Out J Signed in as weblogi a EIS Set As Default Apply If it is a basic authentication scheme we need to add the enforce valid basic auth credentials tag to the config xml file located under lt weblogic deployment path gt user__projects domains lt MyDomain gt config The tag must be inserted within the lt security configuration gt tag as follows Just above lt security configuration gt tag lt enforce valid basic auth credentials gt false lt enforce valid basic auth credentials gt 2 6 4 3 Application Domains Changes Navigate to Policy Configuration gt gt Application Domains gt gt Webgate agent name gt gt Authentication Policies gt gt Protected Resource Policy e Click on Responses Tab e Choose the Authentication Scheme created in step 5 e Add a Response as Name DN Type Header Value user attr dn e Click on Apply 2 19 ORACLE ORACLE Access Manager Accessibility Help Sign Out C Signed in as weblogic Policy Configuration System Configuration All Li FlexcubeWebgate Protected Resource Policy Q Search Authentication Policy K Browse gt Name Protected Resource Policy Success URL View dQ ER Description Policy set during domain creation Add resources to
44. y Custom Identity Keystore nFlexcubeKeyStore jk mees Custom Identity Keystore Type e Configure identity and trust Custom Identity Keystore Passphrase The encrypted custom identity keystore s passphrase If empty or null then e Configure keystores the keystore will be opened without a passphrase More Info Setup SSL Confirm Custom Identity Keystore Passphrase Trust scratch app fmw115 oam1115 BaseKeyStore AdminFlexcubeKeyStore jks S 0 D EU e COUSO UUSL RC YSUTe Ore DT Custom Trust Keystore nFlexcubeKeyStore jks System Status Health of Running Servers Failed 0 Critical 0 Overloaded 0 Warning 0 Custom Trust Keystore Type The type of the keystore Generally this is JKS More Info Custom Trust Keystore Passphrase The custom trust keystore s passphrase If empty or null then the keystore will be opened without a passphrase More Info Confirm Custom Trust Keystore Passphrase Save 2 5 2 5 Follow the steps in SSL Tab as shown below e Enter Private Key Alias as same as the alias name entered in step 3 2 1 1 e Enter Private Key Passphrase and Confirm Private Key Passphrase as same as the Private Key Password entered in step 3 2 1 1 e Change the Hostname Verification to None e Click on Save ORACLE 2 6 ORACLE WebLogic Server Administration Console Change Center View changes and restarts Configuration editing is enabled Future Welcome weblogic Co
Download Pdf Manuals
Related Search