Well, I was given a challenging task – using Oracle Access Manager 11g as an SSO provider for Liferay 6.0 (the community edition…).
Now, as you might know – there is no built-in OAM support for Liferay – so I was stuck with configuring one myself. Since I didn’t even have the OAM installed – I’ll detail all the steps I did. To simplify matters – I installed OAM on Microsoft Windows Server, but the same should hold for Linux.
All Oracle downloads were downloaded from edelivery.oracle.com. Version is 11.1.0.6.
OAM Installation
- Install Oracle database. I didn’t install Oracle XE, but rather the Enterprise edition.
- Alter the Oracle database.
- Open sqlplus as sys and run the following commands
alter system set open_cursors=1000 scope=both; alter system set processes=1000 scope=SPFILE;
- Restart Oracle DB.
- Run RCU (V33643-01), and check the Identity Managent checkbox. Proceed with the installation.
- Install WebLogic Server (wls1036_generic)
- Install SOA Suite (ofm_soa_generic_11.1.1.6.0_disk1_1of2 and ofm_soa_generic_11.1.1.6.0_disk1_2of2).
- Install IdM (V33644-01_1of2 and V33644-01_2of2)
- From your ORACLE_HOME/IDM_HOME/common/bin run the config.cmd file.
- Install all the required components (especially all the Oracle Access Manager relevant components).
- DO NOT START THE ADMIN SERVER.
- Run the following WLST scripts (thank you Warren
- Where
- $MW_HOME is where you put the Middleware home (e.g. ~/Oracle/Middleware)
$ORACLE_HOME - is the Oracle IAM home (e.g. ~/Oracle/Middleware/Oracle_IAM1)
$IAM_DOMAIN_ - LOCATION is the domain home (e.g. ~/Oracle/Middleware/user_projects/domains/OAMDomain)
- $ORA_PASS is the password needed to talk to the database
- Now you can safely run the admin server. Connect to it using IP_ADDR:7001/em, and start the OAM managed server too.
$MW_HOME/oracle_common/common/bin/wlst.cmd $ORACLE_HOME/common/tools/configureSecurityStore.py -d $IAM_DOMAIN_LOCATION -m create -c IAM -p $ORA_PASS $MW_HOME/oracle_common/common/bin/wlst.cmd $ORACLE_HOME/common/tools/configureSecurityStore.py -d $IAM_DOMAIN_LOCATION -m validate
Apache installation/configuration
On a separate machine (I used RedHat Linux 5.5):
- Install Apache2.2
- Configure WebGate (I used ZIP file oam_int_linux_v10_cd1.zip)
- Configure Apache to act as a proxy for your Liferay server by using ProxyPass and ProxyPassReverse. For instance:
- Configure WebGate in the Apache. On my machine the configuration looked like this:
ProxyRequests Off ProxyPass /web http://LIFERAY_SERVER:8080/web ProxyPassReverse /web http://LIFERAY_SERVER:8080/web
LoadModule obWebgateModule "/usr/local/webgate/product/access/oblix/apps/webgate/bin/webgate.so"
LoadFile "/usr/local/webgate/libgcc_s.so.1"
LoadFile "/usr/local/webgate/libstdc++.so.6"
WebGateInstalldir "/usr/local/webgate/product/access"
WebGateMode PEER
#webgateload obWebgateModule "/usr/local/webgate/product/access/oblix/apps/webgate/bin/webgate.so"
SetHandler obwebgateerr
SetHandler obwebgateerr
AuthType Oblix
require valid-user
OAM Configuration
- Open the Access Manager console, and click on the “New OAM10g WebGate”
- Fill in the details, exactly as you did during the WebGate installation.
- Go to “Application Domains”, and select the newly created Application Policy
- Change any required value, and select “Authorization Policies”
- Select the “Protected Resource Policy”
- Select “Responses”
- Add a new response – HTTP Header with the name of LIFERAY_SCREEN_NAME and value of uid
Liferay Configuration
- Edit the portal-ext.properties file and add the following line:
auto.login.hooks=com.liferay.portal.security.auth.RequestHeaderAutoLogin
Restart Apache, and browse to it. You should get the OAM login page, and after login – you should see you have automatically logged-in into Liferay…
Tona Consulting 