Well, I was given a challenging task – using Oracle Access Manager 11g as an SSO provider for Liferay 6.0 (the community edition…).
Now, as you might know – there is no built-in OAM support for Liferay – so I was stuck with configuring one myself. Since I didn’t even have the OAM installed – I’ll detail all the steps I did. To simplify matters – I installed OAM on Microsoft Windows Server, but the same should hold for Linux.
All Oracle downloads were downloaded from edelivery.oracle.com. Version is 18.104.22.168.
- Install Oracle database. I didn’t install Oracle XE, but rather the Enterprise edition.
- Alter the Oracle database.
- Open sqlplus as sys and run the following commands
alter system set open_cursors=1000 scope=both; alter system set processes=1000 scope=SPFILE;
- Restart Oracle DB.
- Run RCU (V33643-01), and check the Identity Managent checkbox. Proceed with the installation.
- Install WebLogic Server (wls1036_generic)
- Install SOA Suite (ofm_soa_generic_22.214.171.124.0_disk1_1of2 and ofm_soa_generic_126.96.36.199.0_disk1_2of2).
- Install IdM (V33644-01_1of2 and V33644-01_2of2)
- From your ORACLE_HOME/IDM_HOME/common/bin run the config.cmd file.
- Install all the required components (especially all the Oracle Access Manager relevant components).
- DO NOT START THE ADMIN SERVER.
- Run the following WLST scripts (thank you Warren
- $MW_HOME is where you put the Middleware home (e.g. ~/Oracle/Middleware)
- is the Oracle IAM home (e.g. ~/Oracle/Middleware/Oracle_IAM1)
- LOCATION is the domain home (e.g. ~/Oracle/Middleware/user_projects/domains/OAMDomain)
- $ORA_PASS is the password needed to talk to the database
- Now you can safely run the admin server. Connect to it using IP_ADDR:7001/em, and start the OAM managed server too.
$MW_HOME/oracle_common/common/bin/wlst.cmd $ORACLE_HOME/common/tools/configureSecurityStore.py -d $IAM_DOMAIN_LOCATION -m create -c IAM -p $ORA_PASS $MW_HOME/oracle_common/common/bin/wlst.cmd $ORACLE_HOME/common/tools/configureSecurityStore.py -d $IAM_DOMAIN_LOCATION -m validate
On a separate machine (I used RedHat Linux 5.5):
- Install Apache2.2
- Configure WebGate (I used ZIP file oam_int_linux_v10_cd1.zip)
- Configure Apache to act as a proxy for your Liferay server by using ProxyPass and ProxyPassReverse. For instance:
- Configure WebGate in the Apache. On my machine the configuration looked like this:
ProxyRequests Off ProxyPass /web http://LIFERAY_SERVER:8080/web ProxyPassReverse /web http://LIFERAY_SERVER:8080/web
LoadModule obWebgateModule "/usr/local/webgate/product/access/oblix/apps/webgate/bin/webgate.so" LoadFile "/usr/local/webgate/libgcc_s.so.1" LoadFile "/usr/local/webgate/libstdc++.so.6" WebGateInstalldir "/usr/local/webgate/product/access" WebGateMode PEER #webgateload obWebgateModule "/usr/local/webgate/product/access/oblix/apps/webgate/bin/webgate.so" <Location /access/oblix/apps/webgate/bin/webgate.cgi> SetHandler obwebgateerr </Location> <Location "/oberr.cgi"> SetHandler obwebgateerr </Location> <LocationMatch "/*"> AuthType Oblix require valid-user </LocationMatch>
- Open the Access Manager console, and click on the “New OAM10g WebGate”
- Fill in the details, exactly as you did during the WebGate installation.
- Go to “Application Domains”, and select the newly created Application Policy
- Change any required value, and select “Authorization Policies”
- Select the “Protected Resource Policy”
- Select “Responses”
- Add a new response – HTTP Header with the name of LIFERAY_SCREEN_NAME and value of uid
- Edit the portal-ext.properties file and add the following line:
Restart Apache, and browse to it. You should get the OAM login page, and after login – you should see you have automatically logged-in into Liferay…