Online Help

SafeNet Trusted Access for Oracle Access Manager

Overview

Configuring SafeNet Trusted Access for Oracle Access Manager is a three-step process:

1.Oracle Access Manager setup

2.SafeNet Trusted Access setup

3.Verify authentication

Oracle Access Manager Setup

Oracle Access Manager can be configured for:

SP-Initiated SSO

IdP-Initiated SSO

As a prerequisite, download the Identity Provider metadata from the SafeNet Trusted Access console by clicking the Download metadata file button. You will need this metadata in one of the steps given below.

Configuring Oracle Access Manager – SP-Initiated SSO

Configuring Oracle Access Manager for SP-Initiated SSO requires:

Enabling federation services

Creating an identity provider partner

Creating an authentication policy

Enabling Federation Services

Perform the following steps to enable federation services:

1. Log in to the Oracle Access Manager console as an administrator using the URL, http://<oam-host>:<oam-port>/oamconsole.

Where,

<oam-host> is the hostname of the OAM server.

<oam-port> is the running port number of the OAM server.

2.On the Oracle Access Manager console, on the top right-hand side corner, click Configuration.

3.Click Available Services.

4.Under Available Services, under Federation, in the Identity Federation row, click Enable Service.

Creating an Identity Provider Partner

Perform the following steps to create an identity provider partner:

1.On the Oracle Access Manager console, click the Federation tab.

2.Under Federation, click on the Service Provider Management link.

3. On the Service Provider Administration window, click Create Identity Provider Partner.

4.The Create Identity Provider Partner window is displayed. Under General, complete the following fields.

Name Enter an identity provider name (for example, Safenet).
Enable Partner Select this option.
Default Identity Provider Partner Select this option.

5.Under Service Information, perform the following steps:

a.Complete the following fields.

Protocol Select SAML2.0.
Service Details Select the Load from provider metadata.

b.In the Metadata File field, click Browse to search and select the Identity provider metadata file that you downloaded earlier from the SafeNet Trusted Access console

6.Under Mapping Options, under User Mapping complete the following fields.

User Identity Store Select the user credential store (for example, OUDStore).
User Search Base DN Enter the user search base distinguished name of the domain name to search for user entries. (for example, dc=com,dc=example).
Map assertion Name ID to User ID Store attribute Select this option and enter the attribute name (for example, uid).

7.Scroll up and click Save.

8.At the bottom of the window, the Advanced section is displayed. Under Advanced, ensure that the following options are selected:

Enable global logout

HTTP POST SSO Response Binding

9.Scroll up and click Save.

10.Under General, click Create Authentication Scheme and Module.

Creating an Authentication Policy

Perform the following steps to create an authentication policy:

1.On the Oracle Access Manager console, click the Application Security tab.

2. Under Access Manager, click on the Application Domains link.

3.On the Search Application Domains window, click Search, and then in the Search Results table, in the Name column, click the relevant application domain (for example, TestAgentDec).

4.On the Application Domain window, click the Authentication Policies tab, and then in the table, in the Name column, click Protected Resource Policy.

5.On the Protected Resource Policy window, in the Authentication Scheme field, select the authentication scheme (for example, SafenetFederationScheme) that you created in step 10 of Creating an Identity Provider Partner.

6.Click Apply.

Configuring Oracle Access Manager – IdP-Initiated SSO

Perform the following steps to configure Oracle Access Manager for IdP-Initiated SSO:

1.Perform all the steps as mentioned in Configuring Oracle Access Manager for SP-Initiated SSO.

2.Perform the following steps to configure the unsolicited relay state using the Weblogic Scripting tool (WLST):

a.On the OAM host, open the command line and run the following command to access WLST:

#cd <WLST_Path>

#./wlst.sh

Where, <WLST_Path> is <Oracle Access Manager installation directory>/common/bin

b.Run the following command to connect to the OAM server:

#connect ('<username>','<password>','t3:// <oam_host>:<oam_port>')

Where,

<username> is the user name of Oracle Access Manager.

<password> is the password of Oracle Access Manager.

<oam_host> is the fully qualified domain name of Oracle Access Manager.

<oam_port> is the port number that is configured to access Oracle Access Manager.

c.Run the following command to switch to the run time context:

#domainRuntime()

d.Run the following command to set the unsolicited relay state:

#updatePartnerProperty(‘<partnerName>’,’idp’,’providerrelaystate’,’<propValue>’,’string’)

Where,

<partnerName> is the name of the identity provider partner (for example, Safenet) that you set in step 4 of Creating an Identity Provider Partner.

<propValue> is the protected resource URL that you want to access (for example, http://ohsserverps3:7777/index.html).

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Oracle Access Manager, the second step is to activate the Oracle Access Manager application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, you will notice that the Oracle Access Manager application that you added previously is currently in inactive state by default. To configure and activate this application, click the application (for example, Oracle Access Manager) and proceed to the next step.

2.Under STA Setup, perform the following steps:

a.Under Account Details, in the OAM-HOST:OAM-PORT field, enter the host name and port number of the Oracle Access Manager console.

b.In PUBLIC-OAM-HOST:PUBLIC-OAM-PORT field, enter the host name and port number of the Oracle HTTP server.

c.Under User Login ID Mapping, in the NAME ID field, ensure that SAS User ID is selected.

3.Click Save Configuration to save the details and activate the Oracle Access Manager application in SafeNet Trusted Access.

Verify Authentication

Using SafeNet Trusted Access Console

Navigate to the Oracle Access Manager protected resource login URL, (for example, http://ohsserverps3:7777/index.html. You will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Oracle Access Manager protected resource after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click on the Oracle Access Manager application icon, you should be redirected to the Oracle Access Manager protected resource after authentication.

 

© 2018 SafeNet Trusted Access. Various trademarks held by their respective owners.