SlideShare a Scribd company logo

Oracle Access Manager integration with WNA/AD

Download as PPTX, PDF
Sumit Gupta
Sumit Gupta

This is the presentation I used for my session in SANGAM 2015 @ Hyderabad, India.

Education
1 of 62
Oracle Access Manager integration with WNA/AD 122nd November 2015 Hyderabad, India #AIOUG SANGAM 15 Sumit Gupta . . . . meeting of minds
Introduction • Presenter – Sumit Gupta • 10+ Years experience in Oracle Fusion Middleware • OPN Certified IAM Expert – Oracle Identity Manager 11g Certified Implementation Specialist – Oracle Access Management Suite Plus 11g Implementation Specialist – Oracle Certified Associate, Oracle Weblogic Server 12c administrator • Presenter – UKOUG Tech 14 – Liverpool, UK – Middleware SIG – Reading, UK – Sangam 2015 – Hyderabad, India – UKOUG Tech 15 – Birmingham, UK • Blogger (www.OraWorld.co.uk) – More than 150 articles – 1200 + subscribers www.OraWorld.co.ukwww.OraWorld.co.uk 2Copyright © 2015, OraWorld Ltd. All rights reseved
Agenda • Windows Native Authentication Overview • Kerberos Basics • WNA Configurations • WNA Testing (Demo Viewlet) • WNA Sequence Flow • Lessons Learnt • References • QnA Session www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 3
Windows Native Authentication www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 4
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 5 • Native authentication protocol in Active Directory • Kerberos Domain • Principal (Machines, Services & Users) – Service Principal Name (SPN) • PROTOCOL/hostname for services • username@DOMAIN for users • Key Distribution Center (KDC) • Ticket Granting Ticket (TGT) • Service Ticket (ST)
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 6
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 7
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 8
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 9
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 10
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 11
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 12
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 13
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 14
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 15
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 16
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 17
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 18
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 19
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 20
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 21
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 22
WNA High Level Steps • Tasks on the Windows domain controller: - Configuring the domain controller to support Kerberos Authentication - Generating a keytab file for a service user • Tasks on the Oracle Access Manager server: - Configuring an Active Directory identity store - Configuring a Kerberos authentication module - Defining a policy that uses the Kerberos authentication module to protect resources • Configuring end-user browsers 23 www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved
WNA Configuration • Create a service user in Windows AD Server. www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 24 AD Server
WNA Configuration • KeyTab generation – contains shared secret key of the service ktpass.exe -princ HTTP/<OHS hostname>@<AD Server Domain> -pass <Password of the user created to be mapped> – mapuser <AD DOMAINsAMAccountName of the user created > – out <Location_of_keytab_file> www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 25 AD Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 26 AD Server
WNA Configuration • Copy generated keytab (binary file) to OAM Server • Set up krb5.conf - Unix : /etc/krb5.conf on unix - Windows: C:windowskrb5.conf • KRB5_CONFIG env variable www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 27 OAM Server [logging] default = FILE:/u01/app/oracle/middleware/Oracle_IAM1/wna/krb5libs.log kdc = FILE:/u01/app/oracle/middleware/Oracle_IAM1/wna/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = OWAD.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 600 clock_skew= 600 udp_preference_limit= 1 default_tkt_enctypes = RC4-HMAC default_tgs_enctypes = RC4-HMAC [realms] OWAD.LOCAL = { kdc = owwin-ad.owad.local admin_server = owwin-ad.owad.local default_domain = OWAD.LOCAL } [domain_realm] .owad.local = OWAD.LOCAL owad.local = OWAD.LOCAL
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 28 OAM Server • Klist commands [orafmw@iam ~]$ klist -e klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_500) Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached [orafmw@iam ~]$ klist -k /u01/app/oracle/middleware/Oracle_IAM1/wna/oraworld.keytab -t -K -e Keytab name: FILE:/u01/app/oracle/middleware/Oracle_IAM1/wna/oraworld.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 3 01/01/70 01:00:00 HTTP/oraworld.com@OWAD.LOCAL (ArcFour with HMAC/md5) (0x1d1b117a1db40dc241f7838b083a6b9d)
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 29 OAM Server • Kinit command [orafmw@iam ~]$ kinit -V HTTP/oraworld.com@OWAD.LOCAL -k -t /u01/app/oracle/middleware/Oracle_IAM1/wna/oraworld.keytab Authenticated to Kerberos v5 [orafmw@iam ~]$ klist -e Ticket cache: FILE:/tmp/krb5cc_500 Default principal: HTTP/oraworld.com@OWAD.LOCAL Valid starting Expires Service principal 06/22/15 11:47:22 06/22/15 21:47:27 krbtgt/OWAD.LOCAL@OWAD.LOCAL renew until 06/23/15 11:47:22, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 30 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 31 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 32 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 33 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 34 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 35 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 36 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 37 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 38 OAM Server
Browser Configuration www.OraWorld.co.uk 39 Copyright © 2015, OraWorld Ltd. All rights reserved 39 • Open Internet Explorer • Go to Tools > Internet Options > Security > Local Intranet > Advanced • Add OAM Server host name Internet Explorer
Browser Configuration www.OraWorld.co.uk 40 Copyright © 2015, OraWorld Ltd. All rights reserved 40 Internet Explorer
Browser Configuration www.OraWorld.co.uk 41 Copyright © 2015, OraWorld Ltd. All rights reserved 41 Internet Explorer
Browser Configuration www.OraWorld.co.uk 42 Copyright © 2015, OraWorld Ltd. All rights reserved 42 • Go to Advanced tab > Security • Check the box besides – Enable Integrated Windows Authentication Internet Explorer
Browser Configuration www.OraWorld.co.uk 43 Copyright © 2015, OraWorld Ltd. All rights reserved 43 Internet Explorer
Browser Configuration www.OraWorld.co.uk 44 Copyright © 2015, OraWorld Ltd. All rights reserved 44 • Go to Security > Local Intranet > Custom Level • Select Automatic logon only in Intranet zone • Restart Internet Explorer Internet Explorer
Browser Configuration www.OraWorld.co.uk 45 Copyright © 2015, OraWorld Ltd. All rights reserved 45 Internet Explorer
Browser Configuration www.OraWorld.co.uk 46 Copyright © 2015, OraWorld Ltd. All rights reserved 46 • Google Chrome uses the Internet Explorer settings. Chrome
Browser Configuration www.OraWorld.co.uk 47 Copyright © 2015, OraWorld Ltd. All rights reserved 47 • about:config • Set network.negotiate-auth.trusted-uris to OAMHOST.DOMAIN. Firefox
Browser Configuration www.OraWorld.co.uk 48 Copyright © 2015, OraWorld Ltd. All rights reserved 48 Firefox
WNA Testing www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 49 • Demo Viewlet Link • https://www.youtube.com/watch?v=C-HKAN2InyY
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 50
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 51 OAM Server Log. <11-Jun-2015 13:03:12 o'clock BST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to /u01/app/oracle/middleware/user_projects/domains/iam_domain/servers/oam_server1/logs/oam_server1.log00059. Log messages will continue to be logged in /u01/app/oracle/middleware/user_projects/domains/iam_domain/servers/oam_server1/logs/oam_server1.log.> >>> KeyTabInputStream, readName(): OWAD.LOCAL >>> KeyTabInputStream, readName(): HTTP >>> KeyTabInputStream, readName(): oraworld.com >>> KeyTab: load() entry length: 63; type: 23 Added key: 23version: 3 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23. 0: EncryptionKey: keyType=23 kvno=3 keyValue (hex dump)= 0000: 1D 1B 11 7A 1D B4 0D C2 41 F7 83 8B 08 3A 6B 9D ...z....A....:k.
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 52 http://oraworld.com:7777/secured/index.html GET /secured/index.html HTTP/1.1 Host: oraworld.com:7777 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 302 Found Date: Mon, 29 Jun 2015 11:48:49 GMT Server: Oracle-Application-Server-11g Set-Cookie: OAMAuthnHintCookie=0@1435578529; httponly; path=/; domain=.com Set-Cookie: OAMRequestContext_oraworld.com:7777_505353=PSSttVqN64gXBgIbzgp8jA==;max-age=300; httponly; path=/ Location: http://oraworld.com:14100/oam/server/obrareq.cgi?encquery%3DxjRnrPN5vUi8FDE0h2Os3fXf <Trimmed> Content-Length: 652 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 53 http://oraworld.com:14100/oam/server/obrareq.cgi?encquery%<Trimmed> GET /oam/server/obrareq.cgi?encquery%3DxjRn<Trimmed>HTTP/1.1 Host: oraworld.com:14100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAMRequestContext_oraworld.com:7777_505353=PSSttVqN64gXBgIbzgp8jA== Connection: keep-alive HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 29 Jun 2015 11:48:49 GMT Transfer-Encoding: chunked Location: http://oraworld.com:14100/oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foa m%2FCredCollectServlet%2FWNA&request_id=- 276341910699531784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Finde x.html Set-Cookie: OAM_REQ_0=VERSION_4~ugKPHSCILJo%<Trimmed>; path=/; HttpOnly Set-Cookie: OAM_REQ_COUNT=VERSION_4~1; path=/; HttpOnly X-ORACLE-DMS-ECID: 74645cb114abea27:-3751213f:14dfcde14b8:-8000-0000000000029fd1
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 54 http://oraworld.com:14100/oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2F CredCollectServlet%2FWNA&request_id=- 276341910699531784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Finde x.html GET /oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2FCredCollectServlet%2 FWNA&request_id=- 276341910699531784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Finde x.html HTTP/1.1 Host: oraworld.com:14100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAMRequestContext_oraworld.com:7777_505353=<Trimmed>OAM_REQ_COUNT=VERSION_4~1 Connection: keep-alive HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store Date: Mon, 29 Jun 2015 11:48:50 GMT Pragma: no-cache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: 0 WWW-Authenticate: Negotiate WWW-Authenticate: Basic realm="OAM 11g"
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 55 http://oraworld.com:14100/oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2F CredCollectServlet%2FWNA&request_id=- 23&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Findex.html GET /oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2FCredCollectServlet%2FWNA &request_id=-27784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com777%252Fsecured?Findex.html HTTP/1.1 Host: oraworld.com:14100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Cookie: OAMRequestContext_oraworld.com:7777_50<Trimmed>LJeWMsd; OAM_REQ_COUNT=VERSION_4~1 Connection: keep-alive Authorization: Negotiate YIIGlgYGKwYBBQUCoIIGijCCBoagMDA<Trimmed>== HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 29 Jun 2015 11:48:50 GMT Transfer-Encoding: chunked Location: http://oraworld.com:7777/obrar.cgi?encreply=<Trimmed> Set-Cookie: OAM_ID=VERSION_4~SrAPo4Sh9v3M<Trimmed>; path=/; HttpOnly Set-Cookie: OAM_GITO=v1~uid:Wnauser1r&<Trimmed>c-oraworld.c&; path=/; HttpOnly; expires=Thu, 01-Jan-1970 01:00:00 GMT Set-Cookie: OAM_REQ_0=invalid; path=/; HttpOnly X-ORACLE-DMS-ECID: 74645cb114abea27:-3751213f:14dfcde14b8:-8000-0000000000029fd6
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 56
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 57 http://oraworld.com:7777/obrar.cgi?encreply=<Trimmed> GET /obrar.cgi?encreply=<Trimmed>k%3D HTTP/1.1 Host: oraworld.com:7777 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAMRequestContext_oraworld.com:7777_505353=PSSt<Trimmed>rr2SMpNMOF2B/DbQk3/N1Ua1onzJ Connection: keep-alive HTTP/1.1 302 Found Date: Mon, 29 Jun 2015 11:48:52 GMT Server: Oracle-Application-Server-11g Set-Cookie: OAMRequestContext_oraworld.com:7777_505353=;expires=thursday, 01-jan-1970 01:00:00 gmt; httponly; path=/ Set-Cookie: OAMAuthnCookie_oraworld.com:7777=<Trimmed>%3D;httponly; path=/ Set-Cookie: OAMAuthnHintCookie=X; httponly; path=/ Location: /secured/index.html Content-Length: 230 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 58 http://oraworld.com:7777/secured/index.html GET /secured/index.html HTTP/1.1 Host: oraworld.com:7777 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAM_REQ_0=invalid; OAM_REQ_COUNT=VERSION_4~1; OAM_ID=VERSION_4~SrAPo4Sh9v3Mz9YtR0IUJQ==~<Trimmed<; OAMAuthnHintCookie=X Connection: keep-alive HTTP/1.1 200 OK Date: Mon, 29 Jun 2015 11:48:52 GMT Server: Oracle-Application-Server-11g Set-Cookie: OAMAuthnHintCookie=;expires=thursday, 01-jan-1970 01:00:00 gmt; httponly; path=/ Set-Cookie: OAMAuthnHintCookie=1; httponly; path=/; domain=.com Cache-Control: no-cache Pragma: no-cache Last-Modified: Tue, 23 Jun 2015 19:07:39 GMT Etag: "bc06de-3cd-519341a9c54c0” Accept-Ranges: bytes Content-Length: 973 Connection: Keep-Alive Content-Type: text/html Content-Language: en
• NTLM versus Kerberos - SPNEGO token can contain either NTLM or Kerberos token depending on the Windows client capabilities. All pre–Windows 2000 clients use NTLM. AD domains by default support “mixed” mode. - If Kerberos fails, the client falls back to NTLM. - HTTP header logger or Fiddler are best to diagnose this. Browser logging can also help. • Clock Skew Errors - Synchronize clocks on both your OAM Server and the AD server . 59 59 www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved Lessons Learnt
• Error: - kinit(v5): Key table entry not found while getting initial credentials - kinit(v5): Preauthentication failed while getting initial credentials - kinit(v5): KDC reply did not match expectations while getting initial credentials • PROTOCOL and DOMAIN NAME are always in CAPITAL LETTERS. • hostname and username are always in lower case. 60 60 www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved Lessons Learnt
• Configuring Access Manager for Windows Native Authentication OAM 11g WNA Step by Step Setup Guide (Doc ID 1416860.1) • WNA Basics • WNA for multiple AD forest. • Oracle Access Manager 11g WNA Quick Start Guide (Doc ID 1416903.1) • http://tools.ietf.org/html/rfc4559 • Trouble Shooting OAM 11g WNA Issues Quick Start Guide (Doc ID 1433554.1) • Blogs: Enable Logging & Lessons Learnt • Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 61 References
QnA www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 62

Recommended

Oracle EBS R12 Self service user manual
Oracle EBS R12 Self service user manualOracle EBS R12 Self service user manual
Oracle EBS R12 Self service user manualFeras Ahmad
 
23 workflow approvals
23 workflow approvals23 workflow approvals
23 workflow approvalsmohamed refaei
 
Oracle Sub-ledger Accounting : a Technical Overview
Oracle Sub-ledger Accounting : a Technical OverviewOracle Sub-ledger Accounting : a Technical Overview
Oracle Sub-ledger Accounting : a Technical Overviewdrdavidtaylor
 
R12:Payment Process Request (PPR)
R12:Payment Process Request (PPR)R12:Payment Process Request (PPR)
R12:Payment Process Request (PPR)lingaswamy vallapu
 
Query all roles and duties and privileges Oracle Fusion Cloud
Query all roles and duties and privileges Oracle Fusion CloudQuery all roles and duties and privileges Oracle Fusion Cloud
Query all roles and duties and privileges Oracle Fusion CloudFeras Ahmad
 
R12 Business Case Process Manufacturing
R12 Business Case Process ManufacturingR12 Business Case Process Manufacturing
R12 Business Case Process ManufacturingVaddadi Anil Srinivas
 
Webadi -a_sample_implementation
Webadi -a_sample_implementationWebadi -a_sample_implementation
Webadi -a_sample_implementationAshish Harbhajanka
 
Oracle WIP – Supply Types:
Oracle WIP – Supply Types:Oracle WIP – Supply Types:
Oracle WIP – Supply Types:Boopathy CS
 

Recommended

Oracle EBS R12 Self service user manual
Oracle EBS R12 Self service user manualOracle EBS R12 Self service user manual
Oracle EBS R12 Self service user manualFeras Ahmad
 
23 workflow approvals
23 workflow approvals23 workflow approvals
23 workflow approvalsmohamed refaei
 
Oracle Sub-ledger Accounting : a Technical Overview
Oracle Sub-ledger Accounting : a Technical OverviewOracle Sub-ledger Accounting : a Technical Overview
Oracle Sub-ledger Accounting : a Technical Overviewdrdavidtaylor
 
R12:Payment Process Request (PPR)
R12:Payment Process Request (PPR)R12:Payment Process Request (PPR)
R12:Payment Process Request (PPR)lingaswamy vallapu
 
Query all roles and duties and privileges Oracle Fusion Cloud
Query all roles and duties and privileges Oracle Fusion CloudQuery all roles and duties and privileges Oracle Fusion Cloud
Query all roles and duties and privileges Oracle Fusion CloudFeras Ahmad
 
R12 Business Case Process Manufacturing
R12 Business Case Process ManufacturingR12 Business Case Process Manufacturing
R12 Business Case Process ManufacturingVaddadi Anil Srinivas
 
Webadi -a_sample_implementation
Webadi -a_sample_implementationWebadi -a_sample_implementation
Webadi -a_sample_implementationAshish Harbhajanka
 
Oracle WIP – Supply Types:
Oracle WIP – Supply Types:Oracle WIP – Supply Types:
Oracle WIP – Supply Types:Boopathy CS
 
Oracle EBS Self service from A to Z
Oracle EBS Self service from A to ZOracle EBS Self service from A to Z
Oracle EBS Self service from A to ZFeras Ahmad
 
Setting up audits and audit reports Fusion Cloud
Setting up audits and audit reports Fusion Cloud Setting up audits and audit reports Fusion Cloud
Setting up audits and audit reports Fusion Cloud Feras Ahmad
 
Oracle Applications R12 Sourcing Training
Oracle Applications R12 Sourcing TrainingOracle Applications R12 Sourcing Training
Oracle Applications R12 Sourcing TrainingDharmalingam Kandampalayam Shanmugam
 
32 payroll setup_part_32_(skylark_group_pvt_ltd)
32 payroll setup_part_32_(skylark_group_pvt_ltd)32 payroll setup_part_32_(skylark_group_pvt_ltd)
32 payroll setup_part_32_(skylark_group_pvt_ltd)Oracle HRMS Functional Consultant
 
Report Manager in Oracle EBS R12
Report Manager in Oracle EBS R12Report Manager in Oracle EBS R12
Report Manager in Oracle EBS R12Prithis Das, PMP, OCS ☁️
 
Create invoice by Oracle iSupplier portal
Create invoice by Oracle iSupplier portalCreate invoice by Oracle iSupplier portal
Create invoice by Oracle iSupplier portalHamdy Elbana
 
How to install vag com vcds software
How to install vag com vcds softwareHow to install vag com vcds software
How to install vag com vcds softwareaciscan2014
 
Oracle procurement contracts
Oracle procurement contractsOracle procurement contracts
Oracle procurement contractssivakumar046
 
Oracle Personalization How To Restricting users from assigning items to diffe...
Oracle Personalization How To Restricting users from assigning items to diffe...Oracle Personalization How To Restricting users from assigning items to diffe...
Oracle Personalization How To Restricting users from assigning items to diffe...Ahmed Elshayeb
 
Oracle Fusion Applications Security - Designing Roles
Oracle Fusion Applications Security - Designing RolesOracle Fusion Applications Security - Designing Roles
Oracle Fusion Applications Security - Designing Roleskmundy
 
Configuring Parallel Approvers Notification
Configuring Parallel Approvers NotificationConfiguring Parallel Approvers Notification
Configuring Parallel Approvers NotificationFeras Ahmad
 
Oracle Apps Technical – Short notes on RICE Components.
Oracle Apps Technical – Short notes on RICE Components.Oracle Apps Technical – Short notes on RICE Components.
Oracle Apps Technical – Short notes on RICE Components.Boopathy CS
 
Query Worker Contracts Details Oracle Fusion Cloud
Query Worker Contracts Details Oracle Fusion CloudQuery Worker Contracts Details Oracle Fusion Cloud
Query Worker Contracts Details Oracle Fusion CloudFeras Ahmad
 
Send mail with attached report layout
Send mail with attached report layoutSend mail with attached report layout
Send mail with attached report layoutAhmed Elshayeb
 
Validation type 'special' in value sets
Validation type 'special' in value setsValidation type 'special' in value sets
Validation type 'special' in value setsFeras Ahmad
 
Oracle EBS HRMS SETUP
Oracle EBS HRMS SETUPOracle EBS HRMS SETUP
Oracle EBS HRMS SETUPHussain Abbas
 
Oracle Fusion Financials Overview
Oracle Fusion Financials OverviewOracle Fusion Financials Overview
Oracle Fusion Financials OverviewBerry Clemens
 
Oracle hcm cloud configuring approval workflow
Oracle hcm cloud configuring approval workflowOracle hcm cloud configuring approval workflow
Oracle hcm cloud configuring approval workflowFeras Ahmad
 
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2vasuballa
 
Oracle Enterprise Scheduler(ESS Job Scheduling)
Oracle Enterprise Scheduler(ESS Job Scheduling)Oracle Enterprise Scheduler(ESS Job Scheduling)
Oracle Enterprise Scheduler(ESS Job Scheduling)TUSHAR VARSHNEY
 
The Role of Kerberos in Identity Mgmt
The Role of Kerberos in Identity MgmtThe Role of Kerberos in Identity Mgmt
The Role of Kerberos in Identity MgmtISACA New England
 
Migrate Oracle Forms & Reports
Migrate Oracle Forms & ReportsMigrate Oracle Forms & Reports
Migrate Oracle Forms & Reportskshukla5
 

More Related Content

What's hot

Oracle EBS Self service from A to Z
Oracle EBS Self service from A to ZOracle EBS Self service from A to Z
Oracle EBS Self service from A to ZFeras Ahmad
 
Setting up audits and audit reports Fusion Cloud
Setting up audits and audit reports Fusion Cloud Setting up audits and audit reports Fusion Cloud
Setting up audits and audit reports Fusion Cloud Feras Ahmad
 
Create invoice by Oracle iSupplier portal
Create invoice by Oracle iSupplier portalCreate invoice by Oracle iSupplier portal
Create invoice by Oracle iSupplier portalHamdy Elbana
 
How to install vag com vcds software
How to install vag com vcds softwareHow to install vag com vcds software
How to install vag com vcds softwareaciscan2014
 
Oracle procurement contracts
Oracle procurement contractsOracle procurement contracts
Oracle procurement contractssivakumar046
 
Oracle Personalization How To Restricting users from assigning items to diffe...
Oracle Personalization How To Restricting users from assigning items to diffe...Oracle Personalization How To Restricting users from assigning items to diffe...
Oracle Personalization How To Restricting users from assigning items to diffe...Ahmed Elshayeb
 
Oracle Fusion Applications Security - Designing Roles
Oracle Fusion Applications Security - Designing RolesOracle Fusion Applications Security - Designing Roles
Oracle Fusion Applications Security - Designing Roleskmundy
 
Configuring Parallel Approvers Notification
Configuring Parallel Approvers NotificationConfiguring Parallel Approvers Notification
Configuring Parallel Approvers NotificationFeras Ahmad
 
Oracle Apps Technical – Short notes on RICE Components.
Oracle Apps Technical – Short notes on RICE Components.Oracle Apps Technical – Short notes on RICE Components.
Oracle Apps Technical – Short notes on RICE Components.Boopathy CS
 
Query Worker Contracts Details Oracle Fusion Cloud
Query Worker Contracts Details Oracle Fusion CloudQuery Worker Contracts Details Oracle Fusion Cloud
Query Worker Contracts Details Oracle Fusion CloudFeras Ahmad
 
Send mail with attached report layout
Send mail with attached report layoutSend mail with attached report layout
Send mail with attached report layoutAhmed Elshayeb
 
Validation type 'special' in value sets
Validation type 'special' in value setsValidation type 'special' in value sets
Validation type 'special' in value setsFeras Ahmad
 
Oracle EBS HRMS SETUP
Oracle EBS HRMS SETUPOracle EBS HRMS SETUP
Oracle EBS HRMS SETUPHussain Abbas
 
Oracle Fusion Financials Overview
Oracle Fusion Financials OverviewOracle Fusion Financials Overview
Oracle Fusion Financials OverviewBerry Clemens
 
Oracle hcm cloud configuring approval workflow
Oracle hcm cloud configuring approval workflowOracle hcm cloud configuring approval workflow
Oracle hcm cloud configuring approval workflowFeras Ahmad
 
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2vasuballa
 
Oracle Enterprise Scheduler(ESS Job Scheduling)
Oracle Enterprise Scheduler(ESS Job Scheduling)Oracle Enterprise Scheduler(ESS Job Scheduling)
Oracle Enterprise Scheduler(ESS Job Scheduling)TUSHAR VARSHNEY
 

What's hot (20)

Oracle EBS Self service from A to Z
Oracle EBS Self service from A to ZOracle EBS Self service from A to Z
Oracle EBS Self service from A to Z
 
Setting up audits and audit reports Fusion Cloud
Setting up audits and audit reports Fusion Cloud Setting up audits and audit reports Fusion Cloud
Setting up audits and audit reports Fusion Cloud
 
Oracle Applications R12 Sourcing Training
Oracle Applications R12 Sourcing TrainingOracle Applications R12 Sourcing Training
Oracle Applications R12 Sourcing Training
 
32 payroll setup_part_32_(skylark_group_pvt_ltd)
32 payroll setup_part_32_(skylark_group_pvt_ltd)32 payroll setup_part_32_(skylark_group_pvt_ltd)
32 payroll setup_part_32_(skylark_group_pvt_ltd)
 
Report Manager in Oracle EBS R12
Report Manager in Oracle EBS R12Report Manager in Oracle EBS R12
Report Manager in Oracle EBS R12
 
Create invoice by Oracle iSupplier portal
Create invoice by Oracle iSupplier portalCreate invoice by Oracle iSupplier portal
Create invoice by Oracle iSupplier portal
 
How to install vag com vcds software
How to install vag com vcds softwareHow to install vag com vcds software
How to install vag com vcds software
 
Oracle procurement contracts
Oracle procurement contractsOracle procurement contracts
Oracle procurement contracts
 
Oracle Personalization How To Restricting users from assigning items to diffe...
Oracle Personalization How To Restricting users from assigning items to diffe...Oracle Personalization How To Restricting users from assigning items to diffe...
Oracle Personalization How To Restricting users from assigning items to diffe...
 
Oracle Fusion Applications Security - Designing Roles
Oracle Fusion Applications Security - Designing RolesOracle Fusion Applications Security - Designing Roles
Oracle Fusion Applications Security - Designing Roles
 
Configuring Parallel Approvers Notification
Configuring Parallel Approvers NotificationConfiguring Parallel Approvers Notification
Configuring Parallel Approvers Notification
 
Oracle Apps Technical – Short notes on RICE Components.
Oracle Apps Technical – Short notes on RICE Components.Oracle Apps Technical – Short notes on RICE Components.
Oracle Apps Technical – Short notes on RICE Components.
 
Query Worker Contracts Details Oracle Fusion Cloud
Query Worker Contracts Details Oracle Fusion CloudQuery Worker Contracts Details Oracle Fusion Cloud
Query Worker Contracts Details Oracle Fusion Cloud
 
Send mail with attached report layout
Send mail with attached report layoutSend mail with attached report layout
Send mail with attached report layout
 
Validation type 'special' in value sets
Validation type 'special' in value setsValidation type 'special' in value sets
Validation type 'special' in value sets
 
Oracle EBS HRMS SETUP
Oracle EBS HRMS SETUPOracle EBS HRMS SETUP
Oracle EBS HRMS SETUP
 
Oracle Fusion Financials Overview
Oracle Fusion Financials OverviewOracle Fusion Financials Overview
Oracle Fusion Financials Overview
 
Oracle hcm cloud configuring approval workflow
Oracle hcm cloud configuring approval workflowOracle hcm cloud configuring approval workflow
Oracle hcm cloud configuring approval workflow
 
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2
 
Oracle Enterprise Scheduler(ESS Job Scheduling)
Oracle Enterprise Scheduler(ESS Job Scheduling)Oracle Enterprise Scheduler(ESS Job Scheduling)
Oracle Enterprise Scheduler(ESS Job Scheduling)
 

Viewers also liked

The Role of Kerberos in Identity Mgmt
The Role of Kerberos in Identity MgmtThe Role of Kerberos in Identity Mgmt
The Role of Kerberos in Identity MgmtISACA New England
 
Migrate Oracle Forms & Reports
Migrate Oracle Forms & ReportsMigrate Oracle Forms & Reports
Migrate Oracle Forms & Reportskshukla5
 
Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...Andrejs Prokopjevs
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureAtul Goyal
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101OneLogin
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I IPavu Jas
 
Palestra cheng nutrition
Palestra cheng nutritionPalestra cheng nutrition
Palestra cheng nutritionfruticultura
 
OpenThink Labs Training : Diving into Java, Breaking the Surface
OpenThink Labs Training : Diving into Java, Breaking the SurfaceOpenThink Labs Training : Diving into Java, Breaking the Surface
OpenThink Labs Training : Diving into Java, Breaking the SurfaceWildan Maulana
 
Zhao_Work samples
Zhao_Work samplesZhao_Work samples
Zhao_Work samplesYajing Zhao
 
Does simultaneous outsourcing of all your purchase-to-pay processes and achie...
Does simultaneous outsourcing of all your purchase-to-pay processes and achie...Does simultaneous outsourcing of all your purchase-to-pay processes and achie...
Does simultaneous outsourcing of all your purchase-to-pay processes and achie...sharedserviceslink.com
 
Difrentiation
DifrentiationDifrentiation
Difrentiationlecturer
 
WASH United India | Fellowships | Round 2
WASH United India | Fellowships | Round 2WASH United India | Fellowships | Round 2
WASH United India | Fellowships | Round 2WASH United
 
Paul Cragg Larsen - FINRA BrokerCheck Report
Paul Cragg Larsen - FINRA BrokerCheck ReportPaul Cragg Larsen - FINRA BrokerCheck Report
Paul Cragg Larsen - FINRA BrokerCheck Reportvernonhealy
 
Kessan 1708682945115077
Kessan 1708682945115077Kessan 1708682945115077
Kessan 1708682945115077yoshikawa0521
 
Most people cannot say - even to themselves - what their "Business Model" is
Most people cannot say - even to themselves - what their "Business Model" is Most people cannot say - even to themselves - what their "Business Model" is
Most people cannot say - even to themselves - what their "Business Model" is S K "Bal" Palekar
 
Quantum Entanglement - Cryptography and Communication
Quantum Entanglement - Cryptography and CommunicationQuantum Entanglement - Cryptography and Communication
Quantum Entanglement - Cryptography and CommunicationYi-Hsueh Tsai
 
Removal of Transformation Errors by Quarterion In Multi View Image Registration
Removal of Transformation Errors by Quarterion In Multi View Image RegistrationRemoval of Transformation Errors by Quarterion In Multi View Image Registration
Removal of Transformation Errors by Quarterion In Multi View Image RegistrationIDES Editor
 

Viewers also liked (19)

The Role of Kerberos in Identity Mgmt
The Role of Kerberos in Identity MgmtThe Role of Kerberos in Identity Mgmt
The Role of Kerberos in Identity Mgmt
 
Migrate Oracle Forms & Reports
Migrate Oracle Forms & ReportsMigrate Oracle Forms & Reports
Migrate Oracle Forms & Reports
 
Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 Architecture
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Anh vui
Anh vuiAnh vui
Anh vui
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I I
 
Palestra cheng nutrition
Palestra cheng nutritionPalestra cheng nutrition
Palestra cheng nutrition
 
OpenThink Labs Training : Diving into Java, Breaking the Surface
OpenThink Labs Training : Diving into Java, Breaking the SurfaceOpenThink Labs Training : Diving into Java, Breaking the Surface
OpenThink Labs Training : Diving into Java, Breaking the Surface
 
Zhao_Work samples
Zhao_Work samplesZhao_Work samples
Zhao_Work samples
 
Does simultaneous outsourcing of all your purchase-to-pay processes and achie...
Does simultaneous outsourcing of all your purchase-to-pay processes and achie...Does simultaneous outsourcing of all your purchase-to-pay processes and achie...
Does simultaneous outsourcing of all your purchase-to-pay processes and achie...
 
Difrentiation
DifrentiationDifrentiation
Difrentiation
 
WASH United India | Fellowships | Round 2
WASH United India | Fellowships | Round 2WASH United India | Fellowships | Round 2
WASH United India | Fellowships | Round 2
 
Paul Cragg Larsen - FINRA BrokerCheck Report
Paul Cragg Larsen - FINRA BrokerCheck ReportPaul Cragg Larsen - FINRA BrokerCheck Report
Paul Cragg Larsen - FINRA BrokerCheck Report
 
Kessan 1708682945115077
Kessan 1708682945115077Kessan 1708682945115077
Kessan 1708682945115077
 
Most people cannot say - even to themselves - what their "Business Model" is
Most people cannot say - even to themselves - what their "Business Model" is Most people cannot say - even to themselves - what their "Business Model" is
Most people cannot say - even to themselves - what their "Business Model" is
 
Quantum Entanglement - Cryptography and Communication
Quantum Entanglement - Cryptography and CommunicationQuantum Entanglement - Cryptography and Communication
Quantum Entanglement - Cryptography and Communication
 
Removal of Transformation Errors by Quarterion In Multi View Image Registration
Removal of Transformation Errors by Quarterion In Multi View Image RegistrationRemoval of Transformation Errors by Quarterion In Multi View Image Registration
Removal of Transformation Errors by Quarterion In Multi View Image Registration
 

Similar to Oracle Access Manager integration with WNA/AD

Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...Alfredo Krieg
 
Oracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18cOracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18cAiougVizagChapter
 
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Kellyn Pot'Vin-Gorman
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debuggingMaarten Smeets
 
Weblogic scripting LVOUG meetup #11
Weblogic scripting LVOUG meetup #11Weblogic scripting LVOUG meetup #11
Weblogic scripting LVOUG meetup #11Andrejs Vorobjovs
 
Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Kellyn Pot'Vin-Gorman
 
Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKellyn Pot'Vin-Gorman
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault OverviewTroy Kitch
 
veshaal-singh-ebs-oracle cloud(iaas+paas)
veshaal-singh-ebs-oracle cloud(iaas+paas)veshaal-singh-ebs-oracle cloud(iaas+paas)
veshaal-singh-ebs-oracle cloud(iaas+paas)aioughydchapter
 
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...Insight Technology, Inc.
 
Oracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud ServiceOracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud ServiceJean-Philippe PINTE
 
Using MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance ImprovementUsing MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance ImprovementMark Matthews
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Harin Vadodaria
 
OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...
OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...
OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...vasuballa
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
MySQL Enterprise Portfolio
MySQL Enterprise PortfolioMySQL Enterprise Portfolio
MySQL Enterprise PortfolioAbel Flórez
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMark Swarbrick
 
Powering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesPowering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesAmazon Web Services
 

Similar to Oracle Access Manager integration with WNA/AD (20)

Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
 
Oracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18cOracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18c
 
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debugging
 
Weblogic scripting LVOUG meetup #11
Weblogic scripting LVOUG meetup #11Weblogic scripting LVOUG meetup #11
Weblogic scripting LVOUG meetup #11
 
Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016
 
Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise Manager
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault Overview
 
veshaal-singh-ebs-oracle cloud(iaas+paas)
veshaal-singh-ebs-oracle cloud(iaas+paas)veshaal-singh-ebs-oracle cloud(iaas+paas)
veshaal-singh-ebs-oracle cloud(iaas+paas)
 
Aruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba OS 7.3 User Guide
Aruba OS 7.3 User Guide
 
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
 
Oracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud ServiceOracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud Service
 
Using MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance ImprovementUsing MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance Improvement
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016
 
OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...
OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...
OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
 
MySQL Enterprise Portfolio
MySQL Enterprise PortfolioMySQL Enterprise Portfolio
MySQL Enterprise Portfolio
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance Tuning
 
Powering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesPowering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon Workspaces
 

Recently uploaded

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 

Recently uploaded (20)

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 

Oracle Access Manager integration with WNA/AD

  • 1. Oracle Access Manager integration with WNA/AD 122nd November 2015 Hyderabad, India #AIOUG SANGAM 15 Sumit Gupta . . . . meeting of minds
  • 2. Introduction • Presenter – Sumit Gupta • 10+ Years experience in Oracle Fusion Middleware • OPN Certified IAM Expert – Oracle Identity Manager 11g Certified Implementation Specialist – Oracle Access Management Suite Plus 11g Implementation Specialist – Oracle Certified Associate, Oracle Weblogic Server 12c administrator • Presenter – UKOUG Tech 14 – Liverpool, UK – Middleware SIG – Reading, UK – Sangam 2015 – Hyderabad, India – UKOUG Tech 15 – Birmingham, UK • Blogger (www.OraWorld.co.uk) – More than 150 articles – 1200 + subscribers www.OraWorld.co.ukwww.OraWorld.co.uk 2Copyright © 2015, OraWorld Ltd. All rights reseved
  • 3. Agenda • Windows Native Authentication Overview • Kerberos Basics • WNA Configurations • WNA Testing (Demo Viewlet) • WNA Sequence Flow • Lessons Learnt • References • QnA Session www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 3
  • 4. Windows Native Authentication www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 4
  • 5. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 5 • Native authentication protocol in Active Directory • Kerberos Domain • Principal (Machines, Services & Users) – Service Principal Name (SPN) • PROTOCOL/hostname for services • username@DOMAIN for users • Key Distribution Center (KDC) • Ticket Granting Ticket (TGT) • Service Ticket (ST)
  • 6. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 6
  • 7. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 7
  • 8. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 8
  • 9. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 9
  • 10. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 10
  • 11. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 11
  • 12. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 12
  • 13. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 13
  • 14. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 14
  • 15. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 15
  • 16. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 16
  • 17. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 17
  • 18. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 18
  • 19. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 19
  • 20. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 20
  • 21. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 21
  • 22. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 22
  • 23. WNA High Level Steps • Tasks on the Windows domain controller: - Configuring the domain controller to support Kerberos Authentication - Generating a keytab file for a service user • Tasks on the Oracle Access Manager server: - Configuring an Active Directory identity store - Configuring a Kerberos authentication module - Defining a policy that uses the Kerberos authentication module to protect resources • Configuring end-user browsers 23 www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved
  • 24. WNA Configuration • Create a service user in Windows AD Server. www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 24 AD Server
  • 25. WNA Configuration • KeyTab generation – contains shared secret key of the service ktpass.exe -princ HTTP/<OHS hostname>@<AD Server Domain> -pass <Password of the user created to be mapped> – mapuser <AD DOMAINsAMAccountName of the user created > – out <Location_of_keytab_file> www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 25 AD Server
  • 26. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 26 AD Server
  • 27. WNA Configuration • Copy generated keytab (binary file) to OAM Server • Set up krb5.conf - Unix : /etc/krb5.conf on unix - Windows: C:windowskrb5.conf • KRB5_CONFIG env variable www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 27 OAM Server [logging] default = FILE:/u01/app/oracle/middleware/Oracle_IAM1/wna/krb5libs.log kdc = FILE:/u01/app/oracle/middleware/Oracle_IAM1/wna/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = OWAD.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 600 clock_skew= 600 udp_preference_limit= 1 default_tkt_enctypes = RC4-HMAC default_tgs_enctypes = RC4-HMAC [realms] OWAD.LOCAL = { kdc = owwin-ad.owad.local admin_server = owwin-ad.owad.local default_domain = OWAD.LOCAL } [domain_realm] .owad.local = OWAD.LOCAL owad.local = OWAD.LOCAL
  • 28. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 28 OAM Server • Klist commands [orafmw@iam ~]$ klist -e klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_500) Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached [orafmw@iam ~]$ klist -k /u01/app/oracle/middleware/Oracle_IAM1/wna/oraworld.keytab -t -K -e Keytab name: FILE:/u01/app/oracle/middleware/Oracle_IAM1/wna/oraworld.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 3 01/01/70 01:00:00 HTTP/oraworld.com@OWAD.LOCAL (ArcFour with HMAC/md5) (0x1d1b117a1db40dc241f7838b083a6b9d)
  • 29. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 29 OAM Server • Kinit command [orafmw@iam ~]$ kinit -V HTTP/oraworld.com@OWAD.LOCAL -k -t /u01/app/oracle/middleware/Oracle_IAM1/wna/oraworld.keytab Authenticated to Kerberos v5 [orafmw@iam ~]$ klist -e Ticket cache: FILE:/tmp/krb5cc_500 Default principal: HTTP/oraworld.com@OWAD.LOCAL Valid starting Expires Service principal 06/22/15 11:47:22 06/22/15 21:47:27 krbtgt/OWAD.LOCAL@OWAD.LOCAL renew until 06/23/15 11:47:22, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached
  • 30. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 30 OAM Server
  • 31. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 31 OAM Server
  • 32. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 32 OAM Server
  • 33. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 33 OAM Server
  • 34. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 34 OAM Server
  • 35. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 35 OAM Server
  • 36. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 36 OAM Server
  • 37. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 37 OAM Server
  • 38. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 38 OAM Server
  • 39. Browser Configuration www.OraWorld.co.uk 39 Copyright © 2015, OraWorld Ltd. All rights reserved 39 • Open Internet Explorer • Go to Tools > Internet Options > Security > Local Intranet > Advanced • Add OAM Server host name Internet Explorer
  • 40. Browser Configuration www.OraWorld.co.uk 40 Copyright © 2015, OraWorld Ltd. All rights reserved 40 Internet Explorer
  • 41. Browser Configuration www.OraWorld.co.uk 41 Copyright © 2015, OraWorld Ltd. All rights reserved 41 Internet Explorer
  • 42. Browser Configuration www.OraWorld.co.uk 42 Copyright © 2015, OraWorld Ltd. All rights reserved 42 • Go to Advanced tab > Security • Check the box besides – Enable Integrated Windows Authentication Internet Explorer
  • 43. Browser Configuration www.OraWorld.co.uk 43 Copyright © 2015, OraWorld Ltd. All rights reserved 43 Internet Explorer
  • 44. Browser Configuration www.OraWorld.co.uk 44 Copyright © 2015, OraWorld Ltd. All rights reserved 44 • Go to Security > Local Intranet > Custom Level • Select Automatic logon only in Intranet zone • Restart Internet Explorer Internet Explorer
  • 45. Browser Configuration www.OraWorld.co.uk 45 Copyright © 2015, OraWorld Ltd. All rights reserved 45 Internet Explorer
  • 46. Browser Configuration www.OraWorld.co.uk 46 Copyright © 2015, OraWorld Ltd. All rights reserved 46 • Google Chrome uses the Internet Explorer settings. Chrome
  • 47. Browser Configuration www.OraWorld.co.uk 47 Copyright © 2015, OraWorld Ltd. All rights reserved 47 • about:config • Set network.negotiate-auth.trusted-uris to OAMHOST.DOMAIN. Firefox
  • 48. Browser Configuration www.OraWorld.co.uk 48 Copyright © 2015, OraWorld Ltd. All rights reserved 48 Firefox
  • 49. WNA Testing www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 49 • Demo Viewlet Link • https://www.youtube.com/watch?v=C-HKAN2InyY
  • 50. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 50
  • 51. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 51 OAM Server Log. <11-Jun-2015 13:03:12 o'clock BST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to /u01/app/oracle/middleware/user_projects/domains/iam_domain/servers/oam_server1/logs/oam_server1.log00059. Log messages will continue to be logged in /u01/app/oracle/middleware/user_projects/domains/iam_domain/servers/oam_server1/logs/oam_server1.log.> >>> KeyTabInputStream, readName(): OWAD.LOCAL >>> KeyTabInputStream, readName(): HTTP >>> KeyTabInputStream, readName(): oraworld.com >>> KeyTab: load() entry length: 63; type: 23 Added key: 23version: 3 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23. 0: EncryptionKey: keyType=23 kvno=3 keyValue (hex dump)= 0000: 1D 1B 11 7A 1D B4 0D C2 41 F7 83 8B 08 3A 6B 9D ...z....A....:k.
  • 52. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 52 http://oraworld.com:7777/secured/index.html GET /secured/index.html HTTP/1.1 Host: oraworld.com:7777 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 302 Found Date: Mon, 29 Jun 2015 11:48:49 GMT Server: Oracle-Application-Server-11g Set-Cookie: OAMAuthnHintCookie=0@1435578529; httponly; path=/; domain=.com Set-Cookie: OAMRequestContext_oraworld.com:7777_505353=PSSttVqN64gXBgIbzgp8jA==;max-age=300; httponly; path=/ Location: http://oraworld.com:14100/oam/server/obrareq.cgi?encquery%3DxjRnrPN5vUi8FDE0h2Os3fXf <Trimmed> Content-Length: 652 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1
  • 53. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 53 http://oraworld.com:14100/oam/server/obrareq.cgi?encquery%<Trimmed> GET /oam/server/obrareq.cgi?encquery%3DxjRn<Trimmed>HTTP/1.1 Host: oraworld.com:14100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAMRequestContext_oraworld.com:7777_505353=PSSttVqN64gXBgIbzgp8jA== Connection: keep-alive HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 29 Jun 2015 11:48:49 GMT Transfer-Encoding: chunked Location: http://oraworld.com:14100/oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foa m%2FCredCollectServlet%2FWNA&request_id=- 276341910699531784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Finde x.html Set-Cookie: OAM_REQ_0=VERSION_4~ugKPHSCILJo%<Trimmed>; path=/; HttpOnly Set-Cookie: OAM_REQ_COUNT=VERSION_4~1; path=/; HttpOnly X-ORACLE-DMS-ECID: 74645cb114abea27:-3751213f:14dfcde14b8:-8000-0000000000029fd1
  • 54. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 54 http://oraworld.com:14100/oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2F CredCollectServlet%2FWNA&request_id=- 276341910699531784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Finde x.html GET /oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2FCredCollectServlet%2 FWNA&request_id=- 276341910699531784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Finde x.html HTTP/1.1 Host: oraworld.com:14100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAMRequestContext_oraworld.com:7777_505353=<Trimmed>OAM_REQ_COUNT=VERSION_4~1 Connection: keep-alive HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store Date: Mon, 29 Jun 2015 11:48:50 GMT Pragma: no-cache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: 0 WWW-Authenticate: Negotiate WWW-Authenticate: Basic realm="OAM 11g"
  • 55. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 55 http://oraworld.com:14100/oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2F CredCollectServlet%2FWNA&request_id=- 23&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Findex.html GET /oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2FCredCollectServlet%2FWNA &request_id=-27784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com777%252Fsecured?Findex.html HTTP/1.1 Host: oraworld.com:14100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Cookie: OAMRequestContext_oraworld.com:7777_50<Trimmed>LJeWMsd; OAM_REQ_COUNT=VERSION_4~1 Connection: keep-alive Authorization: Negotiate YIIGlgYGKwYBBQUCoIIGijCCBoagMDA<Trimmed>== HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 29 Jun 2015 11:48:50 GMT Transfer-Encoding: chunked Location: http://oraworld.com:7777/obrar.cgi?encreply=<Trimmed> Set-Cookie: OAM_ID=VERSION_4~SrAPo4Sh9v3M<Trimmed>; path=/; HttpOnly Set-Cookie: OAM_GITO=v1~uid:Wnauser1r&<Trimmed>c-oraworld.c&; path=/; HttpOnly; expires=Thu, 01-Jan-1970 01:00:00 GMT Set-Cookie: OAM_REQ_0=invalid; path=/; HttpOnly X-ORACLE-DMS-ECID: 74645cb114abea27:-3751213f:14dfcde14b8:-8000-0000000000029fd6
  • 56. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 56
  • 57. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 57 http://oraworld.com:7777/obrar.cgi?encreply=<Trimmed> GET /obrar.cgi?encreply=<Trimmed>k%3D HTTP/1.1 Host: oraworld.com:7777 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAMRequestContext_oraworld.com:7777_505353=PSSt<Trimmed>rr2SMpNMOF2B/DbQk3/N1Ua1onzJ Connection: keep-alive HTTP/1.1 302 Found Date: Mon, 29 Jun 2015 11:48:52 GMT Server: Oracle-Application-Server-11g Set-Cookie: OAMRequestContext_oraworld.com:7777_505353=;expires=thursday, 01-jan-1970 01:00:00 gmt; httponly; path=/ Set-Cookie: OAMAuthnCookie_oraworld.com:7777=<Trimmed>%3D;httponly; path=/ Set-Cookie: OAMAuthnHintCookie=X; httponly; path=/ Location: /secured/index.html Content-Length: 230 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1
  • 58. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 58 http://oraworld.com:7777/secured/index.html GET /secured/index.html HTTP/1.1 Host: oraworld.com:7777 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAM_REQ_0=invalid; OAM_REQ_COUNT=VERSION_4~1; OAM_ID=VERSION_4~SrAPo4Sh9v3Mz9YtR0IUJQ==~<Trimmed<; OAMAuthnHintCookie=X Connection: keep-alive HTTP/1.1 200 OK Date: Mon, 29 Jun 2015 11:48:52 GMT Server: Oracle-Application-Server-11g Set-Cookie: OAMAuthnHintCookie=;expires=thursday, 01-jan-1970 01:00:00 gmt; httponly; path=/ Set-Cookie: OAMAuthnHintCookie=1; httponly; path=/; domain=.com Cache-Control: no-cache Pragma: no-cache Last-Modified: Tue, 23 Jun 2015 19:07:39 GMT Etag: "bc06de-3cd-519341a9c54c0” Accept-Ranges: bytes Content-Length: 973 Connection: Keep-Alive Content-Type: text/html Content-Language: en
  • 59. • NTLM versus Kerberos - SPNEGO token can contain either NTLM or Kerberos token depending on the Windows client capabilities. All pre–Windows 2000 clients use NTLM. AD domains by default support “mixed” mode. - If Kerberos fails, the client falls back to NTLM. - HTTP header logger or Fiddler are best to diagnose this. Browser logging can also help. • Clock Skew Errors - Synchronize clocks on both your OAM Server and the AD server . 59 59 www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved Lessons Learnt
  • 60. • Error: - kinit(v5): Key table entry not found while getting initial credentials - kinit(v5): Preauthentication failed while getting initial credentials - kinit(v5): KDC reply did not match expectations while getting initial credentials • PROTOCOL and DOMAIN NAME are always in CAPITAL LETTERS. • hostname and username are always in lower case. 60 60 www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved Lessons Learnt
  • 61. • Configuring Access Manager for Windows Native Authentication OAM 11g WNA Step by Step Setup Guide (Doc ID 1416860.1) • WNA Basics • WNA for multiple AD forest. • Oracle Access Manager 11g WNA Quick Start Guide (Doc ID 1416903.1) • http://tools.ietf.org/html/rfc4559 • Trouble Shooting OAM 11g WNA Issues Quick Start Guide (Doc ID 1433554.1) • Blogs: Enable Logging & Lessons Learnt • Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 61 References
  • 62. QnA www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 62