SlideShare a Scribd company logo

SSO With APEX and ADFS the weblogic way

Download as PPTX, PDF
M
makker_nl

This document provides instructions for configuring single sign-on between an Apex application, Oracle REST Data Services (ORDS), WebLogic, and Microsoft Active Directory Federation Services (ADFS). The 9 step process includes: 1) installing prerequisite software, 2) creating certificates, 3) modifying the ORDS WAR file, 4) configuring the SAML identity asserter in WebLogic, 5) configuring the SAML service provider, 6) configuring general SAML settings, 7) creating the SAML identity provider in ADFS, 8) configuring the identity mapper, and 9) setting the Apex authentication scheme. Tips are provided regarding certificates, the wallet, and ensuring compatibility between WebLogic and ADFS

1 of 47
DARWIN IT-PROFESSIONALS IT Driven Evolution Single Sign-On withApex andADFS the WebLogic Way Martien van den Akker 2019
martien.van.den.akker@darwin-it.nl @Makker_nl Who I am copyright ©2019 Darwin IT-Professionals B.V. 2
Introduction Architecture Prerequisites Steps Tips, Tricks and Thoughts 1 2 3 4 6 Agenda 7 5 copyright ©2019 Darwin IT-Professionals B.V. 3
DarwinIT-Professionals INTRODUCTION copyright ©2019 Darwin IT-Professionals B.V. 4
Introduction– Why? • Projects – WebLogic and SurfConext using SAML2.0 (2014 on 11g, and 2017 on 12c) – Apex and ADFS, using WebLogic/ORDS and SAML2.0 (2017 & 2018) • SAML2.0 allows for Single Sign On in Federated environments copyright ©2019 Darwin IT-Professionals B.V. 5
Security AssertionMarkupLanguage (SAML) • SAML: XML based standard for exchange of authentication and authorization data between parties: – Identity Provider, e.g. SurfConext or ADFS – Service Provider • IdP sends Security Assertions to SP that contains info – Is principal authenticated? – What roles does the principal have? • SAML 2.0 became an OASIS Standard in March 2005 • WebLogic 11g+ has proper, but basic, support for SAML1 and 2.0 copyright ©2019 Darwin IT-Professionals B.V. 6
SAMLandWebLogic • SAML between WebLogic and ADFS works schematically as follows: copyright ©2019 Darwin IT-Professionals B.V. Service Provider Identity Provider (ADFS) WebLogic Security Service Browser Assertion Consumer Service WebLogic Server Protected Resource ORDS 4 Login Page 2 No Token detected Security Service Single Sign-On Service 1 User requests Page 5 User submits login 3 User redirected to IdP ADFS Provides SAML 2.0 token6 7 Requested Page returned 7
Authenticationvs. Authorisation • Authentication: process to identify the user -> Who is this user? • Authorisation: process to determine the access rights of identified user -> Is this user allowed to access this page? • APEX supports several authentication schemes: – Application Express Accounts – Custom Authentication – Database Accounts – HTTP Header Variable – LDAP Directory Verification • WebLogic adds authentication capabilities to Apex copyright ©2019 Darwin IT-Professionals B.V. – No Authentication (using DAD) – Open Door Credentials – Oracle Application Server SSO Server – Social sign in (since 18.1) Allows for authentication outside of Apex: sounds great! 8
Introduction– What is ORDS? • Oracle REST Data Services (ORDS) – Develop REST interfaces for relation data in Oracle Database – Maps HTTP(s) verbs (GET, POST, PUT, DELETE) to db transactions, returning JSON – Included with Oracle Database and SQL Developer • Supported to run in – WebLogic – Tomcat – Glassfish – Or as stand alone application with Jetty in embedded mode • Can function as ‘Apex Listener’ copyright ©2019 Darwin IT-Professionals B.V. 9
Apex Authorisation • Apex authorisation is strictly separated from authentication • For Authorisation the application must map users or roles to page grants • Therefor application needs to ‘know’ the users and/or roles copyright ©2019 Darwin IT-Professionals B.V. 10
Introduction Architecture Prerequisites Steps Tips, Tricks and Thoughts 1 2 3 4 6 Agenda 7 5 copyright ©2019 Darwin IT-Professionals B.V. 11
DarwinIT-Professionals ARCHITECTURE: LAYOUT OHS, WEBLOGIC, ORDS, APEX AND ADFS copyright ©2019 Darwin IT-Professionals B.V. 12
Internet DataCenterDeMilitarized Zone Oracle 12c Database Simple Architecture copyright ©2019 Darwin IT-Professionals B.V. APEX Oracle HTTP Server 12c ORDS FKA Apex Listener Standalone or on AppServer Firewall FirewallBrowser Reversed Proxy 13
Internet DataCenterDeMilitarized Zone Oracle 12c Database Apex User Directory More ‘Enterprise-like’Architecture copyright ©2019 Darwin IT-Professionals B.V. APEX Oracle HTTP Server 12c WebLogic 12c Service Provider Firewall FirewallBrowser Reversed Proxy ORDS WebLogic 12c AdminServer Microsoft Active Directory Federation Services SAML 2.0 14
Introduction Architecture Prerequisites Steps Tips, Tricks and Thoughts 1 2 3 4 6 Agenda 7 5 copyright ©2019 Darwin IT-Professionals B.V. 15
DarwinIT-Professionals PREREQUISITES FOR SAML2.0 BASED AUTHENTICATION WITH APEX+WLS+ADFS copyright ©2019 Darwin IT-Professionals B.V. 16
Prerequisites • Certificates for Reversed Proxy and WebLogic – Think about the CN/host names and possible Subject Alternative Names – WebLogic expects a Keystore, generate CSR from Keystore – Auto-login wallet (first create a JKS and import it into the wallet) • DNS configuration on the CN and SANs • It helps if Rev Proxy server can reach the WebLogic server vv. • Firewall and network configuration done properly • Access from Internet copyright ©2019 Darwin IT-Professionals B.V. 17
Ingredients • A working APEX installation/application • A reversed proxy with WebLogic Proxy plugin, preferably Oracle HTTP Server, but Apache and IIS will do • WebLogic 12c • ORDS • ADFS configured (and supported…) • A certificate signing procedure copyright ©2019 Darwin IT-Professionals B.V. 18
Introduction Architecture Prerequisites Steps Tips, Tricks and Thoughts 1 2 3 4 6 Agenda 7 5 copyright ©2019 Darwin IT-Professionals B.V. 19
DarwinIT-Professionals INSTALLATION AND CONFIGURATION STEPS copyright ©2019 Darwin IT-Professionals B.V. 20
Installationand Configurationsteps 21copyright ©2019 Darwin IT-Professionals B.V. 1: Install and configure software (Weblogic, OHS, etc.) 2: Create & Sign Certificates for OHS and Weblogic 3: Modify and deploy ords.war to Weblogic 4: Add SAML2 Identity Asserter 5: Configure SAML2 Service Provider 6: Configure & SAML2.0 General 7: Create SSO IdP 8: Identity Mapper 9: Set Apex Authentication Scheme Weblogic SAML2 configuration
Step 1a: Installsoftware • Install OHS 12c on Reversed Proxy Server – Configure OHS 12c Standalone Domain – Configure “Nodemanager as a Service” – Create Start & Stop scripts • Install WebLogic 12c on Application Server Host – Configure Domain – Configure “Nodemanager as a Service” – Create Start & Stop scripts copyright ©2019 Darwin IT-Professionals B.V. 22
Step 1b:Install ORDS • Install ORDS 3.0.9+ (currently 19.1) on WebLogic Host – Perform an in place install, following the wizards using one of: – This creates database connection configuration files. No datasources on WLS are used… – Copy apex images to an images folder in the ords home: – Create an i.war using: – i.war is a simple webapp that creates a folder mapping for WebLogic and Glassfish copyright ©2019 Darwin IT-Professionals B.V. java -jar ords.war static <ords directory>images java -jar ords.war install java -jar ords.war install advanced 23
Step 2: Create Certificates • Create Certificate Signing requests for OHS and WLS – Keystore for WLS and another one as base for OHS wallet • Have Certificates signed • Import Root Certificates and Certificates • Create Truststore with Roots and Public Keys • Set Custom Identity and Trust Keystores in WLS • Use ORAPKI to create an auto_login wallet in: • Import OHS keystore in wallet copyright ©2019 Darwin IT-Professionals B.V. ${DOMAIN_HOME}/config/fmwconfig/components/OHS/instances/ohs1/keystores/default Convenient: already configured in ssl.conf 24
Step 3a: Modifyords.war • ORDS (ords.war) doesn’t do authentication: Apex does it by itself, normally. • But ords.war needs to hand it over to WebLogic • To do so web.xml and WebLogic.xml need to be adapted – <security-constraint> on <url-pattern>/f/*</url-pattern> – <auth-method> BASIC on <realm-name> myrealm – <security-role> <role-name> Anonymous, with role assignment in webLogic.xml • Repackage ords.war with updated descriptors copyright ©2019 Darwin IT-Professionals B.V. 25
Step 3a: web.xml copyright ©2019 Darwin IT-Professionals B.V. <security-constraint> <web-resource-collection> <web-resource-name>SecurePages</web-resource-name> <description>These pages are only accessible by authorized users.</description> <url-pattern>/f/*</url-pattern> </web-resource-collection> <auth-constraint> <description>These are the roles who have access.</description> <role-name>Anonymous</role-name> </auth-constraint> <user-data-constraint> <description>This is how the user data must be transmitted.</description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>myrealm</realm-name> </login-config> <security-role> <role-name>Anonymous</role-name> </security-role> 26
Step 3a: weblogic.xml copyright ©2019 Darwin IT-Professionals B.V. <weblogic-web-app xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.6/weblogic-web-app.xsd"> <!-- Weblogic 12c --> <container-descriptor> <prefer-web-inf-classes>true</prefer-web-inf-classes> </container-descriptor> <session-descriptor> <persistent-store-type>replicated_if_clustered</persistent-store-type> </session-descriptor> <security-role-assignment> <!--<role-name>valid-users</role-name> --> <role-name>Anonymous</role-name> <principal-name>users</principal-name> </security-role-assignment> <context-root>/ords</context-root> </weblogic-web-app> 27
Step 3b:Deploy ords.war andi.warto WLS • Install ords.war and i.war as an application, using Custom Roles copyright ©2019 Darwin IT-Professionals B.V. 28
Step 4: Add SAML2 Identity Asserter • Add a SAML2Identity Asserter • Bounce the Domain (Admin + SP Server) • This enables Federation Services tabs in Server Config copyright ©2019 Darwin IT-Professionals B.V. 29
Step 5: Configure SAML2 Service Provider • On Managed Server – Check ‘Enabled’ – Preferred Binding: POST – Default URL: accessible URL copyright ©2019 Darwin IT-Professionals B.V. 30
Step 6a: Configure SAML2.0 General • Fill in the contact properties • Published Site URL: WebLogic expects /saml2 as URI – Servlet to listen for Assertions from IdP • EntityID: ADFS expects a connectable URL • Recipient Check Enabled: uncheck • Provide SSO Key Alias and Passphrase from JKS copyright ©2019 Darwin IT-Professionals B.V. 31
Step 6b:PublishSAMLMetadata • Restart Server • Publish Meta Data – WebLogic saves this as a xml file – Save it with a standard filename to a standard folder – Create and deploy SamlMetaData.war based on i.war with a folder mapping – Provide resulting URL (folder mapping + MetaData file name) to ADFS copyright ©2019 Darwin IT-Professionals B.V. https://blog.darwin-it.nl/2018/02/weblogic-12c-saml2-publish-your.html 32
Step 7: Create SSO IdP • Navigate to SAML2IdentityAsserter • Create a “Web Single Sign-On Identity Provider Partner” • Remove SP parts from ADFS Metadata file (see blog) • Import resulting file copyright ©2019 Darwin IT-Professionals B.V. 33
Step 7b:EditSSOIdP Edit the created SAML_SSO_ADFS • Enable it • Provide a description • And provide a redirect url – For APEX this should be /ords/f copyright ©2019 Darwin IT-Professionals B.V. 34
Step 8: Identity Mapper • The Identity of the principle needs to be filtered from the SAML Token • This is done using an Identity Mapper • Deploy WLSSamlIdentityMapper.jar file in ${DOMAIN_HOME}/lib • Add it to the classpath in setUserOverrides.sh/.cmd (bounce domain!) • Set it on the class in the SAML_SSO_ADFS IdP: copyright ©2019 Darwin IT-Professionals B.V. https://blog.darwin-it.nl/2017/05/single-sign-on-for-apex-with-adfs-with.html 35
Step 9: Set Apex AuthenticationScheme copyright ©2019 Darwin IT-Professionals B.V. • In Apex Set Authentication Scheme to Header Variable After Login 1 2 3 36
Finalconsiderations • WebLogic needs to know that it is (reversed) proxied – Set WebLogic Proxy Plugin to yes – Also set frontend host/port • In OHS use PathTrim/PathPrepend to get ‘nice URLs’: – add /ords/f in URL – Redirect something like /MyServiceAppSaml2 to /saml2 (WebLogic listens on /saml2 for Assertions, see Published Site URL) copyright ©2019 Darwin IT-Professionals B.V. 37
Introduction Architecture Prerequisites Steps Tips, Tricks and Thoughts 1 2 3 4 6 Agenda 7 5 copyright ©2019 Darwin IT-Professionals B.V. 38
DarwinIT-Professionals TIPS, TRICKS AND THOUGHTS copyright ©2019 Darwin IT-Professionals B.V. 39
Thoughts aboutCertificates • I prefer using a Java Keystore also as a base for wallet – WebLogic expects a Keystore, OHS a wallet that can be created from JKS. – JKS expect key-pairs: private keys can’t be imported so obviously – Create CSR from JKS and have that signed: assures importability • MS ADFS brings you to the Windows world: people may be surprised that things aren’t “that obvious” in the java world • Certificates as delivered can’t always be imported easily in JKS: you have to use tools like Keytool, ORAPKI, and OpenSSL copyright ©2019 Darwin IT-Professionals B.V. 40
Wallet • Default location • Pre 12.2.1.3 can be placed in FMW home for instance. • OHS 12.2.1.3 apparently expects it in default location, for instance: copyright ©2019 Darwin IT-Professionals B.V. ${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/ ${COMPONENT_NAME}/keystores/default ${DOMAIN_HOME}/config/fmwconfig/components/OHS/instances/ohs1/keystores/default 41
WebLogic and ADFS • Pre 12.2.1.3 WebLogic apparently had difficulties with SHA-256 signed Assertions. ADFS was configured to use SHA-1. • This has been solved in 12.2.1.3, so ADFS SHA-256 is ok now • Make sure ADFS provides the right ‘Claims’in the token: – urn:mace:dir:attribute-def:uid – NameID (expected by WebLogic) – May need to test and adapt the IdentityMapper class for your situation • ADFS expects TLS v1.0, OHS defaults to TLSv1.2, so adapt ssl.conf: copyright ©2019 Darwin IT-Professionals B.V. SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 42
SpecialOHSRoutings – ExtraRequirement copyright ©2019 Darwin IT-Professionals B.V. 43
SpecialOHSRoutings – VirtualHost • Customer required that requests from http://portal.customer.nl should route to Weblogic/SSO, but all other routes to Tomcat. • VirtualHost definition in ssl.conf, so you can’t select on server name. • SNI: Server Name Indication could help. Apache supports SNI since, 2.2.12. Oracle HTTP 12.2.1.3 is based on Apache 4.5 • But, in this case a deployment plan is used to redeploy ORDS in weblogic on another context-root (apex in stead of ords). Then route on base of URI. copyright ©2019 Darwin IT-Professionals B.V. https://en.wikipedia.org/wiki/Server_Name_Indication https://docs.oracle.com/middleware/1221/webtier/administer-ohs/whats_new.htm#CHDJJAEC 44
Links • My First blog on WebLogic 11g and SAML2 – https://blog.darwin-it.nl/2014/04/service-provider-initiated-sso-on.html • Apex, ORDS & ADFS findings on SAML2 and WebLogic 12c: – http://blog.darwin-it.nl/2017/05/single-sign-on-for-apex-with-adfs-with.html • How to redirect URLs for the /saml2 Servlet and /ords/f URI’s – http://blog.darwin-it.nl/2017/05/http-server-redirects-for-WebLogic-12c.html • URL Rewrite to have a ‘nice’ application URL (without /ords/f) – http://blog.darwin-it.nl/2017/06/ohs-url-rewrite.html • A basic one on WebLogic and ADFS – https://blogs.oracle.com/blogbypuneeth/steps-to-configure-saml-sso-with-adfs-as-idp-and-WebLogic-server- as-sp • Publish metadata over URL – https://blog.darwin-it.nl/2018/02/weblogic-12c-saml2-publish-your.html • About weblogic and SHA-1/SHA-256 signing of SAML requests/responses – https://blog.darwin-it.nl/2019/06/weblogic-12213-signs-saml2-requests-and.html copyright ©2019 Darwin IT-Professionals B.V. 45
DarwinIT-Professionals THANK YOU FOR YOUR ATTENDANCE, PATIENCE AND ATTENTION copyright ©2019 Darwin IT-Professionals B.V. 46
Q & A copyright ©2019 Darwin IT-Professionals B.V. 47

Recommended

20180605 sso with apex and adfs the weblogic way
20180605 sso with apex and adfs the weblogic way20180605 sso with apex and adfs the weblogic way
20180605 sso with apex and adfs the weblogic way
makker_nl
 
Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?
Ludovico Caldara
 
Fetch API Talk
Fetch API TalkFetch API Talk
Fetch API Talk
Chiamaka Nwolisa
 
What Is React | ReactJS Tutorial for Beginners | ReactJS Training | Edureka
What Is React | ReactJS Tutorial for Beginners | ReactJS Training | EdurekaWhat Is React | ReactJS Tutorial for Beginners | ReactJS Training | Edureka
What Is React | ReactJS Tutorial for Beginners | ReactJS Training | Edureka
Edureka!
 
Spring cheat sheet
Spring cheat sheetSpring cheat sheet
Spring cheat sheet
Mark Papis
 
Quarkus k8s
Quarkus k8sQuarkus k8s
Quarkus k8s
Georgios Andrianakis
 
Oracle Fleet Patching and Provisioning Deep Dive Webcast Slides
Oracle Fleet Patching and Provisioning Deep Dive Webcast SlidesOracle Fleet Patching and Provisioning Deep Dive Webcast Slides
Oracle Fleet Patching and Provisioning Deep Dive Webcast Slides
Ludovico Caldara
 
Migrating with Debezium
Migrating with DebeziumMigrating with Debezium
Migrating with Debezium
Mike Fowler
 

Recommended

20180605 sso with apex and adfs the weblogic way
20180605 sso with apex and adfs the weblogic way20180605 sso with apex and adfs the weblogic way
20180605 sso with apex and adfs the weblogic way
makker_nl
 
Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?
Ludovico Caldara
 
Fetch API Talk
Fetch API TalkFetch API Talk
Fetch API Talk
Chiamaka Nwolisa
 
What Is React | ReactJS Tutorial for Beginners | ReactJS Training | Edureka
What Is React | ReactJS Tutorial for Beginners | ReactJS Training | EdurekaWhat Is React | ReactJS Tutorial for Beginners | ReactJS Training | Edureka
What Is React | ReactJS Tutorial for Beginners | ReactJS Training | Edureka
Edureka!
 
Spring cheat sheet
Spring cheat sheetSpring cheat sheet
Spring cheat sheet
Mark Papis
 
Quarkus k8s
Quarkus k8sQuarkus k8s
Quarkus k8s
Georgios Andrianakis
 
Oracle Fleet Patching and Provisioning Deep Dive Webcast Slides
Oracle Fleet Patching and Provisioning Deep Dive Webcast SlidesOracle Fleet Patching and Provisioning Deep Dive Webcast Slides
Oracle Fleet Patching and Provisioning Deep Dive Webcast Slides
Ludovico Caldara
 
Migrating with Debezium
Migrating with DebeziumMigrating with Debezium
Migrating with Debezium
Mike Fowler
 
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Edureka!
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring Boot
Kashif Ali Siddiqui
 
Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best Practices
Bobby Curtis
 
MySQL Load Balancers - Maxscale, ProxySQL, HAProxy, MySQL Router & nginx - A ...
MySQL Load Balancers - Maxscale, ProxySQL, HAProxy, MySQL Router & nginx - A ...MySQL Load Balancers - Maxscale, ProxySQL, HAProxy, MySQL Router & nginx - A ...
MySQL Load Balancers - Maxscale, ProxySQL, HAProxy, MySQL Router & nginx - A ...
Severalnines
 
Overview SQL Server 2019
Overview SQL Server 2019Overview SQL Server 2019
Overview SQL Server 2019
Juan Fabian
 
Cloud Native Days Korea 2019 - kakao's k8s_as_a_service
Cloud Native Days Korea 2019 - kakao's k8s_as_a_serviceCloud Native Days Korea 2019 - kakao's k8s_as_a_service
Cloud Native Days Korea 2019 - kakao's k8s_as_a_service
Dennis Hong
 
Mysql security 5.7
Mysql security 5.7 Mysql security 5.7
Mysql security 5.7
Mark Swarbrick
 
Spring Framework - AOP
Spring Framework - AOPSpring Framework - AOP
Spring Framework - AOP
Dzmitry Naskou
 
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Nelson Calero
 
ProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdf
ProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdfProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdf
ProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdf
Jesmar Cannao'
 
Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)
Niels de Bruijn
 
ProxySQL in the Cloud
ProxySQL in the CloudProxySQL in the Cloud
ProxySQL in the Cloud
René Cannaò
 
Intro ProxySQL
Intro ProxySQLIntro ProxySQL
Intro ProxySQL
I Goo Lee
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험
NHN FORWARD
 
Oracle Database 12c : Multitenant
Oracle Database 12c : MultitenantOracle Database 12c : Multitenant
Oracle Database 12c : Multitenant
Digicomp Academy Suisse Romande SA
 
WebAssembly Overview
WebAssembly OverviewWebAssembly Overview
WebAssembly Overview
Alexandr Skachkov
 
REST-API overview / concepts
REST-API overview / conceptsREST-API overview / concepts
REST-API overview / concepts
Patrick Savalle
 
Node.Js: Basics Concepts and Introduction
Node.Js: Basics Concepts and Introduction Node.Js: Basics Concepts and Introduction
Node.Js: Basics Concepts and Introduction
Kanika Gera
 
Reactive Streams: Handling Data-Flow the Reactive Way
Reactive Streams: Handling Data-Flow the Reactive WayReactive Streams: Handling Data-Flow the Reactive Way
Reactive Streams: Handling Data-Flow the Reactive Way
Roland Kuhn
 
Error Management Features of PL/SQL
Error Management Features of PL/SQLError Management Features of PL/SQL
Error Management Features of PL/SQL
Steven Feuerstein
 
Oracle database 12c_and_DevOps
Oracle database 12c_and_DevOpsOracle database 12c_and_DevOps
Oracle database 12c_and_DevOps
Maria Colgan
 
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
VMware Tanzu
 

More Related Content

What's hot

Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Edureka!
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring Boot
Kashif Ali Siddiqui
 
Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best Practices
Bobby Curtis
 
MySQL Load Balancers - Maxscale, ProxySQL, HAProxy, MySQL Router & nginx - A ...
MySQL Load Balancers - Maxscale, ProxySQL, HAProxy, MySQL Router & nginx - A ...MySQL Load Balancers - Maxscale, ProxySQL, HAProxy, MySQL Router & nginx - A ...
MySQL Load Balancers - Maxscale, ProxySQL, HAProxy, MySQL Router & nginx - A ...
Severalnines
 
Overview SQL Server 2019
Overview SQL Server 2019Overview SQL Server 2019
Overview SQL Server 2019
Juan Fabian
 
Cloud Native Days Korea 2019 - kakao's k8s_as_a_service
Cloud Native Days Korea 2019 - kakao's k8s_as_a_serviceCloud Native Days Korea 2019 - kakao's k8s_as_a_service
Cloud Native Days Korea 2019 - kakao's k8s_as_a_service
Dennis Hong
 
Mysql security 5.7
Mysql security 5.7 Mysql security 5.7
Mysql security 5.7
Mark Swarbrick
 
Spring Framework - AOP
Spring Framework - AOPSpring Framework - AOP
Spring Framework - AOP
Dzmitry Naskou
 
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Nelson Calero
 
ProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdf
ProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdfProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdf
ProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdf
Jesmar Cannao'
 
Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)
Niels de Bruijn
 
ProxySQL in the Cloud
ProxySQL in the CloudProxySQL in the Cloud
ProxySQL in the Cloud
René Cannaò
 
Intro ProxySQL
Intro ProxySQLIntro ProxySQL
Intro ProxySQL
I Goo Lee
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험
NHN FORWARD
 
Oracle Database 12c : Multitenant
Oracle Database 12c : MultitenantOracle Database 12c : Multitenant
Oracle Database 12c : Multitenant
Digicomp Academy Suisse Romande SA
 
WebAssembly Overview
WebAssembly OverviewWebAssembly Overview
WebAssembly Overview
Alexandr Skachkov
 
REST-API overview / concepts
REST-API overview / conceptsREST-API overview / concepts
REST-API overview / concepts
Patrick Savalle
 
Node.Js: Basics Concepts and Introduction
Node.Js: Basics Concepts and Introduction Node.Js: Basics Concepts and Introduction
Node.Js: Basics Concepts and Introduction
Kanika Gera
 
Reactive Streams: Handling Data-Flow the Reactive Way
Reactive Streams: Handling Data-Flow the Reactive WayReactive Streams: Handling Data-Flow the Reactive Way
Reactive Streams: Handling Data-Flow the Reactive Way
Roland Kuhn
 
Error Management Features of PL/SQL
Error Management Features of PL/SQLError Management Features of PL/SQL
Error Management Features of PL/SQL
Steven Feuerstein
 

What's hot (20)

Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring BootUnderstanding MicroSERVICE Architecture with Java & Spring Boot
Understanding MicroSERVICE Architecture with Java & Spring Boot
 
Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best Practices
 
MySQL Load Balancers - Maxscale, ProxySQL, HAProxy, MySQL Router & nginx - A ...
MySQL Load Balancers - Maxscale, ProxySQL, HAProxy, MySQL Router & nginx - A ...MySQL Load Balancers - Maxscale, ProxySQL, HAProxy, MySQL Router & nginx - A ...
MySQL Load Balancers - Maxscale, ProxySQL, HAProxy, MySQL Router & nginx - A ...
 
Overview SQL Server 2019
Overview SQL Server 2019Overview SQL Server 2019
Overview SQL Server 2019
 
Cloud Native Days Korea 2019 - kakao's k8s_as_a_service
Cloud Native Days Korea 2019 - kakao's k8s_as_a_serviceCloud Native Days Korea 2019 - kakao's k8s_as_a_service
Cloud Native Days Korea 2019 - kakao's k8s_as_a_service
 
Mysql security 5.7
Mysql security 5.7 Mysql security 5.7
Mysql security 5.7
 
Spring Framework - AOP
Spring Framework - AOPSpring Framework - AOP
Spring Framework - AOP
 
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
Automate Oracle database patches and upgrades using Fleet Provisioning and Pa...
 
ProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdf
ProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdfProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdf
ProxySQL and the Tricks Up Its Sleeve - Percona Live 2022.pdf
 
Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)
 
ProxySQL in the Cloud
ProxySQL in the CloudProxySQL in the Cloud
ProxySQL in the Cloud
 
Intro ProxySQL
Intro ProxySQLIntro ProxySQL
Intro ProxySQL
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험
 
Oracle Database 12c : Multitenant
Oracle Database 12c : MultitenantOracle Database 12c : Multitenant
Oracle Database 12c : Multitenant
 
WebAssembly Overview
WebAssembly OverviewWebAssembly Overview
WebAssembly Overview
 
REST-API overview / concepts
REST-API overview / conceptsREST-API overview / concepts
REST-API overview / concepts
 
Node.Js: Basics Concepts and Introduction
Node.Js: Basics Concepts and Introduction Node.Js: Basics Concepts and Introduction
Node.Js: Basics Concepts and Introduction
 
Reactive Streams: Handling Data-Flow the Reactive Way
Reactive Streams: Handling Data-Flow the Reactive WayReactive Streams: Handling Data-Flow the Reactive Way
Reactive Streams: Handling Data-Flow the Reactive Way
 
Error Management Features of PL/SQL
Error Management Features of PL/SQLError Management Features of PL/SQL
Error Management Features of PL/SQL
 

Similar to SSO With APEX and ADFS the weblogic way

Oracle database 12c_and_DevOps
Oracle database 12c_and_DevOpsOracle database 12c_and_DevOps
Oracle database 12c_and_DevOps
Maria Colgan
 
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
VMware Tanzu
 
20191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 220191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 2
makker_nl
 
Simplify DevOps with Microservices and Mobile Backends.pptx
Simplify DevOps with Microservices and Mobile Backends.pptxSimplify DevOps with Microservices and Mobile Backends.pptx
Simplify DevOps with Microservices and Mobile Backends.pptx
ssuser5faa791
 
DevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDKDevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDK
Crocodile WebRTC SDK and Cloud Signalling Network
 
Sitecore on containers and AKS
Sitecore on containers and AKSSitecore on containers and AKS
Sitecore on containers and AKS
Bart Plasmeijer
 
The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)
Simon Haslam
 
Oracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18cOracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18c
AiougVizagChapter
 
Oracle SOA Cloud - Skanska Customer Journey
Oracle SOA Cloud - Skanska Customer JourneyOracle SOA Cloud - Skanska Customer Journey
Oracle SOA Cloud - Skanska Customer Journey
Simon Haslam
 
Running Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS CloudRunning Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS Cloud
Amazon Web Services
 
Oracle SOA Suite Everywhere
Oracle SOA Suite EverywhereOracle SOA Suite Everywhere
Oracle SOA Suite Everywhere
Rupesh Das
 
Securing your Applications for the Cloud Age
Securing your Applications for the Cloud AgeSecuring your Applications for the Cloud Age
Securing your Applications for the Cloud Age
Artur Alves
 
Oracle Blockchain Platform
Oracle Blockchain PlatformOracle Blockchain Platform
Oracle Blockchain Platform
Juarez Junior
 
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
Nik Patel
 
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Cisco DevNet
 
Oracle GoldenGate on Docker
Oracle GoldenGate on DockerOracle GoldenGate on Docker
Oracle GoldenGate on Docker
Bobby Curtis
 
The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)
Simon Haslam
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
DataWorks Summit
 
WebSocket Perspectives and Vision for the Future
WebSocket Perspectives and Vision for the FutureWebSocket Perspectives and Vision for the Future
WebSocket Perspectives and Vision for the Future
Frank Greco
 

Similar to SSO With APEX and ADFS the weblogic way (20)

Oracle database 12c_and_DevOps
Oracle database 12c_and_DevOpsOracle database 12c_and_DevOps
Oracle database 12c_and_DevOps
 
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
Creating Polyglot Communication Between Kubernetes Clusters and Legacy System...
 
20191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 220191201 kubernetes managed weblogic revival - part 2
20191201 kubernetes managed weblogic revival - part 2
 
Simplify DevOps with Microservices and Mobile Backends.pptx
Simplify DevOps with Microservices and Mobile Backends.pptxSimplify DevOps with Microservices and Mobile Backends.pptx
Simplify DevOps with Microservices and Mobile Backends.pptx
 
DevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDKDevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDK
 
Sitecore on containers and AKS
Sitecore on containers and AKSSitecore on containers and AKS
Sitecore on containers and AKS
 
The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)The Kubernetes WebLogic revival (part 2)
The Kubernetes WebLogic revival (part 2)
 
Oracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18cOracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18c
 
Oracle SOA Cloud - Skanska Customer Journey
Oracle SOA Cloud - Skanska Customer JourneyOracle SOA Cloud - Skanska Customer Journey
Oracle SOA Cloud - Skanska Customer Journey
 
Running Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS CloudRunning Business-Critical Applications on the AWS Cloud
Running Business-Critical Applications on the AWS Cloud
 
Oracle SOA Suite Everywhere
Oracle SOA Suite EverywhereOracle SOA Suite Everywhere
Oracle SOA Suite Everywhere
 
Securing your Applications for the Cloud Age
Securing your Applications for the Cloud AgeSecuring your Applications for the Cloud Age
Securing your Applications for the Cloud Age
 
Oracle Blockchain Platform
Oracle Blockchain PlatformOracle Blockchain Platform
Oracle Blockchain Platform
 
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
 
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
 
Oracle GoldenGate on Docker
Oracle GoldenGate on DockerOracle GoldenGate on Docker
Oracle GoldenGate on Docker
 
Soa And Web Services Security
Soa And Web Services SecuritySoa And Web Services Security
Soa And Web Services Security
 
The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)The Kubernetes WebLogic revival (part 1)
The Kubernetes WebLogic revival (part 1)
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
 
WebSocket Perspectives and Vision for the Future
WebSocket Perspectives and Vision for the FutureWebSocket Perspectives and Vision for the Future
WebSocket Perspectives and Vision for the Future
 

Recently uploaded

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 

Recently uploaded (20)

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 

SSO With APEX and ADFS the weblogic way

  • 1. DARWIN IT-PROFESSIONALS IT Driven Evolution Single Sign-On withApex andADFS the WebLogic Way Martien van den Akker 2019
  • 2. martien.van.den.akker@darwin-it.nl @Makker_nl Who I am copyright ©2019 Darwin IT-Professionals B.V. 2
  • 3. Introduction Architecture Prerequisites Steps Tips, Tricks and Thoughts 1 2 3 4 6 Agenda 7 5 copyright ©2019 Darwin IT-Professionals B.V. 3
  • 5. Introduction– Why? • Projects – WebLogic and SurfConext using SAML2.0 (2014 on 11g, and 2017 on 12c) – Apex and ADFS, using WebLogic/ORDS and SAML2.0 (2017 & 2018) • SAML2.0 allows for Single Sign On in Federated environments copyright ©2019 Darwin IT-Professionals B.V. 5
  • 6. Security AssertionMarkupLanguage (SAML) • SAML: XML based standard for exchange of authentication and authorization data between parties: – Identity Provider, e.g. SurfConext or ADFS – Service Provider • IdP sends Security Assertions to SP that contains info – Is principal authenticated? – What roles does the principal have? • SAML 2.0 became an OASIS Standard in March 2005 • WebLogic 11g+ has proper, but basic, support for SAML1 and 2.0 copyright ©2019 Darwin IT-Professionals B.V. 6
  • 7. SAMLandWebLogic • SAML between WebLogic and ADFS works schematically as follows: copyright ©2019 Darwin IT-Professionals B.V. Service Provider Identity Provider (ADFS) WebLogic Security Service Browser Assertion Consumer Service WebLogic Server Protected Resource ORDS 4 Login Page 2 No Token detected Security Service Single Sign-On Service 1 User requests Page 5 User submits login 3 User redirected to IdP ADFS Provides SAML 2.0 token6 7 Requested Page returned 7
  • 8. Authenticationvs. Authorisation • Authentication: process to identify the user -> Who is this user? • Authorisation: process to determine the access rights of identified user -> Is this user allowed to access this page? • APEX supports several authentication schemes: – Application Express Accounts – Custom Authentication – Database Accounts – HTTP Header Variable – LDAP Directory Verification • WebLogic adds authentication capabilities to Apex copyright ©2019 Darwin IT-Professionals B.V. – No Authentication (using DAD) – Open Door Credentials – Oracle Application Server SSO Server – Social sign in (since 18.1) Allows for authentication outside of Apex: sounds great! 8
  • 9. Introduction– What is ORDS? • Oracle REST Data Services (ORDS) – Develop REST interfaces for relation data in Oracle Database – Maps HTTP(s) verbs (GET, POST, PUT, DELETE) to db transactions, returning JSON – Included with Oracle Database and SQL Developer • Supported to run in – WebLogic – Tomcat – Glassfish – Or as stand alone application with Jetty in embedded mode • Can function as ‘Apex Listener’ copyright ©2019 Darwin IT-Professionals B.V. 9
  • 10. Apex Authorisation • Apex authorisation is strictly separated from authentication • For Authorisation the application must map users or roles to page grants • Therefor application needs to ‘know’ the users and/or roles copyright ©2019 Darwin IT-Professionals B.V. 10
  • 11. Introduction Architecture Prerequisites Steps Tips, Tricks and Thoughts 1 2 3 4 6 Agenda 7 5 copyright ©2019 Darwin IT-Professionals B.V. 11
  • 12. DarwinIT-Professionals ARCHITECTURE: LAYOUT OHS, WEBLOGIC, ORDS, APEX AND ADFS copyright ©2019 Darwin IT-Professionals B.V. 12
  • 13. Internet DataCenterDeMilitarized Zone Oracle 12c Database Simple Architecture copyright ©2019 Darwin IT-Professionals B.V. APEX Oracle HTTP Server 12c ORDS FKA Apex Listener Standalone or on AppServer Firewall FirewallBrowser Reversed Proxy 13
  • 14. Internet DataCenterDeMilitarized Zone Oracle 12c Database Apex User Directory More ‘Enterprise-like’Architecture copyright ©2019 Darwin IT-Professionals B.V. APEX Oracle HTTP Server 12c WebLogic 12c Service Provider Firewall FirewallBrowser Reversed Proxy ORDS WebLogic 12c AdminServer Microsoft Active Directory Federation Services SAML 2.0 14
  • 15. Introduction Architecture Prerequisites Steps Tips, Tricks and Thoughts 1 2 3 4 6 Agenda 7 5 copyright ©2019 Darwin IT-Professionals B.V. 15
  • 16. DarwinIT-Professionals PREREQUISITES FOR SAML2.0 BASED AUTHENTICATION WITH APEX+WLS+ADFS copyright ©2019 Darwin IT-Professionals B.V. 16
  • 17. Prerequisites • Certificates for Reversed Proxy and WebLogic – Think about the CN/host names and possible Subject Alternative Names – WebLogic expects a Keystore, generate CSR from Keystore – Auto-login wallet (first create a JKS and import it into the wallet) • DNS configuration on the CN and SANs • It helps if Rev Proxy server can reach the WebLogic server vv. • Firewall and network configuration done properly • Access from Internet copyright ©2019 Darwin IT-Professionals B.V. 17
  • 18. Ingredients • A working APEX installation/application • A reversed proxy with WebLogic Proxy plugin, preferably Oracle HTTP Server, but Apache and IIS will do • WebLogic 12c • ORDS • ADFS configured (and supported…) • A certificate signing procedure copyright ©2019 Darwin IT-Professionals B.V. 18
  • 19. Introduction Architecture Prerequisites Steps Tips, Tricks and Thoughts 1 2 3 4 6 Agenda 7 5 copyright ©2019 Darwin IT-Professionals B.V. 19
  • 20. DarwinIT-Professionals INSTALLATION AND CONFIGURATION STEPS copyright ©2019 Darwin IT-Professionals B.V. 20
  • 21. Installationand Configurationsteps 21copyright ©2019 Darwin IT-Professionals B.V. 1: Install and configure software (Weblogic, OHS, etc.) 2: Create & Sign Certificates for OHS and Weblogic 3: Modify and deploy ords.war to Weblogic 4: Add SAML2 Identity Asserter 5: Configure SAML2 Service Provider 6: Configure & SAML2.0 General 7: Create SSO IdP 8: Identity Mapper 9: Set Apex Authentication Scheme Weblogic SAML2 configuration
  • 22. Step 1a: Installsoftware • Install OHS 12c on Reversed Proxy Server – Configure OHS 12c Standalone Domain – Configure “Nodemanager as a Service” – Create Start & Stop scripts • Install WebLogic 12c on Application Server Host – Configure Domain – Configure “Nodemanager as a Service” – Create Start & Stop scripts copyright ©2019 Darwin IT-Professionals B.V. 22
  • 23. Step 1b:Install ORDS • Install ORDS 3.0.9+ (currently 19.1) on WebLogic Host – Perform an in place install, following the wizards using one of: – This creates database connection configuration files. No datasources on WLS are used… – Copy apex images to an images folder in the ords home: – Create an i.war using: – i.war is a simple webapp that creates a folder mapping for WebLogic and Glassfish copyright ©2019 Darwin IT-Professionals B.V. java -jar ords.war static <ords directory>images java -jar ords.war install java -jar ords.war install advanced 23
  • 24. Step 2: Create Certificates • Create Certificate Signing requests for OHS and WLS – Keystore for WLS and another one as base for OHS wallet • Have Certificates signed • Import Root Certificates and Certificates • Create Truststore with Roots and Public Keys • Set Custom Identity and Trust Keystores in WLS • Use ORAPKI to create an auto_login wallet in: • Import OHS keystore in wallet copyright ©2019 Darwin IT-Professionals B.V. ${DOMAIN_HOME}/config/fmwconfig/components/OHS/instances/ohs1/keystores/default Convenient: already configured in ssl.conf 24
  • 25. Step 3a: Modifyords.war • ORDS (ords.war) doesn’t do authentication: Apex does it by itself, normally. • But ords.war needs to hand it over to WebLogic • To do so web.xml and WebLogic.xml need to be adapted – <security-constraint> on <url-pattern>/f/*</url-pattern> – <auth-method> BASIC on <realm-name> myrealm – <security-role> <role-name> Anonymous, with role assignment in webLogic.xml • Repackage ords.war with updated descriptors copyright ©2019 Darwin IT-Professionals B.V. 25
  • 26. Step 3a: web.xml copyright ©2019 Darwin IT-Professionals B.V. <security-constraint> <web-resource-collection> <web-resource-name>SecurePages</web-resource-name> <description>These pages are only accessible by authorized users.</description> <url-pattern>/f/*</url-pattern> </web-resource-collection> <auth-constraint> <description>These are the roles who have access.</description> <role-name>Anonymous</role-name> </auth-constraint> <user-data-constraint> <description>This is how the user data must be transmitted.</description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>myrealm</realm-name> </login-config> <security-role> <role-name>Anonymous</role-name> </security-role> 26
  • 27. Step 3a: weblogic.xml copyright ©2019 Darwin IT-Professionals B.V. <weblogic-web-app xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.6/weblogic-web-app.xsd"> <!-- Weblogic 12c --> <container-descriptor> <prefer-web-inf-classes>true</prefer-web-inf-classes> </container-descriptor> <session-descriptor> <persistent-store-type>replicated_if_clustered</persistent-store-type> </session-descriptor> <security-role-assignment> <!--<role-name>valid-users</role-name> --> <role-name>Anonymous</role-name> <principal-name>users</principal-name> </security-role-assignment> <context-root>/ords</context-root> </weblogic-web-app> 27
  • 28. Step 3b:Deploy ords.war andi.warto WLS • Install ords.war and i.war as an application, using Custom Roles copyright ©2019 Darwin IT-Professionals B.V. 28
  • 29. Step 4: Add SAML2 Identity Asserter • Add a SAML2Identity Asserter • Bounce the Domain (Admin + SP Server) • This enables Federation Services tabs in Server Config copyright ©2019 Darwin IT-Professionals B.V. 29
  • 30. Step 5: Configure SAML2 Service Provider • On Managed Server – Check ‘Enabled’ – Preferred Binding: POST – Default URL: accessible URL copyright ©2019 Darwin IT-Professionals B.V. 30
  • 31. Step 6a: Configure SAML2.0 General • Fill in the contact properties • Published Site URL: WebLogic expects /saml2 as URI – Servlet to listen for Assertions from IdP • EntityID: ADFS expects a connectable URL • Recipient Check Enabled: uncheck • Provide SSO Key Alias and Passphrase from JKS copyright ©2019 Darwin IT-Professionals B.V. 31
  • 32. Step 6b:PublishSAMLMetadata • Restart Server • Publish Meta Data – WebLogic saves this as a xml file – Save it with a standard filename to a standard folder – Create and deploy SamlMetaData.war based on i.war with a folder mapping – Provide resulting URL (folder mapping + MetaData file name) to ADFS copyright ©2019 Darwin IT-Professionals B.V. https://blog.darwin-it.nl/2018/02/weblogic-12c-saml2-publish-your.html 32
  • 33. Step 7: Create SSO IdP • Navigate to SAML2IdentityAsserter • Create a “Web Single Sign-On Identity Provider Partner” • Remove SP parts from ADFS Metadata file (see blog) • Import resulting file copyright ©2019 Darwin IT-Professionals B.V. 33
  • 34. Step 7b:EditSSOIdP Edit the created SAML_SSO_ADFS • Enable it • Provide a description • And provide a redirect url – For APEX this should be /ords/f copyright ©2019 Darwin IT-Professionals B.V. 34
  • 35. Step 8: Identity Mapper • The Identity of the principle needs to be filtered from the SAML Token • This is done using an Identity Mapper • Deploy WLSSamlIdentityMapper.jar file in ${DOMAIN_HOME}/lib • Add it to the classpath in setUserOverrides.sh/.cmd (bounce domain!) • Set it on the class in the SAML_SSO_ADFS IdP: copyright ©2019 Darwin IT-Professionals B.V. https://blog.darwin-it.nl/2017/05/single-sign-on-for-apex-with-adfs-with.html 35
  • 36. Step 9: Set Apex AuthenticationScheme copyright ©2019 Darwin IT-Professionals B.V. • In Apex Set Authentication Scheme to Header Variable After Login 1 2 3 36
  • 37. Finalconsiderations • WebLogic needs to know that it is (reversed) proxied – Set WebLogic Proxy Plugin to yes – Also set frontend host/port • In OHS use PathTrim/PathPrepend to get ‘nice URLs’: – add /ords/f in URL – Redirect something like /MyServiceAppSaml2 to /saml2 (WebLogic listens on /saml2 for Assertions, see Published Site URL) copyright ©2019 Darwin IT-Professionals B.V. 37
  • 38. Introduction Architecture Prerequisites Steps Tips, Tricks and Thoughts 1 2 3 4 6 Agenda 7 5 copyright ©2019 Darwin IT-Professionals B.V. 38
  • 39. DarwinIT-Professionals TIPS, TRICKS AND THOUGHTS copyright ©2019 Darwin IT-Professionals B.V. 39
  • 40. Thoughts aboutCertificates • I prefer using a Java Keystore also as a base for wallet – WebLogic expects a Keystore, OHS a wallet that can be created from JKS. – JKS expect key-pairs: private keys can’t be imported so obviously – Create CSR from JKS and have that signed: assures importability • MS ADFS brings you to the Windows world: people may be surprised that things aren’t “that obvious” in the java world • Certificates as delivered can’t always be imported easily in JKS: you have to use tools like Keytool, ORAPKI, and OpenSSL copyright ©2019 Darwin IT-Professionals B.V. 40
  • 41. Wallet • Default location • Pre 12.2.1.3 can be placed in FMW home for instance. • OHS 12.2.1.3 apparently expects it in default location, for instance: copyright ©2019 Darwin IT-Professionals B.V. ${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/ ${COMPONENT_NAME}/keystores/default ${DOMAIN_HOME}/config/fmwconfig/components/OHS/instances/ohs1/keystores/default 41
  • 42. WebLogic and ADFS • Pre 12.2.1.3 WebLogic apparently had difficulties with SHA-256 signed Assertions. ADFS was configured to use SHA-1. • This has been solved in 12.2.1.3, so ADFS SHA-256 is ok now • Make sure ADFS provides the right ‘Claims’in the token: – urn:mace:dir:attribute-def:uid – NameID (expected by WebLogic) – May need to test and adapt the IdentityMapper class for your situation • ADFS expects TLS v1.0, OHS defaults to TLSv1.2, so adapt ssl.conf: copyright ©2019 Darwin IT-Professionals B.V. SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 42
  • 43. SpecialOHSRoutings – ExtraRequirement copyright ©2019 Darwin IT-Professionals B.V. 43
  • 44. SpecialOHSRoutings – VirtualHost • Customer required that requests from http://portal.customer.nl should route to Weblogic/SSO, but all other routes to Tomcat. • VirtualHost definition in ssl.conf, so you can’t select on server name. • SNI: Server Name Indication could help. Apache supports SNI since, 2.2.12. Oracle HTTP 12.2.1.3 is based on Apache 4.5 • But, in this case a deployment plan is used to redeploy ORDS in weblogic on another context-root (apex in stead of ords). Then route on base of URI. copyright ©2019 Darwin IT-Professionals B.V. https://en.wikipedia.org/wiki/Server_Name_Indication https://docs.oracle.com/middleware/1221/webtier/administer-ohs/whats_new.htm#CHDJJAEC 44
  • 45. Links • My First blog on WebLogic 11g and SAML2 – https://blog.darwin-it.nl/2014/04/service-provider-initiated-sso-on.html • Apex, ORDS & ADFS findings on SAML2 and WebLogic 12c: – http://blog.darwin-it.nl/2017/05/single-sign-on-for-apex-with-adfs-with.html • How to redirect URLs for the /saml2 Servlet and /ords/f URI’s – http://blog.darwin-it.nl/2017/05/http-server-redirects-for-WebLogic-12c.html • URL Rewrite to have a ‘nice’ application URL (without /ords/f) – http://blog.darwin-it.nl/2017/06/ohs-url-rewrite.html • A basic one on WebLogic and ADFS – https://blogs.oracle.com/blogbypuneeth/steps-to-configure-saml-sso-with-adfs-as-idp-and-WebLogic-server- as-sp • Publish metadata over URL – https://blog.darwin-it.nl/2018/02/weblogic-12c-saml2-publish-your.html • About weblogic and SHA-1/SHA-256 signing of SAML requests/responses – https://blog.darwin-it.nl/2019/06/weblogic-12213-signs-saml2-requests-and.html copyright ©2019 Darwin IT-Professionals B.V. 45
  • 46. DarwinIT-Professionals THANK YOU FOR YOUR ATTENDANCE, PATIENCE AND ATTENTION copyright ©2019 Darwin IT-Professionals B.V. 46
  • 47. Q & A copyright ©2019 Darwin IT-Professionals B.V. 47