One of the additional configuration options for the authentication of the product is to implement a Single Sign On solution or implement client certificates. Whilst most of the configuration for these features is performed in the Single Sign On product and/or J2EE Application Server, the Oracle Utilities Application Framework has to be configured to use that facility.
In most cases, to use these facilities the login configuration for the product has to be changed from FORM or BASIC to CLIENT-CERT. This informs the product that the credentials will be passed directly from the J2EE Application Server (via the Single Sign On solution, security providers or via client certificates).
To make this change the following process must be performed:
- Logon to the machine that houses the environment to change as the product administrator.
- Take a copy of the web.xml.template to cm.web.xml.template in the same directory the original is located (in Oracle Utilities Application Framework V2.x it is located in the etc directory of the environment; in Oracle Utilities Application Framework V4.x it is located in the templates directory). This will inform the Oracle Utilities Application Framework to use this new template instead of the base template.
- Edit the cm.web.xml.template file and replace the login-config section with a section configuring the CLIENT-CERT configuration. For example:
Replace:
<login-config>
<auth-method>@WEB_WLAUTHMETHOD@</auth-method>
<form-login-config>
<form-login-page>@WEB_FORM_LOGIN_PAGE@</form-login-page>
<form-error-page>@WEB_FORM_LOGIN_ERROR_PAGE@</form-error-page>
</form-login-config>
</login-config>
With:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
Note: For Oracle Utilities Application Framework V4.x customers this may need to be repeated for the templates for AppViewer (web.xml.appViewer.template) and online help (web.xml.help.template) if you wish to include those components in the same solution.
- Ensure the environment is shutdown prior to implementing any changes.
- Execute the initialSetup[.sh] utility to implement the changes and rebuild the EAR files.
Note: As the web.xml file has been changed and EAR file rebuilt, customers using native mode will have to redeploy the SPLWeb application to reflect the change.
- Optionally, changes can be verified by viewing the web.xml files generated under the etc\conf subdirectory.
- Restart the product.
The product now is configured to use the CLIENT-CERT option.