Thursday, December 16, 2010
A lot of people have been asking me lately about how Oracle Access Manager (OAM) 11g integrates with WebLogic. The answer is very straight forward. OAM 11g integrates with WebLogic using the very same components used to integrate OAM 10.1.4.3. Under most circumstances, that means using the OAM Identity Asserter (the same one used with OAM 10.1.4.3) which asserts the OAM_REMOTE_USER header as the user principal in the JAAS subject. This is used in conjunction with an authentication provider (usually an LDAP provider) which looks up the user in the identity store and builds the rest of the subject based on the group memberships of the user.
You can read more details about integrating OAM and WLS here: http://fusionsecurity.blogspot.com/2010/01/integrating-oracle-access-manager-oam.html
Again, it is important to fully understand how to use the OAM Identity Asserter in a secure solution. I talked about the security of the Identity Asserter a while ago in this post: http://fusionsecurity.blogspot.com/2010/04/security-clarification-oam-identity.html