Friday, February 14, 2014

Configure Design Console to Use SSL

Version: Oracle Identity Manager 11g
Description: This post will show you how to setup SSL for designconsole.
Prerequisite:  Ensure SSL listen Port for OIM is enabled.

1. Log into WebLogic Administration console.
2. Navigate to Servers -> OIM_SERVER.
3. Check mark SSL Listen Port Enabled and restart OIM server.


1. Copy webserviceclient+ssl.jar and cryptoj.jar, both located in "$WL_HOME/server/lib", to "$MW_HOME/Oracle_IDM1/designconsole/ext".

2. Set TRUSTSTORE_LOCATION environment variable in the bash profile. In WebLogic Administration console, navigate to Servers -> OIM_SERVER -> Keystores to see the location of your Demo Trust Keystore. 

TRUSTSTORE_LOCATION=/home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/DemoTrust.jks
export TRUSTSTORE_LOCATION

3. Inside the "$MW_HOME/Oracle_IDM1/designconsole/config/xlconfig.xml" file, edit the <ApplicationURL> and <java.naming.provider.url> entries to use HTTPS, T3S protocol, and SSL port. An example of the xlconfig.xml file is given below.

<?xml version="1.0" encoding="utf-8"?>
<xl-configuration>
    <!-- 
        Type of the application server being used. 
        Use jboss, weblogic or websphere
    -->
    <appServerName>weblogic</appServerName>    
    <!--
            Used for loading workflow renderer
    -->
    <ApplicationURL>https://localhost:14001/xlWebApp/loginWorkflowRenderer.do</ApplicationURL>    
    <!--
        Discovery settings are used to find other xellerate components.
        
        CoreServer : How to find core server.  This is where the APIs and the
            DataObjectBeans for the java client are installed.
        BackOffice : Settings to be used to find where messaging components
            are installed.
        Scheduler  : These settings are used to find scheduler.
        
        java.naming.provider.url
        WebLogic:  t3://host:7001
        JBoss:     jnp://host:1099  (Clustered default: 1100)
        WebSphere: corbaloc:iiop:host:2809
        
        java.naming.factory.initial
        WebLogic:  weblogic.jndi.WLInitialContextFactory
        JBoss:     org.jnp.interfaces.NamingContextFactory
        WebSphere: com.ibm.websphere.naming.WsnInitialContextFactory        
    -->
    <Discovery>
        <CoreServer>
            <java.naming.provider.url>t3s://localhost:14001/oim</java.naming.provider.url>
            <java.naming.factory.initial>weblogic.jndi.WLInitialContextFactory</java.naming.factory.initial>
        </CoreServer>
    </Discovery> 
     
      <!--  
        Value of MultiCastAddress needs to same as OIM server
     -->
     
    <Cache>
        <XLCacheProvider>
            <MultiCastAddress>231.121.212.133</MultiCastAddress>
        </XLCacheProvider>
    </Cache>
    
</xl-configuration>

4. Consider adding the following arguments inside the "$MW_HOME/Oracle_IDM1/designconsole/xlclient.sh" script: 

   #Turn off SSL Constraints
   -Dweblogic.security.SSL.enforceConstraints=off \ 

   #Turn off Host Name Verification
   -Dweblogic.security.SSL.ignoreHostnameVerification=true \

   #Turn off default Random Number Generator
   -Dweblogic.security.allowCryptoJDefaultPRNG=true \

   #Debug the SSL Parameters
   -Dssl.debug=true \
   -Dweblogic.StdoutDebugEnabled=true \
Posted by at
Labels: ,

1 comment:

  1. MythiliAugust 25, 2016 at 4:26 AM

    Thanks a lot for this... I was having huge problem for long time with SSL configuration... this definitely helped me resolve the problem with my first trial here :) Thanks again...

    ReplyDelete

Subscribe to: Post Comments (Atom)