Friday, February 14, 2014

Configure Design Console to Use SSL

Version: Oracle Identity Manager 11g
Description: This post will show you how to setup SSL for designconsole.
Prerequisite:  Ensure SSL listen Port for OIM is enabled.

1. Log into WebLogic Administration console.
2. Navigate to Servers -> OIM_SERVER.
3. Check mark SSL Listen Port Enabled and restart OIM server.


1. Copy webserviceclient+ssl.jar and cryptoj.jar, both located in "$WL_HOME/server/lib", to "$MW_HOME/Oracle_IDM1/designconsole/ext".

2. Set TRUSTSTORE_LOCATION environment variable in the bash profile. In WebLogic Administration console, navigate to Servers -> OIM_SERVER -> Keystores to see the location of your Demo Trust Keystore.

?
1
TRUSTSTORE_LOCATION=/home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/DemoTrust.jks
?
1
export TRUSTSTORE_LOCATION

3. Inside the "$MW_HOME/Oracle_IDM1/designconsole/config/xlconfig.xml" file, edit the <ApplicationURL> and <java.naming.provider.url> entries to use HTTPS, T3S protocol, and SSL port. An example of the xlconfig.xml file is given below.

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?xml version="1.0" encoding="utf-8"?>
<xl-configuration>
    <!--
        Type of the application server being used.
        Use jboss, weblogic or websphere
    -->
    <appServerName>weblogic</appServerName>   
    <!--
            Used for loading workflow renderer
    -->
    <ApplicationURL>https://localhost:14001/xlWebApp/loginWorkflowRenderer.do</ApplicationURL>   
    <!--
        Discovery settings are used to find other xellerate components.
         
        CoreServer : How to find core server.  This is where the APIs and the
            DataObjectBeans for the java client are installed.
        BackOffice : Settings to be used to find where messaging components
            are installed.
        Scheduler  : These settings are used to find scheduler.
         
        java.naming.provider.url
        WebLogic:  t3://host:7001
        JBoss:     jnp://host:1099  (Clustered default: 1100)
        WebSphere: corbaloc:iiop:host:2809
         
        java.naming.factory.initial
        WebLogic:  weblogic.jndi.WLInitialContextFactory
        JBoss:     org.jnp.interfaces.NamingContextFactory
        WebSphere: com.ibm.websphere.naming.WsnInitialContextFactory       
    -->
    <Discovery>
        <CoreServer>
            <java.naming.provider.url>t3s://localhost:14001/oim</java.naming.provider.url>
            <java.naming.factory.initial>weblogic.jndi.WLInitialContextFactory</java.naming.factory.initial>
        </CoreServer>
    </Discovery>
      
      <!-- 
        Value of MultiCastAddress needs to same as OIM server
     -->
      
    <Cache>
        <XLCacheProvider>
            <MultiCastAddress>231.121.212.133</MultiCastAddress>
        </XLCacheProvider>
    </Cache>
     
</xl-configuration>

4. Consider adding the following arguments inside the "$MW_HOME/Oracle_IDM1/designconsole/xlclient.sh" script:

?
1
2
3
4
5
6
7
8
9
10
11
12
   #Turn off SSL Constraints
   -Dweblogic.security.SSL.enforceConstraints=off \
 
   #Turn off Host Name Verification
   -Dweblogic.security.SSL.ignoreHostnameVerification=true \
 
   #Turn off default Random Number Generator
   -Dweblogic.security.allowCryptoJDefaultPRNG=true \
 
   #Debug the SSL Parameters
   -Dssl.debug=true \
   -Dweblogic.StdoutDebugEnabled=true \
Posted by at
Labels: ,

1 comment:

  1. MythiliAugust 25, 2016 at 4:26 AM

    Thanks a lot for this... I was having huge problem for long time with SSL configuration... this definitely helped me resolve the problem with my first trial here :) Thanks again...

    ReplyDelete

Subscribe to: Post Comments (Atom)