Matter faced during integration project

Wednesday, March 30, 2011

enable LDAP over SSL (LDAPS) in OC4J

To enable LDAP over SSL in OC4J, the certificate use by the LDAP server must be imported in the LDAP client. More specificaly it will be imported into the default keystore used for the JVM. The steps to do that are:

1.
Upload the certificate (mycert.cer) to your server

2.
Connect to your server and go to directory:
PATH_TO_ORACLE_INSTALL/ias/product/asmt_10131/jdk/jre/lib/security


3.
Import the certificate: keytool -import -keystore cacerts -alias myAlias -file /home/j_smith/sgsroot.cer



4.
By default the password for the keystore is changeit

5.
Accept the import and this is it, certificate has been added to the keystore

6.
Then in OC4J you need to set LDAPS instead of LDAP and probably mention the correct port.
At this point do not try to press the "Test LDAP Authorization" button as it will not work.

Thursday, February 17, 2011

Using AD authentication with OC4J within Oracle Enterprise Manager

Here are the steps to authenticate a WAR application using AD.

1. Setup your file WEB-INF/web.xml in your web application with settings similar to above:


2. As I set the group name in web.xml to be the one on the Active Directory, I don't need to edit/add the file META-INF/orion-application.xml. In case you need, you do it with settings similar to above:


3. Deploy your application to your Oracle Enterprise Manager

4. Logon to your Oracle Enterprise Manager, select the applications you want to secure, select administration, select Security Provider, click Change Security Provider and select "Oracle Security Provider for 3rd Party LDAP Server"
Then the setup I used are the following:


you can note that we used LDAPS, that is LDAP over SSL. if you use this option too then you need to add the certificate used to secure your LDAP to your JVM keystore.
Then note that you will not be able to test your connection through the "Test LDAP Authorization" button. It will always respond false.

5.You would then need to restart your application.