By default, Oracle Access Manager uses the Embedded LDAP in the WebLogic Server instance on which OAM is running is as the user identity store. However, a number of other external LDAP repositories can also be configured as user identity store. After installing and configuring Oracle Access Management, you can configure your own LDAP to use instead of the default embedded LDAP.This post explains the steps to Configure OID as Primary Identity Store in OAM11G R2 PS2.
Configure OID as Primary Identity Store in OAM11G R2 PS2
Follow the below steps to configure OID as primary identity store in OAM11G R2 PS2 .
1. Make sure that OID server is up and running .
2. Login to OAM server and locate the
oam-config.xml file in the following path: Middleware_Home/user_projects/domains/<domain_name>/config/fmwconfig/oam-config.xml . take a backup of oam-config.xml file.
3. Create a user called oamadmin and group Administrator in OID and assign the user oamadmin to Administrator group. This user will be used to login to oamconsole.
4. Login to oamconsole. Navigate to Configuration-> User Identity Stores
5. Click on Create to create new User Identity Store
6. Enter all the parameters as shown in the below ,
|Parameter Name||Parameter Values|
|Store Type||OID: Oracle Internet Directory|
|User Search Base||cn=Users,dc=oracle,dc=com|
|Group Name Attribute||cn|
|Group Search Base||dc=oracle,dc=com|
7.Click on Test Connection to validate the connection parameters you entered is correct. If so click on Apply to save the User Identity Store settings.
8. Go to Default and System Store section and select OID as Default Store and System Store . Under Access System Administrators tab , click on + icon.
9. Select Admin User or/and group for accessing OAM Console. The user selected will be used to login to oamconsole after OID is configured as System Store and Default Store.
Select oamadmin and Adminstrator group created in OID.
10 . Click on Apply to confirm and in the next screen click OK.
11. Confirmation page will be displayed.
12. Navigate to Access Manager – > Authentication Module.
13. From the list select LDAP .
14. Select OID as User Identity Store
15. Click on Apply . Confirmation message will be displayed.
16. Login to weblogic console . Navigate to Security Realms -> myrealm-> Providers tab
17 . Click on New to create a new Authentication Provider.
18. Enter Name as OIDAuthenticator and OracleInternetDirectoryAuthenticator
19 . Click on OK to create the OID Authenticator
19. In the Authentication Providers table, click on Reorder and move OIDAuthenticator to second place and change the control flags of OIDAuthenticator and Default Authenticator to SUFFICIENT.
20 . Click on OIDAuthenticator and go to Provider Specific tab
21. Update all the parameters as shown in the screenshot below and click on Save.
22. Restart OAM Admin server and OAM Managed Server.
23. After restart , you can login to oamconsole with oamadmin user.