Oracle Insurance Policy Administration Configuration of SAML 1.1 Between OIPA and OIDC

Similar documents
Copyright 1998, 2009, Oracle and/or its affiliates. All rights reserved.

Set Up Rules Palette

New Features in Primavera Professional 15.2

Oracle Enterprise Single Sign-on Logon Manager How-To: Configuring ESSO-LM Event Logging with Microsoft SQL Server 2005 Release

Oracle Fusion Middleware

Oracle Fusion Middleware. 1 Oracle Team Productivity Center Server System Requirements. 2 Installing the Oracle Team Productivity Center Server

Oracle Insurance Rules Palette

Oracle Enterprise Manager

1 Understanding the Cross Reference Facility

JavaFX. JavaFX System Requirements Release E

Uploading Files Using File Drag and Drop

SSL Configuration on WebSphere Oracle FLEXCUBE Universal Banking Release [February] [2016]

Overview of the Plug-In. Versions Supported

JD Edwards EnterpriseOne Licensing

Oracle Fusion Middleware

PeopleSoft Fluid Icon Standards

Oracle Information Rights Management Oracle IRM Windows Authentication Extension Guide 10gR3 August 2008

Oracle Insurance Policy Administration. Version


About Configuring Oracle Access Manager

Defining Constants and Variables for Oracle Java CAPS Environments

Deploying Oracle FLEXCUBE Application on WebLogic Oracle FLEXCUBE Universal Banking Release [September] [2013] Part No.

Overview of the Plug-In. Versions Supported. Deploying the Plug-In

New Features in Primavera P6 16.2

JavaFX. JavaFX System Requirements Release E

Module Code Entries Utility Oracle FLEXCUBE Universal Banking Release [December] [2016]

Installer Troubleshooting Oracle FLEXCUBE Universal Banking Release [October] [2015]

PeopleSoft Fluid Required Fields Standards

Oracle Insurance. Implementing a. Release 5.6

Oracle Hospitality OPERA Exchange Interface Cloud Authentication. October 2017

This section includes information on important Oracle Healthcare Data Model installation and configuration details. 1.1 Obtain and Apply IP Patch

Oracle Web Service Manager Implementation Guide Oracle FLEXCUBE Universal Banking Release [April] [2014]

BAA Oracle EBS R12.1 isupplier Portal Created on 11/26/2012 3:18:00 PM

Opera Browser Settings Oracle FLEXCUBE Release [May] [2017]

General Security Principles

Oracle Governance, Risk and Compliance Controls. Deployment with WebLogic Release 8.6.0

Apple Safari Settings Oracle FLEXCUBE Release [May] [2017]

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Hardware and Software Configuration

Oracle Fusion Middleware. 1 Contents. 2 Where to Find Oracle WebLogic Tuxedo Connector Samples. 3 Configuring the Oracle WebLogic Tuxedo Connector

Oracle Hospitality Suite8 Export to Outlook User Manual Release 8.9. July 2015

Oracle Tuxedo Mainframe Adapter for SNA

Security Guide Release 4.0

Primavera Portfolio Management Reporting Views for SQL Server databases

Microsoft Active Directory Plug-in User s Guide Release

Oracle Utilities Work and Asset Management

Oracle Enterprise Manager

Oracle Cloud Using the Eventbrite Adapter with Oracle Integration

Oracle Fusion Middleware

Start Oracle Health Insurance Back Office. Reading, Writing and Authorizing Oracle Health Insurance Application Files. version 1.2

Oracle Utilities Mobile Workforce Management

Oracle Enterprise Manager

OKM Key Management Appliance

Oracle Hospitality Cruise Shipboard Property Management System Topaz Signature Device Installation Guide Release 8.00 E

Oracle WebCenter Portal. Starting Points for Oracle WebCenter Portal Installation

JD Edwards EnterpriseOne. Overview. Prerequisites. Web Client for ipad Quick Start Guide Release 8.98 Update 4, Service Pack 5

Deploying Oracle FLEXCUBE Application on WebSphere Oracle FLEXCUBE Universal Banking Release [December] [2016]

Oracle Database Firewall. 1 Downloading the Latest Version of This Document. 2 Known Issues. Release Notes Release 5.

Oracle Utilities Opower Solution Extension Partner SSO

Modeling Network Integrity Release 7.3.1

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Creating vservers 12c Release 1 ( )

Oracle. Field Service Cloud Using Android and ios Mobile Applications 18B

Oracle Banking Channels Bank User Base

Reports DSN Entries Utility Oracle FLEXCUBE Universal Banking Release [May] [2018]

Introduction to Auto Service Request

Customer Service Training Activities Created on 10/10/2011 3:33:00 PM. FSU Service Center. Quick Reference Guide v.

Oracle Enterprise Manager. Description. Versions Supported

Oracle OpenSSO E

Importing an SNA Custom Handshake Class

What s New for Cloud at Customer What's New for the Cloud Services on Oracle Cloud at Customer New Documentation for Oracle Cloud at Customer

Oracle Banking Digital Experience

Oracle Endeca Commerce Compatibility Matrix

Oracle Cloud What's New for Oracle WebCenter Portal Cloud Service

What s New for Oracle Cloud Stack Manager. Topics: July Oracle Cloud. What's New for Oracle Cloud Stack Release

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

Oracle FLEXCUBE OBIEE Reports Oracle FLEXCUBE Universal Banking Release [December] [2016]

Taleo Enterprise Deep Linking Configuration Guide Release 17

SSL Configuration Oracle Banking Liquidity Management Release [April] [2017]

Oracle Cloud Using the Google Calendar Adapter with Oracle Integration

2 Understanding the Discovery Mechanism

Oracle Fusion Middleware

Oracle Hospitality Query and Analysis Languages and Translation Configuration Guide. March 2016

Oracle WebCenter Portal

Oracle Banking Digital Experience

Quick Start for Coders and Approvers

Adaptive Risk Manager Challenge Question Cleanup 10g ( ) December 2007

Oracle Banking Digital Experience

Open Development Tool Application Deployment in Weblogic Oracle FLEXCUBE Universal Banking Release [May] [2017]

Oracle Database Express Edition

Day-0 Setup Guide Release July 2018

Oracle Health Sciences Information Gateway. 1 Introduction. Security Guide Release 2.0.1

Oracle Enterprise Manager. 1 Introduction. System Monitoring Plug-in for Oracle Enterprise Manager Ops Center Guide 11g Release 1 (

Oracle Banking Digital Experience

Oracle Hospitality Simphony First Edition Venue Management (SimVen) Installation Guide Release 3.8 Part Number: E

OIPA System Requirements. Oracle Insurance Policy Administration - Life Release 8.1 E May 2009

721Start. Oracle Insurance Policy Administration. Release Notes. Version

Oracle Database Mobile Server

EnterpriseTrack Reporting Data Model Configuration Guide Version 17

Oracle FLEXCUBE Direct Banking

Oracle Fusion Middleware. 1 Introduction. 1.1 Supported Functionality and Intended Use. 1.2 Limitations

Interoperability Solutions Guide for Oracle Web Services Manager 12c (12.2.1)

Transcription:

Oracle Insurance Policy Administration Configuration of SAML 1.1 Between OIPA and OIDC Version 10.1.0.0 Documentation Part Number: E55027-01 June, 2014

Copyright 2009, 2014, Oracle and/or its affiliates. All rights reserved. Trademark Notice Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. License Restrictions Warranty/Consequential Damages Disclaimer This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. Warranty Disclaimer The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. Restricted Rights Notice. If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are commercial computer software or commercial technical data pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065. This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services. Where an Oracle offering includes third party content or software, we may be required to include related notices. For information on third party notices and the software and related documentation in connection with which they need to be included, please contact the attorney from the Development and Strategic Initiatives Legal Group that supports the development team for the Oracle offering. Contact information can be found on the Attorney Contact Chart. The information contained in this document is for informational sharing purposes only and should be considered in your capacity as a customer advisory board member or pursuant to your beta trial agreement only. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. Your access to and use of this confidential material is subject to the terms and conditions of your Oracle Software License and Service Agreement, which has been executed and with which you agree to comply. This document and information contained herein may not be disclosed, copied, reproduced, or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 2 of 18 Revised: 6/11/2014

Table of Contents INTRODUCTION... 4 Customer Support... 4 PREREQUISITES... 5 CREATING A DOMAIN FOR THE APPLICATIONS... 6 CREATING A USER IN THE DOMAIN'S... 6 GENERATING AND REGISTERING SSL CERTIFICATES... 7 Source Site... 7 Destination Site... 7 CONFIGURING KEYSTORES AND SSL... 8 Source Site... 8 Destination Site... 9 SAML SOURCE SITE CONFIGURATION... 10 Creating the SAML Credential Mapper... 10 Configuring the Relying Party Properties... 11 Configuring SAML 1.1 on the Source Site... 11 SAML DESTINATION SITE CONFIGURATION... 13 Creating a SAML Identity Asserter... 13 Configuring the Asserting Party Properties... 13 Configuring SAML 1.1 on the Destination Site... 14 CONFIGURING OIPA AND OIDC... 16 Configuring OIPA... 16 Configuring OIDC... 16 TESTING SINGLE SIGN-ON... 17 Importing the Certificate to IE... 17 Testing the Application... 17 DEBUGGING THE APPLICATION... 18 Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 3 of 18 Revised: 6/11/2014

INTRODUCTION Security Assertion Markup Language (SAML) is an XML standard used to exchange authentication and authorization data between web domains. Oracle Insurance Policy Administration (OIPA) and Oracle Insurance Data Capture (OIDC) use SAML to facilitate a Single Sign-On (SSO) service between the two applications. This document explains the process for configuring SAML 1.1 for use with these systems. Customer Support If you have any questions about the installation or use of our products, please visit the My Oracle Support website: https://support.oracle.com, or call (800) 223-1711. Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired. Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 4 of 18

PREREQUISITES The following prerequisites are needed before SAML 1.1 can be configured for use with OIPA and OIDC: Oracle WebLogic Server version 10.3.6 OIDC Version 5.1.0.0 OIPA version 10.1.0.0 Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 5 of 18

CREATING A DOMAIN FOR THE APPLICATIONS Create a domain in the source WebLogic server where OIPA will be deployed. The OIDC application will run in the destination WebLogic server. The following table contains example domain details that will be used for demonstration purposes throughout this document. IP Address Application Name Port SSL Port SAML Source: OIPA OIPAHostIP OIPA OIPAPort OIPASSLPort SAML Destination: OIDC OIDCHostIP OIDC OIDCPort OIDCSSLPort CREATING A USER IN THE DOMAIN'S 1. Create any OIPA Application user credentials same in the OIPA WebLogic domain at Home > Summary of Security Realms > myrealm > Users and Groups. The following are example user credentials: Domain Realm Username/Password OIPA myrealm qatester1/qatester1 OIDC myrealm qatester1/qatester1 2. On the OIDC WebLogic domain, create a user with the same credentials and add it to the DCDataAdministrators and DEVTest groups. Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 6 of 18

GENERATING AND REGISTERING SSL CERTIFICATES Source Site 1. Open a command prompt window. 2. Change the directory to WEBLOGIC_HOME\wlserver_10.3\server\lib. 3. Run the keytool command to generate a keystore called oipakeystore.jks, as is shown below. Be sure to enter the source server s IP address after CN=. keytool -genkeypair -alias oipaalias -keyalg RSA -validity 365 -keysize 2048 -keystore oipakeystore.jks -dname "CN=10.184.226.231, OU=Oracle Financial Services, O=Oracle India, L=IDC, ST=Hyderabad, C=IN" -storepass oracle123 -keypass oipakeypass 4. Run the keytool command with the export option to generate a certificate called oipaalias.der. keytool -export -alias oipaalias -keystore oipakeystore.jks -rfc -file oipaalias.der - storepass oracle123 -keypass oipakeypass 5. Run the keytool command with the import option to store the certificate in oipatruststore. keytool -import -alias oipaalias -file oipaalias.der -keystore oipatruststore.jks -storepass oracle123 -keypass oipakeypass noprompt 6. A confirmation message reading, Certificate was added to keystore should appear. Destination Site To create and register SSL certificates for the destination site, repeat steps 1 6 above, with one difference: Delete the certificate (oipaalias.der) that is created for the destination site and replace it with a copy of the certificate that was created for the source site. This will import the source site s WebLogic Server configuration. Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 7 of 18

CONFIGURING KEYSTORES AND SSL Source Site 1. Log in to the WebLogic Server Administration Console. 2. Navigate to the Domain Structure screen. 3. Select Environment > Servers. 4. Select AdminServer. 5. Navigate to the settings for AdminServer and click the Keystores tab. 6. On the Keystores tab, click the Change button and select Custom Identity and Custom Trust from the drop-down box. 7. Configure the settings for the keystore as shown below. Custom Identity Keystore Custom Identity Keystore Type Custom Identity Keystore Passphrase Confirm Custom Identity Keystore Passphrase Custom Trust Keystore Custom Trust Keystore Type Custom Trust Keystore Passphrase Confirm Custom Trust Keystore Passphrase WEBLOGIC_HOME\wlserver_10.3\server\lib\oipakeystore.jks jks oracle123 oracle123 WEBLOGIC_HOME\wlserver_10.3\server\lib\oipatruststore.jks jks oracle123 oracle123 Note: Be sure to enter the full filepaths of your keystores. 8. Click Save. 9. Click on the SSL tab. 10. Configure the settings for the SSL key as shown below. Private Key Alias Private Key Passphrase oipaalias oipakeypass Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 8 of 18

Confirm Private Key Passphrase oipakeypass 11. Click Save. Destination Site To configure SSL and keystores for the destination site, follow steps 1 11 above for the destination server. Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 9 of 18

SAML SOURCE SITE CONFIGURATION Creating the SAML Credential Mapper 1. In the WebLogic Server Administration Console, navigate to the Domain Structure screen. 2. Select Security Realms. 3. Select myrealm, which is the default realm. 4. Click on the Providers tab. 5. Click on the Credential Mappings tab. 6. Check the SAMLCredentialMapper of Type SAMLCredentialMapperV2 is exist or not, if not click New. The Create a New Credential Mapping Provider page will open. 7. In the Name field, enter SAMLCredentialMapper 8. In the Type drop-down box, select SAMLCredentialMapperV2. 9. Click OK. 10. Restart the server. 11. Once the server is restarted, select Configuration > Provider Specific. 12. Configure the settings for the Credential Mapper as shown below. Issuer URI Name Qualifier http://www.oracle.com/oipasaml oracle.com Default Time to Live 120 Default Time to Live Offset 0 Signing Key Alias Signing Key Pass Phrase Confirm Signing Key Pass Phrase oipaalias oipakeypass oipakeypass 13. Click Save. Important: The system time should be the same for the source and destination servers. If there is any difference between the two machines system times, the offset can be mitigated by using the Default Time to Live and Default Time to Live Offset parameters. Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 10 of 18

Configuring the Relying Party Properties 1. In the WebLogic Server Administration Console, click on the Management tab. 2. Select Relying Parties. 3. Click New. 4. In the Profile drop-down box, select Browser/POST. 5. In the Description field, enter oipasaml. 6. Click OK. 7. Back on the Relying Parties screen, click on the newly created Relying Party. 8. Configure the settings for the Relying Party as shown below. Enabled Description Target URL Assertion Consumer URL Assertion Consumer Parameters Sign Assertions Include Keyinfo oipasaml http://oidchostip:oidcport/oidccontext/adfauthentication https://oidchostip:oidcsslport/samlacs/acs APID=ap_00001 Configuring SAML 1.1 on the Source Site 1. Navigate to the Domain Structure screen. 2. Select Environment > Servers. 3. Select AdminServer. 4. Select Federation Services > SAML 1.1 Source Site. 5. Configure the SAML Source Site settings as shown below. Source Site Enabled Source Site URL Signing Key Alias Signing Key Passphrase http://oipahostip:oipaport/pasjava oipaalias oipakeypass Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 11 of 18

Confirm Signing Key Passphrase Intersite Transfer URIs oipakeypass /samlits_ba/its /samlits_ba/its/post /samlits_ba/its/artifact /samlits_cc/its /samlits_cc/its/post /samlits_cc/its/artifact ITS Requires SSL Assertion Retrieval URIs ARS Requires SSL /samlars/ars 6. Click Save. Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 12 of 18

SAML DESTINATION SITE CONFIGURATION Creating a SAML Identity Asserter 1. Ensure that the certificate file (oipaalias.der) you generated previously in the source site server was copied into the directory WEBLOGIC_HOME\server\lib. Note: Copying this certificate file to this location will replace the certificate previously generated for the destination site server. 2. Log in to the WebLogic Server Administration Console for the destination site server. 3. Navigate to the Domain Structure screen. 4. Select Security Realms > myrealm. 5. Select Providers > Authentication. 6. Click New. The Create New Authentication Provider page will open. 7. In the Name field, enter SAMLIdentityAsserter. 8. In the Type drop-down box, select SAMLIdentityAsserterV2. 9. Click OK. 10. Restart the server. 11. Once the server is restarted, select SAMLIdentityAsserter and click on Management > Certificates. 12. Click New. 13. In the Alias field, enter oipaalias. 14. In the Path field, enter the filepath of the certificate that was copied in from the source site server. 15. Click Finish. If the certificate registration was completed without issue, the message The certificate has been successfully registered will display. Configuring the Asserting Party Properties 1. Back on the Management tab, click on Asserting Parties. 2. Click New. 3. In the Profile drop-down box, select Browser/POST. 4. In the Description field, enter oipasaml. 5. Click OK. 6. Back on the Asserting Parties screen, click on the newly created asserting party. Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 13 of 18

7. Configure the asserting party s settings as shown below. Enabled Description Target URL POST Signing Certificate Alias Source Site Certificate URIs Source Site ITS URL Source Site ITS Parameters Issuer URI Signature Required Assertion Signing Certificate Alias oipasaml http://oipahostip:oipaport/pasjava oipaalias /oidc/web/adfauthentication https://oipahostip:oipasslport/samlits_ ba/its RPID=rp_00001 http://www.oracle.com/oipasaml oipaalias 8. Click Save. Configuring SAML 1.1 on the Destination Site 1. Navigate to the Domain Structure screen. 2. Select Environment > Servers. 3. Select AdminServer. 4. Select Federation Services > SAML 1.1 Destination Site. 5. Configure the SAML Destination Site settings as shown below. Destination Site Enabled Assertion Consumer URIs ACS Requires SSL SSL Client Identity Alias SSL Client Identity Pass Phrase Confirm SSL Client Identity Pass Phrase POST Recipient Check Enabled /samlacs/acs oipaalias oipakeypass oipakeypass Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 14 of 18

POST One-Use Check Enabled Used Assertion Cache Properties APID=ap_00001 6. Click Save. Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 15 of 18

CONFIGURING OIPA AND OIDC Configuring OIPA In OIPA s PAS.properties file, make the following changes: Set oidcapp.url to http://oidchostip:oidcport/dcw51/adfauthentication?embed=true. Set oidcapp.isauthorized to false. Configuring OIDC In the web.xml file of OIDCPresentation, make the following changes in the <login-config> section: Give the <auth-method> element a value of CLIENT_CERT,FORM. Give the <realm-name> element a value of myrealm. Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 16 of 18

TESTING SINGLE SIGN-ON Importing the Certificate to IE 1. In Windows Explorer, navigate to WEBLOGIC_HOME\wlserver_10.3\server\lib. 2. Double-click on oipaalias.der and click Install Certificate. 3. Click Next. 4. Select Place All Certificates in the Following Store and click Browse. 5. Select Trusted Root Certification Authorities and click OK. 6. Click Next. 7. Click Finish. 8. A security warning will display. Click Yes. If the import was completed without issue, the message The import was successful will display. Testing the Application 1. Point a web browser to the OIPA login page (http://10.184.226.231:7007/pasjava/login/login.iface). 2. Enter qatester1 for both the Client Number and Personal Id and click Login. 3. Navigate to Case > Case Entry. 4. Accept any security certificate warnings that display. The OIDC home page will open in the Case Entry Detail window. Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 17 of 18

DEBUGGING THE APPLICATION 1. In the WebLogic Server Administration Console, navigate to the Domain Structure screen. 2. Select Environment > Servers. 3. Select AdminServer. 4. Click on the Debug tab. 5. Expand WebLogic > Security > SAML. 6. Click the checkbox to enable SAML debugging. The log file for the server will be made available for both the source and destination domains. Release 10.1.0.0 Configuration of SAML 1.1 Between OIPA and OIDC 18 of 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback