To enable the SSL for Oracle Identity Manager Design Console by following the below steps:
1. Configuring the OIM Design Console
The following task's needs to be performed to enable the SSL for Oracle Identity Manager Design Console. They are
1.1 Copy Jar Files
1.1.1 Login into the OIM Server.
1.1.2 Copy the webserviceclient+ssl.jar and cryptoj.jar from the $WLS_HOME/lib to $OIM_ORACLE_HOME/designconsole/ext directory
1.2 Configuring classpath.sh
1.2.1 Go to the Go to the $OIM_ORACLE_HOME/designconsole directory and edit the classpath.sh file and add the following content before $CLASSPATH. They are
:./ext/cryptoj.jar:./ext/webserviceclient+ssl.jar
1.2.2 Define the TRUSTSTORE_LOCATION variable in the classpath.sh file.
TRUSTSTORE_LOCATION = "OIM Trust Store.jks"
export TRUSTSTORE_LOCATION
1.3 Configuring xlconfig.xml
1.3.1 Go to the $OIM_ORACLE_HOME/designconsole/config directory and edit the xlconfig.xml file.
1.3.2 Modify the following parameters
< ApplicationURL>https://localhost:<sslport>/xlWebApp/loginWorkflowRenderer.do</ApplicationURL>
< java.naming.provider.url>t3s://localhost:<sslport>/oim</java.naming.provider.url>
1.4 Configuring xlclient.sh
1.4.1 Go to the Go to the $OIM_ORACLE_HOME/designconsole/ directory and edit the xlclient.sh file and add the following content if your using Self Signed Cert or root certificate is not trusted authority provider.
1.4.1.1 Turn off the SSL Constraints
-Dweblogic.security.SSL.enforceConstraints=off \
1.4.1.2 Turn Off the Host Name Verification
-Dweblogic.security.SSL.ignoreHostnameVerification=true \
1.4.1.3 Turn Off the default Random Number Generator.
The changing default Random Number generator shown in the log as follows
<Dec 05, 2015 11:51:50 AM IST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
To turn of the off the random generator number in the log add the following flag.
-Dweblogic.security.allowCryptoJDefaultPRNG=true \
1.4.1.4 Debug the SSL Parameters
-Dssl.debug=true \
-Dweblogic.StdoutDebugEnabled=true \
1.5 Sample xlclient.sh file
After configuring the xlclient.sh file and the file content should be following format.
java -DXL.ExtendedErrorOptions=TRUE \
-DXL.HomeDir=. -Djava.security.policy=config/xl.policy \
-Djava.security.manager -Djava.security.auth.login.config=config/authwl.conf \
-Dlog4j.configuration=config/log.properties \
-Dweblogic.security.SSL.trustedCAKeyStore=$TRUSTSTORE_LOCATION \
-Dweblogic.security.SSL.enforceConstraints=off \
-Dweblogic.security.SSL.ignoreHostnameVerification=true \
-Dweblogic.security.allowCryptoJDefaultPRNG=true \
-Dssl.debug=true \
-Dweblogic.StdoutDebugEnabled=true \
-cp $CLASSPATH com.thortech.xl.client.base.tcAppWindow -server server
No comments:
Post a Comment