Configure the Single Sign on in Weblogic

Posted: April 20, 2012 in Weblogic

Single sign-on (SSO) is a property of  access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.
Single sign-off is the reverse property whereby a single action of signing out terminates access to multiple software systems.
As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication.
This post will show how you enable oracle single sign on
Prerequisites :
  • You have installed Oracle HTTP server 2.0 & Oracle Weblogic server 10.3 with application deployed.
You can download Oracle HTTP server 2.0 from Oracle 10g R3 Companion Disc
  • Single Sign on Server & OID 10.1.2
Download and Configure MOD_Weblogic
    • Download MOD_Weblogic from the below mention link using valid oracle account.
    • extract the corresponding platform mod_wl_20_so. Copy it to
    • Edit $ORACLE_HOME/ohs/conf/httpd.conf and add the following line under the last loadModule directive: LoadModule weblogic_module modules/
    • At the end of $ORACLE_HOME/ohs/conf/httpd.conf file add the following directives        <ifModule mod_weblogic.c>
Weblogichost <Server_Name> e.g (
Weblogic Port 7001 (default)
this should match with HTTP server port where Weblogic server is running
SetHandler weblogic-handler
    • Stop and start the HTTP_Server to pick up the changes
Configure MOD_OSSO
    • Manually register the application url with SSO
$ORACLE_HOME/sso/bin/ -oracle_home_path
$ORACLE_HOME -site_name -config_mod_osso
TRUE -mod_osso_url -verdose TRUE (Plase the conf file in the target Apache/conf/osso/
    • Add the below line in $ORACLE_HOME/ohs/conf/httpd.conf
LoadModule osso_module modules/ (Should be on TOP in DSO section).
    • Edit $ORACLE_HOME/ohs/conf/mod_osso.conf and lines to look like
<IfModule mod_osso.c>
OssoldleTimeout off
OssolpCheck off#OssoRedirectByForm off
#OssoSecureCookies on
#OssoProtectedOnly on
#OssoSendCacheHeaders on
#OssoHttpFrontend on
#UseWebCachelp on
OssoConfigFile /oracle/ohs/conf/osso/osso.conf

<Location /ssotest>

Require valid-user
AuthType Basic
<Location /private>

AuthType Basic
Require valid-user
<Location /sample>

Require valid-user
AuthType Basic

    • Stop and start the Weblogic HTTP_Server to pick up the changes.

Configure OSSO Identity Asserter.

Login Weblogic Server Control Console as weblogic user

    • Add the following Providers to weblogic Domain for OSSO

OSSO Identity Asserter, DefaultAuthenticator & OID Autherticator
Adding OSSO Identity Asserter

    • Click Security Realms, Default Realm Name, Providers
    • Select New under the Authentication Provider table.
    • Enter a name for the new provider,select its type, and then click OK. e.g:
Name:OSSO Identity Asserter
Type: OSSOIdentityAsserter

In settings for OSSO Identity Assserter

    • Click Default Authentication Provider.
    • Set the control flag to OPTIONAL, and Save
    • Adding OIDAuthenticator.
Click New, and enter a name and type:
Name: OID Authenticator
    • Click the provider Specific tab & specify the following settings User Name Attribute: orcladmin (e.g)

Host : The Oracle Internet Directory hostname
Group Base DN: cn=Group,dc=cse,dc=oracel,dc=com
User Base DN: cn=users,dc=cse,dc=oracle,dc=com
Port: Oracle Internet Directory port

    • Reorder Provider After Stop & Restart Weblogic Server
Establishing Trust between Oracle Weblogic Server and other entities
  • Enter the syntax for the connection filter rules & Restart the weblogic server.
    • Configuring the application for the OSSO identity asserter
      • Locate the web.xml file the application EAR file.
      • Locate the auth-method for hte appropriate realm and enter CLIENT-CERT. e.g
  • Save the file. redeploy & restart the application.
After this you can enjoy the SSO implementation using Weblogic.
  1. voravit says:

    Do we need licenses for Single Sign on Server ?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s