How to configure ASA agent to intercept the request for the web application deployed on Weblogic

Document created by Ujwol Shrestha Employee on Dec 22, 2015Last modified by kristen.palazzolo on Dec 17, 2016
Version 3Show Document
  • View in full screen mode

Introduction

 

To enable SiteMinder Weblogic ASA agent to intercept the request , first thing you will need to do is enable java security for the web application that is deployed on the Weblogic.

This can be done in multiple ways , but in this document we will discuss just one common and easy approach - "custom roles and policies"

 

Pre-Requisites

 

1. To leverage an Identity Asserter, WebLogic requires that web applications are configured to use the CLIENT-CERT authentication method. For each web application, modify the deployment descriptor as follows:

    <login-config>

    <auth-method>CLIENT-CERT</auth-method>

   </login-config>

 

2. The web application resource /MyApp2/ is protected on the Policy server side with the ASA agent

3. SiteMinder security provider are already enabled and configured for the default realm

 

Instructions

 

    a. Login to Admin Console.

    b. Click base domain --> Deployments

 

 

    c. Click Install

    d. Select the Application War file.

 

    e. Choose target style as : Install as an application

   

    f. Select deployment target - You can choose Admin server or any managed server.

       In this example, we will select one of the managed server to deploy the sample web application.

     

  g. Select Security Model = "Custom Roles and Policies"

    

h. Review the information and click Finish

 

 

i. Verify by clicking the Deployments link that the newly deployed application is Active and Health is OK

 

j. Click the application "MyApp2" and select "Security" tab. Under Security click ==> URL Patterns ==> Policies

h. Click New to create new policy for the URL pattern

     Specify the URL pattern. Example if you want to protect all the resources for the web application set

     URL Pattern = /*

i . Click Ok.

   

j. Now click on the URL patter Policy that is just created.

 

k. Under "Policy Conditions", Click "Add Conditions"

l. Set "Predicate List" = User (select from the drop down) and click Next.

j. Specify the userid that is authorized to accesss this web application

k. Click Finish

l. Click Save in the next screen.

 

Test & Verification

 

Now, depending upon the provider configuration, when you access the web application, only authorized user in this case "shruj01" will only be allowed to access.

Sample web agent provider log , note, for the test I have configured Identity Asserter provider and also set ChallengeForCredentials=YES such that if I try to access without SMSESSION cookie, then I get a challenge for credential.

Once I provide a valid user credential , the access is granted.

 

 

 

Attachments

Sample webapplicaiton MyApp.war used in this illustration.

1 person found this helpful

Attachments

Outcomes