Identity and Access management

Prerequisites:- A windows active directory domain is installed on a Windows 2008 server. OAM 11g R2 OAM server is installed and a target is protected with OAM deployed on a webserver through a webgate agent. Login to the Active Directory server and create a user oam for WNA integration. 2. Execute ktpass command to generate a keytab file. The princ parameter needs to be HTTP/hostnameofOAMServer@DomainName. It should map to a user (oam)of AD.  ktpass -princ HTTP/oam.example.com@EXAMPLE.COM -mapuser oam -pass password -out c:\oam.keytab  3. Once ktpass has been executed successfully you will see that parameter User Logon Name has been modified. 4. On oam server at /etc/ directory krb5.conf file is present. Modify the file for domain name and AD server name. If File is not there please create a file with same name and provide the details as below: 5. After krb5.conf file is modified run the klist command to check the contents of oam.keytab file. Also run

After setting Java_home and Path variable also /usr/bin/java points to the open jdk in Linux. To resolve this we need to establish the link between usr/bin/java and the new JDK installed. Run below command as root to move the java: mv /usr/bin/java /home/ After this run below command to establish the link: ln -s /usr/bin/java /<New_JAVA_HOME/bin/java>

Create a simple authorization policy from OES and invoke authorization decision using Standard API from a Java  application to allow or deny the access. Create New Application (go to Authorization management > Application > click new Application) Create New Security Module (go to System Configuration > Security Module > click New)  And add Newly Created Application to it.  Create New Resource Type (go to Newly Created Application > Resource Types > Click new) Create New Resource (go to Newly Created Application > Default Policy Domain > Resources Catalog > Resources > Create New) Create New Permit Authorization Policy (go to Newly Created Application > Default Policy Domain > Application Policies > Create New) 6.       Create New Deny Authorization Policy (go to Newly Created Application > Default Policy Domain > Application Policies > Create New) 1.      Edit the following file: OES_CLIENT_HOME/oessm/SMC