Forum Discussion

waleed_osama_23's avatar
waleed_osama_23
Icon for Nimbostratus rankNimbostratus
Mar 20, 2017

F5 APM Oracle Access Manager SSO

Hello Dears,

 

I'm trying to configure SSO for applications that are authenticated using Oracle Access Manager.

 

Here's the flow without F5:

 

1- User connect to a protected resource

 

2- User is redirected to OAM

 

3- User authenticate against OAM using Kerberos

 

4- OAM has a delegation account configured, so it authenticates against active directory to see if user is authorized

 

5- If authenticated, the OAM redirects user again to the Protected Resource

 

  • I have been reading a lot of documents from F5 and I reached a conclusion that I need to use active directory as authentication source for initial connection to webtop.. And then use OAM as authentication source for access portals themselves and for SSO.

However I'm way over my head and can't find solid info on how to implement this, I thought of doing kerberos but I'm not actually authenticating against AD using Kerberos, I'm authenticating against OAM..

 

I found this in a document, but in my version (12 and 13) it doesn't exit anymore?? I could have configured an OAM server and its SSO config but I guess this type of configuration is retired (or hopefully under a new name!)

 

 

https://www.f5.com/pdf/deployment-guides/f5-oracle-oam-apm-dg.pdf

 

I have also been reading on this document, but it doesn't mention SSO

 

https://www.f5.com/pdf/deployment-guides/oracle-oam-apm-11-dg.pdf

 

I'd appreciate it if someone could explain how this requirement could be fulfilled..

 

    • waleed_osama_23's avatar
      waleed_osama_23
      Icon for Nimbostratus rankNimbostratus

      I guess Kerberos as in normal case user authenticate with kerberos against OAM. In f5 case I am thinking F5 should be authenticating with Kerberos against the OAM.

       

    • waleed_osama_23's avatar
      waleed_osama_23
      Icon for Nimbostratus rankNimbostratus

      I guess Kerberos as in normal case user authenticate with kerberos against OAM. In f5 case I am thinking F5 should be authenticating with Kerberos against the OAM.

       

  • APM role here is to replace oracle webgate and does the AAA authentication with Oracle OAM server.

     

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus

    APM role here is to replace oracle webgate and does the AAA authentication with Oracle OAM server.