To enable SiteMinder Weblogic ASA agent to intercept the request , first thing you will need to do is enable java security for the web application that is deployed on the Weblogic.
This can be done in multiple ways , but in this document we will discuss just one common and easy approach - "custom roles and policies"
1. To leverage an Identity Asserter, WebLogic requires that web applications are configured to use the CLIENT-CERT authentication method. For each web application, modify the deployment descriptor as follows:
2. The web application resource /MyApp2/ is protected on the Policy server side with the ASA agent
3. SiteMinder security provider are already enabled and configured for the default realm
a. Login to Admin Console.
b. Click base domain --> Deployments
c. Click Install
d. Select the Application War file.
e. Choose target style as : Install as an application
f. Select deployment target - You can choose Admin server or any managed server.
In this example, we will select one of the managed server to deploy the sample web application.
g. Select Security Model = "Custom Roles and Policies"
h. Review the information and click Finish
i. Verify by clicking the Deployments link that the newly deployed application is Active and Health is OK
j. Click the application "MyApp2" and select "Security" tab. Under Security click ==> URL Patterns ==> Policies
h. Click New to create new policy for the URL pattern
Specify the URL pattern. Example if you want to protect all the resources for the web application set
URL Pattern = /*
i . Click Ok.
j. Now click on the URL patter Policy that is just created.
k. Under "Policy Conditions", Click "Add Conditions"
l. Set "Predicate List" = User (select from the drop down) and click Next.
j. Specify the userid that is authorized to accesss this web application
k. Click Finish
l. Click Save in the next screen.
Test & Verification
Now, depending upon the provider configuration, when you access the web application, only authorized user in this case "shruj01" will only be allowed to access.
Sample web agent provider log , note, for the test I have configured Identity Asserter provider and also set ChallengeForCredentials=YES such that if I try to access without SMSESSION cookie, then I get a challenge for credential.
Once I provide a valid user credential , the access is granted.
Sample webapplicaiton MyApp.war used in this illustration.