KB-2359: How to configure a Kerberos based SSO solution in WebLogic & Oracles Http Server ( OHS) environment?

12 April,16 at 11:31 AM

Applies to: All versions of Centrify DirectControl for Java applications.
How does one configure Centrify in an environment where the application server is fronted by an Oracle Http server (OHS). Using Centrify's SSO modules, is it possible to implement a fully load balanced Kerberos-based SSO solution?
At a high level, Centrify DirectControl agent needs to be installed on a weblogic server and then the libraries copied to the appropriate location (for cluster). The admin server needs to be configured; All the machines involved in the cluster needs to be joined to AD.
In addition, key files needs to be copied. Since there is no authentication performed by Apache, there is no need to install Centrify Apache plugin, however Apache servers and welogic server need to have the same set of keys. The load balancer needs to have same key too. For this to happen, they need to register an entry in Active Directory.
Detailed steps are available in the two pdfs attached at the end of this KB. 
The first pdf, Weblogic, has the steps for the Weblogic configuration while the second pdf, Web_Java_Cluster_Config v2.pdf, has the steps for the cluster configuration.
Note: These steps are not fully tested by Centrify and are provided as a courtesy. 

