IIS with Oracle DS 11g as datastore

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

IIS with Oracle DS 11g as datastore

Joe Fletcher-2

Hi,

 

Just had IIS rear its ugly head in my work environment. This may be a dim question but can I use an Oracle DS 11g datastore to authenticate an IIS web server via the WPA?

Docs seem to indicate not. And I quote: “Make sure OpenAM data store is configured to use Active Directory as the user data store.”

 

Unless I’m framing my searches wrong I can’t find any examples where its been done. I’m hoping someone can tell me I’m wrong and point me at a “how-to” guide otherwise I have a potentially huge issue to deal with.

 

Regards

 

Joe

 

 

 

This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: IIS with Oracle DS 11g as datastore

Nicolas Seigneur
See this thread for more information about using Oracle/Databases as repository: https://forgerock.org/topic/openam-with-oracle-db-as-identity-repository/ you can follow the backstage link to know more.

The protection of IIS with a Web Agent is actually decoupled from the Authentication/User repository in OpenAM, so if you manage to configure OpenAM to authenticate and retrieve user information against your Oracle environment, you should be in the clear.

Nicolas Seigneur
Indigo Consulting Canada

On Fri, Aug 26, 2016 at 6:03 AM, Joe Fletcher <[hidden email]> wrote:

Hi,

 

Just had IIS rear its ugly head in my work environment. This may be a dim question but can I use an Oracle DS 11g datastore to authenticate an IIS web server via the WPA?

Docs seem to indicate not. And I quote: “Make sure OpenAM data store is configured to use Active Directory as the user data store.”

 

Unless I’m framing my searches wrong I can’t find any examples where its been done. I’m hoping someone can tell me I’m wrong and point me at a “how-to” guide otherwise I have a potentially huge issue to deal with.

 

Regards

 

Joe

 

 

 

This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam




--
-------------------------------------------------
Nicolas Seigneur
Indigo Technologies Canada, Inc.
mobile: +1.514.965.4890

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: IIS with Oracle DS 11g as datastore

Joe Fletcher-2

Thanks for that. However it doesn’t cover what I’m interested in. Specifically I’m looking at using DS 11g LDAP server as opposed to MS Active Directory LDAP server as the datastore in conjunction with the agent on IIS.

 

It would be a non-standard config insofar as very few people would use IIS in a non-AD environment. Apache on windows would be more common perhaps in which case there’s no issue.

 

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Nicolas Seigneur
Sent: 27 August 2016 15:36
To: Users
Subject: Re: [OpenAM] IIS with Oracle DS 11g as datastore

 

See this thread for more information about using Oracle/Databases as repository: https://forgerock.org/topic/openam-with-oracle-db-as-identity-repository/ you can follow the backstage link to know more.

 

The protection of IIS with a Web Agent is actually decoupled from the Authentication/User repository in OpenAM, so if you manage to configure OpenAM to authenticate and retrieve user information against your Oracle environment, you should be in the clear.

 

Nicolas Seigneur

Indigo Consulting Canada

 

On Fri, Aug 26, 2016 at 6:03 AM, Joe Fletcher <[hidden email]> wrote:

Hi,

 

Just had IIS rear its ugly head in my work environment. This may be a dim question but can I use an Oracle DS 11g datastore to authenticate an IIS web server via the WPA?

Docs seem to indicate not. And I quote: “Make sure OpenAM data store is configured to use Active Directory as the user data store.”

 

Unless I’m framing my searches wrong I can’t find any examples where its been done. I’m hoping someone can tell me I’m wrong and point me at a “how-to” guide otherwise I have a potentially huge issue to deal with.

 

Regards

 

Joe

 

 

 

This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam



 

--

-------------------------------------------------

Nicolas Seigneur
Indigo Technologies Canada, Inc.
mobile: +1.514.
965.4890

This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: IIS with Oracle DS 11g as datastore

LOW Chee Chong
Your "Oracle DS 11g” would mean “Oracle DSEE 11g”. It is supported as User Datastore.



Do note there are a few “datastore” in OpenAM. 



--
Chee Chong
web: http://azlabs.sg
hp: 98424048


On Aug 30, 2016, at 5:44 PM, Joe Fletcher <[hidden email]> wrote:

Thanks for that. However it doesn’t cover what I’m interested in. Specifically I’m looking at using DS 11g LDAP server as opposed to MS Active Directory LDAP server as the datastore in conjunction with the agent on IIS.
 
It would be a non-standard config insofar as very few people would use IIS in a non-AD environment. Apache on windows would be more common perhaps in which case there’s no issue.
 
 
 
From: [hidden email] [[hidden email]] On Behalf Of Nicolas Seigneur
Sent: 27 August 2016 15:36
To: Users
Subject: Re: [OpenAM] IIS with Oracle DS 11g as datastore
 
See this thread for more information about using Oracle/Databases as repository: https://forgerock.org/topic/openam-with-oracle-db-as-identity-repository/ you can follow the backstage link to know more.
 
The protection of IIS with a Web Agent is actually decoupled from the Authentication/User repository in OpenAM, so if you manage to configure OpenAM to authenticate and retrieve user information against your Oracle environment, you should be in the clear.
 
Nicolas Seigneur
Indigo Consulting Canada
 
On Fri, Aug 26, 2016 at 6:03 AM, Joe Fletcher <[hidden email]> wrote:
Hi,
 
Just had IIS rear its ugly head in my work environment. This may be a dim question but can I use an Oracle DS 11g datastore to authenticate an IIS web server via the WPA?
Docs seem to indicate not. And I quote: “Make sure OpenAM data store is configured to use Active Directory as the user data store.”
 
Unless I’m framing my searches wrong I can’t find any examples where its been done. I’m hoping someone can tell me I’m wrong and point me at a “how-to” guide otherwise I have a potentially huge issue to deal with.
 
Regards
 
Joe
 
 
 
This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto. 


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam



 
-- 
-------------------------------------------------
Nicolas Seigneur
Indigo Technologies Canada, Inc.
mobile: +1.514.
965.4890
This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto._______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: IIS with Oracle DS 11g as datastore

Joe Fletcher-2

I know fundamentally DSEE is ok as a datastore. We’ve been using it with apache for years.  The problem appears to lie in configuring an IIS web server/agent combination to use it.

 

The docs say use AD as datastore when using IIS/openam agent and all tests I’ve tried so far attempting to have DSEE as the datastore have failed with IIS.

Its the specific combination of components that seems to be the issue.

 

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of LOW Chee Chong
Sent: 30 August 2016 11:05
To: Users
Subject: Re: [OpenAM] IIS with Oracle DS 11g as datastore

 

Your "Oracle DS 11g” would mean “Oracle DSEE 11g”. It is supported as User Datastore.

 

 

 

Do note there are a few “datastore” in OpenAM. 

 




--
Chee Chong
web: http://azlabs.sg
hp: 98424048


 

On Aug 30, 2016, at 5:44 PM, Joe Fletcher <[hidden email]> wrote:

 

Thanks for that. However it doesn’t cover what I’m interested in. Specifically I’m looking at using DS 11g LDAP server as opposed to MS Active Directory LDAP server as the datastore in conjunction with the agent on IIS.

 

It would be a non-standard config insofar as very few people would use IIS in a non-AD environment. Apache on windows would be more common perhaps in which case there’s no issue.

 

 

 

From: [hidden email] [[hidden email]] On Behalf Of Nicolas Seigneur
Sent: 27 August 2016 15:36
To: Users
Subject: Re: [OpenAM] IIS with Oracle DS 11g as datastore

 

See this thread for more information about using Oracle/Databases as repository: https://forgerock.org/topic/openam-with-oracle-db-as-identity-repository/ you can follow the backstage link to know more.

 

The protection of IIS with a Web Agent is actually decoupled from the Authentication/User repository in OpenAM, so if you manage to configure OpenAM to authenticate and retrieve user information against your Oracle environment, you should be in the clear.

 

Nicolas Seigneur

Indigo Consulting Canada

 

On Fri, Aug 26, 2016 at 6:03 AM, Joe Fletcher <[hidden email]> wrote:

Hi,

 

Just had IIS rear its ugly head in my work environment. This may be a dim question but can I use an Oracle DS 11g datastore to authenticate an IIS web server via the WPA?

Docs seem to indicate not. And I quote: “Make sure OpenAM data store is configured to use Active Directory as the user data store.”

 

Unless I’m framing my searches wrong I can’t find any examples where its been done. I’m hoping someone can tell me I’m wrong and point me at a “how-to” guide otherwise I have a potentially huge issue to deal with.

 

Regards

 

Joe

 

 

 

This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto. 


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam



 

-- 

-------------------------------------------------

Nicolas Seigneur
Indigo Technologies Canada, Inc.
mobile: +1.514.
965.4890

This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto._______________________________________________
Visit the OpenAM forum at 
https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam

 

This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: IIS with Oracle DS 11g as datastore

LOW Chee Chong

Can you point us to the docs?

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Joe Fletcher
Sent: Tuesday, August 30, 2016 6:47 PM
To: 'Users' <[hidden email]>
Subject: Re: [OpenAM] IIS with Oracle DS 11g as datastore

 

I know fundamentally DSEE is ok as a datastore. We’ve been using it with apache for years.  The problem appears to lie in configuring an IIS web server/agent combination to use it.

 

The docs say use AD as datastore when using IIS/openam agent and all tests I’ve tried so far attempting to have DSEE as the datastore have failed with IIS.

Its the specific combination of components that seems to be the issue.

 

 

 

 

From: [hidden email] [[hidden email]] On Behalf Of LOW Chee Chong
Sent: 30 August 2016 11:05
To: Users
Subject: Re: [OpenAM] IIS with Oracle DS 11g as datastore

 

Your "Oracle DS 11g” would mean “Oracle DSEE 11g”. It is supported as User Datastore.

 

 

 

Do note there are a few “datastore” in OpenAM. 

 



--
Chee Chong
web: http://azlabs.sg
hp: 98424048

 

On Aug 30, 2016, at 5:44 PM, Joe Fletcher <[hidden email]> wrote:

 

Thanks for that. However it doesn’t cover what I’m interested in. Specifically I’m looking at using DS 11g LDAP server as opposed to MS Active Directory LDAP server as the datastore in conjunction with the agent on IIS.

 

It would be a non-standard config insofar as very few people would use IIS in a non-AD environment. Apache on windows would be more common perhaps in which case there’s no issue.

 

 

 

From: [hidden email] [[hidden email]] On Behalf Of Nicolas Seigneur
Sent: 27 August 2016 15:36
To: Users
Subject: Re: [OpenAM] IIS with Oracle DS 11g as datastore

 

See this thread for more information about using Oracle/Databases as repository: https://forgerock.org/topic/openam-with-oracle-db-as-identity-repository/ you can follow the backstage link to know more.

 

The protection of IIS with a Web Agent is actually decoupled from the Authentication/User repository in OpenAM, so if you manage to configure OpenAM to authenticate and retrieve user information against your Oracle environment, you should be in the clear.

 

Nicolas Seigneur

Indigo Consulting Canada

 

On Fri, Aug 26, 2016 at 6:03 AM, Joe Fletcher <[hidden email]> wrote:

Hi,

 

Just had IIS rear its ugly head in my work environment. This may be a dim question but can I use an Oracle DS 11g datastore to authenticate an IIS web server via the WPA?

Docs seem to indicate not. And I quote: “Make sure OpenAM data store is configured to use Active Directory as the user data store.”

 

Unless I’m framing my searches wrong I can’t find any examples where its been done. I’m hoping someone can tell me I’m wrong and point me at a “how-to” guide otherwise I have a potentially huge issue to deal with.

 

Regards

 

Joe

 

 

 

This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto. 


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam



 

-- 

-------------------------------------------------

Nicolas Seigneur
Indigo Technologies Canada, Inc.
mobile: +1.514.
965.4890

This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto._______________________________________________
Visit the OpenAM forum at 
https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam

 

This email with all information contained herein or attached hereto may contain confidential and/or privileged information intended for the addressee(s) only. If you have received this email in error, please contact the sender and immediately delete this email in its entirety and any attachments thereto.


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Loading...