We can access OIM 11g R2 API's without providing xelsysadm (or any admin user) password. In other words we can authenticate OIM API's with digital signature similar to 10g as shown in below code snippet:
public OIMClient loginUsingSignature() throws tcCryptoException, LoginException {
OIMClient clientPlatform = null;
try {
String userName = "XELSYSADM";
System.setProperty("java.security.auth.login.config", "c:\authwl.conf");
System.setProperty("APPSERVER_TYPE", "wls");
System.setProperty("weblogic.Name", "oim_server1");
Hashtable env = new Hashtable();
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, "t3:/host:port");
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, "weblogic.jndi.WLInitialContextFactory");
clientPlatform = new OIMClient(env);
tcSignatureMessage signedMsg = tcCryptoUtil.sign(userName, "PrivateKey");
byte[] tmpB = tcCryptoUtil.getSerializedMessage(signedMsg);
String tmp = "xlSigned::" + Base64.getEncoded(tmpB);
clientPlatform.login(userName, tmp);
} catch (Exception ex) {
}
return clientPlatform;
}
public OIMClient loginUsingSignature() throws tcCryptoException, LoginException {
OIMClient clientPlatform = null;
try {
String userName = "XELSYSADM";
System.setProperty("java.security.auth.login.config", "c:\authwl.conf");
System.setProperty("APPSERVER_TYPE", "wls");
System.setProperty("weblogic.Name", "oim_server1");
Hashtable env = new Hashtable();
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, "t3:/host:port");
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, "weblogic.jndi.WLInitialContextFactory");
clientPlatform = new OIMClient(env);
tcSignatureMessage signedMsg = tcCryptoUtil.sign(userName, "PrivateKey");
byte[] tmpB = tcCryptoUtil.getSerializedMessage(signedMsg);
String tmp = "xlSigned::" + Base64.getEncoded(tmpB);
clientPlatform.login(userName, tmp);
} catch (Exception ex) {
}
return clientPlatform;
}
