The purpose of this tutorial is to walk you through the single sign-on configuration of Oracle Agile PLM with Access Gateway.

Add Agile ID Asserter

Follow these steps to add the Agile ID asserter.

  1. Log in to the WebLogic console

    . image

  2. Click Security Realms > AgileRealm > Providers.

  3. Click Lock & Edit.


  4. Click New, and enter or select the following values.

  5. Name: AgileIdentityAsserter

  6. Type: Agile Identity Asserter


  7. Click OK.


  8. Click AgileIdentityAsserter.

  9. Move the remote-user Active Type from Available to Chosen by selecting it and clicking the right arrow icon.


  10. Click Save.


  11. Click the Providers tab.

  12. Click DefaultAuthenticator.

  13. Set Control Flag to Sufficient, and click Save.

  14. Click the Providers tab.

  15. Click AgileIdentityAsserter.

  16. Click ProviderSpecific, and disable the OAMSDKInstall Dir option.


  17. Click the Providers tab, and click Reorder.

  18. Select AgileAuthenticator, and move it to the top of the list.

  19. Select AgileIdentityAsserter, and move it below the AgileAuthenticator row.


  20. Click OK.

  21. Click Activate Changes.

  22. Stop the managed server.

Apply SSO to Agile Server

Follow these steps to apply SSO to XMLP server.

  1. Log in to the Agile Server console as the oracle user.

  2. Navigate to <Agile Home>/agileDomain/config, and open agile.properties for editing.

  3. Add the following lines to the end of the file:

  4. oam.header.name=remote-user

  5. oam.sso.logout.url=/spgwLogout

  6. Modify the web.xml file located at <Agile Home>/agileDomain/applications/application.ear/application.war/WEB-INF/web.xml.

  7. Create a backup of the current application.ear file.

  8. Change <auth-method>FORM</auth-method> to <auth-method>client-cert,form</auth-method>.

  9. Clear the server tmp folder at <Agile Home>/agileDomain/servers/<Agile Server>/tmp.

  10. Repeat steps 1 through 5 for all managed servers.

Redeploy Agile PLM Application

  1. Log in to the WebLogic console.


  2. Click Deployments.

  3. Select the Agile option, and click Update.


  4. Verify the Source Path value is the same as the path of the .ear file from step 4 in the section above.


  5. Click Finish.

  6. Start the managed server.

Add Agile PLM Application to Access Gateway

  1. Log in to the Access Gateway Admin Console.

  2. Click Applications > Add > Header Based > Create.

  3. Enter the following settings for the application:

  4. Essentials

  5. Label: A name that the end users will recognize in Okta, such as Agile PLM.

  6. Public Domain: The URL you want the users to visit for the application, such as agile.gateway.info.

  7. Protected Web Resource: Hostname/IP and port that the application is hosted on. Ensure you end this value with a forward slash, such as https://ol6-agile.localdomain:7001/.

  8. Groups: The group that you want to assign the app to in the Identity Provider.



  9. Advanced

  10. Post Login URL: The URL to the endpoint where you want the user to land after login. In this case, we want the user to land on /Agile. (Example based on previous example values: https://agile.gateway.info/Agile).


  11. Behaviors

  12. Ensure the Use Access Gateway logout page option is selected in the Logout menu.


  13. Click Next, and modify the existing header to include the following information:

  14. Data Source: IdP

  15. Type: Header

  16. Name: remote-user

  17. Value: Attribute being passed from IdP for the user’s username.


  18. Click Next > Done.