Skip to main content

High Level steps for protecting Web Application with OAM 11gR2:---


1.       Install OHS or Apache. Any web server in front of your application.
2.       Do a reverse proxy of your application server with this webserver.
For OHS as web server and Weblogic as application server please change below line in mod_wl_ohs.conf file.

<Location /console>
    SetHandler weblogic-handler
    WebLogicHost server1
    WeblogicPort 7001
</Location>

This will forward /console from HTTP server to /console on WebLogic Server server1:7001.

3.       Install Webgate on the server where web server is installed.
4.       Deploy Webgate on the instance of webserver. Command is as below:
./deployWebGateInstance.sh –w /Oracle/Middleware/Oracle_WT1/instances/instance1/config/ohs1 –oh /Oracle/Middleware/Oracle_OAMWebGate1
5.       Configure Webgate by running EditHttpdConf.
./EditHttpdConf –w /Oracle/Middleware/Oracle_WT1/instances/instace1/config/OHS/ohs1 –oh /Oracle/Middleware/Oracle_OAMWebGate1 –o webgate.conf
If library path is not set then set it before running this command:
export LD_LIBRARY_PATH=$ LD_LIBRARY_PATH:/Oracle/Middleware/Oracle_WT1/lib
6.       Register Webgate.  There are 2 ways to register Web gate with OAM. Either through rreg or from admin console of OAM.
6.1               Registration with rreg:- go to
$Middleware Home$/Oracle_IDM1/oam/server/rreg/input.

Edit OAM11gRequest_short.xml  and include weblogic admin url, host identifier etc.

Go to $Middleware Home$/Oracle_IDM1/oam/server/rreg/bin

Edit oamreg.sh and set OAM_REG_HOME=$Middleware Home$/Oracle_IDM1/oam/server/rreg
Run ./oamreg.sh inband input/OAM11Grequest.xml

          6.2          Registration with OAM Console:
Create a new 11g web gate agent through Admin console of OAM. If auto create policies is checked then it will create host identifier and application domain automatically.
These authentication schemes and other values can be changed later if required to create new authentication scheme or other policies.

7.       Copying files. Any of this registration process will create 2 files ‘ObAccessClient.xml’ and ‘cWallet.sso’ inside $Middleware Home$/Oracle_IDM1/oam/server/rreg/output folder.
These files need to be copied to 
$Middleware Home$/Oracle_WT1/instances/instance1/config/ohs1/webgate/config
8.       Restart the webserver and application would be protected with the default schemes of OAM.
Labels:

Comments

Post a Comment

Popular posts from this blog

Developing Prepopulate Adapter with OIM 11g R2

1.      Prepopulate Adapter in OIM uses the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. 2.      Write the Java code which returns the value which has to be populated on the form. 3.      This code will implement the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. Code Snippet: - package com.oracle.oim.utility.eventhandler; import java.io.Serializable; import java.util.Iterator; import java.util.List; import java.util.logging.Logger; import oracle.iam.identity.exception.NoSuchUserException; import oracle.iam.identity.exception.UserLookupException; import oracle.iam.identity.usermgmt.api.UserManager; import oracle.iam.identity.usermgmt.vo.User; import oracle.iam.platform.Platform; import oracle.iam.platform.authz.exception.AccessDeniedException; import oracle.iam.request.exception.RequestServiceException; import oracle.iam.request.vo.Beneficiary; ...
5 comments
Read more

Oracle Traffic Director (OTD) configuration

Download the OTD software and install it on a server by running runInstaller command from <Binaries>/Disk1. Preferred is to configure the OTD as root user because when the administration server is configured as root, then Oracle Traffic Director starts the keepalived daemon automatically when you start instances that are part of a failover group, and stops the daemon when you stop the instances. Set Oracle_Home as the new Installed OTD Home. Run below command to configure the Admin server: <OTD_HOME>/otd/bin/tadm configure-server --port=8989 --user=admin --server-user=root --instance- home= <OTD_HOME> /otd/instance_name/otd_instance1 This command will ask for admin password and will create the admin server. Run Below command to start the admin server: <OTD_HOME> /otd/instance_name/otd_instance1/admin-server/bin/startserv Login to the OTD console on http://<host>:8989 as admin user.  Click New configuration: Click Next and create ne...
Post a Comment
Read more

Custom Login Page Protection- OAM 11g R2

Create a login page with fields having username,password and requestid. Below is the sample login page : <%@page language="java" session="true" contentType="text/html;charset=ISO-8859-1"  %> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request. getServerPort()+path+"/"; String requestID = request.getParameter("request_id"); %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <font color="blue">Login Page </font><br><br> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Implementing css and javascript</title> <meta http-equi...
3 comments
Read more