Skip to main content

High Level steps for protecting Web Application with OAM 11gR2:---


1.       Install OHS or Apache. Any web server in front of your application.
2.       Do a reverse proxy of your application server with this webserver.
For OHS as web server and Weblogic as application server please change below line in mod_wl_ohs.conf file.

<Location /console>
    SetHandler weblogic-handler
    WebLogicHost server1
    WeblogicPort 7001
</Location>

This will forward /console from HTTP server to /console on WebLogic Server server1:7001.

3.       Install Webgate on the server where web server is installed.
4.       Deploy Webgate on the instance of webserver. Command is as below:
./deployWebGateInstance.sh –w /Oracle/Middleware/Oracle_WT1/instances/instance1/config/ohs1 –oh /Oracle/Middleware/Oracle_OAMWebGate1
5.       Configure Webgate by running EditHttpdConf.
./EditHttpdConf –w /Oracle/Middleware/Oracle_WT1/instances/instace1/config/OHS/ohs1 –oh /Oracle/Middleware/Oracle_OAMWebGate1 –o webgate.conf
If library path is not set then set it before running this command:
export LD_LIBRARY_PATH=$ LD_LIBRARY_PATH:/Oracle/Middleware/Oracle_WT1/lib
6.       Register Webgate.  There are 2 ways to register Web gate with OAM. Either through rreg or from admin console of OAM.
6.1               Registration with rreg:- go to
$Middleware Home$/Oracle_IDM1/oam/server/rreg/input.

Edit OAM11gRequest_short.xml  and include weblogic admin url, host identifier etc.

Go to $Middleware Home$/Oracle_IDM1/oam/server/rreg/bin

Edit oamreg.sh and set OAM_REG_HOME=$Middleware Home$/Oracle_IDM1/oam/server/rreg
Run ./oamreg.sh inband input/OAM11Grequest.xml

          6.2          Registration with OAM Console:
Create a new 11g web gate agent through Admin console of OAM. If auto create policies is checked then it will create host identifier and application domain automatically.
These authentication schemes and other values can be changed later if required to create new authentication scheme or other policies.

7.       Copying files. Any of this registration process will create 2 files ‘ObAccessClient.xml’ and ‘cWallet.sso’ inside $Middleware Home$/Oracle_IDM1/oam/server/rreg/output folder.
These files need to be copied to 
$Middleware Home$/Oracle_WT1/instances/instance1/config/ohs1/webgate/config
8.       Restart the webserver and application would be protected with the default schemes of OAM.
Labels:

Comments

Post a Comment

Popular posts from this blog

Adding UDF (User Defined Field) on create user page OIM 11g R2 PS1:-

    Login to Sysadmin console and create a Sandbox and activate it. Click on Form Designer and search for user form. 2.      Create a new field of desired type. 3.      Provide the Required Values for UDF creation and click save and close. UDF field will be added then publish the sand box. 4.      Login to Identity console now and create another sandbox and activate it. After sandbox is activated click on users link and the click on create user. 5.      Provide the mandatory values on the form and then click the customize button on top. Select source from the view. 6.      Select the panel where the field has to be added. Select panel form lay out click add content. Select Data component Catalog from the box. 7.      Select UserVO from the bottom. ...
12 comments
Read more

OIM Tuning

Application Module tuning is a critical setting which will affect the UI performance. Following are the recommended application module settings for OIM and these are already set out-of-box (OOB) in later releases of OIM 11g R2. Ensure that these settings are implemented as recommended in your environment. -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60 - Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true - Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1 - Djbo.connectfailover=false -Djbo.max.cursors=5 - Doracle.jdbc.implicitStatementCacheSize=5 - Doracle.jdbc.maxCachedBufferSize=19 open DOMAIN_HOME/bin/setDomainEnv.sh file for the WebLogic Server instance.find these lines: JAVA_OPTIONS="${JAVA_OPTIONS}" export JAVA_OPTIONS and change it to: JAVA_OPTIONS="-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -D...
Post a Comment
Read more

OIM Reports : PS3

Oracle Business Intelligence Publisher is Oracle's primary reporting tool for authoring, manag-ing, and delivering all your highly formatted reports. BI Publisher is shipped with Oracle Identity Manager 11g Release 2 PS3. BI Publisher is deployed and configured as a separate managed server within the same Oracle Identity Manager domain. You have the choice of either leveraging the embedded BI Publisher or a standalone BI Publisher. It is recommended that you use the embedded BI Publisher if there are no other reporting requirements and you only need reporting for Oracle Identity Manager. After BI Publisher configuration, you can take advantage of the standard features of BI Publisher, such as:  Access Policy Reports  Request and Approval Reports  Password Reports  Resource and Entitlement Reports  User Reports  Certification Reports  Identity Audit Reports  Exception Reports The Screenshot of all the reports can be seen below: Every Report uses a Da...
Post a Comment
Read more