- Install OAM, Webtier (OHS) and WebGate as per the standard installation steps.
- Create a WebGate instance (i.e deploy WebGate)
A WebGate instance must be created that will copy required bits of agent from WEBGATE_HOME to WebGate instance location that shares the same INSTANCE_HOME with OHS
./deployWebGateInstance.sh–w /Oracle/Middleware/Oracle_WT1/instances/instance1/config/ohs1–oh /Oracle/Middleware/Oracle_OAMWebGate1 Note: Here–w flag indicates OHS instance folder and –oh indicates the WebGate Oracle
home |
- Configure WebGate
In the webgate configuration the EditHttpdConf utility will copy OUI instantiated apache_webgate.template from WEBGATE_HOME to webgate instance location (renamed to webgate.conf), and update httpd.conf with one additional line to include webgate.conf.
export LD_LIBRARY_PATH=$
LD_LIBRARY_PATH:/Oracle/Middleware/Oracle_WT1/lib Navigate
to /Oracle/Middleware/Oracle_OAMWebGate1/webgate/ohs/tools/setup/InstallTools ./EditHttpdConf–w /Oracle/Middleware/Oracle_WT1/instances/instace1/config/OHS/ohs1 –oh
/Oracle/Middleware/Oracle_OAMWebGate1 –o webgate.conf |
- Register WebGate
Use RREG tool to register the OAM 11G WebGate
Navigate
to /Oracle/Middleware/Oracle_IDM1/oam/server/rreg/input Edit
OAM11Grequest.xml. Change the specific xml content to include the weblogic admin URL, agentBaseURL, host
identifier etc.. Navigate
to /Oracle/Middleware/Oracle_IDM1/oam/server/rreg/bin Set
permissions to oamreg.sh à chmod 777 oamreg.sh Edit
oamreg.sh and set OAM_REG_HOME=/Oracle/Middleware/Oracle_IDM1/oam/server/rreg ./oamreg.sh
inband input/OAM11Grequest.xml Enter
the WebLogic admin credentials when prompted. |
After performing the above steps, there will be two artifcats created under Oracle/Middleware/Oracle_IDM1/oam/server/rreg/output, namely ObAccessClient.xml (Stroing webgate config parameters) and cwallet.sso (storing the agent key). These files must be copied to WebGate instance config folder (/Oracle/Middleware/Oracle_WT1/instances/instance1/config/ohs1/webgate/config)
Restart OHS
- Deploy the web application (myApp) in WebLogic application server
- Proxy Configuration in OHS
The mod_wl_ohs module enables requests to be proxied from Oracle HTTP Server 11g to Oracle WebLogic Server.
Navigate
to /Oracle/Middleware/Oracle_WT1/instances/instance1/config/OHS/ohs1 Edit
mod_wl_ohs.conf file to include the following: <IfModule weblogic_module> WebLogicHost <WEBLOGIC_HOST> WebLogicPort <WEBLOGIC_PORT> # Debug ON # WLLogFile /tmp/weblogic.log MatchExpression *.jsp </IfModule> <Location /myApp> SetHandler weblogic-handler # PathTrim /weblogic # ErrorPage http:/WEBLOGIC_HOME:WEBLOGIC_PORT/ </Location> Note: Here WEBLOGIC_HOST and WEBLOGIC_PORT are
the WebLogic admin server host and port respectively |
Restart OHS. Now if we access the web application URL with OHS host and port
(Ex: http://OHS_HOST:<OHS_PORT>/myApp) so that the requests will be proxied to WebLogic server.
- Create a new application domain
Login to OAM Admin Console Navigate to Shared Componentsà Authentication Schemesà Create Authentication Scheme (Ex: LDAP Auth Scheme.
Here the scheme is assoicated with LDAP Authentication Module) Navigate to Policy Configuration à Application Domain à Create Application Domain Enter the Application Domain Name and Click Apply. Navigate to Resources tab and add the resource
urls (Web Application
URLs that needs to be protected) Navigate to Authentication Policy tab à Create a
new authentication ploicy by providing the Resource URLs (The sample Web
Application URLs) and Authentication Scheme. Navigate to Authorization Policy tab à Create a new authorization policy à Enter authorization policy name and navigate to Resource
Tab à Attach the Reource URL, Host Identifiers here. Navigate to Conditions tab à Add the conditions like whom to allow and whom to
deny access. Navigate to Rules tab à Crate the Allow Rule and Deny Rule with the
available conditions from the previous step so that the Authorization Policy
may authorize the logins. Navigate to Resources tab and attach the
Authentication and Authorization plocies created in the above steps. |
- Test the Web Application Integration.