Thursday Nov 22, 2012

Web Application Integration Steps in OAM 11gR2 (High Level)

  1. Install OAM, Webtier (OHS) and WebGate as per the standard installation steps.
  2. Create a WebGate instance (i.e deploy WebGate)

A WebGate instance must be created that will copy required bits of agent from WEBGATE_HOME to WebGate instance location that shares the same INSTANCE_HOME with OHS

./deployWebGateInstance.sh –w /Oracle/Middleware/Oracle_WT1/instances/instance1/config/ohs1 –oh /Oracle/Middleware/Oracle_OAMWebGate1

Note: Here –w flag indicates OHS instance folder and –oh indicates the WebGate Oracle home

  1. Configure WebGate

In the webgate configuration the EditHttpdConf utility will copy OUI instantiated apache_webgate.template from WEBGATE_HOME to webgate instance location (renamed to webgate.conf), and update httpd.conf with one additional line to include webgate.conf.

export LD_LIBRARY_PATH=$ LD_LIBRARY_PATH:/Oracle/Middleware/Oracle_WT1/lib

Navigate to /Oracle/Middleware/Oracle_OAMWebGate1/webgate/ohs/tools/setup/InstallTools

./EditHttpdConf –w /Oracle/Middleware/Oracle_WT1/instances/instace1/config/OHS/ohs1 –oh /Oracle/Middleware/Oracle_OAMWebGate1 –o webgate.conf

  1. Register WebGate

Use RREG tool to register the OAM 11G WebGate


Navigate to /Oracle/Middleware/Oracle_IDM1/oam/server/rreg/input

Edit OAM11Grequest.xml. Change the specific xml content to include the weblogic admin URL, agentBaseURL, host identifier etc..

Navigate to /Oracle/Middleware/Oracle_IDM1/oam/server/rreg/bin

Set permissions to oamreg.sh à chmod 777 oamreg.sh

Edit oamreg.sh and set OAM_REG_HOME=/Oracle/Middleware/Oracle_IDM1/oam/server/rreg

./oamreg.sh inband input/OAM11Grequest.xml

Enter the WebLogic admin credentials when prompted.

After performing the above steps, there will be two artifcats created under Oracle/Middleware/Oracle_IDM1/oam/server/rreg/output, namely ObAccessClient.xml (Stroing webgate config parameters) and cwallet.sso (storing the agent key). These files must be copied to WebGate instance config folder (/Oracle/Middleware/Oracle_WT1/instances/instance1/config/ohs1/webgate/config)

Restart OHS

  1. Deploy the web application (myApp) in WebLogic application server
  2. Proxy Configuration in OHS

The mod_wl_ohs module enables requests to be proxied from Oracle HTTP Server 11g to Oracle WebLogic Server.

Navigate to /Oracle/Middleware/Oracle_WT1/instances/instance1/config/OHS/ohs1

Edit mod_wl_ohs.conf file to include the following:

<IfModule weblogic_module>

WebLogicHost <WEBLOGIC_HOST>

WebLogicPort <WEBLOGIC_PORT>

# Debug ON

# WLLogFile /tmp/weblogic.log

MatchExpression *.jsp

</IfModule>

<Location /myApp>

SetHandler weblogic-handler

# PathTrim /weblogic

# ErrorPage http:/WEBLOGIC_HOME:WEBLOGIC_PORT/

</Location>

Note: Here WEBLOGIC_HOST and WEBLOGIC_PORT are the WebLogic admin server host and port respectively

Restart OHS. Now if we access the web application URL with OHS host and port

(Ex: http://OHS_HOST:<OHS_PORT>/myApp) so that the requests will be proxied to WebLogic server.

  1. Create a new application domain

Login to OAM Admin Console

Navigate to Shared Componentsà Authentication Schemesà Create Authentication Scheme (Ex: LDAP Auth Scheme. Here the scheme is assoicated with LDAP Authentication Module)

Navigate to Policy Configuration à Application Domain à Create Application Domain

Enter the Application Domain Name and Click Apply.

Navigate to Resources tab and add the resource urls

(Web Application URLs that needs to be protected)

Navigate to Authentication Policy tab à Create a new authentication ploicy by providing the Resource URLs (The sample Web Application URLs) and Authentication Scheme.

Navigate to Authorization Policy tab à Create a new authorization policy à Enter authorization policy name and navigate to Resource Tab à Attach the Reource URL, Host Identifiers here.

Navigate to Conditions tab à Add the conditions like whom to allow and whom to deny access.

Navigate to Rules tab à Crate the Allow Rule and Deny Rule with the available conditions from the previous step so that the Authorization Policy may authorize the logins.

Navigate to Resources tab and attach the Authentication and Authorization plocies created in the above steps.

  1. Test the Web Application Integration.
About

OIM11gR2 Blog by NA-TAG Offshore IDAM team

Search

Categories
Archives
November 2012 »
SunMonTueWedThuFriSat
    
1
2
3
4
5
6
7
8
9
10
11
12
13
14
16
17
18
20
21
23
24
25
26
27
28
 
       
Today