Web Application Integration Steps in OAM 11gR2 (High Level)
- by Venkata Srikanth
Install OAM, Webtier (OHS)
and WebGate as per the standard installation steps.
Create a WebGate instance
(i.e deploy WebGate)
A WebGate
instance must be created that will copy required bits of agent from
WEBGATE_HOME to WebGate instance location that shares the same INSTANCE_HOME
with OHS
./deployWebGateInstance.sh
–w /Oracle/Middleware/Oracle_WT1/instances/instance1/config/ohs1
–oh /Oracle/Middleware/Oracle_OAMWebGate1
Note: Here
–w flag indicates OHS instance folder and –oh indicates the WebGate Oracle
home
Configure WebGate
In the webgate
configuration the EditHttpdConf
utility will copy OUI instantiated apache_webgate.template from WEBGATE_HOME to
webgate instance location (renamed to webgate.conf), and update httpd.conf with
one additional line to include webgate.conf.
export LD_LIBRARY_PATH=$
LD_LIBRARY_PATH:/Oracle/Middleware/Oracle_WT1/lib
Navigate
to /Oracle/Middleware/Oracle_OAMWebGate1/webgate/ohs/tools/setup/InstallTools
./EditHttpdConf
–w /Oracle/Middleware/Oracle_WT1/instances/instace1/config/OHS/ohs1 –oh
/Oracle/Middleware/Oracle_OAMWebGate1 –o webgate.conf
Register WebGate
Use RREG tool to register the OAM
11G WebGate
Navigate
to /Oracle/Middleware/Oracle_IDM1/oam/server/rreg/input
Edit
OAM11Grequest.xml. Change the specific xml content to include the weblogic admin URL, agentBaseURL, host
identifier etc..
Navigate
to /Oracle/Middleware/Oracle_IDM1/oam/server/rreg/bin
Set
permissions to oamreg.sh à chmod 777 oamreg.sh
Edit
oamreg.sh and set OAM_REG_HOME=/Oracle/Middleware/Oracle_IDM1/oam/server/rreg
./oamreg.sh
inband input/OAM11Grequest.xml
Enter
the WebLogic admin credentials when prompted.
After performing the above steps,
there will be two artifcats created under
Oracle/Middleware/Oracle_IDM1/oam/server/rreg/output, namely ObAccessClient.xml (Stroing webgate
config parameters) and cwallet.sso
(storing the agent key). These files must be copied to WebGate instance config
folder
(/Oracle/Middleware/Oracle_WT1/instances/instance1/config/ohs1/webgate/config)
Restart OHS
Deploy the web application
(myApp) in WebLogic application
server
Proxy Configuration in OHS
The mod_wl_ohs module enables requests to
be proxied from Oracle HTTP Server 11g to Oracle WebLogic Server.
Navigate
to /Oracle/Middleware/Oracle_WT1/instances/instance1/config/OHS/ohs1
Edit
mod_wl_ohs.conf file to include the following:
<IfModule weblogic_module>
WebLogicHost <WEBLOGIC_HOST>
WebLogicPort <WEBLOGIC_PORT>
# Debug ON
# WLLogFile /tmp/weblogic.log
MatchExpression *.jsp
</IfModule>
<Location /myApp>
SetHandler weblogic-handler
# PathTrim /weblogic
# ErrorPage http:/WEBLOGIC_HOME:WEBLOGIC_PORT/
</Location>
Note: Here WEBLOGIC_HOST and WEBLOGIC_PORT are
the WebLogic admin server host and port respectively
Restart OHS. Now
if we access the web application URL with OHS host and port
(Ex: http://OHS_HOST:<OHS_PORT>/myApp)
so that the requests will be proxied to WebLogic server.
Create
a new application domain
Login to OAM Admin Console
Navigate to Shared Componentsà Authentication Schemesà Create Authentication Scheme (Ex: LDAP Auth Scheme.
Here the scheme is assoicated with LDAP Authentication Module)
Navigate to Policy Configuration à Application Domain à Create Application Domain
Enter the Application Domain Name and Click Apply.
Navigate to Resources tab and add the resource
urls
(Web Application
URLs that needs to be protected)
Navigate to Authentication Policy tab à Create a
new authentication ploicy by providing the Resource URLs (The sample Web
Application URLs) and Authentication Scheme.
Navigate to Authorization Policy tab à Create a new authorization policy à Enter authorization policy name and navigate to Resource
Tab à Attach the Reource URL, Host Identifiers here.
Navigate to Conditions tab à Add the conditions like whom to allow and whom to
deny access.
Navigate to Rules tab à Crate the Allow Rule and Deny Rule with the
available conditions from the previous step so that the Authorization Policy
may authorize the logins.
Navigate to Resources tab and attach the
Authentication and Authorization plocies created in the above steps.
Test
the Web Application Integration.
