Provision a WebGate with Oracle Access Manager 11g

  1. Acquire the Tool: On the computer to host the WebGate, acquire the remote registration tool and set up the script for your environment. For example:
    1. Locate RREG.tar.gz file in the following path:
      WLS_home/Middleware/domain_home/oam/server/rreg/client/RREG.tar.gz
    2. Untar RREG.tar.gz file to any suitable location. For example: rreg/bin/oamreg.
    3. In the oamreg script, set the following environment variables based on your situation (client side or server side) and information in Table 6–7 in the Oracle Fusion Middleware Administrator’s Guide for Oracle Access Manager with Oracle Security Token Service:
      OAM_REG_HOME = exploded_dir_for_RREG.tar/rreg
      JDK_HOME = Java_location_on_the_computer
  2. Create the registration request:
    1. Locate the *Request_short.xml file and copy it to a new location and name. For example:
      WLS_home/Middleware/domain_home/oam/server/rreg/bin/oamreg/

      Copy: OAMRequest_short.xml (or OAM 11gRequest.xml)

      To: my-wl-agent1.xml

    2. Edit my-wl-agent1.xml to include details for your environment, and set automatic policy creation to false. For example:
      <OAMRegRequest>
      <serverAddress>http://sample.us.oracle.com:7001</serverAddress>
      <hostIdentifier>my-wl</hostIdentifier>
      <agentName>my-wl-agent1</agentName>
      <primaryCookieDomain>.us.example.com</primaryCookieDomain>
      <autoCreatePolicy>false</autoCreatePolicy>
      <logOutUrls><url>/oamsso/logout.html</url></logOutUrls>
      </OAMRegRequest>

       

  3. Provision the agent. For example:
    1. Locate the remote registration script.
      Linux: rreg/bin/oamreg.sh
      Ensure the script has executable permission: chmod +x oamreg.sh
      Windows: rreg\bin\oamreg.bat
    2. From the directory containing the script, execute the script using inband mode. For example:

      $ ./bin/oamreg.sh inband input/my-wl-agent1.xml

      Welcome to OAM Remote Registration Tool!
      Parameters passed to the registration tool are:
      Mode: inband
      Filename: ...
    3. When prompted, enter the following information using values for your environment:
      Enter your agent username: userame
      Username:  userame
      Enter agent password: ********
      Do you want to enter a Webgate password?(y/n)
      n
      iv.Do you want to import an URIs file?(y/n)
      n
    4. Review the final message to confirm that this was a successful registration:
      Inband registration process completed successfully! Output artifacts are 
      created in the output folder"
  4. Confirm in the Console: Log in to the Oracle Access Manager Console and review the new registration:
    1. From the OAM 11g Console System Configuration tab, Access Manager Settings section, expand the SSO Agents nodes to search for the agent you just provisioned:
      Access Manager Settings
      SSO Agents
      OAM Agents
      Search
    2. In the Search Results table, click the agent’s name to display the registration page and review the details, which you will use later. For example:

      Agent Name—During WebGate installation, enter this as the WebGate ID. If you deploy the custom 10g AccessGate, enter this as the AccessGate Name when configuring the OAM Authentication Provider in the WebLogic Administration Console.

      Access Client Password—During WebGate installation, enter this as the WebGate password. If no password was entered, you can leave the field blank.

      Access Server Host Name—Enter the DNS host name for the primary OAM 11g Server with which this WebGate is registered.

    3. OAM Proxy Port—From the Oracle Access Manager Console, System Configuration tab, Common Configuration section, open Server Instances and locate the port on which the OAM Proxy is running.
  5. Ignore the Obaccessclient.xml file, which is created during provisioning, for now.
  6. Proceed as needed for your environment:
    • Agent is Installed: Go to the appropriate module for the implementation:
      • Configuring Identity Assertion for SSO with Oracle Access Manager 11g
      • Configuring the Authenticator Function for Oracle Access Manager 11g
      • Configuring Identity Assertion for Oracle Web Services Manager and OAM 11g
      • Configuring Centralized Log Out for Oracle Access Manager 11g

Leave a Reply

Your email address will not be published. Required fields are marked *