Setup OAM 11G Webgate for OHS in "SIMPLE" mode
I assume that you already have an OHS running in your environment. If webgate is not already installed, install the webgate as below:
1. Install the WebGate
Unzip the binary file, I have it in V33639.zip. You may have it with another name.
./runinstaller -jreloc <java install location>/jrockit-jdk1.6.0_37-R28.2.5-4.1.0
If you have java from another vendor, provide the install location and directory above
The installation is simple, you could take all the default except for:
Oracle Middleware Home: <provide middleware directory here>
Oracle Home Directory: <webgate1>
Oracle home directory will be created under Middleware.
2. After completing WebGate installation, goto
<MiddleWare>/webgate1/webgate/ohs/tools/deployWebGate
3. Run the following command
./deployWebGateInstance.sh –w <webgate instance directory> -oh <HTTP Server Home>
An example is:
3. Set the library path
4. Edit httpd.conf
cd <MW>/webgate1/webgate/ohs/tools/setup/InstallTools
5. Create the artifacts for new WebGate.
Login to OAM console as admin
goto
System Configuration --> Access Manager --> OAM Agents, click on "Create 11g WebGate"
Name: secureGate2 (choose your own name for webgate)
Security: Simple
Take default for other fields
<OHS instance>/config/OHS/ohs3/webgate/config
2> The other work around involves changing the OAM instance mode to "SIMPLE, create a new WG in SIMPLE mode, roll the OAM instance back to OPEN mode. This procedure works fine but during the period OAM instance is changed to SIMPLE, all other webgate will stop working. Everytime you add a new WebGate in SIMPLE mode, you will have to set the OAM mode to SIMPLE and then roll it back.
--Have fun
The process to setup webgate in "SIMPLE" mode is very similar to setting it up in "OPEN" mode. Check my other blog on setting up the "OPEN" mode.
Simple mode provides encrypted communication between WebGate and OAM server. The certificates are issued by "Oracle". The trusted authority is already included in the OOTB install.
I assume that you already have an OHS running in your environment. If webgate is not already installed, install the webgate as below:
1. Install the WebGate
Unzip the binary file, I have it in V33639.zip. You may have it with another name.
./runinstaller -jreloc <java install location>/jrockit-jdk1.6.0_37-R28.2.5-4.1.0
If you have java from another vendor, provide the install location and directory above
The installation is simple, you could take all the default except for:
Oracle Middleware Home: <provide middleware directory here>
Oracle Home Directory: <webgate1>
Oracle home directory will be created under Middleware.
2. After completing WebGate installation, goto
<MiddleWare>/webgate1/webgate/ohs/tools/deployWebGate
3. Run the following command
./deployWebGateInstance.sh –w <webgate instance directory> -oh <HTTP Server Home>
An example is:
./deployWebGateInstance.sh -w <OHS instance dir>/instance1/config/OHS/ohs1 -oh <MW Dir>/webgate1
3. Set the library path
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:<Middleware>/<OHS (not instance) Install directory>/lib
Example:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/app/oracle/product/mw/web/lib
4. Edit httpd.conf
cd <MW>/webgate1/webgate/ohs/tools/setup/InstallTools
./EditHttpConf -w <OHS instance dir>/instance1/config/OHS/ohs1 -oh <mw>/webgate1
The web server configuration file was successfully updated
../instance1/config/OHS/ohs1/httpd.conf has been backed up as ../instance1/config/OHS/ohs1/httpd.conf.ORIG
5. Create the artifacts for new WebGate.
Login to OAM console as admin
goto
System Configuration --> Access Manager --> OAM Agents, click on "Create 11g WebGate"
Name: secureGate2 (choose your own name for webgate)
Security: Simple
Take default for other fields
The artifacts are generated and stored on OAM server at the location;
5. Copy the artifacts to the OHS server.
Use scp or sftp to transfer the artifacts from the above directory on OAM server to the OHS server
For SIMPLE mode, the artifacts consist of the following files:
1. cwallet.sso
2. ObAccessClient.xml
<OAMDomain>/output/secureGate2 (the webgate name will be different)
5. Copy the artifacts to the OHS server.
Use scp or sftp to transfer the artifacts from the above directory on OAM server to the OHS server
For SIMPLE mode, the artifacts consist of the following files:
1. cwallet.sso
2. ObAccessClient.xml
3. password.xml
4. aaa_key.pem
5. aaa_cert.pem
Copy the first three files to the OHS server under following directory
<OHS instance>/config/OHS/ohs3/webgate/config
Copy the last 2 files to the directory
<OHS instance>/config/OHS/ohs3/webgate/config/simple
Restart the web server.
Restart the web server.
Registration issue:
During the registration of webgate, if OAM instance is running in "OPEN" mode, OAM will not allow to create the webgate in open or cert mode. There are 2 work around for that.
1> create a new instance for name sake only in simple mode. Do not register any WG to this instance. If the instance in there in "SIMPLE" mode, that will allow you to create webgate in open or simple mode.
2> The other work around involves changing the OAM instance mode to "SIMPLE, create a new WG in SIMPLE mode, roll the OAM instance back to OPEN mode. This procedure works fine but during the period OAM instance is changed to SIMPLE, all other webgate will stop working. Everytime you add a new WebGate in SIMPLE mode, you will have to set the OAM mode to SIMPLE and then roll it back.
--Have fun
No comments:
Post a Comment