Académique Documents
Professionnel Documents
Culture Documents
====================
Pre-req : oid_ovd_instance01, IAMDomain(AdminServer, oam_server1)
Installation : webserver(OHS, IHS, IIS, Apache, OTD, iPlanet), Webgate.
Vanilla SSO Solution :
Terminlogies : webserver/OHS/WebTier/Webgate Instance/Agent
1. Configure the webserver instance
#xhost +
#su - weblogic
cd /d01/Weblogic/FMW/Oracle_WT1/bin
./config.sh
Verify :
http://idm.oraclefusion4all.com:7777/
https://idm.oraclefusion4all.com:4443
2. Deploy the webgate to webserver instance => "webgate instance"
cd /d01/Weblogic/FMW/Oracle_OAMWebGate11gR2/webgate/ohs/tools/de
ployWebGate
Verify :
webgate folder will be created in webserver instance loc
ation.
3. Configure the httpd.conf file or webserver configuration file.
cd /d01/Weblogic/FMW/Oracle_OAMWebGate11gR2/webgate/ohs/tools/se
tup/InstallTools
export LD_LIBRARY_PATH=/d01/Weblogic/FMW/Oracle_WT1/lib
export PATH=$LD_LIBRARY_PATH:$PATH
./EditHttpConf -oh /d01/Weblogic/FMW/Oracle_OAMWebGate11gR2/ -w
/d01/Weblogic/FMW/Oracle_WT1/instances/ohs_webgate11gR2Console/config/OHS/ohs1/
Verify :
1. httpd.conf will be backed up
2. webgate.conf inlcude directive will be added to httpd.conf.
3. webgate.conf will be created.
4. integrate the "webgate instance" with oam_server1.
pre-req : AdminServer and oam_server1 need to be up and running.
A) Using the OAMConsole
http://idm.oraclefusion4all.com:7001/oamconsole
weblogic/Oracle123
SSO Agents => Create 11g Webgate
cd
Domain/output/Webgate11gR2Console
/d01/Weblogic/FMW/user_projects/domains/IAM
/d01/Weblogic/FMW/Oracle_IAM1/oam/server
/rreg/output/RREG_OAM11GWebgate
cp -r ObAccessClient.xml cwallet.sso /d01/Weblog
ic/FMW/Oracle_WT1/instances/ohsWebgate11gR2RREG/config/OHS/ohs2/webgate/config/
Verify : restart the ohs server and verify the S
SO.
5. Integrate oam_server1 with OVD
A) System Store - oamconsole access to only OAMAdministrators gr
oup in OVD & Default Store - OVD user section(all 2000+ users) will be AuthN/Au
thZ against this store.
B) OVD AuthN Provider - will AuthN only members of OAMAdministra
tors group in OVD against oamconsole.
C) OAM Identity Asserter :
Symptoms : 1. If SSO page followed by ap
plication specific login page is prompted or login pages coming twice.
2. If attributes
are not asserted from oam.
Verify :
Note : http://idm.oraclefusion4all.com:7001/oamconsole
is deployed on A
dminServer, in case SSO services are not proper then as best practice look for t
he activeness of OAM deployments.
6. Default Artifacts and technical flow of SSO
1. Host Identifiers : The webserver host and port where agent is deploye
d, also required to create resources.
2. Application Domain : Collection of resources and policies.
3. Technical flow of SSO.
Application Onboarding :
========================
J2EE - Primavera