OAM Administration :

====================
Pre-req : oid_ovd_instance01, IAMDomain(AdminServer, oam_server1)
Installation : webserver(OHS, IHS, IIS, Apache, OTD, iPlanet), Webgate.
Vanilla SSO Solution :
Terminlogies : webserver/OHS/WebTier/Webgate Instance/Agent
1. Configure the webserver instance
#xhost +
#su - weblogic
cd /d01/Weblogic/FMW/Oracle_WT1/bin
./config.sh
Verify :
http://idm.oraclefusion4all.com:7777/
https://idm.oraclefusion4all.com:4443
2. Deploy the webgate to webserver instance => "webgate instance"
cd /d01/Weblogic/FMW/Oracle_OAMWebGate11gR2/webgate/ohs/tools/de
ployWebGate
Verify :
webgate folder will be created in webserver instance loc
ation.
3. Configure the httpd.conf file or webserver configuration file.
cd /d01/Weblogic/FMW/Oracle_OAMWebGate11gR2/webgate/ohs/tools/se
tup/InstallTools
export LD_LIBRARY_PATH=/d01/Weblogic/FMW/Oracle_WT1/lib
export PATH=$LD_LIBRARY_PATH:$PATH
./EditHttpConf -oh /d01/Weblogic/FMW/Oracle_OAMWebGate11gR2/ -w
/d01/Weblogic/FMW/Oracle_WT1/instances/ohs_webgate11gR2Console/config/OHS/ohs1/
Verify :
1. httpd.conf will be backed up
2. webgate.conf inlcude directive will be added to httpd.conf.
3. webgate.conf will be created.
4. integrate the "webgate instance" with oam_server1.
pre-req : AdminServer and oam_server1 need to be up and running.
A) Using the OAMConsole
http://idm.oraclefusion4all.com:7001/oamconsole
weblogic/Oracle123
SSO Agents => Create 11g Webgate
cd
Domain/output/Webgate11gR2Console

/d01/Weblogic/FMW/user_projects/domains/IAM

cp -r ObAccessClient.xml cwallet.sso /d01/Weblog

ic/FMW/Oracle_WT1/instances/ohs_webgate11gR2Console/config/OHS/ohs1/webgate/conf
ig/

-> OAM 11.1.2.2 supports backward compatibility

of agents(it is used in migration projects)
Verify : restart the ohs server and verify the SSO.
B) using RREG(Remote Registration Tool)
cd /d01/Weblogic/FMW/Oracle_IAM1/oam/server/rreg
/input
vi OAM11GRequest.xml
<serverAddress>http://idm.oraclefusion4a
ll.com:7001</serverAddress>
<hostIdentifier>RREG_HostId11G</hostIden
tifier>
<agentName>RREG_OAM11GWebgate</agentName
>
<agentBaseUrl>http://idm.oraclefusion4al
l.com:7778</agentBaseUrl>
<applicationDomain>RREG_OAM11GDefaultAPP
Domain</applicationDomain>
cd /d01/Weblogic/FMW/Oracle_IAM1/oam/server/rreg
/bin
export JAVA_HOME=/stage/jdk1.6.0_35/
export PATH=$JAVA_HOME/bin:$PATH
./oamreg.sh inband /d01/Weblogic/FMW/Oracle_IAM1
/oam/server/rreg/input/OAM11GRequest.xml
Output artifacts are created in the outp
ut folder.
cd

/d01/Weblogic/FMW/Oracle_IAM1/oam/server

/rreg/output/RREG_OAM11GWebgate
cp -r ObAccessClient.xml cwallet.sso /d01/Weblog
ic/FMW/Oracle_WT1/instances/ohsWebgate11gR2RREG/config/OHS/ohs2/webgate/config/
Verify : restart the ohs server and verify the S
SO.
5. Integrate oam_server1 with OVD
A) System Store - oamconsole access to only OAMAdministrators gr
oup in OVD & Default Store - OVD user section(all 2000+ users) will be AuthN/Au
thZ against this store.
B) OVD AuthN Provider - will AuthN only members of OAMAdministra
tors group in OVD against oamconsole.
C) OAM Identity Asserter :
Symptoms : 1. If SSO page followed by ap
plication specific login page is prompted or login pages coming twice.
2. If attributes
are not asserted from oam.
Verify :

Note : http://idm.oraclefusion4all.com:7001/oamconsole
is deployed on A
dminServer, in case SSO services are not proper then as best practice look for t
he activeness of OAM deployments.
6. Default Artifacts and technical flow of SSO
1. Host Identifiers : The webserver host and port where agent is deploye
d, also required to create resources.
2. Application Domain : Collection of resources and policies.
3. Technical flow of SSO.

Application Onboarding :
========================
J2EE - Primavera