Skip Headers
Oracle® Fusion Middleware Integration Guide for Oracle Identity Management Suite
11g Release 2 (11.1.2)

Part Number E27123-03
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

B The idm.conf File

This appendix explains the purpose and usage of the idm.conf file for applications with a web interface.

This appendix contains the following topics:

B.1 About the idm.conf File

In the Oracle Fusion Middleware environment, the highest level configuration file at the web tier is httpd.conf. This file configures Oracle HTTP Server, which processes the web transactions that use the http protocol. Oracle HTTP Server processes each incoming request and determines its routing based on the URL from which the request originates and the resource to be accessed.

Additional configuration files are specified in the httpd.conf file by means of the Apache HTTP Server's Include directive in an Ifmodule block.

Identity management applications in particular make use of the idm.conf configuration file, which is a template that administrators can modify to indicate how incoming requests for protected applications must be handled.

The idm.conf configuration file is divided into four parts, each addressing a distinct security area or zone. Table B-1 lists the zones:

Table B-1 Zones in the idm.conf File

Zone Type Details

1

Default Access

Section B.1.1

2

External Access

Section B.1.2

3

Internal Services

Section B.1.3

4

Administrative Services

Section B.1.4


When updating the idm.conf file, be sure to edit only the zone definition applicable to your requirements.

B.1.1 The Default Access Zone

This zone is the default Oracle HTTP Server endpoint for all inbound traffic. The protocol is http and the context root is in the format authohs.example.com:7777.

B.1.2 The External Access Zone

This zone is the load-balancer (LBR) external end user endpoint. The protocol is https and the context root is in the format sso.example.com:443.

B.1.3 The Internal Services Zone

This zone is the LBR internal endpoint for applications. The protocol is http and the context root is in the format idminternal.example.com:7777.

B.1.4 The Administrative Services Zone

This zone is the LBR internal endpoint for administrative services. The protocol is https and the context root is in the format admin.example.com:443.

B.2 Example idm.conf File

The following sample shows the layout and different zones of the idm.conf file:

NameVirtualHost *:7777
 
## Default Access
## AUTHOHS.EXAMPLE.COM
 
<VirtualHost *:7777>
#  ServerName http://authohs.example.com:7777 (replace the ServerName below with the actual host:port)
   ServerName http://authohs.us.example.com:7777
   RewriteEngine On
   RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
   RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
   RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
   RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
   RewriteOptions inherit
   UseCanonicalName On
 
# Admin Server and EM
 
   <Location /console>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WeblogicPort 17001
   </Location>
 
   <Location /consolehelp>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WeblogicPort 17001
   </Location>
 
   <Location /em>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WeblogicPort 17001
   </Location>
 
# FA service
 
   <Location /fusion_apps>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 14100
   </Location>
 
#ODSM Related entries
   <Location /odsm>
        SetHandler weblogic-handler
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WebLogicHost oidfa.us.example.com
        WeblogicPort 7005
   </Location>
 
# OAM Related Entries   
 
   <Location /oamconsole>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 17001
   </Location>
 
   <Location /oam>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 14100
   </Location>
 
# OIM Related Entries
 
# oim self and advanced admin webapp consoles(canonic webapp)
 
   <Location /oim>
      SetHandler weblogic-handler
      WLCookieName    oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# oim admin console(idmshell based)
   <Location /admin>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
 
# xlWebApp - Legacy 9.x webapp (struts based)
   <Location /xlWebApp>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Nexaweb WebApp - used for workflow designer and DM
   <Location /Nexaweb>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# spml xsd profile
   <Location /spml-xsd>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# used for FA Callback service.
   <Location /callbackResponseService>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Role-SOD profile
   <Location /role-sod>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
   <Location /sodcheck>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 8001
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
   <Location /workflowservice>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# HTTP client service
   <Location /HTTPClnt>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
 
# OIF Related Entries
 
   <Location /fed>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 7499
   </Location>
 
</VirtualHost>
 
## External Access
## SSO.EXAMPLE.COM
 
<VirtualHost *:7777>
#  ServerName https://sso.example.com:443 (replace the ServerName below with the actual host:port)
   ServerName https://sso.example.com:443
   RewriteEngine On
   RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
   RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
   RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
   RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
   RewriteOptions inherit
   UseCanonicalName On
 
# FA service
   <Location /fusion_apps>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost us.example.com
      WebLogicPort 14100
   </Location>
 
# OAM Related Entries   
 
   <Location /oam>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost us.example.com
      WebLogicPort 14100
   </Location>
 
# OIM Related Entries
 
# oim self and advanced admin webapp consoles(canonic webapp)
 
   <Location /oim>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# oim admin console(idmshell based)
   <Location /admin>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# xlWebApp - Legacy 9.x webapp (struts based)
   <Location /xlWebApp>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Nexaweb WebApp - used for workflow designer and DM
   <Location /Nexaweb>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# spml xsd profile
   <Location /spml-xsd>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# used for FA Callback service.
   <Location /callbackResponseService>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# OIF Related Entries
   <Location /fed>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost weblogic-host.example.com
      WebLogicPort 7499
   </Location>
   
</VirtualHost>
 
## IDM Internal services for FA
## IDMINTERNAL.EXAMPLE.COM
 
<VirtualHost *:7777>
#  ServerName http://idminternal.example.com:7777 (replace the ServerName below with the actual host:port)
   ServerName http://idminternal.example.com:7777
   RewriteEngine On
   RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
   RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
   RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
   RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
   RewriteOptions inherit
   UseCanonicalName On
 
# FA service
   <Location /fusion_apps>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 14100
   </Location>
 
 
# OAM Related Entries   
 
   <Location /oam>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 14100
   </Location>
 
# OIM Related Entries
 
# oim self and advanced admin webapp consoles(canonic webapp)
 
   <Location /oim>
      SetHandler weblogic-handler
      WLCookieName    oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# xlWebApp - Legacy 9.x webapp (struts based)
   <Location /xlWebApp>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Nexaweb WebApp - used for workflow designer and DM
   <Location /Nexaweb>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# spml xsd profile
   <Location /spml-xsd>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# used for FA Callback service.
   <Location /callbackResponseService>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Role-SOD profile
   <Location /role-sod>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
   <Location /sodcheck>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 8001
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
   <Location /workflowservice>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# HTTP client service
   <Location /HTTPClnt>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>  
 
# OIF Related Entries
 
   <Location /fed>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 7499
   </Location>
 
 
</VirtualHost>
 
## IDM Admin services for FA
## ADMIN.EXAMPLE.COM
 
<VirtualHost *:7777>
#  ServerName https://admin.example.com:443 (replace the ServerName below with the actual host:port)
   ServerName https://admin.example.com:443
   RewriteEngine On
   RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
   RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
   RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
   RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
   RewriteOptions inherit
   UseCanonicalName On
 
# Admin Server and EM
 
   <Location /console>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost us.example.com
      WeblogicPort 17001
   </Location>
 
   <Location /consolehelp>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost us.example.com
      WeblogicPort 17001
   </Location>
 
   <Location /em>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost us.example.com
      WeblogicPort 17001
   </Location>
 
#ODSM Related entries
   <Location /odsm>
        SetHandler weblogic-handler
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WebLogicHost oidfa.us.example.com
        WeblogicPort 7005
   </Location>
 
# OAM Related Entries   
 
   <Location /oamconsole>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost us.example.com
      WebLogicPort 17001
   </Location>
 
 
# OIM Related Entries
 
# oim self and advanced admin webapp consoles(canonic webapp)
 
   <Location /oim>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# oim admin console(idmshell based)
   <Location /admin>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
 
# xlWebApp - Legacy 9.x webapp (struts based)
   <Location /xlWebApp>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Nexaweb WebApp - used for workflow designer and DM
   <Location /Nexaweb>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# HTTP client service
   <Location /HTTPClnt>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# OIF Related Entries
   <Location /fed>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost weblogic-host.example.com
      WebLogicPort 7499
   </Location>
  
</VirtualHost>