This appendix explains the purpose and usage of the idm.conf file for applications with a web interface.
This appendix contains the following topics:
In the Oracle Fusion Middleware environment, the highest level configuration file at the web tier is httpd.conf. This file configures Oracle HTTP Server, which processes the web transactions that use the http protocol. Oracle HTTP Server processes each incoming request and determines its routing based on the URL from which the request originates and the resource to be accessed.
Additional configuration files are specified in the httpd.conf file by means of the Apache HTTP Server's Include directive in an Ifmodule block.
Identity management applications in particular make use of the idm.conf configuration file, which is a template that administrators can modify to indicate how incoming requests for protected applications must be handled.
The idm.conf configuration file is divided into four parts, each addressing a distinct security area or zone. Table B-1 lists the zones:
Table B-1 Zones in the idm.conf File
| Zone | Type | Details |
|---|---|---|
|
1 |
Default Access |
|
|
2 |
External Access |
|
|
3 |
Internal Services |
|
|
4 |
Administrative Services |
When updating the idm.conf file, be sure to edit only the zone definition applicable to your requirements.
This zone is the default Oracle HTTP Server endpoint for all inbound traffic. The protocol is http and the context root is in the format authohs.example.com:7777.
This zone is the load-balancer (LBR) external end user endpoint. The protocol is https and the context root is in the format sso.example.com:443.
This zone is the LBR internal endpoint for applications. The protocol is http and the context root is in the format idminternal.example.com:7777.
This zone is the LBR internal endpoint for administrative services. The protocol is https and the context root is in the format admin.example.com:443.
The following sample shows the layout and different zones of the idm.conf file:
NameVirtualHost *:7777
## Default Access
## AUTHOHS.EXAMPLE.COM
<VirtualHost *:7777>
# ServerName http://authohs.example.com:7777 (replace the ServerName below with the actual host:port)
ServerName http://authohs.us.example.com:7777
RewriteEngine On
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
RewriteOptions inherit
UseCanonicalName On
# Admin Server and EM
<Location /console>
SetHandler weblogic-handler
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
<Location /consolehelp>
SetHandler weblogic-handler
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
<Location /em>
SetHandler weblogic-handler
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
# FA service
<Location /fusion_apps>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
#ODSM Related entries
<Location /odsm>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost oidfa.us.example.com
WeblogicPort 7005
</Location>
# OAM Related Entries
<Location /oamconsole>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 17001
</Location>
<Location /oam>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OIM Related Entries
# oim identity self service console
<Location /identity>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity system administration console
<Location /sysadmin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity advanced administration console - Legacy 11gR1 webapp
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# spml xsd profile
<Location /spml-xsd>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# used for FA Callback service.
<Location /callbackResponseService>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Role-SOD profile
<Location /role-sod>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
<Location /sodcheck>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 8001
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
<Location /workflowservice>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# HTTP client service
<Location /HTTPClnt>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# OIF Related Entries
<Location /fed>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 7499
</Location>
</VirtualHost>
## External Access
## SSO.EXAMPLE.COM
<VirtualHost *:7777>
# ServerName https://sso.example.com:443 (replace the ServerName below with the actual host:port)
ServerName https://sso.example.com:443
RewriteEngine On
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
RewriteOptions inherit
UseCanonicalName On
# FA service
<Location /fusion_apps>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OAM Related Entries
<Location /oam>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OIM Related Entries
# oim identity self service console
<Location /identity>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity system administration console
<Location /sysadmin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity advanced administration console - Legacy 11gR1 webapp
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# spml xsd profile
<Location /spml-xsd>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# used for FA Callback service.
<Location /callbackResponseService>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# OIF Related Entries
<Location /fed>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost weblogic-host.example.com
WebLogicPort 7499
</Location>
</VirtualHost>
## IDM Internal services for FA
## IDMINTERNAL.EXAMPLE.COM
<VirtualHost *:7777>
# ServerName http://idminternal.example.com:7777 (replace the ServerName below with the actual host:port)
ServerName http://idminternal.example.com:7777
RewriteEngine On
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
RewriteOptions inherit
UseCanonicalName On
# FA service
<Location /fusion_apps>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OAM Related Entries
<Location /oam>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OIM Related Entries
# oim identity self service console
<Location /identity>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity system administration console
<Location /sysadmin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity advanced administration console - Legacy 11gR1 webapp
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# spml xsd profile
<Location /spml-xsd>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# used for FA Callback service.
<Location /callbackResponseService>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Role-SOD profile
<Location /role-sod>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
<Location /sodcheck>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 8001
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
<Location /workflowservice>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# HTTP client service
<Location /HTTPClnt>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# OIF Related Entries
<Location /fed>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 7499
</Location>
</VirtualHost>
## IDM Admin services for FA
## ADMIN.EXAMPLE.COM
<VirtualHost *:7777>
# ServerName https://admin.example.com:443 (replace the ServerName below with the actual host:port)
ServerName https://admin.example.com:443
RewriteEngine On
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
RewriteOptions inherit
UseCanonicalName On
# Admin Server and EM
<Location /console>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
<Location /consolehelp>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
<Location /em>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
#ODSM Related entries
<Location /odsm>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost oidfa.us.example.com
WeblogicPort 7005
</Location>
# OAM Related Entries
<Location /oamconsole>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WebLogicPort 17001
</Location>
# OIM Related Entries
# oim identity self service console
<Location /identity>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity system administration console
<Location /sysadmin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity advanced administration console - Legacy 11gR1 webapp
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# HTTP client service
<Location /HTTPClnt>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# OIF Related Entries
<Location /fed>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost weblogic-host.example.com
WebLogicPort 7499
</Location>
</VirtualHost>