The Access Portal Service ships with a configuration package tool that allows you to generate an environment-specific Access Portal Service configuration package for select target applications.
The package will contain pre-configured application templates, as well as Oracle Traffic Director content rewriting and proxy rules that configure the Access Portal Service for the target application.
The application configuration package contains information such as logo, URL, policy, and the Oracle Traffic Director configuration data.
The application configuration package contains the following:
Logo image(s) or URL(s) to the logo image(s) for the application.
Application policies (templates) and password generation policies (if defined) in .INI
format, exported from the Enterprise Single Sign-On Administrative Console (formfill.ini
).
Oracle Traffic Director configuration data as described in the following topic:
See Enabling Form-Fill Single Sign-On for an Application.
Origin server pool definitions to be added to the server.xml
file on the target managed server instance.
Rewriting rules for SED headers, page content, cookies, and so on, to be added to the object.conf
file on the target Oracle Traffic Director instance.
Route configuration directives to be added to the routes.conf
file on the target Oracle Traffic Director instance.
The Oracle Traffic Director configuration data must not contain any hardcoded values such as host names, port numbers, and session identifiers, and should use the preprocessor directives described in the next section.
You must provide the tool with the required environment-specific configuration data.
The following configuration data specific to your target environment needs to be provided:
%OTD_HOST%
%OTD_HTTP_PORT%
%OTD_HTTPS_PORT%
Optionally, you may also provide forward proxy configuration as follows:
%FORWARD_PROXY_HOST%
%FORWARD_PROXY_PORT%
You can create source configuration files before you start to generate an application configuration package. In addition, you can compress the files into a ZIP archive that is named after the target application for easier portability.
The following topics describe how to customize an application configuration package to the target environment:
You must define preprocessor directives in your configuration files because a preprocessor parses the configuration data to apply the configuration to the target Oracle Traffic Director instance.
The preprocessor directives are as follows:
%OTD_HOST%
%OTD_HTTP_PORT%
%OTD_HTTPS_PORT%
Optionally, you can also define the following directives if your environment requires them:
%FORWARD_PROXY_HOST%
%FORWARD_PROXY_PORT%
For example, a regex match URI for an application would look as follows:
.*?https://%OTD_HOST%:%OTD_HTTPS_PORT%/myapplication.*
The object.conf
file includes the Oracle Traffic Director rewriting rules for SED, headers, content, and routes for the target application.
It must not contain any hardcoded values; use the preprocessor directives listed earlier instead.
For example:
<Object name="route-myapplication"><If defined $referer and $referer =~ "$server_url/myapplication/(.*)$">
AuthTrans fn="set-variable" set-headers="referer=https://participant.myapplication.com/$1"
</If>
NameTrans fn="map" to="/" from="/myapplication"
Route fn="set-origin-server" origin-server-pool="origin-server-pool-participant-myapplication-com"
Output fn="insert-filter" filter="sed-response" sed="s|\\(src\\)=\"/\\([^\"]\\)|\\1=\"/myapplication/\\2|g" sed="s|\\(href\\)=\"/\\([^\"]\\)|\\1=\"/myapplication/\\2|g" sed="s|\\(action\\)=\"/\\([^\"]\\)|\\1=\"/myapplication/\\2|g"
Output fn="insert-filter" filter="sed-response" sed="s|https://participant.myapplication.com|https://$urlhost:%OTD_HTTPS_PORT%/myapplication|g"
</Object>
Name this file object.conf
and place it in the common package directory. The package generation tool will create a new file in that directory with the generated prefix in its name.
Name this file server.xml
and place it in the common package directory.
The package generation tool will create a new file in that directory with the generated prefix in its name.
For example:
<origin-server-pool>
<name>origin-server-pool-participant-myapplication-com</name>
<family>inet</family>
<type>https</type>
<origin-server>
<host>participant.myapplication.com</host>
</origin-server>
</origin-server-pool>
Name this file routes.conf
and place it in the common package directory. The package generation tool will create a new file in that directory with the generated prefix in its name.
For example:
<If $uri =~ "/myapplication">
NameTrans fn="assign-name" id="route-myapplication" name="route-myapplication"
</If>
If you need to customize the application configuration package to a target environment, you need to use the apspackageutility.jar
tool.
The tool is located in the following location in the Access Management suite installer archive:
../iamsuite/Disk2/stage/Components/oracle.oam.server/11.1.2.3.0/ 1/DataFiles/Expanded/server/tools/apsapputility
The tool syntax is as follows:
Note:
The package generation tool requires an up-to-date Java Runtime Environment installation.
java -jar apsapputility.jar
-p
properties-file -z
package-file or -d
package-directory
where:
-p
properties-file - full path and name of the property file to process (object.conf
, server.xml
, route.xml
, or formfill.ini
). This file contains the values for the properties listed in Required Environment-Specific Configuration Data.
-z
package-file - full path and name of the package ZIP file (if using a ZIP file), or
-d
package-directory - full path to the directory containing the configuration files (if not using a ZIP file)
The -z
and -d
options are mutually exclusive; use only one or the other.
The tool will add the customized file(s) to the ZIP file or package directory, depending on the selected option; the names of the generated files will contain the generated-
prefix. The generated file(s) will be output one directory up from where the source files are located.
You can deploy the customized application configuration package.
To deploy:
Deploy the generated form-fill application policies (templates) and password generation policies, if defined (generated-formfill.ini
). Log on to the Oracle Access Management Console, navigate to the Applications section and upload the file.
Deploy the generated rewriting rules (generated-object.conf
).
Open the following file in a text editor:
target-otd-instance-directory/config/
server-name-obj.conf
Paste the contents of the generated-object.conf
file inside the following tag:
<Object name="default">
paste contents here
</object>
Deploy the generated origin server pool definitions (generated-server.xml
):
Open the following file in a text editor:
target-otd-instance-directory/config/server.xml
Paste the contents of the generated-server.xml
file inside the following tag:
<server>
paste contents here
</server>
Deploy the generated route conditions (generated-routes.xml
):
Open the following file in a text editor:
target-otd-instance-directory/config/
server-name-obj.conf
Paste the contents of the generated-routes.conf
file at the end of the file.