Several remote management modes enable Administrators to update, or validate, or delete an existing agent registration.
This section provides the following topics:
Access Manager provides two modes to manage Application Domains and their policies without registering or modifying the companion agent. Remote policy and Application Domain management supports only create and update functions. Remote management does not support removing Application Domains or policies.
Note:
Application Domain removal is a manual task that must be performed using the Oracle Access Management Console.
Table 25-32 describes these remote Application Domain management modes. Again, command parameters include the mode, and an input *Request.xml
file using a relative path with respect to $OAM_REG_HOME, the preferred location for input files):
./oamreg.sh <mode> <input_file> [prompt_flag] [component.oam.config_file] <mode> value
Table 25-32 Remote Policy Management Modes, Templates, and Flags
Mode and Template | Description |
---|---|
policyCreate $OAM_REG_HOME/input/ CreatePolicyRequest.xml |
Allows Administrators to create Host Identifiers and an Application Domain without registering an Agent.
./bin/oamreg.sh policyCreate input/myCreatePolicyRequest.xml
See Also: "Create Policy Request Template" |
policyUpdate $OAM_REG_HOME/input/ UpdatePolicyRequest.xml |
Allows Administrators to update existing Host Identifiers and Application Domain without updating an Agent. ./bin/oamreg.sh policyUpdate input/UpdatePolicyRequest.xml See Also: "Update Policy Request Template" |
Flag |
Optional |
[prompt_flag] value: [-noprompt] |
When the optional - Examples from $OAM_REG_HOME location: (echo username; echo password; echo webgate_password;) | ./bin/oamreg.sh inband input/Request.xml -noprompt component.oam.conf (echo username; echo password; echo webgate_password; echo httpscert_trust_prompt;) | ./bin/oamreg.sh inband input/Request.xml -noprompt (echo username; echo password; echo webgate_password; echo cert_password;) | ./bin/oamreg.sh inband input/Request.xml -noprompt (echo username; echo password; echo webgate_password; echo httpscert_trust_prompt; echo cert_password;) | ./bin/oamreg.sh inband input/Request.xml -noprompt |
component.oam.config_file |
Optional. Remote registration accepts a configuration file with a URI list as an argument. component.oam.config_file defines the full path to a file containing any number of protected or public URIs. Ensure that the file uses the following syntax and format:
Note: You can configure the authentication scheme for a policyusing the following format (the policy name and authentication scheme name must be separated by a Tab character): <Policy Name> 'tab' <Authentication Scheme Name> For example: ######################## protected_uris ######################## protected policy1 Basic Over LDAP /finance/protected1/** /finance/protected2/** protected policy2 Client Certificate /finance/protected3/*.js,*.png,*.gif ######################## public_uris ######################## /finance/public /finance/test1/public |
The CreatePolicyRequest.xml
file with the remote policyCreate
mode allows Administrators to create Host Identifiers and an Application Domain without creating or updating an agent registration.
Create a Host Identifier add multiple hostPortVariations
(host port pairs).
Create an Application Domain.
Add multiple protected, public, and excluded resources. Resources can be with or without query strings, both are supported.
Create default authentication and authorization policies for the resources that do not require customized policies.
Many of the same parameters are found in the CreatePolicyRequest.xml
file and the expanded (full) Agent registration templates discussed earlier. CreatePolicyRequest.xml
provides elements for Authentication and Authorization Policies and resources (with no <agentName> element).
Some parameters in the CreatePolicyRequest.xml
file are new and not included in the full agent registration XML files, while certain elements in the original agent registration file are used to create or update. However, some elements are The primary differences of CreatePolicyRequest.xml
are specific to:
Elements for Authentication and Authorization Policies and resources are provided
No <agentName> element or related elements are provided
See Also:
UpdatePolicyRequest.xml
and CreatePolicyRequest.xml
are nearly identical. Both provide the same elements, with the exception of the <protectedAuthnScheme
> element.
See Also:
Using UpdatePolicyRequest.xml
, Administrators can:
Update a Host Identifier add multiple hostPortVariations
(host port pairs)
Update an Application Domain
Add multiple protected, public, and excluded resources.(with or without query strings).
Update default authentication and authorization policies for the resources that do not require customized policies
Create customized policies that include:
Policy display name
Policy description
Authentication scheme (Authentication policies only)A subset of resources to be associated with the policy
This topic describes the unique remote management elements for Application Domain management found in the CreatePolicyRequest.xml
and UpdatePolicyRequest.xml
files.
These elements are described in Table 25-33.
See Also:
Table 15-8 for a description of elements common to remote registration and remote management.
Table 25-33 Remote Management Template Elements
Element | Description | Example |
---|---|---|
<rregAuthenticationPolicies> <rregAuthenticationPolicy> |
Specifies the name and description for the Authentication Policy (to use when creating a new policy or updating an existing policy). |
<rregAuthenticationPolicies> <rregAuthenticationPolicy> <name>AuthenticationPolicy1</name> <description>Authentication policy created using policyUpdate mode of rreg tool</description> . . </rregAuthenticationPolicy> </rregAuthenticationPolicies> |
<authnSchemeName> |
Specifies the Authentication Scheme to use in the Authentication Policy. |
<rregAuthenticationPolicies> . . authnSchemeName>LDAPScheme </authnSchemeName> . . </rregAuthenticationPolicy> </rregAuthenticationPolicies> |
<uriList> |
Identifies a resource that requires authentication using the policy. |
<rregAuthenticationPolicies> . . <uriList> - <uriResource> <uri>/res1</uri> <queryString /> </uriResource> </uriList> . . </rregAuthenticationPolicy> </rregAuthenticationPolicies> |
<rregAuthorizationPolicies> <rregAuthorizationPolicy> |
Specifies the name and description for the Authorization Policy (to use when creating it anew or updating an existing policy). |
<rregAuthorizationPolicies> <rregAuthorizationPolicy> <name>AuthorizationPolicy1</name> <description>Authorization policy created using policyUpdate mode of rreg tool</description> . . </rregAuthorizationPolicy> </rregAuthorizationPolicies> |
<uriList> |
Identifies a resource that requires Authorization using the Authorization Policy. |
<rregAuthorizationPolicies> . . <uriList> - <uriResource> <uri>/res1</uri> <queryString /> </uriResource> </uriList> . . </rregAuthorizationPolicy> </rregAuthorizationPolicies> |