15.8 Performing Remote Registration for OAM Agents

This section includes the following topics describing how to perform remote registration, which is similar regardless of the agent type:

15.8.1 Acquiring and Setting Up the Remote Registration Tool

The oamreg client tool can be used anywhere, not just on the OAM Server.

If the oamreg home is already exploded, you can use the following procedure to acquire and update the oamreg script for your operating system:

Windows: oamreg.bat

Linux: oamreg.sh

Note:

Oracle Recommends using the latest tool and files by applying the latest bundle patch and untarring RREG.tar.gz again as described here.

For remote registration, two variables are required: JAVA_HOME and OAM_REG_HOME, as described in Table 15-11.

Table 15-11 Variables Required for Remote Registration

Location Variable Description

Client Side

JAVA_HOME

The JDK 1.6 location on the computer that relies on $JAVA_HOME already set in the environment. (JDK 1.7 can also be used in R2PS3.)

OAM_REG_HOME

The absolute file location for RREG HOME (directory under which RREG.tar was exploded, followed by /rreg and one directory above where the scripts reside).

For example:

$OAM_HOME/oam/server/rreg/client/rreg

If $ORACLE_IDM_HOME is $MW_HOME/Oracle_IDM:

export $OAM_REG_HOME=$MW_HOME/Oracle_IDM/oam/server/rreg

rreg folder location (not RREG.tar.gz location)

JAVA_HOME

Relies on $JAVA_HOME already set in the environment.

OAM_REG_HOME

Is already set in the script during the installation.

See Also:

"Remote Registration Command Arguments and Modes"

  1. Locate RREG.tar.gz file in the following path:

    $ORACLE_HOME/oam/server/rreg/client/RREG.tar.gz

  2. Untar RREG.tar.gz file, which creates directories beneath /client containing the required tool and templates.

  3. In the oamreg script (.../rreg/client/rreg/bin) set environment variables as follows:

    1. Set JAVA_HOME to JDK 1.6 (Table 15-11).

      JDK 1.7 can also be used in R2PS3.

    2. Set OAM_REG_HOME to the exploded_dir_for_RREG.tar/rreg based on your environment (client side or server side Table 15-11).

  4. Proceed with "Creating Your Remote Registration Request".

15.8.2 Creating Your Remote Registration Request

You can create an appropriate *Request*.xml file to provide input for the specific agent you want to register.

Before you begin, read Remote Registration Templates: OAM Agents

  1. Locate the required *Request*.xml input file for the agent you want to register:

    Regardless of the template you choose (short or extended), only a few differences exist between 11g and 10g agent templates stored in $OAM_REG_HOME/input/. For example:

    OAM11GRequest.xml

  2. Copy the request file to a new name. For example:
    • From: OAM11GRequest.xml
    • To: my11gagent_request.xml
  3. In the Request file, modify information to reflect details for your agent and the resources to protect using details in:
  4. Proceed with task needed for your environment:

15.8.3 Performing In-Band Remote Registration

The OAM Administrator within the network performs all tasks. Regardless of agent type, you can perform in-band remote registration.

For this example, an OAM Agent is being registered using the short request on a Linux system. Your agent type, request template, and output files will be different.

See Also:

Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management chapter "Installing and Configuring Oracle HTTP Server 11g WebGate for OAM"

Before you begin, read:

  1. On the computer hosting the Agent, run the registration command and specify your own *Request*.xml as the input file. For example:

    ./bin/oamreg.sh inband input/myagent_request.xml

  2. Provide the registration Administrator user name and password when asked.

    The following example illustrates a sample rreg registration output.

    Welcome to OAM Remote Registration Tool!
Parameters passed to the registration tool are:
Mode: inband
Filename: /scratch/work/mw1916/idm1385/oam/server/rreg/input/1.xml
Enter admin username:oamadminuser
Username: oamadminuser
Enter admin password:
Do you want to enter a Webgate password?(y/n):
n
Do you want to import an URIs file?(y/n):
n

----------------------------------------
Request summary:
OAM Agent Name:RREG_1234
URL String:RREG_1234
Registering in Mode:inband
Your registration request is being sent to the Admin server at: http://slc01huw.us.example.com:20081
----------------------------------------

Inband registration process completed successfully! Output artifacts are created in the output folder.

    The output folder is in the same location where RREG.tar.gz was expanded: /rreg/output/AgentName/

  3. Review the native configuration file created for the agent in the /rreg/output/AgentName/ folder.

  4. Finalize Registration: Perform the following steps to replace the earlier agent configuration file if it is not already replaced:

    1. Copy artifacts in /rreg/output/AgentName/ to update the agent configuration. For example:

      From the AdminServer (Console) host

      /rreg/output/Agent_Name/ObAccessClient.xml and cwallet.sso

      To the Agent host: $11gWG_install_dir/WebGate/config. For example:

      • $WebTier_MW_Home/Oracle_WT1/instances/instance1
      • /config/OHS/ohs1/WebGate/config

    2. Restart the OAM Server hosting the agent.

  5. Proceed with "Validating Remote Registration and Resource Protection".

15.8.4 Performing Out-of-Band Remote Registration

This section provides steps for Administrators outside (and inside) the network as they work together to register an agent remotely. During out-of-band remote registration, an administrator outside the network submits a registration request to an Administrator within the network. After processing the request, the in-band Administrator returns the following files to the out-of-band Administrator to configure his environment.

Table 15-12 Files Returned by in-band Administrator to out-of-band Administrator

File Description

agentName_Response.xml

Returned to, and used by, the out-of-band Administrator. Oracle recommends that you do not open or edit agentName_Response.xml.

Native Web server configuration files

Returned to, and used by, the out-of-band Administrator to update his Web server.

See Also

"Updating Agent Configuration Files"

The steps performed by each Administrator are identified:

  • In-Band Administrator: Identifies a task performed by the Web server Administrator within the network.

  • Out-of-Band Administrator Identifies a task performed by the Web server Administrator outside the network

See Also:

Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management chapter "Installing and Configuring Oracle HTTP Server 11g WebGate for OAM"

Steps here illustrate registering an OAM Agent on a Linux system. Your templates and output files will be different.

Before you begin, read Acquiring and Setting Up the Remote Registration Tool

See Also:

Registering and Using Agents with Access Manager, if needed.

  1. Out-of-Band Administrator: Create and send your starting_request.xml file to the in-band Administrator for processing (see "Creating Your Remote Registration Request"):

    $WLS_Home/Middleware/Oracle_$IDM1/oam/server/rreg/client/rreg/output/AgentName/starting_request.xml

  2. In-Band Administrator:

    1. Run the registration command and specify the out-of-band Administrator's starting_request.xml as the input file. For example:

      ./bin/oamreg.sh outofband input/starting_request.xml

    2. Provide the Registration Administrator user name and password when asked.

    3. Read messages on-screen to confirm:

      Success: "... registration process completed successfully!

      Response.xml location: "... created in input folder ..."

      The input folder is in the same location where RREG.tar.gz was expanded: /rreg/input/

    4. Return the agentName_Response.xml file to the out-of-band Administrator along with any other artifacts. For example:

      agentName_Response.xml

  3. Out-of-Band Administrator: Updates the environment, as follows.

    1. On the computer hosting the Agent, run the remote registration command and specify the received agentName_Response.xml as the input file. For example:

      ./bin/oamreg.sh outofband input/agentName_Response.xml

    2. Copy artifacts generated in /rreg/output/AgentName/ to update the agent configuration (), then restart the OAM Server hosting the agent. For example, ObAccessClient.xml and cwallet.sso:

      From the AdminServer (Console) host /rreg/output/Agent_Name/ObAccessClient.xml and cwallet.sso

      To the Agent host: $11gWG_install_dir/WebGate/config. For example:

      • $WebTier_MW_Home/Oracle_WT1/instances/instance1
      • /config/OHS/ohs1/WebGate/config

    3. Proceed with "Validating Remote Registration and Resource Protection".