You can use either the Oracle Access Management Console or the remote registration tool for Agent registration and updates. Unless explicitly stated, information in this section applies to agent registration using either of these tools.
This section provides the following details.
Administrators must register each Agent to operate with Access Manager. Only registered agents can communicate with an OAM Server, and process information for a user attempting to access a protected resource.
The agent is presumed to reside on the computer hosting the application to be protected. However, it can reside on a proxy Web server and the application on a different host.
An agent key and partner key are created during registration. You can also create policies to protect the application during agent registration. If you choose to automatically create policies during agent registration, a host identifier and Application Domain are created with basic policies and resource definitions. Later on, you can view and manage the Application Domain and policies.
Note:
You can register multiple WebGates or Access Clients under a single host identifier, with the same Application Domain and policies, as follows:
When you register a WebGate, allow the process to create a host identifier (a name of your choice), and enable "Auto Create Policies".
Register a second WebGate with the same host identifier as Step 1, and clear the "Auto Create Policies" box to eliminate policy creation.
Following a successful registration (using either the console or remote registration tool), the full agent registration appears in the Oracle Access Management Console and is propagated to all Managed Servers in the cluster. Table 14-4 identifies the keys and policies generated during agent registration.
Table 14-4 Keys and Policies Generated During Agent Registration
Keys and Policies | Accessible to | Accessible through |
---|---|---|
One key per 11g WebGate Agent One key for all 10g Agents One key per OpenSSO Agent stored in local Agent bootstrap file One key per OSSO Agent See Also: "Key Use, Generation, Provisioning, and Storage" |
|
|
Partner key for the application (None for OpenSSO Agents) |
|
Client-side |
Application Domain and default Policies are generated during Agent registration on demand:
|
|
|
When you register an agent using the Oracle Access Management Console, a new file system directory is created for the Agent on the Oracle Access Management Console host (AdminServer).
This new directory includes generated files for the registered agent, as described in Table 14-5.
Table 14-5 Artifacts Associated with Agent Registration
Registration Artifact | Generated for ... |
---|---|
All WebGates or Access Client ObAccessClient.xml |
All WebGates/Access Clients on the console host (AdminServer). During run time, periodic update checks are made. ObAccessClient is updated automatically when a change is discovered. Note: The pre-registered 10g IAMSuiteAgent does not use ObAccessClient.xml for bootstrap or configuration. See Also: Properties files generated on the client in this table. |
cwallet.sso 11g WebGate only |
11g WebGates, regardless of the transport security mode. |
Certificate and password files for secure communication |
All WebGates/Access Clients. For example:
Cert Mode:
Note: When editing an 11g WebGate registration, password.xml is updated only when the mode is changed from Open to Cert or Simple to Cert. In Cert mode, once generated, password.xml cannot be updated. Editing the agent Key Password does not result in creation of a new password.xml. See: Configuring Access Manager Settings for details about Simple and Cert mode transport security) |
OpenSSO Properties files |
|
osso.conf file |
Generated or updated artifacts must be copied from the console host (AdminServer) into the agent's installation directory, as shown in Table 14-6.
Table 14-6 Copying Generated Artifacts
Agent Type & Artifacts | Copy Generated Artifacts to Agent Installation Directory ... |
---|---|
ObAccessClient.xml (and 11g WebGate cwallet.sso) 11g WebGate or Access Client |
Before agent startup, copy the ObAccessClient file (and cwallet.sso) from the generated location (AdminServer (Console) host) to the agent installation directory. |
ObAccessClient.xml 10g WebGate or Access Client |
Before agent startup, copy ObAccessClient.xml from the generated location to the agent installation directory. For example, from the AdminServer (Console) host: Note: The pre-registered IAMSuiteAgent does not use ObAccessClient.xml and should not be modified. See: Registering and Managing 10g WebGates with Access Manager 11g |
OpenSSO Agent Properties Files |
|
10g OSSO Agent osso.conf |