Access Manager provides components for Apache v2 Web servers and the IBM HTTP Server in addition to the Oracle HTTP Server. The IBM HTTP Server (IHS2) is a variation of Apache v2.
Unless otherwise stated, the following information applies to the following components:
Apache v2.0.5.2 Webgate
Apache v2.0.48 Webgate, including reverse proxy if you choose to activate this capability.
Apache v2.0.47 Webgate for the IBM HTTP Server (IHS2) powered by Apache, including reverse proxy if you choose to activate this capability.
Note:
For the latest Access Manager certification information, see:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
Each platform-specific installation package supports both plain and SSL-capable Apache modes. The number 2 in a file name indicates that this component is based on Apache v2. For example:
AIX: Oracle_Access_Manager10_1_4_3_0_power-aix_IHS2_Webgate
Linux: Oracle_Access_Manager10_1_4_3_0_ linux_Apache2_Webgate
Solaris: Oracle_Access_Manager10_1_4_3_0_sparc-s2_Apache2_Webgate
Windows: Oracle_Access_Manager10_1_4_3_0_Win32_APACHE2_Webgate
Earlier Access Manager releases included separate platform-specific installation packages for plain versus SSL-capable modes. For example, two Webgate files were provided for each platform: the APACHE_Webgate, and the APACHESSL_Webgate.
There have been no functional changes to Access Manager components to support these Web servers. Access Manager authentication occurs through the Webgate using HTTP basic, form, or SSL client certificates. Authorization for Web resources by authenticated users, as well as simple and multi-domain SSO with other Web servers or applications, also occurs through the Webgate.
The Apache HTTP Server is an open-source HTTP Web server project of the Apache Software Foundation. The project goal is to provide a secure, efficient and extensible server and HTTP services that meet current HTTP standards.
For more information, see "About Apache v2 Architecture and Access Manager".
The IBM HTTP Server (IHS) is a variation of Apache v2. Portions of the IBM HTTP Server are based on software developed by The Apache Group. The IBM HTTP Server component also includes software developed by the OpenSSL Project and software developed by Eric Young.
Details about the Apache architecture and Access Manager, discussed in "About Apache v2 Architecture and Access Manager", apply to IHS with the following exceptions:
Previous versions of IHS required a separate IDS Client to use the mod_ibm_ldap module. With IHS powered by Apache v2.0.47, this is not a requirement.
IHS v2.0.47 supports FIPS 140-2. FIPS support is disabled by default. To enable FIPS support, just add the SSLFIPSEnable directive to the httpd.conf file. Similarly, use SSLFIPSDisable directive to disable FIPS support.
On AIX, ensure that the appropriate runtime library is installed before you install IHS v2.0.47.
For example, on AIX 5.1, the xlC.rte 6.0 runtime library (for example, xlC.rte.6.0.0.0) must be installed before you install IHS v2.0.47. This library is required on AIX to install and use SSL with IHS v2. You can download this library from the following Web site:
http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp
A reverse proxy appears like an ordinary Web server.
Typically, a reverse proxy is used in the following situations:
To provide Internet users with access to a server behind a firewall
To balance the load among several back-end servers, or to provide caching for a slower back-end server
To bring several servers into the same URL space
The proxy_module implements a proxy/gateway for Apache and IHS powered by Apache. Appearing like an ordinary Web server, a reverse proxy does not require the client have any special configuration. The client makes requests as usual for content in the name-space of the reverse proxy. It is the reverse proxy that decides where those requests are sent. Content is returned as if the reverse proxy was the origin.
Note:
The proxy_module can be used to implement a proxy capability for FTP, CONNECT (for SSL), HTTP/0.9, HTTP/1.0, and HTTP/1.1. However, only the reverse proxy capability is supported with the Webgate.