This appendix explains the purpose and usage of the idm.conf file for applications with a web interface.
This appendix contains the following topics:
In the Oracle Fusion Middleware environment, the highest level configuration file at the web tier is httpd.conf. This file configures Oracle HTTP Server, which processes the web transactions that use the http protocol. Oracle HTTP Server processes each incoming request and determines its routing based on the URL from which the request originates and the resource to be accessed.
Additional configuration files are specified in the httpd.conf file by means of the Apache HTTP Server's Include
directive in an Ifmodule
block.
Identity management applications in particular make use of the idm.conf
configuration file, which is a template that administrators can modify to indicate how incoming requests for protected applications must be handled.
The idm.conf
configuration file is divided into four parts, each addressing a distinct security area or zone. Table B-1 lists the zones:
Table B-1 Zones in the idm.conf File
Zone | Type | Details |
---|---|---|
1 |
Default Access |
|
2 |
External Access |
|
3 |
Internal Services |
|
4 |
Administrative Services |
When updating the idm.conf
file, be sure to edit only the zone definition applicable to your requirements.
This zone is the default Oracle HTTP Server endpoint for all inbound traffic. The protocol is http
and the context root is in the format authohs.example.com:7777
.
This zone is the load-balancer (LBR) external end user endpoint. The protocol is https
and the context root is in the format sso.example.com:443
.
This zone is the LBR internal endpoint for applications. The protocol is http
and the context root is in the format idminternal.example.com:7777
.
This zone is the LBR internal endpoint for administrative services. The protocol is https
and the context root is in the format admin.example.com:443
.
The following sample shows the layout and different zones of the idm.conf file:
NameVirtualHost *:7777 ## Default Access ## AUTHOHS.EXAMPLE.COM <VirtualHost *:7777> # ServerName http://authohs.example.com:7777 (replace the ServerName below with the actual host:port) ServerName http://authohs.us.example.com:7777 RewriteEngine On RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R] RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R] RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R] RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R] RewriteOptions inherit UseCanonicalName On # Admin Server and EM <Location /console> SetHandler weblogic-handler WebLogicHost us.example.com WeblogicPort 17001 </Location> <Location /consolehelp> SetHandler weblogic-handler WebLogicHost us.example.com WeblogicPort 17001 </Location> <Location /em> SetHandler weblogic-handler WebLogicHost us.example.com WeblogicPort 17001 </Location> # FA service <Location /fusion_apps> SetHandler weblogic-handler WebLogicHost us.example.com WebLogicPort 14100 </Location> #ODSM Related entries <Location /odsm> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WebLogicHost oidfa.us.example.com WeblogicPort 7005 </Location> # OAM Related Entries <Location /oamconsole> SetHandler weblogic-handler WebLogicHost us.example.com WebLogicPort 17001 </Location> <Location /oam> SetHandler weblogic-handler WebLogicHost us.example.com WebLogicPort 14100 </Location> # OIM Related Entries # oim identity self service console <Location /identity> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # oim identity system administration console <Location /sysadmin> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # oim identity advanced administration console - Legacy 11gR1 webapp <Location /oim> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # xlWebApp - Legacy 9.x webapp (struts based) <Location /xlWebApp> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # Nexaweb WebApp - used for workflow designer and DM <Location /Nexaweb> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # spml xsd profile <Location /spml-xsd> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # used for FA Callback service. <Location /callbackResponseService> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # Role-SOD profile <Location /role-sod> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # SOA Callback webservice for SOD - Provide the SOA Managed Server Ports <Location /sodcheck> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 8001 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # Callback webservice for SOA. SOA calls this when a request is approved/rejected # Provide the SOA Managed Server Port <Location /workflowservice> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # HTTP client service <Location /HTTPClnt> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # OIF Related Entries <Location /fed> SetHandler weblogic-handler WebLogicHost us.example.com WebLogicPort 7499 </Location> </VirtualHost> ## External Access ## SSO.EXAMPLE.COM <VirtualHost *:7777> # ServerName https://sso.example.com:443 (replace the ServerName below with the actual host:port) ServerName https://sso.example.com:443 RewriteEngine On RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R] RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R] RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R] RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R] RewriteOptions inherit UseCanonicalName On # FA service <Location /fusion_apps> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WebLogicHost us.example.com WebLogicPort 14100 </Location> # OAM Related Entries <Location /oam> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WebLogicHost us.example.com WebLogicPort 14100 </Location> # OIM Related Entries # oim identity self service console <Location /identity> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # oim identity system administration console <Location /sysadmin> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # oim identity advanced administration console - Legacy 11gR1 webapp <Location /oim> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # xlWebApp - Legacy 9.x webapp (struts based) <Location /xlWebApp> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # Nexaweb WebApp - used for workflow designer and DM <Location /Nexaweb> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # spml xsd profile <Location /spml-xsd> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # used for FA Callback service. <Location /callbackResponseService> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # OIF Related Entries <Location /fed> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WebLogicHost weblogic-host.example.com WebLogicPort 7499 </Location> </VirtualHost> ## IDM Internal services for FA ## IDMINTERNAL.EXAMPLE.COM <VirtualHost *:7777> # ServerName http://idminternal.example.com:7777 (replace the ServerName below with the actual host:port) ServerName http://idminternal.example.com:7777 RewriteEngine On RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R] RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R] RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R] RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R] RewriteOptions inherit UseCanonicalName On # FA service <Location /fusion_apps> SetHandler weblogic-handler WebLogicHost us.example.com WebLogicPort 14100 </Location> # OAM Related Entries <Location /oam> SetHandler weblogic-handler WebLogicHost us.example.com WebLogicPort 14100 </Location> # OIM Related Entries # oim identity self service console <Location /identity> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # oim identity system administration console <Location /sysadmin> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # oim identity advanced administration console - Legacy 11gR1 webapp <Location /oim> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # xlWebApp - Legacy 9.x webapp (struts based) <Location /xlWebApp> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # Nexaweb WebApp - used for workflow designer and DM <Location /Nexaweb> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # spml xsd profile <Location /spml-xsd> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # used for FA Callback service. <Location /callbackResponseService> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # Role-SOD profile <Location /role-sod> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # SOA Callback webservice for SOD - Provide the SOA Managed Server Ports <Location /sodcheck> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 8001 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # Callback webservice for SOA. SOA calls this when a request is approved/rejected # Provide the SOA Managed Server Port <Location /workflowservice> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # HTTP client service <Location /HTTPClnt> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # OIF Related Entries <Location /fed> SetHandler weblogic-handler WebLogicHost us.example.com WebLogicPort 7499 </Location> </VirtualHost> ## IDM Admin services for FA ## ADMIN.EXAMPLE.COM <VirtualHost *:7777> # ServerName https://admin.example.com:443 (replace the ServerName below with the actual host:port) ServerName https://admin.example.com:443 RewriteEngine On RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R] RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R] RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R] RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R] RewriteOptions inherit UseCanonicalName On # Admin Server and EM <Location /console> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WebLogicHost us.example.com WeblogicPort 17001 </Location> <Location /consolehelp> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WebLogicHost us.example.com WeblogicPort 17001 </Location> <Location /em> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WebLogicHost us.example.com WeblogicPort 17001 </Location> #ODSM Related entries <Location /odsm> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WebLogicHost oidfa.us.example.com WeblogicPort 7005 </Location> # OAM Related Entries <Location /oamconsole> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WebLogicHost us.example.com WebLogicPort 17001 </Location> # OIM Related Entries # oim identity self service console <Location /identity> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # oim identity system administration console <Location /sysadmin> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # oim identity advanced administration console - Legacy 11gR1 webapp <Location /oim> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # xlWebApp - Legacy 9.x webapp (struts based) <Location /xlWebApp> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # Nexaweb WebApp - used for workflow designer and DM <Location /Nexaweb> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # HTTP client service <Location /HTTPClnt> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WLCookieName oimjsessionid WebLogicHost us.example.com WeblogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # OIF Related Entries <Location /fed> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WebLogicHost weblogic-host.example.com WebLogicPort 7499 </Location> </VirtualHost>