| Oracle® Fusion Middleware Oracle Identity Management Suite統合ガイド 11g リリース2 (11.1.2.3.0) E67361-04 |
|
 前 |
 次 |
| Oracle® Fusion Middleware Oracle Identity Management Suite統合ガイド 11g リリース2 (11.1.2.3.0) E67361-04 |
|
前 |
次 |
この付録では、Webインタフェースのあるアプリケーションのidm.confファイルの目的と使用方法について説明します。
この付録のトピックは次のとおりです。
Oracle Fusion Middleware環境において、Web層の最上位の構成ファイルはhttpd.confです。このファイルは、HTTPプロトコルを使用するWebトランザクションを処理するOracle HTTP Serverを構成します。Oracle HTTP Serverは、各受信リクエストを処理し、そのリクエスト元のURLとアクセスするリソースに基づいてルーティングを決定します。
追加の構成ファイルは、Apache HTTP ServerのIfmoduleブロックにあるIncludeディレクティブにより、httpd.confファイルに指定されます。
特にアイデンティティ管理アプリケーションでは、idm.conf構成ファイルを使用します。これはテンプレートで、保護されるアプリケーションの受信リクエストを処理する方法を示すように管理者が変更することが可能です。
idm.conf構成ファイルは、それぞれ異なるセキュリティ領域またはゾーンに対処する4つの部分に分割されています。表B-1に、ゾーンをリストします。
idm.confファイルを更新する際は、要件に当てはまるゾーン定義のみを編集するようにしてください。
このゾーンは、すべてのインバウンド・トラフィックのデフォルトのOracle HTTP Serverエンドポイントです。プロトコルはhttpで、コンテキスト・ルートはauthohs.example.com:7777の形式となります。
このゾーンはロード・バランサ(LBR)外部エンド・ユーザー・エンドポイントです。プロトコルはhttpsで、コンテキスト・ルートはsso.example.com:443の形式となります。
このゾーンはアプリケーションのLBR内部エンドポイントです。プロトコルはhttpで、コンテキスト・ルートはidminternal.example.com:7777の形式となります。
このゾーンは管理サービスのLBR内部エンドポイントです。プロトコルはhttpsで、コンテキスト・ルートはadmin.example.com:443の形式となります。
次の例は、idm.confファイルのレイアウトと様々なゾーンを示しています。
NameVirtualHost *:7777
## Default Access
## AUTHOHS.EXAMPLE.COM
<VirtualHost *:7777>
# ServerName http://authohs.example.com:7777 (replace the ServerName below with the actual host:port)
ServerName http://authohs.us.example.com:7777
RewriteEngine On
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
RewriteOptions inherit
UseCanonicalName On
# Admin Server and EM
<Location /console>
SetHandler weblogic-handler
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
<Location /consolehelp>
SetHandler weblogic-handler
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
<Location /em>
SetHandler weblogic-handler
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
# FA service
<Location /fusion_apps>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
#ODSM Related entries
<Location /odsm>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost oidfa.us.example.com
WeblogicPort 7005
</Location>
# OAM Related Entries
<Location /oamconsole>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 17001
</Location>
<Location /oam>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OIM Related Entries
# oim identity self service console
<Location /identity>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity system administration console
<Location /sysadmin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity advanced administration console - Legacy 11gR1 webapp
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# spml xsd profile
<Location /spml-xsd>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# used for FA Callback service.
<Location /callbackResponseService>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Role-SOD profile
<Location /role-sod>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
<Location /sodcheck>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 8001
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
<Location /workflowservice>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# HTTP client service
<Location /HTTPClnt>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# OIF Related Entries
<Location /fed>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 7499
</Location>
</VirtualHost>
## External Access
## SSO.EXAMPLE.COM
<VirtualHost *:7777>
# ServerName https://sso.example.com:443 (replace the ServerName below with the actual host:port)
ServerName https://sso.example.com:443
RewriteEngine On
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
RewriteOptions inherit
UseCanonicalName On
# FA service
<Location /fusion_apps>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OAM Related Entries
<Location /oam>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OIM Related Entries
# oim identity self service console
<Location /identity>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity system administration console
<Location /sysadmin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity advanced administration console - Legacy 11gR1 webapp
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# spml xsd profile
<Location /spml-xsd>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# used for FA Callback service.
<Location /callbackResponseService>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# OIF Related Entries
<Location /fed>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost weblogic-host.example.com
WebLogicPort 7499
</Location>
</VirtualHost>
## IDM Internal services for FA
## IDMINTERNAL.EXAMPLE.COM
<VirtualHost *:7777>
# ServerName http://idminternal.example.com:7777 (replace the ServerName below with the actual host:port)
ServerName http://idminternal.example.com:7777
RewriteEngine On
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
RewriteOptions inherit
UseCanonicalName On
# FA service
<Location /fusion_apps>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OAM Related Entries
<Location /oam>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OIM Related Entries
# oim identity self service console
<Location /identity>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity system administration console
<Location /sysadmin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity advanced administration console - Legacy 11gR1 webapp
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# spml xsd profile
<Location /spml-xsd>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# used for FA Callback service.
<Location /callbackResponseService>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Role-SOD profile
<Location /role-sod>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
<Location /sodcheck>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 8001
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
<Location /workflowservice>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# HTTP client service
<Location /HTTPClnt>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# OIF Related Entries
<Location /fed>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 7499
</Location>
</VirtualHost>
## IDM Admin services for FA
## ADMIN.EXAMPLE.COM
<VirtualHost *:7777>
# ServerName https://admin.example.com:443 (replace the ServerName below with the actual host:port)
ServerName https://admin.example.com:443
RewriteEngine On
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
RewriteOptions inherit
UseCanonicalName On
# Admin Server and EM
<Location /console>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
<Location /consolehelp>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
<Location /em>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
#ODSM Related entries
<Location /odsm>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost oidfa.us.example.com
WeblogicPort 7005
</Location>
# OAM Related Entries
<Location /oamconsole>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WebLogicPort 17001
</Location>
# OIM Related Entries
# oim identity self service console
<Location /identity>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity system administration console
<Location /sysadmin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity advanced administration console - Legacy 11gR1 webapp
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# HTTP client service
<Location /HTTPClnt>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# OIF Related Entries
<Location /fed>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost weblogic-host.example.com
WebLogicPort 7499
</Location>
</VirtualHost>
