B idm.confファイルの使用方法

この付録では、Webインタフェースのあるアプリケーションのidm.confファイルの目的と使用方法について説明します。

この付録の内容は次のとおりです。

B.1 idm.confファイルについて

Oracle Fusion Middleware環境において、Web層の最上位の構成ファイルはhttpd.confです。このファイルは、HTTPプロトコルを使用するWebトランザクションを処理するOHSを構成します。OHSは、各受信リクエストを処理し、そのリクエスト元のURLとアクセスするリソースに基づいてルーティングを決定します。

追加の構成ファイルは、Apache HTTP ServerのIfmoduleブロックにあるIncludeディレクティブにより、httpd.confファイルに指定されます。

特にアイデンティティ管理アプリケーションでは、idm.conf構成ファイルを使用します。これはテンプレートで、保護されるアプリケーションの受信リクエストを処理する方法を示すように管理者が変更することが可能です。

idm.conf構成ファイルは、それぞれ異なるセキュリティ領域またはゾーンに対処する4つの部分に分割されています。表B-1に、ゾーンをリストします。

表B-1 idm.confファイル内のゾーン

ゾーン タイプ 説明

1

デフォルト・アクセス・ゾーン

このゾーンは、すべてのインバウンド・トラフィックのデフォルトのOHSエンドポイントです。プロトコルはhttpで、コンテキスト・ルートはauthohs.example.com:7777の形式となります。

2

外部アクセス・ゾーン

このゾーンはロード・バランサ(LBR)外部エンド・ユーザー・エンドポイントです。プロトコルはhttpsで、コンテキスト・ルートはsso.example.com:443の形式となります。

3

内部サービス・ゾーン

このゾーンはアプリケーションのLBR内部エンドポイントです。プロトコルはhttpで、コンテキスト・ルートはidminternal.example.com:7777の形式となります。

4

管理サービス・ゾーン

このゾーンは管理サービスのLBR内部エンドポイントです。プロトコルはhttpsで、コンテキスト・ルートはadmin.example.com:443の形式となります。

idm.confファイルを更新する際は、要件に当てはまるゾーン定義のみを編集するようにしてください。

B.2 idm.confファイルの例

次の例は、idm.confファイルのレイアウトと様々なゾーンを示しています。

NameVirtualHost *:7777
 
## Default Access
## AUTHOHS.EXAMPLE.COM
 
<VirtualHost *:7777>
#  ServerName http://authohs.example.com:7777 (replace the ServerName below with the actual host:port)
   ServerName http://authohs.us.example.com:7777
   RewriteEngine On
   RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
   RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
   RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
   RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
   RewriteOptions inherit
   UseCanonicalName On
 
# Admin Server and EM
 
   <Location /console>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WeblogicPort 17001
   </Location>
 
   <Location /consolehelp>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WeblogicPort 17001
   </Location>
 
   <Location /em>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WeblogicPort 17001
   </Location>
 
# FA service
 
   <Location /fusion_apps>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 14100
   </Location>
 
#ODSM Related entries
   <Location /odsm>
        SetHandler weblogic-handler
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WebLogicHost oidfa.us.example.com
        WeblogicPort 7005
   </Location>
 
# OAM Related Entries   
 
   <Location /oamconsole>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 17001
   </Location>
 
   <Location /oam>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 14100
   </Location>
 
# OIM Related Entries
 
# oim identity self service console
<Location /identity>
   SetHandler weblogic-handler
   WLProxySSL ON
   WLProxySSLPassThrough ON
   WLCookieName oimjsessionid
   WebLogicHost us.example.com
   																						WeblogicPort 14000   
 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location> 
# oim identity system administration console
  <Location /sysadmin>
     SetHandler weblogic-handler
     WLProxySSL ON
     WLProxySSLPassThrough ON
     WLCookieName oimjsessionid
     WebLogicHost us.example.com
     WeblogicPort 14000 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location> 
# oim identity advanced administration console - Legacy 11gR1 webapp
  <Location /oim>
     SetHandler weblogic-handler
     WLProxySSL ON
     WLProxySSLPassThrough ON
     WLCookieName oimjsessionid
     WebLogicHost us.example.com
     WeblogicPort 14000
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# xlWebApp - Legacy 9.x webapp (struts based)
   <Location /xlWebApp>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Nexaweb WebApp - used for workflow designer and DM
   <Location /Nexaweb>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# spml xsd profile
   <Location /spml-xsd>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# used for FA Callback service.
   <Location /callbackResponseService>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Role-SOD profile
   <Location /role-sod>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
   <Location /sodcheck>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 8001
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
   <Location /workflowservice>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# HTTP client service
   <Location /HTTPClnt>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
 
# OIF Related Entries
 
   <Location /fed>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 7499
   </Location>
 
</VirtualHost>
 
## External Access
## SSO.EXAMPLE.COM
 
<VirtualHost *:7777>
#  ServerName https://sso.example.com:443 (replace the ServerName below with the actual host:port)
   ServerName https://sso.example.com:443
   RewriteEngine On
   RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
   RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
   RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
   RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
   RewriteOptions inherit
   UseCanonicalName On
 
# FA service
   <Location /fusion_apps>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost us.example.com
      WebLogicPort 14100
   </Location>
 
# OAM Related Entries   
 
   <Location /oam>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost us.example.com
      WebLogicPort 14100
   </Location>
 
# OIM Related Entries
 
# oim identity self service console
<Location /identity>
   SetHandler weblogic-handler
   WLProxySSL ON
   WLProxySSLPassThrough ON
   WLCookieName oimjsessionid
   WebLogicHost us.example.com
   																						WeblogicPort 14000   
 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location> 
# oim identity system administration console
  <Location /sysadmin>
     SetHandler weblogic-handler
     WLProxySSL ON
     WLProxySSLPassThrough ON
     WLCookieName oimjsessionid
     WebLogicHost us.example.com
     WeblogicPort 14000 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location> 
# oim identity advanced administration console - Legacy 11gR1 webapp
  <Location /oim>
     SetHandler weblogic-handler
     WLProxySSL ON
     WLProxySSLPassThrough ON
     WLCookieName oimjsessionid
     WebLogicHost us.example.com
     WeblogicPort 14000
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# xlWebApp - Legacy 9.x webapp (struts based)
   <Location /xlWebApp>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Nexaweb WebApp - used for workflow designer and DM
   <Location /Nexaweb>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# spml xsd profile
   <Location /spml-xsd>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# used for FA Callback service.
   <Location /callbackResponseService>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# OIF Related Entries
   <Location /fed>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost weblogic-host.example.com
      WebLogicPort 7499
   </Location>
   
</VirtualHost>
 
## IDM Internal services for FA
## IDMINTERNAL.EXAMPLE.COM
 
<VirtualHost *:7777>
#  ServerName http://idminternal.example.com:7777 (replace the ServerName below with the actual host:port)
   ServerName http://idminternal.example.com:7777
   RewriteEngine On
   RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
   RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
   RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
   RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
   RewriteOptions inherit
   UseCanonicalName On
 
# FA service
   <Location /fusion_apps>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 14100
   </Location>
 
 
# OAM Related Entries   
 
   <Location /oam>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 14100
   </Location>
 
# OIM Related Entries
 
# oim identity self service console
<Location /identity>
   SetHandler weblogic-handler
   WLProxySSL ON
   WLProxySSLPassThrough ON
   WLCookieName oimjsessionid
   WebLogicHost us.example.com
   																						WeblogicPort 14000   
 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location> 
# oim identity system administration console
  <Location /sysadmin>
     SetHandler weblogic-handler
     WLProxySSL ON
     WLProxySSLPassThrough ON
     WLCookieName oimjsessionid
     WebLogicHost us.example.com
     WeblogicPort 14000 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location> 
# oim identity advanced administration console - Legacy 11gR1 webapp
  <Location /oim>
     SetHandler weblogic-handler
     WLProxySSL ON
     WLProxySSLPassThrough ON
     WLCookieName oimjsessionid
     WebLogicHost us.example.com
     WeblogicPort 14000
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>

# xlWebApp - Legacy 9.x webapp (struts based)
   <Location /xlWebApp>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Nexaweb WebApp - used for workflow designer and DM
   <Location /Nexaweb>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# spml xsd profile
   <Location /spml-xsd>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# used for FA Callback service.
   <Location /callbackResponseService>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Role-SOD profile
   <Location /role-sod>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
   <Location /sodcheck>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 8001
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
   <Location /workflowservice>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# HTTP client service
   <Location /HTTPClnt>
      SetHandler weblogic-handler
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>  
 
# OIF Related Entries
 
   <Location /fed>
      SetHandler weblogic-handler
      WebLogicHost us.example.com
      WebLogicPort 7499
   </Location>
 
 
</VirtualHost>
 
## IDM Admin services for FA
## ADMIN.EXAMPLE.COM
 
<VirtualHost *:7777>
#  ServerName https://admin.example.com:443 (replace the ServerName below with the actual host:port)
   ServerName https://admin.example.com:443
   RewriteEngine On
   RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
   RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
   RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
   RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
   RewriteOptions inherit
   UseCanonicalName On
 
# Admin Server and EM
 
   <Location /console>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost us.example.com
      WeblogicPort 17001
   </Location>
 
   <Location /consolehelp>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost us.example.com
      WeblogicPort 17001
   </Location>
 
   <Location /em>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost us.example.com
      WeblogicPort 17001
   </Location>
 
#ODSM Related entries
   <Location /odsm>
        SetHandler weblogic-handler
        WLProxySSL ON
        WLProxySSLPassThrough ON
        WebLogicHost oidfa.us.example.com
        WeblogicPort 7005
   </Location>
 
# OAM Related Entries   
 
   <Location /oamconsole>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost us.example.com
      WebLogicPort 17001
   </Location>
 
 
# OIM Related Entries
 
# oim identity self service console
<Location /identity>
   SetHandler weblogic-handler
   WLProxySSL ON
   WLProxySSLPassThrough ON
   WLCookieName oimjsessionid
   WebLogicHost us.example.com
   																						WeblogicPort 14000   
 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location> 
# oim identity system administration console
  <Location /sysadmin>
     SetHandler weblogic-handler
     WLProxySSL ON
     WLProxySSLPassThrough ON
     WLCookieName oimjsessionid
     WebLogicHost us.example.com
     WeblogicPort 14000 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location> 
# oim identity advanced administration console - Legacy 11gR1 webapp
  <Location /oim>
     SetHandler weblogic-handler
     WLProxySSL ON
     WLProxySSLPassThrough ON
     WLCookieName oimjsessionid
     WebLogicHost us.example.com
     WeblogicPort 14000
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
 
# xlWebApp - Legacy 9.x webapp (struts based)
   <Location /xlWebApp>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# Nexaweb WebApp - used for workflow designer and DM
   <Location /Nexaweb>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# HTTP client service
   <Location /HTTPClnt>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName oimjsessionid
      WebLogicHost us.example.com
      WeblogicPort 14000
 
    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
   </Location>
 
# OIF Related Entries
   <Location /fed>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WebLogicHost weblogic-host.example.com
      WebLogicPort 7499
   </Location>
  
</VirtualHost>