B idm.confファイルの使用方法
この付録では、Webインタフェースのあるアプリケーションのidm.confファイルの目的と使用方法について説明します。
この付録の内容は次のとおりです。
B.1 idm.confファイルについて
Oracle Fusion Middleware環境において、Web層の最上位の構成ファイルはhttpd.confです。このファイルは、HTTPプロトコルを使用するWebトランザクションを処理するOHSを構成します。OHSは、各受信リクエストを処理し、そのリクエスト元のURLとアクセスするリソースに基づいてルーティングを決定します。
追加の構成ファイルは、Apache HTTP ServerのIfmoduleブロックにあるIncludeディレクティブにより、httpd.confファイルに指定されます。
特にアイデンティティ管理アプリケーションでは、idm.conf構成ファイルを使用します。これはテンプレートで、保護されるアプリケーションの受信リクエストを処理する方法を示すように管理者が変更することが可能です。
idm.conf構成ファイルは、それぞれ異なるセキュリティ領域またはゾーンに対処する4つの部分に分割されています。表B-1に、ゾーンをリストします。
表B-1 idm.confファイル内のゾーン
| ゾーン | タイプ | 説明 |
|---|---|---|
|
1 |
デフォルト・アクセス・ゾーン |
このゾーンは、すべてのインバウンド・トラフィックのデフォルトのOHSエンドポイントです。プロトコルは |
|
2 |
外部アクセス・ゾーン |
このゾーンはロード・バランサ(LBR)外部エンド・ユーザー・エンドポイントです。プロトコルは |
|
3 |
内部サービス・ゾーン |
このゾーンはアプリケーションのLBR内部エンドポイントです。プロトコルは |
|
4 |
管理サービス・ゾーン |
このゾーンは管理サービスのLBR内部エンドポイントです。プロトコルは |
idm.confファイルを更新する際は、要件に当てはまるゾーン定義のみを編集するようにしてください。
B.2 idm.confファイルの例
次の例は、idm.confファイルのレイアウトと様々なゾーンを示しています。
NameVirtualHost *:7777
## Default Access
## AUTHOHS.EXAMPLE.COM
<VirtualHost *:7777>
# ServerName http://authohs.example.com:7777 (replace the ServerName below with the actual host:port)
ServerName http://authohs.us.example.com:7777
RewriteEngine On
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
RewriteOptions inherit
UseCanonicalName On
# Admin Server and EM
<Location /console>
SetHandler weblogic-handler
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
<Location /consolehelp>
SetHandler weblogic-handler
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
<Location /em>
SetHandler weblogic-handler
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
# FA service
<Location /fusion_apps>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
#ODSM Related entries
<Location /odsm>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost oidfa.us.example.com
WeblogicPort 7005
</Location>
# OAM Related Entries
<Location /oamconsole>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 17001
</Location>
<Location /oam>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OIM Related Entries
# oim identity self service console
<Location /identity>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity system administration console
<Location /sysadmin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity advanced administration console - Legacy 11gR1 webapp
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# spml xsd profile
<Location /spml-xsd>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# used for FA Callback service.
<Location /callbackResponseService>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Role-SOD profile
<Location /role-sod>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
<Location /sodcheck>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 8001
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
<Location /workflowservice>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# HTTP client service
<Location /HTTPClnt>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# OIF Related Entries
<Location /fed>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 7499
</Location>
</VirtualHost>
## External Access
## SSO.EXAMPLE.COM
<VirtualHost *:7777>
# ServerName https://sso.example.com:443 (replace the ServerName below with the actual host:port)
ServerName https://sso.example.com:443
RewriteEngine On
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
RewriteOptions inherit
UseCanonicalName On
# FA service
<Location /fusion_apps>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OAM Related Entries
<Location /oam>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OIM Related Entries
# oim identity self service console
<Location /identity>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity system administration console
<Location /sysadmin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity advanced administration console - Legacy 11gR1 webapp
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# spml xsd profile
<Location /spml-xsd>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# used for FA Callback service.
<Location /callbackResponseService>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# OIF Related Entries
<Location /fed>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost weblogic-host.example.com
WebLogicPort 7499
</Location>
</VirtualHost>
## IDM Internal services for FA
## IDMINTERNAL.EXAMPLE.COM
<VirtualHost *:7777>
# ServerName http://idminternal.example.com:7777 (replace the ServerName below with the actual host:port)
ServerName http://idminternal.example.com:7777
RewriteEngine On
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
RewriteOptions inherit
UseCanonicalName On
# FA service
<Location /fusion_apps>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OAM Related Entries
<Location /oam>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 14100
</Location>
# OIM Related Entries
# oim identity self service console
<Location /identity>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity system administration console
<Location /sysadmin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity advanced administration console - Legacy 11gR1 webapp
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# spml xsd profile
<Location /spml-xsd>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# used for FA Callback service.
<Location /callbackResponseService>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Role-SOD profile
<Location /role-sod>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
<Location /sodcheck>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 8001
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
<Location /workflowservice>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# HTTP client service
<Location /HTTPClnt>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# OIF Related Entries
<Location /fed>
SetHandler weblogic-handler
WebLogicHost us.example.com
WebLogicPort 7499
</Location>
</VirtualHost>
## IDM Admin services for FA
## ADMIN.EXAMPLE.COM
<VirtualHost *:7777>
# ServerName https://admin.example.com:443 (replace the ServerName below with the actual host:port)
ServerName https://admin.example.com:443
RewriteEngine On
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/FSMIdentity/faces/pages/Self.jspx "/oim" [R]
RewriteRule ^/FSMIdentity/faces/pages/pwdmgmt.jspx "/admin/faces/pages/pwdmgmt.jspx" [R]
RewriteOptions inherit
UseCanonicalName On
# Admin Server and EM
<Location /console>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
<Location /consolehelp>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
<Location /em>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WeblogicPort 17001
</Location>
#ODSM Related entries
<Location /odsm>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost oidfa.us.example.com
WeblogicPort 7005
</Location>
# OAM Related Entries
<Location /oamconsole>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost us.example.com
WebLogicPort 17001
</Location>
# OIM Related Entries
# oim identity self service console
<Location /identity>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity system administration console
<Location /sysadmin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# oim identity advanced administration console - Legacy 11gR1 webapp
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# HTTP client service
<Location /HTTPClnt>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicHost us.example.com
WeblogicPort 14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log"
</Location>
# OIF Related Entries
<Location /fed>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicHost weblogic-host.example.com
WebLogicPort 7499
</Location>
</VirtualHost>