Configure SSL for SSO with Oracle Access Manager 12c

1. Configure Oracle Analytics Server in SSL mode as given in the Enable SSL in Oracle WebLogic Server.
2. Follow the steps as mentioned in the Configure SSO using the Oracle Access Manager 12c, except for the deviations as mentioned here:
   Update/Create the Webgate Registration in Oracle Access Manager 12c, which you have created in the Configure SSO using the Oracle Access Manager 12c.

   Note:

   The Oracle Access Manager Server configured in Oracle Access Manager 12c must be running with Security set to Simple, else it does not let you create a Webgate with Security set as Simple.

   1. Open the Oracle Access Manager 12c Oracle Access Manager Console.
   2. Navigate to the Policy Configuration tab.
   3. Expand and double-click Shared Components > Resource Type > Host Identifiers > <oas_server> (for example, www.example.com) to open the Host Identifiers window and add the following details in addition to the ones that are already present:

      <oas_server>

      <oas_server> <ssl port>

      <oas_server_ip>

      <oas_server_ip> <ssl port>

      Note:

      <oas_server> refers to the server, where the Oracle Analytics Server 12c is installed along with Oracle Web Tier and Oracle Webgate. The <ssl port> refers to the Oracle Web Tier SSL Port.

   4. Click Apply.
   5. From the System Configuration tab, access the Manager Settings section, expand the SSO Agents node, and expand OAM Agents.
   6. On the Search page, define your criteria in the Name field as ArgusAnalyticsPolicy and click Search.
   7. In the Search results, click ArgusAnalyticsPolicy to edit the Agent Registration.
   8. Locate the Security options and click Simple.
   9. Click Apply to submit the changes.
   10. This generates the artifacts again or afresh. Copy the generated Files (Artifacts) to the Webgate Instance Location from the OAM 12c server.

       The 12c Webgate Agent (ArgusAnalyticsPolicy), which is updated/created in the Oracle Access Manager 12c Oracle Access Manager Console, also creates the following artifacts on the Oracle Access Manager 12c server:

       cwallet.sso

       ObAccessClient.xml

       aaa_cert.pem

       aaa_key.pem

       password.xml

       This is based on the Security Mode that you have configured, which in this case now is Simple. On the Oracle Access Manager 12c server, these files are present at the following location:

       <OAM_FMW_HOME>/user_projects/domains/<OAM_domain>/output/ArgusAnalyticsPolicy.

       Copy the password.xml, cwallet.sso, and ObAccessClient.xml files to the <oas_server> in the <Webgate_Instance_Directory>/webgate/config directory For example:

       <MW_HOME>/Oracle_WT1/instances/instance2/config/OHS/ohs1/webgate/config

       Copy the aaa_cert.pem and aaa_key.pem files to the <oas_server> in the <Webgate_Instance_Directory>/webgate/config/simple directory. For example:

       <MW_HOME>/Oracle_WT1/instances/instance2/config/OHS/ohs1/webgate/config/simple

   11. Restart the Oracle Access Manager Server.
3. The Oracle Web Tier is configured with Oracle Analytics Server as a reverse proxy, as mentioned in step 22 of the Configure SSO using the Oracle Access Manager 12c, In addition to those steps, you also need to enable SSL for the Oracle Web Tier using the following steps:
   1. Locate and edit the <ORACLE_WT_INSTANCE>/config/OHS/ohs1/ssl.conf.
   2. Find the VirtualHost section and ensure the following entry is present:
      SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
   3. Save the file and restart the HTTP Server.