1. Installing WebGates for Oracle Access Manager
  2. Configuring Oracle HTTP Server WebGate for Oracle Access Manager
  3. Registering the Oracle HTTP Server 12c WebGate with Oracle Access Manager
  4. Updating the Standard Properties in the OAM11gRequest.xml File

Updating the Standard Properties in the OAM11gRequest.xml File

Before you can register the Webgate agent with Oracle Access Manager, you must update some required properties in the OAM11gRequest.xml file.

Note:

If you plan to use the default values for most of the parameters in the provided XML file, then you can use the shorter version (OAM11gRequest_short.xml, in which all non-listed fields will take a default value.

Note:

In the primary server list, the default names are mentioned as OAM_SERVER1 and OAM_SERVER2 for OAM servers. Rename these names in the list if the server names are changed in your environment.

To perform this task:

  1. If you are using in-band mode, then change directory to the following location on one of the OAM Servers:

    OAM_ORACLE_HOME/oam/server/rreg/input

    If you are using out-of-band mode, then change directory to the location where you unpacked the RREG archive on the WEBHOST1 server.

  2. Make a copy of the OAM11GRequest.xml file template with an environment-specific name.

    cp OAM11GRequest.xml OAM11GRequest_edg.xml

  3. Review the properties listed in the file, and then update your copy of the OAM11GRequest.xml file to make sure the properties reference the host names and other values specific to your environment.

OAM11gRequest.xml Property Set to...
serverAddress

The host and the port of the Administration Server for the Oracle Access Manager domain.
agentName

Any custom name for the agent. Typically, you use a name that identifies the Fusion Middleware product you are configuring for single sign-on.
applicationDomain

A value that identifies the Web tier host and the FMW component you are configuring for single sign-on.

security

Must be set to the security mode configured on the Oracle Access Management server. This will be one of three modes: open, simple, or certificate.

Note:

For an enterprise deployment, Oracle recommends simple mode, unless additional requirements exist to implement custom security certificates for the encryption of authentication and authorization traffic.

In most cases, avoid using open mode, because in open mode, traffic to and from the Oracle Access Manager server is not encrypted.

For more information using certificate mode or about Oracle Access Manager supported security modes in general, see Securing Communication Between OAM Servers and WebGates in the Administrator's Guide for Oracle Access Management.

cachePragmaHeader

private
cacheControlHeader

private
ipValidation

0

<ipValidation>0</ipValidation>
ipValidationExceptions

The IP address of the front-end load balancer. For example:

<ipValidationExceptions>
	<ipAddress>130.35.165.42</ipAddress>
</ipValidationExceptions>
agentBaseUrl

Fully-qualified URL with the host and the port of the front-end Load Balancer VIP in front of the WEBHOSTn machines on which Oracle HTTP 12c WebGates are installed.

For example:
      <agentBaseUrl>
            https://soa.example.com:443      
      </agentBaseUrl>
virtualHost

Set to true when protecting more than the agentBaseUrl, such as SSO protection for the administrative VIP.

hostPortVariationsList

Add hostPortVariation host and port elements for each of the load-balancer URLs that will be protected by the WebGates.

For example:
<hostPortVariationsList>
     <hostPortVariations>
         <host>soainternal.example.com</host>
         <port>80</port>
     </hostPortVariations>
     <hostPortVariations>
         <host>admin.example.com</host>
         <port>80</port>
     </hostPortVariations>
     <hostPortVariations>          
	<host>osb.example.com</host>          
	<port>443</port>      
     </hostPortVariations>
     </hostPortVariationsList>

Parent topic: Registering the Oracle HTTP Server 12c WebGate with Oracle Access Manager