Create and Configure a WebGate

Introduction

This tutorial shows you how to configure WebGate 12c for Oracle HTTP Server and Oracle Access Management 12c.

This is the ninth tutorial in the series Getting Started with Oracle Access Management 12c. Read them sequentially.

• Getting Started with Oracle Access Management 12c Series - Overview
• Install Oracle Database for Oracle Access Management 12c
• Create an Oracle Database for Oracle Access Management 12c
• Install Oracle Access Management 12c
• Configure Oracle Access Management 12c
• Configure SSL for Oracle Access Management 12c
• Configure Oracle Unified Directory for Oracle Access Management 12c
• Install and Configure Oracle HTTP Server for Oracle Access Management 12c
• Create and Configure a WebGate
• Protect an Application Deployed in WebLogic Server with Oracle Access Management 12c

Objective

Oracle WebGate is a Web server plug-in that intercepts HTTP requests and forwards them to an Oracle Access Management instance for authentication and authorization.

Prerequisites

To have followed [Install and Configure Oracle HTTP Server for Oracle Access Management 12c.

Configure the Oracle WebGate

1. Launch a terminal window as oracle and enter the following command:

   cd /u01/app/oracle/product/middleware/webgate/ohs/tools/deployWebGate
   ./deployWebGateInstance.sh -w \
   /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1 \
   -oh /u01/app/oracle/product/middleware/                 
   

   The output should look similar to the following:

   Copying files from WebGate Oracle Home to WebGate Instancedir
   

2. Check that a webgate directory and subdirectories were created:

   ls -lart /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1/webgate
   

   The output should look similar to the following:

   total 16
   drwxr-x--- 7 oracle oinstall 4096 <DATE> ..
   drwxr-xr-x 4 oracle oinstall 33   <DATE> .
   drwxr-xr-x 3 oracle oinstall 21   <DATE> tools
   drwxr-xr-x 3 oracle oinstall 47   <DATE> config
   

3. Run the following commands:

   export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/u01/app/oracle/product/middleware/lib
   cd /u01/app/oracle/product/middleware/webgate/ohs/tools/setup/InstallTools
   ./EditHttpConf -w /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1 \
   -oh /u01/app/oracle/product/middleware/ 
   

   The output should look similar to the following:

   The web server configuration file was successfully updated
   /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1/httpd.conf
   has been backed up as 
   /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1/httpd.conf.
   

Register the WebGate with OAM

1. Launch a browser and access the OAM Console at https://oam.example.com:7002/oamconsole. Login with weblogic/<password>.

2. Click SSO Agent Registration in the Quick Start Wizards pane.

3. Select Agent Type: Webgate and click Next.

4. On the Configure WebGate page enter details as follows, and then click Finish:

   Property Name	Value
   Name	webgate_7777
   Host Identifier	webgate_7777
   Security	Open
   Auto Create Policies	Selected

5. Click Download and save the webgate_7777.zip to /stage.

6. Launch a terminal window as oracle and run the following commands to copy the WebGate files and ca.crt to OHS:

   cd /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1/webgate/config
   unzip /stage/webgate_7777.zip
   cp /stage/ssl/ca.crt cacert.pem
   

   Note: ca.crt is copied to the directory as cacert.pem because WebGate looks for cacert.pem when validating the certificate sent by the OAM Managed Server (oam_server1).

Restart the Servers

1. Launch a terminal window as oracle and run the commands below to stop all the servers. Enter weblogic and <password> for username and password if prompted:

   cd /u01/app/oracle/admin/domains/oam_domain/bin
   ./stopComponent.sh ohs1
   ./stopNodeManager.sh
   ./stopWebLogic.sh
   

2. Run the following commands launching new terminal windows as oracle to start the servers. Enter weblogic and for `username` and password if prompted:

   cd /u01/app/oracle/admin/domains/oam_domain/bin
   ./startWebLogic.sh
   ./startNodeManager.sh
   ./startComponent.sh ohs1 
   

Test the WebGate

1. Launch an Incognito or private browser. Access the OHS URL: http://oam.example.com:7777.

   You should be redirected to the OAM SSO login page. Notice that the redirect URL now points to OAM server https 14101 port hosted on the OAM machine.

2. Log in as weblogic/<password> if using Embedded LDAP server, or if you configured OUD then login as ahall/welcome1. The OHS Welcome page should be displayed.

3. Launch another Incognito or private browser and test you can also access via https://oam.example.com:4443 and login successfully.

Next Tutorial

Protect an Application Deployed in WebLogic Server with Oracle Access Management 12c

Feedback

To provide feedback on this tutorial, please contact idm_user_assistance_ww_grp@oracle.com.

Acknowledgements

• Author - Russ Hodgson

---

Title and Copyright Information

Create and Configure a WebGate

E89984-02

June 2022

Copyright © 2022, Oracle and/or its affiliates.