Create and Configure a WebGate
Introduction
This tutorial shows you how to configure WebGate 12c for Oracle HTTP Server and Oracle Access Management 12c.
This is the ninth tutorial in the series Getting Started with Oracle Access Management 12c. Read them sequentially.
- Getting Started with Oracle Access Management 12c Series - Overview
- Install Oracle Database for Oracle Access Management 12c
- Create an Oracle Database for Oracle Access Management 12c
- Install Oracle Access Management 12c
- Configure Oracle Access Management 12c
- Configure SSL for Oracle Access Management 12c
- Configure Oracle Unified Directory for Oracle Access Management 12c
- Install and Configure Oracle HTTP Server for Oracle Access Management 12c
- Create and Configure a WebGate
- Protect an Application Deployed in WebLogic Server with Oracle Access Management 12c
Objective
Oracle WebGate is a Web server plug-in that intercepts HTTP requests and forwards them to an Oracle Access Management instance for authentication and authorization.
Prerequisites
To have followed [Install and Configure Oracle HTTP Server for Oracle Access Management 12c.
Configure the Oracle WebGate
-
Launch a terminal window as
oracle
and enter the following command:cd /u01/app/oracle/product/middleware/webgate/ohs/tools/deployWebGate ./deployWebGateInstance.sh -w \ /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1 \ -oh /u01/app/oracle/product/middleware/
The output should look similar to the following:
Copying files from WebGate Oracle Home to WebGate Instancedir
-
Check that a webgate directory and subdirectories were created:
ls -lart /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1/webgate
The output should look similar to the following:
total 16 drwxr-x--- 7 oracle oinstall 4096 <DATE> .. drwxr-xr-x 4 oracle oinstall 33 <DATE> . drwxr-xr-x 3 oracle oinstall 21 <DATE> tools drwxr-xr-x 3 oracle oinstall 47 <DATE> config
-
Run the following commands:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/u01/app/oracle/product/middleware/lib cd /u01/app/oracle/product/middleware/webgate/ohs/tools/setup/InstallTools ./EditHttpConf -w /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1 \ -oh /u01/app/oracle/product/middleware/
The output should look similar to the following:
The web server configuration file was successfully updated /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1/httpd.conf has been backed up as /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1/httpd.conf.
Register the WebGate with OAM
-
Launch a browser and access the OAM Console at
https://oam.example.com:7002/oamconsole
. Login withweblogic/<password>
. -
Click SSO Agent Registration in the Quick Start Wizards pane.
-
Select Agent Type:
Webgate
and click Next. -
On the Configure WebGate page enter details as follows, and then click Finish:
Property Name Value Name webgate_7777
Host Identifier webgate_7777
Security Open Auto Create Policies Selected -
Click Download and save the
webgate_7777.zip
to/stage
. -
Launch a terminal window as
oracle
and run the following commands to copy the WebGate files andca.crt
to OHS:cd /u01/app/oracle/admin/domains/oam_domain/config/fmwconfig/components/OHS/ohs1/webgate/config unzip /stage/webgate_7777.zip cp /stage/ssl/ca.crt cacert.pem
Note:
ca.crt
is copied to the directory ascacert.pem
because WebGate looks forcacert.pem
when validating the certificate sent by the OAM Managed Server (oam_server1
).
Restart the Servers
-
Launch a terminal window as
oracle
and run the commands below to stop all the servers. Enterweblogic
and<password>
for username and password if prompted:cd /u01/app/oracle/admin/domains/oam_domain/bin ./stopComponent.sh ohs1 ./stopNodeManager.sh ./stopWebLogic.sh
-
Run the following commands launching new terminal windows as
oracle
to start the servers. Enter weblogic andfor `username` and password if prompted: cd /u01/app/oracle/admin/domains/oam_domain/bin ./startWebLogic.sh ./startNodeManager.sh ./startComponent.sh ohs1
Test the WebGate
-
Launch an Incognito or private browser. Access the OHS URL:
http://oam.example.com:7777
.You should be redirected to the OAM SSO login page. Notice that the redirect URL now points to OAM server https
14101
port hosted on the OAM machine. -
Log in as
weblogic/<password>
if using Embedded LDAP server, or if you configured OUD then login asahall/welcome1
. The OHS Welcome page should be displayed. -
Launch another Incognito or private browser and test you can also access via
https://oam.example.com:4443
and login successfully.
Next Tutorial
Protect an Application Deployed in WebLogic Server with Oracle Access Management 12c
Feedback
To provide feedback on this tutorial, please contact idm_user_assistance_ww_grp@oracle.com.
Acknowledgements
- Author - Russ Hodgson