Copying Generated Artifacts to the Oracle HTTP Server WebGate Instance Location
After the RREG Tool generates the required artifacts, manually copy the artifacts from the RREG_Home/output/agent_ID
directory to the Oracle HTTP Server configuration directory on the Web tier host.
The location of the files in the Oracle HTTP Server configuration directory depends upon the Oracle Access Manager security mode setting (OPEN, SIMPLE, or CERT).
The following table lists the required location of each generated artifact in the Oracle HTTP Server configuration directory, based on the security mode setting for Oracle Access Manager. In some cases, you might have to create the directories if they do not exist already. For example, the wallet directory might not exist in the configuration directory.
Note:
For an enterprise deployment, Oracle recommends simple mode, unless additional requirements exist to implement custom security certificates for the encryption of authentication and authorization traffic. The information about using open or certification mode is provided here as a convenience.
Avoid using open mode, because in open mode, traffic to and from the Oracle Access Manager server is not encrypted.
For more information using certificate mode or about Oracle Access Manager supported security modes in general, see Securing Communication Between OAM Servers and WebGates in Administrator's Guide for Oracle Access Management.
File | Location When Using OPEN Mode | Location When Using SIMPLE Mode | Location When Using CERT Mode |
---|---|---|---|
wallet/cwallet.sso |
OHS_CONFIG_DIR/webgate/config/wallet |
OHS_CONFIG_DIR/webgate/config/wallet/ Note: By default the wallet folder is not available. Create the wallet folder underOHS_CONFIG_DIR/webgate/config/ .
|
OHS_CONFIG_DIR/webgate/config/wallet/ |
ObAccessClient.xml |
OHS_CONFIG_DIR/webgate/config |
OHS_CONFIG_DIR/webgate/config/ |
OHS_CONFIG_DIR/webgate/config/ |
password.xml |
N/A | OHS_CONFIG_DIR/webgate/config/ |
OHS_CONFIG_DIR/webgate/config/ |
aaa_key.pem |
N/A | OHS_CONFIG_DIR/webgate/config/simple/ |
OHS_CONFIG_DIR/webgate/config/ |
aaa_cert.pem |
N/A | OHS_CONFIG_DIR/webgate/config/simple/ |
OHS_CONFIG_DIR/webgate/config/ |
aaa_chain.pem |
N/A | N/A | OHS_CONFIG_DIR/webgate/config/ |
Note:
If you need to redeploy theObAccessClient.xml
to WEBHOST1
and WEBHOST2
, delete the cached copy of ObAccessClient.xml
and its lock file, ObAccessClient.xml.lck
from the servers. The cache location on WEBHOST1
is:OHS_DOMAIN_HOME/servers/ohs1/cache/
And you must perform the similar step for the second Oracle HTTP Server instance on WEBHOST2
:
OHS_DOMAIN_HOME/servers/ohs2/cache/
Note:
aaa_chain.pem
is generated when certificates are created for CERT mode.