In this tutorial, you will learn how to configure Single Sign-On using WebGate and Oracle HTTP server.
WebGate is the policy enforcement agent that is typically deployed on the web tier to filter HTTP requests to ensure authentication before they reach the application.
The following sections outline the steps for installing and configuring WebGate with Oracle HTTP server.
Installing WebGate
Follow these steps to install WebGate on your application's host:
- Download the WebGate installer onto your Oracle HTTP Server host. You can find it on the Oracle Technology Network (OTN).
- Because WebGate is a C++ implemented component, you will also need to have the correct GNU Compiler Collection (GCC) libraries downloaded and made available on your host.
- Unzip the executable. This should result in a directory named Disk1. Go to Disk1 and launch the Oracle Installer using
.runinstaller
. - When prompted for the JRE/JDK location, enter
~/products/jdk<version>
from your OHS installation. - Proceed with the Oracle Universal Installer. For the directory locations, we use
~/products
as theMW_HOME
and~/products/Oracle_OAMWebGate1
as theORACLE_HOME
. - When prompted for the GCC libraries location, specify the folder containing the GCC libraries, and proceed.
- Under
$MW_HOME
, you should now seeOracle_OAMWebGate1
if you look at the default values during the installation.
Creating and Registering a WebGate Instance for Single Sign-On
Create a WebGate instance on the host server for the OHS. Here are the steps to follow:
- Go to
~/products/Oracle_OAMWebGate1/webgate/ohs/tools/deployWebGate
and then run the following commands (the command will modify the OHS instance configuration registered with WebGate):
Command
$ ./deployWebGateInstance.sh -w ~/yourapplicationinstance/config/OHS/yourapp -oh ~/products/Oracle_OAMWebGate1
Output
Copying files from WebGate_Oracle_Home to WebGate_instancedir
Command
$ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:~/products/Oracle_WT/lib $ cd ~/products/Oracle_OAMWebGate/webgate/ohs/tools/setup/InstallTools $ ./EditHttpConf -w ~/yourappinstance/config/OHS/appohs -oh ~/products/Oracle_OAMWebGate1 -o webgate.conf
- Go to
ORACLE_HOME/oam/server/rreg/input
in the OAM installation directory and modifyOAM11GRequest.xml
by setting values for these parameters:
<serverAddress>
Set this to the OAM Admin Server URL.<agentBaseUrl>
Set this to the OHS URL.<hostIdentifier>
Set this to RREG_Web1 to identify the OHS host.<agentName>
Set this to RREG_Web1_agent1 to identify the agent.<applicationDomain>
Set this to RREG_yourappDomain to identify the domain.<logoutCallbackUrl>
Set this to /oam_logout_success.
Save the changes.
- Go to
$ORACLE_HOME/oam/server/rreg/bin
. Openoamreg.sh
and setOAM_REG_HOME
to$ORACLE_HOME/oam/server/rreg
. - Change the file permission of
oamreg.sh
by using thechmod 777 oamreg.sh
command. - Make sure
JAVA_HOME
in the environment is set to$MW_HOME/<jdk directory>
. - Go to
$ORACLE_HOME/oam/server/rreg/
and execute the following command:
$ /bin/oamreg.sh inband input/OAM11GRequest.xml
When prompted for the username and password, enter the administrator names for OAM server. When prompted for the WebGate password, enter N and proceed. When prompted for URIs file, enter N and proceed.
- When finished, go to
$ORALE_HOME/oam/server/rreg/output/RREG_web1_agent1
. Copycwallet.sso
andObAccessClient.xml
to the OHS machine web1 and make them available under~/yourappinstance/config/OHS/appohs/webgate/config/
. - Restart OHS on web1 with the following command:
$ cd ~/yourapp/bin $ ./opmnctl stopall $ ./opmnctl startall
You have completed the WebGate registration. You should be able to access your application web interfaces using the URL, for example, http://web1:7777/
.