Configuring Single Sign-On Using WebGate and Oracle HTTP Server

Configuring Single Sign-On Using WebGate and Oracle HTTP Server

Written by
Vinish Kapoor is a seasoned software development professional and a fervent enthusiast of artificial intelligence (AI). His impressive career spans over 20 years, marked by a relentless pursuit of innovation and excellence in the field of information technology. As an Oracle ACE, Vinish has distinguished himself as a leading expert in Oracle technologies, a title awarded to individuals who have demonstrated their deep commitment, leadership, and expertise in the Oracle community.
  • Blog
  • 4 mins read

In this tutorial, you will learn how to configure Single Sign-On using WebGate and Oracle HTTP server.

WebGate is the policy enforcement agent that is typically deployed on the web tier to filter HTTP requests to ensure authentication before they reach the application.

The following sections outline the steps for installing and configuring WebGate with Oracle HTTP server.

Installing WebGate

Follow these steps to install WebGate on your application's host:

  1. Download the WebGate installer onto your Oracle HTTP Server host. You can find it on the Oracle Technology Network (OTN).
  2. Because WebGate is a C++ implemented component, you will also need to have the correct GNU Compiler Collection (GCC) libraries downloaded and made available on your host.
  3. Unzip the executable. This should result in a directory named Disk1. Go to Disk1 and launch the Oracle Installer using .runinstaller.
  4. When prompted for the JRE/JDK location, enter ~/products/jdk<version> from your OHS installation.
  5. Proceed with the Oracle Universal Installer. For the directory locations, we use ~/products as the MW_HOME and ~/products/Oracle_OAMWebGate1 as the ORACLE_HOME.
  6. When prompted for the GCC libraries location, specify the folder containing the GCC libraries, and proceed.
  7. Under $MW_HOME, you should now see Oracle_OAMWebGate1 if you look at the default values during the installation.

Creating and Registering a WebGate Instance for Single Sign-On

Create a WebGate instance on the host server for the OHS. Here are the steps to follow:

  1. Go to ~/products/Oracle_OAMWebGate1/webgate/ohs/tools/deployWebGate and then run the following commands (the command will modify the OHS instance configuration registered with WebGate):

Command

$ ./deployWebGateInstance.sh
-w ~/yourapplicationinstance/config/OHS/yourapp
-oh ~/products/Oracle_OAMWebGate1

Output

Copying files from WebGate_Oracle_Home to WebGate_instancedir

Command

$ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:~/products/Oracle_WT/lib
$ cd ~/products/Oracle_OAMWebGate/webgate/ohs/tools/setup/InstallTools
$ ./EditHttpConf -w ~/yourappinstance/config/OHS/appohs -oh ~/products/Oracle_OAMWebGate1 -o webgate.conf
  1. Go to ORACLE_HOME/oam/server/rreg/input in the OAM installation directory and modify OAM11GRequest.xml by setting values for these parameters:
  • <serverAddress> Set this to the OAM Admin Server URL.
  • <agentBaseUrl> Set this to the OHS URL.
  • <hostIdentifier> Set this to RREG_Web1 to identify the OHS host.
  • <agentName> Set this to RREG_Web1_agent1 to identify the agent.
  • <applicationDomain> Set this to RREG_yourappDomain to identify the domain.
  • <logoutCallbackUrl> Set this to /oam_logout_success.

Save the changes.

  1. Go to $ORACLE_HOME/oam/server/rreg/bin. Open oamreg.sh and set OAM_REG_HOME to $ORACLE_HOME/oam/server/rreg.
  2. Change the file permission of oamreg.sh by using the chmod 777 oamreg.sh command.
  3. Make sure JAVA_HOME in the environment is set to $MW_HOME/<jdk directory>.
  4. Go to $ORACLE_HOME/oam/server/rreg/ and execute the following command:
$ /bin/oamreg.sh inband input/OAM11GRequest.xml

When prompted for the username and password, enter the administrator names for OAM server. When prompted for the WebGate password, enter N and proceed. When prompted for URIs file, enter N and proceed.

  1. When finished, go to $ORALE_HOME/oam/server/rreg/output/RREG_web1_agent1. Copy cwallet.sso and ObAccessClient.xml to the OHS machine web1 and make them available under ~/yourappinstance/config/OHS/appohs/webgate/config/.
  2. Restart OHS on web1 with the following command:
$ cd ~/yourapp/bin
$ ./opmnctl stopall
$ ./opmnctl startall

You have completed the WebGate registration. You should be able to access your application web interfaces using the URL, for example, http://web1:7777/.

See also: