This is part IX of step by step installation of Oracle Identity Management (OAM, OIM, OAAM, OAPM & OIN) which covers configuring  WebGate for Oracle Access Manager 11.1.1.3.0 .

  • For Part I Download Software and create Schema click here
  • For Part II Install WebLogic Server 10.3.3  click here
  • For Part III Install SOA Server and Upgrade to 11.1.1.3 click here
  • For Part IV Install IDAM 11.1.1.3 click here
  • For Part V Create Domain for OIM, OAM, OAAM, OAPM & OIN click here
  • For Part VI Configure Identity Manager click here
  • For Part VII Install & Configure OIM Design Console click here
  • For Part VIII Configure LDAP Sync with OIM 11g click here (Optional – Required only for OAM-OIM Integration)

In this post I am going to show how to install 11g WebGate for Oracle HTTP Server (OHS) 11g with OAM 11g server.

OAM WebGate :  also known as AccessGate (in 10g) or OAM Agent (in 11g) is a Web Server Plug-in installed with WebServer (OHS, IIS, Apache, IBM WebServer) and communicates with Oracle Access Manager Server (Access Server in OAM10g). When user access a resource protected by Oracle Access Manager (OAM) then WebGate communicate with OAM to find how resource is protected and ask user to provide credential based on Authentication Policy set for resource.  For Request flow for WebGate check my earlier post here . For overview of Agents in OAM 11g (OAM Agents & OSSO Agent) click here

Note: WebGate of version 10g or 11g is certified with OAM 11g.

.

High level installation/configuration step  points for OAM 11g/10g WebGate

1. Ensure that WebServer is already installed for which you wish to install/configure WebGate.

2. Download WebGate for your WebServer. Download latest WebGate wherever applicable (For OHS 11g use 11g WebGate, for OHS 10g, IHS, IIS, Apache use 10.1.4.3 webgate).

3. Create instance of WebGate on OAM server (This can be done either by GUI or Command line) a.k.a. Provisioning WebGate .
a) GUI using OAM Administration Console.
b) Command Line using Remote Registration Tool (RREG) – RREG is available in two modes (in-band or out-of-band) . More on Remote Registration Utility here

4. Install WebGate on machine where Web Server is running.

5. Configure Web Server to include WebGate configuration (adding webgate.conf in httpd.conf)

6. Copy artifacts/files created by WebGate registration (in step 3) to WebGate Instance directory (created in step 4 above).

7. Restart Web Server

8. Test WebGate installation.

.

Key points for OAM 11g WebGate Installation

1. Currently (as of 3rd Jan 2011) 11g WebGate is available for Oracle HTTP Server 11g only. If you wish to configure WebGate for OHS 10g, IIS (Microsoft),  IHS (IBM HTTP Server) or Apache HTTP Server then user 10g WebGate for OAM 11g.

2. An Instance of WebGate must be created on OAM Server (aka Provisioning Agent) which can be either done via Graphical Tool (OAM Administration Console) or Command Line tool (Remote Registration Tool – RREG)

3. Remote Registration Tool (RREG) can be run in two modes i.e. in-band mode or out-of-band mode. In-Band mode is used where WebServer/WebGate and OAM server are managed by same team where as Out-of-band mode is used where WebServer/WebGate is managed by one team and OAM server is managed by different team.

4. 11g WebGate requires JRE 1.6 , use JDK 1.6 shipped with OHS 11g to install 11g WebGate.

5. WebGate on Unix/Linux machine requires compatible GCC which can be downloaded from here  (under GCC Libraries for Oracle Identity Federation)
.

.

WebGate (10g/11g) Installation Steps with OAM 11g

1. Download WebGate 11g from here  under “Oracle Access Manager WebGates (11.1.1.3.0)“. For 10g WebGate download them from  here  under “Oracle Access Manager 10g – non OHS11g Webgates and 3rd Party Integrations

2. Register WebGate with OAM Server using Remote Registration Tool in inband mode
2.1 cd $ORACLE_HOME/oam/server/rreg
2.2 set OAM_REG_HOME (to above directory) and JDK_HOME in oamreg.sh
2.3 Update serverAddress, agentBaseURL, agentName, HostIdentifier & applicationDomain in  $ORACLE_HOME/oam/server/rreg/input/OAM11GRequest.xml (For 10g WebGate update OAMRequest.xml )
2.4 cd $ORACLE_HOME/oam/server/rreg/bin/
2.5 ./oamreg.sh inband input/OAM11GRequest.xml   (This command will create an instance of 11gWebGate in OAM Sever and generate OAM WebGate artifacts in $ORACLE_HOME/oam/server/rreg/output)

 

. 3. Install OAM 11g WebGate for OHS 11g using

setup.exe -jreLoc <1.6_JRE_Location>  (For Windows)
runInstaller -jreLoc <1.6_JRE_Location>  (For Unix)

Enter Middleware Home and Oracle Home directory for WebGate installation.

.

4. Configure OAM 11g WebGate with OHS Instance.

4.1 cd $Webgate_Oracle_Home/webgate/ohs/tools/deployWebGate

4.2  deployWebgateInstance.sh|bat -w $Webgate_Instance_Directory -oh $Webgate_Oracle_Home (This command will copy files from WebGate software location to OHS instance directory)

where
WebGate_Instance_Directoryis OHS Instance Directory (default location is $ORACLE_HTTP_SERVER/ instance/ instance1/ config/ OHS/ ohs1) and

Webgate_Oracle_Home is directory in which Webgate is installed during WebGate installation screen above

 

4.3 Include OHS library files in to LD_LIBRARY_PATH as

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:<Oracle_Home_for_Oracle_HTTP_Server>/lib

4.4 Update httpd.conf of OHS

cd $Webgate_Oracle_Home/webgate/ohs/tools/setup/InstallTools
EditHttpConf -w $Webgate_Instance_Directory [-oh $Webgate_Oracle_Home>] [-o $output_file]

.

4.5 Copy files generated in step 2.5 from $ORACLE_HOME/oam/server/rreg/output/[Agent_Name] to $WEBGATE_INSTANCE_DIR/webgate/config (For OHS 11g location is $MW_HOME/Oracle_WT1/instances/instance1/config/OHS/ohs1/webgate/config)

5. Restart Oracle HTTP Server (OHS)
5.1 $ORACLE_HOME_for_OHS11g/instances/instance1/bin/opmnctl stopall
5.2 $ORACLE_HOME_for_OHS11g/instances/instance1/bin/opmnctl startall

6. Test WebGate Installation
6.1 Try accessing OHS 11g root page and it should redirect to OAM Single Sign-On Login page.

.

Related Posts for Access Manager


  1. Integration Steps – 10g AS with OAM (COREid)
  2. OAS – OAM (Access Manager / Oblix COREid) Integration Architecture
  3. Oblix COREid and Oracle Identity Management
  4. Installing Oracle Access Manager (Oblix COREid / Netpoint)
  5. Oracle Access Manager (Oblix COREid) 10.1.4.2 Upgrade
  6. Access Manager: WebGate Request Flow
  7. Introduction to Oracle Access manager : Identity and Access System – WebPass , Webgate, Policy Manager
  8. Certified Directory Server (AD, OID, Tivoli, Novell, Sun or OVD) and their version with Oracle Access Manager
  9. Install Oracle Access Manager (OAM) 10.1.4.3 Identity Server, WebPass, Policy Manager, Access Server, WebGate
  10. Multi-Language or multi-lingual Support/Documentation for Oracle Access Manager (OAM)
  11. OAM Policy Manager Setup Issue “Error in setting Policy Domain Root” : OAM with AD and Dynamic Auxiliary Class
  12. OAM 10.1.4.3 Installation Part II – Indentity Server Installation
  13. OAMCFGTOOL : OAM Configuration Tool for Fusion Middleware 11g (SOA/WebCenter) Integration with OAM
  14. Oracle Access Manager Installation Part III : Install WebPass
  15. OAM : Access Server Service Missing when installing Access Manager with ADSI for AD on Windows
  16. OAM : Create User Identity – You do not have sufficient rights : Create User Workflow
  17. Password Policy in Oracle Access Manager #OAM
  18. Changes in Oracle Access Manager 11g R1 (11.1.1.3)
  19. Agents in OAM 11g (WebGate 10g/11g, OSSO/mod_osso, AccessGate IDM Domain agent) aka PEP (Policy Enforcement Points)
  20. How to install Patches in Oracle Access Manager 10g : Bundle Patch / BPXX
  21. Session Management in #OAM 11g : SME , Idle Timeout, Session Lifetime
  22. Part IX : Install OAM Agent – 11g WebGate with OAM 11g
  23. How to integrate OAM 11g with OID 11g for User/Identity Store
  24. How to install Bundle Patch (BP) on OAM 11.1.1.3 – BP02 (10368022) OAM 11.1.1.3.2
  25. Error starting OAM on IBM AIX : AMInitServlet : failed to preload on startup oam java. lang. Exception InInitializer Error
  26. OAMCFG-60024 The LDAP operation failed. OAMCFG-60014 Oracle Access Manager is not configured with this directory
  27. How to Edit (create, delete, modify) Identity Store of OAM 11g from command line (WLST) – editUserIdentityStoreConfig
  28. OAM WebGate Registration RREG – Resource URL format is not valid
  29. Blank Screen on OAM 10g Identity Server Console : /identity/oblix
  30. Oracle 10g/11g webgate software download location
  31. How to find Webgate 10g/11g Version and Patches Applied
  32. OAM integration with OIF : Authentication Engine or Service Provider
  33. OAM 11g integration with Microsoft Windows Active Directory (WNA, IWA, Kerberos) for Zero Sign-On
  34. OAM 11g : How to change Security Mode (OPEN, SIMPLE, CERT) – WebGate to Access Server Communication
  35. Forgot Password link on OAM Login Page
  36. OIM-OAM-OAAM integration – Account Lockout in OAM obLoginTryCount , oblockouttime, MaxRetryLimit
  37. How to identify which LDAP (OID/AD/OVD) server OAM 11g connects to and as what user ?
  38. OAM 10g WebGate installation failed with Sorry Invalid User or Invalid Group
  39. Beware if you are running OAM in SIMPLE mode with 10g WebGate : Oracle AccessGate API is not initialized
  40. Troubleshooting : 11g WebGate with OHS 11g integrated with OAM 11g : OBWebGate_AuthnAndAuthz: Oracle AccessGate API is not initialized
  41. Deploying OAM in high availability across data centres in Active Active cluster : New Feature in OAM 11gR2 PS2
  42. New OAMConsole in OAM 11gR2 PS2 : Enabling Federation, STS, Mobile & Social in Oracle Access Management Suite 11.1.2.2