In this post I would like to talk about a requirement to access OAM 11g protected application in SSL mode. In my case the protected application is deployed in Tomcat Server front ending Apache Server.
The application is protected using OAM 11g Apache WebGate 10g and it works pretty fine. Now the goal is make it work in SSL mode. So the vital things here are to make changes in OAM front for this to work.
- Apache Server should be configured to run in SSL mode. I am not getting into details of this here. Let us assume it is accessible using https port https://apache_hostname:8444/
- Tomcat application is being protected by OAM 11g using Apache 10g WebGate at front end and is working fine. Let us assume it to be accessible using URL http://apache_hostname/
Changes in OAM front:
- Create a new SSL Form Authentication scheme as shown below.
- Specify the challenge URL field for Login URL, for instance https://hostname:port/LN_login.html
- Notice that Challenge Parameters field should be specified with value ssoCookie:secure because ObSSOCookie needs to be sent over SSL
- Specify the new SSL Form Authentication Scheme in Authentication Policy in Application Domain as shown below.
- Change the Failure URL as https appropriately to a Authentication Failure Page. Same changes can be made to Authorization Failure URL in Authorization Policy, I am not giving screenshot here.
- Testing the URL, for instance https://apache_hostname:8444/private/protected.html and it displays Login page in HTTPS mode as shown below.
- After successful authentication and authorization it gets redirected to requested resource in https mode.
That’s it. We are done here. Please post questions if you have any.