How to configure SSL for OAM protected application

In this post I would like to talk about a requirement to access OAM 11g protected application in SSL mode. In my case the protected application is deployed in Tomcat Server front ending Apache Server.

The application is protected using OAM 11g Apache WebGate 10g and it works pretty fine. Now the goal is make it work in SSL mode. So the vital things here are to make changes in OAM front for this to work.

Pre-requisites:

  1. Apache Server should be configured to run in SSL mode. I am not getting into details of this here. Let us assume it is accessible using https port https://apache_hostname:8444/
  2. Tomcat application is being protected by OAM 11g using Apache 10g WebGate at front end and is working fine. Let us assume it to be accessible using URL http://apache_hostname/

Changes in OAM front:

  1. Create a new SSL Form Authentication scheme as shown below.
  2. Specify the challenge URL field for Login URL, for instance https://hostname:port/LN_login.html
  3. Notice that Challenge Parameters field should be specified with value ssoCookie:secure because ObSSOCookie needs to be sent over SSL
  4. Specify the new SSL Form Authentication Scheme in Authentication Policy in Application Domain as shown below.
  5. Change the Failure URL as https appropriately to a Authentication Failure Page. Same changes can be made to Authorization Failure URL in Authorization Policy, I am not giving screenshot here.
  6. Testing the URL, for instance https://apache_hostname:8444/private/protected.html and it displays Login page in HTTPS mode as shown below.
  7.  After successful authentication and authorization it gets redirected to requested resource in https mode.

That’s it. We are done here. Please post questions if you have any.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

20 comments
Add Your Reply