How to add Primary/Secondary Access servers to WebGate in OAM 10g

In production environment, it is indeed required to have multiple access servers as Primary/Secondary or to be used a Access Server cluster for all WebGates in the same deployment. This is specific to OAM 10g.

Let us assume that there are 3 access servers totally out of which 2 are designated as Primary and other as Secondary. Hence primarily the requests will be handled by Primary Servers unless one/all of the access servers goes down. I am going to explain how to attach multiple access servers to a webgate either while installing the webgate or during webgate reconfiguration.

At first, we would need to attach the Access Servers to WebGate in profile as shown below.

However, if you are installing WebGate 10g or reconfiguring webgate, there is no option to specify Primary/Secondary Access Servers or Access Server Cluster. So I thought it is worth to let you all the procedure.

While installing the WebGate, we can provide one of the Primary Access Server ID and  Access Server hostname (of the same webgate) so that WebGate will check the Access Server ID in OAM Configuration Store and finds that Primary/Secondary servers are available and accordingly will update the ObAccessClient.xml (present in $WEBGATE_HOME/access/oblix/lib) as shown below.

Blocks marked in RED specify that there are 2 Primary Servers configured and respective access server details are marked in PINK blocks.

Secondary Access Server details are shown in below screenshot.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

3 comments
Mohan says June 15, 2011

for example there are two type of users internal users and external users probably internel users are employes and external users are customers,and if iam having two seperate web applications one for internal users and other for exernal user with two different schemas…let say the internal apps is like—containing a go page in which they will have all the links regarding the company also having supportsite which is an external users app…so my question is that using oam can we provide sign on to..?
1.when the internal user login to the system using IWA and access the external app(support site) as the second app is protected it prompts for the authentication but as the internal user already authenticated using IWA he should directly redirected to that second app home page.
2.Here in this situation the internal app login crediantials are entirely differnt from external app crediantials i.e..,internal users login using their employee crediantials where as the external user login using a valid mail address..
3.As for the two apps entire schema values are different..can we do this by installing two oracle access manager say 1 oam for internal users ,2 oam for external users.if this happenes…? while authenticating internal users the oamserver1 generates obsso cookie..,when the same user try to access the second app from the same browser(protected by oamserver2) will he directly redirected to second app home page…using the previous cookie as this is done in the same browser….?

Could you please help to solve this issue

Reply
Mahendra says June 15, 2011

Hello Mohan,

My first question – why do you have two different schemas for internal and external users?

A single OAM instance would be sufficient. You may have two webgates – one for internal users and other for external users if both applications are deployed at different locations from each other.

AFAIK, SSO for different applications can be achieved if authentication schemes have same authentication level even if some of the applications use IWA or Form or Certificate.

Hope this helps.

-Mahendra.

Reply
Mohan says June 16, 2011

Hi,

thanks mahendra for your reply

Reply
Add Your Reply