Step by Step instructions to install and configure OAM 11g Webgate (11.1.1.5) with Oracle HTTP Server (OHS) 11g (11.1.1.5) are described in this article. OAM 11g Server supports 10g Webgates, 11g Webgates, and OSSO (mod_osso) agents. 11g Webgate has got few security enhancements. Here is a quick list of differences between 10g and 11g Webgates.
Feature | 11g Webgate | 10g Webgate |
---|---|---|
Download Page | Oracle Identity Management 11g | Oracle Identity Management 10g (10.1.4.x) |
Platform | Generic version for all platforms | Platform Specific |
JDK | JDK is required | JDK is NOT required |
GCC Libraries | Required | Required |
Agent Registrations | Can be performed after Webgate installation | To be performed before Webgate installation |
OHS Integration | to be performed after installation (manually) | Installer updates OHS configurations |
Webgate Cookie | OAMAuthnCookie_<host:port>_<random number> | ObSSOCookie |
OAM Server Cookie | OAM_ID | OAM_ID |
Webgate Request Cookie | OAM_REQ | OAM_REQ |
High level steps are:
- Download 11g Webgate
- Install 11g Webgate
- Configure OHS 11g with 11g Webgate
- Remote Registration of 11g Webgate
- Test the login
- Troubleshooting
Download 11g Webgate
1. Download OAM 11g Webgate from http://download.oracle.com/otn/nt/middleware/11g/111150/ofm_webgates_generic_11.1.1.5.0_disk1_1of1.zip
2. If not already available, download and Install JDK from http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u29-download-513648.html. I have installed JDK in /oracle/middleware/jdk.
Install 11g Webgate
Create a GCC Libraries folder and copy the necessary files into it. GCC Libraries are needed by the Webgate.
[OHS@ohs ~]$ mkdir /oracle/middleware/gcclib [OHS@ohs ~]$ cp /lib64/libgcc_s.so.1 /oracle/middleware/gcclib/ [OHS@ohs ~]$ cp /usr/lib64/libstdc++.so.5 /oracle/middleware/gcclib [OHS@ohs ~]$ cp /usr/lib64/libstdc++.so.6 /oracle/middleware/gcclib/ [OHS@ohs ~]$ ls -ltr /oracle/middleware/gcclib total 2048 -rwxr-xr-x 1 oracle oinstall 58400 Mar 4 11:04 libgcc_s.so.1 -rwxr-xr-x 1 oracle oinstall 825400 Mar 4 11:04 libstdc++.so.5 -rwxr-xr-x 1 oracle oinstall 976312 Mar 4 11:04 libstdc++.so.6 [OHS@ohs ~]$Now, launch the installer and enter JDK installation location.
[oracle@ohs 11.1.1.5.0]$ unzip ofm_webgates_generic_11.1.1.5.0_disk1_1of1.zip [oracle@ohs 11.1.1.5.0]$ cd Disk1 [oracle@ohs Disk1]$ ls -ltr total 112 -rwxrwxr-x 1 oracle oinstall 13307 Dec 20 2010 runInstaller -rwxrwxr-x 1 oracle oinstall 86016 Mar 28 2011 setup.exe drwxrwxr-x 12 oracle oinstall 4096 May 5 2011 install drwxr-xr-x 13 oracle oinstall 4096 May 5 2011 stage [oracle@ohs Disk1]$ ./runInstaller Starting Oracle Universal Installer... Checking if CPU speed is above 300 MHz. Actual 3336 MHz Passed Checking Temp space: must be greater than 150 MB. Actual 2621 MB Passed Checking swap space: must be greater than 512 MB. Actual 2047 MB Passed Checking monitor: must be configured to display at least 256 colors. Actual 65536 Passed Preparing to launch Oracle Universal Installer from /tmp/OraInstall2012-03-04_10-57-26AM. Please wait ... Please specify JRE/JDK location ( Ex. /home/jre ), <location>/bin/java should exist :/oracle/middleware/jdkConfigure OHS 11g with 11g Webgate
Webgate installer would not update OHS configuration. So, OHR has to be manually updated here. As shown above, I have installed Webgate 11g in /oracle/middleware/webgate.11g and OHS Instance location is /oracle/middleware/instances/ohs. The following step would create a webgate instance directory in ORACLE_INSTANCE of OHS 11g.
[OHS@ohs ~]$ cd /oracle/middleware/webgate.11g/webgate/ohs/tools/deployWebGate [OHS@ohs deployWebGate]$ ./deployWebGateInstance.sh -w /oracle/middleware/instances/ohs/config/OHS/ohs1 -oh /oracle/middleware/webgate.11g Copying files from WebGate Oracle Home to WebGate Instancedir [OHS@ohs deployWebGate]$Now, let’s update httpd.conf with the Webgate configuration.
[OHS@ohs deployWebGate]$ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/oracle/middleware/ohs/lib [OHS@ohs deployWebGate]$ cd /oracle/middleware/webgate.11g/webgate/ohs/tools/setup/InstallTools [OHS@ohs InstallTools]$ ./EditHttpConf -w /oracle/middleware/instances/ohs/config/OHS/ohs1 -oh /oracle/middleware/webgate.11g The web server configuration file was successfully updated /oracle/middleware/instances/ohs/config/OHS/ohs1/httpd.conf has been backed up as /oracle/middleware/instances/ohs/config/OHS/ohs1/httpd.conf.ORIG.1 [OHS@ohs InstallTools]$Remote Registration of 11g Webgate
If you’re using remote registration (RREG) tool for the first time, extract RREG.tar.gz and set OAM_REG_HOME and JAVA_HOME in oamreg.sh. This can be done on either OHS server or OAM Server. I have picked OAM Server for RREG tool.
[oracle@oam ~]$ tar xzf $ORACLE_HOME /oam/server/rreg/client/RREG.tar.gz $ORACLE_HOME [oracle@oam ~]$ cd $ORACLE_HOME/rreg/bin [oracle@oam ~]$ diff oamreg.sh oamreg.sh.orig 16c16 < OAM_REG_HOME="/oracle/middleware/oam/rreg" --- > OAM_REG_HOME=${OAM_REG_HOME-${SCRIPT_PATH}/..} 19c19 < JAVA_HOME="/oracle/middleware/jdk" --- > JAVA_HOME=$JAVA_HOME [oracle@oam ~]$Create an input for RREG tool (for inband operation as this is performed on OAM Server and by OAM Admin). I have root protected all the URLs and unprotect /index.html and /unprotectedbyoam.html, excluded /excludedbyoam.html.
[oracle@oam ~]$ cat /oracle/middleware/oam/rreg/input/OHS_WebGate11g.xml <?xml version="1.0" encoding="UTF-8"?> <!-- Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. NAME: OAM11GRequest_short.xml - Template for OAM 11G Agent Registration Request file (Shorter version - Only mandatory values - Default values will be used for all other fields) DESCRIPTION: Modify with specific values and pass file as input to the tool. --> <OAM11GRegRequest> <serverAddress>http://localhost:7002</serverAddress> <hostIdentifier>OHS_HOST</hostIdentifier> <agentName>OHS_OHS11G_WEBGATE11G</agentName> <protectedResourcesList> <resource>/</resource> <resource>/.../*</resource> </protectedResourcesList> <publicResourcesList> <resource>/index.html</resource> <resource>/unprotectedbyoam.html</resource> </publicResourcesList> <excludedResourcesList> <resource>/excludedbyoam.html</resource> </excludedResourcesList> </OAM11GRegRequest> [oracle@oam ~]$Now, let’s the RREG tool to create the artifacts files needed to be copied to Webgate folder on OHS Server from OAM Server.
[oracle@oam ~]$ cd $ORACLE_HOME/rreg [oracle@oam rreg]$ ./bin/oamreg.sh inband input/OHS_WebGate11g.xml JAVA_HOME=/oracle/middleware/jdk CLASSPATH=/oracle/middleware/oam/rreg/lib/rreg.jar:/oracle/middleware/oam/rreg/lib:/oracle/middleware/oam/rreg/lib/RequestResponse.jar:/oracle/middleware/oam/rreg/lib/commons-codec-1.3.jar:/oracle/middleware/oam/rreg/lib/commons-httpclient-3.1.jar:/oracle/middleware/oam/rreg/lib/commons-logging-1.1.1.jar:/oracle/middleware/oam/rreg/lib/ojmisc.jar:/oracle/middleware/oam/rreg/lib/jps-api.jar:/oracle/middleware/oam/rreg/lib/jps-internal.jar:/oracle/middleware/oam/rreg/lib/jps-common.jar:/oracle/middleware/oam/rreg/lib/identitystore.jar:/oracle/middleware/oam/rreg/lib/identityutils.jar:/oracle/middleware/oam/rreg/lib/ldapjclnt11.jar:/oracle/middleware/oam/rreg/lib/dms.jar:/oracle/middleware/oam/rreg/lib/fmw_audit.jar:/oracle/middleware/oam/rreg/lib/ojdl.jar:/oracle/middleware/oam/rreg/lib/oraclepki.jar:/oracle/middleware/oam/rreg/lib/osdt_cert.jar:/oracle/middleware/oam/rreg/lib/osdt_core.jar:/oracle/middleware/oam/rreg/lib/osdt_jce.jar:/oracle/middleware/oam/rreg/lib/osdt_saml.jar:/oracle/middleware/oam/rreg/lib/osdt_xmlsec.jar:/oracle/middleware/oam/rreg/lib/xmlparserv2.jar:/oracle/middleware/oam/rreg/lib/jps-unsupported-api.jar:/oracle/middleware/oam/rreg/lib/nap-api.jar:/oracle/middleware/oam/rreg/lib/utilities.jar:. OAM_REG_HOME=/oracle/middleware/oam/rreg ------------------------------------------------ Welcome to OAM Remote Registration Tool! Parameters passed to the registration tool are: Mode: inband Filename: /oracle/middleware/oam/rreg/input/OHS_WebGate11g.xml Enter admin username:weblogic Username: weblogic Enter admin password: Do you want to enter a Webgate password?(y/n): n Do you want to import an URIs file?(y/n): n ---------------------------------------- Request summary: OAM11G Agent Name:OHS_OHS11G_WEBGATE11G URL String:OHS_HOST Registering in Mode:inband Your registration request is being sent to the Admin server at: http://localhost:7002 ---------------------------------------- Inband registration process completed successfully! Output artifacts are created in the output folder. [oracle@oam rreg]$Now, copy these files to OHS Server.
[oracle@oam ~]$ scp /oracle/middleware/oam/rreg/output/OHS_OHS11G_WEBGATE11G/* ohs:/oracle/middleware/instances/ohs/config/OHS/ohs1/webgate/configThat’s all. Restart OHS and check OAM Console to see if things are right and assign the desired AuthenticationScheme to this OHS resources.
![]()
Troubleshooting
Problem. 1: The library libstdc++.so.6 does not exists in the provided location
Fix: This can happen when libstdc++.so.6 does not exist or when bit mismatches between OS (64bit) and OHS (32bit). If OHS is 32bit and installing 32bit GCC libraries on 64bit OS, run 11g Webgate installer from 32bit shell (for example: linux32 sh)
Problem. 2: The AccessGate is unable to contact any Access Servers / Exception thrown during WebGate initialization on Solaris environments with OAM in Simple Security Mode (instead of open).
Fix: This has something to do with PKCS11-Solaris security provider. Apply OAM 11.1.1.5 BP02 (Patch 13115859) to fix this. Please refer to bug#: 12716214 and note#: 1395791.1 for more information.
Leave A Comment