Configure Webgate 11g with OAM 11.1.2.3.0

This post describes the steps for configuring Webgate 11g for protecting applications.

Here webgate 11.1.1.9.0 version is used on top of oracle web tier 11.1.1.9.0 

OAM 11.1.2.3.0 version is used for authentication and authorization purpose.

OID 11.1.1.9.0 is used as ldap store for user data .

Prerequisites :

  • For this demostration, I have used a Linux VM with 16GB of Physical Memory.
  • Installed IDM 11.1.2.3.0 at : /oracle/app/product/fmw_oam  
  •  Installed IDM 11.1.1.9.0 at : /oracle/app/product/fmw_oid
  • Installed Webtier 11.1.1.9.0 at : /oracle/app/product/fmw_ohs 
  • Installed Webgate for OHS11.1.1.9.0 at : /oracle/app/product/fmw_ohs/OAMWebGate

After the product directories are installed , 

A domain is created from “ /oracle/app/product/fmw_oam  ” called : oam_domain.

This “oam_domain ” has AdminServer and oam_server running on the same host.

An oid instance was created from ” /oracle/app/product/fmw_oid ” called oid01 . 

An ohs instance was created from ”  /oracle/app/product/fmw_ohs  ” called ohs01 

Domain “oam_domain” is created for “OAM 11.1.2.3.0 “. This domain has AdminServer and oam_server running on same host. We  call this host as oamtest.demo.com

Configuration Steps:

  • First we will deploy one Java Web App – HelloWorld on AdminServer of oam_domain . Download HelloWorld.zip
  • This webapp is having a welcome page and links to HR page and Managers Page.
  • After deploying the web app to the Admin Console, try to access the application welcome page using Admin Server host name port.

example : http://oamtest.demo.com:7001/HelloWorld/welcome.jsp

Here : oamtest.demo.com – Admin Server listen address and 7001 – admin server port .

  • After this, we will configure OHS instance so that Application can be access via ohs . For this, we will be creating a virtual host configuration . 
  • edit the httpd.conf file with below entry : This is to include the vh.conf file.
## including virtual host configuration file :
include /oracle/app/admin/instance/ohs01/config/OHS/ohs01/vh.conf
  • create a file : vh.conf with below entries :

The below entries are to create two virtual hosts ” helloworld.com:80 ” and “globalworld.com:80 “

# This file is for configuring all the virtual hosts 

NameVirtualHost *:8888

<VirtualHost *:8888>
    ServerName helloworld.com:80
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On

</VirtualHost>

​<VirtualHost *:8888>
    ServerName globalworld.com:80
    RewriteEngine On
    RewriteOptions inherit
    UseCanonicalName On
</VirtualHost>
  • Now, in file , mod_wl_ohs.conf , enter the below details :
<IfModule weblogic_module>

## configuration for HelloWorld Application
    <Location /HelloWorld>
        
        SetHandler weblogic-handler
        WebLogicHost oamtest.demo.com
        WeblogicPort 7001

    </Location>
</IfModule>
  • Restart the ohs instance.
  • Try to access the HelloWorld application using the virtual hosts configured :

http://helloworld.com:8888/HelloWorld/   and  http://globalworld.com:8888/HelloWorld/

Now as we can see that the links to HR page and Managers page are accessed only when correct username credentials are used and the login page coming is a custom form based.

As we wanted to configure the authentication of this application via OAM , for that purpose , we need to configure WebGate on this OHS server.

  • To configure, webgate , blelow command will copy the required files from WebGate Installation dir to OHS config dir. 
 /oracle/app/product/fmw_ohs/OAMWebGate/webgate/ohs/tools/deployWebGate/deployWebGateInstance.sh -w /oracle/app/admin/instance/ohs01/config/OHS/ohs01 -oh /oracle/app/product/fmw_ohs/OAMWebGate
Copying files from WebGate Oracle Home to WebGate Instancedir
  • After this, we need to update the ohs config files to include webgate directives .
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:<Oracle_Home_for_Oracle_HTTP_Server>/lib
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/oracle/app/product/fmw_ohs/ohs/lib

cd /oracle/app/product/fmw_ohs/OAMWebGate/webgate/ohs/tools/setup/InstallTools
./EditHttpConf -w /oracle/app/admin/instance/ohs01/config/OHS/ohs01 -oh /oracle/app/product/fmw_ohs/OAMWebGate -o /oracle/app/admin/instance/ohs01/config/OHS/ohs01/webgate.out

Once this is done, we can restart the ohs instance and then try to access the application again via urls : http://helloworld.com:8888/HelloWorld/   and  http://globalworld.com:8888/HelloWorld/

Error received will be :

Internal Server Error
The server encountered an unknown error, possibly due to misconfiguration. Contact the server administrator: [no address given]

This error is coming because , now every request to HelloWorld application via OHS is intercepted by WebGate and WebGate needs to pass this request to OAM server for policy enforcement.Since there is no webgate agent yet configured on OAM server, this error is coming .

Configuration of WebGate Agent 11g on OAM Server using oamconsole :

Logon to oamconsole .

Go to Application Security >> Agents >> Create WebGate Agent and enter below values and click apply .

Version : 11g 
Name : HelloWebGate
Check : Virtual Host options ( as we are using virtual host in ohs ) 
Protected Resources : /HelloWorld/**

Go to Application Security >> Application Security >> Application Domain >> Serarch for HelloWebGate >> Select it to open it .

Under HelloWebGate >> Resources Tab : " /HelloWorld/** " can be seen with Authentication and Authorization Policy as : "Protected Resource Policy" 

Final Step is to transfer the OAM-Agent related files from oam server machine to ohs server machine. 

Go to Application Security >> Agents  >> Serarch for HelloWebGate >> Select it to open it >> There is a Download button . Clicking this button will download the agent related artifact on the browser machine.

Copy the file from this HelloWebGate.zip to  : /oracle/app/admin/instance/ohs01/config/OHS/ohs01/webgate/config directory

Restart the ohs instance .

Try to access the application page :  http://helloworld.com:8888/HelloWorld/   and  http://globalworld.com:8888/HelloWorld/

At this point of time I received error : 404 – Page now found .

After some debugging , I found that the host identifier was not updated with the actual host of the ohs server .

Once the host identifier was updated with the ohs machine actual hostname, the application page was presented with the OAM login page.

 

 

Please follow and like us:

4 Comments

  1. Jay November 19, 2015
    • weblogictips December 20, 2015
  2. weblogictips November 19, 2015
  3. Jay November 19, 2015

Please add your comments here