Saturday, 23 August 2014

Deploy OAM11g R2PS2 Webgate on IIS7.5 Windows 2008

Installing Webgate On IIS7.5 Windows Server 2008R2 


1)      Download the Webgate 11g R2PS2 for Windows.
2)      Extract the webgate.zip.
3)      Go to Disk1 folder present under webgate folder.
4)      Copy the path & open command prompt.
a.       Change your directory to the path copied above.
5)      Now execute the setup.exe followed by jre location

                  o   It will start the installation process.



6)      Now follow the steps:



  o   Press Next


       ·         Skip Software Updates


       ·         Perquisite Checks – Proceed Next



       ·         Installation Location: Provide the installation directory location.


       
         ·        Installation Summary: Proceed Next to start the Installation


       
         ·         Installation Started:





              
   
         ·         Installation Completed:




So we are done with the Webgate Installation... Now let's proceed to Configuration Phase.. :-)


Configure Webgate with IIS7.5 

1)      Go to the Webgate Home Directory ->

a.       It is the location where we have install the webgate.

 For Eg: Our WG Home Location
C:\oracle\product\11.1.1\as_3

b.      Go to the deployWebgate folder present under
C:\oracle\product\11.1.1\as_3\webgate\iis\tools\deployWebGate

c.       Execute deployWebGateInstance.bat script




You can see the arguments passed to the script (self-explanatory)


d.      Now we need to execute ConfigureIISWebGate.bat present under
C:\oracle\product\11.1.1\as_3\webgate\iis\tools\ConfigureIISConf




e.      Your site is now mapped with the webgate. To show this mapping. Go to your webgate home location -> lib folder -> open webgate.ini





            ·         Now we need to add artifacts to the webgate instance dir (config folder).
            ·         Restart the IIS Server.
Guys we are done with the Webgate deployment on Windows Server 2008 R2 on IIS7.5 Web Server....!!!!!
Enjoy :-)





Posted by at No comments:
Labels: , , , , , , ,

Thursday, 21 August 2014

Creating an IIS7.5 New Site (Integrated Mode)

Creating an IIS7.5 Site in Integrated Mode: 

     ·         Go to Sites -> Right Click -> Add New Site








      ·         Now provide the details & Press Ok. Your site is created now.
o   If you explore your site, you will see that perl & cgi handler are already present.
Because we have added them at global site level already.
      ·         Remember the name of the site created. Like we created a site with name “ecc_ship_r2ps2”.
o   As this name is required at the time of webgate configuration.

1)      Application Pool –
This site created above is in “Integrated Mode”.



Note: Here the .net version is v2.0 but if in future we want to use ObPrincipalModule.dll with our deployed app than this version needs to be changed to v4.0

2)      Check Handler Mapping:
Go to IIS -> <Your Site> -> Open Handler Mapping
Note: In case you see that ISAPI.dll is disable, it means it is not having execute permission. Just right click & enable it.





o   Give Execute Permission to it.




We are done with IIS7.5 new site creationin Integrated Mode............!!!!!!!!!!!!!!!


Enjoy :-)

Posted by at No comments:
Labels: , , , , , ,

Integrating OAM 11G R2PS2 Webgate Impersonation Module in IIS7.5 Windows 2008 R2

Lets start the process: Just follow below steps :-)

1)  Follow Steps for Pre-requisites (Windows Server 2008 R2)

·         IIS 7.5 Server Role Configuration  
·         IIS7.5 Site Configuration -

2)  How to Perform –

·         WebGate11g Installation & Configuration on Windows 2008R2 - IIS7.5 Server
·         Enabling Impersonation Module

3)  Troubleshooting Section (to be updated soon)


4) Configuring DCC Webgate in IIS 7.5-

Posted by at No comments:
Labels: , , , ,

IIS7.5 Global Site Default Configuration

Global Site Configuration Steps:

    1)      Considering IIS Server Role is already added to your Windows Server 2008 R2 Box. 
          In case not than open below mention link.
          IIS7.5 Server Role Configuration

    2)     As we have added the IIS role in our Windows Server, now we need to create a site using which we will do the configuration with webgate.
    
    3)      Go to Start -> Internet Information Services (IIS) Manager

4)     Explore the localhost connection

     5)      Adding support for perl & cgi execution -> Go to Handler Mappings


  • In case you see, ISAPI.dll as disabled than enable it. Either you can enable it at global level or it can be enable per site basis as well.
  • Now we need to add the support for cgi & perl script execution. Their support can be added at global or per site level basis.
  • We are adding them at global site level.
    •  Add Script Map for .pl & .cgi support







      ·         Checking Execute Permission


Check whether execute permission is granted or not to both .cgi & .pl handlers. In case it is not, than provide it execute permission.





You are done with Global Site Configurations...........!!!!!!!!!!!


Enjoy :-)

Posted by at No comments:
Labels: , , , , , ,

IIS7.5 Server Role Configuration

Configuring IIS Role in Windows Server 2008 R2

   1)        Click Start -> All Programs -> Administrative Tools -> Server Manager.




   2)      In the Server Manager window, right click Roles -> Add Roles. It will open a new window “Before you Begin”


     Press Next

    3)      Select Web Server (IIS) on the Select Server Roles page


Press Next

   4)      Select the IIS services to be installed on the Select Role Services page
Add all the roles services as seen in the BELOW pictures.




     Press Next, once the desired roles are added.

5)      Add any required role services.



6)      Proceed Next, IIS is now installed with a default configuration for hosting ASP.NET on Windows Server. Click Close to complete the process.

 7)      Confirm that the Web server works by using http://localhost.

8)      Now you can see that in the Server Manager -> Roles -> Web Server (IIS) is listed.

    •           And you can verify the Role Service added to it as well.



Now you are done with the IIS Server Role Configuration.............!!!!


 Enjoy :-)

Posted by at No comments:
Labels: , , ,

Using C/C++ Resolver API - DNS IP Switch Over

  Explanation:


Usually for obtaining IP Address of a remote host makes us to use gethostbyname() function call.
It actually gets the IP Address by looking up the DNS. But but…. This happens for the first time only, next time onward's it reads the IP Address from the cache i.e. maintained by “nscd”. 
Till the time it is available their the request is fulfilled. Once the cache is cleared, again DNS look up is performed.

So consider the case where our software is making gethostbyname() call & suddenly a switch over is made at DNS. But as our software is reading the IP address from the cache thus we are unaware of the switch. 
In this case it is possible that the software keeps on requesting the old IP, till the cache is not cleared & a fresh look up call is made.
To avoid such scenario, C/C++ has an inbuilt library i.e. “resolver api (libresolv.a/libresolv.so)”. 

It has the required function calls which do the DNS lookup & provide the required info like IP addresses, hostname, Start of Authority Record, Name-server’s list etc.. etc…..
This API is really powerful & useful utility. If someone has used DIG Command than one can easily relate to this as well.
All the options available with DIG, can be performed with this Resolver API as well.

Eg: This sample program prints the IP Address for the provided hostname.

#include<cstdlib>
#include<iostream>
#include<string>
#include <algorithm>

using namespace std;

int main(int argc, char **argv){ 
    u_char nsbuf[NS_PACKETSZ]; /* Response Buffer NS_PACKETSZ=512 ( maximum packet size) */
    char dispbuf[4096];         /* buffer to display the resource record */
    char ipadd[INET_ADDRSTRLEN]; /* saves the Host Address for IPv4 */
    string readall;

    ns_msg msg; /* handle for response message */
    ns_rr rr; /* expanded resource record */
    int i, j, l;

    char * hostname=argv[1];

    /*
     * Look up the records for the given domain name.
     * We expect the domain name to be a fully qualified, so
     * we use res_query(  ).  If we'd wanted the resolver search
     * algorithm, we would have used res_search(  ) instead.
     */
         //l=res_search (argv[i], ns_c_any, ns_t_a, nsbuf, sizeof (nsbuf));
        l = res_query ( hostname, /* domain name   */
                        ns_c_any,  /* Internet class records     */
                        ns_t_a,  /* Look up Host address */
                        nsbuf,  /*response buffer*/
                        sizeof (nsbuf)  /*buffer size    */
                       );

        if (l < 0) {
            perror (hostname);
        } else {

        /*
         * Initialize a handle to this response.  The handle will
         * be used later to extract information from the response.
         */

            ns_initparse (nsbuf, l, &msg);

         /* Count total answers received in the record. */
            l = ns_msg_count (msg, ns_s_an);

        for (j = 0; j < l; j++) {
        /*
         * Expand the answer section record into rr.
        */
                ns_parserr (&msg, ns_s_an, j, &rr);

                 /* fill the buffer with the record data */
                ns_sprintrr (&msg, &rr, NULL, NULL, dispbuf, sizeof (dispbuf));

/*              ns_sprintrrf(ns_msg_base(msg), ns_msg_size(msg),ns_rr_name(rr), ns_rr_class(rr), 
ns_rr_type(rr),ns_rr_ttl(rr), ns_rr_rdata(rr), ns_rr_rdlen(rr),NULL, NULL, dispbuf,sizeof(dispbuf));
              printf ("%s\n", dispbuf);
*/
                cout<<dispbuf<<endl;

        /* Get the Host IP Address */
inet_ntop(AF_INET,ns_rr_rdata(rr),ipadd,INET_ADDRSTRLEN);

//              printf("%s\n",ipadd);

                readall += ipadd;
                readall.erase(remove(readall.begin(), readall.end(), '\n'), readall.end());
                readall.append(";");
                //cout<<ipadd<<endl;

            }
        cout<<readall<<endl;
  } 

}

Complie & Link: g++ socket.cpp -o socket_pgm /usr/lib64/libresolv.a 

 Execute: ./socket_pgm <hostname>
               ./socket_pgm www.google.com



More Info: man resolver


Enjoy............. :-)
Posted by at No comments:
Labels: , , , , , , , , ,

Friday, 1 August 2014

Configure Simple Mode Communication for OAM 11G R2PS2


Let's Start................

Open the oamconsole (http://<host.domain:7001>/oamconsole)

1) Go to Server Instances:

 

2) Open your Server Instance:




3) Change the Mode to Simple Mode:



      3.a) Apply the changes:




4) Go to Access Manager Settings:





      4.a) Provide the Global Passphrase:


        4.b) Apply the changes


5) Now Go to SSO Agents:


    5.a) Open your SSO Agent



 
     5.b) Change the Mode to Simple


    5.c) Apply the changes.

6) Restart the managed server.

7) Now we need to copy the artifacts generated in <MW_HOME>/user_projects/domains/base_domain/output/<webgate_profile_name>/

    a) cwallet.sso
    b) ObAccessClient.xml 
    c) password.xml 
   
   Copy them to the config folder of Webgate instance directory i.e.
<MW_HOME>/Oracle_WT1/instances/<instance_name>/config/OHS/ohs1/webgate/config
above path is for non windows server.
For Windows Server (say IIS) - C:\oracle\product\11.1.1\<webgate_instance_name>\config\

8) Similarly copy aaa_cert.pem & aaa_key.pem files to simple folder in Webgate instance config folder.

9) Restart the Web Server Instance.


 Your Simple Mode Security Communication is configured & ready to use.

For detailed information you can refer to following link:
Oracle OAM 11G R2PS2 Guide - Simple Mode Configuration


Enjoy ............... :-)


Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)