Pre-requisites:
- IIS Server Role is already added: In case not follow Configure IIS Server Role
- IIS Site is created:
- IIS R2PS2 Webgate is installed & configured with the IIS Sites: Configure IIS R2PS2 Webgate 11g
Let's start the process:
- Open OAM Console : http://host:port/oamconsole
- Create Webgate Agent Profile:
- We need to create 2 profiles: One is the resource webgate profile & other is DCC webgate profile.
- Create Resource Webgate Profile: rwg-9090
- Create DCC Webgate Profile: dcc-9091
- Once done the change, click apply to reflect the changes.
- Now we need to add resources to with the DCC profile just created:
- We need to add a few excluded resources, so that no authentication/authorization is made for them.
- Select the dcc-9091 profile:
- Let's create excluded resource:
- We have created following excluded resources:
- /favicon.ico
- /oamsso-bin/login.pl
- /oamsso/** - Note this is an additional resource to be excluded as for IIS this needs to be excluded. Other wise for other servers it is not required.
- Now we need to create a DCC Authentication Scheme: This scheme will be used by resource webgate & dcc webgate both.
- Now we need to attach the both created authn scheme with the profiles:
- You can see that i have created 2 IIS sites & webgate is already configured with both of them.
- Now copy the artifacts to the webgate instance directory in the respective resource & dcc webgate sites.
- In our setup: we have rwg-9090 for resource webgate & dcc-9091 for dcc webgate.
- Once done, restart the IIS Server: using the command 'iisreset'.
- Now access the protected resource webgate url:
http://host:9090/welcome.html
- Did you noticed you get this login page, having url as http://host:9091/oamsso-bin/login.pl
- This is the challenge url that we have mentioned in the dcc authn scheme.
- With DCC webgate in picture, the oam server ip port is mot visible to the end user, that's why it is a detached credential collector. It has detached the credential collection process from the OAM Server.
- Now it is the DCC which creates OAP/NAP connections with OAM Server.
This end's the DCC Webgate Configuration with IIS 7.5/8.5 on Windows 2008 R2.
Enjoy :-)
No comments:
Post a Comment