Wednesday, 14 January 2015

Configuring Detached Credential Collector Webgate 11g with Oracle Traffic Director Server

Pre-requisites:

  1. OTD is installed & is in running state.
  2. Origin Server like OHS is configured in origin server pool settings.
  3. WebGate 11g is configured with OTD - you are able to execute ECC Scenario (this step is just to verify that setup is done properly).

This chapter is divided into :

  • Configure OHS Server (here we have used OHS server as origin server with OTD)
  • Creating DCC Webgate Profile in OAM Server
  • Accessing OTD Protected resource.


Quickly i will show you the OTD Admin Console & Config done on it:







Let's begin the configuration process:


1) In order to enable DCC configuration in OTD, we need the resources used by DCC like login.pl, logout.pl etc present at OHS Server.

  • Now the question arises why at OHS not at OTD? Because in OTD we have to rely on origin server to provide the resources.
  • Now second question - from where we will get the resources. It is simple to answer. You can get these resources from OTD webgate installed directory.
bash$> ls /scratch/ckukreja/oracle/product/11.1.1/as_all/webgate/iplanet/oamsso*




  • So simply copy these 2 folder in OHS server instance directory:
    • Copy the oamsso-bin folder:

bash$> cp -rf /scratch/ckukreja/oracle/product/11.1.1/as_all/webgate/iplanet/oamsso-bin /Middleware_Home/Oracle_WT1/instances/<instance-name>/config/OHS/ohs1/oamsso-bin/
    • Copy the oamsso folder under htdocs directory:
bash$> cp -rf /scratch/ckukreja/oracle/product/11.1.1/as_all/webgate/iplanet/oamsso /Middleware_Home/Oracle_WT1/instances/<instance-name>/config/OHS/ohs1/htdocs/oamsso/ 
  • Ok, we have the resources with us. Now it is required to config the OHS httpd.conf file.

This is what we have added:
1) 
 ScriptAlias /oamsso-bin/ "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/oamsso-bin/"
    Alias /oamsso/ "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/htdocs/oamsso/"

2) 
<Directory "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/oamsso-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

  • Done.. We need to check whether we are able to access the resource. So how we will do this. Simple man - start the ohs server & access the resource.
bash$> cd /Middleware_Home/Oracle_WT1/instances/instance1/bin
bash$> ./opmnctl startall
Server started.....
    • Access the resource hit the url- http://<host:port>/oamsso-bin/login.pl

You will be able to see the login.pl resource.

2) We are done with OHS settings, now proceed to create a DCC webgate profile at OAM Server. to do this follow: Configure DCC Webgate Profile

  • Copy the created artifacts to the OTD Webgate instance directory.
bash$>cp /Middlware_Home/user_projects/domains/base_domain/output/dcc-9090/* /scratch/ckukreja/oracle/product/11.1.1.7.0/trafficdirector_Home_1/otd_instance/dcc-inst/config/

Note: My otd webgate instance is present in the otd installed directory itself. May be your directory structure might be different than mine. So no need to worry.


3) Now restart the OTD Instance:

bash$> cd /scratch/ckukreja/oracle/product/11.1.1.7.0/trafficdirector_Home_1/instances/bin/net-otd/
bash$> ./stopserv
Server Stopped....

bash$> ./startserv
Server Started....

You can restart/start/stop the otd instance from OTD Admin Console as well......

4) Access a protected resource like /index.html:
hostname - clk-host.us.com
OTD insatnce port - 9090
resource - index.html

http://clk-host.us.com:9090/index.html



Congrats you have done it.....!!!!!!

Enjoy :-)

Tuesday, 6 January 2015

Retrieve the Global Passphrase for Simple Mode

Understanding the Global Passphrase Funda:


When you install the OAM Server 11g R2PS2 a default global passphrase is set. This global passphrase is actually used for SIMPLE MODE Communication. Webgate use this global passphrase while performing handshake with OAM Server.

But you need to set this global passphrase explicitly while you are changing the SERVER Mode to Simple Mode. Otherwise you will get exceptions at webgate & server side both (Oracle AccessGateAPI not initialized)

Note: To configure Simple Mode follow Configure Simple Mode Communication


Retrieving Global Passphrase Password:


1) Goto to your Middleware Home:

bash$> cd /scratch/ckukreja/R2PS3/Middleware/

2) Goto Oracle_IDM directory:

bash$> cd Oracle_IDM1

  • Change directory to common/bin under IDM parent folder
bash$> cd common/bin
bash$> ls
/scratch/ckukreja/R2PS3/Middleware/Oracle_IDM1/common/bin/

3) Now we need to execute wlst script

bash$> ./wlst.sh



  • Connect with the Weblogic Server 


  •  Execute domainRunTime() 


  •  Now we need to display the global passphrase, for this use the command - displaySimpleModeGlobalPassphrase()


Note: Here you are seeing password as 'Welcome1' because i have updated this password in Access Manager Settings in Server.


So now you are good to go...!!!!! You can use this password with your OAM Tester Tool and other purposes will also be fulfilled.



Enjoy :-)