Ever wondered what this "allowedaccessgatelist" parameter does or why it is their ....... Let's understand it.....
First of all what does Oracle doc tell you about this paramtere;
For example:
allowedAccessGateList=WebgateID1 WebgateID2
Where to configure it & how?
This parameter is applicable for Authn Scheme configured as user defined parameter.
- for 11g -> allowedAccessGateList=WebgateID1 WebgateID2
- for 10g -> allowedAccessGateList:WebgateID1 WebgateID2
The only difference is that '=' is used in 11g while ':' is used in 10g
What does it do if configured?
It ensures that the no other webgate profile can use the authn scheme other than configured in this parameter.
Like;
allowedAccessGateList=WebgateID1 WebgateID2
If while accessing the resource it is found that the webgate id profile mismatches with the one configured, what will happen?
User will not be able to access the resource even if the provided creds are correct.
Demo:
ECC & DCC : Call flow with allowedAccessGateList parameter defined in authn scheme;
Configuration Steps:
- Open /oamconsole
- I have created an auth scheme that i will use for ECC
- In user defined parameter define the allowedAccessGateList parameter with its value.
- I have already created DCC Authn Scheme that i will with for RWG protected resources.
- Goto ur ECC & RWG Profile in Application Domain;
- Assign the respective Authn Scheme in the Protected Resource Policy;
In the shown configuration, i have configured corrected webgate id in the allowedAccessGateList parameter;
In case their is a mismatch following errors are shown by ECC & RWG webgate when protected resource is accessed:
ECC:
RWG:
Hope it clears the funda.... !!!!
Enjoy :-)