Showing posts with label OAM 11G. Show all posts
Showing posts with label OAM 11G. Show all posts

Monday 1 December 2014

[OAM]: Configuring pre authentication Advance Rules

Configuring pre authentication Advance Rules:

Pre-Requisites:
  • OAM Managed & Admin Server are up & running.
  • You have already created the 'Webgate Profile' & the artifacts are placed in the webgate instance directory. 

1) Log in to OAM Console: http://<host:port>/oamconsole



2) Go to 'Application Domain' & select the webgate profile that you have created. Like in our case i am using 'dcc-7778'.



3) Select 'Authentication Policies' tab:

  • Open 'Protected Resources':

4) Now we need to select the 'Advanced Rules' tab: 


  • Let's create a pre-authenticate rule: Click the '+' sign
  • Fill the fields:
    • Rule Name - Provide the rule name.
    • Condition - This will be a condition which needs to be configured using Jython Script style.
    • Switch Authentication Scheme - If condition is true, than we will switch the Authentication Scheme.
    • Deny Access - If this flag is true, than no need to configure 'Switch Authentication Scheme'.
    • Click 'Add' to add the rule.
    • Apply the changes.

5) The rule that we have created above states that if User IP Address starts with '10.' than switch the configured Authentication Scheme from the one we have configured to 'Basic Scheme'.

6) Now we are good to test the changes done. Let's hit the request, it should ask for credentials but as per 'Basic Scheme'

http://<host:port>/index.html


Note: The Client IP Address here starts with '10.' 

Reference: https://docs.oracle.com/cd/E52734_01/oam/AIAAG/GUID-1E9A2B43-140C-4A85-8DEA-521CE3F57B12.htm#AIAAG88930

Hurray.... we are done... congrats... :-)

Enjoy :-)
Posted by at No comments:
Labels: , , , , ,

Tuesday 25 November 2014

[Weblogic]: How to Deploy a Web App on OAM Weblogic Console

This post is divided into 3 sections:

1) Create a web-app.
2) Deploy it on the managed server.
3) Accessing the web-app.

Let's Start:

1) Create an web-app: For this i have an already created web-app, which contains a headers.jsp page.

  • headers.jsp - This page will be used to display all the HTTP Headers that are set by the OAM-Weblogic.

2) Deploy web-app:


  • Login to weblogic server: http://<host:port>/console

  • Once you gets logged in, select 'Deployment' option under Domain Structure.


Note: Before you move to next step, copy the web-app folder to the domain directory i.e.

 Copy to this path: <MiddlewareHome>/user_projects/domains/<your_domain_name>/
  • Click 'install' button: This will lead you to deployment process.



  • Now select your app folder

  • Select the folder like here it is showing 'source' as it contains the app:


          Press Next....

Note
    • Here the 'source' folder has the web app pages, thus when we need to actually access these resources from the browser. We will fire the request as:
         http://<host:port>/source/Login.jsp
    • Thus in case if your folder name is something else, than you will access it from that name only.
         Syntax: http://host:port/<webapp folder name>/<resource name>
  • On next page: nothing needs to be change as of now, keep on selecting the default option. Just press next.



  • Available Targets: Select 'oam_server1' or you can also deploy it on Admin Server and press Next.


  • General Assistance: This will show you the selected options, here you just need to press Next.

Note: One thing that you need to make a note of is the deployment name. Because in future if you need to update the app, you need the name.

  • Finish: Click 'Finish' & it will deploy the app.


Note: Click the 'Activate Changes' button on the top left, this will apply the changes & no restart is required.

3) Accessing the web-app

  • We need to make changes in mod_wl_ohs.conf file, & we need to front end the deployed app.


        Note: Here i have front ended the app with OHS. 

    • '/source' is the app folder that we have chosen while deploying.
    • Mention the host name - this will be the host on which you have installed the OHS.
    • Mention the Port - this will be the port on which managed server is listening.
    • Save the changes.
    • Restart the OHS server.
  • Open the browser, fire the url - http://<host:port>/source/headers.jsp
  • It will redirect you to credential collector page. Provide the credentials.
  • And you will get the 'headers.jsp' resource.

  • Now you can even try to access other resources present on your OHS Server i.e. you have placed in htdocs folder. Like:
         http;//<host:port>/index.html

  • You will not be asked for the credentials again, as you have already logged in & your OAMAUthnCookie & OAM_ID cookies are present with your browser.
Enjoy :-)

Posted by at No comments:
Labels: , , , , , , , , ,

Enable Debug Logs for OAM Server from Weblogic Console

Enabling Debug logs:

Let's start the process:

 1) Log in to weblogic console: httpd://<host:port>/console


2) Select Environment option under Domain Structure:


  • Select Servers option:
3) Select oam_server1: As we need to enable the debug log for a specific component.


  • Select 'Debug' tab
4) Select the 'weblogic' & expand its view.


5) Select the component/s for which you want to enable the logging.


  • Click 'Enable' to apply changes.


 Note:

  • Remember, it is possible that you might require to first select "Lock & Edit" option on top left of the screen. And than you need to "Activate Changes". So that it starts reflecting.
 
6) Now for the selected component you will start getting logging trace. You can view the logs for the same under:
  • Log File Path: <Middleware_Home>/user_projects/domains/<domain_name>/servers/oam_server1/logs/


  • File Name:


    1. oam_server1.log
    2. oam_server1-diagnostic.log


 You are good to go.... Enjoy Debugging.....
Enjoy:-)

Posted by at No comments:
Labels: , , , , , , , ,

Monday 27 October 2014

Exception: "Oracle AccessGate API is not initialized"

Problem Statement:


 Following exception is seen while starting the OHS Server (which has webgate.so included):

 "Exception thrown during WebGate initialization"
"Oracle AccessGate API is not initialized"

Issue:


 This is surely a configuration related issue. Remember always first doubt the configuration and than the component. That's the thumb rule.

Solution:


 1) Usually when we use security mode other than Open i.e. either Simple or Cert mode. We get this type of exception.

 Now the question arises why?

 Basically there are some steps that we follow to change the security mode.

 Like for Simple Mode: http://oracleoam.blogspot.com/2014/08/configure-simple-mode-communication-for.html
  • Here say if we don't provide the Global Passphrase Password. And we just apply the rest of the changes. So when we try to start OHS Server or any server using the webgate component. It will throw these exception.
Note: 
  1. Here if you don't provide any password for global passphrase, you still see the field as non-empty but that value is junk. And it needs to be provided a valid password, which could be any. But you have to provide it.
  2. Basically while doing the SSL handshake with the OAM Server this password is passed with other values. That's why it is important to provide one.


Enjoy :-)
Posted by at No comments:
Labels: , , , , , , , ,

Thursday 2 October 2014

Creating an Oracle HTTP Server Instance

Let's Start the process.....


1) Go to the OHS Installed Directory.....

     bash$> cd $OHS_HOME


2) Move to opmn -> bin folder

     bash$> pwd
     bash$> /scratch/ckukreja/OHS/Oracle_WT1/
     bash$> cd opmn/bin


3) Now we will first create instance using the opmnctl executable.

 bash$> ./opmnctl createinstance -oracleInstance /scratch/ckukreja/OHS/Oracle_WT1/instances/my_inst    -adminRegistration OFF

  Creating Oracle Instance directories...Done
 Recording OPMN ports reservations...Done
 Bootstrapping OPMN configuration files...Done
 Instantiating opmnctl for direct usage...Done
 Skipping instance registration
 Command succeeded.

 Note: Here we have created a new instance name 'newInstance'. Also we have 'OFF' the 
         adminRegistration.

 bash$> ls  /scratch/ckukreja/OHS/Oracle_WT1/instances/my_inst
auditlogs  bin  config  diagnostics  tmp
4) We have successfully created the instance, now it's time to create OHS Component.

  bash$> ./opmnctl createcomponent -componentType OHS -componentName myohs -oracleInstance 
                /scratch/ckukreja/OHS/Oracle_WT1/instances/my_inst

  Creating empty component directories...Done
 Provisioning OHS files for myohs
 Copying OHS files from ORACLE_HOME to ORACLE_INSTANCE locations
 Customizing httpd.conf
 Adding component's process control to OPMN...Done
 Skipping myohs component registration.
 Command succeeded.

 Note: We have created 'myohs' OHS component with our instance 'my_inst'.

 bash$> ls  /scratch/ckukreja/OHS/Oracle_WT1/instances/my_inst
auditlogs  bin  config  diagnostics  OHS  tmp
5) Now its time to start the OHS.

 bash$> cd /scratch/ckukreja/OHS/Oracle_WT1/instances/my_inst/bin
bash$> ./opmnctl startall

 bash$> ./opmnctl status
Processes in Instance: my_inst
 ---------------------------------+--------------------+---------+---------
 ias-component                    | process-type       |     pid | status
 ---------------------------------+--------------------+---------+---------
 myohs                           | OHS                |    7777 | Alive


We are done with the OHS Instance creation process...........!!!!!!!!!!!!!!!!
Enjoy :-)

Posted by at No comments:
Labels: , , , , , , , , ,

Friday 26 September 2014

Install & Configure Apache 2.2 (64bit) on AIX Machine

Install Apache 2.2 (64bit) on AIX Machine:

Follow the steps:

  1. To install apache22, we need the source code & requires to build it. This will generate the binaries.
  2. Download the source code from http://httpd.apache.org/download.cgi#apache22 to your AIX64 box.
  3. Now we need to export setting, that is per-requisties before we start the build process:
    1.  export OBJECT_MODE=64
     4. Untar the source zip. Change the directory to unzipped folder
     
     5. Execute the configure script present in the folder as follows:

 LDFLAGS="-maix64" LD=gcc CFLAGS="-maix64" ./configure --prefix=/scratch/anikukum/chalja --enable-so --with-included-apr

 Note:
  • Here we are using  'gcc' as complier, you can use other like 'xlc' etc.
  • The flags CFLAGS & LDFLAGS are ensuring the 64 bit compilation to be done.
  • --with-included-apr <this ensures that the APR, APR-Util library will be included>
  • --prefix <here you need to provide the path where you want to install the apache22>
     6. Compile & install.
  • make - it will compile the source code
  • make install - this will install the binaries & other files at the location provided in 'prefix'.
     7. Now go to the directory where you have install apache22
  • Move to bin folder and execute the 'file' command on httpd executable file.
  • 'file httpd' - It's output will show you the type of file is it. Here it should show 64bit, if not than you have missed some step.

Configure Apache22 on AIX:

 As you have installed the apache22 on your AIX Machine. Now it is required to configure it before we run the server.
  1. Go to the apache22 installation directory. Move to conf folder.
  2. Open httpd.conf file to edit it.
  • Change the port from '80' to the one you want. Like we use '8889'.
  • By default username & group are configured as 'daemon'. Change them to the one you are logged in.
  • Save the changes & close the file.
      3. Now come out of the conf folder & change your directory to bin folder.
      4. Execute the apachetl exe file. It will start the httpd server process.
  • ./apachetl -k  start

Verify the installation & configuration:

Try to access the default resource present on apache22 server like index.html.
Syntax: http://<hostname>:<port>/index.html
Eg: http://slc0010:8889/index.html



So guys you are done with the Installation & Configuration of APache22-64bit on your AIX Machine.


Enjoy :-)



 
Posted by at No comments:
Labels: , , , , , , , ,

Friday 5 September 2014

Configuring OAM11G R2PS2 for Impersonation Module (Integrated Mode)

Enabling Impersonation Module:

1)     Registering Impersonation Module

·         We need to register the impersonation module at Global level and so that other sites can configure it at their end.
·         Go to the Global site level, open Modules



·         Go to “Configure Native Module” (see at the top right corner)

·         Click Register.
                                     

o   Provide a name -> “OAMImpersonation” & path to the IISImpersonationModule.dll (present in webgate install directory).
o   Press OK
o   As you can see the Module is added to the list.


o   But beware don’t add this module at Global Level. We only need to register it here & we will be adding this per site level.

2)     Adding Impersonation Module at Site Level:

           ·         Go to your site -> Open Modules



       ·         Configure Native Module:
                                              



          ·         The moment we add the module, web.config of the site gets updated.
Extract from it:
Note: The above configuration is valid for the site running in Integrated Mode.
         ·         Thus now we have configured the IISImpersonationModule.dll with our site.
         ·         Restart the IIS Server.
         ·         Now we need to do some configuration at OAM Console end.


·         Open OAM Console ->
     1)      Adding Response Header in Authorization Policy
·         Go to Application Domain -> Open WebGate Profile -> Authorization Policy -> Protected Policy
Note- It is not mandate to use ‘Protected Policy’, we are using because we have explicitly not specified the Policy.



·         Open Responses Tab (in authorization policy) & add a new response field.

Note: The header field name should be “IMPERSONATE” and value “$user.userid”.
·         Add the Response Header & Apply the changes.

·         Now at User defined parameter in Webgate Profile:

MSImpersonationCredential=clk:Welcome1

Remember: This user defined parameter contains username & password, this should be an admin user. Because an admin user has the rights to perform impersonation.
·         Apply the changes.

3)     Performing Impersonation:


       1)      Deploy the ASP.NET application in your created site.
       2)      Impersonation feature is activated.
       3)      Now we will access the resource /WebApp/default.aspx. <we have created a sample app>

o   Provide login credentials – try using some other user login rather than using admin login.

o   Before you sign in to the system, Open Event Viewer -> Under Windows Logs -> Click Security
o   Now do the login, after user authn & authz checks, user is provided the resource access.

Note: This is a sample app created.
·         Now to check whether user is impersonated or not.
For this we check the system security event logs, to see that user ‘test’ is impersonated by the admin user ‘clk’.
As we have already opened the event log viewer, now see we have an entry ‘Credential Validation’ entry log.

It shows that system is authenticating the user with credentials of the admin user ‘clk’ that we have provided in the user defined parameters.

o   Now Click ‘Log on’ event log above the ‘Credential Validation’ Log. It shows that the system has authenticated the user with ‘clk’. Thus it proves that user ‘test’ has logged in to the system with the credentials of ‘clk’ thus it is impersonated.




Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)