Configuring DCC Webgate 11g with IIS7.5 on Windows 2008 R2

 Pre-requisites:

1. IIS Server Role is already added: In case not follow Configure IIS Server Role
2. IIS Site is created: 
1. IIS Site Global Configuration IIS
2. New Site Creation
3. IIS R2PS2 Webgate is installed & configured with the IIS Sites: Configure IIS R2PS2 Webgate 11g

Let's start the process:

• Open OAM Console : http://host:port/oamconsole

•  Create Webgate Agent Profile:
• We need to create 2 profiles: One is the resource webgate profile & other is DCC webgate profile.

•  Create Resource Webgate Profile: rwg-9090

Note: I have configured my OAM Server in Simple Mode, that's why security mode is chosen as 'simple'.

• Create DCC Webgate Profile: dcc-9091

Note: Once you have created  the profile, to make it DCC we need to tick the detached credential collector flag.

• Once done the change, click apply to reflect the changes.

•  Now we need to add resources to with the DCC profile just created:
• We need to add a few excluded resources, so that no authentication/authorization is made for them.

•  Select the dcc-9091 profile:

•  Let's create excluded resource:

•  We have created following excluded resources:
• /favicon.ico
• /oamsso-bin/login.pl
• /oamsso/** - Note this is an additional resource to be excluded as for IIS this needs to be excluded. Other wise for other servers it is not required.

•  Now we need to create a DCC Authentication Scheme: This scheme will be used by resource webgate & dcc webgate both.

• Now we need to attach the both created authn scheme with the profiles:

•  You can see that i have created 2 IIS sites & webgate is already configured with both of them.

• Now copy the artifacts to the webgate instance directory in the respective resource & dcc webgate sites.
• In our setup: we have rwg-9090 for resource webgate & dcc-9091 for dcc webgate.

• Once done, restart the IIS Server: using the command 'iisreset'. 
• Now access the protected resource webgate url:

          http://host:9090/welcome.html

• Did you noticed you get this login page, having url as http://host:9091/oamsso-bin/login.pl
• This is the challenge url that we have mentioned in the dcc authn scheme.
• With DCC webgate in picture, the oam server ip port is mot visible to the end user, that's why it is a detached credential collector. It has detached the credential collection process from the OAM Server.
• Now it is the DCC which creates OAP/NAP connections with OAM Server.

This end's the DCC Webgate Configuration with IIS 7.5/8.5 on Windows 2008 R2.

Enjoy :-)

Creating User in Oracle Internet Directory(OID)

Follow below steps to create a new user in OID:

1) Log in to weblogic console & check whether ODSM (Oracle Directory Server Management) console is up & running:

    http://<host:port>/console

    Note: The console for ODSM is 'wls_ods1' in my setup & running on port 7005.

2) Now log in to the ODSM Console - http://<host:7005>/ODSM

     Note: This setup is a freshly created, so we need to create a connection first.


3) Create a User Connection:

• Provide the details such as hostname, password etc.

4) New connection is created:

5) Choose Data Browser Option:

•  Expand the tree dc=com

•  Double Click the user cn=orcladmin

6) Now we need to create a user: Here i have selected the option 'Create a new entry like this one'

7) Complete the process for new user creation:

• Choose 'Next' on first page:

•  Provide 'cn' entry name & choose the relative distinguished name as 'cn'

•  On Optional Properties page, i have provided the new user password. Although this is a non-mandatory field.

•  Choose 'Finish' to complete the process.

•  New user is created.... Hurrahhhhh !!!!!!

Enjoy :-)