Showing posts with label Resource Webgate. Show all posts
Showing posts with label Resource Webgate. Show all posts

Thursday, 11 December 2014

Configuring DCC Webgate 11g with IIS7.5 on Windows 2008 R2

 Pre-requisites:

  1. IIS Server Role is already added: In case not follow Configure IIS Server Role
  2. IIS Site is created: 
    1. IIS Site Global Configuration IIS
    2. New Site Creation
  3. IIS R2PS2 Webgate is installed & configured with the IIS Sites: Configure IIS R2PS2 Webgate 11g

Let's start the process:

  • Open OAM Console : http://host:port/oamconsole
  •  Create Webgate Agent Profile:
    • We need to create 2 profiles: One is the resource webgate profile & other is DCC webgate profile.
  •  Create Resource Webgate Profile: rwg-9090
Note: I have configured my OAM Server in Simple Mode, that's why security mode is chosen as 'simple'.
  • Create DCC Webgate Profile: dcc-9091
Note: Once you have created  the profile, to make it DCC we need to tick the detached credential collector flag.
    • Once done the change, click apply to reflect the changes.
  •  Now we need to add resources to with the DCC profile just created:
    • We need to add a few excluded resources, so that no authentication/authorization is made for them.
    •  Select the dcc-9091 profile:
    •  Let's create excluded resource:

    •  We have created following excluded resources:
      • /favicon.ico
      • /oamsso-bin/login.pl
      • /oamsso/** - Note this is an additional resource to be excluded as for IIS this needs to be excluded. Other wise for other servers it is not required.
  •  Now we need to create a DCC Authentication Scheme: This scheme will be used by resource webgate & dcc webgate both.



  • Now we need to attach the both created authn scheme with the profiles:





  •  You can see that i have created 2 IIS sites & webgate is already configured with both of them.
  • Now copy the artifacts to the webgate instance directory in the respective resource & dcc webgate sites.
    • In our setup: we have rwg-9090 for resource webgate & dcc-9091 for dcc webgate.
  • Once done, restart the IIS Server: using the command 'iisreset'. 
  • Now access the protected resource webgate url:
          http://host:9090/welcome.html
    • Did you noticed you get this login page, having url as http://host:9091/oamsso-bin/login.pl
    • This is the challenge url that we have mentioned in the dcc authn scheme.
    • With DCC webgate in picture, the oam server ip port is mot visible to the end user, that's why it is a detached credential collector. It has detached the credential collection process from the OAM Server.
    • Now it is the DCC which creates OAP/NAP connections with OAM Server.


This end's the DCC Webgate Configuration with IIS 7.5/8.5 on Windows 2008 R2.

Enjoy :-)