Showing posts with label TunneledUrls. Show all posts
Showing posts with label TunneledUrls. Show all posts

Tuesday 20 October 2015

OAM - Webgate NAP Tunneling in OTD (R2PS2, R2PS3 & 12C)

As of now we all are aware how to tunnel a request to OAM through webgate, also we have covered this in Webgate NAP Tunneling.

But there is a catch or you can say you need to do one more step to enable NAP Tunneling when using OTD (Oracle Traffic Director) Server.

I am assuming you have followed all the steps that are mentioned in Webgate NAP Tunneling post. At the very last you need to perform one more step i.e. only for OTD;

  1. To enable NAP Tunneling in OTD, one needs to uncomment a line mentioned in
    <instance_name>-obj.conf file which is as follows;

    #Uncomment the below line  and  configure "from" paramater for enable
    tunneling.  The value of from parameter would be the tunneled URLS
    #NameTrans fn="pfx2dir" from="/oam" dir="/webgate/otd/lib"
    name="webgate_response"

    Above line need to be uncommented, to make nap tunneling enable.
    After doing above change one needs to restart the OTD instance.

    Note
    1. This configuration change, to enable NAP Tunneling, is their since
      R2PS2(with a BP Patch),R2PS3 which is the same carried forward to latest release i.e. 12c as well..
    2. In the change suggested above you will find the tunneled urls, that you need to provide here by default it is /oam. But it might be possible you want to tunnel /oamfed as well.. or any other. So all the tunneled urls are to be provided here as well.


 Enjoy :-)
Posted by at No comments:
Labels: , , , , , , , , ,

Friday 27 February 2015

OAM 11g - Webgate NAP Tunneling

 

What is NAP Tunneling?

NAP or OAP is the protocol that is used for communication mechanism between OAM Server & Webgate.
Webgate relies on this channel for communication with the server. This channel is webgate initiated i.e. the request is made by webgate via this NAP channel & server sends the response on this NAP itself.

Now what this tunneling is meant for? It is basically a mechanism via which one can access the resource that is actually deployed at the OAM Server.

So what does that mean by accessing a resource?
Ok, take an example. I want to use an app, which is actually deployed at the OAM Server. But as we know that resources are something which are placed in some resource server.
And to use this app i can't directly hit the resource url because it is not accessible directly.

Thus with webgate r2ps2, a new feature is added i.e. NAP Tunneling. With this we can actually configured the urls that need to be tunneled, like tunneled the request only when the requested url has '/oam' in the url. So by this webgate sends this tunnel request to the server, which in turn sends the resource to the webgate & it is the responsibility of the webgate to parse the response & redirect it back to the user's browser.

How to configure/enable NAP Tunneling Feature in OAM?

1) Define a user-defined parameter in the Webgate Artifact i.e.

     TunneledUrls=<url_path> (relative path not absolute)

Like - I want to tunnel all the request that has '/oam' or '/oamfed' or '/sample'

     TunneledUrls=/oam, /oamfed, /sample

2) The Urls path that we want to tunnel, they must use public resource policy both for authentication & authorization.


3) Make sure that the parameter "DirectAuthenticationServiceDescriptor" in oam-config.xml is set to true.


Note: This oam-config.xml file is placed at <Middleware_Home>/user_projects/domains/<domain_name>/config/fmwconfig/oam-config.xml



The above 3 steps are required for enabling tunneling for ECC. But in case you want to enable tunneling in DCC, than you need to perform few more steps;
 
Following post shows DCC NAP TUNNELING.


Enjoy :-)
Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)