OAM - Deny if not protected Flag impact on webgate 10g and 11g

Ever wondered what does 'Deny if not protected 'flag signifies?

This flag is present in webgate profile, by default when you create a profile 10g or 11g, it is 'ON' or 'Checked'.

To whom does it impact?

Basically the significance of this flag is only for 10g webgate profiles. It has no impact on 11g webgates.

What impact does this flag has?

If this flag is set 'ON', than any resource which you are accessing & has no policy defined in OAM, than you will get 404 error. And the reason for this is 'Resource Access Denied'.

As in case of 10g you will face this problem, if this flag is set 'ON'.

Why this flag has no impact on 11g webgate?

The reason for this is: In case of 11g webgate by default access is denied for any resource whose policy is not defined in OAM.

If you want access for such resources than you have an option to make an unprotected/excluded resource type.

Enjoy :-)

WebLogic server Error: Could not obtain an exclusive lock for directory.

Steps to make your  OAM Admin Server Start:

1.  Shutdown the Admin Server.
2.  Delete the lok file from <domain-home>/servers/<server-name>/tmp/.

      AdminServer.lok
3.  Now start the Admin Server.
4.  If the server still fails to start then we need to kill the the process which    is still running on the server 

      using following commands.

ps -ef | grep 'weblogic'

kill -9 PID

4.    Now start again the Admin Server.

Weblogic Server Error: "unable to get file lock, will retry ..."

<BEA-141281> <unable to get file lock, will retry ...> 

In case you see above error while starting the Weblogic Admin Server, do the following:

1. Remove the AdminServer.lok file from <MW_Home>\user_projects\domins\base_domain\servers\AdminServer\tmp
2. Manually start the weblogic form <MW_HOME>\user_projects\domains\base_domain\server\bin

Enjoy :-)

Configure Logout URL for Webgate 10g in OAM11G Server

Let's configure logout url for Webgate 10g interacting with OAM11G server:

To let the user logout properly in Webgate 10g, it is required to do a little bit of configuration so as to have a centralized logout.

The complete URL that needs to be triggered have 2 parts - URL + QueryString
 Syntax: hostname:port?end_url=<redirect_url>

Steps to do:

1) Configure logout url on OAM11g server Webgate Profile:

 

2) Now you need to check that logout.html page exists in your Webgate Install Dir:
    a) Go to <Webgate Inst Dir>/access/oamsso/ directory
    b) Check if logout.html page is present. If not than copy the logout.html page here.
        b.1) You can get this page from the directory where your 10g webgate artifacts are generated.

3) Make sure you have the "/oamsso" entry check in your httpd.conf file.
    a) Goto your Web server instance directory -> <Webserver instance dir>/config/OHS/ohs1
    b) Open httpd.conf file
    c) Check the entry for 'oamsso'.

       It should look like:

       #*******Default Login page alias***
      <LocationMatch "/oamsso/*">
      Satisfy any
      </LocationMatch>

4) Now you are good to go. But remember your "end_url" is the redirect URL where you want to redirect once you are logout.

5) Cool, now access the resource. Hit the logout URL having end_url in querystring.

6) Once your are logout properly, you will see the success page.

7) To be sure shot, now again access the resource. You will be challenged for credentials again.


For more info: References
http://docs.oracle.com/cd/E17904_01/doc.1111/e15478/webgate.htm#CACBFHDC


Enjoy... :-)