[Weblogic]: How to Deploy a Web App on OAM Weblogic Console

This post is divided into 3 sections:

1) Create a web-app.

2) Deploy it on the managed server.

3) Accessing the web-app.

Let's Start:

1) Create an web-app: For this i have an already created web-app, which contains a headers.jsp page.

• headers.jsp - This page will be used to display all the HTTP Headers that are set by the OAM-Weblogic.

2) Deploy web-app:

• Login to weblogic server: http://<host:port>/console

• Once you gets logged in, select 'Deployment' option under Domain Structure.

Note: Before you move to next step, copy the web-app folder to the domain directory i.e.

Copy to this path: <MiddlewareHome>/user_projects/domains/<your_domain_name>/

• Click 'install' button: This will lead you to deployment process.

• Now select your app folder

• Select the folder like here it is showing 'source' as it contains the app:

          Press Next....

Note: 

• Here the 'source' folder has the web app pages, thus when we need to actually access these resources from the browser. We will fire the request as:

         http://<host:port>/source/Login.jsp

• Thus in case if your folder name is something else, than you will access it from that name only.

         Syntax: http://host:port/<webapp folder name>/<resource name>

• On next page: nothing needs to be change as of now, keep on selecting the default option. Just press next.

• Available Targets: Select 'oam_server1' or you can also deploy it on Admin Server and press Next.

• General Assistance: This will show you the selected options, here you just need to press Next.

Note: One thing that you need to make a note of is the deployment name. Because in future if you need to update the app, you need the name.

• Finish: Click 'Finish' & it will deploy the app.

Note: Click the 'Activate Changes' button on the top left, this will apply the changes & no restart is required.

3) Accessing the web-app: 

• We need to make changes in mod_wl_ohs.conf file, & we need to front end the deployed app.

        Note: Here i have front ended the app with OHS. 

• '/source' is the app folder that we have chosen while deploying.
• Mention the host name - this will be the host on which you have installed the OHS.
• Mention the Port - this will be the port on which managed server is listening.
• Save the changes.
• Restart the OHS server.

• Open the browser, fire the url - http://<host:port>/source/headers.jsp
• It will redirect you to credential collector page. Provide the credentials.

• And you will get the 'headers.jsp' resource.

• Now you can even try to access other resources present on your OHS Server i.e. you have placed in htdocs folder. Like:

         http;//<host:port>/index.html

• You will not be asked for the credentials again, as you have already logged in & your OAMAUthnCookie & OAM_ID cookies are present with your browser.

Enjoy :-)

[Webgate]: Configure ProxyPassMatch Directive -> Required for Apache/OHS Internal Redirect Calls

Potential Problem :

When webgate identifies an error/exception (may be reported by OAM) , in this
case webgate fires an internal redirect request for "/oberr.cgi" & this
invokes an error handler.
This error handler is defined in the webgate.conf file.
<Location "/oberr.cgi">
SetHandler obwebgateerr
</Location>

But when the resource webgate is the proxy. In this case if webgate
identifies error/exception, it fires an internal redirect request. But the
error handler "obwebgateerr" is not invoked.

Potential Reason: 

When apache sends the internal redirect request in that case it sets "proxy-server" handler by itself.
Due to which the handler defined for "/oberr.cgi" is not set as already an
handler is set. This causes the request to be proxied to the backend server &
causes problem.

Solution:

It is required to set a "ProxyPassMatch" directive before the "ProxyPass"
directive in the conf file.
By setting this directive, it will not proxy for the "/oberr.cgi" request to
the backend server rather it will be served by the webgate itself.

Configuration to do:

1) Add the following directive in the conf file. Restart the Web Server:

ProxyPassMatch ^/oberr.cgi !

Syntax:
ProxyPassMatch [regex] !

The ! directive is useful in situations where you don't want to reverse-proxy.

Eg:

ProxyPassMatch ^/oberr.cgi !
ProxyPass / http://something.com/AuthenticationService/
ProxyPassReverse / http://something.com/AuthenticationService/


Enjoy :-)

Install & Configure Apache 2.2 (64bit) on AIX Machine

Install Apache 2.2 (64bit) on AIX Machine:

Follow the steps:

1. To install apache22, we need the source code & requires to build it. This will generate the binaries.
2. Download the source code from http://httpd.apache.org/download.cgi#apache22 to your AIX64 box.
3. Now we need to export setting, that is per-requisties before we start the build process:
1.  export OBJECT_MODE=64

     4. Untar the source zip. Change the directory to unzipped folder
     
     5. Execute the configure script present in the folder as follows:

LDFLAGS="-maix64" LD=gcc CFLAGS="-maix64" ./configure --prefix=/scratch/anikukum/chalja --enable-so --with-included-apr

 Note:

• Here we are using  'gcc' as complier, you can use other like 'xlc' etc.
• The flags CFLAGS & LDFLAGS are ensuring the 64 bit compilation to be done.
• --with-included-apr <this ensures that the APR, APR-Util library will be included>
• --prefix <here you need to provide the path where you want to install the apache22>

     6. Compile & install.

• make - it will compile the source code
• make install - this will install the binaries & other files at the location provided in 'prefix'.

     7. Now go to the directory where you have install apache22

• Move to bin folder and execute the 'file' command on httpd executable file.
• 'file httpd' - It's output will show you the type of file is it. Here it should show 64bit, if not than you have missed some step.

Configure Apache22 on AIX:

 As you have installed the apache22 on your AIX Machine. Now it is required to configure it before we run the server.

1. Go to the apache22 installation directory. Move to conf folder.
2. Open httpd.conf file to edit it.

• Change the port from '80' to the one you want. Like we use '8889'.
• By default username & group are configured as 'daemon'. Change them to the one you are logged in.
• Save the changes & close the file.

      3. Now come out of the conf folder & change your directory to bin folder.

      4. Execute the apachetl exe file. It will start the httpd server process.

• ./apachetl -k  start

Verify the installation & configuration:

Try to access the default resource present on apache22 server like index.html.

Syntax: http://<hostname>:<port>/index.html

Eg: http://slc0010:8889/index.html

So guys you are done with the Installation & Configuration of APache22-64bit on your AIX Machine.

Enjoy :-)



 

Installing and Configuring Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0)

Installing and configuring the latest version of Oracle Identity and Access Management 11g components involves the following steps:

• Obtaining the Oracle Fusion Middleware Software
• Database Requirements
• Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU)
• WebLogic Server and Middleware Home Requirements
• ** Installing Oracle SOA Suite (Oracle Identity Manager Users Only)
• Starting the Oracle Identity and Access Management Installer
• Installing Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0)
• Configuring Oracle Identity and Access Management (11.1.2.2.0) Products
• Upgrading OPSS Schema using Patch Set Assistant
• Configuring Database Security Store for an Oracle Identity and Access Management Domain
• Configuring Oracle Identity Manager Server, Design Console, and Remote Manager
• Starting the Servers

Note: ** If you are installing Oracle Identity Manager, you must install Oracle SOA Suite 11g Release 1 (11.1.1.7.0). Note that only Oracle Identity Manager requires Oracle SOA Suite. This step is required because Oracle Identity Manager uses process workflows in Oracle SOA Suite to manage request approvals.

Enjoy :-)

WebLogic server Error: Could not obtain an exclusive lock for directory.

Steps to make your  OAM Admin Server Start:

1.  Shutdown the Admin Server.
2.  Delete the lok file from <domain-home>/servers/<server-name>/tmp/.

      AdminServer.lok
3.  Now start the Admin Server.
4.  If the server still fails to start then we need to kill the the process which    is still running on the server 

      using following commands.

ps -ef | grep 'weblogic'

kill -9 PID

4.    Now start again the Admin Server.

Weblogic Server Error: "unable to get file lock, will retry ..."

<BEA-141281> <unable to get file lock, will retry ...> 

In case you see above error while starting the Weblogic Admin Server, do the following:

1. Remove the AdminServer.lok file from <MW_Home>\user_projects\domins\base_domain\servers\AdminServer\tmp
2. Manually start the weblogic form <MW_HOME>\user_projects\domains\base_domain\server\bin

Enjoy :-)

Configuring OAM11G R2PS2 for Impersonation Module (Integrated Mode)

Enabling Impersonation Module:

This post is part of series Enabling Impersonation Module in OAM11G R2PS2 IIS7.5

1)     Registering Impersonation Module

·         We need to register the impersonation module at Global level and so that other sites can configure it at their end.

·         Go to the Global site level, open Modules

·         Go to “Configure Native Module” (see at the top right corner)

·         Click Register.
                                     

o   Provide a name -> “OAMImpersonation” & path to the IISImpersonationModule.dll (present in webgate install directory).

o   Press OK

o   As you can see the Module is added to the list.

o   But beware don’t add this module at Global Level. We only need to register it here & we will be adding this per site level.

2)     Adding Impersonation Module at Site Level:

           ·         Go to your site -> Open Modules

      ·         Configure Native Module:

                                              

          ·         The moment we add the module, web.config of the site gets updated.

Extract from it:

Note: The above configuration is valid for the site running in Integrated Mode.

         ·         Thus now we have configured the IISImpersonationModule.dll with our site.

         ·         Restart the IIS Server.

         ·         Now we need to do some configuration at OAM Console end.

·         Open OAM Console ->

     1)      Adding Response Header in Authorization Policy

·         Go to Application Domain -> Open WebGate Profile -> Authorization Policy -> Protected Policy

Note- It is not mandate to use ‘Protected Policy’, we are using because we have explicitly not specified the Policy.

·         Open Responses Tab (in authorization policy) & add a new response field.

Note: The header field name should be “IMPERSONATE” and value “$user.userid”.

·         Add the Response Header & Apply the changes.

·         Now at User defined parameter in Webgate Profile:

MSImpersonationCredential=clk:Welcome1

Remember: This user defined parameter contains username & password, this should be an admin user. Because an admin user has the rights to perform impersonation.

·         Apply the changes.

3)     Performing Impersonation:

       1)      Deploy the ASP.NET application in your created site.

       2)      Impersonation feature is activated.

       3)      Now we will access the resource /WebApp/default.aspx. <we have created a sample app>

o   Provide login credentials – try using some other user login rather than using admin login.

o   Before you sign in to the system, Open Event Viewer -> Under Windows Logs -> Click Security

o   Now do the login, after user authn & authz checks, user is provided the resource access.

Note: This is a sample app created.

·         Now to check whether user is impersonated or not.

For this we check the system security event logs, to see that user ‘test’ is impersonated by the admin user ‘clk’.

As we have already opened the event log viewer, now see we have an entry ‘Credential Validation’ entry log.

It shows that system is authenticating the user with credentials of the admin user ‘clk’ that we have provided in the user defined parameters.

o   Now Click ‘Log on’ event log above the ‘Credential Validation’ Log. It shows that the system has authenticated the user with ‘clk’. Thus it proves that user ‘test’ has logged in to the system with the credentials of ‘clk’ thus it is impersonated.

Deploy OAM11g R2PS2 Webgate on IIS7.5 Windows 2008

Installing Webgate On IIS7.5 Windows Server 2008R2 

This post is part of series Enabling Impersonation Module in OAM11G R2PS2 IIS7.5

1)      Download the Webgate 11g R2PS2 for Windows.

2)      Extract the webgate.zip.

3)      Go to Disk1 folder present under webgate folder.

4)      Copy the path & open command prompt.

a.       Change your directory to the path copied above.

5)      Now execute the setup.exe followed by jre location

                  o   It will start the installation process.

6)      Now follow the steps:

  o   Press Next

       ·         Skip Software Updates

       ·         Perquisite Checks – Proceed Next

       ·         Installation Location: Provide the installation directory location.

       

         ·        Installation Summary: Proceed Next to start the Installation

       

         ·         Installation Started:

              

   

         ·         Installation Completed:

So we are done with the Webgate Installation... Now let's proceed to Configuration Phase.. :-)

Configure Webgate with IIS7.5 

1)      Go to the Webgate Home Directory ->

a.       It is the location where we have install the webgate.

 For Eg: Our WG Home Location

C:\oracle\product\11.1.1\as_3

b.      Go to the deployWebgate folder present under

C:\oracle\product\11.1.1\as_3\webgate\iis\tools\deployWebGate

c.       Execute deployWebGateInstance.bat script

You can see the arguments passed to the script (self-explanatory)

d.      Now we need to execute ConfigureIISWebGate.bat present under

C:\oracle\product\11.1.1\as_3\webgate\iis\tools\ConfigureIISConf

e.      Your site is now mapped with the webgate. To show this mapping. Go to your webgate home location -> lib folder -> open webgate.ini

            ·         Now we need to add artifacts to the webgate instance dir (config folder).

            ·         Restart the IIS Server.

Guys we are done with the Webgate deployment on Windows Server 2008 R2 on IIS7.5 Web Server....!!!!!


Enjoy :-)