Wednesday, August 12, 2015

OHS 11g Webgate for OAM 11gR2

Install Oracle HTTP Server 11g

Oracle HTTP Server is available as a webserver component in Oracle Web Tier. Download Oracle Web Tier 11g from Oracle.Create a non root user and extract the installer contents from the downloaded Oracle Web Tier zip file and execute runInstaller.


click NextIf you wish to install software updates enter your credentials


select the Install and Configure option and click Next

Be sure you have all the required prerequisites and then click Next.

Create a new Middleware home 

Enter your details to receive security updates.

Select Oracle HTTP Server


Specify Component Details 


Depending on your configuration, select the Auto Port Configuration option or the Specify Ports Using Configuration File 

Verify the installation summary and click Install





Installing Oracle HTTP Server 11g Webgate

Start the Installer by executing  ./runInstaller -jreLoc <WebTier_Home>/jdk


  Click Next to continue.





Specify the Middleware Home and Oracle Home locations.

Click Install to begin the installation.


Click Finish to dismiss the installer.


Post-Installation Steps


Move to the following directory under your Oracle Home for Webgate<Webgate_Home>/webgate/ohs/tools/deployWebGate and run the following command to copy the required  agent from the Webgate_Home directory to the Webgate Instance location.


For example,

-bash-4.1$ ./deployWebGateInstance.sh -w /u02/app/ssodxbstage/oracle/ohs3/instances/ohs_instance3/config/OHS/ohs3 -oh /u02/app/ssodxbstage/oracle/Oracle_OAMWebGate1

Copying files from WebGate Oracle Home to WebGate Instancedir

Run the following command to ensure that the LD_LIBRARY_PATH variable

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/u02/app/ssodxbstage/oracle/ohs3/lib
cd /u02/app/ssodxbstage/oracle/Oracle_OAMWebGate1/webgate/ohs/tools/setup/InstallTools

On the command line, run the following command to copy the apache_webgate.template from the Webgate_Home directory to the Webgate Instance location (renamed to webgate.conf) and update the httpd.conf file to add one line to include the name of webgate.conf

./EditHttpConf -w <Webgate_Instance_Directory> [-oh <Webgate_Oracle_Home>] [-o <output_file>]

-bash-4.1$ ./EditHttpConf -w /u02/app/ssodxbstage/oracle/ohs3/instances/ohs_instance3/config/OHS/ohs3 -oh /u02/app/ssodxbstage/oracle/Oracle_OAMWebGate1
The web server configuration file was successfully updated
/u02/app/ssodxbstage/oracle/ohs3/instances/ohs_instance3/config/OHS/ohs3/httpd.conf has been backed up as /u02/app/ssodxbstage/oracle/ohs3/instances/ohs_instance3/config/OHS/ohs3/httpd.conf.ORIG

Posted by at No comments:
Labels: , , ,

Tuesday, August 11, 2015

Configure SSO for multiple EBS instances

Often there used to be requirements in enterprises to configure SSO for multiple EBS instances  whether it be Dev, UAT, Prod instances or multiple production environments using the same access manager.In such cases mutiple instances can be secured using one application domain,SSO agent and webgate.

Adding Policies to an existing WebGate and Application Domain



Follow the steps below to add the required policies for additional Oracle E-Business Suite integration to an existing WebGate and Application Domain.

  •     Change directories to <RREG_Home>/input.
  •     Create a new file named EBS_OAM_PolicyUpdate.xml or use the existing to serve as a parameter file to the oamreg tool. Below is a sample.
 <?xml version="1.0" encoding="UTF-8"?>  
 <PolicyRegRequest>  
   <serverAddress>{protocol}://{oam_admin_server_host}:{oam_admin_server_port}</serverAddress>  
   <hostIdentifier>{Identifier for your existing WebGate}</hostIdentifier>  
   <applicationDomainName>{Identifier for your existing WebGate}</applicationDomainName>  
 </PolicyRegRequest>

      

  • Replace {protocol} with either http, or https if the component has been SSL enabled.
  • Replace {oam_admin_server_host} with the fully qualified name for your OAM host.
  • Replace {oam_admin_server_port} with the weblogic administration server port (the SSL port if the Admin Server has been SSL enabled).
  • Replace {Identifier for your existing WebGate} within both the <hostIdentifier> and <applicationDomainName> elements with the Identifier for your existing WebGate.

Create a new file named ebs.oam.conf to serve as URIs file to the oamreg tool.Change directories to <RREG_Home> and run the following command to add the new policies.


     ./bin/oamreg.sh policyUpdate input/EBS_OAM_PolicyUpdate.xml

When prompted for the admin username and password, enter the credentials for your Oracle Access Manager Administrator, by default user "web logic".

When prompted "Do you want to import an URIs file?(y/n)", enter "y".

Enter the full path for the URIs file that you just created as <RREG_Home>/input/ebs.oam.conf.

The script should complete successfully with a Request summary. Login to the OAM console and check if the URIs are added for the new instance.

Configuring Access gate for multiple EBS Instances


The access gate can be deployed on dedicated managed server as eag_server1 protecting ebs_instance1, eag_server2 protecting ebs_instance2 or can be done on the same weblogic server with different context root.A unique name need to be  used for each application deployment.For example: ebsauth_myEBS1, ebsauth_myEBS2.Also the deployment for each Oracle E-Business Suite environment is performed from a separate file system directory.For example: <MW_HOME>/appsutil/accessgate/ebsauth_myEBS1,<MW_HOME>/appsutil/accessgate/ebsauth_myEBS2.Each Oracle E-Business Suite AccessGate application is tied to a single Apps DataSource configuration during deployment.

 Below entry is required on the OHS with the webgate for redirecting to the corresponding access gate.

   <Location /ebsauth_myEBS1>  
    SetHandler weblogic-handler  
    WebLogicHost eaghost.example.com  
    WebLogicPort 8099  
   </Location>  
   <Location /ebsauth_myEBS2>  
    SetHandler weblogic-handler  
    WebLogicHost eaghost.example.com  
    WebLogicPort 8099  
   </Location>


Cleanup for Logout from Oracle E-Business Suite



On the WebTier, locate the file oacleanup.html that you copied during Oracle E-Business Suite AccessGate installation to the /public subdirectory on your htdocs root directory.For example $ORACLE_INSTANCE/config/OHS/ohs1/htdocs/public/oacleanup.html

Edit the file and replace CONTEXT_ROOT with the value of the context root for any deployment of Oracle E-Business Suite AccessGate protected by this WebGate. For example:

<script type="text/javascript" src='/ebsauth_myEBS/ssologout_callback?mode=cleanup'></script>

Search for the following line and add a callback for each additional logout callback.

 function doLoad()  
 {  
 logoutHandler.addCallback('/ebsauth_myEBS/ssologout_callback');  
 logoutHandler.addCallback('http://webgatehost2.example.com:7780/ebsauth_myEBS2/ssologout_callback');
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)