More than just Identity & Access Management: OAM Webgate

Showing posts with label OAM Webgate. Show all posts

Friday, April 10, 2015

FIX: 'Warning: Page has Expired' In OAM-Protected Site After Clicking Back Button In Browser

Solution:

1. In Access System Console, edit the AccessGate settings for the WebGate.

2. Remove the 'no-cache' values from the CachePragmaHeader and CacheControlHeader fields.

3. Click Save.

4. Wait for up to 10 minutes for the WebGate to automatically refresh it's configuration or restart the webgate webserver for immediate refresh.

-- Siva Pokuri.

Sunday, November 9, 2014

How to install OAM IIS 11g R2 PS2 WebGate Installation on IIS 8.5

Environments:

Oracle Access Manager 11g R2 PS2(11.1.2.2.0)
IIS 8.5
Windows Server 2012 R2 64-bit

Steps:

1) Download IIS 11g R2 PS2 WebGate from Oracle E-Delivery Site.

2) Extract and navigate to Disk1 and run setup.exe as shown in the below screen shot.

3) Click Next

4) Click Next

5) Change the default installation if required

6) Click Install

7) Installation is completed

Now, Lets deploy web gate instance with the command as shown in the screen shot below.

A new web gate instance folder will be created and copies required files.

Now, Configure the web gate instance with IIS Web Site as shown in the below screen shot.

Check "webgate.ini" file for registered web gate instance.

Check "web.config" file as shown in the below screen shots

Now, Restart the IIS web server

Create New 11g WebGate Profile from OAM Admin Console and copy the "cwallet.sso" & "ObAccessClient.xml" from output folder to webgate instance "config" folder as shown in the below screen shot.

Now, test the application URL http://ssodev.pokuri.com:8888/hello.html

Hope this helps some one out there!!

-- Siva Pokuri

Saturday, July 5, 2014

Latest: New Feature in OAM 11g R2 PS2 WebGate specific Idle Timeout

In OAM 11g R2 PS2 you can configure WebGate specific Idle Timeouts.

By default "Session Idle Timeout" is set to "0".

-- Siva Pokuri.

Wednesday, April 2, 2014

Windows Native Authentication(WNA) configuration in Oracle Access Manager 11g R2 PS2

Agenda: Process to configure WNA Authentication in Oracle Access Manager 11GR2 PS2.

Process:

Create new service account in Active Directory domain controller. User should not have any password expiry.

Open the command prompt in AD machine and execute the below command to generate the keytab file.

"ktpass -princ HTTP/<oamHostName>@<adDomainName> -mapuser <adDomain>\<username> -pass <userPassword> -out <path>"

Check the success message as shown in the below screen shot.

Open the user account in AD and click on the Account tab. Verify that principle name as shown in the below screen.

Copy the keytab file from AD machine to OAM machine.

Please verify the below screen for your reference.

Execute the klist command in OAM machine as shown in the below screen. Find the Syntax below.

"klist -k -t -K -e FILE:/<keytab file path>"

Execute the kinit command in OAM machine as shown in the below screen. Find the syntax below.

"kinit -V <Principle Name> -k -t <keytab file path>"

Execute the klist command in OAM machine as shown in the below screen.

Login to the access manager admin console.
Navigate to Authentication modules > Kerberos
Provide the required parameters as shown below.

Create new data store for AD in OAM.

Create Authentication policy with Kerberos schema.

For your reference verify the Kerberos authentication schema as shown in the below screen.

NTLM Changes.
Login to the server and navigate to the directory /<weblogic_domain>/config/fmwconfig/
Modify the NTLM Response from DEFAULT to BASIC.

Restart the Weblogic Admin server and OAM Managed server.

Testing:

Login to the AD Domain machine.
Open command prompt and execute command "klist" to check the kerberos tokens are generated or not.

Open IE browser then open Internet options and navigate to Advanced tab. Scroll down and verify "Enable Integrated Windows Authentication" is selected.

Try to access the application which is protected by OAM Kerberos authentication.

-- Kiran Pokuri