15-16 Oracle Fusion Middleware Administrators Guide Figure 15–2 IPv6 with an Authenticating WebGate and Challenge Redirect As illustrated in Figure 15–2 , the IPv6 network communicates with the IPv6IPv4 proxy, which in turn communicates with the Oracle HTTP Server using IPv4. WebGate, Oracle Access Manager server, and Oracle WebLogic Server with the Identity Asserter all communicate with each other using IPV4. You should be able to access the application from a browser on the IPv4 network directly to the IPv4 server host name and have login with redirect to IPv6 myssohost.foo.com.

15.5.5.3 Considerations

The following considerations apply to each intended usage scenario: ■ IP validation does not work by default. To enable IP validation, you must add the IP address of the Proxy server as the WebGates IPValidationException parameter value in the Access System Console. ■ IP address-based authorization does not work because all requests come through one IP proxy IP that would not serve its purpose.

15.5.5.4 Prerequisites

Regardless of the manner in which you plan to use Oracle Access Manager with IPv6 clients, the following tasks should be completed before you start: ■ Install an Oracle HTTP Server instance to act as a reverse proxy to the Web server required for WebGate. ■ Install and complete the initial set up of Oracle Access Manager Identity Server, WebPass, Policy Manager, Access Server, WebGate as described in Oracle Access Manager Access Administration Guide. IPv6 Network IPv6IPv4 Proxy Oracle HTTP Server with WebGate Oracle WebLogic Server IAP OAM Server All IPv4 IPv6 IPv4 IPv4 IPv4 IPv4 myapphost.foo.com Oracle HTTP Server with WebGate IPv4 IPv4 Myssohost.foo.com Changing Network Configurations 15-17

15.5.5.5 Configuring IPv6 with Simple Authentication

Use the procedure in this section to configure your environment for simple authentication with Oracle Access Manager using the IPv6IPv4 proxy. See Figure 15–1 for a depiction of this scenario. The configuration in this procedure is an example only. In the example, OHS_host and OHS_port are the host name and port of the actual Oracle HTTP Server with WebGate. You must use values for your environment. To configure IPv6 with simple authentication: 1. Configure Oracle HTTP Server 11g Release 1 11.1.1 or any other server to enable reverse proxy: a. Stop Oracle HTTP Server with the following command: opmnctl stopproc ias-component=component_name b. Edit the following file: UNIX ORACLE_INSTANCEconfigOHSohs_namehttpd.conf Windows ORACLE_INSTANCE\config\OHS\ohs_name\httpd.conf c. Append the following to the httpd.conf file: ---Added for Mod Proxy IfModule mod_proxy.c ProxyRequests Off ProxyPreserveHost On ProxyPass http:OHS_host:OHS_port ProxyPassReverse http:OHS_host:OHS_port IfModule d. Restart Oracle HTTP Server using the following command: opmnctl startproc ias-component=component_name 2. Log in to the Access System Console. For example: http:hostname:portaccessoblix In the example, hostname refers to the computer that hosts the WebPass Web server; port refers to the HTTP port number of the WebPass Web server instance; accessoblix connects to the Access System Console. The Access System main page appears. See Also: ■ Oracle Fusion Middleware Installation Guide for Oracle Web Tier ■ Oracle Fusion Middleware Administrators Guide for Oracle HTTP Server Note: For this configuration you must use the Web server on which the WebGate is deployed as the Preferred HTTP host in the WebGate profile. You cannot use the IPv6 proxy name.