Configuring Memcache for Linux only
6.3.5 Configuring httpd.conf
This section provides information on how to edit the httpd.conf file to activate the UIO Apache Proxy. The httpd.conf file is the main configuration file used by the Apache HTTP Server.6.3.5.1 Basic Configuration without SSL
In the sample installation, the Apache httpd has been installed in c:\ProgramFiles\Apache2.2 or usrlocalapache2. To ensure that http.conf is correctly set up in your environment, follow these steps: 1. Ensure that the following lines are uncommented to enable mod_proxy. LoadModule proxy_module modulesmod_proxy.so LoadModule proxy_http_module modulesmod_proxy_http.so 2. Add the following line to the end of the LoadModule group of lines to activate the UIO Apache Proxy. LoadModule uio_module modulesmod_uio.so 3. Add a line to point to the UIO_Settings.xml file that has the settings for the UIO Apache Proxy. On Windows all paths should be with forward slashes, UioProxySettingsFile c:OAAMUIOUIO_Settings.xml On Linux, UioProxySettingsFile homeoaamuiouioUIO_Settings.xml 4. Disable mod_proxys forward-proxying capability since it is not needed. ProxyRequests Off Proxy Order deny,allow Allow from all Proxy 5. Enable the mod_proxy configuration to reverse-proxy to oaam_server and the target application is being protected by OAAM. ProxyPass oaam_server http:FQDN_oaam_server:oaam_server_portoaam_server ProxyPassReverse oaam_server http:FQDN_oaam_server:oaam_server_ portoaam_server ProxyPass target_app http:FQDN_target_app:target_app_porttarget_ appl ProxyPassReverse target_app http:FQDN_target_app:target_app_ Note: This should be an absolute path to the UIO_Settings.xml file. Oracle Adaptive Access Manager Proxy 6-15 porttarget_app 6. Set the usergroup of httpd using User and Group directives to oaamuio. The actual settings for 4 and 5 are installation-specific. They are only examples of the settings you must set. For information on setting details, refer to the Apache Web site. With the changes described and by properly setting up UIO_Settings.xml, you should be able to access OAAM Server oaam_server and target application and run Phase One scenarios. The URL for the target application is: http:apache-host:apache-porttarget_app So far in this chapter, the configuration to the proxy has been performed without using SSL.6.3.5.2 Configuration with SSL
To enable SSL, refer to the Apache Web site for Tomcat and for Apache procedures. Note that the UIO Apache Proxy requires mod_ssl to be part of httpd. This ensures that the OpenSSL library is linked in and is properly configured for the UIO Apache Proxy to generate session ids. You need to ensure that mod_ssl is loaded and you do not need to perform any configuration if you are not using SSL. mod_proxy_html module optional Optionally, you may need to install the mod_proxy_html http:apache.webthing.commod_proxy_html Apache module. This module is needed only if the protected application has Web pages that have hard-coded URL links to itself. If the application has relative URLs, you do not need this module. From their Web site, the executive summary of this module is as follows: mod_proxy_html is an output filter to rewrite HTML links in a proxy situation, to ensure that links work for users outside the proxy. It serves the same purpose as Apaches ProxyPassReverse directive does for HTTP headers, and is an essential component of a reverse proxy. For example, if a company has an application server at appserver.example.com that is only visible from within the companys internal network, and a public Web server www.example.com, they may wish to provide a gateway to the application server at http:www.example.comappserver. When the application server links to itself, those links need to be rewritten to work through the gateway. mod_ proxy_html serves to rewrite a href=http:appserver.example.comfoobar.htmlfoobara to a href=http:www.example.comappserverfoobar.htmlfoobara making it accessible from outside.6.3.6 Modifying the UIO Apache Proxy Settings
6.3.6.1 UIO_Settings.xml
UIO_ProxySettings xmlns=http:bharosa.com 6-16 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager -- Log4jProperties location=homeoaamuiouioUIO_log4j.xml -- Log4jProperties location=f:oaamuiouioUIO_log4j.xml Memcache ipaddress=127.0.0.1 port=11211 maxconn=10 GlobalVariable name=one value=something ConfigFile location=homeoaamuiouioTestConfig1.xml enabled=true ConfigFile location=homeoaamuiouioTestConfig2.xml enabled=false ConfigFile location=f:oaamuiouioTestConfig1.xml enabled=false Setting name=GarbageCollectorInterval_ms value=60000 Setting name=MaxSessionInactiveInterval_sec value=1200 Setting name=CachedConfigExpiry_sec value=120 Setting name=SessionIdCookieName_str value=SessionId Setting name=SessionCookie_ExpiryInMinutes value=0 Setting name=SessionCookie_IsHttpOnly value=0 Setting name=SessionCookie_IsSecure value=1 Setting name=Profiling value=0 Setting name=IgnoreUrlMappings value=0 Setting name=CaptureTraffic value=0 -- Enable AutoLoadConfig for Windows or Single-process Linux. Do not use for Multiple-process Linux when in production. -- Setting name=AutoLoadConfig value=1 -- Setting name=UseMemcache value=1 -- UIO_ProxySettings Log4jProperties Set the location of log4j.xml file that defines the logging configuration for the UIO Apache Proxy. The location should be an absolute path; it cannot be ServerRoot relative. On Linux, you have to ensure that the httpd process can access the directory. When using httpd in a multiprocessing mode, do not use FileAppender; use SocketAppender instead to log the logs from the different processes. Refer to the log4j documentation on the Internet for more information. GlobalVariable GlobalVariable is a global variable that is used in the application configuration. You can have any number of such name-value pairs. ConfigFile ConfigFile is the absolute path to an application configuration. You can have any number of such configurations. Again, you need to make sure, on Linux, that the httpd process has the permissions to access these files. Refer to Configuring the UIO Proxy to understand how to perform a configuration for an application. Memcache Memcache has the IP address and port of a memcache server. You can have multiple Memcache elements in the settings file if you have multiple memcache serversParts
» Oracle Fusion Middleware Online Documentation Library
» Native Integration Oracle Fusion Middleware Online Documentation Library
» Universal Installation Option Integrations Customizations and Extensions
» Using Web Services and SOAP API
» User Name Page S1 Device Fingerprint Flow F1
» Run Pre-Authentication Rules R1 Decode Virtual Authentication Device Input P4
» Run Post-Authentication Rules R3
» Check Registration for User C2 Run Registration Required Rules R4
» Run Authentication Rules R6 Challenge the User S6
» Check Answers to Challenge C3
» UserPassword S1 Stages Integrating with Knowledge-Based Authentication
» Introduction Oracle Fusion Middleware Online Documentation Library
» Oracle Adaptive Access Manager .NET SDK
» Encrypting Property Values Configuration Properties
» Using User-Defined Enumerations to Define Elements
» User Details Oracle Adaptive Access Manager API Usage
» User Logins and Transactions
» Creating and Updating Bulk Transactions
» Validating a User with Challenge Questions
» Resetting Challenge Failure Counters
» Creating a Virtual Authentication Device
» Specifying Credentials to the Oracle Adaptive Access Manager SOAP Server
» Tracing Messages Oracle Adaptive Access Manager API Usage
» ASP.NET Applications Integration Example Using Sample Applications
» SampleWebApp SampleWebAppTracker Sample Application Details
» SampleWebAppAuthTracker Sample Application Details
» SampleKBATracker Sample Application Details
» Modifying the web.config File
» Setting Properties for Images
» Example: Enable Transaction Logging and Rule Processing
» Using Oracle Adaptive Access Manager Shared Library in Web Applications
» Using Oracle Adaptive Access Manager Shared Library in Enterprise Applications
» CustomizingExtendingOverriding Oracle Adaptive Access Manager Properties
» OAAM Java InProc Integration
» Select the row oraclewss_http_token_service_policy.
» About VCryptResponse Oracle Fusion Middleware Online Documentation Library
» handleTrackerRequest createTransaction Oracle Adaptive Access Manager APIs
» updateTransaction Oracle Adaptive Access Manager APIs
» handleTransactionLog Oracle Adaptive Access Manager APIs
» updateTransactionStatus updateLog Oracle Adaptive Access Manager APIs
» getUserByLoginId generateOTP Oracle Adaptive Access Manager APIs
» updateAuthStatus Oracle Adaptive Access Manager APIs
» processPatternAnalysis Oracle Adaptive Access Manager APIs
» markDeviceSafe IsDeviceMarkedSafe Oracle Adaptive Access Manager APIs
» cancelAllTemporaryAllows resetUser getRulesData getActionCount
» User selects an authentication pad background image
» User registers challenge questions
» User registers profile information
» User Continues Into the Application
» Web Listener Creation UIO Proxy Web Publishing Configuration
» Choose SSL as a connection option if the Web application is listening on SSL;
» For your Web listener, select Bharosa Proxy Listener.
» For the name of the rule, enter a name such as Online Banking Application.
» Registering the UIO ISA Proxy DLL
» Configuration files Settings to Control the UIO Proxy
» Configuring Session Id Cookie attributes via Global Variables Session Inactive Interval
» Windows UIO Proxy Files for Windows and Linux
» Windows Linux Apache httpd Requirements
» Windows Linux Copying the UIO Apache Proxy and Supported Files to Apache
» Configuring Memcache for Linux only
» Basic Configuration without SSL
» Configuration with SSL Configuring httpd.conf
» UIO_Settings.xml Modifying the UIO Apache Proxy Settings
» Application configuration XMLs Modifying the UIO Apache Proxy Settings
» OTP Registration and Challenge Experience Setting Up Rules and User Groups
» Setting Up Policies Oracle Fusion Middleware Online Documentation Library
» Components of Interceptors Elements of the UIO Proxy Configuration File
» Conditions Elements of the UIO Proxy Configuration File
» Filters Elements of the UIO Proxy Configuration File
» Filter Examples - ProcessString
» Filter Examples - FormatString
» Actions Elements of the UIO Proxy Configuration File
» Variables Elements of the UIO Proxy Configuration File
» Interception Process Configuring the UIO Proxy
» Configuring Redirection to the Oracle Adaptive Access Manager Server Interface
» Application Information Application Discovery
» Setting Up the UIO ISA Proxy
» Setting Up the UIO Apache Proxy
» Descriptions for Interceptors Samples
» Flow for First-time User to Log In and Log Out of BigBank with UIO Proxy
» Upgrading the UIO ISA Proxy Server
» Overview Add Customizations Using the OAAM Extensions Shared Library User-Defined Enumerations
» Architecture Oracle Fusion Middleware Online Documentation Library
» OAAM Server Settings Oracle Fusion Middleware Online Documentation Library
» Determining the Application ID
» Determining Default User Groups
» Custom Header Footer Custom CSS
» Property Extension User-Defined Enums
» Overriding Existing User-Defined Enums
» Disabling Elements Configuring Application Properties
» Customizing Java Server Pages JSPs
» Rendering the Page Interface Page Configuration File
» tiles-def.xml Interface Page Configuration File
» Action Path Struts Configuration File
» Action Type Struts Configuration File
» Struts Configuration File Struts Configuration File
» Overriding Struts Definitions Terminology
» TextPad PinPad QuestionPad Virtual Authentication Types
» Keypad Virtual Authentication Types
» Virtual Authentication Devices and Set of Background Images Authenticator Composition
» Property Files Used in the Authenticators Configuration
» TextPad Authenticator Properties Virtual Authentication Device Properties
» PinPad Authenticator Properties Virtual Authentication Device Properties
» QuestionPad Authenticator Properties Virtual Authentication Device Properties
» KeyPad Authenticator Properties Virtual Authentication Device Properties
» Background Images Frame Design and Element Positioning
» KeysSets Frame Design and Element Positioning
» TextPad Visual Elements Frame Design and Element Positioning
» PinPad Visual Elements Frame Design and Element Positioning
» QuestionPad Visual Elements Frame Design and Element Positioning
» KeyPad Visual Elements Frame Design and Element Positioning
» Customization Steps Virtual Authentication Device Properties
» Re-deploy the updated oracle.oaam.extensions.war as a shared library
» Setting Up Before Calling the getpad type Method
» Getting the AuthentiPads Displaying Virtual Authentication Devices
» Setting Properties After Getting Authentipad Object
» Displaying Virtual Authentication Devices
» Enabling Accessible Versions of Authenticators
» Overview Localizing Virtual Authentication Device in OAAM 11g
» About the Implementation Oracle Fusion Middleware Online Documentation Library
» Oracle User Messaging Service UMS
» Challenge Processor Challenge Type
» Install SOA Suite Prerequisites
» Email Driver Configure the UMS Driver
» SMPP Driver Configure the UMS Driver
» OTP Setup Overview Oracle Fusion Middleware Online Documentation Library
» Integrating UMS Configuring OTP
» Enabling OTP Challenge Types
» Enabling Registration and User Preferences
» Customizing Registration Fields and Validations
» Customizing Terms and Conditions
» Customizing Registration Page Messaging
» Enabling Opt Out Functionality
» Registering SMS Processor to Perform Work for Challenge Type
» Configuring the Challenge Pads Used for Challenge Types
» Custom Implementation Recommendations Configuring Properties
» Email Input Additional Registration Field Definitions Examples
» Phone Input Additional Registration Field Definitions Examples
» IM Input Additional Registration Field Definitions Examples
» Register Email Challenge Processor
» Register IM Challenge Processor
» Register Voice Challenge Processor
» Challenge Use Case Oracle Fusion Middleware Online Documentation Library
» Integration Oracle Fusion Middleware Online Documentation Library
» Executing Configurable Actions in a Particular Order and Data Sharing
» How to Test Configurable Actions Triggering Sample JUnit Code
» When to Use Extend Device Identification
» Prerequisites Oracle Fusion Middleware Online Documentation Library
» Implement the Client Side Plug-in getFingerPrint
» getDigitalCookie getClientDataMap Developing a Custom Device Identification Plug-in
» Overview of Interactions Oracle Fusion Middleware Online Documentation Library
» Compile, Assemble and Deploy Important Note About Implementing the Plug-In
» Device Fingerprinting Definitions of Variables and Parameters
» Common Update Oracle Fusion Middleware Online Documentation Library
» Benefits and Features of the Integration
» Secure Password Collection and Management Scenarios
» Use OAAM Shared Library Instead of Static Linking to OAAM Jars
» Move All Configurable Properties into the bharosa_server.properties File
» Configure SOAPWebServices Access Migrating Native SOAP Applications to OAAM 11g
» Copy the OAAM 11g Property Files
» Specify the Configurable Properties in the bharosa_server.properties File
» Database Host and Port Changes
» Moving Oracle Adaptive Access Manager to a New Production Environment
» Moving Oracle Adaptive Access Manager to an Existing Production Environment
» Results Display English Only User Defined Enum Result Display
» Internationalized User Defined Enum Result Display
» Create a Data Model Adding Geolocation Data
» Example Create Oracle BI Publisher Reports on Data in the OAAM Schema
» Information about Data Types
» Discover Transaction data details like Data Type, Row and Column mappings
» Build Transaction Data SQL Queries and Views
» Building Entity Data Reports
» Building Transaction Data Reports
» Joining Entity Data Tables and Transaction data tables
» What are Challenge Processors
» Class Code Challenge Processors
» Methods Example: Email Challenge Processor Implementation
» Secret PIN Implementation Code Challenge Processors
» Challenge Type Enum Define the Delivery Channel Types for the Challenge Processors
» Example: Defining an OTP Channel Type
» Configure the Challenge Pads Used for Challenge Types
» OAAM Schema Custom Schema Example
» Important Classes Base Framework
» General Framework Execution Base Framework
» Default Load Implementation Default Implementation
» Default Playback Implementation Default Implementation
» Extending AbstractJDBCRiskAnalyzerDataSource Implement RiskAnalyzerDataSource
» Extending AbstractTextFileAnalyzerDataSource Implement RiskAnalyzerDataSource
» Extending AbstractRiskAnalyzerDataSource Implement RiskAnalyzerDataSource
» Extending AbstractLoadLoginsRunMode Implement RunMode
» Extending AbstractLoadTransactionsRunMode Extending PlaybackRunMode
» Simple Techniques Techniques for Solving Complex Problems
» Divide and Conquer Techniques for Solving Complex Problems
» Rigorous Analysis Techniques for Solving Complex Problems
» State the Problem Process Flow of Analysis
» Specify the Problem Process Flow of Analysis
» Develop Possible Causes Process Flow of Analysis
» Test Each Candidate Cause Against the Specification
» Confirm the Cause Process Flow of Analysis
» Failures Process Flow of Analysis
» Implementation Details: Overriding the Loader or Playback Behavior Troubleshooting Tools
» OAAM UIO Proxy Oracle Fusion Middleware Online Documentation Library
» Knowledge-Based Authentication Virtual Authentication Devices
» Configurable Actions Oracle Fusion Middleware Online Documentation Library
» One-Time Password Oracle Fusion Middleware Online Documentation Library
» Localization Oracle Fusion Middleware Online Documentation Library
Show more