Managing OAM Identity Assertion on IBM WebSphere 7-11

7.5.2 Provisioning Agents and Creating OAM 11g Policies for IBM WebSphere

This topic describes how to provision agents and create policies for OAM 11g. At least one OAM Server instance must be running in the same mode as the agent. Otherwise, agent registration fails. After provisioning, you can change the communication mode of the OAM Server if needed. Communication between the agent and server continues to work as long as the WebGate mode is at least at the same level as the OAM Server mode or higher. To register an agent and create policies for the OAM 11g IAP for IBM WebSphere 1. Log in to the OAM 11g Administration Console as usual. For example: http:host:portoamconsole. 2. On the Welcome page, click Add OAM 10g 10.1.4.3 Agent in the Agent Configuration panel to open a fresh page: Alternatively : From the System Configuration tab, expand the Agents node, the OAM Agents node, and the 10g 10.1.4.3 Webgates node, then click the Create command button in the tool bar. 3. On the Create: OAM Agent page, enter required details those with an to register this OAM Agent, as shown in Table 7–3 .

4. Protected Resource List

: In this table, enter individual resource URLs to be protected by this OAM Agent, as shown in Table 7–3 .

5. Public Resource List

: In this table, enter individual resource URLs to be public not protected, as shown in Table 7–3 , including AuthenSSOToken used by the Oracle Access Manager Identity Assertion Provide. 6. Confirm that the Auto Create Policies box is checked or clear the box to disable this function. 7. Click Apply to submit the registration or close the page without applying changes. 8. Check the Confirmation window for the location of generated artifacts and then close the window. 9. Repeat steps in this procedure to register an additional AccessGate and policies for use by WebGate and: ■ Enter a name for this registration. ■ Select the appropriate Security mode. ■ Do not specify a Base URL. ■ Check Auto Create Policies ■ Click Apply 10. Proceed to Installing the Required WebGate for the IHS Web Server .

7.6 Installing the Required WebGate for the IHS Web Server

After provisioning, you can install the OAM 10g 10.1.4.3 WebGate for IHS to operate within either an OAM 10g 10.1.4.3 or OAM 11g deployment as described here. Ignore any steps that do not apply to your environment. To download and install the 10g 10.1.4.3 WebGate for IHS 1. Locate and download the WebGate installer as follows: 7-12 Oracle Fusion Middleware Third-Party Application Server Guide a. Go to Oracle Fusion Middleware 11gR1 Software Downloads at: http:www.oracle.comtechnologysoftwareproductsmiddlewareht docsfmw_11_download.html

b. Click Accept License Agreement, at the top of the page.

c. From the Access Manager WebGates 10.1.4.3.0 row, click the download link

for the desired platform and follow on-screen instructions. d. Store the WebGate installer in the same directory with any 10g 10.1.4.3 Access System Language Packs you want to install. 2. Launch the WebGate installer for your platform, installation mode, and Web server, and then: a. Dismiss the Welcome screen by clicking Next. b. Respond with administrator privileges when asked. c. Specify the installation directory for the WebGate. For example: OracleAccessManagerWebComponent

d. Linux or Solaris

: Specify the location of the GCC runtime libraries on this computer.

e. Language Pack

—Choose a Default Locale and any other Locales to install, then click Next. f. Record the installation directory name in the preparation worksheet if you havent already, then click Next to continue. The WebGate installation begins, which may take a few seconds. On Windows systems, a screen informs you that the Microsoft Managed Interfaces are being configured.

3. OAM 10g 10.1.4.3 Deployment

: Continue installation, as described in the 10g 10.1.4.3 Oracle COREid Access and Identity Installation Guide, and: a. Specify the same values when you install the WebGate that were specified when provisioning the WebGate using OAMCfgTool, earlier. b. Specify any additional requested values to properly finish the installation c. Copy the files to the WebGate host: WebGate_install_diraccessoblixconfig. d. Restart the WebGate Web server. e. Proceed to Preparing the IHS Web Server on page 7-13.

4. OAM 11g Deployment

: Cancel the WebGate installer without finishing and gather WebGate 10g 10.1.4.3 provisioning artifacts and certificate files, if needed. For example: a. On the OAM AdminServer host, locate and copy the updated OAM Agent ObAccessClient.xml configuration file and any certificate artifacts. For example: DOMAIN_HOMEoutputAgent_Name ObAccessClient.xml password.xml if needed aaa_key.pem your private key generated by openSSL aaa_cert.pem signed certificates in PEM format Managing OAM Identity Assertion on IBM WebSphere 7-13 b. On the OAM Agent host, add the artifacts to the WebGate directory path. For example: WebGate_install_diraccessoblixlibObAccessClient.xml WebGate_install_diraccessoblixconfig c. Restart the WebGate Web server. d. Run the EditHTTPConf tool to update IHS Server configuration for WebGate. e. Restart the OAM Server that is hosting the Agent. f. Proceed to Preparing the IHS Web Server