Integration With Oracle Identity Management 10-21

10.2.5 Configuring IP Validation for the Webgate

IP Validation determines if a clients IP address is the same as the IP address stored in the ObSSOCookie generated for single sign-on. IP Validation can cause issues in systems using load balancer devices configured to perform IP termination, or when the authenticating webgate is front-ended by a different load balancer from the one front-ending the enterprise deployment. To configure your load balancer so that it is not validated in these cases, follow these steps:

1. Navigate to the Access System Console using the following URL:

http:hostname:portaccessoblix Where the hostname refers to the host where the WebPass Oracle HTTP Server instance is running, and port refers to the HTTP port of the Oracle HTTP Server instance.

2. On the Access System main page, click the Access System Console link, and then

log in as an administrator.

3. On the Access System Console main page, click Access System Configuration,

and then click the Access Gate Configuration link on the left pane to display the AccessGates Search page.

4. Enter the proper search criteria and click Go to display a list of AccessGates.

5. Select the AccessGate created by the Oracle Access Manager configuration tool.

6. Click Modify at the bottom of the page.

7. In the IPValidationException field, enter the address of the load balancer used to

front-end the deployment.

8. Click Save at the bottom of the page.

10.2.6 Setting Up the WebLogic Authenticators

This section assumes that you have already set up the LDAP authenticator by following the steps in Section 10.1.2.1, Creating the LDAP Authenticator. If you have not already created the LDAP authenticator, do it before continuing with this section. This section includes the following topics: ■ Section 10.2.6.1, Back Up Configuration Files ■ Section 10.2.6.2, Setting Up the OAM ID Asserter ■ Section 10.2.6.3, Setting the Order of Providers

10.2.6.1 Back Up Configuration Files

To be safe, first back up the relevant configuration files: ORACLE_BASE admindomain_nameaserverdomain_nameconfigconfig.xml ORACLE_BASE admindomain_nameaserverdomain_nameconfigfmwconfigjps-con fig.xml ORACLE_BASE admindomain_nameaserverdomain_nameconfigfwmconfigsystem- jazn-data.xml Also back up the boot.properties file for the Administration Server.

10.2.6.2 Setting Up the OAM ID Asserter

To set up the OAM ID Asserter, complete these steps: 10-22 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle WebCenter 1. Log into Weblogic Console, if not already logged in. 2. Navigate to SecurityRealms\Default Realm Name\Providers.

3. Click New and Select OAM Identity Asserter from the dropdown menu.

4. Name the asserter for example, OAM ID Asserter and click Save.

5. Click the newly added asserter to see the configuration screen for OAM Identity Asserter.

6. Set the control flag to ’REQUIRED’ and click Save.

7. Check that OAM_REMOTE_USER and ObSSOCookie is set for Active Types.

8. Save the settings.

10.2.6.3 Setting the Order of Providers

Reorder the OAM Identity Asserter, OID Authenticator, and Default Authenticator by ensuring that the control flag for each authenticator is set as follows: ■ OAM Identity Asserter: REQUIRED ■ OID LDAP Authenticator or OVD LDAP Authenticator: SUFFICIENT ■ Default Authenticator: SUFFICIENT

10.2.7 Understanding Virtual Host configuration

The WebCenter Suite includes applications that use as the context root. To route these applications through Oracle HTTP Server without virtual hosts you can add the following entry to mod_wl_ohs.conf file: Location SetHandler weblogic-handler WebLogicHost webcenter.example.com WebLogicPort 8889 Location However, this would affect all context roots not explicitly defined. The term virtual host refers to the practice of running more than one Web site such as www.company1.com and www.company2.com on a single machine. Virtual hosts can be IP-based, where you have a different IP address for each Web site, or name-based, where you have multiple names running on each IP address. You must configure virtual hosts both on the HTTP Server and on the load balancer. On the load balancer, configure an externally-facing URL, such as wcedg-pagelet.mycompany.com. This configuration routes to the virtual host configured on the HTTP Servers. For example: ■ wcedg.mycompany.com - webhostn:7777 ■ wcedg-pagelet.mycompany.com - webhostn-pagelet:7777 The steps for configuring the virtual host on the HTTP Server are outlined in Section 10.2.8, Configuring Virtual Hosts for OAM 10g.