15-18 Oracle Fusion Middleware Administrators Guide 3. Click Access System Configuration, and then click AccessGate Configuration. The Search for AccessGates page appears. The Search list contains a selection of attributes that can be searched. Remaining fields allow you to specify search criteria that are appropriate for the selected attribute. 4. Select the search attribute and condition from the lists or click All to find all AccessGates, and then click Go. 5. Click an AccessGates name to view its details. 6. Click Modify. 7. For Preferred HTTP Host, specify the Web server name on which WebGate is deployed as it appears in all HTTP requests. The host name within the HTTP request is translated into the value entered into this field regardless of the way it was defined in a users HTTP request. 8. To enable IP validation, add the IP address of the proxy server as the value of the IPValidationException parameter. 9. Click Save.

15.5.5.6 Configuring IPv6 with an Authenticating WebGate and Challenge Redirect

Use the procedure in this section to configure your environment to use Oracle Access Manager with the IPv6IPv4 proxy and an authenticating WebGate and challenge redirect. Figure 15–2 shows a depiction of this scenario. The following procedure presumes a common proxy for both form-based authentication and the resource WebGate. For example, suppose you have the following configuration: ■ Resource WebGate is installed on http:myapphostv4.foo.com ■ Resource is on http:myapphostv4.foo.comtesting.html ■ Authenticating WebGate is on http:myssohostv4.foo.com ■ Login form is http:myssohostv4.foo.comoamssologin.html ■ Reverse proxy URL is http:myapphost.foo.com In the following procedure, you configure the Oracle HTTP Server, configure WebGate profiles to use the corresponding Oracle HTTP Server as the Preferred HTTP host, and configure the form-based authentication scheme with a challenge redirect value of the reverse proxy server URL http:myapphost.foo.com in this example. Be sure to use values for your own environment. To configure IPv6 with an authenticating WebGate and challenge redirect: 1. Configure Oracle HTTP Server 11g Release 1 11.1.1 or any other server, as follows: a. Stop Oracle HTTP Server with the following command: Note: For this configuration, the Preferred HTTP host must be the name of the Oracle HTTP Server Web server that is configured for this WebGate. For example, a WebGate deployed on myapphost4.foo.com must use myapphost4.foo.com as the Preferred HTTP host. You cannot use the IPv6 proxy name. Changing Network Configurations 15-19 opmnctl stopproc ias-component=component_name b. Edit the following file: UNIX ORACLE_INSTANCEconfigOHSohs_namehttpd.conf Windows ORACLE_INSTANCE\config\OHS\ohs_name\httpd.conf c. Append the following information for your environment to the httpd.conf file. For example: IfModule mod_proxy.c ProxyRequests On ProxyPreserveHost On Redirect login form requests and redirection requests to Authentication WebGate ProxyPass obrareq.cgi http:myssohostv4.foo.comobrareq.cgi ProxyPassReverse obrareq.cgi http:myssohostv4.foo.comobrareq.cgi ProxyPass oamssologin.html http:myssohostv4.foo.comoamssologin.html ProxyPassReverse oamssologin.html http:myssohostv4.foo.comoamssologin .html ProxyPass accesssso http:myssohostv4.foo.com accesssso ProxyPassReverse accesssso http:myssohostv4.foo.comaccesssso Redirect resource requests to Resource WG ProxyPass http:myapphostv4.foo.com ProxyPassReverse http:myapphostv4.foo.com IfModule d. Restart Oracle HTTP Server using the following command: opmnctl startproc ias-component=component_name 2. In the Access System Console, set the Preferred HTTP host for each WebGate as follows: a. Log in to the Access System Console. For example: http:hostname:portaccessoblix In the example, hostname refers to the computer that hosts the WebPass Web server; port refers to the HTTP port number of the WebPass Web server instance; accessoblix connects to the Access System Console. The Access System main page appears. b. Click Access System Configuration, and then click AccessGate Configuration . The Search for AccessGates page appears. The Search list contains a selection of attributes that can be searched. Remaining fields allow you to specify search criteria that are appropriate for the selected attribute. c. Select the search attribute and condition from the lists or click All to find all AccessGates, and then click Go. d. Click an AccessGates name to view its details. e. Click Modify. 15-20 Oracle Fusion Middleware Administrators Guide f. For Preferred HTTP Host, specify the name of the Oracle HTTP Server Web server that is configured for this WebGate. For example, a WebGate deployed on myapphostv4.foo.com must use myapphostv4.foo.com as the Preferred HTTP host. g. To enable IP validation, add the IP address of the Proxy server as the value of the IPValidationException parameter. h. Click Save. i. Repeat for each WebGate and specify name of the Oracle HTTP Server Web server that is configured for this WebGate. 3. From the Access System Console, modify the Form authentication scheme to include a challenge redirect to the Proxy server, as follows: a. Click Access System Configuration, and then click Authentication Management . b. Click the name of the scheme to modify, and then click Modify. c. Configure the challenge redirect value to the Proxy server URL. In this example, the Proxy server URL is http:myapphost.foo.com. d. Click Save.

15.5.5.7 Configuring IPv6: Separate Proxy for Authentication and Resource WebGates

Use the procedure in this section to configure a separate proxy for authentication and resource WebGates. In this configuration, you have multiple proxies: for example a separate proxy for the authentication WebGate and another proxy for the resource WebGate. You can access the application from a browser on the IPv4 network directly to an IPv4 server host name with a login redirect to an IPv6 host. For example: ■ Resource WebGate is on http:myapphostv4.foo.com ■ Authenticating WebGate is on http:myssohostv4.foo.com ■ Proxy used for myapphostv4.foo.com should be myapphostv4.foo.com ■ Proxy used for myssohostv4.foo.com should be myssohostv4.com In the example, OHS_host and OHS_port are the host name and port of the Oracle HTTP Server that is configured for WebGate. Be sure to use values for your own environment. To configure IPv6 with a separate proxy for authentication and resource WebGates: 1. Configure Oracle HTTP Server 11g Release 1 11.1.1 or any other server for multiple proxies, as follows: a. Stop Oracle HTTP Server with the following command: opmnctl stopproc ias-component=component_name b. Edit the following file: UNIX ORACLE_INSTANCEconfigOHSohs_namehttpd.conf Windows ORACLE_INSTANCE\config\OHS\ohs_name\httpd.conf Note: You cannot use the IPv6 proxy name as the Preferred HTTP host in a WebGate profile.