You are here:>>>How To Secure / Protect Web Applications Using Oracle Access Manager and Webgate

How To Secure / Protect Web Applications Using Oracle Access Manager and Webgate

Video Tutorial

In this video tutorial I will explain the basic request flow of OAM (Oracle Access Manager) and basic OAM terminology.

I will show a demo on how to protect web application deployed on Oracle HTTP Server using OAM and Webgate.

I will also show how to use OAM Tester JAVA utility to test OAM Authentication & Authorization policies.

Finally I will show how to configure custom unauthorized pages in OAM for failed authorizations.

I have my OAM, OHS & OUD already setup on Oracle Linux 6 64 Bit Virtual Machine. Please watch below videos if you want to know how to setup the environment.

Environment Setup Videos

OAM Single Sign On Request Flow

OAM Webgate Configuration

  • Navigate to Webagte directory inside OHS Middleware Home and execute below command to deploy Webgate to OHS instance directory
    • -w (OHS Instance Directory) : /u01/app/oracle/product/ohsfmw/user_projects/domains/OHSDomain/config/fmwconfig/components/OHS/instances/ohs1
    • -oh (OHS Middleware Home) : /u01/app/oracle/product/ohsfmw

  • Navigate to Webagte InstallTools directory and excute EditHttpConf to edit httpd.conf

  • That’s it on OHS side. Next we need to register this Webgate with Oracle Access Manager

Webgate Registration with OAM

  • Please follow the instructions in the video to know about Webgate registration process.
  • Once Webgate is created in Open mode, OAM creates below files which needs to be copied from Domain’s output directory to Webgate’s config directory
    • ObAccessClient.xml
    • cwallet.sso

  • Restart OHS after copying the files and the web application will be protected using default authentication & authorization policies
  • Follow the instructions in the video for policy customizations

Policy Testing Using OAM Tester

  • Navigate to OIAM home, server, tester and execute OAM Tester java utility as below

  • Check out the video for detailed explanation on how to use OAM Tester utility

Configure Custom Unauthorized Page

  • Please follow the instructions in the video to know about configuring custom unauthorized page for failed authorizations

Thats It !! You now know how to protect web applications using OAM & Webgate and you have seen how to customize policies, test them using OAM Tester.

Hope you found this post helpful. If you have any questions please post in the comments section. Please watch my video for detailed explanation and demo.


About the Author:

I am a Senior Cloud Professional specialized in AWS Cloud with 11 years of IT experience. I am enthusiastic about Serverless Architecture. I am an expert in Oracle Fusion Middleware.


  1. superb gifts July 19, 2016 at 9:54 PM - Reply

    Excellent post. I used to be checking continuously this weblog and I am
    inspired! Extremely helpful information specifically the closing part 🙂 I maintain such information much.
    I used too be looking forr this particular info foor a long
    time. Thanks and best of luck.

  2. James February 15, 2017 at 1:41 AM - Reply

    Hi Prasad,

    Thanks for the demo and I really appreciate your excellent help!

    After installation and integration, the following errors are encountered:

    When testing using browser via http://hostname:7777 or http://hostname:7777/oamconsole

    400 Bad Request
    The request could not be understood by server due to malformed syntax.

    When testing using oamtest.jar

    [2/14/17 1:35 PM][response] Connection to access server not available

    and console is showing

    Feb 14, 2017 12:56:39 PM NMPinitialize
    SEVERE: Read timed out

    Any idea about how to resolve the errors? Your input is greatly appreciated.


    • pdomala March 23, 2017 at 4:53 AM - Reply

      Hello James,
      7777 is OHS default port. Have you configured OHS infront of OAM? If so have you modified your httpd.conf file to include /oamconsole location under Weblogic handler?

  3. venkat March 28, 2017 at 9:00 PM - Reply

    Hi Prasad,

    all your IDM posts really great with nice writing and explanation.

    I really appreciate your time and efforts. Thanks a lot.

  4. Rameh Oruganti March 30, 2017 at 1:29 PM - Reply

    It was really a great videos. it’s like a spoon feeding of technology which I never see this kind of explanation from even oracle trainers.
    Thank you Sir, Now I am really fan of your technical skills and enthusiasm, Especially positing these technical writings to public it’s really hat’s up.

  5. Mark July 4, 2017 at 3:25 PM - Reply

    This was really a very helpful post as I have learned a lot regarding IDM just by watching your videos.

    I have a question, is it possible to create the custom Responses cookie thru WLST Scripts? I see that you are using the oam console todo this but I am looking on how to do this thru some scripts. Do you have any idea how this is being done.

    I wanted to change also the Access Manager Settings but I just dont know if there is a script or rest api to change the settings.

    Your response is greatly appreciated. More powers to you!

  6. Sushant November 2, 2017 at 12:38 PM - Reply

    Hi Prasad,

    Thanks for the demo and I really appreciate your video quality and excellent help!

    Can you please provide me the video/tutorial link, In which you can access web service (SOAP) from java client which is protected by OAM.

    Thanks and Regards,
    Sushant Mane

Leave A Comment