You are here:>>>How To Secure / Protect Web Applications Using Oracle Access Manager and Webgate

How To Secure / Protect Web Applications Using Oracle Access Manager and Webgate

Video Tutorial

In this video tutorial I will explain the basic request flow of OAM (Oracle Access Manager) and basic OAM terminology.

I will show a demo on how to protect web application deployed on Oracle HTTP Server using OAM and Webgate.

I will also show how to use OAM Tester JAVA utility to test OAM Authentication & Authorization policies.

Finally I will show how to configure custom unauthorized pages in OAM for failed authorizations.

I have my OAM, OHS & OUD already setup on Oracle Linux 6 64 Bit Virtual Machine. Please watch below videos if you want to know how to setup the environment.

Environment Setup Videos

OAM Single Sign On Request Flow

OAM Webgate Configuration

  • Navigate to Webagte directory inside OHS Middleware Home and execute below command to deploy Webgate to OHS instance directory
    • -w (OHS Instance Directory) : /u01/app/oracle/product/ohsfmw/user_projects/domains/OHSDomain/config/fmwconfig/components/OHS/instances/ohs1
    • -oh (OHS Middleware Home) : /u01/app/oracle/product/ohsfmw

  • Navigate to Webagte InstallTools directory and excute EditHttpConf to edit httpd.conf

  • That’s it on OHS side. Next we need to register this Webgate with Oracle Access Manager

Webgate Registration with OAM

  • Please follow the instructions in the video to know about Webgate registration process.
  • Once Webgate is created in Open mode, OAM creates below files which needs to be copied from Domain’s output directory to Webgate’s config directory
    • ObAccessClient.xml
    • cwallet.sso

  • Restart OHS after copying the files and the web application will be protected using default authentication & authorization policies
  • Follow the instructions in the video for policy customizations

Policy Testing Using OAM Tester

  • Navigate to OIAM home, server, tester and execute OAM Tester java utility as below

  • Check out the video for detailed explanation on how to use OAM Tester utility

Configure Custom Unauthorized Page

  • Please follow the instructions in the video to know about configuring custom unauthorized page for failed authorizations

Thats It !! You now know how to protect web applications using OAM & Webgate and you have seen how to customize policies, test them using OAM Tester.

Hope you found this post helpful. If you have any questions please post in the comments section. Please watch my video for detailed explanation and demo.

2016-12-08T18:20:42+00:00

About the Author:

I am a Senior Cloud Professional specialized in AWS Cloud with 11 years of IT experience. I am enthusiastic about Serverless Architecture. I am an expert in Oracle Fusion Middleware.