Detached Credential Collector (DCC) has been introduced in OAM 11GR2 release. And the documentation, http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/sso.htm#AIAAG6691, explains in detail about how to deploy it in various architecture scenarios. In addition to the documentation, this blog post will help clarify the configuration steps.
The following step presumes your deployment uses Open mode communication. It also assumes that a webgate 11G is registered with the OAM Server.
Using the Oracle Access Management Console, find and open the page for the 11.1.2 Webgate that will function as the DCC:
Here is the snapshot of the above configuration:
Ensure that the path name of the perl executable as mentioned in the perl scripts is correct. For example, if the Webgate is installed $MW_HOME/Oracle_OAMWebGate1, the perl scripts for DCC-based login are located in the following path: $MW_HOME/Oracle_OAMWebGate1/webgate/ohs/oamsso-bin. In most of the cases, by default for Unix based system, the perl executable located at /usr/bin/perl. This can be verified by the command “which perl” in the OAM Server. However, the perl scripts themselves point to: /usr/local/bin/perl.
To make sure that the scripts execute correctly, there are two choices:
Here is the snapshot for the above configuration:
Go to the Authentication Policy and make sure that you choose the “DCC AuthScheme” as the authentication scheme for the Protected Resource Policy. A typical snapshot would be as follows:
Now restart the OAM Server and test the above configuration. Create a sample page, for example, test.html, in the OHS root location. And try to access the page as http://oam.oracleateam.com:7778/test.html
This will redirect you to the following login page as shown below:
Note that the redirection URL is as follows:
The above URL shows that you are directed to the Detached Credential Collector. Now if you enter the credential correctly, you should be able to access the test.html page.