I have been involved with many customer's who are integrating OAM 11g with Universal Content Manager 11g (UCM) and I know that trying to follow the OAM documentation can be daunting. So I put together my own integration document/Blog. Not to re-invent the wheel, this post utilizes what we already have in terms of documentation. Think of this as a checklist and the steps that I implemented to get my own internal environment working.
Follow the documentation to configure OAM Access Manager 11g with Oracle UCM, Section 126.96.36.199: http://download.oracle.com/docs/cd/E21764_01/doc.1111/e10792/c03_security.htm#CDDHGCCC
The documentation is not clear whether to install the Webgate on the OHS server first. Recommend to install the webgate at the end.
188.8.131.52 - Configuring Oracle Access Manager 11g with Oracle UCM
1.a. In our use case, we only need to protect the UCM URI’s below.
# UCM Content Server <Location /cs> SetHandler weblogic-handler WebLogicHost <hostname> WebLogicPort <portnumber> </Location> # UCM Content Server authentication <Location /adfAuthentication> SetHandler weblogic-handler WebLogicHost<hostname> WebLogicPort <portnumber> </Location> #UCM online help <Location /_ocsh> SetHandler weblogic-handler WebLogicHost <hostname> WebLogicPort <portnumber> </Location>
b. Use the remote registration tool oamreg as follows in section 184.108.40.206:
220.127.116.11 - Provision with 11g Webgate
1. Acquire the tool
a. The rreg tool can be found and executed on the same box where OAM is installed. No need to un-tar.
2. Created a new UCM-Request.xml:
<OAM11GRegRequest> <serverAddress>http://ateam-hq66.us.oracle.com:7003</serverAddress> <hostIdentifier>UCM-INT</hostIdentifier> <agentName>UCM-INT</agentName> <protectedResourcesList> <resource>/adfAuthentication</resource> </protectedResourcesList> <publicResourcesList> <resource>/cs</resource> <resource>/_ocsh</resource> </publicResourcesList> </OAM11GRegRequest>
3. On the command line, execute the following:
./bin/oamreg.sh inband input/UCM-Request.xml
When asked to enter the admin and password, make sure the user is part of the system store you configured for OAM (e.g testuser1/welcome1)
2. Continuing Section 18.104.22.168
You can configure the OAM Asserter and LDAP/OVD Authenticator before installing a webgate. Once the LDAP/OVD authenticator is configured, recommend to test UCM and make sure that you can bind to a user that is created within the provider you configured.
The order of the provider’s should be as follows:
OAM Identity Asserter
The following ‘Common’ parameters should be set as:
Leave the default values for the ‘Provider Specific’ tab.
‘Provider Specific’ tab:
Based on the back-end LDAP repository, make sure that you specify the correct object class and user name attribute within the LDAP filters. In our case, we used ‘inetorgperson’ and ‘uid’ for a user object and ‘groupofuniquenames’ and ‘uniqumembers’ for groups.
3. After Installing and configuring OAM 11g.
Recommend installing the webgate now. No good links in the documentation to install webgate 11g. Use the following: http://download.oracle.com/docs/cd/E21764_01/install.1111/e12002/webgate.htm#CACCBCFF
You will need the gcc libraries. Can get them here:
Look for ‘GCC Libraries for Oracle Identity Federation’
Use the following cpio file to extract the gcc libraries:
cpio -idvm <cpio-file><cpio_file>
Step 2 - Ran the command:
./deployWebgateInstance.sh –w /u0/Oracle/Middleware22.214.171.124/Oracle_WT1/instances/instance1/config/OHS/ohs1 -oh /u0/Oracle/Middleware126.96.36.199/Oracle_OAMWebgate1
Step 5 – Ran the command:
./EditHttpConf –w /u01/Oracle/Middleware188.8.131.52/Oracle_WT1/instances/instance1/config/OHS/.ohs1
b. Next you will need to copy the artifacts that were generated in step 3 from section 184.108.40.206. Copy the ‘ObAccessClient.xml’ and ‘cwallet.sso’ located in the ‘output/UCM-INT’ directory under ‘rreg’ to the /config directory.
Webgate installation completed. Make sure that the OAM managed server is running and restart the OHS server.
Cannot login via OAM – A few things to verify:
In my next post, I will continue to integrate my OAM environment to include the Image Processing Management (IPM) tool, which requires UCM.