Tải bản đầy đủ (.ppt) (76 trang)
  1. Trang chủ
    2. >>
  2. Ngoại Ngữ
    3. >>
  3. Tổng hợp

System Configuration - Servers, DataSources and Agents

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (493.18 KB, 76 trang )

4

System Configuration: Servers, Data Sources,
and Agents

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Objectives
After completing this lesson, you should be able to:


Manage servers by using the OAM administration
(admin) console and the Oracle WebLogic Server (WLS)
admin console



Manage data sources

– User Identity Store


Register and manage agents by using the OAM admin
console



Register agents remotely




Secure communication between a WebGate and the OAM
server

4-2

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Practice 4 Overview:
Installing and Configuring OHS 11g
This practice covers the following topics:


4-3

Practice 4-1: Install and configure OHS 11g instances

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Road Map







4-4


Managing OAM servers
Installing and configuring agents
Registering agents: The OAM admin console,
in-band, out-of-band
Understanding WLS agents
Managing data sources
Securing communication between agents and the OAM
server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Servers
Oracle Access Manager servers are of two types:


OAM administration server



OAM managed server

– Contains embedded the OAM and OSSO proxy server to
support backward compatibility

OAM servers are initially created by using:


The WLS Configuration Wizard


OAM servers are managed by using:





4-5

The OAM admin console (primary management interface)
The WLST command-line interface
The WLS admin console: status, start/stop
The EM FMW Control: view logs, start/stop,
monitoring, operational metrics

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Creating and Deleting a New Managed Server

4-7

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Managing Servers


The OAM admin server is also know as WLS admin server
AdminServer (admin).


– The OAM admin console and EM FMW Control run within
the admin server.


The OAM run-time server runs within the OAM managed
server oam_server1 (default name).



By using the WLS Configuration Wizard or WLS admin
console or WLST CLI you can:

– Create new managed servers (for clustering – high
availability)
– Change the default name and port for managed servers


By using the OAM admin console or WLST CLI you can:

– Create the definition for new managed servers
– Set the individual and common server properties

4-8

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Individual Server Properties



OAM admin console > System Configuration tab > Server
Instances > server_name



Server Properties:

– Site Name: This is a name for the server instance, defined
during initial configuration by using the Configuration Wizard.
– Host: This is the full DNS name (or IP address) of the
computer that is hosting the server instance.
– Port: This is the port on which this server communicates.
– OAM Proxy:


WebLogic Port: WLS listening port



Port: OAM proxy instance port



Proxy Server ID: Identifier of the computer on which the OAM
proxy resides



Mode: Transport security setting for the OAM proxy


– Coherence

4-9

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


OAM Proxy


Motivation for OAM proxy:
– OAM proxy is installed with each managed server for the OAM
server and is used for communication between WebGates and the
OAM 11g server.
– It is used as a legacy access server to provide backward
compatibility for OAM 10g agents that are registered with the OAM
11g server.
– It coexists with 10g WebGates/ASDK.
– It supports OAM 11g WebGates.



Functionality:
– It shields the 11g server from client-specific behavior and protocol.
– It supports the OAP (formerly known as NAP) back channel for
WebGates to the 11g server. The default port is 5575.
– It supports HTTP front channel request handling required for
WebGates.


4 - 11

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Managing Servers from WLS Admin Console and
Command Line


WLS Admin Console > <Domain_Name> > Environment > Servers



Common Operations:

– Start/Stop screenshots
– Show Deployments tab
– Show both admin and managed server for OAM


Command line option to start:

– Admin server: startWeblogic.cmd
– Managed server: startManagedWebLogic.cmd
server_name http://admin_server_host:admin_server_port

4 - 12

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.



Road Map







4 - 13

Managing OAM servers
Installing and configuring agents
Registering agents: OAM admin console,
in-band, out-of-band
Understanding WLS agents
Managing data sources
Securing communication between agents and the OAM
server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Agents
Oracle Access Manager policy enforcement agents:


Filter HTTP requests




Are installed on the Web server



Are of two types:

– OAM agent: WebGate (10g or 11g) or AccessGate
– OSSO agent: mod_osso

4 - 14

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


WebGate Provisioning and Installation


Working with WebGate is a two step process:

1. WebGate installation
2. WebGate provisioning


Provisioning is the process of creating a WebGate
profile in the OAM 11g server



OAM 11g: Two ways of provisioning:






In OAM 10g, this was achieved by using:



4 - 17

Using the OAM 11g console
Using the remote registration tool
Access System console > Add AccessGate

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Installing and Configuring WebGate 11g


A WebGate's deployment structure should be aligned
to the OHS 11g directory structure.
– WebGate Oracle home:





All the WebGate binaries and common configuration files

reside here.
It is aligned with OHS 11g ORACLE_HOME.
Single installation in a Middleware home

– WebGate Instance home:







4 - 18

All WebGate configuration files are deployed here.
It is aligned with OHS 11g’s ORACLE_INSTANCE.
Each OHS instance has one WebGate instance.

You have the ability to create and configure
multiple WebGate instances.
A WebGate's module configuration resides in a
separate CONF file (webgate.conf) which gets
included in the httpd.conf file of the OHS instance.

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Installing and Configuring WebGate 11g



Installing through OUI installer

– Provide Middleware home


Post-install configuration

– Deploying WebGate instance
deployWebGateInstance -w
<WebGate_instancedir> -oh Home>
– Updating Web server configuration
EditHttpConf -w <WebGate_instancedir> [-oh
<WebGate Oracle Home>] [-o <output_file>]

4 - 19

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Installing and Configuring WebGate 11g
– Registering a WebGate with the OAM 11g server


Run RREG (artifacts generated in
<RREG_HOME>/output/<Agent ID>)



Copy RREG-generated artifacts to the WebGate instance







ObAccessClient.xml
cwallet.sso
password.xml (simple & cert)
aaa_key.pem (simple)
aaa_cert.pem (simple)

– Restart the Web server

4 - 20

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Practice 4 Overview: Installing, Creating, and
Configuring an OAM 11g WebGate
This practice covers the following topics:


Practice 4-2: Install an OAM 11g WebGate



Practice 4-3: Create an OAM 11g WebGate instance




Practice 4-4: Configure an OAM 11g WebGate

4 - 21

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Road Map







4 - 22

Managing OAM servers
Installing and configuring agents
Registering agents: OAM admin console,
in-band, out-of-band
Understanding WLS agents
Managing data sources
Securing communication between agents and the OAM
server

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.



Registering Agents


Registration is the process of provisioning an agent
in the OAM 11g server, which includes the following:

– An agent profile is created on the server.
– Output artifacts are created on the client or server consumed
by agent run time.
– Default policies are created to protect the agent applications
(AuthN or AuthZ).


Agents are registered by using:

– The OAM admin console (System Configuration > Agents >
OAM agents/OSSO agents)
– The remote registration utility (oamreg)


4 - 23

Agent registration results in automatic creation of a
new application domain named after the agent.

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Registering Agents



Agents registration results in:





A new host identifier created with it’s name as the agent name
Default Authentication and Authorization policies
A key is generated for partners (applications) during registration
A key is generated for the SSO Engine that is used for encrypting
and decrypting SSO Cookies (ObSSOCookie for WebGates and
mod_osso cookie)
– a new directory <MW_HOME>/user_projects/domains/<domain_name>/output/ent_name> - containing :



ObAccessClient.xml (for WebGate or AccessGate)
osso.conf file (for mod_osso)

ObAccessClient.xml (OAM 10g) ObAccessClient.xml (OAM 11g)

4 - 25

Generated by configureWebGate tool

Generated by remote registration tool


Available on Webgate host

Available on OAM server host

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Creating or Registering OAM Agents by Using
OAM Admin Console

4 - 26

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Viewing and Editing OAM Agent Registration by
Using OAM Admin Console

4 - 28

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Creating or Registering OSSO Agents by Using
OAM Admin Console

4 - 32

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.



Viewing and Editing OSSO Agent Registration by
Using OAM Admin Console

4 - 33

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Configuring OAM 10g WebGate in an Existing
OAM 10g Deployment to Use OAM 11g Server


Prerequisites:

– Apply the latest patch to OAM 10g WebGates
– Make sure the OAM 11g server (admin and managed) are up
and running


Register OAM 10g WebGate by using either of the
following:

– The OAM 11g admin console
– The remote registration method


Manually update the WebGate configuration file




Restart the Web server

4 - 35

Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×