18 Configuring Multi-Data Centers
This section describes the following topics:
18.1 Before Setting Up a Multi-Data Center
Before you proceed with the Multi-Data Center (MDC) configuration process ensure the system level requirements are met.
-
Ensure you have a fully functioning Oracle Access Management environment with all applicable WebGates configured.
-
Partners (WebGates or agents) are anchored to a single data center thus, partner registration is done at the individual data centers.
-
Clocks on the machines in which Access Manager and agents are deployed must be in sync. Non-MDC Access Manager clusters require the clocks of WebGate agents be in sync with Access Manager servers. This requirement applies to the MDC as well. If the clocks are out of sync, token validations will not be consistent resulting in deviations from the expected behaviors regarding the token expiry interval, validity interval, timeouts and the like.
-
The identity stores in a Multi-Data Center topology must have the same name.
-
WebLogic Server domains do not span data centers.
-
Ensure that the OAM Managed servers in the Master and Clone data centers are front ended by the single (SSL-terminated) load balancer. The load balancer should send all requests in a user session consistently to the same back end server (persistence, stickiness) and it should be route traffic geographically (geo-affinity). Check if this load balancer is configured in the OAM Admin Console of the Master data center before restarting the servers.
-
Any firewall between data centers must allow communication over the Oracle Access Protocol (OAP) channel. This entails opening the necessary ports and taking into account the lifetime of the connection. In regards to the latter, the MaxSessionTime parameter in the WebGate profile should be set to less than the firewall timeout value.
-
OAM Admin server in the Master and Clone data center should be SSL-enabled.
-
All the managed servers in the Master and Clone data centers should be configured with the same security mode.
-
Use CERT mode, if you have access to a trusted third-party Certificate Authority (CA).
-
-
The ID Stores are configured for Master and Clone data centers and they have the same name.
18.2 Primary Multi-Data Center Use Cases
The primary MDC deployments include active-active and active-standby use cases.
Table 18-1 lists the primary MDC use cases.
Table 18-1 MDC Use Cases
MDC Deployment | MDC Policy | Validate Remote Session | Session Synchronized in data center Servicing User From Remote DC | Terminate Remote Session | User Challenged |
---|---|---|---|---|---|
Active-Active |
SessionMustBeAnchoredToDataCenterServicingUser=false SessionDataRetrievalOnDemand=true Reauthenticate=false SessionDataRetrievalOnDemandMax_retry_attempts=<number> SessionDataRetrievalOnDemandMax_conn_wait_time=<milliseconds> SessionContinuationOnSyncFailure= false MDCGitoCookieDomain=<sub domain> |
Yes |
Yes |
No |
When a valid session could not be located in a remote data center |
Active-Standby |
SessionMustBeAnchoredToDataCenterServicingUser=false SessionDataRetrievalOnDemand=true Reauthenticate=false SessionDataRetrievalOnDemandMax_retry_attempts=<number> SessionDataRetrievalOnDemandMax_conn_wait_time=<milliseconds> SessionContinuationOnSyncFailure= true MDCGitoCookieDomain=<sub domain> |
Could not validate as the remote data center is down |
No, since the remote data center is down |
Could not terminate as the remote data center is down |
No Provides seamless access by creating a local session from the details available in the valid cookie |
18.3 Setting Up a Master and a Clone in Multi-Data Center
The MDC feature is disabled by default. To set up an Access Manager MDC, start with an Access Manager cluster, set all MDC global configurations and designate the cluster as the Master data center.
Ensure that the Data Center 1 cluster, Data Center 2 cluster and its four nodes are configured and ready for Multi-Data Center configurations. See Before Setting Up a Multi-Data Center.
Note:
PimaryServerList
and OAMRestEndPointHostName
must point to the same Data Center, for consistent behavior.
- When an SSO agent for clone data center is created on master data center, the
OAMRestEndPointHostName
,OAMRestEndPointPort
, andOAMServerCommunicationMode
parameters must have the clone data center values. This ensures the session gets created on the Clone data center. - When an SSO agent for master data center is created on master data center, it will automatically have the master values, and therefore no changes are required.
Also see, About OAP over REST Communication for details.
Setting up Master Data Center
Configure a Master data center for MDC environment using MDC ADMIN REST APIs as follows:
-
Run the following command with appropriate values to configure the Master data center.
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/mdc/master' -d '{"mdcTopologyType":"value", "masterMDCAgentID":"value","cloneMDCAgentID":"value", "accessClientPassword":"value","artifactPassword":"value", "cloneServerURL":"value","cloneServerPolicyManagerURL":"value","masterServerPolicyManagerURL":"value", "agentKeyPassword":"value","certModeKeystorePassword":"value","masterServerURL":"value", "cloneAdminUserNamePassword":"value","trustStorePath":"value", "keyStorePath":"value", "artifactsZipLocation":"value"}'
-
mdcTopologyType: Choose one of the two topology types available for MDC configuration, ACTIVE_ACTIVE or DISASTER_RECOVERY.
-
masterMDCAgentID: Enter the MDC NAP Agent Name for the Master data center.
-
cloneMDCAgentID: Enter the MDC NAP Agent Name for the Clone data center.
-
accessClientPassword: Provide the password required to be used by the MDC NAP agents in Master and Clone data centers.
-
artifactPassword: Provide the password that is used to protect cloning artifacts.
-
cloneServerURL: Enter the URL of the Clone Admin server or the URL of the reverse proxy front ending the Clone Admin server.
- cloneServerPolicyManagerURL: Enter the URL of the Clone Policy Manager or the URL of the reverse proxy front ending the Clone Policy Manager.
- masterServerPolicyManagerURL: Enter the URL of the Master Policy Manager or the URL of the reverse proxy front ending the Master Policy Manager.
-
(Only for CERT mode) agentKeyPassword: Enter the agent key password used to register partners in the CERT mode.
-
(Only for CERT mode) certModeKeystorePassword: Enter the keystore password used to protect
clientTrustStore.jks
andclientKeyStore.jks
. -
(Optional) masterServerURL: Enter the URL of the Master Admin server or the URL of the reverse proxy front ending the Master Admin Server.
-
(Optional) cloneAdminUserNamePassword: Enter the user credentials of the Clone data center’s Administrator if the username and password of the Administrator for Master and Clone data centers are different.
-
(Optional)trustStorePath: Enter the following depending on mode:
-
For CERT mode : Provide the path to
clientTrustStore.jks
file if this file is available in folders other than$MW_HOME/user_projects/domains/OAMDomain/config/fmwconfig/oam-mdc-cert-artifacts/
-
-
(Optional)keyStorePath: Enter the following depending on mode:
-
For CERT mode : Provide the path to
clientKeyStore.jks
file if this file is available in folder other than$MW_HOME/user_projects/domains/OAMDomain/config/fmwconfig/oam-mdc-cert-artifacts/
-
-
(Optional) artifactsZipLocation: Provide the location where cloning artifacts has to be stored; specify only if cloning artifacts need to be stored in any location other than
/tmp
Here are the sample Curl commands for configuring a Master data center in CERT mode using Active-Active MDC topology:- Using CERT mode:
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/mdc/master' -d '{"mdcTopologyType":"ACTIVE_ACTIVE", "masterMDCAgentID":"MDCmasterNAPagent","cloneMDCAgentID":"MDCcloneNAPagent", "accessClientPassword":"password","artifactPassword":"password", "cloneServerURL":"https://oamadmin1-dc2.poc.com:7002","cloneServerPolicyManagerURL":"https://oamadmin1-dc2.poc.com:14151","masterServerPolicyManagerURL":"https://oamadmin1-dc1.poc.com:14151", "cloneAdminUserNamePassword":"weblogic:password","agentKeyPassword":"password", "certModeKeystorePassword":"password"}'
See MDC Master REST API in REST API for Multi Data Center in Oracle Access Manager.
-
Setting up Clone Data Center
Configure a Clone data center for MDC environment using MDC ADMIN REST APIs as follows:
-
Run the following command with appropriate values to configure the Clone data center.
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc2.poc.com:7002/oam/services/rest/mdc/clone' -d '{"masterServerURL":"value","artifactPassword":"value","masterAdminUserNamePassword":"value", "masterServerPolicyManagerURL":"Value","artifactsZipLocation":"value", "masterArtifactsZipLocation":"value"}'
-
masterServerURL: Enter the URL of the Master Admin server or the URL of the reverse proxy front ending the Master Admin Server.
- masterServerPolicyManagerURL: Enter the URL of the Master Policy Manager or the URL of the reverse proxy front ending the Master Policy Manager.
-
artifactPassword: Provide the same password that protects cloning artifacts and used while setting up the Master data center
-
(Optional) masterAdminUserNamePassword: Enter the user credentials of the Master data center’s Administrator if the username and password of the Administrator for Master and Clone data centers are different.
-
(Optional)artifactsZipLocation: Provide the location where backup artifacts should be stored in Clone data center (artifacts present in Clone data center are backed up before replacing it with Master artifacts); specify only when the backup artifacts need to be stored in any location other than
/tmp
. -
(Optional) masterArtifactsZipLocation: Provide the location where cloning artifacts are present in Master data center; specify only when artifactsZipLocation was used in input while configuring the Master data center.
Here is the sample Curl command for configuring a Clone data center:curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc2.poc.com:7002/oam/services/rest/mdc/clone' -d '{"masterServerURL":"https://oamadmin1-dc1.poc.com:7002/", "masterServerPolicyManagerURL":"https://oamadmin1-dc1.poc.com:14151", "artifactPassword":"password","masterAdminUserNamePassword":"password"}'
See MDC Master REST API in REST API for Multi Data Center in Oracle Access Manager.
-
-
Run the following command to reconfigure the Clone Data Center:
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST ' https://oamadmin1-dc2.poc.com:7002/oam/services/rest/mdc/clone/configuration'
Note:
This command does not require any input parameters. It updates the flag, DataCenterType to Clone. To make the clone write-protected, execute the WLST commandsetMultiDataCenterWrite(WriteEnabledFlag="false")
. It ignores any update to clone configuration.See MDC Reconfigure Clone REST API in REST API for Multi Data Center in Oracle Access Manager.
You have successfully setup, one master and one clone data center.
18.4 Adding an Additional Clone Data Center to the Existing Multi-Data Center Setup
You can add an additional clone data center to the existing MDC environment if the Master and Clone data centers are using 14.1.2.1.0 binaries.
-
Optionally, You can run the diagnostic REST APIs on the Master and the Clone Data Centers to view the MDC configuration settings:
curl -k -u weblogic:password 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/mdc/configuration' curl -k -u weblogic:password 'https://oamadmin1-dc2.poc.com:7002/oam/services/rest/mdc/configuration'
Verify the following from the output of the command:
-
When the diagnostic REST API is executed on the Master,
In
dcConfigMap
entry,MultiDataCenterEnabled
should be true,MultiDataCenterPartners
should contain the existing MDC Partners andagentMap
entry should contain the information about agents associated with the MDCPartners. -
When the diagnostic REST API is executed on the Clone,
In
dcConfigMap
entry,MultiDataCenterEnabled
should be false,MultiDataCenterPartners
list should be empty andagentMap
entry should be empty.
See MDC Diagnostic REST API in REST API for Multi Data Center in Oracle Access Manager.
-
-
Run the following command with appropriate values to add a new clone to the Master data center.
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/mdc/master/clone' -d '{"cloneMDCAgentID":"value", "accessClientPassword":"value","artifactPassword":"value","cloneServerURL":"value","agentKeyPassword":"value","certModeKeystorePassword":"value", "cloneAdminUserNamePassword":"value","trustStorePath":"value", "keyStorePath":"value", "artifactsZipLocation":"value"}'
-
cloneMDCAgentID: Enter the MDC NAP Agent Name for the new Clone data center.
-
accessClientPassword: Provide the password required to use the MDC NAP agents in the new Clone data centers.
-
artifactPassword: Provide the password that is used to protect cloning artifacts.
-
cloneServerURL: Enter the URL of the new Clone Admin server or the URL of the reverse proxy front ending the new Clone Admin server.
-
(Only for CERT mode) agentKeyPassword: Enter the agent key password used to register the new Clone partners in the CERT mode.
-
(Only for CERT mode) certModeKeystorePassword: Enter the keystore password used to protect
clientTrustStore.jks
andclientKeyStore.jks
. -
(Optional) cloneAdminUserNamePassword: Enter the user credentials of the new Clone data center’s Administrator if the username and password of the Administrator for Master and new Clone data centers are different.
-
(Optional) trustStorePath: Enter the following depending on CERT mode:
-
For CERT mode, Provide the path to
clientTrustStore.jks
file if this file is available in folder other than$MW_HOME/user_projects/domains/OAMDomain/config/fmwconfig/oam-mdc-cert-artifacts/
.
-
-
(Optional) keyStorePath: Enter the following depending on CERT mode:
-
For CERT mode, Provide the path to
clientKeyStore.jks
file if this file is available in folder other than$MW_HOME/user_projects/domains/OAMDomain/config/fmwconfig/oam-mdc-cert-artifacts/
.
-
-
(Optional) artifactsZipLocation: Provide the location where cloning artifacts has to be stored; specify only if cloning artifacts need to be stored in any location other than
/tmp
Here is the sample Curl commands for configuring Managed Servers in CERT modes:See MDC Clone REST API in REST API for Multi Data Center in Oracle Access Manager.- Using CERT mode:
curl -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/mdc/master/clone' -d '{"cloneMDCAgentID":"CloneNAPAgent2","accessClientPassword":"password","artifactPassword":"password","cloneServerURL":"https://oamadmin1-dc2.poc.com:7002","agentKeyPassword":"password","certModeKeystorePassword":"password"}'
-
-
Run the following command with appropriate values to configure the Clone data center.
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc2.poc.com:7002/oam/services/rest/mdc/clone' -d '{"masterServerURL":"value","artifactPassword":"value","masterAdminUserNamePassword":"value", "artifactsZipLocation":"value", "masterArtifactsZipLocation":"value"}'
-
masterServerURL: Enter the URL of the Master Admin server or the URL of the reverse proxy front ending the Master Admin Server.
-
artifactPassword: Provide the same password that protects cloning artifacts and used while setting up the Master data center
-
(Optional) masterAdminUserNamePassword: Enter the user credentials of the Master data center’s Administrator if the username and password of the Administrator for Master and Clone data centers are different.
-
(Optional) artifactsZipLocation: Provide the location where backup artifacts should be stored in Clone data center (artifacts present in Clone data center will be backed up before replacing it with Master artifacts); Specify only when the backup artifacts need to be stored in any location other than
/tmp
. -
(Optional)masterArtifactsZipLocation: Provide the location where cloning artifacts are present in Master data center; specify only when artifactsZipLocation was used in input while configuring the Master data center.
Here is the sample Curl command for configuring a Clone data center:curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc2.poc.com:7002/oam/services/rest/mdc/clone' -d '{"masterServerURL":"https://oamadmin1-dc1.poc.com:7002/","artifactPassword":"password","masterAdminUserNamePassword":"password"}'
-
-
Run the following command to reconfigure the Clone Data Center:
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST ' https://oamadmin1-dc2.poc.com:7002/oam/services/rest/mdc/clone/configuration'
Note:
This command does not require any input parameters. It updates the flag, DataCenterType to Clone. To make the clone write-protected, execute the WLST commandsetMultiDataCenterWrite(WriteEnabledFlag="false")
. It ignores any update to clone configuration. -
Restart Clone Admin and managed servers.
-
Run the following diagnostic REST API on the Master and the Clone Data Centers to verify MDC configurations:
curl -k -u weblogic:password 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/mdc/configuration' curl -k -u weblogic:password 'https://oamadmin1-dc2.poc.com:7002/oam/services/rest/mdc/configuration'
-
Export the partner and policy information from Data Center 1, Node 1 and then import it to Data Center 2, Node 1.
-
To export, change to the
$MW_HOME/oracle_common/common/bin
directory and run WLST to export from Data Center 1, Node 1../wlst.sh connect() exportAccessStore(toFile=”<name and location of the master metadata ZIP file>”, namePath=”/”) exit()
-
Copy the exported file (that is,
<name and location of the master metadata ZIP file>
) from Data Center 1, Node 1 to Data Center 2, Node 1. To import, change to the$MW_HOME/oracle_common/common/bin
directory and run WLST to import on Data Center 2, Node 1../wlst.sh connect() importAccessStore(fromFile=”<name and location of master metadata ZIP file>”, namePath=”/”) exit()
-
After exporting the partner and policy information from Master data center to Clone data center continue with enabling APS steps as specified in Enabling Automated Policy Synchronization.
18.5 Multi-Data Center Security Modes
The following sections have details about the security modes.
18.5.1 OPEN Security Mode
Use MDC Admin REST commands to setup the master data center in OPEN mode and provide the following mandatory and optional MDC parameters as shown in the example:
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/mdc/master' -d '{"mdcTopologyType":"value", "masterMDCAgentID":"value","cloneMDCAgentID":"value", "accessClientPassword":"value","artifactPassword":"value","cloneServerURL":"value","agentKeyPassword":"value","certModeKeystorePassword":"value","masterServerURL":"value", "cloneAdminUserNamePassword":"value", "artifactsZipLocation":"value"}'
-
mdcTopologyType: Choose one of the two topology types available for MDC configuration, ACTIVE_ACTIVE or DISASTER_RECOVERY.
-
masterMDCAgentID: Enter the MDC NAP Agent Name for the Master data center.
-
cloneMDCAgentID: Enter the MDC NAP Agent Name for the Clone data center.
-
accessClientPassword: Provide the password required to use the MDC NAP agents in Master and Clone data centers.
-
artifactPassword: Provide the password that is used to protect cloning artifacts.
-
cloneServerURL: Enter the URL of the Clone Admin server or the URL of the reverse proxy front ending the Clone Admin server.
-
(Optional) masterServerURL: Enter the URL of the Master Admin server or the URL of the reverse proxy front ending the Master Admin Server.
-
(Optional) cloneAdminUserNamePassword: Enter the user credentials of the Clone data center’s Administrator if the username and password of the Administrator for Master and Clone data centers are different.
-
(Optional) artifactsZipLocation: Provide the location where cloning artifacts has to be stored; specify only if cloning artifacts need to be stored in any location other than
/tmp
Here are the sample Curl commands for configuring a Master data center in OPEN mode using Active-Active and Disaster_Recovery MDC topologies:
- Using Active-Active MDC topology:
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/mdc/master' -d '{"mdcTopologyType":"ACTIVE_ACTIVE", "masterMDCAgentID":"MDCmasterNAPagent","cloneMDCAgentID":"MDCcloneNAPagent", "accessClientPassword":"password","artifactPassword":"password","cloneServerURL":"https://oamadmin1-dc2.poc.com:7002","cloneAdminUserNamePassword":"weblogic:password"}'
- Using Disaster Recovery MDC topology:
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/mdc/master' -d '{"mdcTopologyType":"DISASTER_RECOVERY", "masterMDCAgentID":"MDCmasterNAPagent","cloneMDCAgentID":"MDCcloneNAPagent", "accessClientPassword":"password","artifactPassword":"password","cloneServerURL":"https://oamadmin1-dc2.poc.com:7002","cloneAdminUserNamePassword":"weblogic:password"}'
18.5.2 CERT Security Mode
Create an MDC partner in each of the member data centers in CERT mode. Generate the clientTrustStore.jks
and clientKeyStore.jks
KeyStores for the partners to communicate in CERT mode.
-
Run the following
openssl
command from a Linux command prompt to generateaaa_key.pem
andaaa_req.pem
.openssl req -new -keyout aaa_key.pem -out aaa_req.pem -utf8 -sha256
Use the
certreq
command to generate the certificate. -
Create
aaa_cert.pem
using the following procedure.-
Open
aaa_req.pem
in a text editor and copy the contents.Exclude the trailing spaces from your selection.
-
Paste the copied text into Signcsr.
Include [-----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----].
-
Copy the output into a text editor and save it as
aaa_cert.pem
.
-
-
Create
aaa_chain
using the following procedure.-
Open
certreq
. -
Click on
chain.pem
and copy/paste the contents into a text editor and save it asaaa_chain.pem
.Excluding trailing and leading spaces from your selection.
-
-
Encrypt the private key (
aaa_key.pem
) using the following command.openssl rsa -in aaa_key.pem -passin pass: -out aaa_key.pem -passout pass:Welcome1 -des
The password used in this command must be defined as the access client password or agent key password while registering the MDC partner.
-
Copy
aaa_key.pem
,aaa_cert.pem
, andaaa_chain.pem
to a temporary location.For example,
/tmp/clientCertArtifacts/
-
Convert
aaa_cert.pem
andaaa_key.pem
intoDER
format using one of the following commands.-openssl x509 -in /tmp/clientCertArtifatcs/aaa_cert.pem -inform PEM -out /tmp/clientCertArtifatcs/aaa_cert.der -outform DER;
-openssl pkcs8 -topk8 -nocrypt -in /tmp/clientCertArtifatcs/aaa_key.pem -inform PEM -out /tmp/clientCertArtifatcs/aaa_key.der -outform DER;
-
Import the
aaa_key.der
andaaa_cert.der
intoclientKeyStore.jks
; and theaaa_chain.pem
intoclientTrustStore.jks
with the below steps-cd $MW_HOME/idm/oam/server/tools/importcert/; -unzip importcert.zip; -java -cp importcert.jar oracle.security.am.common.tools.importcerts.CertificateImport -keystore /tmp/clientCertArtifatcs/clientKeyStore.jks -privatekeyfile /tmp/clientCertArtifatcs/aaa_key.der -signedcertfile /tmp/clientCertArtifatcs/aaa_cert.der -storetype jks -genkeystore yes -keytool -importcert -file /tmp/clientCertArtifatcs/aaa_chain.pem -trustcacerts -keystore /tmp/clientCertArtifatcs/clientTrustStore.jks -storetype JKS
Enter the keystore passwords when prompted. The password needs to be set in the input parameter, certModeKeystorePassword while setting up Master data center.
aaa_key.der
and aaa_cert.der
formatted certificates into the .oamkeystore
using the same Oracle provided importcert.jar
used in the previous step.-java -cp importcert.jar
oracle.security.am.common.tools.importcerts.CertificateImport
-keystore /scratch/Oracle/Middleware/domains/
base_domain/config/fmwconfig/.oamkeystore -privatekeyfile
/tmp/clientCertArtifacts/aaa_key.der -signedcertfile
/tmp/clientCertArtifacts/aaa_cert.der -alias mycertmode1 -storetype JCEKS
alias is the alias name defined when setting CERT mode in Access Manager
Use MDC Admin REST commands to setup the master data center in CERT mode and provide the following mandatory and optional MDC parameters as shown in the example:
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/mdc/master' -d '{"mdcTopologyType":"value", "masterMDCAgentID":"value","cloneMDCAgentID":"value", "accessClientPassword":"value","artifactPassword":"value","cloneServerURL":"value","agentKeyPassword":"value","certModeKeystorePassword":"value","masterServerURL":"value", "cloneAdminUserNamePassword":"value","trustStorePath":"value", "keyStorePath":"value", "artifactsZipLocation":"value"}'
-
mdcTopologyType: Choose one of the two topology types available for MDC configuration, ACTIVE_ACTIVE or DISASTER_RECOVERY.
-
masterMDCAgentID: Enter the MDC NAP Agent Name for the Master data center.
-
cloneMDCAgentID: Enter the MDC NAP Agent Name for the Clone data center.
-
accessClientPassword: Provide the password required to use the MDC NAP agents in Master and Clone data centers.
-
artifactPassword: Provide the password that is used to protect cloning artifacts.
-
cloneServerURL: Enter the URL of the Clone Admin server or the URL of the reverse proxy front ending the Clone Admin server.
-
(Only for CERT mode) agentKeyPassword: Enter the agent key password used to register partners in the CERT mode.
-
(Optional) masterServerURL: Enter the URL of the Master Admin server or the URL of the reverse proxy front ending the Master Admin Server.
-
(Optional) cloneAdminUserNamePassword: Enter the user credentials of the Clone data center’s Administrator if the username and password of the Administrator for Master and Clone data centers are different.
-
(Optional) trustStorePath: Provide the path to
clientTrustStore.jks
file if this file is available in folders other than$MW_HOME/user_projects/domains/OAMDomain/config/fmwconfig/oam-mdc-cert-artifacts/
-
(Optional) keyStorePath: Provide the path to
clientKeyStore.jks
file if this file is available in folders other than$MW_HOME/user_projects/domains/OAMDomain/config/fmwconfig/oam-mdc-cert-artifacts/
-
(Optional) artifactsZipLocation: Provide the location where cloning artifacts has to be stored; specify only if cloning artifacts need to be stored in any location other than
/tmp
Here are the sample curl
commands for configuring a Master data center in CERT mode using Active-Active and Disaster_Recovery MDC topologies:
- Using Active-Active MDC topology:
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/mdc/master' -d '{"mdcTopologyType":"ACTIVE_ACTIVE", "masterMDCAgentID":"MDCmasterNAPagent","cloneMDCAgentID":"MDCcloneNAPagent", "accessClientPassword":"password","artifactPassword":"password","cloneServerURL":"https://oamadmin1-dc2.poc.com:7002","cloneAdminUserNamePassword":"weblogic:password","agentKeyPassword":"password", "certModeKeystorePassword":"password"}'
- Using Disaster Recovery MDC topology:
curl -k -u weblogic:password -H 'Content-Type: application/json' -X POST 'https://oamadmin1-dc1.poc.com:7002/oam/services/rest/mdc/master' -d '{"mdcTopologyType":"DISASTER_RECOVERY", "masterMDCAgentID":"MDCmasterNAPagent","cloneMDCAgentID":"MDCcloneNAPagent", "accessClientPassword":"password","artifactPassword":"password","cloneServerURL":"https://oamadmin1-dc2.poc.com:7002","cloneAdminUserNamePassword":"weblogic:password","agentKeyPassword":"password", "certModeKeystorePassword":"password"}'