11.5 Configuring OHS to Use the Oracle WebGate
Follow the relevant section depending on whether your are using on-premises Oracle HTTP Server (OHS), or OHS deployed in Kubernetes.
On-premises OHS Installation
In all the examples below, change to the directory path for your installation.
- Run the following command on the server with OHS and Oracle WebGate
installed:
cd <OHS_ORACLE_HOME>/webgate/ohs/tools/deployWebGate
The output will look similar to the following:./deployWebGateInstance.sh -w <OHS_DOMAIN_HOME>/config/fmwconfig/components/OHS/ohs1 -oh <OHS_ORACLE_HOME> -ws ohsCopying files from WebGate Oracle Home to WebGate Instancedir - Run the following command to update the OHS configuration files
appropriately:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:<OHS_ORACLE_HOME>/libcd <OHS_ORACLE_HOME>/webgate/ohs/tools/setup/InstallTools/
The output will look similar to the following:./EditHttpConf -w <OHS_DOMAIN_HOME>/config/fmwconfig/components/OHS/ohs1 -oh <OHS_ORACLE_HOME>The web server configuration file was successfully updated <OHS_DOMAIN_HOME>/config/fmwconfig/components/OHS/ohs1/httpd.conf has been backed up as <OHS_DOMAIN_HOME>/config/fmwconfig/components/OHS/ohs1/httpd.conf.ORIG - Copy the agent zip file downloaded earlier and copy to the OHS server directory ,
for example:
<OHS_DOMAIN_HOME>/config/fmwconfig/components/OHS/ohs1/webgate/config. Extract the zip file. - Obtain the Certificate Authority (CA) certificate (
cacert.pem) that signed the certificate for your OAM entry point. Copy to the to the same directory, for example:<OHS_DOMAIN_HOME>/config/fmwconfig/components/OHS/ohs1/webgate/config.Note:
Administrators should be aware of the following:- The CA certificate is the certificate that signed the certificate for your OAM entry point. For example if you access OAM directly via a load balancer, then this is the CA of the load balancer certificate.
- The file must be renamed to
cacert.pem.
- Restart OHS.
- Access the protected resource, for example
https://ohs.example.com/myapp, and check you are redirected to the SSO login page. Login and make sure you are redirected successfully to the application.
OHS Deployed on Kubernetes
If deploying OHS on Kubernetes you must copy the agent zip file downloaded earlier to
the $WORKDIR/ohsConfig/webgate/config directory on your Kubernetes
administrative node, and extract it.
For detailed instructions, see Preparing Your OHS Configuration Files
Changing WebGate Agent to use OAP
Note:
This section should only be followed if you need to change the OAM/WebGate Agent communication from HTTPS to OAP.To change the WebGate agent to use OAP:
- In the OAM Console click Application Security and then Agents.
- Search for the agent you want modify and select it.
- In the User Defined Parameters change:
OAMServerCommunicationModefromHTTPStoOAP. For example,OAMServerCommunicationMode=OAPOAMRestEndPointHostName=<hostname>to the hostname the ingress controller is deployed. For exampleOAMRestEndPointHostName=oam.example.com.
- In the Server Lists section click Add to add a new server with the
following values:
Access Server:OtherHost Name: to the hostname the ingress controller is deployed. For exampleoam.example.comHost Port:<oamoap-service NodePort>
Note:
To find the value forHost Portrun the following:
The output will look similar to the following:kubectl describe svc accessdomain-oamoap-service -n oamns
In the example above theName: accessdomain-oamoap-service Namespace: oamns Labels: <none> Annotations: <none> Selector: weblogic.clusterName=oam_cluster Type: NodePort IP Families: <none> IP: 10.100.202.44 IPs: 10.100.202.44 Port: <unset> 5575/TCP TargetPort: 5575/TCP NodePort: <unset> 30540/TCP Endpoints: 10.244.5.21:5575,10.244.6.76:5575 Session Affinity: None External Traffic Policy: Cluster Events: <none>NodePortis30540. - Delete all servers in Server Lists except for the one just created, and click Apply.
- Click Download to download the webgate zip file. Copy the zip file to the desired WebGate.
- Delete the cache from
<OHS_DOMAIN_HOME>/servers/ohs1/cacheand restart Oracle HTTP Server.