5.1.6.3 Registering OAM TAP Partners

During installation, two integration agents are created for you in OAA:
  • OAM-OAA-TAP
  • OAM-OUA-TAP

In order for the installation to create these agents, you must first create TAP partners in OAM.

Registering OAA as a TAP Partner in OAM

The OAM-OAA-TAP OAM integration agent, along with an OAM Authentication Module (OAA-MFA-Auth-Module), Authentication Scheme (OAA-MFA-Scheme), and Policy (OAA_MFA-Policy) are created during installation. These components allow OAM administrators to protect applications with OAM and OAA multi-factor authentication. For example, a user accesses an application protected with the OAA_MFA-Policy, and after successful authentication in OAM, is then challenged with a second factor for multi-factor authentication via OAA.

To register OAM-OAA-TAP as a TAP partner:
  1. On the OAM server, launch a terminal window and enter the following command:
    cd $OAM_ORACLE_HOME/oracle_common/common/bin
./wlst.sh
    The output will look similar to the following:
    Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands
wls:/offline>
  2. Connect to the OAM Administration Server as follows:
    connect ('weblogic','<password>','t3://<OAM_AdminServer_Host>:<OAM_AdminServer_Port>')
    The output will look similar to the following:
    Successfully connected to Admin Server "AdminServer" that belongs to domain "oam_domain".
Warning: An insecure protocol was used to connect to the server. To ensure on-the-wire security, the SSL port or Admin port should be used instead.
wls:/oam_domain/serverConfig/>
  3. Run the following command to register the OAA TAP partner:
    registerThirdPartyTAPPartner(partnerName="OAM-OAA-TAP", keystoreLocation="<path_to_keystore>", password="<keystore_password>", tapTokenVersion="v2.0", tapScheme="TAPScheme", tapRedirectUrl="<redirect_url>")
    where :
    • <path_to_keystore> is the location and file name of the keystore to generate.
    • <keystore_password> is the password to create for the keystore generated.
    • <redirect_url> is the HTTP or HTTPS URL that you access OAM with at the front end. For example, if you access OAM via https://ohs.example.com, then set tapRedirectUrl to any URL that is reachable under https://ohs.example.com. The URL must be one that returns a 200 OK response when accessed.
    For example:
    registerThirdPartyTAPPartner(partnerName="OAM-OAA-TAP", keystoreLocation="/tmp/OAMOAAKeyStore.jks", password="password", tapTokenVersion="v2.0", tapScheme="TAPScheme", tapRedirectUrl="https://ohs.example.com/oam/pages/login.jsp")
    The output will look similar to the following:
    Registration Successful
wls:/oam_domain/serverConfig/>
    In the example above a keystore /tmp/OAMOAAKeyStore.jks will be generated. .
  4. Copy the OAMOAAKeyStore.jks to the <WORKDIR> on the <INSTALL_HOST>. See, Installation Host Requirements.

Registering OUA as a TAP Partner in OAM

Note:

If you are performing an installation without OUA, you can ignore this section.

The OAM-OUA-TAP agent, along with OAM OUA Policies also created during installation, is used by Oracle Universal Authenticator so users can login to their devices using OAM and a second factor from OAA.

To register OAM-OUA-TAP as a TAP partner:
  1. In the same WLST session as above, run the following command to register the OUA TAP partner:
    registerThirdPartyTAPPartner(partnerName="OAM-OUA-TAP", keystoreLocation="<path_to_keystore>", password="<keystore_password>", tapTokenVersion="v2.0", tapScheme="TAPScheme", tapRedirectUrl="<redirect_url>")
    where :
    • <path_to_keystore> is the location and file name of the keystore to generate.
    • <keystore_password> is the password to create for the keystore generated.
    • <redirect_url> is the HTTP or HTTPS URL that you access OAM with at the front end. For example, if you access OAM via https://ohs.example.com, then set tapRedirectUrl to any URL that is reachable under https://ohs.example.com. The URL must be one that returns a 200 OK response when accessed.
    For example:
    registerThirdPartyTAPPartner(partnerName="OAM-OUA-TAP", keystoreLocation="/tmp/OAMOUAKeyStore.jks", password="password", tapTokenVersion="v2.0", tapScheme="TAPScheme", tapRedirectUrl="https://ohs.example.com/oam/pages/login.jsp")
    The output will look similar to the following:
    Registration Successful
wls:/oam_domain/serverConfig/>
    In the example above a keystore /tmp/OAMOUAKeyStore.jks will be generated.
  2. Copy the OAMOUAKeyStore.jks to the <WORKDIR> on the <INSTALL_HOST>. See, Installation Host Requirements.
  3. Run the following command to exit wlst: 
    exit()