Tuesday, December 8, 2015

Changing Security mode from Open to Simple for an Agent in OAM

In this post we shall see how to change security mode for an agent from OPEN to SIMPLE.
1) Login to /oamconsole with admin user:
Navigate to System Configuration-->Access Manager-->SSO Agents-->OAM Agents
Select Agent name for which you want to change security mode from Open to Simple and change as below:
 

It will generate new artifacts at below mentioned locations:
$DOMAIN_HOME/output/$AGENT_NAME
$ ls -lrth
-rw------- 1 devoam dba 3.1K Dec 8 12:17 cwallet.sso 
-rw-r----- 1 devoam dba 2.8K Dec 8 12:17 ObAccessClient.xml
-rw-r----- 1 devoam dba 272 Dec 8 12:17 password.xml
-rw-r----- 1 devoam dba 806 Dec 8 12:17 aaa_cert.pem
-rw-r----- 1 devoam dba 958 Dec 8 12:17 aaa_key.pem

2) Copy ObAccessClient.xml, password.xml and cwallet.sso to below mentioned location
$OHS_HOME/instances/$INSTANCE_NAME/config/OHS/ohs1/webgate/config
Copy aaa_cert.pem and aaa_key.pem to below mentioned location:
$OHS_HOME/instances/$INSTANCE_NAME/config/OHS/ohs1/webgate/config/simple

3) Restart OHS
$OHS_HOME/instances/$INSTANCE_NAME/bin
$./opmnctl stopall
$./opmnctl startall

4) Test URL ( Protected by that agent)
Note : In case aaa_key.pem and aaa_cert.pem are not copied properly , then below error will be observed while accessing any resource.
ERROR:
[2015-12-08T12:44:57.2391+03:00] [OHS] [ERROR:32] [OHS-9999] [core.c] [client_id: 127.0.0.1] [host_id: localhost] [host_addr: HOSTNAME] [tid: 29] [user: devoam] [ecid: 0004pZYc0vjCwkG6yzfd6G0003UW000006] [rid: 0] [VirtualHost: main] OBWebGate_AuthnAndAuthz: Oracle AccessGate API is not initialized.
[2015-12-08T12:44:57.2401+03:00] [OHS] [ERROR:32] [OHS-9999] [core.c] [client_id: 127.0.0.1] [host_id:localhost] [host_addr: HOSTNAME] [tid: 29] [user: devoam] [ecid: 0004pZYc0vjCwkG6yzfd6G0003UW000006] [rid: 0] [VirtualHost: main] Request Failed for : /index.html, Resp Code : [500]
Doc id: Setting the OAM Agent’s Communication Mode with the OAM Server Set to Simple, returns HTTP-500 Error (Doc ID 1378237.1)


No comments:

Post a Comment

Other Posts