OAM 11g: How to Configure Oracle Access Manager 11g to be Accessed via an OHS Proxy ? (Doc ID 1327863.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Access Manager - Version 11.1.1.3.0 to 11.1.1.5.0 [Release 11g]
Information in this document applies to any platform.

Goal

The Oracle Access Manager 11g ( OAM 11g ) authentication process uses a HTTP redirect to send an authentication request ( obrareq.cgi )  to the OAM 11g Weblogic managed Server process.

The OAM managed Server name and the OAM managed Server port are exposed to the client.

The Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management
documents how to configure an Oracle HTTP Server 11g ( OHS 11g ) as a proxy in front of the OAM Weblogic installation.

This note provides an example configuration for a default Oracle Access Server installation, where the OAM console,Weblogic console and the Fusion Middleware Control console
are protected by the IDMDomainAgent and should be accessed via the OHS 11g mod_wl_ohs proxy.

Administration Consoles should not be accessible from the public network.
The Enterprise Deployment Guide provides a configuration , where the administration consoles are accessed via mod_wl_ohs proxy but the Web Server name is only resolvable in the internal network.
NB: Installing of a Webgate is not necessary in this topology, the IDMDomainAgent provides the protection, installing a Webgate like OAM Webgate 11g will cause multiple issues.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms