My Oracle Support Banner

OAM 11g: How to Configure Oracle Access Manager 11g to be Accessed via an OHS Proxy ? (Doc ID 1327863.1)

Last updated on SEPTEMBER 06, 2023

Applies to:

Oracle Access Manager - Version 11.1.1.3.0 to 11.1.1.5.0 [Release 11g]
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note

Goal

The Oracle Access Manager 11g ( OAM 11g ) authentication process uses a HTTP redirect to send an authentication request ( obrareq.cgi )  to the OAM 11g Weblogic managed Server process.

The OAM managed Server name and the OAM managed Server port are exposed to the client.

The Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management
documents how to configure an Oracle HTTP Server 11g ( OHS 11g ) as a proxy in front of the OAM Weblogic installation.

This note provides an example configuration for a default Oracle Access Server installation, where the OAM console,Weblogic console and the Fusion Middleware Control console
are protected by the IDMDomainAgent and should be accessed via the OHS 11g mod_wl_ohs proxy.

Administration Consoles should not be accessible from the public network.
The Enterprise Deployment Guide provides a configuration , where the administration consoles are accessed via mod_wl_ohs proxy but the Web Server name is only resolvable in the internal network.
NB: Installing of a Webgate is not necessary in this topology, the IDMDomainAgent provides the protection, installing a Webgate like OAM Webgate 11g will cause multiple issues.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.