Can we Register Multiple Virtual Servers In OTD 12c With Different webgate (Doc ID 2154009.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 12.2.1.1.0 and later
Information in this document applies to any platform.

Goal

OAM Webgate - 12.2.1.0.0
OTD 12c         - 12.2.1.0.0

Is it possible to register multiple Virtual Servers in OTD with different OAM agents so they can have separate authentication and authorization polices?

For example, I have two Virtual Servers, dev-portal21.example.com  and dev-cos21.example.com

On my OTD servers, I've run the following

cd ${ORACLE_HOME}/webgate/otd/tools/deployWebGate
./deployWebGateInstance.sh -w ${DOMAIN_HOME}/config/fmwconfig/components/OTD/instances/otd_default_OTDMachine1/dev-portal21/ -oh ${ORACLE_HOME} -ws otd
./deployWebGateInstance.sh -w ${DOMAIN_HOME}/config/fmwconfig/components/OTD/instances/otd_default_OTDMachine1/dev-cos21/ -oh ${ORACLE_HOME} -ws otd

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${ORACLE_HOME}/lib
cd ${ORACLE_HOME}/webgate/otd/tools/setup/InstallTools
./EditObjConf -f ${DOMAIN_HOME}/config/fmwconfig/components/OTD/instances/otd_default_OTDMachine1/config/dev-portal21.example.com-obj.conf -w ${DOMAIN_HOME}/config/fmwconfig/components/OTD/instances/otd_default_OTDMachine1/dev-portal21/ -oh ${ORACLE_HOME} -ws otd
./EditObjConf -f ${DOMAIN_HOME}/config/fmwconfig/components/OTD/instances/otd_default_OTDMachine1/config/dev-cos21.example.com-obj.conf -w ${DOMAIN_HOME}/config/fmwconfig/components/OTD/instances/otd_default_OTDMachine1/dev-cos21/ -oh ${ORACLE_HOME} -ws otd

Along with the Virtual Server conf files being updated, two entries then get added to magnus.conf (see attached)

I've then registered dev-portal21 and dev-cos21 as Webgate agents in OAM and copied cwallet.sso and ObAccessClient.xml to ${DOMAIN_HOME}/config/fmwconfig/components/OTD/instances/otd_default_OTDMachine1/dev-portal21/webgate/config and ${DOMAIN_HOME}/config/fmwconfig/components/OTD/instances/otd_default_OTDMachine1/dev-cos21/webgate/config, and restarted the OTD instances

However, the authentication and authorization polices for both Virtual Servers are then only linked to the 2nd site registered, i.e. the last site in the magnus.conf (dev-cos21)

if we  changed the order of dev-portal21 and dev-cos21 in magnus.conf then we  get the reverse behavior.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms