My Oracle Support Banner

OAM 12c Oauth Labs (for internal 12c training) (Doc ID 2291633.1)

Last updated on JUNE 30, 2019

Applies to:

Oracle Access Manager - Version 12.2.1.2.0 and later
Information in this document applies to any platform.

Goal

This lab goes with the OAM 12c support training and is the 12c OAuth training.

Part of the OAuth training is to setup and verify OAuth in an MDC environment. As such these labs will build upon the MDC setup completed earlier in the 12c training. See KM note 2277231.1 for more details on setting up MDC with 12c. However, this OAuth lab can be completed without needing or using MDC if you wish to do everything on the master node. The labs will test both 2-legged and 3-legged OAuth flows. There is specific OAuth/MDC verification steps at the bottom of this note if you wish to do the MDC testing as well.

In the steps that follow reference the below info regarding the configuration for the lab exercises.

iwant12c-master.example.com (master data center node 1) accessible at http://iwant12c-master.example.com:7001/oamconsole (credentials=weblogic/Welcome1) containing the following:

iwant12c-clone.example.com (clone data center node 1) accessible at http://iwant12c-clone.example.com:7001/oamconsole (credentials=weblogic/Welcome1)containing the following:

Both iwant12c-master.example.com and iwant12c-clone.example.com have their own database configured and OAM uses a pluggable database within the orcl instance. To start the pluggable database use the following steps:

A HA proxy load balancer is installed on iwant12c-master.example.com in /home/oracle/haproxy and includes a configuration script to route:

For all of the use-cases below the same protected resource http://iwant12c-master.example.com:7777/cgi-bin/headers.pl will be used. There are several accounts configured in OUD available for login:

A single OUD 11.1.2.3.0 server is used by both the master and the clone and is installed on iwant12-master.example.com

OHS is installed in the /u01/oracle/Middleware/OHS directory.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Configure the OAuth Components
 Create the Identity Domain
 Create the Resource Servers
 Create the Application Clients
 Validate that the OAuth Resource Servers and Clients Have Been Created Successfully
 OAuth 2-Legged Flow Testing
 Request an OAuth Access Token Using Client Credentials
 Validate the Access Token Generated
 Request an OAuth Access Token Using Resource Owner Credentials
 Validate the New Access Token
 OAuth 3-legged Flow Testing
 Configure the OHS mod_wl_ohs.conf for OAuth Resources
 Modify the OAM Application Domain Resource for OAuth
 Request an Authorization Code
 Grant Consent to the Requested Scope
 Generate the Access Token
 Validate the Access Token Generated
 Generate a New Access Token From the Refresh Token
 OAuth With MDC
 Verify OAuth Components Have Been Replicated to the Clone Data Center
 Test OAuth 2-Legged Flow Across Data Centers
 SSO Session Linking for OAuth
 Reconfigure the OAM Authentication Scheme
 Generate the New oauth_token Header
 Decode the oauth_token Assertion to View its Contents
 Generate an Access Token From the OAuth Assertion
 Validate the Access Token Generated
 Confirm SSO Session Linking is Working

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.