As a continuity to my earlier blog post on DCC(Detached credential collector) in OAM, I am now posting on the steps to configure the DCC in OAM 11gR2PS3 version. In this post, I configured the DCC and protected a sample HTML page with it.
Environment:
Environment:
- OAM 11.1.2.3BP07
- OHS 11.1.1.7
- OAM Webgate 11.1.2
- RHEL6
Steps:
- Deploy a sample html file inside OHS which will be protected using OAM
- I have a file deployed inside OHS directory at below location
- <OHS_CONFIG_HOME>/htdocs/dcc/dcc.html
- Register a webgate in OAM which will be used as DCC webgate. In my case I have used the existing Webgate_IDM_11g as DCC webgate.
- Make sure to check 'Allow Credential collector Operations' as shown below.
- Click on Apply to save the changes.
- Deploy newly create artifacts into OHS Webgate config folder and restart the OHS services
- Newly created artifacts are available in OAM domain output folder
- <OAMDomain_Home>/output/Webgate_IDM_11g/
- Copy these artifacts to OHS Webgate config folder
- <OHSConfig_Home>/webgate/OHS/
- Restart OHS instance to load these new artifacts
- Now lets create an authentication scheme for DCC
- Go to Application Security -> Authentication schemes
- Create a new authentication scheme with the following value
- Name : DCCAuthenticationScheme
- Description : DCCAuthenticationScheme
- Authentication Level : 2
- Challenege Method : Form
- Challenge Redirect URL : https://<DCC_OHS_HOST:OHS_PORT>/
- Authentication Modue : LDAP
- Challenge URL : /oamsso-bin/login.pl
- Context type: Leave as blank
- Now lets configure this authentication policy with this newly create DCCAuthenticationScheme
- Go to Application Domain that registered with newly created Webgate or application domain that is associated with DCC webgate(for ex: Testappdomain).
- Navigate to Application Domains -> Testappdomain -> AuthenticationPolicies -> Create
- Create a new authentication policy as follows
- Name: DCCAuthenticationPolicy
- Authentication scheme : DCCAuthenticationScheme
- Click on Apply to save the changes.
- Click on resource and create a new resource as follows.
- Resource Type: HTTP
- Host Identifier: IAMSuiteAgent
- Resource URL : /dcc/dcc.html
- Associate this new resource with this DCCAuthenticationPolicy and required authorization policy as shown below.
- Now lets update the login.pl file to point it to the right perl library path
- This can be found using the following command
- which perl
- Make a note of this path which needs to be updated in login.pl script
- Edit the login.pl using VM editor
- Update the location of perl in the login.pl as shown below
- Now comment the following line as shown below
- use URI::Escspe;
- Now you will see the Out of the box login page which is served from the /oamsso-bin/login.pl
- If you observe, Now OAM redirected user to the DCC login page according the authentication scheme configured.
- Enter user credentials and click on submit.
- That't it guys. You are authenticated successfully through DCC mechanism and landed on home page now.
Thank you for visiting