Wednesday, November 30, 2016

DCC Configuration in OAM

As a continuity to my earlier blog post on DCC(Detached credential collector) in OAM, I am now posting on the steps to configure the DCC in OAM 11gR2PS3 version. In this post, I configured the DCC and protected a sample HTML page with it.

  • OAM
  • OHS
  • OAM Webgate 11.1.2
  • RHEL6

  • Deploy a sample html file inside OHS which will be protected using OAM
  • I have a file deployed inside OHS directory at below location
    • <OHS_CONFIG_HOME>/htdocs/dcc/dcc.html
  • Register a webgate in OAM which will be used as DCC webgate. In my case I have used the existing Webgate_IDM_11g as DCC webgate.
  • Make sure to check 'Allow Credential collector Operations' as shown below.
  • Click on Apply to save the changes.
  • Deploy newly create artifacts into OHS Webgate config folder and restart the OHS services
  • Newly created artifacts are available in OAM domain output folder
    • <OAMDomain_Home>/output/Webgate_IDM_11g/
  • Copy these artifacts to OHS Webgate config folder
    • <OHSConfig_Home>/webgate/OHS/
  • Restart OHS instance to load these new artifacts
  • Now lets create an authentication scheme for DCC
  • Go to Application Security -> Authentication schemes
  • Create a new authentication scheme with the following value
    • Name :                                  DCCAuthenticationScheme
    • Description :                        DCCAuthenticationScheme
    • Authentication Level :       2
    • Challenege Method :          Form
    • Challenge Redirect URL : https://<DCC_OHS_HOST:OHS_PORT>/
    • Authentication Modue :    LDAP
    • Challenge URL :                  /oamsso-bin/
    • Context type:                       Leave as blank
  • Now lets configure this authentication policy with this newly create DCCAuthenticationScheme
  • Go to Application Domain that registered with newly created Webgate or application domain that is associated with DCC webgate(for ex: Testappdomain).
  • Navigate to Application Domains -> Testappdomain -> AuthenticationPolicies -> Create
  • Create a new authentication policy as follows
    • Name:                                 DCCAuthenticationPolicy
    • Authentication scheme : DCCAuthenticationScheme
  • Click on Apply to save the changes.
  • Click on resource and create a new resource as follows.
    • Resource Type: HTTP
    • Host Identifier: IAMSuiteAgent
    • Resource URL : /dcc/dcc.html
  • Associate this new resource with this DCCAuthenticationPolicy and required authorization policy as shown below.

  • Now lets update the file to point it to the right perl library path
  • This can be found using the following command
    • which perl
                     output : /usr/bin/perl
  • Make a note of this path which needs to be updated in script
  • Edit the using VM editor
  • Update the location of perl in the as shown below
  • Now comment the following line as shown below
    • use URI::Escspe;
  •  All configurations are complete with the above step. Now lets access and verify the authentication using DCC webgate
  • Access followingURL
    • http://<DCC_OHS_HOST:OHS_PORT>/dcc/dcc.html
  • Now you will see the Out of the box login page which is served from the /oamsso-bin/
  • If you observe, Now OAM redirected user to the DCC login page according the authentication scheme configured.
  • Enter user credentials and click on submit.
  •  That't it guys. You are authenticated successfully through DCC mechanism and landed on home page now. 
Thank you for visiting