How to protect an application running on weblogic through OAM

Similar Messages

• How to protect an application running on IIS with OAM 11gR2

  Hello Gurus,
  I have a question regarding protecting an application running on IIS with OAM 11gR2. We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page. These is all solaris. I am protecting other applications like pplsoft moduels with this OHS instance and OAM server. There is another application that I need to protect which is itself running on IIS windows machine. I need guidance as to -
  1.) Do I need to install a windows version of webgate to protect this IIS based application?
  2.) Or I can still protect and proxy requests from this application to current OHS instance? How can I do this?
  3.) Or Do I need to proxy requests directly from IIS to OAM weblogic server?
  Please advise to the earliest as this is an urgent issue.
  Thanks !!

  From your description it is not clear how exactly architecture looks like
  We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page.
  is this OHS centralized login farm ? (Case 1)
  OR is this OHS server (with webgate) acting as virtual web server hosting multiple web sites so that request to any site passes through this OHS/webgate (Case 2)
  1.) Do I need to install a windows version of webgate to protect this IIS based application?
  If case 1 then you need to install 10g webgate on top of IIS server to protect this application
  If case 2 then you can just proxy request from OHS to IIS server. As every request passes through OHS user will be authenticated before request hits IIS
  Look at Product documentation for virtual web sites : http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/shared.htm#autoId12
  It has steps to protect virtual web sites.
  Also you need to make sure no one hits IIIS web sites directly.
  Hope this helps

• How to protect applications running in Weblogic using OAM

  Hi all,
  I have a doubt,
  I have 2 application running in weblogic.
  I need to protect those application using OAM and provide single sign on.
  How this can be done?
  In the OAM integration guide i saw OAM with BEA Weblogic SSPI
  Is SSPI like a connector r what is the use of this?
  Is there any other way to protect a application running in weblogic using OAM and provide SSO for those applications
  thanks in advance.

  You will need to also add the OAMIdentityAsserter and possibly an Authenticator to get group/role information in the weblogic instances (assuming it's not the same one where OAM is installed).
  Jack

• How to protect an application running on Apache Tomcat app server with OAM 11gR2

  Gurus,
  We have an Apache Tomcat based application named "ABCD" here at client site that we want OAM 11gR2 PS1 to integrate with for SSO purposes. I have successfully configured OHS to reverse proxy requests to Apache Tomcat server whenever somebody tries to access the application URL but still, I am getting the application login page once I have successfully authenticated on OAM SSO login page. The Tomcat based application is authenticating users against a "UserDatabase realm".
  I know in terms of weblogic application, there is an OAM identity asserter provider which then populates the User Principal for the java environment with the authenticated OAM user. But there is no such OAM identity provider for Tomcat.
  So my question is, is there an provider (or Tomcat equivalent) which will entrust authentication to a header, that could be used to populate the Java User Principal from the OAM_REMOTE_USER header? Is the weblogic equivalent of authentication providers present in tomcat as well? Are those called valves?
  Please advise to the earliest.
  Thanks !!

  Aakash,
  I did follow the 4 steps that you mentioned to me. Out of the 4 that you had mentioned, I already had the webgate in place on OHS server and I was already passing the remote_user http header in oam policy as action.
  As part of Step #2: Install mod_jk plugin on OHS server that you mentioned
  1.) I downloaded the tomcat connector - tomcat-connectors-1.2.37-src
  2.) I had to run ./configure,make, make install on my OHS server which runs on RHEL 6. It created the mod_jk.so file. I pasted it in the needed folder.
  3.) I then created the httpd.conf file and workers.properties file as said in the connector docs.
  4.) Restarted OHS.
  As part of Step #3: Configure tomcat's ajp connector that you mentioned and I went through all the links pasted below but didn't find actually what needs to be in place to configure tomcat's ajp connector. I do see in the server.xml of tomcat app server that the ajp 1.3 protocol is supported:
  http://tomcat.apache.org/tomcat-4.0-doc/config/ajp.html
  http://tomcat.apache.org/tomcat-3.3-doc/mod_jk-howto.html#s8
  http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
  http://www.mulesoft.com/understanding-tomcat-connectors
  <!-- A "Connector" represents an endpoint by which requests are received
           and responses are returned. Documentation at :
           Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
           Java AJP  Connector: /docs/config/ajp.html
           APR (HTTP/AJP) Connector: /docs/apr.html
           Define a non-SSL HTTP/1.1 Connector on port 8080
      -->
      <Connector port="8080" protocol="HTTP/1.1"
                 connectionTimeout="20000"
                 redirectPort="8443" />
  <!-- Define an AJP 1.3 Connector on port 8009 -->
      <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
  Do we need to disable the HTTP protocol in Tomcat and keep only AJP connector enabled? If yes, how to do that?
  I am trying to connect to the application from OHS server like so I am using the http protocal right? How should I use the ajp protocol to connect to tomcat application? 
  http://ohs-host:ohs-port/abcd
  Thanks !!!!!

• How to protect custom applications using oracle access manager?

  Can someone brief me on how to protect custom applications using oracle access manager?

  Is the Custom application a Web Application running on certified platform? If its Web Application then its no different you have to configure the access policies with http(s) as resource type.
  If its not a web application you can write Custom access Gate and then implement. You would configure the policies similar to Web application (you can define your ouwn resource type if you like) and in the custom web gate you will use Access server SDK API to validate the access rules.
  Thanks
  Ram

• How can you play applications run on flash player

  How you can play applications run on flash player

  This topic with suggestions as to alternatives and workarounds has been covered here many times already. Search this forum for "Flash" and you will find many threads on the issue.
  Regards.

• How do I show applications running in the background? And how do I close them down? In class, the instructor press something but she did not go into Settings. Does anyone know?

  How do I show applications running in the background? And how do I close them down? In class, the instructor press something but she did not go into Settings. Does anyone know?

  Double-click the home button that will bring up all the applications in the background.
  To close then you swipe the application upward and it will close.

• How can I debug a web application running on Weblogic 10.3

  Hello,
  I have inherited a NetUI Web Application developed using Weblogic Workshop and I can't manage to debug it. I have configure my server in Workshop and to debug it I right-click the project in Project Exporer and select Debug As -> Debug On Server, but this isn't working. The browser does open the application doesn't appear to be getting delpoyed.
  Can anyone help me out? I am using Weblogic 10.3 and Java 1.6.
  Thanks,
  Sean

  Hi Kal,
  The application is an enterprise application packaged as an EAR. if I right click on the project and click Debug As -> Debug on Server, the application appears in the Server Tab, but it does not start automatically. If I then manually start the server the application runs, but it does not stop at break points and I can not debug it.
  If I right-click on the web project that is packaged as part of the ear and select Debug As -> Debug On Server again the application is deployed, but I can't debug it. I don't get error messages, the application functions as normal but it does not stop at break points. When I attempt to debug the application via the Web Project, two browsers open automatically, both correctly displaying the application.
  Regards,
  Sean

• How to protect web application from piracy?

  I m looking for solution to protect Web application from piracy.
  I want my application run on web server for which it is built, &
  it musn't run on any other web server.
  how can i protect my web application from piracy?.
  Our .Net applications we protect using Hardware ID binding ,
  How can i protect J2EE applications?

  Run it on your own server is the simple and only secure solution.

• How to protect java application

  Hello all,
  Could you give me some clues on how to protect a java application?
  By license keys ? how to protect application by license keys? I am not sure about Signing JAR Files, is it what I need?
  Any better way than using license keys to protect a java application?
  Thanks.

  >
  Could you give me some clues on how to protect a java application?
  >
  You might want to look into obfuscators. They won't stop decompiling but they can make it hard to understand the decompiled code.
  Proguard has a good reputation
  http://proguard.sourceforge.net/
  >
  ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names. Finally, it preverifies the processed code for Java 6 or for Java Micro Edition.

• How to avoid of application running on Oracle 10g to be copied?

  I am a newbie to the security issues, so I need your help, please, where to start / what to read:
  I have an application running across many customers on Oracle 10g. I have faced lately that our users
  can use their daily backups to establish a totaly new database on a same / different server
  and point our application to use it as well.
  Is there any way to avoid it? F.e. I thought to use SELECT * FROM v$instance; to get the server instance details, and
  in result with some other function to obtain, let say, local server's (WIN2003) details,
  such as HD Serial Number, MAC number or so and then to check these values each time user runs the application.
  Is it the correct way? What are the basics here at all?
  Many thanks in advance to all!

  A lot of enterprises, however, actively avoid systems which are locked down to a particular server for very legitimate reasons. If my data center dies in the middle of the night, I sure don't want to have to call your mobile phone so that you can get to a computer, log in to the office network, and get me a new key so that I can finish my emergency failover. If I've got dozens of applications, I absolutely don't want to do that with dozens of different vendors.
  It sounds like your problem, though, isn't that users are installing your software on multiple computers it's that they are accessing functionality they haven't licensed. That is generally a much easier problem to solve and doesn't require you to lock anything down to a particular machine. You can create a table LICENSED_CONTENT, for example,
  CREATE TABLE licensed_content (
    client_id    NUMBER,
    content_type VARCHAR2(30),
    key          RAW(128)
  )In this case, KEY is, say, a hash (using the DBMS_CRYPTO or DBMS_OBFUSCATION_TOOLKIT packages if you'd like) of the client_id, content_type, and a bit of salt (i.e. a fixed string that only you know). When you sell a license to manage diamond content, you provide a script that inserts the appropriate row in the LICENSED_CONTENT table. When your application starts up, it reads the LICENSED_CONTENT table and verifies the hash before allowing users to access that type of content. This allows legitimate customers to move the software from one system to another but prevents them from accessing new functionality without a new license.
  Justin

• How to Protect two Apps running on two different Hosts using same OAM serve

  Hi All,
  I am new to OAM. I am trying to configure SSO for an Application using OAM 11g server which is already protecting another Application(Oracle EBS) on a different host.
  Oracle EBS application uses the Oracle EBS Access Gate to collect the credentials.
  Now what should I do to protect the second application say APP2. Should I require to install a new OHS instance and new Webgate for this purpose ? or can i use the one already used by EBS application ?
  Please reply me soon
  Thanks,
  Prabhu

  You may use the same OHS instance by creating additional reverse proxy filter for your application 2.
  Or create another instance of OHS and configure webgate, OAM policies for your application 2.
  All the applications configured with OAM will be configured for single sign on and no special configuration needs to be done.
  Here are my comments to your questions:
  1) Can you tell me why we should have different OHS and Webgate to protect the 2nd application ?
  - As per best practices, you should have different OHS instances (+webgate) for different applications. But you may also configure the same OHS for multiple applications.
  2) If we have different OHS and Webgate, then the same OAM session will be shared between the applications ? Basically the user will navigate from the first application to the second application by clicking a link on the first application's page. Will the OAM_REMOTE_USER header be passed on to the second application in this case?
  - Yes, if you have different OHS and Webgate, then the same OAM session will be shared between the applications.
  To pass the header variables to any application, add the variables in the application's OAM authorization policy responses.
  3) By default OAM 11.1.1.3 sets the userid to the OAM_REMOTE_USER? or we should manually set a response header ?
  - To be on a safer side, set this header on the authz policy's response tab and put the vallue as $user.userid

• How to protect SAP Application Tables and Reports in R/3

  Hi Gurus,
               Any one please explain me detail how to protect tables in R/3 with different senarios.
                How to protect reports in SAP R/3 without assigning SA38 transaction access
                How to protect Program in SAP R/3 in R/3

  Hello Happyman,
  <b>What do you mean by Protect Table, Program and Report?</b>
  Let me ask you one base Question, On which area are you working? Are you from functional side or Technical side (Developement or Basis guy)?
  This is very clear cut answer that with the restricted autorization you can protect table and programs. Do not provide the change autorization.
  CATCH your BASIS guy and he will do rest of the things. Just explain him what are you want to protect.
  Hope this helps.
  Regards
  Arif Mansuri

• How to set Different applications running on the same computer to use different Gateways?

  Dear All,
  I would like to have different applications running on the same computer to use different Gateways (both gateways are in the same subnet).
  Is it possible in Windows7 with / without a third-party utility?
  Current scenario & requirements:
  I have two internet connections. Both are in the same subnet (192.168.1.0/24) and connected to the same LAN switch
  Gateway for the first connection is 192.168.1.1
  Gateway for the second connection is 192.168.1.2
  I need to set my chrome browser & google talk to use the gateway 192.168.1.1
  I need to set my IE & skype to use the gateway 192.168.1.2
  Is it possible? Answers are appreciated!!
  Regards,
  Anees

  Hi,
  I agree with Bill. Gateway is essentially an IP address for one network to other networks. For example, you have two networks: network A and network B, to make the two networks communicate with each other, you must go through Gateway. That is, as long
  as you set Gateway, then you can make the two networks communicate with each other. The ip address for Gateway is the ip of device with routing enabled. One host machine can own multiple gateways. 
  Andy Altmann
  TechNet Community Support

• With new phone download, how do you close applications running in the background? Used to push hold and delete.

  With new ph download how do you close apps running. In the background

  Obviously you didn't search the forum prior to your post as there have been a lot of posters with the same question. Double tap on the home button as usual. Scroll left or right to select the app that you want to close and swipe upward to close it. The iPhone ios7 user guide is available online from Apple support and from the ibook store on your phone.