F5 访问策略服务器与Oracle AM 结合实施指南

恋恋蓝
1 ℃
2019-10-17

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

DeployingtheBIG-IPAccessPolicyManagerwithOracleAccessManagerDEPLOYMENTGUIDEVersion1.0TableofContentsiTableofContentsConfiguringtheBIG-IPAPMforWebGateReverseProxyandOracleAccessManagerPrerequisitesandconfigurationnotes..............................................................................3-1Productversionsandrevisionhistory..............................................................................3-2Configurationexample.........................................................................................................3-2ConfiguringtheBIG-IPAPM........................................................................................................3-4CreatinganAuthenticationSource...................................................................................3-4CreatingtheSSOconfiguration..........................................................................................3-5CreatinganAccessProfile...................................................................................................3-6EditingtheAccessProfilewiththeVisualPolicyEditor...............................................3-7Creatingthehealthmonitor...............................................................................................3-8Creatingthepool...................................................................................................................3-9CreatingtheSSLprofile....................................................................................................3-10Creatingpersistenceprofiles...........................................................................................3-11Creatingthevirtualserver...............................................................................................3-12ModifyingtheOracleconfiguration.........................................................................................3-14ModifyingtheOracleAuthenticationRule...................................................................3-14AppendixA:UsinganiRuletoenableordisabletheAccessprofile............................................3-16AppendixB:Obtainingtheengineeringhotfix.................................................................................................3-18AppendixC:SpecialconsiderationswhenrunningSimpleTransportSecurityMode....3-191ConfiguringtheBIG-IPAPMforWebGateReverseProxyandOracleAccessManagerWelcometotheF5deploymentguidefortheBIG-IPAccessPolicyManager(APM)andOracleAccessManager.ThisguidedescribeshowtoconfiguretheBIG-IPAPMforOracleAccessManagerwhenyouarelookingtoreplaceaWebGateProxyfarmwithAPM.OracleAccessManagerhelpsenterprisescreategreaterlevelsofbusinessagility,ensureseamlessbusinesspartnerintegration,andenableregulatorycompliance.Throughaninnovative,integratedarchitectureOracleAccessManageruniquelycombinesidentitymanagementandaccesscontrolservicestoprovidecentralizedauthentication,policy-basedauthorizations,andauditingwithrichidentityadministrationfunctionalitysuchasdelegatedadministrationandworkflows.FormoreinformationonOracleAccessManager,see:◆TheWebGateAgentbehindtheBIG-IPAPMmustnotberunningontheApplicationWebTierservers.◆ThedefaultbehavioroftheBIG-IPAPMistoprotectaccesstoALLoftheresourcesonthebackendapplicationservers.Ifyouwishtoonlyprotectcertainresources,asdefinedinyourOAMpolicy,pleaserefertoAppendixA:UsinganiRuletoenableordisabletheAccessprofile,onpage16.◆ItisassumedthatyouhaveAdministratorprivilegestoyourOAMinstallation.Thisisrequired,asyouneedtomakeminormodificationstoyourpolicy.Formoreinformation,seeModifyingtheOracleconfiguration,onpage14.◆ItisalsoassumedthatyourOAMpoliciesareproperlyconfigured,suchasauthenticationandauthorizationfailures.TheBIG-IPAPMreliesontheOAMserverfordefinedbehaviors,otherwisetheflow/connectionwillbedroppedforanundefinedbehavior.◆Thissolutioncurrentlyrequiresanengineeringhotfix.SeeAppendixB:Obtainingtheengineeringhotfix,onpage18fordetails.◆FormoreconfigurationoptionsontheBIG-IPAccessPolicyManager,seetheConfigurationGuideforBIG-IPAccessPolicyManager,availableonAskF5().DeployingtheBIG-IPAPMwithOracleAccessManagerF5®DeploymentGuide2ProductversionsandrevisionhistoryProductandversionstestedforthisdeploymentguide:Revisionhistory:OurOracleIdentityManagement11gR1implementationwasdeployedaccordingtotheOracle®FusionMiddlewareEnterpriseDeploymentGuideforOracleIdentityManagement11gRelease1(11.1.1)PartNumberE12035-02.ConfigurationexampleInthisguide.wedemonstrateanarchitecturewhereOracleAccessManagerprovidesauthenticationandauthorizationservicestoanapplication.InsteadofauthenticatingusersdirectlyattheapplicationlayerwiththeWebGateagentorviaafarmofWebGateProxies,BIG-IPAPMisusedtoperformtheauthenticationandenforceauthorization.AllowingAPMtooffloadtheWebGatefunctionalitysimplifiestheOAMdeploymentbyeliminatingWebGateAgentsfromtheapplicationserversandconsolidati