Forum Discussion

AntonyLovric_15's avatar
AntonyLovric_15
Icon for Nimbostratus rankNimbostratus
Jul 04, 2014

APM + OAM (11GR1) Installation guide for HTTP Basic Authentication over HTTPS

I can't find a guide that describes how to setup APM with OAM11g and use HTTP Basic authentication (over https). I found the SSO guide and was able to follow the 11g and 10g sequence diagrams and understand how things are working. I believe what I want to do is feasible, I was just hoping to find a tech-note/guide that confirmed my thoughts.

 

Cheers Antony

 

ps I have a good background in programming/networking/security, but I'm a rookie/noob in terms of F5.....

 

  • Hi Anthony.

     

    It depends on what part(s) of the OAM tech stack you want to use.

     

    For User Auth only, you can use this guide:

     

    http://www.f5.com/pdf/deployment-guides/big-ip-apm-dg.pdf

     

    Which will provide for HTTP Basic Auth to the user ( the APM login page with username/password ), using OID - Oracle Internet Directory, OAM's LDAP server.

     

    If you want to use APM's Webgate functionality, then you use this guide:

     

    http://www.f5.com/pdf/deployment-guides/oracle-oam-apm-11-dg.pdf

     

    Which gives you both User Auth, and Web Access Control using the full OAM stack with AuthN/AuthZ policies. It is VERY important that you test and verify your OAM polices prior to setting up APM webgate - use a web server with a 10g Webgate agent is highly recommended. You MUST follow the steps in this deployment guide - exactly as outlined, in order, to have a successful deployment.

     

    Good Luck, let us know how it goes !

     

    -Chris.

     

  • Chris_Akker_129's avatar
    Chris_Akker_129
    Historic F5 Account

    Hi Anthony.

     

    It depends on what part(s) of the OAM tech stack you want to use.

     

    For User Auth only, you can use this guide:

     

    http://www.f5.com/pdf/deployment-guides/big-ip-apm-dg.pdf

     

    Which will provide for HTTP Basic Auth to the user ( the APM login page with username/password ), using OID - Oracle Internet Directory, OAM's LDAP server.

     

    If you want to use APM's Webgate functionality, then you use this guide:

     

    http://www.f5.com/pdf/deployment-guides/oracle-oam-apm-11-dg.pdf

     

    Which gives you both User Auth, and Web Access Control using the full OAM stack with AuthN/AuthZ policies. It is VERY important that you test and verify your OAM polices prior to setting up APM webgate - use a web server with a 10g Webgate agent is highly recommended. You MUST follow the steps in this deployment guide - exactly as outlined, in order, to have a successful deployment.

     

    Good Luck, let us know how it goes !

     

    -Chris.

     

    • lunitic_56137's avatar
      lunitic_56137
      Icon for Nimbostratus rankNimbostratus
      Chris, I went by the deployment guide and I cannot get the authentication to fire off. I also get a "failed to get host identifier..." error when using the eamtest tool. I went back over the DG and followed it to the letter. Still no joy. There seems to be an issue with the AccessGate contacting the OAM server and firing off the auth process. The APM VPE config, which is not covered in the DG, is pretty generic at this point. Start --> OAM AAA --> Allow. I have checked and rechecked everything but nothing seems to be helping. Any ideas of where to go? These resources that you have listed seem to be the only ones available at this time. Thanks in advance
    • lunitic_56137's avatar
      lunitic_56137
      Icon for Nimbostratus rankNimbostratus
      BTW, We are on 11.4.1 HF3 and OAM 11g with the AccessGate configured for 10G in the OAM server config.
  • Thanks for the reply, sorry I'm late getting back to you. (I was off on vacation for a week, then working on some other stuff the following week.)

     

    I've read the articles you've linked before. I was looking for an example that demonstrated message flow for 'basic' authentication vs the documented 'SSO/forms' based authentication examples.

     

    From this link; http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-oam-integration-11-2-0/1.html

     

    I was trying to find a sequence diagram like the one in the image 'Accessing a protected resource using Access Policy Manager deployed with OAM 11g' using basic authentication instead of Forms-based authentication.

     

    Thanks Antony

     

    I'll mark your answer as the correct one because I've scoured the support site and haven't found anything. When I finish the implementation I'll ask my client if I can pass back/upload the sequence diagram I wrote.