How OCI made simple to IAM Service lets you control who has access to your cloud resources!

Oracle Cloud Infrastructure Identity and Access Management (IAM) Service lets you control who has access to your cloud resources. 

Prerequisites:

1. You should have OCI account created.

2. OCI basic understanding

Login to your OCI and Create the Compartment 

                       

In left pane, Identity & Security -> Identity -> Compartments then create your Compartment

Once you create, you should be able to see as –

      Managing Users, Groups and Policies to Control Access

We should create a user, a group, and a security policy to understand the concept.

Again, login to OCI console and Menu -> Identity & Security -> Groups 

Below are my policy statements –

Policy Statements

Allow group oci-testgroup1 to inspect users in compartment vishwa-test1

Allow group oci-testgroup1 to inspect groups in compartment vishwa-test1

Allow group oci-testgroup1 to use users in compartment vishwa-test1 where target.group.name != 'Administrators'

Allow group oci-testgroup1 to use groups in compartment vishwa-test1 where target.group.name != 'Administrators'

Now, create the new user:

Verify user permissions

a) Go to the Menu, click Compute and then click Instances.

b) Try to select any compartment from the left menu.

c) The message “You don’t have permission to view these resources” appears. This is normal as you did not add the user to the group where you associated the policy.

Sign Out as ‘testuser01’

 

Add User to a Group

a) Sign back in with the your Admin account.

b) On the Menu click Identity & Security, and then click Users. From the Users list, click the user account that you just created (for example, testuser01) to go to the User Details page.

Go to the Menu, click Identity and select Groups.

The message “Authorization failed or requested resource not found” appears. This is expected, since your user has no permission to modify groups. (Note: You may instead get the "An unexpected error occurred" message instead. That is also fine.)

Sign Out from testuser01

Happy Learning!

Deploying the IIS WebGate 12c Instance and Testing

(1) DEPLOYWEBGATE:

C:\Oracle\Middleware\Oracle_Home\webgate\iis\tools\deployWebGate>deployWebGateInstance.bat -w C:\webgate12cInstance\test8088 -oh C:\Oracle\Middleware\Oracle_Home -ws iis

Copying files

C:\Oracle\Middleware\Oracle_Home\webgate\iis\config\oblog_config_wg.xml

1 File(s) copied

C:\Oracle\Middleware\Oracle_Home\webgate\iis\tools\openssl\simpleCA\cacert.pem

1 File(s) copied

C:\Oracle\Middleware\Oracle_Home\webgate\iis\tools\openssl\simpleCA\cakey.pem

1 File(s) copied

Done!

C:\Oracle\Middleware\Oracle_Home\webgate\iis\tools\deployWebGate>

(2) CONFIGURE WEBGATE:

C:\Oracle\Middleware\Oracle_Home\webgate\iis\tools\ConfigureIISConf>ConfigureIISWebGate.bat -oh C:\Oracle\Middleware\Oracle_Home -w C:\webgate12cInstance\test8088 -site "test8088"

processed dir: C:\webgate12cInstance\test8087\webgate\config\simple

processed dir: C:\webgate12cInstance\test8087\webgate\tools\openssl

processed dir: C:\webgate12cInstance\test8087\webgate\tools\openssl\simpleCA

processed file: C:\webgate12cInstance\test8087\webgate\tools\openssl\simpleCA\cacert.pem

processed file: C:\webgate12cInstance\test8087\webgate\tools\openssl\simpleCA\cakey.pem

c:\oracle\middleware\oracle_home\webgate\iis\lib\webgate.ini is updated.

(3) Registering webgate in /OAMCONSOLE

Once created then download artifacts -

Copy the generated webgate artifacts to -->> C:\webgate12cInstance\test8088\webgate\config

Restart the IIS

Troubleshooting:

When you access http://<iis-host>:port/hello.html and if you get error below:

In Windows 2019 Server you may face ISAPI extension issue.

Follow - Server Manager -> Tools -> IIS 

On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Application Development, and then select CGI or ISAPI Extensions. Click Next.

Later stuck at --->

- Installed relative vc++ redistributaion

- Checked IIS configuration settings 

- Followed Oracle Doc IDs 2309712.1 and 2361926.1 however not worked.

Install webgate 12c on windows 2019

 Continued from - Install and create IIS websites

Installing webgate 12c

(1) Downloaded webgate 12c  Oracle Software Delivery 

(2) Install Screen shots -

(2) Prerequisites should be fulfilled - MS Visual C++

 I have used in built in JDK comes with Windows 2019 Server.        

Though you install  Visual C++ Redistributable for Visual Studio 2012 Update 4, vcredist_x64.exe And you get above warning then click 'return'




Continued .... deploying IIS webgate 12c

IIS Webgate 12c Installation and Configuration in Windows 2019

OAM 12c PS4 on Linux 7.x Server  ||  IIS Webgate 12c on Windows 2019 Server

Windows 2019 server:

(1) Configure IIS Server, used below Server Manager.

(2) Click 'Add roles and features'

(3) Click 'Next' for all till you reach 'Server Roles' there you should select 'Web Server (IIS) (13 of 43 installed'

(4) Click install -

(5) Then select option 'Tools' -> 'Internet Information Services (IIS) Manager' 

(6) IIS server manager - right click on 'Sites'

(7) You should create a website under C:\inetpub\wwwroot

(8) Once created. You should go to 'Directory Browsing' and 'Enable' it.

(9) Below (my case it's enabled already)

(10) Open Command prompt as administrator. run 'iisreset' . Try to access http://localhost:port. If all set correct then you should able to see IIS default page.

Continued ., install webgate 12c on windows 2019