OAM cluster, ECC, WNA and load balancer

It took me some time to configure an Oracle Access Manager Cluster with a loadbalancer and ECC for Windows Native Authentication. After successfully configuring WNA for one of the branches without loadbalancing, it appeared to be fairly simple to move to a load balanced situation. The most important thing to do is to make sure the cluster can resolve the name of the loadbalancer via DNS. When this is done, NO configuration for virtual hosts or whatever has to be done.
These three steps should be taken:
1) Configure your load balancer just for the Managed Server port (in most cases 14100, or a port in the 700x range). It’s the port for the login screen if WNA is not supported. Port 5575 (webgate) does not need to be load balanced, this is resolved by the webgate itself
2) Add the loadbalancer address to DNS
3) In the Access manager settings page of the Access Manager Console, change the server name and port to those of the load balancer entry
4) Generate ONE .keytab file with a Server Principal Name for the load balancer address, and use this file on both managed servers.

No update of the gateways has to be done (just bounce opmnctl once), no restart of the Access Manager Server.

Leave a Reply