Create the application in Access Gateway

During this task we will create the JD Edwards application, specify a certificate (if required) and then add the required redirect policy.

Topics:

Create application

To create the application in Access Gateway:

  1. Sign in to the Access Gateway Admin UI console.
  2. Click the Applications tab.
  3. Click +Add.

  4. From the Application menu, select Oracle JD Edwards Enterprise One, and click Create.

    Select JDEdwards and click Create

    See the Supported technologiessection in Supported technologies.

Configure the application

  1. In the Essentials pane enter:
    FieldValue
    LabelThe name of the application,
    For example: JD Edwards
    Public DomainThe external facing URL of the application.
    For example: https://jde-external.example.com
    Protected Web ResourceThe URL and port combination of the Oracle JD Edwards Implementation that is being protected.
    For example: http://jde-internal.example.com:7005 See Configure load balancing
    Post Login URL

    Enter an appropriate target URL.
    For example https://jde-external.example.com/jde/owhtml.

    Post Login URL may contain other elements specific to the implementation.

    GroupThe group containing users who can access the JD Edwards instance.

Configure load balancing

Only use Access Gateway as the load balancer. See Load balancing.

  1. Expand the Protected Web Resource tab.
  2. Enable Load Balancing By Access Gateway.

    A table of hostnames and weights representing the target load balancing instances appears. This table is initially empty. Click edit to modify an entry in the table, or click delete to delete an entry.

  3. Choose either HTTP or HTTPS as the URL scheme. Each protected web resource that you add inherits this scheme.
  4. Optional. Enable and specify Host Header value.
  5. Complete the following steps to add a host, repeat as required:
    1. Click Add protected web resource.
    2. Enter a fully qualified hostname:port combination (for example, https://backendserver1.atko.com:7001).
    3. Enter a weight from 1 to 100. Enter 0 to specify that a host is disabled.

      Weights represent the percentage of requests that will be routed to this host.

      For example, two hosts of weights 2:1 would result in requests being routed ~66% to the host weighted 2 and ~33% to the host weighted 1.

    4. Click Okay.

  6. Optional. Configure health checks, which use GET operations to confirm that back-end resources are functional.

    New requests aren't routed to resources that have been labeled unhealthy by the health checks.

    1. Enable Load Balancer Health Check.
    2. Click Edit to modify health check settings.
    3. Modify settings as required.
      FieldValue

      Default

      PathThe URI path to the resource used in health check./
      MethodThe HTTP method used.Always GET
      Status codeThe HTTP status code used to determine health.200
      IntervalThe interval between health checks in seconds.10
      Request timeoutThe health check request timeout in seconds.1
      Healthy thresholdThe number of requests that must succeed before a host is considered healthy.3
      Unhealthy thresholdThe number of requests that must fail before a host is considered unhealthy.3
    4. Click Save to save changes or click Cancel to exit without saving.

Configure certificates

    All apps, including the Access Gateway Admin UI console app, require a self-signed or signed certificate.

    Include signed certificates wherever you terminate SSL. You can terminate SSL at Access Gateway or any other network component, like a load balancer.

    If you terminate SSL at a load balancer, on the Access Gateway Admin UI console app, you also need to use a certificate that is trusted by the load balancer.

    If you terminate SSL on the Access Gateway Admin UI console application, you must use a signed certificate, which must be on the Access Gateway node and be associated with the Access Gateway Admin UI console application.

  1. Expand the Certificates tab.

    By default, when you create the app, the system generates a self-signed wildcard certificate and assigns it to the app.

  2. Optional. Click Generate self-signed certificate. A self-signed certificate is created and automatically assigned to the app.
  3. Optional. Select an existing certificate from the list. Use the Search field to narrow the set of certificates by common name. Use the page forward and backward arrows to navigate through the list.

  4. Click Next. The Attributes pane appears.

    For detailed information on the attribute options, see Application attributes .

  5. Confirm the IDP login attribute.

    By default the JD Edwards application template login field as the JDE_SSO_UID header. Change the value of the header field if required. Add additional header fields required by the application.

Configure policy

  1. Click Next. The Policies pane displays.

    See Advanced Access Gateway policy

  2. On the root policy row, click the Edit icon.
  3. Expand the Advanced sub-tab.
  4. In the Custom configuration tab, enter a proxy redirect for the target JD Edwards application.
    For example:
    proxy_redirect http://jde-app.domain.tld:7005 https://$host:$server_port;

  5. Click Not validated when complete.

    If all values are entered correctly, the Not Validated button will change to Validated.

  6. Click Okay.
  7. Click Done.