Oracle Access Manager - Configuration Manager Success Stories
The Oracle Access Manager Configuration Manager [http://download-uk.oracle.com/docs/cd/B28196_01/idmanage.1014/b32392.pdf] has been around for about a year now. I'm looking for any feedback regarding this product:
Has anyone deployed it?
How successful was the deployment?
Is the tool doing what you expected it to do?
Thanks for any responses.
Mark
@pokurik: cn=orcladmin is the full DN. In OID there are two orcladmin users with different ACLs.
Which OAM version? Always provide the version you are using.
--olaf
Similar Messages
-
Configure Oracle Access Manager - from weblogic OIF instance page bombs out
I am trying to integrate OIF with Oracle Access Manager as SP integration module. But, when clicked on "Configure Oracle Access Manager" it throws the following error:
Oracle Access Manager cannot be configured properly. Make sure the Oracle Access Manager SDK Server has been configured properly and the required environment variables have been set. Details can be found on Online Help and Administrative Guide.
I have updated the environment variables and classpath, also confirmed the Access Server SDK to work properly by testing java JAccessGate.
any help is greatly appreciated.
The diagnostic logs show these errors:
========================
Login of admin identity cn=usca_iam_admin failed. Please check to make sure the admin user ID is valid.
at com.oblix.accessmgr.ObAccessManager.sendRequest(ObAccessManager.java:163)
at com.oblix.accessmgr.ObAccessManager.setAdmin(ObAccessManager.java:195)
at oracle.security.fed.admin.config.mbeans.OAMConfigUtils.configureOAM(Unknown Source)
at oracle.security.fed.admin.config.mbeans.AdminUtilMXBeanImpl.configureOAM(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.doInvoke(OracleStandardEmitterMBean.java:889)
at oracle.as.jmx.framework.generic.spi.interceptors.ContextClassLoaderMBeanInterceptor.internalInvoke(ContextClassLoaderMBeanInterceptor.java:94)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:245)
at oracle.as.jmx.framework.generic.spi.interceptors.MBeanRestartInterceptor.internalInvoke(MBeanRestartInterceptor.java:116)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:245)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.internalInvoke(AbstractMBeanSecurityInterceptor.java:174)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:245)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.invoke(OracleStandardEmitterMBean.java:803)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
at java.security.AccessController.doPrivileged(Native Method)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
My Oracle Access Manager is 10.1.4.3 and OIF is 11.1.1.3
thanksHello,
I'm having the same problem. Did anybody find a solution to fix it?
Any help is appreciated.
Regards,
Ignacio. -
WCI single sign on(SSO) configurations with Oracle Access Manager(OAM)
I have to integrate the oracle access manager with the WCI(ALUI) for the SSO implementation.What are the configurations required to implement SSO with oracle access manager in WCI/ALUI
Any answer to the last question on..?
No, better explain my query with 2 scenarios:
Scenario 1:
Usual scenario authentication of a user to a web application without the single web functionality on the acces single manager:
Login screen of the web application ====> Access to the web application home
Scenario 2:
Scenario authentication of a user to a single web application with web functionality on the acces single manager:
Login screen oracle access manager ====> Display login web application ====> Access to the web application home
My query is:
You can configure the functionality of single sign on to access manager with a web application that does not have its login screen of the web application. For example:
Login screen oracle access manager ====> Access to the web application home -
Configuration of APEX applications to use Oracle Access Manager for Login
Is there Oracle documentation on configuring an APEX application to accept a login id passed by Oracle Access Manager? Would someone please help with some instructions on how to do it. Thanks.
Hi Ravi,
this looks like a WLS issue.
1-You can try as a workaround to remove this validator configuration in taglib definition file: .tld and see the behavior.
2-Or you are missing something into url.
I hope this helps,
Thiago Leoncio. -
Oracle Access Manager and Passing Cert Info to HTML or JSP
Friends,
We are trying to pass the CN information from our smartcard (CAC) that looks i.e. john.doe.123456789 as a parameters to an Oracle Forms using the staticHTML implementation utilizing the OBLIX SSO OR utilizing a JSP or HTML file to read these parameters and update OID. We can pass the UID but since we will have First-time Registration of the Smartcards, the UID doesn't count since the CN information from the Smartcard has not been populated at this point to the OID, we are trying to get the functionality going to get the user first to put in their login and password but at submit time, to update the OID with the CN information to a separate column of OID and not the UID.
Utilizing the OAM, we have been able to proof concept the authentication using the UID by using the Policy Manager and the Access System Console --> Access System Configuration. It's works well with the plugin that comes with the OAM (SSOOblixAuth.java) and thx to Oracle Support, but we need to be able to pass other parameters that are specified as a part of the Resource - Action as headervars such as
HeaderVar OBLIX_SN or
hearderVar OBLIX_MAIL
Our Oracle Access Implementation is in halt until we find a way to pass these return Attributes to our Oracle Forms. The Oracle Forms running SSO is working greatly with just the userlogin and password (UID is passed as a header) without the Oracle Access Manager (OBLIX) but now we have shifted to this product for reading and processing Smartcard information.
Any help we can get, we very much appreciate it.
KAO.K.
I am getting closer but still not getting the ssooblixuser or ssooblixcn. I have
the following jsp to fire after a successful authentication.
The following code is utilized in our SSO environment for changing passwords.
The bolded line should get the ssooblixuser but it is not..
<%
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setHeader("Expires", "Thu, 29 Oct 1969 17:04:19 GMT");
request.setCharacterEncoding("UTF-8");
response.setContentType("text/html; charset=UTF-8");
String remoteUser = null;
String userDn = null;
String referer = null;
String oblixheader = null;
remoteUser = request.getRemoteUser();
userDn=request.getHeader("OSSO-USER-DN");
referer=request.getHeader("referer");
oblixuser = request.getHeader("ssooblixuser");
%>
<HTML>
<HEAD>
<SCRIPT language="JavaScript">
function validatePasswordsMatch()
var frm = document.forms["changePassword"];
if(frm.newpwd.value != frm.confirm_newpwd.value)
alert('The Password and verified password do not match!');
return false;
else
document.changePassword.submit();
return false;
function cancelButton()
document.close();
</SCRIPT>
</HEAD>
<BODY bgcolor="#cae3ff" >
<table width="750" height="10" border="0" cellspacing="0" cellpadding="0">
</table>
<TABLE ALIGN="Center">
<TR><TD>User Name</TD><TD> <%=remoteUser%> </TD></TR>
<TR><TD>OBLIX USER</TD><TD> <%=oblixuser%> </TD></TR>
Edited by: user10130371 on Sep 17, 2009 8:09 AM
Edited by: user10130371 on Sep 17, 2009 8:10 AM -
Extending Domain with Oracle Access Manager 10g
Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management
11g Release 1 (11.1.1)
Part Number E12035-05
http://download.oracle.com/docs/cd/E14571_01/core.1111/e12035/toc.htm
Chapter 10 - Extending the Domain with Oracle Access Manager 10g
- Section 10.4.3 Installing WebGate on OAMADMINHOST, WEBHOST1, and WEBHOST2
Question:
How many webgate instances should be created?
1) Is there only on instance and the three installation share the same ID?
2) Is there two instances? one for the web cluster, the other for the OAM Admin Console server?
3) Is there three separate webgates and instances?
ThanksIt should be this way:
Ebiz:
1. Integrate OAM with OASSO
2. Register OASSO and OID with Ebiz11.5.10.2
3. Protect the resource in OAM
4. Verify if authentication is successful for this resource.
Obiee:
1. Integrate OBIEE with OAM
2. Verify if authentication is successful for this resource.
IWA:
1. Install IIS webser and webgate
2. Create authentication scheme which protects / of IIS web server.
Create a Form Authentication Scheme(this scheme should protect OBIEE and EBiz resource) which will have challenge redirect to IIS web server where IWA is configured and / is protected.
Login Flow:
1. User tries to access ebiz or obiee resource.
2. Form Authentication Scheme will challenge redirect to IIS web server where IWA is configured.
3. As IWA is configured. User will be automatically get ObSSOCookie.
4. User gets redirected back to the requested resource.
There is a My oracle support doc which talks in details about this setup. -
Issues integrating WebCenter with Oracle Access Manager
Hi All,
I am trying to integrate WebCenter 10.1.3.2 with Oracle Access Manager (CoreId). Followed the steps described in the Chapter 11 of the OC4J Security Guide.
I was able to successfully authenticate WebCenter using IWA with Access Manager.
Then I proceeded with the below steps:
- Implemented ADF Security in the application. Created application roles and login page and worked fine on my local machine.
- Provide the auth-method of "COREIDSSO" in orion-application.xml
- Renamed the app-jazn-data.xml to give the OID groups
- Mapped the OID groups to application roles in orion-application.xml
- Used the jazn migration tool to populate the system-jazn-data.xml
When trying to access the application, it looks like the ADF Context identifies that this is an authenticated user.
ADFContext.getCurrent().getSecurityContext().isAuthenticated() retruns true
ADFContext.getCurrent().getSecurityContext().isAuthorizationEnabled() returns true
I get the below error message on the server console:
[CoreIDLoginModule::getUserSessionFromCookie]: This user session for F3iwZhUGgjej9RSrMLSo0wjH5Ec6c2oeC0OBRH12y7%2FvfPVncz6dYoBoFD6q8DWAlMtzah%2FYV4T1t7jztVFYbxwfOyu0VOMXMEIosRrFicfJwoPRrM8MOkFsziQxpUqo98XrC9iBRHffdWSItNHZRZK4ZoCJMi6HZZ6noOc4Z%2BGJDGj3kWndYHTWjiG0cJhkSbL95wMmrXCDElzZHjPMdkuNQUHW1TfAJvgSlDeX6hhhIThlc%2BGmxMP3MQ%2FZoxUysbKieIJgDXo1%2FEMmLmTVjA%3D%3D is not valid or user is not logged in.
I also tried using the "Headervar" variable to display the obmygroups value, but it comes as blank.
Any help would be appreciated.
Thanks
AneeshWe recently integrated Webcenter Application (with ADF Authentication and Authorization) with OAM. May be the following will be of some help to you.
We did the following steps documented in Chapter 11 Oracle Access Manager in Oracle J2EE security guide.
OAM
1. Created ALL specified policies , authentication schemes, protection specified in OAM section of the document.
OC4J
1. Ran all configuration listed for the OC4J section.
Webcenter
1. Developed the Webcenter Application
2. Enabled ADF Security (Authentication & Authorization)
3. Deployed the application. While deploying chose File based provider.
4. After the deployment, changed orion-application.xml to have COREIDSSO as documented in Oracle documentation
system-jazn-data.xml
1. Added login module details as specified in the document. (Changed only the application name. Rest all was same as we used names as specified in the earlier steps of the document)
OID Migration
Reference document: "Configuring a WebCenter Application to Use Oracle Access Manager" in Webcenter Framework Developer guide.
1. Located app-jazn-data.xml in the deployed application
2. Removed "realm-name" and "type" subelements of "grantee" tags. Removed any realm details in user name.
3. changed references to "class oracle.security.jazn.spi.xml.XMLRealmRole" to "oracle.security.jazn.realm.CoreIDPrincipal"
4. ran the JAZN migration tool with "all" options. Migration from app-jazn-data.xml to OID.
OAM
Created policies for protecting our application.
Test the application.
Debugging.
1. Enable oracle.adf.share.security , oracle.j2ee.security & oracle.j2ee.security.oc4j loggers to debug if the application is not working the way you expect to work.
2. Set log level in Enterprise manager.
3. All logging information are written in log.xml in $ORACLE_HOME/j2ee/OC4J_Webcenter/log/OC4J_WebCenter_default_group_1/oc4j
Thanks -
Install Oracle Access Manager in existing Access Manager domain
Hi
I am operator of a windows system with Oracle Access Manager installed.
We use OAM for SSO against Webpages in OIM running on Jboss, and now we are going to implement against a WebLogic webapplication too.
The userbase is standard Active Directory
I did not set up OAM myself so I'm not completely sure how it works.
To be able to test the SSO solution given by an external provider, I need to have a proper stage environment.
My idea is to set up another OAM on another server, wich points towards the same AD domaincontroller as the existing OAM
Is this possible? In the installation guide I find that the new AccessManager system should be added into the existing OAM configuration , before we turn of the existing OAM and then install the complete OAM on the new server. Then we can turn on the existing OAM again, and implement them as clusters. I would like them to be two indipendent instances not affecting one another, but in the same AD domain to be able to test features in one of them and use the other as the production server.
My fear is that I "mess up" the form in AD created from the old OAM, and that way mess the upp production environment.
Edited by: user631873 on 11.sep.2009 06:22Hi,
Technically, you can certainly set up a new OAM infrastructure which points to the existing AD instance. You could do this in a number of ways, for example:
- set up the new instance so that it points to the same users and configuration branch as the existing instance, so that the new instance is effectively just an extension of the existing instance (with extra Identity and Access Servers, etc) ;
- set up the new instance so that it points to the same AD instance, but uses different User searchbase and Config branch. In this case the new instance is more or less completely separate, but it happens to use the same directory ;
- set up the new instance so that it points to the same Users, but a different Config branch, in which case the new instance has independed OAM configuration (policies, authentication schemes etc) but operates on the same user base.
(In OAM you can define separate ldap locations for the Users, Identity Config and Access Config.)
It depends on exactly what you want, but if the idea is to have a proper stage environment, then it is usually better for them to be completely independent, including the directory. OAM can update users as well as policies, and additionally different major versions of OAM have different schemas, so there are risks when using the same directory instance. Load testing is also an issue, since the directory is accessed extensivley by OAM.
Regards,
Colin -
Installing Oracle Access Manager - 11.1.1.5
Hi
I am very new to Identity Management and have been trying to set Oracle Access Manager in Windows XP.
Downloaded ofm_iam_generic_11.1.1.5.0_disk1_1.zip from OTN.
I cannot find the RCU for 11.1.1.5 version from the website directly. All I could see is only RCU for 11.1.1.3 and 11.1.1.2 version.
Can anyone send me the download link for RCU 11.1.1.5 and step by step installation guide for setting up Oracle Access Manager.
I tried creating OAM Domain after installing IDM Suite and running RCU 11.1.1.3 version.
When I run the WebLogic and OAM server I am getting error
Caused By: oracle.security.am.common.policy.admin.PolicyManagerException: oracle.security.am.c
policy.admin.PolicyManagerException: OAMSSA-06251: Unsupported policy store version detected.
ed "11.1.1.5.0" but found "11.1.1.3.0".
Also unable to login to OAM console.
Thanks,
RamDaren,
Do you have OAM 11.1.1.3 running and now you wish to upgrade it to 11.1.1.5 or
You wish to install new 11.1.1.5 ?
If this is later then better you should use 11.1.1.5 RCU to create schema as this is straight and easy process with no upgrade.
If you are running 11.1.1.3 and wish to upgrade to 11.1.1.5 then there are steps to apply 11.1.1.5 oatch in My Oracle Support(earlier metalink) Procedure to Upgrade OAM 11.1.1.3.0 to OAM 11.1.1.5.0 [ID 1318524.1
Atul Kumar
http://www.amazon.co.uk/Oracle-Identity-Access-Manager-Administrators/dp/1849682682 <- OIM / OAM 11g Book on Amazon
http://onlineappsdba.com/index.php/book/ <- EBS R12 Integration with OID/OAM for SSO Book -
URGENT : Challenge questions query: Oracle Access Manager 10g
Hi all,
This is a query regarding password challenge questions in Oracle Access Manager 10g. We have created password policies for a specific container in OID (say cn=xxx,cn=users,dc=oracle,dc=com) and it is working fine.
In order to exclude certain set of users (say user ABC ) for password policies, we have set the obpasswordchangeflag to false for those users which are in same container for which password policy is created.
When we try to login to the application with the user say ABC, I am not seeing any reset password page - I am happy till this point. However it is showing Configure Challenge questions page. Is there any way to bypass this page? Or is this the expected behavior?
This is very urgent and prompt reply is very much appreciated.
-MahendraHi Mahendra,
This is expected behaviour. In order to exclude the password policy management for some certains user for particular domain/container. please add the below configuration parameter to your OAM10g password policy.
Password Policy Filter Field (!(|(cn=xxx)(cn=abc)))
----Ajay -
Oracle Access Manager 11gR2 Web application: "oam" failed to preload
Any pointers for troubleshooting this error?
Managed Server starts up but fails to start-up "oam" deployment.
weblogic.application.ModuleException: [HTTP:101216]Servlet: "AMInitServlet" failed to preload on startup in Web application: "oam".
java.lang.ExceptionInInitializerError
at oracle.security.am.pbl.transport.http.AMInitServlet.initializeAmServer(AMInitServlet.java:113)
at oracle.security.am.pbl.transport.http.AMInitServlet.init(AMInitServlet.java:79)
at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58)
at weblogic.servlet.internal.StubLifecycleHelper.<init>(StubLifecycleHelper.java:48)
at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:539)
at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1981)
at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1955)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1874)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3154)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1518)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.activate(AbstractOperation.java:569)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.activateDeployment(ActivateOperation.java:150)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doCommit(ActivateOperation.java:116)
at weblogic.deploy.internal.targetserver.operations.StartOperation.doCommit(StartOperation.java:149)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.commit(AbstractOperation.java:323)
at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentCommit(DeploymentManager.java:844)
at weblogic.deploy.internal.targetserver.DeploymentManager.activateDeploymentList(DeploymentManager.java:1253)
at weblogic.deploy.internal.targetserver.DeploymentManager.handleCommit(DeploymentManager.java:440)
at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.commit(DeploymentServiceDispatcher.java:163)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doCommitCallback(DeploymentReceiverCallbackDeliverer.java:195)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$100(DeploymentReceiverCallbackDeliverer.java:13)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$2.run(DeploymentReceiverCallbackDeliverer.java:68)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:545)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: java.lang.NullPointerException
at oracle.security.am.pbl.diagnostic.DiagnosticUtil.<init>(DiagnosticUtil.java:80)
at oracle.security.am.pbl.diagnostic.DiagnosticUtil.<clinit>(DiagnosticUtil.java:65)
... 45 more
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1520)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
Truncated. see log file for complete stacktrace
Caused By: java.lang.NullPointerException
at oracle.security.am.pbl.diagnostic.DiagnosticUtil.<init>(DiagnosticUtil.java:80)
at oracle.security.am.pbl.diagnostic.DiagnosticUtil.<clinit>(DiagnosticUtil.java:65)
at oracle.security.am.pbl.transport.http.AMInitServlet.initializeAmServer(AMInitServlet.java:113)
at oracle.security.am.pbl.transport.http.AMInitServlet.init(AMInitServlet.java:79)
at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)SOA is not required. WebGate is a separate installation, separate from where you install the Oracle Access Manager.
Oracle Access Manager is like the management station, WebGate would typically be installed on a host where a Web Server is running. So WebGate running on the WebServer host would be used to provide access control functions for web pages hosted on Web Server. You will have to do the configuration of WebGate separately after Access Manager has been installed. Please mark answer helpful/correct if helpful. -
Oracle Access Manager 11g r2 with Oracle Entitlement Server 11g r2
Hello,
I would like to set up a configuration with Oracle Access Manager 11g r2 where Authentication is against Active Directory, and Authorisation is against Oracle internet Directory
Access Manager has to get authorizations from Oracle internet Directory via Oracle Entitlement Server
I cant find any document describing how to integrate Oracle Access Manager with Oracle Entitlement Server
could any one help ?
RegardsHi all,
I am facing some issue with the distribution of the policy in the security module of OES.
The "application" distribution tab allows me to distribute the policy created but does not generate any distribution ID or address for webservice access.
I am using OES 11.1.5
Thanks in advance. -
Hi All,
I have a little confutation about Oracle Access Manager webgate. Please help me to figure it out.
There are five web server I need to protected using OAM. Three are IIS 6.0/7.0 in Wondows 2008, one is Apache v2 in RHEL 5 and one in Apache Tomcat in Cent OS 5. All OS are 64 bit platform.
I need to know which webgate I have to download and install for IIS and Apache? Please provide me the download link.
I have seen following documentation, but I am unable to find Oracle_Access_Manager10_1_4_3_0_Win64_ISAPI_Webgate.exe or Oracle_Access_Manager10_1_4_3_0_platform_OHS_Webgate
http://docs.oracle.com/cd/E28271_01/doc.1111/e15478/apch2ihs.htm
http://docs.oracle.com/cd/E21764_01/doc.1111/e15478/iis_wg.htm
Thanks
Tamim KhanHi Chinni,
Thanks for you help.
I am downloading oam_int_win_v11_cd1.zip, I have few more question on webgate?
1. How can I determine which webgate use for which web server considering the version of the server (ie: IIS6/7). I have found oam-3rd.xls file. is it the way to chose webgate for some platform.
2. Is there any official documentation to perform this operation for third pary webgate.
3. Please consider the following senior:
We have one Web application that authentication of RCPS performs from Data base tables. After successfully login, user got different types of roles like Admin, Manager, Guest User, Internal User etc, Base on the that role user menu is populate. For example Admin user has 7 menus but internal user has 4 menus. That menu item load from Database tables after login in to the application.
As because the application are not authenticating from Database after implementation of OAM, so after authenticating from OAM how the user menu is populate?
Thanks
Tamim Khan -
LifeRay Poratl & Oracle Access Manager Integration
Hi All
Am trying to integrate LifeRay Portal with Oracle Access Manager to provide SSO. Steps I done is Created Proxy (Required) to the application with Apache Web Server and installed Apache Web Gate on it to protect the proxy. Now I need help to configure Portal to enable SSO and Authentication with LDAP Users Customization. Any one Please try to help me in this issue please
Version of LifeRay : 6.0.6
Oracle Access Manager : 10g (10.1.4.3.0)Have you provided all the hostname and port combinations in the Host Identifier?
What have you configured as Preferred Host in webgate configuration? What is configured in the Host Identifier?
~Yagnesh -
How to protect custom applications using oracle access manager?
Can someone brief me on how to protect custom applications using oracle access manager?
Is the Custom application a Web Application running on certified platform? If its Web Application then its no different you have to configure the access policies with http(s) as resource type.
If its not a web application you can write Custom access Gate and then implement. You would configure the policies similar to Web application (you can define your ouwn resource type if you like) and in the custom web gate you will use Access server SDK API to validate the access rules.
Thanks
Ram
Maybe you are looking for
-
What is the best way to clean dust from unibody MacBook?
I have the aluminum late 2008 MacBook (basically like the pro, except not). I've realized that I keep finding myself in dusty situations, and while I don't think it's affected my MacBook too much, I think a basic clean is in order. Anyone know the be
-
Writing to XML files need help
Guys, I need to pull out data from the database and write it to multiple flat files in XML. I can't do it on the database server using utl_file, I need to do it on the client. Can you tell me the best way to achieve it. I am giving you a sample plsql
-
IndCS4 keeps crashing when exporting to a PDF - SnowLeopard
Has anyone had this problem - and most importantly - does anyone know a way around it? I installed Snow Leopard and CS4 on the weekend and thought wow I am one of the lucky ones (I have read a few posts about the two conflicting). So far so good... u
-
I have recently bought an ipod touch, having downgraded (in memory size) from an 80 Gb 5th gen ipod video. I am having trouble getting my videos to be of a reasonable size, and most importantly of a reasonable quality. A friend of mine gave me a copy
-
Windows 8.1 and ipv6 device stack issues
Hello, so here is the thing: ZTE Integrated access device (gateway) connected to the ONT. It has ipv6 support which ISP still doesn't use and there is no way of disabling it in router even though I've obtained ISP's admin account. So many ipv6 option