BASIC OAM 11gR2 QUESTION

Similar Messages

• How to protect an application running on IIS with OAM 11gR2

  Hello Gurus,
  I have a question regarding protecting an application running on IIS with OAM 11gR2. We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page. These is all solaris. I am protecting other applications like pplsoft moduels with this OHS instance and OAM server. There is another application that I need to protect which is itself running on IIS windows machine. I need guidance as to -
  1.) Do I need to install a windows version of webgate to protect this IIS based application?
  2.) Or I can still protect and proxy requests from this application to current OHS instance? How can I do this?
  3.) Or Do I need to proxy requests directly from IIS to OAM weblogic server?
  Please advise to the earliest as this is an urgent issue.
  Thanks !!

  From your description it is not clear how exactly architecture looks like
  We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page.
  is this OHS centralized login farm ? (Case 1)
  OR is this OHS server (with webgate) acting as virtual web server hosting multiple web sites so that request to any site passes through this OHS/webgate (Case 2)
  1.) Do I need to install a windows version of webgate to protect this IIS based application?
  If case 1 then you need to install 10g webgate on top of IIS server to protect this application
  If case 2 then you can just proxy request from OHS to IIS server. As every request passes through OHS user will be authenticated before request hits IIS
  Look at Product documentation for virtual web sites : http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/shared.htm#autoId12
  It has steps to protect virtual web sites.
  Also you need to make sure no one hits IIIS web sites directly.
  Hope this helps

• How to protect an application running on Apache Tomcat app server with OAM 11gR2

  Gurus,
  We have an Apache Tomcat based application named "ABCD" here at client site that we want OAM 11gR2 PS1 to integrate with for SSO purposes. I have successfully configured OHS to reverse proxy requests to Apache Tomcat server whenever somebody tries to access the application URL but still, I am getting the application login page once I have successfully authenticated on OAM SSO login page. The Tomcat based application is authenticating users against a "UserDatabase realm".
  I know in terms of weblogic application, there is an OAM identity asserter provider which then populates the User Principal for the java environment with the authenticated OAM user. But there is no such OAM identity provider for Tomcat.
  So my question is, is there an provider (or Tomcat equivalent) which will entrust authentication to a header, that could be used to populate the Java User Principal from the OAM_REMOTE_USER header? Is the weblogic equivalent of authentication providers present in tomcat as well? Are those called valves?
  Please advise to the earliest.
  Thanks !!

  Aakash,
  I did follow the 4 steps that you mentioned to me. Out of the 4 that you had mentioned, I already had the webgate in place on OHS server and I was already passing the remote_user http header in oam policy as action.
  As part of Step #2: Install mod_jk plugin on OHS server that you mentioned
  1.) I downloaded the tomcat connector - tomcat-connectors-1.2.37-src
  2.) I had to run ./configure,make, make install on my OHS server which runs on RHEL 6. It created the mod_jk.so file. I pasted it in the needed folder.
  3.) I then created the httpd.conf file and workers.properties file as said in the connector docs.
  4.) Restarted OHS.
  As part of Step #3: Configure tomcat's ajp connector that you mentioned and I went through all the links pasted below but didn't find actually what needs to be in place to configure tomcat's ajp connector. I do see in the server.xml of tomcat app server that the ajp 1.3 protocol is supported:
  http://tomcat.apache.org/tomcat-4.0-doc/config/ajp.html
  http://tomcat.apache.org/tomcat-3.3-doc/mod_jk-howto.html#s8
  http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
  http://www.mulesoft.com/understanding-tomcat-connectors
  <!-- A "Connector" represents an endpoint by which requests are received
           and responses are returned. Documentation at :
           Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
           Java AJP  Connector: /docs/config/ajp.html
           APR (HTTP/AJP) Connector: /docs/apr.html
           Define a non-SSL HTTP/1.1 Connector on port 8080
      -->
      <Connector port="8080" protocol="HTTP/1.1"
                 connectionTimeout="20000"
                 redirectPort="8443" />
  <!-- Define an AJP 1.3 Connector on port 8009 -->
      <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
  Do we need to disable the HTTP protocol in Tomcat and keep only AJP connector enabled? If yes, how to do that?
  I am trying to connect to the application from OHS server like so I am using the http protocal right? How should I use the ajp protocol to connect to tomcat application? 
  http://ohs-host:ohs-port/abcd
  Thanks !!!!!

• OAM 11gR2 and 10g

  Following url is for 10g OAM for resource protection
  http://docs.oracle.com/cd/E12530_01/oam.1014/b32420/v2access.htm#BABJHAIJ
  Please can someone confirm that the flow for authentication/authorization is almost same in OAM 11gR2 (though product names have change like Access server for OAM server, but hope basic functionality of WebGates remains same)

  Hi,
  The flow is more or less the same, and the functionality of the WebGates is the same - but there are some differences in 11g. For one thing, the policies in 10g are stored in ldap, whereas in 11g they are stored in a DB. Also, in 11g there is a session cookie in addition to the authentication token. The 11g Access Admin Guide shows some flows, for example here: http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/agents.htm#AIAAG1729
  Regards,
  Colin

• OAM 11gR2 Authentication using username/password/additional ldap field

  I want to add additional credential parameter along with username and password to be validated against LDAP.
  Is there any out of the box solution for authentication using username/password/additional ldap field in OAM 11gR2?
  This solutions exist in 10g and could not find any OOB feature in 11g.

  Do you need to accept additional parameter from user via login form & then use it in credential mapping step
  Not sure if %% syntax would work .. havent tried it. next option is to develop custom authentication plugin
  Additional ldap attribute against static value
  If you need to add additional ldap attribute (check against static value) that you can specify in LDAP search filter in "User Identification plugin" configuration
  Take a look at "MTLDAPPlugin" under custom authentication modules
  Hope this helps

• OAM 11gR2 - Remote Registration Exception - HTTP Error 501

  Hello
  I installed OAM 11gR2 and am trying to configure OAM with WebGate.
  While doing remote registration using rreg.bat I get an exception
  RemoteRegistrationException
  HTTP error 501 could not send HTTP Post message
  Can anyone help me?
  Thanks,
  Ram

  Its most likely a problem with your java version.
  I know for sure that Java version 1.6.0_37 doesn't work and that 1.6.0.41 works for sure.
  Can you try installing a different version of java.
  if on linux use the
  update-alternatives --config java
  as root to point to the java (other version that you installed) and try again.
  Let me know if that helps.
  Cheers
  -Kungo

• OAM 11gR2 Throwing SSL Warning after configured to use HTTPS Load Balancer

  I have configured OAM 11gR2 to use an https load balancer on 14100 and have set my managed servers SSL listen port to 14100 (Could not use 14101 because the HTTPS VIP created was listing on 14100) everything works fine with this configuration, but my logs are filling up the the following warning.
  <Oct 3, 2012 1:41:54 PM UTC> <Warning> <Security> <BEA-090475> <Plaintext data for protocol HTTP was received from peer 10.228.0.1 - 10.228.0.1 instead of an SSL handshake.>
  I know that 10.228.0.1 is the DNS server, but I'm not sure why this happening. Any ideas?

  What is WLS and OHS versions are you using in this environment?
  If it's old version than these, please upgrade WLS to 10.3.3 and the OHS to 11.1.1.3. These is a known bug on WLS side not it OAM.
  I hope this helps,
  Thiago Leoncio.

• Basic Hyperion Workspace question

  Is there any way to Drill-Down to data by double-clicking on the chart item in Hyperion Workspace? I can do this in Hyperion Reporting Studio.

  hi all,Hi Neerav
  I have very basic clone database question
  If i create database A and clone database B using A...
  I want to know that any operation done on A will be automatically done on Cloned database B.Oops....Now you're asking about rocket science. Sorry, I don't know.
  I know about some basics:
  Streams or Replication--> Which can give you data on B in read-write mode.
  DR--> For safeguarding your database and B will work as DR solution.
  Hope u understandNo, please make us understand.
  Regards,
  S.K.

• Basic recording/feedback question

  I'm recording basic vocals against accompaniment tracks using an APOGEE ONE and Audio-Technica 40 series AT8449 condenser mic. I use only headphones, no external speakers.
  If I record with "monitoring" on I constantly battle feedback/distortion, especially on songs with a wide dynamic range. When the feedback protection kicks in the message indicates that I'm getting feedback through my external speakers (which I don't have), I can minimize the problem by turning "monitoring" off but I lose the reference vocal. I know I must be overlooking something very simple. Any help is appreciated.

  hi all,Hi Neerav
  I have very basic clone database question
  If i create database A and clone database B using A...
  I want to know that any operation done on A will be automatically done on Cloned database B.Oops....Now you're asking about rocket science. Sorry, I don't know.
  I know about some basics:
  Streams or Replication--> Which can give you data on B in read-write mode.
  DR--> For safeguarding your database and B will work as DR solution.
  Hope u understandNo, please make us understand.
  Regards,
  S.K.

• Basic PDF/SSL Question

  Okay, I know this is a basic question, and I'm not sure if this is really where I should be posting it, but maybe someone out there has experience with this.
  I have a PDF form sitting on a secure server.  I have it set up to email the completed PDF back to our company when the user clicks the SUBMIT buttton.  Whether or not the PDF is secure coming back to us would be dependent on the email server the user uses - not that the form sits in a secure area on our server or that the PDF is security settings are set, correct?
  Any input appreciated.
  Thanks
  Q

  hi all,Hi Neerav
  I have very basic clone database question
  If i create database A and clone database B using A...
  I want to know that any operation done on A will be automatically done on Cloned database B.Oops....Now you're asking about rocket science. Sorry, I don't know.
  I know about some basics:
  Streams or Replication--> Which can give you data on B in read-write mode.
  DR--> For safeguarding your database and B will work as DR solution.
  Hope u understandNo, please make us understand.
  Regards,
  S.K.

• Basic wifi service question

  basic wifi service question
  A Windows-using friend of mine subscribes to a service from Verizon that is sort of like a cell phone for a computer - wifi service that you can access from theoretically anywhere, for something like $60 a month -
  as far as I can determine, one CAN get this for Mac but ONLY if you have a 15 or 17 inch laptop with PC slots - unless I am missing something. It requires a special kyocera card.
  Another company, T-Mobile, offers a similar service, but with no MAC access at all.
  So my question is: is there a similar service, wi-fi access theoretically anywhere (or even just anywhere in New York City) ? Hopefully with just the regular mac airport card and not any additional special hardware?
  Thanks!
  Will

  Hello WillFriedwald2
  The kind of service your describing is probably a 3G and GPRS service.
  Phone companies now offer mobile high speed connections using EDGE technology or GPRS2 and supply a 3G or GPRS PCMCIA card.
  However some companies are now offering a package whereby you get high speed 3g and gprs and also wifi.
  So to use this service on a laptop that has no PC card slot you need to get a 3G or GPRS2 phone that supports blue tooth then you can connect your laptop to the phone over bluetooth and therefore access high speed internet.
  But if you had a desktop mac such as a G5 you would be better just getting a regular cable or dsl connection in your home and invest in a wireless router.

• Basic JDBC transactional question

  Hello all,
  I have (what I believe) is a basic transactional JDBC question.
  Here's what I want to do:
  begin transaction
  select a row from a table where (some condition).
  that row may or may not exist.
  if the row exists: update the row
  else if the row does not exist, insert a new row
  end transaction
  I want this entire thing to be atomic .. I don't want the select to complete, then have something else come in there before the update/insert takes place.
  I'm using MySQL .. I seem to remember hearing about some proprietary MySQL command which would do a SELECT + UPDATE atomically .. which would be fine, but I can't find it.
  Wrapping this with a row-level lock would be fine too .. I'm just not sure how to do that in JDBC.
  Thanks!
  -d

  By thte way, and not that it helps the orignal poster, who's using MySQL, but Oracle has a proprietary MERGE statement that does "insert or update" in one go. For example:
  MERGE INTO bonuses D
     USING (SELECT employee_id, salary, department_id FROM employees
     WHERE department_id = 80) S
     ON (D.employee_id = S.employee_id)
     WHEN MATCHED THEN UPDATE SET D.bonus = D.bonus + S.salary*.01
       DELETE WHERE (S.salary > 8000)
     WHEN NOT MATCHED THEN INSERT (D.employee_id, D.bonus)
       VALUES (S.employee_id, S.salary*0.1)
       WHERE (S.salary <= 8000);

• Basic Clone database question

  hi all,
  I have very basic clone database question
  If i create database A and clone database B using A...
  I want to know that any operation done on A will be automatically done on Cloned database B.
  Hope u understand
  Thanks,
  Neerav

  hi all,Hi Neerav
  I have very basic clone database question
  If i create database A and clone database B using A...
  I want to know that any operation done on A will be automatically done on Cloned database B.Oops....Now you're asking about rocket science. Sorry, I don't know.
  I know about some basics:
  Streams or Replication--> Which can give you data on B in read-write mode.
  DR--> For safeguarding your database and B will work as DR solution.
  Hope u understandNo, please make us understand.
  Regards,
  S.K.

• Install SSL certificate for OAM 11gR2

  Experts, I wanted to know some recommended urls, links etc for configuring and installing SSL certs for OAM 11gR2.
  Base install for OAM is working fine and all consoles are ok.
  I have found following link from the docs
  http://docs.oracle.com/cd/E27559_01/core.1112/e28516/sslconfig.htm#ASADM1800
  Please confirm above link would suffice to install and configure SSL.
  Any other challenges or issues likely to come up would help, like importing certificates and root certificate etc.

  Assuming you're referring to SSL between OAM Server and WebGate, it is documented here: Securing Communication - 11g Release 2 (11.1.2)
  Regards,
  Colin

• OAM 11gR2 and OVD

  Hi,
  It appears OVD did not make it into the Oracle Fusion Middleware Identity Management 11gR2 release. The latest version available is still the one included in the Oracle Fusion Middleware Identity Management 11gR1 release. Is that correct?
  If so, I have a deployment of Oracle Access Manager 11gR2, which I'd like to integrate with OVD. Does this situation mean that I must deploy another entire WebLogic domain for the Oracle Fusion Middleware Identity Management 11gR1 release? Or is it possible to somehow install the 11gR1 version of OVD into the 11gR2 instance I've already got?
  - Jim

  Yes, the latest version of OVD available is 11.1.1.6 (11g R1). You may use this version with OAM 11gR2.
  OVD 11.1.1.6 uses WebLogic 10.3.6 and OAM 11g R2 also uses the same weblogic version. Please let me know if you are on some other version of WLS.
  As per best practice, try to keep the OAM and OVD in separate WLS domains.