Configuring BPEL with OID
I'm trying to configure the BPEL PM with OID-LDAP. Whenever I run the configure_oid.sh script, there are a few errors being returned.
Has anyone had problems with this script? There was already a BPEL PM 10.1.2.0.2 configured with this infrastructure and this may be the cause of the problem.
[oracle@myserver ant-tasks]$ ant -f oid-config.xml -Doid.admin.user=orcladmin -Doid.admin.pwd=xxxxx -Doid.nonssl.port=389 -Dssl.enabled=true -Doid.realm=testrealm -Doid.seed=seedRequiredUsers -Doc4j.admin.user=oc4jadmin -Doc4j.admin.pwd=xxxxx -Doc4j.container=oc4j_soa
Buildfile: oid-config.xml
config-oid:
[echo] Configuring OID...
[java] Install Configuration
[java] Install Type: ConfigureOID
[java] Oracle Home: /oracle/soa10g
[java] JDK Home: /oracle/soa10g/jdk
[java] Proxy Required: false
[java] Database Vendor: oracle
[java] OID Host: ${oid.host}
[java] OID Port: 389
[java] OID Realm: testrealm
[java] OID Seed: seedRequiredUsers
[java] Admin User: orcladmin
[java] ***************************************************************
[java] Trying to obtain OID specific details from configuration files.
[java] Warning: You would encounter problems if you have not associated you r instance with an OID.
[java] ***************************************************************
[java] OID Host is: myserver.mydom.com
[java] OID Port is: 636
[java] Seeding users/roles in OID realm : testrealm...
[java] Buildfile: bpminstall.xml
[java] seed-oid:
[java] init:
[java] seed-oid:
[java] Seeding system users/roles into OID ...
[java] Migration of LDIF data failed. Not all the entries are successfully migrated
[java] Demo users/roles will not be seeded into OID ...
[java] BUILD SUCCESSFUL
[java] Total time: 2 seconds
[java] Exit: 0
[java] Configuring BPEL identity service configuration file ...
[java] Adding jaas-mode attribute to hw_services orion-application.xml
[java] Adding jaas-mode attribute to orabpel orion-application.xml
bpel-grant-privileges:
[echo] Granting Server privileges to BPMSystemAdmin role...
[echo] Granting Domain privileges to BPMDefaultDomainAdmin role...
all:
BUILD SUCCESSFUL
Total time: 10 seconds
Looks like you have the same problem I had. I needed to remove any users/groups/roles created by running the script the first time.
My problem was slightly different, I had a issue with multiple realms, which required changing the user search base and group search base in OID.
Once I resolved that removed the users/groups/roles that were created everything worked fine.
Similar Messages
-
Problem integrating BPEL with OID
Hey,
We are setting BPEL up to work with collabsuite mid-tier. When applying the configuration steps in the ContentServices_CustomWorkflows.html provided in the devkit we run into the following problem:
Change to perform:
Create the Service-to-Service (S2S) Application Entity for BPEL, as follows:
Set the CLASSPATH variable:
CLASSPATH=$ORACLE_HOME/integration/orabpel/system/services/config:
$ORACLE_HOME/integration/orabpel/system/services/lib/bpm-services.jar:
$ORACLE_HOME/integration/orabpel/lib/orabpel.jar:$ORACLE_HOME/jlib/repository.jar:
$ORACLE_HOME/jlib/ldap.jar:$ORACLE_HOME/jlib/ldapjclnt10.jar:
$ORACLE_HOME/integration/orabpel/lib/bpm-infra.jar:
$ORACLE_HOME/integration/orabpel/lib/orabpel-common.jar:$CLASSPATH
Run the following command to create an application entity in Oracle Internet Directory:
ORACLE_HOME/jdk/bin/java oracle.tip.pc.services.identity.oid.OIDApplicationEntry AppEntity AppSubentity
Results in the following error trying to run the command:
Exception in thread "main" java.lang.NoClassDefFoundError: oracle.tip.pc.services.identity.oid.OIDApplicationEntry
at gnu.gcj.runtime.FirstThread.run() (/usr/lib/libgcj.so.5.0.0)
at JvThreadRun(java.lang.Thread) (/usr/lib/libgcj.so.5.0.0)
at JvRunMain(java.lang.Class, byte const, int, byte const, boolean) (/usr/lib/libgcj.so.5.0.0)
at __gcj_personality_v0 (/home/oracle/product/J2EE_101200/jdk/bin/java.version=1.4.2)
at __libc_start_main (/lib/tls/libc-2.3.4.so)
at JvRegisterClasses (/home/oracle/product/J2EE_101200/jdk/bin/java.version=1.4.2)
Anybody any ideas on how to solve the problem?
Kind regards and thanks in advance,
KristofThe file WFLDAPB.pls should be used to recreate the package body for WF_LDAP (this file is in the wf/sql directory).
-
Hello, i'm desperatly trying to integrate BPEL human service with SSO.
I want to use but wfCtx is null
wfCtx = wfSvcClient.getTaskQueryService().createContext(request);
Instead this way works but I want SSO
wfCtx = wfSvcClient.getTaskQueryService().authenticate("bpeloid1", "bpeloid1", "localdomain", null);
Could anyone help me by providing a working config for these files (or any other required) ?
$ORACLE_HOME/bpel/system/services/config/is_config.xml
$ORACLE_HOME/bpel/system/services/config/wf_client_config.xml
$ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml
$ORACLE_HOME/j2ee/oc4j_soa/application-deployments/hw_services/orion-application.xml
$ORACLE_HOME/j2ee/oc4j_soa/application-deployments/orabpel/orion-application.xml
RegardsI have the same Problem. Please Help me.
Thanks -
Setup BPEL Process Manager with OID
I followed all the instructions provided by the Content Services Custom BPEL workflow to setup BPEL with OID but I have The error "Identity Service cannot find user" while log in to http://fr101sv0226.corp.tpnet.intra:9700/integration/worklistapp/Login
I have configured :
1)
[oracle@fr101sv0226 orabpel]$ more ./system/services/config/is_config.xml
<BPMIdentityServiceConfig xmlns="http://www.oracle.com/pcbpel/identityservice/isconfig">
<provider providerType="JAZN" name="oid">
<connection url="ldap://fr101sv0226.corp.tpnet.intra:389" binddn="cn=orcladmin" password="CLxKPM04EzA=" encrypted="true">
<pool initsize="2" maxsize="25" prefsize="10" timeout="300000"/>
</connection>
</provider>
</BPMIdentityServiceConfig>
2)[oracle@fr101sv0226 orabpel]$ more ./system/appserver/oc4j/j2ee/home/config/jazn.xml
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
<jazn provider="LDAP" location="ldap://fr101sv0226.corp.tpnet.intra:389">
<property name="ldap.cache.session.enable" value="false"/>
<property name="ldap.cache.realm.enable" value="false"/>
<property name="ldap.user" value="cn=orcladmin"/>
<property name="ldap.password" value="{903}q/BL01wZ0UsS9H+PIN25ih4tlPcSWaLm"/>
<property name="ldap.cache.policy.enable" value="false"/>
</jazn>
(password value was "!password"
3)oracle@fr101sv0226 orabpel]$ more ./system/appserver/oc4j/j2ee/home/application-deployments/hw_services/orion-application.xml
<?xml version="1.0"?>
<!DOCTYPE orion-application PUBLIC "-//ORACLE//DTD OC4J Application runtime 9.04//EN" "http://xmlns.oracle.com/ias/dtds/orion-application
-9_04.dtd">
<orion-application deployment-version="10.1.2.0.0" default-data-source="jdbc/OracleDS" treat-zero-as-null="true">
<ejb-module remote="false" path="hw_services.war" />
<web-module id="testconnection" path="testconnection.war" />
<web-module id="deploy" path="deploy.war" />
<web-module id="worklistxpress" path="worklistxpress.war" />
<web-module id="hw_services" path="hw_services.war" />
<persistence path="persistence" />
<principals path="principals.xml" />
<!--jazn provider="XML" location="jazn-data.xml" /-->
<jazn provider="LDAP" location="ldap://fr101sv0226.corp.tpnet.intra:389" >
<property name="ldap.cache.session.enable" value="false" />
<property name="ldap.cache.realm.enable" value="false" />
<property name="ldap.user" value="cn=orcladmin" />
<property name="ldap.password" value="!sv0226" />
<property name="ldap.cache.policy.enable" value="false" />
</jazn>
(the password has not beend encrypted for this file???)
Please Help....
Thanks
JOHi JO,
Can you confirm the following:
That the 10.1.2.0.0 Application Server instance to which you installed BPEL was configured with the same Oracle Internet Directory that is used by Content Services (you would have had an option during AS install to specify OID integration - aka Identity Management access).
Note - that the OID Server must also be running on both SSL and non SSL Ports.
The bpel integration documentation has been revised since the 10.1.1 release.
As per the OC4J J2EE Security Guide, one should not need to specify full OID jazn provider information should the IAS instance be associated with Identity Management.
Thus, you should now be able to set the following revised values in the various configuration files:
$ORACLE_HOME/j2ee/OC4J_BPEL/config/jazn.xml
<jazn provider="LDAP" />
$ORACLE_HOME/integration/orabpel/system/appserver/oc4j/j2ee/home/config/jazn.xml
<jazn provider="LDAP" />
Also, the orion-application.xml file should not need to be changed at all, as it should inherit the jazn information from the containers default JAZN configuration specified in $ORACLE_HOME/j2ee/OC4J_BPEL/config/jazn.xml
To summarize:
1) $ORACLE_HOME/j2ee/OC4J_BPEL/application/deployments/hw_services/orion-application.xml should not need to be modified.
2) $ORACLE_HOME/j2ee/OC4J_BPEL/config/jazn.xml and $ORACLE_HOME/integration/orabpel/system/appserver/oc4j/j2ee/home/config/jazn.xml should contain a jazn entry <jazn provider=LDAP/>
The steps for configuring Identity Service Provider (is_config.xml) are correct. However it should not noted that due to limitations with BPELs OIDIdentityService and OIDProvider classes, there is no way of setting up ssl connectivity in is_config.xml this however has no effect on the workflows.
thanks,
Matt -
Configure BPEL 10.1.2.0.2 with JDeveloper 10.1.2.1
I use JDeveloper version 10.1.2.1. Is there a way to configure BPEL 10.1.2.0.2 with it, as a plug-in? Because otherwise, I must use an JDeveloper version that comes with BPEL and another one for my other applications (configure CVS, take care about patches, etc.). If not, why is not BPEL distributed as plug-in?
kind regards,
VladimirIf memory serves me right, I think a BPEL addon pack is being created for the latest version of JDeveloper. I guess we just have to be a bit more patient!
-
Configuration of oim 10g and oam 10g.. and integrating oam10g with oid
Hi..
i am trying to configure OAM10g and OIM10g and integrate OAM10g with OID..
please send me the documents if any had...
Thanks & Regards,
avinashFor integrating OIM 10g with OAM 10g, refer doc below:
http://docs.oracle.com/cd/E14899_01/doc.9102/e14761/oamsso.htm#sthref78
For OAM and OID integration refer:
http://docs.oracle.com/cd/E15217_01/index.htm
regards,
GP -
Worklist application not able to authnticate with OID
Hi,
I have configured my BPEL PM (Out side Mid-Tier) with OID by configuring is_config.xml file. But the Worklist is not logging into. I made modification in jazn.xml by adding OID entry and also modified the orion-application.xml of that working application to pointing to OID. Still not able to login.
Any clue?
Thanks in Adv
Venkatahi
It seems to work now. I can't quite figure out what I did differently this time as I just changed the "comment" signs ..
but here's the files I changed ..
[ORACLE_HOME]\j2ee\OC4J_BPEL\config\jazn.xml
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
<!--
<jazn provider="XML" location="./jazn-data.xml" default-realm="jazn.com"/>
<jazn provider="LDAP" location="ldap://myoid.us.oracle.com:389" />
-->
<jazn provider="LDAP" location="ldap://[HOST]:8285" default-realm="local">
<property name="ldap.user" value="cn=orcladmin"/>
<property name="ldap.password" value="!welcome1"/>
</jazn>
[ORACLE_HOME]/quioto1/sw/as/1012/as/j2ee/OC4J_BPEL/application-deployments/hw_services/orion-application.xml
<?xml version="1.0"?>
<!DOCTYPE orion-application PUBLIC "-//ORACLE//DTD OC4J Application runtime 9.04//EN" "http://xmlns.oracle.com/ias/dtds/orion-application-9_04.dtd">
<orion-application deployment-version="10.1.2.0.0" default-data-source="jdbc/OracleDS" treat-zero-as-null="true">
<ejb-module remote="false" path="hw_services.war" />
<web-module id="testconnection" path="testconnection.war" />
<web-module id="deploy" path="deploy.war" />
<web-module id="worklistxpress" path="worklistxpress.war" />
<web-module id="hw_services" path="hw_services.war" />
<persistence path="persistence" />
<principals path="principals.xml" />
<!--
<jazn provider="XML" location="jazn-data.xml" />
-->
<jazn provider="LDAP" location="ldap://[HOST]:8285" default-realm="local" />
<log>
<file path="application.log" />
</log>
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping name="<jndi-user-role>">
<group name="administrators" />
</security-role-mapping>
</namespace-resource>
</read-access>
<write-access>
<namespace-resource root="">
<security-role-mapping name="<jndi-user-role>">
<group name="administrators" />
</security-role-mapping>
</namespace-resource>
</write-access>
</namespace-access>
</orion-application>
[ORACLE_HOME]/quioto1/sw/as/1012/as/j2ee/OC4J_BPEL/config/application.xml
<?xml version = '1.0' standalone = 'yes'?>
<!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application runtime 1.2//EN" "http://xmlns.oracle.com/ias/dtds/orion-application-9_04.dtd">
<!-- The global application config that is the parent of all the other
applications in this server. -->
<orion-application autocreate-tables="true" default-data-source="jdbc/OracleDS">
<web-module id="defaultWebApp" path="../../home/default-web-app"/>
<web-module id="dms" path="../../home/applications/dms.war"/>
<commit-coordinator>
<commit-class class="com.evermind.server.OracleTwoPhaseCommitDriver"/>
<property name="datasource" value="jdbc/OracleDS"/>
<!-- Username and password are the optional properties
replace with your commit_co-ordinator_super_user
<property name="username"
value="system" />
<property name="password"
value="->pwForSystem" />
-->
</commit-coordinator>
<persistence path="../persistence"/>
<!-- Path to the libraries that are installed on this server.
These will be accesible for the servlets, EJBs etc -->
<library path="../applib"/>
<library path="../../../BC4J/lib"/>
<!-- FTP SSL Jars - Patch 01 - 4406640 -->
<library path="/quioto1/sw/as/1012/as\integration\orabpel\system\services\lib\oraclepki.jar"/>
<library path="/quioto1/sw/as/1012/as\integration\orabpel\system\services\lib\phaos.jar"/>
<library path="../../../jlib/ojmisc.jar"/>
<library path="../../../ord/jlib/ordim.jar"/>
<library path="../../../ord/jlib/ordhttp.jar"/>
<library path="../../../jlib/jdev-cm.jar"/>
<library path="../../../lib/dsv2.jar"/>
<library path="../../../lib/xsu12.jar"/>
<!-- Path to the taglib directory that is shared
among different applications. -->
<library path="../../../j2ee/home/jsp/lib/taglib"/>
<library path="../../../uix/taglib"/>
<library path="../../../lib/oraclexsql.jar"/>
<library path="../../../lib/xsqlserializers.jar"/>
<!-- Comment the following element to use principals.xml -->
<library path="/quioto1/sw/as/1012/as/integration/orabpel/system/classes"/><library path="/quioto1/sw/as/1012/as/jdk/lib/tools.jar"/><library path="/quioto1/sw/as/1012/as/adapters/lib/orabpel-adapters.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/orabpel-common.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/orabpel-thirdparty.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/orabpel.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/orabpel-ant.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/ant-launcher_1.6.2.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/ant_1.6.2.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/oracle_http_client.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/commons-fileupload-1.0.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/bpm-infra.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/olite40.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/orawsdl.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/config"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/bpm-services.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/wdk.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/pushapi.jar"/><library path="/quioto1/sw/as/1012/as/jlib/ldap.jar"/><library path="/quioto1/sw/as/1012/as/jlib/ldapjclnt10.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/soap.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/fndctx.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/wfapi.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/wfjava.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/b2b.jar"/><principals path="./principals.xml"/>
<log>
<file path="../log/global-application.log"/>
<!-- Uncomment this if you want to use ODL logging capabilities
<odl path="../log/global-application/" max-file-size="1000" max-directory-size="10000"/>
-->
</log>
<jazn provider="XML" location="./jazn-data.xml"/>
<data-sources path="data-sources.xml"/>
<connectors path="./oc4j-connectors.xml"/>
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping>
<group name="administrators"/>
</security-role-mapping>
</namespace-resource>
</read-access>
<write-access>
<namespace-resource root="">
<security-role-mapping>
<group name="administrators"/>
</security-role-mapping>
</namespace-resource>
</write-access>
</namespace-access>
<password-manager>
<jazn provider="XML" location="./jazn-data.xml"/>
</password-manager>
</orion-application>
[ORACLE_HOME]/quioto1/sw/as/1012/as/integration/orabpel/system/services/config/is_config.xml
<BPMIdentityServiceConfig xmlns="http://www.oracle.com/pcbpel/identityservice/isconfig">
<provider providerType="JAZN" name="oid">
<connection url="ldap://[HOST]:8285" binddn="cn=orcladmin" password="welcome1" encrypted="false"/>
</provider>
</BPMIdentityServiceConfig>
Then I restarted the OC4J_BPEL container.
I tried the following URL:
http://[HOST]:8220/integration/services/IdentityService?operation=lookupUser
and could find all my users.
I then tried logging in from the Worklist Application and that also worked ..
So good luck
Jan Willem -
OIM 11g R1 LDAP Synch with OID.
Hi,
We are doing an LDAP Synch with OID directly. The users from various organisations in OIM needs to be synched to different OU's in OID, instead of a single container. How do we acheive this? would it be easy if we involve OVD also?Here is some sample code configuration which may give you a start - hope it helps.
Sample code that can be called in a pre-process event handler to copy the users organinisation to the LDAP Organization Unit
HashMap<String, Serializable> parameters = orchestration.getParameters();
Serializable param = parameters.get("act_key");
String act_key = null;
if (param instanceof ContextAware) {
act_key = ((ContextAware) param).getObjectValue().toString();
} else {
act_key = param.toString();
if (act_key != null) {
OrganizationManager orgMgr = Platform.getService(OrganizationManager.class);
Set<String> retAttrs = new HashSet<String>();
retAttrs.add("Organization Name");
Organization org = null;
try {
org = orgMgr.getDetails(act_key, retAttrs, false);
} catch (OrganizationManagerException e) {
} catch (AccessDeniedException e) {
String orgName = (String) org.getAttribute("Organization Name");
orchestration.addParameter("LDAP Organization Unit", orgName);
Sample container mapping rule
<rule>
<expression>LDAP Organization Unit=Test Organization</expression>
<container>ou=Test Organization,ou=users,o=org</container>
<description>Add user to the Test Organization OU in LDAP if their OU is set to Test Organization</description>
</rule>
Sample change in /db/LDAPUser
<!-- Two act_key entries in the <reconFields> section to set RECON_ACT_KEY. -->
<!-- The first sets RECON_ACT_KEY to the default value from the scheduled job -->
<!-- The second overwrites RECON_ACT_KEY with an OU value if supplied in the LDAP User data. -->
<reconAttr>
<oimFormDescriptiveName>act_key</oimFormDescriptiveName>
<reconFieldName xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">Organization Name</reconFieldName>
<reconColName>RECON_ACT_KEY</reconColName>
<emDataType>number</emDataType>
<formFieldType/>
<targetattr keyfield="false" encrypted="false" required="false" type="String" name="act_key"/>
</reconAttr>
<reconAttr>
<oimFormDescriptiveName>act_key</oimFormDescriptiveName>
<reconFieldName xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">ou</reconFieldName>
<reconColName>RECON_ACT_KEY</reconColName>
<emDataType>number</emDataType>
<formFieldType/>
<targetattr keyfield="false" encrypted="false" required="false" type="String" name="act_key"/>
</reconAttr> -
Oracle Forms 11g SSO with OID and IAM
What versions of OID and Access Manager are required to get an Oracle Forms and Reports 11.1.1.2 application
on Weblogic 10.3.2 configured for Oracle SSO using OID authentication?
We want the OID to store and authenticate Users for username and password logins to the database, then
ultimately by user Certificate authentication in OID. I have OID 11.1.1.2 installed and SSO enabled for Forms
in Enterprise Manager.
Is Access Manager required for Forms SSO with OID authentication to work or just to allow user interaction
for registration and Password reset?
Things mention OAM 10.4.3 and others talk about IAM 11g for Forms 11.1.1.2 SSO to work with OID.
We did this back in Oracle Forms and OID 10g with JSP and LDAP to setup users but I understand 11g is
different and IAM can help or is required for this type of SSO to work.
Any help?
Edited by: Kirch on Apr 30, 2013 7:39 AMHi,
According to Oracle's certification matrix found at http://www.oracle.com/technetwork/middleware/downloads/fmw-11gr1certmatrix.xls, Oracle Forms 11.1.1.2 is not supported to use any Oracle Access Manager (OAM) version. OAM is a component of IAM. It is only supported with Oracle SSO 10.1.4.x. The best solution would be to upgrade the Forms and Reports environment to either 11gR2 (11.1.2.1) or to the latest 11gR1 patchset 11.1.1.7. Both versions are compatible with OAM 11.1.1.7.0 and OID 11.1.1.7.0 where only Forms 11gR2 (11.1.2.1) is compatible with OAM 11.1.2.0 and OID 11.1.1.7.0. That would be the best solution as we have ran into configuration problems in the past with using Oracle SSO 10.1.4.x.
Since OID 11.1.1.2.0 is already installed, you should be able to patch it up to 11.1.1.7.0.
For user authentication in OID, it is required to have OAM or Oracle SSO as both products use WebGate or mod_osso agents for authentication and authorization. For purposes of allowing end users to register accounts and password reset, you will either need to also install another IAM component called Oracle Identity Manager (OIM) or create a customized SSO login page that can be coded to perform these actions. I believe there are some examples available on the Internet.
Thanks,
Scott
http://pitss.com/us -
How to Proceed oracle database 10.2.0.4 with OID 10.1.4.0.1
Hi,
We have Oracle Metadata Repository version 10.2.0.4 and our Oracle Identity Management version is 10.1.4.0.1
While installing/configuring OID 10.1.4.0.1 we are getting the below error.
"You must have an OID schema version 10.1.4.0.1 to 10.1.4.9.9.Please select another Metadata Repository or upgrade the OID schema in this Metadata Repository to a compatable version."
Is it possible to have oracle database 10.2.0.4 with OID 10.1.4.0.1?
How to proceed further?Hi.
We have installed Metadata Repository on the Existing database using RepCA
During installation of Oracle Identity Management we are getting the below error
"You must have an OID schema version 10.1.4.0.1 to 10.1.4.9.9.Please select another Metadata Repository or upgrade the OID schema in this Metadata Repository to a compatable version."
Here there are some of the details from metadata repository database
SQL> select * from INTERNET_APPSERVER_REGISTRY.components;
PRODUCT COMPONENT_NAME COMPONENT_VERSION
Metadata Repository Container mrc 9.0.4.0.0
SQL> select comp_id,version,status from app_registry;
COMP_ID VERSION STATUS
SYNDICATION 10.1.2.0.2 VALID
PORTAL 10.1.2.0.2 VALID
SSO 10.1.2.0.2 VALID
WORKFLOW 10.1.2.0.2 VALID
B2B 10.1.2.0.2 VALID
BAM 10.1.2.0.2 VALID
MRC 10.1.2.0.2 VALID
OCA 10.1.2.0.2 VALID
OID 10.1.2.0.2 VALID
DCM 10.1.2.0.2 VALID
DISCOVERER 10.1.2.0.2 VALID
COMP_ID VERSION STATUS
WCS 10.1.2.0.2 VALID
UDDI 10.1.2.0.2 VALID
WIRELESS 10.1.2.0.2 VALID
14 rows selected.
From the above query we see that OID version is 10.1.2.0.2 and we have to upgrade the OID schema version to 10.1.4.0.1.
Can you tell us how to upgrade the OID schema version and with proper document to follow?
Kindly update for any output from my side
Thanks -
BPEL with Oracle E-business suite 11.5.10
Hi,
We are in the process of testing BPEL with Oracle E-Business suite 11.5.10. What is the best document for configuring these two components.
Thanks
GiriI recommend you to read documentation about Oracle Applications adapter. This is good start from technical point of view. http://download-west.oracle.com/docs/cd/B14099_19/integrate.1012/b16498.pdf
-
Associating oc4j instance with OID
Hi All,
I am trying to associate oc4j instance with OID in enterprise manager (as a
first step towards configuring workflow identity service with OID). But I am getting
the following error whenever I tried
An error occurred while attempting to associate this instance with the specified Oracle Internet Directory. The security provider will NOT be changed for any application. Please ensure that the OID instance is indeed up and that the connect information provided is correct before retrying.
JAZN configuration failed: unable to create a JAZN entity in the directory.
[LDAP: error code 50 - Insufficient Access Rights]
I am logging in as orcladmin user (to OID) and this user has all the admin
rights and all the privilages that I can see in ldap. Not sure what I am missing.
Any pointers will be of great help.
Thanks
RajHi,
I got this resolved. Basically there are two ids in OID cn=orcladmin and
cn=orcladmin,cn=users,cn=mycompany,cn=com. I have to use
cn=orcladmin to associate an oc4j instance with OID and I was using the other one.
Thanks -
Error installation when configure OAM with FORMS 11Gr2 (SSO)
Hi
I try configure SSO with Forms 11gR2 (windows 2008).
1. Install RCU 11.1.1.5.0
2. Install and configure OID (ofm_idm_win_11.1.1.2 & patch ofm_idm_win_11.1.1.5)
3. Install OAM (ofm_iam_generic_11.1.1.5 & Patch 11.1.1.5.3 (13473393))
4. Integrate OAM & OID - After that i can logon to my oamconsole using OID (LDAP) identifier
5. Try install Forms 11gr2 ( ofm_frmrpts_win_11.1.2.0.0_64)
During installation, i complete information about my OID, then i put connect information to OAM and i get error.
OAMAdminServer - console
<2012-07-17 08:44:32 CEST> <Error> <oracle.oam.engine.remotereg> <OAM-30046> <agent validate mode failed. Agent does not exist. >
InstallLog
Welcome to OAM Remote Registration Tool!
Parameters passed to the registration tool are:
Mode: agentvalidate
Agent name: 120717084429_RREG_OSSO_VALIDATE
Enter your server address (http(s)://FQDN:port):Server Address: http://weblogic:7002
Enter admin username:Username: weblogic
Enter admin password: Enter admin password:Your validate request is being sent to the Admin server at: http://weblogic:7002
2012-07-17 08:44:33 oracle.security.am.engines.rreg.common.XMLValidationEventHandler handleEvent
SEVERE: Error occurred while parsing the XML file.Error message is: cvc-complex-type.2.4.d: Invalid content was found starting with element 'managedServerUrl'. No child element is expected at this point.
At Column:421
and At line number: 1
Error message is: cvc-complex-type.2.4.d: Invalid content was found starting with element 'managedServerUrl'. No child element is expected at this point.
At Column:421
and At line number: 1
The remote registration process did not succeed! Please find the specific error message below.
Error in unmarshal2012-07-17 08:44:34 oracle.security.am.engines.rreg.common.RequestResponseParser parseFromXMLString
SEVERE: Exception encountered: RemoteAgentRegistrationException. Specific exception:JAXBException.nulljavax.xml.bind.UnmarshalException
- with linked exception:
[org.xml.sax.SAXParseException: cvc-complex-type.2.4.d: Invalid content was found starting with element 'managedServerUrl'. No child element is expected at this point.]
2012-07-17 08:44:34 oracle.security.am.engines.rreg.client.RegClient main
SEVERE: Exception encountered: RemoteAgentRegistrationException. Specific exception:Error in unmarshalling operation! Please try again.oracle.security.am.engines.rreg.common.RemoteAgentRegistrationException: Error in unmarshalling operation! Please try again.
ling operation! Please try again.
resultset.getStatus() : false
Thanks in advice.
OscarHi,
This is a bug with OAM 11.1.1.5.x
The fix is to use OAM 11.1.2.x and you should be able to configure FR 11.1.2.x and connect to OID and OAM.
Regards,
noveaux_life -
Error when associating an OC4J instance with OID
Hi everybody,
I'm having a problem when trying to associate a OC4J instance with OID, i get the following error:
An error occurred while attempting to associate this instance with the specified Oracle Internet Directory. The security provider will NOT be changed for any application. Please ensure that the OID instance is indeed up and that the connect information provided is correct before retrying.
Error invoking method: associateOC4JWithOID on MBean: oc4j:j2eeType=Security,name=SecurityProvider,J2EEApplication=default,J2EEServer=standalone
Error invoking method: associateOC4JWithOID on MBean: oc4j:j2eeType=Security,name=SecurityProvider,J2EEApplication=default,J2EEServer=standaloneAfter have enabled the FINEST logging i found this in the log:
12/06/26 06:37:54 FINEST: EJBJoinPointImpl.invoke Invoking method public java.lang.Object oracle.oc4j.admin.jmx.ejb.MBeanServerEjbBean.invoke(javax.management.ObjectName,java.lang.String,java.io.Serializable[],java.lang.String[],java.util.Locale) throws javax.management.InstanceNotFoundException,javax.management.MBeanException,javax.management.ReflectionException,oracle.oc4j.admin.jmx.shared.exceptions.InternalException
12/06/26 06:37:55 FINEST: EJBJoinPointImpl.invoke Error invoking public java.lang.Object oracle.oc4j.admin.jmx.ejb.MBeanServerEjbBean.invoke(javax.management.ObjectName,java.lang.String,java.io.Serializable[],java.lang.String[],java.util.Locale) throws javax.management.InstanceNotFoundException,javax.management.MBeanException,javax.management.ReflectionException,oracle.oc4j.admin.jmx.shared.exceptions.InternalExceptionjavax.management.MBeanException: Exception thrown in RequiredModelMBean while trying to invoke operation associateOC4JWithOID
at oracle.oc4j.admin.jmx.ejb.MBeanServerEjbBean.invoke(MBeanServerEjbBean.java:369)
at sun.reflect.GeneratedMethodAccessor12.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.evermind.server.ejb.interceptor.joinpoint.EJBJoinPointImpl.invoke(EJBJoinPointImpl.java:35)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.TxSupportsInterceptor.invoke(TxSupportsInterceptor.java:37)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.SecurityRoleInterceptor.invoke(SecurityRoleInterceptor.java:47)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.InvocationContextPool.invoke(InvocationContextPool.java:55)
at com.evermind.server.ejb.StatefulSessionEJBObject.OC4J_invokeMethod(StatefulSessionEJBObject.java:844)
at MBeanServerEjb_RemoteProxy_1me2j7.invoke(Unknown Source)
at sun.reflect.GeneratedMethodAccessor11.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.evermind.server.rmi.RmiMethodCall.run(RmiMethodCall.java:67)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:619)
Caused by: oracle.security.jazn.JAZNException: JAZN configuration failed: unable to create a JAZN entity in the directory.
at oracle.security.jazn.util.AssociateOID.createJAZNInstanceEntity(AssociateOID.java:152)
at oracle.security.jazn.util.AssociateOID.configure(AssociateOID.java:265)
at oracle.security.jazn.jmx.SecurityProvider.associateOC4JWithOID(SecurityProvider.java:694)
at oracle.oc4j.admin.management.mbeans.SecurityProviderManager.associateOC4JWithOID(SecurityProviderManager.java:1493)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:37)
at sun.reflect.GeneratedMethodAccessor8.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:244)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1074)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:955)
at oracle.oc4j.admin.jmx.server.mbeans.model.DefaultModelMBeanImpl.invoke(DefaultModelMBeanImpl.java:700)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at oracle.oc4j.admin.jmx.server.state.ApplicationStateFilterMBeanServer.invoke(ApplicationStateFilterMBeanServer.java:572)
at oracle.oc4j.admin.jmx.ejb.MBeanServerEjbBean.invoke(MBeanServerEjbBean.java:365)
... 22 more
Caused by: javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient Access Rights]; remaining name 'orclApplicationCommonName=jaznadmin1,cn=JAZNContext,cn=products,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3049)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:788)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:178)
at oracle.security.jazn.util.AssociateOID.createEntry(AssociateOID.java:382)
at oracle.security.jazn.util.AssociateOID.createJAZNInstanceEntity(AssociateOID.java:137)
... 41 moreDoes anybody knows how to fix this error: "LDAP: error code 50" ?? which i guess is the problem
Thanks for your help!
Regards
CarlosSo after some days i found the answer to my problem, the user i was using when associating the OC4J instance was not in the appropriate groups, so i had to add it to these groups:
cn=iASAdmins,cn=Groups,cn=OracleContext
cn=OracleDASCreateUser,cn=Groups,cn=OracleContext
hope this helps if someone gets stuck as i was :) -
Hi All,
Can anybody help me with the deployment architecture for OAM along with OID for an SSO solution. I could not find such a asset in any of the datasheets/documentation od Oracle (typical deployments).I can understand the confusion. It's a complex product with a lot of documentation. And it has undergone several name changes in its history. In reality, it's two products in one:
OAM - Access - This is the security half of the product that performs authentication and authorization, controls access to web applications, and provides web sso. It consists of an Access Server, Policy Manager, and security agents called webgates or access gates. Webgates are pre-built security agents that Oracle ships with the product. They provide webgates for many lead web and application servers. Access gates are basically custom webgates, built and deployed using the Access SDK.
See details here:
http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12494/access.htm#BEIEJFFJ
OAM - Identity - Identity system is the user mgmt half of the product, providing features like self-registration, user self-services, delegated administration, and approval workflow. It consists of an Identity server and a webpass, which is the presentation layer to get into the Identity server. You install a webpass on a web server so users and administrators can access the Identity system.
See details here:
http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12494/identity.htm#CHDCCEDA
OAM does not require a Java application server to operate because it is not a Java application. What it does require is a web server and an LDAP directory server. The LDAP directory stores all your user data as well all the security policies, configurations, and workflows.
Take a look at the Oracle-By-Example training series for OVD and OAM:
http://www.oracle.com/technology/obe/fusion_middleware/im1014/ovd-oam/index.html
It can help you get started with how to install the products. Note that OVD (Oracle's virtual LDAP directory) is not required for OAM, but is used in this example. You need a physical LDAP repository like OID, Sun, OpenLDAP, Novell eDirectory, or Microsoft AD.
Maybe you are looking for
-
Hi I am maintaining a system done by one of our vendors. Application is deployed in WLS 7.0. When I imported the Jsp's into my IDE , I got errors where java.util classes are used in the JSP's and the
-
How can I do an iCloud back-up from the 5 to the 4s?
I previously had the iPhone 5 but it got stolen. I was able to purchase the iPhone 4s and restore the backup from the 5 onto this phone. However, I haven't been able to back up this phone onto my icloud. It's saying I don't have enough storage spa
-
UCCX 9.0 using CUIC - Accessing Custom Stored Procedure
Hello, We recently upgraded to UCCX 9.0 to take advantage of CUIC. So far it's been going well but we had a custom report that we used on the old HR client. It was a copy of the Agent Call Summary report that called a different stored procedure. I
-
Error in opening Enterprise Manager on 10gR1, RHEL4 AS
Please help. After successfully installing Oracle10gR1 I opened a web browser and opened http://localhost.localdomain:5500/em and I login successfully. But after I reboot the PC, when I went to the above mentioned site using the web browser, it produ
-
I'm looking for a report that shows, by payment run, what discounts were taken and/or missed. Does anyone know an existing report or query that will provide this?