Configuring Oracle Access Manager to work with Oracle Web Tier (11.1.1.3)
I am trying to follow http://docs.oracle.com/cd/E14571_01/core.1111/e12035/oam_11g.htm to setup a load balanced OAM configuration. Following the documentation from the article (section 11.5) I'm not able to quite get this working. I believe there is a typo in 11.5.1 step 4 as admin.mycompany.com should be pointing to the IDMHOST1 and IDMHOST2, but please correct me if I'm wrong.
My question more comes in with 11.5.2. When you declare that the OAM Server Host is sso.mycompany.com and port to be 443 you are expecting that OAM makes a call back up to the webcache but I don't believe this is happening. When I define OAM Server Host as a single machine name with OAM installed it works but when I use the load balanced URL that points to the web tier it is unable to find the server. If the call was making it up to the webcache then it would have the definition of sso.mycompany.com but if it never makes it there then it will never have that definition and the 'no server' error makes sense. Can anyone please clarify this for me?
I am trying to follow http://docs.oracle.com/cd/E14571_01/core.1111/e12035/oam_11g.htm to setup a load balanced OAM configuration. Following the documentation from the article (section 11.5) I'm not able to quite get this working. I believe there is a typo in 11.5.1 step 4 as admin.mycompany.com should be pointing to the IDMHOST1 and IDMHOST2, but please correct me if I'm wrong.
My question more comes in with 11.5.2. When you declare that the OAM Server Host is sso.mycompany.com and port to be 443 you are expecting that OAM makes a call back up to the webcache but I don't believe this is happening. When I define OAM Server Host as a single machine name with OAM installed it works but when I use the load balanced URL that points to the web tier it is unable to find the server. If the call was making it up to the webcache then it would have the definition of sso.mycompany.com but if it never makes it there then it will never have that definition and the 'no server' error makes sense. Can anyone please clarify this for me?
Similar Messages
-
Oracle Access Manager 11g r2 with Oracle Entitlement Server 11g r2
Hello,
I would like to set up a configuration with Oracle Access Manager 11g r2 where Authentication is against Active Directory, and Authorisation is against Oracle internet Directory
Access Manager has to get authorizations from Oracle internet Directory via Oracle Entitlement Server
I cant find any document describing how to integrate Oracle Access Manager with Oracle Entitlement Server
could any one help ?
RegardsHi all,
I am facing some issue with the distribution of the policy in the security module of OES.
The "application" distribution tab allows me to distribute the policy created but does not generate any distribution ID or address for webservice access.
I am using OES 11.1.5
Thanks in advance. -
Oracle Access Manager 11g Basic with E-Business Suite
Hi gurus,
I was just wondering if anyone could tell me if the basic edition of Oracle Access Manager 11g is licensed for use with e-Business Suite 11i as a partner application? Or is it necessary to purchase the full license to use it with EBS?925237 wrote:
Hi gurus,
I was just wondering if anyone could tell me if the basic edition of Oracle Access Manager 11g is licensed for use with e-Business Suite 11i as a partner application? Or is it necessary to purchase the full license to use it with EBS?You need a license for Oracle Access Manager. However, AccessGate is available at no charge to customers who have already licensed both Oracle E-Business Suite and Oracle Access Manager.
Oracle E-Business Suite AccessGate Release 1.0.2 Now Available
https://blogs.oracle.com/stevenChan/entry/ebs_accessgate_102
Oracle Access Manager 11.1.1.5 Certified with E-Business Suite 12
https://blogs.oracle.com/stevenChan/entry/oracle_access_manager_11_11
Oracle Access Manager 11.1.1.3 Certified with E-Business Suite 12
https://blogs.oracle.com/stevenChan/entry/oracle_access_manager_11_1
Please contact your Oracle sales representative (account manager), he/she is the best one to answer your license questions.
Global Pricing and Licensing
http://www.oracle.com/us/corporate/pricing/index.html
Thanks,
Hussein -
Oracle 11g XE not working with oracle BI publisher 10g after enabling ACL
Hello,
I previously work with oracle 10gXE and Oracle BI publisher 10g and it work fine. now i install oracle 11g XE and try to configure it with oracle Bi Publlisher, it show this error
"ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1324 ORA-12570: TNS:packet reader failure" after runing the ACL package to neable network service.
on the database.
Please can any body tell be why this is not working. Tanx.You'll need to add the apex engine owner to the ACL (Access Control List). Depending on your version of apex the user name varies. i.e. 4.0 is APEX_040000
See Joel's blog for info about the ACL and APEX.
[http://joelkallman.blogspot.com/2010/10/application-express-network-acls-and.html] -
Verisoft Biosrypt access manager not working with Windows 7 upgrade?
Hi
I really liked my Bioscribe features on my Pavillion Tablet tx1240ca.... and since I upgraded to windows 7 I cant get it working anymore? Please help?Hi and Welcome to the Community!
I suggest this thread:
http://supportforums.blackberry.com/t5/Desktop-Software-for-PC/Cleanly-quot-Starting-Over-quot-with-...
It starts with a process for cleanly starting over, and there is some discussion, and there is also a post (15) with links to older Desktop Software versions, if those are needed. Note that this is not, by any means, guaranteed to work...but it has worked for many to resolve issues they are having.
Good luck!
Occam's Razor nearly always applies when troubleshooting technology issues!
If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
Join our BBM Channels
BSCF General Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code -
WCI single sign on(SSO) configurations with Oracle Access Manager(OAM)
I have to integrate the oracle access manager with the WCI(ALUI) for the SSO implementation.What are the configurations required to implement SSO with oracle access manager in WCI/ALUI
Any answer to the last question on..?
No, better explain my query with 2 scenarios:
Scenario 1:
Usual scenario authentication of a user to a web application without the single web functionality on the acces single manager:
Login screen of the web application ====> Access to the web application home
Scenario 2:
Scenario authentication of a user to a single web application with web functionality on the acces single manager:
Login screen oracle access manager ====> Display login web application ====> Access to the web application home
My query is:
You can configure the functionality of single sign on to access manager with a web application that does not have its login screen of the web application. For example:
Login screen oracle access manager ====> Access to the web application home -
Configure Oracle Access Manager - from weblogic OIF instance page bombs out
I am trying to integrate OIF with Oracle Access Manager as SP integration module. But, when clicked on "Configure Oracle Access Manager" it throws the following error:
Oracle Access Manager cannot be configured properly. Make sure the Oracle Access Manager SDK Server has been configured properly and the required environment variables have been set. Details can be found on Online Help and Administrative Guide.
I have updated the environment variables and classpath, also confirmed the Access Server SDK to work properly by testing java JAccessGate.
any help is greatly appreciated.
The diagnostic logs show these errors:
========================
Login of admin identity cn=usca_iam_admin failed. Please check to make sure the admin user ID is valid.
at com.oblix.accessmgr.ObAccessManager.sendRequest(ObAccessManager.java:163)
at com.oblix.accessmgr.ObAccessManager.setAdmin(ObAccessManager.java:195)
at oracle.security.fed.admin.config.mbeans.OAMConfigUtils.configureOAM(Unknown Source)
at oracle.security.fed.admin.config.mbeans.AdminUtilMXBeanImpl.configureOAM(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.doInvoke(OracleStandardEmitterMBean.java:889)
at oracle.as.jmx.framework.generic.spi.interceptors.ContextClassLoaderMBeanInterceptor.internalInvoke(ContextClassLoaderMBeanInterceptor.java:94)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:245)
at oracle.as.jmx.framework.generic.spi.interceptors.MBeanRestartInterceptor.internalInvoke(MBeanRestartInterceptor.java:116)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:245)
at oracle.as.jmx.framework.generic.spi.security.AbstractMBeanSecurityInterceptor.internalInvoke(AbstractMBeanSecurityInterceptor.java:174)
at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doInvoke(AbstractMBeanInterceptor.java:245)
at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.invoke(OracleStandardEmitterMBean.java:803)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
at java.security.AccessController.doPrivileged(Native Method)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
My Oracle Access Manager is 10.1.4.3 and OIF is 11.1.1.3
thanksHello,
I'm having the same problem. Did anybody find a solution to fix it?
Any help is appreciated.
Regards,
Ignacio. -
Issues integrating WebCenter with Oracle Access Manager
Hi All,
I am trying to integrate WebCenter 10.1.3.2 with Oracle Access Manager (CoreId). Followed the steps described in the Chapter 11 of the OC4J Security Guide.
I was able to successfully authenticate WebCenter using IWA with Access Manager.
Then I proceeded with the below steps:
- Implemented ADF Security in the application. Created application roles and login page and worked fine on my local machine.
- Provide the auth-method of "COREIDSSO" in orion-application.xml
- Renamed the app-jazn-data.xml to give the OID groups
- Mapped the OID groups to application roles in orion-application.xml
- Used the jazn migration tool to populate the system-jazn-data.xml
When trying to access the application, it looks like the ADF Context identifies that this is an authenticated user.
ADFContext.getCurrent().getSecurityContext().isAuthenticated() retruns true
ADFContext.getCurrent().getSecurityContext().isAuthorizationEnabled() returns true
I get the below error message on the server console:
[CoreIDLoginModule::getUserSessionFromCookie]: This user session for F3iwZhUGgjej9RSrMLSo0wjH5Ec6c2oeC0OBRH12y7%2FvfPVncz6dYoBoFD6q8DWAlMtzah%2FYV4T1t7jztVFYbxwfOyu0VOMXMEIosRrFicfJwoPRrM8MOkFsziQxpUqo98XrC9iBRHffdWSItNHZRZK4ZoCJMi6HZZ6noOc4Z%2BGJDGj3kWndYHTWjiG0cJhkSbL95wMmrXCDElzZHjPMdkuNQUHW1TfAJvgSlDeX6hhhIThlc%2BGmxMP3MQ%2FZoxUysbKieIJgDXo1%2FEMmLmTVjA%3D%3D is not valid or user is not logged in.
I also tried using the "Headervar" variable to display the obmygroups value, but it comes as blank.
Any help would be appreciated.
Thanks
AneeshWe recently integrated Webcenter Application (with ADF Authentication and Authorization) with OAM. May be the following will be of some help to you.
We did the following steps documented in Chapter 11 Oracle Access Manager in Oracle J2EE security guide.
OAM
1. Created ALL specified policies , authentication schemes, protection specified in OAM section of the document.
OC4J
1. Ran all configuration listed for the OC4J section.
Webcenter
1. Developed the Webcenter Application
2. Enabled ADF Security (Authentication & Authorization)
3. Deployed the application. While deploying chose File based provider.
4. After the deployment, changed orion-application.xml to have COREIDSSO as documented in Oracle documentation
system-jazn-data.xml
1. Added login module details as specified in the document. (Changed only the application name. Rest all was same as we used names as specified in the earlier steps of the document)
OID Migration
Reference document: "Configuring a WebCenter Application to Use Oracle Access Manager" in Webcenter Framework Developer guide.
1. Located app-jazn-data.xml in the deployed application
2. Removed "realm-name" and "type" subelements of "grantee" tags. Removed any realm details in user name.
3. changed references to "class oracle.security.jazn.spi.xml.XMLRealmRole" to "oracle.security.jazn.realm.CoreIDPrincipal"
4. ran the JAZN migration tool with "all" options. Migration from app-jazn-data.xml to OID.
OAM
Created policies for protecting our application.
Test the application.
Debugging.
1. Enable oracle.adf.share.security , oracle.j2ee.security & oracle.j2ee.security.oc4j loggers to debug if the application is not working the way you expect to work.
2. Set log level in Enterprise manager.
3. All logging information are written in log.xml in $ORACLE_HOME/j2ee/OC4J_Webcenter/log/OC4J_WebCenter_default_group_1/oc4j
Thanks -
Integrating Oracle Access Manager with Kerberos (WNA)
Hi,
I have working Oracle Access Manager currently being able only to authenticate users against Active Directory. I want to enable WNA. But I am still having issues with correctly configure it:
I do not know what am I doing wrong.
I am logged as example.com\testuser into Windows XP, using firefox with WNA enabled for URI example.com. Then I enter http://oracle.example.com which is my Oracle HTTP Server's protected URL, then I am receiving ERROR from Oracle Access Manager: "The user account is locked or disabled. Please contact the System Administrator."
In OAM Log there is this: <Jun 19, 2012 4:14:15 PM CEST> <Error> <oracle.oam.controller> <OAM-02010> <User account is locked. Authentication failed.>
Interesting is when I disable WNA support in firefox, then this behavior occurs: fisrt there is this dialog shown "A username and password are being requested by http://oracle.example.com:14100. The site says: "OAM 11g"" --> here I enter example.com\testuser and password. After this new dialog is shown: A username and password are being requested by http://oracle.example.com:14100. The site says: "WebLogic Server", then after entering weblogic/password I receive "The user account is locked or disabled. Please contact the System Administrator."
In the OAM log this is logged:
<Jun 19, 2012 4:22:28 PM CEST> <Error> <oracle.oam.user.identity.provider> <OAMSSA-20023> <Authentication Failure for user : weblogic.>
<Jun 19, 2012 4:22:28 PM CEST> <Error> <oracle.oam.controller> <OAM-02010> <User account is locked. Authentication failed.>
Any ideas? I am really stuck here.
I am using this keytab file:
[root@oracle centos]# klist -ke /home/oracle/keytab.testuser1
Keytab name: WRFILE:/home/oracle/keytab.testuser1
KVNO Principal
7 HTTP/[email protected] (des-cbc-crc)
7 HTTP/[email protected] (des-cbc-md5)
7 HTTP/[email protected] (arcfour-hmac)
7 HTTP/[email protected] (aes256-cts-hmac-sha1-96)
7 HTTP/[email protected] (aes128-cts-hmac-sha1-96)
kinit passes fine:
[root@oracle centos]# kinit -V HTTP/[email protected] -k -t /home/oracle/keytab.testuser1
Using default cache: /tmp/krb5cc_0
Using principal: HTTP/[email protected]
Using keytab: /home/oracle/keytab.testuser1
Authenticated to Kerberos v5
Why and which user is locked? I can lock with the AD user into windows domain, so I assume it is not locked + I checked it in the Active Directory.Ok, now I got it working. Sh~t! Why oracle documentation says I should set AD datasource with this parameter:
User Name Attribute: UserPrincipalName, when this does not work?!
After changing to User Name Attribute: sAMAccountName my WNA works!!!
I have been fighting all day with this! The question is why such behavior - if the problem is in wrongly written oracle documentation, or I have problem somewehere else.
Btw my user in AD looks like this:
distinguishedName: CN=John Doe,CN=Users,DC=example,DC=com
sAMAccountName: doejohn
userPrincipalName [email protected]
It looks OAM takes "doejohn" from Windows via WNA/Kerberos and searches for this using UserPrincipalName and this is giving no match of course because "doejohn != [email protected]".
The question is why does it take doejohn and not [email protected] from Windows WNA/Kerberos ??? -
Error during execution of SSO with Oracle Access Manager 11gR2
Hello friends,
I have a problem with SSO using Oracle Access Manager 11g R2, then describes the steps taken in this test:
1. Is accessed by the OAM protected application through IE browser, Chrome and Firefox for testing purposes.
2. The OAM protected application, here is redirected to the OAM page to enter the credentials for the application.
3. Shows the application, and again reorders authentication credentials.
Here the details of the cookie:
a. cookie1: ADMINCONSOLESESSION
b. cokkie2: OAMAuthnCookie_webgate11g.domain.com: 7777
We also found an error when starting the node oam_server in WebLogic Server 11g (10.3.6)
Log:
[2012-11-29T18:16:02.411-05:00] [oam_server1] [ERROR] [JPS-03156] [oracle.jps.authorization.framework] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000JhEStpUFW7WFLzRL8A1GhylJ000002,0] [APP: oam_server#11.1.2.0.0] The exception has been thrown by ARME. The authorization result is set to deny.[[
com.bea.security.providers.authorization.asi.InvocationException: ArmeRUNTIME Exception: null
at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.isAccessAllowed(AuthorizationProviderImpl.java:396)
at com.bea.security.ssal.micro.MicroAuthorizationManagerWrapper.isAccessAllowed(MicroAuthorizationManagerWrapper.java:73)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed_internal(AuthorizationServiceImpl.java:914)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:745)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:668)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:622)
at com.bea.security.AuthorizationService.isAccessAllowed(AuthorizationService.java:365)
at oracle.security.am.common.policy.runtime.provider.oes.proxy.OESRuntimeProxy.wait4OESRuntimeDBPolicyRefreshCompletion(OESRuntimeProxy.java:263)
at oracle.security.am.common.policy.runtime.provider.oes.proxy.OESRuntimeProxy.init(OESRuntimeProxy.java:193)
at oracle.security.am.common.policy.runtime.provider.oes.OESPolicyRuntimeProvider.init(OESPolicyRuntimeProvider.java:167)
at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.getNewInstance(PolicyRuntimeFactory.java:162)
at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.init(PolicyRuntimeFactory.java:93)
at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.getPolicyRuntime(PolicyRuntimeFactory.java:84)
at oracle.security.am.common.policy.util.PolicyComponentLifecycle.initialize(PolicyComponentLifecycle.java:100)
at oracle.security.am.lifecycle.ApplicationLifecycle.initComponentBootstrap(ApplicationLifecycle.java:156)
at oracle.security.am.lifecycle.ApplicationLifecycle.contextInitialized(ApplicationLifecycle.java:86)
at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1868)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3154)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1518)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: com.wles.InternalException: ArmeRUNTIME Exception: null
at com.wles.arme.Credentials_ca.exceptionTransport(Credentials_ca.java:606)
at com.wles.arme.Credentials_ca._accessAllowed(Credentials_ca.java:343)
at com.wles.arme.CredentialsImpl._accessAllowed(CredentialsImpl.java:400)
at com.wles.arme.CredentialsImpl._accessAllowed(CredentialsImpl.java:422)
at com.wles.arme.CachingCredentialsImpl._accessAllowed(CachingCredentialsImpl.java:225)
at com.wles.arme.CredentialsImpl.accessAllowed(CredentialsImpl.java:452)
at com.wles.arme.CachingCredentialsImpl.accessAllowed(CachingCredentialsImpl.java:68)
at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.ARMEisAccessAllowed(AuthorizationProviderImpl.java:977)
at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.isAccessAllowed(AuthorizationProviderImpl.java:347)
... 52 more
causal exception is:
com.wles.InternalException: ArmeRUNTIME Exception: null
at com.wles.arme.Credentials_ca.exceptionTransport(Credentials_ca.java:606)
at com.wles.arme.Credentials_ca._accessAllowed(Credentials_ca.java:343)
at com.wles.arme.CredentialsImpl._accessAllowed(CredentialsImpl.java:400)
at com.wles.arme.CredentialsImpl._accessAllowed(CredentialsImpl.java:422)
at com.wles.arme.CachingCredentialsImpl._accessAllowed(CachingCredentialsImpl.java:225)
at com.wles.arme.CredentialsImpl.accessAllowed(CredentialsImpl.java:452)
at com.wles.arme.CachingCredentialsImpl.accessAllowed(CachingCredentialsImpl.java:68)
at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.ARMEisAccessAllowed(AuthorizationProviderImpl.java:977)
at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.isAccessAllowed(AuthorizationProviderImpl.java:347)
at com.bea.security.ssal.micro.MicroAuthorizationManagerWrapper.isAccessAllowed(MicroAuthorizationManagerWrapper.java:73)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed_internal(AuthorizationServiceImpl.java:914)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:745)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:668)
at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:622)
at com.bea.security.AuthorizationService.isAccessAllowed(AuthorizationService.java:365)
at oracle.security.am.common.policy.runtime.provider.oes.proxy.OESRuntimeProxy.wait4OESRuntimeDBPolicyRefreshCompletion(OESRuntimeProxy.java:263)
at oracle.security.am.common.policy.runtime.provider.oes.proxy.OESRuntimeProxy.init(OESRuntimeProxy.java:193)
at oracle.security.am.common.policy.runtime.provider.oes.OESPolicyRuntimeProvider.init(OESPolicyRuntimeProvider.java:167)
at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.getNewInstance(PolicyRuntimeFactory.java:162)
at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.init(PolicyRuntimeFactory.java:93)
at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.getPolicyRuntime(PolicyRuntimeFactory.java:84)
at oracle.security.am.common.policy.util.PolicyComponentLifecycle.initialize(PolicyComponentLifecycle.java:100)
at oracle.security.am.lifecycle.ApplicationLifecycle.initComponentBootstrap(ApplicationLifecycle.java:156)
at oracle.security.am.lifecycle.ApplicationLifecycle.contextInitialized(ApplicationLifecycle.java:86)
at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1868)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3154)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1518)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
We appreciate your support in solving the case. Thanks...
JLK
Edited by: JLK on Nov 30, 2012 9:43 AMHi Viju,
Did you executed the python script to register OPSS. If not then you will get the mentioned error:
I have mentioned couple of workarounds. Can you try those and let me know the results. Take the backup of your entire environment before you follow the steps:::
1. For the ARME issue patch can be applied for 11.1.2
OAM Bundle Patch Release History (Doc ID 736372.1)
Yes. This is a benign message. ( the ARME issue)
OAM 11R2 After Upgrade The Managed Server Start With Error ArmeRUNTIME Exception: Null (Doc ID 1509559.1)
The other issue is under investgation and is benign.
<oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer> WARNING when accessing oamconsole (Doc ID 1511967.1)
The final message is spoken to here:
WLS 10.3.3: "Auto-Ref-By: WebApp" deployed as shared library is affecting other web applications. (Doc ID 1210393.1)
Action Plan:
=========
1. For the ARME issue patch can be applied for 11.1.2
OAM Bundle Patch Release History (Doc ID 736372.1)
Hope this helps. -
Integrating Oracle EBS R12 with Oracle Access Manager 11g
Hi Everyone ,
Oracle Access Manager version 11.1.1.5
Oracle Identity Management 11.1.1.6.0
Oracle Access Manager WebGate 11.1.1.5
Oracle E-Business Suite AccessGate patch p12796012
Apps Version : 12.1.1
DB Version 11.2.0.3
PLatform : OEL 5.8
We are trying to Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11g using Oracle E-Business Suite AccessGate.We followed metalink id's
1309013.1 and 1543803.1 and some other documents.We have performed every step as documented , and everything seems to work fine untill user tries to log out from Oracle Applications i.e User
is able to login to Oracle Applications through access gate and everything is working fine. But as user click logout button an error messsage is diplayed like "*500*
*Internal Server Error Servlet error: An exception occured* " (The url at the time of this message is http://hostname:port/OA_HTML/AppsLogout ).
Apps Tier (oacore) Application log:-
+13/05/15 19:04:20.229 html: Servlet error+
java.lang.NoSuchMethodError: oracle.apps.fnd.sso.SSOManager.getAuthAgentLogoutUrl(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
at oracle.apps.fnd.sso.AppsLogoutRedirect.doGet(AppsLogoutRedirect.java:193)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
+at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)+
at oracle.apps.jtf.base.session.ReleaseResFilter.doFilter(ReleaseResFilter.java:26)
+at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:15)+
at oracle.apps.fnd.security.AppsServletFilter.doFilter(AppsServletFilter.java:318)
+at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)+
+at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)+
+at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)+
+at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)+
Apps Tier Apache Error log :-
+[Wed May 15 18:50:52 2013] [error] [client 192.168.0.2] [ecid: 1368624052:192.168.0.61:10798:0:44,0] File does not exist: /u01/eBiZR12/apps/apps_st/comn/java/classes//+
WE have set all required profile in Oracle Application as directed in documents , and users are able to login just fine , but they are not able to logout.
IS there something that we are missing , any help is highly appreciated.
Regards
Edited by: TheKop88 on May 16, 2013 11:39 AMHi there ,
Thanks for reply ,
We had already gone through that document earlier. We noticed that when Apllication Profile "*Apllications SSO Type* " is set to SSWA then OA_HTML/AppsLogout is
working fine , but when we set "*Applications SSO Type*" to SSWA w/SSO then OA_HTML/AppsLogout is not working(not redirecting) .Error thrown on web browser is "+500 Internal Server Error Servlet error: An exception occurred. The current application deployment descriptors do not allow for including it in this response+" . we believe that we might have missed some Profile settings that is causing this error.
Regards
Edited by: TheKop88 on May 16, 2013 12:03 PM
Edited by: TheKop88 on May 16, 2013 12:07 PM -
How to Migrate 10g sso integrate with EBS 11.5.10.2 to 11g OAM(oracle access manager) with R12.1.3
How to Migrate 10g sso integrated with EBS 11.5.10.2 to 11g OAM(oracle access manager) with R12.1.3
Os:Linux 64 bit
database:11.2.0.3 RacHi,
You could try working through the EBS -> APEX integration article on the Apex community site (http://www.oracle.com/technetwork/developer-tools/apex/apex-ebs-wp-cabot-consulting-169064.pdf)
Rod West -
Oracle Access Manager - Configuration Manager Success Stories
The Oracle Access Manager Configuration Manager [http://download-uk.oracle.com/docs/cd/B28196_01/idmanage.1014/b32392.pdf] has been around for about a year now. I'm looking for any feedback regarding this product:
Has anyone deployed it?
How successful was the deployment?
Is the tool doing what you expected it to do?
Thanks for any responses.
Mark@pokurik: cn=orcladmin is the full DN. In OID there are two orcladmin users with different ACLs.
Which OAM version? Always provide the version you are using.
--olaf -
Extending Domain with Oracle Access Manager 10g
Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management
11g Release 1 (11.1.1)
Part Number E12035-05
http://download.oracle.com/docs/cd/E14571_01/core.1111/e12035/toc.htm
Chapter 10 - Extending the Domain with Oracle Access Manager 10g
- Section 10.4.3 Installing WebGate on OAMADMINHOST, WEBHOST1, and WEBHOST2
Question:
How many webgate instances should be created?
1) Is there only on instance and the three installation share the same ID?
2) Is there two instances? one for the web cluster, the other for the OAM Admin Console server?
3) Is there three separate webgates and instances?
ThanksIt should be this way:
Ebiz:
1. Integrate OAM with OASSO
2. Register OASSO and OID with Ebiz11.5.10.2
3. Protect the resource in OAM
4. Verify if authentication is successful for this resource.
Obiee:
1. Integrate OBIEE with OAM
2. Verify if authentication is successful for this resource.
IWA:
1. Install IIS webser and webgate
2. Create authentication scheme which protects / of IIS web server.
Create a Form Authentication Scheme(this scheme should protect OBIEE and EBiz resource) which will have challenge redirect to IIS web server where IWA is configured and / is protected.
Login Flow:
1. User tries to access ebiz or obiee resource.
2. Form Authentication Scheme will challenge redirect to IIS web server where IWA is configured.
3. As IWA is configured. User will be automatically get ObSSOCookie.
4. User gets redirected back to the requested resource.
There is a My oracle support doc which talks in details about this setup. -
Configuration of APEX applications to use Oracle Access Manager for Login
Is there Oracle documentation on configuring an APEX application to accept a login id passed by Oracle Access Manager? Would someone please help with some instructions on how to do it. Thanks.
Hi Ravi,
this looks like a WLS issue.
1-You can try as a workaround to remove this validator configuration in taglib definition file: .tld and see the behavior.
2-Or you are missing something into url.
I hope this helps,
Thiago Leoncio.
Maybe you are looking for
-
How do i find out the tables effected in a schema after a particular time stamp
how do i find out the tables effected in a schema after a particular time stamp? pls email in [email protected]
-
Problem in loadjava using sys account
Hello When I load a jar file into the database using loadjava command using sys account like loadjava -user sys/<password> -resolve -order weblogic.jar it gave the following error loading : oracle/jdbc/driver/OracleResultSetCache creating : oracle/jd
-
I can't seem to find a way to update the date/time of a master file. There is a format issue but I can't seem to figure out how to correct it. Aperture was not able to adjust the date and time of the master file "2008-06-22 at 14-41-14.jpg" because i
-
Hello So recently I was at a 1 to 1 appointment and was expeirementing with the strings presets in logic 9 (staccato, vabrato, etc) But when I went on my own computer the presets were not available or even located in my files or in logic. I was wonde
-
Why does a simple table with currency not add up correctly, it is 1p out and I can't work out why?
I have a simple accounts table and when I add the row using sum function it is always 1p out, what am I doing wrong, or what is numbers doing wrong?