Custom Token authentication using OAM 11g

Hi All,
I have the following requirement: Authenticate a resource based on custom token if it is null or not. There is no need to map the token with an user record.
Environment is all 11g.
What is the best way to implement it? Is it possible to do it with just OAM 11g alone? Or does it require Oracle STS too? Please provide your inputs.
Thanks,
Mahendra.
Edited by: 903004 on Jan 8, 2012 9:08 PM

Can someone provide inputs on this? Please treat this as urgent.

Similar Messages

Detailed steps to make SSO using OAM 11g

Can anyone provide me detailed steps to configure SSO using OAM 11g.
thanks

Hi,
Install webgates in OHS
First you deploy the web application in web/application server
1. Create user Identity Store
2. Create authentication scheme.....and use identity store create above
3. Create Authentication module
3. Create Application Domain
4. In application Domain Create Create Authentication and authorization policies
5. Add the resource which you want to protect in Authentication & Authorization Policies
6. Testing
Regards
Kumar
Edited by: Kumar.kummathi on Sep 17, 2012 11:55 AM

External Authentication in OAM 11g

Hi All,
I need to implement External Authentication (Entrust TruePass) integrate with Oracle Access Manager. Entrust Truepass is always create base64 encrypted HTTP header. Now how can we decrypt the base64 encrypted HTTP Header and read the user DN and inetegrate with Oracle Access Manager.
I need assist to implemen the same...

Hi,
We need to integrate TruePass (IIS6 + OAM 10g WebGate) and OAM 11g. Did you manage to do this? And how?
Thx,
B.

OAM 11g Webgate 10g customized SSO logout page

As stated in the title, I am using OAM 11g and Webgate 10g. I am trying to create a customized SSO logout page but am confused on a few parts. First off, in http://docs.oracle.com/cd/E17904_01/doc.1111/e15478/logout.htm#CHDHFGJC , it states the following step for their logout.html:
Logic in logout.html redirect to the OAM Server. For example:
http://myoamserverhost:port/oam/server/logout?end_url=http://my.site.com/
welcome.htmlMy question is if this is truely required? Or is there a way to have OAM invalidate the session and do its internal part of the logout procedures without needing to force the user to redirect to the OAM server's logout URL (eg: it automatically recognizes that the Webgate URL is "...../logout.html" and handles it properly). From talking to colleagues it sounds like this should be possible, and I see some mentions of it in the above documentation, but this appears to be 11g OAM and 11g Webgate behavior. At the same time though, the line "Logout is initiated when an application causes the invocation of the logout.html file configured for any registered OAM 10g Webgate." Leads me to believe that it can work with 10g webgate as well.
Or, is there a way to have multiple valid logout pages on the OAM server? (There is currently a customized logout page that we cannot modify, and does not meet all the requirements we have for look/feel)
Thank you
Edited by: mBaldwin on Apr 12, 2013 10:30 AM

Bump Any ideas?

OAM 11g BP02 with Kerberos is not working on AIX

Hi,
We are trying to configure OAM 11g with Kerberos on AIX with no success..
Resource is protected according to OAM documentation guide but the oam logs shows the following:
[2012-08-28T00:03:22.305-05:00] [oam_server1] [TRACE] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread:
'2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000J_fbCuS9h^k5kzWByZ1GF532
00000G,0] [APP: oam_server] [SRC_METHOD: log] [SRC_CLASS: oracle.security.am.engines.common.adapters.OAMLoggerImp
l] Authentication Failed.[[
javax.security.auth.login.LoginException: Bad JAAS configuration: bad URL /home/oracle/oam.keytab
Error java.net.MalformedURLException: no protocol: /home/oracle/oam.keytab
at com.ibm.security.jgss.i18n.I18NException.throwLoginException(I18NException.java:5)
at com.ibm.security.auth.module.Krb5LoginModule.j(Krb5LoginModule.java:537)
at com.ibm.security.auth.module.Krb5LoginModule.b(Krb5LoginModule.java:146)
at com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:274)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
we are using OAM 11g BP 02.
oam-config.xml is configured as follow:
<Setting Name="KerberosModules" Type="htf:map">
<Setting Name="6DBSE52C" Type="htf:map">
<Setting Name="keytabfile" Type="xsd:string">/home/oracle/oam.keytab</Setting>
<Setting Name="krbconfigfile" Type="xsd:string">/etc/krb5/krb5.conf</Setting>
<Setting Name="name" Type="xsd:string">Kerberos</Setting>
<Setting Name="principal" Type="xsd:string">HTTP/myssoserver@mydomain</Setting>
</Setting>
</Setting>
Please let me know how to get this resolved. Thanks in advance.
Regards.

David,
Your Principal name should be the SSO LB URL.(ie :sso.mycomany.com)
ktpass -princ HTTP/sso.mycomany.com@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
Also make sure sso.mycomany.com has a reverse DNS configured correctly.
you can check using dig command
ping sso.mycomany.com
What ever the ip-address
dig -x <IP-ADDRESS>
Check in the reverse DNS section there should be 1 record.
;; ANSWER SECTION:
1.1.1.1.in-addr.arpa. 3600 IN PTR sso.mycomany.com.
Let me know if you have more questions.
Thanks
Saurabh

OAM 11g "Failure URL" in Authoriztion policy not working?

Hi,
Per the subject, I am running OAM server 11g (11.1.1.3), with an OAM 10g Apache webgate.
In the OAM Authorization policy (protected), I have specified a full URL for the "Failure URL", to get the browser to redirect when an authorization failure occurs.
However, when I test with a user that does not have access (user authenticates ok, but doesn't have right to access the protected resource), instead of the browser being redirected, I am getting an "Oracle Access Manager Operations Error" page.
I've been trying to figure this out, and have found several threads about this, e.g.:
OAM 11g authz redirect URL not working?
But, as I said, I am using OAM 11g server, and there is no "Inconclusive URL" in the policy settings (I guess there was in 10g, but not in 11g).
I have trace logging enabled on the OAM server, and I can clearly see that the request is getting "results DENY", but there's no indication in the logs that OAM server is aware of any failure redirection URL.
I've also got a header trace, and I can see that the browser is simply being re-directed to the "/oberr.cgi...." URL, so it' not going "somewhere else".
So, does anyone know why the "Failure URL" is not working in OAM 11g in Authorization policies?
Thanks,
Jim
P.S. The URL that it's suppose to be re-directing the browser to is in the Public resources under Authorization, and as I said, I don't see the browser even attempting to go to the failure URL, either via header traces or the OAM server logs.
Edited by: jimcpl on Nov 5, 2011 8:53 PM

Hi,
Per the subject, I am running OAM server 11g (11.1.1.3), with an OAM 10g Apache webgate.
In the OAM Authorization policy (protected), I have specified a full URL for the "Failure URL", to get the browser to redirect when an authorization failure occurs.
However, when I test with a user that does not have access (user authenticates ok, but doesn't have right to access the protected resource), instead of the browser being redirected, I am getting an "Oracle Access Manager Operations Error" page.
I've been trying to figure this out, and have found several threads about this, e.g.:
OAM 11g authz redirect URL not working?
But, as I said, I am using OAM 11g server, and there is no "Inconclusive URL" in the policy settings (I guess there was in 10g, but not in 11g).
I have trace logging enabled on the OAM server, and I can clearly see that the request is getting "results DENY", but there's no indication in the logs that OAM server is aware of any failure redirection URL.
I've also got a header trace, and I can see that the browser is simply being re-directed to the "/oberr.cgi...." URL, so it' not going "somewhere else".
So, does anyone know why the "Failure URL" is not working in OAM 11g in Authorization policies?
Thanks,
Jim
P.S. The URL that it's suppose to be re-directing the browser to is in the Public resources under Authorization, and as I said, I don't see the browser even attempting to go to the failure URL, either via header traces or the OAM server logs.
Edited by: jimcpl on Nov 5, 2011 8:53 PM

Urgent: OAM 11g allow/block URLs

Hi All
I am using OAM 11g R1 and want to allow some and block some URLs. Please let me know if this can be configured in OAM.
URLs to be allowed:
http://Hostname1:80/rootContext?x=1
http://Hostname1:80/rootContext?x=2
URLs to be blocked:
http://Hostname1:80/rootContext?x=3
http://Hostname1:80/rootContext?x=4
Please help. This is really urgent
Thanks

I am aware of OAM configurations but want to know more about this specific configuration where the resource URL is the same and just the query parameter is different.

Oam 11g r2 Access Client error

Hi guys,
I am trying to create an AccessClient based on section 2.2.3 Sample Code: Simple Access Client of following..
http://docs.oracle.com/cd/E27559_01/dev.1112/e27134/as_api.htm#BGBCEHCI
the code successfully initialized AccessSDK but giving following error
======
Jul 7, 2013 2:54:58 PM oracle.security.am.asdk.ResourceRequest isProtected
SEVERE: Unknown exception.
Access Exception: OAMAGENT-02071
Process exited with exit code 0.
===========
how can we clear this issue...
Regards,
jdev

Hi colin,
thanks for the reply..
I am using oam 11g r2 and i did following,
1.successfully configured an OAM 10GAgent with remote registration with '/**' as protected resource.
2.created java project in jdeveloper.
3.Added all the jars in the project by setting libray and class path.
4.copied the OBAccessClient.xml to developemt system folder D:\softwares\11gR2\OAMSDK's\RREG10G_OAM\oblix\lib.
5.copied JAccessClient.java and did follwing modifications..
public static final String m_configLocation = "D:\softwares\11gR2\OAMSDK's\RREG10G_OAM"
6.kept the following as it is
ac = AccessClient.createDefaultInstance(m_configLocation,AccessClient.CompatibilityMode.OAM_10G);
7.Observed the OAM SDK initialization is successful,
8.Observed that acessclient and resources request objects are not null by adding following in the class file,
 System.out.println(ac) gives oracle.security.am.asdk.AccessClient@17f409c
as output
 System.out.println(rrq) gives oracle.security.am.asdk.ResourceRequest@facf0b
as output
Following is OBAccessClient.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CompoundList xmlns="http://www.oblix.com">
 <SimpleList>
 <NameValPair ParamName="id" Value="RREG10G_OAM"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="debug" Value="false"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="security" Value="open"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="state" Value="Enabled"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="preferredHost" Value="RREG10G_HostId"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="maxCacheElems" Value="100000"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="cacheTimeout" Value="1800"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="maxSessionTime" Value="3600"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="maxConnections" Value="1"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="failoverThreshold" Value="1"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="aaaTimeoutThreshold" Value="-1"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="sleepFor" Value="60"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="denyOnNotProtected" Value="1"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="cachePragmaHeader" Value="no-cache"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="cacheControlHeader" Value="no-cache"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="ipValidation" Value="0"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="accessClientPasswd" Value=""/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="cookieSessionTime" Value="0"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="idleSessionTimeout" Value="3600"/>
 </SimpleList>
 <SimpleList>
 <NameValPair ParamName="primaryCookieDomain" Value=".mycompany.com"/>
 </SimpleList>
 <ValList ListName="logOutUrls">
 <ValListMember Value="/oamsso/logout.html"/>
 </ValList>
 <ValList ListName="primary_server_list">
 <ValListMember Value="primaryServer1"/>
 </ValList>
 <ValNameList ListName="primaryServer1">
 <NameValPair ParamName="host" Value="oamserver.mycompany.com"/>
 <NameValPair ParamName="port" Value="5575"/>
 <NameValPair ParamName="numOfConnections" Value="1"/>
 </ValNameList>
 <ValList ListName="proxySSLHeaderVar">
 <ValListMember Value="IS_SSL"/>
 </ValList>
 <ValList ListName="URLInUTF8Format">
 <ValListMember Value="true"/>
 </ValList>
 <ValList ListName="client_request_retry_attempts">
 <ValListMember Value="1"/>
 </ValList>
 <ValList ListName="inactiveReconfigPeriod">
 <ValListMember Value="10"/>
 </ValList>
</CompoundList>
==============================
Please let me know the way which i did is correct or not...
Regards,
Jdev

Unable to authenticate users using Custom plugins in OAM 11g

We are working on a requirement in which we have to write a custom authentication plugin in OAM 11g.
we were able to import and activate the plugin
we created a new authentication module with steps in the following order
1)UserIdentificationPlugin
2)UserAuthenticationPlugin
3)Our custom plugin to create custom responses(We just created the class with mandatory methods and process method returning success)
but finally when we try to authenticate,authentication fails resulting in OAM-2 error.We had entered valid credentials
Can somebody please help me on resolving this issue.
The plugin code,manifest file and Metadata XML is shared below.
Plugin Code
public class NewPlugin extends AbstractAuthenticationPlugIn {
private static final String CLASS_NAME = "FirstTestClass";
public ExecutionStatus initialize (PluginConfig config){
super.initialize(config);
if(LOGGER.isLoggable(Level.FINE)){
LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
return ExecutionStatus.SUCCESS;
@Override
public String getDescription() {
// TODO Auto-generated method stub
return null;
@Override
public Map<String, MonitoringData> getMonitoringData() {
// TODO Auto-generated method stub
return null;
@Override
public String getPluginName() {
// TODO Auto-generated method stub
return null;
@Override
public int getRevision() {
// TODO Auto-generated method stub
return 0;
@Override
public ExecutionStatus process(AuthenticationContext context)
throws AuthenticationException {
if(LOGGER.isLoggable(Level.FINE)){
LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
return ExecutionStatus.SUCCESS;
@Override
public void setMonitoringStatus(boolean arg0) {
// TODO Auto-generated method stub
@Override
public boolean getMonitoringStatus() {
// TODO Auto-generated method stub
return false;
MANIFEST.MF
Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: NewPlugin Plug-in
Bundle-SymbolicName: NewPlugin
Bundle-Version: 1.0.0
ImportPackage:org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,oracle.security.am.common.utilities.principal,oracle.security.idm,javax.naming,javax.sql,javax.security.auth
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
METADATA XML
<?xml version="1.0" encoding="UTF-8" ?>
<Plugin name="NewPlugin" type="Authentication">
<author>me</author>
<email>[email protected]</email>
<creationDate>11:40:20,2012-13-02</creationDate>
<version>1</version>
<description>Custom User Authentication Plugin</description>
<interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
<implementation>newplugin.NewPlugin</implementation>
<configuration>
<AttributeValuePair>
<Attribute type="String" length="20">DataSource</Attribute>
<mandatory>true</mandatory>
<instanceOverride>false</instanceOverride>
<globalUIOverride>true</globalUIOverride>
<value>jdbc/CISCO</value>
</AttributeValuePair>
</configuration>
</Plugin>

Your search results show that the user "collini" was not found (nentries=0). This could be caused by a number of reasons.
1) The user doesn't exist under "ou=people,dc=our,dc=domain"
2) The user doesn't contain the posixAccount objectclass
3) The user account that performed the search doesn't have access rights to read/search that user account
What user account was used to BIND on the connection that the search was done on?
Try performing the same exact search with an account you know can retrieve the entry. For example:
ldapsearch -D "cn=Directory Manager" -w - -b ou=people,dc=our,dc=domain -s one "(&(objectClass=posixAccount)(uid=collini))"
If the entry doesn't return as a result of the search then either #1 or #2 above is the problem. If the entry does return then #3 is your problem.

How do I use my own Custom Auth/Authentication/Entitlement (Token)?

[ Background ]
Adobe Access DRM provides for 3 authentication mechanisms:
Anonymous - Licenses are issued irregardless on if there is/isn't a valid authentication token attached to the license request.
UsernamePassword - Licenses are ONLY issued if the license request has a valid Adobe-Access-Server-Issued authentication token.
Custom - Licenses are ONLY issued if there is a valid cusom authentication token attached to the license request.
Typically, customers already have some authentication scheme in place and choose to re-use that system, instead of leveraging Adobe Access' built-in usernamePassword support. For this to succeed, accomodations must be made during packaging time, on the client device, and at the Adobe Access license server endpoint.
[ More Background ]
Here's a forum thread that prompted this thread: http://forums.adobe.com/message/5085330#5085330
[ Recipe ]
1. Adobe Access DRM Policy is created that specifies a "custom" authentication token. As of Adobe Access 4.0, the tools that ship with the Java SDK cannot create a DRM policy with "custom" authentication out the box; a small Java application will have to be written to do this, which is covered in the thread posted above.
2. Content is packaged using this custom_auth policy.
3. Client device performs authentication via whatever channel already exists for you to perform authentication (e.g. SAML tokens, etc...)
4. Client device sets the authentication token: DRMManager.setAuthenticationToken()
5. Client device attempts to acquire a license for the content created in step #2: DRMManager.loadVoucher();
5a) Because step #4 set the authentication, all license requests going forward will automatically have this custom auth token appended to it
6. License server receives request & extracts custom auth token to parse & perform additional entitlement checks
7. Licnese server generates a license to return to client device.
[ Server Code Snippet (RefImplLicenseReqHandler.java) ]
try {
ServletInputStream in = request.getInputStream();
ServletOutputStream out = response.getOutputStream();
HandlerConfiguration context = super.getHandlerContext();
ServerCredential licenseServerCred = getLicenseParams().getLicenseServerCred();
licenseHandler = new LicenseHandler(context, in, out, licenseServerCred);
licenseHandler.parseRequest();
List<? extends LicenseRequestMessage> requests = licenseHandler.getRequests();
// Multiple request in one message is not supported in FAXS 2.0 or 3.0 client.
for (LicenseRequestMessage licenseReq : requests) {
 try {
// TODO: If custom authentication is specified in the DRM policy, here is where
// you can retrieve the custom authentication token and perform custom parsing to
// determine further business rules and entitlement before issuing a license.
// The "Custom Authentication" will look like:
// 1. Client device obtains auth token using some other channel
// 2. Client device sets auth token by calling DRMManager.setAuthenticationToken()
// 3. Client makes a license request by calling DRMManager.loadVoucher()
// 4. Adobe Access Server receives request and:
// 4a) Determines Custom Auth is required by DRM Policy: licenseReq.getContentInfo().getContentMetadata().getPolicies()[0].getLicenseServerInfo(). getAuthenticationType();
// 4b) Retrieves Custom Auth token for custom parsing/handling: licenseReq.getRawAuthenticationToken()
// 5. If there are no errors when parsing the custom token, Adobe Access Server generates a license.
 V2ContentMetaData metadata = licenseReq.getContentInfo().getContentMetadata();
 ApplicationProperties applicationProperties = null;
 String usageModelString = null;
 if (metadata != null) {
 applicationProperties = metadata.getCustomProperties();
 if (applicationProperties != null) {
 usageModelString = applicationProperties.getSingleValueAsUTF8String(DEMOMODE);
cheers,
/Eric.

Google Search: '''firefox create a persona'''
* '''Personas for Firefox''' | How to Create Personas https://www.getpersonas.com/en-US/demo_create
* '''Personas for Firefox''' | Frequent Questions http://www.getpersonas.com/en-US/faq
* '''Personas for Firefox''' | Getting Started http://www.getpersonas.com/en-US/getting_started
'''I think you'd have a lot more fun with Styles though''', personas tend to hide things on toolbars, styles can be more helpful (or just as bad)
* '''Stylish''' :: Add-ons for Firefox https://addons.mozilla.org/en-US/firefox/addon/stylish/
* '''Restyle the web with Stylish!''' - userstyles.org http://userstyles.org/
* '''Scrollbar Context Menu''' - Themes and Skins for Browser - userstyles.org http://userstyles.org/styles/54
* '''Scrollbar Menu''' - Themes and Skins for Browser - userstyles.org http://userstyles.org/styles/52
* '''Link Warning''' - Themes and Skins for Mozilla - userstyles.org http://userstyles.org/styles/1301
* '''Tabs, Enlarge list-all-tabs button''' - Themes and Skins for Browser - userstyles.org http://userstyles.org/styles/18553
* '''Tabs Bar Minimal Size''' - Themes and Skins for Browser - userstyles.org http://userstyles.org/styles/9043
* '''Tab Color Underscoring active/read/unread (Fx3.6)''' - Themes and Skins for Browser - userstyles.org http://userstyles.org/styles/24728

OAM 11g: Error while importing Custom Authentication Plug-in.

We are trying to create a sample custom authentication plugin in OAM 11g as per the 11.1.1.5.0 doc.
But while trying to import the plugin via oamconsole (system configuration->Plugins->Import Plugin) we receive an error "Invalid XML Structure".
Do we have to embed the XSD (XML Schema Definition) as well ?
-------------------------SamplePlugin.java-------------------------------------
import oracle.security.am.plugin.ExecutionStatus;
import oracle.security.am.plugin.MonitoringData;
import oracle.security.am.plugin.PluginConfig;
import oracle.security.am.plugin.authn.AuthenticationContext;
import oracle.security.am.plugin.authn.AuthenticationException;
import oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn;
import java.util.Map;
import java.util.logging.Level;
class SamplePlugin extends AbstractAuthenticationPlugIn {
 private static final String CLASS_NAME = "FirstTestClass";
 public ExecutionStatus initialize (PluginConfig config){
 super.initialize(config);
 if(LOGGER.isLoggable(Level.FINE)){
 LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
 return ExecutionStatus.SUCCESS;
 @Override
 public String getDescription() {
 // TODO Auto-generated method stub
 return null;
 @Override
 public Map<String, MonitoringData> getMonitoringData() {
 // TODO Auto-generated method stub
 return null;
 @Override
 public String getPluginName() {
 // TODO Auto-generated method stub
 return null;
 @Override
 public int getRevision() {
 // TODO Auto-generated method stub
 return 0;
 @Override
 public ExecutionStatus process(AuthenticationContext arg0)
 throws AuthenticationException {
 if(LOGGER.isLoggable(Level.FINE)){
 LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
 return ExecutionStatus.SUCCESS;
 @Override
 public void setMonitoringStatus(boolean arg0) {
 // TODO Auto-generated method stub
 @Override
 public boolean getMonitoringStatus() {
 // TODO Auto-generated method stub
 return false;
-------------------------SamplePlugin.java-------------------------------------
------------------------SamplePlugin.xml--------------------------------
<?xml version="1.0" encoding="UTF-8" ?>
<Plugin name="SamplePlugin" type="Authentication">
<author>Self</author>
<email>[email protected]</email>
<creationDate>09:41:22, 2012-02-05</creationDate>
<version>1</version>
<description>SamplePlugin</description>
<interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
<implementation>SamplePlugin</implementation>
</Plugin>
------------------------SamplePlugin.xml--------------------------------
------------------------MANIFEST.MF--------------------------------
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.8.2
Bundle-Version: 1.0.0.qualifier
Bundle-Name: SamplePlugin
Bundle-Activator: SamplePlugin
Bundle-ManifestVersion: 2
Created-By: 1.6.0_24-b07 (Sun Microsystems Inc.)
Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.
plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,
oracle.security.am.common.utilities.principal,oracle.security.idm,jav
ax.naming,javax.sql,java.management,javax.security.auth
Bundle-SymbolicName: SamplePlugin
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
------------------------MANIFEST.MF--------------------------------
Contents of SamplePlugin.jar
1. SamplePlugin.xml
2. SamplePlugin.class
3. META-INF/
MANIFEST.MF

I build the Plugin.jar file similarly as above(followed the same steps)..
But when i log into OAM and trying to import the plugin (System Configuration->Plugins- Import Plugin) the browser goes to hung state and i see below error in logs (domain log and in diag log)
I see the jar file created in this location (\Middleware\user_projects\domains\IAMdomain\oam\plugins)
Please let me know if you have any idea..Thanks!
####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803273> <BEA-000000> <ADFc: /WEB-INF/adfc-config.xml: >
####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803274> <ADFC-52024> <ADFc: Duplicate managed bean definition for 'accessCheck' detected.>
####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000402> <1330549803479> <ADF_FACES-60099> <The region component with id: pt1:_lar has detected a page fragment with multiple root components. Fragments with more than one root component may not display correctly in a region and may have a negative impact on performance. It is recommended that you restructure the page fragment to have a single root component.>
####<Feb 29, 2012 1:10:33 PM PST> <Error> <javax.enterprise.resource.webcontainer.jsf.application> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833253> <BEA-000000> <java.lang.NullPointerException
javax.faces.el.EvaluationException: java.lang.NullPointerException
 at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:51)
 at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
 at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190
####<Feb 29, 2012 1:10:33 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833316> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase INVOKE_APPLICATION 5
javax.faces.FacesException: #{FileProcessor.doUpload}: java.lang.NullPointerException
 at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
 at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
 at oracle.adf.view.rich.component.rich.RichPopup$BroadcastContextCallback.invokeContextCallback(RichPopup.java:666)
 at org.apache.myfaces.trinidad.component.UIXComponentBase.invokeOnComponent(UIXComponentBa
>
####<Feb 29, 2012 1:10:33 PM PST> <Error> <oracle.oam.admin.console.policy> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833361> <OAM-400016> <Failed to authenticate the user
javax.servlet.ServletException: java.lang.NullPointerException
 at javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adf.view.rich.component.fragment.UIXRegion> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834008> <ADF_FACES-00009> <Error processing viewId: /plugin-taskflow/authplugins URI: /oracle/security/am/taskflows/authplugin.jsff actual-URI: /oracle/security/am/taskflows/authplugin.jsff.
javax.el.ELException: java.lang.NullPointerException
 at javax.el.BeanELResolver.getValue(BeanELResolver.java:266)
 at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)
 at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper._encodeAll(PanelCollectionRenderer.java:728)
 at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper.access$500(PanelCollectionRenderer.java:537)
 at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer.encodeAll(PanelCollectionRenderer.java:402)
 at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)
 at org.apache.myfaces.trinidad.render.CoreRenderer.encodeEnd(CoreRenderer.java:335)
 at org.apache.myfaces.trinidad.component.UIXComponentBase.encodeEnd(UIXComponentBase.java:767)
 at javax.faces.component.UIComponent.encodeAll(UIComponent.java:937)
####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834020> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6
javax.faces.FacesException: javax.el.ELException: java.lang.NullPointerException
 at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:804)
 at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:294)
 at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:214)

Oracle ADF 11g – Authentication using Custom ADF Login Form Problem

Hi Guys,
I am trying to Authenticate my adf application using custom Login Form.
following this..
http://www.fireboxtraining.com/blog/2012/02/09/oracle-adf-11g-authentication-using-custom-adf-login-form/#respond
But my Login Page is not Loading.I think its sending request in chain.my jdev version is 11.1.1.5.Any Idea.
Thanks,
Raul

Hi Frank,
I deleted bounded code and In another Unit Test I created a simple login.jspx page and applied form based authentication but still facing same problem means something wrong in starting.
My login.jspx page is
<?xml version='1.0' encoding='UTF-8'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
 xmlns:f="http://java.sun.com/jsf/core"
 xmlns:h="http://java.sun.com/jsf/html"
 xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
<jsp:directive.page contentType="text/html;charset=UTF-8"/>
<f:view>
 <af:document id="d1" >
 <af:form id="f1" >
 <af:panelFormLayout id="pfl1">
 <af:inputText label="USERNAME" id="it1"
 />
 <af:inputText label="PASSWORD" id="it2"
 />
 <af:commandButton text="LOG IN" id="cb1" />
 <f:facet name="footer">
 </f:facet>
 </af:panelFormLayout>
 </af:form>
 </af:document>
</f:view>
</jsp:root>
Don't know wht real problem is

OAM 11gR2 Authentication using username/password/additional ldap field

I want to add additional credential parameter along with username and password to be validated against LDAP.
Is there any out of the box solution for authentication using username/password/additional ldap field in OAM 11gR2?
This solutions exist in 10g and could not find any OOB feature in 11g.

Do you need to accept additional parameter from user via login form & then use it in credential mapping step
Not sure if %% syntax would work .. havent tried it. next option is to develop custom authentication plugin
Additional ldap attribute against static value
If you need to add additional ldap attribute (check against static value) that you can specify in LDAP search filter in "User Identification plugin" configuration
Take a look at "MTLDAPPlugin" under custom authentication modules
Hope this helps

Redirect to custom url after successful authentication by OAM

Hello,
I need to redirect the user to some custom url instead of original requested url after successful authentication in OAM 11.1.2 (11g release2).
The requirement in my case is depending upon the user type and the region(one of the user's ldap attributes) it belongs to, it should be redirected to one of the 2 available applications.
I have tried implementing the same using custom authentication plugin in which I have used RedirectionActionContext class.
I have also tried setting plugin response as REDIRECT and specifying the custom page url.
I have also tried changing the "resource_url" parameter in authentication context.
However, none of above approaches are working.
Can anybody help me?
Thanks,
Purva

Hello,
I have exactly the same requirement. Have you solved the problem?
Thanks,
Purva

OAM Authentication Modules for 11g

Is it possible to have OAM 11g do a second authentication with either RSA or a Radius server? We want the user to login with the user name and password and then do a second auth with a physical token before allowing access.
Thanks.

Hi!
I had exactly the same requirment. Besides user and password, I needed to validate
RSA token. We started a Service Request to ask for it, because it was posible
in 10g but not in 11g.
We had two options:
1. Wait for the new release
2. Develop a custom plugin
We went for option 2. We created a custom authentication login which called
a WebService for validating RSA token. That plugin was added as
a final step after user identification and user authentication. This option will be
temporary, but it saved my job and the reputation of Oracle Access Manager, jajajja
You can find more information on how to develop a custom plugin at
[http://docs.oracle.com/cd/E21764_01/doc.1111/e12491/authnapi.htm]
Best regards,
from Mexico city
Jesús García

Custom Token authentication using OAM 11g

Similar Messages

Maybe you are looking for