Disable OIM-OAM11g Integration

Similar Messages

• OIM AD Integration - 'User must change password at next logon'

  Hi,
  These are the issues in OIM AD integration that we are stuck up on:
  Issue:
  1. When OIM Admin resets the password for User1 in OIM, the password is propagated to AD but the ‘User must change password at next logon’ attribute is not updated in AD. As a result, if the User1 logs into AD account (i.e. computer), there is no prompt to change the password.
  2. When AD Admin resets the password for User1 in AD and checks the ‘User must change password at next logon’ flag, the password is propagated to OIM but the ‘obpasswordchangeflag’ attribute (of oblixPersonPwdPolicy class) is not updated in OID. As a result, if the User1 logs into OIM account, there is no prompt to change the password.
  Research:
  1. For case 1 above: When OIM Admin resets the password for User1, the ‘User must change password at next logon’ attribute on the AD process form itself is not getting updated. So the AD Connector doesn’t propagate the attribute to AD.
  2. For case 2 above: When the AD Admin resets the password for User1 in AD, the AD Password Sync connector only sends the password to OIM and not other attribute. So, there is no way to fetch the ‘User must change password at next logon’ attribute and then copy it into ‘obpasswordchangeflag’ attribute in OID.
  Environment Details:
  1. OIM-OAM-OAAM 11.1.1.5 BP02 integrated using OVD-OID 11.1.1.5
  2. AD on WIN 2008 R2.
  3. OIM AD Connector 9.1.1.7.2
  4. AD Password Sync Connector 9.1.1.5
  Any help would be highly appreciated!
  Thanks,
  Kulesh...

  Thanks for your reply again.
  I did not get you completely here. Can you please elaborate on the "process task on the AD Process which passes along the USR_PWD_MUST_CHANGE and immediately sets it to 0 this should work". How many total additional tasks would be needed here?
  what all targets are you provisioning the password to?
  - AD and OID (through LDAPSYNC)
  where are end users allowed to change their passwords on (OIM,AD....??)
  - Both OIM and AD.
  Where can admins change the passwords?
  - Currently they use ARS for such purposes but this is something we need to clearly define. The thing is, they use ARS for whole lot of purposes and we can't dictate/restrict them to use OIM only for password resets. So they may use ARS or OIM.
  What do you suggest?
  Edited by: Kulesh Kane on Nov 8, 2012 11:43 AM

• OIM-OAM integration and LDAP Sync

  Hello All, I have deployed OIM 11g R2 and OAM/OVD 11.1.1.5. Now I need to enable LDAP sync for OIM-OAM integration and I'm not allowed to extend Oracle schema in AD. So I decided to use OUD for FMW schema and I have completed all those steps and OUD is up and running. Since my enterprise directory is AD and OUD is my FMW directory, I need to think of a split profile setting in OVD. I'm following this link http://fusionapplications-ateam.blogspot.com/2012/04/split-profiles-with-ad-and-oid-for.html for this deployment. I have OVD adapters configured for AD, OUD, Join view and changelog. The link does not clearly explain the steps in OIM for LDAP Sync.
  When I configure LDAP Sync in OIM, should I point the sync to the OUD users container?
  When and how this cn=shadowentries container will be used? I understand that the password (obattributes) are used for password management by OAM, but wondering where will that get stored in OUD?
  Please let me know your thoughts.
  Thanks.

  Hi,
  when I use url:
  http://idm1:14000/admin/faces/pages/Admin.jspx
  I get Access Manager login page, I can click links: register new user, reset password and I get correct OIM pages. But when I type xelsysadm and password I get error on the next page:
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.2 401 Unauthorized
  I can't logon to EM, OAMconsole, Weblogic etc. when the OAM is running. In OIM log I got errors from oam-agent: "User is not authorized to access resource, MinorCode: DENY, MajorCode: DENY".
  I have got user xelsysadm in OIM and in LDAP, when the OAM is not running I can login to OIM, create users in OIM (they appear in OID) etc. The user xelsysadm is added to group: OAMAdministrators. Also when I try to logon to OAM console (http://idm1:7001/oamconsole) using orcladmin name I get error: Access to administration console is restricted. But when I use weblogic username (the user is in OAMAdministrators group in OID) i can get OAMconsole.
  How can I change logon type in OIM?
  best
  mp
  Edited by: J23 on 2011-01-10 00:47

• OIM - AD integration info required

  Hello Experts,
  I want to integrate OIM with AD. For your information, I have installed OIM 11g on my windows system and all other things are like database are on my windows system only, Kindly suggest me about the about OIM-AD integration.
  Also tell me if I can create vm for AD???
  what is the difference between AD and OID?? Suggest which should I install?
  what are all the things which I can perform after this integration,??
  As am doing this for learning purpose and am a newbie please suggest from the basics.
  Any information about AD usage will be very helpful.
  Kindly suggest...
  Regards,
  KK

  I don't know how much RAM you have in your machine. If you have VM for AD again you required around 1-2 GB of RAM.There is no seprate installer of AD. For Active Directory(AD) you have to have the VM for windows 2003 or windows 2008 server. where you will configure and enable Active Directory for OIM integration.
  Better you can install OID in your Local windows machine if you have enough memory. Both AD and OID are directory server and based on LDAP protocol. Where OID is oracle product and AD is Microsoft product.
  You won't get much diff on functional level. But there are architectural diff is there. As OID use its own Database(oracle DB) internally where AD don't use DB.
  Once you setup with the target systems download online OOTB connectors and start with integration.
  Connector doc has all the required steps to move on.
  www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html

• OIM - OIA integration documentation

  hi,
  i am facing some issues in OIM-OIA integration.
  version used:
  OIM ( Version: 9.1.0.1866.47 )
  OIA 11gR1 where we have applied bundle patch 11.1.1.3_bp04
  can anyone please share with me the link or guide for integrating OIM ( Version: 9.1.0.1866.47 ) and OIA 11gR1
  Thanks in advance.

  Hi,
  Those are not a really a document, but I think will be helpful for you, because helped me as well.
  1-http://cn.forums.oracle.com/forums/thread.jspa?messageID=9612293
  2-OIM & OIA 11g integration
  3--http://www.identigral.com/blog/2009/10/19/oracle-identity-analytics-11g
  I hope this help.
  Thiago Leoncio Guimaraes

• OIM-SOA integration

  Hi all,
  please provide me the document to know how the integration of OIM and SOA is done.
  thank you.

  OIM-SOA integration ????
  SOA is a required component before you install OIM 11g. Are you looking for how to install SOA before OIM install ?
  Thanks
  GK

• Disabling OIM User

  Hello Experts,
  this is our problem:
  - we disable an OIM user (so his Resources results disabled)
  - we do a change in disabled user's attributes
  - the disabled resources still have provisioning events, and the change done in OIM user is transmitted to target systems
  Why a change on disabled user's attributes is still provisioned also if user's resources are disabled??
  Thanks in advance,
  Best Regards
  AT

  Thanks for your answer,
  I examined the ProcessDefinition for SAP ECC resource, I found the standard adapter "SAPU Modify User" that is invoked during the update process. Its class seems to be oracle.iam.connectors.sap.usermgmt.integration.SAPUMUtilUserProvisionManager from SAP.jar, but are you sure that is a good idea to modify a standard class?
  Anyway I don't know the path to get SAP.jar...
  Could you suggest me some tutorial?
  Sorry but I'm a newbe..
  Thanks and Best Regards,
  AT

• OIM-OAM integration error

  Have the following:
  OAM - 11.1.1.5
  OIM - 11.1.2
  Following this guide - http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oim.htm#CHDHGEHJ
  While running idmConfigTool.sh -configOIM script, I get the following errors:
  Mar 13, 2013 10:43:03 AM oracle.idm.automation.impl.oim.handlers.OIMIntegrationHandler performConfigOIMOperations
  WARNING: java.lang.UnsupportedOperationException: Could not find MBean operation "registerThirdPartyTAPPartner(java.lang.String, java.lang.String, java.lang.String, java.lang.String)" for MBean registered un
  der "com.oracle.oam:name=OamWLST,type=oam.wlst,Application=oam_admin,ApplicationVersion=11.1.1.3.0" and implemented by "class oracle.security.am.wlst.management.FoundationConfigMXBeanImpl"
  ~
  Has anyone seen this? Please let me know. I confirmed from support earlier that OAM 11.1.1.5 is supported for integration with OIM 11.1.2.
  Thanks.

  This is a bug. Patch 12733108 (OAM BP02) has to be applied. The script worked fine after the patch.
  Sunil.

• Facing issue when LDAPSync is enabled for OIM-AD integration with SSL enabled

  Hi
  We are performing LDAPSync for OIM AD real time sync.We have done all configuration as per oracle documentation on LDAPSync for OIM 11gR2 : http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm The OIM environment we tested is the latest OIM version OIM 11gR2 PS1 (11.1.2.1.0).
  WE have performed LDAPSync enablement on postinstallation of OIM .So we dont have OVD , we have configured libOVD as mentioned in this doc.
  We have performed following  steps mentioned in this document  in our OIM environment.
  3.1 Enabling Post installation LDAP Synchronization
  3.3 Creating Identity Virtualization Library (libOVD) Adapters and Integrating With Oracle Identity Manager
  As attribute like password  might be not getting updated in AD from OIM , we have configured SSL enabled integration in LDAP sync as mentioned in above document.
  We implemented this step  3.4.1 Enabling SSL Between Identity Virtualization Library (libOVD) and Microsoft Active Directory,
  but here it is not properly mentioned that about how to import public key certificate of AD into OIM envirioment for SSL.
  We are getting following error message in logs : Looking at logs it looks like the import of AD SSL certificate did not happen properly in OIM environment. But ,we have imported it using keytool and OVD keystore ...please let us know if we are missing any configuration in this process.Above oracle document is not pretty clear on this.
  <Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-40118> <Could not automatically detect binary attribute list: simple bind failed: 10.88.164.231:636.>
  <Dec 7, 2013 12:22:53 AM IST> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.JNDIConnectionPool> <OVD-60024> <Connection error: simple bind failed: 10.88.164.231:636.>
  <Dec 7, 2013 12:22:53 AM IST> <Error> <oracle.ods.virtualization.engine.backend.jndi.LDAP2.BackendJNDI> <OVD-60143> <[#LDAP2]  Unable to create connection to ldap://[10.88.164.231]:636 as null.
  javax.naming.CommunicationException: simple bind failed: 10.88.164.231:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
  at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:195)
  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
  at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
  at javax.naming.InitialContext.init(InitialContext.java:223)
  at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
  at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
  at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:415)
  at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:250)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:219)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:728)
  at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
  at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
  at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
  at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
  at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.get(UserManagement.java:742)
  at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:314)
  at oracle.ods.virtualization.engine.chain.PluginChain.runGet(PluginChain.java:211)
  at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:351)
  at oracle.ods.virtualization.engine.chain.PluginManager.runGet(PluginManager.java:316)
  ...more
  Caused By: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1675)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:94)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
  at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:414)
  at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:387)
  at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:332)
  at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:190)
  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2720)
  at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
  at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
  at javax.naming.InitialContext.init(InitialContext.java:223)
  at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:463)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:494)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:156)
  at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:163)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:984)
  at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:927)
  ...more
  Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
  at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:57)
  at sun.security.validator.Validator.getInstance(Validator.java:161)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:108)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:204)
  at oracle.ods.virtualization.engine.util.OVDTrustManager.checkServerTrusted(OVDTrustManager.java:99)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
  at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
  Let us know for any helpful pointers on this
  Thanks in advance,
  RPB25

  Use the steps given below to perform import public key certificate of AD into OIM envirioment for SSL
  Obtain the AD Certificates from the AD Administrator.
  Copy the AD Certificates to the directory /jrockit-jdk1.6.0_20/jre/lib/security
  Run the following command to import all the certificates
  /jrockit-jdk1.6.0_20/bin/keytool -import -alias <provide_alias> -file <file-name> -keystorecacerts -storepasschangeit
    4. The CA certificates are now present in the trust store.

• OAM11g integration issue

  Dear All,
  I am trying to integrate OAM11g with OBIEE11g.
  The resource is https://host/analytics/saw.dll
  where <host> is load balancer
  here is the mapping within http.conf
  <VirtualHost *:7777>
  ServerName https://host:443
  ServerAdmin [email protected]
  RewriteEngine On
  RewriteOptions inherit
  <IfModule ossl_module>
  SSLEngine off
  </IfModule>
  </VirtualHost>
  I have 2 OBIEE nodes with load balancer in front of it.
  when URL is selected, OAM login page appears,user is successfully authenticate against LDAP in OAM, session for the user is created in OAM 11g, but when control is passed to OBIEE the error message is dispayed:
  "You are not currently signed in to the Oracle BI Server.
  If you have already signed in, your connection might have timed out, or a communications or server error may have occurred.
  To sign in again, click here. If the problem persists, please contact the site's administrator."
  the integration steps were executed as per "Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Business Intelligence"
  (Chapter 9)
  http://docs.tpu.ru/docs/oracle/en/fmw/11.1.1.6.0/doc.1111/e15722.pdf
  In addition, When I am trying to validate resource via Oracle Access Manager Test Tool I am getting the following message:
  [6/11/12 11:04 PM][request][validate] no
  [6/11/12 11:04 PM][response] Major code: 5(ResrcOpNotProtected) Minor code: 2(NoCode)
  What could be the issue?
  thank you for your feedback

  Hi Shikha,
  I would definitely try this with the 10.1.4.3 WebGate, and the latest BP (13) applied. There were a couple of bugs related to MSIECompatibleAgents that were fixed (not sure that they cause the problem you see, but are a possbility). Failing that, comparing the http header traces of failing IE and successful Firefox session might give some clues as to the cause of the problem.
  Regards,
  Colin

• OIM 11g integration AutoLogin error (first login or forgot password)

  Hi,
  We are currently integrating OAM+OIM 11g (R2). We have used a 10g webgate for this.
  When the user logs in for the first time, and sets his password and answers the challenge questions, he should be "Auto logged in" when he is finished.
  The same scenario should happen, if the user forgot his password, and resets it. He should be "Auto-logged in" when finished.
  This is not happending for us.
  The OIM logs tells us this:
  ERROR: Autologin failed oracle.iam.ui.platform.sso.exception.AutoLoginException: Error occured while retrieving TAP partner key from Credential store
  We have tried to verify everything recommended by this Oracle Support article:
  How to Solve Autologin problems in OIM with OAM? [ID 1475297.1]
  Any ideas what we are missing?
  Thanks & Regards,
  Henrik

  Maybe this is a something?
  Whate should the value of the property OAM_SERVER_VERSION be, when running idmConfigTool.sh and using a 10g webgate for the integration?
  Chapter 7.6 in the integration documentation states this:
  OAM_SERVER_VERSION: 11g (use 10g if Oracle Access Manager 10g is used)
  http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oim.htm#CACFCJHI
  Under chapter 2.4.5 in the idmConfigTool documentation it's described like this:
  OAM_SERVER_VERSION: Required only when Access Manager server does not support 11g webgate in Oracle Identity Manager-Access Manager integration. In that case, value should be provided as '10g'.
  http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/idmcfgtool.htm#CIHCICHD
  When we ran the script, we had the value set to "11g" (because that's our OAM version)... now I'm wondering if I need to set this value at all..
  Regards,
  Henrik

• OIM - AD Integration

  Hi Gurus,
  Does anybody had problem with Remove User From Group task?
  It seems that task is disabling AD user account instead of removing only the groups.
  AD user was provisioned by access policies. By change user attributes, new access policy is applied.
  Any help will be very appreciated.
  Carlos

  If resource object is still in Enabled state then it really shouldn't be the AP that is responsible.
  Something else must be doing this unless you have Gremlins in your system (or a very creative OIM programmer).
  I would consider network sniffing to see what actually is going on. Some pointers: http://iamreflections.blogspot.com/2010/08/how-i-learned-to-stop-worring-and-love.html

• OEG11g -OAM11g Integration

  I followed the link http://www.oracle.com/technetwork/middleware/id-mgmt/documentation/oam11g-oeg-integration-guide-428888.pdf to integrate OAM 11g with OEG 11g.
  Access Server SDK Version: 10.1.4.0.1
  OAM ersion: 11.1.1.5
  OEG: 11.1.1.5
  But I could not complete the integration. When I test the policy using Service Explorer, I always get Response[HTTP/1.1 500 ERROR].
  In the OEG logs i get the below error.
  ERROR 25/Sep/2011:01:01:07.640 [01bc] The message [Id-00013169
  26867625-c1087d454e7eb5932f016c6c-1] logged Failure at 09.25.2011 01:01:07,640 with log description: Filter failed
  ERROR 25/Sep/2011:01:01:07.640 [01bc] The message [Id-0001316926867625-c1087d454e7eb5932f016c6c-1] logged Failure at 09.25.2011 01:01:07,640 with log desc
  ription: Filter failed
  ERROR 25/Sep/2011:01:01:07.640 [01bc] Filter that caused failure: ServiceHandler for 'addition_withsyncbpel_client_ep'
  ERROR 25/Sep/2011:01:01:07.640 [01bc] Policy '/soa-infra/services/default/Addition_Project/addition_withsyncbpel_client_ep' {
  ERROR 25/Sep/2011:01:01:07.640 [01bc] Filter 'Service Handler for 'addition_withsyncbpel_client_ep'' Status: FAILED
  ERROR 25/Sep/2011:01:01:07.640 [01bc] Filter '1. Request from Client' Status: FAILED
  ERROR 25/Sep/2011:01:01:07.640 [01bc] Filter 'Before Operation-specific Policy' Status: FAILED
  ERROR 25/Sep/2011:01:01:07.640 [01bc] Policy 'Request from Client: Before Operation Hooks' {
  ERROR 25/Sep/2011:01:01:07.640 [01bc] Filter 'Validate Client's WS-Security UsernameToken' Status: FAILED
  ERROR 25/Sep/2011:01:01:07.640 [01bc] }
  ERROR 25/Sep/2011:01:01:07.640 [01bc] }
  ERROR 25/Sep/2011:01:01:07.640 [01bc] Service Handler for 'addition_withsyncbpel_client_ep' filter failed
  ERROR 25/Sep/2011:01:02:33.890 [0b08] java exception:
  com.vordel.common.VordelException: Could not find the Soap Header block which should have WS block
  at com.vordel.common.util.VersionHandler.createWSBlockInfo(VersionHandler.java:232)
  at com.vordel.common.util.VersionHandler.getWSBlockInfo(VersionHandler.java:201)
  at com.vordel.common.util.VersionHandler.getWSBlockInfo(VersionHandler.java:179)
  at com.vordel.security.auth.WsAuthN.getWSUsernameTokenDetailsFromActor(WsAuthN.java:297)
  at com.vordel.security.auth.WsAuthN.authenticate(WsAuthN.java:62)
  at com.vordel.circuit.authn.WsUsernameTokenProcessor.invoke(WsUsernameTokenProcessor.java:78)
  at com.vordel.circuit.CircuitInvocation.invokeFilter(CircuitInvocation.java:162)
  at com.vordel.circuit.CircuitInvocation.runCircuit(CircuitInvocation.java:123)
  at com.vordel.circuit.CircuitDelegateProcessor.invoke(CircuitDelegateProcessor.java:44)
  at com.vordel.circuit.CircuitInvocation.invokeFilter(CircuitInvocation.java:162)
  at com.vordel.circuit.DelegatingProcessor.callCircuit(DelegatingProcessor.java:50)
  at com.vordel.circuit.DelegatingProcessor.callCircuit(DelegatingProcessor.java:42)
  at com.vordel.circuit.ws.OperationProcessor.invoke(OperationProcessor.java:125)
  at com.vordel.circuit.CircuitInvocation.invokeFilter(CircuitInvocation.java:162)
  at com.vordel.circuit.ws.WSProcessor.callChain(WSProcessor.java:281)
  at com.vordel.circuit.ws.WSProcessor.invoke(WSProcessor.java:251)
  at com.vordel.circuit.CircuitInvocation.invokeFilter(CircuitInvocation.java:162)
  at com.vordel.circuit.CircuitInvocation.runCircuit(CircuitInvocation.java:123)
  at com.vordel.circuit.CircuitInvocation.processMessage(CircuitInvocation.java:264)
  at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:27)
  at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:197)
  at com.vordel.dwe.http.WebServicePlugin.invokeDispose(WebServicePlugin.java:103)
  at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:121)
  ERROR 25/Sep/2011:01:02:33.890 [0b08] Failed to authenticate user [null]
  ERROR 25/Sep/2011:01:02:33.890 [0b08] java exception:
  com.vordel.circuit.authn.VordelAuthNException: No Username Security Token found in the WS block with actor: current actor
  at com.vordel.security.auth.WsAuthN.getWSUsernameTokenDetailsFromActor(WsAuthN.java:301)
  at com.vordel.security.auth.WsAuthN.authenticate(WsAuthN.java:62)
  at com.vordel.circuit.authn.WsUsernameTokenProcessor.invoke(WsUsernameTokenProcessor.java:78)
  at com.vordel.circuit.CircuitInvocation.invokeFilter(CircuitInvocation.java:162)
  at com.vordel.circuit.CircuitInvocation.runCircuit(CircuitInvocation.java:123)
  at com.vordel.circuit.CircuitDelegateProcessor.invoke(CircuitDelegateProcessor.java:44)
  at com.vordel.circuit.CircuitInvocation.invokeFilter(CircuitInvocation.java:162)
  at com.vordel.circuit.DelegatingProcessor.callCircuit(DelegatingProcessor.java:50)
  at com.vordel.circuit.DelegatingProcessor.callCircuit(DelegatingProcessor.java:42)
  at com.vordel.circuit.ws.OperationProcessor.invoke(OperationProcessor.java:125)
  at com.vordel.circuit.CircuitInvocation.invokeFilter(CircuitInvocation.java:162)
  at com.vordel.circuit.ws.WSProcessor.callChain(WSProcessor.java:281)
  at com.vordel.circuit.ws.WSProcessor.invoke(WSProcessor.java:251)
  at com.vordel.circuit.CircuitInvocation.invokeFilter(CircuitInvocation.java:162)
  at com.vordel.circuit.CircuitInvocation.runCircuit(CircuitInvocation.java:123)
  at com.vordel.circuit.CircuitInvocation.processMessage(CircuitInvocation
  .java:264)
  at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:27)
  at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:197)
  at com.vordel.dwe.http.WebServicePlugin.invokeDispose(WebServicePlugin.java:103)
  at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:121)
  ERROR 25/Sep/2011:01:02:33.890 [0b08] The message [Id-0001316926953890-1c7267a34e7eb5e9370b6c6c-1] logged Failure at 09.25.2011 01:02:33,890 w
  ith log description: Filter failed
  ERROR 25/Sep/2011:01:02:33.890 [0b08] The message [Id-0001316926953890-1c7267a34e7eb5e9370b6c6c-1] logged Failure at 09.25.2011 01:02:33,890 with log description: Filter failed
  ERROR 25/Sep/2011:01:02:33.906 [0b08] Filter that caused failure: ServiceHandler for 'addition_withsyncbpel_client_ep'
  ERROR 25/Sep/2011:01:02:33.906 [0b08] Policy '/soa-infra/services/default/Addition_Project/addition_withsyncbpel_client_ep' {
  ERROR 25/Sep/2011:01:02:33.906 [0b08] Filter 'Service Handler for 'addition_withsyncbpel_client_ep'' Status: FAILED
  ERROR 25/Sep/2011:01:02:33.906 [0b08] Filter '1. Request from Client' Status: FAILED
  ERROR 25/Sep/2011:01:02:33.906 [0b08] Filter 'Before Operation-specific Policy' Status: FAILED
  ERROR 25/Sep/2011:01:02:33.906 [0b08] Policy 'Request from Client: Before Operation Hooks' {
  ERROR 25/Sep/2011:01:02:33.906 [0b08] Filter 'Validate Client's WS-Security UsernameToken' Status: FAILED
  ERROR 25/Sep/2011:01:02:33.906 [0b08] }
  ERROR 25/Sep/2011:01:02:33.906 [0b08] }
  ERROR 25/Sep/2011:01:02:33.906 [0b08] Service Handler for 'addition_withsyncbpel_client_ep' filter failed
  In OAM, I even changed the User Identity Store from Embedded LDAP to AD but no luck.
  Does any one got this error?
  Appreciate your help.

  Hi community,
  I have a problem with the integration between oracle access manager 11g and Oracle identity Federation. I want propagate the credential from an application called WSebra to Oracle Access Manager with a SAML Assertion. I have tested the procedure of the integration guide of Oracle "Integration Guide for Oracle Access Manager E15740-04" but not work.
  I want know if is possible propagate the credentials betwen an application that send SAML Assertion like WSebra and Oracle Access Manager 11G and if is possible the procedure of integration, i don´t use WebGate i just need propagate the credentials from wsebra to Access Manager. Wsebra has an authentication mechanism with an LDAP system and make the work of authentication, Access Manager must create the Session.
  At this point, i create and identity provider and service provider with Oracle Single Sign-On like the integrattion manual describe and i get the message:
  Resultado de Autenticación de SSO: Fallo de Autenticación
  Código de Estado Secundario de SSOUNKNOWN_PRINCIPAL
  And in the log i get the next message:
  Authentication instant was not sent from the authentication engine.
  Please i need help with this topic because we must integrate this products for a migration process, we want migrate from SUN ACCESS MANAGER to Oracle Access Manager 11g, the SUN ACCESS MANAGER has the SAML setting out of the box. Oracle Access Manager 11g doesn't has SAML and RSA authenticacion is very bad, and we have many problems for this features.
  Thanks.

• Is there a way to disable OIM entity adapters while doing batch upload ?

  Hi experts,
  I have an adpater to generate UserID from a sequence based on user-type for creation of OIM users thru web UI.
  I have attached this to Users form in data object manager.
  We also have a 3-step batch bulk procedure from CSV file which checks data enterd, generates pword email etc etc and builds CSV file with records to be inserted.
  In the 3rd step, scheduled task runs with CSV file as input and creates users in OIM DB.
  The problem is the entity adapters are also getting triggerd which generate another UserID for each user created.
  This leads to loss in sequence numbers.
  Is there any way of disabling this ?? We need to have both in place, but this conflict should not arise ..
  Please advice.
  Regards,
  Chetan

  Even if i check the value of that UDF and execute the code to generate UserID based on that value,the function still has to return a value right ??Attach entity adapter at Post Insert.
  Create UDF with Default value "CSV".
  Add one more parameter in your java class which is responsible for generating userid.
  You can directly map UDF with Class Parameter.
  if (UDF == CSV){
  Don't Generate
  else {
  Generate with your logic
  And if that function is getting called for every user record in the CSV file, then i cant return a dummy value for it as well .You can use update User API of tcUserOperations

• OIM - OIA Integration

  Hi guys!
  It's is possible integrate OIA 11g ( *11.1.1.3.0* ) when it's deployed in Apache Tomcat ( *6.0.18* ) and OIM 11g ( *11.1.1.3.0* ) is deployed in Weblogic ( *11.1.1.3.0* )?, because the documentation (http://wikis.sun.com/display/OIA11gDocs/System+Integrator%27s+Guide) suggest two ways to do it ( Preferred and Deprecated Methods).
  I'm already using the Deprecated method due to I cannot download the Bundle Patch (BP3) for OIA that is neccesary for using Preferred Method.
  When I'm configuring my Provisioning Server (OIM) in OIA I see the field Initial Context Factory but the documentation doesn't show nothing about tomcat and I don't know what value must be here.
  I need your help with this value!
  Thanls in advance

  When you have OIA and OIM on different servers, you need the oim config directory FTP'd from the OIM server to the OIA server.
  Therefore, the Xellerate Home and Login Config settings are then set with the locations on the configs on the OIA server where you have copied these directories to. This will reslove the problem.
  After solving the above error I proceeded with a new error!! Can anyone help?
  Thor.API.Exceptions.tcAPIException: Error while getting utility Thor.API.Operations.tcUserOperationsIntf