How to deploy Portal to Oracle identity Federation 10.2.0.4 ?

Similar Messages

• Oracle Identity Federation or Microsoft ADFS

  Hi,
  There are two companies A & B having an isolated infrastructure. Currently we have an architecture where Company A is providing OAM-IWA based SSO functionality for its own users and not for Company B users. If Company B also wants to avail the benefits of IWA/SSO for an application hosted in Company AS what should they do? Please advise-
  1. Implement Microsoft ADFS? Company B may not like it because they think ADFS might expose confidential attributes to Company A?
  2. Implement Oracle Identity Federation? How will that fit in if we have OAM in place? Can OAM authenticate half of the user base and OIF do the rest? Pls advise
  3. Implement OVD? I am not sure if OVD can authenticate userbase against AD credentials?
  Pls let me know.
  Thanks,

  Since company A and B have isolated infrastructures, I assume they are separate companies and on separate networks, with the internet as the network that will allow users from company B to access the application hosted by company A. And I assume the application is a web application.
  First, IWA is a function of the IIS web server and suppported browsers (IE and Firefox) and is independent of OAM or OIF. OAM 10g supports IWA when running a webgate on the IIS web server that is configured to accept IWA authentication. IWA will work on the Intranet, so employees of company A can use IWA to SSO to OAM in their environment. Likewise, if company B has their own deployment of OAM, they can use IWA to SSO their users to their instance of OAM.
  If you deploy OAM 11g, there is no longer a dependency on IIS because OAM 11g support Windows Native Authentication. You can read OAM 11g documentation for details on WNA.
  1) Regarding use of ADFS, I have no comment as I am not familiar with the details of ADFS.
  2) Regarding using OIF, some questions and clarifications
  - Does company B own a web SSO and/or federation product? Do they own OAM? Do they own OIF? If not, they'll need something that speaks SAML or another federation protocol supported by OIF.
  - For company A, you can buy OIF and integrate with OAM, if necessary. Since company A is hosting the application that company B employees want to get to, they would most likely be configured as the service provider/relying party.
  - For company B, you can buy OIF and integrate with OAM. And OAM can integrate with IWA. So a user could use IWA to seamlessy SSO to OAM and then follow a federation enabled link to company A's app and seamlessy SSO to that as well.
  - There is some integration work to be done here. Specificaly, company B needs to have a way to send its users over to company A so they can import them into company A's app. You need to exchange some metadata and agree on a unique identifier to identify the users. Or if the app works by having company B users access it as a generic user or something, you need to set something up for that (such as passing the generic userID in the SAML assertion).
  - I would probably deploy the app such that there were two entry doors. One door would be for company A's employees and would be internally accessible only and protected by OAM. Then I would have an externally accessible door that relied on OIF SAML and was configured as a relying party for company B's employees.
  3) regarding OVD, I don't see how that is going to help you since each company is on a separate isolated infrastructure.

• Integrating Oracle Identity Federation with homegrown SSO solutions

  Hello,
  We are trying to integrate Oracle Identity Federation with a home grown SSO solution.
  The OIF FAQ document mentioned that Oracle provides programmatic interfaces to achieve this.
  But I did not find any javadocs / samples on how this can be done.
  Can anybody throw some insight into this..
  Thanks

  Hi Easwaran,
  You need to upload the SAML 2.0 IdP/SP metadata for the peers you want to federate with. OIF will verify the metadata and add the peers in its Circle of Trust as IdP or SP depending on the metadata upoaded. If the peer is going to play both IdP and SP roles, you need to upload both the metadata files.
  Similarly, in case you need to provide the peer your metadata, OIF makes this available at http(s)://host:port/fed/idp/metadatav20 (SAML 2.0 IdP metadata) or http(s)://host:port/fed/sp/metadatav20 (SAML 2.0 SP metadata) as required.
  -Vinod

• Oracle Identity Federation

  Hi,
  How to configure Global Logout using Oracle Identity Federation ?
  Please provide the answer in detailed steps, if possible.
  Thanks.

  Not that much to configure really. Look through [this link|http://download-west.oracle.com/docs/cd/B28196_01/idmanage.1014/b25355/configuring.htm#BCGJGEJD].
  -Vinod

• Oracle Identity Federation - High Availability

  Hello,
  We are trying to figure out the high availability options supported by the Oracle Identity Federation. While reading the documentation we find it a bit confusing. We read the OIF Administrator Guide here: http://download.oracle.com/docs/cd/E10773_01/doc/oim.1014/b25355/advtopics.htm#CHDBCDFG
  In Section "9.4 High Availability" it said that "Oracle Identity Federation supports the Cold Failover Cluster (CFC) or active-passive high availability configuration,". In the Application Server 10g guide also said the same and explicitly said that the active-active configuration is not supported for the OIF.
  Then in Section "9.5 Setting Up a Load Balancer with Oracle Identity Federation" it explains how to set up a load balancer for the OIF. When it explains this it says that we can have several instances of OIF in different machines, configured with a load balancer. All these instances share the same transient database where the sessions are stored.
  Which is the difference between this load-balancer-based configuration and an active-active high availability configuration? If one node of the load-balancer configuration goes down, the sessions administered by him are lost? That is the difference?
  Thanks!
  Leonardo

  Hi
  I am not very sure about High Availability configuration but for Load balancer as mentioned in the document, You have to have both the instances sharing transient database where sessions will be stored.
  If both the OIF instances are not sharing transient database and you have LB sharing load, It will not work as sessions will be store in memory. So sessions from one OIF instance will not be known and available to the other instance of OIF.
  Thanks
  Kiran Thakkar

• Error in Oracle identity federation SSO testing

  Hi All
  I need help on oracle identity federation task. Any one please try to give solution for my bug. Am new to this product .Comming to issue am following below mentioned link ( http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/oif/11g/r1/oif_tran_map/oif_tran_map.htm#top ) . as per document i created two machines one for Service provider and another one for identity provider. at last am trying to test the SSO between the both SP & IDP one pop up window is appering when i pass the credentials the below mentioned error am getting .
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  *10.4.2 401 Unauthorized*
  *The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.
  Any one please try to give solution for this bug or else please give me the hints perform my task ( Transient Federations ).

  Hi All
  I need help on oracle identity federation task. Any one please try to give solution for my bug. Am new to this product .Comming to issue am following below mentioned link ( http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/oif/11g/r1/oif_tran_map/oif_tran_map.htm#top ) . as per document i created two machines one for Service provider and another one for identity provider. at last am trying to test the SSO between the both SP & IDP one pop up window is appering when i pass the credentials the below mentioned error am getting .
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  *10.4.2 401 Unauthorized*
  *The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.
  Any one please try to give solution for this bug or else please give me the hints perform my task ( Transient Federations ).

• Enterprise Deployment Guide for Oracle Identity Management 11g

  Hi,
  I am looking for Enterprise Deployment Guide for Oracle Identity Management 11g for latest verion 11.1.1.5
  Please help
  Thanks

  Thanks for the reply.
  Actually I am looking for Enterprise Deployment Guide for Oracle Identity Management for 11.1.15(similar like E12035-06).I am not able to find same in the link provided.
  Thanks

• Regarding Deployment Manager in Oracle Identity Manager

  Hi All,
  i am using Oracle Identity Manager 9.0.3 over JBOSS 4.0.2 and bake end sqlserver 2000 SP3a.when i am going to deploy connector for Oracle Apps and using import under depolyment manager it throwing error. stack trace as fallows
  com.thortech.xl.ddm.exception.DDMException: No previewed file
       at com.thortech.xl.ejb.beansimpl.tcImportOperationsBean.addLastPreviewedFilePrivate(Unknown Source)
       at com.thortech.xl.ejb.beansimpl.tcImportOperationsBean.addLastPreviewedFile(Unknown Source)
       at com.thortech.xl.ejb.beans.tcImportOperationsSession.addLastPreviewedFile(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.invocation.Invocation.performCall(Invocation.java:345)
       at org.jboss.ejb.StatefulSessionContainer$ContainerInterceptor.invoke(StatefulSessionContainer.java:584)
       at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:139)
       at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:185)
       at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invoke(StatefulSessionInstanceInterceptor.java:297)
       at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:48)
       at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:105)
       at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:335)
       at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:166)
       at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:192)
       at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
       at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
       at org.jboss.ejb.Container.invoke(Container.java:873)
       at sun.reflect.GeneratedMethodAccessor114.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
       at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:155)
       at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:104)
       at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:179)
       at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:165)
       at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
       at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
       at org.jboss.proxy.ejb.StatefulSessionInterceptor.invoke(StatefulSessionInterceptor.java:106)
       at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:86)
       at $Proxy798.addLastPreviewedFile(Unknown Source)
       at Thor.API.Operations.tcImportOperationsClient.addLastPreviewedFile(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
       at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
       at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
       at $Proxy990.addLastPreviewedFile(Unknown Source)
       at com.thortech.xl.webclient.actions.LoadDeploymentUtilityAction.displayImportSubstitution(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
       at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
       at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
       at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
       at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
       at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
       at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
       at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
       at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463)
       at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
       at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
       at com.nexaweb.server.servlet.NexawebRequestDispatcher.doClientRequest(NexawebRequestDispatcher.java:346)
       at com.nexaweb.server.servlet.NexawebRequestDispatcher.forwardClientRequest(NexawebRequestDispatcher.java:114)
       at com.nexaweb.server.servlet.JspProcessor.processRequest(JspProcessor.java:137)
       at com.nexaweb.server.servlet.RequestProcessor.dispatchRequest(RequestProcessor.java:463)
       at com.nexaweb.server.servlet.RequestProcessor.processClientEvent(RequestProcessor.java:710)
       at com.nexaweb.server.services.protocol.NexawebProtocolHandler.handleProcessEventCommand(NexawebProtocolHandler.java:956)
       at com.nexaweb.server.services.protocol.NexawebProtocolHandler.dispatchCommand(NexawebProtocolHandler.java:125)
       at com.nexaweb.server.NexawebServer.doService(NexawebServer.java:420)
       at com.nexaweb.server.NexawebServer.doGet(NexawebServer.java:335)
       at com.nexaweb.server.admin.ServerAdmin.callNexawebServer(ServerAdmin.java:378)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at com.nexaweb.loader.xMethodInvoker.runInThread(xMethodInvoker.java:69)
       at com.nexaweb.server.api.admin.ServerAdminProxy.callNexawebServer(ServerAdminProxy.java:551)
       at com.nexaweb.redirect.RedirectServlet.doGet(RedirectServlet.java:18)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
       at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:153)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
       at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
       at java.lang.Thread.run(Thread.java:534)

  Check here:
  http://www.oracle.com/technology/software/products/ias/files/idm_certification_101401.html#SEC27
  *11gR1 (11.1.0.6 and higher)      Database RAC      for 9.1.0.1*

• How to deploy fmx to Oracle AS

  Good afternoon, I need help !!
  I created a program using form 10g, and tested it using OC4J (startinst.bat ).
  After I got .fmx, the next step I want to deploy it using oracle Application Server 10g, but I don't know how to do it ?
  I tried to find the document about deployment at form "online help", but It did not say anything, and I read the document in Oracle AS they never said about .FMX !!!
  If somebody can help what the step to deploy form and report to the web or what document should I read for very very beginner.
  Thank you very much guru.
  Regards,

  Hi ,
  It's very simple..!!!!
  Open the file formsweb.cfg found in [Application_Server_Home]\forms\server.
  Then go to the end of the file where you can named configuration alias for your application....
  For example... assuming that you have a form start.fmx located in D:\OAS_Deployed_Files\First_App
  Then , on your formsweb.cfg you have to set the following:
  [TEST]
  workingDirectory=D:\OAS_Deployed_Files\First_App
  form=D:\OAS_Deployed_Files\First_App
  \start.fmx
  Of course you can in this named configuration TEST other params , such as userid , as well. You can consult your Application Server Documentation for such info....!!!!
  The named configuration can be set also , by using the Application Server Console ...
  After setting any config parameters , you save and close the file formsweb.cfg.
  You restart the forms service and then you write on the web address...
  http://<your oas server name>:<port_number>/forms/frmservlet?config=TEST
  Regards,
  Simon

• Oracle Identity Federation Configuration Clustered mode

  Hi,
  I am facing issue while configuring OIF in clustered HA Mode in Linux env. The steps followed are:
  1. Installed weblogic 10.3.2 and applied patch for 10.3.3 in both host machines
  2. Ran the RCU utility for OIF successfully.
  3. Installed Oracle Identity Management 11.1.1.2.0 by using the Universal Installer and than patch applied for 11.1.1.3 succesfully in both machines
  4. Ran the Configuration script to configure OIF succesfully from Oracle_HOME/bin/ dir from first machine
  5. Ran the pack.sh command to pack the configured domain from machine 1 by using the command
  pack.sh -domain=/MW_HOME/user_projects/domains/OIFDomain/ -template=/opt/oifDomainTemplate.jar -template_name=OIF_Dom1
  6. Ran the unpack script as below in the second host machine:
  unpack.sh -template=/opt/oifDomainTemplate.jar -domain=/MW_HOME/user_projects/domains/OIFDomain
  user_projects dir created successfuly on the second hosts
  7. Now ran the config.sh script from Oracle_home/bin/ dir on the second host, selected the "Expand Cluster Configuration", provided the URL,port,username,pwd for host 1.
  On the last screen under Expand cluster configuration, it is failing to start the Managed server. I am getting eeror as below:
  Initializing WebLogic Scripting Tool (WLST) ...
  Welcome to WebLogic Server Administration Scripting Shell
  Type help() for help on available commands
  Error: addTemplate() failed. Do dumpStack() to see details.
  oracle.as.provisioning.util.ConfigException:
  Error Applying template.
  Cause:
  A WLST Error occurred: Problem invoking WLST - Traceback (innermost last):
  File "/tmp/tmp1330940819839.py", line 7, in ?
  File "/tmp/WLSTOfflineIni7777084344564586922.py", line 89, in addTemplate
  at com.oracle.cie.domain.script.jython.CommandExceptionHandler.handleException(CommandExceptionHandler.java:51)
  at com.oracle.cie.domain.script.jython.WLScriptContext.handleException(WLScriptContext.java:1538)
  at com.oracle.cie.domain.script.jython.WLScriptContext.addTemplate(WLScriptContext.java:420)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  com.oracle.cie.domain.script.jython.WLSTException: com.oracle.cie.domain.script.jython.WLSTException: com.oracle.cie.domain.script.ScriptException: com.oracle.cie.domain.ConfigGroupsException: Multiple definitions of server-group JRF-ADMIN-SVR are not allowed
  Action:
  See logs for more details.
  at oracle.as.provisioning.util.ConfigException.createConfigException(ConfigException.java:123)
  at oracle.as.provisioning.weblogic.ASDomain._addTemplate(ASDomain.java:4206)
  at oracle.as.provisioning.weblogic.ASDomain.addTemplate(ASDomain.java:4021)
  at oracle.as.provisioning.engine.WorkFlowExecutor._addTemplates(WorkFlowExecutor.java:1395)
  at oracle.as.provisioning.engine.WorkFlowExecutor.executeWLSWorkFlow(WorkFlowExecutor.java:472)
  at oracle.as.provisioning.engine.Config.executeConfigWorkflow_WLS(Config.java:866)
  at oracle.as.idm.install.config.IdMClusterConfigManager.doExecute(IdMClusterConfigManager.java:827)
  at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:335)
  at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:87)
  at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:104)
  at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
  at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:63)
  at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:158)
  at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
  at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:83)
  at java.lang.Thread.run(Thread.java:619)
  progress in calculate progress11...
  Thanks in Advance.

  Hi iam37,
  Follow this guide: http://docs.oracle.com/cd/E17904_01/core.1111/e12035/oif.htm#BAJGIAAA
  Notice that you run the config.sh script on both OIF hosts and then run the pack.sh and unpack.sh. Be sure to use the pack.sh -managed=true from section 15.5 so that the AdminServer is not packed up and moved to oif host 2.
  Seth

• Interoperability of Shibboleth 2.0 with Oracle Identity Federation (OIF)

  Hi,
  I am in the process of selecting an identity federation product to interact eventually, both as an IdP and a SP, with a "pure Shibboleth" federation. I know the easiest, most obvious solution would be to go with Shibboleth as well, but after a comparative analysis, it seems that OIF would better fit (internally) my needs than Shibboleth, so here comes my question :
  Has anybody successfully made OIF 11g and Shibboleth 2.0 interoperate yet ?
  I work in the higher education vertical, and it would help me a lot to justify the budget for a POC if I'd knew it can be done...
  Cheers,
  Stephane

  Ping Identity is another solution for you to look at if you're going the Shibboleth route. PingFederate and Shibboleth have the ability to interoperate. http://www.pingidentity.com/.

• How to deploy forms on oracle portal

  Hello everybody
  I developed some forms in a client/server mode,recently I installed O9iAS(minimal edition(including HTTPserver and oracle portal)).I would like to use those forms on the internet.Its not very clear to me what I am supposed to do next.Can I install form server on the node which is currently running O9iAS?(portal and HTTP server),is it necessary to do a fresh installation of O9iAS(enterprise edition,which includes form server?).I would also appreciate any help regarding necessary configuration tips.
  Best Rgds
  sabasaba

  your best bet would be to do a full install of Oracle9iAS. This will install the Forms server for you and configure everything. It will save you a lot of configuration probems.

• How to integrate Oracle identity Federation with Oracle Access Manager

  Hi Experts
  I need to integrate OIF(11.1.1.6.0) with OAM(11.1.2). My use case is as follows:
  Things done:
  1) OAM is integrated with an OID (OID1) and OIF is integrated with another OID (OID2)
  2) Able to authenticate the users of OID1 via OAM for my ADF applications.
  Things to be done:
  1) Need to forward the details of unauthenticated user from OAM to my OIF for authentication (i.e., OAM cannot authenticate OID2 users, in such case the details have to be forwarded)
  Looked into so many posts but not done with the integration. Can anyone help me please.. Stuck with this for the last 3 days
  Thanks
  Gopi

  Hi,
  Yes Depot Repair is a module, and you can enable this module if already not enabled using the License Manager. Oracle Depot Module carries the short name CSD.
  In additin to the above, also refer the implementation guide:
  http://docs.oracle.com/cd/B34956_01/current/acrobat/120csdig.pdf
  In order to license a product in Oracle using License Manager, please see following:
  http://myappsdba.com/how-to-license-a-new-product-in-oracle-applications/
  http://www.appsdba.info/docs/oracle_apps/R12/License_Manager.pdf
  Also see:
  How To Use OAM To License JA (Asia/Pacific Localizations), JE (European Localizations), JG (Regional Localizations) and JL (Latin-American Localizations) in Oracle Applications ? (Doc ID 351900.1)
  Thanks &
  Best Regards,

• E-Business Suite Integration with Oracle Identity Federation for SAML

  Has anyone developed a way to use OIF for e-Business Suite authentication through SAML rather than using the standard Identity Management stack of apps?
  Today we have Oracle e-Business Suite 115.10.2 using OSSO through OID with WNA for zero sign-on (no login, just pass-through, based on AD credentials). Our domain controllers are Windows 2003 but we are in the process of upgrading them to Windows 2008 R2, where the OSSO stack is not supported unless we globally set the 2008 R2 domain controllers to use DES encryption instead of the default AES encryption. (See Oracle note 1076018.1)
  When deploying OSSO, we encountered a similar issue with Windows 7 workstations would not work with OSSO unless we set the workstation policy not to use AES encryption. (See Oracle note 973190.1)
  We are not inclined to continue to use DES encryption and we have obstacles moving to 11g iDM/OAM/OID from OSSO. I am exploring the possibility continuing to keep one 2003 domain controller in production, and pointing OSSO to that, until we can move to the 11g iDM stack.
  Meanwhile, we have ongoing frustration with how complicated SSO is with the e-Business Suite. Sure, it works, once you climb the mountain to set it up, and we don't have that many issues in production. But the implementation of SSO for e-Business Suite is simply complex. The trip from the workstation back to an EBS session is operationally somewhat brittle. I guess some of us relish complexity. Certainly there is pride in understanding something like this. But, after a while, when the trickle of tickets from the Help Desk never completely dries up, you get tired of complexity and you seek something simpler.
  So, instead of this path:
  Workstation > EBS > OID > AD / Kerberos > Workstation
  (and I didn't even mention F5 switch with reverse proxy servers ...)
  Why can't we have this?
  Workstation with certificate > OIF with SAML > EBS session.
  Has anyone done that?
  Thank you for your help.

  Hello JJ,
  We are facing the same issue. Oracle has recommanded us to install
  HTML-DB on the same database as our Apps 11i.
  What we still have to figure out is whether is use APPS schema for the
  HTML-DB workspaces, or use a different schema.
  How is it configured at your site?
  Moshe

• How to deploy Portal from Development server to Production server ?

  Hi all,
  I am new to OAS Portal. I have a question :
  I am developing the portal in development server, if I want to deploy it into production server, how can I do that ?
  Is there any docs on this ?
  Thank you very much,
  xtanto

  Assuming you are working with Portal 10.1.4, please see the following link for this documentation. It would also help in better planning for your deployment scenarios if you can briefly skim over the two chapters before the one in this link, specially to see what would be your options to lay it out on multiple environments.
  http://download.oracle.com/docs/cd/B14099_19/core.1012/b13995/testprod.htm
  thanks,
  AMN