How to manage security on Fusion Applications webclient

Hello,
I have build a Fusion Applications Webclient based on a Java Proxy generated from WSDL. I have successfully deployed & running this project on my local Weblogic server.
The project provides an additional custom use-case. (To extend the functionality of Fusion Applications)
In the future we would prefer to deploy such "Fusion-Extensions" on the "Oracle Public Cloud".
In order to authenticate to Fusion, the server side public certificate must be acquired and added as a trusted cert entry to a keystore used by the client.
This keystore stores a reference to the Fusion public certificate and uses the alias "orakey". The Fusion public certificate is obtained from any Fusion Application object WSDL.
The certificate send by the server and is part of the WSDL:
<dsig:X509Certificate>MIICCzC...</dsig:X509Certificate>
If i want to call the service from a simple Java Class my "main" method looks like this:
public static void main(String [] args)
SecurityPolicyFeature[] securityFeature = new SecurityPolicyFeature[] { new SecurityPolicyFeature("oracle/wss11_username_token_with_message_protection_client_policy") };
salesPartyService_Service = new SalesPartyService_Service();
SalesPartyService salesPartyService = salesPartyService_Service.getSalesPartyServiceSoapHttpPort(securityFeature);
// Get the request context to set the outgoing addressing properties
WSBindingProvider wsbp = (WSBindingProvider)salesPartyService;
WSEndpointReference replyTo =
new WSEndpointReference("https://xxxxxxxx.oracleoutsourcing.com:443/crmCommonSalesParties/SalesPartyService", WS_ADDR_VER);
String uuid = "uuid:" + UUID.randomUUID();
BindingProvider bp = (BindingProvider)salesPartyService;
bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://xxxxxxxxx.oracleoutsourcing.com:443/crmCommonSalesParties/SalesPartyService");
//wsbp.setOutboundHeaders( new StringHeader(WS_ADDR_VER.messageIDTag, uuid), replyTo.createHeader(WS_ADDR_VER.replyToTag));
// Add Security Headers below if any Authentication is required.
wsbp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, "login");
wsbp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY, "password");
// Add your code to call the desired methods.
// Provide the location of your keystore(.jks file)
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "c:/keystore.jks");
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "password" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );
// Add your code to call the desired methods.
FindCriteria findCriteria = new FindCriteria();
findCriteria.setFetchSize(10);
findCriteria.setFetchStart(0);
try{
List<SalesParty> sl = salesPartyService.findSalesParty(findCriteria,null);
System.out.println("salesparty number:"+sl.get(0).getPartyId());
} catch (Exception e){
e.printStackTrace();
Q: My first question is how to reference the keystore, if the project is deployed in the oracle public cloud:
// Provide the location of your keystore(.jks file)
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "c:/keystore.jks");
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "password" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );
Furthermore i had to setup security on my weblogic server:
Go to “C:\Users\tr_te\AppData\Roaming\JDeveloper\system11.1.1.6.38.62.29\DefaultDomain\bin”
Open setDomainEnv.cmd in Text-Editor.
Add the following lines to the JVM Properties:
set EXTRA_JAVA_PROPERTIES=-Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.allowSmallRSAExponent=true %EXTRA_JAVA_PROPERTIES%
set EXTRA_JAVA_PROPERTIES=-Djavax.net.ssl.trustStore=C:\owsm_test.jks -Djavax.net.ssl.trustStorePassword=welcome1 %EXTRA_JAVA_PROPERTIES%
configuration explained in more detail:
Dweblogic.security.SSL.allowSmallRSAExponent => because the used certificates of Fusion are lower than 2048
Dweblogic.security.SSL.ignoreHostnameVerification => because the subdomain before oracleoutsourcing.com (https://subdomain.oracleoutsourcing.com)
Djavax.net.ssl.trustStore => to setup the same keystore in the weblogic server
Q: how to deal with this challenge in the oracle public cloud?
I tried to deploy the project but its "failed" every time.
Here are some deployment logs:
https://dl.dropbox.com/u/13344648/log/Deploy%20Application_146483_deploy.txt
https://dl.dropbox.com/u/13344648/log/Deploy%20Application_146483_virus-scan.txt
https://dl.dropbox.com/u/13344648/log/Deploy%20Application_146483_whitelist.txt
regards
Tristan

I have met same problem and I make SR, the support said that there is no support for trial cloud account.
I think Oracle Public Cloud not yet ready to dive into market.
anyway, I would like to explain something I've found.
1. any java web services proxy, which is generated by JDeveloper will fail to get the wsdl because the service client use "new File(".").toURL();" but Public cloud does not allow any file system access.
2. I would like to see weblogic diagnostics log as well as server log but Support said that when I would like to see diagnostics log, I should register SR. How to develope application using cloud?
3. Oracle Fusion Middleware Security Guide said that Oracle WebLogic Server only use jps-config.xml in <DOMAIN_HOME>/config/fmwconfig and the jps-config.xml said that it uses default-keystore.jks in the same directory by default. and the jps-config.xml is not application specific but weblogic server common. we cannot override that.
So, I think even though you set -Djavax.security.ssl.keystore and trustedKeystore, that does not affect in weblogic. weblogic uses jps-config.xml.
Security guide said that we can import server certificate or chained certificate using EM console but Oracle Public Cloud does not open this menu including EM.

Similar Messages

  • How can i secure the mail application against my friends

    Hi, how can i secure the mail application against my friends, when they use the ipad for surfing ?
    I want to block the mailapplication with the number code, the ipad already provides for some app´s, but for mail, it doesnt work :-(

    thank you for the answer, i cant understand, why apple wont make this possible for the build in apps. For some it is working (Safari, Appstore, etc.... ) but for mail not. Why ?  This cant be a technical problem.....
    how solve other people this problem, when their ipad is walking around the table for surfing ?

  • Manage security for a report that lives in multiple folders

    Post Author: EricE
    CA Forum: General
    I am using Crystal Enterprise 10.  (we are about to upgrade to BO XI if
    it matters in the answer)
    As we consider the migration to XI we are thinking about problems with our
    existing system that we have never solved adequately.
    The problem is how to manage
    security of a given report that shows up in multiple places in the tree.
    Example:
    I have a report lives in the Sales folder but also needs to be in a folder at
    the same level called Marketing.
    I want the report to
    exist only once so that if I update it, it gets updated both places.
    To solve that I could put the real report in a folder called u201Call reportsu201D and
    then create short cuts to it in both of the other folders.
    The problem with that method is that
    the users who have rights to the u201CSalesu201D folder donu2019t get rights to the
    shortcut (because the rights don't seem to work on shortcuts).  The rights
    would have to be granted to the real report objectu2026which quickly becomes a mess
    trying to manage rights to each individual report object.
    So I want to manage rights/security
    at the folder level but I also want a given report to live in more than one
    location (but have one real report object) and have its rights administered by the folder it is in.
    Is there any way to do that?

    Post Author: EricE
    CA Forum: General
    yangster:When you set permissions at the folder level all reports within the folder and any subfolder that exist should inherit the parent folders rights.So putting in your report into the sales folder and creating a shortcut to the marketing folder should be fine as long as you have not set any specific right on the actual report itself.Please clarify per my post above this one.  I tried doing exactly what you said to do.  What happened is that the user could SEE the report but could not execute it. User had "view on demand" rights to the folder via a group.  

  • ADF Security to J2EE Container Managed Security Problems

    Hi al!
    I had ADF security enabled in my application. I've added roles and users to embedded OC4J Server Preferences..., configured authorization using pageDefs... (following the Introduction to ADF Security in JDeveloper 10.1.3.2 howto).
    For the sake of friendlier user and roles management I decided to go to 2EE Container Managed Security (I want application manager in production environment to be able to manage users in only one place, not in DB table and extra for web app). I followed Frank Nimphius's Database Authentication and Authorization in J2EE Container Managed Security article.
    Now I have some problems. I removed users and roles from embedded OC4J Server Preferences... (I believe this are used only for ADF security, am I right?). I can log to application with admin user account (app index page doesn't have any binds and even pageDef), but when trying to access admin pages I get 401 Unauthorized page.
    What am I doing wrong, probably I've forgotten something? I'm a bit confused now with users and roles settings and ADF and container managed security.
    Part of my web.xml file:
    <servlet>
    <servlet-name>adfAuthentication</servlet-name>
    <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
    <init-param>
    <param-name>success_url</param-name>
    <param-value>/faces/app/index.jspx</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>adfAuthentication</servlet-name>
    <url-pattern>/adfAuthentication/*</url-pattern>
    </servlet-mapping>
    <security-role>
    <description>Admins</description>
    <role-name>admin_role</role-name>
    </security-role>
    <security-role>
    <description>Users</description>
    <role-name>user_role</role-name>
    </security-role>
    <security-role>
    <role-name>oc4j-administrators</role-name>
    </security-role>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>AllAdmins</web-resource-name>
    <url-pattern>faces/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>admin_role</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>AllUsers</web-resource-name>
    <url-pattern>faces/app/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>user_role</role-name>
    <role-name>admin_role</role-name>
    </auth-constraint>
    </security-constraint>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>adfAuthentication</web-resource-name>
    <url-pattern>/adfAuthentication</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>oc4j-administrators</role-name>
    <role-name>user_role</role-name>
    <role-name>admin_role</role-name>
    </auth-constraint>
    </security-constraint>
    Do I have to remove this adfAuthentication tags?
    I know I've made things a bit complicated for me now and for anyone to help, but I hope I will get at least some pointers what to do now and maybe some explanation about roles in container managed security? Is it enaugh to have security constraints and roles defined in web.xml file or they have to be defined somewhere else also (beside the database)?
    Thank you in advance!
    Bye
    PS
    Maybe stack trace after login:
    FINE: LoginConfigProvider.ctr: lmm=[LoginModuleManager: jznCfg=[JAZNConfig null], appConfigEntries={oracle.security.jazn.oc4j.CertificateAuthenticator=[javax.security.auth.login.AppConfigurationEntry@3625d0], oracle.security.jazn.tools.Admintool=[javax.security.auth.login.AppConfigurationEntry@eca6e7], oracle.security.jazn.oc4j.WebCoreIDSSOAuthenticator=[javax.security.auth.login.AppConfigurationEntry@c1c7c4], oracle.security.jazn.oc4j.DigestAuthenticator=[javax.security.auth.login.AppConfigurationEntry@221f81], oracle.security.wss.jaas.SAMLAuthManager=[javax.security.auth.login.AppConfigurationEntry@426e05], oracle.security.jazn.oc4j.JAZNUserManager=[javax.security.auth.login.AppConfigurationEntry@145240a], current-workspace-app=[javax.security.auth.login.AppConfigurationEntry@4120aa], oracle.security.wss.jaas.JAASAuthManager=[javax.security.auth.login.AppConfigurationEntry@1c78f98]}]
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option data_source_name = jdbc/TESTDbDS
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option table = APPLICATION_USER
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option groupMembershipTableName = APPLICATION_ROLE
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option usernameField = USR_EMAIL
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option passwordField = USR_PSW
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option groupMembershipGroupFieldName = ROLE_NAME
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option user_pk_column = USR_EMAIL
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option roles_fk_column = USR_EMAIL
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option pw_encoding_class = null
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option realm_column = null
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option application_realm = null
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule initialize
    FINE: [DBTableOraDataSourceLoginModule] option casing = toupper
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]login called on DBTableLoginModule
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Calling callbackhandler ...
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Username returned by callback = admin
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Username changed to case as defined by toupper to ADMIN
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User query string: select USR_EMAIL,USR_PSW from APPLICATION_USER where USR_EMAIL= (?)
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User primary key value found = ADMIN
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]Password encoded by: oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]User ADMIN authenticated successfully
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]Roles query string: select ROLE_NAME from APPLICATION_ROLE where USR_EMAIL= (?)
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]DBUser Principal Name: ADMIN
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule performDbAuthentication
    FINE: [DBTableOraDataSourceLoginModule]DBRole Principal Name: admin_role
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule login
    FINE: [DBTableOraDataSourceLoginModule]Logon Successful = true
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Subject contains 0 Principals before auth
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Local LM commit succeeded
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Subject contains 2 Principals after auth
    24.8.2007 10:17:19 oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule commit
    FINE: [DBTableOraDataSourceLoginModule]Cleaning internal state!

    Hi there!
    I have another question about this. I've modified a bit DBRolePrincipal class to see what's going on. At the beginning of the equals(Object another) method I added this lines:
    log("method equals start",0);
    log("another type = " + another.getClass(), 0);
    if (another instanceof Principal)
    Principal mine = (Principal)another;
    log("Principal mine.getName() = " + mine.getName(), 0);
    The result is this output (after navigating to page that gives 401 forbidden):
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.security.jazn.oc4j.JAZNUserAdaptor
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = admin_user
    07/10/12 08:38:36 [DBRolePrincipal] method equals start
    07/10/12 08:38:36 [DBRolePrincipal] another type = class oracle.adf.share.security.authentication.ADFRolePrincipal
    07/10/12 08:38:36 [DBRolePrincipal] Principal mine.getName() = anyone
    Why is the name of ADFRolePrincipal always anyone? When I sign in with this user the output says:
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User query string: select USERNAME,PASSWORD from ACTIVE_APP_USER_V where USERNAME= (?)
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User primary key value found = admin_user
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Password encoded by: oracle.sample.dbloginmodule.util.DBLoginModuleCearTextEncoder
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] User admin_user authenticated successfully
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Roles query string: select ROLE_NAME from ACTIVE_APP_ROLE_V where USERNAME= (?)
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBRole Principal Name: admin_role
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] DBUser Principal Name: admin_user
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Logon Successful = true
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 0 Principals before auth
    07/10/12 08:46:09 [DBUserPrincipal] method equals start
    07/10/12 08:46:09 [DBUserPrincipal] another type = class oracle.sample.dbloginmodule.principals.DBRolePrincipal
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Local LM commit succeeded
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Subject contains 2 Principals after auth
    07/10/12 08:46:09 [DBTableOraDatasourceLoginModule] Cleaning internal state!
    Frank, if you haven't given up on this issue yet could you please try to explain this to me? Why doesn't admin_role principal never get compared in [equals[/i] method?
    Thank you!
    BB

  • Hardware requirement for Fusion Applications HCM installation

    Hi Team,
    I want to install fusion applications for HCM.
    Can any one suggest the minimum hardware requirement for installation.
    Please help me with any documents.
    Thanks,
    Chandra

    Dear Chandra,
    Please note that Fusion Applications installation involves following components.
    1. Oracle Identity and Access Management components (Middleware infrastructure)
    2. Oracle Database for IDM
    3. Oracle Database for Fusion Apps
    4. Fusion Applications Domains (includes Admin and managed servers for Fusion Applications)
    I have posted a guide on installing Fusion applications on 2 node setup and if you have sufficient hardware to host 2 VMs then it can be done on single server as well.
    http://www.oratraining.com/blog/2013/03/oracle-fusion-applications-installation-step-by-step-guide-11-1-6/
    This will explain the 2 node architecture which I have prepared.
    http://www.oratraining.com/blog/2013/03/fusion-applications-architecture-for-2-node-setup/
    The minimum memory requirement changes if you select more products since in Fusion apps each products have their own domain and if you select more products then there will be more application managed servers (even if you don't select a product family, it will still create some managed weblogic servers based on dependency with selected products)
    The minimum memory requirement to host IDM and consolidated DB in 1 node is 10-12 GB
    The minimum memory requirement to host Fusion Applications domains on 2nd node is 64 GB (for 1 product family, for all products selected then 128 GB)
    Please note that these are "minimum" requirements based on my experience, not as per the documents since what we are talking about is installing for "learning", not for production, where you will host various components in separate nodes.
    Thanks
    Tushar
    www.oratraining.com

  • Manage Bookmarks on Preview application

    Hi there,
    does anybody know, how to manage bookmarks on preview application?
    I want to group my bookmarks in different folders or how can I highlight pages or sth. like this?

    ideato, thank you for your reply. perhaps I am missing it, but I cannot find anything in these articles about how to create bookmark folders on Firefox/Android, not how to move bookmarks between folders. I can see how to sync bookmarks to desktop, organize them into folders on desktop, and then sync the folders back to phone. I am hoping for something that can be done just on the phone.

  • How to deploy a secured ADF 11g application to WebLogic 10.3 server?

    Hi,
    I have just enabled security in our ADF 11g application, as descripbed in [chapter 29|http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/adding_security.htm#insertedID0] of the Fusion Developer's Guide. It works fine in the embedded WebLogic server of JDeveloper.
    Now I'm trying to deploy to our WebLogic 10.3 server, which runs in production mode. I'm running into all sorts of problems. The WebLogic console seems to have hundreds of security related pages, I don't know which one I should use, let alone how to use it. The Fusion Developer's Guide doesn't cover deployment to a production server:
    >
    When the target server is configured for production mode, you typically handle the migration task outside of JDeveloper using tools like Oracle Enterprise Manager. For details about using tools outside of JDeveloper to migrate the policy store to the domain-level in a production environment, see the [Oracle Fusion Middleware Security Guide|http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/toc.htm].
    >
    However, this guide is of very little help to me. I found [chapter 7|http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/addlsecfea.htm#insertedID0], which says "The recommended tool is Fusion Middleware Control." I have no idea what "Fusion Middleware Control" is, where to get it and how to use it.
    Long story short: I'm totally lost. I'm looking for a step by step guide on how to deploy a secured ADF 11g application to a WegLogic 10.3 server that is running in production mode. Any help is highly appreciated.

    Ok, I found a [very helpful blog post |http://andrejusb.blogspot.com/2009/01/practical-adf-security-deployment-on.html] by [Andrejus Baranovski|http://www.blogger.com/profile/04468230464412457426]. I wish Oracle's documentation was as clear as this...
    The blog post refers to an article by Steve Muench, called [Simplified ADF 11g Application Credential and Policy Migration to Standalone WebLogic Servers|http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html]. This article presents an Ant script that migrates policies from JDeveloper to WebLogic, using some PFM. (See the last definition here.)
    The problem is that Steve Muench's script assumes that JDeveloper and the standalone WebLogic are on the same machine. However, in a typical environment, such as the one I'm working in currently, this is not the case. In our case the developer stations are Windows machines, while our WebLogic server runs on a HP-UX machine. So the question is: how to perform this migration between two machines with different operating systems?
    Regards,
    Bart Kummel

  • When accessing the any tasks from Fusion Applications homepage, "An error was received for the task Manage Worker Goal Setting Lookups. This task is identified with the code HRG_MANAGE_WORKER_GOAL_SETTING_LOOKUPS that invokes program /WEB-INF/oracle/apps/

    We have installed HCM and CRM modules on Fusion Application 11.1.7 version.
    This is 2 node architecture ie IDM components installed in one node and Fusion components installed in another node.
    We are able to start the IDM components and Fusion components successfully, but when users are trying to access any task from Fusion application home page, they are getting the below error
    A portlet consumer error was received for the task Manage Worker Goal Setting Lookups. Report the error details to the following owning product Goal Management.
    An error was received for the task Manage Worker Goal Setting Lookups. This task is identified with the code HRG_MANAGE_WORKER_GOAL_SETTING_LOOKUPS that invokes program /WEB-INF/oracle/apps/fnd/applcore/lookups/publicUi/flow/ManageCommonLookupsTF.xml#ManageCommonLookupsTF of module code fndSetup. Review the consumer and producer logs for more details on this error.

    This may be related to the other issue regarding "FUSION_APPS_WSM_APPID-KEY" as the logs contains exceptions like:
    oracle.wsm.policymanager.PolicyManagerException: WSM-02081 : Failed to login to perform requested action.
    Please refer to document Fusion Application Service Account Password Expiration Causes Portlet Producer Errors (1486388.1) for steps on how to verify and set the password. There is also exception:
    javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User FUSION_APPS_PROV_PATCH_APPID denied
    This is also likely caused by an expired password, please see Fusion Apps Servers Are Not Starting Up - Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired (1629927.1).
    Jani Rautiainen
    Fusion Applications Developer Relations
    https://blogs.oracle.com/fadevrel/

  • How to start of with Oracle HCM fusion applications to gain good grasp on the technology

    I have been working in Siebel for a long time and I am currently moving to Oracle Fusion HCM application.I would like to know the best way to start up with it and I would also like to know the possible way to go about it so that having 7years of experience I can justify my knowledge in this technology and skill.Could anyone please guide me as to how to go about it.What are the things i should start from and how should i go about it,what forums to follow,what online tutorials to look at.
    Thanks and Regards

    Hi.
    There are loads of resources out there, but with so many it can be hard to know where to begin. Obviously we cover just Customization-Integration related areas not the whole stack. I don't have anything specific to your Siebel background, however hopefully these "top pick" recommendations will help you. My personal advice is to pick one topic or technical component at a time, because trying to learn everything at once quickly becomes overwhelming.
    1) Chapter 2 of my book, now a few years old, gives a Technical Overview of the stack. Get it for free here: http://www.oracle.com/technetwork/articles/managing-fusion-apps-418611.pdf
    2) Oracle Learning Library is a good resource for demos and well-crafted content on many topics. Use the search to find Fusion Apps content: https://apexapps.oracle.com/pls/apex/f?p=44785:2:0::NO:::
    3) Whilst it might seem predictable, our online help is the intended content for getting started. This was overhauled recently and the new layout really helps. Both the product docs and the help portal content is very well written by our experts. Getting Started with Oracle Fusion Applications Lifecycle Management Release 9
    4) The MyOracleSupport site has quite a few bits of content on technology component usage inside Fusion Apps. Look for the "Information Centers" for applications technology or BI for example where you'll find lost of top content listed by category.
    I am also working on some "resource roadmaps" - a tool to give people to all key resources for a topic in a quick and visual way. Keep an eye on our blog for more here.
    Kind regards
    Richard
    FA Developer Relations.

  • In RSA Authentication Manager 7.1, how create multiple security domains

    Hi,
    RSA Authentication Manager 7.1 in configured with LDAP(Sun java system directory server); how create multiple security domains 7.1, is this security domains is releted to LDAP?
    thanks

    I think what you need to do is create an identity sequence with RSA as the selection in
    Authentication and Attribute Retrieval Search List and AD in Additional Attribute Retrieval Search List. Then select this sequence as the result in the identity policy for the service

  • How to manage large database records in enterprise application

    Hi All,
    I am working on a large enterprise application relating to Capital Market. I am working in Java and with its extended technology. I am facing one critical problem which needs solution from your side. I have a database table which contains approximately more than 5 millions of records, I want to display the records with proper pagination. Here I am using Hibernate for database related stuffs. I am using a query which contains a join query to load the records. After the query the filtered records come to approcimately 80,000. I am unable to make proper pagination, everytime for next or previous set of 10 records I hit the database which is a time consuming affair. I do not know what I will do , should I cache the data for pagination. Everytime I load more than 80,000 records, think that in an web based application, the no of users are 5000, then how to manage. I need core java level solution not in the JSP level. Please help me in this regard.

    After the query the filtered records come to approcimately 80,000. I am unable to
    make proper pagination,Just a thought. If you display 50 per page, that's 1600 pages. Say it takes the user
    15 seconds to read the page: total 400min=6 2/3 hours and probably a bad case of RSI.
    The proper pagination would possibly be no pagination.

  • How do I tell the CC application manager that Lightroom is not installed on my pc?

    Before i got CC i was using Lightroom 5 swedish version for evaluation. I used application manager to install an English version by setting the language to English but language after CC installation of Lightroom is still Swedish. Checking the language settings again after installation it was set to English. Now I uninstalled Lightroom using control panel to remove it completely and my intention was to reinstall it from CC. However, the application manager still claims that Lightroom is installed. How do I get the CC application manager to understand that lightroom is not installed and when I do reinstall it it should be in English?
    Win 7 Home Premium 64-bit PC, CC Version 1.0.2.189

    Hi adogool,
    Please try to perform the steps given in the follwoing article.
    http://helpx.adobe.com/creative-cloud/kb/aam-lists-removed-apps-date.html

  • How to configure security policies like account locking, account expiry in portal application?

    Hi All,
    Can anybody pls tell me how to configure security policies like account locking,
    account expiry in portal application? By default, it has a 30 minutes lock period
    after 5 retries. But if I want to set other values or want to unlock account of
    a user, then what to do ?
    TIA,
    Sudarson

    I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
    The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
    on a URL that looks like this :
    http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
    and gives the error :
    ( Forbidden
    You don't have permisission to access /sso/auth on this server at port 7777)
    when I manually change the URL to :
    https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
    the SSO works correctly.
    The question is :
    How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
    Any ideas ?
    Thanks in advance

  • How to provide security to application

    Hai to ALL
    Can any one suggest me for Securites in BPC Application
    How to provide security to application in user, Admin levels,
    what are the privelliages to user, admin
    Cheers
    SRM

    Hi,
    When you talk about application level security, it is nothing but member access profile. This profile determines, whether you will have the authorization to post a value / read a value from a particular member of the dimension or not.
    Hope this helps.

  • I recently purchased the newest nano. I have 3 other nano's and iPad   iPhone, oh and iPod touch. When I plug in nano to my mac I get the message "iPod cannot update because it contains files that are used by another application. How can manage this?

    I recently purchased the newest nano. I have 3 other nano's and iPad   iPhone, oh and iPod touch. When I plug in nano to my mac I get the message "iPod cannot update because it contains files that are used by another application. How can manage this?

    dedonred wrote:
    "iPod cannot update because it contains files that are used by another application.
    It means that nano was used on a third-party software or synced from different computer to sync music. Does that nano show in iTunes? If yes, then restore completely. If not, then you may need to head to Apple Store and see what they can do.

Maybe you are looking for