Identity Management: OID & OVD Monitor

Hi All,
We currently had OEM and I am trying get more details of what else I need in order to monitor OID, OVD and SSO. Do I need REUI or OEM is enough? Can someone please give me more details or point me to some documentations so I can check them out?
Thanks,

You probably need the Management Pack for OEM http://www.oracle.com/technology/products/oem/pdf/ds_iam_pack.pdf . I think the answer would depend on the type of monitoring and versions of software. 10g and 11g are very different, both OEM and IDM.

Similar Messages

Crawled the UCM through SES but unable to search on Search screen. I have to use OID as identity management. How to configure SES for this??

I have crawled the UCM through SES, but when I try to search on the Search screen nothing is searched.
followed the following document - http://www.oracle.com/technetwork/search/oses/stellent-white-paper-178229.pdf
But at the end I need to configure the identity management for OID not for Content Server. I have activated the OID plug-in in SES, but nothing is searched in both the foloowing cases:
1) When I login with a OID user
2) When i do not login, even the public data is not displayed.
What could be the problem??

Thanks for the reply. Authorization was use source ACL, and I tried logging in as every user that had access to the content and could not bring up anything.
However, this is no longer an issue as we are not going to be using this content database. We are going to be using the new Beehive collaboration instead. I don't know if there will be a different plugin for SES or what, but it should be interesting.
Jennifer

Is OID available in Oracle identity management 11g R2

Is OID available in Oracle identity management 11g R2

OID is not yet available in 11gR2.
As you can see in the list below, ODSEE and OUD are the only directories currently available in 11gR2.
Here is the list of products in Oracle Identity Management 11g R2
Oracle WebLogic Server 11gR1 (10.3.6) and Coherence
Oracle Access Manager Access SDK 11.1.2.0.0
Oracle Entitlements Server Security Module 11g (11.1.2.0.0)
Oracle Access Manager WebGates 11.1.2.0.0
Oracle Business Intelligence 11g (11.1.1.5.0)
Oracle Fusion Middleware Repository Creation Utility 11g (11.1.2.0.0)
Oracle Identity and Access Management 11g (11.1.2.0.0)
Oracle Directory Server Enterprise Edition 11gR1 Patch Set 1 (11.1.1.5.0)
Oracle Identity Management 11g Patch Set 5 (11.1.1.6.0)
Oracle SOA Suite 11g Patch Set 5 (11.1.1.6.0)
Oracle Fusion Middleware Repository Creation Utility 11g (11.1.1.6.0)
Oracle Unified Directory 11g (11.1.2.0.0)
Oracle Fusion Middleware Identity Management Documentation Library 11g Release 2 (11.1.2.0.0)
Oracle Coherence for C++ Version 3.7.1
Oracle Coherence Version 3.7.1
Oracle OpenSSO Fedlet version 11.1.1.3.0

Confusion with a current state of Oracle Identity Management

I would like to know if anyone has successfully implemented the complete suite of IdM. If yes, please share this experience. I want to clarify the definition of "successful integration". It should include the following:
- SSO for Partner applications
- SSO for External (third parties) applications
- Provisioning and Synchronization
- Delegated Administration
- WNA with Kerberos
- SAML implementation (optional)
I would appreciate all answers on this subject

To restart from your initial question, it's quite strange because the components you mention are all included in the AS10g Enterprise Edition or in AS10g Portal, and are perfectly integrated. I know numerous customers which use Oracle Portal, for instance, and leverage on SSO (patner or external), Delegated Administration (DAS) , Synchro with AD server and Windows native authentication, without a single line of specific code. Provisioning is done automatically by DIP in the case of Portal with AD, as well, or with a Human resource system. Even the password synchro can be made betwwen AD and OID (Oracle LDAP)
Now, it's a sligthy different discussion if we consider the recent acquisitions made by Oracle, and which are sold in the so call : Oracle Identity management 10g.
OAM (previously Oblix) is a more ambitious product that Oracle SSO.
OIM (provisioning and identity management) is far more sophisticated than Oracle DIP.
The goal, for Oracle, is to unify the workflow engine and the Human interface (with ADF). This task is probably on the rails for the next year.
OVD (previously OctetSting) is an architectural component which allow virtualisation of LDAP server.
About Federation, OIF allow all existing Oracle Portal customer (using SSO) to rely on SAML tokens in order to trust partners site.
So, in my opinion, acquisitions oblige to make a substantial effort to unify human interface and make arbitration between some concepts, but it's within the Oracle means.

Configuring Identity Management Components - Error in starting opmn server

Hello,
I have a VM, which is being administered by VMware Lab Manager. The VM is running RHEL 5.1, and has an Oracle 11g database installed.
I am in the process of trying to install and configure Oracle Internet Directory 11g. To do this, I ran the Oracle Fusion Middleware 11g Oracle Identity Management Installer. I selected the "Install Software - Do Not Configure" installation type, and chose to "Configure without a Domain" in order to avoid having to install and administer a WebLogic domain. I set "/data1/u01/app/oracle/product/11.1.1" as the Oracle Middleware Home, and "Oracle_IDM1" as the Oracle Home Directory. (To simplify things below, let ORACLE_IDM_HOME refer to the /data1/u01/app/oracle/product/11.1.1/Oracle_IDM1" directory... understand that no environment variable exists with this name though.) The installation routine ran successfully.
But, I ran into a problem while trying to configure the Oracle Identity Management 11g components. I ran the Oracle Identity Management 11g Release 1 Configuration Wizard (ORACLE_IDM_HOME/bin/config.sh). Here are some of the key configuration values that I entered:
- Oracle Instance Location: /data1/u01/config/oracle/as_admin/asinst_1
- Oracle Instance Name: asinst_1
- Select Domain: Configure without a Domain
- Configure Components: Oracle Internet Directory
- Configure Ports: Auto Port Configuration
- Specify Schema Database: Create Schema
After entering my configuration values and hitting the Configure button, the configuration process started running. Shortly thereafter, under Bootstrap Domain Configuration, "Failed" appeared next to the "Create ASInstance" line, with the following error listed:
{code}
Error creating ASInstance asinst_1
Cause: An internal operation has failed: Error in starting opmn server
Operation aborted because of a system call failure or internal error
{code}
In case it would be helpful, here is the output from the error log for the Oracle Identity Management 11g Configuration Wizard:
{code}
oracle.as.provisioning.util.ConfigException:
Error creating ASInstance asinst_1.
Cause:
An internal operation has failed: Error in starting opmn server
Operation aborted because of a system call failure or internal error
Action:
See logs for more details.
at oracle.as.provisioning.util.ConfigException.createConfigException(ConfigException.java:123)
at oracle.as.provisioning.fmwadmin.ASInstanceProv._createInstance(ASInstanceProv.java:306)
at oracle.as.provisioning.fmwadmin.ASInstanceProv.createInstance(ASInstanceProv.java:163)
at
oracle.as.provisioning.fmwadmin.ASInstanceProv.createInstanceAndComponents(ASInstanceProv.java:114)
at
oracle.as.provisioning.engine.WorkFlowExecutor._createASInstancesAndComponents(WorkFlowExecutor.java:533)
at
oracle.as.provisioning.engine.WorkFlowExecutor.executeWLSWorkFlow(WorkFlowExecutor.java:437)
at oracle.as.provisioning.engine.Config.executeConfigWorkflow_WLS(Config.java:870)
at oracle.as.provisioning.engine.Config.executeConfigWorkflow_WLS(Config.java:824)
at oracle.as.idm.install.config.BootstrapConfigManager.doExecute(BootstrapConfigManager.java:1256)
at
oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:335)
at
oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:87)
at
oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:104)
at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
at
oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:63)
at
oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:158)
at
oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
at
oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:82)
at java.lang.Thread.run(Thread.java:619)
Caused by: oracle.as.management.opmn.optic.OpticException: Error in starting opmn server
Operation aborted because of a system call failure or internal error
at oracle.as.management.opmn.optic.OpmnAdmin.executeCommand(OpmnAdmin.java:255)
at oracle.as.management.opmn.optic.OpmnAdmin.startOpmnServer(OpmnAdmin.java:87)
at oracle.as.provisioning.fmwadmin.ASInstanceProv._createInstance(ASInstanceProv.java:251)
... 16 more
{code}
To get more information, I tried to manually start the opmn server (I set ORACLE_INSTANCE to "/data1/u01/config/oracle/as_admin/asinst_1" and then ran "./opmnctl start" from the ORACLE_IDM_HOME/opmn/bin directory). As expected, the server failed to start. But, I checked the opmn.out file (in the ORACLE_INSTANCE/diagnostics/logs/OPMN/opmn directory), and found the following error repeated several times:
{code}
OPMN worker process exited with status 8b. Restarting.
OPMN worker process exited with status 8b. Restarting.
OPMN worker process terminated with signal 11 7 times in 10 seconds -- aborting!
{code}
Does anyone know what this error means? I am at a loss as to what to do at this point, so any help would be greatly appreciated.
Thank you!

h1. UPDATE:
I just needed internet access to download the sysstat and compat-db packages, once installed I disconnected from the internet and re-run the installation, once again, it went fine without problems and opmn and OID are up and running. Also, I enabled the firewall which was disabled during the first installation.
Here is the list of packages needed as pre-requisites:
gcc-4.1.0-28.4, gcc-c++-4.1.0-28-4, setarch-1.6-1, libstdc++-4.1.0, libstdc++-devel-4.1.0, compat-libstdc++-2.96, control-center-2.8.0, glibc-common-2.3.4-2.9, binutils-2.16.91, make-3.80 on top of sysstat-5.0.5-1 and compat-db-4.1.25-9.
There are 3 configuration files for opmn: instance.properties, opmn.xml and ports.prop..... and for OID: component-logs.xml
h2. instance.properties:
#These properties are generally used as default values for arguments not specified on the command line. When an argument is provided on the command line, the corresponding property is overwritten in this file.
#Tue Aug 18 19:58:35 MDT 2009
oracleHome=/home/oracle/bea_default/Oracle_IDM1
registered=falseh2. opmn.xml:
<?xml version = '1.0' encoding = 'UTF-8'?>
<opmn xmlns="http://www.oracle.com/ias-instance">
   <log comp="internal;ons;pm" rotation-size="1500000"/>
   <debug comp="" rotation-size="1500000"/>
   <notification-server interface="any">
      <port local="6700" remote="6701"/>
      <ssl enabled="true" wallet-file="/home/oracle/as_admin/asinst_1/config/OPMN/opmn/wallet"/>
   </notification-server>
   <process-manager>
      <process-modules>
         <module path="$ORACLE_HOME/opmn/lib/libopmnohs">
            <module-id id="OHS2"/>
         </module>
         <module path="$ORACLE_HOME/opmn/lib/libopmncustom">
            <module-id id="CUSTOM"/>
         </module>
         <module path="$ORACLE_HOME/opmn/lib/libopmnoid">
            <module-id id="OID"/>
         </module>
         <module path="$ORACLE_HOME/opmn/lib/libopmnbi">
            <module-id id="BIServer"/>
            <module-id id="BIScheduler"/>
            <module-id id="BIPresentationServices"/>
            <module-id id="BIClusterController"/>
            <module-id id="BIJavaHost"/>
         </module>
         <module path="$ORACLE_HOME/opmn/lib/libopmnovd">
            <module-id id="OVD"/>
         </module>
         <module path="$ORACLE_HOME/opmn/lib/libopmnwc">
            <module-id id="WebCache"/>
            <module-id id="WebCache-admin"/>
         </module>
         <module path="$ORACLE_HOME/opmn/lib/libopmnreports">
            <module-id id="ReportsServices"/>
            <module-id id="ReportsBridgeServices"/>
         </module>
         <module path="$ORACLE_HOME/opmn/lib/libopmndisco">
            <module-id id="Disco_ServicesStatus"/>
            <module-id id="Disco_SessionServer"/>
            <module-id id="Disco_PreferenceServer"/>
         </module>
         <module path="$ORACLE_HOME/opmn/lib/libopmnemagent">
            <module-id id="EMAGENT"/>
         </module>
      </process-modules>
      <ias-instance id="asinst_1" name="asinst_1">
        <environment>
           <variable id="TEMP" value="/tmp"/>
           <variable id="TMP" value="/tmp"/>
        </environment>
      <ias-component id="EMAGENT">
<process-type id="EMAGENT" module-id="EMAGENT">
    <process-set id="EMAGENT" numprocs="1">
      <ping interval="0"/>
    </process-set>
</process-type>
</ias-component><ias-component id="oid1" type="OID">
<process-type id="oidmon" module-id="OID">
    <process-set id="OID" numprocs="1">
      <environment>
        <variable id="TNS_ADMIN" value="/home/oracle/as_admin/asinst_1/config"/>
     <variable id="DB_CONNECT_STR" value="OIDDB"/>
      </environment>
      <module-data>
        <category id="oidmon-parameters">
       <data id="start-cmdline-opts" value="connect=$DB_CONNECT_STR opmnuid=true start"/>
       <data id="stop-cmdline-opts" value="connect=$DB_CONNECT_STR opmnuid=true stop"/>
     </category>
      </module-data>
    </process-set>
</process-type>
<process-type id="oidldapd" status="phantom">
    <process-set id="oidldapd" status="phantom" numprocs="2"/>
</process-type>
</ias-component></ias-instance>
      <rmd-definitions>
         
         <rmd name="AuditLoader" interval="315360000">
             <conditional>
                 ({time}>=00:00)
             </conditional>
             
             
             <action value="exec $ORACLE_HOME/jdk/bin/java -classpath $ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_cert.jar$:$ORACLE_HOME/modules/oracle.osdt_11.1.1/osdt_core.jar$:$ORACLE_HOME/jdbc/lib/ojdbc5.jar$:$ORACLE_HOME/modules/oracle.iau_11.1.1/fmw_audit.jar$:$ORACLE_HOME/modules/oracle.pki_11.1.1/oraclepki.jar -Doracle.home=$ORACLE_HOME -Doracle.instance=$ORACLE_INSTANCE -Dauditloader.jdbcString=jdbc:oracle:thin:@%host%:%port%:%sid% -Dauditloader.username=%username% oracle.security.audit.ajl.loader.StandaloneAuditLoader" timeout="60"/>
             <exception value="exec /bin/echo PERIODICAL CALL FOR Audit Loader FAILED"/>
         </rmd>
      </rmd-definitions>
      <launch-targets>
        <launch-target id="logquery">
          <exec path="$ORACLE_HOME/jdk/bin/java"/>
          <argument value="-classpath"/>
          <argument value="$ORACLE_HOME/modules/oracle.odl_11.1.1/ojdl.jar$:$ORACLE_HOME/modules/oracle.odl_11.1.1/ojdl2.jar"/>
          <argument value="-Djava.encoding=utf-8"/>
          <argument value="oracle.as.management.logging.tools.LogQuery"/>
          <argument value="-i"/>
          <argument value="$ORACLE_INSTANCE"/>
        </launch-target>
      </launch-targets>
   </process-manager>
</opmn>h2. ports.prop:
#Tue Aug 18 19:58:35 MDT 2009
/opmn/remote_port=6701
/oid1/asinst_1_nonSSLPort=3060
/oid1/asinst_1_SSLPort=3131
/opmn/local_port=6700
/EMAGENT/emd-port=5162h2. component-logs.xml
<?xml version = '1.0' encoding = 'UTF-8'?>
<logs xmlns="http://www.oracle.com/iAS/EMComponent/ojdl">
<log path="diagnostics/logs/OID/oid1/oidldapd%NUM%s%PID%-0000.log" componentId="OID">
<logreader class="oracle.core.ojdl.reader.ODLTextLogReaderFactory">
   <property name="FilenameFormat" value="oidldapd%NUM%s%PID%-{0}.log"/>
   <property name="FileRotation" value="circular"/>
   <property name="ComponentId" value="OID"/>
</logreader>
</log>
<log path="diagnostics/logs/OID/oid1/oidmon-0000.log" componentId="OID">
<logreader class="oracle.core.ojdl.reader.ODLTextLogReaderFactory">
   <property name="FilenameFormat" value="oidmon-{0}.log"/>
   <property name="FileRotation" value="circular"/>
   <property name="ComponentId" value="OID"/>
</logreader>
</log>
<log path="diagnostics/logs/OID/oid1/oidrepld00-0000.log" componentId="OID">
<logreader class="oracle.core.ojdl.reader.ODLTextLogReaderFactory">
   <property name="FilenameFormat" value="oidrepld00-{0}.log"/>
   <property name="FileRotation" value="circular"/>
   <property name="ComponentId" value="OID"/>
</logreader>
</log>
</logs>

Getting started with identity management . . .

. . . at least I think that's what I'm asking about.
I've worked quite a number of years in the Oracle database world, but this is really my first foray into Fusion Middleware, or Identity Management, or whatever I'm looking for is called.
We are looking at tightening our user security by tying our database usernames/logons to Active Directory.   The immediate issue is that we have various people connecting to the db with each other's credentials. I know this is at least partly a management issue, but the people doing the sharing are themselves managers. And for the most part I don't think they even realize they are sharing credentials. I think most of it comes from sharing Excel spreadsheets with external data connections to the Oracle database, and their credentials are hard-coded into the connection definition. So when Bob gives a copy of a spreadsheet to Carol, he doesn't even know his personal credentials are built in and that when Carol uses her copy of the sheet, she is connecting with his credentials.
What we'd like to do is tie their database credentials to their network credentials.    At this point I'm not knowledgeable enough to know if that inherently means single-sign-on something short of that. And at this point I'm not sure I care about that distinction, but I at least want to keep the distinction visible.
Since my "home" is the database forums, I've asked around there and been given some links to various docs and MOS notes, pointing back to more docs. Mostly simply under the umbrella of 'you need to use Fusion Middleware'. which is why I am coming to this forum.   It is quickly reaching a point of "you've got to understand it all before you can understand any of it". In other words, I'm not finding a good starting point to get any traction.
Currently I'm trying to get my head around "Oracle Fusion Middleware Installation Guide for Oracle Identity Management" and still getting lost in all of the different components.
When I go to look at downloading software to try (Oracle Fusion Middleware 11g Software Downloads) , it looks like what I want is Identity Management, but I'm not sure if I've even followed the correct trail to get to that point.
When I go to the online store to get an idea of what actual product we will need to purchase (https://shop.oracle.com/pls/ostore/f?p=dstore:2:0::NO:RIR,RP,2:PROD_HIER_ID:4509956172801805720011), again, I'm not sure which product I should be looking at, or if I've even followed the correct trail to get to that point.
I'm not sure how the version numbers work and how they relate (if it matters) to the database version numbers. FWIW, my databsaes are all Standard Edition 11.2.0.4, with some on Linux and one prod/test pair on Windows. We are looking at moving to 12.1 in the next 12 to 18 months.
I know this is all rather vague, but at this point I don't even know enough to ask a more focused, intelligent question. I'm hoping someone can see what I'm after and help be get on the right track -- and cut through the forest of Fusion Middleware stuff that I don't need to be concerned with.

Hello Ed
Oracle EUS is basically what you need at this point. It enables you to address administrative and security challenges for enterprise database users. Enterprise User Security (EUS) relies on Oracle Identity Management infrastructure, which in turn uses an LDAP-compliant directory service to centrally store and manage users. The components you will need are mainly OID and/or OVD depending on your use case
Here is an excellent online doc explaining the EUS integrations
http://www.nyoug.org/Presentations/2011/December/Moulton-Sullivan_Centralize_Oracle_Database.pdf
Here's some more reading on EUS from Oracle
http://docs.oracle.com/cd/B28359_01/network.111/b28528/concepts.htm#DBIMI152
Regards Shiva

OAM OIM OID OVD ?

I always hear these things from Oracle, OAM, OIM, OID and OVD. are they the same thing? if not, I belive they are related since people always mention them together, then, what's relationship? please clarify
I'm new to Oracle identity management products. please let me know if there are any others products closely relate to above in this family.
Thanks

Hi,
Each and every thing performs specific role,It will interdependent you can say when it comes to implementation.
OAM->oracle access manager=performing authentication and authorization of web based and non webbased resources by protecting them.
OIM->oracle identity manager =managing identities of organisation,integrating and provisioning(giving access) to various application and single sign on.
OID->oracle internet directory=its one of the directory server like sun directory server,AD for managing user data.
OVD->oracle virtual directory=its a virtual directory server which provides only view from multiple directory servers.
Please go through oracle docs for more info.
Thanks,
Ragu.

Installing OIM,OAM,OID,OVD

Hi All,
I need urgent help.. Lets me tell you the exact situation.
Actually, we have 3 servers and want to install and configure OIM, OAM, OID,OVD 11.1.1.5. Now the real confusion is , how to install them, should i install them on same server or different server. Please help..

Oh wonders of the Oracle documentation. The Enterprise Deployment Guide for Identity Management provides a way to do this, see http://docs.oracle.com/cd/E21764_01/core.1111/e12035/toc.htm.
Since OVD is very quick and small compared to OIM, SOA, OAM, I would put OID and OVD on one server and OIM, SOA, OAM on another. The real trick is to separate binaries from runtime, ie. do not install everything in the Middleware Home (similar to the Oracle Home) but share the binaries between servers and have local runtimes on each server.
HTH,
--olaf

Using Identity Management for Securing Web Services

My goal is to associate my services with an Oracle Internet Directory. I made some attempts to set up SAML authentication for the web services, but it didn't have the right outcome.
(My identity management server and OID is up and running and I have successfully made authentication modules for other web applications)
Here is what I did:
1. I wrote a simple java file, used jdeveloper tools to create and deploy it as a web service to OC4J. I associated an identity management server with this service through OC4J web tools as security provider.
2. I made a data control for the web service and put it in an ADF application . (client)
3. I deployed the client project(2) to OC4J.
I could use the web service through the page.
Then
I secured the webservice to expect SAML for authentication.
Surprisingly, the client could still communicate with the webservice, Why? Shouldn't it have rejected the request because of the problem in SAML token? (The proxy and the data control were not secured, and didn't provide any SAML tokens)
4.
I added login page to my client project (through ADF security wizard). It used idenity management for authentication successfully. login process completes and web service data control is displayed.
5. I want the authentication information to be propagated through the page so that the web service receives the data and uses Identity Management.
I know I should add <property name="oracle.security.wss.propagate.identity" value ="true"/>
to one of the configuration files, but don't know where exactly.
Best Regards,
Farbod

It doesnt matter whether the service is invoked as part of your larger process or not, if it is performing any business critical operation then it should be secured.
The idea of SOA / designing services is to have the services available so that it can be orchestrated as part of any other business process.
Today you may have secured your parent services and tomorrow you could come up with a new service which may use one of the existing lower level services.
If all the services are in one Application server you can make the configuration/development environment lot easier by securing them using the Gateway.
Typical probelm with any gateway architecture is that the service is available without any security enforcement when accessed directly.
You can enforce rules at your network layer to allow access to the App server only from Gateway.
When you have the liberty to use OWSM or any other WS-Security products, i would stay away from any extensions. Two things to consider
The next BPEL developer in your project may not be aware of Security extensions
Centralizing Security enforcement will make your development and security operations as loosely coupled and addresses scalability.
Thanks
Ram

Directory Naming with OFM 11g - Identity Management Does Not Work.

I tried to find document about how to setup/implement Directory Naming with Oracle Fusion Middleware 11g- Identity Management, but without luck. We implement Directory Naming with IM 10.1.4.3 on Linux that is 32-bit only and doesn't coexist very well with OEM GC (64-bit). So we are very eager to try 64-bit of IM 11.1.1. Any information is highly appreciated. Thanks huge.
Edited by: bhqu888 on Aug 16, 2009 6:51 PM
Edited by: bhqu888 on Aug 16, 2009 6:56 PM

I installed OFM IM 11.1.1 on RHEL 4.8 (x64) successfully and OID is up and running. Using Net Manager in the $ORACLE_HOME/bin dir I can upload TNS to OID. But Directory Naming does not work. Dbs client could not log into any dbs server through this 11g OID. Our 10.1.4 OID works fine.
Edited by: bhqu888 on Aug 16, 2009 6:51 PM
Edited by: bhqu888 on Aug 16, 2009 6:58 PM

Looking for recommendations for SSO using Identity Management Suite

Apparently there is more than one way to perform the single sign on functionality and I'm wondering if anyone has any recommendations. We want to use the user's CAC to authenticate and we are using both a thick and a thin client with business intelligence software (not Oracle) for reporting and the thick app needs to login, transfer data to and pull data from the database. We don't want the user to have to enter their information for login regardless of which piece of the application they are accessing. I was considering Enterprise Users, but not sure this is the best solution.
We plan on using OID to store the user's data and using the identity management with access manager suite. We need to use label security and row level security combined with roles in the database. We plan on using Oracle's Advanced security option for encryption and we are using 11g database

Great questions - swifer was made by me for me to use with arch. But its dependencies are light and very common (you almost certainly have them already), so it should run on other distros well. It does use something comparable to profiles for secure networks but much simpler - they are just wpa_supplicant.conf segments, but swifer writes them itself for simple cases (and most cases are simple cases; wep is a current exception) so generally you would have to pay no attention to them.
As for permissions on the files, I've been meaning to get around to that - they've been 0644, but I just changed it to 0600 in the last revision which is now on github.
EDIT: also keep in mind this is a development version. I use it myself as my only networking tool on a netbook that I bring everywhere - and I have no issues. But I also know how to connect manually in a bind: and I advocate for every user knowing the manual steps (ip, iwlist (if needed), iw / wpa_supplicant, dhcpcd/dhclient).
Last edited by Trilby (2013-06-21 22:13:24)

Oracle Identity Manager looking for OracleAS 10.1.3.x

Hi,
I need to install the following products on 2 servers
Oracle Identity Management Suite (OID, DAS, SSO) as a OracleAS Active-Active Cluster.
Oracle Identity Manager in Cluster
Oracle Access Manager in Cluster
Oracle Virtual Directory in Cluster
with F5 load balancers
A bit complex configuration, but think i can achieve it. I completed the first task successfully but now I am facing a problem when i wanted to install the Oracle Identity Manager 9.1 on the existing OracleAS cluster. OIM is looking for a 10.1.3.x version of OracleAS where as the Oracle Identity Management suite is shipped with OracleAS 10.1.0.2 version. we went ahead with the installation process as there was no reference of application server version in the Oracle Identity Management Certification matrix and the OracleAS 10.1.3.4 certification document below mentioned that IM 10.1.4.0.1 is shipped with 10.1.3.x version.
http://www.oracle.com/technology/software/products/ias/files/oracle_soa_certification_101310.html
Can anyone guided me how should i go ahead with this.
Thanks & Regards
Ramesh GK

Check this OIM on OAS issues
SOA suite is using jdk 1.5.x , Identity Management Suite is using jdk 1.4.x. My advice is to use OC4J from SOA Suite. Open a SR to confirm this. Some OIM required patch for OC4J are only for 10.1.3.x and can't be applied to OC4J from Identity Management Suite, also you can't not use the same database for OIM and IDM repository if you are using multilanguage installation.

Fails when create oracle internet directory in oracle identity management

Dear All,
I try to configure oracle identity management and always getting error when try to create oracle internet directory.
Running on windows 2008 server, oracle weblogic 10.3.4, oim 11.1.1.2.0.
This is the log file as follow ...
AdminServer port is 7001
trying to connect to VM-WindowsServer2K8 7001
Successful
getDomainRuntimeMBeanServerConnection ...
Connecting to Domain runtime ...
trying to connect to VM-WindowsServer2K8 7001
Successfully connected to the Domain Runtime ...
trying to connect to VM-WindowsServer2K8 7001
Successful
MBean Server Connection is :javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection@1c58252
VM-WindowsServer2K8 7001
Instance idmfinal_2 already exists, continuing with component creation
D:\Oracle\Middleware\Oracle_IDM1 D:\Oracle\Middleware\idmfinal_2 idmfinal_2
oracle.as.provisioning.util.ConfigException:
Error creating ASComponent oid1.
Cause:
An internal operation has failed: oracle/security/xmlsec/util/Base64
Action:
See logs for more details.
     at oracle.as.provisioning.util.ConfigException.createConfigException(ConfigException.java:123)
     at oracle.as.provisioning.fmwadmin.ASInstanceProv._createComponent(ASInstanceProv.java:414)
     at oracle.as.provisioning.fmwadmin.ASInstanceProv.createComponent(ASInstanceProv.java:358)
     at oracle.as.provisioning.fmwadmin.ASInstanceProv.createInstanceAndComponents(ASInstanceProv.java:136)
     at oracle.as.provisioning.engine.WorkFlowExecutor._createASInstancesAndComponents(WorkFlowExecutor.java:525)
     at oracle.as.provisioning.engine.WorkFlowExecutor.executeWLSWorkFlow(WorkFlowExecutor.java:441)
     at oracle.as.provisioning.engine.Config.executeConfigWorkflow_WLS(Config.java:866)
     at oracle.as.idm.install.config.IdMDirectoryServicesManager.doExecute(IdMDirectoryServicesManager.java:861)
     at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:335)
     at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:87)
     at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:104)
     at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
     at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:63)
     at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:158)
     at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
     at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:83)
     at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.NoClassDefFoundError: oracle/security/xmlsec/util/Base64
     at oracle.security.jps.internal.common.util.JpsCommonUtil.<clinit>(JpsCommonUtil.java:212)
     at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:155)
     at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:166)
     at oracle.iam.management.oid.install.wls.OIDComponentHelper$3.run(OIDComponentHelper.java:2377)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.iam.management.oid.install.wls.OIDComponentHelper.delCredFromCSF(OIDComponentHelper.java:2372)
     at oracle.iam.management.oid.install.wls.OIDComponentHelper.removeCreds(OIDComponentHelper.java:2363)
     at oracle.iam.management.oid.install.wls.OIDComponent.onRemove(OIDComponent.java:423)
     at oracle.as.config.impl.OracleASComponentBaseImpl.remove(OracleASComponentBaseImpl.java:286)
     at oracle.as.config.impl.OracleASComponentBaseImpl.remove(OracleASComponentBaseImpl.java:173)
     at oracle.as.config.impl.OracleASComponentBaseImpl.remove(OracleASComponentBaseImpl.java:154)
     at oracle.iam.management.oid.install.wls.OIDComponent.onCreate(OIDComponent.java:221)
     at oracle.as.config.impl.OracleASComponentBaseImpl.createComponent(OracleASComponentBaseImpl.java:596)
     at oracle.as.config.impl.OracleASComponentBaseImpl.create(OracleASComponentBaseImpl.java:105)
     at oracle.as.provisioning.fmwadmin.ASComponentProv.createComponent(ASComponentProv.java:144)
     at oracle.as.provisioning.fmwadmin.ASComponentProv.createComponent(ASComponentProv.java:73)
     at oracle.as.provisioning.fmwadmin.ASInstanceProv._createComponent(ASInstanceProv.java:401)
     ... 15 more
Caused by: java.lang.ClassNotFoundException: oracle.security.xmlsec.util.Base64
     at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionClassLoader.loadClass(StandardConfigActionClassLoader.java:75)
     at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
     at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
     ... 32 more
progress in calculate progress33
please help me to solve this problem.
Regards,
-Ranubaya

I hit retry and now the "Create Oracle Internet Directory" completed successfully. But now the error is on "Start Oracle Internet Directory". Following error appears in the log file:
*[2011-01-06T17:11:51.929-06:00] [as] [WARNING] [] [oracle.as.config] [tid: 37] [ecid: 0000IpSwWP60jo8yBgpIcT1D9XrH00000S,0] Failed to start component oid1[[*
oracle.as.config.ProvisionException: HTTP status code = 400 : No processes or applications match the specified configuration.
Please assist!

Problem Configuring Identity Management in OC4J

I have a problem connecting my OC4J to oracle internet directory. I have installed Oracle Identity Management and have defined a few users.
When I go to:
Oc4J Page->Administration->Security->Identity Management and click configure to configure my OID, I will have a form to fill out:
I think I have entered my server correctly(nfs_server.com) and port 389 for non-SSL but I really don't know what to fill in : 'Oracle Internet Directory User DN'
Oracle BC4J document, b28957, says that the user here should be the member of iASAdmins.
cn=iASAdmins,cn=Groups,cn=OracleContext,dc=nfs_server,dc=com
I have added this entry in uniquemember:
cn=farbd,cn=users,dc=nfs_server,dc=com
I can log on to Oracle Directory Manager by this username(farbd).
[server: nfs_server, port:389]
but I can't log here: Oc4J Page->Administration->Security->Identity Management -> configure
it returns :
Connect Information - An error occurred trying to connect to the Internet Directory using the information specified below. Please verify that the host/port and username/password specified are correct and that the OID instance is indeed up and running.
Thank you in advance.
Best Regards
Farbod

'Oracle Internet Directory User DN'
This option is case and format sensitive
try with cn=orcladmin here. If it works then surely the problem is with the entry of this option's value.
Make sure the realm info. of context is being entered correctly
Through ODM tool or OIDDAS find out the complete path,copy and paste it there.

Need help with error configuring Identity Management in OAS 10g

Hi,
I am configuring SSO in OAS 10g, After successful installation (with sso option selected) when I go to the management interface and attempt to configure Identity Management it fails with the following error:
Error configuring identity management. oracle.ias.configtool.config.ConfigException: Unable to retrieve SSO DB information.Base Exception: oracle.ias.configtool.config.ConfigException: oracle.ias.configtool.config.ConfigException: oracle.ias.configtool.config.ConfigException: Unable to retrieve SSO DB information . Base Exception : Error when reading seeAlso of replicaid entry - java.lang.NullPointerException Status code 3
I am totally stumped, cant find any instance of this error in docs etc. PLEASE HELP.
I am trying to setup OAS to SSO with MS AS for oracle ebusiness suite 11i.
Thanx in Advance,
Sean

Check that your insfrastructure database is up and running, it's accesible, as well, check for OID procs and demons that ports for OID are open and that you can make ldapbind this last may not be necesary as the error say about database, but is good to check also. Go to *$ORACLE_HOME/opmn/logs* and check the files there to see if other process are having problems.
Greetings

Identity Management: OID & OVD Monitor

Similar Messages

Maybe you are looking for