Integration of sun identity manager with sun access manager

Similar Messages

• How to integrate Oracle identity Federation with Oracle Access Manager

  Hi Experts
  I need to integrate OIF(11.1.1.6.0) with OAM(11.1.2). My use case is as follows:
  Things done:
  1) OAM is integrated with an OID (OID1) and OIF is integrated with another OID (OID2)
  2) Able to authenticate the users of OID1 via OAM for my ADF applications.
  Things to be done:
  1) Need to forward the details of unauthenticated user from OAM to my OIF for authentication (i.e., OAM cannot authenticate OID2 users, in such case the details have to be forwarded)
  Looked into so many posts but not done with the integration. Can anyone help me please.. Stuck with this for the last 3 days
  Thanks
  Gopi

  Hi,
  Yes Depot Repair is a module, and you can enable this module if already not enabled using the License Manager. Oracle Depot Module carries the short name CSD.
  In additin to the above, also refer the implementation guide:
  http://docs.oracle.com/cd/B34956_01/current/acrobat/120csdig.pdf
  In order to license a product in Oracle using License Manager, please see following:
  http://myappsdba.com/how-to-license-a-new-product-in-oracle-applications/
  http://www.appsdba.info/docs/oracle_apps/R12/License_Manager.pdf
  Also see:
  How To Use OAM To License JA (Asia/Pacific Localizations), JE (European Localizations), JG (Regional Localizations) and JL (Latin-American Localizations) in Oracle Applications ? (Doc ID 351900.1)
  Thanks &
  Best Regards,

• Integration of custom identity services with JDeveloper BPEL designer

  Hi,
  I'd like to know if a custom user repository plugin will cause the 'Identity Lookup Dialog' (Step 6 of Human Workflow Wizard to generate a user task) to utilize the list of users and groups from a third party provider, when used as the Custom Identity Service provider.
  I'd like to have the custom list of users and groups at 'design time' of the BPEL process itself, as well as process runtime. Is this possible?
  This is with respect to both BPEL PM v10.2.0.2 and v 10.1.3.1.0.
  Regards,
  Vineet

  ok, thank you for the reply.
  But the installation of the Oracle BPEL Process Manger for Developers which includes the JDeveloper and the BPEL Designer doesn't come with 10.1.3.1.0?
  I have to install the JDeveloper and the BPEL Process Manager seperate?
  Thx

• Siebel Integration with SUN Access Manager

  Hi Guys,
  We are trying to integrate siebel with Sun access Manager.
  I have gone thro the sun site but unable to find any documentation and policy agent to download.
  Please guide me where can i find documenttaion and policy agent software download.
  Thanks
  Regards,
  Mohit

  There is no agent to integrate with Siebel directly. However it should be possible by using Sun web server or IIS agent. Here is an old document that may still apply.
  http://docs.sun.com/source/816-6901-10/Chapter.html#wp19548
  There was more detailed integration document on Siebel web site. But it has been removed after Oracle acquisition (http://www.siebel.com/partners/portal/docs/integrationbriefs/siebel77_sjsam_tib.pdf)
  thanks,
  shivaram

• Integrating windows authentication with Sun ACCESS MANAGER

  Hi,
  I have implemented sun access manager and successfully protected an application (ABC). At present iam using the SDS as the authentication and authorization directory. I login in to the machine using the network username and password which is on AD.
  I want to integrate my authentication/authorization mechanism from SDS to AD. so that when i login into the machine and open application ABC it should not ask me for the credentials; instead allow me to the homepage directly.
  How to do this.
  Thanks in advance
  Maruthi

  Hi!
  Maybe this helps you, it describes how to setup AM and policy agent to handle basic authentication protected sites. While the article is about sharepoint it should work for any application.
  http://developers.sun.com/identity/reference/techart/sharepoint.html
  Christoph

• Using BEA Weblogic Portal with Sun Access Manager

  Hello all,
  I am wondering if anyone has had experience with using Weblogic Portal (versions 8.1 or 9.2) with Sun's Access Manager tool (part of the Identity Management suite).
  In particular, I would like to know what access control tasks were performed through access manager, and which were performed portal-side.
  Any information would be appreciated.
  Thanks!

  Hi
  Has any one explored the below question.
  Is WLP 9.2 compatible with Sun Access Manager?
  If yes, please let know the details.
  Thanks

• Integrate IdM roles with Sun Access Manager roles

  Hi all,
  I am currently working on a solution involving Sun Identity Manager 7.1 and Sun Access Manager 7.1 as well. We use AM for overall authentication and SSO across the application, and IdM for user provisioning.
  I need to create roles in Identity Manager, and I would like that when I assign a role to a user in Identity Manager, he gets the same role in my Access Manager repository (Sun LDAP). Identity Manager does provide a way to set attribute values in resources when a role is set. Access Manager on the other hand has both dynamic roles, based on an LDAP search, and static roles.
  What are the important differences between static and dynamic roles in AM?
  Does anybody know a good way to propagate roles from Identity Manager to Access Manager?
  Thanks.

  I found answers to my question. I succeeded in setting the Access Manager role from Identity Manager using the nsRoleDN attribute. Here are some references to begin with:
  About directory server roles:
  http://docs.sun.com/app/docs/doc/820-2493/fvbrn?a=view
  Forum thread reference:
  http://forums.sun.com/thread.jspa?threadID=5208694
  Here are roughly the steps I followed to get this working.
  Access Manager roles setup:
  1. In Access Manager, create a new static role named test_role under the identities realm (in Subjects > Role).
  Identity Manager roles setup:
  1. Create a new role in Identity Manager: tab Roles, click New....
  2. Assign the LDAP resource to synchronize the role with.
  3. On the Assigned Resources line, click the Set Attributes Values button. This shows up the attributes listing allowing you to bind your IdM role to your LDAP repository.
  4. Set the attribute nsRoleDN to the LDAP DN of the role that was created in AM (nsRoleDN must be added in the resource attributes mapping before).
  * In the column Value override, select Text.
  * In the column How to set, select Authoritative merge with value, clear existing. (* See IDM Admin guide about this setting, I am still not sure how it reacts with multi-value attributes)
  * In the text box, enter the role DN text (ex: cn=test_role,dc=com).
  5. Save the role. You can now add the role to a user.

• HELP GETTING Started with Sun Access Manager without TEARS.

  I am new to Sun Access Manager.
  I am quite familiar with how Sun Java Identity Manager works.
  The following is the issue I am facing.
  I've downloaded the following images from the sun website
  java_es_05Q4-ga1-solaris-x86-1-iso
  and
  java_es_05Q4-ga1-solaris-x86-2-iso
  I've installed the components on sun solaris 10
  The following components were installed
  /opt/SUNWcomds
  I am not sure what this is for
  /opt/SUNWdsvmn
  I am not sure what it is.
  /opt/SUNWma
  What is this I was expecting SUNWam the access management software!
  /opt/SUNWwbsvr -- This is the Web Server.
  I know how to use it.
  Can anyone tell me on how to go about it?
  Is there any online tutorial for the same.
  What is the difference between sparc version and x86. Can i use any of these on solaris 10?
  Anyhelp getting started would be highly appreciated.
  I am looking at doing the following things.
  ssl,fed, auth, custauth etc
  Thanks a ton in Advance.
  Regards,
  Vinod

  I documented my installation procedure for Access Manager 7.0 (2005Q4) and Portal 7.0. Take a look at my wiki page:
  http://wiki.its.queensu.ca/display/JES/Access+Manager+installation
  It's a two node Access manager Legacy site and I also implemented session-failover using Message Queue and Berkeley Database.

• BO Authentication with Sun Access Manager

  Post Author: aboucher
  CA Forum: Authentication
  Hi,
  Is there a way to use Sun Access Manager (Role base) with BO. We are using XIR2 but we are willing to move to XIR3 if this version can do this job. I know that BO can be configured with LDAP, AD, Enterprise but is there a Custom choice. Any idea?
  Thanks

  Post Author: TAZ
  CA Forum: Authentication
  So quickly reviewing sun access manager it doesn't seem to be an LDAP server per se. It's more like a portal used for SSO. If that's the case then you would integrate LDAP accounts and then use technology like trusted authentication for SSO from the sun access maanger portal. In that case trusted auth will support just about any front end as long as the user info can be forwarded to us in one of 7 methods. You can read more about trusted authentication in the XIR2 deployment guide
  http://support.businessobjects.com/documentation/product_guides/default.asp
  Integrations of this level typically involvel in depth planning and should probably be done with the assistance of a BO consultant.
  Regards,
  Tim

• Access manager policyagent 2.1 fro webspher5.0  with sun access manager in

  Help It is very urgent
  I have installed my sun access manager and sun direcory server on same machine solaris10.SSL is diable in directory server.Access manager working on ssl mode means it is working on Http with port 80 and Https with port443.Access manager url is
  http://lhostname:80/amconsole or https://hostname:443/amconsole and
  http://host:80/amserver/UI/Login or https://host:443/amserver/UI/Login.it is displaying access manager login page.It is working properly standalone.
  But when i configure it with policyagent2.1 for WebSphere5.0 .WebSphere installed on windows2000 server.when i type the application URL that is running on WebSphere it does not show access manager login page.It show u r not authurised to view this page.WebSphere running on Http.
  and amService log detail is*****************************************************
  03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
  Naming service URL list: [https://my.domain.com:443/amserver/namingservice]
  03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
  Only one naming service URL specified. NamingServiceMonitor will be disabled.
  03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
  getServiceURL for service: auth protocol: https host: my.domain.com port: 443
  03/02/2006 05:57:32:112 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
  ERROR: Naming service connection failed
  com.iplanet.services.comm.client.SendRequestException: com.ibm.ws.orbimpl.transport.protocol.https.HttpsURLConnection
       at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:141)
       at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:73)
       at com.iplanet.services.naming.WebtopNaming.getNamingResponse(WebtopNaming.java:360)
       at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:421)
       at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:353)
       at com.iplanet.services.naming.WebtopNaming.getServiceURL(WebtopNaming.java:187)
       at com.sun.identity.authentication.AuthContext.setLocalFlag(AuthContext.java:1159)
       at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1100)
       at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1071)
       at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:142)
       at com.sun.identity.policy.client.AuthService.getAppSSOToken(AuthService.java:103)
       at com.sun.identity.policy.client.AuthService.getApplicationSSOToken(AuthService.java:79)
       at com.sun.identity.policy.client.PolicyEvaluator.getAppSSOToken(PolicyEvaluator.java:499)
       at com.sun.identity.policy.client.PolicyEvaluator.init(PolicyEvaluator.java:193)
       at com.sun.identity.policy.client.PolicyEvaluator.<init>(PolicyEvaluator.java:172)
       at com.sun.identity.policy.client.PolicyEvaluatorFactory.getPolicyEvaluator(PolicyEvaluatorFactory.java:118)
       at com.sun.identity.policy.client.PolicyEvaluatorFactory.getPolicyEvaluator(PolicyEvaluatorFactory.java:87)
       at com.sun.identity.agents.policy.AmWebPolicy.<init>(Unknown Source)
       at com.sun.identity.agents.policy.AmWebPolicyManager.<init>(Unknown Source)
       at com.sun.identity.agents.policy.AmWebPolicyManager.<clinit>(Unknown Source)
       at com.sun.identity.agents.filter.AmFilter.<init>(Unknown Source)
       at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
       at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
       at com.sun.identity.agents.filter.AmFilterManager.getAmFilterInstanceForModeConfigured(Unknown Source)
       at com.sun.identity.agents.filter.AmAgentFilter.doFilter(Unknown Source)
       at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:132)
       at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:71)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:863)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:491)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:173)
       at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:79)
       at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java:199)
       at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
       at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:182)
       at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:331)
       at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
       at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:432)
       at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:343)
       at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:592)
  Thanks & Regards
  Saini

  This is an SSL handshake problem of Websphere - has nothing to do with AM.
  Websphere�s JDK does not trust the Signer / Cert of AM�s deployment container.
  Either configure a truststore (or use an existing webshpere truststore) where you import the Cert of the Signing CA of your AM DC�s cert.
  Other option - import the mentioned cert in cacert file of IBM JDK - but be aware that this might get lost when applying an Websphere fixpack/refreshpack.
  BTW what have you configured for server.port,server.host and server.protocol in your AMConfig.properties?
  If you have not changed that settings agent will use the port/protocol specified to communicate with AM.
  -Bernhard

• Securing web services with Sun Access Manager

  Hi!
  I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
  What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
  I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
  I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
  My questions are:
  1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
  2) Are there any documentation/tutorials/etc?
  Thanks in advance :-)
  Anders

  what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
  the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
  So.. having said that. here's what I'd recommend.
  1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
  2. configure it to use your access manager instance for authentication.
  3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
  4. voila... your webservices are not "protected" by acces manager ;-)

• Configuring IIS6.0 with Sun Access manager

  As I am new to Sun java Access manager .I have installed and configured the Sun Access manager 7.1 on Tomcat and able to login to the console also.Now I am looking to configure the web application which resides in IIS 6.0 with Sun Access manager,To do this are there any documents about how to configure the Windows IIS 6.0Policy agent with Sun Accessmanager?In the Sun website I didnt see any document related to this configuration,could anyone please help how to work on this?
  Thanks in advance.

  http://docs.sun.com/app/docs/doc/819-4771?l=en
  should give you all the information you need. For server changes like policy refer to AM 7.1 docs on docs.sun.com

• Integrating siteminder and sun access manager

  Hi,
  I need to perform the following integration. I have an client which generates a saml assertion using Sun access manager which is consumed by another system which is again having Sun access manager. Now the client wants to move on to Siteminder. Would there be any compatibility issues? Would the recipient system having Sun access manager be able to consume the saml assertion generated by siteminder?
  Thanks in advance.

  SAML is a standard, therefore you should check SAML versions support in siteminder and do the proper configuration.

• Integrating Identity Manager with Access Manager

  We have a plain vanilla installation of Identity Manager 5.5. We are attempting to integrate Access Manager 7 (also plain vanilla install). Both were deployed into Application Server 8.1 (all running on Solaris 10 x86).
  Here is what we ran into:
  1) When IDM is the only application deployed in Application Server, we can log in to its administration console with the base ID of "configurator" without a problem. Next, we installed Access Manager 7 without any errors. Now when we attempt to log into the IDM administration panel (still using "configurator"), IDM can no longer find the �configurator� ID. We tried using AM to add an ID of "configurator" to the LDAP directory (figuring that was the problem), but we still cannot get into IDM. What do we need to do to "integrate" these two products? We haven't even attempted customization yet.
  2) Does anyone know of ANY sample apps that show IDM and AM working together?
  Thanks in advance

  Raghavan,
  Do you have any template doc for this configurations, We did the same only thing that we changes is instead of using the fully qualified DNS name we used the ip address in the AMConfig.properties file.
  Any ideas?
  --Srini                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• Integrating Oracle Identity Manager 9.1.0.2 with third reported

  Hi Friends,
  I have installed Oracle Identity Manager 9.1 integrated with various connectors, for that I need to customize some reports. My question is that reports can integrate Oracle Identity Manager 9.1.0.2, according to its parent company certification
  Thanks for the support

  Hi JLK,
  Glad to know that OIM 9.1.0.2 working for you. I had no success in installing and configuring 9.1.0 with SQL db 2000.
  Please have look at my thread OIM 9.1.0 installation- Unable to access Admin console
  If you could throw me pointera or provide assistance that would be great. Thx in advance.