Is OAM server as a SAML seecurity provider ?
Hi Guys ,
Thanks for your opening this thread , Now I had a question about OAM as below :
I had a system act as SP who support SAML ,and we use OAM as our SSO server act as IDP, do we regard OAM as a SAML security provider ? if the answer is yes ,how can I configure it to integrate my system to OAM for implementing SSO ?
High appreciated for your suggestion!
Regards
Mervin
For SAML support OIF is there...OAM can as authenticator or Service provider integrator for authorization of protected page....you need to use weblogic od OIF for SAML request response and then request can be forwaded to OAM to authorize the user...
i hope this answered your question....please let me know if you have any query
Harpreet
Similar Messages
-
I am getting the following error at startup and I cannot figure exactly what the error is telling me. The error is at the bottom. Any help would be appreciated.
Thanks, Art
C:\Java\jdk1.6.0_33\bin\java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -Dweblogic.Name=oam_server1 -Djava.security.policy=C:\oracle\Middleware\wlserver_10.3\server\lib\weblogic.policy -Dweblogic.system.BootIdentityFile=C:\oracle\Middleware\user_projects\domains\base_domain\servers\oam_server1\data\nodemanager\boot.properties -Dweblogic.nodemanager.ServiceEnabled=true -Dweblogic.security.SSL.ignoreHostnameVerification=false -Dweblogic.ReverseDNSAllowed=false -Xms3096m -Xmx3096m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -Xverify:none -da -Dplatform.home=C:\oracle\Middleware\wlserver_10.3 -Dwls.home=C:\oracle\Middleware\wlserver_10.3\server -Dweblogic.home=C:\oracle\Middleware\wlserver_10.3\server -Dcommon.components.home=C:\oracle\Middleware\oracle_common -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=C:\oracle\Middleware\user_projects\domains\base_domain -Djrockit.optfile=C:\oracle\Middleware\oracle_common\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.server.config.dir=C:\oracle\Middleware\user_projects\domains\base_domain\config\fmwconfig\servers\oam_server1 -Doracle.domain.config.dir=C:\oracle\Middleware\user_projects\domains\base_domain\config\fmwconfig -Digf.arisidbeans.carmlloc=C:\oracle\Middleware\user_projects\domains\base_domain\config\fmwconfig\carml -Digf.arisidstack.home=C:\oracle\Middleware\user_projects\domains\base_domain\config\fmwconfig\arisidprovider -Doracle.security.jps.config=C:\oracle\Middleware\user_projects\domains\base_domain\config\fmwconfig\jps-config.xml -Doracle.deployed.app.dir=C:\oracle\Middleware\user_projects\domains\base_domain\servers\oam_server1\tmp\_WL_user -Doracle.deployed.app.ext=\- -Dweblogic.alternateTypesDirectory=C:\oracle\Middleware\Oracle_IDM1\oam\agent\modules\oracle.oam.wlsagent_11.1.1,C:\oracle\Middleware\oracle_common\modules\oracle.ossoiap_11.1.1,C:\oracle\Middleware\oracle_common\modules\oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -DOAM_POLICY_FILE=C:\oracle\Middleware\user_projects\domains\base_domain\config\fmwconfig\oam-policy.xml -DOAM_CONFIG_FILE=C:\oracle\Middleware\user_projects\domains\base_domain\config\fmwconfig\oam-config.xml -DOAM_ORACLE_HOME=C:\oracle\Middleware\Oracle_IDM1\oam -Doracle.security.am.SERVER_INSTNCE_NAME=oam_server1 -Does.jars.home=C:\oracle\Middleware\Oracle_IDM1\oam\server\lib\oes-d8 -Does.integration.path=C:\oracle\Middleware\Oracle_IDM1\oam\server\lib\oeslib\oes-integration.jar -Does.enabled=true -Djavax.xml.soap.SOAPConnectionFactory=weblogic.wsee.saaj.SOAPConnectionFactoryImpl -Djavax.xml.soap.MessageFactory=oracle.j2ee.ws.saaj.soap.MessageFactoryImpl -Djavax.xml.soap.SOAPFactory=oracle.j2ee.ws.saaj.soap.SOAPFactoryImpl -Ducm.oracle.home=C:\oracle\Middleware\Oracle_ECM1 -Dem.oracle.home=C:\oracle\Middleware\oracle_common -Djava.awt.headless=true -Dweblogic.management.discover=false -Dweblogic.management.server=http://10.10.20.159:7001 -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\oracle\Middleware\patch_wls1036\profiles\default\sysext_manifest_classpath;C:\oracle\Middleware\patch_ocp371\profiles\default\sysext_manifest_classpath weblogic.Server
<Aug 27, 2012 10:51:36 AM EDT> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Aug 27, 2012 10:51:36 AM EDT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Aug 27, 2012 10:51:36 AM EDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 20.8-b03 from Sun Microsystems Inc.>
<Aug 27, 2012 10:51:37 AM EDT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050 >
<Aug 27, 2012 10:51:38 AM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Aug 27, 2012 10:51:38 AM EDT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Aug 27, 2012 10:51:38 AM EDT> <Notice> <Log Management> <BEA-170019> <The server log file C:\oracle\Middleware\user_projects\domains\base_domain\servers\oam_server1\logs\oam_server1.log is opened. All server side log events will be written to this file.>
Aug 27, 2012 10:51:45 AM oracle.security.am.common.nap.util.NAPLogger log
SEVERE: Failed to communicate with any of configured Access Server, ensure that it is up and running.
<Aug 27, 2012 10:51:46 AM EDT> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Aug 27, 2012 10:51:49 AM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<Aug 27, 2012 10:51:49 AM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Aug 27, 2012 10:52:12 AM EDT> <Notice> <LoggingService> <BEA-320400> <The log file C:\oracle\Middleware\user_projects\domains\base_domain\servers\oam_server1\logs\oam_server1.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Aug 27, 2012 10:52:12 AM EDT> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\oracle\Middleware\user_projects\domains\base_domain\servers\oam_server1\logs\oam_server1.log00001. Log messages will continue to be logged in C:\oracle\Middleware\user_projects\domains\base_domain\servers\oam_server1\logs\oam_server1.log.>
<Aug 27, 2012 10:52:18 AM EDT> <Warning> <Munger> <BEA-2156203> <A version attribute was not found in element web-app in the deployment descriptor in C:\oracle\Middleware\Oracle_IDM1\oam\agent\apps\oam-wlsagent-logout.war/WEB-INF/web.xml. A version attribute is required, but this version of the Weblogic Server will assume that the JEE5 is used. Future versions of the Weblogic Server will reject descriptors that do not specify the JEE version.>
<Aug 27, 2012 10:52:18 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "oracle_soainfra:total_faults" has no key column. It will not be collected.>
<Aug 27, 2012 10:52:18 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "oracle_oim:overall" has no key column. It will not be collected.>
<Aug 27, 2012 10:52:18 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "oracle_federation:protocol_profiles_rollup" has no key column. It will not be collected.>
<Aug 27, 2012 10:52:18 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "oracle_federation:protocol_profiles_events_rollup" has no key column. It will not be collected.>
<Aug 27, 2012 10:52:18 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "oracle_federation:protocol_profiles_protocol_phase_events_rollup" has no key column. It will not be collected.>
<Aug 27, 2012 10:52:19 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "portal:portal_page_engine_response_codes_delta" has no key column. It will not be collected.>
<Aug 27, 2012 10:52:19 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "portal:portal_page_engine_response_codes" has no key column. It will not be collected.>
<Aug 27, 2012 10:52:19 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "portal:portal_page_engine" has no key column. It will not be collected.>
<Aug 27, 2012 10:52:19 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "weblogic_j2eeserver:jvm_runtime" has no key column. It will not be collected.>
<Aug 27, 2012 10:52:19 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "weblogic_j2eeserver:jvm_compilation_time" has no key column. It will not be collected.>
<Aug 27, 2012 10:52:19 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "weblogic_j2eeserver:jvm_memory_usage" has no key column. It will not be collected.>
<Aug 27, 2012 10:52:19 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "weblogic_j2eeserver:jvm_class_loading" has no key column. It will not be collected.>
<Aug 27, 2012 10:52:19 AM EDT> <Warning> <oracle.dms.collector> <BEA-000000> <Metric table "weblogic_j2eeserver:jvm_threads" has no key column. It will not be collected.>
[EL Info]: 2012-08-27 10:52:27.315--ServerSession(1304459265)--EclipseLink, version: Eclipse Persistence Services - 1.1.0.r3634
[EL Info]: 2012-08-27 10:52:27.423--ServerSession(1304459265)--file:/C:/oracle/Middleware/Oracle_IDM1/oam/server/lib/oes-d8/jps-internal.jar-JpsDBDataManager login successful
*<Aug 27, 2012 10:52:30 AM EDT> <Error> <HTTP> <BEA-101216> <Servlet: "AMInitServlet" failed to preload on startup in Web application: "oam".*
java.lang.ExceptionInInitializerError
* at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.checkAndInit(AbstractSessionAdapterImpl.java:90)*
* at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.<init>(AbstractSessionAdapterImpl.java:73)*
* at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<init>(MultipleUserSessionAdapterImpl.java:56)*
* at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<clinit>(MultipleUserSessionAdapterImpl.java:45)*
* at oracle.security.am.engines.sso.adapter.SessionManagementAdapterFactory.getAdapter(SessionManagementAdapterFactory.java:46)*
* Truncated. see log file for complete stacktrace*
Caused By: java.lang.NullPointerException at oracle.security.am.engines.common.adapters.ConfigServiceHelperImpl.getServerInstanceDetails(ConfigServiceHelperImpl.java:713)
at oracle.security.am.engines.sso.adapter.OAMSessionConfiguration.<init>(OAMSessionConfiguration.java:52)
at oracle.security.am.engines.sso.adapter.OAMSessionConfiguration.<clinit>(OAMSessionConfiguration.java:47)
at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.checkAndInit(AbstractSessionAdapterImpl.java:90)
at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.<init>(AbstractSessionAdapterImpl.java:73)
Truncated. see log file for complete stacktrace
>Hi,
I'm also facing the same issue. (trying 11.1.4 Fusion Apps for Oracle Linux 64 bit)
I don't think it's JDK related nor permissions related as mentioned in the above given Note: 1279434.1
The error stack says it's Null pointer exception. from
at oracle.security.am.engines.common.adapters.ConfigServiceHelperImpl.getServerInstanceDetails(ConfigServiceHelperImpl.java:713)
at oracle.security.am.engines.sso.adapter.OAMSessionConfiguration.<init>(OAMSessionConfiguration.java:52)
Any more suggestions ? Could you let us know how do we troubleshoot this issue.
fyi. oam_server1 (managed server) is up.
oam_admin (11.1.1.3.0) application is Active
but oam_server application is FAILED
I've also tried disabling IPV6 protocol as mentioned in 1471671.1
Thanks,
Vidyadhar
Edited by: 974023 on 29 Nov, 2012 7:23 AM
Edited by: 974023 on 29 Nov, 2012 7:32 AM -
Oracle Weblogic 9.2.3 server support for SAML 1.1 'wildcard attributes'
To support Web SSO using SAML on Oracle Weblogic 9.2.3 server - I need to parse SAML 1.1 'wildcard attributes' in the SAML 1.1 Asserter schema; https://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-assertion-1.1.xsd. The Oracle Weblogic 9.2.3 server provides an interface; weblogic.security.providers.saml.SAMLIdentityAssertionNameMapper - for parsing the information in the SAML token provided by an external partner, but this interface only deals with nameid and groups and not attributes in the AttributeStatement of the SAML token. In weblogic 10 a new interface; com.bea.security.saml2.providers.SAML2IdentityAsserterAttributeMapper - is provided, which solves this problem.
My question is, how can I get access to the attributes in the AttributeStatement in the SAML 1.1 token on an Oracle Weblogic 9.2.3 server ?
Or
Is the weblogic.security.providers.saml.SAMLIdentityAssertionAttributeMapper available in weblogic 9.2.3 ?To support Web SSO using SAML on Oracle Weblogic 9.2.3 server - I need to parse SAML 1.1 'wildcard attributes' in the SAML 1.1 Asserter schema; https://www.oasis-open.org/committees/download.php/3408/oasis-sstc-saml-schema-assertion-1.1.xsd. The Oracle Weblogic 9.2.3 server provides an interface; weblogic.security.providers.saml.SAMLIdentityAssertionNameMapper - for parsing the information in the SAML token provided by an external partner, but this interface only deals with nameid and groups and not attributes in the AttributeStatement of the SAML token. In weblogic 10 a new interface; com.bea.security.saml2.providers.SAML2IdentityAsserterAttributeMapper - is provided, which solves this problem.
My question is, how can I get access to the attributes in the AttributeStatement in the SAML 1.1 token on an Oracle Weblogic 9.2.3 server ?
Or
Is the weblogic.security.providers.saml.SAMLIdentityAssertionAttributeMapper available in weblogic 9.2.3 ? -
JavaScript is required. Enable JavaScript to use OAM Server.
I want to open an Excel spread sheet stored in a Webdav server using OAM (Oracle Authentication).
It works fine on every PC or Mac having Excel 2010, 2013, but it doesn't work in Excel 2007.
In Excel 2007 always gives the error "JavaScript is required. Enable JavaScript to use OAM Server.", so I cannot distribute the file.
The system with Excel 2007 has the Activex scripting enabled but I cannot discover how to open the file without the error.
Any help is appreciated.Hi,
We had a customer that ran into the same exact issue and symptoms described in this thread. The issues occurred after some upgrades were made to their browsers. Our customer was using Forms/Reports 11.1.2.1 (11gR2), and OAM (11.1.1.5). I'm not sure what version of OAM you are currently using?
The issue was caused by a bug in OAM 11.1.1.5. The problem is exactly as pbell was explaining. By looking at the failed HTML/Javascript code generated by OAM - it was just poorly generated code by OAM. However, Install Bundle Patch 2 (BP02) onto OAM and you'll be fine! This updates your OAM to version 11.1.1.5.2.
Oracle Support documents on the issue and bug:
- There is a Oracle Support article describing the issue: 1447194.1
- Oracle Support Bug Number: 13254371
To fix the issue:
- Apply OAM Patch: 13115859. Its a generic patch that will work on any environment type.
- If you use WebGates for your deployment, look into install patch 13453929 as well
I wrote an article on how to install the patch: http://pitss.com/us/2013/04/04/oam-error-enable-javascript-to-use-oam-server/
I hope this helps!
Thank you,
Gavin
Edited by: GavinWoods on Apr 5, 2013 9:29 AM -
As I mentioned in subject, I am just wondering Whether the java component (Not
ejb, not servlet) can be deployed in App Server and get the services provided
by App Server or not?Nevermind folks - I got it to work. All my configuration was correct; I had other issues with the ejb-jar file that the verifier informed me of (my previous deployments were with the verifier turned-off).
-
How can I find out "Global Access Protocol Pass phrase" for OAM server ?
I'm configuraing Access gate using configureAccessGate command to integrate OIF with OAM.
The OAM is working in "simple" transport mode. since it was not me installed OAM, I do not know what "Global Access Protocol Pass phrase" is.
I need this to answer question to configure access gate. How can I find out the "Global Access Protocol Pass phrase" set for OAM server?
ThanksHi ITBobbyP,
SSIS has a built in FTP task, while this only works for the FTP protocol, it doesn’t support SFTP. But there are some free clients like WinSCP and
SSIS SFTP Task Control Flow Component
available in the CodePlex which can invoked from SSIS.
References:
SSIS SFTP Task Control Flow Component approach
WinSCP approach
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
Which versions of Microsoft exchange server supports Exchange OLE DB Provider (ExOLEDB)
Hi everyone,
Can anyone tell me which versions of Microsoft exchange server supports Exchange OLE DB Provider (ExOLEDB)? Is Exchange server 2007, 2010 and 2013 support it?
ThanksExchange OLE DB was removed from Exchange Server 2010 in Jan 2010. So, it is only available with Exchange
2007, 2003 and 2000. You can visit http://blogs.msdn.com/b/deva/archive/2010/01/13/update-technologies-not-available-with-exchange-2010-their-migration-reference-s.aspx
for more info. -
OAM Error : Enable JavaScript to use OAM Server.
Hi Friends,
I see following script when I try to access a resource protected using OAM in Mozillla and Safari browsers.
<body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript>The same configuration works with IE.
Could you please help me understand if any patch need to be applied to OAM or if I am missing something in the configurations?
Note: We are using OAM 11.1.1.5.0 to protect webcenter 11.1.1.5.0.
Thanks,
Sachin
Edited by: 873687 on Feb 3, 2012 2:54 AMHi,
We had a customer that ran into the same exact issue and symptoms described in this thread. The issues occurred after some upgrades were made to browsers and java. Our customer was using Forms/Reports 11.1.2.1 (11gR2), OAM/OID (11.1.1.5) and mod_osso for the Forms-OAM integration.
The issue was caused by a bug in OAM 11.1.1.5. The problem is when OAM authentication occurs, it does some web directs within it's internal java code. The HTML/JavaScript it tries to execute fails only in Chrome/Firefox. Applying the patch, supposedly fixes that faulty HTML/Javascript generated by OAM.
Oracle Support documents on the issue and bug:
- There is a Oracle Support article describing the issue: 1447194.1
- Oracle Support Bug Number: 13254371
To fix the issue:
- Apply OAM Patch: 13115859. Its a generic patch that will work on any environment type.
- If you use WebGates for your application, check out patch 13453929
I wrote an article on how to install the patch: http://pitss.com/us/2013/04/04/oam-error-enable-javascript-to-use-oam-server/
I hope this helps!
Thank you,
Gavin -
Hi All,
This is my first post to ms exchange forum am getting Log onto incoming mail server (POP3): Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator
or Internet service provider (ISP) for additional assistance. in my outlook clients, till last Sunday (12.04.15) my exchange was well & good, Monday morning suddenly the problem started like none of our outlook pop3 clients are able to communicate
with exchange (rest IMAP, SMTP & Exchange accounts are working fine). i have tried with all port no but no luck. please help me to get raid of this one.
Exchange 2013 CU6 with server 2012 Std 64Bit
Thanks,
MuraliDear All,
I have found the solution for above problem, the problem has occur due to PopProxy inactivity
please find relevant exchange management shell commends below.
1. Get-ServerComponentstate -Identity <yourmailserver.com>
Server Component State
yourmailserver.com ServerWideOffline Active
yourmailserver.com HubTransport Active
yourmailserver.com FrontendTransport Active
yourmailserver.com Monitoring Active
yourmailserver.com RecoveryActionsEnabled Active
yourmailserver.com AutoDiscoverProxy Active
yourmailserver.com ActiveSyncProxy Active
yourmailserver.com EcpProxy Active
yourmailserver.com EwsProxy Active
yourmailserver.com ImapProxy Active
yourmailserver.com OabProxy Active
yourmailserver.com OwaProxy Active
yourmailserver.com PopProxy Inactive
yourmailserver.com PushNotificationsProxy Active
yourmailserver.com RpsProxy Active
yourmailserver.com RwsProxy Active
yourmailserver.com RpcProxy Active
yourmailserver.com UMCallRouter Active
yourmailserver.com XropProxy Active
yourmailserver.com HttpProxyAvailabilityGroup Active
yourmailserver.com ForwardSyncDaemon Active
yourmailserver.com ProvisioningRps Active
yourmailserver.com MapiProxy Active
yourmailserver.com EdgeTransport Active
yourmailserver.com HighAvailability Active
yourmailserver.com SharedCache Active
2. Set-ServerComponentState -Identity <yourmailserver.com> -Component PopProxy -Requester HealthAPI
-State Active
3. Get-ServerComponentstate -Identity <yourmailserver.com>
Server Component State
yourmailserver.com ServerWideOffline Active
yourmailserver.com HubTransport Active
yourmailserver.com FrontendTransport Active
yourmailserver.com Monitoring Active
yourmailserver.com RecoveryActionsEnabled Active
yourmailserver.com AutoDiscoverProxy Active
yourmailserver.com ActiveSyncProxy Active
yourmailserver.com EcpProxy Active
yourmailserver.com EwsProxy Active
yourmailserver.com ImapProxy Active
yourmailserver.com OabProxy Active
yourmailserver.com OwaProxy Active
yourmailserver.com PopProxy Active
yourmailserver.com PushNotificationsProxy Active
yourmailserver.com RpsProxy Active
yourmailserver.com RwsProxy Active
yourmailserver.com RpcProxy Active
yourmailserver.com UMCallRouter Active
yourmailserver.com XropProxy Active
yourmailserver.com HttpProxyAvailabilityGroup Active
yourmailserver.com ForwardSyncDaemon Active
yourmailserver.com ProvisioningRps Active
yourmailserver.com MapiProxy Active
yourmailserver.com EdgeTransport Active
yourmailserver.com HighAvailability Active
yourmailserver.com SharedCache Activ
Replace yourmailserver.com with your server host name.
Thanks -
IIS Webgate losing connection to OAM server with query string in URI
Hi,
We have a Windows 2008 server with IIS 7/7.5 and the OAM 10.1.4.3 webgate installed on it, and are having a problem where it appears that during the processing of a request, the webgate is getting an ErrEngineDown (i.e., the webgate thinks that it's lost connection to the OAM server).
We have a number of similarly configured IIS servers + webgates that work fine, but this problem is only occurring on one of the IIS servers, AND it appears that this only happens when the URI being requested includes a query string.
When this happens, we see the following in the webgate oblog.log file:
2012/10/08@16:45:10.244000 3148 2928 CONN_MGMT DEBUG1 0x00000201 ..\src\aaa_service_client.cpp:935 "Simulating engine down reply"
and:
2012/10/08@16:45:10.244000 3148 3220 WEB TRACE 0x00000203 ..\src\iis_filt_info.cpp:554 "Function entered" _TraceName^ObIISFiltPreprocHdrs::RedirectTo redirectUrl^/access/oblix/apps/webgate/bin/webgate.dll?status%253D500%2520errmsg%253DErrEngineDown
and:
2012/10/08@16:45:10.244000 3148 3220 ACCESS_CLIENT DEBUG3 0x00000201 ..\src\aaa_service_client.cpp:3359 "ObAAAServiceClient::DecNumActiveReferences" _numActiveReferences^0 AAA Client Address^0x02139730
2012/10/08@16:45:10.244000 3148 3220 ACCESS_SDK ERROR 0x00000501 ..\src\obuser_session.cpp:1564 "ObError exception caught" raw_code^124
We've confirmed that the IIS server connectivity to the OAM server is fine.
When they test, they get the OAM FORM login page, then then enter the username and password, and then the browser shows an "Oracle Access Manager Operation Error" webpage (which probably corresponds to that "ErrEnginedown".
The puzzling thing is why this would happen but only if the URI includes a query string. Also, as I mentioned, we are only seeing this problem with one IIS server (+webgate).
We have an SR with Oracle, but that hasn't made much progress, so I was wondering if anyone has encountered something like this?
Thanks,
JimHi,
It turned out that there were some application errors that were occurring and when those were fixed, this problem disappeared. We don't control the IIS application, so we're not 100% what the problems were.
Jim -
Can J2EE act as SAML identity provider?
Hi all,
I've been going through the various documents and help files and found contradicting and confusing info. So can anyone tell me: do I have to use a 3rd party component to enable SSO to EP based on SAML or to able server-to-server authentication from EP to another IIS based site?
Are the following components enough?
1. Active directory (any version required)
2. EP (any version required)
3. IIS/MOS (any version required)
Thanks,
EricAs of SAP IdM 7.20 (which runs as a component on the SAP Java Application Server) SAML 2.0 as identity provider is supported.
So it is not just any SAP J2EE system (e.g. EP) and also not all releases.
I was also disappointed by this
Cheers,
Julius -
Hi all,
As WAS6.0 acts as a Serice Provider only for SAML, what are the free Identity Providers that I can use to implement Single Sign-On in WAS. From where can I get these free external products/servers?As of SAP IdM 7.20 (which runs as a component on the SAP Java Application Server) SAML 2.0 as identity provider is supported.
So it is not just any SAP J2EE system (e.g. EP) and also not all releases.
I was also disappointed by this
Cheers,
Julius -
How to Protect two Apps running on two different Hosts using same OAM serve
Hi All,
I am new to OAM. I am trying to configure SSO for an Application using OAM 11g server which is already protecting another Application(Oracle EBS) on a different host.
Oracle EBS application uses the Oracle EBS Access Gate to collect the credentials.
Now what should I do to protect the second application say APP2. Should I require to install a new OHS instance and new Webgate for this purpose ? or can i use the one already used by EBS application ?
Please reply me soon
Thanks,
PrabhuYou may use the same OHS instance by creating additional reverse proxy filter for your application 2.
Or create another instance of OHS and configure webgate, OAM policies for your application 2.
All the applications configured with OAM will be configured for single sign on and no special configuration needs to be done.
Here are my comments to your questions:
1) Can you tell me why we should have different OHS and Webgate to protect the 2nd application ?
- As per best practices, you should have different OHS instances (+webgate) for different applications. But you may also configure the same OHS for multiple applications.
2) If we have different OHS and Webgate, then the same OAM session will be shared between the applications ? Basically the user will navigate from the first application to the second application by clicking a link on the first application's page. Will the OAM_REMOTE_USER header be passed on to the second application in this case?
- Yes, if you have different OHS and Webgate, then the same OAM session will be shared between the applications.
To pass the header variables to any application, add the variables in the application's OAM authorization policy responses.
3) By default OAM 11.1.1.3 sets the userid to the OAM_REMOTE_USER? or we should manually set a response header ?
- To be on a safer side, set this header on the authz policy's response tab and put the vallue as $user.userid -
Can I use a Windows Server as my Push Notification provider?
I tried doing a search, but couldn't find an answer to this...
I would assume the answer to be yes, but just wondering if anyone has tried, or sees any reason why a windows server couldn't be used as a "Provider" to send push notifications through Apple's Push Notification Service? It seems that as long as I could install the SSL certificate on the provider, I should be able to connect...
thanks in advance!You can create a shared folder on your PC, and access that folder over the network from your Mac.
-
Forms server 6i as a portlet provider, can we ?
Can we register the appliation generated from a Forms Server 6i, as External provider and put the url that we put in the Browser - to run the first form- and put as the login url in the Login server 'Add an External Application' Dialog,and put the user credentials in the username , password fields , and if the user credentials changes over time , he will be prompted to update his credentials regarding this application. Did anyone have tested this scenario ? and if we can, do I need to do the rendering by myself using the JPDK classes for rendering and write my own authentication API ?
Regards
Amr El Magayry
nullHi,
Maybe you should install new Windows Server 2012 RDS CALs on the Windows Server 2008 R2 to achieve the target. Please refer to the following thread to see if it helps.
Can we use Windows Server 2012 RDS CAL license in RDS 2008 R2 Server
http://social.technet.microsoft.com/Forums/en-US/6046ded1-96bf-4d79-89ce-38aac2a6694e/can-we-use-windows-server-2012-rds-cal-license-in-rds-2008-r2-server?forum=winserverTS
Best Regards,
Andy Qi
Andy Qi
TechNet Community Support
Maybe you are looking for
-
my in-laws share one apple id for two separate iPhones. They would like to create a new ID for one of the users but maintain his current backup. can this be done?
-
How to make the report shows only top level steps
HI, I use many subsequences in my tests. I have no interest to see them in the report. How can I force the report to show only top level steps? Thanks Rafi
-
Using copy express for user settings
I am in the process of setting up 10 company databases on one system. The same users will have access to all of the databases (over 100 users). We have laboriously entered form settings for every possible form under the manager user in one of the d
-
Background processing in CIFING/mass processing while CIFING
can anyone tell me what are the settings/steps to perform CIF in background? how to do mass processing while CIFING ? as I have to cif some lacs of ppms what is the feasible option to save time? thanks in advance. regards andy
-
How to Remove Default Application
Can anyone tell me how to remove a default application that opens a certain file? I'd like OS X to prompt me to choose which application to use each time a certain new file is opened. It seems once you've set a default application it does not allow y