Novell Access Manager Integration

Similar Messages

• Novell Access Manager J2EE Agent Installation

  First post and first time attempting to install NETIQ unto my desktop. I'm a little confused as to the section of "Novell Access Manager J2EE Agent Installation" and what to enter for my Admin Console IP Address, username, password, & Application Server IP Address?... I'm not sure as to where to get this information from,..so if anyone could assist me, I'd greatly appreciate it very much, thanks in advance.

  kpjones76,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• OWSM: Setting up SAML token verification with Novell Access manager

  Hello,
  We are trying to set-up communication between an OWSM gateway and a Novell Accces Manager to do the following:
  All requests to our services should be secured using Web Services Security SAML Token Profile 1.0. OWSM will validate this token using the SAML – Verify WSS 1.0 Token step. The assertion will be issued by a Novell Access Manager. Are we right that OWSM needs to communicate with the Novell Access Manager for this? In that case Novell requires us to deliver metadata to establish a trust relation between the Identity Provider (Novell) and the Service Provider (OWSM). This metadata should look something like this:
  odysseus:/var/opt/novell/tomcat4/webapps/nidp # cat application.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE application PUBLIC '-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN' 'http://java.sun.com/j2ee/dtds/application_1_2.dtd'>
  <application>
  <display-name>NIDPJ2EEApp</display-name>
  <description>Novell Identity Provider</description>
  <module>
  <web>
  <web-uri>nidp.war</web-uri>
  <context-root>nidp</context-root>
  </web>
  </module>
  </application>
  However I cannot find anything on this in the OWSM documentation.

  To answer my own question. We found 4 application.xml files which seem to contain the metadata in the folders ccore, coreman, gateway and policymanager of $AS_HOME/owsm/config/.

• Urgent help requested: Access Manager integration with BEA Portal

  We're using Access Manager 7.1 and Policy Agent 2.2 to authenticate users for our BEA WL Portal 10 which contains all of our content and applications. The portal contains both anonymous pages and protected pages (for registered users).
  Problem: When an anonymous user who is going through a multi-step application flow decides to sign-in to their account (or sign-up) Policy Agent wipes out the current content of the user session, and creates a brand new user session after the user is authenticated. Therefore we cannot send the user back to the same spot in the portal where they were before signing-in.
  Is there anyway to make Policy Agent preserve the content and state of http session when authenticating a user?
  We have a business requirement to allow users to continue their application process after successfully signing in.
  Thanks in advance.

  Hi,
  I think this problem is not just related to weblogic 10 agent, it is a general problem for any agents.
  Can you please clarify what you mean by "anonymous user "? Do you mean that this user has never logged in to Access Manager, and is just browsing the site as an anonymous user, or do you have a role specified as "anonymous user " that they are currently logged into when browsing the site?
  thx,
  Sean

• LifeRay Poratl & Oracle Access Manager Integration

  Hi All
  Am trying to integrate LifeRay Portal with Oracle Access Manager to provide SSO. Steps I done is Created Proxy (Required) to the application with Apache Web Server and installed Apache Web Gate on it to protect the proxy. Now I need help to configure Portal to enable SSO and Authentication with LDAP Users Customization. Any one Please try to help me in this issue please
  Version of LifeRay : 6.0.6
  Oracle Access Manager : 10g (10.1.4.3.0)

  Have you provided all the hostname and port combinations in the Host Identifier?
  What have you configured as Preferred Host in webgate configuration? What is configured in the Host Identifier?
  ~Yagnesh

• Oracle Access Manager integration with Siebel issue

  Currently facing a technical issue with integrating OAM with Siebel. Attached below are some details.
  1. Trying to protect the .html file through OAM.
  2. Created Application Domain, User identity store as AD
  3. Enabled the 10gWebgate Agent as OAM agent
  4.Created Host Identifier
  5.Created own Authentication Scheme for AD
  6.Created Protected Resource Policy and configured Authentication Scheme.
  We are unable to protect the resource : ResOpNotProtected error is seen.
  Thanks in Advance

  Have you provided all the hostname and port combinations in the Host Identifier?
  What have you configured as Preferred Host in webgate configuration? What is configured in the Host Identifier?
  ~Yagnesh

• User ID not found in credentials / Sun Access Manager integration.

  Hi all,
  I've got SSO mostly working between AM 7.1 and IDM 7.1.0.
  However, if the IM user I'm attempting to log in as is a user in an organization, rather than just being a member of 'Top' in IM, then the login fails (eg, load of /idm/user/login.jsp), with the error message "User ID not found in credentials".
  Users who have an AM realm resource account and are in the Top organization work just fine; users further down the tree don't.
  I'm trying to trace through the IM source (reverse engineered) and so forth, but not having much luck. Before I raise a support case on this, has anyone else seen this problem?
  Thanks,
  Michael.

  The answer, if anyone is experiencing the same problem, is that it turned out to be the identity policy established for the users, which had "enforce password policy on login"; an exception was thrown, "Too few user supplied questions provided and answered based on the configured minimum of 5"; this was caught somehow and rethrown as "An account ID must be specified"; this was further recaught and rethrown as "User ID not found in credentials".
  Highly confusing.

• CPO Automation with Novell iManager/Access Manager

  Hi,
  Has anybody integrated CPO with Novell iManager. I am looking for the following info:
  Automation of Policy/LDAP Rule creation, Enabling the policy on the Identity servers and finally deploying the policy with vlan info on the SSL VPN servers.
  Information on web services would help but currently the implementation doesn't involve web services but the traditional login/form submission.
  I completed the Policy/LDAP rule creation and the SSL deployment but enabling of the Policies on the Identity servers is not straightforward.
  Any information on both (web services and non web services) would help.
  Thanks

  There is not really a correct forum for this question, but I would
  recommend ensuring that the DLU policy is configured to use "User Source
  Credentials".
  At that point, there is nothing more ZCM can do.
  You would need to write Windows Code that would accept Pass-Through
  Authentication from Windows to your Website.
  I would have no idea on how to do that and it would definitely require
  you to write code for your website.
  You may want to try the MS Programming Forums to learn how to get a
  Website to automatically accept the logged on Windows User credentials.
  If you want to avoid programming, you can look at other prodcuts such
  as: http://www.novell.com/products/securelogin/
  However, the questions need to be asked there since ZCM is not a
  Single-Signon Product.
  On 2/7/2012 10:26 PM, David Main wrote:
  >
  > Hi, we are building our new Standard Desktop using Win7 and ZCM11.
  >
  > We have Novell Vibe as our Intranet, and this is behind Novell Access
  > Manager for Internal& External Access (the Only way possible with VIBE
  > and NAM).
  >
  > We would like to build a ZCM Bundle that Launches the default browser t
  > the Intranet http address AND passes the logged user ID and password and
  > logs in, so seamless Login.
  >
  > We are using Dynamic Local User and ZCM Agent of course, so we know who
  > is logged in, how can we use that to take away the webpage login.
  >
  > This would also be used on other websites where a common ID and
  > password exist, ie LDAP.
  >
  > Regards
  > David
  >
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.

• Oracle Access Manager - Identity Injectors

  Hello,
  One of my customer has a critical requirement for Oracle Access Manager.
  At present they are using Novell Access Manager
  With Novell Access Manager they are able to create custom headers with information pulled from LDAP.
  such as x-employeeName=Jason
  Example :
  Some Web applications require more than a name and a value to be injected into the custom header.
  Sometimes they require a custom name, a tag, and a value. Sometimes the application requires a
  custom name with multiple tags and values. The Inject into Custom Header with Tags option
  provides you with the flexibility to add such values to the custom header. For example, your
  application could be expecting the following custom header with tag:
  X-Custom_Role Role=Manager
  You can inject this information by setting the Custom Header Name to X-Custom, the Tag Name to
  Role, and the Tag Value to Manager. The value can be set as a static variable or you can retrieve it
  from various sources such as a Liberty User Profile attribute or the roles assigned to the current user.
  Thanks,
  Ram

  Hi
  Thanks for your reply.
  Can you explain me in steps how it can be achieved in OAM 11g?
  Thanks,
  Ram

• Oracle Identity and Access Management Suite Plus Integration with Oracle ADF

  Hi All,
  Kindly advice if Oracle Identity and Access Management Suite Plus can be integrated with Oracle ADF based applications to manage the end-to-end lifecycle of user accounts specifically addressing to roles/priviledges and security.
  Request you to share links to documentation where I can study the steps to integrate both the frameworks.
  Looking forward to hear from you soon.
  Best Regards,
  Ankit Gupta 

  Hi Sébastien,
  I came across the below link for the required integrations -
  Oracle&amp;reg; Fusion Middleware Installation Guide for Oracle Identity and Access Management 11g Release 2 (11.1.2) - …
  Oracle&amp;reg; Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 11g Release 2 (11.1.2) - Co…
  Best Regards,
  Ankit Gupta

• Integrating Oracle EBS R12 with Oracle Access Manager 11g

  Hi Everyone ,
  Oracle Access Manager version 11.1.1.5
  Oracle Identity Management 11.1.1.6.0
  Oracle Access Manager WebGate 11.1.1.5
  Oracle E-Business Suite AccessGate patch p12796012
  Apps Version : 12.1.1
  DB Version 11.2.0.3
  PLatform : OEL 5.8
  We are trying to Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11g using Oracle E-Business Suite AccessGate.We followed metalink id's
  1309013.1 and 1543803.1 and some other documents.We have performed every step as documented , and everything seems to work fine untill user tries to log out from Oracle Applications i.e User
  is able to login to Oracle Applications through access gate and everything is working fine. But as user click logout button an error messsage is diplayed like "*500*
  *Internal Server Error Servlet error: An exception occured* " (The url at the time of this message is http://hostname:port/OA_HTML/AppsLogout ).
  Apps Tier (oacore) Application log:-
  +13/05/15 19:04:20.229 html: Servlet error+
  java.lang.NoSuchMethodError: oracle.apps.fnd.sso.SSOManager.getAuthAgentLogoutUrl(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
  at oracle.apps.fnd.sso.AppsLogoutRedirect.doGet(AppsLogoutRedirect.java:193)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)+
  at oracle.apps.jtf.base.session.ReleaseResFilter.doFilter(ReleaseResFilter.java:26)
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:15)+
  at oracle.apps.fnd.security.AppsServletFilter.doFilter(AppsServletFilter.java:318)
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)+
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)+
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)+
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)+
  Apps Tier Apache Error log :-
  +[Wed May 15 18:50:52 2013] [error] [client 192.168.0.2] [ecid: 1368624052:192.168.0.61:10798:0:44,0] File does not exist: /u01/eBiZR12/apps/apps_st/comn/java/classes//+
  WE have set all required profile in Oracle Application as directed in documents , and users are able to login just fine , but they are not able to logout.
  IS there something that we are missing , any help is highly appreciated.
  Regards
  Edited by: TheKop88 on May 16, 2013 11:39 AM

  Hi there ,
  Thanks for reply ,
  We had already gone through that document earlier. We noticed that when Apllication Profile "*Apllications SSO Type* " is set to SSWA then OA_HTML/AppsLogout is
  working fine , but when we set "*Applications SSO Type*" to SSWA w/SSO then OA_HTML/AppsLogout is not working(not redirecting) .Error thrown on web browser is "+500 Internal Server Error Servlet error: An exception occurred. The current application deployment descriptors do not allow for including it in this response+" . we believe that we might have missed some Profile settings that is causing this error.
  Regards
  Edited by: TheKop88 on May 16, 2013 12:03 PM
  Edited by: TheKop88 on May 16, 2013 12:07 PM

• Oracle Access Manager, ADAM & UCM integration? Help please..

  I`m currently investigating the potential of using Oracle Access Manager (OAM) as a tool that allows connections to multiple Active Directory(AD) or ADAM servers providing a single point to author and manage users with a good easy to use GUI.
  The UCM will connect directly to OAM and authenticate users connecting from AD accounts..
  At the moment we use Quest software to manage users, but the cost for setting up users is £15/user where as OAM is only £3. I believe..
  Right the questions I have :)
  1. Has any one set this type of environment up?
  2. ls OAM stand alone or will I need additional software to set it up?
  Reading the installation guide it says I need the following:
  # Oracle Internet Directory 10g (10.1.4.0.1)
  # Microsoft Active Directory
  # Oracle Virtual Directory Server 10.1.4.0.1
  # Oracle Virtual Directory Manager 10.1.4.0.1
  # Oracle Virtual Directory Patch 10.1.4.0.1 (P5667977)
  # Stand-alone Oracle HTTP Server 2.x (This needs to be preinstalled in your environment. You can download the OHS 2.x standalone from the Oracle SOA Suite 10g Companion (10.1.3.1.0) release from here.)
  3. Can I use IIS instead of Oracle HTTP Server?
  4. Can I install OAM on 1 server or do I need multiple servers, I`v been looking at the diagrams and reading through the guides I`m getting a little confused with Identity and Access server?

  Hi,
  Have you got information reg UCM & OAM integration?
  Could you please help me with the integration guide?
  Regards,
  Ashish

• Integration of sun identity manager with sun access manager

  Hi i am working on integration of sun identity manager 6.0 with SP1 and sun access manager7.0.IDM was deployed on Sun application server 8.1.SAm is installed on SunOneWebserver i am working on windows 2003 server.I downloaded the agent for the application server and installed.
  when i am configuring resource in IDM i am getting following error.
  testconnection failed for resource(s):
  sun access manager could notconnect as user 'amadmin' with specified password==>com.sun.identity.authentication.spi.AuthLoginException:failed to create new AuthenticationContext{0}\n.
  i modified amagent.properties,amconfig.properties and web.xml also
  can any one help me on this.

  Hi i am working on integration of sun identity manager 6.0 with SP1 and sun access manager7.0.IDM was deployed on Sun application server 8.1.SAm is installed on SunOneWebserver i am working on windows 2003 server.I downloaded the agent for the application server and installed.
  when i am configuring resource in IDM i am getting following error.
  testconnection failed for resource(s):
  sun access manager could notconnect as user 'amadmin' with specified password==>com.sun.identity.authentication.spi.AuthLoginException:failed to create new AuthenticationContext{0}\n.
  i modified amagent.properties,amconfig.properties and web.xml also
  can any one help me on this.

• Siebel Integration with SUN Access Manager

  Hi Guys,
  We are trying to integrate siebel with Sun access Manager.
  I have gone thro the sun site but unable to find any documentation and policy agent to download.
  Please guide me where can i find documenttaion and policy agent software download.
  Thanks
  Regards,
  Mohit

  There is no agent to integrate with Siebel directly. However it should be possible by using Sun web server or IIS agent. Here is an old document that may still apply.
  http://docs.sun.com/source/816-6901-10/Chapter.html#wp19548
  There was more detailed integration document on Siebel web site. But it has been removed after Oracle acquisition (http://www.siebel.com/partners/portal/docs/integrationbriefs/siebel77_sjsam_tib.pdf)
  thanks,
  shivaram

• Hyperion integration with Tivoli Access Manager

  Hello All:
  Does Hyperion supports using pre-authenticated users from IBM Tivoli Access Manager. Please can you point me to any documentation explaining the integration procedure.
  TIA.

  Suggest you read sections 2,3,4 of the below document:
  http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/hyp_security_guide.pdf
  It doesn't come out and say that this type of agent is supported -- you can potentially log a case with Oracle and they may be able to answer you however as it's not documented I would suggest it's not supported.
  If you decided to go forward with this then you need to find someone else who is using it successfully and ask them how it is working out.
  Presuming they didn't change too much from 9.3.1 to 11.1 (9.5) then you will find many many issues with SSO working.
  IT saving a user a login box or two and making the application non-usable just isn't a good direction to go.
  John