Oam 11g r2 Access Client error
Hi guys,
I am trying to create an AccessClient based on section 2.2.3 Sample Code: Simple Access Client of following..
http://docs.oracle.com/cd/E27559_01/dev.1112/e27134/as_api.htm#BGBCEHCI
the code successfully initialized AccessSDK but giving following error
======
Jul 7, 2013 2:54:58 PM oracle.security.am.asdk.ResourceRequest isProtected
SEVERE: Unknown exception.
Access Exception: OAMAGENT-02071
Process exited with exit code 0.
===========
how can we clear this issue...
Regards,
jdev
Hi colin,
thanks for the reply..
I am using oam 11g r2 and i did following,
1.successfully configured an OAM 10GAgent with remote registration with '/**' as protected resource.
2.created java project in jdeveloper.
3.Added all the jars in the project by setting libray and class path.
4.copied the OBAccessClient.xml to developemt system folder D:\softwares\11gR2\OAMSDK's\RREG10G_OAM\oblix\lib.
5.copied JAccessClient.java and did follwing modifications..
public static final String m_configLocation = "D:\softwares\11gR2\OAMSDK's\RREG10G_OAM"
6.kept the following as it is
ac = AccessClient.createDefaultInstance(m_configLocation,AccessClient.CompatibilityMode.OAM_10G);
7.Observed the OAM SDK initialization is successful,
8.Observed that acessclient and resources request objects are not null by adding following in the class file,
System.out.println(ac) gives oracle.security.am.asdk.AccessClient@17f409c
as output
System.out.println(rrq) gives oracle.security.am.asdk.ResourceRequest@facf0b
as output
Following is OBAccessClient.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CompoundList xmlns="http://www.oblix.com">
<SimpleList>
<NameValPair ParamName="id" Value="RREG10G_OAM"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="debug" Value="false"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="security" Value="open"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="state" Value="Enabled"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="preferredHost" Value="RREG10G_HostId"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="maxCacheElems" Value="100000"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="cacheTimeout" Value="1800"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="maxSessionTime" Value="3600"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="maxConnections" Value="1"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="failoverThreshold" Value="1"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="aaaTimeoutThreshold" Value="-1"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="sleepFor" Value="60"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="denyOnNotProtected" Value="1"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="cachePragmaHeader" Value="no-cache"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="cacheControlHeader" Value="no-cache"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="ipValidation" Value="0"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="accessClientPasswd" Value=""/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="cookieSessionTime" Value="0"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="idleSessionTimeout" Value="3600"/>
</SimpleList>
<SimpleList>
<NameValPair ParamName="primaryCookieDomain" Value=".mycompany.com"/>
</SimpleList>
<ValList ListName="logOutUrls">
<ValListMember Value="/oamsso/logout.html"/>
</ValList>
<ValList ListName="primary_server_list">
<ValListMember Value="primaryServer1"/>
</ValList>
<ValNameList ListName="primaryServer1">
<NameValPair ParamName="host" Value="oamserver.mycompany.com"/>
<NameValPair ParamName="port" Value="5575"/>
<NameValPair ParamName="numOfConnections" Value="1"/>
</ValNameList>
<ValList ListName="proxySSLHeaderVar">
<ValListMember Value="IS_SSL"/>
</ValList>
<ValList ListName="URLInUTF8Format">
<ValListMember Value="true"/>
</ValList>
<ValList ListName="client_request_retry_attempts">
<ValListMember Value="1"/>
</ValList>
<ValList ListName="inactiveReconfigPeriod">
<ValListMember Value="10"/>
</ValList>
</CompoundList>
==============================
Please let me know the way which i did is correct or not...
Regards,
Jdev
Similar Messages
-
Self registration error in OIM-OID-OAM 11g
Hi,
We are using OIM,OID,OAM 11G,in clustering mode.We are facing a problem on self registration process.
For every alternate self registration request,system is throwing an error.After the self register user request has got approveod,I have checked the request status in 'advanced' panel its saying ; " IAM-3051103:The create operation on user entity failed in action stage.:"
This is really a big mysterious thing to me,1st self registration was successful,2nd was throwing an error , again 3rd was success ,4th was failure , 5th was success and 6th was failure.
Below is the corresponding error message in log file for the failed request.
<Mar 21, 2011 2:22:30 PM CDT> <Error> <oracle.iam.identity.usermgmt.impl.handlers.create> <IAM-3051103> <The create operation on user entity failed in action stage.
oracle.iam.platform.entitymgr.MissingRequiredAttributeException: [act_key]
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.checkRequired(EntityManagerImpl.java:1448)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:261)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:237)
at oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler.execute(CreateUserActionHandler.java:141)
at oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler.execute(CreateUserActionHandler.java:68)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
at $Proxy235.execute(Unknown Source)
at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1028)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:637)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:220)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy428.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 21, 2011 2:22:30 PM CDT> <Error> <oracle.iam.platform.entitymgr.provider.ldap> <IAM-0042004> <An error occurred while un-reserving the user in LDAP, and the corresponding error is - java.lang.NullPointerException>
<Mar 21, 2011 2:22:30 PM CDT> <Warning> <oracle.iam.identity.usermgmt.impl.handlers.create> <BEA-000000> <null>
Any help would be really appreciated.
Thanks.Hi,
I am assuming in clustered environment you are having two instances running.
It must be an issue with a single server,,because the problem is intermittent.
To see which server is causing problem....just perform the following steps:
1) Stop server1 and keep running server2..and fire new registration request...
2) stop server 2..and keep running server1.....and fire new registration request.
Using above, atleast you can see which server is causing the problem...
Regards,
J
Edited by: J_IDM on Mar 21, 2011 10:52 PM -
OAM 11g: Error while importing Custom Authentication Plug-in.
We are trying to create a sample custom authentication plugin in OAM 11g as per the 11.1.1.5.0 doc.
But while trying to import the plugin via oamconsole (system configuration->Plugins->Import Plugin) we receive an error "Invalid XML Structure".
Do we have to embed the XSD (XML Schema Definition) as well ?
-------------------------SamplePlugin.java-------------------------------------
import oracle.security.am.plugin.ExecutionStatus;
import oracle.security.am.plugin.MonitoringData;
import oracle.security.am.plugin.PluginConfig;
import oracle.security.am.plugin.authn.AuthenticationContext;
import oracle.security.am.plugin.authn.AuthenticationException;
import oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn;
import java.util.Map;
import java.util.logging.Level;
class SamplePlugin extends AbstractAuthenticationPlugIn {
private static final String CLASS_NAME = "FirstTestClass";
public ExecutionStatus initialize (PluginConfig config){
super.initialize(config);
if(LOGGER.isLoggable(Level.FINE)){
LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
return ExecutionStatus.SUCCESS;
@Override
public String getDescription() {
// TODO Auto-generated method stub
return null;
@Override
public Map<String, MonitoringData> getMonitoringData() {
// TODO Auto-generated method stub
return null;
@Override
public String getPluginName() {
// TODO Auto-generated method stub
return null;
@Override
public int getRevision() {
// TODO Auto-generated method stub
return 0;
@Override
public ExecutionStatus process(AuthenticationContext arg0)
throws AuthenticationException {
if(LOGGER.isLoggable(Level.FINE)){
LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
return ExecutionStatus.SUCCESS;
@Override
public void setMonitoringStatus(boolean arg0) {
// TODO Auto-generated method stub
@Override
public boolean getMonitoringStatus() {
// TODO Auto-generated method stub
return false;
-------------------------SamplePlugin.java-------------------------------------
------------------------SamplePlugin.xml--------------------------------
<?xml version="1.0" encoding="UTF-8" ?>
<Plugin name="SamplePlugin" type="Authentication">
<author>Self</author>
<email>[email protected]</email>
<creationDate>09:41:22, 2012-02-05</creationDate>
<version>1</version>
<description>SamplePlugin</description>
<interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
<implementation>SamplePlugin</implementation>
</Plugin>
------------------------SamplePlugin.xml--------------------------------
------------------------MANIFEST.MF--------------------------------
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.8.2
Bundle-Version: 1.0.0.qualifier
Bundle-Name: SamplePlugin
Bundle-Activator: SamplePlugin
Bundle-ManifestVersion: 2
Created-By: 1.6.0_24-b07 (Sun Microsystems Inc.)
Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.
plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,
oracle.security.am.common.utilities.principal,oracle.security.idm,jav
ax.naming,javax.sql,java.management,javax.security.auth
Bundle-SymbolicName: SamplePlugin
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
------------------------MANIFEST.MF--------------------------------
Contents of SamplePlugin.jar
1. SamplePlugin.xml
2. SamplePlugin.class
3. META-INF/
MANIFEST.MFI build the Plugin.jar file similarly as above(followed the same steps)..
But when i log into OAM and trying to import the plugin (System Configuration->Plugins- Import Plugin) the browser goes to hung state and i see below error in logs (domain log and in diag log)
I see the jar file created in this location (\Middleware\user_projects\domains\IAMdomain\oam\plugins)
Please let me know if you have any idea..Thanks!
####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803273> <BEA-000000> <ADFc: /WEB-INF/adfc-config.xml: >
####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803274> <ADFC-52024> <ADFc: Duplicate managed bean definition for 'accessCheck' detected.>
####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000402> <1330549803479> <ADF_FACES-60099> <The region component with id: pt1:_lar has detected a page fragment with multiple root components. Fragments with more than one root component may not display correctly in a region and may have a negative impact on performance. It is recommended that you restructure the page fragment to have a single root component.>
####<Feb 29, 2012 1:10:33 PM PST> <Error> <javax.enterprise.resource.webcontainer.jsf.application> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833253> <BEA-000000> <java.lang.NullPointerException
javax.faces.el.EvaluationException: java.lang.NullPointerException
at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:51)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190
####<Feb 29, 2012 1:10:33 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833316> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase INVOKE_APPLICATION 5
javax.faces.FacesException: #{FileProcessor.doUpload}: java.lang.NullPointerException
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
at oracle.adf.view.rich.component.rich.RichPopup$BroadcastContextCallback.invokeContextCallback(RichPopup.java:666)
at org.apache.myfaces.trinidad.component.UIXComponentBase.invokeOnComponent(UIXComponentBa
>
####<Feb 29, 2012 1:10:33 PM PST> <Error> <oracle.oam.admin.console.policy> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833361> <OAM-400016> <Failed to authenticate the user
javax.servlet.ServletException: java.lang.NullPointerException
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adf.view.rich.component.fragment.UIXRegion> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834008> <ADF_FACES-00009> <Error processing viewId: /plugin-taskflow/authplugins URI: /oracle/security/am/taskflows/authplugin.jsff actual-URI: /oracle/security/am/taskflows/authplugin.jsff.
javax.el.ELException: java.lang.NullPointerException
at javax.el.BeanELResolver.getValue(BeanELResolver.java:266)
at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)
at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper._encodeAll(PanelCollectionRenderer.java:728)
at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper.access$500(PanelCollectionRenderer.java:537)
at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer.encodeAll(PanelCollectionRenderer.java:402)
at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)
at org.apache.myfaces.trinidad.render.CoreRenderer.encodeEnd(CoreRenderer.java:335)
at org.apache.myfaces.trinidad.component.UIXComponentBase.encodeEnd(UIXComponentBase.java:767)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:937)
####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834020> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6
javax.faces.FacesException: javax.el.ELException: java.lang.NullPointerException
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:804)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:294)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:214) -
OAM 11g - Weblogic timeout error
Hi,
We have deployed OAM 11g on Weblogic 10.3.5. It was working file until thursday. After that we have only restarted the machine and the OAM console start responding very slow. We can see the following errors in logs as well.
+[2012-06-18T17:23:00.481+05:30] [AdminServer] [ERROR] [] [] [tid: PoolWatcher] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-0000000000000011,0] java.net.SocketTimeoutException: Read timed out+
+[2012-06-18T17:24:01.000+05:30] [AdminServer] [ERROR] [] [] [tid: PoolWatcher] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-0000000000000011,0] java.net.SocketTimeoutException: Read timed out+
+[2012-06-18T17:25:01.536+05:30] [AdminServer] [ERROR] [] [] [tid: PoolWatcher] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-0000000000000011,0] java.net.SocketTimeoutException: Read timed out+
+[2012-06-18T17:26:02.071+05:30] [AdminServer] [ERROR] [] [] [tid: PoolWatcher] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-0000000000000011,0] java.net.SocketTimeoutException: Read timed out++2012-06-18T17:27:00.496+05:30] [AdminServer] [ERROR] [] [] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-000000000000005b,0] [APP: oam_admin#11.1.1.3.0] java.net.SocketTimeoutException: Read timed out+
+[2012-06-18T17:27:00.496+05:30] [AdminServer] [ERROR] [] [] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-000000000000005b,0] [APP: oam_admin#11.1.1.3.0] Failed to communicate with any of configured Access Server, ensure that it is up and running.+
+[2012-06-18T17:27:00.700+05:30] [AdminServer] [NOTIFICATION] [OAMSSA-22005] [oracle.oam.diagnostic] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-000000000000005b,0] [APP: oam_admin#11.1.1.3.0] Number of collectors registered: "3".+
+[2012-06-18T17:27:00.700+05:30] [AdminServer] [NOTIFICATION] [OAMSSA-20032] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-000000000000005b,0] [APP: oam_admin#11.1.1.3.0] Finished constructing mediator.+
+[2012-06-18T17:27:00.700+05:30] [AdminServer] [NOTIFICATION] [OAMSSA-20002] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-000000000000005b,0] [APP: oam_admin#11.1.1.3.0] Diagnostic Engine Initialized.+
+[2012-06-18T17:27:00.715+05:30] [AdminServer] [NOTIFICATION] [] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-000000000000005b,0] [APP: oam_admin#11.1.1.3.0] resolved id store name : UserIdentityStore1+
Anybody have any clue where is the issue and what is the fix required. Thanks for all your help.From the logs it looks like OAM Managed Server is up, but AdminServer not. Just start it that should fix your problem. Otherwise provide us more information to help you.
I hope this helps,
Thiago Leoncio. -
Can't get OAM 11g Access Tester working
Hi,
I've been trying to get the Access Tester (oamtester.jar) from OAM 11g (11.1.1.3) working.
I can start the tester (java -jar oamtester.jar), but when I try to connect to the OAM server, I either get a "NAP initialization error" or a "challenge_failed"/mismatch error.
My OAM server is listening on the default port, 14100, and the OAM proxy is listening on 5575, and I've tried connecting to both ports, and get the different errors, depending on which port I try.
I've tried running the tester on the OAM server machine itself, from a different machine, etc., but get the same errors.
Can anyone tell me how I can get the tester to work?
Thanks,
JimHi,
I got the logging in the access tester, and here's what I get when I try to connect to the OAM server:
Nov 6, 2011 2:16:58 PM ObAAAServiceClient setHostPort
FINER: ENTRY
Nov 6, 2011 2:16:58 PM ObAAAServiceClient setHostPort
FINER: RETURN
Nov 6, 2011 2:16:58 PM ObAAAServiceClient setHostPort
FINER: ENTRY
Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.util.NAPLogger log
FINE: There are no entries in given access server list.
Nov 6, 2011 2:16:58 PM ObAAAServiceClient connect
FINER: ENTRY
Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl writeObMessage
FINE: OpCode = 13 [InitNAP], SeqNo = 0 Message = protocol=NAP version=4 oldest=1
Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl readMessage
FINE: Message received from Server: OpCode = 13 [InitNAP], SeqNo = 0 Message = protocol=NAP version=4 oldest=1
Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl writeObMessage
FINE: OpCode = 0 [ServerDiagnosticEvent], SeqNo = 0 Message = sts=open
Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl readMessage
FINE: Message received from Server: OpCode = 0 [ServerDiagnosticEvent], SeqNo = 0 Message = sts=open
Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl writeObMessage
FINE: OpCode = 14 [NAPAuthnChallengeReq], SeqNo = 0 Message = cm=apache1 challenge=f5d58bf93da2331c of=1
Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl readMessage
FINE: Message received from Server: OpCode = 14 [NAPAuthnChallengeReq], SeqNo = 0 Message = cm=AccessServerConfigProxy challenge=f5d58bf93da2331c st=ma%3d25%20mi%3d2%20sg%3d1 rt=1
Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObNap CreateChallengeResponse
FINEST: Created NAP challenge
Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl writeObMessage
FINE: OpCode = 15 [NAPAuthnChallengeResponse], SeqNo = 0 Message = response=2659cf320b28b197d027789ae069efe3
Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl readMessage
FINE: Message received from Server: OpCode = 15 [NAPAuthnChallengeResponse], SeqNo = 0 Message = st=ma%3d52%20mi%3d2%20sg%3d1 rt=0
Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelWrapper initNAP
SEVERE: Error in receiving hashed server challenge
Does anyone know why this is happening, and how to get around it?
Has anyone actually gotten the OAM 11g access tester to work with OAM 11g server via the OAM proxy (on port 5575)?
Thanks,
Jim -
OAM 11g throws error when user store is changed
We have OAM 11g integrated with OIF 11g as the SP. We need to change the OAM User store from OID to OVD. I added a new User store in the OAM console and set that as the default store. In the OAM console, under System Configuration -> Common Configuration -> Data Stores -> User Identity Stores, I added the OVD repository we want to use and set it as the default store. When I make this change in OAM data stores, OAM throws an error.
On the browser I see the error: System error. Please re-try your action. If you continue to get this error, please contact the Administrator.
In the OAM diagnostic logs, I see the following errors:
[2012-08-11T08:37:27.016-04:00] [oam_server1] [ERROR] [OAMSSA-20005] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Error initializing User/Role API : null.
[2012-08-11T08:37:27.021-04:00] [oam_server1] [WARNING] [OAMSSA-20007] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Unable to connect to the User Store. User Store may not be initialized : Error initializing User/Role API : null..
[2012-08-11T08:37:27.021-04:00] [oam_server1] [ERROR] [OAMSSA-12126] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Cannot assert the username from DAP token.
The user exists in OVD and appropriate attributes have been set.
Comparing the trace for the two, in the OID trace, I see a 302 for the URL at /oam/server/dap/cred_submit. In the OVD trace, I see a 200 for the same URL.
Following is a successful request when OID is set as the default user store:
GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0%7ENEVGMzBGMUJFRTdGRkM0NjQxREFFQn5GODdEQjFEMjczMjZCQjFCQTZEQTlDQTI5RDA3RTA0QTQ2OThEQzdEfjRCMDk0OUE1RjgyNjcwRkU2M0E3OTM5QjI1OTlCMzdEfmRiYzEzMDFiMWMxOTFiMDA5ZmM3YWM5MTFjNjM5MDhjNTgwMzZjMzYyZDZhZTQ3OTY5ZGRiNTllYmVlMTUwMjkxYTY4MzQwZjU2ZGEwMmNhMmE4YTM0YWUwNmUxMjY4MzE5NmFkNjM4YzIwOTliMWZmM2NmZTRhMjYyYmU2N2M1MDEwYWY5OWFmOWU1NTg5NGIyYTVjYWRkOGRlMDI5NjVjN2I2YzM5YTJjMDU1NmU5OTJkMzU4Y2RlYzAxNmU4MWZjMDRiYjFjM2RhYTAzYzliNDIwNjQzOTZlNzZlMzZhOTMwZjI4YTAyMzdmMTI1NjVjOTcwYTk1NzFkZDMzNzQ%3D HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://hostname.idpdomain.com/fed/user/?refid=id-5RtbGMaw6NfaaPUgth-wxZwxY5Q-
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: hostname.spdomain.com:14101
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 11 Aug 2012 12:42:32 GMT
Transfer-Encoding: chunked
Location: https://www.google.com
Set-Cookie: OAM_ID=VERSION_4~8u5oPtHwZW/uJbd8ybw87A==~I2VDurl3pyBxQdHBmwHXXu5AabtNgaGcQx1FJ6v3sVzuoU0WOvMyDi40pizUWNrSIUkCIrl7Fc6cumRyKUAU0yHSHEtzwtiGO3bmiC7rOXKglLnO9Iw0eNUATA1AuJ7m9a6JxE5fX2vDFDYzk/H9eK5/74mO9TKNP0HTcKF6NzEluuTT3sRlQH3dAzBhPouTCO6yMmd00SmQEhrQxCpUc+ec78GFQgfKrE+6mDNTFSO9gHEB0JQ+xzGzzsr34BDCTB2FC41d0Q3tTGXANSHHRg==; path=/; secure; HttpOnly
Set-Cookie: OAM_REQ=invalid; path=/; secure; HttpOnly
X-ORACLE-DMS-ECID: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000042d
X-Powered-By: Servlet/2.5 JSP/2.1
Following is a failed request when OVD is set as the default user store:
GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0%7ENEVGMjRDREUyNUU4QTI1REUwMzVGM344MzRCNTU5RTNCREM1MjFBMjFBRDQ4MTBBNjMzMTI5QzM0MUU5RjI5fjA4ODY1M0JENjg1ODk1MTZDNUVGQjU0NTYwRjg5OEREfjYyMWE3NzhjMzUwMmVhODQ5MWRkMGIyYTBkYmM1MGU0ZDlmZTA0ZjE1NDBhMDVkOGM3ZWIwOGUzNGY3ZDhiNTBhMTNkMjY0MDliMGZmMmY2MzJjZGZjM2UzNzgzNzQ3YzM3OTIwYjlkMmNhZWY0ZDQ2M2MyYzE1NWM2MDkxMjI4MjU0NTEyZDIzODU3NTBlZjI4MjRlZTAzOWFkYmMxYTVmZWE3NTk5NTRlMGY3NTkyNjE5YTRkM2U3OTczZjZiMThmYzgxODg2MzM3ZDg5NzQ2NWUxYmZhNThjOGVmN2VhZmI5OGRiMDNiZmJmZGJjOWUzZmNjYTU1N2U5OWVjMDQ%3D HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://hostname.idpdomain.com/fed/user/?refid=id-R5gYcX-W8o6-bQSR2IIYdkQLLKA-
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: hostname.spdomain.com:14101
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Date: Sat, 11 Aug 2012 12:37:26 GMT
Pragma: no-cache
Content-Length: 2051
Content-Type: text/html; charset=UTF-8
Expires: 0
Set-Cookie: OAM_JSESSIONID=0VksQmSHwhpr2vT33Kq1ZgqWgxrtk2BXxpr4PgmL1LwThMxYSlKQ!-450564370; path=/; HttpOnly
X-ORACLE-DMS-ECID: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f
X-Powered-By: Servlet/2.5 JSP/2.1Hi AV,
we had the same problem
the reason was a wrong definition in cutomizing
Partner Processing -> Define Partner Determination Procedure -> User Interface Settings
there for the relevant procedure we had to define this sequence of functions :
1. Activity Partner
2. Contact Partner
3. Employee Responsible
4. Sales Representative
Regards
Meinrad -
Hi,
I'm trying to install Oracle OAM 11g, but having some trouble while connecting to the oam web console.
My OS is Windows 2003 Enterprise Edittion, Service Pack 2.
My installation steps:
- Installed Oracle DB (11.2.0)
- Used RCU (11.1.1.3.3) to create DB schemas.
- Installed WebLogic 10.3.3
- I did NOT install SOA Suite because I intend to not use Identity Manager.
- I installed IDAM (from ofm_iam_generic_11.1.1.3.0_disk1_1of1 disc)
- Created a domain containing these servers:
- Admin Server listening on port 7001
- oam_server1 listening on port 14100
- oaam_admin_server1 listening on port 14200
- oaam_server_server1 listening on port 14300
- I started weblogic with the "startWebLogic.cmd" command.
- I started oam_server1 with the "startManagedWebLogic.cmd oam_server1" command
(I used this installation guide: http://onlineappsdba.com/index.php/2010/08/05/oracleidm-11g-step-by-installation-of-oam-oim-oaam-oapm-oin-111130-part-i-load-schema/)
The weblogic console says the oam_server1 is up and running, but when I try to connect
to the oam console (http://localhost:14100/oam) the web page displayed says "Error. Action failed. Please try again."
This error also occurs in the oam_server1.log:
####<2010-nov-23 kl 13:49 CET> <Info> <ServletContext-/oam> <server-base> <oam_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <f5f04f496bf2057f:10058de0:12c78c5bb9b:-8000-0000000000000012> <1290516557352> <BEA-000000> <index.jsp:2:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@taglib uri="http://beehive.apache.org/netui/tags-html-1.0" prefix="netui"%>
^----^
index.jsp:2:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@taglib uri="http://beehive.apache.org/netui/tags-html-1.0" prefix="netui"%>
And when I check out the taglib web page:
http://beehive.apache.org/docs/1.0/netui/tagsOverview.html
...it says: "2010/01/11 - Apache Beehive has been retired."
Have I missed something, or how do I fix this?
Thanks in advance.
Henrik
Edited by: user1154522 on Nov 23, 2010 5:26 AMMy mistake. This was the URL i was looking for to configure OAM:
http://lhost:7001/oamconsole -
Not able to access OAM 11g Console
Hi,
We have OAM 11g environment. Initially we are able to login to oamconsole using "weblogic" user. We changed user store to OVD then onwards we are not able to login to console.
ThanksHi,
As GK says, you should just be able to add the user to the group that is defined in the "OAM Administrator's Role" in the OVD identity store that you have defined - could you verify that the user you are logging in as is a member of this group, and that the group's cn attribute value matches what you have defined in the user store.
What symptoms are you seeing - for example,are you being successfully authenticated but getting denied access to /oamconsole, or are you getting double-prompted for login?
Regards,
Colin -
Hi Gurus,
i am writing a access client for a custom application, i am able to authenticate , authorize and get a session token for user but i am not able to get responses that we have set in the authorization policy. we have set Responses --> header -->$user.attr.customattr1
i have looked into API document to get those responses but i am unable to do that.
Oracle Fusion Middleware Access SDK Java API Reference for Oracle Access Management Access Manager
Is there a way to get responses through apis.
Regards
978203can you confirm if you are using getActions or getAction API
Also you may want to enable "Allow Management Operations" in AccessGate configuration in oamconsole
what is exception you get while invoking api
hope this helps -
Unable to authenticate users using Custom plugins in OAM 11g
We are working on a requirement in which we have to write a custom authentication plugin in OAM 11g.
we were able to import and activate the plugin
we created a new authentication module with steps in the following order
1)UserIdentificationPlugin
2)UserAuthenticationPlugin
3)Our custom plugin to create custom responses(We just created the class with mandatory methods and process method returning success)
but finally when we try to authenticate,authentication fails resulting in OAM-2 error.We had entered valid credentials
Can somebody please help me on resolving this issue.
The plugin code,manifest file and Metadata XML is shared below.
Plugin Code
public class NewPlugin extends AbstractAuthenticationPlugIn {
private static final String CLASS_NAME = "FirstTestClass";
public ExecutionStatus initialize (PluginConfig config){
super.initialize(config);
if(LOGGER.isLoggable(Level.FINE)){
LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
return ExecutionStatus.SUCCESS;
@Override
public String getDescription() {
// TODO Auto-generated method stub
return null;
@Override
public Map<String, MonitoringData> getMonitoringData() {
// TODO Auto-generated method stub
return null;
@Override
public String getPluginName() {
// TODO Auto-generated method stub
return null;
@Override
public int getRevision() {
// TODO Auto-generated method stub
return 0;
@Override
public ExecutionStatus process(AuthenticationContext context)
throws AuthenticationException {
if(LOGGER.isLoggable(Level.FINE)){
LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
return ExecutionStatus.SUCCESS;
@Override
public void setMonitoringStatus(boolean arg0) {
// TODO Auto-generated method stub
@Override
public boolean getMonitoringStatus() {
// TODO Auto-generated method stub
return false;
MANIFEST.MF
Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: NewPlugin Plug-in
Bundle-SymbolicName: NewPlugin
Bundle-Version: 1.0.0
ImportPackage:org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,oracle.security.am.common.utilities.principal,oracle.security.idm,javax.naming,javax.sql,javax.security.auth
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
METADATA XML
<?xml version="1.0" encoding="UTF-8" ?>
<Plugin name="NewPlugin" type="Authentication">
<author>me</author>
<email>[email protected]</email>
<creationDate>11:40:20,2012-13-02</creationDate>
<version>1</version>
<description>Custom User Authentication Plugin</description>
<interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
<implementation>newplugin.NewPlugin</implementation>
<configuration>
<AttributeValuePair>
<Attribute type="String" length="20">DataSource</Attribute>
<mandatory>true</mandatory>
<instanceOverride>false</instanceOverride>
<globalUIOverride>true</globalUIOverride>
<value>jdbc/CISCO</value>
</AttributeValuePair>
</configuration>
</Plugin>Your search results show that the user "collini" was not found (nentries=0). This could be caused by a number of reasons.
1) The user doesn't exist under "ou=people,dc=our,dc=domain"
2) The user doesn't contain the posixAccount objectclass
3) The user account that performed the search doesn't have access rights to read/search that user account
What user account was used to BIND on the connection that the search was done on?
Try performing the same exact search with an account you know can retrieve the entry. For example:
ldapsearch -D "cn=Directory Manager" -w - -b ou=people,dc=our,dc=domain -s one "(&(objectClass=posixAccount)(uid=collini))"
If the entry doesn't return as a result of the search then either #1 or #2 above is the problem. If the entry does return then #3 is your problem. -
We are currently trying to integrate SharePoint 2010 server with OAM 11g with 10g webgate. In our environment SharePoint site is configured with Claims based authentication with LDAP provider for membership. We have performed all the configurations based on the Oracle documentation with validation mode as OAMHttp.
We are seeing the following behavior after this integration.
1) The user requests access to an SharePoint Site
2) Webgate protecting the site intercepts the request, determines if the resource is protected, and challenges the user.
3) The user enters their OAM credentials; Webgate contacts the OAM Server, which verifies the credentials from user store and authenticates the user. Webgate generates the OAM native SSO cookie (ObSSOCookie), which enables single sign-on and sets the User ID (to username) header variable in the HTTP request and redirects the user to SharePoint site.
Here, instead of taking user to the home page of the site, the SharePoint login page is displayed again.
=================================================================================================
Looking into the debug logs i found the following error.
Date ProcessId ThreadID ManagesThreadId ClassName MethodName Message
=================================================================================================
5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider Initialize validationMode^OAMHttp
5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor Method Entered
5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor ValidationURL configured validationUrl^http://wtv-sea-spapp01.chemd.net:8086/ValidateCookie.html
5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor validationHost^wtv-sea-spapp01.chemd.net
5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor OAMAuthUserCookieName^OAMAuthCookie
5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor Method Exited
5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider Initialize Setting Validation Type OAMHttp
5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider ValidateUser Entering ValidateUser : username^IDG2M
5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator ValidateUser Method Entered
Exception Caught InValidateUser
The remote server returned an error: (403) Forbidden. at System.Net.HttpWebRequest.GetResponse()
at Oracle.OAMHttpValidator.ValidateUser(Dictionary`2 creds)5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator ValidateUser Exiting AuthStatus^AuthZFail
5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider ValidateUser OAMauthStatus^AuthZFail
5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider ValidateUser Method Exited returnCode^False
If anyone have integrated OAM 11g with SharePoint 2010 earlier, appreciate your inputs in this regard.Each license is platform specific, you can't backwards apply or forwards apply licenses from one version of SharePoint to another.
If you do have MSDN access, you'll have access to all current versions of SharePoint, across the current and retired server products.
Steven Andrews
SharePoint Business Analyst: LiveNation Entertainment
Blog: baron72.wordpress.com
Twitter: Follow @backpackerd00d
My Wiki Articles:
CodePlex Corner Series
Please remember to mark your question as "answered" if this solves (or helps) your problem. -
Unprotect OIM 9.1 page in OAM 11g?
I have configured 10g webgate with OAM 11g and everything seems to work great. I have a requirement to unprotect /xlWebApp/forgetPassword.do to allow password reset without challenge. I get the below error in OIM when trying to access the page. Looks like the Public Resource Policy in OAM is working, but OIM denies Anonymous User login. Can anyone help me understand how to let OIM passthrough Anonymous user for a unprotected page?
ERROR [ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)' XELLERATE.WEBAPP - Class/Method: tcLogonAction/loginUser encounter some problems: javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User Anonymous javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User Anonymous denied
Thor.API.Exceptions.tcAPIException: javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User Anonymous javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User Anonymous denied
at Thor.API.tcUtilityFactory.<init>(Unknown Source)
at com.thortech.xl.webclient.actions.tcLogonAction.loginUser(Unknown Source)
Thanks,
Sunil.I see that oim expects user "Anonymous" when a resource is marked public. I tried creating the "Anonymous" user and upon hitting /xlWebApp/forgetPassword.do, oim now takes me to the home page for anonymous user, instead of forgetPassword.do page.. Has anyone done this kind of integration in OIM. Please let me know, if i'm missing something here.
Thanks. -
OAM 11g "Failure URL" in Authoriztion policy not working?
Hi,
Per the subject, I am running OAM server 11g (11.1.1.3), with an OAM 10g Apache webgate.
In the OAM Authorization policy (protected), I have specified a full URL for the "Failure URL", to get the browser to redirect when an authorization failure occurs.
However, when I test with a user that does not have access (user authenticates ok, but doesn't have right to access the protected resource), instead of the browser being redirected, I am getting an "Oracle Access Manager Operations Error" page.
I've been trying to figure this out, and have found several threads about this, e.g.:
OAM 11g authz redirect URL not working?
But, as I said, I am using OAM 11g server, and there is no "Inconclusive URL" in the policy settings (I guess there was in 10g, but not in 11g).
I have trace logging enabled on the OAM server, and I can clearly see that the request is getting "results DENY", but there's no indication in the logs that OAM server is aware of any failure redirection URL.
I've also got a header trace, and I can see that the browser is simply being re-directed to the "/oberr.cgi...." URL, so it' not going "somewhere else".
So, does anyone know why the "Failure URL" is not working in OAM 11g in Authorization policies?
Thanks,
Jim
P.S. The URL that it's suppose to be re-directing the browser to is in the Public resources under Authorization, and as I said, I don't see the browser even attempting to go to the failure URL, either via header traces or the OAM server logs.
Edited by: jimcpl on Nov 5, 2011 8:53 PMHi,
Per the subject, I am running OAM server 11g (11.1.1.3), with an OAM 10g Apache webgate.
In the OAM Authorization policy (protected), I have specified a full URL for the "Failure URL", to get the browser to redirect when an authorization failure occurs.
However, when I test with a user that does not have access (user authenticates ok, but doesn't have right to access the protected resource), instead of the browser being redirected, I am getting an "Oracle Access Manager Operations Error" page.
I've been trying to figure this out, and have found several threads about this, e.g.:
OAM 11g authz redirect URL not working?
But, as I said, I am using OAM 11g server, and there is no "Inconclusive URL" in the policy settings (I guess there was in 10g, but not in 11g).
I have trace logging enabled on the OAM server, and I can clearly see that the request is getting "results DENY", but there's no indication in the logs that OAM server is aware of any failure redirection URL.
I've also got a header trace, and I can see that the browser is simply being re-directed to the "/oberr.cgi...." URL, so it' not going "somewhere else".
So, does anyone know why the "Failure URL" is not working in OAM 11g in Authorization policies?
Thanks,
Jim
P.S. The URL that it's suppose to be re-directing the browser to is in the Public resources under Authorization, and as I said, I don't see the browser even attempting to go to the failure URL, either via header traces or the OAM server logs.
Edited by: jimcpl on Nov 5, 2011 8:53 PM -
OIM 11g Server Configuration Wizard Error - Cannot Connect to Oracle DB
I appreciate any and all suggestions or thoughts on how to best continue troubleshooting this error that I am describing below.
I am attempting to install Oracle Identity and Access Management Suite 11g on a Windows 7 machine…in following the installation guides I have successfully installed the following Oracle Components
- Oracle Database 11.2.0.1.0
- Created Schemas using RCU 11.1.1.3.3
- Oracle WebLogic Server 10.3.3.0
- Oracle SOA 11.1.1.2.0
- Oracle SOA 11.1.1.3.0 (Patch Set)
- Oracle IAM SUITE 11.1.1.3.0
Following the above installations, I created a new WebLogic Domain and as the next step am running the OIM Configuration Wizard to configure the OIM Server, however I am unable to setup a connection to the Oracle DB via the OIM Configuration Wizard. I am getting an error message when attempting to setup the connection to the Oracle Database using the OIM 11g Server Configuration Wizard:
ERROR:*
INST:6102 Unable to connect to the database with the given credentials.
*+[DETAILS] Check the values. Make sure the Database is up and running and connect string, user name, and password are correct.+*
INST:6102 Unable to connect to the database with the given credentials.
*+[DETAILS] Check the values. Make sure the Database is up and running and connect string, user name, and password are correct.+*
When installing the Oracle Database 11gR2 I used the following install configuration:
Oracle base: C:\MyApps\Oracle
Software location: C:\MyApps\Oracle\DB_HOME\11.2.0\dbhome_1
Database file location: C:\MyApps\Oracle\DB_HOME\oradata
Database Edition: Personal Edition (3.27 GB)
Character Set: Unicode (AL32UTF8)
Global database name: orcl.dev.com
Administrative Password: Password1
Confirm Password: Password1
When creating my Schemas using RCU 11.1.1.3.3 I used the following Database Connection Details
DB TYPE: Oracle Database
HOST NAME: localhost
PORT: 1521
SERVICE NAME: orcl.dev.com
USERNAME: sys
PASSWORD: Password1
ROLE: SYSDBA
I used a Prefix of “DEV” when creating the schemas so Schema Owners DEV_OIM and DEV_MDS where created. Also, I configured to use the same password for all Schemas: “Password1″. So the password for DEV_OIM and DEV_MDS should be the same, “Password1″.
REPRODUCING THE ERROR
To reproduce the error, when I launch the Oracle Identity Management 11g Configuration Wizard I am first brought to the “Welcome” Screen. I click the [Next>] button.
Next, I am on the “Components to Configure” screen where I select OIM Server and OIM Design Console and click the [Next>] button. (NOTE I have also tested by simply selecting only the OIM Server)
Next, I am on the “Database” screen where I enter the connection information
Connection String: localhost:1521:orcl.dev.com
(NOTE I have also tested using localhost:1521:orcl)
OIM Schema User Name: DEV_OIM
OIM Schema Password: Password1
MDS Schema User Name: DEV_MDS
MDS Schema Password: Password1
When I click the [Next>] button after entering the Database Connection details I encounter the following two errors (1 error for each logon DEV_OIM and DEV_MDS)
INST:6102 Unable to connect to the database with the given credentials.
INST:6102 Unable to connect to the database with the given credentials.
TROUBLESHOOTING
NOTE: I can successfully start the Oracle DB Services and connect via the Enterprise Console, SQL Plus, and JDBCTest Java Client…I just cannot get past this connection error in the OIM Server Configuration Wizard.
JDBCTest.java TEST CLIENT
NOTE: THIS IS THE JAVA TEST CLIENT THAT I AM USING TO TEST DATABASE CONNECTIVITY THRU A SPECIFIED JDBC URL AND DRIVER THAT WORKS SUCCESSFULLY.*
import java.sql.Connection;
import java.sql.DatabaseMetaData;
import java.sql.DriverManager;
import java.sql.ResultSet;
public class JDBCTest {
public static void main(String[] args) throws Exception {
String url = "jdbc:oracle:thin:@localhost:1521:orcl";
String driver = "oracle.jdbc.OracleDriver";
String user = "DEV_OIM";
String password = "Password1";
try {
Class.forName(driver);
Connection conn = DriverManager.getConnection(url, user, password);
// Get the MetaData
DatabaseMetaData metaData = conn.getMetaData();
// Get driver information
System.out.println("");
System.out.println("#########################################");
System.out.println("# ***DRIVER INFORMATION***");
System.out.println("#");
System.out.println("# Driver Name = " + metaData.getDriverName());
System.out.println("# Driver Version = " + metaData.getDriverVersion());
System.out.println("#");
System.out.println("#########################################");
System.out.println("");
System.out.println("");
// Get database information
System.out.println("#########################################");
System.out.println("# ***DATABASE INFORMATION***");
System.out.println("#");
System.out.println("# Database Product Name = " + metaData.getDatabaseProductName());
System.out.println("# Database Product Version = " + metaData.getDatabaseProductVersion());
System.out.println("#");
System.out.println("#########################################");
System.out.println("");
System.out.println("");
// Get schema information
ResultSet schemas = metaData.getSchemas();
System.out.println("#########################################");
System.out.println("# ***SCHEMA INFORMATION***");
System.out.println("#");
System.out.println("# Schemas:");
while (schemas.next()) {
System.out.println("# " + schemas.getString(1));
System.out.println("#########################################");
System.out.println("");
System.out.println("");
// Get table information
System.out.println("Tables");
ResultSet tables = metaData.getTables("", "", "", null);
while (tables.next()) {
System.out.println(tables.getString(3));
conn.close();
} catch (Exception ex) {
ex.printStackTrace();
*"lsnrctl status" COMMAND TEST SUCCESSFUL*
When the Listener Service is on I get the following output using lsnrctl status command
C:\> lsnrctl status
LSNRCTL for 32-bit Windows: Version 11.2.0.1.0 - Production on 21-SEP-2010 15:59:43
Copyright (c) 1991, 2010 Oracle. All rights reserved.
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for 32-bit Windows:Version 11.2.0.1.0 - Production
Start Date 21-SEP-2010 14:43:57
Uptime 0 days 1 hr. 15 min. 46 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File C:\MyApps\Oracle\DB_HOME\11.2.0\dbhome_1\NETWORK\ADMIN\listener.ora
Listener Log File c:\myapps\oracle\diag\tnslsnr\\listener\alert\log.xml
Listening Endpoints Summary…
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
Services Summary…
Service “CLRExtProc” has 1 instance(s).
Instance “CLRExtProc”, status UNKNOWN, has 1 handler(s) for this service…
Service “orcl.dev.com” has 1 instance(s).
Instance “orcl”, status READY, has 1 handler(s) for this service….
Service “orclXDB.dev.com” has 1 instance(s).
Instance “orcl” status READY, has 1 handler(s) for this service…
The command completed successfullyWhenever installing oracle databases, i install the software only first. Then i setup the listener. Then i create a database instance using the dbca tool. This way all the information is added to the pre-existing listener configurations rather than trying to create the listener afterwards. Also, during the dbca database creation, i supply a full service name such as orcl.hostname and use the service name in future configurations where it asked. This usually solves any issues of the listener or database not being found correctly.
-Kevin -
Non-ASCI character Support in OAM 11g
Hi,
I have a requirement to test the user authentication with Oracle Access Manager 11g.
I am using Active Directory as the user repository and able to create a user with the user id containing non-ASCI value (say Äuser1) and AD allows for it creation and when i try to provide access to that user in the OAM''s application in the constraints tab, after selecting that user from repository and when I say Apply, I receive an error message saying that
"The policy store is not available; please see the log file for more details."
and in the weblogic server log, i can see an error with Error Code: 1461 with a description saying INSERT INTO JPS_ATTRS (JPS_ATTRS_ID, ATTRVAL, ATTRNAME, JPS_DN_ENTRYID) VALUES (?, ?, ?, ?).
Can anybody know if there are constraints as such with respect to supporting on non-ASCI characters in OAM 11g?
Thanks,
NagendraThis type of question/discussion belongs in {forum:id=50} forum.
Very recently a thread there touched the topic of Turkish character support.
Please read it: Western European Characterset to Turkish in sql
>
NLS_CHARACTERSET__________WE8MSWIN1252 Check the character set repertoire of win-1252 (look for the typical turkish language characters you've mentioned above).
http://msdn.microsoft.com/en-us/goglobal/cc305145.aspx
Look at character names, such as "... letter s with cedilla".
Maybe you are looking for
-
How to call and run HTML pages from an Applet?
I want to run another HTML page when pressed a button in an Applet,how can i do it?
-
I have a late 2011 Macbook Pro 15 inches, i recently upgraded the RAM from Crucial 8gb (4gbx2) to Crucial 16gb (8gbx2). I have done thies before, was er careful, and had antistatic clip, clean work surface, etc. When trying to turn the computer on a
-
Colour background for quicktime plugin and favicons
Hi, a trivial query. I have seen some sites where the background colour for the quicktime plugin player is black not white. On my proto site http://www.goldenumber.co.uk/beermatts_trumpet_pages/ if you click on the midi files the player has a white b
-
Performance impact on the size of the CHM file
Is there any impact on performance depending on the size of a CHM file?
-
Problems importing footage with Canon GL-2
I'm brand new to Mac & FCP, migrating from Casablanca after 8+ years. I've had no luck using the "Capture Batch" option, so I've reverted to "Capture Now"...after reading lots of issues with the gl2. "Capture Now", though very time consuming, seems t