Oam 11g r2 Access Client error

Similar Messages

• Self registration error in OIM-OID-OAM 11g

  Hi,
  We are using OIM,OID,OAM 11G,in clustering mode.We are facing a problem on self registration process.
  For every alternate self registration request,system is throwing an error.After the self register user request has got approveod,I have checked the request status in 'advanced' panel its saying ; " IAM-3051103:The create operation on user entity failed in action stage.:"
  This is really a big mysterious thing to me,1st self registration was successful,2nd was throwing an error , again 3rd was success ,4th was failure , 5th was success and 6th was failure.
  Below is the corresponding error message in log file for the failed request.
  <Mar 21, 2011 2:22:30 PM CDT> <Error> <oracle.iam.identity.usermgmt.impl.handlers.create> <IAM-3051103> <The create operation on user entity failed in action stage.
  oracle.iam.platform.entitymgr.MissingRequiredAttributeException: [act_key]
       at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.checkRequired(EntityManagerImpl.java:1448)
       at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:261)
       at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:237)
       at oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler.execute(CreateUserActionHandler.java:141)
       at oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler.execute(CreateUserActionHandler.java:68)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
       at $Proxy235.execute(Unknown Source)
       at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1028)
       at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:637)
       at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:220)
       at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
       at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
       at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
       at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
       at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
       at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy428.onMessage(Unknown Source)
       at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
       at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
       at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327)
       at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
       at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
       at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
       at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
       at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
       at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >
  <Mar 21, 2011 2:22:30 PM CDT> <Error> <oracle.iam.platform.entitymgr.provider.ldap> <IAM-0042004> <An error occurred while un-reserving the user in LDAP, and the corresponding error is - java.lang.NullPointerException>
  <Mar 21, 2011 2:22:30 PM CDT> <Warning> <oracle.iam.identity.usermgmt.impl.handlers.create> <BEA-000000> <null>
  Any help would be really appreciated.
  Thanks.

  Hi,
  I am assuming in clustered environment you are having two instances running.
  It must be an issue with a single server,,because the problem is intermittent.
  To see which server is causing problem....just perform the following steps:
  1) Stop server1 and keep running server2..and fire new registration request...
  2) stop server 2..and keep running server1.....and fire new registration request.
  Using above, atleast you can see which server is causing the problem...
  Regards,
  J
  Edited by: J_IDM on Mar 21, 2011 10:52 PM

• OAM 11g: Error while importing Custom Authentication Plug-in.

  We are trying to create a sample custom authentication plugin in OAM 11g as per the 11.1.1.5.0 doc.
  But while trying to import the plugin via oamconsole (system configuration->Plugins->Import Plugin) we receive an error "Invalid XML Structure".
  Do we have to embed the XSD (XML Schema Definition) as well ?
  -------------------------SamplePlugin.java-------------------------------------
  import oracle.security.am.plugin.ExecutionStatus;
  import oracle.security.am.plugin.MonitoringData;
  import oracle.security.am.plugin.PluginConfig;
  import oracle.security.am.plugin.authn.AuthenticationContext;
  import oracle.security.am.plugin.authn.AuthenticationException;
  import oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn;
  import java.util.Map;
  import java.util.logging.Level;
  class SamplePlugin extends AbstractAuthenticationPlugIn {
       private static final String CLASS_NAME = "FirstTestClass";
       public ExecutionStatus initialize (PluginConfig config){
            super.initialize(config);
            if(LOGGER.isLoggable(Level.FINE)){
                 LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
            return ExecutionStatus.SUCCESS;
       @Override
       public String getDescription() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public Map<String, MonitoringData> getMonitoringData() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public String getPluginName() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public int getRevision() {
            // TODO Auto-generated method stub
            return 0;
       @Override
       public ExecutionStatus process(AuthenticationContext arg0)
                 throws AuthenticationException {
            if(LOGGER.isLoggable(Level.FINE)){
                 LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
            return ExecutionStatus.SUCCESS;
       @Override
       public void setMonitoringStatus(boolean arg0) {
            // TODO Auto-generated method stub
       @Override
       public boolean getMonitoringStatus() {
            // TODO Auto-generated method stub
            return false;
  -------------------------SamplePlugin.java-------------------------------------
  ------------------------SamplePlugin.xml--------------------------------
  <?xml version="1.0" encoding="UTF-8" ?>
  <Plugin name="SamplePlugin" type="Authentication">
  <author>Self</author>
  <email>[email protected]</email>
  <creationDate>09:41:22, 2012-02-05</creationDate>
  <version>1</version>
  <description>SamplePlugin</description>
  <interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
  <implementation>SamplePlugin</implementation>
  </Plugin>
  ------------------------SamplePlugin.xml--------------------------------
  ------------------------MANIFEST.MF--------------------------------
  Manifest-Version: 1.0
  Ant-Version: Apache Ant 1.8.2
  Bundle-Version: 1.0.0.qualifier
  Bundle-Name: SamplePlugin
  Bundle-Activator: SamplePlugin
  Bundle-ManifestVersion: 2
  Created-By: 1.6.0_24-b07 (Sun Microsystems Inc.)
  Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.
  plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,
  oracle.security.am.common.utilities.principal,oracle.security.idm,jav
  ax.naming,javax.sql,java.management,javax.security.auth
  Bundle-SymbolicName: SamplePlugin
  Bundle-RequiredExecutionEnvironment: JavaSE-1.6
  ------------------------MANIFEST.MF--------------------------------
  Contents of SamplePlugin.jar
  1. SamplePlugin.xml
  2. SamplePlugin.class
  3. META-INF/
  MANIFEST.MF

  I build the Plugin.jar file similarly as above(followed the same steps)..
  But when i log into OAM and trying to import the plugin (System Configuration->Plugins- Import Plugin) the browser goes to hung state and i see below error in logs (domain log and in diag log)
  I see the jar file created in this location (\Middleware\user_projects\domains\IAMdomain\oam\plugins)
  Please let me know if you have any idea..Thanks!
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803273> <BEA-000000> <ADFc: /WEB-INF/adfc-config.xml: >
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803274> <ADFC-52024> <ADFc: Duplicate managed bean definition for 'accessCheck' detected.>
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000402> <1330549803479> <ADF_FACES-60099> <The region component with id: pt1:_lar has detected a page fragment with multiple root components. Fragments with more than one root component may not display correctly in a region and may have a negative impact on performance. It is recommended that you restructure the page fragment to have a single root component.>
  ####<Feb 29, 2012 1:10:33 PM PST> <Error> <javax.enterprise.resource.webcontainer.jsf.application> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833253> <BEA-000000> <java.lang.NullPointerException
  javax.faces.el.EvaluationException: java.lang.NullPointerException
       at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:51)
       at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
       at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190
  ####<Feb 29, 2012 1:10:33 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833316> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase INVOKE_APPLICATION 5
  javax.faces.FacesException: #{FileProcessor.doUpload}: java.lang.NullPointerException
       at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
       at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
       at oracle.adf.view.rich.component.rich.RichPopup$BroadcastContextCallback.invokeContextCallback(RichPopup.java:666)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.invokeOnComponent(UIXComponentBa
  >
  ####<Feb 29, 2012 1:10:33 PM PST> <Error> <oracle.oam.admin.console.policy> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833361> <OAM-400016> <Failed to authenticate the user
  javax.servlet.ServletException: java.lang.NullPointerException
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
  ####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adf.view.rich.component.fragment.UIXRegion> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834008> <ADF_FACES-00009> <Error processing viewId: /plugin-taskflow/authplugins URI: /oracle/security/am/taskflows/authplugin.jsff actual-URI: /oracle/security/am/taskflows/authplugin.jsff.
  javax.el.ELException: java.lang.NullPointerException
       at javax.el.BeanELResolver.getValue(BeanELResolver.java:266)
       at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper._encodeAll(PanelCollectionRenderer.java:728)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper.access$500(PanelCollectionRenderer.java:537)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer.encodeAll(PanelCollectionRenderer.java:402)
       at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)
       at org.apache.myfaces.trinidad.render.CoreRenderer.encodeEnd(CoreRenderer.java:335)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.encodeEnd(UIXComponentBase.java:767)
       at javax.faces.component.UIComponent.encodeAll(UIComponent.java:937)
  ####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834020> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6
  javax.faces.FacesException: javax.el.ELException: java.lang.NullPointerException
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:804)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:294)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:214)

• OAM 11g - Weblogic timeout error

  Hi,
  We have deployed OAM 11g on Weblogic 10.3.5. It was working file until thursday. After that we have only restarted the machine and the OAM console start responding very slow. We can see the following errors in logs as well.
  +[2012-06-18T17:23:00.481+05:30] [AdminServer] [ERROR] [] [] [tid: PoolWatcher] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-0000000000000011,0] java.net.SocketTimeoutException: Read timed out+
  +[2012-06-18T17:24:01.000+05:30] [AdminServer] [ERROR] [] [] [tid: PoolWatcher] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-0000000000000011,0] java.net.SocketTimeoutException: Read timed out+
  +[2012-06-18T17:25:01.536+05:30] [AdminServer] [ERROR] [] [] [tid: PoolWatcher] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-0000000000000011,0] java.net.SocketTimeoutException: Read timed out+
  +[2012-06-18T17:26:02.071+05:30] [AdminServer] [ERROR] [] [] [tid: PoolWatcher] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-0000000000000011,0] java.net.SocketTimeoutException: Read timed out++2012-06-18T17:27:00.496+05:30] [AdminServer] [ERROR] [] [] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-000000000000005b,0] [APP: oam_admin#11.1.1.3.0] java.net.SocketTimeoutException: Read timed out+
  +[2012-06-18T17:27:00.496+05:30] [AdminServer] [ERROR] [] [] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-000000000000005b,0] [APP: oam_admin#11.1.1.3.0] Failed to communicate with any of configured Access Server, ensure that it is up and running.+
  +[2012-06-18T17:27:00.700+05:30] [AdminServer] [NOTIFICATION] [OAMSSA-22005] [oracle.oam.diagnostic] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-000000000000005b,0] [APP: oam_admin#11.1.1.3.0] Number of collectors registered: "3".+
  +[2012-06-18T17:27:00.700+05:30] [AdminServer] [NOTIFICATION] [OAMSSA-20032] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-000000000000005b,0] [APP: oam_admin#11.1.1.3.0] Finished constructing mediator.+
  +[2012-06-18T17:27:00.700+05:30] [AdminServer] [NOTIFICATION] [OAMSSA-20002] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-000000000000005b,0] [APP: oam_admin#11.1.1.3.0] Diagnostic Engine Initialized.+
  +[2012-06-18T17:27:00.715+05:30] [AdminServer] [NOTIFICATION] [] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1b8352126b8c9e0f:1ec8524a:137ff4bc247:-8000-000000000000005b,0] [APP: oam_admin#11.1.1.3.0] resolved id store name : UserIdentityStore1+
  Anybody have any clue where is the issue and what is the fix required. Thanks for all your help.

  From the logs it looks like OAM Managed Server is up, but AdminServer not. Just start it that should fix your problem. Otherwise provide us more information to help you.
  I hope this helps,
  Thiago Leoncio.

• Can't get OAM 11g Access Tester working

  Hi,
  I've been trying to get the Access Tester (oamtester.jar) from OAM 11g (11.1.1.3) working.
  I can start the tester (java -jar oamtester.jar), but when I try to connect to the OAM server, I either get a "NAP initialization error" or a "challenge_failed"/mismatch error.
  My OAM server is listening on the default port, 14100, and the OAM proxy is listening on 5575, and I've tried connecting to both ports, and get the different errors, depending on which port I try.
  I've tried running the tester on the OAM server machine itself, from a different machine, etc., but get the same errors.
  Can anyone tell me how I can get the tester to work?
  Thanks,
  Jim

  Hi,
  I got the logging in the access tester, and here's what I get when I try to connect to the OAM server:
  Nov 6, 2011 2:16:58 PM ObAAAServiceClient setHostPort
  FINER: ENTRY
  Nov 6, 2011 2:16:58 PM ObAAAServiceClient setHostPort
  FINER: RETURN
  Nov 6, 2011 2:16:58 PM ObAAAServiceClient setHostPort
  FINER: ENTRY
  Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.util.NAPLogger log
  FINE: There are no entries in given access server list.
  Nov 6, 2011 2:16:58 PM ObAAAServiceClient connect
  FINER: ENTRY
  Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl writeObMessage
  FINE: OpCode = 13 [InitNAP], SeqNo = 0 Message = protocol=NAP version=4 oldest=1
  Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl readMessage
  FINE: Message received from Server: OpCode = 13 [InitNAP], SeqNo = 0 Message = protocol=NAP version=4 oldest=1
  Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl writeObMessage
  FINE: OpCode = 0 [ServerDiagnosticEvent], SeqNo = 0 Message = sts=open
  Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl readMessage
  FINE: Message received from Server: OpCode = 0 [ServerDiagnosticEvent], SeqNo = 0 Message = sts=open
  Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl writeObMessage
  FINE: OpCode = 14 [NAPAuthnChallengeReq], SeqNo = 0 Message = cm=apache1 challenge=f5d58bf93da2331c of=1
  Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl readMessage
  FINE: Message received from Server: OpCode = 14 [NAPAuthnChallengeReq], SeqNo = 0 Message = cm=AccessServerConfigProxy challenge=f5d58bf93da2331c st=ma%3d25%20mi%3d2%20sg%3d1 rt=1
  Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObNap CreateChallengeResponse
  FINEST: Created NAP challenge
  Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl writeObMessage
  FINE: OpCode = 15 [NAPAuthnChallengeResponse], SeqNo = 0 Message = response=2659cf320b28b197d027789ae069efe3
  Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelImpl readMessage
  FINE: Message received from Server: OpCode = 15 [NAPAuthnChallengeResponse], SeqNo = 0 Message = st=ma%3d52%20mi%3d2%20sg%3d1 rt=0
  Nov 6, 2011 2:16:58 PM oracle.security.am.common.nap.ObMessageChannelWrapper initNAP
  SEVERE: Error in receiving hashed server challenge
  Does anyone know why this is happening, and how to get around it?
  Has anyone actually gotten the OAM 11g access tester to work with OAM 11g server via the OAM proxy (on port 5575)?
  Thanks,
  Jim

• OAM 11g throws error when user store is changed

  We have OAM 11g integrated with OIF 11g as the SP. We need to change the OAM User store from OID to OVD. I added a new User store in the OAM console and set that as the default store. In the OAM console, under System Configuration -> Common Configuration -> Data Stores -> User Identity Stores, I added the OVD repository we want to use and set it as the default store. When I make this change in OAM data stores, OAM throws an error.
  On the browser I see the error: System error. Please re-try your action. If you continue to get this error, please contact the Administrator.
  In the OAM diagnostic logs, I see the following errors:
  [2012-08-11T08:37:27.016-04:00] [oam_server1] [ERROR] [OAMSSA-20005] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Error initializing User/Role API : null.
  [2012-08-11T08:37:27.021-04:00] [oam_server1] [WARNING] [OAMSSA-20007] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Unable to connect to the User Store. User Store may not be initialized : Error initializing User/Role API : null..
  [2012-08-11T08:37:27.021-04:00] [oam_server1] [ERROR] [OAMSSA-12126] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Cannot assert the username from DAP token.
  The user exists in OVD and appropriate attributes have been set.
  Comparing the trace for the two, in the OID trace, I see a 302 for the URL at /oam/server/dap/cred_submit. In the OVD trace, I see a 200 for the same URL.
  Following is a successful request when OID is set as the default user store:
  GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0%7ENEVGMzBGMUJFRTdGRkM0NjQxREFFQn5GODdEQjFEMjczMjZCQjFCQTZEQTlDQTI5RDA3RTA0QTQ2OThEQzdEfjRCMDk0OUE1RjgyNjcwRkU2M0E3OTM5QjI1OTlCMzdEfmRiYzEzMDFiMWMxOTFiMDA5ZmM3YWM5MTFjNjM5MDhjNTgwMzZjMzYyZDZhZTQ3OTY5ZGRiNTllYmVlMTUwMjkxYTY4MzQwZjU2ZGEwMmNhMmE4YTM0YWUwNmUxMjY4MzE5NmFkNjM4YzIwOTliMWZmM2NmZTRhMjYyYmU2N2M1MDEwYWY5OWFmOWU1NTg5NGIyYTVjYWRkOGRlMDI5NjVjN2I2YzM5YTJjMDU1NmU5OTJkMzU4Y2RlYzAxNmU4MWZjMDRiYjFjM2RhYTAzYzliNDIwNjQzOTZlNzZlMzZhOTMwZjI4YTAyMzdmMTI1NjVjOTcwYTk1NzFkZDMzNzQ%3D HTTP/1.1
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
  Referer: http://hostname.idpdomain.com/fed/user/?refid=id-5RtbGMaw6NfaaPUgth-wxZwxY5Q-
  Accept-Language: en-us
  UA-CPU: x86
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
  Host: hostname.spdomain.com:14101
  Connection: Keep-Alive
  Cache-Control: no-cache
  HTTP/1.1 302 Moved Temporarily
  Connection: close
  Date: Sat, 11 Aug 2012 12:42:32 GMT
  Transfer-Encoding: chunked
  Location: https://www.google.com
  Set-Cookie: OAM_ID=VERSION_4~8u5oPtHwZW/uJbd8ybw87A==~I2VDurl3pyBxQdHBmwHXXu5AabtNgaGcQx1FJ6v3sVzuoU0WOvMyDi40pizUWNrSIUkCIrl7Fc6cumRyKUAU0yHSHEtzwtiGO3bmiC7rOXKglLnO9Iw0eNUATA1AuJ7m9a6JxE5fX2vDFDYzk/H9eK5/74mO9TKNP0HTcKF6NzEluuTT3sRlQH3dAzBhPouTCO6yMmd00SmQEhrQxCpUc+ec78GFQgfKrE+6mDNTFSO9gHEB0JQ+xzGzzsr34BDCTB2FC41d0Q3tTGXANSHHRg==; path=/; secure; HttpOnly
  Set-Cookie: OAM_REQ=invalid; path=/; secure; HttpOnly
  X-ORACLE-DMS-ECID: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000042d
  X-Powered-By: Servlet/2.5 JSP/2.1
  Following is a failed request when OVD is set as the default user store:
  GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0%7ENEVGMjRDREUyNUU4QTI1REUwMzVGM344MzRCNTU5RTNCREM1MjFBMjFBRDQ4MTBBNjMzMTI5QzM0MUU5RjI5fjA4ODY1M0JENjg1ODk1MTZDNUVGQjU0NTYwRjg5OEREfjYyMWE3NzhjMzUwMmVhODQ5MWRkMGIyYTBkYmM1MGU0ZDlmZTA0ZjE1NDBhMDVkOGM3ZWIwOGUzNGY3ZDhiNTBhMTNkMjY0MDliMGZmMmY2MzJjZGZjM2UzNzgzNzQ3YzM3OTIwYjlkMmNhZWY0ZDQ2M2MyYzE1NWM2MDkxMjI4MjU0NTEyZDIzODU3NTBlZjI4MjRlZTAzOWFkYmMxYTVmZWE3NTk5NTRlMGY3NTkyNjE5YTRkM2U3OTczZjZiMThmYzgxODg2MzM3ZDg5NzQ2NWUxYmZhNThjOGVmN2VhZmI5OGRiMDNiZmJmZGJjOWUzZmNjYTU1N2U5OWVjMDQ%3D HTTP/1.1
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
  Referer: http://hostname.idpdomain.com/fed/user/?refid=id-R5gYcX-W8o6-bQSR2IIYdkQLLKA-
  Accept-Language: en-us
  UA-CPU: x86
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
  Host: hostname.spdomain.com:14101
  Connection: Keep-Alive
  Cache-Control: no-cache
  HTTP/1.1 200 OK
  Cache-Control: no-cache, no-store
  Date: Sat, 11 Aug 2012 12:37:26 GMT
  Pragma: no-cache
  Content-Length: 2051
  Content-Type: text/html; charset=UTF-8
  Expires: 0
  Set-Cookie: OAM_JSESSIONID=0VksQmSHwhpr2vT33Kq1ZgqWgxrtk2BXxpr4PgmL1LwThMxYSlKQ!-450564370; path=/; HttpOnly
  X-ORACLE-DMS-ECID: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f
  X-Powered-By: Servlet/2.5 JSP/2.1

  Hi AV,
  we had the same problem
  the reason was a wrong definition in cutomizing
  Partner Processing -> Define Partner Determination Procedure -> User Interface Settings
  there for the relevant procedure we had to define this sequence of functions :
  1. Activity Partner
  2. Contact Partner
  3. Employee Responsible
  4. Sales Representative
  Regards
  Meinrad

• OAM 11g installation error

  Hi,
  I'm trying to install Oracle OAM 11g, but having some trouble while connecting to the oam web console.
  My OS is Windows 2003 Enterprise Edittion, Service Pack 2.
  My installation steps:
  - Installed Oracle DB (11.2.0)
  - Used RCU (11.1.1.3.3) to create DB schemas.
  - Installed WebLogic 10.3.3
  - I did NOT install SOA Suite because I intend to not use Identity Manager.
  - I installed IDAM (from ofm_iam_generic_11.1.1.3.0_disk1_1of1 disc)
  - Created a domain containing these servers:
       - Admin Server listening on port 7001
       - oam_server1 listening on port 14100
       - oaam_admin_server1 listening on port 14200
       - oaam_server_server1 listening on port 14300
  - I started weblogic with the "startWebLogic.cmd" command.
  - I started oam_server1 with the "startManagedWebLogic.cmd oam_server1" command
  (I used this installation guide: http://onlineappsdba.com/index.php/2010/08/05/oracleidm-11g-step-by-installation-of-oam-oim-oaam-oapm-oin-111130-part-i-load-schema/)
  The weblogic console says the oam_server1 is up and running, but when I try to connect
  to the oam console (http://localhost:14100/oam) the web page displayed says "Error. Action failed. Please try again."
  This error also occurs in the oam_server1.log:
  ####<2010-nov-23 kl 13:49 CET> <Info> <ServletContext-/oam> <server-base> <oam_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <f5f04f496bf2057f:10058de0:12c78c5bb9b:-8000-0000000000000012> <1290516557352> <BEA-000000> <index.jsp:2:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
  <%@taglib uri="http://beehive.apache.org/netui/tags-html-1.0" prefix="netui"%>
  ^----^
  index.jsp:2:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
  <%@taglib uri="http://beehive.apache.org/netui/tags-html-1.0" prefix="netui"%>
  And when I check out the taglib web page:
  http://beehive.apache.org/docs/1.0/netui/tagsOverview.html
  ...it says: "2010/01/11 - Apache Beehive has been retired."
  Have I missed something, or how do I fix this?
  Thanks in advance.
  Henrik
  Edited by: user1154522 on Nov 23, 2010 5:26 AM

  My mistake. This was the URL i was looking for to configure OAM:
  http://lhost:7001/oamconsole

• Not able to access OAM 11g Console

  Hi,
  We have OAM 11g environment. Initially we are able to login to oamconsole using "weblogic" user. We changed user store to OVD then onwards we are not able to login to console.
  Thanks

  Hi,
  As GK says, you should just be able to add the user to the group that is defined in the "OAM Administrator's Role" in the OVD identity store that you have defined - could you verify that the user you are logging in as is a member of this group, and that the group's cn attribute value matches what you have defined in the user store.
  What symptoms are you seeing - for example,are you being successfully authenticated but getting denied access to /oamconsole, or are you getting double-prompted for login?
  Regards,
  Colin

• OAM 11gR2 - Access Client

  Hi Gurus,
  i am writing a access client for a custom application, i am able to authenticate , authorize and get a session token for user but i am not able to get responses that we have set in  the authorization policy. we have set   Responses --> header -->$user.attr.customattr1
  i have looked into API document to get those responses but i am unable to do that.
  Oracle Fusion Middleware Access SDK Java API Reference for Oracle Access Management Access Manager
  Is there a way to get responses through apis.
  Regards
  978203

  can you confirm if you are using getActions or getAction API
  Also you may want to enable "Allow Management Operations" in AccessGate configuration in oamconsole
  what is exception you get while invoking api
  hope this helps

• Unable to authenticate users using Custom plugins in OAM 11g

  We are working on a requirement in which we have to write a custom authentication plugin in OAM 11g.
  we were able to import and activate the plugin
  we created a new authentication module with steps in the following order
  1)UserIdentificationPlugin
  2)UserAuthenticationPlugin
  3)Our custom plugin to create custom responses(We just created the class with mandatory methods and process method returning success)
  but finally when we try to authenticate,authentication fails resulting in OAM-2 error.We had entered valid credentials
  Can somebody please help me on resolving this issue.
  The plugin code,manifest file and Metadata XML is shared below.
  Plugin Code
  public class NewPlugin extends AbstractAuthenticationPlugIn {
  private static final String CLASS_NAME = "FirstTestClass";
  public ExecutionStatus initialize (PluginConfig config){
  super.initialize(config);
  if(LOGGER.isLoggable(Level.FINE)){
  LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
  return ExecutionStatus.SUCCESS;
  @Override
  public String getDescription() {
  // TODO Auto-generated method stub
  return null;
  @Override
  public Map<String, MonitoringData> getMonitoringData() {
  // TODO Auto-generated method stub
  return null;
  @Override
  public String getPluginName() {
  // TODO Auto-generated method stub
  return null;
  @Override
  public int getRevision() {
  // TODO Auto-generated method stub
  return 0;
  @Override
  public ExecutionStatus process(AuthenticationContext context)
  throws AuthenticationException {
  if(LOGGER.isLoggable(Level.FINE)){
  LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
  return ExecutionStatus.SUCCESS;
  @Override
  public void setMonitoringStatus(boolean arg0) {
  // TODO Auto-generated method stub
  @Override
  public boolean getMonitoringStatus() {
  // TODO Auto-generated method stub
  return false;
  MANIFEST.MF
  Manifest-Version: 1.0
  Bundle-ManifestVersion: 2
  Bundle-Name: NewPlugin Plug-in
  Bundle-SymbolicName: NewPlugin
  Bundle-Version: 1.0.0
  ImportPackage:org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,oracle.security.am.common.utilities.principal,oracle.security.idm,javax.naming,javax.sql,javax.security.auth
  Bundle-RequiredExecutionEnvironment: JavaSE-1.6
  METADATA XML
  <?xml version="1.0" encoding="UTF-8" ?>
  <Plugin name="NewPlugin" type="Authentication">
  <author>me</author>
  <email>[email protected]</email>
  <creationDate>11:40:20,2012-13-02</creationDate>
  <version>1</version>
  <description>Custom User Authentication Plugin</description>
  <interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
  <implementation>newplugin.NewPlugin</implementation>
  <configuration>
  <AttributeValuePair>
  <Attribute type="String" length="20">DataSource</Attribute>
  <mandatory>true</mandatory>
  <instanceOverride>false</instanceOverride>
  <globalUIOverride>true</globalUIOverride>
  <value>jdbc/CISCO</value>
  </AttributeValuePair>
  </configuration>
  </Plugin>

  Your search results show that the user "collini" was not found (nentries=0). This could be caused by a number of reasons.
  1) The user doesn't exist under "ou=people,dc=our,dc=domain"
  2) The user doesn't contain the posixAccount objectclass
  3) The user account that performed the search doesn't have access rights to read/search that user account
  What user account was used to BIND on the connection that the search was done on?
  Try performing the same exact search with an account you know can retrieve the entry. For example:
  ldapsearch -D "cn=Directory Manager" -w - -b ou=people,dc=our,dc=domain -s one "(&(objectClass=posixAccount)(uid=collini))"
  If the entry doesn't return as a result of the search then either #1 or #2 above is the problem. If the entry does return then #3 is your problem.

• SharePoint 2010 with OAM 11g

  We are currently trying to integrate SharePoint 2010 server with OAM 11g with 10g webgate. In our environment SharePoint site is configured with Claims based authentication with LDAP provider for membership. We have performed all the configurations based on the Oracle documentation with validation mode as OAMHttp.
  We are seeing the following behavior after this integration.
  1)     The user requests access to an SharePoint Site
  2)     Webgate protecting the site intercepts the request, determines if the resource is protected, and challenges the user.
  3)     The user enters their OAM credentials; Webgate contacts the OAM Server, which verifies the credentials from user store and authenticates the user. Webgate generates the OAM native SSO cookie (ObSSOCookie), which enables single sign-on and sets the User ID (to username) header variable in the HTTP request and redirects the user to SharePoint site.
  Here, instead of taking user to the home page of the site, the SharePoint login page is displayed again.
  =================================================================================================
  Looking into the debug logs i found the following error.
  Date ProcessId ThreadID ManagesThreadId ClassName MethodName Message
  =================================================================================================
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider Initialize validationMode^OAMHttp
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor Method Entered
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor ValidationURL configured validationUrl^http://wtv-sea-spapp01.chemd.net:8086/ValidateCookie.html
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor validationHost^wtv-sea-spapp01.chemd.net
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor OAMAuthUserCookieName^OAMAuthCookie
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor Method Exited
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider Initialize Setting Validation Type OAMHttp
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider ValidateUser Entering ValidateUser : username^IDG2M
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator ValidateUser Method Entered
  Exception Caught InValidateUser
  The remote server returned an error: (403) Forbidden. at System.Net.HttpWebRequest.GetResponse()
  at Oracle.OAMHttpValidator.ValidateUser(Dictionary`2 creds)5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator ValidateUser Exiting AuthStatus^AuthZFail
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider ValidateUser OAMauthStatus^AuthZFail
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider ValidateUser Method Exited returnCode^False
  If anyone have integrated OAM 11g with SharePoint 2010 earlier, appreciate your inputs in this regard.

  Each license is platform specific, you can't backwards apply or forwards apply licenses from one version of SharePoint to another.
  If you do have MSDN access, you'll have access to all current versions of SharePoint, across the current and retired server products.
  Steven Andrews
  SharePoint Business Analyst: LiveNation Entertainment
  Blog: baron72.wordpress.com
  Twitter: Follow @backpackerd00d
  My Wiki Articles:
  CodePlex Corner Series
  Please remember to mark your question as "answered" if this solves (or helps) your problem.

• Unprotect OIM 9.1 page in OAM 11g?

  I have configured 10g webgate with OAM 11g and everything seems to work great. I have a requirement to unprotect /xlWebApp/forgetPassword.do to allow password reset without challenge. I get the below error in OIM when trying to access the page. Looks like the Public Resource Policy in OAM is working, but OIM denies Anonymous User login. Can anyone help me understand how to let OIM passthrough Anonymous user for a unprotected page?
  ERROR [ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)' XELLERATE.WEBAPP - Class/Method: tcLogonAction/loginUser encounter some problems: javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User Anonymous javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User Anonymous denied
  Thor.API.Exceptions.tcAPIException: javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User Anonymous javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User Anonymous denied
  at Thor.API.tcUtilityFactory.<init>(Unknown Source)
  at com.thortech.xl.webclient.actions.tcLogonAction.loginUser(Unknown Source)
  Thanks,
  Sunil.

  I see that oim expects user "Anonymous" when a resource is marked public. I tried creating the "Anonymous" user and upon hitting /xlWebApp/forgetPassword.do, oim now takes me to the home page for anonymous user, instead of forgetPassword.do page.. Has anyone done this kind of integration in OIM. Please let me know, if i'm missing something here.
  Thanks.

• OAM 11g "Failure URL" in Authoriztion policy not working?

  Hi,
  Per the subject, I am running OAM server 11g (11.1.1.3), with an OAM 10g Apache webgate.
  In the OAM Authorization policy (protected), I have specified a full URL for the "Failure URL", to get the browser to redirect when an authorization failure occurs.
  However, when I test with a user that does not have access (user authenticates ok, but doesn't have right to access the protected resource), instead of the browser being redirected, I am getting an "Oracle Access Manager Operations Error" page.
  I've been trying to figure this out, and have found several threads about this, e.g.:
  OAM 11g authz redirect URL not working?
  But, as I said, I am using OAM 11g server, and there is no "Inconclusive URL" in the policy settings (I guess there was in 10g, but not in 11g).
  I have trace logging enabled on the OAM server, and I can clearly see that the request is getting "results DENY", but there's no indication in the logs that OAM server is aware of any failure redirection URL.
  I've also got a header trace, and I can see that the browser is simply being re-directed to the "/oberr.cgi...." URL, so it' not going "somewhere else".
  So, does anyone know why the "Failure URL" is not working in OAM 11g in Authorization policies?
  Thanks,
  Jim
  P.S. The URL that it's suppose to be re-directing the browser to is in the Public resources under Authorization, and as I said, I don't see the browser even attempting to go to the failure URL, either via header traces or the OAM server logs.
  Edited by: jimcpl on Nov 5, 2011 8:53 PM

  Hi,
  Per the subject, I am running OAM server 11g (11.1.1.3), with an OAM 10g Apache webgate.
  In the OAM Authorization policy (protected), I have specified a full URL for the "Failure URL", to get the browser to redirect when an authorization failure occurs.
  However, when I test with a user that does not have access (user authenticates ok, but doesn't have right to access the protected resource), instead of the browser being redirected, I am getting an "Oracle Access Manager Operations Error" page.
  I've been trying to figure this out, and have found several threads about this, e.g.:
  OAM 11g authz redirect URL not working?
  But, as I said, I am using OAM 11g server, and there is no "Inconclusive URL" in the policy settings (I guess there was in 10g, but not in 11g).
  I have trace logging enabled on the OAM server, and I can clearly see that the request is getting "results DENY", but there's no indication in the logs that OAM server is aware of any failure redirection URL.
  I've also got a header trace, and I can see that the browser is simply being re-directed to the "/oberr.cgi...." URL, so it' not going "somewhere else".
  So, does anyone know why the "Failure URL" is not working in OAM 11g in Authorization policies?
  Thanks,
  Jim
  P.S. The URL that it's suppose to be re-directing the browser to is in the Public resources under Authorization, and as I said, I don't see the browser even attempting to go to the failure URL, either via header traces or the OAM server logs.
  Edited by: jimcpl on Nov 5, 2011 8:53 PM

• OIM 11g Server Configuration Wizard Error - Cannot Connect to Oracle DB

  I appreciate any and all suggestions or thoughts on how to best continue troubleshooting this error that I am describing below.
  I am attempting to install Oracle Identity and Access Management Suite 11g on a Windows 7 machine…in following the installation guides I have successfully installed the following Oracle Components
  - Oracle Database 11.2.0.1.0
  - Created Schemas using RCU 11.1.1.3.3
  - Oracle WebLogic Server 10.3.3.0
  - Oracle SOA 11.1.1.2.0
  - Oracle SOA 11.1.1.3.0 (Patch Set)
  - Oracle IAM SUITE 11.1.1.3.0
  Following the above installations, I created a new WebLogic Domain and as the next step am running the OIM Configuration Wizard to configure the OIM Server, however I am unable to setup a connection to the Oracle DB via the OIM Configuration Wizard. I am getting an error message when attempting to setup the connection to the Oracle Database using the OIM 11g Server Configuration Wizard:
  ERROR:*
  INST:6102 Unable to connect to the database with the given credentials.
  *+[DETAILS] Check the values. Make sure the Database is up and running and connect string, user name, and password are correct.+*
  INST:6102 Unable to connect to the database with the given credentials.
  *+[DETAILS] Check the values. Make sure the Database is up and running and connect string, user name, and password are correct.+*
  When installing the Oracle Database 11gR2 I used the following install configuration:
  Oracle base: C:\MyApps\Oracle
  Software location: C:\MyApps\Oracle\DB_HOME\11.2.0\dbhome_1
  Database file location: C:\MyApps\Oracle\DB_HOME\oradata
  Database Edition: Personal Edition (3.27 GB)
  Character Set: Unicode (AL32UTF8)
  Global database name: orcl.dev.com
  Administrative Password: Password1
  Confirm Password: Password1
  When creating my Schemas using RCU 11.1.1.3.3 I used the following Database Connection Details
  DB TYPE: Oracle Database
  HOST NAME: localhost
  PORT: 1521
  SERVICE NAME: orcl.dev.com
  USERNAME: sys
  PASSWORD: Password1
  ROLE: SYSDBA
  I used a Prefix of “DEV” when creating the schemas so Schema Owners DEV_OIM and DEV_MDS where created. Also, I configured to use the same password for all Schemas: “Password1″. So the password for DEV_OIM and DEV_MDS should be the same, “Password1″.
  REPRODUCING THE ERROR
  To reproduce the error, when I launch the Oracle Identity Management 11g Configuration Wizard I am first brought to the “Welcome” Screen. I click the [Next>] button.
  Next, I am on the “Components to Configure” screen where I select OIM Server and OIM Design Console and click the [Next>] button. (NOTE I have also tested by simply selecting only the OIM Server)
  Next, I am on the “Database” screen where I enter the connection information
  Connection String: localhost:1521:orcl.dev.com
  (NOTE I have also tested using localhost:1521:orcl)
  OIM Schema User Name: DEV_OIM
  OIM Schema Password: Password1
  MDS Schema User Name: DEV_MDS
  MDS Schema Password: Password1
  When I click the [Next>] button after entering the Database Connection details I encounter the following two errors (1 error for each logon DEV_OIM and DEV_MDS)
  INST:6102 Unable to connect to the database with the given credentials.
  INST:6102 Unable to connect to the database with the given credentials.
  TROUBLESHOOTING
  NOTE: I can successfully start the Oracle DB Services and connect via the Enterprise Console, SQL Plus, and JDBCTest Java Client…I just cannot get past this connection error in the OIM Server Configuration Wizard.
  JDBCTest.java TEST CLIENT
  NOTE: THIS IS THE JAVA TEST CLIENT THAT I AM USING TO TEST DATABASE CONNECTIVITY THRU A SPECIFIED JDBC URL AND DRIVER THAT WORKS SUCCESSFULLY.*
  import java.sql.Connection;
  import java.sql.DatabaseMetaData;
  import java.sql.DriverManager;
  import java.sql.ResultSet;
  public class JDBCTest {
  public static void main(String[] args) throws Exception {
  String url = "jdbc:oracle:thin:@localhost:1521:orcl";
  String driver = "oracle.jdbc.OracleDriver";
  String user = "DEV_OIM";
  String password = "Password1";
  try {
  Class.forName(driver);
  Connection conn = DriverManager.getConnection(url, user, password);
  // Get the MetaData
  DatabaseMetaData metaData = conn.getMetaData();
  // Get driver information
  System.out.println("");
  System.out.println("#########################################");
  System.out.println("# ***DRIVER INFORMATION***");
  System.out.println("#");
  System.out.println("# Driver Name = " + metaData.getDriverName());
  System.out.println("# Driver Version = " + metaData.getDriverVersion());
  System.out.println("#");
  System.out.println("#########################################");
  System.out.println("");
  System.out.println("");
  // Get database information
  System.out.println("#########################################");
  System.out.println("# ***DATABASE INFORMATION***");
  System.out.println("#");
  System.out.println("# Database Product Name = " + metaData.getDatabaseProductName());
  System.out.println("# Database Product Version = " + metaData.getDatabaseProductVersion());
  System.out.println("#");
  System.out.println("#########################################");
  System.out.println("");
  System.out.println("");
  // Get schema information
  ResultSet schemas = metaData.getSchemas();
  System.out.println("#########################################");
  System.out.println("# ***SCHEMA INFORMATION***");
  System.out.println("#");
  System.out.println("# Schemas:");
  while (schemas.next()) {
  System.out.println("# " + schemas.getString(1));
  System.out.println("#########################################");
  System.out.println("");
  System.out.println("");
  // Get table information
  System.out.println("Tables");
  ResultSet tables = metaData.getTables("", "", "", null);
  while (tables.next()) {
  System.out.println(tables.getString(3));
  conn.close();
  } catch (Exception ex) {
  ex.printStackTrace();
  *"lsnrctl status" COMMAND TEST SUCCESSFUL*
  When the Listener Service is on I get the following output using lsnrctl status command
  C:\> lsnrctl status
  LSNRCTL for 32-bit Windows: Version 11.2.0.1.0 - Production on 21-SEP-2010 15:59:43
  Copyright (c) 1991, 2010 Oracle. All rights reserved.
  STATUS of the LISTENER
  Alias LISTENER
  Version TNSLSNR for 32-bit Windows:Version 11.2.0.1.0 - Production
  Start Date 21-SEP-2010 14:43:57
  Uptime 0 days 1 hr. 15 min. 46 sec
  Trace Level off
  Security ON: Local OS Authentication
  SNMP OFF
  Listener Parameter File C:\MyApps\Oracle\DB_HOME\11.2.0\dbhome_1\NETWORK\ADMIN\listener.ora
  Listener Log File c:\myapps\oracle\diag\tnslsnr\\listener\alert\log.xml
  Listening Endpoints Summary…
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
  Services Summary…
  Service “CLRExtProc” has 1 instance(s).
  Instance “CLRExtProc”, status UNKNOWN, has 1 handler(s) for this service…
  Service “orcl.dev.com” has 1 instance(s).
  Instance “orcl”, status READY, has 1 handler(s) for this service….
  Service “orclXDB.dev.com” has 1 instance(s).
  Instance “orcl” status READY, has 1 handler(s) for this service…
  The command completed successfully

  Whenever installing oracle databases, i install the software only first. Then i setup the listener. Then i create a database instance using the dbca tool. This way all the information is added to the pre-existing listener configurations rather than trying to create the listener afterwards. Also, during the dbca database creation, i supply a full service name such as orcl.hostname and use the service name in future configurations where it asked. This usually solves any issues of the listener or database not being found correctly.
  -Kevin

• Non-ASCI character Support in OAM 11g

  Hi,
  I have a requirement to test the user authentication with Oracle Access Manager 11g.
  I am using Active Directory as the user repository and able to create a user with the user id containing non-ASCI value (say Äuser1) and AD allows for it creation and when i try to provide access to that user in the OAM''s application in the constraints tab, after selecting that user from repository and when I say Apply, I receive an error message saying that
  "The policy store is not available; please see the log file for more details."
  and in the weblogic server log, i can see an error with Error Code: 1461 with a description saying INSERT INTO JPS_ATTRS (JPS_ATTRS_ID, ATTRVAL, ATTRNAME, JPS_DN_ENTRYID) VALUES (?, ?, ?, ?).
  Can anybody know if there are constraints as such with respect to supporting on non-ASCI characters in OAM 11g?
  Thanks,
  Nagendra

  This type of question/discussion belongs in {forum:id=50} forum.
  Very recently a thread there touched the topic of Turkish character support.
  Please read it: Western European Characterset to Turkish in sql
  >
  NLS_CHARACTERSET__________WE8MSWIN1252 Check the character set repertoire of win-1252 (look for the typical turkish language characters you've mentioned above).
  http://msdn.microsoft.com/en-us/goglobal/cc305145.aspx
  Look at character names, such as "... letter s with cedilla".