OAM 11gR2 and 10g

Following url is for 10g OAM for resource protection
http://docs.oracle.com/cd/E12530_01/oam.1014/b32420/v2access.htm#BABJHAIJ
Please can someone confirm that the flow for authentication/authorization is almost same in OAM 11gR2 (though product names have change like Access server for OAM server, but hope basic functionality of WebGates remains same)

Hi,
The flow is more or less the same, and the functionality of the WebGates is the same - but there are some differences in 11g. For one thing, the policies in 10g are stored in ldap, whereas in 11g they are stored in a DB. Also, in 11g there is a session cookie in addition to the authentication token. The 11g Access Admin Guide shows some flows, for example here: http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/agents.htm#AIAAG1729
Regards,
Colin

Similar Messages

  • OAM 11gR2 and OVD

    Hi,
    It appears OVD did not make it into the Oracle Fusion Middleware Identity Management 11gR2 release. The latest version available is still the one included in the Oracle Fusion Middleware Identity Management 11gR1 release. Is that correct?
    If so, I have a deployment of Oracle Access Manager 11gR2, which I'd like to integrate with OVD. Does this situation mean that I must deploy another entire WebLogic domain for the Oracle Fusion Middleware Identity Management 11gR1 release? Or is it possible to somehow install the 11gR1 version of OVD into the 11gR2 instance I've already got?
    - Jim

    Yes, the latest version of OVD available is 11.1.1.6 (11g R1). You may use this version with OAM 11gR2.
    OVD 11.1.1.6 uses WebLogic 10.3.6 and OAM 11g R2 also uses the same weblogic version. Please let me know if you are on some other version of WLS.
    As per best practice, try to keep the OAM and OVD in separate WLS domains.

  • OAM 11gR2 - Remote Registration Exception - HTTP Error 501

    Hello
    I installed OAM 11gR2 and am trying to configure OAM with WebGate.
    While doing remote registration using rreg.bat I get an exception
    RemoteRegistrationException
    HTTP error 501 could not send HTTP Post message
    Can anyone help me?
    Thanks,
    Ram

    Its most likely a problem with your java version.
    I know for sure that Java version 1.6.0_37 doesn't work and that 1.6.0.41 works for sure.
    Can you try installing a different version of java.
    if on linux use the
    update-alternatives --config java
    as root to point to the java (other version that you installed) and try again.
    Let me know if that helps.
    Cheers
    -Kungo

  • How to protect an application running on IIS with OAM 11gR2

    Hello Gurus,
    I have a question regarding protecting an application running on IIS with OAM 11gR2. We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page. These is all solaris. I am protecting other applications like pplsoft moduels with this OHS instance and OAM server. There is another application that I need to protect which is itself running on IIS windows machine. I need guidance as to -
    1.) Do I need to install a windows version of webgate to protect this IIS based application?
    2.) Or I can still protect and proxy requests from this application to current OHS instance? How can I do this?
    3.) Or Do I need to proxy requests directly from IIS to OAM weblogic server?
    Please advise to the earliest as this is an urgent issue.
    Thanks !!

    From your description it is not clear how exactly architecture looks like
    We have an OHS server running and all the requests from the users are coming to this OHS server webgate for them to login using the SSO login page.
    is this OHS centralized login farm ? (Case 1)
    OR is this OHS server (with webgate) acting as virtual web server hosting multiple web sites so that request to any site passes through this OHS/webgate (Case 2)
    1.) Do I need to install a windows version of webgate to protect this IIS based application?
    If case 1 then you need to install 10g webgate on top of IIS server to protect this application
    If case 2 then you can just proxy request from OHS to IIS server. As every request passes through OHS user will be authenticated before request hits IIS
    Look at Product documentation for virtual web sites : http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/shared.htm#autoId12
    It has steps to protect virtual web sites.
    Also you need to make sure no one hits IIIS web sites directly.
    Hope this helps

  • OAM 11gR2 Authentication using username/password/additional ldap field

    I want to add additional credential parameter along with username and password to be validated against LDAP.
    Is there any out of the box solution for authentication using username/password/additional ldap field in OAM 11gR2?
    This solutions exist in 10g and could not find any OOB feature in 11g.

    Do you need to accept additional parameter from user via login form & then use it in credential mapping step
    Not sure if %% syntax would work .. havent tried it. next option is to develop custom authentication plugin
    Additional ldap attribute against static value
    If you need to add additional ldap attribute (check against static value) that you can specify in LDAP search filter in "User Identification plugin" configuration
    Take a look at "MTLDAPPlugin" under custom authentication modules
    Hope this helps

  • How to protect an application running on Apache Tomcat app server with OAM 11gR2

    Gurus,
    We have an Apache Tomcat based application named "ABCD" here at client site that we want OAM 11gR2 PS1 to integrate with for SSO purposes. I have successfully configured OHS to reverse proxy requests to Apache Tomcat server whenever somebody tries to access the application URL but still, I am getting the application login page once I have successfully authenticated on OAM SSO login page. The Tomcat based application is authenticating users against a "UserDatabase realm".
    I know in terms of weblogic application, there is an OAM identity asserter provider which then populates the User Principal for the java environment with the authenticated OAM user. But there is no such OAM identity provider for Tomcat.
    So my question is, is there an provider (or Tomcat equivalent) which will entrust authentication to a header, that could be used to populate the Java User Principal from the OAM_REMOTE_USER header? Is the weblogic equivalent of authentication providers present in tomcat as well? Are those called valves?
    Please advise to the earliest.
    Thanks !!

    Aakash,
    I did follow the 4 steps that you mentioned to me. Out of the 4 that you had mentioned, I already had the webgate in place on OHS server and I was already passing the remote_user http header in oam policy as action.
    As part of Step #2: Install mod_jk plugin on OHS server that you mentioned
    1.) I downloaded the tomcat connector - tomcat-connectors-1.2.37-src
    2.) I had to run ./configure,make, make install on my OHS server which runs on RHEL 6. It created the mod_jk.so file. I pasted it in the needed folder.
    3.) I then created the httpd.conf file and workers.properties file as said in the connector docs.
    4.) Restarted OHS.
    As part of Step #3: Configure tomcat's ajp connector that you mentioned and I went through all the links pasted below but didn't find actually what needs to be in place to configure tomcat's ajp connector. I do see in the server.xml of tomcat app server that the ajp 1.3 protocol is supported:
    http://tomcat.apache.org/tomcat-4.0-doc/config/ajp.html
    http://tomcat.apache.org/tomcat-3.3-doc/mod_jk-howto.html#s8
    http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
    http://www.mulesoft.com/understanding-tomcat-connectors
    <!-- A "Connector" represents an endpoint by which requests are received
             and responses are returned. Documentation at :
             Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
             Java AJP  Connector: /docs/config/ajp.html
             APR (HTTP/AJP) Connector: /docs/apr.html
             Define a non-SSL HTTP/1.1 Connector on port 8080
        -->
        <Connector port="8080" protocol="HTTP/1.1"
                   connectionTimeout="20000"
                   redirectPort="8443" />
    <!-- Define an AJP 1.3 Connector on port 8009 -->
        <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    Do we need to disable the HTTP protocol in Tomcat and keep only AJP connector enabled? If yes, how to do that?
    I am trying to connect to the application from OHS server like so I am using the http protocal right? How should I use the ajp protocol to connect to tomcat application? 
    http://ohs-host:ohs-port/abcd
    Thanks !!!!!

  • OAM 11g Webgate 10g customized SSO logout page

    As stated in the title, I am using OAM 11g and Webgate 10g. I am trying to create a customized SSO logout page but am confused on a few parts. First off, in http://docs.oracle.com/cd/E17904_01/doc.1111/e15478/logout.htm#CHDHFGJC , it states the following step for their logout.html:
    Logic in logout.html redirect to the OAM Server. For example:
    http://myoamserverhost:port/oam/server/logout?end_url=http://my.site.com/
    welcome.htmlMy question is if this is truely required? Or is there a way to have OAM invalidate the session and do its internal part of the logout procedures without needing to force the user to redirect to the OAM server's logout URL (eg: it automatically recognizes that the Webgate URL is "...../logout.html" and handles it properly). From talking to colleagues it sounds like this should be possible, and I see some mentions of it in the above documentation, but this appears to be 11g OAM and 11g Webgate behavior. At the same time though, the line "Logout is initiated when an application causes the invocation of the logout.html file configured for any registered OAM 10g Webgate." Leads me to believe that it can work with 10g webgate as well.
    Or, is there a way to have multiple valid logout pages on the OAM server? (There is currently a customized logout page that we cannot modify, and does not meet all the requirements we have for look/feel)
    Thank you
    Edited by: mBaldwin on Apr 12, 2013 10:30 AM

    Bump Any ideas?

  • Re: Is Oracle 11gR2 and 10gR2 BOTH compatible with Oracle Linux 6 Update 1?

    Hello,
    Required to Install Oracle 11gR2 and 10gR2 Oracle binaries on Oracle Linux 6 Update 1, are both versions compatible to install and run with databases on Oracle Linux Release 6 Update 1 or Oracle Linux Release 5 Update 7 is required for this?
    Thanks in advance,
    Regards,
    A
    Edited by: 850391 on Oct 13, 2011 3:43 PM
    Edited by: 850391 on Oct 13, 2011 3:44 PM
    Edited by: 850391 on Oct 13, 2011 3:44 PM

    Hi;
    Oracle 11g or 10g is not certified wiht OEL or RHEH6 yet. Please use OEL 5.x version which you can download from edelivery.
    Also see:
    Oracle Database on Unix AIX,HP-UX,Linux,Mac OS X,Solaris,Tru64 Unix Operating Systems Installation and Configuration Requirements Quick Reference (8.0.5 to 11.2) [ID 169706.1]
    Regard
    Helios

  • OAM 11gR2 Throwing SSL Warning after configured to use HTTPS Load Balancer

    I have configured OAM 11gR2 to use an https load balancer on 14100 and have set my managed servers SSL listen port to 14100 (Could not use 14101 because the HTTPS VIP created was listing on 14100) everything works fine with this configuration, but my logs are filling up the the following warning.
    <Oct 3, 2012 1:41:54 PM UTC> <Warning> <Security> <BEA-090475> <Plaintext data for protocol HTTP was received from peer 10.228.0.1 - 10.228.0.1 instead of an SSL handshake.>
    I know that 10.228.0.1 is the DNS server, but I'm not sure why this happening. Any ideas?

    What is WLS and OHS versions are you using in this environment?
    If it's old version than these, please upgrade WLS to 10.3.3 and the OHS to 11.1.1.3. These is a known bug on WLS side not it OAM.
    I hope this helps,
    Thiago Leoncio.

  • BASIC OAM 11gR2 QUESTION

    Can someone explain difference between "success url" for
    1. Authentication Policy - success url is optional parameter.
    2. Authrization Policy - success url is optional parameter.
    3. Unsolicated Login - success url is required parameter.
    This is with respect to Oracle Access Manager 11gR2.1

    1. Authentication Policy - success url is optional parameter.
    After successful authentication user will be redirected to URL mentioned in "success url". 
    2. Authrization Policy - success url is optional parameter.
    After successful authorization user will be redirected to URL mentioned in "success url"
    Both these parameters are optional. If these parameters are not present in OAM policy then user will be taken to a protected application url from where OAM flow began. For example user has started with http://mydomain.com/protectedapp URL
    3. Unsolicated Login - success url is required parameter.
    This is required parameter for "unsolicited login" feature. Basically you pass three parameters to OAM Direct authentication url "username" , "password" & "successurl". If provided username and password is correct redirection to URL in "successurl" parameter would happen. You can get more information about unsolicited login feature in this blog
    http://www.ateam-oracle.com/unsolicited-login-with-oam-11gr2/
    Hope this helps.

  • Install SSL certificate for OAM 11gR2

    Experts, I wanted to know some recommended urls, links etc for configuring and installing SSL certs for OAM 11gR2.
    Base install for OAM is working fine and all consoles are ok.
    I have found following link from the docs
    http://docs.oracle.com/cd/E27559_01/core.1112/e28516/sslconfig.htm#ASADM1800
    Please confirm above link would suffice to install and configure SSL.
    Any other challenges or issues likely to come up would help, like importing certificates and root certificate etc.

    Assuming you're referring to SSL between OAM Server and WebGate, it is documented here: Securing Communication - 11g Release 2 (11.1.2)
    Regards,
    Colin

  • 11gR2 to 10g Export/Import

    Hello,
    Does exporting from Oracle 11gR2 and importing to Oracle 10g work?
    Thank you!

    Alex,
    this forum deals with migrations from foreign databases to Oracle. Your export/import question should be better posted in this forum:
    Export/Import/SQL Loader & External Tables
    You might also have a look at the My Oracle Support note:
    Article-ID: Note 132904.1
    Title: Compatibility Matrix for Export And Import Between
    Different Oracle Versions [Video]

  • OAM 11gR2 time frame

    Hi Folks
    Does anyone have any tentative time frame on when OAM 11gR2 will be out.
    Thanks,
    -MD

    What is WLS and OHS versions are you using in this environment?
    If it's old version than these, please upgrade WLS to 10.3.3 and the OHS to 11.1.1.3. These is a known bug on WLS side not it OAM.
    I hope this helps,
    Thiago Leoncio.

  • OAM 11gR2 new domain startup issue

    Installed OAM 11gR2 in new domain, completed security store configuration. Also checked validation, that also worked fine.

    I can't seem to find Note 1461370.1 in oracle support. I am having the same issue. I found a ticket opened as a bug, 13586338, with a simular issue but that was closed and no resolution was given.

  • Sorting in 6i and 10g reports

    Hello All,
    I am running 6i and 10g reports against a 10g database.
    I ran one of the 6i report and it generated a report in one sorting ordear
    and when i ran the same report on 10g ,it generated the report in ddifferent order.
    Both the reports r run against the same 10g database.
    The order by clause on the columns of the records r identical.
    Now i wanted to understand how it is sorting in different orders in both 6i and 10g reports?
    Thanks,
    Ranz

    Hi,
    Please note the fact that 6i Reports is not certified to work with 10g Database. Hence it becomes impossible to address the sorting behavior of 6i Reports, though there is nothing different in the way it works. I would suggest you to use 10gR2 version of Reports services with 10g Database which is certified and supported. Thanks for your understanding.
    Regards,
    Anand

Maybe you are looking for

  • Error in the registries, 4-20mA

    I´m using fieldpoints (FP-2020) to register the values (4-20mA) originating of a CFI (converter frequency - current). In some occasions fieldpoints have registered erroneos values, as if the CFI was not connected. Is it possible that fieldpoint varie

  • Reg:Open PO

    Hi, Is there any field in PO (either header or item) which will indicate the PO as open (i.e GR pending or IR pending). How to get the list of open POs other than ME2N (with selection parameter as WE101). (In sales module they have two fields at head

  • Invalid value for variable 0calyear in planning modeller

    Hi Experts, I have an urgent requirement. In my planning modeller I have a variable for 0calyear for accepting current year and target year. If I give target year(for example, 2015) which is not present in 0calyear it is showing error that 2015 is an

  • My Illustrator CS5 keeps freezing when I try to render artwork using the 3D revolve effect.

    I am designing my band's album cover and it features pill capsules.  I can create the object with ease, but when I click on "3D Revolve" and then hit "preview" it says "Rendering Artwork" and instantly freezes at halfway.  This is really starting to

  • APN Settings automatically changed

    After putting the new settings in API it changed after a period to Vodafone settings automatically, this thing happens constantly. iPad (3rd gen) Wi-Fi + Cellular OS: 5.1.1