OAM Access SDK

Similar Messages

• OAM Access Server - Cannot load cert chain file aaa_chain.pem

  Hi experts,
  I am in the midst of changing the Transport Layer Security (TLS) of OAM Access Server from Open mode to Cert mode, and encountering the error not able to load aaa_chain.pem.
  Below are the steps which I have did:-
  1. Change the TLS mode for both Access Server and Webgate from Open >> Cert mode in the Access System console
  2. Stop the Access Server from Services
  3. From the <access server install dir> run ConfigureAAAServer.exe to generate aaa_req.pem and aaa_key.pem.
  4. Copy the certificate request from the aaa_req.pem and submit to Internal CA (Ms CA).
  5. Download the Certificate and Certificate Chain in Base 64 encoding, and rename into *.pem. E.g. certnew.cer >> aaa_cert.pem certnew.p7b >> aaa_chain.pem.
  6. Copy *.pem files in to <access server install dir>/oblix/config
  7. Rerun ConfigureAAAServer.exe to install the cert, all went smoothly without issue.
  8. Start Access Server from Services. <<< Service failed to start.
  NOTE: I did the same thing for Policy Manager, used genCert.exe to generate certificate request, submit the CA to sign and installed.
  Check on the event viewer, the following error was found.
  **===========================================================================**
  Log Name: Application
  Source: ObAAAServer-AccSvr01
  Date: 16/8/2010 1:06:39 AM
  Event ID: 1
  Task Category: None
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: IDMsvr.SSO.com
  Description:
  The description for Event ID 1 from source ObAAAServer-AccSvr01 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
  If the event originated on another computer, the display information had to be saved with the event.
  The following information was included with the event:
  Access Server Exception: Error: Cannot load cert chain file C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem
  the message resource is present but the message is not found in the string/message table
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="ObAAAServer-AccSvr01" />
  <EventID Qualifiers="49152">1</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2010-08-15T17:06:39.000Z" />
  <EventRecordID>1072</EventRecordID>
  <Channel>Application</Channel>
  <Computer>IDMsvr.SSO.com</Computer>
  <Security />
  </System>
  <EventData>
  <Data>Access Server Exception: Error: Cannot load cert chain file C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem</Data>
  </EventData>
  </Event>
  **===========================================================================**
  The ConfigureAAAServer.exe_
  C:\Program Files (x86)\NetPoint\access\oblix\tools\configureAAAServer>configureA
  AAServer.exe reconfig "C:\Program Files (x86)\NetPoint\access"
  Please enter the Mode in which you want the Access Server to run : 1(Open) 2(Si
  mple) 3(Cert) : 3
  Do you want to request a certificate (1) or install a certificate (2) ? : 1
  Please enter the Pass phrase for this Access Server :
  Do you want to store the password in the file ? : 1(Y) 2(N) : 1
  Preparing to generate certificate. This may take up to 60 seconds. Please wai
  t.
  Loading 'screen' into random state - done
  Generating a 1024 bit RSA private key
  .............++++++
  ..++++++
  writing new private key to 'C:\Program Files (x86)\NetPoint\access\oblix\config\
  aaa_key.pem'
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  Country Name (2 letter code) [US]:.
  State or Province Name (full name) [Some-State]:.
  Locality Name (eg, city) []:.
  Organization Name (eg, company) [Some-Organization Pty Ltd]:.
  Organizational Unit Name (eg, section) []:.
  Common Name (eg, hostName.domainName.com) []:IDMsvr.sso.com
  Email Address []:.
  writing RSA key
  Your certificate request is in file : C:\Program Files (x86)\NetPoint\access/ob
  lix/config/aaa_req.pem
  Please get your certificate request signed by the Certificate Authority.
  On obtaining your certificate, please place your certificate in 'C:\Program Fil
  es (x86)\NetPoint\access/oblix/config/aaa_cert.pem' file and the certificate aut
  hority's certificate for the corresponding component (for example: WebGate, AXML
  Server) in 'C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem'
  file.
  Once you have your certificate placed at the above mentioned location, please f
  ollow the instructions on how to start the Access Server.
  More Information on setting up Access Server in Certificate mode can be obtaine
  d from the Setup Installation Guide.
  Access Server mode has been re-configured successfully.
  Please note that new security mode will take effect only after the security mod
  e for this Access Server is changed to 'cert' from the Access Manager System Con
  sole.
  Do you want to specify or update the failover information ? : 1(Y) 2(N) :2
  Please restart the Access Server from the Control Panel Services once you have
  placed your certificates at the above mentioned location.
  Press enter key to continue ...
  C:\Program Files (x86)\NetPoint\access\oblix\tools\configureAAAServer>configureA
  AAServer.exe reconfig "C:\Program Files (x86)\NetPoint\access"
  Please enter the Mode in which you want the Access Server to run : 1(Open) 2(Si
  mple) 3(Cert) : 3
  Do you want to request a certificate (1) or install a certificate (2) ? : 2
  Please enter the Pass phrase for this Access Server :
  Do you want to store the password in the file ? : 1(Y) 2(N) : 1
  Please provide the full path to the Certificate key file [C:\Program Files (x86)
  \NetPoint\access/oblix/config/aaa_key.pem] : C:\Program Files (x86)\NetPoint\acc
  ess\oblix\config\aaa_key.pem
  Please provide the full path to the Certificate file [C:\Program Files (x86)\Net
  Point\access/oblix/config/aaa_cert.pem] : C:\Program Files (x86)\NetPoint\access
  \oblix\config\aaa_cert.pem
  Please provide the full path to the Certificate authority's certificate chain fi
  le [C:\Program Files (x86)\NetPoint\access/oblix/config/aaa_chain.pem] : C:\Prog
  ram Files (x86)\NetPoint\access\oblix\config\aaa_chain.pem
  Access Server mode has been re-configured successfully.
  Please note that new security mode will take effect only after the security mod
  e for this Access Server is changed to 'cert' from the Access Manager System Con
  sole.
  Do you want to specify or update the failover information ? : 1(Y) 2(N) :2
  Please restart the Access Server from the Control Panel Services.
  Press enter key to continue ...
  **===========================================================================**
  I followed through the documentation on OAM Identity & Common Admin - Chapter 8 guide.
  Is there anything which I have missed or something to do with the certificate.
  Thanks in advance.
  Regards,
  Wing
  Edited by: user13340813 on Aug 19, 2010 8:56 PM

  No, you didn't do anything wrong, JeanPhilippe. I'm right there with you. There's even another thread on this issue:
  <http://discussions.apple.com/thread.jspa?messageID=10808126>
  I had the same problem: IMAP & POP services would not launch using SSL. Finally got it resolved today. It had nothing to do with certificates and their names, or creating them in openssl, and everything to do with a botched dovecot.conf file, courtesy of Server Admin.
  It appears that every time I changed the certificate for IMAP & POP SSL in Server Admin, it appended the new selection to the dovecot.conf file on 3 separate lines. The result was an unhealthy list of every certificate file Server Admin had ever been pointed to for this service.
  After making a backup, I edited the file (/etc/dovecot/dovecot.conf) down to the single cert file I wanted it to use. It happened to be first in the list, FWIW.
  If you want to duplicate this, look for the lines beginning with:
  "sslcertfile"
  "sslkeyfile"
  "sslcafile"
  Obviously you need to be careful in there. But I did not even have to bounce the service before it took my changes. Thankfully, Server Admin did not overwrite my edits (which I've seen happen with manual config of other services, such as the iChat service.)
  Good luck, and let me know if I can provide more detail.

• Accessibility sdk for firefox handle

  Hi all,
  I'm trying to get the url of the foreground window of the PC.
  I have the answer for IE, but for firefox it looks like I need to use the accessibility sdk.
  Has anyone tried this before? Is there a smarter way to do it?
  Thanks a lot

  Check out this website for potential solutions first. <br />
  http://www.accessfirefox.com/
  http://support.mozilla.com/en-US/kb/Installing+a+previous+version+of+Firefox
  http://www.mozilla.com/en-US/firefox/all-older.html

• OAM : Access management of Print Server and Shares

  Hi Experts !
  Our customer is providing our user printing and storage facilities in their windows accounts besides many web based applications. We are planning to evaluate OAM for this environment as an access management solution.
  Web based application's access management is totally understood as explained in OAM documentation
  Can someone enlighten if we can control access of network printers and shares (SAN / NAS) using OAM? Can access Gate be utilized for this ?
  Really appreciate your response.
  Regards

  Install the 3 part hpijs:
  http://www.linuxfoundation.org/collaborate/workgroups/openprinting/macosx/hpijs
  Then use the protocol that the print server manual recommends, remembering that LPD and IPP use queue name, but HP Jetdirect (raw port 9100) doesn't. If there's a section in the manual for unix/linux, that's usually more productive than the Windows instructions.

• OAM accessing proxy server

  Hi all,
  I have a requirement where OAM should access the existing proxy server. The proxy server will be access through auth plugin written in C.
  I may need your thoughts/ideas on how the OAM will access/connect to auth plugin code.
  OAM is integrated with OVD and the user store is in Oracle 10g.
  Your help is really appreciated.
  thanks in advance.

  http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12491/authnapi.htm#BABJJFCE

• OAM Access System Error with AD

  Hi,
  I am trying to install OAM 10.1.4.3 with user and policy store as AD 2008.
  I have patched all components to BP05 to be compatible with AD 2008.
  After succesfully installing Policy Manager when I access /access/oblix and provide user directory type as Active Directory, the console hangs.
  That is on clicking "Next" botton it does not go to next page.
  However if I select any other directory console works properly. Infact on proceeding with other DS on policy store type also if I select AD same thing happens.
  Can anyone please suggest why its not taking AD as directory type.
  Regards,
  Deepika

  Hi,
  I have done schema changes, reloaded schema and renamed setup.xml still the same.
  For safer side I have also changed below entry:
  <NameValPair
  ParamName="dynamicAuxiliaryForOblixDS"
  Value="true"></NameValPair>
  to false in identity setup.xml and restarted everything. Nothing changed.
  In oblog.log of access server  there is repetative below error:
  unction^LDAPConfigDB::ReadOblixDBConfig
  2013/07/25@11:18:17.192365      24806   24825   CONFIGDB        WARNING 0x00000504      /usr/abuild/Oblix/10143hf/palantir/dblib/src/ldap_config_db.cpp:369     "Exception during DB runtime code"      function^LDAPConfigDB::ReadOblixConfigDB        obstatus^0
  2013/07/25@11:18:17.192656      24806   24825   CONFIGDB        WARNING 0x00000504      /usr/abuild/Oblix/10143hf/palantir/dblib/src/ldap_config_db.cpp:217     "Exception during DB runtime code"      function^LDAPConfigDB::Open     obstatus^0
  Please suggest.
  Regards,
  Deepika

• Creator Early Access SDK Level

  Hi
  I downloaded Sun Java Studio Creator 2 Early Access 2. Now I tried to set the source level to 1.5 to support tiger but it always go back to 1.4. Below is how I set the source level to JDK 1.5:
  I select the project and right click to select properties. I select Source from categories (left pane) and select 1.5 from the Source Level drop down in the bottom section of the right pane.
  However, it does not seems to accept that selection and the tool keeps defaulting to Source Level 1.4. And I still get error highlight for 1.5 code syntax support in my Java class.
  Any help to resolve this will be appreciated. Or is it that Sun Java Studio Creator 2 Early Access 2 does not support Source Level 1.5?
  Bisi

  You might want to post that to the Creator 2 EA forum instead of here.
  That forum is at: https://feedbackprograms.sun.com/login.html?ref=%2Fhome%2Ehtml%3F

• Password is NULL in OAM access logs

  Hi,
  Can any one tell what would be causing the below logs in OAM oblog.log
  /usr/abuild/Oblix/coreid1014/palantir/aaa_server/src/plugins.cpp:855 "The password is NULL"
  Thanks in advance....

  Hii,
  Can you please provide the scenario you tried?
  Regards,
  Chinni

• OAM Access Manager SSO solution fails to open docs and pdfs

  Hi
  I have created a solusion for SSO like this.
  OAM against AD, running on windows (server A). Webpass is on IIS.
  The applikation I'm protecting is an Weblogic 10.0 application running on windows (server B)
  I have also installed the webgate on serverB running on Apache 2.0, and all the installation is done by following the documentation for Weblogic sso
  (This is to make the application runnable directly through port 80 and redirecting in Apache)
  The sso works fine.
  But i have a problem in IE6
  When the application is trying to open documents to view them in msword or pdf for printing, the document is not opened, I get an "file not found" exeption in the browser, and the url for getting the document seems very long. (The grey popup)
  When I open the application in IE8 it works fine, and the url for getting document seems short (just the docID)
  (The application is currently only compatible for IE6 so running it in IE8 will cause other problems)
  I cannot find any error messages in any logs.
  If I run the excact same application without sso its working fine in both IE8 and IE6
  Regards
  Tine

  Hi
  This is a followup to the question in this thread
  The system is now able to load pdf's and doc documents, and the reason it did not work before was due to the cache settings on the webgate. The system is now caching documents in the temporarInternetfolder created for the users and loads word and pdf files for printing without problems.
  Now.. my problem is that the application is also running a kind of "generate pdf, doc, html files" application which are saving some modified files on the local users area. (my computer)
  After that the application ask to load these documents into the applications database.
  When I use the Apache mod_weblogic.c to proxy the requests, large files (5 MB) are not able to be loaded into the application database. I get a "the connection with the server was terminated abnormally" exeption.
  Small files (94 KB) are working fine.
  Does anyone have any idea of what can cause this?
  I have upgraded Apache from 2.0.58 to Apache 2.0.63 and I use mod_wl128_20.so as the weblogic module.
  Regards
  Tine

• Adobe Access iOS SDK download

  Where can I download the Adobe Access SDK for iOS? I am looking to integrate Adobe Access into my native iOS application.
  I have found several references to it on the Adobe site including the Objective-C API documentation but I can't find a download link.
  Thanks

  Please contact to sales person.
  http://www.adobe.com/products/adobe-access.html
  Thanks!
  Hiroshi

• How to access/download SDK?

  Could anyone one help me to find how to download/access SDK for ME 5.2?
  Thanks
  Mahesh

  Hello Mahesh,
  For SDK releases information please refer to SAP Notes #1498430 'SAP Manufacturing Execution SDK 2.0.1.8 Patch Release', #1519614 'SAP Manufacturing Execution SDK 2.0.2 SP Release', #1584011 'SAP Manufacturing Execution SDK 2.0.2.1 Patch Release'.
  Regards,
  Alex.

• OAM 11gR2 - Access Client

  Hi Gurus,
  i am writing a access client for a custom application, i am able to authenticate , authorize and get a session token for user but i am not able to get responses that we have set in  the authorization policy. we have set   Responses --> header -->$user.attr.customattr1
  i have looked into API document to get those responses but i am unable to do that.
  Oracle Fusion Middleware Access SDK Java API Reference for Oracle Access Management Access Manager
  Is there a way to get responses through apis.
  Regards
  978203

  can you confirm if you are using getActions or getAction API
  Also you may want to enable "Allow Management Operations" in AccessGate configuration in oamconsole
  what is exception you get while invoking api
  hope this helps

• Custom Login Module for Tomcat to procted apps using Oracle Access Manager

  Hi all,
  I have the following scenario.
  A web application deployed in Tomcat to be protected using OAM. One solution is to use Access Gate though we have other alternative as Proxy infront of Tomcat with a webgate. Now I am implementing the Access Gate solution.
  So, when the user clicks the tomcat application, then the prompt (BASIC) appears for login details. custom login module should kick in and take those login details and authenticate against OAM using Access SDK API.
  I have created access gate profile and installed Access SDK. Ran the ConfigureAccessGateTool as well.
  I did some research googling for login module. I came to know that we need to write a custom realm for it. So, this realm implementation involves specifying role-name etc., in web.xml where the role-name would have been defined in tomcat-users.xml.
  This means that the user trying to authenticate against OAM has to have some roles defined in Tomcat to login. I didnot understand the flow end to end as how this will work.
  Please let me know if anybody has done this of customization.
  Thanks,
  Mahendra.

  Hi Ambarish,
  Initially I thought of implementing the way you suggested in Option 2.
  But there will be various redirections when we use option 2 as the login page should redirect it to a page where OAM authentication and authorization stuff has to be handled. And accordingly we have to redirect it to specific pages upon successful atn and atz. Hence, I was opted using Custom Login Module.
  However, I have been trying Option 2 now. In web.xml, I have specified a login page with FORM scheme. The login redirects it to another page say OAM_Authentication_Handler.jsp. Here we code which serves atn and atz. Upon doing this, I have observed that the protected resource in OAM is not getting evaluated using the method
  String ms_protocol = "http";
  String ms_method = "GET";
  String ms_resource = "http://localhost:8080/FormLogin/private.jsp";
  ObResourceRequest rrq = new ObResourceRequest(ms_protocol, ms_resource, ms_method);
  The method rrq.isProtected() is returning false which implies it to unprotected. I have tested using Access Tester for the resource and it results in expected behaviour.
  Is there any limitation here by using this approach?
  Any ideas?
  Thanks,
  Mahendra.

• OAM with OID Architecture

  Hi All,
  Can anybody help me with the deployment architecture for OAM along with OID for an SSO solution. I could not find such a asset in any of the datasheets/documentation od Oracle (typical deployments).

  I can understand the confusion. It's a complex product with a lot of documentation. And it has undergone several name changes in its history. In reality, it's two products in one:
  OAM - Access - This is the security half of the product that performs authentication and authorization, controls access to web applications, and provides web sso. It consists of an Access Server, Policy Manager, and security agents called webgates or access gates. Webgates are pre-built security agents that Oracle ships with the product. They provide webgates for many lead web and application servers. Access gates are basically custom webgates, built and deployed using the Access SDK.
  See details here:
  http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12494/access.htm#BEIEJFFJ
  OAM - Identity - Identity system is the user mgmt half of the product, providing features like self-registration, user self-services, delegated administration, and approval workflow. It consists of an Identity server and a webpass, which is the presentation layer to get into the Identity server. You install a webpass on a web server so users and administrators can access the Identity system.
  See details here:
  http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12494/identity.htm#CHDCCEDA
  OAM does not require a Java application server to operate because it is not a Java application. What it does require is a web server and an LDAP directory server. The LDAP directory stores all your user data as well all the security policies, configurations, and workflows.
  Take a look at the Oracle-By-Example training series for OVD and OAM:
  http://www.oracle.com/technology/obe/fusion_middleware/im1014/ovd-oam/index.html
  It can help you get started with how to install the products. Note that OVD (Oracle's virtual LDAP directory) is not required for OAM, but is used in this example. You need a physical LDAP repository like OID, Sun, OpenLDAP, Novell eDirectory, or Microsoft AD.

• Package com.adobe.flashaccess.sdk.policy does not exist

  [ Problem ]
  We are trying to create policy. We have set the class path and referring adobe-flashaccess-sdk.jar, adobe-flashaccess-certs.jar and also we have copied jsafe.jar into class path directory.
  I am getting error. package com.adobe.flashaccess.sdk.policy does not exist error.
  Is any other .jar file needs to be included.
  [ Solution ]
  Page 11 of the Protecting Content document lists all of the .jar files required to use the Flash Access SDK:
  adobe-flashaccess-certs.jar
  adobe-flashaccess-sdk.jar
  bcmail-jdk15-141.jar
  bcprov-jdk15-141.jar
  commons-discovery-0.4.jar
  commons-logging-1.1.1.jar
  jaxb-api.jar
  jaxb-impl.jar
  jaxb-libs.jar
  relaxngDatatype.jar
  rm-pdrl.jar
  xsdlib.jar
  jsafe.jar or jsafeWithNative.jar
  Please check to make sure you have all the above .jar files on your classpath.  You also may want to check out the sample code and Ant built script located in the samples directory of the Reference Implementation Command Line Tools.  The Ant script contains targets for both compiling and running the samples, including creating a policy.

  No, I don't think you want to just copy the 4 jar files to your /lib/ext Java SDK directory. What you want to do is to run the Java3D install program to install Java 3D to the Java SDK or JRE you specify. The install will also copy some .DLL files since part of Java3D is implemented using native methods. Without the DLLs, I would guess that you can compile programs okay but will run into errors trying to run them. No clue why the install wouldn't work on XP, but maybe the install needs a JRE to run and you need to install Sun's JRE or SDK using their install program - Microsoft used to include their own Java SDK implementation in Windows, but then took it out for Windows XP to try and deprecate Java. The install EXE might be expecting a Windows registry setting that points to a JRE or SDK for it to use.