OAM and MS Active Directory Integration on Non-Windows Server envrionment

I will start by saying that I am dealing with a heterogeneous environment here where multiple systems are run by different levels of management. Our Oracle systems chose to go all *nix (Oracle Solaris and Red Hat Linux) and hence we do not have a single Windows Server in our Oracle services area and would really like to keep it that way as we prefer to keep a uniform platform across our Oracle servers.  However, the desktop side of our department has chosen to use Microsoft Active Directory and now we wish to integrate and perform authentication against it for our OAM protected sites.  We are in the initial setup phase but we have no desire to implement a critical server such as OAM on the Windows platform and would rather tie OAM running on a Red Hat Linux server to Active Directory.  We will also be using OID as we run Portal but do not want to use it as our authentication authority for Oracle Products (local policy is that Active Directory is the only valid credential authority on site as we are moving to true Single Sign On across our desktops and web applications).  I have a few questions.
1. Can it be done natively or would we have to run the Windows version of OAM?
2. If you must run OAM on Windows to use AD for authentication, Is there some way to setup the Windows version of OAM as sort of an interface for our main OAM server running on Red Hat Linux to do the AD Auth?
3. Can it be done using some sort of an interface such as Oracle Virtual Directory to interface with the LDAP interface to MS Active Directory?

Hi David,
Answers in-line
1. Can it be done natively or would we have to run the Windows version of OAM?
You can run all of the OAM Servers on *nix, and simply point to AD as an OAM data source on the machine:port that AD is running on. There is no need for the OAM components to be on Windows.
2. If you must run OAM on Windows to use AD for authentication, Is there some way to setup the Windows version of OAM as sort of an interface for our main OAM server running on Red Hat Linux to do the AD Auth
As above, this is not necessary.
3. Can it be done using some sort of an interface such as Oracle Virtual Directory to interface with the LDAP interface to MS Active Directory?
Yes, this is entirely possible. Even though it is not necessary in your situation, it often provides more flexibility to front-end the user store with OVD, for example when adding/renaming Windows domains, or specifying specific branches for users and so on.
Regards,
Colin

Similar Messages

  • Install Active Directory Domain Controller on Windows server 2008 enterprise, dont login on Sql Server 2008 R2

    I install Active Directory Domain Controller on Windows server 2008 enterprise and dont login on Sql Server 2008 R2. Before install ADDC, I have logon SQL Server 2008r2 Success, After when i install ADDC is don't logon on SQL Server 2008r2 -->not success.
    I have uninstalled ADDC but i still can't login on SQL server 2008r2.
    please help me. it  is very very disaster!
    I think is loss account SQL server 2008r2!

    Hello,
    I stronly recommend you post the detail error message to us while you try to connect to SQL Server instance, it's useful for us to do further investigation.
    Microsoft recommends that you do not install SQL Server 2008 R2 on a domain controller, there are some limitations:
    You cannot run SQL Server services on a domain controller under a local service account or a network service account.
    After SQL Server is installed on a computer, you cannot change the computer from a domain member to a domain controller. You must uninstall SQL Server before you change the host computer to a domain controller.
    After SQL Server is installed on a computer, you cannot change the computer from a domain controller to a domain member. You must uninstall SQL Server before you change the host computer to a domain member.
    SQL Server failover cluster instances are not supported where cluster nodes are domain controllers.
    SQL Server Setup cannot create security groups or provision SQL Server service accounts on a read-only domain controller. In this scenario, Setup will fail.
    On Windows Server 2003, SQL Server services can run under a domain account or a local system account.
    So, I would suggest you try to open up Windows Services list and changed the account for SQL Server service.
    Regards,
    Elvis Long
    TechNet Community Support

  • OID and MS Active directory integration in 9ias

    How to integrate OID with MS Active directory ?
    We have 9ias and Portal . How to use the username/password in MS AD for Portal authentication ? As far as I know 9ias is using OID , so the question comes down to how to replicate MS AD information to OID ?

    Hi, I have the same question.
    Thanks,
    Malin

  • ISE and MS Active Directory Integration Issue

    It appears that our ISE 1.2 solution is having issues with nested MS AD Groups. The first login attempt always fails, the second occasionally works and the third always works. Has anyone else experience this login issues with ISE 1.2 and MS AD?
    Sent from Cisco Technical Support iPhone App

    Rick,
    I am a little lost in the screenshots you posted. In your AD groups that you have pulled I dont see an authorization policy mapped to the first group. In the authentication report it looks like authentication is successfull.
    I have seen that ISE will only display a few of the groups now in ISE 1.2 can you build a policy based on the the group you want it to show and then try your authentication again? That is when ISE will show the specific group as opposed to ise pre 1.2 where it would show more groups.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Active Directory integration problem, Bind AC and OD

    Hi.
    I'm trying to set an Open Directory as "connect to a Directory System" because I have a windows 2000 server with Active Directory. But i have a problem when i click on "open directory Access", Access Directory appear and I select Active Directory.
    xxx.yyy is the server with active directory, with its admin and its password. but i cant Bind it and an error always appear.
    can you help me?
    what's "active directory domain"?is it xxx.yyy?
    and what's "computer ID"?
    Are there others parameters to set for example in DNS or other?
    help help help

    What are you trying to achieve by doing this?
    Got to http://www.afp548.com/ and serach for AD-OD integration.
    http://www.afp548.com/article.php?story=20051202151540574

  • Integration of sap R/3 (4.7) and Microsoft active directory (2003)

    Hi All,
    I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
    Pls help me with this issue.
    Thanks in advance,
    Regards,
    Raghav.

    Hi,
    First You should read:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
    Regards,
    Jarek

  • Help with Active Directory Integration and kerberos

    Hello,
    I’m encountering a bug preventing me to use Active Directory integration with kerberos :
    Our domain name is CORP.DOMAIN.COM.
    When we request the GC in this domain :
    bash-3.00# nslookup -query=any gc.tcp.corp.domain.com
    Server: 1.2.1.6
    Address: 1.2.1.6#53
    ** server can't find gc.tcp.corp.domain.com: NXDOMAIN
    there is no answer.
    But when we request without corp, we find the servers :
    bash-3.00# nslookup -query=any gc.tcp.domain.com | grep sis
    gc.tcp.domain.com service = 0 100 3268 serveur02.corp.domain.com.
    gc.tcp.domain.com service = 0 100 3268 serveur01.corp.domain.com.
    bash-3.00#
    Is-it possible to add the possibility to enter the domain name where reside the gc.tcp ?
    Thank you.

    Hello
    the domain.com domain exist, but it's not our domain.
    so, when I put domain.com, it search with no result (nothing appends).
    our kdc.conf :
    [kdcdefaults]
    kdc_ports = 88,750
    [realms]
    CORP.DOMAIN.COM = {
    profile = /etc/krb5/krb5.conf
    database_name = /var/krb5/principal
    admin_keytab = /etc/krb5/kadm5.keytab
    acl_file = /etc/krb5/kadm5.acl
    kadmind_port = 749
    max_life = 8h 0m 0s
    max_renewable_life = 7d 0h 0m 0s
    default_principal_flags = +preauth
    krb.conf
    [libdefaults]
    default_realm = CORP.DOMAIN.COM
    default_checksum = rsa-md5
    [realms]
    CORP.DOMAIN.COM = {
    kdc = dc01.corp.domain.com
    kdc = dc02.corp.domain.com
    [domain_realm]
    .corp.domain.com = CORP.DOMAIN.COM
    corp.domain.com = CORP.DOMAIN.COM
    in every domain, I think the GC are in corp.domain.com. but in my company, it's in domain.com...
    Thank you,

  • Active Directory integration: Invalid Token Error in Verification Service

    I'm having problems with Active Directory integration. I'm able to browse users in the task routing slip in JDeveloper. But I'm unable to login to the worklist application.
    Getting an "Invalid Token Error in Verification Service" error. Any pointers?
    <2007-06-12 21:40:36,843> <ERROR> <default.collaxa.cube.services> <PCException::<init>> Identity Service Configuration error.
    <2007-06-12 21:40:36,843> <ERROR> <default.collaxa.cube.services> <PCException::<init>> Identity Service Configuration file has error.
    <2007-06-12 21:40:36,859> <ERROR> <default.collaxa.cube.services> <PCRuntimeException::<init>> Identity Service Configuration error.
    <2007-06-12 21:40:36,859> <ERROR> <default.collaxa.cube.services> <PCRuntimeException::<init>> Identity Service Configuration file has error.
    <2007-06-12 21:40:36,859> <ERROR> <default.collaxa.cube.services> <::> WorkflowService:: VerificationService.destroyContext: invalid token: c9pHcmBFtc4q7/EY3xGAv/6hhfa6Hf5tllCb8ZYKtdSA/8/y0exRcwpjy0vWiWGgBPzuIh5Ur+l+ZHDNe0PKb9KiFScsKAG3JK1y+nIJtC827Rljhn8E+/BoF+ZIN6GFYn/iyo/6Mrlmz02Pg4QtetftO7eHJ01rEV5MmZFTXsg8iV6LQPnkAPjqmmsq+5bVYGGfSFpHX7FXk/0FrSabClKy6DKiwt/1Kp2Ldbj2RY8=
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> ORABPEL-30503
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Invalid Token Error in Verification Service.
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Invalid Token Error in Verification Service. Received invalid token c9pHcmBFtc4q7/EY3xGAv/6hhfa6Hf5tllCb8ZYKtdSA/8/y0exRcwpjy0vWiWGgBPzuIh5Ur+l+ZHDNe0PKb9KiFScsKAG3JK1y+nIJtC827Rljhn8E+/BoF+ZIN6GFYn/iyo/6Mrlmz02Pg4QtetftO7eHJ01rEV5MmZFTXsg8iV6LQPnkAPjqmmsq+5bVYGGfSFpHX7FXk/0FrSabClKy6DKiwt/1Kp2Ldbj2RY8= in destroyContext
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Check the underlying exception and correct the error. Contact oracle support if error is not fixable.
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.bpel.services.workflow.verification.impl.VerificationService.destroyContext(VerificationService.java:667)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.bpel.services.workflow.query.impl.TaskQueryService.destroyWorkflowContext(TaskQueryService.java:161)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at worklistapp.servlets.Logout.handleRequest(Logout.java:66)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at worklistapp.servlets.BaseServlet.doGet(BaseServlet.java:142)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:396)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at java.security.AccessController.doPrivileged(Native Method)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:410)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:368)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:866)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:448)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:216)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:117)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:110)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>      at java.lang.Thread.run(Thread.java:595)
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Caused by: BPEL-10555
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::>
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Identity Service Configuration error.
    <2007-06-12 21:40:36,890> <ERROR> <default.collaxa.cube.services> <::> Identity Service Configuration file has error.

    Hi Adina,
    thank you for your answer (questions)!
    We use 10.1.3.1 SOA Suite and the default jazn.com Security Provider and what we set at java.naming.security.principal property is oc4jadmin.
    It is interesting, we deployed again out EAR and now it works again! There is not Invalid Token Error exception, but we didn't change almost anything...
    Can we debug it somehow?
    Where does this bug come from?
    Thanks!
    ric

  • Tutorial: Azure Active Directory integration with Igloo Software

    Click reply and tell us what you think:
    Tutorial: Azure Active Directory integration with Igloo Software
    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

    Hello
    Can you be little clear, what you have tested with Airwatch MDM cloud?.. which scenarios?.. 
    1) Device Enrollment ?
    2) Access to Airwatch console?
    3) Access to Airwatch self service portal?
    By following the steps We do not get it working at all. by the way some of the steps in this tutorial are unclear and outdated;  
    I finally personally figured out how things should look like, and  make it work but only with Device Enrollment scenarios from the mobile devices itself. not from the pc and browsers or from the Access panel.

  • Oracle Discoverer 10G and mapping Active Directory to use SSO/OID

    Could anybody point me please to the right direction?
    1. I've setup Oracle 10gIAS but turned off SSO and my users running discoverer /portals with no SSO.
    2. My goal is to turn on SSO and synchronize it with Active directory on the windows box.
    Thanks you in advance

    Hi Randy;
    As you mention all notes refer to SSO&OID for Active Directory integration.AFAIK there is no way to do it, please log a Sr and confirm this wiht oracle support
    Regard
    Helios

  • Active directory Integration with OBIEE

    Hi all,
    Can any one send me a link for active directory integration with OBIEE.
    I have imported the users succesfully and I was able to login to analytics as an AD user.
    But SSO is not possible. Kindly help me over this.
    Thanks,
    Haree.

    Thanks for reply veeravalli.
    Me too followed the same link and successfully imported all the users from AD into OBIEE and login in is also possible.
    But my requirement is to have Single Sign On ie.., users may log on to their Windows PCs and access Oracle BI EE via a standard web browser with no further authentication required on their part.
    Thanks,
    Haree

  • OID and MS Active Directory  LDAP information Synchronization

    Do you know have to do the integration between OID and MS active Directory? How to synchronize the LDAP information between two?

    Hi, I have the same question.
    Thanks,
    Malin

  • Can Microsoft active directory integrated with Oracle Applications

    Hi,
    Can anyone provide me any document on Microsoft Active Directory Integration with Oracle Applications(12.0.6)
    Manish

    Hi,
    It is possible, please refer to the following documents for details.
    Note: 376811.1 - Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On
    Note: 415007.1 - Oracle Application Server with Oracle E-Business Suite Release 12 FAQ
    Regards,
    Hussein

  • SCCM report to show last logged on user and the Active Directory department attribute of that user.

    I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.

    You problem is here.
    right
    join v_R_User USR on USR.ResourceID
    = CS.ResourceID
    USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
    end up with unreliable results.
    Anyways you need to make these changes to your query.
    left
    join v_R_User USR on USR.Unique_User_Name0
    = CS.UserName0
    http://www.enhansoft.com/

  • User base Synchronization between SAP and MS Active Directory Server

    Dear all!
    I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
    i successfully implemented the synchronization of user data between SAP and the ADS.
    My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
    Currently I don't have a clue how to do this.
    Regards,
    Christoph

    Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
    The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
    Regards,
    Marc g

Maybe you are looking for