OAM / OIM - Conceptual question

Hi all,
I'm trying to understand the overlap between OAM and OIM in terms of identity management. I'm going through the OAM manuals and it talks about OAM's Identity System in a way that very closely resembles a lot of what OIM does, ie. user management, groups, delegated admin, self admin, etc...
I'm trying to understand how these two fit together. I know OIM does a lot more in terms of provisioning to other resources... is OAM considered a resources that OIM provisions to? If you have OIM and OAM, it seems that there's now 2 repositories of user data....
Can someone explain (or point me to a doc that does) the relationship(s) between OIM and OAM, how they fit together, which drives the other, etc...?
Thanks very much
Alex

OAM's Identity System is web based self service tool for users to edit their information for their identity records. Forgot Password Service will help the users to reset their passwords. Oracle Access Manager's main functionality is the Single Sign On feature and to offer AU and AZ services. Also OAM's Identity System helps you to create/manage/delegate LDAP Dynamic Groups and Organizations. Remember, OAM will not be able to provision users with LDAP Accounts. You need to create LDAP Accounts and then you can manage the users via OAM Identity System. You can also create users from OAM Identity System but no one creates users from OAM Identity System in a corporate environment. OAM Identity System is designed to provision the Access Administrators with capability of creating/managing/delegating the tasks of Dynamic LDAP Groups which are in turn used in AZ rules for Access Policies. AFAIK, creating users and organizations from OAM - Identity System is not recommended. My recommendation for using the OAM Identity System is to limit the usage to LDAP Dynamic Group Creation. As a Access Administrator it will be very convincing to create the groups without contacting the LDAP Teams.
On the other hand, OIM can synchronize with Corporate HR systems/AD/LDAP and other authoritative identity sources and pull the records to OIM. Based on the business roles, OIM can automatically provision the users with all required resources with appropriate access rights. OIM also offers Forgot Password and Password Reset services which are recommended for usage in a corporate environment. Also I don't think you can create LDAP Dynamic Groups and Organizations in an authoritative LDAP via OIM.
Coming to the integration part, OAM can protect OIM and offer Single Sign On to OIM Services. OIM can provision users to OAM but not straight forwards as there is no connector provided for OAM OOTB. If you have both OIM and OAM still you have a single identity (user) store. Both OAM and OIM will talk to the single user store for synchronization. For OIM, you will have a user account in OIM System apart from the user directory but for OAM you will use the account from the user directory to access Identity and Access Services.

Similar Messages

  • OIM - Conceptual question

    Hi All
    I have some confusion about parent table and child table w.r.t to resource provisioning. Say for example, if I am using the AD connector, then I will have a main parent table for AD RO and a child table for AD Groups. When I try to provision a user, I populate the parent table data on the process form and then select a particular group and attach it to parent table, a user gets provisioned to AD with that group. This will trigger two process tasks as below:
    1. Create AD user
    2. Add to AD group
    I want to know that how OIM knows when it has to call the second task and whether it has to call the 2nd task or not. Where in OIM can I see this linkage.
    Is it something like if there is a row populated in child table, it automatically calls the second task. Is there any way, I can see this linkage or is it internal to OIM.
    Please let me know if anyone has idea about this.
    Thanks

    I guess you have already answered your question ..,
    If you see your process task Add user to group and look up for some thing like Child table and trigger type (down left corner) . When ever you add a child data from web app , A row would be inserted in the child table and this task has a mapping that when ever a insert opertion happens in this child table , invoke me . So its invoked .
    Create user task is called as its the only non conditional task in the process definition . All non conditional task would be invoked
    Thanks
    Suren

  • OAM-OIM 11g User Lockout Question

    All,
    We have a OAM and OIM 11.1.1.3 installation and i am testing the invalid login attempt scenarios and came across teh following situation. I was wondering if you could give me steps or some pointers for resolving this:
    1. created an account [email protected] as xelsysadm and reset the password on first login
    2. Have the following OIM default parameters (these are the only configs that i could find are possibly related to this)
    XL.UnlockAfter - 0
    XL.MaxLoginAttempts - 10
    3. Entered incorrect password and for the initial 4 times i got the OAM login screen back with an error message "An incorrect Username or Password was specified"
    4. After 5th attempt i just got the error message "Error
    An incorrect Username or Password was specified"
    5. I go back the http://oimservername:oimport/oim i get the login screen again and enter [email protected] with an incorrect password next 4 times (total 9 now) I get login screen back with "An incorrect Username or Password was specified"
    6. after the 10th attempt with incorrect password i get a different error message with no login screen "Error
    The user account is locked. Please contact Administrator."
    7. I logged into OIM as xelsysadm -> administration -> search user [email protected] and it doesn't show that the account is locked. I lock it anyways explicitly by clicking the button the user screen and click unlock immediately and now enter [email protected] and correct password everything works.
    Few questions that i have are:
    1. how do i get the OAM/OIM system to behave consistently, (give an incorrect username or password message until the first 9 attempts with a login screen back to the end user and give them an error message at the end that the accoutn is locked". I am okay with out of the box message text
    2. How will our operations team understand that the user is really locked becuase they have nowhere to go find this information
    3. what are all the places where i will look for this information in the above scneario when the user account is locked by himself. (OVD/OID, USR table in OIM_DEV schema etc)
    4. Are there any other best practices that i should follow in setting up the system.
    Thanks in advance for reviewing this.
    Prasad.

    It appears to be all happening in OAM. After researching some more, I found this piece at http://download.oracle.com/docs/cd/E17904_01/doc.1111/e15740/idmint.htm#CACBBIDI.
    But never the less it doesn't explain how to unlock the user other than the workaround that i found. Did anyone else had to deal with this.
    x---------------------------------------------------------------x
    2.8.4.4 Account Lock and Unlock
    Oracle Access Manager keeps track of the login attempts and locks the account when the count exceeds the established limit.
    When an account is locked, Oracle Access Manager displays the Help Desk contact information.
    When contacted by the end user, the Help Desk unlocks the account using the Oracle Identity Manager administrative console. Oracle Identity Manager notifies Oracle Access Manager about the changes.
    Account Lock and Unlock Flow
    When the number of unsuccessful user login attempts exceeds the value specified in the password policy, the user account is locked. Any login attempt after the user account has been locked displays a page that provides information about the account unlocking process, which will need to be customized to reflect the process (Help Desk information or similar) that is followed by your organization.
    Note:
    Oracle Identity Manager does not support automatic locking of a user account after a specific period has elapsed.
    The following describes the account locking/unlocking flow:
    Using a browser, a user tries to access an application URL that is protected by Oracle Access Manager.
    Oracle Access Manager Webgate (SSO Agent) intercepts the request and redirects the user to the Oracle Access Manager login page.
    The user submits credentials that fail Oracle Access Manager validation. Oracle Access Manager renders the login page and asks the user to resubmit credentials.
    The user's unsuccessful login attempts exceed the limit specified by the policy. Oracle Access Manager locks the user account and redirects the user to the Oracle Access Manager Account Lockout URL, which displays Help Desk contact information.
    The user contacts the Help Desk over the telephone and asks an administrator to unlock the account.
    Oracle Identity Manager notifies Oracle Access Manager of the account unlock event.
    The user attempts to access an application URL and this event triggers the normal Oracle Access Manager single sign-on flow.

  • OAM domain configuration: question

    When installing OAM, and during domain configuration for OAM specific, in the following
    screen where you select Admin Server, Managed Server, Cluster, Deployment Services etc
    there are two more options
    JMS File Store and JMS Distributed Destination which do not show up- these only show
    up for domain configuration for OIM.
    Question: Why JMS options do not show up during OAM domain config? But show up
    during OIM domain config.

    Unfortunately this is currently not a supported configuration. A domain must contain a single ALSB cluster. This is something we are looking to improve in the future.
    Gregory

  • OHS in front of OAM/OIM

    All,
    I configured OHS in front of oam/oim 11.1.1.3. Everything works great, however access_log in OHS does not show username for secure page access in oim/oam. Has anyone gone through this setup before, if so can you please let me know what i could be missing.
    Thanks in advance,
    Prasad.

    It is doable :)
    There are 2 stages:
    1) To simply protect the pages you add a /oim/*...* and /oim/* resources and host in the agent you are using to access the server with (webgate) and then any hits will get redirected to the OAM login page. This should be done by default by your webgate agent AND you need to use the 10g webgate for proper integration (11g webgate is not supported for protectingthe IAM suite yet).
    2) For full integration with passthrough authentication and reset password and self-service redirection you'll need to do more. Look through the Oracle docs on how to do this, it's scattered in a few different places, but here are some tips:
    - if you're using VMs take snapshots before trying
    - you'll need to go in EM to change OIM agent properties, in Weblogic to change providers (use OAMIdentityAserter first and then OAMAuthenticator second) and for full integration use the OIM Ldap-Sync (if you're doing it that way) as the identity store.
    - do not use the automated tools that will magically do it for you like 'idmConfigTool'. They did not work for me, but rather wasted 2 days because my configuration did not fit its profile.
    Good luck.
    - JP

  • OAM OIM OID OVD ?

    I always hear these things from Oracle, OAM, OIM, OID and OVD. are they the same thing? if not, I belive they are related since people always mention them together, then, what's relationship? please clarify
    I'm new to Oracle identity management products. please let me know if there are any others products closely relate to above in this family.
    Thanks

    Hi,
    Each and every thing performs specific role,It will interdependent you can say when it comes to implementation.
    OAM->oracle access manager=performing authentication and authorization of web based and non webbased resources by protecting them.
    OIM->oracle identity manager =managing identities of organisation,integrating and provisioning(giving access) to various application and single sign on.
    OID->oracle internet directory=its one of the directory server like sun directory server,AD for managing user data.
    OVD->oracle virtual directory=its a virtual directory server which provides only view from multiple directory servers.
    Please go through oracle docs for more info.
    Thanks,
    Ragu.

  • PI conceptual question

    Good afternoon:
    We are currenlty moving into SOA and we'd like to use Netweaver as our ESB but I have a conceptual question right now:
    - If my applications consume the web services provided or registered in the Services Registry, will I be using the Process Integrator implicitly??
    We want to register web services and use the web services registered in the Services Registry of Netweaver, but licensing for the PI es really expensive...
    Thanks for any hints...

    >  If my applications consume the web services provided or registered in the Services Registry, will I be using the Process Integrator implicitly??
    Yes, To consume or host webservice we can use PI middleware. PI supports also service registry to register your webservice for others.
    >> We want to register web services and use the web services registered in the Services Registry of Netweaver, but licensing for the PI es really expensive...
    PI 7.3 has plenty of cool features and it is claimed as SOA Middleware. Comparitively PI licensing cost is better than competitors too.

  • OAM/OIM 11.1.1.3 audit question

    All,
    We are collecting login information in the IAU_BASE table. Most of the time IAU_INITIATOR value is null. Does anyone have an idea why this is the case? Is there a setup that we are missing in OAM configuration?
    thanks in advance,
    Prasad.

    Hi - did you ever get an answer to this question or figure this out?

  • Relationship between OAM,OIM,OID

    Hi Gurus,
    I am very very new to fusion middleware ,i would like to know the relationship between following in simple terms.
    Oracle Access Manager
    Oracle Identitiy Manager
    Oracle Internet directory
    Below are my understanding correct i'f im wrong
    OID is like LDAP where passwords and passwords and security policies will be saved.
    redirecting to similar question or post is also fine.
    Thanks in advance...

    OIM and OAM may use OID to write/retrieve user details from OID.
    Lets say a user joined an organization. Now as per onboarding process, you reconcile user from trusted source to OIM and sync that user to OID using LDAP sync. Now when you try to access an application which is protected by OAM, the authentication and authorization of that user happens against OID if it is configured as user identity store.

  • Can we use OID 11gR1 with the OAM/OIM 11gR2

    Hi,
    I am installing the IdM 11gR2. As OID does not comes with this pack. so can we use/install the OID which comes with the IdM 11gR1.
    Or is there any other option like OUD.
    Can we integrate the OUD 11gR2 with the OIM/OAM 11gR2 to manage the users/groups.? If yes, please share some document for it.
    Please suggest the best option as we are learning OIM/OIM 11gR2.
    Thanks
    Harry
    Edited by: Harry-Harry on Jan 28, 2013 12:59 AM
    Edited by: Harry-Harry on Jan 28, 2013 1:10 AM

    The latest OID in 11gR1 is 11.1.1.6
    It will support integration with 11gR2 OIM and OAM. Kishore already sent the certification matrix link.
    I am currently using OID 11.1.1.6 in above configuration and works fiine. Any other questions feel free to post your questions.

  • OAM SSO integration question:How can I get a user identity from ObSSOCookie

    We are building an OAM SSO solution. The App server is both on OAS and WLS. My question is that, after I get the ObSSOCookie from httprequest.
    I need to verify whether the ObSSOCookie is a valid one, and I also need to get user identity from the cookie and pass it to login module to populate user principal
    Of course, one way of doing that is to install access manager SDK and go from there. But we support multiple OS, it's a pain to add Access manager SDK to different installer for different OS.
    I am trying to use IdentityXML Functions which is a SOAP based webservice so that I don't need to worry about the OS platform. But I can't find a webService which returns user identity based on a valid ObSSOCookie. It seems that I can invoke webService with valide ObSSOCookie, but there is no way to get the user identity back. Am I missing something?
    Hope someone can help me out.
    Thanks.
    -Wei

    Ok. Sounds like you are a vendor trying to play well in an SSO environment.
    Here is what I tell OAM customers when they are evaluating software to see if it will cooperate with a system like OAM.
    Can the software's native authentication scheme be explicitly turned off (usually a configuration in a file)?
    Can the software be configured to accept a token of identity in the form of a Cookie or HeaderVar (also configurable in a file)?
    If the answer to both is yes, then the system is capable of 'third party trust' for authentication.
    From your perspective, your logic for login should be something like:
    Is my native authN turned off?
    If yes, can I find the cookie or header that I should be looking for?
    If yes, take the value and proceed to create user session for this identity per usual (except that you never evaluated the authN - you trust that it was done).
    If no, present the native AuthN scheme anyway.
    If you follow this pattern, you are in the good company of folks like PeopleSoft and Plumtree who had these types of integrations working long ago.
    Yes, there are other ways to do this but, in my humble opinion, this remains the most stable and effective pattern we see.
    What you ask for as the identity token value is up to you. It is often the login ID value that you would have used in your own authN procedure. There's nothing particularly sensitive about having a webgate set headers - they are only available to the server and not to the client. Cookie of course could be seen but can't be spoofed as the webgate has the final word on it's content.
    Mark

  • OAM-OIM intg.- getting NPE errors while running idmconfigtool.sh script

    I trying to run idmconfigtool.sh for OIM-OAM integration and getting null pointer exception with -configOAM option. Running the script from OAM server. Here's my environment.
    OIM - 11gR2
    OAM - 11.1.1.5
    OVD - 11.1.1.6 front ending OUD
    OUD - 11gR2 (FMW identity store)
    Exception below from automation.log
    Feb 21, 2013 1:20:39 PM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOAM11gIdStore
    SEVERE: Error while configuring webgate and domain
    java.lang.NullPointerException
    at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.configOAM11gIdStore(OAM11gIntegrationHandler.java:368)
    at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.execute(OAM11gIntegrationHandler.java:696)
    OVD structure:
    IDSTORE_USERSEARCHBASE: cn=users,dc=idm
    IDSTORE_SEARCHBASE: dc=idm
    IDSTORE_SYSTEMIDBASE: cn=systemids,dc=idm
    IDSTORE_GROUPSEARCHBASE: cn=groups,dc=idm
    I see err=32 in OVD logs when the script tries to search oamLDAP user. oamLDAP user exists under cn=systemids,dc=idm via OVD. But the script tries to build DN as cn=oamLDAP,cn=users,dc=idm and not referring to SYSTEMIDBASE.
    [2013-02-19T16:39:07.057-06:00] [octetstring] [TRACE] [OVD-00023] [com.octetstring.vde.backend.jndi.User_OUD.BackendJNDI] [tid: 36] [ecid: 0000Jnob4Ci1Vcs6wjZf6G1H7Hwp0001^T,0] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] [#User_OUD] JNDI Adapter Search using:[[
    BindDN: cn=oamLDAP,cn=users,dc=idm
    Base: cn=oamLDAP,cn=users,dc=oud,dc=com
    javax.naming.NameNotFoundException: [LDAP: error code 32 - The search base entry 'cn=oamLDAP,cn=users,dc=oud,dc=com' does not exist];
    What I'm doing wrong here? I can move oamLDAP under cn=users and I hope that should fix this issue, but I dont want to mix admin Id's and user Id's under one container. Please let me know.

    I opened a ticket with support and haven't made much progress on this yet. Does anyone has any thoughts on this?
    Thanks.

  • Conceptual questions with document management and Apex:

    Hello Everyone,
    I have reviewed or participated in thread discussions focusing primarily on subject matters concerning text editors, spellcheckers and document printing. The reason for this is due to our client requesting the creation of a basic centralized document management system that will enable users to create, edit and print technical documents in a database centric web-based environment. The caveat is that the client would like the same basic functionality that users get from MS Word. I know about FCKeditor or TinyMCE and their associated spellcheckers. What concerns me is that I have not found a possible plug-in to handle tracking changes, no one wants to re-read a large multiple page document again when all they would rather do is just view the changes. I know there are possible database schemas that might facilitate this type of functionality; I am just hoping it is more of a plug-in function.
    So with all that being said my dilemma is how to approach the design of such an application using Apex, if that is possible. Some questions I have are:
    1. Do design the application where you have a text field that contains the entire document, which could be as many as 25 or more pages?
    2. Or do you break down the document in to multiple text fields and then assimilate them in to a single multi page document when printing?
    3. Would you store the document data using XML under condition 1, 2, both or not at all?
    4. What types of data tables might exist, such as tables for document templates, work-in-process and final documents or something else?
    I know there are a lot of other concepts/questions to consider and a large part of the design approach would be based on client requirements. My goal here is to gather different basic conceptual approaches, from forum members, in order to help facilitate a starting point for the project.
    By the way I have seen on the Apex Latest Forum Poll, for quite sometime, where Document Management is an application that people would like to see developed. Can anyone from the Apex-team tell me if it is in the works and if so, when?
    Thanks, in advance, for any suggestions.
    Kyle

    Hey Chet,
    Thanks for the response; actually I had visited the sample package apps. site awhile back and did not realize more had been added. My problem is that I use Apex 2.1 and not 2.2, so unless there is a way to load the package apps. to the Oracle hosted site, I won't be able to review there design. It would be nice if Oracle tied these package apps. to their demonstration applications sample downloads function in Apex.
    As for storing each line of the document in a single record, this was thought of as an initial approach. A concern by the team was how to program the logic to identify specific changed text in say a 5 sentence paragraph and how large the table would become if recording it line by line.
    It is still a good approach to consider and we appreciate the input.
    Thanks
    Kyle

  • OAM-OIM 11g r2 integration is failing

    Hi,
    Following is my configuration,
    1. I have OIM 11g r2 and OAM 11gr2 installed on different weblogic domains.
    2. OIM synchronized with OUD LDAP
    3. I followed the steps described in http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oim.htm
    4. After the integration, I'm not able to login to the Oracle Access Manager console. Though my authentication is successful, I'm getting authorization error.
    As per the doc, oamadmin user (member of oamadministrator group) should be able to login to the console. On weblogic console -> security realms screen, I can see oudauthenticator (authenticates against OUD LDAP) created by the idmconfig tool (tool used for the integration). On the same screen, if I open oamadmin user profile, I don't see any group membershiip information for this user. I also created Administrator group in my LDAP and assigned oamadmin as a member, but in vain. My guess is, since oam server is not recognizing user's role, it's giving an authorization error.
    The documentation mainly talks about using OID as LDAP between OIM and OAM, though it claims other LDAPs are also supported. If anyone has successfully integrated, what do you see in oamadmin user profile, especially in the group membership attribute. Any other ideas/workarounds are greatly appreciated.
    Thanks, Nishanth

    I successfully did this into my VMWare and oamadmin user has there:
    [oracle@thiagoleoncioVM ~]$ ldapsearch -D cn=orcladmin -w **** -b "dc=leoncio,dc=thiago" -L -s sub -v orclmtuid=*oaamadmin* memberOf
    filter pattern: orclmtuid=*oaamadmin*
    returning: memberOf
    filter is: (orclmtuid=*oaamadmin*)
    dn: cn=oaamadmin,cn=Users,dc=leoncio,dc=thiago
    memberof: cn=oaamcsrgroup,cn=groups,dc=leoncio,dc=thiago
    memberof: cn=oaamcsrmanagergroup,cn=groups,dc=leoncio,dc=thiago
    memberof: cn=oaamenvadmingroup,cn=groups,dc=leoncio,dc=thiago
    memberof: cn=oaaminvestigationmanagergroup,cn=groups,dc=leoncio,dc=thiago
    memberof: cn=oaaminvestigatorgroup,cn=groups,dc=leoncio,dc=thiago
    memberof: cn=oaamruleadministratorgroup,cn=groups,dc=leoncio,dc=thiago
    memberof: cn=oaamsoapservicesgroup,cn=groups,dc=leoncio,dc=thiago
    1 matches
    I hope this information helps you with your issue then you should be able to see what is missing there,
    Thiago Leoncio.

  • New OAM/OIM installation -

    Hi,
    I am trying to install OAM and OIM.
    I've completed the steps through creating the Oracle_IDM1 and the WebLogic domain. This WL domain has only an Adminserver.
    When I start WebLogic, I see this in the console output:
    <Apr 7, 2011 11:22:17 PM EDT> <Error> <oracle.oam.install> <OAM-69000> <OAM configuration failed.
    oracle.security.am.common.policy.admin.impl.PolicyValidationException: OAMSSA-06045: Validation Failure - an object of this type named "HTTP" already exists.
    Can anyone tell me why the above error is occurring?
    Also, after the WebLogic admin server starts, I can log into the WL Console (http://<host>:7001/console, and when I look under "Servers", I see:
    AdminServer RUNNING
    oam_server1 LocalMachine SHUTDOWN
    oim_server1 LocalMachine SHUTDOWN
    soa_server1 LocalMachine SHUTDOWN
    But, when I try to start oam_server1 (or oim_server1 or soa_server1), I get:
    For server oam_server1 the Node Manager associated with machine LocalMachine is not reachable.
    I'm somewhat familiar with WebLogic, but I set this up with just an Adminserver, so why is it trying to use a node manager? And, how do I resolve this problem?
    Thanks,
    Jim

    Hi,
    The oam_server1 is still failing to start. In the log, I see the following:
    ####<Apr 8, 2011 12:32:52 AM EDT> <Info> <Security> <30oamwls> <oam_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302237172945> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_rLS0kqaprQVMH1oFJXt/qA2moQw=>
    ####<Apr 8, 2011 12:32:53 AM EDT> <Info> <Security> <30oamwls> <oam_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302237173416> <BEA-090511> <The following exception has occurred:
    com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for IDMDomainAgent is not specified.
         at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
         at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
         at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
         at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
         at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:47)
         at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:300)
         at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:222)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1784)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:445)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:840)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1030)
         at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:881)
         at weblogic.security.SecurityService.start(SecurityService.java:142)
         at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused By: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for IDMDomainAgent is not specified.
         at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:47)
         at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
         at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
         at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
         at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
         at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:47)
         at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:300)
         at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:222)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1784)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:445)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:840)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1030)
         at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:881)
         at weblogic.security.SecurityService.start(SecurityService.java:142)
         at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    >
    ####<Apr 8, 2011 12:32:53 AM EDT> <Error> <Security> <30oamwls> <oam_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302237173426> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for IDMDomainAgent is not specified..
    weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for IDMDomainAgent is not specified.
         at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:342)
         at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:221)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1783)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:442)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:840)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:869)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1030)
         at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:881)
         at weblogic.security.SecurityService.start(SecurityService.java:142)
         at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused By: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for IDMDomainAgent is not specified.
         at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
         at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
         at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
         at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
         at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:47)
         at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:300)
         at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:222)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1784)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:445)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:840)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1030)
         at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:881)
         at weblogic.security.SecurityService.start(SecurityService.java:142)
         at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused By: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for IDMDomainAgent is not specified.
         at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:47)
         at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
         at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
         at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
         at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
         at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:47)
         at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:300)
         at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:222)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1784)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:445)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:840)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1030)
         at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:881)
         at weblogic.security.SecurityService.start(SecurityService.java:142)
         at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    >
    ####<Apr 8, 2011 12:32:53 AM EDT> <Notice> <Security> <30oamwls> <oam_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302237173426> <BEA-090082> <Security initializing using security realm myrealm.>
    ####<Apr 8, 2011 12:32:53 AM EDT> <Critical> <WebLogicServer> <30oamwls> <oam_server1> <Main Thread> <<WLS Kernel>> <> <> <1302237173536> <BEA-000362> <Server failed. Reason:
    There are 1 nested errors:
    weblogic.security.service.SecurityServiceRuntimeException: [Security:090399]Security Services Unavailable
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:916)
         at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
         at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
         at weblogic.security.SecurityService.start(SecurityService.java:141)
         at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    >
    ####<Apr 8, 2011 12:32:56 AM EDT> <Notice> <WebLogicServer> <30oamwls> <oam_server1> <Main Thread> <<WLS Kernel>> <> <> <1302237176310> <BEA-000365> <Server state changed to FAILED>
    ####<Apr 8, 2011 12:32:56 AM EDT> <Error> <WebLogicServer> <30oamwls> <oam_server1> <Main Thread> <<WLS Kernel>> <> <> <1302237176310> <BEA-000383> <A critical service failed. The server will shut itself down>
    ####<Apr 8, 2011 12:32:56 AM EDT> <Notice> <WebLogicServer> <30oamwls> <oam_server1> <Main Thread> <<WLS Kernel>> <> <> <1302237176650> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
    ####<Apr 8, 2011 12:32:56 AM EDT> <Info> <WebLogicServer> <30oamwls> <oam_server1> <Main Thread> <<WLS Kernel>> <> <> <1302237176721> <BEA-000236> <Stopping execute threads.>
    I found this:
    http://smm-tech-tips.blogspot.com/2011/03/securityprovider-service-class-name-for.html
    but is this (deleting the IDMDomainAgent provider) the correct way to resolve this?
    Jim

Maybe you are looking for