Oam11g and oim 9.1.0.2 SSO

Similar Messages

• Single Oracle Database repository to support SOA and OIM is it possible

  Hi, I'd like to install and configure SOA and OIM and would like to know if I can use one database as the repository to support SOA Suite install and OIM install ?
  In a development environment is it safe to install SOA Suite 11g and OIM 11g on the same server with all of its components? This is only for the development environment. Thanks

  Hi,
  I feel you can do it with single Oracle Database,check the below links:
  http://ofmwsoa11g.blogspot.com/p/oim-oam-ldap-oid-dip-ovd-oif-sso.html
  http://onlineappsdba.com/index.php/2010/08/05/oracleidm-11g-step-by-installation-of-oam-oim-oaam-oapm-oin-111130-part-i-load-schema/
  Best regards,
  Rafi.

• SSL setup - Weblogic 10.3 and OIM 9.1.0.1

  I am using self generated certs. I have followed all the steps in configuring SSL for OIM given in section 8.6.2 SSL Certificate Setup given in Installation and Configuration Guide for Oracle WebLogic Server Release 9.1.0.1 E14047-02.
  But when I try to perform the following step:
  To configure the trust store:
  1. Copy the supportcert.pem file to the following location on the Design Console:
  OIM_DC_HOME\java\lib\security.
  2. Open a command prompt at OIM_DC_HOME\java\lib\security and run the
  following command:
  cd OIM_DC_HOME\java\lib\security
  keytool -import
  -alias support
  -trustcacerts
  -file supportcert.pem
  -keystore cacerts
  -storepass changeit
  I don't see any folder in oim client as given above of \java\lib\security. So I created the same and followed the instructions but still the keytool.exe s not present in it. So is something missing in the document that we are not aware of? Do we have to copy the keytool.exe from BEA_HOME? I tried that too but it propped up an error saying some DLL/JAR not found.
  I found this viewlet which shows something different related to SSL setup in weblogic
  \S21880\Setup_SSL_Certificates_WLS70_61_viewlet_swf.htm
  Are the steps given in the guide enough for the SSL configuration between weblogic and oim ? or do we need to follow some other steps too ?
  Any ideas/clues/suggestions? Very appreciative.
  Many Thanks in advance.
  - oidm.

  I had a look into the xlclient.cmd file and went to the JAVA directory which is being used. And did a search for the "cacerts" and found out that there is a file named cacerts in the JAVA_HOME/jre/lib/security folder over there.
  But how does that relate to the problem of running the keytool command successfully at the right place (OIM_DC_HOME) ?
  Any hints Kevin....
  Thanks,
  - oidm.

• OIM 11gR2: Error while starting SOA and OIM Server

  I have configured 2 OIM Applications hosted on 2 different linux hosts but connecting to one Oracle DB.
  Done OIM installation and configuration on HOST1 and it is successful.
  now while performing on HOST2,all similar steps have been followed as same on HOST1 except the Database keystore step (copied files while configuring OIM), I am encountering an error while starting SOA server and OIM server.
  Error :
  2012-10-19T11:49:07.172-07:00] [soa_server2] [NOTIFICATION] [JPS-04093] [oracle.jps.deployment] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1350dfc6c17c1b80:336be4f6:13a7a59774c:-8000-0000000000000004,0] [APP: soa-infra] Application policy migration for application soa-infra is completed successfully.
  [2012-10-19T11:49:16.901-07:00] [soa_server2] [ERROR] [] [oracle.mds] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 1350dfc6c17c1b80:336be4f6:13a7a59774c:-8000-0000000000000004,0] [APP: soa-infra] [[
  oracle.mds.lcm.exception.MDSLCMException: MDS-01330: unable to load MDS configuration document
  MDS-01329: unable to load element "persistence-config"
  MDS-01370: MetadataStore configuration for metadata-store-usage "soa-infra-store" is invalid.
  MDS-00929: unable to look up name "jdbc/mds/MDS_LocalTxDataSource" in JNDI context
  Unable to resolve 'jdbc.mds.MDS_LocalTxDataSource'. Resolved 'jdbc.mds'
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  Caused by: oracle.mds.config.MDSConfigurationException: MDS-01330: unable to load MDS configuration document
  MDS-01329: unable to load element "persistence-config"
  MDS-01370: MetadataStore configuration for metadata-store-usage "soa-infra-store" is invalid.
  MDS-00929: unable to look up name "jdbc/mds/MDS_LocalTxDataSource" in JNDI context
  Unable to resolve 'jdbc.mds.MDS_LocalTxDataSource'. Resolved 'jdbc.mds'
  Please help, thanks

  Hi
  Did you use pack and unpack command for configuration?
  Creating and Starting a Managed Server on a Remote Machine - 11g Release 1 (10.3.6)
  Regards
  Shashank k

• Is OEM 10.2.0.5 and OIM 10.1.4.2 certified with SOA 11g

  Hi,
  Can you tell me whether OEM 10.2.0.5 and OIM 10.1.4.2 is certified with SOA 11.1.1.x, if not do we need to install/upgrade OEM and OIM to 11.1.1.x
  Please refer me some Metalink Note id's if you have....
  Cheers,
  Patel

  Hi,
  I got the answer,
  1. OEM 10.2.0.5 is not being certified with SOA 11g, but OEM 11g has been certiified with SOA 11g.....Reference Metalink Note: 412431.1
  2. OIM 10.1.4.2 is being certified with SOA 11g..... Reference: http://www.oracle.com/technology/software/products/ias/files/idm_certification_101401.html#BABHDAEG
  Cheers,
  Patel

• OID and OIM Groups synchronization

  I'm using OID 10.1.0.4 and OIM 9.0.3.1 with Oracle AS.
  OID is a trusted source for OIM user reconciliation.
  Let's say, I have Group named Group1 in OID (under cn=Users container)
  I've created user group Group1 in my OIM.
  Is there any standard way to put reconciled user to Group1 in OIM right after OID's admin put user to Group1 in OID?

  Hi:
  Were you able to resolve this issue? I need to achieve same functionality but OU instead of groups. Please share your thoughts on this incase you came across a solution.
  Thanks!

• SAP GRC v10 and OIM 11g SoD

  Hi,
  I need some information about implementing integration with SAP GRC v10 and SoD. Does anyone of you has any experience in that configuration?
  We have only base information in SAP UM Connector doc and on metalink either. Dooes anyone work with SAP GRC v10 and OIM 11g?
  best
  mp

  See if this helps:
  http://www.oracle.com/technetwork/testcontent/oimconnectordatasheet-saperp-134222.pdf
  regards,
  GP

• OAM and OIM 11g Consoles

  Hello Everyone,
  Can anyone please tell me what would be the login credentials and the links for OAM and OIM 11g console?
  I am trying, for:
  OIM --> http://hostname:14000/admin
  OAM --> http://hostname:14100/oamconsole
  Please suggest.
  Thanks,
  PS

  Got It.
  OIM --> http://hostname:14000/oim
  username: xelsysadm
  password: weblogicpassword
  OAM --> http://hostname:14100/oamconsole
  username: weblogic
  password: weblogicpassword
  thanks,
  PS
  Edited by: 849754 on Apr 28, 2011 5:24 PM

• OAM and OIM 11g study Material

  Hi All,
  Please can anybody provide me the study material for the OAM and OIM 11g.
  Regards,
  Anil

  For OIM 11g see OBE link
  http://apex.oracle.com/pls/apex/f?p=44785:2:0:::2:P2_GROUP_ID:1001

• Connection between multiple domains of AD and OIM

  I am trying to integrate OIM and AD (target resource) and I have 13 domains in AD. For one domain, connection between AD and OIM is established using OOTB connector.
  Can someone provide me approach for connection between multiple domains of AD and OIM.
  Do I need to install different connector server for different domains or OIM provides with some Connector Server cloning feature.

  Hi,
  this forum is for asking and answering JDeveloper and ADF related question. Your question should be asked to the FMW security forum here on OTN
  Frank

• BI Publisher 11g 11.1.1.6.0 and OIM Reports Not Showing Up

  After upgrading to OIM BP04, I following the readme to install BI Publishing, but used the 11.1.1.6.0 version.
  After creating: C:\Oracle\Middleware\Oracle_BIP\user_projects\domains\bifoundation_domain\config\bipublisher\repository\Reports\Oracle Identity Manager
  I copied C:\Oracle\Middleware\Oracle_BIP\user_projects\domains\bifoundation_domain\config\bipublisher\repository\Reports\Oracle Identity Manager\OIM_11gR1_BIP11gReports.zip and uncompressed it here..
  Then I restarted everything except for the database.
  When I logon to the BIP console, go to Catalog then Shared Folders, there is no 'Oracle Identity Manager' folder...only the original Components and Sample folders.
  What's up with that?

  The answer is to open up the weblogic security schema for BIP and add a user account with the same name used to access OIM, then add the BI_Authors role. Save. Restart BIP. This got me the Resource Reports.
  The DB Roles and Privs reports still don't work OOTB because the jobs don't update the UD_DB_ORA_P and _R tables. Still working on how to get that down. What's that...you know how...please do tell. Thanks :)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• Security in the integration of Oracle DB connector and OIM

  friends,
  I have a question about the database connector for Oracle Identity Manager, as sure as to when the data when it travels the integration of OIM and an Oracle database.
  thanks

  As per my understanding, DBAT Connectors uses JDBC drivers to connect to the target database (such as oracle, ms sql, mysql or db2). So the security question we should ask is "what security features are there for JDBC driver that you are using?"
  There are couple of things, one is the initial authentication and other thing is network traffic for future data. There is a section called "Configuring Secure Communication Between the Target System and Oracle Identity Manager" in the DBAT connector guide.
  If you are really particular about the network traffic between these, then you can setup a OIM and DB connection - try to provision/recon a user - Sniff the connection using tcpdump or wireshark - analyze if it is plan-text or cipher-text...
  Regards
  Vijay Chinnasamy

• Problem with Siebel and OIM

  We have a conflict with Siebel. We are executing the process of reconciliation "Siebel Lookup Recon", the process takes about 30 minutes and concludes with a execute status of "Success", apparently is bringing the information correctly from Siebel, but nothing is written in the OIM.
  Therefore I request your support to validate what happens.
  Any idea?
  Regards.

  I change the config to authwl.conf instead of auth.conf and worked, but now I am stuck at:
  tcResultSet rs = userOps.findAllUsers(query);
  where it's thrown:
  java.lang.NullPointerException
       at Thor.API.Operations.tcUserOperationsClient.findAllUsers(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at weblogic.security.Security.runAs(Security.java:41)
       at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
       at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
       at $Proxy0.findAllUsers(Unknown Source)
       at ar.com.tgs.vk.commons.OIMUtils.prueba(OIMUtils.java:57)
       at ar.com.tgs.vk.commons.OIMUtils.main(OIMUtils.java:48)
  Is like some Weblogic library is needed by the Eclipse project..

• Oracle Discoverer 10G and mapping Active Directory to use SSO/OID

  Could anybody point me please to the right direction?
  1. I've setup Oracle 10gIAS but turned off SSO and my users running discoverer /portals with no SSO.
  2. My goal is to turn on SSO and synchronize it with Active directory on the windows box.
  Thanks you in advance

  Hi Randy;
  As you mention all notes refer to SSO&OID for Active Directory integration.AFAIK there is no way to do it, please log a Sr and confirm this wiht oracle support
  Regard
  Helios

• Cisco NAC 4.8 and Windows Server 2008 Enterprise 64bit SSO

  Hi,
       I try to setup SSO on Cisco NAC 4.8 and Windows Server 2008 Enterprise 64bit, but I can't start Active Directory SSO Service that show error follow below. I saw this error " KDC has no support for encryption type (14)" . Could anyone help me to troubleshoot this problem?
  FQDN: active.test.com
  Domain Name : test.com
  User : ccasso
  2011-02-05 12:00:30.225 +0700 WARN  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - Server was not running ...
  2011-02-05 12:00:30.225 +0700 INFO  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - Server starting server ...
  2011-02-05 12:00:30.225 +0700 INFO  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - Server is now running ...
  2011-02-05 12:00:30.225 +0700 INFO  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - GSSServer - SPN : [ccasso/[email protected]]
  2011-02-05 12:00:30.225 +0700 INFO  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - GSSServer - building kdc list for domain active.test.com
  2011-02-05 12:00:40.224 +0700 INFO  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - GSSServer - done building kdc list for domain active.test.com
  2011-02-05 12:00:40.224 +0700 INFO  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - GSSServer - KDC(s) :[10.0.240.100]
  2011-02-05 12:00:40.224 +0700 INFO  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - GSSServer - writeKrbFile: writing to file ../conf/krb.txt
  2011-02-05 12:00:40.224 +0700 INFO  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - GSSServer - writeKrbFile: wrote to file ../conf/krb.txt
  2011-02-05 12:00:40.224 +0700 INFO  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - GSSServer - creating login context ...
  2011-02-05 12:00:40.224 +0700 INFO  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - GSSServer - created login context ...javax.security.auth.login.LoginCon                                                                           
  text@5ad7b2
  2011-02-05 12:00:40.239 +0700 ERROR com.perfigo.wlan.jmx.adsso.GSSServer                                                                                           
  - Unable to start server ... KDC has no support for encryption type (14)
  2011-02-05 12:00:50.244 +0700 INFO  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - Notifying GSSServer status Stopped
  2011-02-05 12:00:50.244 +0700 INFO  com.perfigo.wlan.jmx.adsso.GSSServer                                                                                          
  - server is exiting .

  Hi,
  This error means that your DC does not support the encryption method the ACS wants to use.
  Usually this happens when you run 2008 Server with 2003 functionality...
  You will need to run ktpass.exe according to the DC you are running:
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cas/s_adsso.html#wp1277452.
  For Windows 2008 Server at 2003 Server functional level:
  ktpass -princ newadsso/[adserver.][email protected] -mapuser newadsso -pass
  PasswordText -out c:\newadsso.keytab -ptype KRB5_NT_PRINCIPAL
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.