OIF 11g SSO assertion attributes
I am using OIF 11g and acting as IDP. I am unable to send any attributes in the SAML assertion apart from the NameID. Has anyone faced this issue earlier?
Regards,
Vinod
Hello Vinod
Login to Enterprise Manager
Federations > Trusted Provider
Select SP Trusted Provider > Edit
Under "Oracle Identity Federation Settings", Attribute Mappings and Filters, Click "Edit"
Click Add
Type an attribute (User Attribute Name) that you want to pass in the assertion
Type a name (Assertion Attribute Name) that you want to pass the above value as (can be same as the User Attribute Name)
Check "Send with SSO Assertion"
Repeat this step for additional attributes
Apply changes
Hope this helps
Shiva
Similar Messages
-
OIF 11g - inResponseTo field missing
Anyone come across this issue and have a solution?
I have a page protected by OAM using OIF authentication Scheme. IdP tried to access page and we see this error in the log:
2011-11-29T10:31:40.019-07:00] [wls_oif1] [ERROR] [FED-12064] [oracle.security.fed.controller.ActionStateMachine] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 004giBxxPQ1F^6D5zBk3yW0003b9000Rfz,0:1] [APP: OIF#11.1.1.2.0] [URI: /fed/sp/authnResponse20] Exception: {0}[[
oracle.security.fed.event.EventException: The Assertion does not contain an InResponseTo field
at oracle.security.fed.eventhandler.profiles.sp.sso.assertion.Saml20AssertionProcessor.checkSubjectConfirmation(Unknown Source)
at oracle.security.fed.eventhandler.profiles.sp.sso.assertion.Saml20AssertionProcessor.processAssertion(Unknown Source)
at oracle.security.fed.eventhandler.profiles.sp.sso.v20.ProcessResponseEventHandler.perform(Unknown Source)
at oracle.security.fed.controller.ActionStateMachine.processEvent(Unknown Source)
at oracle.security.fed.controller.EventControllerImpl.processEvent(Unknown Source)
at oracle.security.fed.controller.ApplicationController.publishEvent(Unknown Source)
at oracle.security.fed.controller.web.action.RequestHandlerContext.publishEvent(Unknown SourcI created a DOMAIN called 'OneHundred' which is defined as a varchar 100, Characters.
In my relational (Oracle 11g) model, I create a new table, with one column, of type 'Domain - OneHundred.'
When I preview the DDL it's correctly defined as ... VARCHAR2 (100 CHAR)
What are you doing differently?
Also, don't forget to tell us which version of the tool you're using. -
Steps to configure IDP on OIF 11g?
Has anyone used OIF 11g as IDP using SAML 2.0? What are the steps (speacially related to certificate creation and update)? I went through the oracle documents but unable to figure out the correct steps to update the signing/encryption certificate. Should I be using keystore or Oracle Wallet?
Thanks.
VSHello,
Thank you for your reply and for the link to the documentation. I feel confused about with SSO method to use.
Here is the case:
1. Users have enterprise login/password credentials
2. Once logged in their computer they would like to access EPM products which are installed on a remote server without entering their credentials again. They would enter the Url on the IE browser.
3. We are using EPM 11.1.2 with weblogic
If you had to implement SSO in this situation what steps would you follow?
I've tried to create a custom authentication module, but don't know how to use it.
I also read about Http request but don't know when I should use it.
Any ideas for me? -
OIF 11g as IDP supporting multiple SPs
Hello,
I have OIF 11g setup as an IDP using OAM/OID as the authentication engine. I have configured it following the steps provided in section 3.2.3.2 of the doc here: http://docs.oracle.com/cd/E23943_01/oim.1111/e13400/deployment.htm#BABCAABE. There is an OAM policy protecting fed/user/authnoam.
I currently have 2 SPs: sp1 and sp2. Can I have different OAM policies for each SP? For example, I want to allow only users in the ldap group sp1_group access to sp1 and users in ldap group sp2_group access to sp2. The issue is that when an authentication request is sent from any SP, it gets sent to fed/user/authnoam, which is protected by one OAM policy.I had this requirement too in my previous project where for one SP, we want to authenticate aganist consumer data store and another SP, aganist customer. If i remember correctly, the product doesn't support that. Not sure about 11g R2 though.
-
OIF 11g Admin Interfaces Unavailable
Hey,
We have an install of OIF 11g r1 that will no longer allow us to access the EM management interfaces associated with the IdP or SP. The error we get is as follows:
Configuration settings are unavailable because /Farm_IDMDomain/IDMDomain/wls_oif1/OIF(11.1.1.2.0) is down.
However, when I go to check the Farm_IDMDomain the Deployments and Fusion Middleware components show that everything is up and running. Strangely enough, I have another instance on another box that is showing something is down in my Fusion Middleware component view but nothing is actually down and the server seems to running fine. Not sure how to proceed. I've logged an SR but so far have had no response.
tksThe OIF 11g administration is done via the em (enterprise manager) console of the weblogic instance where OIF is deployed.
1) Start the weblogic admin server.
2) from the browser: http://host:port/em (the default port is 7001, unless you hv given something else during install). Give login/password.
3) Then start the OIF application from the console.
This is going to work.
Instead of 3 above, you can start the applications from the command line also, but this is easier to do.
Hope this helps. Let us know. -
OIF 11g Sample Authentication Engine for Trusted HTTP Header
We are trying to achieve OIF authetication based on headers set by windows native authentication. As per our research we have come across this example located at URL: http://www.oracle.com/technology/sample_code/products/id_mgmt/index.html (OIF 11g Sample Authentication Engine for Trusted HTTP Header).
At this point we are trying to see the deployment architecture and configuration required to achieve the functionality described in the example.
Can someone please elaborate more on the set up and configuration required for the example to work ?
Appreciate your feedback.Realized the hyperlink missing for oracle example..
Here it is: http://www.oracle.com/technology/sample_code/products/id_mgmt/oif/customauthn.jsp.SAMPLE -
Hello,
I have installed oif 11g in clustered mode.
The 1st OIF, adminserver & EM is on the same machine. 2nd OIF server is on another machine.
I can start this remote server using node manager but I cannot access the OIF admin from EM console, it gives 'agent unreachable' error.
I tried re-registering instance and emagent but still getting the same error.
Any help would be appreciated.
Thanks,"High Abvailability" and "Clusturing" are general basic requirement for any production installation but it does NOT mean that any system installed in production MUST have "High Abvailability" and "Clusturing" configured.
Regards,
Anuj -
OIF 11g How do I pass a static value in an attribute inside a SAML response
This is what Oracle documentation says you should do:
http://docs.oracle.com/cd/E21764_01/oim.1111/e13400/configoif.htm#SFSAG1696
For testing purposes I implemented the example given in the documentation. It doesn't seem to work.
Using WLST I queried each property back to see if it was set correctly and it was.
The version of OIF I am running is 11.1.1.2.0
Apart from logging an SR. Any experiences, any help is appreciated.
Regards,
Sunny
Edited by: Sunny on Apr 28, 2012 7:54 PMRadioactiveLizard, you need adobe alchemy (http://labs.adobe.com/technologies/alchemy/) to compile the C code to a swc,
not pass variables to C directly. -
Error while starting Weblogic 11g on which OIF 11g is hosted
Hi,
We have deployed/installed OIF(OIM) on WLS 11g on RH Linux 4.
We created a separate domain in WLS to host the OIF. The installation of OIF on WLS was completed successfully.
The setup was working fine when the installation completed however the WLS started facing the issues or started failing to start when we re-started the machine.
Note: The default domain(other then where OIF is hosted) in WLS starts without any errors. When we start the other domain where OIF is hosted the server gives the following error.
Any pointers and root cause of the error would be very much helpful to us.
We appreciate you time.
Thanking you in advance.
Following is the error trace that we get.
<May 22, 2009 4:19:08 PM IST> <Info> <Security> <BEA-090065> <Getting boot identity from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
<May 22, 2009 4:19:12 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<May 22, 2009 4:19:12 PM IST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<May 22, 2009 4:19:13 PM IST> <Notice> <Log Management> <BEA-170019> <The server log file /home/oracle/WLS11g/Oracle/Middleware/user_projects/domains/IDMDomain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.>
<May 22, 2009 4:19:20 PM IST> <Error> <Security> <BEA-090892> <The dynamic loading of the OPSS java security policy provider class oracle.security.jps.internal.policystore.JavaPolicyProvider failed due to problem inside OPSS java security policy provider. Exception was thrown when loading or setting the JPSS policy provider. Enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider>
<May 22, 2009 4:19:20 PM IST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The dynamic loading of the OPSS java security policy provider class oracle.security.jps.internal.policystore.JavaPolicyProvider failed due to problem inside OPSS java security policy provider. Exception was thrown when loading or setting the JPSS policy provider. Enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
weblogic.security.SecurityInitializationException: The dynamic loading of the OPSS java security policy provider class oracle.security.jps.internal.policystore.JavaPolicyProvider failed due to problem inside OPSS java security policy provider. Exception was thrown when loading or setting the JPSS policy provider. Enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1394)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:252)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:244)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:133)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:663)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:250)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:244)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:133)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
Truncated. see log file for complete stacktrace
java.security.PrivilegedActionException: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:610)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:250)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:244)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:133)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
Truncated. see log file for complete stacktrace
oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:625)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:610)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:610)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:250)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:244)
Truncated. see log file for complete stacktrace
java.lang.NullPointerException
at oracle.security.pki.l.c(Unknown Source)
at oracle.security.pki.l.b(Unknown Source)
at oracle.security.pki.OracleSSOKeyStoreSpi.engineLoad(Unknown Source)
at oracle.security.pki.OracleSecretStore.load(Unknown Source)
at oracle.security.pki.OracleWallet.getSecretStore(Unknown Source)
Truncated. see log file for complete stacktrace
>
<May 22, 2009 4:19:20 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<May 22, 2009 4:19:20 PM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<May 22, 2009 4:19:20 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
[oracle@seventeen IDMDomain]$EXACTLY the same problem I am facing while starting the AdminServer registered as a windows service. Below is what I am getting in the log file.
Please help somebody as we need to have these registered as windows service for Oracle Failsafe to recognize it as a swapable service among nodes.
####<Nov 4, 2009 6:15:25 PM GST> <Error> <Security> <mehdi-mobile> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257344125156> <BEA-090892> <The dynamic loading of the OPSS java security policy provider class oracle.security.jps.internal.policystore.JavaPolicyProvider failed due to problem inside OPSS java security policy provider. Exception was thrown when loading or setting the JPSS policy provider. Enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider>
####<Nov 4, 2009 6:15:25 PM GST> <Critical> <WebLogicServer> <mehdi-mobile> <AdminServer> <main> <<WLS Kernel>> <> <> <1257344125171> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The dynamic loading of the OPSS java security policy provider class oracle.security.jps.internal.policystore.JavaPolicyProvider failed due to problem inside OPSS java security policy provider. Exception was thrown when loading or setting the JPSS policy provider. Enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
weblogic.security.SecurityInitializationException: The dynamic loading of the OPSS java security policy provider class oracle.security.jps.internal.policystore.JavaPolicyProvider failed due to problem inside OPSS java security policy provider. Exception was thrown when loading or setting the JPSS policy provider. Enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1394)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
*oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider*
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:256)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:248)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:128)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1312)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
*oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider*
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:663)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:254)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:248)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:128)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1312)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
*java.security.PrivilegedActionException: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!*
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:610)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:254)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:248)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:128)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1312)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
*oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!*
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:625)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:610)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:254)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:248)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:128)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1312)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
oracle.security.jps.config.JpsConfigurationException: C:\bea\user_projects\domains\soa\.\config\jps-config.xml (The system cannot find the file specified)
at oracle.security.jps.internal.config.xml.XmlConfigurationFactory.initDefaultConfiguration(XmlConfigurationFactory.java:414)
at oracle.security.jps.internal.config.xml.XmlConfigurationFactory.getDefaultConfiguration(XmlConfigurationFactory.java:315)
at oracle.security.jps.internal.config.xml.XmlConfigurationFactory.getConfiguration(XmlConfigurationFactory.java:140)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.<init>(JpsContextFactoryImpl.java:109)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at oracle.security.jps.util.JpsUtil.newInstance(JpsUtil.java:145)
at oracle.security.jps.JpsContextFactory$1.run(JpsContextFactory.java:68)
at oracle.security.jps.JpsContextFactory$1.run(JpsContextFactory.java:66)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.JpsContextFactory.getContextFactory(JpsContextFactory.java:65)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:615)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:610)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:254)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:248)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:128)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1312)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
java.io.FileNotFoundException: C:\bea\user_projects\domains\soa\.\config\jps-config.xml (The system cannot find the file specified)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:106)
at java.io.FileInputStream.<init>(FileInputStream.java:66)
at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:70)
at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:161)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:653)
at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:186)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:225)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:283)
at weblogic.xml.jaxp.RegistryDocumentBuilder.parse(RegistryDocumentBuilder.java:163)
at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:208)
at oracle.security.jps.internal.config.xml.XmlConfigurationFactory.initDefaultConfiguration(XmlConfigurationFactory.java:395)
at oracle.security.jps.internal.config.xml.XmlConfigurationFactory.getDefaultConfiguration(XmlConfigurationFactory.java:315)
at oracle.security.jps.internal.config.xml.XmlConfigurationFactory.getConfiguration(XmlConfigurationFactory.java:140)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.<init>(JpsContextFactoryImpl.java:109)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at oracle.security.jps.util.JpsUtil.newInstance(JpsUtil.java:145)
at oracle.security.jps.JpsContextFactory$1.run(JpsContextFactory.java:68)
at oracle.security.jps.JpsContextFactory$1.run(JpsContextFactory.java:66)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.JpsContextFactory.getContextFactory(JpsContextFactory.java:65)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:615)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:610)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:254)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:248)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:128)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1312)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
####<Nov 4, 2009 6:15:25 PM GST> <Notice> <WebLogicServer> <mehdi-mobile> <AdminServer> <main> <<WLS Kernel>> <> <> <1257344125187> <BEA-000365> <Server state changed to FAILED>
####<Nov 4, 2009 6:15:25 PM GST> <Error> <WebLogicServer> <mehdi-mobile> <AdminServer> <main> <<WLS Kernel>> <> <> <1257344125187> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Nov 4, 2009 6:15:25 PM GST> <Notice> <WebLogicServer> <mehdi-mobile> <AdminServer> <main> <<WLS Kernel>> <> <> <1257344125187> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Nov 4, 2009 6:15:45 PM GST> <Info> <WebLogicServer> <mehdi-mobile> <AdminServer> <main> <<WLS Kernel>> <> <> <1257344145843> <BEA-000236> <Stopping execute threads.>
Edited by: user601358 on Nov 4, 2009 6:21 AM -
Oracle Forms 11g SSO with OID and IAM
What versions of OID and Access Manager are required to get an Oracle Forms and Reports 11.1.1.2 application
on Weblogic 10.3.2 configured for Oracle SSO using OID authentication?
We want the OID to store and authenticate Users for username and password logins to the database, then
ultimately by user Certificate authentication in OID. I have OID 11.1.1.2 installed and SSO enabled for Forms
in Enterprise Manager.
Is Access Manager required for Forms SSO with OID authentication to work or just to allow user interaction
for registration and Password reset?
Things mention OAM 10.4.3 and others talk about IAM 11g for Forms 11.1.1.2 SSO to work with OID.
We did this back in Oracle Forms and OID 10g with JSP and LDAP to setup users but I understand 11g is
different and IAM can help or is required for this type of SSO to work.
Any help?
Edited by: Kirch on Apr 30, 2013 7:39 AMHi,
According to Oracle's certification matrix found at http://www.oracle.com/technetwork/middleware/downloads/fmw-11gr1certmatrix.xls, Oracle Forms 11.1.1.2 is not supported to use any Oracle Access Manager (OAM) version. OAM is a component of IAM. It is only supported with Oracle SSO 10.1.4.x. The best solution would be to upgrade the Forms and Reports environment to either 11gR2 (11.1.2.1) or to the latest 11gR1 patchset 11.1.1.7. Both versions are compatible with OAM 11.1.1.7.0 and OID 11.1.1.7.0 where only Forms 11gR2 (11.1.2.1) is compatible with OAM 11.1.2.0 and OID 11.1.1.7.0. That would be the best solution as we have ran into configuration problems in the past with using Oracle SSO 10.1.4.x.
Since OID 11.1.1.2.0 is already installed, you should be able to patch it up to 11.1.1.7.0.
For user authentication in OID, it is required to have OAM or Oracle SSO as both products use WebGate or mod_osso agents for authentication and authorization. For purposes of allowing end users to register accounts and password reset, you will either need to also install another IAM component called Oracle Identity Manager (OIM) or create a customized SSO login page that can be coded to perform these actions. I believe there are some examples available on the Internet.
Thanks,
Scott
http://pitss.com/us -
SAML assertion attributes and Web Services
Just want to clarify for myself something about SAML token within Web Services Security.
As I understand SAML attribute assertions cannot be used within Web Service business logic tier because all security header information are unavailable within Web Service implementation context. And the only one reason for sender to submit attributes along with SAML authentication assertion is to allow SecurityEnvironmentHandler more information about trusted identity. Is it right?Hi finally I get it (thank you Gautam!!!),
public class CustomWlsPrincipal extends WLSAbstractPrincipal implements WLSUser {
public CustomWlsPrincipal(String name) {
super();
// Feed the WLSAbstractPrincipal.name. Mandatory
this.setName(name);
}So you need to invoke the parent class setName(String) method. If not you will get a NullPointerException.
Implementing the equals and hashCode is also convenient.
Hope it helps,
Luis -
WAAD SSO Airwatch / Attribute SAML claim Role?
Hello
We have configured WAAD SSO with our Airwatch applicaiton. I can see that we have got a new option on the application called "Attributes" where you can add and edit the existing SAML claims. How can we add a new claim for user ROLE??
We need to send out the list of the groups user is member of in WAAD, How can we do this?
http://schemas.microsoft.com/ws/2008/06/identity/claims/role
Regards,
Maqsood.Hello Neelesh.
I actually never pointed out any link, only the namespace for the Role Claim: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
Yes, the Airwatch documentation we have seen. First of al most of the things in that documentation are not correct and are outdated, and thus if someone will follow this tutorial will end up with support tickets with microsoft and airwatch without getting
much help.
I myself have been there and tried to figured it out how actually it should work.
the other things is "Assigning Users", is the idea, but it looks like it only works if user first comes to the Access pannel and then to the Airwatch. The normal scenario is not like this for application like airwatch.
User should normally go to the Airwatch first and then to Microsoft WAAD for the authentication. In this process, I guess there is a logical bug. it looks like Microsoft WAAD gives out required SAML claims without actually checking if the user has access
to the application.
Regards,
Maqsood. -
I need to import my IdP's metadata SAML 2.0 file but am getting too many errors to do with file not being signed correctly to metadata does not exist.
Has anyone successfully created this xml file and imported it?
Can someone help how to do it?
Edited by: idmimp on Oct 25, 2011 10:02 AMFrom your post, I would assume you are trying to hand-craft a metadata and import the same into OIF acting as the SP. It is possible and I hv created such a file and imported it successfully.
First, determine, if you really need a signed metadata. If you do not need, do not use. Un-check the box in OIF "require signed metadata". Next, metadata must have a provider-id, a date stamp (valid from and valid upto) and some url and services endpoints (for example, single log off service, assertion consumer service for sp etc).
What you can do is - generate a metadata xml file from the OIF SP and then edit the file to look like a idp metadata. Or, if you hv a working OIF IdP, then generate that metadata and edit it to reflect the metadata of the other idp (which does not provide a metadata).
Hope this helps. -
OIM 11g: Target account attribute value enforcement/policy
We have some requirements around enforcing certain attribute values on our target platforms. For example, if we provision a field "Approval Limit=$100", and on a recon that value has been changed to "Approval Limit=$5000", then appropriate action should be taken (i.e. change it back to $100, notify somebody, etc.)
This type of feature was available on some other IDM products I've worked with, but there does not seem to be anything built in to OIM to support this.
My initial thoughts were to write task adapters against the Recon Insert/Update Received events and perform these types of checks and corrections there.
Has anyone else run into this requirement in OIM? How did you solve it?There are three ways to handle such scenarios:
Process Task: Attach a task on Reconciliation Task
Event Handler/Entity Adapter
Schedule Task -
OIF 11g :Configuration settings are unavailable because /Farm_IDMDomain/IDM
Hi All,
Although the OIF node and admin server are shown as up, when attempting to access the Configuration menu in Enterprise Monitor, the following error is displayed:
Configuration settings are unavailable because /Farm_IDMDomain/IDMDomain/wls_oif1/OIF(11.1.1.2.0) is down.
Below are the logs :
####<06/09/2012 10:45:40 AM EST> <Warning> <org.apache.myfaces.trinidadinternal.context.RequestContextImpl> <TSTSYDEXOIF> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <a315d5f2f1a0c2b9:-5d13a74a:1398e42fd93:-8000-0000000000001167> <1346892340967> <BEA-000000> <Could not find partial trigger authMechIdpToolbar_delete from RichTable[org.apache.myfaces.trinidad.component.UIXTable$RowKeyFacesBeanWrapper@452bf5e, id=authMechIdpMappingTable] with the supported partialTriggers syntax. The partial trigger was found with the deprecated syntax. Please use the supported syntax.>
####<06/09/2012 10:45:59 AM EST> <Warning> <Socket> <TSTSYDEXOIF> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <a315d5f2f1a0c2b9:-5d13a74a:1398e42fd93:-8000-000000000000116b> <1346892359764> <BEA-000449> <Closing socket as no data read from it on 10.128.70.131:59,415 during the configured idle timeout of 5 secs>
####<06/09/2012 10:46:54 AM EST> <Error> <oracle.adfinternal.view.faces.config.rich.RegistrationConfigurator> <TSTSYDEXOIF> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <a315d5f2f1a0c2b9:-5d13a74a:1398e42fd93:-8000-0000000000001177> <1346892414436> <BEA-000000> <Server Exception during PPR, #1
javax.el.ELException: oracle.sysman.emSDK.tgt.targetaccess.TargetException: Target not found
at javax.el.BeanELResolver.getValue(BeanELResolver.java:266)
at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:143)
at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72)
at com.sun.el.parser.AstValue.getValue(AstValue.java:118)
at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:192)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused By: oracle.sysman.emSDK.tgt.targetaccess.TargetException: Target not found
at oracle.sysman.emSDK.tgt.targetaccess.TargetManager.getTargetInstance(TargetManager.java:210)
at oracle.sysman.emSDK.tgt.targetaccess.TargetManager.getTargetInstance(TargetManager.java:180)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused By: oracle.sysman.emSDK.repoless.TargetNotFoundException: Target /Farm_IDMDomain/IDMDomain/wls_oif1/OIF(11.1.1.2.0)/oracle_federation not found.
at oracle.sysman.emdrep.repoless.RepolessTargetManager.getTargetInfo(RepolessTargetManager.java:1036)
at oracle.sysman.emSDK.repoless.TargetManager.getTargetInfo(TargetManager.java:116)
at oracle.sysman.emSDK.tgt.targetaccess.TargetManager.getTargetInstance(TargetManager.java:205)
at oracle.sysman.emSDK.tgt.targetaccess.TargetManager.getTargetInstance(TargetManager.java:180)
Below things already tried:
1) Updated Weblogic password in Agent monitored targets and Monitoring Credentials
2) Log in to enterprise Manager. Select OIF-> Administration -> Data Store -> Edit User Data Store and Modify the url to ldap://<hostname:nonssl port> and credentials and click on Test LDAP Connection. LDAP connection is successful. Follow the same steps for Federation Data Store
Restart OID. Do not restart from the enterprise manager console.
cd /opt/Oracle/Middleware/oaminst_1/bin
./opmnctl stopall (Stop all components)
./opmnctl status l (Ensure none of the components are active)
./opmnctl startall (Start all components)
./opmnctl status l (Ensure all the components are active)
Log in to enterprise Manager. Select OID-> Administration -> Server Properties -> Change SSL Settings -> Select SSL Authentication as No Authentication. Restart OID as described above.
Log in to enterprise Manager. Select OIF-> Administration -> Data Store -> Edit User Data Store and Modify the url to ldaps://<hostname:ssl port> and credentials and click on Test LDAP Connection. LDAP connection is successful. Follow the same steps for Federation Data Store
Restart OIF from Enterprise Manager. Select OIF -> Control
Any other things we can try here to resolve the above issue?
** Customer can also deinstall the OIF, but he wants to know, if after deinstallation will this permit a restore of all configuration settings from the previous installation?
** Also is it possible to install new EM and register the existing OIF instance to new EM?
Any inputs are highly appreciated.
Regards,
AMolHi Alex
We didn' really identity the problem but issue is resolved by resetting the LDAP password. Look into the LDAP log and see if you can find anything.
Maybe you are looking for
-
Missing iView for Business Events in MSS 1.31
Hi, We made an upgrade from ERP 4.7 to ECC 6.0, and we can't find the iView "Business Events". Do you know if this service still valid in the version 1.31 of MSS?. In the previous version the tecnical name of the service was com.sap.pct.hcm.eeprofile
-
Set cell background color conditionally?
I want to set a cells' background colors conditionally, e.g., if the computer value is between 5 to 9, make the background red. Is there any way to do that?
-
How to write to file Unicode characters
I have PDF files that I need to copy some strings out of and put them in various fields in a Postgres database. The goal is a Java screen into the database, whiere I mark and copy the PDF text and then paste it into a field in a Swing window, and fro
-
Please help
-
This is a great feature in Photoshop that should not be too difficult to port over to Ai. I'm working with a series of maps that have many layers. Each map needs to be exported with different sets of layers on or off. I was hoping for a Layer Comp fe