OIM 11gR1 -- SSO using Weblogic negotiateIdentityasserter

Similar Messages

• Unable to enable SAML based SSO using Weblogic 10.3.3

  Hi,
  I am working on enabling SSO among two different applications hosted on different domains (WLS 10.3.3) of same machine.
  I followed all the steps given in http://www.oracle.com/technetwork/articles/entarch/sso-with-saml-099684.html but ending up with Error 401--Unauthorized message when I access App-2.
  Even the sample applications attached with the article above results with same 401 error.
  Can you please help me with some work around. Also let me know for more info required.
  Thanks
  Raza
  Edited by: Raza Naqui on Dec 28, 2010 4:14 PM

  It worked partially now. I configured everything right from the scratch using http://www.oracle.com/technetwork/articles/entarch/sso-with-saml-099684.html and it worked
  Cleared Cookies/Cache/History
  Usecase - 1:
  1. Hit appA --> Login Page A (Entered Credentials) --> appA Landing Page ---------- WORKS FINE
  2. Hit appB --> appB Landing Page ----------- WORKS FINE
  Cleared Cookies/Cache/History
  Usecase - 2:
  1. Hit appB --> BASIC Authentication Box pops-up (Entered Credentials) --> appB Landing Page ----------- WORKS FINE
  2. Hit appA --> Login Page A is rendered ---------- DOESN'T WORKS FINE (In this usecase, instead of Login Page, it should render Landing Page of appA)
  I tried:
  1. Changing the login method of web.xml (appA) to CLIENT-CERT,FORM ----------- SAME ISSUE AS in Usecase-2.2
  2. Configured both the domains in the reverse order of configurations given in Blog-Link above. Meaning, where-ever it says appB (I referred appA) and in place of appA (I referred appB). Same case with domains. And then I try to hit appA URL ----> BASIC Authentication Box Pops up (Entered Credentials) -----> HTTP 500 ERROR (Internal Server Error) and nothing is printed on Weblogic Console.
  My Requirement:
  1. Out of appA or appB, which-ever is accessed for the first time, the login screen/basic authentication pops-up. Followed by no authentication to be required for appA or appB.
  Questions:
  1. Using SAML, can we enable 3 web-applications for SSO. If yes, How?
  Many Thanks
  Raza

• SSO using WebLogic app server and AD as the auth source

  Hi All,
  I am trying to setup SSO on 10gR3 using MS Active Directory as the auth source and WebLogic as the app server.
  Do I have to create a custom SSO or can this setup be configured using the basic SSO and config changes?
  Any help or guidance will be appreciated.
  Cheers
  Bob

  There are many ways. The generic answer is federation via SAML, look at the docs for Oracle Identity Federation.

• Cannot communicate from weblogic 10.3.5 to weblogic 8.1.4 (OIM 11gR1)

  Hi all,
  when i run java class adapter in oim 11gR1, which contain ejb class from other weblogic(8.1.4), i facing problem that request which i run cannot finish or process is looping forever.
  my code :
  public String create(){
  SecurityMngr = (SecurityManager) connMthdDsms.connectionForDsms().get("a");
  success = SecurityMngr.addUser(uvo);
  if (success)
  result = "C";
  does error is about connection between weblogic 10.3.5 with weblogic 8.1.4. or other?
  i use OIM 11gR1 bp7, Weblogic 10.3.5,
  regards

  Hi all,
  when i run java class adapter in oim 11gR1, which contain ejb class from other weblogic(8.1.4), i facing problem that request which i run cannot finish or process is looping forever.
  my code :
  public String create(){
  SecurityMngr = (SecurityManager) connMthdDsms.connectionForDsms().get("a");
  success = SecurityMngr.addUser(uvo);
  if (success)
  result = "C";
  does error is about connection between weblogic 10.3.5 with weblogic 8.1.4. or other?
  i use OIM 11gR1 bp7, Weblogic 10.3.5,
  regards

• SSO using SAML2 in WebLogic Server 10.3 not working

  Dear all,
  I have tried all possible configuration to configure SSO but with no hope :(
  My requirement is to configure SSO using SAML2, weblogic 10.3 and 1 domain.
  I followed the following links in my configuration:
  1- http://biemond.blogspot.com/2009/09/sso-with-weblogic-1031-and-saml2.html
  2- http://blogbypuneeth.wordpress.com/2011/01/15/steps-to-configure-saml-2-on-weblogic-server-10-3-0/
  Please if anyone can send me any other tutorial or working sample application as maybe i am configuring the web/weblogic xmls in a wrong way
  Appreciate any help

  Hi,
  This is how my web.xml looks like :
       <display-name>SAML Destination Site Application</display-name>
       <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
       </welcome-file-list>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>SecurePages</web-resource-name>
                 <description>These pages are only accessible by authorized users.</description>
  <url-pattern>samldest01App/restricted01/*</url-pattern>
  <http-method>GET</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <description>These are the roles who have access.</description>
                 <role-name>SamlUser</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <description>This is how the user data must be transmitted.</description>
                 <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>myrealm</realm-name>
       </login-config>
       <security-role>
            <description>These are the roles who have access.</description>
            <role-name>SamlUser</role-name>
       </security-role>
  </web-app>
  weblogic.xml :
  <?xml version='1.0' encoding='UTF-8'?>
  <weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <security-role-assignment>
            <role-name>SamlUser</role-name>
            <principal-name>SAML_SSO_GRP</principal-name>          
       </security-role-assignment>
       <context-root>/samldest01App</context-root>
  </weblogic-web-app>

• Migrating from OIM on WebSphere to WebLogic

  Can anyone provide any insight on the possibility of migrating OIM from WebSphere to WebLogic. Are there differences in the database that would make this a difficult task?
  The "Upgrading to 11gR1" does not list this as a possible path.

  In this section of the documentation http://download.oracle.com/docs/cd/E21764_01/upgrade.1111/e10129/upgrade_oim.htm#CACFJBJE it has listed WebSphere on the left for 9.x version, and WebLogic on the right for 11g. And since 9.x and 11g use different tables specific to the application server, the migration of data from 9.x should not matter for those. The 11g will use it's own tables specific to the app server and migrate just the required OIM data that isn't specific to the previous app server. That is why you must complete all tasks in the queues prior to migration.
  -Kevin

• OIM 11gR1: Disabled Resource changes to Provisioned on modification

  Version: OIM 11gR1 BP7
  Target System: Active Directory using AD Connector 11.1.1.5.0
  In my environment, I have a user with a disabled Active Directory resource. Whenever I make changes to the user's AD resource, the status of that resource is changed to "Provisioned" even though the resource is still disabled on the target system. I know that when a resource is disabled, you cannot edit the form. I have made the modifications through the APIs or password reset button on the OIM interface (I have setup "Change Password" process task so that password is pushed out to the user's AD resources).
  I have also setup a custom icf connector and it has the same behavior as above.
  I would like to know if anyone has ran into this issue before or any insights in debugging this issue.

  Check if the task that is being triggered after user resource is disabled has mapping "C -- Provisioned". That could possibly be the reason!

• Trying to create Organization in OIM 11g R2 using API

  Hi All,
  I am trying to create Organization in OIM 11g R2 using API's. I able to create a organization with attributes Organization Name and Organization Customer Type but when i am trying to add Parent Organization Name it is throwing me the following error
  Caused by: oracle.iam.platform.entitymgr.UnknownAttributeException: Organization : [Parent Organization Name]
  any help in this regard will be helpful....
  Thanks

  Yes i do have the org with act_key 27
  I have done that changes...still it is throwing the same error
  Exception in thread "main" oracle.iam.identity.exception.OrganizationCreateException: IAM-3056148:act_createby is a System Attribute and cannot be set through API.:act_createby
       at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
       at oracle.iam.identity.orgmgmt.api.OrganizationManager_874ar_OrganizationManagerRemoteImpl_1036_WLStub.createx(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
       at $Proxy2.createx(Unknown Source)
       at oracle.iam.identity.orgmgmt.api.OrganizationManagerDelegate.create(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at Thor.API.Base.SecurityInvocationHandler$1.run(SecurityInvocationHandler.java:68)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.security.Security.runAs(Security.java:41)
       at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
       at Thor.API.Base.SecurityInvocationHandler.invoke(SecurityInvocationHandler.java:79)
       at $Proxy3.create(Unknown Source)
       at oracle.iam.ui.custom.Class1.main(Class1.java:108)
  Caused by: oracle.iam.identity.exception.OrganizationCreateException: IAM-3056148:act_createby is a System Attribute and cannot be set through API.:act_createby
       at oracle.iam.identity.orgmgmt.impl.OrganizationManagerImpl.create(OrganizationManagerImpl.java:318)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy333.create(Unknown Source)
       at oracle.iam.identity.orgmgmt.api.OrganizationManagerEJB.createx(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
       at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
       at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy331.createx(Unknown Source)
       at oracle.iam.identity.orgmgmt.api.OrganizationManager_874ar_OrganizationManagerRemoteImpl.__WL_invoke(Unknown Source)
       at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
       at oracle.iam.identity.orgmgmt.api.OrganizationManager_874ar_OrganizationManagerRemoteImpl.createx(Unknown Source)
       at oracle.iam.identity.orgmgmt.api.OrganizationManager_874ar_OrganizationManagerRemoteImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
       at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
       at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
       at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
       at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  Caused by: oracle.iam.platform.kernel.ValidationFailedException: IAM-3056148:act_createby is a System Attribute and cannot be set through API.:act_createby
       at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createValidationFailedException(UserManagerUtils.java:337)
       at oracle.iam.identity.usermgmt.utils.UserManagerUtils.createValidationFailedException(UserManagerUtils.java:372)
       at oracle.iam.identity.utils.Utils.checkAllowedAttributes(Utils.java:2523)
       at oracle.iam.identity.orgmgmt.impl.handlers.create.CreateOrganizationValidationHandler.validate(CreateOrganizationValidationHandler.java:102)
       at oracle.iam.platform.kernel.impl.OrchProcessData.validate(OrchProcessData.java:258)
       at oracle.iam.platform.kernel.impl.OrchProcessData.runValidationEvents(OrchProcessData.java:203)
       at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.validate(OrchestrationEngineImpl.java:699)
       at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:547)
       at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:485)
       at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:403)
       at sun.reflect.GeneratedMethodAccessor1171.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy251.orchestrate(Unknown Source)
       at oracle.iam.identity.orgmgmt.impl.OrganizationManagerImpl.create(OrganizationManagerImpl.java:306)
       ... 46 more

• Best practice to modify OIM webApp.war in Weblogic (10g - 9102)

  I very generic question for OIM in Weblogic:
  If I'm doing any change(minor or major) in any of the JSP file in OIM xlWebApp.war, what is the best practice of moving it to production ?
  Thanks,

  Hi,
  Here the steps you should do:
  - unwar the xlWebApp.war file (through jar command)
  - Modify/add the jsp's.
  - War it again.
  - copy/replace that at XEL_HOME/webapp location.
  - if you had modified xml or properties file, copy that to DDTemplate/webapp
  - run patch_weblogic command.
  - restart server.
  You can also write a build script which will take OOTB xlWebApp.war and custom jsp's and will generate new xlWebApp.war.
  Once tested successfully in dev/QA env, you can check in code and new xlWebApp.war file in some subversion.
  In Production you can directly use this xlWebApp.war file and run patch command.
  Also look at this:
  Re: Help: OIM 10G Server With Weblogic
  Cheer$
  A..

• Problem in configuring SSO using SAML for applications hosted on diff m/c

  Hi Techies,
  I am stuck in a weird problem for past month or so without any resolution. Not much help by googling. So I hope i get the answer from the mouth of the horses -
  I am trying to use SSO using the sample application appA and appB as stated in the tutorial of SSO by BEA.
  I am summarizing the problem below -
  Steps followed for Configuring SSO using SAML
  1. Created 2 domains on 2 seperate machines namely domainA and domainB
  2. Source appliction is deployed on domainA and the target application is deployed on domaninB
  The steps mentioned in the following tutorial has been followed-
  http://dev2dev.bea.com/pub/a/2006/12/sso-with-saml.html
  3. As mentioned in the tutorial the certificate is generated using keytool utility. The same certificate is copied
  to WEBLOGIC_HOME/server/lib of destination machine.
  4. The certificate was successfully registered on desitnation or host 2 but while activating the configuration
  changes(SSL client Ientity Alias and SSL Client Identity Pass Phrase) for Federation services the following error
  is thrown -
  " SAMLBeanUpdateListener: SAMLKeyManager.prepareUpdate() failed with exception:
  weblogic.descriptor.BeanUpdateRejectedException: SAML key Manage failed to validate key (SSL Client) configuration
  in the FederationServicesMBean, key alias: testalias "
  The interesting bit of the problem is that the same configuration works on 2 domains created on same machine. The
  problem only occurs when domains are created on seperate machines.
  Alterative to the problem: when the certificate is generated seperately for domainB and copied to
  WEBLOGIC_HOME/server/lib, it works. However, the certificate generated in domainA should have been copied.
  Note: I am using Weblogic portal 9.2.1
  Any quick replies will be much appreciated. Thanks.
  Edited by saurabh.agrawal at 02/06/2008 2:01 PM

  Hi François,
  You are right about the use of the NameID format. But the issue here is/was that OIF at SP is integrated with OAM, and the authenticated user at OIF-SP and OAM will be the Anonymous user rather than the user who was identified at the IdP even though the remaining attributes sent are for the IdP user. I think these attributes can be used by with OAM for authorization using custom authorization plug-ins but haven't tried that one out.
  As for the attribute sharing profile, it's this one - http://www.oasis-open.org/committees/download.php/18058/sstc-saml-x509-authn-attrib-profile-cd-02.pdf, although for the life of me, I cannot remember why I suggested this in the first place!
  -Vinod

• Enabling SSO with Weblogic Server

  Hi,
  Can someone please forward some documention on enabling SSO with Weblogic server for different applications using the admin console.
  Is enabling SSO only possible programmatically??
  Is there an external server amongst the Weblogic Platform that maintains this SSO information??
  Regards,
  Mukta

  Pradeep,
  Here are some questions for you.
  1. what version of Weblogic App Server you are using?
  2. Is it a weblogic Portal or a Java application deployed
     on a Weblogic App Server?
  3. You have mentioned that the users are stored in a table. Is it a database table ?
  Anyway see the following link as a starting point?
  http://e-docs.bea.com/wls/docs81/jconnector/security.html#1216783
  If the customer has lot of other web applications that they want to integrate you can look at third party authentication solutions (Ex: Siteminder). But if it is a few or limited applications then custom solution would be more appropriate from the cost perspective.
  Hope this can be a starting point.
  -Regards
  -Venkat Malempati

• Re: single log-on (SSO) using Windows 2000 and Active Directory

  Hi Honggo,
  Its possible to see all the Active Directory users in WLS6.1 by
  configuring the ldap realm.
  You can use any of the username/password in ldap but you still have to
  login again.
  However the concept of single sign on across operating system and WLS
  might not work in WLS6.1. WLS 7.0 allows you to write code that
  supports these kind of things better.
  honggo wrote:
  anybody know how to use windows 2k authentication
  (implemented by Active Directory)
  to support SSO in WebLogic Server?
  What I mean is I want to login once and only once
  in win2000 and somehow weblogic server know
  who is currently logon and impose some Access Control
  many regards in advance
  honggo

  Replying again because it didn´t seem to work last time.
  Could you be more specific? What code do I have to write to achive single sing on across Windows and WLS 8.1?
  Regards
  Mauricio Hurtado
  Banco de Mexicio

• OIM sees error in Weblogic Environment

  Hello All,
  I've working setup of OIM 9102(BP15) with WEBLOGIC (10.3.5.0) in a cluster.
  At Weblogic server startup, i see following error (xlStartWLS.sh):
  +ERROR,04 Jan 2012 14:49:16,173,[org.apache.beehive.netui.pageflow.internal.AdapterManager],ServletContainerAdapter manager not initialized correctly.+
  CR#361988 (http://docs.oracle.com/cd/E11035_01/wloc10/notes/known_resolved.html) says - this error can be ignored (old link). However, i want to confirm if there could be any issue in the environment. Also, when i browse through the Weblogic console pages i see few warning message coming out each time i click on any console buttons/links:
  +WARN,04 Jan 2012 15:01:57,519,[org.apache.beehive.netui.pageflow.PageFlowRequestProcessor],Struts module is configured to use com.bea.console.internal.ConsolePageFlowRequestProcessor as the request processor, but the <controller> element does not contain a <set-property> for "controllerClass". Page Flow actions in this module may not be handled correctly.+
  Any pointer/help would be appreciated.
  Thanks,

  Yeah. Found an article in Oracle support. It says this message could be ignored.
  However, It also talks about renaming the log4j.xml file and use in Weblogic to avoid this unwanted audit log. When I searched Weblogic file system, i could not find log4j.xml. :( Are these 2 different use cases?
  Thanks,

• SAML generation using weblogic

  Hi,
  I am using weblogic as an Identity Provider and Oracle Identity federation (OIF) as a service Provider. The federation will be IDP(weblogic) initiated.
  I have configured both the sides , published and exchanged metadata .
  Is any out of box feature of weblogic there by which we can use SAML after configuration only or we need to write a separate java code in order to create login page and using the entire configuration which I made in weblogic. (Will any application need to be deployped in weblogic?).
  What URL I need to hit for SAML if there is out of box feature in weblogic for using SAML(after configuring everything in weblogic).
  Thanks
  Piyush

  Maybe the example given here can help you out: http://biemond.blogspot.com/2009/05/sso-with-weblogic-103-and-saml.html and http://docs.oracle.com/cd/E21764_01/web.1111/e13707/saml.htm#i1112531
  and the whitepaper (tutorial) that is referenced in the latter: http://www.oracle.com/technetwork/articles/entarch/sso-with-saml-099684.html

• OIM 11gR1 - Request Stuck in "Obtaining Operation Approval"

  Hi Guru,
  we are having a problem with oim11gr1, the Request from the user are stuck on "Operation Obtaining Approval" status even though the approval workflow process has complete.
  This issue also happened with Request that only use Auto Approval process provided by OIM11gR1, doesn't use custom approval with SOA-BPEL.
  Is this a bug in OIM 11gR1? How do we fix this?
  Need help guys.
  Thank you,
  Heri

  Hi Bikash,
  We use OIM 11g version 11.1.1.5.0, we haven't apply any patches yet. Do you have recommendation what patch(s) that we should apply?
  Not all request with that spesific type, but only for some request (intermittent). Some request that use approval workflow from soa-bpel also sometimes stuck on "Obtaining Operation Approval" or "Request Complete" but doesn't trigger provisioning process.
  Please help.
  Best Regards,
  Heri