Oracle Access Manager Cache Flush issue

Need urgent help on this.. We have multiple access servers and 2 policy managers. I am able to flush cache from one of the policy manger the other but get the other one is unable to flush cache on all the access servers. Getting error that "following access server cannot be contacted" with list of some access servers. I am successfully able to make telnet connection to all the access servers. Any suggestions on what may be the issue.
Thanks.
VInay

Hi Vinay,
Please check that the transport mode (open/simple/cert) is the same of the Access Servers that it is trying to contact, and that the Policy Manager certs are valid (if simple/cert, obviously). Another idea - if the failing Policy Manager is on a different subnet from the Access Servers, it may be timing out trying to contact them.
Regards,
Colin

Similar Messages

  • Issues integrating WebCenter with Oracle Access Manager

    Hi All,
    I am trying to integrate WebCenter 10.1.3.2 with Oracle Access Manager (CoreId). Followed the steps described in the Chapter 11 of the OC4J Security Guide.
    I was able to successfully authenticate WebCenter using IWA with Access Manager.
    Then I proceeded with the below steps:
    - Implemented ADF Security in the application. Created application roles and login page and worked fine on my local machine.
    - Provide the auth-method of "COREIDSSO" in orion-application.xml
    - Renamed the app-jazn-data.xml to give the OID groups
    - Mapped the OID groups to application roles in orion-application.xml
    - Used the jazn migration tool to populate the system-jazn-data.xml
    When trying to access the application, it looks like the ADF Context identifies that this is an authenticated user.
    ADFContext.getCurrent().getSecurityContext().isAuthenticated() retruns true
    ADFContext.getCurrent().getSecurityContext().isAuthorizationEnabled() returns true
    I get the below error message on the server console:
    [CoreIDLoginModule::getUserSessionFromCookie]: This user session for F3iwZhUGgjej9RSrMLSo0wjH5Ec6c2oeC0OBRH12y7%2FvfPVncz6dYoBoFD6q8DWAlMtzah%2FYV4T1t7jztVFYbxwfOyu0VOMXMEIosRrFicfJwoPRrM8MOkFsziQxpUqo98XrC9iBRHffdWSItNHZRZK4ZoCJMi6HZZ6noOc4Z%2BGJDGj3kWndYHTWjiG0cJhkSbL95wMmrXCDElzZHjPMdkuNQUHW1TfAJvgSlDeX6hhhIThlc%2BGmxMP3MQ%2FZoxUysbKieIJgDXo1%2FEMmLmTVjA%3D%3D is not valid or user is not logged in.
    I also tried using the "Headervar" variable to display the obmygroups value, but it comes as blank.
    Any help would be appreciated.
    Thanks
    Aneesh

    We recently integrated Webcenter Application (with ADF Authentication and Authorization) with OAM. May be the following will be of some help to you.
    We did the following steps documented in Chapter 11 Oracle Access Manager in Oracle J2EE security guide.
    OAM
    1. Created ALL specified policies , authentication schemes, protection specified in OAM section of the document.
    OC4J
    1. Ran all configuration listed for the OC4J section.
    Webcenter
    1. Developed the Webcenter Application
    2. Enabled ADF Security (Authentication & Authorization)
    3. Deployed the application. While deploying chose File based provider.
    4. After the deployment, changed orion-application.xml to have COREIDSSO as documented in Oracle documentation
    system-jazn-data.xml
    1. Added login module details as specified in the document. (Changed only the application name. Rest all was same as we used names as specified in the earlier steps of the document)
    OID Migration
    Reference document: "Configuring a WebCenter Application to Use Oracle Access Manager" in Webcenter Framework Developer guide.
    1. Located app-jazn-data.xml in the deployed application
    2. Removed "realm-name" and "type" subelements of "grantee" tags. Removed any realm details in user name.
    3. changed references to "class oracle.security.jazn.spi.xml.XMLRealmRole" to "oracle.security.jazn.realm.CoreIDPrincipal"
    4. ran the JAZN migration tool with "all" options. Migration from app-jazn-data.xml to OID.
    OAM
    Created policies for protecting our application.
    Test the application.
    Debugging.
    1. Enable oracle.adf.share.security , oracle.j2ee.security & oracle.j2ee.security.oc4j loggers to debug if the application is not working the way you expect to work.
    2. Set log level in Enterprise manager.
    3. All logging information are written in log.xml in $ORACLE_HOME/j2ee/OC4J_Webcenter/log/OC4J_WebCenter_default_group_1/oc4j
    Thanks

  • Integrating Oracle Access Manager with Kerberos (WNA)

    Hi,
    I have working Oracle Access Manager currently being able only to authenticate users against Active Directory. I want to enable WNA. But I am still having issues with correctly configure it:
    I do not know what am I doing wrong.
    I am logged as example.com\testuser into Windows XP, using firefox with WNA enabled for URI example.com. Then I enter http://oracle.example.com which is my Oracle HTTP Server's protected URL, then I am receiving ERROR from Oracle Access Manager: "The user account is locked or disabled. Please contact the System Administrator."
    In OAM Log there is this: <Jun 19, 2012 4:14:15 PM CEST> <Error> <oracle.oam.controller> <OAM-02010> <User account is locked. Authentication failed.>
    Interesting is when I disable WNA support in firefox, then this behavior occurs: fisrt there is this dialog shown "A username and password are being requested by http://oracle.example.com:14100. The site says: "OAM 11g"" --> here I enter example.com\testuser and password. After this new dialog is shown: A username and password are being requested by http://oracle.example.com:14100. The site says: "WebLogic Server", then after entering weblogic/password I receive "The user account is locked or disabled. Please contact the System Administrator."
    In the OAM log this is logged:
    <Jun 19, 2012 4:22:28 PM CEST> <Error> <oracle.oam.user.identity.provider> <OAMSSA-20023> <Authentication Failure for user : weblogic.>
    <Jun 19, 2012 4:22:28 PM CEST> <Error> <oracle.oam.controller> <OAM-02010> <User account is locked. Authentication failed.>
    Any ideas? I am really stuck here.
    I am using this keytab file:
    [root@oracle centos]# klist -ke /home/oracle/keytab.testuser1
    Keytab name: WRFILE:/home/oracle/keytab.testuser1
    KVNO Principal
    7 HTTP/[email protected] (des-cbc-crc)
    7 HTTP/[email protected] (des-cbc-md5)
    7 HTTP/[email protected] (arcfour-hmac)
    7 HTTP/[email protected] (aes256-cts-hmac-sha1-96)
    7 HTTP/[email protected] (aes128-cts-hmac-sha1-96)
    kinit passes fine:
    [root@oracle centos]# kinit -V HTTP/[email protected] -k -t /home/oracle/keytab.testuser1
    Using default cache: /tmp/krb5cc_0
    Using principal: HTTP/[email protected]
    Using keytab: /home/oracle/keytab.testuser1
    Authenticated to Kerberos v5
    Why and which user is locked? I can lock with the AD user into windows domain, so I assume it is not locked + I checked it in the Active Directory.

    Ok, now I got it working. Sh~t! Why oracle documentation says I should set AD datasource with this parameter:
    User Name Attribute: UserPrincipalName, when this does not work?!
    After changing to User Name Attribute: sAMAccountName my WNA works!!!
    I have been fighting all day with this! The question is why such behavior - if the problem is in wrongly written oracle documentation, or I have problem somewehere else.
    Btw my user in AD looks like this:
    distinguishedName:     CN=John Doe,CN=Users,DC=example,DC=com
    sAMAccountName:     doejohn
    userPrincipalName     [email protected]
    It looks OAM takes "doejohn" from Windows via WNA/Kerberos and searches for this using UserPrincipalName and this is giving no match of course because "doejohn != [email protected]".
    The question is why does it take doejohn and not [email protected] from Windows WNA/Kerberos ???

  • Install Oracle Access Manager in existing Access Manager domain

    Hi
    I am operator of a windows system with Oracle Access Manager installed.
    We use OAM for SSO against Webpages in OIM running on Jboss, and now we are going to implement against a WebLogic webapplication too.
    The userbase is standard Active Directory
    I did not set up OAM myself so I'm not completely sure how it works.
    To be able to test the SSO solution given by an external provider, I need to have a proper stage environment.
    My idea is to set up another OAM on another server, wich points towards the same AD domaincontroller as the existing OAM
    Is this possible? In the installation guide I find that the new AccessManager system should be added into the existing OAM configuration , before we turn of the existing OAM and then install the complete OAM on the new server. Then we can turn on the existing OAM again, and implement them as clusters. I would like them to be two indipendent instances not affecting one another, but in the same AD domain to be able to test features in one of them and use the other as the production server.
    My fear is that I "mess up" the form in AD created from the old OAM, and that way mess the upp production environment.
    Edited by: user631873 on 11.sep.2009 06:22

    Hi,
    Technically, you can certainly set up a new OAM infrastructure which points to the existing AD instance. You could do this in a number of ways, for example:
    - set up the new instance so that it points to the same users and configuration branch as the existing instance, so that the new instance is effectively just an extension of the existing instance (with extra Identity and Access Servers, etc) ;
    - set up the new instance so that it points to the same AD instance, but uses different User searchbase and Config branch. In this case the new instance is more or less completely separate, but it happens to use the same directory ;
    - set up the new instance so that it points to the same Users, but a different Config branch, in which case the new instance has independed OAM configuration (policies, authentication schemes etc) but operates on the same user base.
    (In OAM you can define separate ldap locations for the Users, Identity Config and Access Config.)
    It depends on exactly what you want, but if the idea is to have a proper stage environment, then it is usually better for them to be completely independent, including the directory. OAM can update users as well as policies, and additionally different major versions of OAM have different schemas, so there are risks when using the same directory instance. Load testing is also an issue, since the directory is accessed extensivley by OAM.
    Regards,
    Colin

  • Error during execution of SSO with Oracle Access Manager 11gR2

    Hello friends,
    I have a problem with SSO using Oracle Access Manager 11g R2, then describes the steps taken in this test:
    1. Is accessed by the OAM protected application through IE browser, Chrome and Firefox for testing purposes.
    2. The OAM protected application, here is redirected to the OAM page to enter the credentials for the application.
    3. Shows the application, and again reorders authentication credentials.
    Here the details of the cookie:
    a. cookie1: ADMINCONSOLESESSION
    b. cokkie2: OAMAuthnCookie_webgate11g.domain.com: 7777
    We also found an error when starting the node oam_server in WebLogic Server 11g (10.3.6)
    Log:
    [2012-11-29T18:16:02.411-05:00] [oam_server1] [ERROR] [JPS-03156] [oracle.jps.authorization.framework] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000JhEStpUFW7WFLzRL8A1GhylJ000002,0] [APP: oam_server#11.1.2.0.0] The exception has been thrown by ARME. The authorization result is set to deny.[[
    com.bea.security.providers.authorization.asi.InvocationException: ArmeRUNTIME Exception: null
         at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.isAccessAllowed(AuthorizationProviderImpl.java:396)
         at com.bea.security.ssal.micro.MicroAuthorizationManagerWrapper.isAccessAllowed(MicroAuthorizationManagerWrapper.java:73)
         at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed_internal(AuthorizationServiceImpl.java:914)
         at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:745)
         at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:668)
         at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:622)
         at com.bea.security.AuthorizationService.isAccessAllowed(AuthorizationService.java:365)
         at oracle.security.am.common.policy.runtime.provider.oes.proxy.OESRuntimeProxy.wait4OESRuntimeDBPolicyRefreshCompletion(OESRuntimeProxy.java:263)
         at oracle.security.am.common.policy.runtime.provider.oes.proxy.OESRuntimeProxy.init(OESRuntimeProxy.java:193)
         at oracle.security.am.common.policy.runtime.provider.oes.OESPolicyRuntimeProvider.init(OESPolicyRuntimeProvider.java:167)
         at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.getNewInstance(PolicyRuntimeFactory.java:162)
         at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.init(PolicyRuntimeFactory.java:93)
         at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.getPolicyRuntime(PolicyRuntimeFactory.java:84)
         at oracle.security.am.common.policy.util.PolicyComponentLifecycle.initialize(PolicyComponentLifecycle.java:100)
         at oracle.security.am.lifecycle.ApplicationLifecycle.initComponentBootstrap(ApplicationLifecycle.java:156)
         at oracle.security.am.lifecycle.ApplicationLifecycle.contextInitialized(ApplicationLifecycle.java:86)
         at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)
         at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1868)
         at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3154)
         at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1518)
         at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
         at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
         at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
         at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
         at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
         at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
         at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
         at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
         at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
         at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
         at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
         at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
         at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
         at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
         at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
         at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
         at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
         at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
         at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
         at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
         at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
         at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
         at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
         at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
         at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
         at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
         at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
         at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    Caused by: com.wles.InternalException: ArmeRUNTIME Exception: null
         at com.wles.arme.Credentials_ca.exceptionTransport(Credentials_ca.java:606)
         at com.wles.arme.Credentials_ca._accessAllowed(Credentials_ca.java:343)
         at com.wles.arme.CredentialsImpl._accessAllowed(CredentialsImpl.java:400)
         at com.wles.arme.CredentialsImpl._accessAllowed(CredentialsImpl.java:422)
         at com.wles.arme.CachingCredentialsImpl._accessAllowed(CachingCredentialsImpl.java:225)
         at com.wles.arme.CredentialsImpl.accessAllowed(CredentialsImpl.java:452)
         at com.wles.arme.CachingCredentialsImpl.accessAllowed(CachingCredentialsImpl.java:68)
         at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.ARMEisAccessAllowed(AuthorizationProviderImpl.java:977)
         at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.isAccessAllowed(AuthorizationProviderImpl.java:347)
         ... 52 more
    causal exception is:
    com.wles.InternalException: ArmeRUNTIME Exception: null
         at com.wles.arme.Credentials_ca.exceptionTransport(Credentials_ca.java:606)
         at com.wles.arme.Credentials_ca._accessAllowed(Credentials_ca.java:343)
         at com.wles.arme.CredentialsImpl._accessAllowed(CredentialsImpl.java:400)
         at com.wles.arme.CredentialsImpl._accessAllowed(CredentialsImpl.java:422)
         at com.wles.arme.CachingCredentialsImpl._accessAllowed(CachingCredentialsImpl.java:225)
         at com.wles.arme.CredentialsImpl.accessAllowed(CredentialsImpl.java:452)
         at com.wles.arme.CachingCredentialsImpl.accessAllowed(CachingCredentialsImpl.java:68)
         at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.ARMEisAccessAllowed(AuthorizationProviderImpl.java:977)
         at com.bea.security.providers.authorization.asi.AuthorizationProviderImpl.isAccessAllowed(AuthorizationProviderImpl.java:347)
         at com.bea.security.ssal.micro.MicroAuthorizationManagerWrapper.isAccessAllowed(MicroAuthorizationManagerWrapper.java:73)
         at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed_internal(AuthorizationServiceImpl.java:914)
         at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:745)
         at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:668)
         at com.bea.security.impl.AuthorizationServiceImpl.isAccessAllowed(AuthorizationServiceImpl.java:622)
         at com.bea.security.AuthorizationService.isAccessAllowed(AuthorizationService.java:365)
         at oracle.security.am.common.policy.runtime.provider.oes.proxy.OESRuntimeProxy.wait4OESRuntimeDBPolicyRefreshCompletion(OESRuntimeProxy.java:263)
         at oracle.security.am.common.policy.runtime.provider.oes.proxy.OESRuntimeProxy.init(OESRuntimeProxy.java:193)
         at oracle.security.am.common.policy.runtime.provider.oes.OESPolicyRuntimeProvider.init(OESPolicyRuntimeProvider.java:167)
         at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.getNewInstance(PolicyRuntimeFactory.java:162)
         at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.init(PolicyRuntimeFactory.java:93)
         at oracle.security.am.common.policy.runtime.PolicyRuntimeFactory.getPolicyRuntime(PolicyRuntimeFactory.java:84)
         at oracle.security.am.common.policy.util.PolicyComponentLifecycle.initialize(PolicyComponentLifecycle.java:100)
         at oracle.security.am.lifecycle.ApplicationLifecycle.initComponentBootstrap(ApplicationLifecycle.java:156)
         at oracle.security.am.lifecycle.ApplicationLifecycle.contextInitialized(ApplicationLifecycle.java:86)
         at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)
         at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1868)
         at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3154)
         at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1518)
         at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
         at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
         at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
         at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
         at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
         at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
         at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
         at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
         at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
         at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
         at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
         at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
         at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
         at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
         at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
         at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
         at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
         at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
         at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
         at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
         at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
         at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
         at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
         at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
         at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
         at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
         at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
         at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    We appreciate your support in solving the case. Thanks...
    JLK
    Edited by: JLK on Nov 30, 2012 9:43 AM

    Hi Viju,
    Did you executed the python script to register OPSS. If not then you will get the mentioned error:
    I have mentioned couple of workarounds. Can you try those and let me know the results. Take the backup of your entire environment before you follow the steps:::
    1. For the ARME issue patch can be applied for 11.1.2
    OAM Bundle Patch Release History (Doc ID 736372.1)
    Yes. This is a benign message. ( the ARME issue)
    OAM 11R2 After Upgrade The Managed Server Start With Error ArmeRUNTIME Exception: Null (Doc ID 1509559.1)
    The other issue is under investgation and is benign.
    <oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer> WARNING when accessing oamconsole (Doc ID 1511967.1)
    The final message is spoken to here:
    WLS 10.3.3: "Auto-Ref-By: WebApp" deployed as shared library is affecting other web applications. (Doc ID 1210393.1)
    Action Plan:
    =========
    1. For the ARME issue patch can be applied for 11.1.2
    OAM Bundle Patch Release History (Doc ID 736372.1)
    Hope this helps.

  • Oracle Access Manager-Protecting resources

    Hi,
    I have installed the Oracle Access Server/Identity Server/Policy managerWebpass/Webgate etc...I want to create policy domains and resources in the policy manager to protect certain internal websites. Is there any crisp documentation that some one can share to do the basics atleast? the oracle documentation is insanely extensive with links/references all over the place and I find it very difficult to understand how the policies are constructed. I have created couple of authentication schemes (basic/Form) that can be used. to start off i have a basic login page created in IIS that can be used for user input and also have a couple of other html files in a folder under it. If some one can share a document that takes me step by step to protecting a resource, it will be great.
    Thanks in advance.
    Naresh

    Two suggestions:
    1) Ask the question in a group inhabited by OAM users ... this group is generically for doc issues. (ANd yes, you mention a doc issue, but very few OAM users visit here.)
    - a place for that might be: http://forums.oracle.com and scroll down to Identify Management
    2) Look through OTN in the product portal (http://otn.oracle.com > Products: Middleware > Identify Management: Identity Management > Oracle Access Manager)

  • Oracle Access Manager and Passing Cert Info to HTML or JSP

    Friends,
    We are trying to pass the CN information from our smartcard (CAC) that looks i.e. john.doe.123456789 as a parameters to an Oracle Forms using the staticHTML implementation utilizing the OBLIX SSO OR utilizing a JSP or HTML file to read these parameters and update OID. We can pass the UID but since we will have First-time Registration of the Smartcards, the UID doesn't count since the CN information from the Smartcard has not been populated at this point to the OID, we are trying to get the functionality going to get the user first to put in their login and password but at submit time, to update the OID with the CN information to a separate column of OID and not the UID.
    Utilizing the OAM, we have been able to proof concept the authentication using the UID by using the Policy Manager and the Access System Console --> Access System Configuration. It's works well with the plugin that comes with the OAM (SSOOblixAuth.java) and thx to Oracle Support, but we need to be able to pass other parameters that are specified as a part of the Resource - Action as headervars such as
    HeaderVar OBLIX_SN or
    hearderVar OBLIX_MAIL
    Our Oracle Access Implementation is in halt until we find a way to pass these return Attributes to our Oracle Forms. The Oracle Forms running SSO is working greatly with just the userlogin and password (UID is passed as a header) without the Oracle Access Manager (OBLIX) but now we have shifted to this product for reading and processing Smartcard information.
    Any help we can get, we very much appreciate it.
    KA

    O.K.
    I am getting closer but still not getting the ssooblixuser or ssooblixcn. I have
    the following jsp to fire after a successful authentication.
    The following code is utilized in our SSO environment for changing passwords.
    The bolded line should get the ssooblixuser but it is not..
    <%
    response.setHeader("Cache-Control", "no-cache");
    response.setHeader("Pragma", "no-cache");
    response.setHeader("Expires", "Thu, 29 Oct 1969 17:04:19 GMT");
    request.setCharacterEncoding("UTF-8");
    response.setContentType("text/html; charset=UTF-8");
    String remoteUser = null;
    String userDn = null;
    String referer = null;
    String oblixheader = null;
    remoteUser = request.getRemoteUser();
    userDn=request.getHeader("OSSO-USER-DN");
    referer=request.getHeader("referer");
    oblixuser = request.getHeader("ssooblixuser");
    %>
    <HTML>
    <HEAD>
    <SCRIPT language="JavaScript">
    function validatePasswordsMatch()
    var frm = document.forms["changePassword"];
    if(frm.newpwd.value != frm.confirm_newpwd.value)
    alert('The Password and verified password do not match!');
    return false;
    else
    document.changePassword.submit();
    return false;
    function cancelButton()
    document.close();
    </SCRIPT>
    </HEAD>
    <BODY bgcolor="#cae3ff" >
    <table width="750" height="10" border="0" cellspacing="0" cellpadding="0">
    </table>
    <TABLE ALIGN="Center">
    <TR><TD>User Name</TD><TD> <%=remoteUser%> </TD></TR>
    <TR><TD>OBLIX USER</TD><TD> <%=oblixuser%> </TD></TR>
    Edited by: user10130371 on Sep 17, 2009 8:09 AM
    Edited by: user10130371 on Sep 17, 2009 8:10 AM

  • Oracle Access Manager 11g r2 with Oracle Entitlement Server 11g r2

    Hello,
    I would like to set up a configuration with Oracle Access Manager 11g r2 where Authentication is against Active Directory, and Authorisation is against Oracle internet Directory
    Access Manager has to get authorizations from Oracle internet Directory via Oracle Entitlement Server
    I cant find any document describing how to integrate Oracle Access Manager with Oracle Entitlement Server
    could any one help ?
    Regards

    Hi all,
    I am facing some issue with the distribution of the policy in the security module of OES.
    The "application" distribution tab allows me to distribute the policy created but does not generate any distribution ID or address for webservice access.
    I am using OES 11.1.5
    Thanks in advance.

  • Oracle access manager - Policy domain - Return Type

    Hi,
    I have a requirement where I need to return few LDAP parameter values through Policy domain while redirecting. But the return type should be propertytype and not headervar or cookie. This is SSO integration with websphere using JAAS subject. We have inhouse TAI connector developed for integration between websphere and oracle access manager.
    Please help me to resolve this issue.
    Regards,
    Prashant

    Hi Prashant,
    OAM can return any type that you want, and OAM will set the name/value for that type - you can put "propertytype" in the type column, and the name and return attribute in the respective fields. "Cookie" and "HeaderVar" are the only types used by OAM WebGates, but your AccessGate (custom in-house connector) should be able to retrieve the values of propertytype that OAM sets.
    Regards,
    Colin

  • Problem in customizing Oracle Access Manager 10g

    HI,
    I am facing some problem while incorporating customizations into Oracle Access Manager 10g.
    When trying to access the url with a particular style name.... i am getting the following error :
    obhtmlpage.cpp:160: Error:
    obhtmlpage.cpp:277: Error: ExXSLTProcessingGeneric: Exception processing stylesheet. Root stylesheet ID: ../../../lang/en-us/style0/login.xsl
    obxdkxsl.cpp:224: Error: ObXDKTransform
    obxdkcache.cpp:528: Error:
    obxdkcache.cpp:565: Error:
    ../obcacheof.cpp:429: Error:
    ../obcacheof.cpp:795: Error:
    ../obcacheof.cpp:932: Error:
    obxdkcache.cpp:291: Error: ObXdkObject::ObXdkObject
    Front Page Admin
    Sun Microsystems Solaris
    Could someone please provide some help as to how to solve the problem.
    Thanks.

    One good way to debug the XSL stylesheet issue is to apply the XSL outside of OAM with input XML and see if you get the results. You can use tools such as XML SPy for XSL development and testing.
    This error is more in line with XSL syntax and processing.
    Thanks
    Ram

  • LifeRay Poratl & Oracle Access Manager Integration

    Hi All
    Am trying to integrate LifeRay Portal with Oracle Access Manager to provide SSO. Steps I done is Created Proxy (Required) to the application with Apache Web Server and installed Apache Web Gate on it to protect the proxy. Now I need help to configure Portal to enable SSO and Authentication with LDAP Users Customization. Any one Please try to help me in this issue please
    Version of LifeRay : 6.0.6
    Oracle Access Manager : 10g (10.1.4.3.0)

    Have you provided all the hostname and port combinations in the Host Identifier?
    What have you configured as Preferred Host in webgate configuration? What is configured in the Host Identifier?
    ~Yagnesh

  • Configuration of APEX applications to use Oracle Access Manager for Login

    Is there Oracle documentation on configuring an APEX application to accept a login id passed by Oracle Access Manager? Would someone please help with some instructions on how to do it. Thanks.

    Hi Ravi,
    this looks like a WLS issue.
    1-You can try as a workaround to remove this validator configuration in taglib definition file: .tld and see the behavior.
    2-Or you are missing something into url.
    I hope this helps,
    Thiago Leoncio.

  • How to create a custom plugin in Oracle Access Manager to create a cookie

    How to create a custom plugin in Oracle Access Manager to create a cookie or Header Variable..
    Vipin

    Its has more steps which you need to consider in addition to Note:101048.1 which is mentioned by Prashant_Pathak. Both notes have enough information. If not, let's know what else you need to set

  • Installing Oracle Access Manager - 11.1.1.5

    Hi
    I am very new to Identity Management and have been trying to set Oracle Access Manager in Windows XP.
    Downloaded ofm_iam_generic_11.1.1.5.0_disk1_1.zip from OTN.
    I cannot find the RCU for 11.1.1.5 version from the website directly. All I could see is only RCU for 11.1.1.3 and 11.1.1.2 version.
    Can anyone send me the download link for RCU 11.1.1.5 and step by step installation guide for setting up Oracle Access Manager.
    I tried creating OAM Domain after installing IDM Suite and running RCU 11.1.1.3 version.
    When I run the WebLogic and OAM server I am getting error
    Caused By: oracle.security.am.common.policy.admin.PolicyManagerException: oracle.security.am.c
    policy.admin.PolicyManagerException: OAMSSA-06251: Unsupported policy store version detected.
    ed "11.1.1.5.0" but found "11.1.1.3.0".
    Also unable to login to OAM console.
    Thanks,
    Ram

    Daren,
    Do you have OAM 11.1.1.3 running and now you wish to upgrade it to 11.1.1.5 or
    You wish to install new 11.1.1.5 ?
    If this is later then better you should use 11.1.1.5 RCU to create schema as this is straight and easy process with no upgrade.
    If you are running 11.1.1.3 and wish to upgrade to 11.1.1.5 then there are steps to apply 11.1.1.5 oatch in My Oracle Support(earlier metalink) Procedure to Upgrade OAM 11.1.1.3.0 to OAM 11.1.1.5.0 [ID 1318524.1
    Atul Kumar
    http://www.amazon.co.uk/Oracle-Identity-Access-Manager-Administrators/dp/1849682682  <- OIM / OAM 11g Book on Amazon
    http://onlineappsdba.com/index.php/book/   <- EBS R12 Integration with OID/OAM for SSO Book                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  • Integrating Oracle EBS R12 with Oracle Access Manager 11g

    Hi Everyone ,
    Oracle Access Manager version 11.1.1.5
    Oracle Identity Management 11.1.1.6.0
    Oracle Access Manager WebGate 11.1.1.5
    Oracle E-Business Suite AccessGate patch p12796012
    Apps Version : 12.1.1
    DB Version 11.2.0.3
    PLatform : OEL 5.8
    We are trying to Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11g using Oracle E-Business Suite AccessGate.We followed metalink id's
    1309013.1 and 1543803.1 and some other documents.We have performed every step as documented , and everything seems to work fine untill user tries to log out from Oracle Applications i.e User
    is able to login to Oracle Applications through access gate and everything is working fine. But as user click logout button an error messsage is diplayed like "*500*
    *Internal Server Error Servlet error: An exception occured* " (The url at the time of this message is http://hostname:port/OA_HTML/AppsLogout ).
    Apps Tier (oacore) Application log:-
    +13/05/15 19:04:20.229 html: Servlet error+
    java.lang.NoSuchMethodError: oracle.apps.fnd.sso.SSOManager.getAuthAgentLogoutUrl(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
    at oracle.apps.fnd.sso.AppsLogoutRedirect.doGet(AppsLogoutRedirect.java:193)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
    +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)+
    at oracle.apps.jtf.base.session.ReleaseResFilter.doFilter(ReleaseResFilter.java:26)
    +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:15)+
    at oracle.apps.fnd.security.AppsServletFilter.doFilter(AppsServletFilter.java:318)
    +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)+
    +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)+
    +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)+
    +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)+
    Apps Tier Apache Error log :-
    +[Wed May 15 18:50:52 2013] [error] [client 192.168.0.2] [ecid: 1368624052:192.168.0.61:10798:0:44,0] File does not exist: /u01/eBiZR12/apps/apps_st/comn/java/classes//+
    WE have set all required profile in Oracle Application as directed in documents , and users are able to login just fine , but they are not able to logout.
    IS there something that we are missing , any help is highly appreciated.
    Regards
    Edited by: TheKop88 on May 16, 2013 11:39 AM

    Hi there ,
    Thanks for reply ,
    We had already gone through that document earlier. We noticed that when Apllication Profile "*Apllications SSO Type* " is set to SSWA then OA_HTML/AppsLogout is
    working fine , but when we set "*Applications SSO Type*" to SSWA w/SSO then OA_HTML/AppsLogout is not working(not redirecting) .Error thrown on web browser is "+500 Internal Server Error Servlet error: An exception occurred. The current application deployment descriptors do not allow for including it in this response+" . we believe that we might have missed some Profile settings that is causing this error.
    Regards
    Edited by: TheKop88 on May 16, 2013 12:03 PM
    Edited by: TheKop88 on May 16, 2013 12:07 PM

Maybe you are looking for

  • Request: compare and propagate user objects

    After making changes to table definitions, views, program units, and so on, it may be useful to propagate these changes to another database user. This maybe another development environment, or a testing environment in same or another database. Like "

  • JSP error java.lang.NoClassDefFoundError: org/apache/commons/fileupload/Fil

    I'm rather new to jsp. I'm using myeclipse and I'm deploying my site on tomcat. I've been slowly working away on the errors in my log files. Most of the problems that I've run into have been missing jar files. The log error that I'm stuck on follows:

  • Global template and rollouts vs. Solution Directory

    Hello, I would like to know what is the best way to maintain the global template and the related rollouts documentation. I know the functionality of Solution Directory, ie. it should be the primary place to maintain a solution in production, changes

  • Trouble using networked printer

    I am a new iMac user with quesiotns regarding netowrked printing. Any advice/explanations would be appreciated. I am using an Epson RX580 printer which is physically connected to a Windows PC. I am able to print from the Mac over a wireless connectio

  • How to configure WWAN

    hy guys, I've bought a X300 6478-15G with sierra HSDPA modem 8775 built in. But I have some difficult to configure internal vodafone modem, I'm not vodafone, I work with another provider and I do not have any chance to modify APN and other setting to