Oracle Adaptive Access Manager UIO Integration Issue

Similar Messages

• Problem with Oracle Adaptive Access Manager 10g

  Hello, I'm trying to install the OAAM following the Installation and Configuration Guide (http://download.oracle.com/docs/cd/E12057_01/doc.1014/e12050/toc.htm).
  In The Package Contents section speaks of a zip file named oaam_bin.zip but never says where could I download it. Anybody know where do I get it?
  I have already downloaded the Oracle Adaptive Access Manager 10g (10.1.4.2.0) CD1 named V11415-01.zip from http://www.oracle.com/technology/software/products/ias/htdocs/101401.html but it is not the zip file that the documentation talks about.
  I'm looking for in many sites but i have no luck.
  Thanks a lot!
  Guido.

  The documentation you are referring to is for 10.1.4.5.0 and not 10.1.4.2.0. After installing version 10.1.4.2.0, install patch 10.1.4.3.0. You will see oaam_bin.zip and the necessary files in it. The patch number is 6987695.
  You might be interested in patch 10.1.4.3.1 (#7324863) also. Check the readme file for details.
  -shetty2k

• Remote Access Management Console - configuration issue with Network Location Server

  2012 Std R2
  The remote Access management console operation status shows  all green except for network location server .
  Error: There is no response from the network location server URL. DirectAccess connectivity might not work as expected, and DirectAccess clients located inside the corporate network might not be able to reach internal resources.
  Resolution listed as:
  1. Configure the network location server on a server that is highly available to clients on the internal network.
  2. If the network location server is running on the Remote Access server, ensure that IIS is running, and that the URL is available.
  The remote access server is located on this server. IIS is running. What URL: show I be looking at?
  Any other thoughts so I can get remote access working.
  l also am getting a remote access error for IPV6, could this be a cause:
  RoutingDomainID- {00000000-0000-0000-0000-000000000000}: Unable to add the interface {D37062B2-A3E0-4496-A459-9E0BBCE5423C} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.
  John Lenz

  Hi John,
  please follow the steps to reinstall TCP/IP stack.
  1.Restart your PC into Safe Mode with Networking.
  2.
  Edit your registry. Delete the following keys:
  HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Winsock
  HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Winsock2
  3.
  Open the nettcpip.inf file in your %winroot%/inf folder
  (%winroot% is usually c:/windows).
  Find the [MS_TCPIP.PrimaryInstall] section. Change the Characteristics value from 0xA0 to 0x80.
  Open the properties of the network connection you want to fix. In the General tab, click on the Install button. Click on the Have Disk button, and point the location to %winroot%/inf. After that select TCP/IP (not version 6).
  4.
  Now you would notice that you can uninstall TCP/IP!
  Do that, then restart the PC.
  Go back to your network connection, and install TCP/IP again as per the above. After another reboot, you should be up and running.
  I also noted that the XP network repair tool may yank out the ISA 2004 firewall client stuff. Just run the firewall clinet repair or install it again to fix that problem after you did your reboot. Before you do this kind of crazy stuff.
  5.
  This along with a TCP/IP reset using the netsh command:
  netsh int ip reset resetlog.txt
  wish you have a nice thanksgiving too
  Regards,
  Mike
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Oracle Access Manager Cache Flush issue

  Need urgent help on this.. We have multiple access servers and 2 policy managers. I am able to flush cache from one of the policy manger the other but get the other one is unable to flush cache on all the access servers. Getting error that "following access server cannot be contacted" with list of some access servers. I am successfully able to make telnet connection to all the access servers. Any suggestions on what may be the issue.
  Thanks.
  VInay

  Hi Vinay,
  Please check that the transport mode (open/simple/cert) is the same of the Access Servers that it is trying to contact, and that the Policy Manager certs are valid (if simple/cert, obviously). Another idea - if the failing Policy Manager is on a different subnet from the Access Servers, it may be timing out trying to contact them.
  Regards,
  Colin

• HP PPM - Oracle Access Manager (OAM) Integration

  Dear all,
  We are planning to integrate HP PPM with OAM for user authentication.
  Please let us know the possibility of having this integration to be performed.
  Thanks & Regards,
  Chandru

  We are also facing the same issue. Have you resolved that issue?
  Any help would be appreciated.
  Thanking You
  Kiran Thakkar

• Content management repository integration issues

  We are facing some major limitations with our content management repositories (we are currently
  using Documentum, Lotus and few others.. ) -- especially integrating these various repositories
  and share the information throughout the enterprise.
  We are looking into Livelink from Opentext as a possible solution,
  and are attending the upcoming webinar on the topic
  http://www.opentext.com/events/event.asp?id=34947#register
  but has anyone used the product , especially in conjunction with Oracle portal product?
  thanks,
  Joe

  I have a solution for you. Switch to the Oracle Content Management SDK! :-)

• Oracle 10gR2 Grid Management Agents installation issues

  I have downloaded the Grid Management Agent from the oracle downloads website and installed on one of my AIX servers but after running through the installation the server does not show up in Grid Control.
  Our Grid Control is running on RH4 server.
  The platform of host server i am attempting to install the agent on is AIX5.3
  I unzipped the following file
  AIX_Grid_Control_agent_download_10_2_0_3_0.zip
  I ran the installer and it all seemed to work ok
  I have checked the dbconsole is running,EMCTL STATUS DBCONSOLE
  I have checked the agent is running EMCTL STATUS AGENT
  I have checked the listener is running LSNRCTL STATUS
  I have checked the database is up by CONNECT / AS SYSDBA
  I can conect to the http://myserver:1158/em
  The local enterprise manager works fine however as i say the server does not appear in my Grid Control console.
  I have restarted al the afforementioned listeners, agents etc.
  Can anyone give me a pointer as to why after what would appear to be a succesfull install the serevr does not appear in Grid Control console.

  yingkuan again thanks for the reply
  I have read the installation readme and it says i have these installation methods
  1 - Methods for mass deployment
  2 - Using Oracle Universal Installer (OUI) to install agent
  3 - silent installation
  4 - NFS Mounted agent installation
  I am running the runInstaller method (2) from the list above
  Like i say i basically downloaded the following file from Oracle Downloads:
  AIX_Grid_Control_agent_download_10_2_0_3_0.zip
  I FTP'd the file from my PC to the server i wish to be the agent.
  I then ran the runInstaller from AIX_Grid_Control_agent_download_10_2_0_3_0/aix/agent/install.
  However at no point was i asked to insert the OMS server or any other details.
  I have read a couple of different readme files and followed what i believe to be the installation instructions. Could you or anyone else possibly throw any light on what i am doing wrong.
  again any assitance greatly appreciated

• Installing Oracle Identity & Access Management suite 11g

  Hi,
  I have the TEST environment of the customer, where the following components are installed
  1. Weblogic
  2. SOA SUITE
  3. OID
  $MW_HOME = /u01/weblogic
  The installed location of SOASUITE, OID is /u01
  I need to install IdAM Suite 11g with SOA SUITE 11.1.1.2/11.1.1.3
  When I am on step of Installation progress it gives me the below error. I had specified $M_HOME as /u01/weblogic
  OUI-10136:An Oracle Home with name OH1574127402 already exists at location /u01/weblogic/oracle_common. Please specify another location for Oracle Home
  Please suggest.
  Thanks & Regards,
  Kunal Jain

  Remove ORACLE_HOME entry for oracle_common from oraInventory/ContentsXML/inventory.xml
  Entry like <HOME NAME="OH1918335049" LOC..
  Or change inventory location in oraInst.loc
  More on inventory here http://onlineappsdba.com/index.php/2009/10/08/orainventory-location-orainstloc-on-windows-linux-unix/
  Regards
  Atul Kumar
  http://onlineAppsDBA.com

• Installing Oracle Access Manager - 11.1.1.5

  Hi
  I am very new to Identity Management and have been trying to set Oracle Access Manager in Windows XP.
  Downloaded ofm_iam_generic_11.1.1.5.0_disk1_1.zip from OTN.
  I cannot find the RCU for 11.1.1.5 version from the website directly. All I could see is only RCU for 11.1.1.3 and 11.1.1.2 version.
  Can anyone send me the download link for RCU 11.1.1.5 and step by step installation guide for setting up Oracle Access Manager.
  I tried creating OAM Domain after installing IDM Suite and running RCU 11.1.1.3 version.
  When I run the WebLogic and OAM server I am getting error
  Caused By: oracle.security.am.common.policy.admin.PolicyManagerException: oracle.security.am.c
  policy.admin.PolicyManagerException: OAMSSA-06251: Unsupported policy store version detected.
  ed "11.1.1.5.0" but found "11.1.1.3.0".
  Also unable to login to OAM console.
  Thanks,
  Ram

  Daren,
  Do you have OAM 11.1.1.3 running and now you wish to upgrade it to 11.1.1.5 or
  You wish to install new 11.1.1.5 ?
  If this is later then better you should use 11.1.1.5 RCU to create schema as this is straight and easy process with no upgrade.
  If you are running 11.1.1.3 and wish to upgrade to 11.1.1.5 then there are steps to apply 11.1.1.5 oatch in My Oracle Support(earlier metalink) Procedure to Upgrade OAM 11.1.1.3.0 to OAM 11.1.1.5.0 [ID 1318524.1
  Atul Kumar
  http://www.amazon.co.uk/Oracle-Identity-Access-Manager-Administrators/dp/1849682682  <- OIM / OAM 11g Book on Amazon
  http://onlineappsdba.com/index.php/book/   <- EBS R12 Integration with OID/OAM for SSO Book                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

• Issues integrating WebCenter with Oracle Access Manager

  Hi All,
  I am trying to integrate WebCenter 10.1.3.2 with Oracle Access Manager (CoreId). Followed the steps described in the Chapter 11 of the OC4J Security Guide.
  I was able to successfully authenticate WebCenter using IWA with Access Manager.
  Then I proceeded with the below steps:
  - Implemented ADF Security in the application. Created application roles and login page and worked fine on my local machine.
  - Provide the auth-method of "COREIDSSO" in orion-application.xml
  - Renamed the app-jazn-data.xml to give the OID groups
  - Mapped the OID groups to application roles in orion-application.xml
  - Used the jazn migration tool to populate the system-jazn-data.xml
  When trying to access the application, it looks like the ADF Context identifies that this is an authenticated user.
  ADFContext.getCurrent().getSecurityContext().isAuthenticated() retruns true
  ADFContext.getCurrent().getSecurityContext().isAuthorizationEnabled() returns true
  I get the below error message on the server console:
  [CoreIDLoginModule::getUserSessionFromCookie]: This user session for F3iwZhUGgjej9RSrMLSo0wjH5Ec6c2oeC0OBRH12y7%2FvfPVncz6dYoBoFD6q8DWAlMtzah%2FYV4T1t7jztVFYbxwfOyu0VOMXMEIosRrFicfJwoPRrM8MOkFsziQxpUqo98XrC9iBRHffdWSItNHZRZK4ZoCJMi6HZZ6noOc4Z%2BGJDGj3kWndYHTWjiG0cJhkSbL95wMmrXCDElzZHjPMdkuNQUHW1TfAJvgSlDeX6hhhIThlc%2BGmxMP3MQ%2FZoxUysbKieIJgDXo1%2FEMmLmTVjA%3D%3D is not valid or user is not logged in.
  I also tried using the "Headervar" variable to display the obmygroups value, but it comes as blank.
  Any help would be appreciated.
  Thanks
  Aneesh

  We recently integrated Webcenter Application (with ADF Authentication and Authorization) with OAM. May be the following will be of some help to you.
  We did the following steps documented in Chapter 11 Oracle Access Manager in Oracle J2EE security guide.
  OAM
  1. Created ALL specified policies , authentication schemes, protection specified in OAM section of the document.
  OC4J
  1. Ran all configuration listed for the OC4J section.
  Webcenter
  1. Developed the Webcenter Application
  2. Enabled ADF Security (Authentication & Authorization)
  3. Deployed the application. While deploying chose File based provider.
  4. After the deployment, changed orion-application.xml to have COREIDSSO as documented in Oracle documentation
  system-jazn-data.xml
  1. Added login module details as specified in the document. (Changed only the application name. Rest all was same as we used names as specified in the earlier steps of the document)
  OID Migration
  Reference document: "Configuring a WebCenter Application to Use Oracle Access Manager" in Webcenter Framework Developer guide.
  1. Located app-jazn-data.xml in the deployed application
  2. Removed "realm-name" and "type" subelements of "grantee" tags. Removed any realm details in user name.
  3. changed references to "class oracle.security.jazn.spi.xml.XMLRealmRole" to "oracle.security.jazn.realm.CoreIDPrincipal"
  4. ran the JAZN migration tool with "all" options. Migration from app-jazn-data.xml to OID.
  OAM
  Created policies for protecting our application.
  Test the application.
  Debugging.
  1. Enable oracle.adf.share.security , oracle.j2ee.security & oracle.j2ee.security.oc4j loggers to debug if the application is not working the way you expect to work.
  2. Set log level in Enterprise manager.
  3. All logging information are written in log.xml in $ORACLE_HOME/j2ee/OC4J_Webcenter/log/OC4J_WebCenter_default_group_1/oc4j
  Thanks

• Oracle Identity and Access Management Suite Plus Integration with Oracle ADF

  Hi All,
  Kindly advice if Oracle Identity and Access Management Suite Plus can be integrated with Oracle ADF based applications to manage the end-to-end lifecycle of user accounts specifically addressing to roles/priviledges and security.
  Request you to share links to documentation where I can study the steps to integrate both the frameworks.
  Looking forward to hear from you soon.
  Best Regards,
  Ankit Gupta 

  Hi Sébastien,
  I came across the below link for the required integrations -
  Oracle&amp;reg; Fusion Middleware Installation Guide for Oracle Identity and Access Management 11g Release 2 (11.1.2) - …
  Oracle&amp;reg; Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 11g Release 2 (11.1.2) - Co…
  Best Regards,
  Ankit Gupta

• Integrating Oracle EBS R12 with Oracle Access Manager 11g

  Hi Everyone ,
  Oracle Access Manager version 11.1.1.5
  Oracle Identity Management 11.1.1.6.0
  Oracle Access Manager WebGate 11.1.1.5
  Oracle E-Business Suite AccessGate patch p12796012
  Apps Version : 12.1.1
  DB Version 11.2.0.3
  PLatform : OEL 5.8
  We are trying to Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11g using Oracle E-Business Suite AccessGate.We followed metalink id's
  1309013.1 and 1543803.1 and some other documents.We have performed every step as documented , and everything seems to work fine untill user tries to log out from Oracle Applications i.e User
  is able to login to Oracle Applications through access gate and everything is working fine. But as user click logout button an error messsage is diplayed like "*500*
  *Internal Server Error Servlet error: An exception occured* " (The url at the time of this message is http://hostname:port/OA_HTML/AppsLogout ).
  Apps Tier (oacore) Application log:-
  +13/05/15 19:04:20.229 html: Servlet error+
  java.lang.NoSuchMethodError: oracle.apps.fnd.sso.SSOManager.getAuthAgentLogoutUrl(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
  at oracle.apps.fnd.sso.AppsLogoutRedirect.doGet(AppsLogoutRedirect.java:193)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)+
  at oracle.apps.jtf.base.session.ReleaseResFilter.doFilter(ReleaseResFilter.java:26)
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:15)+
  at oracle.apps.fnd.security.AppsServletFilter.doFilter(AppsServletFilter.java:318)
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)+
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)+
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)+
  +at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)+
  Apps Tier Apache Error log :-
  +[Wed May 15 18:50:52 2013] [error] [client 192.168.0.2] [ecid: 1368624052:192.168.0.61:10798:0:44,0] File does not exist: /u01/eBiZR12/apps/apps_st/comn/java/classes//+
  WE have set all required profile in Oracle Application as directed in documents , and users are able to login just fine , but they are not able to logout.
  IS there something that we are missing , any help is highly appreciated.
  Regards
  Edited by: TheKop88 on May 16, 2013 11:39 AM

  Hi there ,
  Thanks for reply ,
  We had already gone through that document earlier. We noticed that when Apllication Profile "*Apllications SSO Type* " is set to SSWA then OA_HTML/AppsLogout is
  working fine , but when we set "*Applications SSO Type*" to SSWA w/SSO then OA_HTML/AppsLogout is not working(not redirecting) .Error thrown on web browser is "+500 Internal Server Error Servlet error: An exception occurred. The current application deployment descriptors do not allow for including it in this response+" . we believe that we might have missed some Profile settings that is causing this error.
  Regards
  Edited by: TheKop88 on May 16, 2013 12:03 PM
  Edited by: TheKop88 on May 16, 2013 12:07 PM

• Oracle Access Manager, ADAM & UCM integration? Help please..

  I`m currently investigating the potential of using Oracle Access Manager (OAM) as a tool that allows connections to multiple Active Directory(AD) or ADAM servers providing a single point to author and manage users with a good easy to use GUI.
  The UCM will connect directly to OAM and authenticate users connecting from AD accounts..
  At the moment we use Quest software to manage users, but the cost for setting up users is £15/user where as OAM is only £3. I believe..
  Right the questions I have :)
  1. Has any one set this type of environment up?
  2. ls OAM stand alone or will I need additional software to set it up?
  Reading the installation guide it says I need the following:
  # Oracle Internet Directory 10g (10.1.4.0.1)
  # Microsoft Active Directory
  # Oracle Virtual Directory Server 10.1.4.0.1
  # Oracle Virtual Directory Manager 10.1.4.0.1
  # Oracle Virtual Directory Patch 10.1.4.0.1 (P5667977)
  # Stand-alone Oracle HTTP Server 2.x (This needs to be preinstalled in your environment. You can download the OHS 2.x standalone from the Oracle SOA Suite 10g Companion (10.1.3.1.0) release from here.)
  3. Can I use IIS instead of Oracle HTTP Server?
  4. Can I install OAM on 1 server or do I need multiple servers, I`v been looking at the diagrams and reading through the guides I`m getting a little confused with Identity and Access server?

  Hi,
  Have you got information reg UCM & OAM integration?
  Could you please help me with the integration guide?
  Regards,
  Ashish

• LifeRay Poratl & Oracle Access Manager Integration

  Hi All
  Am trying to integrate LifeRay Portal with Oracle Access Manager to provide SSO. Steps I done is Created Proxy (Required) to the application with Apache Web Server and installed Apache Web Gate on it to protect the proxy. Now I need help to configure Portal to enable SSO and Authentication with LDAP Users Customization. Any one Please try to help me in this issue please
  Version of LifeRay : 6.0.6
  Oracle Access Manager : 10g (10.1.4.3.0)

  Have you provided all the hostname and port combinations in the Host Identifier?
  What have you configured as Preferred Host in webgate configuration? What is configured in the Host Identifier?
  ~Yagnesh

• Integrating Oracle Access Manager with Kerberos (WNA)

  Hi,
  I have working Oracle Access Manager currently being able only to authenticate users against Active Directory. I want to enable WNA. But I am still having issues with correctly configure it:
  I do not know what am I doing wrong.
  I am logged as example.com\testuser into Windows XP, using firefox with WNA enabled for URI example.com. Then I enter http://oracle.example.com which is my Oracle HTTP Server's protected URL, then I am receiving ERROR from Oracle Access Manager: "The user account is locked or disabled. Please contact the System Administrator."
  In OAM Log there is this: <Jun 19, 2012 4:14:15 PM CEST> <Error> <oracle.oam.controller> <OAM-02010> <User account is locked. Authentication failed.>
  Interesting is when I disable WNA support in firefox, then this behavior occurs: fisrt there is this dialog shown "A username and password are being requested by http://oracle.example.com:14100. The site says: "OAM 11g"" --> here I enter example.com\testuser and password. After this new dialog is shown: A username and password are being requested by http://oracle.example.com:14100. The site says: "WebLogic Server", then after entering weblogic/password I receive "The user account is locked or disabled. Please contact the System Administrator."
  In the OAM log this is logged:
  <Jun 19, 2012 4:22:28 PM CEST> <Error> <oracle.oam.user.identity.provider> <OAMSSA-20023> <Authentication Failure for user : weblogic.>
  <Jun 19, 2012 4:22:28 PM CEST> <Error> <oracle.oam.controller> <OAM-02010> <User account is locked. Authentication failed.>
  Any ideas? I am really stuck here.
  I am using this keytab file:
  [root@oracle centos]# klist -ke /home/oracle/keytab.testuser1
  Keytab name: WRFILE:/home/oracle/keytab.testuser1
  KVNO Principal
  7 HTTP/[email protected] (des-cbc-crc)
  7 HTTP/[email protected] (des-cbc-md5)
  7 HTTP/[email protected] (arcfour-hmac)
  7 HTTP/[email protected] (aes256-cts-hmac-sha1-96)
  7 HTTP/[email protected] (aes128-cts-hmac-sha1-96)
  kinit passes fine:
  [root@oracle centos]# kinit -V HTTP/[email protected] -k -t /home/oracle/keytab.testuser1
  Using default cache: /tmp/krb5cc_0
  Using principal: HTTP/[email protected]
  Using keytab: /home/oracle/keytab.testuser1
  Authenticated to Kerberos v5
  Why and which user is locked? I can lock with the AD user into windows domain, so I assume it is not locked + I checked it in the Active Directory.

  Ok, now I got it working. Sh~t! Why oracle documentation says I should set AD datasource with this parameter:
  User Name Attribute: UserPrincipalName, when this does not work?!
  After changing to User Name Attribute: sAMAccountName my WNA works!!!
  I have been fighting all day with this! The question is why such behavior - if the problem is in wrongly written oracle documentation, or I have problem somewehere else.
  Btw my user in AD looks like this:
  distinguishedName:     CN=John Doe,CN=Users,DC=example,DC=com
  sAMAccountName:     doejohn
  userPrincipalName     [email protected]
  It looks OAM takes "doejohn" from Windows via WNA/Kerberos and searches for this using UserPrincipalName and this is giving no match of course because "doejohn != [email protected]".
  The question is why does it take doejohn and not [email protected] from Windows WNA/Kerberos ???