Pass-Thru Authentication OIM 11g

Similar Messages

• Pass thru authentication error message customization

  Dear All,
  I'm trying to customize the error messages displayed during the authentication failure.
  Users are authenticated against the AD i.e. pass thru authentication.
  I'm not able to customize the error messages.
  I have searched in WPmessgaes and RAMessages file. no success.
  following is error:
  AD (Windows Active Directory):Error: missing required authentication information: 'password'
  new error msg that I want to display:
  Error: Invalid login credential, please try again.
  Kindly share your ideas and experience on same.
  Thanks in advance.
  Cheers:
  Amar

  We've had that problem. We opened a ticket with Sun and they confirm it as bug in 7.1.

• Pass-thru authentication against AD

  Hellos,
  When using pass-thru authentication against the AD resource, the manual suggests that the user enters the complete DN of his/her AD account as the IDM login ID!!
  Can it be arranged so that the user only needs to enter the samaccountname and not the complete DN.
  I mean, samaccountnames are as unique as DNs. A simple lookup to get DN (if samaccountname is found) is all that is needed.
  When shown to customers, they express horror when it is suggested that to login to IDM they have to type 50 odd characters!
  Does any customer willingly USE pass-thru where they have to (correctly) type in such a lengthy string.

  The answer is yes, you can use samaccountname. Your deployment may necessitate additional configuration to make this happen.
  In our case, the samaccountname is the same as the IDM accountId. When the user logs in, IDM finds the user object and then uses the password against the AD account linked to the user.
  If the accountId and samaccountname are not the same, then you could use a Login correlation rule to find the IDM user which has that samaccountname.
  As far as anyone using the full DN to login with, I've never seen anyone do it. Our users certainly wouldn't stand for it, and I think that's the case most places.
  Jason

• OIM - pass thru authentication?? Possible?

  Hi all,
  While I am intending to use OIM 9.0.3 for provisioning/de-provisioning. I am thinking of some sort of pass through authentication to the existing AD, thus, my users do not have to remember another set of username/pw.
  Is that at all possible? If not, what would be your approach? Having OID running behind (that is not in the plan right now)? Does even OID have pass through type capability like Sun Java DS?

  Thanks kevinp.
  If I understand your suggestion correctly, rather than passing the authentication responsibility to AD, it is indeed staying within OIM. The only difference is that pwd sync just saves the users from remembering two sets of username/pwd. Correct?

• PAss thru authentication from solaris 2.9 proxy 36sp2 - iws 6 sp5

  hi,
  we have a scenario where user's are authenticated at the proxy, then when they access a protected web dir they are authenticated again (the auth window pops up etc)..
  given that both these authneticate from the same directory is it possible to pass thru the authentication so that the window does not pop up twice?
  thanks

  Hi
  This as per the HTTP/1.1 RFC (RFC2616)
  The Connection general-header field allows the sender to specify options that are desired for that particular connection and MUST NOT be communicated by proxies over further connections.
  The Connection header has the following grammar:
  Connection = "Connection" ":" 1#(connection-token)
  connection-token = token
  HTTP/1.1 proxies MUST parse the Connection header field before a message is forwarded and, for each connection-token in this field, remove any header field(s) from the message with the same name as the connection-token. Connection options are signaled by the presence of a connection-token in the Connection header field, not by any corresponding additional header field(s), since the additional header field may not be sent if there are no parameters associated with that connection option.
  Read the following at
  http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html#sec8.1.3
  and
  http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.10
  Regards
  Nagendra HK

• How to pass the value from DB in Approval Policy Rule OIM 11g R2

  Hi,
  I need to get the value of rule condition in Approval policy from DB.
  Please let me know how to achieve this. I am using OIM 11g R2.
  Thanks

  How to passing the textbox value within the jsp page
  without using javascript or reload the page.No, jsp executes on the remoter server, the text box is on a client machine, you need to send information to the server over the network, http does this with a request, which will reload the page.....................

• OIM 11g - Kerberos Authentication disable

  Hi Experts,
  We have OIM 11g set up with Kerberos SSO authentication enabled for OIM. We want this to be disabled. Can any one help where and how I can do this?
  Thanks and Regards
  Naveen
  Edited by: user4537635 on May 16, 2013 5:52 AM

  download connetor doc from below location(RSA Authentication Manager )
  http://docs.oracle.com/cd/E11223_01/index.htm
  Else try to download the connector extract it and open the connector doc(RSA Authentication Manager 9.1.0.7.0 )
  http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html

• OIM 11g Server Configuration Wizard Error - Cannot Connect to Oracle DB

  I appreciate any and all suggestions or thoughts on how to best continue troubleshooting this error that I am describing below.
  I am attempting to install Oracle Identity and Access Management Suite 11g on a Windows 7 machine…in following the installation guides I have successfully installed the following Oracle Components
  - Oracle Database 11.2.0.1.0
  - Created Schemas using RCU 11.1.1.3.3
  - Oracle WebLogic Server 10.3.3.0
  - Oracle SOA 11.1.1.2.0
  - Oracle SOA 11.1.1.3.0 (Patch Set)
  - Oracle IAM SUITE 11.1.1.3.0
  Following the above installations, I created a new WebLogic Domain and as the next step am running the OIM Configuration Wizard to configure the OIM Server, however I am unable to setup a connection to the Oracle DB via the OIM Configuration Wizard. I am getting an error message when attempting to setup the connection to the Oracle Database using the OIM 11g Server Configuration Wizard:
  ERROR:*
  INST:6102 Unable to connect to the database with the given credentials.
  *+[DETAILS] Check the values. Make sure the Database is up and running and connect string, user name, and password are correct.+*
  INST:6102 Unable to connect to the database with the given credentials.
  *+[DETAILS] Check the values. Make sure the Database is up and running and connect string, user name, and password are correct.+*
  When installing the Oracle Database 11gR2 I used the following install configuration:
  Oracle base: C:\MyApps\Oracle
  Software location: C:\MyApps\Oracle\DB_HOME\11.2.0\dbhome_1
  Database file location: C:\MyApps\Oracle\DB_HOME\oradata
  Database Edition: Personal Edition (3.27 GB)
  Character Set: Unicode (AL32UTF8)
  Global database name: orcl.dev.com
  Administrative Password: Password1
  Confirm Password: Password1
  When creating my Schemas using RCU 11.1.1.3.3 I used the following Database Connection Details
  DB TYPE: Oracle Database
  HOST NAME: localhost
  PORT: 1521
  SERVICE NAME: orcl.dev.com
  USERNAME: sys
  PASSWORD: Password1
  ROLE: SYSDBA
  I used a Prefix of “DEV” when creating the schemas so Schema Owners DEV_OIM and DEV_MDS where created. Also, I configured to use the same password for all Schemas: “Password1″. So the password for DEV_OIM and DEV_MDS should be the same, “Password1″.
  REPRODUCING THE ERROR
  To reproduce the error, when I launch the Oracle Identity Management 11g Configuration Wizard I am first brought to the “Welcome” Screen. I click the [Next>] button.
  Next, I am on the “Components to Configure” screen where I select OIM Server and OIM Design Console and click the [Next>] button. (NOTE I have also tested by simply selecting only the OIM Server)
  Next, I am on the “Database” screen where I enter the connection information
  Connection String: localhost:1521:orcl.dev.com
  (NOTE I have also tested using localhost:1521:orcl)
  OIM Schema User Name: DEV_OIM
  OIM Schema Password: Password1
  MDS Schema User Name: DEV_MDS
  MDS Schema Password: Password1
  When I click the [Next>] button after entering the Database Connection details I encounter the following two errors (1 error for each logon DEV_OIM and DEV_MDS)
  INST:6102 Unable to connect to the database with the given credentials.
  INST:6102 Unable to connect to the database with the given credentials.
  TROUBLESHOOTING
  NOTE: I can successfully start the Oracle DB Services and connect via the Enterprise Console, SQL Plus, and JDBCTest Java Client…I just cannot get past this connection error in the OIM Server Configuration Wizard.
  JDBCTest.java TEST CLIENT
  NOTE: THIS IS THE JAVA TEST CLIENT THAT I AM USING TO TEST DATABASE CONNECTIVITY THRU A SPECIFIED JDBC URL AND DRIVER THAT WORKS SUCCESSFULLY.*
  import java.sql.Connection;
  import java.sql.DatabaseMetaData;
  import java.sql.DriverManager;
  import java.sql.ResultSet;
  public class JDBCTest {
  public static void main(String[] args) throws Exception {
  String url = "jdbc:oracle:thin:@localhost:1521:orcl";
  String driver = "oracle.jdbc.OracleDriver";
  String user = "DEV_OIM";
  String password = "Password1";
  try {
  Class.forName(driver);
  Connection conn = DriverManager.getConnection(url, user, password);
  // Get the MetaData
  DatabaseMetaData metaData = conn.getMetaData();
  // Get driver information
  System.out.println("");
  System.out.println("#########################################");
  System.out.println("# ***DRIVER INFORMATION***");
  System.out.println("#");
  System.out.println("# Driver Name = " + metaData.getDriverName());
  System.out.println("# Driver Version = " + metaData.getDriverVersion());
  System.out.println("#");
  System.out.println("#########################################");
  System.out.println("");
  System.out.println("");
  // Get database information
  System.out.println("#########################################");
  System.out.println("# ***DATABASE INFORMATION***");
  System.out.println("#");
  System.out.println("# Database Product Name = " + metaData.getDatabaseProductName());
  System.out.println("# Database Product Version = " + metaData.getDatabaseProductVersion());
  System.out.println("#");
  System.out.println("#########################################");
  System.out.println("");
  System.out.println("");
  // Get schema information
  ResultSet schemas = metaData.getSchemas();
  System.out.println("#########################################");
  System.out.println("# ***SCHEMA INFORMATION***");
  System.out.println("#");
  System.out.println("# Schemas:");
  while (schemas.next()) {
  System.out.println("# " + schemas.getString(1));
  System.out.println("#########################################");
  System.out.println("");
  System.out.println("");
  // Get table information
  System.out.println("Tables");
  ResultSet tables = metaData.getTables("", "", "", null);
  while (tables.next()) {
  System.out.println(tables.getString(3));
  conn.close();
  } catch (Exception ex) {
  ex.printStackTrace();
  *"lsnrctl status" COMMAND TEST SUCCESSFUL*
  When the Listener Service is on I get the following output using lsnrctl status command
  C:\> lsnrctl status
  LSNRCTL for 32-bit Windows: Version 11.2.0.1.0 - Production on 21-SEP-2010 15:59:43
  Copyright (c) 1991, 2010 Oracle. All rights reserved.
  STATUS of the LISTENER
  Alias LISTENER
  Version TNSLSNR for 32-bit Windows:Version 11.2.0.1.0 - Production
  Start Date 21-SEP-2010 14:43:57
  Uptime 0 days 1 hr. 15 min. 46 sec
  Trace Level off
  Security ON: Local OS Authentication
  SNMP OFF
  Listener Parameter File C:\MyApps\Oracle\DB_HOME\11.2.0\dbhome_1\NETWORK\ADMIN\listener.ora
  Listener Log File c:\myapps\oracle\diag\tnslsnr\\listener\alert\log.xml
  Listening Endpoints Summary…
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
  Services Summary…
  Service “CLRExtProc” has 1 instance(s).
  Instance “CLRExtProc”, status UNKNOWN, has 1 handler(s) for this service…
  Service “orcl.dev.com” has 1 instance(s).
  Instance “orcl”, status READY, has 1 handler(s) for this service….
  Service “orclXDB.dev.com” has 1 instance(s).
  Instance “orcl” status READY, has 1 handler(s) for this service…
  The command completed successfully

  Whenever installing oracle databases, i install the software only first. Then i setup the listener. Then i create a database instance using the dbca tool. This way all the information is added to the pre-existing listener configurations rather than trying to create the listener afterwards. Also, during the dbca database creation, i supply a full service name such as orcl.hostname and use the service name in future configurations where it asked. This usually solves any issues of the listener or database not being found correctly.
  -Kevin

• OIM 11g r2: SOA  workflows for two level approval.

  HI Experts,
  I am using SOA workflows in OIM 11g r2. The requirement is to have a two level approval for a role (which provisions Oracle DBUM connector at present) : first for Manager and second for the Role owner.
  I have created and deployed the composite with name AddAccessApproval but need to find how to use this for two level approval.
  There is option for serial approval but how to pass it to Role owner.
  Any help in this regard is appreciated.
  Many Thanks,
  Arvind

  I've run into the same error with oim 11gr2 bp04:
  <Mar 18, 2013 11:07:09 AM CDT> <Notice> <Stdout> <BEA-000000> <<Mar 18, 2013 11:07:09 AM CDT> <Error> <oracle.soa.services.identity>
  <BEA-000000> <<oracle.tip.pc.services.identity.jps.AuthenticationServiceImpl.authenticateUser()> authentication FAILED>>
  <Mar 18, 2013 11:07:09 AM CDT> <Notice> <Stdout> <BEA-000000> <<Mar 18, 2013 11:07:09 AM CDT> <Error> <oracle.soa.services.identity>
  <BEA-000000> <<.> Identity Service Authentication failure.
  Identity Service Authentication failure.
  Either the user name or password is incorrect. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
  ORABPEL-10528
  Identity Service Authentication failure.
  Identity Service Authentication failure.
  Either the user name or password is incorrect. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
       at oracle.tip.pc.services.identity.jps.JpsProvider.authenticateUser(JpsProvider.java:2337)
  Caused By: javax.security.auth.login.LoginException: [Security:090304]Authentication Failed: User SOAAdminPassword javax.security.auth.login.FailedLoginException:
  [Security:090302]Authentication Failed: User SOAAdminPassword denied
       at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:71)
       ...Did you find what the issue is? I'm finding scant information about this user named "SOAAdminPassword" (who makes up these usernames :-/).

• Help required related with OIM 11g Email Notification

  Experts,
  I have a requirement where I have to pass the User's Password through autogenerated email.
  But I have a scenario where I dont have to provision any target resource for users..so i dont have access to Notification Tab for such kind of users.
  I thought of writing a custom Event Handler to send email using custom code.
  But IN OIM 11g , I found that Inside, Advanced->Notification Template-> Create User Self Service Notification … is getting triggered with UserID: $userLoginId<br> and its woking fine.
  But once I added Password: $password<br> In the same template, its not providing me the password.
  So I think the Parameters associated with this Event "Self register user" does not have $password.
  Is there any way to check which all parameters can be accessed in these Events?
  Also, what is the best way to send password to users who does not any target resources associated?
  Thanks,
  Regards,
  J

  Hi I am trying to get the Create User Self Service Notification template working but for some reason I get an error in the log saying unexpected error occured while sending notification. and I am not recieving any mails..I have done the following steps
  created an IT resource with the name same as the value of Email Server property
  have made the value of RequestNotification property 1
  is there anything else I need to do..
  Can you also give some details as to how you have created the IT Resource...is the authentication true/false if true does any username and password do..
  Thank you

• Getting Error - Cause: Status of the batch is not 'Completed' in OIM 11g R2 during Trusted Recon

  Hi All
  I am new to OIM 11g R2. I am trying to create custom connector for trusted recon. The case is to migrate the users from 10g to 11g R2. The recon event is created but it is in Event Recieved status and when I re-evaluate the event, its giving error - Cause: Status of the batch is not 'Completed'.
  I saw in some posts to change the recon batch size parameter to 0 and restart the server. I have done that but still I am facing the same issue.
  There is no child data in the attribute mapping and user login is set as key.
  Any inputs are welcome on how to get rid of this error.
  Regards
  Vinay

  J_IDM@ I am not passing any OID IT Resource as parametere. Yes I have checked but no entries were thr.
  Prakash bAJIYA@ i was running Job fro Web console & didnt find any such object. it may be diff from design console.
  810444@ Thanks.
  Dear All,
  In Web Console Job Scheduler, I had one Recon "LDAP FULL Recon" which has a property
  "OIM Employee Type" which was before "Full-TYpe" i changed it to * & it worked.Now I am able to generate events.
  It seems like value of Employee Type has an Issue in OID, please correct me ?
  Thanks a lot for you guys contribution.

• OIM 11g High Availability Deployment

  Hi Experts,
  I'm deploying OIM 11g in High Available schema, following Oracle docs: http://download.oracle.com/docs/cd/E14571_01/core.1111/e10106/imha.htm#CDEFECJF, I have succesfully installed and configured OIM & SOA in weblogic domain on 'OIMHOST1', trying to propagate the configuration from 'OIMHOST1' to 'OIMHOST2' I have packed (using pack.sh) the domain on 'OIMHOST1' and unpacked (using unpack.sh) it to 'OIMHOST2' so I have updated the NodeManager executing setNMProps.sh and finally Ihave started the NodeManager. In order to Test everything is fine and following the documentation I'm traying to perform the following steps, but I'm not succeed
  I'M MUST TO SAY THAT I'M RUNNING ON SINGLE STANDARD EDITION DB INSTANCE AND NOT RAC AS MENTIONED IN ORACLE DOCS, PLEASE CLARIFY IF RAC IS REQUIRED, FOR NOW I'M IN DEVELOPMENT ENVIRONMENT, SO I THINK RAC IS NOT REQUIRED FOR NOW, PLEASE CLARIFY
  8.9.3.8.3 Start the WLS_SOA2 and WLS_OIM2 Managed Servers on OIMHOST2
  Follow these steps to start the WLS_SOA2 and WLS_OIM2 managed servers on OIMHOST2:
  Stop the WebLogic Administration Server on OIMHOST2. Use the WebLogic Administration Console to stop the Administration Server.
  Start the WebLogic Administration Server on OIMHOST2 using the startWebLogic.sh script under the $DOMAIN_HOME/bin directory. For example:
  /u01/app/oracle/admin/OIM/bin/startWebLogic.sh > /tmp/admin.out 2>1&
  Validate that the WebLogic Administration Server started up successfully by bringing up the WebLogic Administration Console.
  Here its not possible start AdminServer on OIMHOST2, first of all, it looks like boot.properties file under WLS_OIM_DOMAIN_HOME/servers/AdminSever/security is not valid, the first time I try to execute startWeblogic.sh script, it ask for username/password, I have updated boot.properties (vi boot.properties) and manually set clear username and password, this time startWeblogic.sh script passed this stage, but fails:
  <Error> <util.install.help.BuildMasterHelpSet> <BEA-000000> <IOException ioe java.io.IOException: No such file or directory>
  <Error> <oracle.adf.share.config.ADFMDSConfig> <BEA-000000> <MDSConfigurationException encountered in parseADFConfigurationMDS-01330: unable to load MDS configuration document
  MDS-01329: unable to load element "persistence-config"
  MDS-01370: MetadataStore configuration for metadata-store-usage "writeable" is invalid.
  MDS-00503: The metadata path "/u01/app/oracle/product/Middleware/user_projects/domains/IDMDomain/sysman/mds" does not contain any valid directories.
  I have verified that this directory "mds" does not exists, as reported by the IOException, in OIMHOST2, but it exists in OIMHOST1. from here its not possible for me following Oracle's documentation, I test this starting Adminserver in OIMHOST1, and starting WLS_SOA2 and WLS_OIM2 managed servers from OIMHOST1 AdminServer console, I have tested 2 ways:
  1.- All managed servers in OIHOST1 are shutdown, for this, managed servers in OIMHOST2 works as expected
  2.- All managed servers in OIMHOST1 are RUNNING, for this, first I have started SOA2 managed server, after that, I have fired OIM2 managed server, when it finish boot process the following message appears in server's output:
  <Warning> <org.quartz.impl.jdbcjobstore.JobStoreCMT> <BEA-000000> <This scheduler instance (servername.domainname1304128390936) is still active but was recovered by another instance in the cluster. This may cause inconsistent behavior.>
  Start the WLS_SOA2 managed server using the WebLogic Administration Console.
  Start the WLS_OIM2 managed server using the WebLogic Administration Console. The WLS_OIM2 managed server must be started after the WLS_SOA2 managed server is started.
  8.9.3.9 Validate the Oracle Identity Manager Instance on OIMHOST2
  Validate the Oracle Identity Manager Server instance on OIMHOST2 by bringing up the Oracle Identity Manager Console using a web browser.
  The URL for the Oracle Identity Manager Console is:
  http://oimvhn2.mycompany.com:14000/oim
  Log in using the xelsysadm password.
  Your help is highly apprecciated
  Regards
  Juan

  Hi Vaasu,
  I have succeeded deploying OIM in HA, just now my customer and I are working on the installation of webtier. Now I have a better understand about HA concepts and the way weblogic works -really nice, but little tricky-
  All the magic about HA is configuring properly the network interfaces in each Linux boxes (our case) so, first of all you need to create 2 new floating IP's on each Linux boxes (google: how to create virtual Ip in linux, if you don't know) clone and modify your 'eth0' network script to create the virtual IPs
  Follow the procudere in the HA guide: http://download.oracle.com/docs/cd/E14571_01/core.1111/e10106/imha.htm#CDEFECJF
  create DB schemas with RCU
  install weblogic
  install SOA
  patch SOA
  install IAM
  ---if you are working on a virtual machine is good idea to take a snapshot here---
  Create and configure the weblogic domain (special attentention whe configuring the cluster), see step 13 of 8.9.3.2 Creating and Configuring the WebLogic Domain for OIM and SOA on OIMHOST1, here you need to cofigure:
  For the oim_server1 entry, change the entry to the following values:
  Name: WLS_OIM1
  Listen Address: the IP that is confured in eth0:1 of Linux box1
  Listen Port: 14000
  For the soa_server1 entry, change the entry to the following values:
  Name: WLS_SOA1
  Listen Address: the IP configure on eth0:2 of Linux box1
  Listen Port: 8001
  For the second OIM Server, click Add and supply the following information:
  Name: WLS_OIM2
  Listen Address: the IP configured on eth0:1 of Linux box2
  Listen Port: 14000
  For the second SOA Server, click Add and supply the following information:
  Name: WLS_SOA2
  Listen Address: the IP configured on eth0:2 of Linux box2
  Listen Port: 8001
  Click Next.
  On Step 16 ensure you are using the UNIX tab to configure the machines, also ensure that for machine1 you use the IP configured on the eth0 interface of Linux box1, the same for machine2
  please confirm you have performered 8.9.3.3.2 Update Node Manager on OIMHOST1
  if everything is ok you must be able to start the AdminServer as described in the guide.
  configure OIM: 8.9.3.4.2 Running the Oracle Identity Management Configuration Wizard, in my case I don't need LDAPsync, I have skipped this section, if you configure properly OIM, then you mus perform 8.9.3.5 Post-Configuration Steps for the Managed Servers
  resrtar AdminServer then from the weblogic console, start OIM and SOA if node manager is properly configured SOA and OIM must run properly, update deployment mode and coherence as described in the guide and verify that OIM run perfectly in Linux box1.
  Propagate OIM from Linux box1 to Linux box2 as described in the guide, using pack and unpack (you MUST use the same filesystem directory structure on both Linux boxes)
  Update and start NodeManager as described in the guide
  VERY IMPORTAN OBSERVATION
  the guide say:
  8.9.3.8.3 Start the WLS_SOA2 and WLS_OIM2 Managed Servers on OIMHOST2
  Follow these steps to start the WLS_SOA2 and WLS_OIM2 managed servers on OIMHOST2:
  Stop the WebLogic Administration Server on OIMHOST2. Use the WebLogic Administration Console to stop the Administration Server.
  JUAN OBSERVATION:
  IS NOT POSSIBLE TO START OR STOP ADMINSERVER ON HOST2 SINCE ADMIN SERVER WERE CONFIGURED TO LISTEN ON THE IP ADDRES OF eth0 INTERFACE ON HOST1, SO, ITS NOT POSSIBLE TO PLAY IT ON HOST2, I THINK AND ADDITIONAL PROCEDURE SHOULD BE FOLLOWED TO CONFIGURE ADMINSERVER IN HA IN A ACTIVE-PASSIVE MODE
  Start the WebLogic Administration Server on OIMHOST2 using the startWebLogic.sh script under the $DOMAIN_HOME/bin directory. For example:
  /u01/app/oracle/admin/OIM/bin/startWebLogic.sh > /tmp/admin.out 2>1& -----NOT APPLICABLE
  Validate that the WebLogic Administration Server started up successfully by bringing up the WebLogic Administration Console. -----NOT APPLICABLE
  Start the WLS_SOA2 managed server using the WebLogic Administration Console. ----START SOA2 FROM THE CONSOLE RUNNING ON HOST1, IT DOESN'T MATTER
  Start the WLS_OIM2 managed server using the WebLogic Administration Console. The WLS_OIM2 managed server must be started after the WLS_SOA2 managed server is started. ------ START OIM2 FROM THE CONSOLE RUNNING ON HOST1
  HERE YOU MUST BE ABLE TO LOGIN TO OIM2 SERVER AS DESCRIBED IN THE GUIDE, YOU DON'T NEED TO EXECUTE config.sh SCRIPT THIS SHOULD WORK AS DESCRIBED.
  Server migration should work straight-forward if you have configured the floating IPs as described, I have not configured the persistence yet since my customer does not have the skills to share a storage.
  I hope this helps, and feel free to comment or complement.
  By the way, did you know how to set up a valid SSL certificate in Windows 2003 server??? I need it to test and Exchange 2007 I'm tryin to integrate
  Regards
  Juan

• OIM 11g Login Screen not showing up

  Hi,
  I installed OIM 11g and could able to login successfully.Couple of days back,my database has got some problem and I solved it and restarted my OIM.OIM server is starting up but when I try to access the admin console,it is just saying "Loading" but the login screen is not getting displayed.
  In the server log,I could see the following error during the server stop
  "javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied
  at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:199)"
  and the following error which accessing the admin console.
  " [HTTP][java.lang.NoClassDefFoundError]] [dcid: 11d1def534ea1be0:41b34a55:12b9b675a66:-7ffd-0000000000000026] incident 20 created with problem key "BEA-101017 [HTTP][java.lang.NoClassDefFoundError]"
  Any idea what might be going wrong?
  Thanks,

  What did you solve *? ? ?* That's where lies your solution. xelsysadm is being denied the access, so could be something on password front. If you have the DB backup, revert to an older state and it would be fine.

• Manually execute a povisioning task for a user in OIM 11g

  Experts,
  In OIM 11g, I would like to execute a resource provisioning task for a user thru OIM admin console.
  In OIM 10g, when we select a resource profile for a user, it used to show the list tasks that are executed. There we can add a new task to run manually there.
  How to do the same in OIM 11g. in OIM 11g, it is not even showing the lists of tasks executed during provisioning.
  Please let me know.

  If you are talking about manually adding the provisioning tasks to a user for a particular resource, then you can go to the resource profile of the user, select the particular resource -> click the 'Resource History' button on the right corner and from there you can manually add the tasks.
  -Bikash

• Customizing Request Application Flows in OIM 11g?

  To all:
  I'm trying to work through a scenario using Request Templates - I'm not sure that this approach is possible using configuration approaches and wanted to see if anyone has any useful feedback. First, let me describe the problem I'm attempting to solve:
  - The users who will be using self-service will be somewhat restricted on what they can do: basically, once they have an account in OIM (this is 'automatic' from a reconciliation - there's no self-registration or user creation) they can request access to a small number of applications.
  The ideal flow that we would like to follow is:
  Step 1: Log in to OIM.
  Step 2: Create Request
  Step 3: Select the Application for requested access and the requested role.
  Step 4: Enter an effective date and justification.
  Step 5: Submit
  ... something 'application focused', not 'resource focused' as the end user community is not particularly aware (nor do they really need to be) about the details of how a user is authenticated.
  I can get 'close' to this using a request template, with this flow:
  Step 1: Log in to OIM
  Step 2: Create a request.
  Step 3: Select a Request Template. (I named the template after the application - "Select App Account")
  Step 4: Select Your Resource (only one in this case - restricted to "AD User")
  Step 5: Enter information about the AD account. (I can restrict this down to only allow for group selection, which is great.)
  Step 6: Enter effective date, justification
  Step 7: Submit
  So the only thing I'd really like to 'skip' (or somehow default) is the selection of a resource and skip that step - because the template only allows for a single selection anyway, and having an extra step with a single selection that may only muddle the process would be detrimental to the usability of the request.
  Is this a modification that we can make to the request flow ("If only one resource, default and move on") - or will we need to create some form of customized request process using the APIs?
  I've dug into the JSF navigation in the iam-console-faces WAR file; it seems that navigation is tied up in the backing beans - has anyone else used Request Templates to meet this type of need?
  My thanks in advance for any insight you can provide!

  Dewan.Rajiv wrote:
  It's a new flow which Oracle has introduced in OIM 11g. You can't skip that selection until you do modification in OOTB UI.
  RO is mandatory thing to raise request so you can go for custom UI (Need ADF Knowledge) in which you'll ask end user to select other things except that Resource and you'll fetch RO name from some configuration file for using in request APIs.Thanks - it looks like customizing the OOTB UI might not be possible - rather than using ADF/Faces configuration files, most of the navigation redirects seem to be 'hidden away' in compiled class files. (My original thought: add some kind of filter and/or extension to an ADF Task Flow that governs the request application flow - but there are not task flow files to modify?)