Policy domain doesn't protected

I have following problems:
1.I haven't protection for any created policy domain, I have only protection for default policy domains /access and /identity . It can protect requested policy domain, if I put my resources under policy domains . /access or /identity.
How can I test that Oracle Access Manger really protect created policy domain on web server, I always used access tester, always fine work,but resources aren't protected.
For simple OAM configuration I used Doc ID: Note:437423.1 Step by Step: How to Protect a Root '/' Policy Domain With A Form Deployed On The Same WebGate HTTP Server, but resources aren't protected again.
2.When I enable default policy domains, I get very strange case, I have to try to log on at least 2-3 times for requested link on Oracle Access Console , that is very difficult for administration.

Not the same i had a similar one. I crated my own policy domain. ( As suggested by kiran )
Just documented the steps, try it out, Hope this helps.
http://nagarun.wordpress.com/2007/12/22/oracle-access-manager-administration/
Cheers, Nag

Similar Messages

Changing policy domain timeout value

Hi Idm folks,
Can we configure a different timeout values on policy domains protecting different applications?
For example; policy domain /domain01/... has a 15 miunte idle session timeout and policy doomain02/... would have a 6 hour idle session timeout.
I don't think we can, wanted to check if anyone had ever came across this requirement?
thanks!

For different applications are you using different webgates? In that case you can think of using separate host identifiers for different webgates and create policies for host identifiers and you can have different timeout values for webgates.
BUT, in a SSO scenario what kind of complication it will bring, needs to be evaluated on the environment (mainly the central and application webgate domain for obSSOCookie) and requirements. This can be an interesting exercise, I guess. :)

Overlapping OAM policy domains

The OAM documentation addresses overlapping policies within a single policy domain, but I haven't been able to find anything about overlaps between different domains.
I have a policy domain for a host that protects everything under the root "/". However, I want the "access" virtual directory to be handled the same as the access directory on all of the other hosts, so I added the access resource to a domain that defines the policy for all of the access directories.
The result is an overlap-- the access directory for that host is protected in the specific "access" domain, and it's also protected under the domain that protects everything under the root for that host.
Is this a problem for OAM? Does OAM apply the most-specific policy domain for a resource, as hoped in this case? OAM allows me to explicitly order policies within a domain, but I don't see any way to order domains themselves.
Thanks,
Matthew

For policy domain mapping, the basic algorithm OAM follows is to use the host and path elements of the URI to 'map' into the 'most specifically relevant' policy domain.
As far as the path is concerned, OAM tries to match the path beginning with the most strict pattern and then working backwards to achieve a match.
For example, consider the following configuration:
Policy Domain A protects MY_HOST/access/bin
Policy Domain B protects MY_HOST/access
If a request for MY_HOST/access/bin/foo?param=1 comes in...
OAM looks for a policy domain protecting a resource MY_HOST/access/bin/foo and can't find one.
Next, OAM looks for a policy domain protecting a resource MY_HOST/access/bin and finds it and processing continues from there.
So, in the case you illustrate, /access is simply a 'more strict' pattern than / which will catch all requests that match that pattern.
As you noted, the evaluation of 'Policies (exceptions to the default rules)' is managed by explicit order.
It is also important to note, in this discussion, that OAM does not tolerate ambiguity on the HOST element of a protected resource. Configuring OAM to map the same hostname variation to more than one host identifier will produce unpredictable results. Validation in the admin application is in place to help avoid this.
Hope that helps.
Cheers,
Mark

CoreID Policy domain

Hi
we installed Oracle CoreID 7.0.4.3 sucessfully using OID as a backend directory server for all data areas.
we created a policy domain to protect a resource using Basic over LDAP allowing all users.
Basic over LDAP was configured:
obMappingBase="dc=de,dc=pri,dc=xx,dc=com",obMappingFilter="(&(objectclass=inetorgperson)(uid=%userid%))"
obCredentialPassword="userPassword"
When we call the matching ULRs, the authentication forms pops up, but after entering correct credentials we get:
Oracle Netpoint Operation Error
The credentials (userid=orcladmin password=(omitted) Resource=/nagios/ RequesterIP=10.121.74.7 Operation=GET) used for the login are missing a required password.
Contact your website administrator to remedy this problem.
Can anyone help?
Guenter

Hi,
Even I was trying to configure IWA with COREid in a similar environment settings and ended up getting the same result. The difference in my environment was:
Authentication Scheme -> Challenge Method was "Ext", Challenge Parameter was "creds:REMOTE_USER" , The plugin was "credential_mapping" and the filter was obMappingBase="ou=Users,o=INTRANET",obMappingFilter="(&(objectclass=inetorgperson)(uid=%REMOTE_USER%))"
With the above settings, when I try to access the protected page, I get a similar message viz - Oracle Netpoint Operation Error : The mapping of credentials (Resource=/app1/homepage.html Operation=GET) to a user profile failed. The Access Server may not be able to connect to the user directory, or the authentication scheme iwa may have an invalid ObMappingFilter parameter for its credential_mapping plugin. Contact your website administrator to remedy this problem.
Any suggestions? Please let me know.
Thank you so much.

Pop up warning when creating policy domain in OAM 10g

Has anyone seen below pop up warning when creating a policy domain in OAM 10g Policy manager?
Warning:
This policy domain controls the access to the URI you are currently accessing
/access/oblix/apps/policyservcenter/bin/policyservcenter.cgi
Are you sure you want to commit these changes?

Hi,
Does Note 842378.1 look like a match for you? Maybe the obcompounddata attribute is missing for some odd reason.
Regards,
Colin

Policy Domain Root error during Policy Manager installation

I am installing Policy manager for the first time and I am getting error at Policy domain root level.
If I specify Policy Domain Root as / it gives me this error
Unable to modify the entry with DN obapp=PSC,ou=Oblix,dc=SUPPLIER,DC=GLOBAL in the directory server - Object class violation in ModifyDBEntry_ADSI()
The DN obapp=PSC,ou=Oblix,dc=SUPPLIER,DC=GLOBAL exists in the directory.
My directory is Windows 2003 standard edition SP1 active directory. I am using Oracle access manager 10.1.4
user and policy directory is the same directory supplier.global.
Forest and domain functional level is Windows 2003
My person object class is: user
i have already installed webpass and identity server on same machine.
I have removed and tried to reinstall the policy manager on the same machine and the same error.
My identity server admin console is showing three directories:
AccessManager_setup_user_profile
AccessServer_default_user_profile
default-IdentityServer_1_6022
all of the directories have these settings dynamic auxiliary is yes and directory type is microsoft active directory (using adsi) without ldap for authentication checked.
I am getting these errors in my access logs looks like the path is wrong and the files are missing but not sure from which part of setup its taking this.
2007/02/06@19:22:35.265000     3040     1848     INIT     ERROR     0x000003B6     base\oblistrwutil.cpp:145     "Could not read file"     filename^C:\Program Files\NetPoint\WebComponent\access/oblix/lang/en-us/comm_servermsg.xml
2007/02/06@19:22:35.375000     3040     1848     INIT     ERROR     0x000003B6     base\oblistrwutil.cpp:145     "Could not read file"     filename^C:\Program Files\NetPoint\WebComponent\access/oblix/lang/en-us/sysmgmtmsg.xml
2007/02/06@19:22:36.015000     3040     1848     INIT     ERROR     0x000003B6     base\oblistrwutil.cpp:145     "Could not read file"     filename^C:\Program Files\NetPoint\WebComponent\access/oblix/lang/en-us/policysetupldifs_msg.xml
2007/02/06@19:22:37.843000     3040     1848     DB_RUNTIME     WARNING     0x00000007     \Oblix\coreid\np_common\db\ldap\util\ldap_util.cpp:1131     "Requested modify or add operation resulted in schema violation"     function^ModifyDBEntry()     dn^obapp=PSC,ou=Oblix,dc=SUPPLIER,DC=GLOBAL
2007/02/06@19:22:37.843000     3040     1848     DB_RUNTIME     WARNING     0x00000504     \Oblix\coreid\np_common\db\ldap\util\ldap_util.cpp:1217     "Exception during DB runtime code"     function^ModifyDBEntry()     dn^obapp=PSC,ou=Oblix,dc=SUPPLIER,DC=GLOBAL
2007/02/06@19:22:37.843000     3040     1848     DB_RUNTIME     WARNING     0x00000504     \Oblix\coreid\np_common\db\ldap\util\ldap_util3.cpp:837     "Exception during DB runtime code"     function^ModifyDBEntryWithDupCheck
Thanks for helping me out.
Message was edited by:
user557359

Hi,
Go to Policy domain root for Activer directory
Steps on how to resolve this are outlined there.
Rgds,
Boland

TMS - CCMS Alert domain doesn't appear

On my training system when I go into STMS, then CCMS Alert Monitor,(The "Bell" icon") the domain doesn't appear under change and transport system. It also won't allow me to create it in rz20. I've tried redistributing and activating the stms configuration and it still won't appear. Ideas?
Thanks,
Daniel

Your Problem is not with STMS configuration.
Based on what you have explained i am thinking because of the system copy you have performed the MTE classes of target system have been over written from source system (of your system copy)
But it is not a big deal to bring the MTE classes again.Below is the procedure.
Logon to the Solman - RZ21 --> Configure Central reaction ---> Assign Central reaction
Under System ID - Select SID of your satelite System --> +MTE Class from the system.
Once you do that you should get following message ### MTE Classes were collected by <Satellite System>
Hope this helps

Policy Domain not found

Hy everybody!
Please help me, I have problem with Policy Doman,
when I test access with option Access Tester on my Policy Domain,
i get following message:
Evaluation result
Policy Domain <not found>
I checked in OID, my Policy Domain exists in following entry
obname=policy_domain_id, obapp=PSC, o=Oblix <DN>
but as you see error says that Policu Domain not found.
best regards!

Hi!
I have :
- 2 Authorization Rules
- 1 Default Authentication Rule
- 1 Default Authorization Expression
I checked Host identifier with ping command, it's correct.
Do you have any ideas about problem?
On following URL I posted picture of the my Policy Domain
http://img205.imageshack.us/img205/8909/policydomainhx6.jpg
<img src="http://img205.imageshack.us/img205/8909/policydomainhx6.th.jpg" border="0" alt="Free Image Hosting at www.ImageShack.us" />

Can not add domain name Error Protected word / inappropriate language

Can not add domain name Error Protected word / inappropriate language
Provide your Domain name :
pragatiassociates.com
Nature of Services provided: It located in India, Punjab. Its a new firm which will be focus on supplying products to Educational Institutes in and around Punjab
Problem: While trying to register domain on domains.live.com it gives error that it contains a protected word or inappropriate language.
The website is first phase version page has been hosted. Domain was purchased on 1-Mar-2014. Please help on priority as I need the mail solutions at the earliest.
Posted query on Microsoft answers no reply even after 4 days.
http://answers.microsoft.com/en-us/outlook_com/forum/oadmincenter-ocustomdom/can-not-add-domain-name-error-protected-word/1322a218-3ad2-451c-a774-ae700465f9c4?tm=1394076201617

Saurav S --
Does your post have anything to do with Project Online, an enterprise project management application? If so, please elaborate. If not, please repost your question in a more relevant user forum. Hope this helps.
Dale A. Howard [MVP]

Policy domain root for Activer directory

I am setting up the access manager with active directory . But during web configuration ,it prompts for providing a policy domain root. I choose go ahead with default vlaue (i.e /). But it is returning me following error.
"Error in setting Policy Domain Root."
Please some one help out in resolving this issue.

Hi Nataraj,
I know what your problem is. Go to the computer running Active Directory, open "Open Active Directory Domains and Trusts" under Start -> Administrative tools. Right click on your domain shown and choose "Raise Domain to Functional level", you might need to this three to four times before this takes effect.
Then on the same window, right click on "active directory domains and trusts" and choose "Raise Forest functional Level", you might need to do this three times as well.
This will solve your problem, unfortunately you'll have to reinstall Access/Policy Manager. I have had this problem many times and this solved it. I am assuming you are using Windows 2003 Enterprise server.
Rgds,
Boland

Policy domain root for Active directory

Does anyone know how to configure policy domain root in Active directory ?.
I am installing COREid Access policy manager which needs a policy domain root input during the web interface configuration.
Please some one help in resolving this issue.

Hi,
I might help if can give the exact description of the issue that you are getting. However I have encountered similar or exact problem that you are having. Let me know whci ldap directory you are using with your CoreID install.

Oracle access manager - Policy domain - Return Type

Hi,
I have a requirement where I need to return few LDAP parameter values through Policy domain while redirecting. But the return type should be propertytype and not headervar or cookie. This is SSO integration with websphere using JAAS subject. We have inhouse TAI connector developed for integration between websphere and oracle access manager.
Please help me to resolve this issue.
Regards,
Prashant

Hi Prashant,
OAM can return any type that you want, and OAM will set the name/value for that type - you can put "propertytype" in the type column, and the name and return attribute in the respective fields. "Cookie" and "HeaderVar" are the only types used by OAM WebGates, but your AccessGate (custom in-house connector) should be able to retrieve the values of propertytype that OAM sets.
Regards,
Colin

Fusion App installation - Registering OAM policy domain ...

Hi all,
I'm trying to perform Fusion Applications installation (Linux 64, Middleware 11.1.1.5.0, WLS 10.3.6) in a single host environment, without any load balancer..
The installation fails in "Registering OAM policy domain" phase with error "User does not belong to the group that is authorized to perform registration."
I'm able to login as oamadmin to http://vfusion01.mydomain.com:7001/oamconsole with admin's privileges.
Adding oamadmin into OAMAdministrators and OIMAdministrators groups in LDAP didn't help.
Any idea how to continue?
Thanks for support
Daniel F
[edit]OAM Validation/Authorization and Authentication are successful in OAM Test Tool:
[3/2/12 12:21 PM][request][validate] yes
[3/2/12 12:21 PM][response] Authentication scheme : OAMAdminConsoleScheme, level : 2
[3/2/12 12:21 PM][response] Redirect URL : https://vfusion01.mydomain.com:4443/oam/server/
[3/2/12 12:21 PM][response] Credentials expected : 0x4 (form)
[3/2/12 12:21 PM][request][authenticate] yes
[3/2/12 12:21 PM][response] User DN : cn=oamadmin,cn=users,dc=mydomain,dc=com
[3/2/12 12:21 PM][response] SessionID : 29b10d11-ab81-4446-9e86-880db6e5790c
[3/2/12 12:21 PM][response][action] OAM_IMPERSONATOR_USER :
[3/2/12 12:21 PM][request][authorize] yes
[3/2/12 12:21 PM][response][action] OAM_IMPERSONATOR_USER :
[3/2/12 12:21 PM][response][action] OAM_REMOTE_USER : oamadmin
[3/2/12 12:21 PM][response][action] OAM_IDENTITY_DOMAIN : OIMIDStore
[edit]
====================
[echo] Registering OAM policy domain ...
Registering policy file /fusion/faprov/provisioning/provisioning-plan/bootstrap_oam.conf for policy domain provisioning ...
[echoNested] Registering policy file /fusion/faprov/provisioning/provisioning-plan/bootstrap_oam.conf for policy domain provisioning ...
[echo] mode=CREATE
[echo] app_domain=provisioning
[echo] oam_aaa_host=vfusion01.mydomain.com
[echo] oam_aaa_port=5575
[echo] uris_file=/fusion/faprov/provisioning/provisioning-plan/bootstrap_oam.conf
[echo] hostname_variations=vfusion01.mydomain.com:12613,vfusion01.mydomain.com:12614
[echo] oam_admin_server=http://vfusion01.mydomain.com:7001
[echo] oam_admin_username=oamadmin
[echo] -usei18nlogin
[echo] default_authn_scheme=FAAuthScheme
[echo] oam_cache_header=
[echo] logouturi=/oamsso/logout.html
[echo] web_domain=OraFusionApp
[echo] oam_aaa_mode=simple
[echo] log_level=ALL
[echo] max_oam_connections=10
[echo] primary_oam_servers=wls_oam1:10
[echo] oam_ip_validation=0
[echo] oam_idle_session_timeout=900
[echo] oam_version=11
[echo] cookie_domain=mydomain.com
[echo] app_agent_password and oam_admin_password passed in via STDIN
Mar 1, 2012 6:39:01 PM oracle.security.am.engines.rreg.client.oamcfgwrapper.OAMCfgRREGWrapperImpl handleConfig
INFO: Into RREG Wrapper implementation
Enter password: Enter password: Mar 1, 2012 6:39:01 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler readProtAndPubUrisFromFileAndSet
INFO: Success: URI:[provisioningBootstrap*] is added.
Mar 1, 2012 6:39:01 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler readProtAndPubUrisFromFileAndSet
INFO: Success: URI:[provisioningBootstrap/.../*] is added.
Your registration request is being been sent to the Admin server at: http://vfusion01.mydomain.com:7001
Mar 1, 2012 6:39:05 PM oracle.security.am.engines.rreg.client.RegController processOamCfgRegistration
SEVERE: Server side error occurred. Specific error messages are:User does not belong to the group that is authorized to perform registration. Registration failed. Try again after verifying the users group.
Mar 1, 2012 6:39:05 PM oracle.security.oam.oamcfg.OAMCfgTool main
WARNING: OAMCFG-60083: OAM Configuration did not complete successfully. Refer log for details
Mar 1, 2012 6:39:05 PM oracle.security.oam.oamcfg.OAMCfgTool main
WARNING: Stack trace::
oracle.security.am.engines.rreg.client.RegController:processOamCfgRegistration() in file RegController.java:771
oracle.security.am.engines.rreg.client.oamcfgwrapper.OAMCfgRREGWrapperImpl:handleConfig() in file OAMCfgRREGWrapperImpl.java:359
oracle.security.oam.oamcfg.OAMCfgTool:main()[2012-03-01T18:39:05.530+01:00] [runProvisioning-install] [NOTIFICATION] [] [runProvisioning-install] [tid: 12] [ecid: 0000JNF5GUy5i^O6yj7i6G1FJuCA000003,0]
[logStatus] STATE=BUILD_ERROR!TIMESTAMP=2012-03-01 18:39:05 CET!TARGET=register-policy-domain!CATEGORY=BUILD_ERROR!DOMAIN=CommonDomain!HOSTNAME=vfusion01.mydomain.com!PRODUCTFAMILY=webgate!PRODUCT=WebGate!TASK=execSecure!TASKID=webgate.WebGate.BUILD_ERROR.register-policy-domain.execSecure!MESSAGE=Process "/fusion/fmw/jrockit-jdk1.6.0_29-R28.2.2-4.1.0/bin/java -jar /fusion/fmw/apps/webtier_mwhome/oracle_common/modules/oracle.oamprovider_11.1.1/oamcfgtool.jar mode=CREATE app_domain=provisioning oam_aaa_host=vfusion01.mydomain.com oam_aaa_port=5575 uris_file=/fusion/faprov/provisioning/provisioning-plan/bootstrap_oam.conf hostname_variations=vfusion01.mydomain.com:12613,vfusion01.mydomain.com:12614 oam_admin_server=http://vfusion01.mydomain.com:7001 oam_admin_username=oamadmin -usei18nlogin default_authn_scheme=FAAuthScheme oam_cache_header= logouturi=/oamsso/logout.html web_domain=OraFusionApp oam_aaa_mode=simple log_level=ALL max_oam_connections=10 primary_oam_servers=wls_oam1:10 oam_ip_validation=0 oam_idle_session_timeout=900 oam_version=11 cookie_domain=mydomain.com" exited with non-zero exit code "1". Input Stream before decrypting for process execution: "j8p+RGsjhPvGQxLt55GQFw==j8p+RGsjhPvGQxLt55GQFw==". Environment variables: "".!DETAIL=Process "/fusion/fmw/jrockit-jdk1.6.0_29-R28.2.2-4.1.0/bin/java -jar /fusion/fmw/apps/webtier_mwhome/oracle_common/modules/oracle.oamprovider_11.1.1/oamcfgtool.jar mode=CREATE app_domain=provisioning oam_aaa_host=vfusion01.mydomain.com oam_aaa_port=5575 uris_file=/fusion/faprov/provisioning/provisioning-plan/bootstrap_oam.conf hostname_variations=vfusion01.mydomain.com:12613,vfusion01.mydomain.com:12614 oam_admin_server=http://vfusion01.mydomain.com:7001 oam_admin_username=oamadmin -usei18nlogin default_authn_scheme=FAAuthScheme oam_cache_header= logouturi=/oamsso/logout.html web_domain=OraFusionApp oam_aaa_mode=simple log_level=ALL max_oam_connections=10 primary_oam_servers=wls_oam1:10 oam_ip_validation=0 oam_idle_session_timeout=900 oam_version=11 cookie_domain=mydomain.com" exited with non-zero exit code "1". Input Stream before decrypting for process execution: "j8p+RGsjhPvGQxLt55GQFw==j8p+RGsjhPvGQxLt55GQFw==". Environment variables: "".!BUILDFILE=/fusion/faprov/provisioning/provisioning-build/webgate-build.xml!LINENUMBER=512![2012-03-01T18:39:05.673+01:00] [runProvisioning-install] [ERROR] [FAPROV-00298] [runProvisioning-install] [tid: 12] [ecid: 0000JNF5GUy5i^O6yj7i6G1FJuCA000003,0] An Error Occured: [[Process "/fusion/fmw/jrockit-jdk1.6.0_29-R28.2.2-4.1.0/bin/java -jar /fusion/fmw/apps/webtier_mwhome/oracle_common/modules/oracle.oamprovider_11.1.1/oamcfgtool.jar mode=CREATE app_domain=provisioning oam_aaa_host=vfusion01.mydomain.com oam_aaa_port=5575 uris_file=/fusion/faprov/provisioning/provisioning-plan/bootstrap_oam.conf hostname_variations=vfusion01.mydomain.com:12613,vfusion01.mydomain.com:12614 oam_admin_server=http://vfusion01.mydomain.com:7001 oam_admin_username=oamadmin -usei18nlogin default_authn_scheme=FAAuthScheme oam_cache_header= logouturi=/oamsso/logout.html web_domain=OraFusionApp oam_aaa_mode=simple log_level=ALL max_oam_connections=10 primary_oam_servers=wls_oam1:10 oam_ip_validation=0 oam_idle_session_timeout=900 oam_version=11 cookie_domain=mydomain.com" exited with non-zero exit code "1". Input Stream before decrypting for process execution: "j8p+RGsjhPvGQxLt55GQFw==j8p+RGsjhPvGQxLt55GQFw==". Environment variables: "".        at oracle.apps.fnd.provisioning.ant.taskdefs.SecureExec.executeTask(SecureExec.java:381)        at oracle.apps.fnd.provisioning.ant.taskdefs.BaseProvisioningTask.execute(BaseProvisioningTask.java:102)        at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)        at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)        at java.lang.reflect.Method.invoke(Method.java:597)        at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105)        at org.apache.tools.ant.Task.perform(Task.java:348)        at org.apache.tools.ant.taskdefs.Sequential.execute(Sequential.java:62)        at oracle.apps.fnd.provisioning.ant.taskdefs.util.SynchronizedTask.executeInternal(SynchronizedTask.java:286)        at oracle.apps.fnd.provisioning.ant.taskdefs.util.SynchronizedTask.executeTask(SynchronizedTask.java:318)        at oracle.apps.fnd.provisioning.ant.taskdefs.BaseProvisioningTask.execute(BaseProvisioningTask.java:102)        at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)        at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)        at java.lang.reflect.Method.invoke(Method.java:597)        at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105)        at org.apache.tools.ant.Task.perform(Task.java:348)        at org.apache.tools.ant.taskdefs.Sequential.execute(Sequential.java:62)        at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)        at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)        at java.lang.reflect.Method.invoke(Method.java:597)        at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105)        at org.apache.tools.ant.Task.perform(Task.java:348)        at org.apache.tools.ant.taskdefs.MacroInstance.execute(MacroInstance.java:391)        at net.sf.antcontrib.logic.ForDelegate.doSequentialIteration(ForDelegate.java:228)        at net.sf.antcontrib.logic.ForDelegate.doTheTasks(ForDelegate.java:281)        at net.sf.antcontrib.logic.ForDelegate.execute(ForDelegate.java:214)        at net.sf.antcontrib.logic.For.execute(For.java:167)        at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)        at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)        at java.lang.reflect.Method.invoke(Method.java:597)        at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105)        at org.apache.tools.ant.Task.perform(Task.java:348)        at org.apache.tools.ant.Target.execute(Target.java:357)        at org.apache.tools.ant.Target.performTasks(Target.java:385)        at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1329)        at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecutor.java:40)        at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:416)        at org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:106)        at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)
        at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)

First of all WLS 10.3.6 is not certified for FA and OAM 11.1.1.5. Second oamadmin must belong to the OAMAdministrators group and registered as a system administrator for the User Identity Store.
See the IDM EDG (FA edition) for more details. (http://docs.oracle.com/cd/E25054_01/fusionapps.1111/e21032/toc.htm)
HTH,
--olaf

Policy Agent doesn't reset Sun Access Manager session time idle value

Hi,
We have the following setup in our environment:
- apache web server/web and policy agent 2.2 for apache 2.0.54
- webmethods portal server (jetty)
-Sun Access Manager (with Sun Directory Server)
We use policy agent for authentication purpose only (via Sun Access Manager/LDAP) when the users access the portal. We have custom code that creates session in Sun Access Manager for custom LDAP services. For testing purpose, we configure SAM session to have Max Session Timeout at 120mins and Time Idle at 15mins. I would assume that, after the initial login request, for all subsequent accesses to the portal the policy agent should intercept the request and reset the Time Idle value of SAM session. However, when I monitor time idle value using SAM console, session tab, the time idle value didn't change when the portal user access pages, submit actions, etc. I can see in the debug log of policy agent that requests are being intercepted/processed, but the time idle didn't get reset.
Does anyone know if this is a bug in configuration or in policy agent itself or am I making the wrong assumption?
Thanks a lot for the help.

Thanks for the reply, Shivaram. The issue appears to occur at random time, not accurately at the 3 min interval as you mention. I tested changing this value to 1, theoretically, after one 1 minute of idle time, accessing a link would make the agent reset the time idle value for the user session in SAM, but it didn't even after 3 minutes. This seems to be either a policy agent or system access manager bug.
We performed a 'vanilla' test using the apache server manual pages (only plain HTML, no POST requests), the pages are protected by the policy agent. At the first login, rwe were prompted to enter credential to be validated by SAM/LDAP, and then a user session is created in SAM session table. We browse around the manual pages, once in a while, certain pages cause the policy agent to reset the time idle. However, revisiting these links after a few minutes doesn't reset the idle value. Caching setting has been disable as well. Could there be or lack of some settings in AMConfig.properties or AMAgent.properties that might have caused this behavior?
Thanks for all your help,

EMET v5.1 ADMX Group Policy Template Issue - Default protection settings can't be disabled

I am configuring EMET v5.1 (from 11/18/14) settings via GPO using the custom EMET admx template provided by Microsoft. I am able to enable all the EMET settings via GPMC and disable most of them, but I am not able to disable these 3 EMET setting via
GPMC in a GPO:
Default Protections for Internet Explorer
Default Protections for Popular Software
Default Protections for Recommended Software
When configuring any of these 3 EMET GPO settings to disabled and pressing apply or OK, GPMC keeps it at Not Configured, it does not change to disabled as it normally would. I have never before seen this in GPMC, where you try to disable a setting and it
doesn't change to disabled.
Unless this is somehow intended by Microsoft for these 3 EMET GPO settings, I think that this is a glitch/bug in the EMET GPO Template or the way that it works in GPMC.
Looking for some Guidance from a MS Rep to replicate this issue or anyone else who can confirm if they also see this issue. I have tested on multiple Windows 8.1 Enterprise x64 Update 2 Workstations, with GPMC loaded and the latest EMET ADMX file loaded
from the EMET client on 11/18/14. I have tested this in 2 separate domains, Note that we do not have Central ADMX Stores in either domain.

I had a similar requirement as yours and found that we were able to get around in a simpler method then what was listed here. What we did was set GPO Preferences Registry changes which would then override the previously set EMET ADMX settings set from
another global GPO.
To be specific we had some thirds applications which were add-ons to Microsoft Excel, and the EMET was preventing the application from talking to Excel. So for the users that use this application we have a GPO which Does the following in the Preferences
section:
Action: Replace
HIVE: HKEY_LOCAL_MACHINE
Key path: SOFTWARE\Policies\Microsoft\EMET\Defaults
Value name: Excel
Value type: REG_SZ
Value data: *\OFFICE1*\EXCEL.EXE -Caller -MandatoryASLR

Policy domain doesn't protected

Similar Messages

Maybe you are looking for