Reading credentials from CSF outside of OIM
Gurus,
I need to retrieve CSF credentials from an application which is outside of OIM/SOA.
Can you please provide some detailed steps to achieve the same?
Thanks for your reply.
But I followed these steps only.
I am trying to get these credentials from a java standlone environment.
I have updated system-jazn-data.xml with all necessary permissions.
But my job is failing saying permission denied.
Can you please let me know if I miss something to get these permissions?
Similar Messages
-
Getting error while running the code to get the credentials from CSF in OIM
Hi,
I am using the below error while trying to fetch the username and password of OIM from the credential store:
oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oracle.oim.sysadminMap,keyName= read*
below is the code I am using to fetch the credentials:
try{
System.out.println("Prototype for invoking an OIM API from a SOA Composite");
System.out.println("RTM Usecase: Organization Administrator");
String oimUserName = "";
String oimPassword = "";
String oimURL = "";
// String roleApprover = "";
// String actKey = "";
//get oimuser credentials
System.out.println("Test workflow");
oracle.security.jps.JpsContext ctx =
oracle.security.jps.JpsContextFactory.getContextFactory().getContext();
final oracle.security.jps.service.credstore.CredentialStore cs =
(oracle.security.jps.service.credstore.CredentialStore)
ctx.getServiceInstance(oracle.security.jps.service.credstore.CredentialStore.class);
oracle.security.jps.service.credstore.CredentialMap cmap =
cs.getCredentialMap("oracle.oim.sysadminMap");
oracle.security.jps.service.credstore.Credential cred = cmap.getCredential("basic.credentials");
if (cred instanceof oracle.security.jps.service.credstore.PasswordCredential) {
oracle.security.jps.service.credstore.PasswordCredential pcred =
(oracle.security.jps.service.credstore.PasswordCredential)cred;
char[] p = pcred.getPassword();
oimUserName = pcred.getName();
oimPassword = new String(p);
System.out.println(oimUserName);
Edited by: 986434 on Mar 26, 2013 12:40 PM
Edited by: 986434 on Mar 31, 2013 9:04 PMOr follow the note from oracle to update the system properties to provide access to your code/jar. You need to provide permissions to the jar containing the code which is trying to read values from CSF.
MOS article: 1478645.1
-Bikash -
Dynamically get Credentials from CSF map
Hi,
I'm trying to call CSF map from Webservices to get OIM credentails (xelsysadm userID and password) dynamically. The below piece of code I have used to get values fro CSF. But when I'm trying to deploy the application on weblogic server, I'm getting the following error.
"java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oracle.oim.sysadminMap,keyName=sysadmin read)
Errors were encountered while performing this operation."
I tried to change system-data-jazn.xml file, but no luck. Can you please tell me how can I achieve dynamic credentails from webservices??
oracle.security.jps.JpsContext ctx;
final oracle.security.jps.service.credstore.CredentialStore cs;
oracle.security.jps.service.credstore.CredentialMap cmap;
oracle.security.jps.service.credstore.Credential cred;
oracle.security.jps.service.credstore.PasswordCredential pcred;
ctx = oracle.security.jps.JpsContextFactory.getContextFactory().getContext();
cs = ctx.getServiceInstance(oracle.security.jps.service.credstore.CredentialStore.class);
final String mymapName="oracle.oim.sysadminMap";
final String mykeyName="sysadmin";
cred = AccessController.doPrivileged(new PrivilegedExceptionAction<Credential>() {
public Credential run() throws CredStoreException {
return cs.getCredential(mymapName, mykeyName);
}, null);
String oimUserName = "";
String oimPassword = "";
String oimURL = "";
if (cred instanceof oracle.security.jps.service.credstore.PasswordCredential)
pcred = (oracle.security.jps.service.credstore.PasswordCredential)cred;
char[] p = pcred.getPassword();
oimUserName = pcred.getName();
oimPassword = new String(p);
ThanksAdding the relevant permissions to the system-data-jazn.xml is the right approach. However, you shouldn't try to update it directly, but via EM. The trickiest part will be knowing where your classes end up being deployed to. Are you deploying a war file or directly from an extracted directory?
The code base for the permission you need to add should be something like this if you are deploying a war file:
file:${domain.home}/servers/${weblogic.Name}/tmp/_WL_user/<name of war file>/-
Weblogic will substitute the values for you so you can just use the above string as is except for the name of your war file which you need to replace the placeholder. -
Read an Image from a outside server
Hi, I want to display a image from a site like: "http://my_site/image.gif" into a image_item.
I tried with this:
READ_IMAGE_FILE('http://my_site/image.gif', 'GIF', 'control.img_map');
But it doesn't work.
Help!!!!!
Tks.Franco,
READ_IMAGE_FILE reads from the file system, not from an URL. You will have to use a Java class on the server to read the image ot a temporary directory and then read it from there.
Frank -
Reconciliation of "change password on next logon" from AD fails in OIM 11g
Hello,
We have a use case on our OIM 11g project where we create a user in Active Directory and check *"User must change password at next logon"* box in AD.
We have setup AD as Trusted and Target resource (using connector 9.1.1.7), where users coming from AD will be created in OIM and password changes in OIM will be sent to AD. Also we use the password synchronization module (9.1.1.5) to synchronize the passwords from AD to OIM when they are changed in AD.
What we noticed is the "User must change password at next logon" is synchronized to the "AD Resource", but unlike the regular attributes it is not accessible normally because it's a system attribute.
What we expect is the user logging in to OIM will be prompted to change the password, but nothing happens when the newly reconciled user logs in (i.e. normal self-service page is shown). Same thing applies when we set the flag on an existing user also.
Did anyone get this working properly?
P.S. In a previous version it used to be the opposite where the user was constantly prompted for the password, even though it was changed in AD already, after changing the password using Alt+Crtl+Delete the user was still prompted to change when logging in to OIM. Oracle suggested we upgrade to 11.1.1.5.1 (most recent patch set) but now the reverse happens - we never get change password prompt now.
Thanks,
-JP
Edited by: JacekP on Oct 17, 2011 8:10 AMYeah, you're right, unfortunately we have dual authorative password model, where a user can change the password from OIM when he is accessing a OIM through a web interface or from his Windows machine through the domain controller. We need the use case to work fully both ways ideally.
A plan-B solution is to use a directory synchronization mechanism outside of OIM that would connect OID and AD, but we would prefer not to. -
Reconciliation: push updates from an OpenLDAP into OIM 11g
Hello everyone ,
Is there in the latest OIM a "push" connector that would allow a reconciliation process (ie inward flow into OIM) starting from an OpenLDAP directory system?
Thanks,
NikosYeah, you're right, unfortunately we have dual authorative password model, where a user can change the password from OIM when he is accessing a OIM through a web interface or from his Windows machine through the domain controller. We need the use case to work fully both ways ideally.
A plan-B solution is to use a directory synchronization mechanism outside of OIM that would connect OID and AD, but we would prefer not to. -
Read email from microsoft exchangeserver 2010 and save attachement
Hello,
I want to read email from microsoft exchangeserver 2010 and save attachement into a folder.I created an Java program to import attachments from a exchange server mailbox using "POP3S".It works fine when run as a java application.But when i put this inside Oracle11g R2 using load java and while executing from a procedure it gives an error at parsing message into Multipart
Error at line : Multipart mp = (Multipart)m.getContent();
Error:
Content-Type: multipart/mixed;
boundary="_002_A0C2E09A..................................."
java.lang.ClassCastException
at mailPop3.checkmail(mailPop3:71)
My Java Class is as follows,
import java.io.*;
import java.util.Properties;
import javax.mail.*;
import javax.mail.internet.*;
import java.util.Date;
The function i used to check for attachments is given below.
public static boolean hasAttachments(Message m) throws java.io.IOException, MessagingException
Boolean hasAttachments = false;
try
// if it is a plain/html text - no attachements
if (m.isMimeType("text/*"))
return hasAttachments;
else if (m.isMimeType("multipart/alternative"))
return hasAttachments;
else if (m.isMimeType("multipart/*"))
Multipart mp = (Multipart)m.getContent();
if (mp.getCount() > 1)
hasAttachments = true;
return hasAttachments;
catch (Exception e) {
e.printStackTrace();
} finally {
return hasAttachments;
My Java Details as follows
java Version :1.5.0_10
java.vm.specification.version:1.0
java.vm.version :1.5.0_01
java.specification.version:1.5
java.class.version:48.0
Java mail API:javamail-1.4.4
Used Jars:mail.jar
Could someone explain why I am getting this error? What can I do to resolve this error?
Is any other Jar need other than mail.jar?
Any help would be much appreciated.
Regards,
Nisanth889509 wrote:
This java class has no error.Then it should work - not only at compile time, but at run-time too.
Because it does not, it means there are errors. And as the error you've posted is not an Oracle SQL or PL/SQL error, your question is off-topic to this forum.
Why would the code not work at run-time? Numerous reasons, including environmental ones. Java inside Oracle are subjected to a number of restrictions and limitations that do not exist in a Java VM outside Oracle (for good reasons).
So you need to consider that too - and that is why I referred you to the documentation... which is IMO mandatory reading for all Oracle developers. -
How do I delete a recurring event that was sent from an outside source?
I have a number of recurring events that were added to the calendar from an outside calendar. A calendar that I do not have access to anymore. I wish to delete the entire series. Currently when I open the event I can not edit nor delete it. If I choose cut I am forced to cut each individual occurance of the event. Is there some way to delete the series?
you can try full re-sync of the calendar:
First you need to find out which account the offending calendar belongs to (you can find it in the event details)
then go to settings/main,contacts,etc...
Tap on the proper account
Then disable the calendar linked with this account (confirm deleting it from the iPhone)
Finaly re-enable the calendar and let it sync. -
Urgent help with simple BPEL process for reading data from database
Hello there,
I need help with BPEL project.
i have created a table Employee in Database.
I did create application, BPEL project and connection to the database properly using Database Adapter.
I need to read the records from the database and convert into xml fomat and it should to go approval for BPM worklist.
Can someone please describe me step by step what i need to do.
Thx,
DpsI have created a table in Database with data like Empno,name,salary,comments.
I created Database Connection in jsp page and connecting to BPEL process.
It initiates the process and it goes automatically for approval.
Please refer the code once which i created.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<%@page import="java.util.Map" %>
<%@page import="com.oracle.bpel.client.Locator" %>
<%@page import="com.oracle.bpel.client.NormalizedMessage" %>
<%@page import="com.oracle.bpel.client.delivery.IDeliveryService" %>
<%@page import="javax.naming.Context" %>
<%@page import="java.util.Hashtable" %>
<%@page import="java.util.HashMap" %>
<%@ page import="java.sql.*"%>
<%@ page import= "jspprj.DBCon"%>
<html>
<head>
<title>Invoke CreditRatingService</title>
</head>
<body>
<%
DBCon dbcon=new DBCon();
Connection conn=dbcon.createConnection();
Statement st=null;
PreparedStatement pstmt=null;
Hashtable env= new Hashtable();
ResultSet rs = null;
Map payload =null;
try
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.evermind.server.rmi.RMIInitialContextFactory");
env.put(Context.PROVIDER_URL, "opmn:ormi://localhost:port:home/orabpel");//bpel server
env.put("java.naming.security.principal", "username");
env.put("java.naming.security.credentials", "password");//bpel console
Locator locator = new Locator("default","password",env);
IDeliveryService deliveryService =
(IDeliveryService)locator.lookupService(IDeliveryService.SERVICE_NAME );
// construct the normalized message and send to Oracle BPEL Process Manager
NormalizedMessage nm = new NormalizedMessage();
java.util.HashMap map = new HashMap();
st=conn.createStatement();
out.println("connected");
String query1="Select * from EMPLOYEE";
rs=st.executeQuery(query1);
/*reading Data From Database and converting into XML format
so that no need of going to BPEL console and entering the details.
while (rs.next()){
String xml1 = "<AsynchBPELProcess1ProcessRequest xmlns='http://xmlns.oracle.com/AsynchBPELProcess1'>"+
"<Empno>"+rs.getString(1)+"</Empno>"+
"<EmpName>"+rs.getString(2)+"</EmpName>"+
"<Salary>"+rs.getString(3)+"</Salary>"+
"<Comments>"+rs.getString(4)+"</Comments>"+
"</AsynchBPELProcess1ProcessRequest>";
out.println(xml1);
nm.addPart("payload", xml1 );
// EmployeeApprovalProcess is the BPEL process in which human task is implemented
deliveryService.post("EmployeeApprovalProcess", "initiate", nm);
// payload = res.getPayload();
out.println( "BPELProcess CreditRatingService executed!<br>" );
// out.println( "Credit Rating is " + payload.get("payload") );
//Incase there is an exception while invoking the first server invoke the second server i.e lsgpas13.
catch(Exception ee) {
//("BPEL Server lsgpas14 invoking error.\n"+ee.toString());
%>
</body>
</html>
Its working fine.And i want it for Bulk approvals.please help me step by step procedure if any other way to implement this. -
I have an iMac5,1 with an intel processor. For the last month or so, whenever I play a video from an outside source - e.g. YouTube, the picture jumps and breaks-up. All of my software is up-to-date. Any thoughts on how to fix this problem?
You're welcome. As to checking speed go to http://speedtest.net/ and it will choose the closest server for you. BTW, whatever you do, don't click on the robot icon that says "Start Scan" or MacKeeper below that. Only use the speed test in the middle that has the button BEGIN TEST on it. It will run a download speed test first and then an upload speed test. The download test will give a much faster response.
-
Best Practices for configuring ICMP from the outside
Question,
Are there any best practices or best recommendations on how ICMP should be configured from the outside? I have been cleaning up the rules on our ASA as a lot were simply ported over years ago when we retired our PIX. I noticed that there is a rule to allow ICMP any any and began to wonder how this works when the rules above are specific IP addresses and specific ports. This in thurn started me looking to see if there was any documentation or anything to help me determine a best practice. Anyone know of anything?
As a second part how does this flow on a firewall if all the addresses are natted? It the ICMP traffic simply passed through the NAT and the destiantion simply responds?
BrentHere you go, bro!
http://checkthenetwork.com/networksecurity%20Cisco%20ASA%20Firewall%20Best%20Practices%20for%20Firewall%20Deployment%201.asp#_Toc218778855
access-list inside permit icmp any any echo
access-list inside permit icmp any any echo-reply
access-list inside permit icmp any any unreachable
access-list inside permit icmp any any time-exceeded
access-list inside permit icmp any any packets-too-big
access-list inside permit udp any any eq 33434 33464
access-list deny icmp any any log
P/S: if you think this comment is useful, please do rate them nicely :-) -
Updating website from an outside computer
Is there some way that my website can be updated from an outside computer or from a PC? For instance, if I want to make changes while I am on vacation somewhere, can it be done?
Wait for tuesday's release of iLife '07 as rumours from here:
http://www.thinksecret.com/news/0608iweb2-2.html
...are that: "With iWeb 2, users will be able to update their iWeb space from any Web browser for the first time. Site management will naturally be limited, likely to just adding or deleting content, sources said, but the feature will allow users to update their blog and upload new photos or podcasts regardless of what computer or operating system they have access to."
And there's another article about iWeb 2 here: http://www.thinksecret.com/news/0608iweb2.html
MacBook Pro 15" Mac OS X (10.4.8) -
A Thread manages a connection from the outside--help me to finish it
**RUN THIS CODE AND HELP ME--- THANKS A LOT**
EchoClient is thread which manage a connection from the outside.
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.Random;
public class EchoClient extends Thread {
private ServerSocket listenSocket = null;
private Socket manageSocket = null;
private int[] port = new int[9999];
private BufferedReader in;
private PrintWriter out;
private int line;
private int count;
// No needed to mention
//private ClientNode[] clientArray = new ClientNode[9999];
private ManageClient[] manageClient;
private final int CONNECTED = 1;
private final int CONNECTING = 11;
private final int DISCONECTED = 2;
public void run() {
try {
manageClient = new ManageClient[9999];
listenSocket = new ServerSocket(903);
manageSocket = listenSocket.accept();
while (true) {
in = new BufferedReader(new InputStreamReader(manageSocket
.getInputStream()));
out = new PrintWriter(manageSocket.getOutputStream());
line = in.read();
// if Client send a variable(CONNECTING)
// Server will send to Client a variable(CONNECTED) and port
//to open a ChatFrame with that port
if (line == CONNECTING) {
System.out.print("have recieved");
out.print(CONNECTED);
//randomize a port to send to client
port[count] = (int) Math.ceil(Math.random() * 9999)
//creat a manageClient(Thread) to manage a seperate
// connection with a seperate Client
manageClient[count] = new ManageClient(port[count]);
manageClient[count].start();
out.print(port[count]);
count++;
} catch (Exception e) {
e.printStackTrace();
public static void main(String[] args) {
EchoClient e = new EchoClient();
e.start();
}And a Login Frame which will send to server a varialble (CONNECTING) which requires to connect and keep waiting for a variable to Open a ChatFrame with a new port
import java.awt.FlowLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.Socket;
import javax.swing.JButton;
import javax.swing.JFrame;
import javax.swing.JPanel;
import javax.swing.JTextArea;
public class Login extends JFrame {
public ChatFrame chatFrame;
private final int CONNECTED = 1;
private final int CONNECTING = 11;
* @param args
public Login() {
// TODO Auto-generated method stub
setSize(50, 150);
JButton loginButton = new JButton("Login");
JPanel p = new JPanel();
p.setLayout(new FlowLayout());
p.add(loginButton);
add(p);
loginButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
loginServer();
public void loginServer() {
try {
Socket connectSocket = new Socket("127.0.0.1", 903);
while (true) {
BufferedReader in = new BufferedReader(new InputStreamReader(
connectSocket.getInputStream()));
PrintWriter out = new PrintWriter(connectSocket
.getOutputStream());
out.print(CONNECTING);
System.out.println("At here");
//(***position***)
int line = in.read();
System.out.println("At here1");
if (line == CONNECTED) {
int port = in.read();
chatFrame = new ChatFrame(port);
chatFrame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
chatFrame.show();
connectSocket.close();
} catch (Exception exp) {
exp.printStackTrace();
public static void main(String[] args) {
Login login = new Login();
login.show();
login.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
}and this is ManageClient Thread...
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.ServerSocket;
import java.net.Socket;
public class ManageClient extends Thread {
private ServerSocket ssClient;
private Socket sClient;
private int port;
public ManageClient(int port) {
this.port = port;
public int getPort() {
return port;
public void run() {
try {
ssClient = new ServerSocket(getPort());
sClient = ssClient.accept();
while (true) {
BufferedReader in = new BufferedReader(new InputStreamReader(
sClient.getInputStream()));
PrintWriter out = new PrintWriter(sClient.getOutputStream());
String s = in.readLine();
if (s != null)
out.print("have recieved");
} catch (Exception e) {
e.printStackTrace();
}my problem...
At firts EchoClient will run.. and then Login but when I click to the Login button it has just only did before int line = in.readLine();(*** postion ***)
I don't know why it doesn't continue. It stops here and the login button is still visible(cause code has not finish)..
That's my problem...
Somebody help me
Edited by: rockfanskid on Oct 17, 2007 4:25 AMSomebody helps me to finish this project...
thanks for racing this thread -
Transportable Tablespace Importing - Failed to read stderr from process
Hello,
I'm using the normal EM console packaged with Oracle (10gR2) and am trying to import a tablespace on RedHat rel4.
I follow the Transport Tablespaces link on the maintenance tab and get the option of export or import and also the place to put the host credentials in. I select import, enter the credentials and click continue and am given this error: Failed to read stderr from process.
I've tried logging into EM as SYSTEM, SYS, and a DBA account I use and have used both root and the oracle account with no luck.
Searching hasn't gotten me any useful results here or in metalink so I'm stuck. What am I missing?
ThanksThank you thank you!
The short version is I traced it back to an error with /bin/nmo which traced back to a failure to run root.sh when upgrading to 10.2.0.3.
Thanks again! -
Read E-Mail Actionblock -Unable to read mail from Mailserver
Hi,
As a part of business requirement I need to write a transaction which picks the attachment from a particular mail on a server on a scheduled basis.
I am getting the below error while trying to connect to the server
[INFO ]: ReadMail: Connecting To: xxxx.yyyy.mycompany.com
[ERROR]: ReadMail error: Connect failed; nested exception is: java.net.ConnectException: Connection refused: connect+
[ERROR]: ACTION FAILED: End Action ReadMail_0 :
But with the same credentials I am able to send mail from xMII using the Send mail action block.So this signifies that I am using the right MailServer name.
Is this the problem with the firewall with the server ? or
Will there be different MailServer name for receiving and reading mails?
How to know which port number to be used?
Did any one faced this problem before?
Appreciate your help
thanks
RajHi,
Im also having problems with reading mails from mailserver.
When I execute the transaction the action block Read Mail return me the following error:
[ERROR] [ReadMail]Unable to read mail Exception: [unicode-1-1-utf-7]
Could anybody help me?
P.S.: Im using the imap4 protocol.
Thank you!
Edited by: Thiago Barros on Jul 29, 2010 5:15 PM
Maybe you are looking for
-
How do I stop my iWeb site folder name from showing in the URL?
I have looked through the forum but cannot find exactly what I need. I am sure there is a way to stop this from happening but I do not want my iWeb site name to show in the URL. Anyone else had this problem that can spread some light on the situation
-
Flash not working in Firefox at all
I'm running Firefox 16.0.2. Any pages with Flash tell me that I need to install the missing plugin. I've tried re-downloading the latest Flash Player a few times, uninstalling it from my laptop entirely, reinstalling, etc. and nothing has worked. I'v
-
Since OES 11 SP2 computer members of groups are not shown in AD Users and Computers mmc snapin
I have several groups of computers in my DSfW Domain, They are mainly used to apply different GPOs to different groups. If you look via iManager or C1 at the properties of the groups you see the computers, which are members of the groups on the membe
-
How to manipulate recursive node with context api?
Hi, all. I made a recursive node in my context. So it is like a tree. When I choosed one child node in my tree, how can I get it`s current element? Thanks a lot.
-
Are there still bugs in the Yosemite program that Apple over looked?