Realm && organization

What is the difference between realm and organization?
if i use a data store for users as LDAPv3Repository how can i manage roles?
and
how can i add a user the possibility of administrate like the amadmin user?

A realm is generally the 'top-most' in the 'Directory Information Tree (DIT)'.
You can create containers and sub containers based on the requirements.
If 'dc=env1realm,dc=sales,dc=us,dc=com' and 'dc=env2realm,dc=sales,dc=us,dc=com' are considered as realms, then they would be independent of each other, and you would be able to create containers/sub containers in them.
(3): You can create realms/containers/sub-containers using 'ldif' file, or some generic LDAP browsers.

Similar Messages

  • Policy Agent 2.2 for Apache HTTP Server

    hi,
    I'm trying to configure Policy Agent 2.2 for apache http server.
    The agent seems to be installed properly, in fact when I access the protected resource, I get the Access Manager login page.
    Then I log into access manager, but I'm redirected to an error page.
    Looking in log files I can see:
    agent's "amAgent" log file:
    Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
    Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
    Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting password callback.
    Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting name callback to 'apache2Agent'.
    Debug 10763:f8fe0 AuthService: BaseService::sendRequest Cookie and Headers =Host: crmzone.company.icteam.it     
                   Cookie: JSESSIONID=193E5E1590C924A42B95A00A51DC0479;amlbcookie=01
    Debug 10763:f8fe0 AuthService: BaseService::sendRequest Content-Length =Content-Length: 620
    Debug 10763:f8fe0 AuthService: BaseService::sendRequest Header Suffix =Accept: text/xml
                   Content-Type: text/xml; charset=UTF-8
    Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
    Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
    Error 10763:f8fe0 AuthService: AuthService::processLoginStatus() Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp.
    Error 10763:f8fe0 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp and code:3
    Warning 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) denying access: status = Access Manager authentication service failure
    Debug 10763:f8fe0 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://10.0.0.31:80/SugarOS-Full-4.5.0f.
    Info 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) returning status: Access Manager authentication service failure.
    Info 10763:f8fe0 PolicyAgent: process_request(): Access check for URL http://10.0.0.31/SugarOS-Full-4.5.0f returned Access Manager authentication service failure.
    Debug 10763:f8fe0 PolicyAgent: process_request(): returning web result AM_WEB_RESULT_ERROR, data []
    Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): Rendering web result AM_WEB_RESULT_ERROR
    Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): render result function returned AM_SUCCESS.
    Access Manager's "amAuthentication.error" log file:
    "Login Failed|module_instance|Application" Application AUTHENTICATION-268 dc=opensso,dc=java,dc=net "Not Available" INFO apache2Agent 10.0.0.31 "cn=dsameuser,ou=DSAME Users,dc=opensso,dc=java,dc=net" CRMzone
    I tried to change the name of the agent either in its AMAgent.properties or in Access Manager "Agents" configuration page.
    I also used "crypt_util" to generate a new passoword, but nothing seems to happen.
    Where should I look to get more info about this problem? Specific log file?
    Is it due to wrong name/id/password of the agent? I really checked them many times...
    Thanks
    Fabio

    I think the error message "Application user ID is not valid" is pretty self evident.
    Log into the amconsole and go to the root realm/organization. Make sure the Agent profile exists and reset the password again to know value. If you created the agent profile in a sub realm/organization, you will need to make sure the subrealm/organization is set in the AMAgent.properties since the default value is / for the root realm/organization. Update the AMAgent.properties file will the Agent ID and the password generated by the crypt_it tool (com.sun.am.policy.am.username, com.sun.am.policy.am.password)
    If that doesn't work, check the amApplication debug log and then look at the ldap server access logs to see why the auth bind failed.

  • Security domains for midlets

    Hi
    I was doing some investigation on security domains for midlets. There are 4 security domains like
    1.     third party protection domain (untrusted 3rd party)
    2.     identified third party protection domain (trusted 3rd party)
    3.     operator protection domain
    4.     manufacturer protection domain
    I have signed a midlet and it is in 2 nd security domain, but still there are some restrictions for API usage, for example everytime push message arrives user is prompted to start application or not, I want to avoid it. Do you have any idea how can I do that, or do you know how can get my midlet into 3 rd or 4 th security domains. Has anyone done this before?
    Any help will be appreciated...

    Please note that a realm is a domain for a set of security features. A
    realm organizes security information and defines its range of
    operations. Please go through the documentation:
    http://e-docs.bea.com/wls/docs61/security/concepts.html#1035144
    for a discussion of security realms. Please go through the
    documentation:
    http://e-docs.bea.com/wls/docs61//adminguide/cnfgsec.html#1052314 which
    describes the configuration of different security realms.
    Please inform whether the above information is helpful.
    Vijay Patil wrote:
    How security domains are supported and setup(weblogic 6.1)--
    Developer Relations Engineer
    BEA Support

  • Bridge Vs. Photoshop Elements 5.0 Organizer

    I posted something similar in the PSE forum without any feedback.
    I've used PSE for a while through many versions and have many pictures in the catalog. However I really mostly use the version sets and stacks. A few notes here and there but nothing extensive regarding grouping photos, locations, etc.
    I am now moving to CS3 and of course Bridge. I have demo'd it and also read what I can regarding this issue. I understand that importing catalogs into Bridge can be problematic. Although the problems seem less with PSE5??
    Anyway, the catalog database is always finicky for me. I always back up the relevant folders because sometime over a span of 3 to 4 months during heavy editing sessions, with it open, it will get confused, corrupted, whatever. And I need to bring back the catalog folders. (Not a restore of all the pix, just the database folders).
    It looks like the Bridge database is more robust. And I *know* it is not meant to be a replacement for the PSE organizer. I guess the question is, if I only use the stacks, version sets, and a few notes, for my use, could it be a replacement for my needs???
    I just don't like that feeling of not being confident in the catalog database. I know I can send pictures from the PSE catalog to either PSE or Bridge with a few keyboard shortcuts. Although I think I read that if I change the filename or something in CS3 that the PSE catalog will not "remember it" in the version set. They could have integrated these better??? OR at least allowed a more bulletproof import feature.
    Thanks in advance for any help.
    BJBBJB

    Maureen,
    I feel your pain! :)
    Yes I have seen that option of writing info to the image metadata. However I don't think it allows you to maintain version stacks and other stacks. Those are also huge to me. I have a similar number of images in a catalog.
    One thing you need to be aware of is that when you tell PSE to write that metadata to the image, it changes the system file date (last modified date) of that image. That is a huge negative to me. Although I understand you can still see the image "picture taken date" in the metadata, I use backup software that keys off of the system file date to determine what images need to be synced. I guess I could do it in one big migration....but then, I am not sure I am so confident or happy about having PSE writing data to 1,000's of my original images!!! I mean that catalog is known to get corrupted once in a while! I also like seeing the system file date in windows explorer when browsing images outside of the organizer and knowing those are the dates I put them on my system. If I write all of the tags, all the "last modified" dates will be the date the tags are written.
    I really find it very perplexing that does not provide a bullet-proof upgrade path from the PSE organizer to Lightroom and/or Bridge.
    How silly is it to pay the prices required to obtain CS3 or CS4, and perhaps Lightroom, and then having to go get the current version of PSE just to maintain a catalog!!
    Hopefully a patch or utility will be forthcoming to allow a migration that works. The thought of having to re-stack and re-edit notes for all of my images is not even in the realm of possibility....
    BJBBJB

  • Get Realm form Jdeveloper using Soa 11g PS3

    Hi
    I've a problem with jdeveloper authentication with a Oracle SOA 11g PS3.
    I've successfully installed the DemoSeed Community into the server, i've checked into "secutiry realm->myrealm->users and groups" and i found all the seed users.
    During the developing of a simple BPM composite with a Human Task, i try to edit the Roles tab into the Organization function and ad a new role "Productor" but when i've tried to associate Members to this new role jdeveloper does not show any realm or any user form the "Identity Lookup" pop-up window.
    I've checked the server log and found an exception referenced to this case, the exception was:
    <OWS-04086> <oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved.
    at oracle.integration.platform.common.InterceptorChainImpl.createPolicyEnforcementException(InterceptorChainImpl.java:282)
    at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
    at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:235)
    at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:155)
    at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:563)
    at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
    at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:230)
    at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
    at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:459)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04086> <oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved.
    at oracle.integration.platform.common.InterceptorChainImpl.createPolicyEnforcementException(InterceptorChainImpl.java:282)
    at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
    at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:235)
    at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:155)
    at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:563)
    at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
    at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:230)
    at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
    at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:459)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04115> <An error occurred for port:
    {http://xmlns.oracle.com/bpel/services/IdentityService}IdentityConfigServicePort:
    oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid:WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved. .>
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04115> <An error occurred for port:{http://xmlns.oracle.com/bpel/services/IdentityService}IdentityConfigServicePort:
    oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid:WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved. .>
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04086> <oracle.fabric.common.PolicyEnforcementException: PolicySet
    Invalid: WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved.
    at oracle.integration.platform.common.InterceptorChainImpl.createPolicyEnforcementException(InterceptorChainImpl.java:282)
    at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
    at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:235)
    at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:155)
    at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:563)
    at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
    at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:230)
    at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
    at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:459)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04115> <An error occurred for port:{http://xmlns.oracle.com/bpel/services/IdentityService}IdentityConfigServicePort:
    oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid:WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved. .>
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04086> <oracle.fabric.common.PolicyEnforcementException: PolicySet
    Invalid: WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved.
    at oracle.integration.platform.common.InterceptorChainImpl.createPolicyEnforcementException(InterceptorChainImpl.java:282)
    at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
    at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:235)
    at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:155)
    at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:563)
    at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
    at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:230)
    at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
    at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:459)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04115> <An error occurred for port: {http://xmlns.oracle.com/bpel/services/IdentityService}IdentityConfigServicePort:
    oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved. .>
    I've configured 2 different application server connection, one to the admin server and one to the managed server, but both of them gave me that error.
    During my searches for an answer i've found a Oracle Documentation PDF which reports a SOAP endpoint for this IdentityService (the url of the soap endpoint is http://hostname:port/integration/services/IdentityService/configuration?WSDL ) but when i invoked it using the IdentityConfigServicePort and the operation "getConfiguration" i got this error:
    <env:Fault xmlns:owspe="http://schemas.oracle.com/ws/policy-enforcement-2007-06">
    <faultcode>owspe:PolicyAccess</faultcode>
    <faultstring>PolicySet Invalid: WSM-06102 PolicyReference The policy referenced by URI "oracle/no_authentication_service_policy" could not be retrieved. </faultstring>
    <faultactor/>
    </env:Fault>
    I've searched this policy all over the web but i wasn't able to find any clue to solve my problem
    Thanks in advice
    Stefano

    Hi Stefano,
    Is this an upgraded instance of PS3?
    I'd check the installation steps again. See http://download.oracle.com/docs/cd/E17904_01/doc.1111/e16793/patch_set_installer.htm
    Specifically:
    3.8.5.3 Run soa-upgrade.py to Update the Policy Store and Deploy a Shared Library
    3.8.9 Adding New OWSM Pre-Defined Policies
    Nathan

  • Get Realm Jdeveloper Soa 11g PS3

    Hi
    I've a problem with jdeveloper authentication with a Oracle SOA 11g PS3.
    I've successfully installed the DemoSeed Community into the server, i've checked into "secutiry realm->myrealm->users and groups" and i found all the seed users.
    During the developing of a simple BPM composite with a Human Task, i try to edit the Roles tab into the Organization function and ad a new role "Productor" but when i've tried to associate Members to this new role jdeveloper does not show any realm or any user form the "Identity Lookup" pop-up window.
    I've checked the server log and found an exception referenced to this case, the exception was:
    <OWS-04086> <oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved.
    at oracle.integration.platform.common.InterceptorChainImpl.createPolicyEnforcementException(InterceptorChainImpl.java:282)
    at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
    at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:235)
    at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:155)
    at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:563)
    at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
    at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:230)
    at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
    at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:459)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    >
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04086> <oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved.
    at oracle.integration.platform.common.InterceptorChainImpl.createPolicyEnforcementException(InterceptorChainImpl.java:282)
    at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
    at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:235)
    at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:155)
    at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:563)
    at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
    at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:230)
    at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
    at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:459)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    >
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04115> <An error occurred for port:
    {http://xmlns.oracle.com/bpel/services/IdentityService}IdentityConfigServicePort:
    oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid:WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved. .>
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04115> <An error occurred for port:{http://xmlns.oracle.com/bpel/services/IdentityService}IdentityConfigServicePort:
    oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid:WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved. .>
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04086> <oracle.fabric.common.PolicyEnforcementException: PolicySet
    Invalid: WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved.
    at oracle.integration.platform.common.InterceptorChainImpl.createPolicyEnforcementException(InterceptorChainImpl.java:282)
    at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
    at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:235)
    at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:155)
    at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:563)
    at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
    at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:230)
    at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
    at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:459)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    >
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04115> <An error occurred for port:{http://xmlns.oracle.com/bpel/services/IdentityService}IdentityConfigServicePort:
    oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid:WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved. .>
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04086> <oracle.fabric.common.PolicyEnforcementException: PolicySet
    Invalid: WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved.
    at oracle.integration.platform.common.InterceptorChainImpl.createPolicyEnforcementException(InterceptorChainImpl.java:282)
    at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:128)
    at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:235)
    at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:155)
    at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:563)
    at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
    at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:230)
    at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
    at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:459)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    >
    <Feb 22, 2011 11:55:07 AM CET> <Error> <oracle.webservices.service>
    <OWS-04115> <An error occurred for port: {http://xmlns.oracle.com/bpel/services/IdentityService}IdentityConfigServicePort:
    oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-06102 PolicyReference The policy referenced by URI
    "oracle/no_authentication_service_policy" could not be retrieved. .>
    I've configured 2 different application server connection, one to the admin server and one to the managed server, but both of them gave me that error.
    During my searches for an answer i've found a Oracle Documentation PDF which reports a SOAP endpoint for this IdentityService (the url of the soap endpoint is http://hostname:port/integration/services/IdentityService/configuration?WSDL ) but when i invoked it using the IdentityConfigServicePort and the operation "getConfiguration" i got this error:
    <env:Fault xmlns:owspe="http://schemas.oracle.com/ws/policy-enforcement-2007-06">
    <faultcode>owspe:PolicyAccess</faultcode>
    <faultstring>PolicySet Invalid: WSM-06102 PolicyReference The policy referenced by URI "oracle/no_authentication_service_policy" could not be retrieved. </faultstring>
    <faultactor/>
    </env:Fault>
    I've searched this policy all over the web but i wasn't able to find any clue to solve my problem
    Thanks in advice
    Stefano

    Stefano,
    You may have better luck asking on one of the SOA Suite forums.
    Best,
    John

  • [Fwd: Re: rdbms realm and connection pool]

    Hi,
    One reason why I would like to use the connection pool for the RDBMS
    realm is because there is the retry machanism built into the connection
    pool. With this retry, I don't need to re-start WebLogic if the DB
    server is somehow re-started. With the current implementation, all the
    connections maintained by the realm will become invalid if the DB server
    has been restarted independently.
    -------- Original Message --------
    Subject: Re: rdbms realm and connection pool
    Date: Wed, 27 Sep 2000 09:32:47 +0100
    From: "Terry" <[email protected]>
    Reply-To: "Terry" <[email protected]>
    Organization: BEA SYSTEMS Inc
    Newsgroups: weblogic.developer.interest.security
    References: <[email protected]>
    I believe not- the realm restricts access to connection pools to those
    who
    are allowed it, so if the realm needs the connection pool to start up,
    and
    you can't open the connection pool without the realm then you have a bit
    of
    a no-chicken and no-egg situation, which is I believe one of the reasons
    why
    there is no use of connection pools, ejbs, jndi, servlets etc. in the
    realm
    (along with other reasons, like why would it be provided with a servlet)
    The delegate pool acts somewhat similarly to a connection pool, and can
    even
    use the same database, so I'm not sure what the advantage would be
    Terry
    Nirmala devi <[email protected]> wrote in message
    news:[email protected]..
    >
    I think the rdbms realm uses different connection as it need to be setbefore
    the connection pool for Database.Is there any that i can point my rdbmsrealm to use
    the connection pool for Database instead
    Thanks in advance
    Nirmala

    I believe not- the realm restricts access to connection pools to those who
    are allowed it, so if the realm needs the connection pool to start up, and
    you can't open the connection pool without the realm then you have a bit of
    a no-chicken and no-egg situation, which is I believe one of the reasons why
    there is no use of connection pools, ejbs, jndi, servlets etc. in the realm
    (along with other reasons, like why would it be provided with a servlet)
    The delegate pool acts somewhat similarly to a connection pool, and can even
    use the same database, so I'm not sure what the advantage would be
    Terry
    Nirmala devi <[email protected]> wrote in message
    news:[email protected]..
    >
    I think the rdbms realm uses different connection as it need to be setbefore
    the connection pool for Database.Is there any that i can point my rdbmsrealm to use
    the connection pool for Database instead
    Thanks in advance
    Nirmala

  • User has no profile in this organization. Contact your system administrator

    Hi,
    I have been attempting to install and have AM 7.2 working properly with the J2EE Policy Agent for V9 of Sun's App Server. I have followed mostly the default values during setup. I believe I have the installed properly. In order to verify that everything is working properly, I have also installed the sample app that comes with the J2EE Agent.
    I made a few changes to the README that came witht the sample app by changing the default org setup in the exaple to dc=sample,dc=com. I setup up the policies, users, groups and roles as specified in the read me. However, when requested to authenticate, the access manager responds with "User has no profile in this organization..."
    It is quite mystifying as to what this error actually means unless there are organizations within the default realm other than the one it actually came with. Which is what I am using.
    Any help would be deeply appreciated and thank you in advance.
    cheers
    su./hail

    Hi,
    I had done as you suggested. But there is a problem. Once this is done, the amadmin subject can no longer log into the application amserver. However, the agent sample works. How I got around the the problem is to create another Realm (with sample as the parent realm). In this second realm I set the User Profile to ignore. Once done, I went about creating the subjects in the second realm. What was was kind of strange is that the URL policies had to be defined in the Parent realm.
    Once so done, amadmin could log in and the application iteself worked as advertised.
    Thank you for your input.
    su./hail

  • Organizations and Access

    I'm trying to create two realms that are partitioned pretty heavily, separating production from development, but using the same access manager infrastructure. This seems to fail, in that when I login to the realm I've partitioned for development, I can then login with that identity to the resources I've partitioned for production. How can I prevent this?
    Details
    I've created two realms. TCPIP.COM.Development and TCPIP.COM.Production. Both realms are sub-realms of amroot. The Development realm points to a development LDAP server for the data store and the development ldap for the password authentication modules. The passwords are predictable so developers can simulate access as other users. In the production realm, the data store points to the production LDAP and the authentication modules uses the production passwords.
    The user id's in both data stores are the same, since development mirrors production as close as possible. The passwords are different, group membership is different, roles are different, etc. in order to debug, test applications ad they are developed.
    I've configured CDSSO, and setup the agents in the root realm (amroot). The root realm delegates through a policy referral the resources for the applicable realms, in order to replay the cookies, I set the cookie scope in platform properties to the entire domain (tcpip.com).
    If I access a resource with a policy in the development realm I'm redirected to login with the authentication module that uses the development LDAP I can print the organization in the session properties and see:
    Organization is o=TCPIP.COM.Development,ou=services,ou=amroot,ou=admin,ou=resource,o=tcpip,c=us
    when I access the agent protecting a resource in the production realm, the same user is printed and I don't need to login. The access has been granted with the development credentials.
    Only if I expressly add the realm to the login servlet (/amserver/UI/Login?realm=TCPIP.COM.Production) will it prompt me for the "You have already logged in. Do you want to log out and then login to a different organization?" This is the default behavior I desire, but I can't trust someone to append the realm to a login.

    The same user prints out because that is user from the original SSO Token.
    Somehow your policy is allowing an authenticated user in one realm to access resources in another. I would check the policy (or possibly the policy agent config files) for the development realm, just a guess but it sounds like a of copy paste problem of some kind?
    What if you put a realm=production condition in your access policy for the production realm resources?

  • Best/Recommended Practices regarding realms & psearches

    Update: I've found documentation and materials stating that the performance issues related to having multiple realms and their associated psearches (persistent searches) has been fixed in OpenSSO. While this is reassuring in that my initial design should work, it doesn't necessarily mean it is the best method for deployment. If anyone has an opinion on this I would like still like to hear it.
    Hi everyone,
    First of all, thank you for any information you have provided/will provide to me. I am new to OpenSSO, so this forum has been a useful early stop for answers to questions.
    In my scenario I have a small number of applications (less than 10). Each one has different requirements for HTTP Header variables/parameters, and there are no authorization requirements (fine or coarse). My question is regarding the initial realm configuration:
    I have been planning to deploy a single sub-realm for each application. The idea was that it would allow for greater flexibility and customization for each application down the road. I have heard some interesting stories regarding multiple realms, persistent seaches and performance from Access Manager 7.1. In the documentation, I see that persistent searches are disabled by default in OpenSSO 8.0 and that there are a significant number of configuration options available.
    -In OpenSSO 8.0, is one sub-realm for each application a recommended or even a good practice method?
    --If not, can I still separate header variables by application, or will I need to deliver all the variables to each application and let them take what they want?
    -Should I be aiming to configure persistent searches?
    --If so, what sort of configuration would be a good baseline to start from?
    Any assistance is greatly appreciated.
    Edited by: AJS418 on Jun 16, 2009 1:04 PM

    sirinek,
    I want to provide the ability for other systems, outside of my network domain (Linux and VMS servers), to deliver data files to my server for processing on a regular recurring basis. These file transfers will be unattended and executed via scheduling utilities on those remote systems.
    While these remote systems are managed by a trusted sister organization, I want to provide this access in a way that minimizes risk to servers under my responsibility.
    What tools and configurations are best suited for this? SFTP? SSH Authorized keys?
    Should the account be configured in a manner that limits access?
    Thanks for your help.

  • OID multiple realms log in issue

    Hi All,
    I am using OID in a prototype to store users in different organizations. I have done this by creating multiple realms. I am configuring OID with OBIEE so users in OID can log into OBIEE. I am facing an issue when 2 users have the same userid to log into OBIEE. It allows one user to log in successfully but prevents the 2nd one.
    Is there a way I can resolve this issue in OID.
    Thanks

    I installed it on windows using the sql scripts instead of the sh scripts.

  • Getting organizational unit with API in OBPM 11g

    Hi all,
    I'm not able to find the way to get the organizational unit of a participant using the OBPM 11g API. Can anyone tell me how can I do that?

    Organizational Unit API was included in 11.1.1.5 FP4 - see : http://www.oracle.com/technetwork/middleware/soasuite/documentation/11gr1ps4featurepackdoc-462677.html and download BPM Java API Reference. Within the download you will find oracle.bpm.services.organization.IBPMOrganizationService interface that contains method getOrganizationalUnitForUser which should do the job.
    For the process there is an XPath method bpm:getUserOrganizationUnit() that according to documentation:
    "Returns the fully qualified organization unit name with the parent hierarchy The signature of this function is bpm:getUserOrganizationUnit(userName, realmName, parentPath). The arguments to the function: 1) userName - a user name 2) realmName - The realm name. This is optional and if not specified default realm is assumed 2) parentPath - This is optional and if sepcified, would be used for resolving conflicts if the user belongs to more than one organizational unit. For example if user belongs to OUs americas/north/us/NY/sales and americas/taskforce/globalsales then americas/north or americas/north/us or americas/north/us/NY can be used as parent path. Note that longer the path, more efficient it is to search."

  • Choose source realm for SAML

    Hello!
    I've experimented with SAML a bit and have setup an environment as follows:
    A is Identity Provider (Access Manager 7.1) and users log in using Access Manager Identities in the default realm. There is another realm which authenticates users against an Active Directory (demo-env).
    B is Service Provider (OpenSSO FAM Build1) and users from A can federate to B using SAML 1.1 (login via the Federation Auth-Module) and have access to an Apache protected by Web Agent.
    Now I would like to use the realm "demo-env" in a instead of the default-realm. Is there something like a realm-parameter for the SAMLAwareServlet? Or how can I change against which realm users are authenticated when they access the intersite transfer service? I use the intersite transfer service as follows: http://HOST-A.domain-A:8080/amserver/SAMLAwareServlet?TARGET=http://apache.domain-B:80/
    Thanks for enlightenment
    Chris
    PS: What the heck is the SAE-Authentication Module in Federated Access Manager 8.0?

    Unfortunately I am not a Federation expert but when I setup SAML between two AM servers in the past I needed to create and register a custom SAMLAccountMapper class to map the user from one organizational/realm to another.

  • OptimizeIt and LDAP realm

    I have problems running WebLogic 5.1 SP10 with a LDAP realm configured
    I have used the script supplied with my OptimizeIt installation, but WebLogic can't find the ldaprealm.properties file but instead assumes the LDAP hostname ldapserver:389

    We ran into a similar situation where our users were stored in SiteMinder/LDAP.
    So we are going to bulk load all the users into WLI and then synchronize the users
    nightly for any activated and deactivated users. We kept the roles in LDAP different
    from the roles in WLI though. Would like to know if you guys addresses this differently
    Thanks
    Sreeram
    "Peter Giesin" <[email protected]> wrote:
    >
    I am curious to know if anyone is actually running WLI with a LDAP Realm.
    I would
    like to know how you dealt with the fact that the users still need to
    be defined
    in the WLI database so that they can be added to the organization.
    Thanks,
    Pete

  • WLPI: integrating organizations and roles with existing application

    Hi,
    how do I integrate WLPI's organizations and roles with an existing application's
    data structure? It looks like WLPI expects organizations and roles to be groups
    with a particular naming convention (i.e. an org is defined by a group 'WLPIOrg@MyOrg'
    and a null member). If I am integrating with an application that stores organizations
    and roles in (for example) separate database tables, how do I get WLPI to recognize
    these? Or do I have to maintain the organizations and roles in 2 places, one for
    the application and one for WLPI in the format described above?
    THanks,
    Martin

    Hi Martin,
    We're in the middle of a prototyping exercise of getting WLS, JMS,
    WLP, WLPI integrated accross one security realm. What its looking like
    is this (bear in mind I think this hasn't been tried before judging by
    newsgroups + BEA Docs)
    1)WLP has a bug that you cannot get user details from LDAP(exception
    is thrown)
    2)WLPI does need a certain structure -
    http://e-docs.bea.com/wlpi/wlpi121/install/cfigrun.htm#1246656
    and
    http://developer.bea.com/ftp_bin/Using_LDAP_with_WLPI.zip
    A) To solve your problem maybe you could write a custom realm to
    translate the roles + orgs back (no writing from WLPI ie read only )
    to WLPI.
    B) Maybe you caould have a META-DIRECTORY set up that synchronises the
    RDBMSRealm with something else maybe LDAP or another RDBMSRealm
    We are also looking into a unified security solution by Netegrity
    called siteminder. They are about to release a version for WLS 6 but
    they seem to be laggin behind. This provides a single signon over and
    enterprise system.
    This is a bit vague Martin, I will hopefully have more concrete info
    in a week or 2. If you have any other info you can mail me on -
    [email protected]
    BTW this wouldn't be Martin Van Vilet from the Netherlands that worked
    on the Intelligent Finance Product?
    "Martin van Vliet" <[email protected]> wrote in message news:<3b17ece8$[email protected]>...
    Hi,
    how do I integrate WLPI's organizations and roles with an existing application's
    data structure? It looks like WLPI expects organizations and roles to be groups
    with a particular naming convention (i.e. an org is defined by a group 'WLPIOrg@MyOrg'
    and a null member). If I am integrating with an application that stores organizations
    and roles in (for example) separate database tables, how do I get WLPI to recognize
    these? Or do I have to maintain the organizations and roles in 2 places, one for
    the application and one for WLPI in the format described above?
    THanks,
    Martin

Maybe you are looking for

  • Vendor Determination to PR thru componant tab of service order

    Hi All, I have maintain the vendor in notification partner list and then it get copy to service order partner tab after service order creation. Now when I create the Purchase req. from component tab, Vendor should get determined automatically from se

  • How to fix email crash in iOS 7

    Since my ios7upgrade me iPad and iPhone email crashes frequently usually immediately after launch. Seems to be aggrieved acted by selecting email messages to delete. Google search didn't seem to indicate to me many others were having this problem I'd

  • Exchange 2010 SP3, RU5 - Massive Transaction Log File Generation

    Hey All, I am trying to figure out why 1 of our databases is generating 30k Log Files a day! The other one is generating 20K log files a day. The database does not grow in size as the log files are generated, the problem is log file generation. I've

  • Short Dump when trying to change configuration of BT112H_SC/OVViewSet (Service Contracts)

    Hi Experts, I have a problem with a component usage when trying to change the OverviewSet Configuration for the Service Contract. The whole component BT112H_SC is complete standard and no enhancements have been made yet. When trying to change the con

  • Multiple Airport Express Base Station Set-up

    I live in the country and need to re-configure four Airport Express (AE) stations for coverage to multiple buildings. I set this up successfully about two+ years ago. Last week, our place got struck by lightning which took out our modem and main base