Sizing of Oracle IdentityManager and Access Manager on same Weblogic Server

Similar Messages

• Oracle Identity and Access Management Suite Plus Integration with Oracle ADF

  Hi All,
  Kindly advice if Oracle Identity and Access Management Suite Plus can be integrated with Oracle ADF based applications to manage the end-to-end lifecycle of user accounts specifically addressing to roles/priviledges and security.
  Request you to share links to documentation where I can study the steps to integrate both the frameworks.
  Looking forward to hear from you soon.
  Best Regards,
  Ankit Gupta 

  Hi Sébastien,
  I came across the below link for the required integrations -
  Oracle® Fusion Middleware Installation Guide for Oracle Identity and Access Management 11g Release 2 (11.1.2) - …
  Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 11g Release 2 (11.1.2) - Co…
  Best Regards,
  Ankit Gupta

• Oracle Identity and Access Management (11.1.1.3.0)   and IM difference?

  What is difference between Oracle Identity and Access Management (11.1.1.3.0) and Identity Management (11.1.1.3.0) ?
  From
  http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html

  When you run the config, you are asked to add some product. Have checked the "Oracle Access Manager with Database Policy Store" product?
  If not, you can add it by extending the domain. Once done you have to start two WLS servers (AdminServer and oam_server1):
  Start AdminServer with $DOMAIN/bin/startWebLogic.sh
  Start oam_server1 with $DOMAIN/bin/startManagedWebLogic.sh oam_server1
  It might be that oam_server1 asks for username and password. This is fine for the first time. During the first start the necessary directory structure is created. Once it came up and enters RUNNING state, kill it and create a file boot.properties in $DOMAIN/servers/oam_server1/security with the entries username=name and password=pw in two lines and start oam_server1 again.
  Starting oam_server1 is recommend to get proper values in the oamconsole.
  HTH,
  --olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• Can we install Oracle 8i and 10g on the same windows server?

  I would like to install the Oracle server 8i and 10g on the same windows server? Is this possible.
  Forgive me if this question is already asked.
  Thanks in advance!
  Jay.

  WHICH Windows version? (There's more than one). It would be useful to be a little bit more precise (NT,2000,XP,2003, 32/64 bit) .
  For NT and 2000 it is possible to have both 8i and 10g, for XP and 2003 there's no support for 8i at all.

• Discoverer and OBIEE configured on same weblogic server

  Can Oracle BI Discoverer 11G and OBIEE 11G be configured on the same weblogic server?

  Did you mean the same weblogic server instance?
  Most likely, what you can do is to install those 2 components as independent server instances and keep those under the same domain. Each would require 4GB of available memory (physical + swap).
  Thanks.

• Access Manager Basic install (Weblogic Suite)

  Greetings.
  We want to install Access Manager but our customer has Oracle WebLogic Suite license, I understand that there is a restriction in that license and only Access Manager Basic is supported.
  I don't know how to install Oracle Access Manager 11g only, because oracle oam 11g is bundled with Oracle Identity and Access Manager 11g. I don't want to install Oracle Identity Manager because there isn't included in the WebLogic Suite license.
  Could anybody tell me how to install OAM 11g to comply with the OAM basic restrictions included in Oracle Weblogic suite.
  Thanks
  Ramiro Ortíz.

  While installing Oracle fusion middleware suite, you'll get list of product to be installed, you can select only 'Oracle Access Manager' there to install only OAM.
  regards,
  GP

• Identity and Access Management Training in Bangalore

  Hi,
  I need information if there are any institutes who provide training on Identity and Access Management in Bangalore or Pune? Whats is the basic requirement for starting IAM. I have SQL knowledge.
  Thank you
  [email protected]

  You can check out this link for Oracle University in India:
  http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=3
  -Kevin

• OPSM 1.2 [Oracle pedigree and Serialization manager] installation is failed

  Hi All,
  We are doing OPSM 1.2 installation on Oracle Enterprise Linux 5.6 [64-bit].
  Steps we have done:
  1. installed 11g db and created repositories for soa server.
  2. installed weblogic server 10.3.6
  3. Installed soa server & created two managed servers soa_server1 and pas_server1 in weblogic as per the doc " Oracle Pedigree and Serialization Manager Installation Guide"
  4. And created required schemas in db for OPSM.
  5. and ran $MW_ORA_HOME/common/bin/wlst.sh ./pasMasterInstall.py
  Below are The error we are getting at the time of deployment is:
  Deploying the PasSerializationManager application...
  Deploying application from /u01/ORASOA/Middleware/Oracle_SOA1/pas/applications/install/PasSerializationManager.ear to targets pas_server1 (upload=false) ...
  <Dec 19, 2013 7:56:03 AM EST> <Info> <J2EE Deployment SPI> <BEA-260121> <Initiating deploy operation for application, PasSerializationManager [archive: /u01/ORASOA/Middleware/Oracle_SOA1/pas/applications/install/PasSerializationManager.ear], to pas_server1 .>
  ....................................................................................................No stack trace available.
  This Exception occurred at Thu Dec 19 08:01:04 EST 2013.
  weblogic.management.scripting.ScriptException: Error occured while performing deploy : The action you performed timed out after 300,000 milliseconds.
  Error: Unable to deploy the Ear Files.
  Shutting down the AdminServer...
  Stopping the AdminServer...
  Finished stopping the AdminServer.
  Moving the Installed Files to the Install Directories...
  Finished moving files to install directory.
  Restoring Backup...
  Finished restoring backup.
  ERROR: Installation Failed!
  Note: Please review the above output buffer to determine what error(s)
        have occurred. You must fix any errors before attempting to
        retry the installation.
  WARNING: System failed to register the MDS Repository with WebLogic. It is likely
  that the MDS Repository has already been registered. Please verify the registered
  metadata repositories using Oracle's Enterprise Manager application. Once logged
  into Enterprise Manager, expand the Metadata Repositories node and verify an entry
  exists for mds-mds-ApplicationMDSDBDS. In addition, click on the repository and
  verify it is targeted to the appropriate servers.
  Exiting WebLogic Scripting Tool.
  <Dec 19, 2013 8:01:09 AM EST> <Warning> <JNDI> <BEA-050001> <WLContext.close() was called in a different thread than the one in which it was created.>
  In pas_server1.log file:
  Caused By: oracle.mds.exception.MDSExceptionList: MDS-01329: unable to load element "persistence-config"
  MDS-01370: MetadataStore configuration for metadata-store-usage "MAR_TargetRepos" is invalid.
  MDS-00929: unable to look up name "jdbc/mds/opsm" in JNDI context
  Unable to resolve 'jdbc.mds.opsm'. Resolved 'jdbc.mds'
          at oracle.mds.config.PConfig.loadFromBean(PConfig.java:1008)
          at oracle.mds.config.PConfig.<init>(PConfig.java:767)
          at oracle.mds.config.MDSConfig.loadFromBean(MDSConfig.java:1151)
          at oracle.mds.config.MDSConfig.loadFromElement(MDSConfig.java:1218)
          at oracle.mds.config.MDSConfig.<init>(MDSConfig.java:781)
          at oracle.mds.config.MDSConfig.<init>(MDSConfig.java:728)
          at oracle.mds.internal.lcm.deploy.DeployManager.deploy(DeployManager.java:529)
          at oracle.mds.internal.lcm.deploy.DeployManager.startDeployment(DeployManager.java:211)
          at oracle.mds.internal.lcm.MDSLifecycleListenerImpl.start(MDSLifecycleListenerImpl.java:215)
          at oracle.mds.lcm.weblogic.WLLifecycleListener.preStart(WLLifecycleListener.java:77)
          at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.run(BaseLifecycleFlow.java:282)
          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
          at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:199)
          at weblogic.application.internal.flow.BaseLifecycleFlow.preStart(BaseLifecycleFlow.java:62)
          at weblogic.application.internal.flow.HeadLifecycleFlow.prepare(HeadLifecycleFlow.java:283)
          at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
          at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
          at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
          at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:59)
          at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
          at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
          at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:208)
          at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98)
          at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:217)
          at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:747)
          at weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1216)
          at weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:250)
          at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:159)
          at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:171)
          at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:13)
          at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:46)
          at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:545)
          at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
          at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  Any one please  provide resolution to fix the issue. 
  Thanks
  skjb     

  Have you searched MOS website for (MDS-01370 AND MDS-00929) and go through the docs?
  If none of MOS docs help, then please log a SR.
  Thanks,
  Hussein

• UWC/CE 6.3 and Access Manager 7.1 SSO sometimes fails (seems like a bug)

  PREAMBULA: I started writing this post thinking that our AM SSO setup was at fault in some step. As I was gathering data, checking the doc-links and config files and finally sniffed the servers for HTTP dialogs, I grew pretty sure there's a bug in UWC/CE, AM SDK or Web Server Policy Agent, whatever implements the AM SSO session checking.
  In short, as written below, our "sunmail" server can POST a broken cookie to AM server, if the cookie originally contained a "plus" character. The "plus" is replaced by a "space", invalidating the session check. As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here. I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
  Is there some known bug or workaround that matches this description?
  Nevertheless, for completeness' sake I kept the description of our setup. Maybe it's at fault after all :)
  We have an installation of JCS5 with the latest patches as of early July 2008. And as the subject implies, we have problems with AM SSO in UWC/CE web-interface. I have reported them before, then they seemed fixed (not occuring for several tests in a row), but as time has shown, something wrong is still there.
  So I'll try to go into deeper detail now, as we've may have overlooked some nuance... Then again, as my sniffer research below shows, this may be an engine bug and these setup details are irrelevant.
  Our setup is split into several Solaris 10 full-root zones hosted on several servers, some of the components are enroute to HA (perhaps we made some mistakes on this part of the way?)
  So, we have the following software stack:
  1) two MMR Directory Servers (DSEE 6.3 = DSEE 6.2 from JCS5 + 125278-07__DSEE_6.3__x86x64 + 125277-07__DSEE_6.3__x86_sol9 patches) working in zones on two different servers. Except for one time when a manually forced ZFS rollback corrupted one of the server instances, no problems here.
  2) two zones with Directory Proxy Servers (6.3, exact versions as above) running at port 389 provide the clients with an illusion that they have a stable Directory Server, even if one of the actual servers is currently rebooting ;)
  These DPS zones are hosted on two different servers as well and are primarily used by LDAP clients (JCS components) running in other zones on the same respective servers.
  3) A zone with Sun Web Server 7.0U1 and Access Manager 7.1 (+ 126357-01__AM71_x86 patch) and Delegated Admin 6.4-4.01 (from JCS5 + 121582-18__COMMCLI64__x86 patch).
  At the moment there is one such zone (named "cos-psam-01.domain.ru" in the logs below), but we expect(-ed) it to become two similar zones as per AM HA setup.
  Zones listed in (1-3) use private IP numbers, they belong in our internal DMZ.
  Zones listed in (4-5) below use public (routed) IP numbers, they belong in our external DMZ.
  4) A zone with Sun Web Server 7.0U1 used primarily as a reverse-proxy server (optionally with a load-balancer libpassthrough.so plugin) successfully used for other hosted projects. One of its configurations now passes connections from an externally routed IP address published as "psam.domain.ru" to "cos-psam-01.domain.ru", per AM HA setup, so HTTP clients believe they work with an Access Manager instance. This zone has a backend interface with a private IP address to communicate with the actual AM instance.
  In AM configuration (both LDAP and file-based) we have configured a site ID with the publicly known name and mentioned both names (psam and cos-psam-01) in organization's realm/dns aliases.
  5) A zone with the rest of the Sun Java Communications Suite 5, as in Messaging Server 6.3 (6.3-6.03 64-bit: ci-5.0-1.03_solx86_x64__Messaging_Server_6.3-2 + patch 126480-09__MSG63__x86-64), UWC/CE 6.3 (from JCS5 + 122794-17__UWC63-4.01_core__x86), Instant Messaging 7.2 (from JCS5 + 118790-29__IM72__x86-1 + 118787-28__IM72__x86-2), Calendar Server 6.3 (from JCS5 + 121658-28__iCS63__x86). The web-components (UWC/CE, IM, /httpbind) are deployed in a Sun Web Server 7.0U1 as well.
  This zone is named "sunmail.domain.ru" and has a routed IP address for direct external access to its servicess.
  The AM SDK part is also patched (126357-01__AM71_x86); it points to the load-balancer name ("psam.domain.ru") as an actual AM server.
  # imsimta version
  Sun Java(tm) System Messaging Server 6.3-6.03 (built Mar 14 2008; 64bit)
  libimta.so 6.3-6.03 (built 17:15:08, Mar 14 2008; 64bit)
  SunOS sunmail 5.10 Generic_127112-07 i86pc i386 i86pc
  While setting up this server set we tried to use AM SSO as the user login method, but it works unreliably.
  "Unreliably" means that while most of the time entering a correct uid and password in Access Manager login page ("http://psam.domain.ru/amserver/UI/Login") does redirect a user back to "http://sunmail.domain.ru/uwc/auth" along with a new cookie, and the user is redirected again to his or her mailbox, sometimes the user receives the UWC/CE login page. Entering the same uid and password here does log him in, but it breaks the whole point of SSO and only increases the end-user routine required to log in :\
  We have also seen the "missing mail tab" problem - if the users point the browser to any hostname different from "sunmail.domain.ru" (i.e. www.mail.domain.ru which is equivalent in DNS), they have only the Address book, Calendar and Options tabs; no webmail. So far this is resolved by Policy Agent forcing The One name of the server.
  Here's the configuration we did specifically for AM SSO:
  1) in AMConfig.properties of "sunmail" and "cos-psam-01" we set up
  com.iplanet.am.cookie.encode=false
  am.encryption.pwd=<the same value>
  all hostname-related parameters point to "psam.domain.ru"
  2) in AMConfig.properties of "cos-psam-01" a number of FQDN equivalence entries are added (so it does not redirect to a server hostname unknown to visitors):
  com.sun.identity.server.fqdnMap[publicname-or-ip]=psam.domain.ru
  com.sun.identity.server.fqdnMap[cos-psam-01.domain.ru]=cos-psam-01.domain.ru
  3) in "msg.conf" on "sunmail" (entries added via configutil):
  local.webmail.sso.amcookiename = iPlanetDirectoryPro
  local.webmail.sso.amnamingurl = http://psam.domain.ru:80/amserver/namingservice
  local.webmail.sso.singlesignoff = yes
  local.webmail.sso.uwcenabled = 1
  service.http.ipsecurity = no
  (perhaps some more options are required? Looking for confirmation about: local.webmail.sso.uwclogouturl local.webmail.sso.uwccontexturi local.webmail.sso.uwchome service.http.allowadminproxy )
  4) Configured Web Policy Agent for Sun Web Server, so that users without an AM session are required to get one. Set up per [http://msg.wikidoc.info/index.php/AM_redirection_using_Policy_Agent], except that com.sun.am.policy.agents.config.notenforced_list points to the many names our server can go known by.
  5) Updated the logout URL in /opt/SUNWuwc/webmail/main.js:
  --- main.js.orig        Sat Jan 26 07:52:09 2008
  +++ main.js     Mon Jul 21 01:06:29 2008
  @@ -667,7 +667,8 @@
  function cleanup() {
     if(laurel)
  -      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
  +//      top.window.location =  getUWCHost() + "/base/UWCMain?op=logout"
  +      top.window.location =  "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
     else
         exec('logout', '', 'exit()')
  @@ -1707,7 +1708,8 @@
     if(lg) {
           url = document.location.href
           url = url.substr(0,url.indexOf('webmail'))
  -        uwcurl = url + 'base/UWCMain?op=logout'        
  +//      uwcurl = url + 'base/UWCMain?op=logout'        
  +        uwcurl = "http://sunmail.domain.ru:80/base/UWCMain?op=logout"
     exit()
  }6) Calendar SSO - per docs...
  According to ngrep sniffing,
  1) the browser goes to "http://sunmail.domain.ru/uwc/auth" without any cookies
  2) receives a redirect and goes to "http://psam.domain.ru/amserver/UI/Login?gotoOnFail=http://sunmail.domain.ru:80/uwc&goto=http%3A%2F%2Fsunmail.domain.ru%3A80%2Fuwc%2Fauth"; sends no cookies either.
  3) The first response from the "psam" server (as redirected from "cos-psam-01") sets a few cookies while rendering the login page:
  Set-cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; Path=/
  Set-cookie: AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
  Set-cookie: amlbcookie=02; Domain=.domain.ru; Path=/
  4) The browser requests the login page resources (javascripts, images, etc) using these cookies, as in this header line:
  Cookie: JSESSIONID=7EF8F2810D2071CA03CFEAE9972735B2; AMAuthCookie=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; amlbcookie=02
  5) The browser POSTs the login request to "/amserver/UI/Login" and receives a redirection to http://sunmail.domain.ru:80/uwc/auth
  Set-cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#; Domain=.domain.ru; Path=/
  Set-cookie: AMAuthCookie=LOGOUT; Domain=.domain.ru; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
  6) The browser requests "http://sunmail.domain.ru/uwc/auth" using the newly set cookie (looks like the old one to me though):
  Cookie: amlbcookie=02; iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#
  7) The "sunmail" web-server checks the AM session validity with the same "psam.domain.ru". It sends a series of POSTs to /amserver/namingservice:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="com.iplanet.am.naming" reqid="685">
  <Request><![CDATA[
  <NamingRequest vers="1.0" reqid="324" sessid="AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#">
  <GetNamingProfile>
  </GetNamingProfile>
  </NamingRequest>]]>
  </Request>
  </RequestSet>(receives a large XML list of different Access Manager configuration parameters and URLs)
  ...then a double-request to /amserver/sessionservice:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="Session" reqid="686">
  <Request><![CDATA[
  <SessionRequest vers="1.0" reqid="678">
  <GetSession reset="true">
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </GetSession>
  </SessionRequest>]]>
  </Request>
  <Request><![CDATA[
  <SessionRequest vers="1.0" reqid="679">
  <AddSessionListener>
  <URL>http://sunmail.domain.ru:80/UpdateAgentCacheServlet?shortcircuit=false</URL>
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1+xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </AddSessionListener>
  </SessionRequest>]]>
  </Request>
  </RequestSet>As a result it receives an XML with a lot of user-specific information (the username, LDAP DN, preferred locale, auth module used, etc.)
  !!!*** Now, the problem part ***!!!
  8) And then "sunmail" POSTs a broken cookie to "psam" (note the space in mid-text, where the "plus" sign was previously). As we know, "+" is often used in URLs to "escape" the space character. Perhaps some URL cleanup routine backfired here.
  I have double-checked, it is not the reverse proxy on "psam" breaking things. It is "sunmail" (UWC/CE or Policy Agent, don't know for certain) supplying the broken request. I looked over the large XML responses to the two previous requests, whenever they mention the session cookie value, the "plus" is there.
  For the most detail I can provide, I'll even paste the whole HTTP packet:
  POST /amserver/sessionservice HTTP/1.1
  Proxy-agent: Sun-Java-System-Web-Server/7.0
  Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#;amlbcookie=null
  Content-type: text/xml;charset=UTF-8
  Content-length: 336
  Cache-control: no-cache
  Pragma: no-cache
  User-agent: Java/1.5.0_09
  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Host: cos-psam-01.domain.ru
  Client-ip: 194.xxx.xxx.xxx
  Via: 1.1 https-weblb.domain.ru
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="session" reqid="258">
  <Request><![CDATA[<SessionRequest vers="1.0" reqid="254">
  <GetSession reset="true">
  <SessionID>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</SessionID>
  </GetSession>
  </SessionRequest>]]></Request>
  </RequestSet> The server's error response is apparent:
  HTTP/1.1 200 OK
  Server: Sun-Java-System-Web-Server/7.0
  Date: Thu, 31 Jul 2008 05:49:50 GMT
  Content-type: text/html
  Transfer-encoding: chunked
  19b
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <ResponseSet vers="1.0" svcid="session" reqid="258">
  <Response><![CDATA[<SessionResponse vers="1.0" reqid="254">
  <GetSession>
  <Exception>AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=# Invalid session ID
  AQIC5wM2LY4SfcwuT2ASCrsfO78nXdceEHXeH1 xTqH7C3I=@AAJTSQACMDI=#</Exception>
  </GetSession>
  </SessionResponse>]]></Response>
  </ResponseSet>On the few occasions when the AM cookie contains no "plus" characters, the SSO works like a charm (also checked by a sniffer). Whenever there is a "plus", it breaks.
  For reference, here's a working final request-response (one with a good cookie, as received by the load-balancer web-server). Request looks a bit different:
  POST /amserver/sessionservice HTTP/1.1
  Cookie: iPlanetDirectoryPro=AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#;amlbcookie=null
  Content-Type: text/xml;charset=UTF-8
  Content-Length: 379
  Cache-Control: no-cache
  Pragma: no-cache
  User-Agent: Java/1.5.0_09
  Host: psam.domain.ru
  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
  Connection: keep-alive
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <RequestSet vers="1.0" svcid="session" reqid="281">
  <Request><![CDATA[<SessionRequest vers="1.0" reqid="277">
  <SetProperty>
  <SessionID>AQIC5wM2LY4Sfcy/5sEzVmuq9z1ggdHOkBDgVFAwfhqvn4U=@AAJTSQACMDI=#</SessionID>
  <Property name="uwcstatus" value="active"></Property>
  </SetProperty>
  </SessionRequest>]]></Request>
  </RequestSet> ...and the response is OK:
  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <ResponseSet vers="1.0" svcid="session" reqid="281">
  <Response><![CDATA[<SessionResponse vers="1.0" reqid="277">
  <SetProperty>
  <OK></OK>
  </SetProperty>
  </SessionResponse>]]></Response>
  </ResponseSet>

  There have been a few reports of the same behaviour with other customers - specifically with the handling of the encoding of "+" characters to " ". It relates to how cookie encoding/decoding is performed (as you have already observed).
  The solution for these customers was the following:
  => AM server/client side:
  Ensure that com.iplanet.am.cookie.encode=false in AMConfig.properties and AMAgent.properties on all systems.
  => AM client (UWC) side:
  - Set <property name="encodeCookies" value="false"/> in /var/opt/SUNWuwc/WEB-INF/sun-web.xml. This will prevent UWC from trying to urldecode the cookie it receives and therefore stops it turning the + into a space e.g.
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'file:///net/wajra.india.sun.com/export/share/dtd/sun-web-app_2_3-1.dtd'>
  <sun-web-app>
     <property name="encodeCookies" value="false"/>
     <session-config>
        <session-manager/>
     </session-config>
     <jsp-config/>
  <property name="allowLinking" value="true" />
  </sun-web-app>Regards,
  Shane.

• Discuss Identity and Access Management in the Cloud

  Identity and access management in the cloud refers to the processes, technologies, and policies for managing cloud systems identities and controlling how these identities can be used to access cloud resources. Three separate processes are used in most cloud
  identity and access management solutions:
  Identity provisioning and storage
  Authentication
  Authorization
  Identity management in a cloud system requires a complex collection of technologies to manage authentication, authorization and access control across distributed environments. These environments might include assets both on the internal cloud, which would
  be an on-premises private cloud, and services accessed on the public cloud. These environments can also cross-security domains, as when two enterprise-level organizations collaborate and enable cross-domain access to users from the partner security domain.
  You can learn more about these topics in the article Identity and Access Management in the Cloud.
  Let's talk about that article and the topics of identity and access management in the cloud! Use this thread to get it started.
  Thanks!
  Tom
  Learn more about Private Cloud at the
  Private Cloud Solutions Hub

  Tom,
  I am a novice and attempting to achieve a proof of concept of single sign on.  One example I read stated one should install Identity and Access on VS2012.  I did this on two different machines.   One was in the office domain and it shows the
  item "Identity and Access..." in the context menu of the MVC project I created.  The other machine is my laptop.  I followed the same procedure that worked on the desktop, yet the Identity and Access item in the project context menu does not show.
   One difference is that the laptop is not part of a domain, but I am attempting this proof of concept in Windows Azure with the laptop, since we do not have a test AD in our corporate domain.
  Is this the right forum to inquire about this issue?  Do you have a recommendation about a better forum?
  Stephen Pidgeon

• Few questions regarding Oracle Scorecard and strategy management.

  Hi,
  I have following questions regarding Oracle Scorecard and strategy management:
  1. What are the ways in which i can show status of a KPI, like we have colors and symbols, what are others?
  2. can we keep log of KPIs, store them, keep report of feedback/action taken on that?
  3. Does Scorecard and strategy management have ability to retain history on feedback and log of
  entries i.e. date/time, user name?
  4. Does Scorecard and strategy management have ability to use common mathematical formulas e.g. median, average, percentiles. Describe.?
  Thanks in advance for your help.

  bump.

• Oracle Change and Configuration Management packs

  Hi,
  We are looking at implementing the Oracle Change and Configuration Management packs.
  I would be very interested to hear from anybosy who is currently using these packs.
  I have done some preliminary tests, and am getting what seems like a very simple error, but i am at a loss as to how to fix it.
  Will respond to replies with exact error and scenario.
  thanks in advance.
  melvyn

  Hi Nayab,
  We are looking to implement the change and configuration management packs, to automate our change control.
  As part of my initial testing i have the following scenario...
  I have three database (namely TEST_DB, QA_DB and PROD_DB) all configured and manageable in EM.
  I have create a sample test schema in TEST_DB with tables, views, sequences, procedures and triggers.
  Using EM, i am able to transfer the sample schema (with all objects) from the TEST_DB to the PROD_DB.
  If i manually create the sample schema in the QA_DB, i am able to transfer the sample schema from the QA_DB to the PROD_DBm using EM.
  When i try to transfer the sample schema from the TEST_DB to the QA_DB i get an error in the synchronization phase.
  The capturing of the baseline, and the dictionary comparison phase complete successfully, but when i do the synchronization phase, i get
  the follwing error...
  SQL> ERROR:
  ORA-01034: ORACLE not available
  ORA-27101: shared memory realm does not exist
  SVR4 Error: 2: No such file or directory
  Process ID: 0
  Session ID: 0 Serial number: 0
  This seems strange because, it must have been able to see the destination database for it to complete the dictionary comparison phase, so
  i cannot understand now why it cannot connect to the destination database to complete the synchronization phase.
  any assistance would be greatly appreciated.
  thanks
  Melvyn

• How to Integrate Oracle Imaging and Process Management(IPM) 7.7.10 with EBS

  Hi All,
  We are implementing the following modules from Oracle Content Management to one of our Client, the following are the versions of the tools:
  Configure and deploy Oracle Forms Recognition (OFR) 10GR3
  Configure the Oracle Adopter for integration of OFR with EBS Version 11.5.10.2
  Configure the Adopter for integration of OFR with Oracle Imaging and Process Management (IPM) 7.7.10
  I really like to have any technical design document on integrations front, especially from OFR -> EBS and also IPM -> EBS.
  Please feel reach me on my following contact details:
  [email protected]
  Phone: 1865-582-2369
  Mobile: 1865-202-6430
  Any pointers for the same is well appreciated.
  Regards
  Chandra

  Try replacing the .dll file with the one in your WINDOWS directory. I had that problem and I copied the .dll from C:/WINDOWS/system32 to overwrite the one located in the install directory.

• Difference between Identity Manager and Access Manager

  hi,
  Can any body tell me the difference between Identity manager and Access Manager.
  thanks in advance
  regards
  dhawanmayur

  Access Manager is for access control (web authentication, authorization), Identity Manager is for identity (userid,profile,role, password etc) provision/management across multi resources (such as unix, active directory, peoplesoft, SAP) etc.

• Oracle Lease and Finanace Management

  Hi,
  Please let me know if the Oracle Finanace and Lease Management module be implemented for a lessee in order to manage their leases.
  My client is a car rental company who leases vehicles from the Toyota Finance. There are about 500-600 leases at a given time.
  We tried to use the lease management funaciotnality within the Oracle Fixed Assets. However there a limitations when using the fixed assets module to manage the leases. These are such as being unable to update the lease contracts which are in use, not being able to pay out a lease before the end of the lease and there's no facility to upload the leases without having to create them one by one etc.
  Can someone please let me know if the Oracle Lease and Finanace Management can be used to manage the leases for this company ( Who is a lessee ) .
  And also please let me know the other options available.
  Thanks and Regards,
  MPH

  Hi,
  Please see (Note: 811550.1 - How to upgrade WAM on FRS (Form and Report Server, Resin) environment to Full OAS (Oracle Application Server 10g Release 2, non-Resin) environment).
  You may also review these docs.
  Note: 942124.1 - What are the OAS patches need to be applied before upgrading the WAM patch 1.8.1.1
  Note: 850133.1 - Oracle Utilities Work Asset Management v1.8.1
  Regards,
  Hussein