Sun Access Manager to OpenSSO 8 migration

Hi,
I'm trying to migrate from Sun Java System Access Manager/Sun Directory Server 5.2 to Oracle OpenSSO 8/Sun Directory Server 11. After creating the same suffix (dc=example) from DS 5.2 to DS 11, I installed and configured OpenSSO. After that I export/import my application subtree (o=appl1) from a ldiff file. Everything works good (user, groups, roles, etc) except policies. In Access Manager my policies is keep under ou=iPlanetAMPolicyService,ou=services,o=appl1,dc=example and if I manually create a policy in OpenSSo it's created under ou=iPlanetAMPolicyService,ou=services,o=appl1,ou=services,dc=example. To read policies from my application I use PolicyManager and if it possible I dont want to change the code. Is it possible to tell OpenSSO to keep my policies under ou=iPlanetAMPolicyService,ou=services,o=appl1,dc=example instead of ou=iPlanetAMPolicyService,ou=services,o=appl1,ou=services,dc=example or I need to modify my ldif file or other way ? Thanks for your help.

You should use the MS Access Migration Wizard available from OTN.
Go to the Technology section, then click Migration, then click
Oracle's Migration Toolkits, then click Microsoft Access and from
there you can get the wizard to migrate from Access 2.0. It does
not run on Windows 98. I am not sure whether it is a
recommendation or a requirement to upgrade to Access 97.
bill barnes (guest) wrote:
: I have been tasked with migrating an access 2.0 database to an
: oracle 8 running on novell 5 server. I have found
documentation
: that says it is best to upgrade the access 2.0 database to
access
: 97 then compress the data before the migration. My question is
: whether or not this is necessary/recommended? Which migration
: tool kit/workbench do I need? Any horror stories from a
: migration such as this or any tips to make this as seamless as
: possible?
: Thanks for any help,
: Bill
Oracle Technology Network
http://technet.oracle.com
null

Similar Messages

  • Migration from Siteminder DMS to Sun Access Manager

    Hi
    We are working on a project that involves migration of Siteminder and SiteMinder-DMS to Sun Access Manager.
    My concerns are
    1. Do I need any changes to the Directory Tree of the LDAP..?
    2. How do I migrate the policies..>
    3. Does Sun have the exact quivalents(the same coarse grained APIs) as Siteminder-DMS..?
    4. Heard of a tool that can do the migration from Siteminder to Sun Access Manager. How good is the tool and what in its scope and what are its limitations.?
    Thnx
    siva

    I currently reviewing migrating from SiteMinder to Sun Access Manager. I have the same issues as you have had. I would greatly appreciate any feedback on any of these issues. My email address is [email protected] if you prefer to email me directly.

  • Problems about Sun Access Manager

    when I using Sun Access Manager, I found It is very slowly to access "http://host:ip/amserver" , but I also using OpenSSO, It is normal to access "http://host:ip/amserver".
    Can anyone give any suggestions ?
    Best Regards!

    Hi,
    I added a page to the wiki which adds more detail to the steps to create the sample app policies on the am/fam/opensso server console UI. This includes some screen shots as well.
    This is one good thing about the sample app is that you have to learn to install the opensso server, install the agent, configure the agents properties for the sample app security and also use the opensso server UI to create policies.
    It is a bit of work, but when done you will know how to use a lot of opensso features.
    You do not need a directory server. The sample app readme refers to some directory things that really can be ignored. The wording should be changed.
    Anyhow you can use this wiki page along with the readme to help you set up the policies, the subjects etc that map to the sample app
    http://wikis.sun.com/display/OpenSSO/samplepolicy
    I will try to make a getting started page for new users, though you have done most the steps now, and need to set up sample. But this page might be useful for others who want to get started http://wikis.sun.com/display/OpenSSO/getstarted
    hth,
    Sean

  • Getting error while opening Sun access manager console

    We are facing problem while accessing console of Sun Access Manager. We got No Page Found error whenever we try to access the Sun Access Manager console. We have tried restarting the directory server and web server but even that doesn�t help us. Following are the error that gets recorded in log files:-
    ERROR: AuthD init() com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
    ERROR: Error creating service session java.lang.NullPointerException

    The ns-slapd.exe process belongs to the Directory Server. You should therefore check if your DS instance is set up properly.
    Michael

  • Securing web services with Sun Access Manager

    Hi!
    I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
    What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
    I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
    I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
    My questions are:
    1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
    2) Are there any documentation/tutorials/etc?
    Thanks in advance :-)
    Anders

    what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
    the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
    So.. having said that. here's what I'd recommend.
    1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
    2. configure it to use your access manager instance for authentication.
    3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
    4. voila... your webservices are not "protected" by acces manager ;-)

  • Policy Agent doesn't reset Sun  Access Manager session time idle value

    Hi,
    We have the following setup in our environment:
    - apache web server/web and policy agent 2.2 for apache 2.0.54
    - webmethods portal server (jetty)
    -Sun Access Manager (with Sun Directory Server)
    We use policy agent for authentication purpose only (via Sun Access Manager/LDAP) when the users access the portal. We have custom code that creates session in Sun Access Manager for custom LDAP services. For testing purpose, we configure SAM session to have Max Session Timeout at 120mins and Time Idle at 15mins. I would assume that, after the initial login request, for all subsequent accesses to the portal the policy agent should intercept the request and reset the Time Idle value of SAM session. However, when I monitor time idle value using SAM console, session tab, the time idle value didn't change when the portal user access pages, submit actions, etc. I can see in the debug log of policy agent that requests are being intercepted/processed, but the time idle didn't get reset.
    Does anyone know if this is a bug in configuration or in policy agent itself or am I making the wrong assumption?
    Thanks a lot for the help.

    Thanks for the reply, Shivaram. The issue appears to occur at random time, not accurately at the 3 min interval as you mention. I tested changing this value to 1, theoretically, after one 1 minute of idle time, accessing a link would make the agent reset the time idle value for the user session in SAM, but it didn't even after 3 minutes. This seems to be either a policy agent or system access manager bug.
    We performed a 'vanilla' test using the apache server manual pages (only plain HTML, no POST requests), the pages are protected by the policy agent. At the first login, rwe were prompted to enter credential to be validated by SAM/LDAP, and then a user session is created in SAM session table. We browse around the manual pages, once in a while, certain pages cause the policy agent to reset the time idle. However, revisiting these links after a few minutes doesn't reset the idle value. Caching setting has been disable as well. Could there be or lack of some settings in AMConfig.properties or AMAgent.properties that might have caused this behavior?
    Thanks for all your help,

  • Username and password for Sun Access Manager 7.1

    Hi
    Thank you for reading my post
    I ge the new Java Application Platform SDK Update 2 which has access manager and portlet management inside it.
    Can you tell me what is username and password for Sun access Manager 7.1 administration cosole?
    thanks

    with me it was amadmin : admin123
    in the readme file in the addons directory:
    Done! Access the AM server URL and see if the Access Manager is working or not -
    <amserver_protocol>://<amserver_host>:<amserver_port>/amserver
    user : 'amadmin', password : <admin password>
    in a config file i found the password was admin123

  • Sun Access Manager Event Sequence

    I have a third party black box piece of hardware that is redirecting browser requests to my server for authentication. I want to utilize the Sun Access Manager to perform these authentications. Do I need to use the Policy Agent, or should I attempt to communicate directly with the Access Manager? What benefit will I gain from including the Policy Agent into the mix?
    If I don't use the policy agent, here is the sequence of events as I understand them:
    1) Browser hits Black Box (BB) for protected information.
    2) BB redirects the browser to me.
    3) Browser sends me a SAML snippet. I decode and inflate the snippet, then send it off to the access manager (AM).
    4) The AM throws an invalid id exception because the user has never logged in.
    5) I catch the invalid id exception, and redirect the browser to the AM login URL. The user enters a valid id and password and hits submit.
    6) ... ?
    Is this correct up to step 5, and what happens after step 5? Any hints would be greatly appreciated.

    Okay, never mind then.

  • Sun Access manager

    Hi all,
    i am developing a sample application using sun access manager.it would be very helpful if anyone could help me out in giving some code examples and help me out in developing a sample web app.I have to use the oracle database to get the users and roles.If anyine could post me some sample code for the same it would be really great of u..
    Thanx in advance,
    Sidharth

    ya thats right.....i tried the purejaasexample given in that...and it worked...but my problem is that....supppose i create an user in my db and then when his authntication is suceeded then can i know from the console who has logged in and all...tell me what is the best example i can try from the samples directory....
    basically i want to create a smaple application using sun access manager and implement it in one of our companys big app

  • Sun Access Manager 7.1 configuration

    I am trying to configure Sun Access Manager 7.1 update 1 on websphere 6.1.0.11 running on windows 2003 server and am getting a crypt error on SunJCE. Any suggestions on how to fix this?
    The thread dump looks like this
    05/16/2008 11:22:00:509 AM EDT: Thread[WebContainer : 2,5,main]
    05/16/2008 11:22:00:509 AM EDT: Thread[WebContainer : 2,5,main]ERROR: Crypt: failed to set password-based key
    java.security.NoSuchProviderException: no such provider: SunJCE
    at sun.security.jca.GetInstance.getService(GetInstance.java:82)
    at javax.crypto.b.a(Unknown Source)
    at javax.crypto.SecretKeyFactory.getInstance(Unknown Source)
    at com.iplanet.services.util.JCEEncryption.setPassword(JCEEncryption.java:377)
    at com.iplanet.services.util.Crypt.createInstance(Crypt.java:139)
    at com.iplanet.services.util.Crypt.<clinit>(Crypt.java:103)
    at java.lang.J9VMInternals.initializeImpl(Native Method)
    at java.lang.J9VMInternals.initialize(J9VMInternals.java:192)
    at com.sun.identity.setup.ServicesDefaultValues.validatePassword(ServicesDefaultValues.java:396)
    at com.sun.identity.setup.ServicesDefaultValues.setServiceConfigValues(ServicesDefaultValues.java:107)
    at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:307)
    at com.ibm._jsp._configurator._jspService(_configurator.java:221)
    at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:85)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:989)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:930)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
    at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:89)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:761)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:673)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:498)
    at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:464)
    at com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:122)
    at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.handleRequest(AbstractJSPExtensionServletWrapper.java:205)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3276)
    at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:267)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
    at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1455)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:113)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:383)
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1469)
    05/16/2008 11:22:00:509 AM EDT: Thread[WebContainer : 2,5,main]ERROR: JCEEncryption:: not yet initialized

    Have you followed the release notes instructions? There is one specifically about changing JCE:
    http://docs.sun.com/app/docs/doc/819-5899/gdpsl?a=view
    http://docs.sun.com/app/docs/doc/819-4683/gfvfl?a=view
    http://docs.sun.com/app/docs/doc/819-5899/gdxas?a=view
    shivaram

  • Sun Access Manager login problem

    Hi,
    This is a very basic problem. I have installed Sun Access Manager 7 using JES installer. It is configured to authenticate against a LDAP datastore. I am able to login into the amconsole application using the amAdmin DN but I am not able to login with any other user that I create through Sun Access Manager.Any help will be highly appreciated.
    TIA.

    Hello,
    When you create any user through SUN Access Manager, is that user is created in LDAP
    datastore, or is it created in SAM flat file repository ?

  • Sun Access Manager Resource & password resets

    Hi,
    I've got IDM 7.1 and AM 7.1, with a Sun Access Manager Realm resource. The LDAP directory (DS EE 6.0) sitting behind the AM resource has been set up to "Require Password Change at First Login and After Reset".
    However, if a user in IDM changes their AM password, the connection to AM is done as the resource adapter user, not themselves; this means that the pwdReset flag is not cleared on their account in AM, and AM will demand a password change on next login.
    This is obviously non-optimal for us, as we'd like them to change their password through IDM.
    Is there any way to change the DS policies to allow for this situation, OR to set the pwdReset flag through the resource adapter, OR to get the resource adapter to connect as the user when the Change Password flow is performed?
    Thanks,
    Michael.

    Hi Michael,
    Could you please share the solution for the problem you are facing.
    I am facing a similar issue.
    When an admin resets the password of a user and when the user logs in, he/she needs to be redirected to IDM change password page. Instead the redirection to AM change password functionality is displayed.
    Thanks,
    Vinu

  • Sun access Manager session failover

    Hi,
    I am trying to install Sun Access Manager (2005Q1) with Session failover. I have hardware load balancer under which i have configuring Access Manager on two seperate boxes.
    For session failover i have configured Berkelay database on both system but am unable to start the database.
    Now i got the information that Access Manager 6.1 does not support session failover.
    Can anyone confirm if access manager 6.1 supports failover or we need to upgrade it?
    Thx in advance.
    ASN
    Message was edited by:
    asn123

    One clarification. AM 6.1 did have session failvoer feature. But it was container dependent. It used container features to provide this. Each container had its on configuration. It was made independent of the containers in AM 6.3 release. I would stonglry recommend using AM 6.3 or above if you are using session failover.
    shivaram

  • Sun Access Manager  - Authentication Error

    Hello everyone,
    I'm trying to configure Sun Access Manager 7.0 with sun web server 6.1 and directory server 5.2 on windows xp.
    I'm getting the following error when I try to login with uid=amAdmin
    "Permission to perform the read operation denied to uid=amAdmin,ou=People,dc=example,dc=com"
    I do not see any errors from the debug files. Could anyone help me in fixing this problem.
    Thanks in advance,
    -krishna

    Is your AM log level set to message? If not, set to message and retest. You should get output in your debug logs.
    On the agent side, set your logging to all:5

  • Sun Access Manager 2005Q1 session failover is not working

    Hi All
    I m using Sun access manager 2005Q1,message queue 2005Q1, Sun Directory server 5.2 ,BerkelyDb 4.2.52 and radware hardware load balancer with sticky session.
    I m have configured message queue and BerkeleyDB and both are running with any error.
    I m using http://docs.sun.com/source/817-7644/ch5_scenarios.html#wp41008 doc for session failover.
    Simple failover is working fine but the Session failover is not working.
    Any body has done session failover with Sun Access manager 2005 Q1 I m trying to resolve this issue last two month.
    Please it is urgent.

    It works fine in 2005Q4, after applying a patch 120954 if I am not mistaken. But 2005Q4 and 2005Q1 are probably different in terms of session failover (site configuration etc.)
    1. Stop both AM servers
    2. Set logging to debug mode in AMConfig.properties.
    3. Delete / move everything in /var/opt/SUNWam/debug
    4. tail -f /var/opt/SUNWam/debug/amSession
    5. Post that file here... you should be able to see if session failover is enabled etc....
    hope this helps.

Maybe you are looking for