Unprotect OIM 9.1 page in OAM 11g?

Similar Messages

• OIM-OAM 11g BP 02 integration not working as expected

  Hi Experts,
  We have OIM 11g and OAM 11g both upgraded to BP02 installed on separate hosts. We are using OID 11g as the directory servers and OVD 11g fronting OID for integration. We followed the steps mentioned in Oracle Document Oracle® Fusion Middleware Integration Guide for Oracle Access Manager 11g Release 1 (11.1.1)Part Number E15740-04 for integration purpose.
  After performing all the integration tasks mentioned in the document, while testing the ingtegration, the expected results are not been serverd.
  If I access OIM admin console URL, am getting default OIM admin console URl instead of OAM SSO login page for authencation. and also I am unable to login using either xelsysadm\oimadmin\oamadmin but I can login using weblogic, so this is referin to the default embeded LDAP of weblogic for credential validation.
  OIM and OAM are deployed on separate hosts, please find the deployment details below.
  1. JDK: 1.6.0_29
  2. WLS : 10.3.5
  3. LDAP: Oracle Internet Directory: 11.1.1.5.0
  Oracle Virtual Directory: 11.1.1.2.0
  4. Webserver: Oracle HTTP Server fronting the OIM
  The Integration videa on Support.oracle assumes that all components OIM\OAM/OID/OHS being on the same host.
  I have my OIM and OAM both patched to the latest BP which is BP 02. There is a support article which specifically talks about few settings ton be made for BP 02.
  the article ID is 1447494.1.
  Even after doing all these, the integration is not working.
  As per the support article, I need to use preferred host name for agent fronting OIM as IAMSuiteAgent and if I do that, the proxying of OIM server with the webserver host will not work at all and ends with 404 not found error when I access using http://OHShost:OHSport/oim.
  but if i use the name of agent i.e webserver name in the preferred host field, the redirection would happen and i get OAM SSO login page for authentication, however with the credential validation at this page, the OIM login page (http://OIMhost:OIMport/oim) is provided prompting for login again.
  also if i access OIM login page http://OIMhost:OIMport/oim directly, the OAM SSO page is not coming for authentication.
  I am awaiting your advice\suggestions or workarounds if any one has come across this kind of issue, which i am sure is an obvious case.
  Thanks,
  Nagendra

  Hi,
  Any help in this regard please/
  Thanks
  Nagendra

• OAM 11g Webgate 10g customized SSO logout page

  As stated in the title, I am using OAM 11g and Webgate 10g. I am trying to create a customized SSO logout page but am confused on a few parts. First off, in http://docs.oracle.com/cd/E17904_01/doc.1111/e15478/logout.htm#CHDHFGJC , it states the following step for their logout.html:
  Logic in logout.html redirect to the OAM Server. For example:
  http://myoamserverhost:port/oam/server/logout?end_url=http://my.site.com/
  welcome.htmlMy question is if this is truely required? Or is there a way to have OAM invalidate the session and do its internal part of the logout procedures without needing to force the user to redirect to the OAM server's logout URL (eg: it automatically recognizes that the Webgate URL is "...../logout.html" and handles it properly). From talking to colleagues it sounds like this should be possible, and I see some mentions of it in the above documentation, but this appears to be 11g OAM and 11g Webgate behavior. At the same time though, the line "Logout is initiated when an application causes the invocation of the logout.html file configured for any registered OAM 10g Webgate." Leads me to believe that it can work with 10g webgate as well.
  Or, is there a way to have multiple valid logout pages on the OAM server? (There is currently a customized logout page that we cannot modify, and does not meet all the requirements we have for look/feel)
  Thank you
  Edited by: mBaldwin on Apr 12, 2013 10:30 AM

  Bump Any ideas?

• Self registration error in OIM-OID-OAM 11g

  Hi,
  We are using OIM,OID,OAM 11G,in clustering mode.We are facing a problem on self registration process.
  For every alternate self registration request,system is throwing an error.After the self register user request has got approveod,I have checked the request status in 'advanced' panel its saying ; " IAM-3051103:The create operation on user entity failed in action stage.:"
  This is really a big mysterious thing to me,1st self registration was successful,2nd was throwing an error , again 3rd was success ,4th was failure , 5th was success and 6th was failure.
  Below is the corresponding error message in log file for the failed request.
  <Mar 21, 2011 2:22:30 PM CDT> <Error> <oracle.iam.identity.usermgmt.impl.handlers.create> <IAM-3051103> <The create operation on user entity failed in action stage.
  oracle.iam.platform.entitymgr.MissingRequiredAttributeException: [act_key]
       at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.checkRequired(EntityManagerImpl.java:1448)
       at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:261)
       at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:237)
       at oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler.execute(CreateUserActionHandler.java:141)
       at oracle.iam.identity.usermgmt.impl.handlers.create.CreateUserActionHandler.execute(CreateUserActionHandler.java:68)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
       at $Proxy235.execute(Unknown Source)
       at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1028)
       at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:637)
       at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:220)
       at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:669)
       at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:716)
       at oracle.iam.platform.kernel.impl.OrhestrationAsyncTask.execute(OrhestrationAsyncTask.java:108)
       at oracle.iam.platform.async.impl.TaskExecutor.executeUnmanagedTask(TaskExecutor.java:100)
       at oracle.iam.platform.async.impl.TaskExecutor.execute(TaskExecutor.java:70)
       at oracle.iam.platform.async.messaging.MessageReceiver.onMessage(MessageReceiver.java:68)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
       at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
       at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
       at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
       at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
       at $Proxy428.onMessage(Unknown Source)
       at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
       at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
       at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327)
       at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
       at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
       at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
       at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
       at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
       at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >
  <Mar 21, 2011 2:22:30 PM CDT> <Error> <oracle.iam.platform.entitymgr.provider.ldap> <IAM-0042004> <An error occurred while un-reserving the user in LDAP, and the corresponding error is - java.lang.NullPointerException>
  <Mar 21, 2011 2:22:30 PM CDT> <Warning> <oracle.iam.identity.usermgmt.impl.handlers.create> <BEA-000000> <null>
  Any help would be really appreciated.
  Thanks.

  Hi,
  I am assuming in clustered environment you are having two instances running.
  It must be an issue with a single server,,because the problem is intermittent.
  To see which server is causing problem....just perform the following steps:
  1) Stop server1 and keep running server2..and fire new registration request...
  2) stop server 2..and keep running server1.....and fire new registration request.
  Using above, atleast you can see which server is causing the problem...
  Regards,
  J
  Edited by: J_IDM on Mar 21, 2011 10:52 PM

• Best practices on enterprise and application roles in OIM and OAM 11g?

  Hi, all,
  I wonder if any of you can give me some advice on role design for OIM and OAM 11g. I'd like to have both enterprise roles, such as Accountant II, and application roles, such as App1_User, App1_Admin, etc. Ideally, the enterprise role would automatically give the user the appropriate application roles, but I can't figure out how to do that. We tried using OIM 11g's inheritance, but when the application role is inherited, OAM doesn't see it in OID/OVD and therefore doesn't think the user has the correct authorization to access the application. I thought about using role membership rules, but those seem to only allow you to use user attributes to control membership, which doesn't help at all in my situation.
  How is this situation best handled? Any advice much appreciated!
  Ariel Anderson
  Senior Business Analyst
  Zirous, Inc.

  Hi,
  I am assuming in clustered environment you are having two instances running.
  It must be an issue with a single server,,because the problem is intermittent.
  To see which server is causing problem....just perform the following steps:
  1) Stop server1 and keep running server2..and fire new registration request...
  2) stop server 2..and keep running server1.....and fire new registration request.
  Using above, atleast you can see which server is causing the problem...
  Regards,
  J
  Edited by: J_IDM on Mar 21, 2011 10:52 PM

• Can't login to OIM 11g Design Console after integrate with OAM 11g

  Dear All,
  After successfully integrate oim 11g with oam 11g, we cannot access the design console of oim 11g anymore (access denied).
  Is it cause of oam protection?
  Or do we have to do additional configuration?
  Please help...
  Thank you,
  -heri-

  962874 wrote:
  Hi All,
  I have installed and configured OAM,OIM,SOA under weblogic domain. After configured OAM on weblogic domain(by extending it)
  I am getting the following error while login to oim console,design console .
  <Jan 17, 2013 4:26:09 AM EST> <Warning> <Socket> <BEA-000449> <Closing socket as no data read from it on 172.16.30.107:57,579 during the configured idle timeout of 5 secs>
  <Jan 17, 2013 4:26:10 AM EST> <Error> <Default> <BEA-000000> <Failed to communicate with any of configured Access Server, ensure that it is up and running.> Is the port 57,579 correct? Port numbers cannot have comma in them. Also try to telnet to that host and port from your machine to check if there is no network issue.
  Regards,
  Nani-Bikash
  Edited by: 932574 on Jan 17, 2013 10:40 AM

• OAM 11g installation error

  Hi,
  I'm trying to install Oracle OAM 11g, but having some trouble while connecting to the oam web console.
  My OS is Windows 2003 Enterprise Edittion, Service Pack 2.
  My installation steps:
  - Installed Oracle DB (11.2.0)
  - Used RCU (11.1.1.3.3) to create DB schemas.
  - Installed WebLogic 10.3.3
  - I did NOT install SOA Suite because I intend to not use Identity Manager.
  - I installed IDAM (from ofm_iam_generic_11.1.1.3.0_disk1_1of1 disc)
  - Created a domain containing these servers:
       - Admin Server listening on port 7001
       - oam_server1 listening on port 14100
       - oaam_admin_server1 listening on port 14200
       - oaam_server_server1 listening on port 14300
  - I started weblogic with the "startWebLogic.cmd" command.
  - I started oam_server1 with the "startManagedWebLogic.cmd oam_server1" command
  (I used this installation guide: http://onlineappsdba.com/index.php/2010/08/05/oracleidm-11g-step-by-installation-of-oam-oim-oaam-oapm-oin-111130-part-i-load-schema/)
  The weblogic console says the oam_server1 is up and running, but when I try to connect
  to the oam console (http://localhost:14100/oam) the web page displayed says "Error. Action failed. Please try again."
  This error also occurs in the oam_server1.log:
  ####<2010-nov-23 kl 13:49 CET> <Info> <ServletContext-/oam> <server-base> <oam_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <f5f04f496bf2057f:10058de0:12c78c5bb9b:-8000-0000000000000012> <1290516557352> <BEA-000000> <index.jsp:2:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
  <%@taglib uri="http://beehive.apache.org/netui/tags-html-1.0" prefix="netui"%>
  ^----^
  index.jsp:2:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
  <%@taglib uri="http://beehive.apache.org/netui/tags-html-1.0" prefix="netui"%>
  And when I check out the taglib web page:
  http://beehive.apache.org/docs/1.0/netui/tagsOverview.html
  ...it says: "2010/01/11 - Apache Beehive has been retired."
  Have I missed something, or how do I fix this?
  Thanks in advance.
  Henrik
  Edited by: user1154522 on Nov 23, 2010 5:26 AM

  My mistake. This was the URL i was looking for to configure OAM:
  http://lhost:7001/oamconsole

• SharePoint 2010 with OAM 11g

  We are currently trying to integrate SharePoint 2010 server with OAM 11g with 10g webgate. In our environment SharePoint site is configured with Claims based authentication with LDAP provider for membership. We have performed all the configurations based on the Oracle documentation with validation mode as OAMHttp.
  We are seeing the following behavior after this integration.
  1)     The user requests access to an SharePoint Site
  2)     Webgate protecting the site intercepts the request, determines if the resource is protected, and challenges the user.
  3)     The user enters their OAM credentials; Webgate contacts the OAM Server, which verifies the credentials from user store and authenticates the user. Webgate generates the OAM native SSO cookie (ObSSOCookie), which enables single sign-on and sets the User ID (to username) header variable in the HTTP request and redirects the user to SharePoint site.
  Here, instead of taking user to the home page of the site, the SharePoint login page is displayed again.
  =================================================================================================
  Looking into the debug logs i found the following error.
  Date ProcessId ThreadID ManagesThreadId ClassName MethodName Message
  =================================================================================================
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider Initialize validationMode^OAMHttp
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor Method Entered
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor ValidationURL configured validationUrl^http://wtv-sea-spapp01.chemd.net:8086/ValidateCookie.html
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor validationHost^wtv-sea-spapp01.chemd.net
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor OAMAuthUserCookieName^OAMAuthCookie
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator .ctor Method Exited
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider Initialize Setting Validation Type OAMHttp
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider ValidateUser Entering ValidateUser : username^IDG2M
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator ValidateUser Method Entered
  Exception Caught InValidateUser
  The remote server returned an error: (403) Forbidden. at System.Net.HttpWebRequest.GetResponse()
  at Oracle.OAMHttpValidator.ValidateUser(Dictionary`2 creds)5/4/2012 4:16:19 AM 7648 3604 7 Oracle.OAMHttpValidator ValidateUser Exiting AuthStatus^AuthZFail
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider ValidateUser OAMauthStatus^AuthZFail
  5/4/2012 4:16:19 AM 7648 3604 7 Oracle.CustomMembershipProvider ValidateUser Method Exited returnCode^False
  If anyone have integrated OAM 11g with SharePoint 2010 earlier, appreciate your inputs in this regard.

  Each license is platform specific, you can't backwards apply or forwards apply licenses from one version of SharePoint to another.
  If you do have MSDN access, you'll have access to all current versions of SharePoint, across the current and retired server products.
  Steven Andrews
  SharePoint Business Analyst: LiveNation Entertainment
  Blog: baron72.wordpress.com
  Twitter: Follow @backpackerd00d
  My Wiki Articles:
  CodePlex Corner Series
  Please remember to mark your question as "answered" if this solves (or helps) your problem.

• OAM 11g: Error while importing Custom Authentication Plug-in.

  We are trying to create a sample custom authentication plugin in OAM 11g as per the 11.1.1.5.0 doc.
  But while trying to import the plugin via oamconsole (system configuration->Plugins->Import Plugin) we receive an error "Invalid XML Structure".
  Do we have to embed the XSD (XML Schema Definition) as well ?
  -------------------------SamplePlugin.java-------------------------------------
  import oracle.security.am.plugin.ExecutionStatus;
  import oracle.security.am.plugin.MonitoringData;
  import oracle.security.am.plugin.PluginConfig;
  import oracle.security.am.plugin.authn.AuthenticationContext;
  import oracle.security.am.plugin.authn.AuthenticationException;
  import oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn;
  import java.util.Map;
  import java.util.logging.Level;
  class SamplePlugin extends AbstractAuthenticationPlugIn {
       private static final String CLASS_NAME = "FirstTestClass";
       public ExecutionStatus initialize (PluginConfig config){
            super.initialize(config);
            if(LOGGER.isLoggable(Level.FINE)){
                 LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
            return ExecutionStatus.SUCCESS;
       @Override
       public String getDescription() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public Map<String, MonitoringData> getMonitoringData() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public String getPluginName() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public int getRevision() {
            // TODO Auto-generated method stub
            return 0;
       @Override
       public ExecutionStatus process(AuthenticationContext arg0)
                 throws AuthenticationException {
            if(LOGGER.isLoggable(Level.FINE)){
                 LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
            return ExecutionStatus.SUCCESS;
       @Override
       public void setMonitoringStatus(boolean arg0) {
            // TODO Auto-generated method stub
       @Override
       public boolean getMonitoringStatus() {
            // TODO Auto-generated method stub
            return false;
  -------------------------SamplePlugin.java-------------------------------------
  ------------------------SamplePlugin.xml--------------------------------
  <?xml version="1.0" encoding="UTF-8" ?>
  <Plugin name="SamplePlugin" type="Authentication">
  <author>Self</author>
  <email>[email protected]</email>
  <creationDate>09:41:22, 2012-02-05</creationDate>
  <version>1</version>
  <description>SamplePlugin</description>
  <interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
  <implementation>SamplePlugin</implementation>
  </Plugin>
  ------------------------SamplePlugin.xml--------------------------------
  ------------------------MANIFEST.MF--------------------------------
  Manifest-Version: 1.0
  Ant-Version: Apache Ant 1.8.2
  Bundle-Version: 1.0.0.qualifier
  Bundle-Name: SamplePlugin
  Bundle-Activator: SamplePlugin
  Bundle-ManifestVersion: 2
  Created-By: 1.6.0_24-b07 (Sun Microsystems Inc.)
  Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.
  plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,
  oracle.security.am.common.utilities.principal,oracle.security.idm,jav
  ax.naming,javax.sql,java.management,javax.security.auth
  Bundle-SymbolicName: SamplePlugin
  Bundle-RequiredExecutionEnvironment: JavaSE-1.6
  ------------------------MANIFEST.MF--------------------------------
  Contents of SamplePlugin.jar
  1. SamplePlugin.xml
  2. SamplePlugin.class
  3. META-INF/
  MANIFEST.MF

  I build the Plugin.jar file similarly as above(followed the same steps)..
  But when i log into OAM and trying to import the plugin (System Configuration->Plugins- Import Plugin) the browser goes to hung state and i see below error in logs (domain log and in diag log)
  I see the jar file created in this location (\Middleware\user_projects\domains\IAMdomain\oam\plugins)
  Please let me know if you have any idea..Thanks!
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803273> <BEA-000000> <ADFc: /WEB-INF/adfc-config.xml: >
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803274> <ADFC-52024> <ADFc: Duplicate managed bean definition for 'accessCheck' detected.>
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000402> <1330549803479> <ADF_FACES-60099> <The region component with id: pt1:_lar has detected a page fragment with multiple root components. Fragments with more than one root component may not display correctly in a region and may have a negative impact on performance. It is recommended that you restructure the page fragment to have a single root component.>
  ####<Feb 29, 2012 1:10:33 PM PST> <Error> <javax.enterprise.resource.webcontainer.jsf.application> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833253> <BEA-000000> <java.lang.NullPointerException
  javax.faces.el.EvaluationException: java.lang.NullPointerException
       at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:51)
       at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
       at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190
  ####<Feb 29, 2012 1:10:33 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833316> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase INVOKE_APPLICATION 5
  javax.faces.FacesException: #{FileProcessor.doUpload}: java.lang.NullPointerException
       at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
       at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
       at oracle.adf.view.rich.component.rich.RichPopup$BroadcastContextCallback.invokeContextCallback(RichPopup.java:666)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.invokeOnComponent(UIXComponentBa
  >
  ####<Feb 29, 2012 1:10:33 PM PST> <Error> <oracle.oam.admin.console.policy> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833361> <OAM-400016> <Failed to authenticate the user
  javax.servlet.ServletException: java.lang.NullPointerException
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
  ####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adf.view.rich.component.fragment.UIXRegion> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834008> <ADF_FACES-00009> <Error processing viewId: /plugin-taskflow/authplugins URI: /oracle/security/am/taskflows/authplugin.jsff actual-URI: /oracle/security/am/taskflows/authplugin.jsff.
  javax.el.ELException: java.lang.NullPointerException
       at javax.el.BeanELResolver.getValue(BeanELResolver.java:266)
       at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper._encodeAll(PanelCollectionRenderer.java:728)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper.access$500(PanelCollectionRenderer.java:537)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer.encodeAll(PanelCollectionRenderer.java:402)
       at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)
       at org.apache.myfaces.trinidad.render.CoreRenderer.encodeEnd(CoreRenderer.java:335)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.encodeEnd(UIXComponentBase.java:767)
       at javax.faces.component.UIComponent.encodeAll(UIComponent.java:937)
  ####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834020> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6
  javax.faces.FacesException: javax.el.ELException: java.lang.NullPointerException
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:804)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:294)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:214)

• OAM 11g "Failure URL" in Authoriztion policy not working?

  Hi,
  Per the subject, I am running OAM server 11g (11.1.1.3), with an OAM 10g Apache webgate.
  In the OAM Authorization policy (protected), I have specified a full URL for the "Failure URL", to get the browser to redirect when an authorization failure occurs.
  However, when I test with a user that does not have access (user authenticates ok, but doesn't have right to access the protected resource), instead of the browser being redirected, I am getting an "Oracle Access Manager Operations Error" page.
  I've been trying to figure this out, and have found several threads about this, e.g.:
  OAM 11g authz redirect URL not working?
  But, as I said, I am using OAM 11g server, and there is no "Inconclusive URL" in the policy settings (I guess there was in 10g, but not in 11g).
  I have trace logging enabled on the OAM server, and I can clearly see that the request is getting "results DENY", but there's no indication in the logs that OAM server is aware of any failure redirection URL.
  I've also got a header trace, and I can see that the browser is simply being re-directed to the "/oberr.cgi...." URL, so it' not going "somewhere else".
  So, does anyone know why the "Failure URL" is not working in OAM 11g in Authorization policies?
  Thanks,
  Jim
  P.S. The URL that it's suppose to be re-directing the browser to is in the Public resources under Authorization, and as I said, I don't see the browser even attempting to go to the failure URL, either via header traces or the OAM server logs.
  Edited by: jimcpl on Nov 5, 2011 8:53 PM

  Hi,
  Per the subject, I am running OAM server 11g (11.1.1.3), with an OAM 10g Apache webgate.
  In the OAM Authorization policy (protected), I have specified a full URL for the "Failure URL", to get the browser to redirect when an authorization failure occurs.
  However, when I test with a user that does not have access (user authenticates ok, but doesn't have right to access the protected resource), instead of the browser being redirected, I am getting an "Oracle Access Manager Operations Error" page.
  I've been trying to figure this out, and have found several threads about this, e.g.:
  OAM 11g authz redirect URL not working?
  But, as I said, I am using OAM 11g server, and there is no "Inconclusive URL" in the policy settings (I guess there was in 10g, but not in 11g).
  I have trace logging enabled on the OAM server, and I can clearly see that the request is getting "results DENY", but there's no indication in the logs that OAM server is aware of any failure redirection URL.
  I've also got a header trace, and I can see that the browser is simply being re-directed to the "/oberr.cgi...." URL, so it' not going "somewhere else".
  So, does anyone know why the "Failure URL" is not working in OAM 11g in Authorization policies?
  Thanks,
  Jim
  P.S. The URL that it's suppose to be re-directing the browser to is in the Public resources under Authorization, and as I said, I don't see the browser even attempting to go to the failure URL, either via header traces or the OAM server logs.
  Edited by: jimcpl on Nov 5, 2011 8:53 PM

• LDAP Sync OAM 11g

  We have installed OAM 11g with the follwing:
  OS: RHEL 5.5 with 64bit Intel
  DBS: 11gR2 (11.2.0.1)
  RCU: 11.1.1.3.3
  IDM: 11.1.1.3
  SOA: 11.1.1.3
  WLS: 10.3.3
  IDAM: 11.1.1.3
  All the servers are up and running and all the consoles are accessible -- in short everything seems to be running fine. Except for the fact that we cannot create users or modify IT resource and some other OIM functions. We have followed the steps to execute LDAP Sync (which we think is the culprit) but it appears that OIM is not accessing LDAP.
  Before we ran LDAP Sync, we were able to "create users", but they were not accessible within OID. After running LDAP Sync, we are not able to create users. When we press Apply, we receive the following error:
  "An error has occurred while performatin create user sequence. Unable to set LDAP connection, and the root cause is -- Null input buffer."
  Any ideas?

  The error appears to be different. From oim_server1-diagnostic.log
  [2011-03-18T08:46:04.277-04:00] [oim_server1] [NOTIFICATION] [IAM-3010042] [oracle.iam.ldapsync.vo] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 0000Iv904T_7U8WVLyESOA1DWoEu00000a,0] [APP: oim#11.1.1.3.0] [arg: oracle.iam.ldapsync.impl.DefaultLDAPContainerMapper] Loading LDAP container mapping plug-in - oracle.iam.ldapsync.impl.DefaultLDAPContainerMapper
  [2011-03-18T08:46:04.327-04:00] [oim_server1] [NOTIFICATION] [IAM-0040016] [oracle.iam.platform.entitymgr.impl] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 0000Iv904T_7U8WVLyESOA1DWoEu00000a,0] [APP: oim#11.1.1.3.0] [arg: LDAPUser] [arg: LDAPDataProvider] Initializing data provider for entity type - LDAPUser of type LDAPDataProvider
  [2011-03-18T08:46:04.484-04:00] [oim_server1] [ERROR] [IAM-0042017] [oracle.iam.platform.entitymgr.provider.ldap] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 0000Iv904T_7U8WVLyESOA1DWoEu00000a,0] [APP: oim#11.1.1.3.0] [arg: oracle.iam.platform.entitymgr.vo.ConnectivityException: java.lang.IllegalArgumentException: Null input buffer] An error occurred while finding the change log type - oracle.iam.platform.entitymgr.vo.ConnectivityException: java.lang.IllegalArgumentException: Null input buffer
  Whereas the error in the note provided is:
  2010-11-24T23:54:30.262-06:00] [oim_server1] [ERROR] [IAM-0042006] [oracle.iam.platform.entitymgr.provider.ldap] [tid: [ACTIVE].ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 0000Im1aEEz6yGD5nBK6yZ1CvTLx0000B6,0] [APP: oim#11.1.1.3.0] [dcid: 2f99c0ab29663422:-14c1853b:12c810b022f:-7ffd-000000000000135c] [arg: java.lang.NullPointerException] An error occurred while looking up the entity in LDAP, and the corresponding error is - java.lang.NullPointerException

• OAM 11g Language Packs

  I've scoured the doc, so correct me if I'm wrong. Is there any notion in OAM 11g regarding language packs? I see lots of doc for 10g but nothing for 11.
  Thanks,

  Hi Pi_zaw,
  This is expected behaviour - the MaxRetryLimit controls the maximum number of failed attempts in a browser session, it does not lockout users. If you want to lock users out in these circumatances, you either need to integrate with OIM, or use OAM's own password policy (available in OAM 11.1.2).
  Regards,
  Colin

• Unable to authenticate users using Custom plugins in OAM 11g

  We are working on a requirement in which we have to write a custom authentication plugin in OAM 11g.
  we were able to import and activate the plugin
  we created a new authentication module with steps in the following order
  1)UserIdentificationPlugin
  2)UserAuthenticationPlugin
  3)Our custom plugin to create custom responses(We just created the class with mandatory methods and process method returning success)
  but finally when we try to authenticate,authentication fails resulting in OAM-2 error.We had entered valid credentials
  Can somebody please help me on resolving this issue.
  The plugin code,manifest file and Metadata XML is shared below.
  Plugin Code
  public class NewPlugin extends AbstractAuthenticationPlugIn {
  private static final String CLASS_NAME = "FirstTestClass";
  public ExecutionStatus initialize (PluginConfig config){
  super.initialize(config);
  if(LOGGER.isLoggable(Level.FINE)){
  LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
  return ExecutionStatus.SUCCESS;
  @Override
  public String getDescription() {
  // TODO Auto-generated method stub
  return null;
  @Override
  public Map<String, MonitoringData> getMonitoringData() {
  // TODO Auto-generated method stub
  return null;
  @Override
  public String getPluginName() {
  // TODO Auto-generated method stub
  return null;
  @Override
  public int getRevision() {
  // TODO Auto-generated method stub
  return 0;
  @Override
  public ExecutionStatus process(AuthenticationContext context)
  throws AuthenticationException {
  if(LOGGER.isLoggable(Level.FINE)){
  LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
  return ExecutionStatus.SUCCESS;
  @Override
  public void setMonitoringStatus(boolean arg0) {
  // TODO Auto-generated method stub
  @Override
  public boolean getMonitoringStatus() {
  // TODO Auto-generated method stub
  return false;
  MANIFEST.MF
  Manifest-Version: 1.0
  Bundle-ManifestVersion: 2
  Bundle-Name: NewPlugin Plug-in
  Bundle-SymbolicName: NewPlugin
  Bundle-Version: 1.0.0
  ImportPackage:org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,oracle.security.am.common.utilities.principal,oracle.security.idm,javax.naming,javax.sql,javax.security.auth
  Bundle-RequiredExecutionEnvironment: JavaSE-1.6
  METADATA XML
  <?xml version="1.0" encoding="UTF-8" ?>
  <Plugin name="NewPlugin" type="Authentication">
  <author>me</author>
  <email>[email protected]</email>
  <creationDate>11:40:20,2012-13-02</creationDate>
  <version>1</version>
  <description>Custom User Authentication Plugin</description>
  <interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
  <implementation>newplugin.NewPlugin</implementation>
  <configuration>
  <AttributeValuePair>
  <Attribute type="String" length="20">DataSource</Attribute>
  <mandatory>true</mandatory>
  <instanceOverride>false</instanceOverride>
  <globalUIOverride>true</globalUIOverride>
  <value>jdbc/CISCO</value>
  </AttributeValuePair>
  </configuration>
  </Plugin>

  Your search results show that the user "collini" was not found (nentries=0). This could be caused by a number of reasons.
  1) The user doesn't exist under "ou=people,dc=our,dc=domain"
  2) The user doesn't contain the posixAccount objectclass
  3) The user account that performed the search doesn't have access rights to read/search that user account
  What user account was used to BIND on the connection that the search was done on?
  Try performing the same exact search with an account you know can retrieve the entry. For example:
  ldapsearch -D "cn=Directory Manager" -w - -b ou=people,dc=our,dc=domain -s one "(&(objectClass=posixAccount)(uid=collini))"
  If the entry doesn't return as a result of the search then either #1 or #2 above is the problem. If the entry does return then #3 is your problem.

• OAM 11g Single Sign-On and OAM 11g Cookies

  Hi all,
  I need to know following,
  is it possible to get the username and password from the OAM 11g + IIS Webgate cookies and forward the same to the application for further authentication? is there any way to decrypt the cookie and use the information in the application?
  Regards.

  Yes , you can get the user password ,but for that you will have to write a custom plugin , else it is not possible.
  Refer step number 9 in the blog Single Sign on with Oracle Access Manager: Creating a Custom Authentication Plugin

• Double login page for oam console

  Hi All,
  I have installed OAM 11.1.1.5 and now trying to access OAM through OHS, i am getting double login page 1st OAM SSO page and after that OAM native page.
  installations details
  OAM 11.1.1.5
  OHS 11.1.1.5
  webgate 10g
  Please let me know how to fix this issue
  Regards
  A Abhinay

  Give the Success and failure URLs in Application Domain and Check where it is redirecting
  Thanks
  Kumar