Urgent: Access Manager resource Adapter

Hi,
I am able to provision TAM using Access Manager Resource adapter from SUN IDM. But TAM has some custom attributes which need to be provisioned through IDM. Can Access Manager Resource adapter do it? Has anyone come across this scenario and what is the possible solution. Any input is greatly appreciated.
Thanks,
ARK

Not Sure
But you need to make custom attributes mapping in Resource adapter and then they should be provisioned in TAM.
Tried with SAM , but TAM i am not sure.

Similar Messages

  • Sun Access Manager Resource & password resets

    Hi,
    I've got IDM 7.1 and AM 7.1, with a Sun Access Manager Realm resource. The LDAP directory (DS EE 6.0) sitting behind the AM resource has been set up to "Require Password Change at First Login and After Reset".
    However, if a user in IDM changes their AM password, the connection to AM is done as the resource adapter user, not themselves; this means that the pwdReset flag is not cleared on their account in AM, and AM will demand a password change on next login.
    This is obviously non-optimal for us, as we'd like them to change their password through IDM.
    Is there any way to change the DS policies to allow for this situation, OR to set the pwdReset flag through the resource adapter, OR to get the resource adapter to connect as the user when the Change Password flow is performed?
    Thanks,
    Michael.

    Hi Michael,
    Could you please share the solution for the problem you are facing.
    I am facing a similar issue.
    When an admin resets the password of a user and when the user logs in, he/she needs to be redirected to IDM change password page. Instead the redirection to AM change password functionality is displayed.
    Thanks,
    Vinu

  • Ear access standalone Resource Adapter problem

    I deployed a standalone resource adapter. Then I deployed a ear.
    In the ear, I try to look up the resource adapter, I got an exception:
    javax.naming.NameNotFoundException: No Object found: MyRA|null
    In weblogic-ra.xml, I added:
    <enable-global-access-to-classes>true</enable-global-access-to-classes>
    but still have the problem.
    However, when I embeded the RA in the ear and deploy the ear, I can get the RA by lookup()
    Is there anyway I can get successfully look up the standalone RA?
    P.S.
    My problem seems to be similar with an earlier post "Access Resource Adaptar outside the EAR".
    Access Resource Adaptar outside the EAR
    My problem is different.
    I lookup the RA in an ear deployed in the server.
    However, I'm not using EJB to lookup the RA.
    server version: weblogic server 11g r1
    Thanks a lot

    My RA runs correctly after deployment, I can see my RA in the JNDI tree.
    I just did some more tests.
    I use the following way to look up:
    InitialContext ctx = new InitialContext();
    ConnectionFactory cf = (ConnectionFactory) ctx.lookup("MyConnectionFactory");
    If I look up it in an EJB, I can get the object.
    But when I look up in a servlet, no object can be found.
    The servlet is in a war embeded in the ear.

  • Problem with Access Manager intergration

    Hi,
    I'm integrating Identity Manager and Access Manager.
    I've configured the End User interface to use Access Manager for authentication, and I have (as far as I can tell) everything else set up and working correctly. When I access the end user pages I get the following error:
    Access Manager (Sun Access Manager Realm):Successfully authenticated '00000001' on resource 'Access Manager' and found a Lighthouse user with the same accountId, but no matching resource accountIdI've checked and confirmed that there is an attribute being passed in the header
    'sois_user = 00000001'
    And I have the following defined:
          <Attribute name='common resources'>
            <Object>
              <Attribute name='AM Resources'>
                <List>
                  <String>Enterprise Directory</String>
                  <String>Access Manager</String>
                </List>
              </Attribute>
            </Object>
          </Attribute>I suspect that it is the common resources that is failing, because its looking for an accountId that matches the DN of the account in LDAP rather than the LogonID. Can anyone provide pointers on how to resolve this?
    All suggestions gladly received,
    R

    Michael,
    Thanks for your help, I understand your answer. However, I am using the Access Manager realm adapter which the docs say can't manage users, so no account is being exposed there.
    I have found the solution though and it involves a couple of steps:
    Firstly, the sois_user value that is passed by the header has to be the DN of the LDAP account.
    Secondly, I think the order of the accounts in the 'common resources' definition needs to have the LDAP resource defined first.
    Finally, the Login group needs to have both the Access Manager and LDAP login modules.
    With these 3 components in place, SSO to IdM works.
    R

  • Access BAPIs Using the SAP Java Resource Adapter

    Hi experts,
    Can someone tell me how to Access BAPIs Using the SAP Java Resource Adapter?

    hi Shweta,
    Please refer the step by step procedure:
    1. Start the deploy tool of the SAP J2EE Application Server with the DeployTool.bat in the directory //<SAP J2EE Engine Installation Directory/.../j2ee/deploying.
    2. Choose Project &#8594; New Project and enter a name for the new project.
    3. Click on the Deployer tab.
    4. From the menu path, choose Deploy &#8594; EAR &#8594; Load Module and select the sapjra.rar file.
    5. For the newly created node sapjra.rar, choose Server Settings &#8594; Identity Subjects and select Caller Impersonation as authentication type, so that the J2EE user data is used to log on to the ABAP system.
    6. Make sure that the J2EE Application Server is running. Connect to the J2EE Application Server with Deploy &#8594; Connect.
    7. Deploy the sapjra.rar using the menu Deploy &#8594; Deployment &#8594; Deploy Module.
    8. Enter SAPJRADemo as application name and start the application.
    9. Close the deploy tool.
    10. Start the Visual Administrator again.
    11. Select the Cluster tab and switch to <Server Node> &#8594; Services &#8594; Connector Container.
    12. Click on the Runtime tab and choose sap.com/SAPJRADemo &#8594; eis/SAPJRADemoFactory.
    13. Choose Managed Connection Factory &#8594; Properties. On this page, you need to specify the logon data for the ABAP system. There is already some dummy data visible in the property list if no real system data has been specified so far.
    14. To change the value of a property, select the property in the list, change the value underneath it, and add the changes using the Add button. At the end, do not forget to save all changes by pressing the button Save Changes. The user configured for the SAP JRA must be the user authorized to read metadata of function modules.

  • URGENT : Challenge questions query: Oracle Access Manager 10g

    Hi all,
    This is a query regarding password challenge questions in Oracle Access Manager 10g. We have created password policies for a specific container in OID (say cn=xxx,cn=users,dc=oracle,dc=com) and it is working fine.
    In order to exclude certain set of users (say user ABC ) for password policies, we have set the obpasswordchangeflag to false for those users which are in same container for which password policy is created.
    When we try to login to the application with the user say ABC, I am not seeing any reset password page - I am happy till this point. However it is showing Configure Challenge questions page. Is there any way to bypass this page? Or is this the expected behavior?
    This is very urgent and prompt reply is very much appreciated.
    -Mahendra

    Hi Mahendra,
    This is expected behaviour. In order to exclude the password policy management for some certains user for particular domain/container. please add the below configuration parameter to your OAM10g password policy.
    Password Policy Filter Field     (!(|(cn=xxx)(cn=abc)))
    ----Ajay

  • Oracle Access Manager-Protecting resources

    Hi,
    I have installed the Oracle Access Server/Identity Server/Policy managerWebpass/Webgate etc...I want to create policy domains and resources in the policy manager to protect certain internal websites. Is there any crisp documentation that some one can share to do the basics atleast? the oracle documentation is insanely extensive with links/references all over the place and I find it very difficult to understand how the policies are constructed. I have created couple of authentication schemes (basic/Form) that can be used. to start off i have a basic login page created in IIS that can be used for user input and also have a couple of other html files in a folder under it. If some one can share a document that takes me step by step to protecting a resource, it will be great.
    Thanks in advance.
    Naresh

    Two suggestions:
    1) Ask the question in a group inhabited by OAM users ... this group is generically for doc issues. (ANd yes, you mention a doc issue, but very few OAM users visit here.)
    - a place for that might be: http://forums.oracle.com and scroll down to Identify Management
    2) Look through OTN in the product portal (http://otn.oracle.com > Products: Middleware > Identify Management: Identity Management > Oracle Access Manager)

  • Problem with Oracle Adaptive Access Manager 10g

    Hello, I'm trying to install the OAAM following the Installation and Configuration Guide (http://download.oracle.com/docs/cd/E12057_01/doc.1014/e12050/toc.htm).
    In The Package Contents section speaks of a zip file named oaam_bin.zip but never says where could I download it. Anybody know where do I get it?
    I have already downloaded the Oracle Adaptive Access Manager 10g (10.1.4.2.0) CD1 named V11415-01.zip from http://www.oracle.com/technology/software/products/ias/htdocs/101401.html but it is not the zip file that the documentation talks about.
    I'm looking for in many sites but i have no luck.
    Thanks a lot!
    Guido.

    The documentation you are referring to is for 10.1.4.5.0 and not 10.1.4.2.0. After installing version 10.1.4.2.0, install patch 10.1.4.3.0. You will see oaam_bin.zip and the necessary files in it. The patch number is 6987695.
    You might be interested in patch 10.1.4.3.1 (#7324863) also. Check the readme file for details.
    -shetty2k

  • Can't Find Custom Work Manager For Resource Adapter

    I'm creating an inbound resource adapter and wish to throttle the number of connections via a custom work manager.
    If I understand the BEA docs, I can declare and define a resource adapter's work manager inside of its entry in weblogic-ra.xml .
    For example:
    <?xml version = "1.0"?>
    <weblogic-connector xmlns="http://www.bea.com/ns/weblogic/90">
    <jndi-name>InboundRA</jndi-name>
    <!-- WM declared below -->
    <work-manager>
         <name>CustomWM</name>
         <max-threads-constraint>
    <name>maxthreads</name>
         <count>3</count>
         </max-threads-constraint>
    </work-manager>
    However, upon startup I see :
    <BEA-002919> <Unable to find a WorkManager with name CustomWM . Dispatch policy CustomWM will map to the default WorkManager for the application appsdirCustom_ear> .
    So it uses the default work manager.

    Well, I did it again. Solved my own problem two hours after I posted it. Which, I guess, is better than not solving it.
    I mistakenly thought that the <work-manager> entry in weblogic-ra.xml is a declaration. It is apparently a reference.
    I declared a WorkManager of the same name in the WLS 9 console, restarted the server, and it appears that I am now using the custom work manager.
    The max-threads constraint also works.

  • Error while building cube using Relational Access Manager - URGENT

    When we try to build the Express Hybrid database using Relational Access Manager, We got the following error in the Windows NT Event log.
    "[159] XCA Interface - Exception C0000005 occurred in the XTLLISTN:ClientThread() function in the XWCXCA.DLL module"
    We are using Oracle Express 6.3.2 and Windows NT 4.0 Enterprise and Oracle 8.1.7
    Kindly Help
    Thanks & Regards
    ashish

    We are using Oracle Express 6.3.2 and Windows NT 4.0 Enterprise and Oracle 8.1.7
    -------------------------------------------------------------------------------- Unfortunately your configuration is not officially certified. You will want to upgrade to Express 6.3.2.1 in order to run against Oracle 8.1.7.
    Server Certifications for Windows NT 4.0:
    Express 6.3.2 with Oracle EE 8.1.6
    Express 6.3.2.1 with Oracle EE 8.1.7 & 9.0.1
    Express 6.3.4 with Oracle EE 8.1.7 & 9.0.1

  • Urgent help requested: Access Manager integration with BEA Portal

    We're using Access Manager 7.1 and Policy Agent 2.2 to authenticate users for our BEA WL Portal 10 which contains all of our content and applications. The portal contains both anonymous pages and protected pages (for registered users).
    Problem: When an anonymous user who is going through a multi-step application flow decides to sign-in to their account (or sign-up) Policy Agent wipes out the current content of the user session, and creates a brand new user session after the user is authenticated. Therefore we cannot send the user back to the same spot in the portal where they were before signing-in.
    Is there anyway to make Policy Agent preserve the content and state of http session when authenticating a user?
    We have a business requirement to allow users to continue their application process after successfully signing in.
    Thanks in advance.

    Hi,
    I think this problem is not just related to weblogic 10 agent, it is a general problem for any agents.
    Can you please clarify what you mean by "anonymous user "? Do you mean that this user has never logged in to Access Manager, and is just browsing the site as an anonymous user, or do you have a role specified as "anonymous user " that they are currently logged into when browsing the site?
    thx,
    Sean

  • Very Urgent: Sun Access Manager 7.1 SSO with Domino 6.5.4

    Hi,
    I am facing some perplexing issue while making SSO work on Domino ( running on Win2k3 )using Sun AM 7.1( running on the same machine ).
    After following all the steps outlined in the policy agent 2.2 guide, I am not being able to access 'names.nsf' in the browser. The Domino Server is getting crashed.
    The log which I get in 'amagent' says :
    2007-05-31 00:31:11.906 Error 4136:7b42aa8 PolicyAgent: render_response(): Entered.
    2007-05-31 00:32:01.109 Error 4136:7b43210 PolicyEngine: am_policy_evaluate: InternalException in AuthService::create_auth_context() with error message:Error sending request for authentication context from server. and code:16
    What do I need to do inorder to make it work.
    I also have some questions regarding the agent. The doc says that the name of the DSAPI filter is "libamdomino6.dll". whereas in the agent which i downloaded from SUN, i only see "amdomino6.dll" & "amdomino.dll". Are the dlls correct. Which one should I use?
    Also i have set the values in properties file as :
    com.sun.am.policy.am.username =testAgent
    com.sun.am.policy.am.password =LYnKyOIgdWt404ivWY6HPQ==
    after creating an Agent under Subjects under the main realm. Have also put the crypted password.
    Moreover, Now if i remove the DSAPI filter value, then the domino server is no longer protected. And i can access any url on the server.
    If you have any idea as to how to make this work, please let me know asap.
    Thanks & Regards,
    Niraj

    Hi,
    I installed opensso (so Sun Java(TM) System Access Manager 7.5) and the agent for Domino 6.5.4 and I have the message in logs "amAgent"
    2007-07-11 18:40:16.119 Error 1708:3dbcf768 PolicyAgent: render_response(): Entered.
    I have the box to identify but it doesnot connect me on my opensso server.
    It still identify with Domino's server
    Thanks for your response
    Thomas

  • Remedy resource adapter very urgent

    Hi all,
    we recently did the idm upgrade 7.1 to 8.1.1.2. all the resource adapters are working fine. but, remedy resource adapter test connection is successful, the account is not creating. in the trace files. i am seeing this error. please some help me as soon as possible. that will be great for me. thanks in adavace.
    JAVA.LANG.NULLPOINTEREXCEPTION AT COM.WAVESET.ADAPTER.AGENTRESOURCEADAPTER.GETRESINFO(AGENTRESOURCEADAPTER.JAVA:1621) AT COM.WAVESET.ADAPTER.AGENTRESOURCEADAPTER.DOCREATEORUPDATEREQUEST(AGENTRESOURCEADAPTER.JAVA:1347) AT COM.WAVESET.ADAPTER.AGENTRES...
    Thanks,

    Hey,
    Answer is NO. If your not using proxies then you can't use XI adapter go for RFC adapter.
    Itz not a big deal jzu go through these
    http://help.sap.com/saphelp_nw04/helpdata/en/c8/e80440a832e369e10000000a155106/content.htm
    File to RFC
    /people/arpit.seth/blog/2005/06/27/rfc-scenario-using-bpm--starter-kit
    <b>Cheers,
    *RAJ*
    *REWARD POINTS IF FOUND USEFULL*</b>

  • Does idm support maintenance of access manager's group/role/filtered role

    The xml of Access Manager Realm Resource Adapter has object types group, role and filtered role with object feature list,create, update and delete. Does that mean with the adapter installed, we can make use the idm to maintain the access manager's group/role/filteredrole? Is there any customization/configuration needed in order to provision these features in idm?
    Thanks,

    1. The AM agent can return ldap attributes after authentication. What you can do is use Sun Directory Server Proxy to provide a virtual view of both LDAP and your DB to AM.
    2. Sun Role Manager is a tool for role mining and attestation, ie it helps with compliancy verifications which is required by many businesses these days. Sun Identity Manager does not need Sun Role Manager if you just want to provision roles for your users, however, as it appears to be the case in your envirionment, the roles created by IDM are exported to SRM for compliance verifications.

  • How to install custom Resource Adapter

    Hi I have writen the java class for the Custome Resource adapter and I loaded the .class file into web-inf classes folder.I followed the installation steps given in the deployement document.In that I am not understanding one step i.e "Install .class file and help file into IDM" How can we do this and How to get the particular resource under Managed Resources tabe of Configure tab./its very urgent for me any kind of help is appriciable.

    Ok, since it is urgent, do it the way Sun/Waveset inserts the adapters.
    1.) Alter your java code to have
    package com.waveset.adapter;
    As your package line.
    2.) Compile the adapter to a class file.
    3.) Grab the idm.jar file from $WSHOME/WEB-INF/lib and copy it to e.g /tmp
    4.) unjar it. jar -vxf idm.jar
    5.) copy the your adapter class file to /tmp/com/waveset/adapter
    6.) jar the archive. jar -cvf idm.jar /tmp/com
    7.) Make a backup of the original idm.jar, and copy the new to the old position replacing the old jar-file. Bounce your app-server.
    8.) Log in as configurator or an administrator with equal capabilities. And add the custom adapter using the previous procedure... although, use the adaper class path
    com.waveset.adapter.YourCustomAdapter
    9.) Go to debug pages and put tracing on the same class file, and tail -f the app-server std out.
    10.) try to configure the adapter. Note any eventual error messages. Post error messages on the forum along with the std out log.
    If your adapter code works, it should work... if not your problems are elsewhere.
    Please not that this set up is not recommended for production environment and if you apply service packs etc this fix will break!

Maybe you are looking for

  • How to handle error for a file to file transform in ODI

    I am doing a lab for file to file transformation where source = CSV file and target = Flat file. 1) When I am changing the datatype in source two files are getting created where one having the errored out data and the other having the errored message

  • Webpage using host name without domain

    Installed 10g successfully but when I try to naviagte the url is only using the computer host name without the domain. I keep getting the DNS_ERROR. If I manually append the domain in the webpage it works. Installed on Solaris 10.

  • Design Exercise - LAN Solution

    I have an opportunity to gain employment with a network consulting firm. Part of the process is to take some information that goes through a mock RFP and come up with a design. It is an excellent way for them to see what I have to offer given all the

  • Rehire contingent worker to employee into a different business group

    How to rehire contingent worker as an employee to a different business group programatically. I used hr_employee_api.hire_into_job to rehire into the same BG. Can any one suggest a solution ? Regards Thomas

  • NOKIA X6 PROBLEM!

    I'm having a problem with my Nokia X6. Whenever I get a phone call the number does not appear. It just says 'call'. If I get a missed call the number does not appear in the log either. Please help!