Urgent: OAM 11g allow/block URLs

Hi All
I am using OAM 11g R1 and want to allow some and block some URLs. Please let me know if this can be configured in OAM.
URLs to be allowed:
http://Hostname1:80/rootContext?x=1
http://Hostname1:80/rootContext?x=2
URLs to be blocked:
http://Hostname1:80/rootContext?x=3
http://Hostname1:80/rootContext?x=4
Please help. This is really urgent
Thanks

I am aware of OAM configurations but want to know more about this specific configuration where the resource URL is the same and just the query parameter is different.

Similar Messages

Urgent: OAM 11g issue

Hi all,
I have installed OHS 11g & webgate 11g in one machine and OAM 11g in another machine. While starting the OHS i am getting the following error in ohs1.log file.
[2012-12-04T14:41:42.3674+05:30] [OHS] [ERROR:32] [OHS-9999] [apache2entry_web_g
ate.cpp] [host_id: X.X.X.X] [host_addr: X.X.X.X] [ti
d: 1128900928] [user: pfserver] [ecid: 004o0D14RwW3FClqwsJb6G0001pD000000] [rid:
0] [VirtualHost: main] OBWebGate_AuthnAndAuthz: The AccessGate is unable to co
ntact any Access Servers.
[2012-12-04T14:41:42.3684+05:30] [OHS] [ERROR:32] [OHS-9999] [odl_log.c] [host_i
d: X.X.X.X] [host_addr: X.X.X.X] [tid: 1128900928] [
user: pfserver] [ecid: 004o0D14RwW3FClqwsJb6G0001pD000000] [rid: 0] [VirtualHost
: main] Request Failed for : /index.html, Resp Code : [500]
both the server clock's are running in same timing. But if i install OHS and webgate in same server which is in OAM server host i am not getting any error.
I am getting confused in one thing.I am getting error "Request Failed for : /index.html". But i haven't give index.html as resource while doing webgate registration.
How to resolve this issue.Please help me ASAP.Its very urgent.
Regards,
Deena.

2 things.
How did you register the agent ? - through UI or through rreg.
if through UI i would suggest you try to register using rreg inband registration and let me know if that is successful.
If that fails (which i think it will)
Its most likely a problem with your java version.
I know for sure that Java version 1.6.0_37 doesn't work and that 1.6.0.41 works for sure.
Can you try installing a different version of java.
if on linux use the
update-alternatives --config java
as root to point to the java (other version that you installed) and try again.
Let me know if that helps.
Cheers
-Kungo

OAM 11g "Failure URL" in Authoriztion policy not working?

Hi,
Per the subject, I am running OAM server 11g (11.1.1.3), with an OAM 10g Apache webgate.
In the OAM Authorization policy (protected), I have specified a full URL for the "Failure URL", to get the browser to redirect when an authorization failure occurs.
However, when I test with a user that does not have access (user authenticates ok, but doesn't have right to access the protected resource), instead of the browser being redirected, I am getting an "Oracle Access Manager Operations Error" page.
I've been trying to figure this out, and have found several threads about this, e.g.:
OAM 11g authz redirect URL not working?
But, as I said, I am using OAM 11g server, and there is no "Inconclusive URL" in the policy settings (I guess there was in 10g, but not in 11g).
I have trace logging enabled on the OAM server, and I can clearly see that the request is getting "results DENY", but there's no indication in the logs that OAM server is aware of any failure redirection URL.
I've also got a header trace, and I can see that the browser is simply being re-directed to the "/oberr.cgi...." URL, so it' not going "somewhere else".
So, does anyone know why the "Failure URL" is not working in OAM 11g in Authorization policies?
Thanks,
Jim
P.S. The URL that it's suppose to be re-directing the browser to is in the Public resources under Authorization, and as I said, I don't see the browser even attempting to go to the failure URL, either via header traces or the OAM server logs.
Edited by: jimcpl on Nov 5, 2011 8:53 PM

Hi,
Per the subject, I am running OAM server 11g (11.1.1.3), with an OAM 10g Apache webgate.
In the OAM Authorization policy (protected), I have specified a full URL for the "Failure URL", to get the browser to redirect when an authorization failure occurs.
However, when I test with a user that does not have access (user authenticates ok, but doesn't have right to access the protected resource), instead of the browser being redirected, I am getting an "Oracle Access Manager Operations Error" page.
I've been trying to figure this out, and have found several threads about this, e.g.:
OAM 11g authz redirect URL not working?
But, as I said, I am using OAM 11g server, and there is no "Inconclusive URL" in the policy settings (I guess there was in 10g, but not in 11g).
I have trace logging enabled on the OAM server, and I can clearly see that the request is getting "results DENY", but there's no indication in the logs that OAM server is aware of any failure redirection URL.
I've also got a header trace, and I can see that the browser is simply being re-directed to the "/oberr.cgi...." URL, so it' not going "somewhere else".
So, does anyone know why the "Failure URL" is not working in OAM 11g in Authorization policies?
Thanks,
Jim
P.S. The URL that it's suppose to be re-directing the browser to is in the Public resources under Authorization, and as I said, I don't see the browser even attempting to go to the failure URL, either via header traces or the OAM server logs.
Edited by: jimcpl on Nov 5, 2011 8:53 PM

Failure Responses in OAM 11g

Hi
We are in process of migrating OAM 10g to OAM 11g.
We had configured OAM 10g to send headers and cookies on authN and authZ failures. but the same thing i cannot see in OAM 11g. We only have the option to configure failure URLs but not the headers or cookies.
Is there ant workaround for the same because customer wanted to send failure headers/cookies also.
Thanks and Regards

The server allows the user to retry authentication a number of times. Once they have exceeded retries, they are redirected to the failure URL.
The number of attempts can be modified in the oam-config.xml file in the MaxRetryLimit setting as in the example below:
             <Setting Name="OAMServerProfile" Type="htf:map">
             <Setting Name="OAMSERVER" Type="htf:map">
             <Setting Name="serverhost"
Type="xsd:string">oam-host</Setting>
             <Setting Name="serverport" Type="xsd:string">8002</Setting>
             <Setting Name="serverprotocol"
Type="xsd:string">http</Setting>
             <Setting Name="MaxRetryLimit" Type="xsd:integer">5</Setting>
             </Setting>
Please not that, Please have back up and do changes. We prefer have test in Dev if it works then relative Env.
Thanks

OAM 11g Webgate 10g customized SSO logout page

As stated in the title, I am using OAM 11g and Webgate 10g. I am trying to create a customized SSO logout page but am confused on a few parts. First off, in http://docs.oracle.com/cd/E17904_01/doc.1111/e15478/logout.htm#CHDHFGJC , it states the following step for their logout.html:
Logic in logout.html redirect to the OAM Server. For example:
http://myoamserverhost:port/oam/server/logout?end_url=http://my.site.com/
welcome.htmlMy question is if this is truely required? Or is there a way to have OAM invalidate the session and do its internal part of the logout procedures without needing to force the user to redirect to the OAM server's logout URL (eg: it automatically recognizes that the Webgate URL is "...../logout.html" and handles it properly). From talking to colleagues it sounds like this should be possible, and I see some mentions of it in the above documentation, but this appears to be 11g OAM and 11g Webgate behavior. At the same time though, the line "Logout is initiated when an application causes the invocation of the logout.html file configured for any registered OAM 10g Webgate." Leads me to believe that it can work with 10g webgate as well.
Or, is there a way to have multiple valid logout pages on the OAM server? (There is currently a customized logout page that we cannot modify, and does not meet all the requirements we have for look/feel)
Thank you
Edited by: mBaldwin on Apr 12, 2013 10:30 AM

Bump Any ideas?

OAM 11g not starting

Hi All,
I recently installed OAM 11g using following Steps:
1. Installed 11g DB
2. RCU utility for creating OAM repositories
3. Installed WebLogic 11g
4. Added OAM instances to the Weblogic Domain
5. Launch Weblogic
5.1 Weblogic ADMIN console coming up without any issues: http://oam:7001/console
5.2 When I try to Launch OAM App from Weblogic console or CMD prompt (using command: startManagedWeblogic.cmd oam_server1 t3://oam:14001) I get the following error: OAM is not coming up:
============================================================
####<Nov 1, 2010 11:38:30 AM GMT-04:00> <Info> <Management> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625910745> <BEA-141187> <Java system properties are defined as follows:
CSS_TOOLKIT_LOC = C:\Oracle\Middleware\Oracle_IDM1\oam\server\lib\csslib
OAM_CONFIG_FILE = C:\Oracle\MIDDLE~1\USER_P~1\domains\oam\config\fmwconfig\oam-config.xml
OAM_ORACLE_HOME = C:\Oracle\Middleware\Oracle_IDM1\oam
OAM_POLICY_FILE = C:\Oracle\MIDDLE~1\USER_P~1\domains\oam\config\fmwconfig\oam-policy.xml
OAM_PROXY_LOG = C:\Oracle\MIDDLE~1\USER_P~1\domains\oam\config\fmwconfig\oam_proxy_logging.properties
awt.toolkit = sun.awt.windows.WToolkit
common.components.home = C:\Oracle\MIDDLE~1\ORACLE~1
domain.home = C:\Oracle\MIDDLE~1\USER_P~1\domains\oam
em.oracle.home = C:\Oracle\Middleware\oracle_common
file.encoding = Cp1252
file.encoding.pkg = sun.io
file.separator = \
igf.arisidbeans.carmlloc = C:\Oracle\MIDDLE~1\USER_P~1\domains\oam\config\FMWCON~1\carml
igf.arisidstack.home = C:\Oracle\MIDDLE~1\USER_P~1\domains\oam\config\FMWCON~1\arisidprovider
java.awt.graphicsenv = sun.awt.Win32GraphicsEnvironment
java.awt.headless = true
java.awt.printerjob = sun.awt.windows.WPrinterJob
java.class.path = C:\Oracle\MIDDLE~1\WLSERV~1.3\server\ext\jdbc\oracle\11g\ojdbc6dms.jar;C:\Oracle\MIDDLE~1\patch_wls1033\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\JROCKI~1.0-6\lib\tools.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic_sp.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.jar;C:\Oracle\MIDDLE~1\modules\features\weblogic.server.modules_10.3.3.0.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\webservices.jar;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1/lib/ant-all.jar;C:\Oracle\MIDDLE~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\Oracle\MIDDLE~1\ORACLE~1\soa\modules\commons-cli-1.1.jar;C:\Oracle\MIDDLE~1\ORACLE~1\soa\modules\oracle.soa.mgmt_11.1.1\soa-infra-mgmt.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\agent\modules\oracle.oam.wlsagent_11.1.1\oam-wlsagent.jar;C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrf.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\common\derby\lib\derbyclient.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\xqrl.jar
java.class.version = 50.0
java.endorsed.dirs = C:\Oracle\MIDDLE~1\JROCKI~1.0-6\jre\lib\endorsed
java.ext.dirs = C:\Oracle\MIDDLE~1\JROCKI~1.0-6\jre\lib\ext
java.home = C:\Oracle\MIDDLE~1\JROCKI~1.0-6\jre
java.io.tmpdir = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
java.library.path = C:\Oracle\MIDDLE~1\JROCKI~1.0-6\bin;.;C:\WINDOWS\system32;C:\WINDOWS;C:\Oracle\MIDDLE~1\patch_wls1033\profiles\default\native;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\32;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\bin;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\Oracle\MIDDLE~1\JROCKI~1.0-6\jre\bin;C:\Oracle\MIDDLE~1\JROCKI~1.0-6\bin;c:\app\Administrator\product\11.2.0\dbhome_1\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\32\oci920_8
java.naming.factory.initial = weblogic.jndi.WLInitialContextFactory
java.naming.factory.url.pkgs = weblogic.jndi.factories:weblogic.corba.j2ee.naming.url:weblogic.jndi.factories:weblogic.corba.j2ee.naming.url
java.protocol.handler.pkgs = oracle.mds.net.protocol|weblogic.net
java.runtime.name = Java(TM) SE Runtime Environment
java.runtime.version = 1.6.0_17-b04
java.security.policy = C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.policy
java.specification.name = Java Platform API Specification
java.specification.vendor = Sun Microsystems Inc.
java.specification.version = 1.6
java.vendor = Oracle Corporation
java.vendor.url = http://www.oracle.com/
java.vendor.url.bug = http://download.oracle.com/docs/cd/E15289_01/go2troubleshooting.html
java.version = 1.6.0_17
java.vm.info = compiled mode
java.vm.name = Oracle JRockit(R)
java.vm.specification.name = Java Virtual Machine Specification
java.vm.specification.vendor = Sun Microsystems Inc.
java.vm.specification.version = 1.0
java.vm.vendor = Oracle Corporation
java.vm.vendor.url = http://www.oracle.com/
java.vm.vendor.url.bug = http://download.oracle.com/docs/cd/E15289_01/go2troubleshooting.html
java.vm.version = R28.0.0-679-130297-1.6.0_17-20100312-2123-windows-ia32
javax.management.builder.initial = weblogic.management.jmx.mbeanserver.WLSMBeanServerBuilder
javax.rmi.CORBA.PortableRemoteObjectClass = weblogic.iiop.PortableRemoteObjectDelegateImpl
javax.rmi.CORBA.UtilClass = weblogic.iiop.UtilDelegateImpl
javax.xml.rpc.ServiceFactory = weblogic.webservice.core.rpc.ServiceFactoryImpl
javax.xml.soap.MessageFactory = weblogic.webservice.core.soap.MessageFactoryImpl
jrf.version = 11.1.1
jrockit.optfile = C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt
kernel.download.enabled = false
oes.enabled = true
oes.integration.path = C:\Oracle\Middleware\Oracle_IDM1\oam\server\lib\oeslib\oes-integration.jar
oes.jars.home = C:\Oracle\Middleware\Oracle_IDM1\oam\server\lib\oes-d8
oracle.core.ojdl.logging.applicationcontextprovider = oracle.core.ojdl.weblogic.ApplicationContextImpl
oracle.core.ojdl.logging.componentId = oam_server1
oracle.core.ojdl.logging.usercontextprovider = oracle.core.ojdl.weblogic.UserContextImpl
oracle.domain.config.dir = C:\Oracle\MIDDLE~1\USER_P~1\domains\oam\config\FMWCON~1
oracle.oaam.home = C:\Oracle\Middleware\Oracle_IDM1\oaam\
oracle.security.am.SERVER_INSTNCE_NAME = oam_server1
oracle.security.jps.config = C:\Oracle\MIDDLE~1\USER_P~1\domains\oam\config\fmwconfig\jps-config.xml
oracle.server.config.dir = C:\Oracle\MIDDLE~1\USER_P~1\domains\oam\config\FMWCON~1\servers\oam_server1
org.apache.commons.logging.Log = org.apache.commons.logging.impl.Jdk14Logger
org.omg.CORBA.ORBClass = weblogic.corba.orb.ORB
org.omg.CORBA.ORBSingletonClass = weblogic.corba.orb.ORB
org.xml.sax.driver = weblogic.xml.jaxp.RegistryXMLReader
org.xml.sax.parser = weblogic.xml.jaxp.RegistryParser
os.arch = x86
os.name = Windows 2003
os.version = 5.2
path.separator = ;
platform.home = C:\Oracle\MIDDLE~1\WLSERV~1.3
sun.arch.data.model = 32
sun.boot.class.path = C:\Oracle\MIDDLE~1\JROCKI~1.0-6\jre\lib\resources.jar;C:\Oracle\MIDDLE~1\JROCKI~1.0-6\jre\lib\rt.jar;C:\Oracle\MIDDLE~1\JROCKI~1.0-6\jre\lib\sunrsasign.jar;C:\Oracle\MIDDLE~1\JROCKI~1.0-6\jre\lib\jsse.jar;C:\Oracle\MIDDLE~1\JROCKI~1.0-6\jre\lib\jce.jar;C:\Oracle\MIDDLE~1\JROCKI~1.0-6\jre\lib\charsets.jar;C:\Oracle\MIDDLE~1\JROCKI~1.0-6\jre\classes
sun.boot.library.path = C:\Oracle\MIDDLE~1\JROCKI~1.0-6\jre\bin
sun.cpu.endian = little
sun.cpu.isalist = pentium_pro+mmx pentium_pro pentium+mmx pentium i486 i386 i86
sun.desktop = windows
sun.io.unicode.encoding = UnicodeLittle
sun.java.launcher = SUN_STANDARD
sun.jnu.encoding = Cp1252
sun.management.compiler = Oracle JRockit(R) Optimizing Compiler
sun.os.patch.level = Service Pack 2
user.country = US
user.dir = C:\Oracle\Middleware\user_projects\domains\oam
user.home = C:\Documents and Settings\Administrator
user.language = en
user.name = Administrator
user.timezone = GMT-04:00
vde.home = C:\Oracle\Middleware\user_projects\domains\oam\servers\oam_server1\data\ldap
weblogic.Name = oam_server1
weblogic.ProductionModeEnabled = true
weblogic.alternateTypesDirectory = C:\Oracle\Middleware\Oracle_IDM1\oam\agent\modules\oracle.oam.wlsagent_11.1.1,C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.ossoiap_11.1.1,C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.oamprovider_11.1.1
weblogic.classloader.preprocessor = weblogic.diagnostics.instrumentation.DiagnosticClassPreProcessor
weblogic.ext.dirs = C:\Oracle\MIDDLE~1\patch_wls1033\profiles\default\sysext_manifest_classpath
weblogic.home = C:\Oracle\MIDDLE~1\WLSERV~1.3\server
weblogic.jdbc.remoteEnabled = false
weblogic.management.discover = false
weblogic.management.server = t3://oam:14001
weblogic.security.SSL.trustedCAKeyStore = C:\Oracle\Middleware\wlserver_10.3\server\lib\cacerts
wls.home = C:\Oracle\MIDDLE~1\WLSERV~1.3\server
wlw.iterativeDev = false
wlw.logErrorsToConsole = false
wlw.testConsole = false
>
####<Nov 1, 2010 11:38:36 AM GMT-04:00> <Notice> <WebLogicServer> <OAM> <oam_server1> <Main Thread> <<WLS Kernel>> <> <> <1288625916703> <BEA-000365> <Server state changed to STANDBY>
####<Nov 1, 2010 11:38:36 AM GMT-04:00> <Notice> <WebLogicServer> <OAM> <oam_server1> <Main Thread> <<WLS Kernel>> <> <> <1288625916703> <BEA-000365> <Server state changed to STARTING>
####<Nov 1, 2010 11:38:36 AM GMT-04:00> <Info> <SAFService> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625916783> <BEA-281003> <SAF Service has been initialized.>
####<Nov 1, 2010 11:38:36 AM GMT-04:00> <Info> <SAFService> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625916813> <BEA-281002> <SAF Service has been started.>
####<Nov 1, 2010 11:38:36 AM GMT-04:00> <Info> <WseeCore> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625916823> <BEA-220502> <The Wsee Service is starting>
####<Nov 1, 2010 11:38:36 AM GMT-04:00> <Info> <Deployer> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625916853> <BEA-149209> <Resuming.>
####<Nov 1, 2010 11:38:39 AM GMT-04:00> <Info> <JDBC> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625919237> <BEA-001177> <Creating Connection Pool named oamDS, URL = jdbc:oracle:thin:@localhost:1521/oimdb, Properties = user=DEV_OAM;oracle.net.CONNECT_TIMEOUT=10000;.>
####<Nov 1, 2010 11:38:39 AM GMT-04:00> <Info> <Common> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625919287> <BEA-000626> <Free resources in pool "oamDS" will be tested every "300" seconds.>
####<Nov 1, 2010 11:38:40 AM GMT-04:00> <Info> <JDBC> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625920068> <BEA-001124> <Created Connection Pool named oamDS.>
####<Nov 1, 2010 11:38:40 AM GMT-04:00> <Info> <JDBC> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625920128> <BEA-001174> <Creating Data Source named oamDS, JNDI Name = jdbc/oamds.>
####<Nov 1, 2010 11:38:40 AM GMT-04:00> <Info> <JDBC> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625920298> <BEA-001512> <Data Source oamDS has been successfully created.>
####<Nov 1, 2010 11:38:40 AM GMT-04:00> <Info> <Diagnostics> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625920399> <BEA-320114> <Initializing the Diagnostics Harvester.>
####<Nov 1, 2010 11:38:40 AM GMT-04:00> <Info> <Diagnostics> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625920409> <BEA-320117> <The Harvester is being disabled because there are no Harvestable types configured specified.>
####<Nov 1, 2010 11:38:40 AM GMT-04:00> <Info> <Diagnostics> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625920419> <BEA-320119> <The Harvester is now in a inactive state.>
####<Nov 1, 2010 11:38:41 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625921761> <BEA-160151> <Registered library Extension-Name: UIX, Specification-Version: 11, Implementation-Version: 11.1.1.1.0 (WAR).>
####<Nov 1, 2010 11:38:42 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625922572> <BEA-160151> <Registered library Extension-Name: adf.oracle.domain, Specification-Version: 1, Implementation-Version: 11.1.1.2.0 (EAR).>
####<Nov 1, 2010 11:38:48 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625928370> <BEA-160151> <Registered library Extension-Name: adf.oracle.domain.webapp, Specification-Version: 1, Implementation-Version: 11.1.1.2.0 (WAR).>
####<Nov 1, 2010 11:38:48 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625928620> <BEA-160151> <Registered library Extension-Name: jsf, Specification-Version: 1.2, Implementation-Version: 1.2.9.0 (WAR).>
####<Nov 1, 2010 11:38:48 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625928691> <BEA-160151> <Registered library Extension-Name: jstl, Specification-Version: 1.2, Implementation-Version: 1.2.0.1 (WAR).>
####<Nov 1, 2010 11:38:48 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625928841> <BEA-160151> <Registered library Extension-Name: ohw-rcf, Specification-Version: 5, Implementation-Version: 5.0 (WAR).>
####<Nov 1, 2010 11:38:48 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625928961> <BEA-160151> <Registered library Extension-Name: ohw-uix, Specification-Version: 5, Implementation-Version: 5.0 (WAR).>
####<Nov 1, 2010 11:38:49 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625929111> <BEA-160151> <Registered library Extension-Name: oracle.adf.dconfigbeans, Specification-Version: 1, Implementation-Version: 11.1.1.2.0 (JAR).>
####<Nov 1, 2010 11:38:49 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625929251> <BEA-160151> <Registered library Extension-Name: oracle.adf.management, Specification-Version: 1, Implementation-Version: 11.1.1.2.0 (WAR).>
####<Nov 1, 2010 11:38:49 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625929281> <BEA-160151> <Registered library Extension-Name: oracle.dconfig-infra, Specification-Version: 11, Implementation-Version: 11.1.1.1.0 (JAR).>
####<Nov 1, 2010 11:38:49 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625929351> <BEA-160151> <Registered library Extension-Name: oracle.jrf.system.filter (WAR).>
####<Nov 1, 2010 11:38:49 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625929572> <BEA-160151> <Registered library Extension-Name: oracle.jsp.next, Specification-Version: 11.1.1, Implementation-Version: 11.1.1 (JAR).>
####<Nov 1, 2010 11:38:49 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625929592> <BEA-160151> <Registered library Extension-Name: oracle.pwdgen, Specification-Version: 11.1.1, Implementation-Version: 11.1.1.2.0 (JAR).>
####<Nov 1, 2010 11:38:49 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625929622> <BEA-160151> <Registered library Extension-Name: oracle.wsm.seedpolicies, Specification-Version: 11.1.1, Implementation-Version: 11.1.1 (JAR).>
####<Nov 1, 2010 11:38:49 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625929642> <BEA-160151> <Registered library Extension-Name: orai18n-adf, Specification-Version: 11, Implementation-Version: 11.1.1.1.0 (JAR).>
####<Nov 1, 2010 11:38:50 AM GMT-04:00> <Error> <Deployer> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625930613> <BEA-149205> <Failed to initialize the application 'oracle.idm.uishell [LibSpecVersion=11.1.1,LibImplVersion=11.1.1]' due to error weblogic.management.DeploymentException: Exception occured while downloading files.
weblogic.management.DeploymentException: Exception occured while downloading files
     at weblogic.deploy.internal.targetserver.datamanagement.AppDataUpdate.doDownload(AppDataUpdate.java:43)
     at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.download(DataUpdate.java:56)
     at weblogic.deploy.internal.targetserver.datamanagement.Data.prepareDataUpdate(Data.java:97)
     at weblogic.deploy.internal.targetserver.BasicDeployment.prepareDataUpdate(BasicDeployment.java:683)
     at weblogic.deploy.internal.targetserver.BasicDeployment.stageFilesForStatic(BasicDeployment.java:725)
     at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:104)
     at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:40)
     at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
     at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:22)
     at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
     at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:166)
     at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
     at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:181)
     at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:97)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused By: java.net.ConnectException: Tried all: '1' addresses, but could not connect over HTTP to server: 'oam', port: '14001'
     at weblogic.net.http.HttpClient.openServer(HttpClient.java:327)
     at weblogic.net.http.HttpClient.openServer(HttpClient.java:419)
     at weblogic.net.http.HttpClient.New(HttpClient.java:246)
     at weblogic.net.http.HttpURLConnection.connect(HttpURLConnection.java:176)
     at weblogic.deploy.service.datatransferhandlers.HttpDataTransferHandler.getDataAsStream(HttpDataTransferHandler.java:75)
     at weblogic.deploy.service.datatransferhandlers.DataHandlerManager$RemoteDataTransferHandler.getDataAsStream(DataHandlerManager.java:153)
     at weblogic.deploy.internal.targetserver.datamanagement.AppDataUpdate.doDownload(AppDataUpdate.java:39)
     at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.download(DataUpdate.java:57)
     at weblogic.deploy.internal.targetserver.datamanagement.Data.prepareDataUpdate(Data.java:97)
     at weblogic.deploy.internal.targetserver.BasicDeployment.prepareDataUpdate(BasicDeployment.java:683)
     at weblogic.deploy.internal.targetserver.BasicDeployment.stageFilesForStatic(BasicDeployment.java:725)
     at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:104)
     at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:40)
     at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
     at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:22)
     at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
     at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:166)
     at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
     at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:181)
     at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:97)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
####<Nov 1, 2010 11:38:51 AM GMT-04:00> <Info> <J2EE> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625931064> <BEA-160151> <Registered library Extension-Name: oracle.webcenter.composer, Specification-Version: 11.1.1, Implementation-Version: 11.1.1 (WAR).>
####<Nov 1, 2010 11:38:52 AM GMT-04:00> <Error> <Deployer> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625932005> <BEA-149205> <Failed to initialize the application 'oracle.oaam.libs [LibSpecVersion=11.1.1.3.0,LibImplVersion=11.1.1.3.0]' due to error weblogic.management.DeploymentException: Exception occured while downloading files.
weblogic.management.DeploymentException: Exception occured while downloading files
     at weblogic.deploy.internal.targetserver.datamanagement.AppDataUpdate.doDownload(AppDataUpdate.java:43)
     at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.download(DataUpdate.java:56)
     at weblogic.deploy.internal.targetserver.datamanagement.Data.prepareDataUpdate(Data.java:97)
     at weblogic.deploy.internal.targetserver.BasicDeployment.prepareDataUpdate(BasicDeployment.java:683)
     at weblogic.deploy.internal.targetserver.BasicDeployment.stageFilesForStatic(BasicDeployment.java:725)
     at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:104)
     at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:40)
     at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
     at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:22)
     at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
     at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:166)
     at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
     at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:181)
     at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:97)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused By: java.net.ConnectException: Tried all: '1' addresses, but could not connect over HTTP to server: 'oam', port: '14001'
     at weblogic.net.http.HttpClient.openServer(HttpClient.java:327)
     at weblogic.net.http.HttpClient.openServer(HttpClient.java:419)
     at weblogic.net.http.HttpClient.New(HttpClient.java:246)
     at weblogic.net.http.HttpURLConnection.connect(HttpURLConnection.java:176)
     at weblogic.deploy.service.datatransferhandlers.HttpDataTransferHandler.getDataAsStream(HttpDataTransferHandler.java:75)
     at weblogic.deploy.service.datatransferhandlers.DataHandlerManager$RemoteDataTransferHandler.getDataAsStream(DataHandlerManager.java:153)
     at weblogic.deploy.internal.targetserver.datamanagement.AppDataUpdate.doDownload(AppDataUpdate.java:39)
     at weblogic.deploy.internal.targetserver.datamanagement.DataUpdate.download(DataUpdate.java:57)
     at weblogic.deploy.internal.targetserver.datamanagement.Data.prepareDataUpdate(Data.java:97)
     at weblogic.deploy.internal.targetserver.BasicDeployment.prepareDataUpdate(BasicDeployment.java:683)
     at weblogic.deploy.internal.targetserver.BasicDeployment.stageFilesForStatic(BasicDeployment.java:725)
     at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:104)
     at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:40)
     at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
     at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:22)
     at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
     at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:166)
     at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
     at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:181)
     at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:97)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
####<Nov 1, 2010 11:38:52 AM GMT-04:00> <Info> <Deployer> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1288625932025> <BEA-149059> <Module dms.war of application DMS Application [Version=11.1.1.1.0] is transitioning from STATE_NEW to STATE_PREPARED on server oam_server1.>
####<Nov 1, 2010 11:38:58 AM GMT-04:00> <Info> <Deployer> <OAM> <oam_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <>
============================================================
Any suggestiongs on as to what might be causing this error?
Did I miss a step in OAM installation?
Thanks for your help in advance

I changed the port as per the doc 1384844.1 and I still get the same problem.

Unprotect OIM 9.1 page in OAM 11g?

I have configured 10g webgate with OAM 11g and everything seems to work great. I have a requirement to unprotect /xlWebApp/forgetPassword.do to allow password reset without challenge. I get the below error in OIM when trying to access the page. Looks like the Public Resource Policy in OAM is working, but OIM denies Anonymous User login. Can anyone help me understand how to let OIM passthrough Anonymous user for a unprotected page?
ERROR [ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)' XELLERATE.WEBAPP - Class/Method: tcLogonAction/loginUser encounter some problems: javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User Anonymous javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User Anonymous denied
Thor.API.Exceptions.tcAPIException: javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User Anonymous javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User Anonymous denied
at Thor.API.tcUtilityFactory.<init>(Unknown Source)
at com.thortech.xl.webclient.actions.tcLogonAction.loginUser(Unknown Source)
Thanks,
Sunil.

I see that oim expects user "Anonymous" when a resource is marked public. I tried creating the "Anonymous" user and upon hitting /xlWebApp/forgetPassword.do, oim now takes me to the home page for anonymous user, instead of forgetPassword.do page.. Has anyone done this kind of integration in OIM. Please let me know, if i'm missing something here.
Thanks.

OAM 11g BP02 with Kerberos is not working on AIX

Hi,
We are trying to configure OAM 11g with Kerberos on AIX with no success..
Resource is protected according to OAM documentation guide but the oam logs shows the following:
[2012-08-28T00:03:22.305-05:00] [oam_server1] [TRACE] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread:
'2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000J_fbCuS9h^k5kzWByZ1GF532
00000G,0] [APP: oam_server] [SRC_METHOD: log] [SRC_CLASS: oracle.security.am.engines.common.adapters.OAMLoggerImp
l] Authentication Failed.[[
javax.security.auth.login.LoginException: Bad JAAS configuration: bad URL /home/oracle/oam.keytab
Error java.net.MalformedURLException: no protocol: /home/oracle/oam.keytab
at com.ibm.security.jgss.i18n.I18NException.throwLoginException(I18NException.java:5)
at com.ibm.security.auth.module.Krb5LoginModule.j(Krb5LoginModule.java:537)
at com.ibm.security.auth.module.Krb5LoginModule.b(Krb5LoginModule.java:146)
at com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:274)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
we are using OAM 11g BP 02.
oam-config.xml is configured as follow:
<Setting Name="KerberosModules" Type="htf:map">
<Setting Name="6DBSE52C" Type="htf:map">
<Setting Name="keytabfile" Type="xsd:string">/home/oracle/oam.keytab</Setting>
<Setting Name="krbconfigfile" Type="xsd:string">/etc/krb5/krb5.conf</Setting>
<Setting Name="name" Type="xsd:string">Kerberos</Setting>
<Setting Name="principal" Type="xsd:string">HTTP/myssoserver@mydomain</Setting>
</Setting>
</Setting>
Please let me know how to get this resolved. Thanks in advance.
Regards.

David,
Your Principal name should be the SSO LB URL.(ie :sso.mycomany.com)
ktpass -princ HTTP/sso.mycomany.com@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
Also make sure sso.mycomany.com has a reverse DNS configured correctly.
you can check using dig command
ping sso.mycomany.com
What ever the ip-address
dig -x <IP-ADDRESS>
Check in the reverse DNS section there should be 1 record.
;; ANSWER SECTION:
1.1.1.1.in-addr.arpa. 3600 IN PTR sso.mycomany.com.
Let me know if you have more questions.
Thanks
Saurabh

Non-ASCI character Support in OAM 11g

Hi,
I have a requirement to test the user authentication with Oracle Access Manager 11g.
I am using Active Directory as the user repository and able to create a user with the user id containing non-ASCI value (say Äuser1) and AD allows for it creation and when i try to provide access to that user in the OAM''s application in the constraints tab, after selecting that user from repository and when I say Apply, I receive an error message saying that
"The policy store is not available; please see the log file for more details."
and in the weblogic server log, i can see an error with Error Code: 1461 with a description saying INSERT INTO JPS_ATTRS (JPS_ATTRS_ID, ATTRVAL, ATTRNAME, JPS_DN_ENTRYID) VALUES (?, ?, ?, ?).
Can anybody know if there are constraints as such with respect to supporting on non-ASCI characters in OAM 11g?
Thanks,
Nagendra

This type of question/discussion belongs in {forum:id=50} forum.
Very recently a thread there touched the topic of Turkish character support.
Please read it: Western European Characterset to Turkish in sql
>
NLS_CHARACTERSET__________WE8MSWIN1252 Check the character set repertoire of win-1252 (look for the typical turkish language characters you've mentioned above).
http://msdn.microsoft.com/en-us/goglobal/cc305145.aspx
Look at character names, such as "... letter s with cedilla".

OAM 11g throws error when user store is changed

We have OAM 11g integrated with OIF 11g as the SP. We need to change the OAM User store from OID to OVD. I added a new User store in the OAM console and set that as the default store. In the OAM console, under System Configuration -> Common Configuration -> Data Stores -> User Identity Stores, I added the OVD repository we want to use and set it as the default store. When I make this change in OAM data stores, OAM throws an error.
On the browser I see the error: System error. Please re-try your action. If you continue to get this error, please contact the Administrator.
In the OAM diagnostic logs, I see the following errors:
[2012-08-11T08:37:27.016-04:00] [oam_server1] [ERROR] [OAMSSA-20005] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Error initializing User/Role API : null.
[2012-08-11T08:37:27.021-04:00] [oam_server1] [WARNING] [OAMSSA-20007] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Unable to connect to the User Store. User Store may not be initialized : Error initializing User/Role API : null..
[2012-08-11T08:37:27.021-04:00] [oam_server1] [ERROR] [OAMSSA-12126] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Cannot assert the username from DAP token.
The user exists in OVD and appropriate attributes have been set.
Comparing the trace for the two, in the OID trace, I see a 302 for the URL at /oam/server/dap/cred_submit. In the OVD trace, I see a 200 for the same URL.
Following is a successful request when OID is set as the default user store:
GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0%7ENEVGMzBGMUJFRTdGRkM0NjQxREFFQn5GODdEQjFEMjczMjZCQjFCQTZEQTlDQTI5RDA3RTA0QTQ2OThEQzdEfjRCMDk0OUE1RjgyNjcwRkU2M0E3OTM5QjI1OTlCMzdEfmRiYzEzMDFiMWMxOTFiMDA5ZmM3YWM5MTFjNjM5MDhjNTgwMzZjMzYyZDZhZTQ3OTY5ZGRiNTllYmVlMTUwMjkxYTY4MzQwZjU2ZGEwMmNhMmE4YTM0YWUwNmUxMjY4MzE5NmFkNjM4YzIwOTliMWZmM2NmZTRhMjYyYmU2N2M1MDEwYWY5OWFmOWU1NTg5NGIyYTVjYWRkOGRlMDI5NjVjN2I2YzM5YTJjMDU1NmU5OTJkMzU4Y2RlYzAxNmU4MWZjMDRiYjFjM2RhYTAzYzliNDIwNjQzOTZlNzZlMzZhOTMwZjI4YTAyMzdmMTI1NjVjOTcwYTk1NzFkZDMzNzQ%3D HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://hostname.idpdomain.com/fed/user/?refid=id-5RtbGMaw6NfaaPUgth-wxZwxY5Q-
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: hostname.spdomain.com:14101
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 11 Aug 2012 12:42:32 GMT
Transfer-Encoding: chunked
Location: https://www.google.com
Set-Cookie: OAM_ID=VERSION_4~8u5oPtHwZW/uJbd8ybw87A==~I2VDurl3pyBxQdHBmwHXXu5AabtNgaGcQx1FJ6v3sVzuoU0WOvMyDi40pizUWNrSIUkCIrl7Fc6cumRyKUAU0yHSHEtzwtiGO3bmiC7rOXKglLnO9Iw0eNUATA1AuJ7m9a6JxE5fX2vDFDYzk/H9eK5/74mO9TKNP0HTcKF6NzEluuTT3sRlQH3dAzBhPouTCO6yMmd00SmQEhrQxCpUc+ec78GFQgfKrE+6mDNTFSO9gHEB0JQ+xzGzzsr34BDCTB2FC41d0Q3tTGXANSHHRg==; path=/; secure; HttpOnly
Set-Cookie: OAM_REQ=invalid; path=/; secure; HttpOnly
X-ORACLE-DMS-ECID: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000042d
X-Powered-By: Servlet/2.5 JSP/2.1
Following is a failed request when OVD is set as the default user store:
GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0%7ENEVGMjRDREUyNUU4QTI1REUwMzVGM344MzRCNTU5RTNCREM1MjFBMjFBRDQ4MTBBNjMzMTI5QzM0MUU5RjI5fjA4ODY1M0JENjg1ODk1MTZDNUVGQjU0NTYwRjg5OEREfjYyMWE3NzhjMzUwMmVhODQ5MWRkMGIyYTBkYmM1MGU0ZDlmZTA0ZjE1NDBhMDVkOGM3ZWIwOGUzNGY3ZDhiNTBhMTNkMjY0MDliMGZmMmY2MzJjZGZjM2UzNzgzNzQ3YzM3OTIwYjlkMmNhZWY0ZDQ2M2MyYzE1NWM2MDkxMjI4MjU0NTEyZDIzODU3NTBlZjI4MjRlZTAzOWFkYmMxYTVmZWE3NTk5NTRlMGY3NTkyNjE5YTRkM2U3OTczZjZiMThmYzgxODg2MzM3ZDg5NzQ2NWUxYmZhNThjOGVmN2VhZmI5OGRiMDNiZmJmZGJjOWUzZmNjYTU1N2U5OWVjMDQ%3D HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://hostname.idpdomain.com/fed/user/?refid=id-R5gYcX-W8o6-bQSR2IIYdkQLLKA-
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: hostname.spdomain.com:14101
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Date: Sat, 11 Aug 2012 12:37:26 GMT
Pragma: no-cache
Content-Length: 2051
Content-Type: text/html; charset=UTF-8
Expires: 0
Set-Cookie: OAM_JSESSIONID=0VksQmSHwhpr2vT33Kq1ZgqWgxrtk2BXxpr4PgmL1LwThMxYSlKQ!-450564370; path=/; HttpOnly
X-ORACLE-DMS-ECID: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f
X-Powered-By: Servlet/2.5 JSP/2.1

Hi AV,
we had the same problem
the reason was a wrong definition in cutomizing
Partner Processing -> Define Partner Determination Procedure -> User Interface Settings
there for the relevant procedure we had to define this sequence of functions :
1. Activity Partner
2. Contact Partner
3. Employee Responsible
4. Sales Representative
Regards
Meinrad

OIM-OAM 11g BP 02 integration not working as expected

Hi Experts,
We have OIM 11g and OAM 11g both upgraded to BP02 installed on separate hosts. We are using OID 11g as the directory servers and OVD 11g fronting OID for integration. We followed the steps mentioned in Oracle Document Oracle® Fusion Middleware Integration Guide for Oracle Access Manager 11g Release 1 (11.1.1)Part Number E15740-04 for integration purpose.
After performing all the integration tasks mentioned in the document, while testing the ingtegration, the expected results are not been serverd.
If I access OIM admin console URL, am getting default OIM admin console URl instead of OAM SSO login page for authencation. and also I am unable to login using either xelsysadm\oimadmin\oamadmin but I can login using weblogic, so this is referin to the default embeded LDAP of weblogic for credential validation.
OIM and OAM are deployed on separate hosts, please find the deployment details below.
1. JDK: 1.6.0_29
2. WLS : 10.3.5
3. LDAP: Oracle Internet Directory: 11.1.1.5.0
Oracle Virtual Directory: 11.1.1.2.0
4. Webserver: Oracle HTTP Server fronting the OIM
The Integration videa on Support.oracle assumes that all components OIM\OAM/OID/OHS being on the same host.
I have my OIM and OAM both patched to the latest BP which is BP 02. There is a support article which specifically talks about few settings ton be made for BP 02.
the article ID is 1447494.1.
Even after doing all these, the integration is not working.
As per the support article, I need to use preferred host name for agent fronting OIM as IAMSuiteAgent and if I do that, the proxying of OIM server with the webserver host will not work at all and ends with 404 not found error when I access using http://OHShost:OHSport/oim.
but if i use the name of agent i.e webserver name in the preferred host field, the redirection would happen and i get OAM SSO login page for authentication, however with the credential validation at this page, the OIM login page (http://OIMhost:OIMport/oim) is provided prompting for login again.
also if i access OIM login page http://OIMhost:OIMport/oim directly, the OAM SSO page is not coming for authentication.
I am awaiting your advice\suggestions or workarounds if any one has come across this kind of issue, which i am sure is an obvious case.
Thanks,
Nagendra

Hi,
Any help in this regard please/
Thanks
Nagendra

Best practices on enterprise and application roles in OIM and OAM 11g?

Hi, all,
I wonder if any of you can give me some advice on role design for OIM and OAM 11g. I'd like to have both enterprise roles, such as Accountant II, and application roles, such as App1_User, App1_Admin, etc. Ideally, the enterprise role would automatically give the user the appropriate application roles, but I can't figure out how to do that. We tried using OIM 11g's inheritance, but when the application role is inherited, OAM doesn't see it in OID/OVD and therefore doesn't think the user has the correct authorization to access the application. I thought about using role membership rules, but those seem to only allow you to use user attributes to control membership, which doesn't help at all in my situation.
How is this situation best handled? Any advice much appreciated!
Ariel Anderson
Senior Business Analyst
Zirous, Inc.

Hi,
I am assuming in clustered environment you are having two instances running.
It must be an issue with a single server,,because the problem is intermittent.
To see which server is causing problem....just perform the following steps:
1) Stop server1 and keep running server2..and fire new registration request...
2) stop server 2..and keep running server1.....and fire new registration request.
Using above, atleast you can see which server is causing the problem...
Regards,
J
Edited by: J_IDM on Mar 21, 2011 10:52 PM

Can not load subscription websites because I don't "allow referring URLs"

I can't load ejournals (eg, JSTOR) and other sites my public library subscribes to. When I go to the resource, I get the message "Sorry, we were not able to authenticate you for access to this resource. Please adjust your Internet Security software to allow referring URLs." My default is to block third-party cookies; I tried allowing all cookies, and blocking cookies from hclib.org. The last option got me to a page where I enter a barcode, but then to the same message. I tried allowing pop-ups, but that didn't change anything. I've asked a librarian, who told me that I have to allow cookies and possibly pop-up windows, and said security software such as Norton, a firewall, or pop-up blockers could be the problem.
This is the same problem as http://support.mozilla.org/en-US/questions/880202 , but with Firefox 3.6 on a Mac (I have the same problem with my other browser, Safari), and without Norton or any other security software that could be problematic as far as I know.

There should still be something on your computer that is blocking the referrer if it isn't Firefox.
Create a new profile as a test to check if your current profile is causing the problems.
See "Basic Troubleshooting: Make a new profile":
*https://support.mozilla.org/kb/Basic+Troubleshooting#w_8-make-a-new-profile
There may be extensions and plugins installed by default in a new profile, so check that in "Tools > Add-ons > Extensions & Plugins" in case there are still problems.
If that new profile works then you can transfer some files from the old profile to that new profile, but be careful not to copy corrupted files.
See:
*http://kb.mozillazine.org/Transferring_data_to_a_new_profile_-_Firefox

OAM 11g integration with Kerberos on cluster with load-balanced virtualhost

Hello!
I need to make a Kerberos integration with OAM.
I find following notes about OAM 11g: WNA Configuration for HA Clusters [ID 1365888.1] (https://support.oracle.com/epmos/faces/ui/km/SearchDocDisplay.jspx?_afrLoop=223640518878014&type=DOCUMENT&id=1365888.1&displayIndex=1&_afrWindowMode=0&_adf.ctrl-state=14ehvbh4z2_61).
"In an OAM Clustered environment, the OAM Principal for WNA must be the same on all tiers i.e. the load-balanced virtualhost for the OAM cluster.
Therefore each OAM managed server will reference the same keytab file, generated for Principal HTTP/<virtualhost.domain>, and the keytab file will be in the same location on all OAM managed servers.
For example: ${DOMAIN_HOME}/domains/${DOMAIN_NAME}/config/fmwconfig/oam/<keytab filename>.
After copying the keytab file to the same directory on all OAM managed server machines, complete the configuration of the Kerberos authentication module in OAM Administration Console (/oamconsole).
The AdminServer will ensure that the oam-config.xml file on all OAM managed server tiers in the cluster is updated with this configuration."
The question is; When I generate oam.keytab with following command, What is the name of the server that I will must put in the command? Virtualhost (load-balanced), Node1 or Node2?
ktpass -princ HTTP/<servername>@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
Thanks in advance and best regards!
PS: Sorry if my english is not clear.

David,
Your Principal name should be the SSO LB URL.(ie :sso.mycomany.com)
ktpass -princ HTTP/sso.mycomany.com@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
Also make sure sso.mycomany.com has a reverse DNS configured correctly.
you can check using dig command
ping sso.mycomany.com
What ever the ip-address
dig -x <IP-ADDRESS>
Check in the reverse DNS section there should be 1 record.
;; ANSWER SECTION:
1.1.1.1.in-addr.arpa. 3600 IN PTR sso.mycomany.com.
Let me know if you have more questions.
Thanks
Saurabh

OAM 11g installation error

Hi,
I'm trying to install Oracle OAM 11g, but having some trouble while connecting to the oam web console.
My OS is Windows 2003 Enterprise Edittion, Service Pack 2.
My installation steps:
- Installed Oracle DB (11.2.0)
- Used RCU (11.1.1.3.3) to create DB schemas.
- Installed WebLogic 10.3.3
- I did NOT install SOA Suite because I intend to not use Identity Manager.
- I installed IDAM (from ofm_iam_generic_11.1.1.3.0_disk1_1of1 disc)
- Created a domain containing these servers:
     - Admin Server listening on port 7001
     - oam_server1 listening on port 14100
     - oaam_admin_server1 listening on port 14200
     - oaam_server_server1 listening on port 14300
- I started weblogic with the "startWebLogic.cmd" command.
- I started oam_server1 with the "startManagedWebLogic.cmd oam_server1" command
(I used this installation guide: http://onlineappsdba.com/index.php/2010/08/05/oracleidm-11g-step-by-installation-of-oam-oim-oaam-oapm-oin-111130-part-i-load-schema/)
The weblogic console says the oam_server1 is up and running, but when I try to connect
to the oam console (http://localhost:14100/oam) the web page displayed says "Error. Action failed. Please try again."
This error also occurs in the oam_server1.log:
####<2010-nov-23 kl 13:49 CET> <Info> <ServletContext-/oam> <server-base> <oam_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <f5f04f496bf2057f:10058de0:12c78c5bb9b:-8000-0000000000000012> <1290516557352> <BEA-000000> <index.jsp:2:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@taglib uri="http://beehive.apache.org/netui/tags-html-1.0" prefix="netui"%>
^----^
index.jsp:2:4: No tag library could be found with this URI. Possible causes could be that the URI is incorrect, or that there were errors during parsing of the .tld file.
<%@taglib uri="http://beehive.apache.org/netui/tags-html-1.0" prefix="netui"%>
And when I check out the taglib web page:
http://beehive.apache.org/docs/1.0/netui/tagsOverview.html
...it says: "2010/01/11 - Apache Beehive has been retired."
Have I missed something, or how do I fix this?
Thanks in advance.
Henrik
Edited by: user1154522 on Nov 23, 2010 5:26 AM

My mistake. This was the URL i was looking for to configure OAM:
http://lhost:7001/oamconsole

Urgent: OAM 11g allow/block URLs

Similar Messages

Maybe you are looking for