oim 11g r2ps2 design console configuration before starting first time

before running design console, it needs to be configured. here are the steps to configure it

1. <ML_HOME>/server/lib
2. run below command
java -jar wljarbuilder.jar

3. above command will create  wlfullclient.jar
copy wlfullclient.jar to  <OIM_HOME>/designconsole/ext

4. now run
   ./xlclient.sh

oam 11gr2 Authentication Scheme, how to give control to custom plugin for credentials collection

In multi-step authentication mode, the plug-in can either collect the credentials from start or use the credentials obtained from the default login page and collect extra credentials if required. If the challenge parameter initial_command=NONE is set in the authentication scheme, control comes to the plug-in directly and the plug-in controls the credentials to be collected.

OAM Authenitcation Module StepUI and StepUA meanings and execution sequence

when you are defining Steps during Authentication Module the meaning are following

 StepUI is an abbreviation of User Identification(not User Interface)

StepUA is an abbreviation of User Authentication.


the Steps Orchestration sequence is

StepUI goes first and if that succeeds then StepUA follows.

if StepUI result is failed or error the end result is Failure and it doest goes to StepUA

if StepUI success and StepUA failed or error result is Failure too


how these plug-ins works in OAM.

when user tries to access resource protected by this Authentication Scheme, user is asked to enter username and password. the request goes to OAM. OAM calls  StepUI plugin to locate user in directory, than StepUA plugin is called and verify if username and password entered matches with directory, if yes(both steps succeeds)  user is authenticated. 

soa 11g ulr's

default port of soa is 8001

soa-infra
servername:port/soa-infra

SOA Composer      # Disconnected App Instance
servername:port/soa/composer

BPM Worklist
servername:port/integration/worklistapp

OAM 11gR2 difference between ECC and DCC Authentication Model

DCC    => Detached Credential Collector (AKA Authenticating WebGate), new feature introduced in  11gR2 

ECC    => Embedded Credential Collector, default 11g behaviour

in OAM 10g user credentials are submitted to Webgate and than Webgate communicate to OAM server with mitigate the chanegs. when OAM 11G version was introduced, it had different flow. user credentials are submitted to webgate and webgate displays OAM server login page(for credential collection). so, you have to expose OAM server for credentials submissions that is not a good practice for companies who dont want to have  OAM exposed, it is security volatility for them. so Oracle provided DCC feature in OAM 11gR2.

Now, when you are configuring 11gR2 Webgate you have a check box "Allow Credentials Collector Operators". if you click this check box users credentials will be submitted to Webgate(middle tier) and webgate will submit user credentials to OAM server.

DCC is the way to go now a days, now companies have option to separate Webgate in webtire from OAM server.

how to check global passphrase in OAM 11gr2 for simple mod

1. run wlst command
./ wlst.sh

2. connect to wlst
In the WLST shell, enter the command to connect and then enter the requested information.
wls:/offline> connect()
Please enter your username [weblogic] :
Please enter your password [weblogic] :
Please enter your server URL [t3://localhost:7001] :
wls:/base_domain/serverConfig>



3. change location
Enter the following command to change the location to the read-only domainRuntime tree (for help, use help(domainRuntime)). For example:
wls:/OAM_AC>domainRuntime()



4.View the global passphrase by entering the following command. For example:
wls:/OAM_AC> displaySimpleModeGlobalPassphrase()