Total Pageviews

Monday, December 21, 2015

OAM 11gR2 changing OAM and Webgate from open to Simple Mode


changing OAM from Open to Simple Mode

1.  login to OAMCONSOLE
http://orasystemsusa.com:7001/oamconsole
click on Server Instances and select  oam_server1
you will find Mode = OPN change it to Mode = Simple

2. select SSO Agents and click on the Agent you are using i have  OAM11GAgent
     change  Security from  OPEN to Simple

3. you will get the below message
Artifacts are generated in following location : <FM_HOME>/user_projects/domains/IAMDomain/output/OAM11GAgent

4. go to the location where Artifices are generated
cd <FM_HOME>/user_projects/domains/IAMDomain/output/OAM11GAgent

5. copy these two files(aaa_cert.pem aaa_key.pem) to under Webgate directory as mentioned below
cp -r aaa_cert.pem aaa_key.pem <FM_HOME>/Oracle_WT1/instances/ohs_Webgate/config/OHS/ohs2_EM/webgate/config/simple/

6. copy 3 files  cwallet.sso ObAccessClient.xml password.xml under Webgate config directory as mentioned below

cp -r cwallet.sso ObAccessClient.xml password.xml <FM_HOME>/Oracle_WT1/instances/ohs_Webgate/config/OHS/ohs2_EM/webgate/config/

7. restart the webserver having webgate
Posted by at No comments:

OAM 11g R2 OAM Test Tool location and how to run it


in order to test the resource we use OAM Access Management Test Tool. interface is very close to what Siteminder R12 had

here is how to run the tester tool

cd <FM_HOME>/Oracle_IAM1/oam/server/tester

export JAVA_HOME=/app/jdk1.6.0_35/
export PATH=$JAVA_HOME/bin:$PATH

fun following command

java -jar oamtest.jar

after providing required resource information you can test how the request is flowing and what is the outcome of it.


Posted by at No comments:

Sunday, December 20, 2015

OAM 11gr2ps2 supporting external login page settings


if you have a requirement to support external Login a page that is not deployed at OAM you have to make changes in Authentication Schemes.

At Authentication Schemes you have to select Context Type as external and at Challange URL you have to provide complete URL including host:port, servelet information till login page.



Posted by at No comments:

exporting OIM plugin ZIP using SQL Developer

steps to export Pluings ZIP from database using SQL Developer

 login to SQL Developer 

 1. click on user who's  have all the OIM schema objects( my dev configuration i have DEV_OIM). 
2. click on Tables and look for 2 below tables.

 3. PLUGINS --> will provide the information about all the plugins in OIM , get ZIPID from this table about the ZIP Plugin you want to export

 4. PLUGIN_ZIP --> select this table we will 2 columns ZIPID and ZIP, double click on (BLOB) of your desired ZIPID(ZIPID was taken from PLUGINS table). it will pop up the window, now select download, it will download the plugins you want to have.
Posted by at No comments:

OIM 11gR2PS2 soa patch issue and applying sequence




OIM_11.1.2.2_SOAPS6_PREREQS.zip

export ORACLE_HOME=/opt/oracle/Middleware/Oracle_SOA1
export PATH=$PATH:/opt/oracle/Middleware/Oracle_SOA1/Opatch

echo $PATH
Apply the following patches in Sequence
Patch 14126097
Patch 16024267
Patch 16170778
Patch 16535743
Patch 16899697
Patch 17418151
Patch 17538745
Patch 17610621
Patch 17988119
Patch 18011109
Patch 18011726
Posted by at No comments:

OID using ODSM creating service account like orcladmin


How To Create a New User With the Same Privileges of Realm Admin user ORCLADMIN

From the ODSM interface of OID, navigate to the “Data Browser” tab
1. Search for “orcladmin”
2. Right-click on orcladmin, click “Create Like”
3. From the “Entry Properties” window
a. Ensure the following Object Classes are present: top, person, organizationalPerson, inetorgperson, orcluser, orcluserV2
4. Parent of the entry: cn=Service Accounts,dc=orasystemsusa,dc=com
5. Click “Next”
6. From the “Mandatory Properties” window
a. cn: enter an appropriate common name
b. sn: enter an appropriate surname
c. Relative Distinguished Name: typically either the uid or cn attribute is used
7. Click “Next”
8. From the “Optional Properties” window
a. Description: enter the purpose of this service account
b. givenName: enter an appropriate first name if applicable
c. mail: enter an email address for a point of contact for the service account
d. orclSAMAccountname: typically this is the same as the cn attribute
e. uid: typically this is the same as the cn attribute
f. userPassword: enter an appropriately complex password
9. Click “Next”
10. Click “Finish”
11. Add the full Relative Distinguished Name as a uniquemember to the following 12 groups:
* cn=OracleContextAdmins,cn=Groups,cn=OracleContext,dc=orasystemsusa,dc=com
* cn=OracleUserSecurityAdmins,cn=Groups,cn=OracleContext,dc=orasystemsusa,dc=com
* cn=iASAdmins,cn=Groups,cn=OracleContext,dc=orasystemsusa,dc=com
* cn=UserProxyPrivilege,cn=Groups,cn=OracleContext,dc=orasystemsusa,dc=com
* cn=OracleDASAdminGroup,cn=Groups,cn=OracleContext,dc=orasystemsusa,dc=com
* cn=OracleSuperUserAdminGroup,cn=Groups,cn=OracleContext,dc=orasystemsusa,dc=com
* cn=ASPAdmins,cn=Groups,cn=OracleContext,dc=orasystemsusa,dc=com
* cn=IAS & User Mgmt Application Admins,cn=Groups,cn=OracleContext,dc=orasystemsusa,dc=com
* cn=Trusted Applications Admins,cn=Groups,cn=OracleContext,dc=orasystemsusa,dc=com
* cn=Common User Attributes,cn=Groups,cn=OracleContext,dc=orasystemsusa,dc=com
* cn=Common Group Attributes,cn=Groups,cn=OracleContext,dc=orasystemsusa,dc=com
* cn=User Provisioning Admins,cn=Groups,cn=OracleContext
Posted by at No comments:

Saturday, December 19, 2015

Viewing Message Payload for WebLogic Server


here is good information that i found about weblogic payload

Viewing Message Payload for WebLogic Server

A message contains two main components: the headers and the payload. The headers contain metadata about the message. The payload contains the actual content of the message.

To View the Payload of Text and Byte Messages


  1. Select the topic or queue as described in Monitoring Topics and Queues for JMS IQ Manager.
  2. In the Messages tab, select the message and click the View/Edit icon.
    The Text Message Payload (Live) dialog box appears.
  3. To display any carriage return and line feed characters in the message (for text messages only), select the Show Carriage Return/Line Feed check box.
  4. If the message contains XML and you want to view the XML in browser format, click View XML.
  5. To delete the message, click Delete.
  6. To save the payload to a file, click Download Payload.
Posted by at No comments:

OAM 11gr2ps2 oam login page coming twice or target application no getting attributes


OAM Identity Asserter:
if your Attribute not asserted on target application you need to create OAM Identity Asserter, also  OAM Identity Asserter is one of the reason of  SSO login page or Application Login Page coming twice.

the reason why we have to create OAM Identity Asserter is when user is coming after authentication from myrealm,OAM is not passing this user information to target application.

creating OAM Identity Asserter

1. login to Weblogic console.
2. click on Security Realms
3. select myrealms(name of your realm)
4. select Providers tab.
5. Click on Lock and Edit.
6. click on New(under Authentication Providers)
7. give name and select Type OAMIdentityAsserter and click OK
8. click on the newly created Authentication Provider.
9. make sure Control Flag is OPTIONAL
10. at Active Types select OAM_REMOTE_USER
    if you have have 10g Agents you have to select ObSSOCookie and if you have more attributes to assert you have to select OAM_IDENTITY_ASSERTION.
11. Save and Activate Changes.
12. Restart Admin server.
Posted by at No comments:

Thursday, December 17, 2015

OAM 11gR2 integrating Webgate with OAM using rreg.sh command



integration Using RREG Tool.

cd <YOUR PATH>/Oracle_IAM1/oam/server/rreg
here you will fine input folder


cd <YOUR PATH>/Oracle_IAM1/oam/server/rreg/input

and modify OAM11GRequest.xml with the information as per your system

vi OAM11GRequest.xml

<serverAddress>http://orasystemsusa.com:7001</serverAddress>
<hostIdentifier>HostId11G</hostIdentifier>
<agentName>OAM11GAgent</agentName>
<agentBaseUrl>http://orasystemsusa.com:7777</agentBaseUrl>

<applicationDomain>DefaultAppDomain</applicationDomain>

save the file and go to bin folder in order to run command make sure to set two  PATH(OAM_REG_HOME amd JAVA_HOME). you can check if path are set by looking into oamreg.sh  otherwise command will fail if you are installing on windows you have to use oamreg.bat

cd <YOUR PATH>/Oracle_IAM1/oam/server/rreg/bin

export JAVA_HOME=/app/jdk1.6.0_35/
export PATH=$JAVA_HOME/bin:$PATH

chmod -R 777 oamreg.sh(if you get permission issue)

./oamreg.sh inband <DOMAIN_HOME>/oam/server/rreg/input/OAM11GRequest.xml

provide admin username and password
provide password for webgate if you want otherwise you can ignore
any predefined resources n

you should see Inband registration process completed successfully!

you can check agent specific files

cd <DOMAIN_HOME>/oam/server/rreg/output/RREG_OAM11GAgent

ls                                                                                          
cwallet.sso  ObAccessClient.xml      


now copy these files under webgate/config directory

cp -r cwallet.sso ObAccessClient.xml /<YOUR PATH>/Oracle_WT1/instances/Webgate/config/OHS/ohs1/webgate/config/    


 restart webserver and verify integration. you should see OAM login page after restart.

Posted by at No comments:

OAM 11gr2 deploye/configure webgate to webserver command



Deploy the Webgate to the webserver

cd <FMW_HOME>/OAMWebGate11gR2/webgate/ohs/tools/deployWebGate


./deployWebGateInstance.sh -oh <FMW_HOME>/OAMWebGate11gR2/ -w <FMW_HOME>/Oracle_WT1/instances/ohs_webgate11gR2/config/OHS/ohs1/


 Modify the webserver configuration file or httpd.conf file

cd <FMW_HOME>/Oracle_OAMWebGate11gR2/webgate/ohs/tools/setup/InstallTools

export LD_LIBRARY_PATH=/app/Weblogic/FMW/Oracle_WT1/lib
export PATH=$LD_LIBRARY_PATH:$PATH

to check if required libraries are present use

ldd EditHttpConf  => if you got all the required libraries path you can run below command otherwise make sure you have correct libraries path

./EditHttpConf -oh <FMW_HOME>/Oracle_OAMWebGate11gR2/ -w <FMW_HOME>/Oracle_WT1/instances/ohs_webgate11gR2/config/OHS/ohs1
Posted by at No comments:

Saturday, December 5, 2015

manually starting ODSM server when starting from console failed


start Admin server

start Managed Server wls_ods1

cd $DOMAIN_HOME/bin

./startManagedWeblogic.sh wls_ods1

now access ODSM thru console

http://host:port/odsm   where managed server is wls_ods1 and default port is 7005


Posted by at No comments:

ODSM Exporting list of members

Exporting list of members in ODSM

following  stepsThe total list of users belonging to a particular group can be exported in an LDIF from ODSM

1.    From the ODSM interface of OID, navigate to the “Data Browser” tab
2.    Expand the Directory Information Tree and select the group whose membership needs to be viewed
3.    Right click on the name of the group in the Directory Information Tree and click “Export LDIF”
4.    Click “OK” on the pop up message and click on the link to view the LDIF
5.    The complete list of users can be copied and pasted into a text file


Posted by at No comments:
Subscribe to: Posts (Atom)