tableau error ERROR com.tableausoftware.samlauthentication.handlers.SAMLAuthenticationFailureHandler - SAML Authentication Failed, please contact the administrator. org.springframework.security.authentication.AuthenticationServiceException: Incoming SAML message has no valid value for username attribute. Please verify ServiceProvider configuration in Identity Provider

when integrating Tableau with OAM 12c error is showing up in the tableau logs ERROR com.tableausoftware.samlauthentication.handlers.SAMLAuthenticationFailureHandler - SAML Authentication Failed, please contact the administrator. org.springframework.security.authentication.AuthenticationServiceException: Incoming SAML message has no valid value for username attribute. Please verify ServiceProvider configuration in Identity Provider Cause: Tableau require username attribute be passed on the SAML assertion. Tableau require following attribute username displayName email Solution: updated tableau SP profile "Attribute Name Mapping" value and add username as attribute and $user.attr.mail or $user.attr.username(check your OUD for the attribute name) as the value. if you are not passing displayName value. please add that into the Attribute Name Mapping table as well. Save the profile and test again

weblogic.management.DeploymentException: java.io.IOException: Error from fcntl() for file locking, Resource temporarily unavailable, errno=11

Weblogic error when starting the server weblogic.management.DeploymentException: java.io.IOException: Error from fcntl() for file locking, Resource temporarily unavailable, errno=11 techpaste.com/2012/07/java-io-ioexception-error-fcntl-file-locking-resource-temporarily-unavailable-errno11-weblogic/ in Adminserver.log

OHS 12c error oracle.security.fed.event.EventException: Could not find the AuthnRequest associated to the Assertion

Error: oracle.security.fed.event.EventException: Could not find the AuthnRequest associated to the Assertion CAUSE Configuration of OHS server for mod_weblogic for OAM. The "WLCookieName" parameter for the OHS server configuration is missing or has the wrong value. In this specifc case the value was incorrect, OAMSESSIONID, where as the OAM application uses "OAM_JSESSIONID". login_vh.conf:WLCookieName OAMJESSIONID should be: login_vh.conf:WLCookieName OAM_JSESSIONID. Solution: udpated the login_vh.conf file with the correct parameter and restart the OHS,It should fix the error

oam 12c IDP initiated URL

https://servername/oamfed/idp/initiatesso?providerid=https://applicationurl.com

oam 12c Download IDP metadata

1. login to oamconsole 2. Click on the Cinfuguration 3. go Down tp Settings section click on the View and select Federation. 4. Click Export SAML 2.0 Metadata

2nd OAM server in cluster unable to process the request OAM_JSESSIONID

SYMPTOMS Oracle Access Manager acting as the Service Provider (SP)WLS Managed Server Cluster with 2 OAM ServersOHS proxing mod_weblogic. There is no issue if only one WLS managed server is running When both WLS managed servers running OAM are started, the Federation flow fails. CAUSE Configuration of OHS server for mod_weblogic for OAM. The "WLCookieName" parameter for the OHS server configuration is missing or has the wrong value. In this specifc case the value was incorrect, OAMSESSIONID, where as the OAM application uses "OAM_JSESSIONID". The above fix the issue that two wls_oam1/wls_oam2 could not be started for federation to work.

JDK updated error jdk-8u341-linux-x64 :Caused by: java.net.URISyntaxException: Malformed IPv6 address at index 8

After updating JDK to new version jdk-8u341-linux-x64, IDM components are not coming up. It is a bug. here is how i fixed it error error:Caused by: java.net.URISyntaxException: Malformed IPv6 address at index 8 I have eadded below value to setDomainEnv.sh JAVA_PROPERTIES="-Dcom.sun.jndi.ldapURLParsing=legacy Also i have added above attribute to each Manager server Start stop section in Arguments section -Dcom.sun.jndi.ldapURLParsing=legacy

Insufficient free space in /tmp/orcl8124660.tmp to extract the installer

java error when installing any oracle OIG solution. when running below command $java -d64 -jar fmw_12.2.1.4.0_infrastructure.jar Error: com.oracle.cie.nextgen.launcher.LogUtils - Extracting to /tmp/orcl8128795323290514660.tmp. SEVERE [1] com.oracle.cie.nextgen.launcher.Launcher - Insufficient free space in /tmp/orcl290514660.tmp to extract the installer. Actual 107 MB. Required 1574 MB. SEVERE [1] com.oracle.cie.nextgen.launcher.Launcher - Insufficient free space in /tmp/orcl8514660.tmp to extract the installer. Solution: you dont have enought space on /tmp or tmp dont allow to execute any command at that location for security reason. the solution is provide different tmp location use below command to setup different location(make sure to have these directories) export _JAVA_OPTIONS="-Djava.io.tmpdir=/u01/orcle/tmp"

how to change group gid in a linux

1. login to user account and run id command you will get users current uid, gid information of the account, suppose oracle gid was 1004 and you want to change it to 1040 2. login to root and run the following command to change the gid groupmod -g 1040 oracle 3. now login to the user account and run the id command again. you will see new gid of the user group

"WebGate Error Report" Message^The Access Server has returned a fatal error with no detailed information. ReqReq^POST /iam/access/binding/api/v10/oap HTTP/1.1

when configuring Webgate below error is coming in the logs "WebGate Error Report" Message^The Access Server has returned a fatal error with no detailed information. ReqReq^POST /iam/access/binding/api/v10/oap HTTP/1.1 Solution: webgate configuration is missing below properties in the OHS file modify webgate.conf add below lines in the file AuthType None require all granted make sure to copy again all the artifacts under the webgate cwallet.sso ObAccessClient.xml password.xml aaa_key.pem aaa_cert.pem now restart oam and ohs instance

oam 12c error Failed to execute step :bin/action.sh preReqCheck.py

*Picked up _JAVA_OPTIONS: -Djava.io.tmpdir=/u01/oracle/tmp spbat prestop phase has FAILED. Failed to execute step :bin/action.sh preReqCheck.py [/../IDM_SPB_12.2.1.4.210825/tools/spbat/generic/SPBAT/bin/action.sh, preReqCheck.py, -prop_file=/../../tmp/bas01ocpdioam01_oid/orchestration/env/spbat.properties] returned: 255 Error:[/../../IDM_SPB_12.2.1.4.210825/tools/spbat/generic/SPBAT/bin/action.sh, preReqCheck.py, -prop_file=/../../orchestration/env/spbat.properties] returned: 255 Solution: run below command unset _JAVA_OPTIONS now run ./spbat.sh -type oid -phase prestop -mw_home /../oracle/products/dir/dip -spb_download_dir /..../Bundle-Patches/IDM_SPB_12.2.1.4.210825 -log_dir /../oracle/tmp to check report sh /.../Bundle-Patches/IDM_SPB_12.2.1.4.210825/tools/spbat/generic/SPBAT/spbat.sh -status report -type oid -mw_home /../oracle/products/dir/dip -log_dir /u01/oracle/tmp

OIM 12c Adding new attribute to the User forms

Requirenment was to add a new attribute to the user create and upadate form. I have followed the following articale docs.oracle.com/en/middleware/idm/identity-governance/12.2.1.4/omadm/configuring-custom-attributes.html#GUID-A636EEE1-5DF8-48A4-AD9F-ADCDADA4289B section 6.3 Other changes to consider Make sure you are using collect Entities and Corresponding Data Components and View Objects 1. I have make mistake using wrong "Corresponding Data Components" for the attribute. it has different components for each page. 2. Make sure to enable Auto Save option check box otherwise you will to modify other propert before Submit button shows up 3. in order for the attribute send the information to OUD, you have to add this attribute to a correct connector. 4. Values will not be send to a Target application untill you run a schedule task "Form Upgrade Job".

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

error Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target and ERROR_oracle.iam.application.impl_CE,SSLHE,SCPBE,VE_S_TRACE,EXC_MSG.html @@@ See: https://mos-cores.us.oracle.com/collectionviewer/viewer.php/sr/3-289550132201/.dx/mw/ECA_AFP_1535_16123_clusters/ERROR_oracle.iam.application.impl_CE,SSLHE,SCPBE,VE_S_TRACE,EXC_MSG.html Solution. Applicaiton Certificate in your keystore is expired. when OAM is trying to decrypt the request, it is getting error. Find a command sot see the keystore, you will find a cert with expiration date. replace the expired cert with the keytool import and test again. Application will work. here is the command to import a new cert into keystore keytool -import -alias serverwl -trustcacerts -file supportcert.pem -keystore client_store.jks -storepass example_password

weblogic error cvc-elt.4.2: Cannot resolve 'query:AttributeQueryDescriptorType' to a type definition for element 'md:RoleDescriptor'.

Error while loading metadata to weblogic and getting error cvc-elt.4.2: Cannot resolve 'query:AttributeQueryDescriptorType' to a type definition for element 'md:RoleDescriptor'. Solution: Weblogic does not support RoleDescriptor you have to remove the whole section and load the new file, it should work from oracle This is EXPECTED because WLS does not support element 'RoleDescriptor' in IDP xml file.

OAM 12c as Federation Proxy unable to forward SP request to IDP

Application sending request to SP <----> OAM 12c(as a federation proxy) <----> IDP(forgerock) issue is when application is sending the request to OAM, it was unable to forward the request to IDP for authentication. actions we took 1. Run commands to enable OAM as a federation proxy. 2. Integrated OAM with another IDP 3. Run commands to forward requests coming from Application to external IDP. 4. User trying to login to Application and request is going to Federation Proxy(OAM) but it is not being forwarded to External IDP. 5. OAM was not forwarding request to the External IDP, it was on OAM login screen instead of IDP login screen. Solution: Issue was IDP authentication scheme(IDPFederationScheme) was not showing up on OAM. We have to run commands to add this scheme. wlst> domainRuntime() wlst> listPartnerProfileAuthnMethods("sp-partner-profile", "sp") You will not see IDPFederationScheme Make sure it does not list IDPFederationScheme wlst> addSPPartnerProfileAuthnMethod("sp-partner-profile", "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", IDPFederationScheme) wlst> listPartnerProfileAuthnMethods("sp-partner-profile", "sp") Make sure it now lists IDPFederationScheme

Okta error Cannot disable the following factors because they are enabled in the following policies: SOFT_TOKEN or in the Default Policy policy. Please disable the factor(s) in the appropriate policies and try again.

When you try to delete the MFA you are getting below error Cannot disable the following factors because they are enabled in the following policies: SOFT_TOKEN in the Default Policy policy. Please disable the factor(s) in the appropriate policies and try again. or below error Cannot disable the following factors because they are enabled in the following policies: OKTA_SOFT_TOKEN in the Default Policy policy. Please disable the factor(s) in the appropriate policies and try again. Solution: 1. go to Factor Enrollment 2. Edit the Policy( default of whatever Policy you have configured). 3. Select Disabled from the Effective Factors. 4. go back to the Factor Type and select Deactivate. you have disabled the MFA Options

Salesforce developer account error "We can't log you in because of an issue with single sign-on. Contact your Salesforce admin for help."

Senario we have created developer account on salesforce and integrated with Okta, once i try to login with new user which is also on the Salesforce side i am getting below error We can't log you in because of an issue with single sign-on. Contact your Salesforce admin for help. Solutions: 1. make sure the user you have create on salesforce side has right role. If role type is Org Proxy User, it will not work. Change the type to any other type like Identity, salesforce or others 2. make Sure SAML is enabled at SalesForce side 3. replace metadata on Salesforce side with Okta metadata -- it will remove any spaces

deleting Salesforce Single Sign one setting

Under Administration Setup - Security Controls - Single Sign-On Settings, I need to turn off Federated Single Sign-On Using SAML. However, whenever I disable the SAML Enabled checkbox and click [Save], I get the following error: Error: Your organization or community is currently using SAML as an authentication method, so you can’t disable it. Solution: 1. go to "Single Sign-On Settings" 2. Click "Edit" 3. Uncheck "SAML Enabled" from "Federated Single Sign-On Using SAML" section 4. Now Click on the the Provider and delete If you logged in with the user you will get above error 1. on Search bar search for "My Domain" and go all the way down to "Authentication Configuration" 2. Edit the section 3. from "Authentication Service" remove the Provider you want to remove. 4. now go ""SAML Single Sign on Settings" and delete the provider