how to change group gid in a linux

1. login to user account and run id command you will get users current uid, gid information of the account, suppose oracle gid was 1004 and you want to change it to 1040 2. login to root and run the following command to change the gid groupmod -g 1040 oracle 3. now login to the user account and run the id command again. you will see new gid of the user group

"WebGate Error Report" Message^The Access Server has returned a fatal error with no detailed information. ReqReq^POST /iam/access/binding/api/v10/oap HTTP/1.1

when configuring Webgate below error is coming in the logs "WebGate Error Report" Message^The Access Server has returned a fatal error with no detailed information. ReqReq^POST /iam/access/binding/api/v10/oap HTTP/1.1 Solution: webgate configuration is missing below properties in the OHS file modify webgate.conf add below lines in the file AuthType None require all granted make sure to copy again all the artifacts under the webgate cwallet.sso ObAccessClient.xml password.xml aaa_key.pem aaa_cert.pem now restart oam and ohs instance

oam 12c error Failed to execute step :bin/action.sh preReqCheck.py

*Picked up _JAVA_OPTIONS: -Djava.io.tmpdir=/u01/oracle/tmp spbat prestop phase has FAILED. Failed to execute step :bin/action.sh preReqCheck.py [/../IDM_SPB_12.2.1.4.210825/tools/spbat/generic/SPBAT/bin/action.sh, preReqCheck.py, -prop_file=/../../tmp/bas01ocpdioam01_oid/orchestration/env/spbat.properties] returned: 255 Error:[/../../IDM_SPB_12.2.1.4.210825/tools/spbat/generic/SPBAT/bin/action.sh, preReqCheck.py, -prop_file=/../../orchestration/env/spbat.properties] returned: 255 Solution: run below command unset _JAVA_OPTIONS now run ./spbat.sh -type oid -phase prestop -mw_home /../oracle/products/dir/dip -spb_download_dir /..../Bundle-Patches/IDM_SPB_12.2.1.4.210825 -log_dir /../oracle/tmp to check report sh /.../Bundle-Patches/IDM_SPB_12.2.1.4.210825/tools/spbat/generic/SPBAT/spbat.sh -status report -type oid -mw_home /../oracle/products/dir/dip -log_dir /u01/oracle/tmp

OIM 12c Adding new attribute to the User forms

Requirenment was to add a new attribute to the user create and upadate form. I have followed the following articale docs.oracle.com/en/middleware/idm/identity-governance/12.2.1.4/omadm/configuring-custom-attributes.html#GUID-A636EEE1-5DF8-48A4-AD9F-ADCDADA4289B section 6.3 Other changes to consider Make sure you are using collect Entities and Corresponding Data Components and View Objects 1. I have make mistake using wrong "Corresponding Data Components" for the attribute. it has different components for each page. 2. Make sure to enable Auto Save option check box otherwise you will to modify other propert before Submit button shows up 3. in order for the attribute send the information to OUD, you have to add this attribute to a correct connector. 4. Values will not be send to a Target application untill you run a schedule task "Form Upgrade Job".

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

error Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target and ERROR_oracle.iam.application.impl_CE,SSLHE,SCPBE,VE_S_TRACE,EXC_MSG.html @@@ See: https://mos-cores.us.oracle.com/collectionviewer/viewer.php/sr/3-289550132201/.dx/mw/ECA_AFP_1535_16123_clusters/ERROR_oracle.iam.application.impl_CE,SSLHE,SCPBE,VE_S_TRACE,EXC_MSG.html Solution. Applicaiton Certificate in your keystore is expired. when OAM is trying to decrypt the request, it is getting error. Find a command sot see the keystore, you will find a cert with expiration date. replace the expired cert with the keytool import and test again. Application will work. here is the command to import a new cert into keystore keytool -import -alias serverwl -trustcacerts -file supportcert.pem -keystore client_store.jks -storepass example_password

weblogic error cvc-elt.4.2: Cannot resolve 'query:AttributeQueryDescriptorType' to a type definition for element 'md:RoleDescriptor'.

Error while loading metadata to weblogic and getting error cvc-elt.4.2: Cannot resolve 'query:AttributeQueryDescriptorType' to a type definition for element 'md:RoleDescriptor'. Solution: Weblogic does not support RoleDescriptor you have to remove the whole section and load the new file, it should work from oracle This is EXPECTED because WLS does not support element 'RoleDescriptor' in IDP xml file.

OAM 12c as Federation Proxy unable to forward SP request to IDP

Application sending request to SP <----> OAM 12c(as a federation proxy) <----> IDP(forgerock) issue is when application is sending the request to OAM, it was unable to forward the request to IDP for authentication. actions we took 1. Run commands to enable OAM as a federation proxy. 2. Integrated OAM with another IDP 3. Run commands to forward requests coming from Application to external IDP. 4. User trying to login to Application and request is going to Federation Proxy(OAM) but it is not being forwarded to External IDP. 5. OAM was not forwarding request to the External IDP, it was on OAM login screen instead of IDP login screen. Solution: Issue was IDP authentication scheme(IDPFederationScheme) was not showing up on OAM. We have to run commands to add this scheme. wlst> domainRuntime() wlst> listPartnerProfileAuthnMethods("sp-partner-profile", "sp") You will not see IDPFederationScheme Make sure it does not list IDPFederationScheme wlst> addSPPartnerProfileAuthnMethod("sp-partner-profile", "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", IDPFederationScheme) wlst> listPartnerProfileAuthnMethods("sp-partner-profile", "sp") Make sure it now lists IDPFederationScheme