Total Pageviews

Wednesday, March 29, 2017

OAM export policies error Traceback (innermost last): File "", line 1, in ? NameError: exportPolicy


wls:/oam_domain/serverConfig> exportPolicy(PathTempOAMPolicyFile='/tmp/pre_upgrade_oam.xml')
Traceback (innermost last):
  File "<console>", line 1, in ?
NameError: exportPolicy
wls:/oam_domain/serverConfig> exportPolicy('/tmp/policy_export.xml')
Traceback (innermost last):
  File "<console>", line 1, in ?
NameError: exportPolicy
wls:/oam_domain/serverConfig> exit()


Solution:

you are running wlst.sh command from wrong place. it should be run from $ORACLE_HOME/common/bin/wlst.sh

find where is ORACLE_HOME/common/bin

and run 
wlst.sh

wls:/oam_domain/serverConfig> exportPolicy('/tmp/policy_export.xml')
Successfully exported policies. Check log file for details.

if you got below error use  command without path

wls:/oam_domain/serverConfig> exportPolicy(PathTempOAMPolicyFile='/tmp/pre_upgrade_oam.xml')
Traceback (innermost last):
  File "<console>", line 1, in ?
TypeError: exportPolicy() got an unexpected keyword argument 'PathTempOAMPolicyFile'


use command without PathTempOAMPolicyFile


wls:/oam_domain/serverConfig> exportPolicy('/tmp/policy_export.xml')







Posted by at No comments:

Saturday, February 4, 2017

difference between 10g webgate and 11g webgate

from oracle

Here is 11g features:
  • Oracle Universal Installer for platform. Generic for all platforms
  • Host-based cookie
  • Individual WebGate OAMAuthnCookie_ making it more secure
  • A per agent key, and server key, are used. Agent key is stored in wallet file and Server key is stored in Credential store
  • One per-agent secret key shared between 11g WebGate and OAM Server One OAM Server key
  • OAM 11g supports cross-network-domain single sign-on out of the box. Oracle recommends you use Oracle Identity Federation for this situation.
  • Capability to act as a detached credential collector
  • Webgate Authorization Caching
  • Diagnostic page to tune parameters
  • Has separate install and configuration option. Hence, single install and multiple instance configuration is supported.
And 10g:

  • InstallShield and One installer per platform
  • Domain-based cookie
  • ObSSOCookie (one for all 10g Webgates)
  • Global shared secret stored in the directory server only (not accessible to WebGate)
  • There is just one global shared secret key per OAM deployment which is used by all the WebGates
  • OAM 10g provides a proprietary multiple network domain SSO capability that predates Oracle Identity Federation. Complex configuration is required.
  • One Web server configuration supported per WebGate. Need to have multiple WebGates for multiple instances.
Posted by at No comments:

configuring e-Auth Mode at OIF thru WLST



Configuring for eAuth Mode

You can configure the Oracle Identity Federation server to comply with the eAuth specifications. Most of the configuration is performed through Fusion Middleware Control, but the specifications require the presence of two attributes in the SSO assertion that can only be configured through the MBeans/WLST scripts:

the us:gov:e-authentication:basic:specVer attribute containing the version of the eAuth specifications supported by this server

the us:gov:e-authentication:basic:Sid attribute containing the session identifier of the user performing the single sign-on

To configure Oracle Identity Federation to set those two attributes (for a specific provider) and to set the value of the eAuth version, enter the WLST script environment for Oracle Identity Federation instance, and set the following properties if needed:

Set the eauthmodeenabled boolean property for the remote provider to true to enable the eAuth mode:

setFederationProperty(REMOTE_PROVIDER_ID,
'eauthmodeenabled', 'true', 'boolean')
##
## replace REMOTE_PROVIDER_ID with the identifier of the remote provider
Set the eauthversion string property from the idpglobal group to the value the Oracle Identity Federation server should use (2.0 for example):

setConfigProperty('idpglobal', 'eauthversion', '2.0', 'string')


Posted by at No comments:

Sunday, January 22, 2017

OIF updating self signed certificate 2048 bit using orapki

OIF require creating PKCS#12 wallet creation. below is the command to create wallet



1. Creating a PKCS#12 Wallet
To create an Oracle PKCS#12 wallet (ewallet.p12), use the following command:

orapki wallet create -wallet wallet_location [-pwd password]


To create an auto login wallet (cwallet.sso) that is associated with a PKCS#12 wallet (ewallet.p12), use the following command:

orapki wallet create -wallet wallet_location -auto_login [-pwd password]

This command creates a wallet with auto login enabled (cwallet.sso) and associates it with a PKCS#12 wallet (ewallet.p12). The command prompts you to enter the password for the PKCS#12 wallet, if no password has been specified at the command line

2. Adding self signed certificate to Wallet

./orapki wallet add -wallet /tmp/wallet dn "cn=Orasystemsusa certificate" keysize 2048 self_signed validity 1825 pwd Password1

validity 1825 is number of days certificate will be valid.


3. Once you have wallet with self-signed certificate you can upload it by following

Upload the new wallet.

Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.

Navigate to Administration, then Security and Trust.

In the Wallets tab, click Update.

Check the Update checkbox for the wallet you want to update.

Select the keystore type, wallet location, password, and alias. (i uploaded ewallet file)

Click OK.





Posted by at No comments:

OIF PKI and SSL Encryption explaination

Good explanation from oracle.


Oracle Identity Federation provides secure communication using X.509 certificate authentication.

Oracle Identity Federation provides encryption for data integrity using public key cryptography, a technique that uses a public and private key pair. Data is signed with a sending party's private key and the signature is verified by the recipient using the sender's public key.

Oracle Identity Federation uses documents known as certificates to enable peer providers to establish trust. A Certificate Authority (CA) issues a certificate to vouch for a user's identity, including the party's public key in the certificate for use by the receiving party.

You configure key pairs and certificates using a local keystore. The identity provider configures a public and private key pair and a certificate - providing validation of the public key from a Certificate Authority (CA) - when using the POST profile. The presentation of the public key by the IdP, and certificate import by the SP, are critical aspects in managing the trust relationship between partners.
Posted by at No comments:

Friday, January 20, 2017

steps to add aditional SOA server at current environment



Steps followed to add additional servers:
1) Clone existing SOA server
2) change the hostnames accordingly and added server to the existing cluster
3) Update startup arguments or any other necessary
4) Added the new 3rd servers to the JMS servers list, JMS modules 
Posted by at No comments:

changing OIM console to use ssl setting in firefox



1) In FireFox, enter "about:config" in the URL field and press enter.
2) Accept the "This might void your warranty!" warning.
3) In the search field at the top, enter "security.ssl3.dhe_rsa_aes".

4) Double click each result (128 and 256) to toggle the Value to "false" 
Posted by at No comments:
Subscribe to: Posts (Atom)