Total Pageviews

Sunday, January 22, 2017

OIF updating self signed certificate 2048 bit using orapki

OIF require creating PKCS#12 wallet creation. below is the command to create wallet



1. Creating a PKCS#12 Wallet
To create an Oracle PKCS#12 wallet (ewallet.p12), use the following command:

orapki wallet create -wallet wallet_location [-pwd password]


To create an auto login wallet (cwallet.sso) that is associated with a PKCS#12 wallet (ewallet.p12), use the following command:

orapki wallet create -wallet wallet_location -auto_login [-pwd password]

This command creates a wallet with auto login enabled (cwallet.sso) and associates it with a PKCS#12 wallet (ewallet.p12). The command prompts you to enter the password for the PKCS#12 wallet, if no password has been specified at the command line

2. Adding self signed certificate to Wallet

./orapki wallet add -wallet /tmp/wallet dn "cn=Orasystemsusa certificate" keysize 2048 self_signed validity 1825 pwd Password1

validity 1825 is number of days certificate will be valid.


3. Once you have wallet with self-signed certificate you can upload it by following

Upload the new wallet.

Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.

Navigate to Administration, then Security and Trust.

In the Wallets tab, click Update.

Check the Update checkbox for the wallet you want to update.

Select the keystore type, wallet location, password, and alias. (i uploaded ewallet file)

Click OK.





OIF PKI and SSL Encryption explaination

Good explanation from oracle.


Oracle Identity Federation provides secure communication using X.509 certificate authentication.

Oracle Identity Federation provides encryption for data integrity using public key cryptography, a technique that uses a public and private key pair. Data is signed with a sending party's private key and the signature is verified by the recipient using the sender's public key.

Oracle Identity Federation uses documents known as certificates to enable peer providers to establish trust. A Certificate Authority (CA) issues a certificate to vouch for a user's identity, including the party's public key in the certificate for use by the receiving party.

You configure key pairs and certificates using a local keystore. The identity provider configures a public and private key pair and a certificate - providing validation of the public key from a Certificate Authority (CA) - when using the POST profile. The presentation of the public key by the IdP, and certificate import by the SP, are critical aspects in managing the trust relationship between partners.

Friday, January 20, 2017

steps to add aditional SOA server at current environment



Steps followed to add additional servers:
1) Clone existing SOA server
2) change the hostnames accordingly and added server to the existing cluster
3) Update startup arguments or any other necessary
4) Added the new 3rd servers to the JMS servers list, JMS modules 

changing OIM console to use ssl setting in firefox



1) In FireFox, enter "about:config" in the URL field and press enter.
2) Accept the "This might void your warranty!" warning.
3) In the search field at the top, enter "security.ssl3.dhe_rsa_aes".

4) Double click each result (128 and 256) to toggle the Value to "false" 

OHS 11gR2 is becoming un responsive and loosing the connectivity


when OHS becomes unresponsive due to time out. following setting needs to be changed at httpd.conf



1. Login to OHS server

2. Take a backup of the following files
httpd.conf


3. Change the following

httpd.conf

KeepAliveTimeout  30

4. Restart OHS server

Sunday, January 15, 2017

OIF Managing Signing and Encryption Wallets

from oracle:

Oracle Identity Federation provides a way to update signing and/or encryption wallets smoothly, without interrupting service.

When you need to replace a signing or encryption wallet and a new one is uploaded, Oracle Identity Federation saves the old wallet. The server then continues to use the old wallet in all transactions until it is removed. However, generated metadata will contain the new wallet information as well as the old information. This allows time to notify remote providers about the change.

Once new metadata has been created and distributed to all remote providers, the old wallet can be deleted and Oracle Identity Federation will use the newly uploaded wallet for all subsequent transactions.

Follow these steps when replacing a signing or encryption wallet:

Upload the new wallet.

Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.

Navigate to Administration, then Security and Trust.

In the Wallets tab, click Update.

Check the Update checkbox for the wallet you want to update.

Select the keystore type, wallet location, password, and alias.

Click OK.

Generate and distribute new metadata.

Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.

Navigate to Administration, then Security and Trust.

In the Provider Metadata tab, under the Generate Metadata section, select the provider type and the protocol of the metadata to be generated, and click Generate.

Save the generated metadata.

Distribute the generated metadata to all remote peer providers.

Once all the remote peers updated their system with new metadata, then Delete the old wallet.

Log in to Fusion Middleware Control and navigate to the Oracle Identity Federation instance.

Navigate to Administration, then Security and Trust.

In the Wallets tab, click Update.

In the wallet that you have updated, click Delete old Wallet.

Sunday, January 1, 2017

how to get file from remote unix linux or solaris server using ftp, sftp or scp

ftp servername
to get the file from the host machine use

get filename

to get multipile files use
mget filename


$ sftp user@host
Connected to host
sftp> cd /usr/local/folder
sftp> pwd
Remote working directory: /usr/local/folder
sftp> put myfile.tgz    (to put file at other server)
sftp> get myfile.tgz    (to get file from other server)
 
above commands can also be used with just ftp if you can cant use secure 
 
 
or use scp
 
scp username@host.example.com:/etc/file.txt .