Changes in Oracle Access Manager 11g R1 (11.1.1.3)

Applications and Apps Technology
Atul Kumar | Sep 1, 2010 10:25 +0000

This post covers changes in Oracle Access Manager from 10g (10.1.4.X) to 11g (11.1.1.X).

Oracle Access Manager (OAM) : is Access Management Product acquired from Oblix in 2005. 

  • Oblix COREid (6, 7) and OAM 10g is written in C++where as OAM 11g is J2EE application deployed on Oracle WebLogic Server (10.3.3+)
  • There are two main OAM components in OAM 10g, Access System(Access Server, WebGate and Policy Manager) and Identity System (Identity Server and WebPass). In OAM 11g there is NOIdentity System Component“. Identity related functions are moved to Oracle Identity Manager(OIM) 11g. (OIM is user provisioning and reconciliation product acquired from Thor Xellerate)
  • There is NO identityXML interface or Workflow in OAM 11g.
  • Access Server in 10g is now called as OAM Server in 11g
  • Policy Manager in 10g is now called as OAM Administration Console in 11g
  • AccesssGate and WebGate in 10g are now called as OAM Agents in 11g
  • Directory Profiles in 10g are now called as User-Identity Store in 11g
  • In OAM 10g configurations are stored in LDAP servers where as in OAM 11g configurations are stored in xml file (under webloigic domain) - $DOMAIN_HOME/config/fmwconfig/oam-config.xml
  • In OAM 10g Policies are stored in LDAP server where as in OAM 11g you have option to store them either in XML file or in Database.
  • In OAM 10g Sessions used to be stateless where as in OAM 11g, user sessions are stateful and stored on Server in OAM 11g (It is possible to leverage Coherence for distributed caching of session data). For more information on Oracle Coherence (earlier Tangosol) click here
  • In OAM 11g (by default) Policy Data & User session datais stored in single database (details under $DOMAIN_HOME/config/jdbc/oam-db-jdbc.xml) under one schema however it is possible to configure OAM Policy Data in to one database and user session data in another database. 
  • OAM Server (Access Server in 10g) in OAM 11g is deployed on WebLogic Managed Server (oam_server1 - default port 14100)
  • In OAM 11g, OAM Administration Console(Policy Manager in 10g) is deployed on WebLogic Admin Server (default port 7001)
  • URL for OAM Administration Console is http://server:7001/oamconsole (default username/password created during domain creation in weblogic)
  • OAM 11g User Interface (UI) is based on Application Development Framework (ADF)
  • Three type of Web Agents are supported in OAM 11g -
    a) AccessGate/WebGate from 11g
    b) AccessGate/WebGate from 10g (for backward compatibility) and
    c) mod_osso for Oracle 10g Single Sign-On integration  

For step by step installation of Oracle Access Manager (OAM) 11g click here

Related Posts for Access Manager


  1. Integration Steps - 10g AS with OAM (COREid)
  2. OAS - OAM (Access Manager / Oblix COREid) Integration Architecture
  3. Oblix COREid and Oracle Identity Management
  4. Installing Oracle Access Manager (Oblix COREid / Netpoint)
  5. Oracle Access Manager (Oblix COREid) 10.1.4.2 Upgrade
  6. Access Manager: WebGate Request Flow
  7. Introduction to Oracle Access manager : Identity and Access System - WebPass , Webgate, Policy Manager
  8. Certified Directory Server (AD, OID, Tivoli, Novell, Sun or OVD) and their version with Oracle Access Manager
  9. Install Oracle Access Manager (OAM) 10.1.4.3 Identity Server, WebPass, Policy Manager, Access Server, WebGate
  10. Multi-Language or multi-lingual Support/Documentation for Oracle Access Manager (OAM)
  11. OAM Policy Manager Setup Issue “Error in setting Policy Domain Root” : OAM with AD and Dynamic Auxiliary Class
  12. OAM 10.1.4.3 Installation Part II - Indentity Server Installation
  13. OAMCFGTOOL : OAM Configuration Tool for Fusion Middleware 11g (SOA/WebCenter) Integration with OAM
  14. Oracle Access Manager Installation Part III : Install WebPass
  15. OAM : Access Server Service Missing when installing Access Manager with ADSI for AD on Windows
  16. OAM : Create User Identity - You do not have sufficient rights : Create User Workflow
  17. Password Policy in Oracle Access Manager #OAM
  18. Changes in Oracle Access Manager 11g R1 (11.1.1.3)

Share This

Oracle Identity Manager (OIM) Connector for Oracle Internet Directory (OID) : Architecture and Overview

Applications and Apps Technology
Atul Kumar | Aug 26, 2010 10:15 +0000

Oracle Identity Manager (OIM) : is Identity Provisioning and Reconciliation software . To know more about provisioning and reconciliation in OIM click here

Oracle Internet Directory (OID) : is LDAP (Lightweight Directory Access Protocol) compliant Directory Server from Oracle. To know more about OID click here

Oracle Identity Manager Connectors : are used to integrate OIM with third party applications (ERP, OID, Databases)

Resources/Target System : Third Party Applications (OID, EBS/ERP, CRM, Databases) to which OIM connects for reconciliation and provisioning are called as Resources (sometime also referred by Target System)

  • For OID Connector, OID version 9.x, 10.1.4.x and 11Gr1 (11.1.1.X) are supported.

There are two modes in which connector can be run (either of two) Identity Reconciliation or Account Management

a) Identity Reconciliation Mode :OID is used as trusted source and users are modified and created directly in OID and then reconciled to OIM. 
At time of reconciliation,
i) Scheduled task establishes connection to OID and sends reconciliation criteria to APIs (Application Programming Interface)
ii)The APIs extract user records that matches reconciliation criteria and pass them to scheduled task
iii) Scheduled task brings the records to Oracle Identity Manager (OIM)
iv) Each record (users) fetched form OID is then compared with existing OIM users and if user record already exists then update made to user record in OID is copied to OIM user. If no match is found then user record fetched from OID is used to create an OIM User.

b) Account Management Mode: In account management mode OID is used as target resource . When configured in Account Management mode, there are two type of operations provisioning and reconciliation carried out by connector account .

Provisioning Operation: During Provisioning operation
i)Adapters carry provisioning data submitted through process form to OID.
ii)APIs on OID accepts provisioning data from adapters.
iii)APIs carry out required operation (add, update, delete) to OID and return response from OID to adapter
iv) Adapters return response back to OIM

Reconciliation Operation : During Reconciliation Operation
i)Scheduled task establishes connection to OID and sends reconciliation criteria to APIs (Application Programming Interface)
ii)The APIs extract user records that matches reconciliation criteria and pass them to scheduled task
iii) Scheduled task brings the records to Oracle Identity Manager (OIM)
iv) Each record (users) fetched form OID is then compared with existing OIM users and if user record already exists then update made to user record in OID is copied to OIM user. If no match is found then user record fetched from OID is used to create an OIM User.

For Step by Step installation of OID-OIM connector in 11g stay tuned

Share This

Part VI : Configure Identity Manager (OIM) : #OracleIdM 11g : Step by Step Installation of OAM, OIM, OAAM, OAPM, OIN

Applications and Apps Technology
Atul Kumar | Aug 23, 2010 20:34 +0000

This is part VI of step by step installation of Oracle Identity Management (OAM, OIM, OAAM, OAPM & OIN) which covers configuring Oracle Identity Manager 11.1.1.3.0 .
           Oracle Identity Manager (OIM) is User Provisioning and User Management component of Oracle Identity Management 11g.

  • For Part I Download Software and create Schema click here 
  • For Part II Install WebLogic Server 10.3.3  click here
  • For Part III Install SOA Server and Upgrade to 11.1.1.3 click here
  • For Part IV Install IDAM 11.1.1.3 click he
  • For Part V Create Domain for OIM, OAM, OAAM, OAPM & OIN here

To initiate OIM Server configuration execute config.sh under ORACLE_HOME/bin (To create/extend Domain run config.sh under $ORACLE_HOME/common/bin)

  • Select OIM Server (OIM Design Console is design time tool used by developers and available only on Windows).

  • Enter OIM/MDS schema details which We created in Part I of this series here

  • Enter WebLogic Admin Server URL (Admin Server should be running at this stage). Default Port for WebLogic Admin Server URL is 7001
  • T3 is Oracle’s proprietary protocol used by WebLogic to transport data between WebLogic Server and other Java Programs

  • If WebLogic Admin Server is not running then start Admin Server

  • Enter OIM Administrator Password (xelsysadm is OIM Administrator user)
  • Enter OIM HTTP URL (Default OIM Managed Server Port number is 14000)
  • You can configure standalone OHS (Oracle HTTP Server) in-front of WebLogic Server using steps mentioned here

  • For time being don’t select anything here (We will enable OIM for LDAP Sync and integrate with OAM later)
  • Integration of OIM with OAM provides Single Sign-On (SSO) and Access Management features provided by Oracle Access Manager(OAM)

  • Restart WebLogic Admin Server (stopWebLogic.sh & startWeblogic.sh)
  • Start OIM Managed Server using startManagedWebLogic.sh where oim_server1 is name of OIM Managed Server

  • Access OIM Admin Server using http://servername:OIM_Port/oim (default OIM Managed Server Port is 14000)
  • OIM Admin User-name is xelsysadm and password you entered during OIM configuration screen above

.

Part VII : Configure Oracle Access Manager (OAM) : #OracleIdM 11g : Step by Step Installation of OAM, OIM, OAAM, OAPM, OIN coming next !!

Related Posts for IdM


  1. Oracle Identity & Access Management II
  2. Upgrade Oracle Internet Directory/IdM Suite to 10.1.4.2
  3. Oracle Launches Oracle Access Management Suite
  4. Installing Oracle Fusion Middleware (FMW) 11g - Identity Management Components (OID, DIP, OVD, OIF)
  5. Oracle Identity Management Products - OID, OVD, OAM, OIM, ORM, OWSM, OIF, eSSO, OES, OAAM
  6. #OracleIdM 11g webinar : Is this for OAM (Oracle Access Manager) & OIM (Oracle Identity Manager) 11g ?
  7. Installing Oracle Identity Management (OIM & OAM) 11g R1 PS2 (11.1.1.3) : High Level Steps
  8. #OracleIdM 11g : Step by Step Installation of OAM, OIM, OAAM, OAPM, OIN (11.1.1.3.0) - Part I : Load Schema
  9. Part II - Install WebLogic 10.3.3 : #OracleIdM 11g : Step by Step Installation of OAM, OIM, OAAM, OAPM, OIN (11.1.1.3.0)
  10. Part III - Install SOA 11.1.1.2 & Upgrade to 11.1.1.3 : #OracleIdM 11g : Step by Step Installation of OAM, OIM, OAAM, OAPM, OIN (11.1.1.3.0)
  11. Part IV - Install IDAM 11.1.1.3 : #OracleIdM 11g : Step by Step Installation of OAM, OIM, OAAM, OAPM, OIN
  12. Part V : Create Domain : #OracleIdM 11g : Step by Step Installation of OAM, OIM, OAAM, OAPM, OIN
  13. Part VI : Configure Identity Manager (OIM) : #OracleIdM 11g : Step by Step Installation of OAM, OIM, OAAM, OAPM, OIN

Share This

#WebLogic startup prompting from username password : boot.properties

Applications and Apps Technology
Atul Kumar | Aug 21, 2010 03:39 +0000

If your WebLogic Server is running in Production Mode  (WebLogic can be configured to run in Developement or Production Mode more here)  and you start Admin/Managed Server it will prompt for username/password to boot/start weblogic server.

.

How to configure WebLogic Server running in Production Mode to bypass username/password prompt ?

  • boot.properties is the key to this answer, boot.properties (Boot Identity) is a text file which contains username/password to start/stop an instance of WebLogic Server.  More on boot.properties here
  • Create boot.properties in $DOMAIN_HOME/servers/[server_name]/security with content like
    username=[superuser with admin role like weblogic]
    password=[password of user]
  • Repeat tihs for Admin Server and all Managed Server.

.

.

What if We start WebLogic using Node Manager ?

  • If you use Node Manager to start WebLogic Managed Server, Node Manager encrypts and saves the credentials with which it started the server in a server-specific boot.properties at DOMAIN_HOME/servers/SERVER_NAME/data/nodemanager

.

Related Posts for Learn WebLogic with Us


  1. Oracle WebLogic Installation Steps
  2. Domain , Administration & Managed Server, Cluster in Oracle WebLogic
  3. Create Domain in Oracle WebLogic
  4. Oracle WebLogic Server - Startup/Shutdown
  5. Oracle WebLogic Server 10g R3 10.3 is out now
  6. Deploy Application on Oracle WebLogic Server
  7. Cluster Architecture : Oracle WebLogic Server
  8. Start WebLogic Server on Linux on port 80, 443 <= 1024
  9. JDBC (Java DataBase Connectivity ) in Oracle WebLogic - Overview
  10. WebLogic Server JDBC for Database connection : Step by Step
  11. Security in Oracle WebLogic : Realm, Security Provider, Authentication, Authorization, Users
  12. Deploy ADF application to Oracle WebLogic Server
  13. Node Manager in Oracle WebLogic Server
  14. Configure Oracle HTTP Server infront of Oracle WebLogic Server mod_wl_ohs
  15. How to install weblogic server on 64 bit O.S. (Linux /Solaris) ?
  16. Oracle WebLogic Login Issue : Password is not correct (Password Lock Policy)
  17. Oracle WebLogic Server : Node Manager in nutshell
  18. Certification : 1Z0-108 Oracle WebLogic Server 10g System Administrator Certified Expert
  19. How to integrate WebLogic with Oracle Internet Directory for Login : Authentication
  20. opatch, adpatch and now “smart update” (BSU) to apply weblogic patches
  21. Disater Recovery documentation for Oracle WebLogic Server 11g (Fusion Middleware)
  22. Authentication Providers in #WebLogic - Oracle Access Manager Identity Assertion for Single Sign-On and OAM Authenticator
  23. Error while starting WebLogic Server : java.lang.NumberFormatException: null
  24. #WebLogic startup prompting from username password : boot.properties

Share This