OAM 126.96.36.199 certified EBS This blog entry shows OAM 11G Rel 2 PS2 (a.k.a. 188.8.131.52.0) is certified against the Oracle e-Business suite 11 and 12 as of February 2014. Just in case you missed it, like me. Oracle e-business and SSO using OAMThe blog entry also references a series of articles on how to do e-Business Suite SSO using OAM.
Just a little project I just happened to be upgrading my workstation, and was left with some spare parts. I had some memory modules, an old P5 motherboard, and several AT-style enclosures. Also, I noticed my trusty Synology Diskstation began needing some larger disks. Or maybe it was time to replace it all together? Keeping up indexing my music and photos seems to become quite a daunting task,
WeblogicHost versus WeblogicCluster Despite the fact, the oamconsole can not be clustered, it has to be "clustered". If you ever find yourself in a scenario, where your configure a webgate in front of your OAM Console, make sure you configure it like ############################################## ## Entries Required by Oracle Access Manager ############################################## # OAM
Once upon a time.. you had a working environment with WebLogic, Access and Identity Management (or Discoverer, or ...) and all of a sudden things start failing. Symptoms You notice the dreaded OAMSSA-06252 (Policy Store not Available) while starting up, and start fearing the worst. Also, it seems as-if you cannot login to OAM management console anymore; your credentials are accepted, but you get
One of the worst documented areas in OAM; customizing pages with DCC. One revelation: you must use login.pl when you want logout.pl to work, as login.pl seems to build the "Callback URL" list, that logout.pl uses to destroy the session cookies.
Intro At the governmental institute that hired me, I'm working hard to get the full Oracle Identity and Access Management (IAM) stack implemented. A colleague suggested OpenIAM, which -at closer look- turns out to be a fork of what I believe to be the origin of the Oracle stack, Sun's OpenSSO. So, I started at looking at this stack, which is available from ForgeRock. Let's start with the basis:
Oracle lanched Identity and Access management 11G Release 2, Version 8 (also known as V184.108.40.206.0) two weeks ago. You should check it out. Some reasons why: Installation is so much easier Installation is error proof (the "just MUST run configuresecurity first, or redo all" error can not occur. Tested it) The interface (OAM Console) has had a major overhaul. It responds faster and is more
Repository Creation Utility Running the Repository Creation Utility (RCU) for Linux is troublesome for some reasons. One of the reasons is it is 32-bits software, whereas the Linux platforms now are predominantly 64 bits. The other is java... Running it off my Ubuntu LTS host, using linux32 ./bin/rcu" resulted in (more...)
Hardware Virtual hardware added to the Database and OUD/OVD installs: an 8GB/4CPU VM. Basic Software Of course, jrockit (the 37 release, the 45 does not always work with OFM 11GR2...) and WebLogic 10.3.6. WLS 12 is not yet certified against OFM I&AM 11GR2, as far as I (more...)
There is some documentation regarding APEX and OAM, but it is flawed. Make sure APEX functions with standard (APEX user based) security, even through OAM; this means Allow /APEX/** Allow /i/** Protect /apex/apex_authentication.callback Page 9 states "OAM_REMOTE_USER with a value of $user.userid is created by default".Not true, (more...)
ODSM and ODSM? The version of ODSM, suitable for OUD will *not* serve OVD or OID, it is as simple as that. In fact, Oracle spends a whole chapter on installing the lot. I did follow this, but sometimes you want to explore different routes. OUD and ODSM I have (more...)
Brilliant explanation, RTFM made polite. [oracle@local ~]$ oerr ora 2248 02248, 00000, "invalid option for ALTER SESSION" // *Cause: Obvious. // *Action: see SQL Language Manual for legal options.
Enterprise User Security: Step by Step I want to set OUD up in the way I've done it with OID 10.1.4.3: Use a Shared Schema in every database map this shared schema within the security domain in OUD create enterpise users in OUD Use a group in (more...)
Part two of OUD. Start it up # su - oracle $ /oracle/Middleware/asinst-1/OUD/bin/start-ds Just to make things happen, I shut down the firewall: # service iptables stop But at least, I can do things like: frank@ubuntu64:~$ ldapsearch -D "cn=Directory Manager" -w Welcome1 -h oud -p 1389 -b dc=home,dc=local cn=groups -LLL (more...)
Configure the Unified Directory server /oracle/Middleware/oracle_common/common/bin/config.sh Of course, add new domain. There's nothing yet! Select ODSM and EM; JRF will come automagically Changing the defaults Don't forget to document the passwords... Production mode; I will not develop new apps, so there's no need to scan for these - it (more...)
Installation and use. Having worked on a proof-of-concept which heavily depends on all sorts of Oracle Identity suites, I learned Oracle will probably dump OID (Internet Directory) and OVD (Virtual Directory) over the next 5 years in favor of Oracle Unified Directory (OUD - which means "old" in Ducth). So, (more...)
When SSO works with Windows native Authentication, the Apache logging shows this: 10.10.10.116 - - [03/Feb/2011:11:11:34 +0100] "GET /oiddas/ui/oracle/ldap/das/mypage/ViewMyPage HTTP/1.1" 302 1061 10.10.10.116 - - [03/Feb/2011:11:11:34 +0100] "GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~18DD161D~A37A8CBF4314DD9
In a nutshell: Start nodemenager /oracle/middleware/wlserver_10.3/server/bin/startNodeManager.sh Configure the Identity and Management Suite: /oracle/middleware/Oracle_IDM1/bin/config.sh DO NOT START YOUR MANAGED SERVERS!!! There's an omission in the manual... You need to configure the database as security placeholder first. You do that by /oracle/middleware/oracle_common/common/bin/wlst.sh
Easy enough, when you know how ;) Start database & listener (of course, your environment is set): lsnrctl start sqlplus / as sysdba<
Easy enough, when you know how Start database & listener (of course, your environment is set): lsnrctl start sqlplus / as sysdba
Install software Java You will need some sort of Java; I have none, and chose to use JRockit. Installing: [oracle@idm1 ~]$ /oracle/install/Software/weblogic/jrockit-jdk1.6.0_37-R28.2.5-4.1.0-linux-x64.bin Extracting 0%....................................................................................................100% No Demoes, no source code. WebLogic Oracle left the Apache camp, and now