More than just Identity & Access Management: 2015

Friday, December 25, 2015

TIPS: Oracle Enterprise Manager (OEM) 13c

Useful links for OEM 13c

Download: http://www.oracle.com/technetwork/oem/enterprise-manager/downloads/index.html

Documentation: http://docs.oracle.com/cd/E63000_01/index.htm

Features: https://blogs.oracle.com/oem/entry/oracle_enterprise_manager_13c_new

-- Siva Pokuri.

Saturday, November 28, 2015

Sample OAAM 11g API code to reset security profile

Sample Code:

package com.pokuri.oaam;

import java.util.ArrayList;
import java.util.List;

import com.bharosa.vcrypt.auth.intf.*;
import com.bharosa.vcrypt.auth.util.VCryptAuthUtil;
import com.bharosa.vcrypt.common.util.VCryptResponse;
import com.bharosa.vcrypt.customercare.impl.VCryptCCImpl;
import com.bharosa.vcrypt.customercare.impl.VCryptCCSOAPImpl;
import com.bharosa.vcrypt.customercare.util.VCryptCCUtil;

import com.bharosa.vcryptclient.proxy.exception.BharosaProxyException;
import com.bharosa.vcryptclient.proxy.intf.BharosaProxy;

/**
* @author siva pokuri
*
*/
public class ChallengeQuestionsReset
{
public static void main(String[] args)
{
ChallengeQuestionsReset cu = new ChallengeQuestionsReset();
String response = "FAILED";
try
{
response = cu.resetUserProfile("spokuri", "Default");
System.out.println("Response " + response);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("RESPONSE " + response);
}

public String resetUserProfile(String userName, String primaryGroupName)
{
System.out.println("Creating user: " + userName);
try{

VCryptCCSOAPImpl vcc = new VCryptCCSOAPImpl();
VCryptResponse vr = vcc.resetUser(userName);

System.out.println("Message " +vr.getSuccess());
System.out.println("Status code Message " +vr.getResponseCode());

return "SUCCESS";

}
catch (Exception e) {
// TODO: handle exception
}
return "FAILED";
}

}

-- Siva Pokuri.

Tuesday, November 17, 2015

WATCH: Oracle Access Manager(OAM) 11g R2 PS3 Impersonation Demo

Oracle Access Manager 11g R2 PS3 Impersonation Demo

Pre-requisites:

OAM 11g R2 PS3 environment is up and running with OUD as user store & protected sample resource called “spokuri.html” with LDAPSchema
Enabled Impersonation in OAM & Extend OAM LDAP schema into OUD directory server
Created user “kpokuri”(Impersonatee) with “orclIDXPerson” object class in OUD
Created user “spokuri”(Impersonator) in OUD
Added an attribute “orclImpersonationGrantee” to “kpokuri” and value as “8c69d7465afc406a947669204ad88ecf|20100324163000Z|20180524172000Z”

Description: orclImpersonationGrantee attribute value has 3 parameters separated by pipe “|”.

1. Impersonator orclguid. In this case, it’s “spokuri” user orclguid.

2. Impersonation start date

3. Impersonation end date

Demo Video:

Test Case:

Access OAM LDAP Schema protected resource http://pokuri.demo.com:7777/spokuri.html
Enter impersonator credentials spokuri/<<password>>
Open a new tab and access http://pokuri.demo.com:14100/oam/server/impersonate/start?userid=kpokuri&success_url=http://pokuri.demo.com:7777/kpokuri.html&failure_url=http://pokuri.demo.com:7777/error.html
When prompted enter impersonator password again
Up on successful impersonation to user “kpokuri” new session will be created in OAM for user “kpokuri”.
Check the “kpokuri” user session in OAM admin console “session management” and notice that impersonation field will be “true”.

Hope this helps some one out there!!

-- Siva Pokuri.

Saturday, October 24, 2015

Fix: OAM 11g R2 PS2 (11.1.2.2.0) Keystore tampered error

Issue:

OAM 11g R2 PS2 (11.1.2.2.0) throwing the following error:

[oam_server1] [ERROR] [] [Coherence] [tid: Logger@1725259747 3.7.1.1] [userId: ] [ecid: 0000Kcfv^DM7ECK6yVuXMG1KXY0q000002,0] [APP: oam_server#11.1.2.0.0] 2015-10-12 03:08:58.358/302741.698 Oracle Coherence GE 3.7.1.1 (thread=Configuration Store Observer, member=n/a): Error while starting cluster: (Wrapped) java.io.IOException: Keystore was tampered with, or password was incorrect.

- Restarting the Oracle Access Manager (OAM) Server fails with the same error.

Reason:

The ".cohstore.jks" keystore file is corrupt and must be restored from backup.

If the password in the ".cohstore.jks" keystore file is corrupt, even though you may be able to get the password using a WLST command, it needs to be restored from backup.

Solution:

1) Start the AdminServer.

2) Connect to the Enterprise Manager.
3) Locate the Domain in the left navigation panel.
4) Right click and select Security -> Credentials.
5) Delete the credential Map key pair (OAM_STORE, coh).
6) Restart the AdminServer. This will re-create the Coherence Bootstrap artifact and reset the required password.

-- Siva Pokuri.

Thursday, October 22, 2015

TIPS: SQL query to search OAAM 11g User security questions registered in database

Query:

select question from v_user_questions where question_id in (select question_id from v_user_qa where user_id in (select user_id from vcrypt_users where login_id = 'spokuri') and answer != 'null');

-- Siva Pokuri.

Sunday, September 27, 2015

TIPS: To turn off location prompt in OAAM Server login page

OAAM Location tracker screenshot:

Change below property value from "true" to "false" in OAAM Admin Console to stop that Location tracker prompt:

bharosa.uio.default.javascript.fingerprint.location.prompt.enabled=true

-- Siva Pokuri.

Friday, September 25, 2015

How to integrate OBIEE with OAM

OBIEE Integration with Oracle Access Manager

Demo:

Quick Demo is HERE

Prerequisites

1. Install and Configure Oracle Access Manager. Steps here

2. Install and configure OBIEE. Steps here.

3. Install and configure LDAP. Steps here

4. Install Webserver/Webgate and register webgate with Oracle Access Manager.

Integration Steps:

1. Configure reverse proxy for OBIEE applications. In my case I am using OHS as proxy server and i have OHS webgate on top of it.

2. Create required OBIEE Groups in LDAP.

3. Login to Weblogic admin console and navigate to Security realm > my realm > providers.

Create two new providers (LDAP provider and OAM Asserter) as per the below screen shot

4. Reorder the providers as per the below screen shot. and Restart weblogic Admin server and Managed servers.

5. Login to the http://<hostname>:<port>/em.

6. Navigate to Weblogic domain> bifoundation_domain> Security> Security provider configuration.

7. Scroll down to Single sign on provider and click on Configure.

8. Configure as per below screen shot.

9. Login to http://<hostname>:<port>/analytics.

10. Navigate to Administration> Manage BI Publisher> Security Configuration.

11. In Authentication section do the changes as per the below screen shot.

12. Login to http://<hostname>:<port>/em

13. Click on coreapplication under Business Inteligence.

14. Perform the changes as per the below screen shot. and click on Apply and click on Activate changes.

15. Login to workspace http://<hostname>:<port>/workspace.

16. Go to Navigate> Administer> Workspace Settings> Server Settings.

17. Modify Log off URL and select Yes in Enable Single Sign on as per the below screen shot.

18. Restart Weblogic Admin server and Managed Servers.

19. Now try to access the application with proxy URL. User will get OAM login page for Authentication.

http://dev.kiran.com:7777/analytics

Hope this is helpful.

Thanks

Kiran Pokuri

How to Installation and Configuration OBIEE

OBIEE Installation and Configuration.

OBIEE-RCU Installation:

OBIEE-Installation and Configuration:

Configure Components URL's

WebLogic Console

http://<hostname>:7001/console

Oracle Enterprise Manager

http://<hostname>:7001/em

Business Intelligence Enterprise Edition

http://<hostname>:9704/analytics

Business Intelligence Publisher

http://<hostname>:9704/xmlpserver

Real-Time Decisions

http://<hostname>:9704/ui

Calculation Manager

http://<hostname>:9704/workspace

Financial Reports

http://<hostname>:9704/workspace

Workspace

http://<hostname>:9704/workspace

Essbase Suite

APS

http://<hostname>:9704/aps

Hope this is help full...

Thanks
Kiran Pokuri