Saturday, November 28, 2015

Sample OAAM 11g API code to reset security profile

Sample Code:

package com.pokuri.oaam;

import java.util.ArrayList;
import java.util.List;

import com.bharosa.vcrypt.auth.intf.*;
import com.bharosa.vcrypt.auth.util.VCryptAuthUtil;
import com.bharosa.vcrypt.common.util.VCryptResponse;
import com.bharosa.vcrypt.customercare.impl.VCryptCCImpl;
import com.bharosa.vcrypt.customercare.impl.VCryptCCSOAPImpl;
import com.bharosa.vcrypt.customercare.util.VCryptCCUtil;

import com.bharosa.vcryptclient.proxy.exception.BharosaProxyException;
import com.bharosa.vcryptclient.proxy.intf.BharosaProxy;

/**
 * @author siva pokuri
 *
 */
public class ChallengeQuestionsReset
{
public static void main(String[] args)
{
ChallengeQuestionsReset cu = new ChallengeQuestionsReset();
String response = "FAILED";
try
{
response = cu.resetUserProfile("spokuri", "Default");
System.out.println("Response " + response);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("RESPONSE " + response);
}
 
  public String resetUserProfile(String userName, String primaryGroupName)
{
   System.out.println("Creating user: " + userName);
            try{
 
   VCryptCCSOAPImpl vcc = new VCryptCCSOAPImpl();
   VCryptResponse vr = vcc.resetUser(userName);
 
   System.out.println("Message " +vr.getSuccess());
   System.out.println("Status code Message " +vr.getResponseCode());

return "SUCCESS";

  }
  catch (Exception e) {
// TODO: handle exception
}
return "FAILED";
}

}

-- Siva Pokuri.

Tuesday, November 17, 2015

WATCH: Oracle Access Manager(OAM) 11g R2 PS3 Impersonation Demo

Oracle Access Manager 11g R2 PS3 Impersonation Demo

Pre-requisites:
  1. OAM 11g R2 PS3 environment is up and running with OUD as user store & protected sample resource called “spokuri.html” with LDAPSchema
  2. Enabled Impersonation in OAM & Extend OAM LDAP schema into OUD directory server
  3. Created user “kpokuri”(Impersonatee) with “orclIDXPerson” object class in OUD
  4. Created user “spokuri”(Impersonator) in OUD
  5. Added an attribute “orclImpersonationGrantee” to “kpokuri” and value as “8c69d7465afc406a947669204ad88ecf|20100324163000Z|20180524172000Z”

Description: orclImpersonationGrantee attribute value has 3 parameters separated by pipe “|”.

1.     Impersonator orclguid. In this case, it’s “spokuri” user orclguid.
2.     Impersonation start date
3.     Impersonation end date


Demo Video: 




Test Case:

  1. Access OAM LDAP Schema protected resource http://pokuri.demo.com:7777/spokuri.html
  2. Enter impersonator credentials spokuri/<<password>>
  3. Open a new tab and access http://pokuri.demo.com:14100/oam/server/impersonate/start?userid=kpokuri&success_url=http://pokuri.demo.com:7777/kpokuri.html&failure_url=http://pokuri.demo.com:7777/error.html
  4. When prompted enter impersonator password again
  5. Up on successful impersonation to user “kpokuri” new session will be created in OAM for user “kpokuri”.
  6. Check the “kpokuri” user session in OAM admin console “session management” and notice that impersonation field will be “true”.



Hope this helps some one out there!!

-- Siva Pokuri.