Showing posts with label OAM. Show all posts
Showing posts with label OAM. Show all posts

Thursday, January 17, 2019

The AccessGate is unable to contact any Access Servers."#011raw_code^301#011

Error: The AccessGate is unable to contact any Access Servers."#011raw_code^301#011

 Version: OAM 11.1.2.3 and later

 Work Around:

  1. Go into oamconsole and modify the webagte profile ( may be decrease the Cache Timeout by a second )for the first agent and save it.
  2. Download webagte artifacts
  3. Copy the artifacts from the the oam server directory to appropriate directories for the correct webgate.
  4. Restart the webserver instance on which webgate is running.


 Thanks,
Aditya.
Posted by No comments:
Labels: , ,

Wednesday, December 27, 2017

The HTTP Filter DLL C:\oracle\product\11.1.1\as_1\webgate\iis\lib\webgate.dll failed to load. The data is the error.


The HTTP Filter DLL C:\oracle\product\11.1.1\as_1\webgate\iis\lib\webgate.dll failed to load.  The data is the error. 
Could not load all ISAPI filters for site 'examplesite'.  Therefore site startup aborted.

ISSUE:

After installation of IIS7 webgate on Windows 2008 R2 when a protected
resource is accessed following error is displayed

ERROR:

The HTTP Filter DLL C:\oracle\product\11.1.1\as_1\webgate\iis\lib\webgate.dll
failed to load.The data is the error.Could not load all ISAPI filters for site 'examplesite'.  
Therefore site startup aborted.

CAUSE:
Missing Microsoft VC++ libraries and incorrect information in webgate.ini file

To resolve above issue:
  1. Download and install Visual C++ Redistributable for Visual Studio 2012 Update 4 64bit on windows 2008 R2 machine where IIS webgate is installed.
  2. Now try to access protected resource.
  3. You should be successfully redirected to login page
Posted by 1 comment:
Labels: , , , , , , ,

Tuesday, October 10, 2017

How to allow multiple login attributes in OAM/OAAM integrated environment

Requirement:

The requirement is to allow users to choose at login time from 2 different attributes from LDAP (e.g. uid and email address). 

 Oracle solution:

 Ref: How to allow multiple login attributes in OAM/OAAM integration using a custom TAP module (Doc ID 2190079.1)

 For login user enters username and password on the OAAM page used when integrated with OAM (oaam_server/oamLoginPage.jsp).

 Doing so, however, will imply that OAAM will have to keep two security profiles corresponding to each login attribute. When user is authenticated using a different attribute for the first time he will be seen as a new user (OAAM will create a new user record with login_id set to the new attribute value in the VCRYPT_USERS database table) so the registration process will take place again.

 This will affect as well any pattern, behavior data which OAAM registers for that user (which will actually be seen by OAAM as 2 users now) so it's not recommended in case one wants to have highly accurate login and pattern data for each user.

Custom solution:

 Since there is a limitation when OAAM is part of solution as mentioned in Oracle solution. Below custom solution will prevent creating duplicate OAAM security profiles for same user who login with either username or email address and no custom TAP modules need to be created in OAM.

 By customizing OAAM login flow using OAAM extensions it can be achieved.

 High level steps below.

  1. Copy struts config file action mapping for /login.do from oaam_server.ear to OAAM extensions WAR file struts XML file.
  2. Change the "/login.do" action mapping "success" redirect to custom action(Example: /validateUser.do)
  3. Write an action class extending struts action with below logic.
    1. Get user entered email address/username entered in OAAM login page screen from OAAM session.
    2. Write custom logic(JNDI code) to get user login attribute(uid) from user store in custom action class
    3. Update UIOSessionData instance with user login attribute(uid) retrieved from user store
    4. Recreate VcryptAuthUser with login username(uid attribute retrieved from user store) if user has already OAAM security profile already created.
    5. Send action forward to "/loginJump.do" to continue login process with username(uid attribute) even though user entered email address.
  4. Build custom action class into a custom jar file and deploy in OAAM extensions war under /WEB-INF/lib folder
Thanks
Siva Pokuri.
Posted by No comments:
Labels: , , , , , ,

Wednesday, August 23, 2017

Oracle Mobile Authenticator (OMA) Offline secret key generation curl command


Curl command to generate Oracle Mobile Authenticator account registration in OMA app.

curl --user <<USERID>>:<<PASSWORD>> --data "" http://<<HOST_NAME>>:14100/ms_oauth/resources/userprofile/secretkey


Click Here for Oracle Mobile Authenticator integration with OAM.

Thanks
Siva Pokuri.
Posted by 1 comment:
Labels: , , , ,

OIF 11g "Authentication request is expired" error message


Issue

 When IDP and SP system time is not in sync you might see "Authentication request is expired" error message in OIF log messages. And you can notice "RequestDenied" status SAML message.

 Error Message:

 [2017-08-23T10:05:11.877-04:00] [oam_server1] [ERROR] [FED-15063] [oracle.security.fed.eventhandler.fed.profiles.utils.CheckUtils] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 8eeddbe1def2bc04:-43c8fb68:15df144d399:-8000-000000000106474c,0] [APP: oam_server#11.1.2.0.0] Authentication request is expired.

 Cause

 When Identity Provider (OIF) and Service Provider servers system time is not in sync above error message appears.

 Resolution

 Make sure both Service Provider and Identity Provider machines system time is in sync.

 Thanks
Siva Pokuri.
Posted by No comments:
Labels: , , , , ,

Tuesday, March 14, 2017

TIPS: Change Database Hostname After OAM security store configured

Change Database Hostname After OAM security stored configured

Issue: 

Database Hostname need to be changed after OAM security store is configured.

Changes: 
  1. Login to Weblogic console and modify below connection pools 
    1. Navigate to "Services > Datasources > oamDS > Connection Pool" and modify connection details
    2. Navigate to "Services > Datasources > opss-DBDS > Connection Pool" and modify connection details.
    3. If weblogic console is not accessible then modify two files "oam-db-jdbc.xml and opss-jdbc.xml" under <MW_HOME>/user_projects/domains/base_domain/config/jdbc.
  2. Login to server and navigate to below location.
    1. <MW_HOME>/user_projects/domains/base_domain/config/fmwconfig/
    2. Modify jps-config-jse.xml, jps-config-migration.xml and jps-config.xml  file
    3. Modify "jdbc.url" property and update with new hostname.
  3. Restart Admin server and managed server.
  4. Repeat step 2 in all your cluster nodes.

Expected Error if  jps-config-jse.xml, jps-config-migration.xml and jps-config.xml  files not modified.


Info: Data source is: opss-DBDS
[EL Severe]: 2017-03-14 20:39:37.575--ServerSession(1547285287)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection
Error Code: 17002
Mar 14, 2017 8:39:37 PM oracle.security.jps.internal.common.config.AbstractSecurityStore getSecurityStoreVersion
WARNING: Unable to get the Version from Store returning the default. Reason: java.net.ConnectException: Connection refused.
[EL Severe]: 2017-03-14 20:39:37.978--ServerSession(1619843188)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection
Error Code: 17002
Mar 14, 2017 8:39:37 PM oracle.security.jps.internal.credstore.ldap.LdapCredentialStore init
WARNING: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-00027: There was an internal error: java.net.ConnectException: Connection refused
JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-00027: There was an internal error: java.net.ConnectException: Connection refused
Error: Diagnostics data was not saved to the credential store.
Error: Validate operation has failed.
Need to do the security configuration first!


Thanks
Kiran Pokuri
Posted by 3 comments:
Labels: , , , , , , , ,

Friday, April 22, 2016

Federation between OAM 11g R2 PS2 (as IDP) And OAAM 11g R2 PS2 (with TAPScheme) Is Failing

Error Message:

 [2016-01-10T10:35:15.624-04:00] [oaam_server_server1] [WARNING] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: d755faf711bced8d:-36c6a2a8:1540baa882a:-8000-0000000000011332,0] [APP: oaam_server#11.1.2.0.0] [DSID: 0000LGyO9iN4epo5GVG7yf1N3Jbx00001_] OAM TAP Submit URL not found in TAP token, OAM may not be up to date.

 This is known issue in OAM + OAAM 11g R2 PS2 base environment.

 Follow the oracle support document below to download and install one off patch

 Federation between OAM (as IDP) And OAAM (with TAPScheme) Is Failing (Doc ID 1928959.1)

(OR)

 Update OAM & OAAM to latest build patch.

 -- Siva Pokuri
Posted by No comments:
Labels: , , , , ,

Friday, March 18, 2016

OAM 11g R2 PS3 Twitter Social Auth video


-- Siva Pokuri.

Posted by No comments:
Labels: , , , , ,

Tuesday, March 15, 2016

OAM 11g R2 PS3 LinkedIn Social Authentication video


-- Siva Pokuri.

Posted by No comments:
Labels: , , , , , , , ,

Oracle Access Manager(OAM) 11g R2 PS3 Facebook Social Authentication demo video




-- Siva Pokuri.

Posted by 1 comment:
Labels: , , , , , , ,

Thursday, January 21, 2016

How to configuration and test OAM Access SDK 10g + OAM 11g with Dot Net


Access SDK 10g Installation & Configuration with OAM 11g R2 PS2 

Purpose

  1. Install & configure ASDK 10g with OAM 11g R2 PS2 and test SSO using .NET ASDK API’s.

Environment

  1. OS: Windows 2008 Server SP2 (64-bit)
  2. DOT Net Framework: 4.0
  3. OAM: 11g R2 PS2 (11.1.2.2.0) running on OEL 5.9
  4. Access SDK: 10g (10.1.4.3.0+BP10, BP13+IP09 (Patch Number 18110352))

Installation
  • Download & Install Access SDK
  • Install ASDK using Oracle_Access_Manager10_1_4_3_0_Win64_AccessServerSDK.exe from oam_int_win_v17_cd1.zip
URL:       http://www.oracle.com/technetwork/middleware/ias/downloads/101401-099957.html

  • Access Gate Registration 


  • Download and install apply patch “18110352” from Oracle Support which is the BP13-IP09 (latest version of the ASDK for Win64).
  • Patch Output:

C:\Users\Administrator\Downloads\p18110352_10143_MSWIN-x86-64\AccessSDK\Oracle_Access_Manager10_1_4_ 3_0_BP13-IP09_Patch_win64_AccessServerSDK_binary_parameter>patchinst.exe
Please enter Installation directory:
C:\NetPoint\AccessServerSDK
--- Oracle Access Manager System install ---
Upgrading Access Server SDK from release 10.1.4.3.0 BP 10 to release 10.1.4.3.0.13-IP09 BP 13-IP09. Unloading files to C:\NetPoint\AccessServerSDK/unload-Oracle-10143013-IP09BP13-IP09-2564.
unloading 'include/obaccess_api_c.h'
unloading 'include/obaccess_api_mgd.h'
unloading 'oblix/config/np1014_sdk.txt'
unloading 'oblix/lib/access_api_mgd.lib'
unloading 'oblix/lib/access_flush.dll'
unloading 'oblix/lib/jobaccess.jar'
unloading 'oblix/lib/obaccess.dll'
unloading 'oblix/lib/obaccess.lib'
unloading 'oblix/lib/obaccess_api_mgd.dll'
unloading 'oblix/lib/obnlsrtl.dll'
unloading 'oblix/lib/obxmlengine.dll'
unloading 'oblix/tools/configureAccessGate/configureAccessGate.exe'
unloading 'oblix/tools/migration_tools/obmigratefiles.exe'
unloading 'oblix/tools/migration_tools/obmigratenp.exe'
unloading 'oblix/tools/migration_tools/obpdiff.exe'
Backing up old files to C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter. backing up 'include/obaccess_api_c.h'
backing up 'include/obaccess_api_mgd.h'
backing up 'oblix/config/np1014_sdk.txt'
backing up 'oblix/lib/access_api_mgd.lib'
backing up 'oblix/lib/access_flush.dll'
backing up 'oblix/lib/jobaccess.jar'
backing up 'oblix/lib/obaccess.dll'
backing up 'oblix/lib/obaccess.lib'
backing up 'oblix/lib/obaccess_api_mgd.dll'
backing up 'oblix/lib/obnlsrtl.dll'
backing up 'oblix/lib/obxmlengine.dll'
backing up 'oblix/tools/configureAccessGate/configureAccessGate.exe'
backing up 'oblix/tools/migration_tools/obmigratefiles.exe'
backing up 'oblix/tools/migration_tools/obmigratenp.exe'
backing up 'oblix/tools/migration_tools/obpdiff.exe' C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/include: File exists
backing up 'include/obaccess_api_c.h'
backing up 'include/obaccess_api_mgd.h' C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix: File exists C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/config: File exists backing up 'oblix/config/np1014_sdk.txt' C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/lib: File exists
backing up 'oblix/lib/access_api_mgd.lib'
backing up 'oblix/lib/access_flush.dll'
backing up 'oblix/lib/jobaccess.jar'
backing up 'oblix/lib/obaccess.dll'
backing up 'oblix/lib/obaccess.lib'
backing up 'oblix/lib/obaccess_api_mgd.dll'
backing up 'oblix/lib/obnlsrtl.dll'
backing up 'oblix/lib/obxmlengine.dll' C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/tools: File exists C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/tools/configureAccessGat e: File exists
backing up 'oblix/tools/configureAccessGate/configureAccessGate.exe' C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/tools/migration_tools: F ile exists
backing up 'oblix/tools/migration_tools/obmigratefiles.exe'
backing up 'oblix/tools/migration_tools/obmigratenp.exe'
backing up 'oblix/tools/migration_tools/obpdiff.exe' C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/include: File exists
backing up 'include/obaccess_api_c.h'
backing up 'include/obaccess_api_mgd.h' C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix: File exists C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/config: File exists backing up 'oblix/config/np1014_sdk.txt'
C:\NetPoint\AccessServerSDK/oblix/config/np1014_sdk.txt: Permission denied C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/lib: File exists
backing up 'oblix/lib/access_api_mgd.lib'
backing up 'oblix/lib/access_flush.dll'
backing up 'oblix/lib/jobaccess.jar'
backing up 'oblix/lib/obaccess.dll'
backing up 'oblix/lib/obaccess.lib'
backing up 'oblix/lib/obaccess_api_mgd.dll'
backing up 'oblix/lib/obnlsrtl.dll'
backing up 'oblix/lib/obxmlengine.dll' C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/tools: File exists C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/tools/configureAccessGat e: File exists
backing up 'oblix/tools/configureAccessGate/configureAccessGate.exe'
C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/tools/migration_tools: F ile exists
backing up 'oblix/tools/migration_tools/obmigratefiles.exe'
backing up 'oblix/tools/migration_tools/obmigratenp.exe'
backing up 'oblix/tools/migration_tools/obpdiff.exe' C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/include: File exists
backing up 'include/obaccess_api_c.h'
backing up 'include/obaccess_api_mgd.h' C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix: File exists C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/config: File exists
backing up 'oblix/config/np1014_sdk.txt'
C:\NetPoint\AccessServerSDK/oblix/config/np1014_sdk.txt: Permission denied C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/lib: File exists
backing up 'oblix/lib/access_api_mgd.lib'
backing up 'oblix/lib/access_flush.dll'
backing up 'oblix/lib/jobaccess.jar'
backing up 'oblix/lib/obaccess.dll'
backing up 'oblix/lib/obaccess.lib'
backing up 'oblix/lib/obaccess_api_mgd.dll'
backing up 'oblix/lib/obnlsrtl.dll'
backing up 'oblix/lib/obxmlengine.dll' C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/tools: File exists C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/tools/configureAccessGat e: File exists
backing up 'oblix/tools/configureAccessGate/configureAccessGate.exe' C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-binary_parameter/oblix/tools/migration_tools: F
ile exists
backing up 'oblix/tools/migration_tools/obmigratefiles.exe'
backing up 'oblix/tools/migration_tools/obmigratenp.exe'
backing up 'oblix/tools/migration_tools/obpdiff.exe'
Copying files from 'C:\NetPoint\AccessServerSDK/unload-Oracle-10143013-IP09BP13-IP09-2564' to 'C:\Ne tPoint\AccessServerSDK'.
Copy command using is: 'xcopy /S /Y /R /K /F "C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP0 9BP13-IP09-2564" "C:\NetPoint\AccessServerSDK"'. C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\include\obaccess_api_c.h -> C: \NetPoint\AccessServerSDK\include\obaccess_api_c.h C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\include\obaccess_api_mgd.h -> C:\NetPoint\AccessServerSDK\include\obaccess_api_mgd.h C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\config\np1014_sdk.txt ->
C:\NetPoint\AccessServerSDK\oblix\config\np1014_sdk.txt C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\lib\access_api_mgd.lib - > C:\NetPoint\AccessServerSDK\oblix\lib\access_api_mgd.lib C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\lib\access_flush.dll -> C:\NetPoint\AccessServerSDK\oblix\lib\access_flush.dll C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\lib\jobaccess.jar -> C:\ NetPoint\AccessServerSDK\oblix\lib\jobaccess.jar C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\lib\obaccess.dll -> C:\N etPoint\AccessServerSDK\oblix\lib\obaccess.dll C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\lib\obaccess.lib -> C:\N etPoint\AccessServerSDK\oblix\lib\obaccess.lib C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\lib\obaccess_api_mgd.dll
-> C:\NetPoint\AccessServerSDK\oblix\lib\obaccess_api_mgd.dll C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\lib\obnlsrtl.dll -> C:\N etPoint\AccessServerSDK\oblix\lib\obnlsrtl.dll C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\lib\obxmlengine.dll -> C :\NetPoint\AccessServerSDK\oblix\lib\obxmlengine.dll C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\tools\configureAccessGat e\configureAccessGate.exe -> C:\NetPoint\AccessServerSDK\oblix\tools\configureAccessGate\configureAc cessGate.exe C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\tools\migration_tools\ob migratefiles.exe -> C:\NetPoint\AccessServerSDK\oblix\tools\migration_tools\obmigratefiles.exe C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\tools\migration_tools\ob migratenp.exe -> C:\NetPoint\AccessServerSDK\oblix\tools\migration_tools\obmigratenp.exe C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2564\oblix\tools\migration_tools\ob pdiff.exe -> C:\NetPoint\AccessServerSDK\oblix\tools\migration_tools\obpdiff.exe
15 File(s) copied
Error: could not execute the tool 'C:\NetPoint\AccessServerSDK\oblix\tools\migration_tools\obmigrate paramsg.exe' successfully
Starting default Language message patch process ...
--- Oracle Access Manager System install ---
Upgrading Access Server SDK from release 10.1.4.3.0 BP 10 to release 10.1.4.3.0.13-IP09 BP 13-IP09. Unloading files to C:\NetPoint\AccessServerSDK/unload-Oracle-10143013-IP09BP13-IP09-2668. unloading 'oblix/lib/jobaccess.jar'
Backing up old files to C:\NetPoint\AccessServerSDK/backup-Oracle-101430BP10-message_en-us. backing up 'oblix/lib/jobaccess.jar'
backing up 'oblix/lib/jobaccess.jar'
backing up 'oblix/lib/jobaccess.jar'
backing up 'oblix/lib/jobaccess.jar'
Copying files from 'C:\NetPoint\AccessServerSDK/unload-Oracle-10143013-IP09BP13-IP09-2668' to 'C:\Ne tPoint\AccessServerSDK'.
Copy command using is: 'xcopy /S /Y /R /K /F "C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP0 9BP13-IP09-2668" "C:\NetPoint\AccessServerSDK"'. C:\NetPoint\AccessServerSDK\unload-Oracle-10143013-IP09BP13-IP09-2668\oblix\lib\jobaccess.jar -> C:\ NetPoint\AccessServerSDK\oblix\lib\jobaccess.jar
1 File(s) copied
Error: could not execute the tool 'C:\NetPoint\AccessServerSDK\oblix\tools\migration_tools\obmigrate paramsg.exe' successfully
Patch complete
Successfully applied default Language message patch!
Patch complete
Note: Ignore the highlighted warning in the patch update log.


  • Check Installed windows updates from control panel

  • Make sure Visual C++ redistributable packs for 2005, 2008 64-bit is installed. 


  • Sample Application code Access_API_Test.cs 


using System;
using System.Reflection;
using System.Collections; 
using Oblix.Access.Server; 
using Oblix.Access.Common; 
class Access_API_Test 
{
public static void Main(string[] args) 
Console.WriteLine("Initialize the configuration directory!");
String resourceString = "//pokuri.demo.com:7777/"; Console.WriteLine("Initialize the configuration directory!"); 
try 
{
String config = "C:/NetPoint/AccessServerSDK";
ObConfigMgd.initialize(config);
catch (ObAccessExceptionMgd ex) 
{
Console.WriteLine("Initialization Exception caught: " + ex.String); 
}
ObDictionary parameters = new ObDictionary();
ObResourceRequestMgd resource = new ObResourceRequestMgd("http",resourceString,"GET",parameters); 
if ( resource.IsProtected == true ) 
{
Console.WriteLine("Resource " + resourceString + " is protected ..." ); 
try 
{
ObAuthenticationSchemeMgd authnScheme = new ObAuthenticationSchemeMgd(resource);
if ( authnScheme.IsForm ) 
{
Console.WriteLine("Authentication is basic" );
ObDictionary credentials = new ObDictionary(); credentials.Add("userid","user.1"); credentials.Add("password","Abcd123");
ObUserSessionMgd user = new ObUserSessionMgd(resource,credentials); ObUserStatusMgd status = user.Status;
if ( !status.IsLoggedIn ) 
{
Console.WriteLine("User is not logged in"); 
}
user.Location = "127.0.0.1";
Console.WriteLine("User: " + user.UserIdentity + " is logged in..."); Console.WriteLine("User location is: " + user.Location);
if ( user.IsAuthorized(resource) ) 
{
Console.WriteLine("User is authorized"); 
else 
{
Console.WriteLine("User is not authorized"); }
else 
{
Console.WriteLine("Authentication is not basic" );
}
catch (ObAccessExceptionMgd ex) 
{
Console.WriteLine("Access Exception caught: " + ex.String);
}
else 
{
Console.WriteLine("Resource is NOT protected ... " );
}

}

  • Environment Variables:
    set CLASSPATH=%CLASSPATH%;.;C:\NetPoint\AccessServerSDK\oblix\lib set PATH=%PATH%;.;C:\NetPoint\AccessServerSDK\oblix\lib
    set OBACCESS_INSTALL_DIR=C:\AccessSDK64\NetPoint\AccessServerSDK 
  • Add obaccess_api_mgd.dll in Global Cache. Use below command.
    C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\NETFX 4.0 Tools\x64>gacutil.exe –l
    C:\NetPoint\AccessServerSDK\oblix\lib\obaccess_api_mgd.dll
    Note: If gacutil.exe is not available in any of the folder, download and install Dot Net SDK for 64 –bit OS
  • Compile the C# code using below command. “access_api_test.exe” file will be generated
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe           /reference:C:\NetPoint\AccessServerSDK\oblix\lib\obaccess_api_mgd.dll /out:C:\NetPoint\access_api_test.exe C:\NetPoint\access_api_test.cs


  • Run the code C:\NetPoint>access_api_test.exe

 If every thing is good code should run and check if user is authenticated & authorized for protected URL.


Useful Link & Commands
  • http://oracle.developer-works.com/article/4628709/OAM+Access+SDK
  • http://msdn.microsoft.com/en-us/library/ms379563(v=vs.80).aspx
  • http://docs.oracle.com/cd/E11857_01/em.111/e18155/mgmt_console/policy_templates/configuring_orac
    le_amclient_machines.htm
  • Trace Error commands
    C:\Windows\System32>sxstrace.exe Parse -logFile:C:\Test.log -outfile:C:\test2.txt
    C:\Windows\System32>sxstrace.exe Trace -logFile:C:\Test.log
  • How to: View the Contents of the Global Assembly Cache
    C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\NETFX 4.0 Tools\x64>gacutil.exe -l 

Hope this will be useful to some one out there.

 -- Siva Pokuri.

Posted by No comments:
Labels: , , , , , , , ,

Saturday, January 16, 2016

Nice post on protecting and accessing resources with OAuth in Oracle Access Manager (OAM 11g)

Posted by No comments:
Labels: , , , , , , , ,

Saturday, October 24, 2015

Fix: OAM 11g R2 PS2 (11.1.2.2.0) Keystore tampered error

Issue:

OAM 11g R2 PS2 (11.1.2.2.0) throwing the following error:

[oam_server1] [ERROR] [] [Coherence] [tid: Logger@1725259747 3.7.1.1] [userId: ] [ecid: 0000Kcfv^DM7ECK6yVuXMG1KXY0q000002,0] [APP: oam_server#11.1.2.0.0] 2015-10-12 03:08:58.358/302741.698 Oracle Coherence GE 3.7.1.1 (thread=Configuration Store Observer, member=n/a): Error while starting cluster: (Wrapped) java.io.IOException: Keystore was tampered with, or password was incorrect.

- Restarting the Oracle Access Manager (OAM) Server fails with the same error.

Reason:

The ".cohstore.jks" keystore file is corrupt and must be restored from backup.

If the password in the ".cohstore.jks" keystore file is corrupt, even though you may be able to get the password using a WLST command, it needs to be restored from backup.

Solution:

1) Start the AdminServer.
2) Connect to the Enterprise Manager.
3) Locate the Domain in the left navigation panel.
4) Right click and select Security -> Credentials.
5) Delete the credential Map key pair (OAM_STORE, coh).
6) Restart the AdminServer. This will re-create the Coherence Bootstrap artifact and reset the required password.

-- Siva Pokuri.
Posted by No comments:
Labels: , , , ,

Friday, September 25, 2015

How to integrate OBIEE with OAM

OBIEE Integration with Oracle Access Manager

Demo:

Quick Demo is HERE

Prerequisites

1. Install and Configure Oracle Access Manager. Steps here
2. Install and configure OBIEE. Steps here.
3. Install and configure LDAP. Steps here
4. Install Webserver/Webgate and register webgate with Oracle Access Manager. 

Integration Steps:

1. Configure reverse proxy for OBIEE applications. In my case I am using OHS as proxy server and i have OHS webgate on top of it. 

   
2. Create required OBIEE Groups in LDAP.


3. Login to Weblogic admin console and navigate to Security realm > my realm > providers.
    Create two new providers (LDAP provider and OAM Asserter) as per the below screen shot 









4. Reorder the providers as per the below screen shot. and Restart weblogic Admin server and Managed servers.


5. Login to the http://<hostname>:<port>/em. 
6. Navigate to Weblogic domain> bifoundation_domain> Security> Security provider configuration.
7. Scroll down to Single sign on provider and click on Configure.
8. Configure as per below screen shot.


9. Login to http://<hostname>:<port>/analytics.
10. Navigate to Administration> Manage BI Publisher> Security Configuration.
11. In Authentication section do the changes as per the below screen shot.


12. Login to http://<hostname>:<port>/em
13. Click on coreapplication under Business Inteligence.
14. Perform the changes as per the below screen shot. and click on Apply and click on Activate changes.


15. Login to workspace http://<hostname>:<port>/workspace.
16. Go to Navigate> Administer> Workspace Settings> Server Settings.
17. Modify Log off URL and select Yes in Enable Single Sign on as per the below screen shot.


18. Restart Weblogic Admin server and Managed Servers.
19. Now try to access the application with proxy URL. User will get OAM login page for Authentication.

http://dev.kiran.com:7777/analytics









Hope this is helpful. 

Thanks
Kiran Pokuri
Posted by 4 comments:
Labels: , , , , , , ,

Tuesday, July 7, 2015

OAM 11GR2PS3 SAML 2.0 Integration with Dropbox

OAM 11GR2PS3 SAML 2.0 Integration with Dropbox



  • Login to the Dropbox with Admin Account. 
  • Click on Admin Console in left side panel.

  • Create users in members as below screen shot.

  • Click on authentication link and enable SSO settings.

  • Dropbox will only accept .pem file as certificates. Create signing certificate as .pem file and load in Drop box SSO settings.
  • Create New partner in Federation and give Provider ID and Assertion Consumer URL as "https://www.dropbox.com/saml_login"



  • Access the Dropbox with below URL "http://<oam_host>:<oam_port>/oamfed/idp/initiatesso?providerid=Dropbox"

  • Provide ID and Password in OAM login page. 

  • Click on continue.

  • Dropbox Home page.


Kiran Pokuri

Posted by No comments:
Labels: , , , ,

Friday, June 12, 2015

OAAM policy risk evaluation in OAM policies(OAM 11g Identity Context)

OAAM policy risk evaluation in OAM policies

Demo Video: https://youtu.be/NOAW2JE0km8

Steps

Login to OAAM Admin Console


Search for DAP token version property and change to v2.1 


Update OAAM TAP Token version from v2.0 to v2.1 in oam-config.xml file. 

Note: Since I have integrated OAM + OAAM already I changed OAM DAP token version in oam-config.xml file from "v2.0" to "v2.1". Else you can provide version v2.1 directly while executing ThirdParty TAP registration command(while OAM + OAAM integration)








Create a group for to hold all the restricted IP Addresses as shown in the screen shot below.


Add IP Address to the group






Create new OAAM Policy as post authentication




Create rule and condition to determine if user login in from restricted IP Address or not.





Select IP Address Group created initially from the drop down 


Click on Results Tab and enter score as "1"



Click on "Group Linking" and select "All Users"




Login to OAM Admin Console and click on "Application Domain".


Select the "ohs_webgate". This is the OHS webgate I have already created and used OAAM TAP Authentication Schema to protect resource.


Click on "Authentication Policies"


Click on "Protected Resource Policy"


Click on "Responses"


Add response as shown in the screen shot below.

This "session_risk_level" is the session attribute that passes as part of DAP token from OAAM to OAM after policy evaluation created in the above steps. 




Click on "Authorization Policies"


Click on "Protected Resource Policy"


Click on "Conditions"


Click on "+" sign


Enter the condition details as shown in the screen shot below.




Add Condition Details as shown in the screen shot below.

This is the "session_risk_level" session attribute returned from OAAM and the attribute value that gets "1"




Click on "Rules" tab and add new rule in the "Deny Rule" list and click "Apply".



Now test the protected application from two different machines!!!

-- Siva Pokuri.

Posted by No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)