Friday, June 10, 2016

Highlights of OAM PS3 Integration with EBS 12.2 for Single Sign-On

Hello Readers

Here are some highlights of EBS 12.2 SSO integration with OAM 11gR2 PS3.

  1. Oracle Guide for this integration is 1576425.1
  2. EBS 12.2 is pre-packaged with Oracle WebLogic Server 10.3.6 and WebTier 11g. WebTier 11g is 11.1.1.9. 
  3. In EBS 12.2 OAM SSO integration, the need of separate WebLogic server for Access Gate and separate OHS for webgate setup has been eliminated.
  4. OAM PS3 OHS webgate needs OHS to be atleast 11.1.1.9. In case if WebTier in EBS environment is less than that version, upgrade it to 11.1.1.9 for SSO to work.
  5. OAM PS3 has be patched atleast BP03.
  6. EBS comes with 3 automation scripts for configuring required artifacts for this SSO integration.
    • This script installs webgate. 
    • txkrun.pl -script=SetOAMReg -installWebgate=yes -webgatestagedir=/u90/webgate
    • This script deploys AccessGate
    • perl $AD_TOP/patch/115/bin/adProvisionEBS.pl -ebscreate=oaea_resources -contextfile=$CONTEXT_FILE  -deployApps=accessgate -SSOServerURL=<<OAM_Managed_Server_URL>> -managedsrvname=oaea_server1  -managedsrvport=6803 -logfile=/tmp/deployeag.log
    • This script registers EBS with OAM and will also modify webgate for EBS logout URLs automatically
    • txkrun.pl -script=SetOAMReg -registeroam=yes
         7. Verify the WebGate is working first by testing http://<<ohs_host:port>>/index.html
         8.  Ensure that respective OAM Authorization policy is returning orclguid in responses. You can also test                  this by protecting cgi script in OHS directory.

Tuesday, May 31, 2016

Fix: OAM 11g Custom Authentication Plugin Activation Failed With Felix Bundle Exception

Error:

[2016-05-31T11:19:17.173-04:00] [oam_server1] [WARNING] [] [oracle.oam.extensibility.lifecycle] [tid: OAM Map Notification:MessageListenerWrapper] [userId: <anonymous>] [ecid: 0000LK7NL4x4epo5GVl3if1NJQ^h000004,1:24194] [APP: oam_server#11.1.2.0.0] Activation failed due to felix bundle exception while installing and starting the bundle.null[[
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at oracle.security.am.plugin.internal.OSGIPluginService.installAndStartBundle(OSGIPluginService.java:177)
        at oracle.security.am.extensibility.lifecycle.messaging.NodeMessageListener.installAndStartBundle(NodeMessageListener.java:66)
        at oracle.security.am.extensibility.lifecycle.messaging.NodeMessageListener.receiveMessage(NodeMessageListener.java:112)
        at oracle.security.am.extensibility.lifecycle.messaging.NodeMessageListener.receiveMessageList(NodeMessageListener.java:49)
        at oracle.security.am.extensibility.lifecycle.messaging.MessageListenerWrapper.objectCreated(MessageListenerWrapper.java:30)
        at oracle.security.am.foundation.mapimpl.coherence.events.MapListenerWrapper.notifyListener(MapListenerWrapper.java:174)
        at oracle.security.am.foundation.mapimpl.coherence.events.EventDispatcher.dispatch(EventDispatcher.java:132)
        at oracle.security.am.foundation.mapimpl.coherence.events.EventDispatcher.run(EventDispatcher.java:114)



Solution:

1. Deleted the entire "/tmp" folder in the Domain Home for BOTH OAM WLS Manage Server and Admin Servers
2. Restart the OAM Server.
3. Redeploy, distribute and activate plugins again.

-- Siva Pokuri.

Friday, May 6, 2016

Fix: Oracle Virtual Directory(OVD) not showing ismemberof attribute from Oracle Unified Directory(OUD)

Environment:

- Oracle Virtual Directory 11g(11.1.1.9.0)
- Oracle Unified Directory 11g R2 PS2
- OUD adapter configured in OVD

Issue:

Oracle Virtual Directory not showing groups membership of user in user profile

Solution:

- Open and login to OVD ODSM console
- Click on Adapters tab
- Select OUD adapter you already created
- Click on Plug-ins tab
- Click on "Create Plug-in" icon
- Click on "Select" button next to class field
- Select "VirtualMemberOfPlugin" from the list of plugin classes
- Assign some name to the plugin. Say "GroupAttributePlugin"
- Add all the accepted parameters for the plugin as mentioned below.
        
        1) searchBase - DN of the OUD groups (Example: ou=groups,dc=pokuri,dc=com)
        2) adapterName - OUD adapter name defined in OVD
        3) explicitrequestonly - accepts "true" or "false" (I did not see any difference with either value)
- Click on "Apply" to save the changes

Now, connect to OVD and search user with attribute "isMemberOf" using ldapsearch command.

Search Command:


./ldapsearch -h pokuri.demo.com -p 6501 -D "cn=orcladmin" -w Abcd1234 -b "DC=pokuri,DC=com" "(uid=spokuri)" ismemberof uid


OUTPUT

dn: cn=spokuri,ou=oud,dc=pokuri,dc=com
uid: spokuri
ismemberof: cn=Admins,ou=oud,dc=pokuri,dc=com

Hope this helps some one out there.

-- Siva Pokuri