OID 11g Integration with OAM (11.1.1.5) for Identity Store

In this post we will cover OAM 11.1.1.5 integration with OID as identity store. If you are on OAM 11.1.1.3 , please refer HERE for integration with OID.

Identity store refers to store containing enterprise users & group. Weblogic comes with an embedded ldap which is used  as identity store by fusion middleware components by default. You can configure external ldap servers like- OID, AD, Novell etc to be used as identity stores.

Things Good to know:-

1)  Till 11.1.1.3 , OAM  use to support only only 1 Identity Store at a time i.e though you can register multiple external ldap’s as identity stores but only one will be used as primary identity store & OAM will refer that identity store only.

2) OAM 11.1.1.5 can support multiple identity stores at same time.Out of these multiple identity stores, one is store is marked and used as “System Store” and either same or any other identity store will be marked as “default store”

System Store– Represents the identity store which will have groups or users that will act as “Administrators” to OAM i.e only members of this identity store group/user can perform admin functions via oamconsole.

Default Store– This will be the identity store that will be used at time of patching for migration purpose or  by Oracle security token service. More on OAM Security Token service coming soon….

3) You can mark any single identity store as both- system & default store. OR you can choose 2 different identity stores for this purpose. But there can be ONLY 1 system store & 1 default store.

For instance, lets say we have 5 identity stores registered with OAM (11.1.1.5) namely- OID1, OID2, AD1, AD2 and Novell1. Now we can pickup any of them ,like OID 2 to be our system store & AD1 to be default store. OR i can choose AD 2 to be both. Its not possible to have AD1 & OID 1 both as system stores.

By default- Embedded ldap is used as  the system as well as default store.

4)  In OAM 11.1.1.5 , the original IDMDomainAgent is not availble & remains as artifact. In place of it, IAMSuiteAgent is installed & pre-configured to povide signle sign on to  IDM administration console.

Steps to Integrate OID 11g with OAM 11.1.1.5

1. Create a groups “Administrators” in OIDunder dc=[your_domain], cn=groups using ODSM

2. Create a user oamadmin in OID under dc=[your_domain] , cn=users  (This user will then be used to connect to login to weblogic console) – Ensure that attribute userPassword is set for this user.

3. Add user oidadmin in OID to group “Administrators“. Use ODSM to create user/group in OID 11g. More on ODSM here

4. .Login to OAMconsole (http://hostname:adminport/oamconsole. Navigate to System Configuration tab –>Data Sources –> select User Identity Stores –> Click create from Actions  drop down on top.

2)  Create: User Identity store applet opens. Entervales as:-

Store Name– Name of Identity store (Tip:- Keep it something which can make you easy recall the ldap type/hostname it )

Store Type– select which type of LDAP is it. Options are- Embedded ldap,OID, AD,Novell , Iplanet & OVD.

Location– hostname and port of External ldpa in format- hotsname:port

Bind DN – OID’s Administrator account DN. like cn=orcladmin

UserName Attribute– Attribute which will be used for login

User & Group Search Base– Complete DN of OID Domain under which the users/groups will be searched

GroupName Attribute– default is cn

Test Connection , save & then close it.

3) This new identity store will now be availble under datastources. Again open it from datasources. You will see 2 options of either setting this store as “System store” or “Default Store“.

Check the system store box, it will prompt you to add group/user of this identity store which you want to act as administrator to oam.

Add “Administrators” group that we created in OID.

Click apply button,it will pop up with message as ” Manually Change Identity Store Settings at OPSS Level and configure the IDMDOmainAgent“, click OK

It will then prompt to ” Validate this Identity store against a user of that group in order to set this as “System Store” “. Enter name & password of user -e.g  oamadmin  that we created under OID .

Once validated it will show “Successfully Set as System Store

4) OAM uses OAMAdminConsole Autehntication Scehme for “System Store” which in turn calls the “LDAP Module”. This  Ldap modules have an “identity store” value which will be used as “system store”. Change this value to newly configured “system store”

Under System Configuration tab–> Authentication modules–> LDAP Authentication Module–> LDAP –>change indentity store to New System store value–>Save

5)  Logout from OAMConsole & now login as any user member of SystemStore. If you able to login successfully , configuration with OID done.

Reference Documentation:-

Oracle® Fusion Middleware Administrator’s Guide for Oracle Access Manager with Oracle Security Token Service
11g Release 1 (11.1.1) 

Share This Post with Your Friends over Social Media!

About the Author Neha Mittal

Leave a Comment:

30 comments
Matheus Soares says August 26, 2011

Very nice documentation. I was able to configure in seconds, and also understand differences between OAM 11.1.1.3 and OAM 11.1.1.5 in regards of Administrators.

Thank you.

Reply
Gupta says September 20, 2011

Hi All,

Really an excellent document to configure OID as user store for OAM 11.1.1.5.0.

I had a doubt that is it possible to set OVD as System store for OAM 11.1.1.5.0?

Thanks & Regards,
Gupta katakam.

Reply
Saurav Sharma says October 14, 2011

Hi All,

I have ODSEE 11g as my user store, can it be possible to integrate it with OAM 11.1.1.5.0. If so please let me know the integration details.

Regards,

Saurav Sharma

Reply
larry143 says March 9, 2012

Hi Neha,

Thanks for the blog. It is very informative.

I have OID (11.1.1.6.0) deployed on WebLogic Server (10.3.6). Can you please tell me how to integrate this OID+WebLogic with OAM 11.1.1.5.0?

Also, http://docs.oracle.com/cd/E23943_01/webcenter.1111/e12405/wcadm_security_sso.htm#CEGGCAJE link wants us to configure the Authenticator at OAM WebLogic to connect to OID. Is it necessary?

Thanks for your time

Regards,

Somerset

Reply
Atul Kumar says March 11, 2012

@larry143,
To integrate OID 11.1..16 with OAM 11.1.1.5 , steps remain same as mentioned above.

Steps mentioned in link mentioned by you are for SSO. If you wish to integrate this OAM with fusion middleware application for SSO then yes OID as authenticator is required.

Note: Just for OID/OAM integration OID authenticator in weblogic is NOT required.

Reply
larry143 says March 14, 2012

Hi Atul,

Thank you.

I just found out that Customer wants to use Oracle Portal 11g (NOT Oracle WebLogic Portal 11g).

I guess the architecture of http://docs.oracle.com/cd/E23943_01/webcenter.1111/e12405/wcadm_security_sso.htm#CEGGCAJE is applicable for Oracle Portal which is deployed on WebLogic too.

Meaning I still need to configure the OID Authenticators at the WebLogic Server Domain which hosts Oracle Portal Application. Please correct me if I am wrong.

I understand the OAM and OID integration part of it. Thanks for that thread.

Regards,

Somerset

Reply
satish says March 16, 2012

Hi Autul,

i am following your document EBS Integration with OID-OAM,
i am in step Create OAM Administrator user and Group in OID

1) Created oadmadin user in OID
2) Created OAMadmin in OID
3) Added user oamadmin to group OAMAdmin

Then i completed this step Configure OID as identity Store in OAM

I am stuck up this step Test that you can login to oamconsole using oamadmin user

i am trying to login as oadmin admin user(getting invalid username/password), its not letting me login and i am not able to login as weblogic user, i am getting Access Denied, please suggest me how to proceed next step.

Reply
satish says March 16, 2012

Hi Atul,

i am following your document EBS Integration with OID-OAM,
i am in step Create OAM Administrator user and Group in OID

1) Created oadmadin user in OID
2) Created OAMadmin in OID
3) Added user oamadmin to group OAMAdmin

Then i completed this step Configure OID as identity Store in OAM

I am stuck up this step Test that you can login to oamconsole using oamadmin user

i am trying to login as oadmin admin user(getting invalid username/password), its not letting me login and i am not able to login as weblogic user, i am getting Access Denied, please suggest me how to proceed next step.

Reply
Neha Mittal says March 17, 2012

@Satish

What error messages due you get in admin server logfile- $DOMAIN_HOME/servers/Adminserver/logs

Ensure you see as primary identity store under $DOMAIN_HOME/config/fmwconfig/oam-config.xml

Do an ldapbind from $ORACLE_OID_HOME/bin to ensure credentials used for oamadmin are correct.

Thanks
Neha Mittal

Reply
satish says March 19, 2012

Hi Neha,

here is error message.

here is error message,when i tried to login as weblogic in OAM .

#### <

java.lang.IllegalStateException: The expression “#{bindings.region2.regionModel}” (that was specified for the RegionModel “value” attribute of the region component with id “region2”) evaluated to null.

This is typically due to an error in the configuration of the objects referenced by this expression.

If it helps, the expression “#{bindings.region2}” evaluates to “null”.

If it helps, the expression “#{bindings}” evaluates to “null”. Now using an empty RegionModel instead.

at oracle.adf.view.rich.component.fragment.UIXRegion.getRegionModel(UIXRegion.java:450)

at oracle.adfinternal.view.faces.taglib.region.RegionTag.doStartTag(RegionTag.java:109)

at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:50)

at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)

at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)

at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)

at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)

at oracle.jsp.runtime.tree.OracleJspNode.execute(OracleJspNode.java:89)

at oracle.jsp.runtimev2.ShortCutServlet._jspService(ShortCutServlet.java:89)

at oracle.jsp.runtime.OracleJspBase.service(OracleJspBase.java:29)

at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:422)

at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:802)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:726)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

here is error message when i tried to login as oamadmin user

#### <>

#### <>

#### <>

#### <>

#### <>

#### <>

####

####

#### <>

#### <>

Reply
satish says March 19, 2012

here is error message when i tried to login as oamadmin user

<>
<>

<>

<>

<>

<>

<>

<>

weblogic user error

#### <
java.lang.IllegalStateException: The expression “#{bindings.region3.regionModel}” (that was specified for the RegionModel “value” attribute of the region component with id “region3”) evaluated to null.
This is typically due to an error in the configuration of the objects referenced by this expression.
If it helps, the expression “#{bindings.region3}” evaluates to “null”.
If it helps, the expression “#{bindings}” evaluates to “null”. Now using an empty RegionModel instead.
at oracle.adf.view.rich.component.fragment.UIXRegion.getRegionModel(UIXRegion.java:450)
at oracle.adf.view.rich.component.fragment.UIXRegion._beginInterruptibleRegion(UIXRegion.java:682)
at oracle.adf.view.rich.component.fragment.UIXRegion.processRegion(UIXRegion.java:498)
at oracle.adfinternal.view.faces.taglib.region.RegionTag.doStartTag(RegionTag.java:127)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:50)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspNode.execute(OracleJspNode.java:89)
at oracle.jsp.runtimev2.ShortCutServlet._jspService(ShortCutServlet.java:89)
at oracle.jsp.runtime.OracleJspBase.service(OracleJspBase.java:29)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:422)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:802)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:726)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:523)
at weblogic.servlet.internal.RequestDispatcherImpl.include(RequestDispatcherImpl.java:444)
at weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:163)
at weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:184)
at oracle.jsp.runtime.tree.OracleJspIncludeNode.execute(OracleJspIncludeNode.java:47)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)

Reply
satish says March 19, 2012

here is oamadmin user error log.

Mar 20, 2012 9:48:50 AM IST> <> <> <> <> <> <> <> <> <Authentication Failure for user : oamadmin.

Reply
satish says March 19, 2012

some reason i am not able to post error log,again i am posting error msg

Mar 20, 2012 9:48:50 AM IST. .Notice. .Server. .oam.mbpert.com. .oam_server1. .[ACTIVE] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’. ..WLS Kernel.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-000000000000000e. .1332217130580. .BEA-002613. .Channel “Default” is now listening on 10.172.20.248:14100 for protocols iiop, t3, ldap, snmp, http.
Mar 20, 2012 9:48:50 AM IST. .Notice. .WebLogicServer. .oam.mbpert.com. .oam_server1. .[ACTIVE] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’. ..WLS Kernel.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-000000000000000e. .1332217130608. .BEA-000332. .Started WebLogic Managed Server “oam_server1” for domain “OAMDomain” running in Development Mode

Mar 20, 2012 9:48:52 AM IST. .Notice. .WebLogicServer. .oam.mbpert.com. .oam_server1. .Main Thread. ..WLS Kernel.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-000000000000000b. .1332217132716. .BEA-000365. .Server state changed to RUNNING
Mar 20, 2012 9:48:52 AM IST. .Notice. .WebLogicServer. .oam.mbpert.com. .oam_server1. .Main Thread. ..WLS Kernel.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-000000000000000b. .1332217132741. .BEA-000360. .Server started in RUNNING mode

Mar 20, 2012 9:49:28 AM IST. .Warning. .Default. .oam.mbpert.com. .AdminServer. .PoolWatcher. ..anonymous.. .. .d5cf3ce3b195ec27:-26249f06:1361a9f548e:-8000-0000000000000388. .1332217168255. .BEA-000000. .PoolLogger:PoolWatcher : Pool is not available but it still contains objects, these will be removed

Mar 20, 2012 9:51:50 AM IST. .Error. .oracle.oam.proxy.oam. .oam.mbpert.com. .oam_server1. .[ACTIVE] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’. ..anonymous.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-0000000000000014. .1332217310019. .BEA-000000. .Session invalid as returned by PBL_check_valid_session_response responseEvent fail

Mar 20, 2012 9:51:50 AM IST. .Warning. .oracle.oam.agent-default. .oam.mbpert.com. .AdminServer. .[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’. .weblogic. .. .d5cf3ce3b195ec27:-26249f06:1361a9f548e:-8000-0000000000000bc8. .1332217310053. .BEA-000000. .OAM Server request failed: OpCode = 19 [GetSessionInfo], Returned Status = Major code: 71(SessionInvalid) Minor code: 2(NoCode)

Mar 20, 2012 9:51:50 AM IST. .Warning. .oracle.oam.agent-default. .oam.mbpert.com. .AdminServer. .[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’. .weblogic. .. .d5cf3ce3b195ec27:-26249f06:1361a9f548e:-8000-0000000000000bc8. .1332217310098. .OAMAGENT-00406. .Invalid authentication token: INVALID

Mar 20, 2012 9:52:06 AM IST. .Error. .oracle.oam.user.identity.provider. .oam.mbpert.com. .oam_server1. .[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’. ..anonymous.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-000000000000001f. .1332217326760. .OAMSSA-20023. .Authentication Failure for user : oamadmin.

Mar 20, 2012 9:52:13 AM IST. .Error. .oracle.oam.user.identity.provider. .oam.mbpert.com. .oam_server1. .[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’. ..anonymous.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-0000000000000021. .1332217333943. .OAMSSA-20023. .Authentication Failure for user : oamadmin.

Reply
» OAM 11g integration with Microsoft Windows Active Directory (WNA, IWA, Kerberos) for Zero Sign-On Online Apps DBA: One Stop Shop for Apps DBA’s says May 1, 2012

[…] Keberos Plug-In (This plug-in uses Identity store defined as default. Make sure AD is defined as default Identity Store in OAM 11g […]

Reply
» How to read session Ids of a user from OAM 11g Online Apps DBA: One Stop Shop for Apps DBA’s says May 4, 2012

[…] We are using Embedded Weblogic as System and default store. The concepts of these stores are well explained in this post. […]

Reply
» Double prompt login to OAM 11g Admin Console Online Apps DBA: One Stop Shop for Apps DBA’s says July 17, 2012

[…] Double prompt login to OAM 11g Admin Console Posted in July 17th, 2012 byMahendra in idm, oam, troubleshooting, weblogic  Print This Post I have OAM 11g setup in my environment and I have created 2 users in OID and assigned to Administrators group. I have configured OID as system store by specifying two users such as oamadmin and mahendra + a group Administrators (to have login access to OAM Admin console). In fact I followed this post. […]

Reply
sunil says July 26, 2012

What does this mean?
Manually Change Identity Store Settings at OPSS Level and configure the IDMDOmainAgent.

on mine says that to make it functional you need to manually change Identity Store Settings at OPSS Level and configure the IDMDOmainAgent.

Reply
    Atul Kumar says July 31, 2012

    @ Sunil,
    This could be because of different patchset like 11.1.1.5.0 or 11.1.1.5.1 or 11.1.1.5.2

    Reply
Anand says September 7, 2012

HI,

I can’t see the artifacts under policy configuration tab in OAM11GR2 admin console.
Error:Policy store not available.

Reply
» OIM-OAM-OAAM integration using TAP – Request Flow you must understand !! Online Apps DBA: One Stop Shop for Apps DBA’s says September 21, 2012

[…] h) OAM makes a ldap call to OID (identity store configured with OAM). More on OAM identity store configuration (steps mentioned here are manual integration) here and here […]

Reply
» How to identify which LDAP (OID/AD/OVD) server OAM 11g connects to and as what user ? Online Apps DBA: One Stop Shop for Apps DBA’s says September 27, 2012

[…] to external LDAP store like OID/OVD/AD using step for 11.1.1.3 click here and for 11.1.1.5 click here . You can also integrate OAM with LDAP store using idmConfigTool.sh -configOAM more […]

Reply
ankumar1974 says October 5, 2012

Hi,

4) OAM uses OAMAdminConsole Autehntication Scehme for “System Store” which in turn calls the “LDAP Module”. This Ldap modules have an “identity store” value which will be used as “system store”. Change this value to newly configured “system store”

Under System Configuration tab–> Authentication modules–> LDAP Authentication Module–> LDAP –>change indentity store to New System store value–>Save

Please let me know how we can do the above step using wlst script or shell script.

Thanks
ankumar

Reply
ankumar1974 says October 6, 2012

Hi Neha,

Any idea on my above query?

Thanks
ankumar

Reply
Neha Mittal says October 6, 2012

@Ankumar

There are custom wlst commands which you can use to register identity store or modify them but as far as i know wlst dont offer a command to change value of Authentication Module.

For full list of OAM custom wlst commands please check Appendix F of OAM Administration Guide.

Thanks
Neha

Reply
Narasimha says October 12, 2012

Hi,

We integrated OAM with OID, We are able to login into OAM with OID users who are attched to Administrator group.In our environment OAM intergrated with EBS so users created in EBS are refelecting to OID and those are not assigned to Administrator group so SSO authentication is not happening, Any idea please for this

Thanks in advance,

Regards,
Narasimha

Reply
Neha Mittal says October 12, 2012

@Narasinha

EBS users who are not part of OAM Administrators group doesn’t have any link with SSO authentication failure.
A user who is part OAM Administrators group only have admin rights to access oamconsole and do admin actions on OAM.

For SSO authentication not happening, please check authentication policies, authentication scheme, authentication module define correctly.
Check OAM/OID log files.

Please provide more details on error you getting.

Thanks
Neha

Reply
Narasimha says October 12, 2012

Hi Neha,

Thanks for reply,
In our environment EBS,OBIEE,Liferay(front end application) integrated with OAM 11g. EBS in synchronization with OID so whenever user created in EBS reflecting to OID.Login into EBS through Accegate is working fine but login into frontend application via OAM is not working.If we assaign the user to Administrator group then sso login is happening successfully.
It showing the below error :

Access Denied …

Access to administration console is restricted.
Any idea ?

Thanks,
Narasimha

Reply
Girish says November 2, 2012

Hi All,

I am using OIM and OAM 11.1.1.5. I need to integrate OIM and OIM. I dont have OID 11.1.1.5. Is that possible to integrate OAM 11.1.1.5 and OID 11.1.1.5. If it is possible suggest me any document related to this.

Thank you

Reply
Gopi says November 29, 2012

Hi Neha,
I am using OAM 11gR2 and I want to use the Security Token Service(STS) facility provided by oracle. I don’t have any idea of how to establish security token service between two web service partners. If you provide some good documentations for implementing Oracle security token service, that helps me.

Thanks
Gopi

Reply
jean-marc says December 18, 2012

Hi,

Nice quick step by step for changing id store to OID in 11.1.1.5.
One thing is not clear reading here & Oracle OAM doc is whether your apps users & groups should be in system store or the default store ?

My first impression is that good practic would be to set the embedded ldap as system store & the OID (where apps users & groups are kept) as the default store.

What’s your opinion ?

Thanks.

Reply
Add Your Reply

[index]
[index]
[523.251,1046.50]
[523.251,1046.50]
[523.251,1046.50]
[523.251,1046.50]
[i]
[i]
[index]
[index]
[523.251,1046.50]
[523.251,1046.50]
[523.251,1046.50]
[523.251,1046.50]
[index]
[index]
[523.251,1046.50]
[523.251,1046.50]
[523.251,1046.50]
[523.251,1046.50]