This post covers location of configuration details in OIM (Oracle Identity Manager) related to OAM (Oracle Access Manager).

I was debugging account unlock issue in OAM (integrated with OIM) where error message in OIM output file ($DOMAIN_HOME/ servers/ oim_server1/ logs/) was
_______

<Oct 18, 2011 6:54:52 AM CST> <Error> <Default> <BEA-000000> <Failed to communicate with any of configured Access Server, ensure that it is up and running.>
<Oct 18, 2011 6:54:52 AM CST> <Error> <OAM Autologin Logger> <BEA-000000> <Error while authentication java.lang.Exception: Failed to communicate with any of configured Access Server, ensure that it is up and running.>
<Oct 18, 2011 6:54:52 AM CST> <Error> <oracle.iam.passwordmgmt.impl> <BEA-000000> <INTERNAL ERROR: Autologin failed oracle.iam.sso.exception. AutoLoginException: Error while authentication >
javax.security.auth. login.LoginException: Error while autologin oracle.iam.sso. exception.AutoLoginException: Error while authentication
at oracle.iam.passwordmgmt.utils.
PwdMgmtAutologinHelper.
doAutologin(PwdMgmtAutologinHelper.java:137)
_______

This problem made me think, Where is OAM server details stored in OIM and at what stage?

If you check my post on IdmConfigtool here , OIM configuration is updated with OAM details during configOIM option

OIM stores OAM details in MDS (database) under /db/oim-config.xml. You can export this file from MDS to file system using steps mentioned here

After exporting oim-config.xml from MDS entry search for ssoConfig , you should see entry like

<ssoConfig>
<version>@oamVersion</version>
<accessServerHost>innowave12.com</accessServerHost>
<accessServerPort>5575</accessServerPort>
<accessGateID>Webgate_IDM</accessGateID>
<napVersion>3</napVersion>
<cookieDomain>.com</cookieDomain>
<cookieExpiryInterval>120</cookieExpiryInterval>
<transferMode>OPEN</transferMode>
<webgateType>ohsWebgate10g</webgateType>
<ssoEnabled>true</ssoEnabled>
</ssoConfig>

You can also view this information from MBean Browser in FMW Enterprise Manager (/em)

EM -> Identity and Access -> OIM -> oim(11.1.1.3.0) right click -> System MBean Browser

Application Defined MBeans -> oracle.iam -> Application:oim -> XMLConfig -> Config -> XMLConfig.SSOConfig -> SSOConfig

.

OAM Access Server (OAM Proxy-port) can listen in one of three modes – OPEN, SIMPLE, CERT .

If OAM server is running in SIMPLE or CERT mode then OIM should also store trustkeystore (JKS) password and Global Passphrase password. For steps to create keystore click here  (oamclient-truststore.jks and ssoKeystore.jks must be copied to $DOMAIN_HOME/config/fmwconfig)
.

WebGate Instance (configured for OIM) can also be protected by setting password. If password is set for WebGate instance (protecting OIM) then this password must also be stored in OIM.

Note: Truststore, global passphrase and webgate password (if set) are stored in Credential Store of Weblogic Domain on which OIM is deployed.

You can query credential store via WLST (WebLogic Scripting Tool) or Enterprise Manager

EM -> Weblogic Domain -> <domain_name> (right click) -> Security -> Credentials -> expand oim

Note: All these credentials and config (in config-oim.xml) are created automatically (depending on OAM Mode and webgate password) using idmConfigTool with option configOIM

Previous in series Next in series

Related Posts for Identity Manager


  1. Oracle Identity Manager (User Provisioning – Thor)
  2. Installing Oracle Identity Manager (Thor Xellerate)
  3. Oracle Identity Manager 9.1 released
  4. Oracle Identity Manager (Thor Xellerate) Architecture
  5. Resource, Reconciliation, Provisioning and Connector in Oracle Identity Manager #OIM
  6. Oracle Identity Manager (OIM) Connector for Oracle Internet Directory (OID) : Architecture and Overview
  7. Step by Step Installation of OIM Design Console 9.1.0
  8. Error while running PurgeCache in OIM 11g : LoginException unable to find LoginModule class : WebLogic Full Clinet
  9. Integrate OIM 11g with OID using connector for Provisioning / Reconcilliation – Installation
  10. PurgeCache in OIM 11g : CategoryName
  11. OIM LDAP Sync : Overview and Key Points
  12. OIM 11g : How to export/import/delete Files from MDS
  13. Where are OAM details stored in OIM (account unlock, password reset)
  14. libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)
  15. Error Starting OIM Design Console (xlclient.sh) on Linux java.lang. NoClassDefFoundError
  16. OIM 11g Challenge Questions (PCQ) for forgot password
  17. Oracle EBS Integration with OIM (Identity Manager) : Things you should know
  18. Users not synced from OID to OIM : Debug Scheduled Job
  19. OIM Connector for Microsoft : AD, Exchange, Windows, Password Management
  20. Connector Server for OIM connectors : .NET or JAVA
  21. OIM 11g Challenge Questions – Everything you must know
  22. OIM 11g How to add Challenge Questions
  23. OIM : Assign AD resource : An error occurred because the Adapters are not compiled : How to compile adapters in OIM
  24. OIM User Creation : An Error occurred while performing create user operation. Unable to get LDAP connection
  25. OIM – AD integration : Active Directory Group Lookup Recon failed with error Remote Framework Key is invalid
  26. Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) Password Synchronization: Things you must know : Part I
  27. Provision resource “Microsoft Exchange” to user in OIM : Status remains in Provisioning : Part I
  28. Target Resource (or Managed Resource) vs Trusted Source (or Authoritative Source) Mode : OIM integration with applications (AD, OID, OVD, EBS, SAP, HR, LDAP)
  29. 500 Internal server accessing OIM application : com.bea. security.MicroSM. getInstance oracle.iam. platform. authz.impl
  30. Your account is locked. You can unlock your account by going to Forgot Password
  31. OIM 11g : How to find User and Manager details : USR table
  32. OIM 11g : User Detail/Attribute (Description) not visible in OIM User screen : EBS / OID / OIM integration
  33. OIM 11g: The add proxy operation for user XXXXX failed with following error oracle. bpel. services. workflow. client. workflowservieclientException javax.xml.ws.WebServiceException could not determine wsdl ports
  34. Oracle Identity Manager BP07 for 11gR1 PS1 11.1.1.5.7 (16097399) is now available – (Part of Identity Management SUite BP03 16209876)
  35. OIM 11g : SQL to List User’s Manager
  36. OIM integrated with OAM (SSO) showing OIM login screen : User Soft Locked