We are extensively using OAM 11g API in our project out of which there is a requirement to set session attributes for a OAM user session.
Session attributes is a concept newly introduced in OAM 11g (not there in 10g). So once OAM session is created we can retrieve the session Ids by using the API method getSessionIds of UserSession class (package is oracle.security.am.asdk). This class is available in oamasdk-api-11.1.1.5.0.jar.
We are using Embedded Weblogic as System and default store. The concepts of these stores are well explained in this post.
While trying to retrieve the session IDs for a user using the below code snippet.
Hashtable<String,String> credentials = new Hashtable<String,String>();
credentials.put(“userid”, user_login);
credentials.put(“password”, user_passwd);
try{
AccessClient ac=null;
ResourceRequest req ;
ac = AccessClient.createDefaultInstance(Location,AccessClient.CompatibilityMode.OAM_10G);
req = new ResourceRequest(protocol, resource,method_way);
System.out.println(“Location–>”+Location);
UserSession session = new UserSession(req,credentials);
String sessionId=session.getSessionToken();
System.out.println(sessionId);
Set set=session.getSessionIds(user_login);
System.out.println(“Sessionattr—>”+set);
}catch(Exception e){}
We are getting the below exception while executing the above code snippet:
“oracle.security.am.asdk.OperationNotPermittedException: OAMAGENT-02005: Operation not permitted on this server.”
I can read the OAM sessions from the database by logging into DB as OAM DB schema user.
select * from oam_session;
I have found that there is a bug related to session IDs 12972630. Fix for bug# 12972630 will return session ids of a user in the specified user identity stores. Right now only sessions with default store are returned.
Well, the following statement is extracted from OAM documentation for default store:
Default Store: Used by Oracle Security Token Service, and for migration purposes when patching.
So the fix for bug is to use the user identity store as default store to retrieve the session IDs from OAM server. I can’t exactly make out the reason for bug fix and default store purpose.
Anyhow, I am using OVD as user identity store for OAM authentication. So I have flagged the OVD identity store as Default store and then I am able to retrieve the session IDs from OAM server.
Oracle WebLogic Administrator [USD 399]- 03rd Dec, 2011
Good hands-on exercises (installation, patching, cloning), very experienced trainer worth every penny 
5 users commented in " How to read session Ids of a user from OAM 11g "
Follow-up comment rss or Leave a Trackback[...] by Session Management Engine SME. How to retrieve session IDs from OAM server are explained in post. So this post will give a sample code snippet to set and retrieve session attributes from [...]
hi.
i was wondering if you were able to resolve this issue. we have the same problem with our environment. initially, we want to use KerberosScheme for authentication, but for testing purposes we are just using AD.
the AD is configured as default store in OAM and we have tested authentication against it (we are asked for username/pwd and can successfully log in with an AD-user). our code is almost the same as in your example and we are able to create an user session. we see this because we can get many of the attributes (level, start time, last use time and session token). however, getting the session id’s with method getSessionIds(…) always results in OAMAGENT-02005 error. we have tried using different combination of values for username (samaccountname, dn etc.), but the error is the same.
our final goal is to get the session attributes with the correct session ID.
best regards,
tinba
@Tinba,
I initially approached Oracle support for this and they also suggested to make Id Store as Default to resolve this issue an ER is already raised for the same.
Hence, there is no other solution for this issue. Make AD store as default store and try retrieving session IDs. Let me know if you face any issues.
-Mahendra
hi again and thank you very much for the reply.
to remove possible errors due to bugs etc., we have patched OAM (p.nr. 13473393) and ASDK (p.nr. 14026048). we have changed the authentication scheme to form-login to AD and have made AD the Default Store in OAM. when we go via browser to the resource, we can log in with our AD-credentials.
using ASDK via AccessClient, we still get the same errors as before (OAMAGENT-02005). this applies to the following methods: UserSession.getSessionIds(…) and UserSession.getSessionAttributes(…). for the former we have tested with different values of the userid, for the latter we have tested with values for session-IDs gathered directly from database (oam_session table).
in addition, we see that the following methods also have issues:
* UserSession.getLocation() is not able to read our AccessClients IP-adress.
* UserSession.getUserIdentity() returns the DN only up to the first space in the DN (when one uses full name for CN, this is a problem since you have space between given name and surname).
any suggestions are appreciated.
best regards,
tinba
hi again.
have found the error.
we overlooked configuring our AccessClient as a privileged agent (“Allow Management Operations” in OAM Console). this has to be done if the agent is going to manage sessions. fixing this, the problem was solved.
thank you very much for the help.
best regards,
tinba
Leave A Reply