We are extensively using OAM 11g API in our project out of which there is a requirement to set session attributes for a OAM user session.

Session attributes is a concept newly introduced in OAM 11g (not there in 10g). So once OAM session is created we can retrieve the session Ids by using the API method getSessionIds of UserSession class (package is oracle.security.am.asdk). This class is available in oamasdk-api-11.1.1.5.0.jar.

We are using Embedded Weblogic as System and default store. The concepts of these stores are well explained in this post.

While trying to retrieve the session IDs for a user using the below code snippet.

Hashtable<String,String> credentials = new Hashtable<String,String>();
credentials.put(“userid”, user_login);
credentials.put(“password”, user_passwd);
try{
AccessClient ac=null;
ResourceRequest req ;
ac = AccessClient.createDefaultInstance(Location,AccessClient.CompatibilityMode.OAM_10G);
req = new ResourceRequest(protocol, resource,method_way);
System.out.println(“Location–>”+Location);
UserSession session = new UserSession(req,credentials);
String sessionId=session.getSessionToken();
System.out.println(sessionId);
Set set=session.getSessionIds(user_login);
System.out.println(“Sessionattr—>”+set);

}catch(Exception e){}

 

We are getting the below exception while executing the above code snippet:

“oracle.security.am.asdk.OperationNotPermittedException: OAMAGENT-02005: Operation not permitted on this server.”

I can read the OAM sessions from the database by logging into DB as OAM DB schema user.

select * from oam_session;

I have found that there is a bug related to session IDs 12972630. Fix for bug# 12972630 will return session ids of a user in the specified user identity stores. Right now only sessions with default store are returned.

Well, the following statement is extracted from OAM documentation for default store:

Default Store: Used by Oracle Security Token Service, and for migration purposes when patching.

So the fix for bug is to use the user identity store as default store to retrieve the session IDs from OAM server. I can’t exactly make out the reason for bug fix and default store purpose.

Anyhow,  I am using OVD as user identity store for OAM authentication. So I have flagged the OVD identity store as Default store and then I am able to retrieve the session IDs from OAM server.