Oracle Identity & Access Management 11gR2 : Installation & Configuration in 12 Steps

This post covers steps to install and configure Oracle Identity & Access Management (IDAM) 11gR2 (11.1.2). To download IDAM 11gR2 (11.1.2) software click here and for documentation click here

Oracle Identity & Access Management 11gR2 (11.1.2) consists of

  • Oracle Access Management (OAM) : OAM suite consists of
    –> OAM Access Manager (earlier Oracle Access Manager)
    –> OAM Secure Token Service
    –> OAM Identity Federation (earlier Oracle Identity Federation)
    –> Oracle Access Management Mobile and Social (new product added in 11gR2)
    –> OAM Adaptive Access Manager
    –> Oracle Entitlement Server
    –> Oracle Web Services Manager (OWSM)
    Note: There are few more products (Oracle Enterprise Gateway, Enterprise Single Sign-On etc…) that are part of Oracle Access management Suite but they are installed using their own software.
  • Oracle Identity Manager (OIM)
  • Oracle Privileged Account Manager (OPAM) (new product added in 11gR2)
  • Oracle Identity Navigator (OIN)
High Level Installation Steps for IDAM 11gR2 (11.1.2.0.0)
Installation steps for IDAM 11gR2(11.1.2) are same as 11gR1 (11.1.1.3/5) with additional step to configure Database Security Store (configureSecurityStore.py)

1. Install Database for Oracle Identity & Access Management(IDAM) schemas

2. Create IDAM schemas in database using RCU 11.1.2.0.0

3. Install JDK/JRockit 1.6 (for IBM Aix or HP Unix install vendor specific JDK).

4. Install WebLogic 10.3.6  (This step will create Middleware Home MW_HOME)

5. Install Identity & Access Management 11.1.2.0 software in Middleware Home (MW_HOME created in previous step)

6. Install SOA Suite 11.1.1.6.0 software in Middleware Home (MW_HOME created in step 4) (SOA is required only for OIM, If you are not configuring OIM then there is no need to install SOA Suite)

7. Apply patches listed in Release Notes here (Required for OIM only). [updated on 18th August 2012] If you can’t find patches listed in Release Notes of 11gR2 then check Bug 14489758 : WRONG PATCH NUMBERS IN RELEASE NOTES

8. Create Weblogic Domain (more here) and select IDAM components by running config.sh from $MW_HOME/oracle_common/common/bin (Do not start WebLogic Server yet, create Database Security Store first as mentioned in next step)

9. Create Database Security Store using WLST – <IAM_ HOME>/common/tools/configureSecurityStore.py (Ignore this step if you are creating WebLogic domain with just one domain template i.e. “Oracle Access Management Mobile and Social)

10. Start WebLogic Admin Server

11. Configure OIM Server ($IAM_ORACLE_HOME/bin/config.sh) – Ignore this step if you do not want OIM server

12. Start WebLogic Managed Servers created during WebLogic domain creation

 

References/Related

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

145 comments
Henrik says August 14, 2012

Have you applied the patches you mention in step 7?
“7. Apply patches listed in Release Notes here (Required for OIM only)”

I can’t find them on My Oracle Support, I opened a support case about it, but have not heard anything back yet…

Reply
    Atul Kumar says August 15, 2012

    @ Henrik,
    No, not applied these patches as I am currently exploring new features in Access Management of 11gR2 (Social, Mobile, PAM and OES).

    Reply
Roland says August 14, 2012

Great to see you have had a successful installation. I am stuck at the RCU scripts in my own installation, they keep chewing through a ton of disk space (4G) – I am wondering if you happen to know how much disk space it took to run the RCU.

Reply
    Atul Kumar says August 15, 2012

    @ Roland,
    For me RCU using tiny disk space (under 1 GB) for schemas. Are you creating all schemas or just IDAM ones (create only IDAM ones please)

    Reply
IgnitedMind says August 15, 2012

Hi Atul, Sould i use SOA 11.1.1.6.0 with 11gR2 ?

(RCU 11.1.1.6.0,SOA 11.1.1.6.0)

Help Appreciated.

Reply
Atul Kumar says August 15, 2012

@ IgnitedMind,
Yes use SOA 11.1.1.6 for IDAM 11gR2 and use 10.3.6 weblogic (though doc says both 10.3.5 and 10.3.6 are supported)

Reply
IgnitedMind says August 15, 2012

Summarining,

Installation of Database 11gR2

Step 1>
Creation of Schema using RCU 11.1.1.6 for OID.
Creation of middllewareR1 using weblogic 10.3.6
Installation & config of Oracle Identity Mangement 11.1.1.6.0
Installation & configuration of SOA 11.1.1.6.0

Step 2> as u mentioned in this post,
Creation of Schema using RCU 11.1.2
Creation of middllewareR2
Installation of IAM etc

Is above is ok ?
2nd, I need to create Schmea for SOA using which RCU ? 11.1.1.6.0 or 11.1.2 ?

Help Appreciated,

Reply
Atul Kumar says August 15, 2012

@ IgnitedMind

I am not sure what you want to achieve . It is important to note that “Idenitity management” and “Identity & Access Management” are two different installs and different software.

Check this
http://onlineappsdba.com/index.php/2012/05/30/confused-about-oracle-iam-software-version-release-number/

Reply
IgnitedMind says August 15, 2012

Hi Atul,

I have gone thru the link you shared.

My Question Is,Schmea for SOA 11.1.1.6.0 should be created thru RCU 11.1.1.6.0 correct ? not thru RCU 11.1.2 (R2) ?

thank you very much for your quick response.

Reply
    Atul Kumar says August 15, 2012

    Currently SOA schema version in RCU 11.1.1.6 and 11.1.2.0.0 is same and compatible with SOA 11.1.1.6.0

    To be on safe side

    If you are installing IDAM 11.1.1.5 then install SOA 11.1.1.5 and use RCU 11.1.1.5 or 11.1.1.5.2

    If you are installing IDAM 11.1.2 then install SOA 11.1.1.6 and use RCU 11.1.2

    Reply
» Security Modules (OES Client) in Oracle Entitlement Server (OES) 11g Online Apps DBA: One Stop Shop for Apps DBA’s says August 15, 2012

[…] 1. OES consists of : a) OES 11g Administration Console : Authorization Policy Manager (APM) : This is server side components installed as part of Identity & Access Management software. […]

Reply
Henrik says August 16, 2012

Regarding the OIM patch numbers I asked about, they are incorrect in the docs.
Oracle Support Bug 14489758 (WRONG PATCH NUMBERS IN RELEASE NOTES) can be found at: https://support.oracle.com/epmos/faces/ui/km/BugDisplay.jspx?id=14489758

They should be:
> 14948569 -> 14016801
> 14735868 -> 13931550
> 15211191 -> 14196234
> 14908250 -> 14049150

Reply
IgnitedMind says August 16, 2012

Hi Atul/Henrik,

I am not finding the patches for OIM.
“2.3 Mandatory Patches for Installing Oracle Identity Manager”

•14948569

•14735868

•15211191

•14908250

Non of the above patches found in support link.

Any help appreciated.

Reply
Henrik says August 16, 2012

IgnitedMind -> See the post above yours..

Reply
IgnitedMind says August 16, 2012

oops, thanks Atul for the info.

Reply
IgnitedMind says August 17, 2012

Hi Atul,

I have applied OIM Patch but for all the 4 patchs its giving similar message as below.

[oracle@localhost 14049150]$ opatch apply
Oracle Interim Patch Installer version 11.2.0.3.0
Copyright (c) 2012, Oracle Corporation. All rights reserved.

Oracle Home : /home/oracle/app/oracle/product/11.2.0/dbhome_1
Central Inventory : /home/oracle/app/oraInventory
from : /home/oracle/app/oracle/product/11.2.0/dbhome_1/oraInst.loc
OPatch version : 11.2.0.3.0
OUI version : 11.2.0.1.0
Log file location : /home/oracle/app/oracle/product/11.2.0/dbhome_1/cfgtoollogs/opatch/14049150_Aug_17_2012_18_48_26/apply2012-08-17_18-48-26PM_1.log

Applying interim patch ‘14049150’ to OH ‘/home/oracle/app/oracle/product/11.2.0/dbhome_1′
Verifying environment and performing prerequisite checks…
OPatch system modification phase did not start:
Patch “14049150” is not needed since it has no fixes for this Oracle Home. Please see log file for details.
Log file location: /home/oracle/app/oracle/product/11.2.0/dbhome_1/cfgtoollogs/opatch/14049150_Aug_17_2012_18_48_26/apply2012-08-17_18-48-26PM_1.log

OPatch stopped on request.

what coud have been wrong here ?

Reply
IgnitedMind says August 17, 2012

All the 4 patch Installed Successfully. I have to keep changing ORACLE_HOME dir based on patch like soa, idm or iam or oracle_common.
patch like J2ee continer patch,ovd patch ,soa patch etc.

I am not sure whether it was the correct way, just was doing trail.

Once again thanks for help.

Reply
Roland says August 17, 2012

@IgnitedMind,
I am having trouble applying the patches, would you be kind enough to map which patch needs to have which ORACLE_HOME set? I hope that isn’t too much trouble.

Reply
Roland says August 17, 2012

I also notice that patch 13931550 is really a deployment package for something called the Oracle Application Access Controls Governor. What is that? I don’t have confidence that I should be installing that into my environment – are we sure that it is the correct patch number?

Reply
IgnitedMind says August 17, 2012

@Roland,
export PATH=$PATH:/home/oracle/middlewareR2/iam/OPatch

>14948569 -> 14016801 ->
Oracle_home=/home/oracle/middlewareR1/idm

> 15211191 -> 14196234-Oracle_Home=/:/home/oracle/middlewareR2/soa1

> 14908250 -> 14049150->Oracle_HOME=home/oracle/middlewareR2/oracle_common

Last Patch was OAACG > 14735868 -> 13931550
Yes even I have no confidence in this Patch.
I am doing Installation on my personal laptop so can’t even raise an SR. :(

Whats Oracle response on your SR ?

Reply
IgnitedMind says August 18, 2012

@Roland,

I am able to login OIM now .I think till you get update on ur SR, you can continue further configuration.

Reply
Roland says August 18, 2012

@IgnitedMind, I didn’t open an SR with Oracle on that patch. I have simply not applied it on this go around. Like you I am installing on my laptop (MBP,Retina,16G,500GB SSD). I have had lots of issues with running out of disk space and memory in Vmware Fusion. A note for others: I would recommend that you start out with at least 50G of disk assigned and I believe I will end up using 6-8G of memory when all the servers are started. Fusion has a max of 8G of memory so I’ve just thrown everything I could at it yesterday.

Reply
Roland says August 18, 2012

I am able to get everything running except for OIM. I also cannot get patch 14016801 to apply. I am thinking that oim is not deployed properly but I don’t know what to do next to fix it.

I am able to get the oim server (oim_server1) running but I can see that oim has failed to deploy. It is the only service that has failed to deploy – I can get everything else up and running: oam, oaam, opam, etc…

Reply
IgnitedMind says August 19, 2012

@Roland,

Did your OIM Configuration was successfully ?

Reply
IgnitedMind says August 19, 2012

@Roland,

Did u Enabled LDAP Sync while Configuraion ?

I yes than, What LDAP you have choosen ?
have you crated related container in OID ?

Reply
Atul Kumar says August 19, 2012

@ Roland/IgnitedMind ,
Are you hitting any issues during OIM 11GR2 config ? If yes I can try this (I used OAM 11gR2 for now) and share my experiences here.

Reply
sk says August 19, 2012

Hi! Can IAM 11.1.2 be used for Fusion Apps 11.1.4?

Reply
RR says August 20, 2012

Can anyone please confirm if these 4 patches mentioned above are really required for OIM11gR2.
As i did the OIM 11g R2 installation and configuration already.

Reply
    Atul Kumar says August 20, 2012

    @ RR,
    No these patches are not mandatory. I installed and configured OIM 11gR2 without these 4 patches and all OIM 11gR2 features are working as expected.

    Regards
    Atul Kumar

    Reply
RR says August 20, 2012

Thanks Atul for the quick response.
Since it was mentioned in the document as mandatory patches, so was not sure if its really required or not.
As of now even I am able to install and configure OIM 11gR2 without these patches.

Regards

Reply
Roland says August 20, 2012

I am still having trouble getting OIM running. The OIM config keeps failing for me with the following error:

[OIM_CONFIG] Passwords including weblogic password set in credential store successfully.
]]
[2012-08-20T14:24:50.619-06:00] [as] [ERROR] [] [oracle.as.provisioning] [tid: 62] [ecid: 0000J_5hMQaFw000jzwkno1GCdmU000003,0] [[
java.lang.NullPointerException

…followed by a Java Stack Trace, then another Java error:

[2012-08-20T14:24:50.620-06:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 62] [ecid: 0000J_5hMQaFw000jzwkno1GCdmU000003,0] [[
[OIM_CONFIG] Database Encrytion failed.
]]
[2012-08-20T14:24:50.620-06:00] [as] [ERROR] [] [oracle.as.provisioning] [tid: 62] [ecid: 0000J_5hMQaFw000jzwkno1GCdmU000003,0] Exception[[
java.lang.Exception: Exception occured while encrypting the configuration and database
at oracle.as.install.oim.config.util.EncryptConfigurationAndDB.encryptConfigurationAndDatbase(EncryptConfigurationAndDB.java:239)

I have tried a lot of things, I’ve tried setting the value of DOMAIN_HOME when running config.sh, I truncated MLS_LOCALE (as per one post online), I’ve re-run the RCU and dropped DEV_OIM and then added it back. None of these have gotten me past this.

Additional Notes: I opted for Not “Enable LDAP Sync” during the config. One thing that I have noticed, and I don’t know if it is supposed to be that way or not, under /home/oracle/Oracle/Middleware/Oracle_IDM1 I see dirs for oam, oaam, oinav, etc but I don’t see one for either idm or oim, yet I am not sure if i am supped to or not. I also have a separate directory for SOA at /home/oracle/Oracle/Middleware/Oracle_SOA1.

Reply
    Atul Kumar says August 21, 2012

    @ Roland,
    Issue in your case is that database key for OIM is corrupt. My suggestion would be to remove everything including database schema and try again .

    Don’t run config.sh from $ORACLE_HOME/bin (to configure OIM server) multiple times.

    Reply
Bryan says August 21, 2012

I have OIM 11.1.2.0 installed and working without using any of the patches mentioned above. I see the interfaces have been split in this new release. I can reconcile accounts into OIM but I don’t see where to provision accounts. I have the AD connector setup, configured, and reconciling accounts properly. What I don’t see is anywhere to Add Resources to the user accounts. Has anyone found this? I may just be overlooking it.

Reply
Bryan says August 21, 2012

Looks like the AD User account should show up under Accounts if you click on the user. If I click the accounts tab and click refresh, nothing appears. I have the AD Connector set for direct provisioning. If I click Request Access, nothing appears in the catalog. Not seeing anything out there for guidance. Has anyone else gotten this working?

Reply
Bryan says August 21, 2012

It looks like the AD User account should appear under the Accounts Tab under the user. If I click it and click refresh, nothing appears. If I click Request, nothing appears in the catalog. I have the AD connector set for direct provisioning. Has anyone gotten this working?

Reply
Atul Kumar says August 22, 2012

@ Bryan,
I’ve not tested this yet but to add resource, use identity console /identity -> Administration -> Users .

Did you populate catalog in OIM ?

http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/reqcat.htm#BABGCCJG

Reply
» IDM 11gR2 changes/new features : OIM Sysadmin & Identity console Online Apps DBA: One Stop Shop for Apps DBA’s says August 22, 2012

[…] in OIM URL and Administration Console. For Oracle IDM 11gR2 high level installation steps click here, for IDM 11gR2 documentation click here and to download IDM 11gR2 software click […]

Reply
Bryan says August 23, 2012

I’m working with the Active Directory Connector with 11G R2 and trying to provision to AD. I have the connector configured as a target resource. I have the Catalog configured to show the AD User option. I have a Role created for AD Users and an Access Policy associated with the role. When a user requests the AD User Resource from the Catalog, the resource account workflow shows it’s in a Provisioning state with an Unknown status. Looking at the resource history, the request is stuck in a Pending state under a task name of system validation.

I have run the organization and group lookup recon tasks ahead of time and they both show as successes. Some folks in the forums insisted that the error was from the organization lookup recon and the lookup was not populated. I’m showing that the Lookup table associate with the lookup recon (Lookup.ActiveDirectory.OrganizationalUnits) is populated with my OU’s. I feel like this is something small, but I can’t figure out what it is.

I’m stuck… any help would be greatly appreciated.

Reply
Bryan says August 23, 2012

As a additional note, I went into the design console and updated the AD User process definition to be set to Auto Save Form.

Reply
Atul Kumar says August 23, 2012

@ Bryan,
I’ll try to integrate AD-OIM11Gr2 this next week (busy with my prodction build for my customer :( ) and update lessons learned here.

Reply
Bryan says August 23, 2012

I appreciate it… I’ll keep plugging away at it as well and update with any findings. I also saw a page load error when trying to access a workflow for approval from the Home screen. I haven’t looked into that either.

Reply
Atul Kumar says August 23, 2012

@ Bryan,
Did you use application instance as mentioned here http://docs.oracle.com/cd/E27559_01/admin.1112/e27149/appinstance.htm#CHDBGBFD

Reply
Bryan says August 23, 2012

I did, that was pretty easy to setup and configure.

I need to read up more on the Catalog. When trying to request Roles or Resources, it directs me to the Catalog. As an end user, I would think they would want to click on the Catalog and see their options and not have to search and guess as to what they are looking for. I had to type AD and search for me to see the AD User provisioning process. I still haven’t been able to figure out how to Request a Role through the Catalog.

Reply
Roland says August 30, 2012

I’ve been getting some strange errors when trying to get OIM and OAM to work well together. I’m running OL6/64 bit. It made me go back and double check what version of the RCU I ran and it turns out that when I issue an “rcu -version” I get 11.1.1.6 as the result, even though the package I downloaded from Oracle clearly stated it was the 11.1.2 RCU for Linux. My question to others would be, if you run the same command, what version of the RCU did you use for your installs? Maybe I need to ask Oracle if they mistakenly posted the wrong RCU for Linux?

Reply
    Atul Kumar says August 30, 2012

    @ Roland,
    I know this is strange but this is expected behaviour (developers forgot to update version in help) . Run below command and you will see output like below

    SQL> select * from schema_version_registry;

    OAM Oracle Access Manager DEV1 OAM OAM DEV1_OAM 11.1.1.3.0 VALID N

    OIM Oracle Identity Manager DEV1 OIM OIM DEV1_OIM 11.1.2.0.0 VALID N

    Note that there is nothing changed in OAM schema between 11.1.1.3 till 11.1.2 and hence you still see version 11.1.1.3 in database (this is compatible with OAM version)

    Your issue is something different. Did you create these two components OIM & OAM is same domain or different domain ? what issue you are hitting ?

    Reply
Roland says August 30, 2012

@Atul, Thanks, yes, I do see that OIM is at version 11.1.2 in the schema registry.

I do have OIM and OAM installed in the same domain. What was happening was that I would log into OIM with xelsysadm then I would be redirected to OAM, but the hostname would be “null” and I would have to change it my hostname, login with weblogic and then I would get access to my OIM sysadm or identity consoles.

I found the Host Identifier for IAMSuiteAgent had two hosts defined:
IAMSuiteAgent, port 80
IAMSuiteAgent, no port

That didn’t make any sense, so I put in my hostname (idm) and FQDN (idm.example.com) but didn’t know what port to use, so I used the OAM Proxy port (5575)

I then only needed to sign into OIM once, with xelsysadm, but I have errors in both my Admin Server, oim_server1 and oam_server1. The admin server and oim_server1 have the following error:

<OAM Server can not be accessed, fallback to container policy

the oam_server1 has the error:

But I can login… Just the error messages are disturbing.

Reply
Anand says September 7, 2012

Hi Atul,

There is a issue while accessing the policy configuration tab in OAM admin console 11gr2

Error: the policy store is not available.please see the log files.

Reply
Rohith says September 13, 2012

Hello,

I hav installed OIM 11g R2 and AD Connector Server is also configured. I have created IT Resource and Application Instance. I am trying to run AD Group Lookup Recon schedule task but I am getting following error: Exception Message org.identityconnectors.framework.common.exceptions.ConnectorException: java.net.SocketTimeoutException: connect timed out
Any hints/thoughts about this?

Cheers,
Rohith

Reply
swathi says September 15, 2012

Hi Atul,

There is a issue while accessing the policy configuration tab in OAM admin console 11gr2

Error: the policy store is not available.please see the log files.

I believe this was because of the below.

When I was creating domain for OAM using common/bin/config.sh “create domain” screen and in selecting the product’s checkboxes… I noticed on this one install that “Oracle Access Manager with Database Policy Store” was not in the list of products.

How to resolve this issue in 11gR2.

Reply
Atul Kumar says September 15, 2012

@ Swathi,
Did you run configureSecurityStore.py and was that successful ?

Check where is policy store pointing to (You can do this via EM), this should be pointing to database under OPSS schema .

Reply
Atul Kumar says September 15, 2012

@ Swathi,
Policy store I mentioned above (CSF and application roles) is diifferent from OAM policy store. You mentioned that “Oracle Access Manager with Database Policy Store” was in domain template …

This could be your issue – Did your IAM 11gR2 installation complete successfully ? What all options were available during domain template ?

Reply
Swathi says September 15, 2012

Hi Atul,

I have installed OAM 11gR2 only OAM (no OIM, no SOA) successfully and was able to login to oamconsole. But when i click on policy configuration tab I am getting errors like “the policy store is not available.please see the log files”.

I did not run configureSecurityStore.py as I thought it is only for OIM. Do I still need to run this even just for OAM?

As I am receiving policy store errors, thought of reinstalling it again. While reinstalling, I installed RCU for OAM, OAM, webtier. And at the time of domain creation, I found that I am not getting “Oracle Access Manager with Database Policy Store” option to check. I think this is why in my first installtion, i received policy store related errors.

I sent an email to you with the jpg files showing the options that I am getting while creating a domain for this oam.

Again, thanks for your help.

Reply
jdev says September 16, 2012

Hi Atul,
While running configureSecurityStore.py by following
Scenario 1: Oracle Identity Manager, Oracle Access Manager in the same WebLogic Administration Domain Sharing the same Database Security Store
I am getting follwing error eventhough the password is correct.
/oracle_common/common/bin/wlst.sh /common/tools/configureSecurityStore.py -d /user_projects/domains/iamtest_dom -c IAM -m create
Info: Data source is: opss-DBDS
Please input data source password:
Pa$$w0rd
Info: DB JDBC driver: oracle.jdbc.OracleDriver
Info: DB JDBC URL: jdbc:oracle:thin:@rac1-vip.XXXXXX:1521/testdb.XXXXXXX
INFO: Found persistence provider “org.eclipse.persistence.jpa.PersistenceProvider”. OpenJPA will not be used.
INFO: Found persistence provider “org.eclipse.persistence.jpa.PersistenceProvider”. OpenJPA will not be used.
[EL Severe]: 2012-09-16 09:28:41.915–ServerSession(475351693)–Exception [EclipseLink-4002] (Eclipse Persistence Services – 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-01017: invalid username/password; logon denied

my domain creation was successful with the all the schemas and passwords
regards jdev

Reply
jdev says September 16, 2012

Hi atul,
please remove my previous post. will post updated question…

Reply
jdev says September 16, 2012

hi athul,
please remove my previous post….will update the question with new logs…

Reply
jdev says September 16, 2012

hi atul,
i fixed the issue the problem was with the special characters in the password….please remove my post…..

Reply
Swathi says September 16, 2012

Hi Atul,

Please ignore my post. I found the issue and fixed it.

Thanks,
swathi

Reply
Atul Kumar says September 16, 2012

@ Swathi,
Good to hear that, what you did to fix your issue ?

Reply
user6066 says October 4, 2012

Had anyone used iam 11.1.2 with EBS 12.1.3? Is it certified? All metalink note on EBS 12.1.3 and SSO integration still talk about 11.1.1.5 or 11.1.1.6.

Reply
Suneel says November 19, 2012

Hi,

I am new to Identity Management products. I just started implementing Oracle Identity and Access Management 11g (11.1.2.0.0) for testing.

I downloaded the following S/W & the documentation bundles from Oracle:

1. Oracle WebLogic Server 11gR1 (10.3.6) Generic and Coherence
2. Oracle SOA Suite 11g Patch Set 5 (11.1.1.6.0)
3. Oracle Identity and Access Management 11g (11.1.2.0.0)
4. Oracle Fusion Middleware Repository Creation Utility 11g (11.1.2.0.0) for Microsoft Windows
5. Oracle Enterprise Single Sign On 11.1.2.0.0
6. Oracle Access Manager WebGates 11.1.2.0.0
7. Oracle Unified Directory 11g (11.1.2.0.0)
8. Oracle Identity Management 11g Patch Set 5 (11.1.1.6.0) for Microsoft Windows x86 (64-bit)
Docs:
1. Oracle Fusion Middleware Documentation Library 11g Release 1 (11.1.1.6.0)
2. Oracle Fusion Middleware Identity Management Documentation Library 11g Release 2 (11.1.2.0.0)

After reviewing the installation guide for IAM 11g R2 and your article, I followed the steps from 1 to 10 (except 7, I do not have support contract with Oracle).
Now I am trying to configure Identity Navigator and realized that I need to configure identity store using : Oracle Internet Directory or OracleVirtual Directory. As I see OID or OVD are not part of Oracle IAM 11gR2, but they are part of : Oracle Identity Management 11g Patch Set 5 (11.1.1.6.0).

Can I now use (After installing R2): Oracle Identity Management 11g Patch Set 5 (11.1.1.6.0) to Install OID/OVD in the same setup? If not what are the other options I have?

I just created one Admin Server & see most of the servers are not running.

From Admin Console:
Servers (Filtered – More Columns Exist)

Showing 1 to 6 of 6 PreviousNext
Name Sorted Ascending Cluster Machine State Health Listen Port
AdminServer(admin) RUNNING OK 7001
oaam_server_server1 SHUTDOWN 14300
oam_server1 SHUTDOWN 14100
oim_server1 SHUTDOWN 14000
opam_server1 SHUTDOWN 18101
soa_server1 LocalMachine SHUTDOWN 8001

Do I need to create a Member server for these servers to run?

I know some questions may be basic ones, I am trying to read as much as possible to understand but with too many new products :-(, I felt it is better to ask for some help.

Thanks in Advance.

Suneel

Reply
jdev says November 20, 2012

Hi Athul,

I deployed oim 11g r2 successfully and its working fine….my goal is to extend the domain with oam but not going to integrate with oim.So for that i did following..
Extend the oim domain with oam..
Removed IAMSuite agendt from myrelm…
After that oim login is not working….
Please let me know following…
The procedure which i followed is right or wrong and how can i achieve my goal…

Regards,
jdev

Reply
Atul Kumar says November 20, 2012

@ jdev,
When you say OIM is not working , what is not working ?

Is this that you can’t login ?
How are you loggin in to OIM (via OHS or direct on OIM weblogic port) ?
What authentication providers do you have in weblogic and in what order and what is JAAS flag ?

Check http://onlineappsdba.com/index.php/2008/11/22/security-in-oracle-weblogic-realm-security-provider-authentication-authorization-users/

and

http://onlineappsdba.com/index.php/2010/02/04/how-to-integrate-weblogic-with-oracle-internet-directory-for-login-authentication/

Reply
jdev says November 20, 2012

Hi Athul,

yes i cant login

I observed the following things….
If we extend oim domain with oam,then OIMAuthenticationProvider (authenticating against oimdb) will be removed and IAMSuiteAgent will be added the myrealm provider list…

any comments..
jdev

Reply
Anand says November 27, 2012

Hi Atul
i have integrated OIM11gR2 with OAM 11gR2,every thing working fine when i perform selfregistration in OIM it is throwing following error in OIM server logs,when i track the request ID it shows the request creation failled.

javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 1 – Attribute orclaccountlocked is not supported in schema.]; remaining name ‘cnTNEWUSER01,cn=Reserve,cn=oracleAccounts,dc=uatoid,dc=nbty,dc=global’
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3136

Regards
Anand

Reply
Atul Kumar says November 27, 2012

@ Anand,
Issue is with either
a) Your OIM – OAM integartion
or
b) You are using OID hostname in LDAP resource (hostname should be blank so OVD can be used)
or
c) If you are using OVD then persmissions are not set correctly in OVD (ACLs)

Share which document you used to integrate OIM with OAM ?
Are you using OVD for OIM LDAP inetgration ?

Reply
Anand says November 28, 2012

Hi Atul,

i have a ldap sync with OID, i am not using OVD. i have followed the this http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oim.htm#CACJDIDD link for integration.integration is working fine when ever i perform self registration,i am getting following error

javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 1 – Attribute orclaccountlocked is not supported in schema.]; remaining name ‘cnTNEWUSER01,cn=Reserve,cn=oracleAccounts,dc=uatoid,dc=nbty,dc=global’
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3136

Reply
    Atul Kumar says November 28, 2012

    1. Do you see ob* related attributes in OID ?

    2. Did you select LDAPSync with OIM during OIM configuration and if yes what user you used

    http://docs.oracle.com/cd/E27559_01/install.1112/e27301/oim.htm#CDDDIAIC

    Server User – enter the user name for Directory Server administrator.
    For example: cn=oimAdminUser,cn=systemids,dc=mycompany,dc=com

    3. When you access OIM IT resource , under that LDAP resource what are value used in LDAP resouse ?

    Hostname should be blank so that libOVD can be used

    Reply
Anand says November 28, 2012

Hi Atul,

Thanks for your help, the problem resolved.

Reply
Anand says November 28, 2012

Hi Atul,

After OIM and OAM integration, new user is try to login into oimconsole using oamauthenticationpage, it is not asking reset password and challenge questions, How to get restet password and challenge questions after integration,is it possible?

Reply
om says January 1, 2013

Hi Atul,

Wish you a very happy new year 2013! I had encountered a problem while setting up the IDM & IAM stack, hence seeking your help.

The versions I am using are IDM 11.1.1.6, IAM 11.1.2.0, SOA 11.1.1.6, Weblogic 10.3.6. The install part is completed successfully for all the components. I am trying to set up IAM and IDM components in the same weblogic domain, correct me if this is not supported (my assumption being that its supported.

As we know, that for IAM 11.1.2 we need to set up the Database Security Store before we start the weblogic servers here is the problem I am facing:. I cannot configure the IDM components before the database security store config because the IDM config wizard starts up the weblogic server in the process. What I dis was, create a weblogic domain, extend it then set up the Database Security Store
and then configure the IAM components (which goes fine), followed by IDM components config, the OIF configuration fails. If I try the sequence the other way round, IDM config -> DB Cred Store config, IAM config, it throws errors and Policy Manager is not accessible ( which is logical as the DB cred store config needs to go in before weblogic server starts). So this leaves me in a fix, please advise.

Reply
Atul Kumar says January 2, 2013

@ om,

Install IDM 11.1.1.6 and IAM (IDAM) 11.1.2 in different middleware home and under separate domain.

Regards
Atul Kumar

Reply
om says January 2, 2013

Thanks Atul for the reply. I had also thought of this option to set them up in two different domains which should work fine. The reason I was pursuing this option (to set up both in same weblogic domain) because I could not find any oracle documentation which was saying this as non supported and I had been successfully using IAM and IDM in the same weblogic domain on the earlier versions (till 11.1.1.6).

Reply
Atul Kumar says January 2, 2013

@ OM,
Yes, I agree there is no note that says this is not supported. There are some changes in policyStore configuration (in 11gR2 it is mandatory to have DB as policy store) where as in 11gR1 policyStore could be XML, OID or DB .

My suggestion would be different DOMAIN_HOME and MW_HOME for 11gR1 and 11gR2 IDM

Reply
» Oracle Privileged Account Manager (OPAM) Installation and Configuration Online Apps DBA: One Stop Shop for Apps DBA’s says January 5, 2013

[…] Manager (OPAM) is a new product introduced in Oracle Identity Management 11gR2 (More on IdM 11gR2  here, here, and here. For new features in IdM 11gR2 click here, here, and here ). OPAM server is part […]

Reply
» Oracle Privileged Account Manager (OPAM) Installation and Configuration Online Apps DBA: One Stop Shop for Apps DBA’s says January 5, 2013

[…] Manager (OPAM) is a new product introduced in Oracle Identity Management 11gR2 (More on IdM 11gR2  here, here, and here. For new features in IdM 11gR2 click here, here, and here ). OPAM server is part […]

Reply
Vinod says January 12, 2013

Integration OIM 11G R2 with R12.1.3, and also i need to configure OIM, OVD setup. Please help us, which softwares to download it.

Reply
    Atul Kumar says January 12, 2013

    @ Vinod,
    You will need

    1. IDM 11.1.1.6 (OID & OVD)
    2. IDAM 11.1.2 (OIM) with SOA 11.1.1.6
    3. OIM connector for EBS

    Are you going to use OAM as well for SSO ?

    Reply
Vinod says January 12, 2013

Hi Atul,

I need small help from you.

Before Integration Oracle E-Business Suite 12.1.3 with IAM 11gR2 and also need setup Single Sign-On with OID/OAM 11g?

Need to install WebLogic Server 10.3.6.
OVD Setup is required?

What are the pre-requisites software’s to download it.


Regards,
Vinod

Reply
Vinod says January 12, 2013

Hi Atul,

I’m confusion with OAM 10g/11g.

Pre-requisites software’s to Install/Configure IAM 11gR2 integration Oracle E-Business Suite 12.1.3 & OAM 11g for SSO.

Using WebLogic Server 10.3.6. OVD Setup is required?


Regards,
Vinod

Reply
Atul Kumar says January 12, 2013

@ Vinod ,
What is your exact requirement for EBS integration with identity management ?

1. Is this just SSO ?
or also
2. Self Service Password Management including Forgot Password
and also
3. User provisioning & responsibility assignment via Identity management

Share your exact requirement and then I’ll share software required including any dependencies

Reply
Vinod says January 12, 2013

Hi Atul,

We are planning to implement SSO with Oracle EBS R12 (12.1.3).

We have to install & configure OID (11.1.1.6) with EBS R12.1.3 and also OAM 11g.

We are not sure what are the products to be installed?

Could you please help me how to complete these two steps (including what software & versions to be downloaded)?

Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate [ID 1484024.1]

• Oracle Access Manager 11.1.2
• Oracle E-Business Suite Release 12.0.6, 12.1.1+
• Oracle Identity Management 11.1.1.5, 11.1.1.6
• Oracle Internet Directory 11.1.1.6
• Oracle WebLogic Server 10.3.5+


Regards,
Vinod

Reply
Atul Kumar says January 12, 2013

@ Vinod

This is what you need to do

1. Install OAM 11.1.2 in MW_HOME1

1.1 Install JDK 1.6.29+
1.2 Install WLS 10.3.6
1.3 Create OAM schema using RCU 11.1.2
1.4 Install IDAM 11.1.2
1.5 Create Weblogic Domain and select components as OAM and EM
1.6 Configure security store for OAM Domain in database

2. Install OID 11.1.1.6 in MW_HOME2

1.1 Install JDK 1.6.24+
1.2 Install WLS 10.3.6
1.3 Create OID schema using RCU 11.1.1.6
1.4 Install IDM 11.1.1.6
1.5 Configure OID and DIP/ODSM

3. Install OHS 11.1.1.6

4. Install WebGate 10g or 11gR1 or 11gR2

5. Integrate EBS with OID

6. Configure EBS with OAM for SSO using AccessGate

Reply
Vinod says January 12, 2013

Thank you for explain me in brief.

Reply
Vinod says January 13, 2013

Hi Atul,

For downloading all software from
https://edelivery.oracle.com

Oracle Fusion Middleware 11g Media Pack for Linux x86-64 – version 11.1.1.6.0.

Oracle Fusion Middleware Identity Management 11g R2 Media Pack – version 11.1.2.0.0.


Thanks,
Vinod

Reply
    Atul Kumar says January 14, 2013

    @Vinod,
    Was that a question ?

    For quick reply, phrase question clearly.

    Reply
Vinod says January 14, 2013

Just for confirmation

Reply
Vinod says January 14, 2013

Thank you very much for all your help and support!

Reply
NP says January 24, 2013

Atul,
I have some confusion around responsibilities.
1) Are EBS responsibilities synced from EBS to OIM or OAM in order to assign properly?
2) Are EBS responsibilities managed in EBS once integrated or in OIM or OAM? For example, I want to create AP XXX, with varying menus functions. Where?
3) How are the responsibilities setup in EBS pulled to either OIM or OAM?

Thanks.

Reply
blanchem says February 5, 2013

Hi Atul,

I am currently working a Identity and Access Management deployment in order to test an implementation of Identity federation (OIF) using SAML 2.0 Attribute base mapping. So far I’ve got 2 domains, first one OAM 11.1.2 acting as a federated SP and OIM 11.1.1.6 acting as a federated IdP. I believe I have all the component up and running in place, although still have some config to complete:

OAM 11.1.2 domain

1.1 Install JDK 1.6.29+
1.2 Install WLS 10.3.6
1.3 Create OAM schema using RCU 11.1.2
1.4 Install IDAM 11.1.2
1.5 Create Weblogic Domain and select components as OAM, OIF as SP and EM
1.6 Configure security store for OAM Domain in database
1.7 Register WebGate 10g with OAM
1.7 Install WebGate: • 64-bit Webgate: Oracle_Access_Manager10_1_4_3_0_Win64_ISAPI_Webgate.exe on IIS Server for protecting hosted document.

OIM domain…

1.1 Install JDK 1.6.24+
1.2 Install WLS 10.3.6
1.3 Create OID schema using RCU 11.1.1.6
1.4 Install IDM 11.1.1.6
1.5 Configure OID and OVD

3. Install OHS 11.1.1.6

Here’s my question:

There is some documentation talking about 11G Webgate for OAM 11.1.2, but I could’nt find anything on OTN download site for IIS server.
Is there any benefit of using 11G webgate vs 10G and does it exist for IIS server or 11G webgate is strickly for OHS/WebLogic server.

Reply
Atul Kumar says February 6, 2013

@blanchem,
11g Webgate is avaialble for OHS only , for all other web servers (including IIS) there is only 10g WebGate.

Only difference between 10g and 11g webgate is that “Deny on not protected” is configurable in 10g webgate where as in 11g webgate only option is “Deny on not protected”

In 11gR2 webgate , you can also configure webgate as credential collection (new seacurity feature introduced in 11gR2 webgate)

Reply
kiron says February 19, 2013

Hi Atul,

I have installed OAM 11gr2 product only on two nodes in cluster environment. I am able to open the oamconsole using the admin server port on the node 1. I am little confused now how we can access the oam console from node 2 when node 1 is down? Because the admin server is running only on node 1 (ofcourse oam managed server also on it) and node2 has only the managed oam server.

Reply
    Atul Kumar says February 19, 2013

    @ Kiron,
    OAM Admin Console is singleton service that means it can only run in Active-Passive mode. This application is used only by Administrators for configuration and if node1 goes down then you can migrate Admin Server to node2 and start OAMconsole.

    Reply
madan says March 16, 2013

Looking for past experience for migration Oracle Access Manager 11g Release 1 to Oracle Access Management Access Manager (Access Manager) 11g Release 2 (11.1.2).

I am following 16 step upgrade flow. 11GR2 requires new schema’s and export/import of data.

http://docs.oracle.com/cd/E27559_01/doc.1112/e28183/oam_up.htm#BABFJDGF

Our baseline is OAM 11.1.1.5.0 BP03 on Linux.

Upgrade is completed but data is not shown in oamconsole. Documentation states that The Administration server start-up takes approximately 30 minutes due to policy migration but for me it is coming up in 3-4 minutes

Here is output of of exportAccessData. It generates PS1 policy files. Import has no errors. I

wls:/offline> exportAccessData(“/u01/soft/OAM11G.R2.Upgrade/config/upgrade.properties”)
LOGGER intialised java.util.logging.Logger@1e211757
Mar 14, 2013 10:21:32 AM oracle.security.access.upgrade.WLSTExecutor executeCommand
INFO: EXPORT_DATA_COMMAND
Mar 14, 2013 10:21:32 AM oracle.security.access.upgrade.util.WLSTExportDataUtil executeCommand
INFO: OAAM PRODUCT
Mar 14, 2013 10:21:32 AM oracle.security.access.upgrade.util.WLSTExportDataUtil executeCommand
INFO: OAM PRODUCT
Mar 14, 2013 10:21:32 AM oracle.security.access.upgrade.util.WLSTExportDataUtil executeCommand
INFO: oamPlugin.getName() = oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory
Mar 14, 2013 10:21:32 AM oracle.security.am.upgrade.plugin.util.UpgradeUtil exportConfiguration
INFO: Copying configuration file….
oracle.security.am.upgrade.plugin.upgradehelper.OAMVersionSpecificClassLoader@1e1f4781
[EL Info]: 2013-03-14 10:21:34.51–ServerSession(517763463)–EclipseLink, version: Eclipse Persistence Services – 1.1.0.r3634

[EL Info]: 2013-03-14 10:21:36.974–ServerSession(517763463)–file:/u01/app/oracle/product/iam/fmw/Oracle_IAM/oam/server/lib/upgrade/ps1-policy/oes-d8/jps-internal.jar-JpsDBDataManager login successful
Mar 14, 2013 10:21:40 AM com.tangosol.coherence.component.util.logOutput.Jdk log
INFO: 2013-03-14 10:21:40.456/17.045 Oracle Coherence 3.5.3/465p2 (thread=Main Thread, member=n/a): Loaded operational configuration from resource “jar:file:/u01/app/oracle/product/iam/fmw/Oracle_IAM/oam/server/lib/upgrade/ps1-policy/coherence.jar!/tangosol-coherence.xml”
Mar 14, 2013 10:21:40 AM com.tangosol.coherence.component.util.logOutput.Jdk log
INFO: 2013-03-14 10:21:40.466/17.055 Oracle Coherence 3.5.3/465p2 (thread=Main Thread, member=n/a): Loaded operational overrides from resource “jar:file:/u01/app/oracle/product/iam/fmw/Oracle_IAM/oam/server/lib/upgrade/ps1-policy/coherence.jar!/tangosol-coherence-override-dev.xml”
Mar 14, 2013 10:21:40 AM com.tangosol.coherence.component.util.logOutput.Jdk log
INFO: 2013-03-14 10:21:40.468/17.057 Oracle Coherence 3.5.3/465p2 (thread=Main Thread, member=n/a): Loaded operational overrides from resource “jar:file:/u01/app/oracle/product/iam/fmw/Oracle_IAM/oam/server/lib/upgrade/ps1-policy/mapstore-coherence.jar!/tangosol-coherence-override.xml”
Mar 14, 2013 10:21:40 AM com.tangosol.coherence.component.util.logOutput.Jdk log
INFO: 2013-03-14 10:21:40.620/17.209 Oracle Coherence GE 3.5.3/465p2 (thread=Main Thread, member=n/a): Loaded cache configuration from “jar:file:/u01/app/oracle/product/iam/fmw/Oracle_IAM/oam/server/lib/upgrade/ps1-policy/mapstore-coherence.jar!/oam-cache-config.xml”
Mar 14, 2013 10:21:41 AM com.tangosol.coherence.component.util.logOutput.Jdk log
WARNING: 2013-03-14 10:21:41.085/17.674 Oracle Coherence GE 3.5.3/465p2 (thread=Main Thread, member=n/a): UnicastUdpSocket failed to set receive buffer size to 1428 packets (2096304 bytes); actual size is 89 packets (131071 bytes). Consult your OS documentation regarding increasing the maximum socket buffer size. Proceeding with the actual value may cause sub-optimal performance.
Mar 14, 2013 10:21:44 AM com.tangosol.coherence.component.util.logOutput.Jdk log
INFO: 2013-03-14 10:21:44.497/21.086 Oracle Coherence GE 3.5.3/465p2 (thread=Cluster, member=n/a): Created a new cluster “OAM” with Member(Id=1, Timestamp=2013-03-14 10:21:41.1, Address=172.16.10.171:9095, MachineId=46763, Location=site:bias.com,machine:iadoel03,process:1212, Edition=Grid Edition, Mode=Development, CpuCount=2, SocketCount=1) UID=0xAC100AAB0000013D69471D6CB6AB2387
Mar 14, 2013 10:21:45 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Diagnostic Engine with rate metrics enabled, has been initialized.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.diagnostic.impl.Config
INFO: Number of collectors registered: “2”.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:45 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:46 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:46 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:46 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:46 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:46 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:46 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:46 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:46 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:48 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:48 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:48 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:48 AM oracle.security.am.upgrade.plugin.policyextractor.OAMPolicyExtractor writeApplicationDomains
SEVERE: Resource : not found.
oracle.security.am.common.policy.admin.store.PolicyStoreException: Resource : not found.
at oracle.security.am.common.policy.admin.provider.oes.OESResourceStore.getResource(OESResourceStore.java:677)
at oracle.security.am.upgrade.plugin.policyextractor.OAMPolicyExtractor.writeApplicationDomains(Unknown Source)
at oracle.security.am.upgrade.plugin.policyextractor.OAMPolicyExtractor.extractOAMPolicies(Unknown Source)
at oracle.security.am.upgrade.plugin.policyextractor.OAMPolicyExtractor.extract(Unknown Source)
at oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory.exportData(Unknown Source)
at oracle.security.access.upgrade.util.WLSTExportDataUtil.executeCommand(WLSTExportDataUtil.java:68)
at oracle.security.access.upgrade.WLSTExecutor.executeCommand(WLSTExecutor.java:99)
at oracle.security.access.upgrade.WLSTExecutor.execute(WLSTExecutor.java:67)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.python.core.PyReflectedFunction.__call__(Unknown Source)
at org.python.core.PyReflectedFunction.__call__(Unknown Source)
at org.python.core.PyObject.__call__(Unknown Source)
at org.python.core.PyObject.invoke(Unknown Source)
at org.python.pycode._pyx49.exportAccessData$3(/u01/app/oracle/product/iam/fmw/Oracle_IAM/common/wlst/access_upgrade.py:32)
at org.python.pycode._pyx49.call_function(/u01/app/oracle/product/iam/fmw/Oracle_IAM/common/wlst/access_upgrade.py)
at org.python.core.PyTableCode.call(Unknown Source)
at org.python.core.PyTableCode.call(Unknown Source)
at org.python.core.PyFunction.__call__(Unknown Source)
at org.python.pycode._pyx62.f$0(:1)
at org.python.pycode._pyx62.call_function()
at org.python.core.PyTableCode.call(Unknown Source)
at org.python.core.PyCode.call(Unknown Source)
at org.python.core.Py.runCode(Unknown Source)
at org.python.core.Py.exec(Unknown Source)
at org.python.util.PythonInterpreter.exec(Unknown Source)
at org.python.util.InteractiveInterpreter.runcode(Unknown Source)
at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
at weblogic.management.scripting.WLST.main(WLST.java:188)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.WLST.main(WLST.java:29)

Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:50 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:51 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:52 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:52 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:52 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:53 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:53 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:53 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:53 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:53 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:53 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Mar 14, 2013 10:21:53 AM oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory exportData
INFO: Extraction Done!!
Mar 14, 2013 10:21:53 AM oracle.security.am.upgrade.plugin.util.UpgradeCommonUtil removeDirectory
INFO: Deletion of Directory: true path: /u01/soft/OAM11G.R2.Upgrade/config/temp.zip
Mar 14, 2013 10:21:53 AM oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory exportData
INFO: Export completed successfully!!

Thanks
Madan

Reply
Bryan says March 20, 2013

Does anyone have a walkthrough they could share of a simple 2 node IAM enterprise install? All I see are single node standalone installs. Just looking for something to guide me through it once.

Thanks.

Reply
Atul Kumar says March 20, 2013

@ Bryan,
Use same guideline for HA (Active-Active cluster) for 11gR1. Do you have Enterprise Deployment Guide for 11gr1 ?

Atul

Reply
Bryan says March 20, 2013

I’m reading through the enterprise deployment guide. It looks as if there are two complete installs of IAM (including weblogic, soa, IAM and database).

I’ve got the installs down individually, but my question is how do they tie together to be HA? I think I’m missing something basic.

Maybe I’ve overlooking it in the doc?

Reply
Atul Kumar says March 20, 2013

@ Bryan
Yes you install twice (on each IAM node) but when it comes to creating domain then you define cluster .

Follow http://docs.oracle.com/cd/E14571_01/core.1111/e12035/create_domain_im.htm#CFHIBIEG and also link you shared above

Reply
Bryan says March 20, 2013

Does it share the same database instance?

Reply
Atul Kumar says March 20, 2013

@ Bryan,
For Database HA use RAC so you will have have two or more database instances for a database .

This is all in the document that I shared .

Reply
» Install & Configure OES 11gR2 (Oracle Entitlement Server) : Part I Online Apps DBA: One Stop Shop for Apps DBA’s says March 25, 2013

[…] Identity Management Suite. For High Level installation Steps of Identity Management 11gR2 click here  For Oracle Identity Management 11gR2 documentation click here and for software […]

Reply
IgnitedMind says April 18, 2013

HI,
I am receiving error ” “. while oam server is starting.

I have checked data source is running.

I have also verified in EM that store type is Oracle database and its pointing to jdbc/OPSSDBDS

any thought on this error ?

It was working before but now i was doing some integration (oam-oim-ovd) stuff and thought of creating identity store in OAM but when i tried to login got above error.

Help Appreciated.

Reply
IgnitedMind says April 18, 2013

I have also checked
./wlst.sh /home/oracle/middlewareR2/iam/common/tools/configureSecurityStore.py -d /home/oracle/middlewareR2/user_projects/domains/base_domain/ -m validate
Info: Data source is: opss-DBDS
Info: Diagnostics data was saved to the credential store.
Info: Validate operation has completed successfully.

Reply
IgnitedMind says April 19, 2013

I am receiving error

Scanning of system policy failed. Reason oracle.security.jps.service.policystore.PolicyStoreException: JPS-10702: The datasource jdbc/OPSSDBDS is not found..

Reply
Atul Kumar says April 19, 2013

@ IgnitedMind ,
Check OPSSDBDS is available in WebLogic Console as data source under Services and there are no errors in WebLogic server log files.

Check status of this data source OPSSDBDS from WebLogic console

Reply
IgnitedMind says April 19, 2013

Hi Atual,

data source OPSSDBDS from WebLogic console
is in running state. hence its working fine and i have target as Admin Server,oim,oam,soa server.

there are no error in weblogic server as well. :(

Reply
Neha says April 23, 2013

Hi Atul,

I am trying to install OAM 11gr2. So I ran RCU(V37476). Then I installed weblogic 10.3.6 and ran the install for OAM(v37472). Then I came back and did config wizard for Weblogic and while test JDBC schema, I get test failed for OAM infrastructure. I get a message saying, A connection was established but no rows returned for that. I did get test successful for OPSS. Please let me know what I can do.
Thanks,
Neha

Reply
rohit_rr says July 15, 2013

@Anand:

Can you please elaborate how did you resolved the issue
[LDAP: error code 1 – Attribute orclaccountlocked is not supported in schema.]; remaining name
Thanks
Rohit

Reply
    Atul Kumar says July 15, 2013

    @ Rohit, This error means not all the intergation steps are configured for OIM/OAM/OID integration. If you think you have performed all the steps and still hitting this issue then share which document you are following.

    Reply
rohit_rr says July 16, 2013

@Atul:

Thanks for the Quick response, i’m following the following Guide
http://docs.oracle.com/cd/E15586_01/fusionapps.1111/e21032/toc.htm

However we do have a OHS and Clustering, but dont think that should affect the setup between OIM/OAM/OID

per my knowledge i have performed all the steps i have rechecked them and they are all fine.

Reply
rohit_rr says July 16, 2013

@ Atul:

Forgot to mention its the version is 11.1.1.7 and not R2

Reply
rohit_rr says July 16, 2013

@ Atul:
THis is the only part i have not done “11.6.2 Configuring Oracle Access Manager by Using the IDM Automation Tool”

becuase i’m not using OHS, however i have configured a OID IDstore from the oamconsole and have set it as System store, i’m able to successfully login to OAM using the orcladmin

incase the 11.6.2 configuration is mandatory for the user creation in OID from OIM as Ldapsync option please do let me know what values shud i be providing in the fields which refer to OHS. Also after running the Ldap User and Group Full reconcilation job i have all the OID users in OIM

Thanks
Rohit

Reply
Phanindra says July 21, 2013

Hi Atul,

I am starting up with OIM 11g R2 on Linux for the first time, could you help me with a brief notes of Installation and Configuration, including the Linux commands for a Root user ?

Pls send to my email address “gvrpkumar@gmail.com”

Many Thanks in advance.

Best Regards,
Phanindra.

Reply
    Atul Kumar says July 22, 2013

    @ Phanindra,
    You can’t install OIM using root, you must use non root account.

    After installation and configuration (as mentioned in above post),
    1. Start Admin Server ($DOMAIN_HOME/bin/startWebLogic.sh)
    2. Start Node Manager $WL_HOME/server/bin/startNodeManager.sh
    3. Start OIM & SOA server from WebLogic Admin Console http://host:adminPort/console (where default value of adminPort is 7001)

    Reply
Phanindra says July 23, 2013

Hi Atul,

Thanks for the reply.

I am planning to install using the RHEL – GUI.

have the below 2 questions.

1. Does the OIM setup requires a Webserver to be setup ? If yes where it needs to be hosted ? (i.on a new server or ii on the OIM server itself)?

2. How does the password flow back happens from AD to OIM & ERP (Autherative system) ? and how the event of conflict would be handled, in case of any attribute changes at the AD level ?

Reply
Atul Kumar says July 24, 2013

@ Phanindra

1. Does the OIM setup requires a Webserver to be setup ? If yes where it needs to be hosted ? (i.on a new server or ii on the OIM server itself)?

AK: No, Web Server is not required just for OIM but if you want to do SSO (Single Sign-On) server with OIM then Web Server is required. You can deploy web server on any server including OIM server but in production it is recommended to install web server on different machine in DMZ (for security reasons)

2. How does the password flow back happens from AD to OIM & ERP (Autherative system) ? and how the event of conflict would be handled, in case of any attribute changes at the AD level ?

AK: Password change from OIM to AD happens using kernel event in OIM and from AD to OIM it happens via Password Sync connector.

Reply
Phanindra says July 24, 2013

Atul,

Please send me the compatible version matrix of OIM components needs to be downloaded, for OIM 11g R2 on Linux 64, and the links, i could not see all these below on the URL below.

https://edelivery.oracle.com/EPD/Download/get_form

Java / jrockit
RCU
Weblogic
SOA
OIM
OAM

Thanks,
Best Regards,
Phanindra

Reply
Phanindra says July 26, 2013

Hi Atul,

One more question, could you also send a some information on the data flow happens betwen EBS (Autherative system) to OIM and from OIM to AD, including the auto privisioning.

i.e if a user has been created in EBS, how it flow to AD, and how the automatic user provisioning would happen at AD.

And could we apply any Flag at OIM level to do a Selective user provisioning ? if yes, please also let me know that procedure.

Many Thanks,
Phanindra.

Reply
kjj1983 says September 12, 2013

Hi Atul,

A basic feature seems to be missing. I need to confirm if its the case with everyone.

A certification approver has to be assigned Certification administrator role to allow them to take any action on the certs. The issue here is the approver can view other certs and also perform any actions on them. This is an issue. Can you confirm if you have the same behavior. I had upgraded from OIM11gr2 BP06 to PS1.

Reply
rojalin_sahoo says September 27, 2013

Hi,
I ran /oracle_common/common/bin/wlst.sh /common/tools/configureSecurityStore.py -d -c IAM -p -m create
script in windows.
I got the error failed to initialize security store in command prompt.

Reply
    Atul Kumar says September 28, 2013

    @ rojalin_sahoo
    Did you start command prompt in admin mode ?

    Profile full patch of configureSecurityStore.py & wlst.sh as path you mentioned above doesn’t look right .

    Reply
Sadiq says October 18, 2013

Team,
Trying to install OIM on linux via virtual box. I have done the all the necessary setup however while trying to start weblogic server. Encountered the following error

Info: Data source is: opss-DBDS
WLS ManagedService is not up running. Fall back to use system properties for configuration.
Error: Diagnostics data was not saved to the credential store.
Error: Validate operation has failed.
Need to do the security configuration first!

understood that i have to create and validate the security store.However, while trying to create the security store i got the following error even though the password mentioned is right.

MW_Home/oracle_common/common/bin/wlst.sh MW_Home/common/tools/configureSecurityStore.py -d MW_HOme/user_projects/domains/OIM_Test -c IAM -m create

Info: Data source is: opss-DBDS
Please input data source password:

Info: DB JDBC driver: oracle.jdbc.OracleDriver
Info: DB JDBC URL: jdbc:oracle:thin:@rac1-vip.XXXXXX:1521/testdb.XXXXXXX
INFO: Found persistence provider “org.eclipse.persistence.jpa.PersistenceProvider”. OpenJPA will not be used.
INFO: Found persistence provider “org.eclipse.persistence.jpa.PersistenceProvider”. OpenJPA will not be used.
[EL Severe]: 2012-09-16 09:28:41.915–ServerSession(475351693)–Exception [EclipseLink-4002] (Eclipse Persistence Services – 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-01017: invalid username/password; logon denied

Regards,
Sadiq

Reply
Sadiq says October 18, 2013

Hi Atul,
I did provide the password with -p kindly find the syntax below. Former post was a copy, paste error.

Correct Syntax Used:

MW_Home/oracle_common/common/bin/wlst.sh MW_Home/common/tools/configureSecurityStore.py -d MW_HOme/user_projects/domains/OIM_Test -c IAM -p password1 -m create

Is there anyways to retrieve the old password or change opss password.

Regards,
Sadiq

Reply
Atul Kumar says October 18, 2013

@ Sadiq,
You can chnage password of XXX_OPSS from DB SQL> alter user XXX_OPSS identified by ;

You must also change any passwords in JDBC (in weblogic console) related to OPSS

Reply
Sadiq says October 18, 2013

Thanks atul will try it out tonight and update the results.

Regards,
Sadiq

Reply
Sadiq says October 21, 2013

Hi Atul,
I was able to go beyond this error by resetting the password. However ran into a new one when configuring the security store.

Caused by: java.sql.SQLIntegrityConstraintViolationException:ORA-00001: unique constraint (DEV1_OPSS.IDX_JPS_RDN_PDN) violated

Followed metalink document 1547423.1 and did the following steps as suggested

Reinstall OAM as

1. Delete the Schemas using RCU.
2. Recreate the OAM schemas.
3. Reinstall the WLS and OAM software.
4. Run config.sh to create a new domain.
5. Run setDomainEnv.sh from user_projects/domains//bin
6. Run the configureSecurityStore.py from same window.

Still No go. Seems i have ran into a bug.16690836 with no solution or patches.

I am trying to install OIM on linux via virtual box. Any thoughts or work arounds????

Regards,
Sadiq

Reply
Atul Kumar says October 22, 2013

@ Sadiq,
This error means

1. You are not using same version of RCU as for IAM middleware
or
2. There are imcompatible software in MW_HOME (like IAM 11gR1 and R2 both in same middleware home)

Reply
Sadiq says October 23, 2013

Yup, Realized that. thanks atul. Downloading 11gr2 now.

Will keep posted.

Thanks once again.

Regards,
Sadiq

Reply
OIMBP says November 20, 2013

Hi Atul,

While installing OIM 11g R2 (infact while running config utility) getting below error : INST-6193: The attribute JpsContextName in MBean com.oracle.sdp.messaging:Location=soa_server1,name=ServerConfig

Have you by any chance had this issue? Appreciate if you can guide on resolving this…

Reply
    Atul Kumar says November 21, 2013

    @ OIMBP< Never, ensure that you have followed all the steps carefully . If this is still an issue then share which documentation you are following to install and configure OIM

    Reply
Piyush says January 2, 2014

We are trying to create attestation process in OIM 11gr2. the requirement is to run attestation on roles (to check who all are member of that particular role). Actually there are roles associated with each users which have to be reconciled from DB.(there are two tables in DB one with user detail and other child table contains role associated with each user). requirement is get get attestation reports based on roles.

Reply
sundas7 says May 5, 2014

Hi Experts,
I am trying to insatall OIM11Gr2 on my Windows 7 32 bit laptop( 4GB RAM).

I am able to install DB.However, I am trying to execute RCU and it gives me with the error:

This version \rcu_home\jdk\jre\bin\javaw.exe is not compatible with the version of Windows you are running.

I have confirmed JDK version is 1.7_55.

Can you please advice if OIM11gr2 can be installed only on Windows 64 bit and Not 32 bit?

thanks
sundas7

Reply
roni says July 24, 2014

Hello,

I am new to this , just finished the installation and configuration of Oracle Identity & Access Management (IDAM) 11gR2 , but when i am trying to access oam console using the below url it is showing page not found , but i can access oim admin and self service console, also can use opam console also .But only oam console page is not coming , can someone please help me .

http://sw007037:14100/oamconsle

Reply
Amar says October 6, 2014

HI All,

I am facing issue on upgrading OAM and OAAM domain to PS2.When I am able to install the binaries but after running the ./psa to upgrade the schema only OAM is getting upgraded but OAAM it is throwing below error .Please help

[ERROR] [upgrade.OAAM.OAAM1]OAAM_INCOMPATABLE_REPOSITORY

Thanks
Amar

Reply
Anil says October 18, 2014

Hi Atul,

I regularly Follow your posts, I was Integrating Oracle Access Manager with Oracle E-business Suite for this I have Installed Oracle Access Manager+ Oracle Internet Directory When After Testing the Webgate Registration when I am Accessing the OAMConsole Page it is giving me below,

“the policy store is not available please check log file”

Please provide me a helpful guideline.

Regards,
Anil

Reply
madhu says November 19, 2014

I want to upgrade weblogic 10.3.4 to 10.3.6 version, SOA 11.1.1.4 to 11.1.1.7,AIA 11.1.1.4 to 11.1.1.7 version,please tell me how to do these upgradation.

Reply
spyrus says December 13, 2014

I followed all the steps listed above but at 11. Configure OIM I am getting an error:

Error
Exception occured while encrypting the configuration and database

If I open the log file contains the following exception:

[2014-12-13T15:21:47.776+02:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000Kd3ngm55EgWVLyyGOA1KZ3lJ000003,0] [[
[OIM_CONFIG] Database Encrytion failed.
]]
[2014-12-13T15:21:47.776+02:00] [as] [ERROR] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000Kd3ngm55EgWVLyyGOA1KZ3lJ000003,0] Exception[[
java.lang.Exception: Exception occured while encrypting the configuration and database
at oracle.as.install.oim.config.util.EncryptConfigurationAndDB.encryptConfigurationAndDatbase(EncryptConfigurationAndDB.java:240)

Reply
Dave says June 12, 2015

Hi guys,

I’ve successfully installed OAM 11gR2. I can startup Admin Svr for Weblogic without issue and able to access /oamconsole. However, on starting up ManagedOAMServer the /oamconsole goes into Error 404 Page not found. What am I missing here ?

Pls advise. Thanks a lot.

Regards,
Dave

Reply
    Atul Kumar says June 16, 2015

    @Dave,
    When you start MAnaged Server , oamconsole login page is redirected to OAM login page . Can you check if there is any error in OAM managed server log file.

    Reply
Amar says June 18, 2015

Hi Dave,

Login to Weblogic console and check the oam application status. If its in failed state try activating the application and tail the logs for the Error .

Thanks
Amar

Reply
Hoby says May 31, 2016

Good Morning M. Kamar,
I’m installing IDAM. I installed the database 11gR2, the schemas using RCU, the weblogic server 10.3.6, the soa suite and OIM suite. I created a domain for IDAM (and SOA included) but when I start the server, the script startweblogic.cmd exit after a few seconds. Would you know what is the problem please?Thank you in advance

Reply
Add Your Reply