Archive Monthly Archives: September 2012

“Failed to modify policy! : The subject field in a rule cannot be longer than 2000 characters” error while importing OES policies in 10g

The requirement is to add an authorization policy for permissions (containing Roles + LDAP Groups) for a resource against an action. I have exported the policy XML from the OES using policyIX.sh and tried updating the authorization policy. The ATZ policy XML block will be as shown below: <xb:authorization_policy_entry> <xb:policy_effect value=”grant”/> <xb:policy_actions> <xb:policy_action_entry value=”MyAction”/> </xb:policy_actions> […]

Read More

How to identify which LDAP (OID/AD/OVD) server OAM 11g connects to and as what user ?

. . OAM 11g identity store is covered in my book and this post covers steps to find what identity store (OID, OVD, AD or other LDAP Server) configured with OAM and what user OAM uses to connect to User Store (LDAP Server). When you try to login to OAM server using username/password, OAM collects this […]

Read More

OAAM KBA : Option to configure Registration Logic is missing

  Knowledge Based Authentication (KBA) is a feature available in Oracle Adaptive Access Manager (OAAM) that provides rich set of challenge questions, logic behind presenting those questions to user, and validating answers. To know more about KBA in OAAM click here  and  here . 1. KBA can be used as a) First Authentication for forgot password use case […]

Read More

Weekend Batch – Online Oracle Apps DBA R12 Training by industry experts – 30th Sept 2012

Join now to reap the benefits of Oracle Apps DBA R12 Training which is constantly in great demand. This is a course tailor made for you keeping in mind the latest in the world of Oracle.   Why this training is important? Our training offers hands-on exercises on day-to-day Apps DBA activities such as Installation, Patching, Cloning etc. We […]

Read More

OIM-OAM-OAAM integration – Account Lockout in OAM obLoginTryCount , oblockouttime, MaxRetryLimit

When you integrate OIM with OAM (and optionally OAAM) then user logon to OIM via OAM is locked by OAM after 5 continuous failed attempts. This post covers what happens behind the scene, how account lockout happens in OAM and how to unlock this. Note: When an account gets locked in OAM (via attribute obLogintryCount […]

Read More

“ObAccessException_ENGINE_DOWN” : WebGate Certificate expired

One of our client environments had OAM setup since couple of years and we saw the below error all of a sudden and all the authentication/authorization requests of a specific access gate has stopped working. 2012/09/17@19:11:15.602601    16038    1000059    CONNECTIVITY    DEBUG3    0x00000201    /export/t3array/build6/Oblix/coreidport/palantir/netlib/src/obmessagechannel.cpp:601    “Received NMP STS negotiation ”    _seqno^0    _opcode^0    _opcodeStr^ServerDiagnosticEvent    Message^sts=cert     2012/09/17@19:11:15.992267    16038    68   […]

Read More

OIM-OAM-OAAM integration using TAP – Request Flow you must understand !!

This post cover key points and request flow that you must understand when integrating three Oracle Identity Management product OIM, OAM, and OAAM a) OIM – Oracle Identity Manager b) OAM – Oracle Access Manager c) OAAM – Oracle Adaptive Access Manager For an overview of features available by integrating OIM, OAM, and OAAM click […]

Read More

Forgot Password link on OAM Login Page

  When you integrate OAM with OIM (more here ), You see three links “Forgot Password” , “Register New Account” , and “Track User Registration” .   Where is this configuration stored and how to change Forgot Password link to some other password management application ?   These links are defied in OAM configuration file i.e. $DOMAIN_HOME/config/fmwconfig/oam-config.xml […]

Read More

How to find Oracle Identity Analytics (OIA – RBACX) version

Oracle Identity Analytics (OIA) earlier Sun Role Manager (SRM) provides ability to define and manage roles and automate identity based controls. OIA also provides Attestation and SoD (Segregation of Duties). For list of OIA features click here This post covers steps to find version of OIA installed on system. Note: Latest version of OIA is […]

Read More

Policies import failed in OES 10g

I have created an XML for various OES elements such as Actions/Resources/Roles/RolePolicies/Authorization Policies. What is already existing in OES ? Application is created through OES Admin console and the necessary identities such as groups/users are added in OES console (choose ASI console). Importing policies: $ ./policyIX.sh -import -disableTransaction ../config/App_policyIX_config.xml  App_Policies.xml Error in command output: Uploading […]

Read More
Not found