Part IX : Install OAM Agent – 11g WebGate with OAM 11g

This is part IX of step by step installation of Oracle Identity Management (OAM, OIM, OAAM, OAPM & OIN) which covers configuring  WebGate for Oracle Access Manager 11.1.1.3.0 .

  • For Part I Download Software and create Schema click here
  • For Part II Install WebLogic Server 10.3.3  click here
  • For Part III Install SOA Server and Upgrade to 11.1.1.3 click here
  • For Part IV Install IDAM 11.1.1.3 click here
  • For Part V Create Domain for OIM, OAM, OAAM, OAPM & OIN click here
  • For Part VI Configure Identity Manager click here
  • For Part VII Install & Configure OIM Design Console click here
  • For Part VIII Configure LDAP Sync with OIM 11g click here (Optional – Required only for OAM-OIM Integration)

In this post I am going to show how to install 11g WebGate for Oracle HTTP Server (OHS) 11g with OAM 11g server.

OAM WebGate :  also known as AccessGate (in 10g) or OAM Agent (in 11g) is a Web Server Plug-in installed with WebServer (OHS, IIS, Apache, IBM WebServer) and communicates with Oracle Access Manager Server (Access Server in OAM10g). When user access a resource protected by Oracle Access Manager (OAM) then WebGate communicate with OAM to find how resource is protected and ask user to provide credential based on Authentication Policy set for resource.  For Request flow for WebGate check my earlier post here . For overview of Agents in OAM 11g (OAM Agents & OSSO Agent) click here

Note: WebGate of version 10g or 11g is certified with OAM 11g.

.

High level installation/configuration step  points for OAM 11g/10g WebGate

1. Ensure that WebServer is already installed for which you wish to install/configure WebGate.

2. Download WebGate for your WebServer. Download latest WebGate wherever applicable (For OHS 11g use 11g WebGate, for OHS 10g, IHS, IIS, Apache use 10.1.4.3 webgate).

3. Create instance of WebGate on OAM server (This can be done either by GUI or Command line) a.k.a. Provisioning WebGate .
a) GUI using OAM Administration Console.
b) Command Line using Remote Registration Tool (RREG) – RREG is available in two modes (in-band or out-of-band) . More on Remote Registration Utility here

4. Install WebGate on machine where Web Server is running.

5. Configure Web Server to include WebGate configuration (adding webgate.conf in httpd.conf)

6. Copy artifacts/files created by WebGate registration (in step 3) to WebGate Instance directory (created in step 4 above).

7. Restart Web Server

8. Test WebGate installation.

.

Key points for OAM 11g WebGate Installation

1. Currently (as of 3rd Jan 2011) 11g WebGate is available for Oracle HTTP Server 11g only. If you wish to configure WebGate for OHS 10g, IIS (Microsoft),  IHS (IBM HTTP Server) or Apache HTTP Server then user 10g WebGate for OAM 11g.

2. An Instance of WebGate must be created on OAM Server (aka Provisioning Agent) which can be either done via Graphical Tool (OAM Administration Console) or Command Line tool (Remote Registration Tool – RREG)

3. Remote Registration Tool (RREG) can be run in two modes i.e. in-band mode or out-of-band mode. In-Band mode is used where WebServer/WebGate and OAM server are managed by same team where as Out-of-band mode is used where WebServer/WebGate is managed by one team and OAM server is managed by different team.

4. 11g WebGate requires JRE 1.6 , use JDK 1.6 shipped with OHS 11g to install 11g WebGate.

5. WebGate on Unix/Linux machine requires compatible GCC which can be downloaded from here  (under GCC Libraries for Oracle Identity Federation)
.

.

WebGate (10g/11g) Installation Steps with OAM 11g

1. Download WebGate 11g from here  under “Oracle Access Manager WebGates (11.1.1.3.0)“. For 10g WebGate download them from  here  under “Oracle Access Manager 10g – non OHS11g Webgates and 3rd Party Integrations

2. Register WebGate with OAM Server using Remote Registration Tool in inband mode
2.1 cd $ORACLE_HOME/oam/server/rreg
2.2 set OAM_REG_HOME (to above directory) and JDK_HOME in oamreg.sh
2.3 Update serverAddress, agentBaseURL, agentName, HostIdentifier & applicationDomain in  $ORACLE_HOME/oam/server/rreg/input/OAM11GRequest.xml (For 10g WebGate update OAMRequest.xml )
2.4 cd $ORACLE_HOME/oam/server/rreg/bin/
2.5 ./oamreg.sh inband input/OAM11GRequest.xml   (This command will create an instance of 11gWebGate in OAM Sever and generate OAM WebGate artifacts in $ORACLE_HOME/oam/server/rreg/output)

 

. 3. Install OAM 11g WebGate for OHS 11g using

setup.exe -jreLoc <1.6_JRE_Location>  (For Windows)
runInstaller -jreLoc <1.6_JRE_Location>  (For Unix)

Enter Middleware Home and Oracle Home directory for WebGate installation.

.

4. Configure OAM 11g WebGate with OHS Instance.

4.1 cd $Webgate_Oracle_Home/webgate/ohs/tools/deployWebGate

4.2  deployWebgateInstance.sh|bat -w $Webgate_Instance_Directory -oh $Webgate_Oracle_Home (This command will copy files from WebGate software location to OHS instance directory)

where
WebGate_Instance_Directoryis OHS Instance Directory (default location is $ORACLE_HTTP_SERVER/ instance/ instance1/ config/ OHS/ ohs1) and

Webgate_Oracle_Home is directory in which Webgate is installed during WebGate installation screen above

 

4.3 Include OHS library files in to LD_LIBRARY_PATH as

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:<Oracle_Home_for_Oracle_HTTP_Server>/lib

4.4 Update httpd.conf of OHS

cd $Webgate_Oracle_Home/webgate/ohs/tools/setup/InstallTools
EditHttpConf -w $Webgate_Instance_Directory [-oh $Webgate_Oracle_Home>] [-o $output_file]

.

4.5 Copy files generated in step 2.5 from $ORACLE_HOME/oam/server/rreg/output/[Agent_Name] to $WEBGATE_INSTANCE_DIR/webgate/config (For OHS 11g location is $MW_HOME/Oracle_WT1/instances/instance1/config/OHS/ohs1/webgate/config)

5. Restart Oracle HTTP Server (OHS)
5.1 $ORACLE_HOME_for_OHS11g/instances/instance1/bin/opmnctl stopall
5.2 $ORACLE_HOME_for_OHS11g/instances/instance1/bin/opmnctl startall

6. Test WebGate Installation
6.1 Try accessing OHS 11g root page and it should redirect to OAM Single Sign-On Login page.

.

About the Author Masroof Ahmad

Leave a Comment:

134 comments
elkouz says May 12, 2011

Dear Atul,
I ve been working on the implementation of the above senario as part of a test case I am working on.
I reached this point:

4.3 Include OHS library files in to LD_LIBRARY_PATH as
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/lib

It doesnt seem to be clear for me wheather this is a comand that I have to write and if so to which directory should I navigate to before runing it.

Many Thanks in advance Mr. Atul

Reply
Atul Kumar says May 12, 2011

When you run EditHttpConf command at that time your LD_LIBRARY_PATH should also include OHS library ($OHS_ORACLE_HOME/lib)

which means that just before running above command run echo $LD_LIBRARY_PATH (Unix)

or echo %LD_LIBRARY_PATH% (Windows)

and lib directory of OHS ORACLE_HOME should also be displayed as part of this output.

Reply
OAM 11g Agent Registration | sandeepb4u says May 16, 2011

[…] Part IX : Install OAM Agent – 11g WebGate with OAM 11g […]

Reply
» OAM WebGate Registration RREG - Resource URL format is not valid Online Apps DBA: One Stop Shop for Apps DBA’s says June 10, 2011

[…] I also discussed about OAM 11g WebGate (10g or 11g) registration using RREG here […]

Reply
Ramasamy says August 3, 2011

Atul,

Since Webgate 11g (11.1.1.3) will have to be installed in OHS, do we need a separate OH for Webgate 11g (for example OAMWebGate1)? Or can we use the OHS’s OH?

– Ramasamy

Reply
Atul Kumar says August 4, 2011

@ Ramasamy,
Yes 11g webgate must be installed under separate OH but under same Middleware Home (MW_HOME) in which OHS 11g Oracle Home exists.

Reply
Ramasamy says August 28, 2011

Atul,

We are trying to install 10g WebGate in OAM 11.1.13.. When I run the oamreg.sh, I am getting the following error:

Aug 28, 2011 1:34:28 AM oracle.security.am.engines.rreg.client.RegClient main
SEVERE: Exception encountered: RemoteAgentRegistrationException. Specific exception:HTTP Post Method failed: HTTP/1.1 500 Internal Server Error oracle.security.am.engines.rreg.common.RemoteAgentRegistrationException: HTTP Post Method failed: HTTP/1.1 500 Internal Server Error
$

But I noticed from the oamconsole, I could see the Agent Name under Policy configuration tab, but I am not seeing anything under System Configuration tab…

Any ideas?

Thanks
Ramasamy

Reply
aengineer says October 17, 2011

Hi,

Is there any capability within OAM or within the webgates to apply some sort of content filtering rules? For example, we have been told that some webgates support the ability to deny the request if the payload is more than N characters, or if someone is trying to “inject SQL” into the OAM server, etc.

The reason I ask this is because the current OAM design requires you to expose your OAM servers to the internet if you want to protect public facing sites. And this leaves open the possibility that someone could submit any data as part of the form POST to auth_cred_submit. We see this as a security risk and would like to prevent it.

Thanks
Aspi Engineer
Putnam Investments

Reply
oamadminuser says November 17, 2011

Help; After installing WLS 10.3.5,OAM,OHS, Webgate, Access Gate – all 11g – my R12.1.3 mid tier is redirecting user logins to ebsauth_/ssologin. That gets error 404 from the OHS.
What is this ssologin? Shouldn’t R12 redirect to OAMLogin.jsp? Any help appreciated.

Reply
Atul Kumar says November 17, 2011

@ oamadminuser

What is value of profile option “Application Authentication Agent” in EBS R12 ?

Reply
oamadminuser says November 17, 2011

Hi Atul, Application Authentication Agent is set to http://:7777/ebsauth_/

It is appending ssologin to the end of that url (as seen by trying various other values of Apps Auth Agent). But OHS does not know what to do with it.

I am using 11g webgate, as also approved and described in 1309013.1 MOS note.

I also see DENY entries in OAM log.

Very interesting problem!
Thanks,

Reply
oamadminuser says November 18, 2011

That profile option should read: Application Authentication Agent is set to http://:7777/ebsauth_DATABASE_TWO_TASK/

Reply
venkyd1985 says January 24, 2012

HI Atul,

I have followed your document, i was able to protect the Oracle HTTP server with OAM successfully. when i tried to access the http://:7777 it was re-directing to the OAM login page, but after the successful login into the OAM the page was not directing back to the HTTP server again, it displaying error page not found but i can see the url as http://:7777 in the browser. Can you help me out what i have missed here… or i need to any more….

Reply
Atul Kumar says January 25, 2012

@ venkyd1985,
It could be just because /index.html is protected (by default with webgate 11g everything is protected)

Define public policy for resource /index.html as public in both authentication and authorization policies (How to define policies is in my Book OAM/OIM 11g for administrators and also in Oracle Guides)

Reply
Oam_Admin1 says January 31, 2012

Hi ,

i am trying the OAM/OIM integration. I have installed and configured oam, soa, oim serverrs in one domain, configured PIm with ldap sync enabled.

Now trying to run the command :-
idmConfigTool –configOAM input_file=propertiesFile

But getting one error :-
======================

bash-3.2$ ./idmConfigTool.sh -configOAM input_file=OAMconfigPropertyFile
Enter ID Store Bind DN password :
Enter User Password for WLSPASSWD:
Confirm User Password for WLSPASSWD:
Enter User Password for OAM11G_OIM_WEBGATE_PASSWD:
Confirm User Password for OAM11G_OIM_WEBGATE_PASSWD:
Enter User Password for IDSTORE_PWD_OAMSOFTWAREUSER:
Confirm User Password for IDSTORE_PWD_OAMSOFTWAREUSER:
Enter User Password for IDSTORE_PWD_OAMADMINUSER:
Confirm User Password for IDSTORE_PWD_OAMADMINUSER:
java.lang.NullPointerException
at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.configOAM11gIdStore(OAM11gIntegrationHandler.java:352)
at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.execute(OAM11gIntegrationHandler.java:696)
at oracle.idm.automation.AutomationTool.configOAM(AutomationTool.java:593)
at oracle.idm.automation.AutomationTool.parseCmdLine(AutomationTool.java:218)
at oracle.idm.automation.AutomationTool.main(AutomationTool.java:132)
There were errors found. Details have been logged to automation.log
======================

From automation.log:- i got :-
(11:44:16 AM) : Jan 30, 2012 10:07:35 PM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOAM11gIdStore
SEVERE: Error while configuring webgate and domain
java.lang.NullPointerException
at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.configOAM11gIdStore(OAM11gIntegrationHandler.java:368)
at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.execute(OAM11gIntegrationHandler.java:696)

Please suggest .

Reply
Oam_Admin1 says January 31, 2012

correcting the typo error in my second line :-

============
configured OIM with ldap sync enabled.
============

Thanks.

Reply
Atul Kumar says January 31, 2012

@ Oam_Admin1,
What is value of JAVA_HOME, JDK version , ORACLE_HOME and other environment variable ?

Did other idmConfigTool complete successfully ?

Reply
» Integrate E-Business Suite with Oracle WebCenter (11.1.1.5) using OID and OAM (11g) as SSO Online Apps DBA: One Stop Shop for Apps DBA’s says February 15, 2012

[…] 4.5 Install WebGate on OHS server. More on RREG and installing WebGate here […]

Reply
» EditHttpConf error during WebGate 11g Installation on IBM AIX Online Apps DBA: One Stop Shop for Apps DBA’s says February 28, 2012

[…] on IBM AIX Posted in February 28th, 2012 byAtul Kumar in oam  Print This Post On WebGate 11g Installation (WebGate is Policy Enforcement Point installed with Web Server), as per Oracle […]

Reply
» How to find Webgate 10g/11g Version and Patches Applied Online Apps DBA: One Stop Shop for Apps DBA’s says March 13, 2012

[…] know more about WebGate click here, here, here, […]

Reply
avinash says April 10, 2012

Hi,

I am trying to remotely register the webgate with OAM server but there seems to be some issue. Heres what I am getting :

Exception in thread “main” java.lang.NoClassDefFoundError: oracle/security/am/en
gines/rreg/client/RegClient
Caused by: java.lang.ClassNotFoundException: oracle.security.am.engines.rreg.cli
ent.RegClient
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
Could not find the main class: oracle.security.am.engines.rreg.client.RegClient.
Program will exit.

My OAM_REG_HOME is set to \oam\server\rreg dierctory at oamreg.bat file

Reply
Atul Kumar says April 10, 2012

@ avinash,
This error means classpath is missing required java classes required to register webgate.

Are you running rreg from OAM host or different host ?

Which java version you are using ?

java -version
which java

Reply
avinash says April 10, 2012

Thanks for the prompt response Atul..

Java Version is :

java version “1.6.0_18”
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode)

I am running it from the OAM Host itself.

Enviromnet Variable settisgs are as follows :

Classpath = C:\Oracle\Middleware\jdk160_18\bin
JAVA_HOME = C:\Oracle\Middleware\jdk160_18

Reply
Damon says June 6, 2012

hi avinash ,i face the same problem ,do you have solve this issue? thank you!!!

Reply
Atul Kumar says June 6, 2012

@ Damon, Avinash,
Are you running this from OAM host (machine on which OAM is installed and configured) or from some other host (connected to OAM server remotely)

Reply
ratheesh.nan says June 7, 2012

Hi,

Me too getting this error; would like to know if somebody has succeeded in resolving this!

Thanks in advance,

Regards,
Ratheesh

Reply
Damon says June 7, 2012

i solved the problem, i set my Enviromnet Variable as :
JAVA_HOME=E:\Oracle\Middleware\jdk160_24
OAM_REG_HOME=E:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg
Edit oamreg.bat
REM set OAM_REG_HOME=”D:\Remote Registration\RREG client kit\rreg”
Then i run oamreg.bat,everything is OK!

Reply
Dheeraj says July 13, 2012

I want to install Oracle 11g Webgate with 11g OAM on a IIS web-server.
Can you help in this. I googled it and seems there is no support to install 11g web-gate on IIS.

Reply
Dheeraj says July 16, 2012

Hi
I was trying to install the web-gate 10g to be worked with OAM 11g.
I created a web-gate 10g agent in OAM admin console window
On the web-server I installed web-gate as well.
I also copied OAAccessClient from OAM console to web-gate web-server location.

When after the installation, I am hitting my URL, it says:
“HTTP Error 404 – 404 Not Found

The Web server cannot find the file or script you asked for. Please check the URL to ensure that the path is correct”

In eventviewer it says “Oblix System Logger Initialized”.
In the log files it says “ould not read file”filename^oblix/config/oblog_config.xml”. I googled this problem but on .Net i found this message is not the actual message.

Can you suggest me what wrong might be the possible problem.

Reply
    Atul Kumar says July 16, 2012

    @ Dheeraj,
    What URL is this that results in page not found ?

    Try disabling webgate from httpd.conf by commenting entries by webgate (in the end of httpd.conf) and see if you can still access URL via OHS .

    Reply
Dheeraj says July 16, 2012

I should have mentioned in last post only that I am using IIS.
This URL is of my web-site I want to protect under OAM.
When disabling the web-gate at IIS, it works fine.(becuse in that case, it does not initiliaze anything related to OAM or web-gate).

Reply
    Atul Kumar says July 18, 2012

    Please update steps followed to configure webgate with IIS, which version of IIS is this ?

    Reply
Dheeraj says July 18, 2012

I am using IIS7 server.

I got the clue of this error message. This was coming because in the access agent configurations, “Deny on not protected” was ticked. When I unticked this,checkbox the error got disappeared.
However now I am struggling with the policy creation.
Whenever I hit my page, inspite showing the sso login page, it show me my site home page.While as per the protection policy it should have shown the sso login page.
I am using “/../*” or /* notation. but still getting my home page.

Reply
Atul Kumar says July 18, 2012

@ Dheeraj,
Try with three dots /…/* in place of two DOTS

Reply
Kumar says July 18, 2012

Hi
I just installed OAM and then tried to login into OAM CONSOLE, i am not able to login. No error, but the same Login screen comes back. When i checked the log

[2012-07-18T14:14:14.509-04:00] [AdminServer] [ERROR] [OAMSSA-20005] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000JYRJ1v^EWNW3tz^er11G1ikT00001F,0] [APP: oam_admin#11.1.1.3.0] [dcid: a827fbd0cee0501e:41979a37:1389b0d9163:-8000-0000000000000070] [arg: null] Error initializing User/Role API : null.
[2012-07-18T14:14:14.509-04:00] [AdminServer] [WARNING] [OAMSSA-20007] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000JYRJ1v^EWNW3tz^er11G1ikT00001F,0] [APP: oam_admin#11.1.1.3.0] [dcid: a827fbd0cee0501e:41979a37:1389b0d9163:-8000-0000000000000070] [arg: Error initializing User/Role API : null.] Unable to connect to the User Store. User Store may not be initialized : Error initializing User/Role API : null..
[2012-07-18T14:14:14.510-04:00] [AdminServer] [ERROR] [OAM-400016] [oracle.oam.admin.console.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000JYRJ1v^EWNW3tz^er11G1ikT00001F,0] [APP: oam_admin#11.1.1.3.0] [dcid: a827fbd0cee0501e:41979a37:1389b0d9163:-8000-0000000000000070] Failed to authenticate the user[[

Could you help me to fix it.

Reply
Atul Kumar says July 18, 2012

@ Kumar ,
what user you are using ? what URL you are using to login ? Is OAM integrated with OID for authentication ? Which document you used to install and configure OAM ?

Reply
Manju says July 22, 2012

Hi Atul,
I am getting same error as Kumar –
Unable to connect to the User Store. User Store may not be initialized : Error initializing User/Role API : null..

I followed the steps given in your tutorials. (I am using wls10.3.3, soa,OAM 11.1.1.3)

When I looked in oam-config.xml, the ldap entry is incorrect. could it be the reason?

Reply
    Atul Kumar says July 22, 2012

    @ Manju,
    Yes, this is the reason for error message you are hitting .

    Reply
Manju says July 23, 2012

@Atul,
Unfortunatly I wasn’t able to fix the issue. I am getting
Exception in decryption
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)

That is probably because of the AES encrypted password.

Can you please let me know why it is not being auto configured.

Also,
I have installed OID in a different machine, If I sync OAM with the OID(after I login to OAM), will oblix attributes/objects get created in OID ? The only reason I am trying to install OAM is to resolve “Failed to find obpasswordexpirydate in mandatory or optional attribute list. ” error. I have tried to import them manually, which it does succesfully. But when I try to import my ldif file, it throws the error mentioned before.

Any help would be great.

Reply
Atul Kumar says July 23, 2012

@ Manju,
Which document you are using ? Follow enterprise deployment guide if possible

Reply
venkat28 says August 15, 2012

Hello Atul;

I am newbie in OAM. I was trying to configure webgate for OHS through OAM. When I try to run the following command (inband registration) I am getting an error. Can you please help me with this.

./bin/oamreg.sh inband input/OAMllGRequest.xml

Error Message:

oracle.security.am.engines.rreg.client.RegController processRegist ration
SEVERE: Server side error occurred. Specific error messages are:Create policy re
source exception. Resource type must not be null. URI=/
The remote registration process did not succeed Please find the specific error
message below.
Error message passed from server is:Create policy resource exception. Resource t
ype must not be null. URI=/
oracle.security.am.engines. rreg.client.RegClient main
SEVERE: Exception encountered: RemoteAgentRegistrationException. Specific except
ion:Error message passed from server is:Create policy resource exception. Resour
ce type must not be null. URI=/oracle.security.am.engines.rreg.common.RemoteAge
ntRegistrationException: Error message passed from server is:Create policy resou
rce exception. Resource type must not be null. URI=/

Reply
    Atul Kumar says August 15, 2012

    @ venkat28,
    It looks like resources mentioned in OAMllGRequest.xml are not correct, Share content of this file.

    Reply
venkat28 says August 15, 2012

Hello Atul:

Here’s my OAM11GRequest.xml file

http://:7001/serverAddress&gt;
RREG_OHSHostId11g
RREG_OAMOAM11G
http://:80
false

host1
7777

Reply
venkat28 says August 15, 2012

Hello Atul:

Here’s my OAM11GRequest.xml file

http://:7001
RREG_OHSHostId11g
RREG_OAMOAM11G
http://:80
false

host1
7777

Reply
    Atul Kumar says August 15, 2012

    Upload it to google doc or some other place as XML tags are not displayed correctly here

    Reply
venkat28 says August 15, 2012

Hello Atul:

I re-installed the OAM Server and I was able to get through the installation successfully.

But after that when I try to view the OHS link (http://localhost:80), I get the following error.

The browser says ” OAM Operation Error. The Web gate plug-in is unable to contact any Access servers.”

The error message thrown in the console is:

ACCESS GATE FATAL 0x00001520 /adefaime_h0025/ngamac/src/palantir/webgate2/src/apache

2entry_web_gate.cpp:591 “Exception thrown during WebGate initialization”

ACCESS_GATE FATAL 0x0000 182C /ade/aime_h0025/ngamac/src/palantir/webgate2/src/apache
2entry_web_gate.cpp:592 “The AccessGate is unable to contact any Access Servers
raw_code”301

Can you please help with this?

Reply
ChuLy says August 27, 2012

Hello Atul,

I have followed your document, i was unable to protect the Oracle HTTP server with OAM successfully.

I stuck at step 2. Register WebGate with OAM Server.

Could u provide more details in case default configuration with Oracle HTTP server and OAM are on single host?

Reply
    Atul Kumar says August 28, 2012

    @ Chuly,
    I am assuming that you are installing 11g R1 (11.1.1.5) WebGate, Did you follow steps mentioned here ? what issue you are hitting during webgate installation and configuration ?

    Reply
ChuLy says August 29, 2012

Hi Kumar,

I have create a default configuration webgate A on server OAM (server A) successfully.

I also create another default configuration webgate B on the server B. And 2 webgate are SSO with an OID user: http://A:7777, http://B:7777.

My matter at this moment is the Logout URL. I configure both Logout URL of 2 webgate agents is: /logout.html. But both website http://A:7777 and http://B:7777 only logout and redirect when i click the URL:
http://A:7777/logout.html. If i use http://B:7777/logout.html, the website shows Page not found.

Reply
ChuLy says August 29, 2012

Hi Kumar,

I got another critical problem. That is when i login or logout from http://A:7777 and http://B:7777. The http://A:7002/oamconsole is also login and logout. Even when the user to logging in to http://A:7777 and http://B:7777 is orcladmin user from OID and user to logging in http://A:7002/oamconsole is weblogic.

Please help me solving this problem!!!

Reply
    Atul Kumar says August 30, 2012

    @ ChuLy,
    This is expected behaviour if all three apps (including OAMCONSOLE) are protected by same SSO (OAM) server and user is using same browser. Use two different browser like IE and Firefox if you want to login or logout from two application (protected by same SSO) using same PC.

    Reply
Vivek Sharma says October 11, 2012

Hi Atul,

I bought your book from OnlineAppsDBA and am on Page 121 of the eBook. I am running into issues installing WebGate 10g, where it is not able to talk to OAM Managed Server, whereas the Managed Server is up!

Thanks
Vivek

Reply
Atul Kumar says October 11, 2012

@ Vivek,
Check if

1. There are any errors in OAM managed servers logs
2. Check from weblogic console that OAM_SERVER application is in state active
3. Check if OAM access server is listening on port 5575 (netstat -an | grep 5575 LISTEN )

Atul

Reply
Vivek Sharma says October 11, 2012

Thanks Atul for the response!
Actually I was working on another project in parallel and there the my domain was marketsphere.com, whereas this server the domain was marketsphereconsulting.com. So I had a mixup odf domain I was providing the installer. When I corrected that, I could proceed further.
Your help is very much appreciated!

Thanks a lot

Vivek

Reply
Vivek Sharma says October 12, 2012

Hi Atul,

I bought your book from OnlineAppsDBA and am on Page 133 of the eBook. I am confused what the value of this port should be?
Listen Port: 8602

Is this the port that the EBS listens on, or just an arbitrary port for this managed server?

Thanks for your help!
Vivek

Reply
Atul Kumar says October 12, 2012

@ Vivek,
This is just an arbitrary port for this managed server. If you choose a differnet port then change 8602 in eBook to this new port that you use.

Reply
Vivek Sharma says October 15, 2012

Hi Atul,

I bought your book from OnlineAppsDBA.com and am on page 137, executing the ant script ant -f txkEBSAuth.xml to create data source. I am getting the following error.
Buildfile: txkEBSAuth.xml
[taskdef] Could not load definitions from resource net/sf/antcontrib/antcontrib.properties. It could not be found.

findOS:

getServerDetails:
[input] skipping input as property wlshosturl has already been set.

BUILD FAILED
/u01/sso/Middleware/appsutil/accessgate/OBA1S/txkEBSAuth.xml:62: Could not create task or type of type: if.

Ant could not find the task or a class this task relies upon.

This is common and has a number of causes; the usual
solutions are to read the manual pages then download and
install needed JAR files, or fix the build file:
– You have misspelt ‘if’.
Fix: check your spelling.
– The task needs an external JAR file to execute
and this is not found at the right place in the classpath.
Fix: check the documentation for dependencies.
Fix: declare the task.
– The task is an Ant optional task and the JAR file and/or libraries
implementing the functionality were not found at the time you
yourself built your installation of Ant from the Ant sources.
Fix: Look in the ANT_HOME/lib for the ‘ant-‘ JAR corresponding to the
task and make sure it contains more than merely a META-INF/MANIFEST.MF.
If all it contains is the manifest, then rebuild Ant with the needed
libraries present in ${ant.home}/lib/optional/ , or alternatively,
download a pre-built release version from apache.org
– The build file was written for a later version of Ant
Fix: upgrade to at least the latest release version of Ant
– The task is not an Ant core or optional task
and needs to be declared using .
– You are attempting to use a task defined using
or but have spelt wrong or not
defined it at the point of use

Remember that for JAR files to be visible to Ant tasks implemented
in ANT_HOME/lib, the files must be in the same directory or on the
classpath

Please neither file bug reports on this problem, nor email the
Ant mailing lists, until all of these causes have been explored,
as this is not an Ant bug.

Total time: 0 seconds

Reply
Vivek Sharma says October 15, 2012

Actually I could proceed by fixing some paths, but I get another error
[wlst] once the activation is completed.
[wlst] ************************************************************************
[wlst] ERROR: Error encountered while activating the changes.
[wlst] Canceling the edit session.
[wlst] ************************************************************************
[wlst] Discarded all your changes successfully.
[wlst] This Exception occurred at Mon Oct 15 13:47:54 CDT 2012.
[wlst] weblogic.application.ModuleException:
[wlst] at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:302)
[wlst] at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
[wlst] at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:518)
[wlst] at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
[wlst] at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
[wlst] at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:47)
[wlst] at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:614)
[wlst] at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
[wlst] at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:184)
[wlst] at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:43)
[wlst] at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
[wlst] at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
[wlst] at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:208)
[wlst] at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98)
[wlst] at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:217)
[wlst] at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:749)
[wlst] at weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1216)
[wlst] at weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:218)
[wlst] at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:160)
[wlst] at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:171)
[wlst] at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.prepare(DeploymentReceiverCallbackDeliverer.java:41)
[wlst] at weblogic.deploy.service.internal.statemachines.targetserver.AwaitingContextUpdateCompletion.callDeploymentReceivers(AwaitingContextUpdateCompletion.java:164)
[wlst] at weblogic.deploy.service.internal.statemachines.targetserver.AwaitingContextUpdateCompletion.handleContextUpdateSuccess(AwaitingContextUpdateCompletion.java:66)
[wlst] at weblogic.deploy.service.internal.statemachines.targetserver.AwaitingContextUpdateCompletion.contextUpdated(AwaitingContextUpdateCompletion.java:32)
[wlst] at weblogic.deploy.service.internal.targetserver.TargetDeploymentService.notifyContextUpdated(TargetDeploymentService.java:225)
[wlst] at weblogic.deploy.service.internal.DeploymentService$1.run(DeploymentService.java:190)
[wlst] at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
[wlst] at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
[wlst] at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
[wlst] Caused by: weblogic.common.resourcepool.ResourceSystemException:
[wlst] Could not connect to ‘oracle.apps.fnd.ext.jdbc.datasource.AppsDataSource’.
[wlst] The returned message is: ORA-01017: invalid username/password; logon denied
[wlst] It is likely that the login or password is not valid.
[wlst] It is also possible that something else is invalid in
[wlst] the configuration or that the database is not available.
[wlst] at weblogic.jdbc.common.internal.JDBCUtil.parseException(JDBCUtil.java:301)
[wlst] at weblogic.jdbc.common.internal.PooledConnectionEnvFactory.makeConnection(PooledConnectionEnvFactory.java:313)
[wlst] at weblogic.jdbc.common.internal.PooledConnectionEnvFactory.createResource(PooledConnectionEnvFactory.java:97)
[wlst] at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1249)
[wlst] at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1166)
[wlst] at weblogic.common.resourcepool.ResourcePoolImpl.start(ResourcePoolImpl.java:249)
[wlst] at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1155)
[wlst] at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:154)
[wlst] at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:455)
[wlst] at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:372)
[wlst] at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:255)
[wlst] Traceback (innermost last):
[wlst] File “/tmp/wlsttempfile89327382.py”, line 125, in ?
[wlst] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[wlst] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
[wlst] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
[wlst] at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
[wlst]
[wlst] java.lang.Exception: java.lang.Exception: Error encountered while activating the changes
[wlst]
[wlst] Exception in thread “Main Thread” java.lang.IllegalStateException: Traceback (innermost last):
[wlst] File “/tmp/wlsttempfile89327382.py”, line 125, in ?
[wlst] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[wlst] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
[wlst] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
[wlst] at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
[wlst]
[wlst] java.lang.Exception: java.lang.Exception: Error encountered while activating the changes
[wlst]
[wlst] at weblogic.management.scripting.WLSTInterpreterInvoker.printError(WLSTInterpreterInvoker.java:110)
[wlst] at weblogic.management.scripting.WLSTInterpreterInvoker.executePyScript(WLSTInterpreterInvoker.java:103)
[wlst] at weblogic.management.scripting.WLSTInterpreterInvoker.main(WLSTInterpreterInvoker.java:27)

BUILD FAILED
/u01/sso/Middleware/appsutil/accessgate/OBA1S/txkEBSAuth.xml:47: The following error occurred while executing this line:
/u01/sso/Middleware/appsutil/accessgate/OBA1S/txkEBSAuth.xml:408: Error Creating DataSource

Total time: 44 seconds

Reply
Vivek Sharma says October 15, 2012

Which username is is trying to access? As I set the password for ASADMIN as ASADMIN as was in the book!

Reply
Vivek Sharma says October 15, 2012

And I can logon as asadmin in EBS

Reply
Atul Kumar says October 15, 2012

@ Vivek Sharma

a) You copied fndext.jar file to the domain library and restarted the AdminServer after that

b) User ASADMIN has connect schema role assigend

c) Ensure that DBC file is correct

d) Ensure that SERVERID in dbc file is one exists in FND_NODES table in EBS under apps schema

e) If a-d are correct then try ASADMIN in upper case

Reply
Vivek Sharma says October 15, 2012

a-d were completed. Changing to upper case does not help.

The only thing that I am suspecting can be a problem, was when I created the DBC file on the EBS server, I used just node name, instead of fqdn, as fqdn was more than 30 characters for me and the fnd_nodes has a limit. I had an SR open with Oracle and they suggested, it would be fine like this for a data source. What is your opinion?
I used NODE_NAME=fusionidm, instead of fusionidm.marketsphereconsulting.com which was erroring the script java oracle.apps.fnd.security.AdminDesktop

Reply
Atul Kumar says October 15, 2012

@ Vivek,

NODE_NAME=fusionidm should be OK.

Paste content of your DBC file and output from FND_NODES table. Also update hostname of server where WebLogic Admin Server (one on which Access Gate is deployed) is running .

Reply
Vivek Sharma says October 15, 2012

Admin server is running on fusionidm.marketsphereconsulting.com

DBC:
[fmwidm@fusionidm OBA1S]$ more OBA1S_FUSIONIDM.dbc
#Desktop DB Settings
#Thu Oct 11 21:44:45 CDT 2012
FNDNAM=APPS
APPL_SERVER_ID=CBD3AA97FC0A8472E040A8C0B00A6B5324975527834015535318174214438204
APPS_JDBC_URL=jdbc\:oracle\:thin\:@(DESCRIPTION\=(ADDRESS_LIST\=(LOAD_BALANCE\=YES)(FAILOVER\=YES)(ADDRESS\=(PROTOCOL\=tcp)(HOST\=oba1s.marketsphere.com)(PORT\=1526)))(CONNECT_DATA\=(SERVICE_NAME\=
OBA1S)))
GWYUID=APPLSYSPUB/PUB

FND_NODES:
NODE_NAME
——————————
SERVER_ID
—————————————————————-
SERVER_ADDRESS
——————————

FUSIONIDM
CBD3AA97FC0A8472E040A8C0B00A6B5324975527834015535318174214438204

Reply
Vivek Sharma says October 16, 2012

Hi Atul,
I am on page 140 of your ebook, and am getting a 404 Not Found error?
Even though the Application got deployed, I am getting the 404 Not Found error for the following URL:

http://fusionidm.marketsphereconsulting.com:7777/ebsauth_OBA1S/OAMLogin.jsp

I have already put the following in the mod_wl_ohs.conf

SetHandler weblogic-handler
WebLogicHost fusionidm.marketsphereconsulting.com
WebLogicPort 8602

Any ideas?

Reply
Vivek Sharma says October 16, 2012

Is it possible, that during registration of the webgate step:
./oamreg.sh inband /u01/sso/Middleware/Oracle_IAM1/oam/server/rreg/input/oba1s.xml

My oba1.xml had the following contents, where I used ebsauth_oba1s as the resource, instead of ebsauth_OBA1S, that could cause problems? and is there a way to fix this?

http://fusionidm.marketsphereconsulting.com:7001
OBA1S_HostId
OBA1S_OAM
http://fusionidm.marketsphereconsulting.com:7777

/logout

/ebsauth_oba1s/
/ebsauth_oba1s/…/*

/public/index.html
/ebsauth_oba1s/OAMLogin.jsp
/ebsauth_oba1s/style/
/ebsauth_oba1s/style/…/*
/public/oacleanup.html

/excluded/index.html

Reply
Vivek Sharma says October 16, 2012

After fixing this in oamconsole, I got the login page. On page 141 of the ebook, what username would I use to login?

Reply
Pratima says October 17, 2012

Atul,

I am trying to configure webgate and was successful in creating agent and registering it. But when I try to hit the web server on http port, it directs me to oam server on 14100 port but I cant connect to it. Somehow, I have never been able to telnet on 14100 even though my oam managed server is running and I can access oam console but instead I can telnet on 5575.
Also, my adminserver logs keep complaining about this error:

Is something wrong with my configuration?

Thanks

Reply
Pratima says October 17, 2012

This is the error which I get in my admin sevrer logs.
Failed to communicate with any of configured Access Server, ensure that it is up and running.

Reply
Kumar says October 18, 2012

I installed OAM and IAMSuiteAgent is enabled. Now how can i use IAMSuiteAgent?
Before install OAM, i used like “http://:7001/em”, now with IAMSuiteAgent installed by default how can i call EM.

Reply
santosh says November 7, 2012

Hi Atul,

I have installed the web-gate 11g for OHS11.1.1.5 and OAM11.1.1.5 BP3 on solaris 64, configured webgate by following steps mentioned by you, everything goes fine however when i try to access http://localhost:81 (OHS URL), it says:

“Sorry, Requested page can no be found – 404″

I have added few handler in mpd_wl_**.conf like for /odsm and also created a new resource, auth policy and authz policy in same domain in oam but when i try to access http://localhost:81/odsm, it says:

“Sorry, Requested page can no be found – 404″

When i disabled OHS_WG1 agent from OAM admin console, then i am able to access http://localhost:81/odsm.

Also checked for http://localhost:81/oam/pages/login.jsp , is not accessible when agent is enable.

Can you suggest me what wrong might be the possible problem.

Regards
Santosh

Reply
    Atul Kumar says November 7, 2012

    @ Santosh,
    In 11g WebGate version if a resource is not protected/allowed then access is deined. Create a resource / and protect this resource via anonymous authentication scheme or select exclude.

    See if that works

    Reply
santosh says November 7, 2012

Hi Atul,

Thanks for quick reply.

I will try that.

As i have mentioned that i created a new resource /odsm and selected “LDAP Scheme” even for that, it throws same error.

I could not see any error in log file except ” could not read oblog_config.xml ( which can be ignored as per oracle doc.)

Regards
Santosh

Reply
Atul Kumar says November 7, 2012

@ Santosh,
To see if WebGate is an issues (if yes then you can apply fix in my previous update), disbale webgate by commenting include file for webgate.conf in httpd.conf and then bounce OHS.

If you see this working then issue is with webgate and define policy

If you see this NOT working then issue is with OHS and ensure that mod_wl_ohs.conf has correct entry to connect to weblogic server on which application (like ODSM) is running. To know more on mod_wl_ohs.conf check http://onlineappsdba.com/index.php/2009/09/23/configure-oracle-http-server-infront-of-oracle-weblogic-server-mod_wl_ohs/

Reply
santosh says November 7, 2012

Hi Atul,

I am able to access page after commenting webgate entry in httpd.conf file. so looks like issue is with webgate and define policy.

Shouls i delete the agent in OAM console and recreate using OAM Admin console.?
Do you suggest any other steps ?

Regards
Santosh

Reply
santosh says November 7, 2012

Hi Atul,

My OAM Admin server (weblogic admin ) is running on port 7001 and OAM manage server is on port 14100, just want to confirm, while registering webgate which port should i use in server address?

I used 7001, please confirm ?

Regards
Santosh

Reply
Atul Kumar says November 7, 2012

@ you don’t use any of these ports. You must use OAM proxy server port. Default value is 5575 , search on this blog about how to find OAM proxy port and you will get more information on this port.

This is also explained in our eBook oam integration with e-business suite

Reply
santosh says November 7, 2012

@Atul –

Thanks. I created new agent and policy manually using OAM console, its working now but i am getting another issue i.e. after OAM login, it give error while redirecting the page, page is getting hang but if i refresh the page then it display the welcome page ( error say something could be wrong on cookie setting or redirection in the browser)

Regards
Santosh

Reply
pratima says November 8, 2012

Hi Atul,

I have installed 10g webgate and trying to connect to OAM11gR2 server. It works fine when the communication mode is open but when I try to use simple mode, accee to url http://host/access/oblix/apps/webgate/bin/webgate.cgi?progid=1
gives error
The WebGate plug-in is unable to contact any Access Servers.

Oblix: 2012/11/09@01:45:07.419293 29507 29507 ACCESS_GATE FATAL 0x00001520 /scratch/alnguyen/Oblix/coreid1014/palantir/webgate2/src/apache2entry_web_gate.cpp:433 “Exception thrown during WebGate initialization”

I verified it twice as its working fine in open mode but not simple mode. HHTP server can telent to oam server on 5575 and everything else is running. There are no other errors in the logs.
Any suggestions?

Thanks,
Pratima

Reply
Atul Kumar says November 8, 2012

@ Pratima,
What all changes you made in order to change OAM from OPEN to SIMPLE ?

Note: There is a BUG in 11gR1 (not tried with 11gR2 yet) where if you use higher version of JDK (higher than 1.6.24) and use SIMPLE or CERT mode then WebGate doesn’t work (because of certificates). I am not sure if that BUG is still on 11gR2 but curious to know steps you carried out to convert from OPEN to SIMPLE

Reply
pratima says November 8, 2012

Atul,

I changed the mode of oam server to simple and then changed the webgates mode to simple. After that I copied the obaccessclient.xml under lib folder on webgate server, password.xml to config folder and aaa certificates under config/simple folder.. Please note that simple folder wasn’t already there as per the docs.. Then I restarted the web server and oam servers.

Reply
moulali says November 12, 2012

hi Atul,
i have installed OAM Webgate 11g on OHS 11g,
i am referring your book Oracle Identity and access manager 11g for Administartion.I am unable to edit EditHttpConf file for webgate configuration with the following error
./EditHttpConf -w /u01/oracle/apps/idam/Middleware/Oracle_WT1/instances/instance1/config/OHS/ohs1/ -oh /u01/oracle/apps/idam/Middleware/Oracle_OAMWebGate1 -o /u01/oracle/apps/idam/output2.txt

./EditHttpConf: error while loading shared libraries: libclntsh.so.11.1: wrong ELF class: ELFCLASS64
please help me to resolve this problem.
Thanks in Advance.

Reply
rnugooru says November 12, 2012

Atul:

We are following your book.
We are unable to see the default list in Resource Type in Policy Configuration.
HTTP
wl_authen
without them we cant register the weggates

Please help us
Thanks

Reply
    Atul Kumar says November 12, 2012

    @ rnugooru,

    It looks like something failed during installation/configuration of OAM. Try re-install including database schema for OAM . Ensure that you use right version of RCU to load OAM schema.

    Reply
srshukla3 says November 14, 2012

Hi Atul,

I am getting follwoing error while creating data source for EBS Access Gate- after setting domain env, when i run –
/usr/sfw/bin/ant -f txkEBSAuth.xml createDataSource

It throws below error at the end –
createDataSource:
[echo] ********************************************************************
[echo] STEP 1: CREATING DATA SOURCE
[echo] ********************************************************************
[trycatch] Caught exception: Problem: failed to create task or type wlst
[trycatch] Cause: The name is undefined.
[trycatch] Action: Check the spelling.
[trycatch] Action: Check that any custom tasks/types have been declared.
[trycatch] Action: Check that any / declarations have taken place.
BUILD FAILED
/u01/iam/fmw11.1.1.5/appsutil/accessgate/ebs01/txkEBSAuth.xml:408: Error Creating DataSource

Total time: 44 seconds

Any idea, what could be wrong ?

Thanks
Santosh

Reply
srshukla3 says November 14, 2012

/usr/sfw is ANT_HOME path.

when i run ant -f txkEBSAuth.xml, it say ant not found, even though ANT_HOME is already set.

Reply
srshukla3 says November 14, 2012

Hi Atul,

When i run /usr/sfwant -f txkEBSAuth.xml
(create and deploy both)

BUILD FAILED
/u01/iam/fmw11.1.1.5/appsutil/accessgate/ebs01/txkEBSAuth.xml:171: Problem: failed to create task or type propertyregex
Cause: The name is undefined.
Action: Check the spelling.
Action: Check that any custom tasks/types have been declared.
Action: Check that any / declarations have taken place.

Reply
Atul Kumar says November 14, 2012

@ srshukla3,

You said “/usr/sfw is ANT_HOME path” is this the one that comes with Linux/Unix or is this your weblogic home too ?

If ANT_HOME is not from weblogic then try one from weblogic

Take a look at section 11.3 “deploy ebs accessGate” our eBook http://onlineappsdba.com/index.php/book/

Make sure that you set weblogic environment file setWLSEnv.sh

Reply
srshukla3 says November 14, 2012

Hi Atul,

In EBS12.1.3 ,i can not see the profiles (FND: Validate User Type,FND: Validate IP address..).

Is it must to have these system profile ?
My access Gate deployment still fails –

BUILD FAILED
/u01/iam/fmw11.1.1.5/appsutil/accessgate/ebs01/txkEBSAuth.xml:408: Error

Please confirm, if i need to apply any patch.

Reply
srshukla3 says November 14, 2012

Hi Atul,

I have taken defualt DBC file, did not generate it -can you verify if the format it is correct, i do not see APPS_JDBC_URL in this –

APPS_JDBC_DRIVER_TYPE=THIN
FND_JDBC_BUFFER_MIN=1
DB_NAME=prod
GWYUID=APPLSYSPUB/PUB
FND_JDBC_BUFFER_MAX=5
FND_JDBC_STMT_CACHE_SIZE=100
TWO_TASK=prodcln
JDBC\:oracle.jdbc.maxCachedBufferSize=358400
JDBC\:processEscapes=true
FND_MAX_JDBC_CONNECTIONS=500
FND_JDBC_USABLE_CHECK=false
FNDNAM=APPS
FND_JDBC_PLSQL_RESET=false
DB_PORT=1521
FND_JDBC_CONTEXT_CHECK=true
FND_JDBC_BUFFER_DECAY_SIZE=5
DB_HOST=sfinappstst01.testsf.testsp.edu.sg

I am getting error whilec creating datasource –
Caused by: weblogic.common.resourcepool.ResourceSystemException: Invalid port number for database URL: jdbc:oracle:thin:@${appsDBHostname}:${appsDBPort}:${appsDBSID}
[wlst] at weblogic.jdbc.common.internal.JDBCUtil.parseException(JDBCUtil.java:301)

Reply
Girish says February 7, 2013

Hi Atul,

Need one favour from you,

We have to set up IAM DR system replica of Live Prod IAM DC.

We have done below mentioned points as per document oracle e15250.pdf
1.We have tar and untar all directories from DC to DR.
2. Added Alias hostname at DR sitein /etc/hosts as per doc.
3.Our OID instance, OHS11g,Identity and Access Server’s are up.
4.We also configure the Webgate from
[dbuser@MPBPLDRIDA2 configureWebGate]$ ./configureWebGate -i /orahome/oracle/product/OAM_HOME/webgate/access -t Webgate
this command.
and shows :
Web Gate Installed Successfully.

But here the problem is the webgate entries is not updated in https.conf.
So can I confirm the its webgate installation.
I am trying to hit the confirmation url
url http://MPBPLDRIDA2:7777/access/oblix/apps/webgate/bin/webgate.cgi?progid=1
I am getting 404 error.

Reply
aman1983 says February 7, 2013

Hi Atul

I would like to know how to setup OAM 11gR2 SSO for a web page.

Can you please describe the required steps and all configuration?

Thank you
Aman

Reply
Girish says February 8, 2013

Hi Atul,
Issue resolved on move back the webgate entries in httpd.conf file and diagnose page appeared.

But I am facing one issue regarind the IP’s of DC.. which is showing in DR Setup (viz . Directoty Profiles, Identity Server and Wepass(Core id server) ) i.e. DC IP(10.10.x.x)insteadof DR Hostname, should i manually change at all place and restart the servers.

Reply
Arulmani says February 11, 2013

Dear Atul,

We have successfully configured OAM 11.1.1.5 with EBS 12.1.1 and OID 11.1.1.6 with WNA.
Now we need to configure another EBS application with same OAM access manager.
Can you please tell me is it possible to configure and how can be it done.

Thank you!!!

Arul

Reply
    Atul Kumar says February 11, 2013

    @Arul,
    Yes it is possible, Follow same steps as you did for first EBS instance (except installation)

    Reply
Narendra says August 1, 2013

Hi Atul,

I am configuring oam 11gr2 in High Availability my admin server and access server is on node1 and another instance of access server is running on node2 and Here are my access server id’s (WLS_OAM1 and WLS_OAM2 ) they are in cluster.

Now I am installing 10g webgate on apache web server while installing webgate it asks for access server id and hostname where access servers are installed. If I gave access server id as WLS_OAM1 and hostname of node1. If WLS_OAM1 is down how it is said to be as HA ?

Can you please help me in configuring webgate with both instances of access servers ?

Thanks in advance.

Regards,
Narendra

Reply
Atul Kumar says August 1, 2013

@ Narendra,
Good question. When you configure WebGate and give access server ID as WLS_OAM1 then WebGate connects to OAM server and checks that there are two OAM servers . WebGate then downloads XML file with details of both OAM1 & OAM2 server as available servers.

ANy future connectsion are made using this XML file which has two OAM servers.

If you go to Webate Instance in OAM server then search for your webgate and under access servers you should see noth WLS_OAM1 and WLS_OAM2 listed.

Let me know if you can’t find name of xml file in WebGate

Reply
Narendra says August 1, 2013

Atul,Thanks for a quick reply.

Is the file name is ObAccessClient.xml which is under WEBGATE_install_dir/webgate/access/oblix/lib ?

And on more question which is related to HA, I have no load balancer but I am using apache (Instance1)for failover and specified the apache hostname as loadbalancer name in access manager settings and it is working fine for me and on another apache (instance2) I have resources to protect, Now I am installing webgate to protect resource on apache instance2, Here what is the hostname I have to give to install webgate in HA ?

How to install webgate using OAP ?

Thanks in advance ?

Regards,
Narendra

Reply
Viruls says September 2, 2013

Hi Atul,

I would like to install oracle access manager 11g webgate on OHS server which is installed by extending my existing environment where OID/OVD(IDM 11g 11.1.1.7.0) are installed previously.

But I am not able to install webgate, I am getting error like below ,

“The Oracle home for the following components are not installed. Oracle webtier Utilities.”

OHS is the Oracle webtier right ?

Please provide me a solution for this issue.

Thanks,
Viruls

Reply
Atul Kumar says September 2, 2013

@Viruls,
At what stage you are hitting this error ?

What is middleware home you selected duing WebGate installation ?

Is OHS oarcle_home installed in this Middleware Home ?

Reply
Viruls says September 2, 2013

Hi Atul,

Thanks for a quick response,

Please find the answers for the above questions from you

1) I selected the MW_HOME where I installed oid,ovd,odsm,ohs

2)while installing the 11g Webgate through GUI after selecting the MW_HOME I am getting this error,

3)I just extended the domain to configure ohs.

Regards,
Viruls

Reply
Atul Kumar says September 2, 2013

@ Virual,
Problem is with Middleware Home Oracle Home for OHS and WebGate Oracle Home

Give me full path of these three directory (These three must be on same host)

Reply
Viruls says September 2, 2013

Hi Atul,

Middle ware home path :
/u01/oracle/Middleware

Ohs path :
/u01/oracle/Middleware/ohs_inst1

While installing webgate in this middleware home I am getting that error.

Reply
Atul Kumar says September 3, 2013

@ Viruls

/u01/oracle/Middleware/ohs_inst1 looks more like ORACLE_INSTANCE which is different than ORACLE_HOME . If you share content of this directory then I can tell if this is ORACLE_INSTNACE or not.

Where is ORACLE_HOME for OHS ?

Reply
Viruls says September 5, 2013

Hi Atul,

Thank you for letting me know the difference b/w oracle_instance and oracle_home , There is no OHS oracle_home (eg: Oracle_WT1) in my environment I installed Webtier utilities and it solved my issue.

Thanks You.

Reply
sunil says September 19, 2013

Hi,
When I tried to update httpd.cong it gives me following error on cmd prompt:
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application’s support team for more information.
My product version are:
Weblogic: 10.3.6
OAM: 11.1.2.0
webgate: 11.1.2.0
webtier: 11.1.1.6.0
VC++: Latest
OS: windows 7 64-bit

Please suggest me to to solve this error.

Reply
    Atul Kumar says September 19, 2013

    @ Sunil,
    When you started command prompt did you run it as administrator ?

    You can manually open httpd.config and including webgate.conf

    include [full_path_of_webgate.conf]

    and re-start OHS

    Reply
sunil says September 20, 2013

Hi Atul,
Thanks for the help,
Running command prompt as administrator didn’t work for me. I had done it manually.
When I login to OAM console using “http://:/oamconsole”
It open the welcome page but also shows that
“The policy configuration is not available”
Any help in this regards?

Reply
Atul Kumar says September 20, 2013

@ Sunil,
OAMconsole is deployed on Admin Server so check WebLogic Admin Server log files .

Reply
sunil says September 20, 2013

Hi Atul,
Looking at the log I have found following exception
java.lang.Exception: Exception occured in wireOAMWithRP
at oracle.security.am.install.oic.OAMOICWiringManager.wireOAMWithRP(OAMOICWiringManager.java:522)
at oracle.security.am.install.oic.OAMOICWiringManager.wireOAMWithOIC(OAMOICWiringManager.java:760)
at oracle.security.am.install.OAMInstaller.configureSystemConfig(OAMInstaller.java:434)
at oracle.security.am.install.startup.OamInstallTopologyConfigListener.OamSysConfigOperations(OamInstallTopologyConfigListener.java:89)
at oracle.security.am.install.startup.OamInstallTopologyConfigListener.initialize(OamInstallTopologyConfigListener.java:56)

and

oracle.security.am.common.policy.admin.PolicyManagerException: OAMSSA-06252: The policy store is not available; please see the log file for more details.
at oracle.security.am.common.policy.admin.PolicyAdminFactory.getProvider(PolicyAdminFactory.java:243)
at oracle.security.am.common.policy.admin.PolicyAdminFactory.init(PolicyAdminFactory.java:166)
at oracle.security.am.common.policy.admin.PolicyAdminFactory.getPolicyAdmin(PolicyAdminFactory.java:334)

Thanks,
SUnil

Reply
Anand says October 30, 2013

Hi,

I have deployed custom application in tomcat and I need to protect using OAM . I followed first procedure given by Mahendra in this blog, but when I am accessing to a page of that application it is prompting both OAM login page and application’s login page.
I want tomcat authentication to be happening directly so that it won’t throw tomcat login page again. The customer don’t want to change code in the Custom Application .

Can you please suggest me how can we achieve this.

Thanks

Reply
Joshua says December 5, 2013

Atul my configuration just now started throwing…

[oracle@pic-oam03 ~]$ /oracle/Middleware/asinst_1/bin/opmnctl startall
opmnctl startall: starting opmn and all managed processes…
================================================================================
opmn id=pic-oam03:6701
0 of 1 processes started.

ias-instance id=asinst_1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
——————————————————————————–
ias-component/process-type/process-set:
oid1/oidmon/OID/

Error
–> Process (index=1,uid=259125200,pid=5330)
time out while waiting for a managed process to start
Log:
/oracle/Middleware/asinst_1/diagnostics/logs/OID/oid1/console~OID~1.log

[oracle@pic-oam03 ~]$
Message from syslogd@ at Thu Dec 5 16:57:48 2013 …
pic-oam03 Oblix: 2013/12/05@23:57:48.047524 4651 4683 ACCESS_GATE FATAL 0x00001520 /usr/abuild/Oblix/coreid1014/palantir/webgate2/src/apache2entry_web_gate.cpp:433 “Exception thrown during WebGate initialization”

I am running java version “1.4.2”, any ideas!?

Reply
    Atul Kumar says December 6, 2013

    @ Joshua,
    It looks like issue with OID and OAM , check first OID logs /oracle/Middleware/asinst_1/diagnostics/logs/OID/oid1/console~OID~1.log to find what is issue .

    I am suspecting issue with webgate is because OAM is not available which may be dependent on OID so first fix OID .

    Reply
Joshua says December 9, 2013

Atul, the console~OID~1.log only contains

——–
13/12/05 16:57:21 Start process
——–

——–
13/12/05 16:57:38 Stop process
——–

Without any errors, any ideas if I need to turn of the log level? or another place I could look. Thanks Atul!

Reply
Atul Kumar says December 9, 2013

Check OPMN logs and also last file updated under

$ORACLE_INSTANCE/diagnostics/OID/oid1/logs

oidmon and other files in that folder

Reply
Joshua says December 9, 2013

Thanks Atul, I found the error I think.

[2013-12-09T10:28:13-07:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: pic-oam03] [pid: 3856] [tid: 0] Guardian: Connecting to database, connect string is oiddb

[2013-12-09T10:28:13-07:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: pic-oam03] [pid: 3856] [tid: 0] Guardian: [gsdsiConnect] ORA-28001, ORA-28001: the password has expired

I will try and figure out which users password has expired and fix it.

Reply
Atul Kumar says December 9, 2013

@ Joshua,
Good, for now you can reset password back to same value and then re-start services.

As long term fix and avoid this happening in future, create profile in database and set password not to expire for application schemas like ODS, ODSSM, and all IAM schema created by RCU _OIM/OAM etc

Reply
Joshua says December 10, 2013

Atul, thanks to your help I have made good progress.

I feel like I am on the last leg.

http://172.17.16.11:7001/console – WebLogic Admin Console
http://172.17.16.11:7005/odsm – Directory Services console

Both login fine

All my services seem good

[oracle@pic-oam03 ~]$ /oracle/Middleware/asinst_1/bin/opmnctl status

Processes in Instance: asinst_1

ohs1 | OHS | 3851 | Alive
ovd1 | OVD | 3849 | Alive
oid1 | oidldapd | 4702 | Alive
oid1 | oidldapd | 4697 | Alive
oid1 | oidmon | 3853 | Alive
EMAGENT | EMAGENT | 3850 | Alive

Unfortunately
http://172.17.16.11:7777/identity/oblix
&&
http://172.17.16.11:7777/access/oblix

Prompt for login and password but are failing with the creds I thought. Any idea which log files I should check for this issue?

Reply
Joshua says December 11, 2013

I am at a lose. Run out of ideas.

Reply
Saurabh Gairola says February 25, 2014

Hi Atul,

I am getting below Certificate error while trying to validate my webgate configuration.

oracle@orgxdevidam01:/oracle/app/environments/dev/security/user_projects/domains/iam_domain/bin$ wget http://orgxdevidam01.in.oracle.com:7777/console
–2014-02-25 18:43:57– http://orgxdevidam01.in.oracle.com:7777/console
Resolving orgxdevidam01.in.oracle.com (orgxdevidam01.in.oracle.com)… 10.184.152.66
Connecting to orgxdevidam01.in.oracle.com (orgxdevidam01.in.oracle.com)|10.184.152.66|:7777… connected.
HTTP request sent, awaiting response… 302 Found
Location: https://orgxdevidam01.in.oracle.com:8004/oam/server/obrareq.cgi?encquery%3D5nRY9sfm69pQqvgi6AcUnTeKJGJpTpdLSRurAM8ZTvnudBPZJLbI0WQuva3OX7VinKLHIGJ%2FCT%2BPTmPnYP0VMlp%2BX9%2FBlBDiCloWX6ylpz7B81IRzePlkYIX8ub%2BC3vlBYliaxrJRp8Fw6I%2Bb%2FvY05ct1SYV4r1zrEjXpQXPyd%2Fuzvr94n8ozlcrHeWhF9a5g6T19yK%2FeemZqodml4pJtJhmyrn26xfvHXL4dWkt052ZwDm5y9aQ1%2BBX03ubcmO%2Fc7jt9Wifo%2BpuEvSCsR8U6UYf0HpVO18MLknBNY9%2FW1p5powJYOmHiTeZmGM4YC9m%20agentid%3DWebgate_IDM%20ver%3D1%20crmethod%3D2 [following]
–2014-02-25 18:43:58– https://orgxdevidam01.in.oracle.com:8004/oam/server/obrareq.cgi?encquery%3D5nRY9sfm69pQqvgi6AcUnTeKJGJpTpdLSRurAM8ZTvnudBPZJLbI0WQuva3OX7VinKLHIGJ%2FCT%2BPTmPnYP0VMlp%2BX9%2FBlBDiCloWX6ylpz7B81IRzePlkYIX8ub%2BC3vlBYliaxrJRp8Fw6I%2Bb%2FvY05ct1SYV4r1zrEjXpQXPyd%2Fuzvr94n8ozlcrHeWhF9a5g6T19yK%2FeemZqodml4pJtJhmyrn26xfvHXL4dWkt052ZwDm5y9aQ1%2BBX03ubcmO%2Fc7jt9Wifo%2BpuEvSCsR8U6UYf0HpVO18MLknBNY9%2FW1p5powJYOmHiTeZmGM4YC9m%20agentid%3DWebgate_IDM%20ver%3D1%20crmethod%3D2
Connecting to orgxdevidam01.in.oracle.com (orgxdevidam01.in.oracle.com)|10.184.152.66|:8004… connected.
ERROR: cannot verify orgxdevidam01.in.oracle.com’s certificate, issued by `/C=US/ST=MyState/L=MyTown/O=MyOrganization/OU=FOR TESTING ONLY/CN=CertGenCAB’:
Unable to locally verify the issuer’s authority.
To connect to orgxdevidam01.in.oracle.com insecurely, use `–no-check-certificate’.
oracle@orgxdevidam01:/oracle/app/environments/dev/security/user_projects/domains/iam_domain/bin$

Can you please help me in fixing the certiticate error.

Reply
    Atul Kumar says February 25, 2014

    @ Saurabh Gairola, What is 8004 port for and is this SSL ?

    You need to share what is runnning on SSL and what is mode of OAM server (OPEN, SIMPLE, CERT ) ?

    Reply
Saurabh Gairola says February 25, 2014

Atul,

8004 is SSl port for oam_server1 configured under iam_domain hosted in orgxdevidam01 host.

We have configured web gate on Webtier OHS and created an agent in oamconsole and have followed all required configuration.

wget is working fine with no certificate.

Reply
Atul Kumar says February 25, 2014

@ Saurabh,
If I am not wrong wget (on linux) is trying to access https://orgxdevidam01.in.oracle.com:8004 from front end channel.

Cert on 8004 are issued by /C=US/ST=MyState/L=MyTown/O=MyOrganization/OU=FOR TESTING ONLY/CN=CertGenCAB’ and this CA is not in CA’s list.

To make this testing (don’t use this way to test butuse broweser and add CA cert in browser) add CA’s cert in unix’s trust store .

Reply
Saurabh Gairola says February 25, 2014

ok sure..

ya right actually i was testing through browser only. but due to certificate error i was not able to test. Let me configure the certs

Thanks

Reply
Saurabh Gairola says February 26, 2014

Hi Atul,

Certificates issue have been resolved, now we are able to receive SSO page for the url we are triggering. But single sign on is not happening.
Ex –

http://orkxdevidam01.in.oracle.com:7777/console

When we hit the above url it redirects us to SSO page. Since we have the done context mapping for oamconsole, console and oim in mod_ohs.conf.

When we authenticate the SSO page with oamadmin it redirects us to weblogi console page, rather than logging in console internally and taking us to console home page.

So we had authenticate again in console page. Can you please help, how to enable the SSO here.

Reply
Saurabh Gairola says February 26, 2014

The mode OAM agent is configured is “Open”. We are not using any SSL Certs and communication.

Reply
Saurabh Gairola says February 26, 2014

We missed OAMIdentityAsserter. After coniguring it, Our Single Sign on is working fine.

Reply
sasmit says April 7, 2014

Hi,

We are having an issue with registering Webgate in OAM.

Our setup is as follows:

We have one Redhat machine where we have installed Oracle DB, OHS and WebGate

We have another Redhat machine where we have installed OAM and OUD.

The issue appears when we try to register a new “OAM 11g webgate” in OAM console. After we fill up the details in the page and click on appy we get a “Null pointer”.

We have also tried the command line option using “rreg” and the OAM11gRequest.xml” file. Here also we get a HTTP-500 from the admin server.

The following is appearing on the oam_server1 ( managed oam server ) console

Event response status is STATUS_FAIL for GET_AUTHN_SCHEME event. Error code OAM 0207.

WE tried again through OAM console, this time we unchecked ” auto create policies” . The webgate registration succeeded this time.
Although we have provided explicit protected and public urls, we are unable to access any content on OHS, including “/”.

There appears to be another issue also, no default resource type is being shown in policy configuration tab. Althoug “HTTP” is expected.

Reply
Bala says June 14, 2014

Hi Sir,

We a scenario for single user like Whenever he hits OIM selfservices URL which is protected in OAM and submits credentials in SSO login page, he is redirected to OIM default login page.Please help me, the issue is for only one user and there is no difference in user attributes when compared with working user attributes.

Reply
» Register OAM WebGate from WebGate host Online Identity & Access Management: One Stop Shop for Identity & Access Management says June 26, 2014

[…] these posts 1, 2 to understand concepts of WebGate registration in OAM 11g. Inband registration mode is used when […]

Reply
Maricela says January 30, 2015

Great information. Lucky me I came across yor
blog by chance (stumbleupon). I’ve saved it for later!

Reply
praveen says February 13, 2017

Hi

i am doing the same process, a

i have integrated webgate with webtier and i have created a sso agent through console and i have copied the sso artifacts to webgate/config , and i have restarted the ohs server.

while accessing the server i am getting this error
…………………………………………………………………………………………………………………………………………
Internal Server Error

The server encountered an unknown error, possibly due to misconfiguration. Contact the server administrator: [no address given]

More information about this error may be available in the server error log.
………………………………………………………………………………………………………………………………..

please help me to solve this error

Thank you very much
Praveen

Reply
Add Your Reply