Part IX : Install OAM Agent – 11g WebGate with OAM 11g

Dear Atul,
I ve been working on the implementation of the above senario as part of a test case I am working on.
I reached this point:

4.3 Include OHS library files in to LD_LIBRARY_PATH as
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/lib

It doesnt seem to be clear for me wheather this is a comand that I have to write and if so to which directory should I navigate to before runing it.

Many Thanks in advance Mr. Atul

When you run EditHttpConf command at that time your LD_LIBRARY_PATH should also include OHS library ($OHS_ORACLE_HOME/lib)

which means that just before running above command run echo $LD_LIBRARY_PATH (Unix)

or echo %LD_LIBRARY_PATH% (Windows)

and lib directory of OHS ORACLE_HOME should also be displayed as part of this output.

[…] Part IX : Install OAM Agent – 11g WebGate with OAM 11g […]

[…] I also discussed about OAM 11g WebGate (10g or 11g) registration using RREG here […]

Atul,

Since Webgate 11g (11.1.1.3) will have to be installed in OHS, do we need a separate OH for Webgate 11g (for example OAMWebGate1)? Or can we use the OHS’s OH?

– Ramasamy

@ Ramasamy,
Yes 11g webgate must be installed under separate OH but under same Middleware Home (MW_HOME) in which OHS 11g Oracle Home exists.

Atul,

We are trying to install 10g WebGate in OAM 11.1.13.. When I run the oamreg.sh, I am getting the following error:

Aug 28, 2011 1:34:28 AM oracle.security.am.engines.rreg.client.RegClient main
SEVERE: Exception encountered: RemoteAgentRegistrationException. Specific exception:HTTP Post Method failed: HTTP/1.1 500 Internal Server Error oracle.security.am.engines.rreg.common.RemoteAgentRegistrationException: HTTP Post Method failed: HTTP/1.1 500 Internal Server Error
$

But I noticed from the oamconsole, I could see the Agent Name under Policy configuration tab, but I am not seeing anything under System Configuration tab…

Any ideas?

Thanks
Ramasamy

Hi,

Is there any capability within OAM or within the webgates to apply some sort of content filtering rules? For example, we have been told that some webgates support the ability to deny the request if the payload is more than N characters, or if someone is trying to “inject SQL” into the OAM server, etc.

The reason I ask this is because the current OAM design requires you to expose your OAM servers to the internet if you want to protect public facing sites. And this leaves open the possibility that someone could submit any data as part of the form POST to auth_cred_submit. We see this as a security risk and would like to prevent it.

Thanks
Aspi Engineer
Putnam Investments

Help; After installing WLS 10.3.5,OAM,OHS, Webgate, Access Gate – all 11g – my R12.1.3 mid tier is redirecting user logins to ebsauth_/ssologin. That gets error 404 from the OHS.
What is this ssologin? Shouldn’t R12 redirect to OAMLogin.jsp? Any help appreciated.

@ oamadminuser

What is value of profile option “Application Authentication Agent” in EBS R12 ?

Hi Atul, Application Authentication Agent is set to http://:7777/ebsauth_/

It is appending ssologin to the end of that url (as seen by trying various other values of Apps Auth Agent). But OHS does not know what to do with it.

I am using 11g webgate, as also approved and described in 1309013.1 MOS note.

I also see DENY entries in OAM log.

Very interesting problem!
Thanks,

That profile option should read: Application Authentication Agent is set to http://:7777/ebsauth_DATABASE_TWO_TASK/

HI Atul,

I have followed your document, i was able to protect the Oracle HTTP server with OAM successfully. when i tried to access the http://:7777 it was re-directing to the OAM login page, but after the successful login into the OAM the page was not directing back to the HTTP server again, it displaying error page not found but i can see the url as http://:7777 in the browser. Can you help me out what i have missed here… or i need to any more….

@ venkyd1985,
It could be just because /index.html is protected (by default with webgate 11g everything is protected)

Define public policy for resource /index.html as public in both authentication and authorization policies (How to define policies is in my Book OAM/OIM 11g for administrators and also in Oracle Guides)

Hi ,

i am trying the OAM/OIM integration. I have installed and configured oam, soa, oim serverrs in one domain, configured PIm with ldap sync enabled.

Now trying to run the command :-
idmConfigTool –configOAM input_file=propertiesFile

But getting one error :-
======================

bash-3.2$ ./idmConfigTool.sh -configOAM input_file=OAMconfigPropertyFile
Enter ID Store Bind DN password :
Enter User Password for WLSPASSWD:
Confirm User Password for WLSPASSWD:
Enter User Password for OAM11G_OIM_WEBGATE_PASSWD:
Confirm User Password for OAM11G_OIM_WEBGATE_PASSWD:
Enter User Password for IDSTORE_PWD_OAMSOFTWAREUSER:
Confirm User Password for IDSTORE_PWD_OAMSOFTWAREUSER:
Enter User Password for IDSTORE_PWD_OAMADMINUSER:
Confirm User Password for IDSTORE_PWD_OAMADMINUSER:
java.lang.NullPointerException
at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.configOAM11gIdStore(OAM11gIntegrationHandler.java:352)
at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.execute(OAM11gIntegrationHandler.java:696)
at oracle.idm.automation.AutomationTool.configOAM(AutomationTool.java:593)
at oracle.idm.automation.AutomationTool.parseCmdLine(AutomationTool.java:218)
at oracle.idm.automation.AutomationTool.main(AutomationTool.java:132)
There were errors found. Details have been logged to automation.log
======================

From automation.log:- i got :-
(11:44:16 AM) : Jan 30, 2012 10:07:35 PM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOAM11gIdStore
SEVERE: Error while configuring webgate and domain
java.lang.NullPointerException
at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.configOAM11gIdStore(OAM11gIntegrationHandler.java:368)
at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.execute(OAM11gIntegrationHandler.java:696)

Please suggest .

correcting the typo error in my second line :-

============
configured OIM with ldap sync enabled.
============

Thanks.

@ Oam_Admin1,
What is value of JAVA_HOME, JDK version , ORACLE_HOME and other environment variable ?

Did other idmConfigTool complete successfully ?

[…] 4.5 Install WebGate on OHS server. More on RREG and installing WebGate here […]

[…] on IBM AIX Posted in February 28th, 2012 byAtul Kumar in oam  Print This Post On WebGate 11g Installation (WebGate is Policy Enforcement Point installed with Web Server), as per Oracle […]

[…] know more about WebGate click here, here, here, […]

Hi,

I am trying to remotely register the webgate with OAM server but there seems to be some issue. Heres what I am getting :

Exception in thread “main” java.lang.NoClassDefFoundError: oracle/security/am/en
gines/rreg/client/RegClient
Caused by: java.lang.ClassNotFoundException: oracle.security.am.engines.rreg.cli
ent.RegClient
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
Could not find the main class: oracle.security.am.engines.rreg.client.RegClient.
Program will exit.

My OAM_REG_HOME is set to \oam\server\rreg dierctory at oamreg.bat file

@ avinash,
This error means classpath is missing required java classes required to register webgate.

Are you running rreg from OAM host or different host ?

Which java version you are using ?

java -version
which java

Thanks for the prompt response Atul..

Java Version is :

java version “1.6.0_18”
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode)

I am running it from the OAM Host itself.

Enviromnet Variable settisgs are as follows :

Classpath = C:\Oracle\Middleware\jdk160_18\bin
JAVA_HOME = C:\Oracle\Middleware\jdk160_18

hi avinash ,i face the same problem ,do you have solve this issue? thank you!!!

@ Damon, Avinash,
Are you running this from OAM host (machine on which OAM is installed and configured) or from some other host (connected to OAM server remotely)

Hi,

Me too getting this error; would like to know if somebody has succeeded in resolving this!

Thanks in advance,

Regards,
Ratheesh

i solved the problem, i set my Enviromnet Variable as :
JAVA_HOME=E:\Oracle\Middleware\jdk160_24
OAM_REG_HOME=E:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg
Edit oamreg.bat
REM set OAM_REG_HOME=”D:\Remote Registration\RREG client kit\rreg”
Then i run oamreg.bat,everything is OK!

I want to install Oracle 11g Webgate with 11g OAM on a IIS web-server.
Can you help in this. I googled it and seems there is no support to install 11g web-gate on IIS.

Hi
I was trying to install the web-gate 10g to be worked with OAM 11g.
I created a web-gate 10g agent in OAM admin console window
On the web-server I installed web-gate as well.
I also copied OAAccessClient from OAM console to web-gate web-server location.

When after the installation, I am hitting my URL, it says:
“HTTP Error 404 – 404 Not Found

The Web server cannot find the file or script you asked for. Please check the URL to ensure that the path is correct”

In eventviewer it says “Oblix System Logger Initialized”.
In the log files it says “ould not read file”filename^oblix/config/oblog_config.xml”. I googled this problem but on .Net i found this message is not the actual message.

Can you suggest me what wrong might be the possible problem.

I should have mentioned in last post only that I am using IIS.
This URL is of my web-site I want to protect under OAM.
When disabling the web-gate at IIS, it works fine.(becuse in that case, it does not initiliaze anything related to OAM or web-gate).

I am using IIS7 server.

I got the clue of this error message. This was coming because in the access agent configurations, “Deny on not protected” was ticked. When I unticked this,checkbox the error got disappeared.
However now I am struggling with the policy creation.
Whenever I hit my page, inspite showing the sso login page, it show me my site home page.While as per the protection policy it should have shown the sso login page.
I am using “/../*” or /* notation. but still getting my home page.

@ Dheeraj,
Try with three dots /…/* in place of two DOTS

Hi
I just installed OAM and then tried to login into OAM CONSOLE, i am not able to login. No error, but the same Login screen comes back. When i checked the log

[2012-07-18T14:14:14.509-04:00] [AdminServer] [ERROR] [OAMSSA-20005] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000JYRJ1v^EWNW3tz^er11G1ikT00001F,0] [APP: oam_admin#11.1.1.3.0] [dcid: a827fbd0cee0501e:41979a37:1389b0d9163:-8000-0000000000000070] [arg: null] Error initializing User/Role API : null.
[2012-07-18T14:14:14.509-04:00] [AdminServer] [WARNING] [OAMSSA-20007] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000JYRJ1v^EWNW3tz^er11G1ikT00001F,0] [APP: oam_admin#11.1.1.3.0] [dcid: a827fbd0cee0501e:41979a37:1389b0d9163:-8000-0000000000000070] [arg: Error initializing User/Role API : null.] Unable to connect to the User Store. User Store may not be initialized : Error initializing User/Role API : null..
[2012-07-18T14:14:14.510-04:00] [AdminServer] [ERROR] [OAM-400016] [oracle.oam.admin.console.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000JYRJ1v^EWNW3tz^er11G1ikT00001F,0] [APP: oam_admin#11.1.1.3.0] [dcid: a827fbd0cee0501e:41979a37:1389b0d9163:-8000-0000000000000070] Failed to authenticate the user[[

Could you help me to fix it.

@ Kumar ,
what user you are using ? what URL you are using to login ? Is OAM integrated with OID for authentication ? Which document you used to install and configure OAM ?

Hi Atul,
I am getting same error as Kumar –
Unable to connect to the User Store. User Store may not be initialized : Error initializing User/Role API : null..

I followed the steps given in your tutorials. (I am using wls10.3.3, soa,OAM 11.1.1.3)

When I looked in oam-config.xml, the ldap entry is incorrect. could it be the reason?

@Atul,
Unfortunatly I wasn’t able to fix the issue. I am getting
Exception in decryption
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)

That is probably because of the AES encrypted password.

Can you please let me know why it is not being auto configured.

Also,
I have installed OID in a different machine, If I sync OAM with the OID(after I login to OAM), will oblix attributes/objects get created in OID ? The only reason I am trying to install OAM is to resolve “Failed to find obpasswordexpirydate in mandatory or optional attribute list. ” error. I have tried to import them manually, which it does succesfully. But when I try to import my ldif file, it throws the error mentioned before.

Any help would be great.

@ Manju,
Which document you are using ? Follow enterprise deployment guide if possible

Hello Atul;

I am newbie in OAM. I was trying to configure webgate for OHS through OAM. When I try to run the following command (inband registration) I am getting an error. Can you please help me with this.

./bin/oamreg.sh inband input/OAMllGRequest.xml

Error Message:

oracle.security.am.engines.rreg.client.RegController processRegist ration
SEVERE: Server side error occurred. Specific error messages are:Create policy re
source exception. Resource type must not be null. URI=/
The remote registration process did not succeed Please find the specific error
message below.
Error message passed from server is:Create policy resource exception. Resource t
ype must not be null. URI=/
oracle.security.am.engines. rreg.client.RegClient main
SEVERE: Exception encountered: RemoteAgentRegistrationException. Specific except
ion:Error message passed from server is:Create policy resource exception. Resour
ce type must not be null. URI=/oracle.security.am.engines.rreg.common.RemoteAge
ntRegistrationException: Error message passed from server is:Create policy resou
rce exception. Resource type must not be null. URI=/

Hello Atul:

Here’s my OAM11GRequest.xml file

http://:7001/serverAddress>
RREG_OHSHostId11g
RREG_OAMOAM11G
http://:80
false

host1
7777

Hello Atul:

Here’s my OAM11GRequest.xml file

http://:7001
RREG_OHSHostId11g
RREG_OAMOAM11G
http://:80
false

host1
7777

Hello Atul:

I re-installed the OAM Server and I was able to get through the installation successfully.

But after that when I try to view the OHS link (http://localhost:80), I get the following error.

The browser says ” OAM Operation Error. The Web gate plug-in is unable to contact any Access servers.”

The error message thrown in the console is:

ACCESS GATE FATAL 0x00001520 /adefaime_h0025/ngamac/src/palantir/webgate2/src/apache

2entry_web_gate.cpp:591 “Exception thrown during WebGate initialization”

ACCESS_GATE FATAL 0x0000 182C /ade/aime_h0025/ngamac/src/palantir/webgate2/src/apache
2entry_web_gate.cpp:592 “The AccessGate is unable to contact any Access Servers
raw_code”301

Can you please help with this?

Hello Atul,

I have followed your document, i was unable to protect the Oracle HTTP server with OAM successfully.

I stuck at step 2. Register WebGate with OAM Server.

Could u provide more details in case default configuration with Oracle HTTP server and OAM are on single host?

Hi Kumar,

I have create a default configuration webgate A on server OAM (server A) successfully.

I also create another default configuration webgate B on the server B. And 2 webgate are SSO with an OID user: http://A:7777, http://B:7777.

My matter at this moment is the Logout URL. I configure both Logout URL of 2 webgate agents is: /logout.html. But both website http://A:7777 and http://B:7777 only logout and redirect when i click the URL:
http://A:7777/logout.html. If i use http://B:7777/logout.html, the website shows Page not found.

Hi Kumar,

I got another critical problem. That is when i login or logout from http://A:7777 and http://B:7777. The http://A:7002/oamconsole is also login and logout. Even when the user to logging in to http://A:7777 and http://B:7777 is orcladmin user from OID and user to logging in http://A:7002/oamconsole is weblogic.

Please help me solving this problem!!!

Hi Atul,

I bought your book from OnlineAppsDBA and am on Page 121 of the eBook. I am running into issues installing WebGate 10g, where it is not able to talk to OAM Managed Server, whereas the Managed Server is up!

Thanks
Vivek

@ Vivek,
Check if

1. There are any errors in OAM managed servers logs
2. Check from weblogic console that OAM_SERVER application is in state active
3. Check if OAM access server is listening on port 5575 (netstat -an | grep 5575 LISTEN )

Atul

Thanks Atul for the response!
Actually I was working on another project in parallel and there the my domain was marketsphere.com, whereas this server the domain was marketsphereconsulting.com. So I had a mixup odf domain I was providing the installer. When I corrected that, I could proceed further.
Your help is very much appreciated!

Thanks a lot

Vivek

Hi Atul,

I bought your book from OnlineAppsDBA and am on Page 133 of the eBook. I am confused what the value of this port should be?
Listen Port: 8602

Is this the port that the EBS listens on, or just an arbitrary port for this managed server?

Thanks for your help!
Vivek

@ Vivek,
This is just an arbitrary port for this managed server. If you choose a differnet port then change 8602 in eBook to this new port that you use.

Hi Atul,

I bought your book from OnlineAppsDBA.com and am on page 137, executing the ant script ant -f txkEBSAuth.xml to create data source. I am getting the following error.
Buildfile: txkEBSAuth.xml
[taskdef] Could not load definitions from resource net/sf/antcontrib/antcontrib.properties. It could not be found.

findOS:

getServerDetails:
[input] skipping input as property wlshosturl has already been set.

BUILD FAILED
/u01/sso/Middleware/appsutil/accessgate/OBA1S/txkEBSAuth.xml:62: Could not create task or type of type: if.

Ant could not find the task or a class this task relies upon.

This is common and has a number of causes; the usual
solutions are to read the manual pages then download and
install needed JAR files, or fix the build file:
– You have misspelt ‘if’.
Fix: check your spelling.
– The task needs an external JAR file to execute
and this is not found at the right place in the classpath.
Fix: check the documentation for dependencies.
Fix: declare the task.
– The task is an Ant optional task and the JAR file and/or libraries
implementing the functionality were not found at the time you
yourself built your installation of Ant from the Ant sources.
Fix: Look in the ANT_HOME/lib for the ‘ant-‘ JAR corresponding to the
task and make sure it contains more than merely a META-INF/MANIFEST.MF.
If all it contains is the manifest, then rebuild Ant with the needed
libraries present in ${ant.home}/lib/optional/ , or alternatively,
download a pre-built release version from apache.org
– The build file was written for a later version of Ant
Fix: upgrade to at least the latest release version of Ant
– The task is not an Ant core or optional task
and needs to be declared using .
– You are attempting to use a task defined using
or but have spelt wrong or not
defined it at the point of use

Remember that for JAR files to be visible to Ant tasks implemented
in ANT_HOME/lib, the files must be in the same directory or on the
classpath

Please neither file bug reports on this problem, nor email the
Ant mailing lists, until all of these causes have been explored,
as this is not an Ant bug.

Total time: 0 seconds

Actually I could proceed by fixing some paths, but I get another error
[wlst] once the activation is completed.
[wlst] ************************************************************************
[wlst] ERROR: Error encountered while activating the changes.
[wlst] Canceling the edit session.
[wlst] ************************************************************************
[wlst] Discarded all your changes successfully.
[wlst] This Exception occurred at Mon Oct 15 13:47:54 CDT 2012.
[wlst] weblogic.application.ModuleException:
[wlst] at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:302)
[wlst] at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
[wlst] at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:518)
[wlst] at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
[wlst] at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
[wlst] at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:47)
[wlst] at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:614)
[wlst] at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
[wlst] at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:184)
[wlst] at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:43)
[wlst] at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
[wlst] at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
[wlst] at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:208)
[wlst] at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98)
[wlst] at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:217)
[wlst] at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:749)
[wlst] at weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1216)
[wlst] at weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:218)
[wlst] at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:160)
[wlst] at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:171)
[wlst] at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.prepare(DeploymentReceiverCallbackDeliverer.java:41)
[wlst] at weblogic.deploy.service.internal.statemachines.targetserver.AwaitingContextUpdateCompletion.callDeploymentReceivers(AwaitingContextUpdateCompletion.java:164)
[wlst] at weblogic.deploy.service.internal.statemachines.targetserver.AwaitingContextUpdateCompletion.handleContextUpdateSuccess(AwaitingContextUpdateCompletion.java:66)
[wlst] at weblogic.deploy.service.internal.statemachines.targetserver.AwaitingContextUpdateCompletion.contextUpdated(AwaitingContextUpdateCompletion.java:32)
[wlst] at weblogic.deploy.service.internal.targetserver.TargetDeploymentService.notifyContextUpdated(TargetDeploymentService.java:225)
[wlst] at weblogic.deploy.service.internal.DeploymentService$1.run(DeploymentService.java:190)
[wlst] at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
[wlst] at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
[wlst] at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
[wlst] Caused by: weblogic.common.resourcepool.ResourceSystemException:
[wlst] Could not connect to ‘oracle.apps.fnd.ext.jdbc.datasource.AppsDataSource’.
[wlst] The returned message is: ORA-01017: invalid username/password; logon denied
[wlst] It is likely that the login or password is not valid.
[wlst] It is also possible that something else is invalid in
[wlst] the configuration or that the database is not available.
[wlst] at weblogic.jdbc.common.internal.JDBCUtil.parseException(JDBCUtil.java:301)
[wlst] at weblogic.jdbc.common.internal.PooledConnectionEnvFactory.makeConnection(PooledConnectionEnvFactory.java:313)
[wlst] at weblogic.jdbc.common.internal.PooledConnectionEnvFactory.createResource(PooledConnectionEnvFactory.java:97)
[wlst] at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1249)
[wlst] at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1166)
[wlst] at weblogic.common.resourcepool.ResourcePoolImpl.start(ResourcePoolImpl.java:249)
[wlst] at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1155)
[wlst] at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:154)
[wlst] at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:455)
[wlst] at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:372)
[wlst] at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:255)
[wlst] Traceback (innermost last):
[wlst] File “/tmp/wlsttempfile89327382.py”, line 125, in ?
[wlst] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[wlst] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
[wlst] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
[wlst] at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
[wlst]
[wlst] java.lang.Exception: java.lang.Exception: Error encountered while activating the changes
[wlst]
[wlst] Exception in thread “Main Thread” java.lang.IllegalStateException: Traceback (innermost last):
[wlst] File “/tmp/wlsttempfile89327382.py”, line 125, in ?
[wlst] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[wlst] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
[wlst] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
[wlst] at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
[wlst]
[wlst] java.lang.Exception: java.lang.Exception: Error encountered while activating the changes
[wlst]
[wlst] at weblogic.management.scripting.WLSTInterpreterInvoker.printError(WLSTInterpreterInvoker.java:110)
[wlst] at weblogic.management.scripting.WLSTInterpreterInvoker.executePyScript(WLSTInterpreterInvoker.java:103)
[wlst] at weblogic.management.scripting.WLSTInterpreterInvoker.main(WLSTInterpreterInvoker.java:27)

BUILD FAILED
/u01/sso/Middleware/appsutil/accessgate/OBA1S/txkEBSAuth.xml:47: The following error occurred while executing this line:
/u01/sso/Middleware/appsutil/accessgate/OBA1S/txkEBSAuth.xml:408: Error Creating DataSource

Total time: 44 seconds

Which username is is trying to access? As I set the password for ASADMIN as ASADMIN as was in the book!

And I can logon as asadmin in EBS

@ Vivek Sharma

a) You copied fndext.jar file to the domain library and restarted the AdminServer after that

b) User ASADMIN has connect schema role assigend

c) Ensure that DBC file is correct

d) Ensure that SERVERID in dbc file is one exists in FND_NODES table in EBS under apps schema

e) If a-d are correct then try ASADMIN in upper case

a-d were completed. Changing to upper case does not help.

The only thing that I am suspecting can be a problem, was when I created the DBC file on the EBS server, I used just node name, instead of fqdn, as fqdn was more than 30 characters for me and the fnd_nodes has a limit. I had an SR open with Oracle and they suggested, it would be fine like this for a data source. What is your opinion?
I used NODE_NAME=fusionidm, instead of fusionidm.marketsphereconsulting.com which was erroring the script java oracle.apps.fnd.security.AdminDesktop

@ Vivek,

NODE_NAME=fusionidm should be OK.

Paste content of your DBC file and output from FND_NODES table. Also update hostname of server where WebLogic Admin Server (one on which Access Gate is deployed) is running .

Admin server is running on fusionidm.marketsphereconsulting.com

DBC:
[fmwidm@fusionidm OBA1S]$ more OBA1S_FUSIONIDM.dbc
#Desktop DB Settings
#Thu Oct 11 21:44:45 CDT 2012
FNDNAM=APPS
APPL_SERVER_ID=CBD3AA97FC0A8472E040A8C0B00A6B5324975527834015535318174214438204
APPS_JDBC_URL=jdbc\:oracle\:thin\:@(DESCRIPTION\=(ADDRESS_LIST\=(LOAD_BALANCE\=YES)(FAILOVER\=YES)(ADDRESS\=(PROTOCOL\=tcp)(HOST\=oba1s.marketsphere.com)(PORT\=1526)))(CONNECT_DATA\=(SERVICE_NAME\=
OBA1S)))
GWYUID=APPLSYSPUB/PUB

FND_NODES:
NODE_NAME
——————————
SERVER_ID
—————————————————————-
SERVER_ADDRESS
——————————

FUSIONIDM
CBD3AA97FC0A8472E040A8C0B00A6B5324975527834015535318174214438204

Hi Atul,
I am on page 140 of your ebook, and am getting a 404 Not Found error?
Even though the Application got deployed, I am getting the 404 Not Found error for the following URL:

http://fusionidm.marketsphereconsulting.com:7777/ebsauth_OBA1S/OAMLogin.jsp

I have already put the following in the mod_wl_ohs.conf

SetHandler weblogic-handler
WebLogicHost fusionidm.marketsphereconsulting.com
WebLogicPort 8602

Any ideas?

Is it possible, that during registration of the webgate step:
./oamreg.sh inband /u01/sso/Middleware/Oracle_IAM1/oam/server/rreg/input/oba1s.xml

My oba1.xml had the following contents, where I used ebsauth_oba1s as the resource, instead of ebsauth_OBA1S, that could cause problems? and is there a way to fix this?

http://fusionidm.marketsphereconsulting.com:7001
OBA1S_HostId
OBA1S_OAM
http://fusionidm.marketsphereconsulting.com:7777

/logout

/ebsauth_oba1s/
/ebsauth_oba1s/…/*

/public/index.html
/ebsauth_oba1s/OAMLogin.jsp
/ebsauth_oba1s/style/
/ebsauth_oba1s/style/…/*
/public/oacleanup.html

/excluded/index.html

After fixing this in oamconsole, I got the login page. On page 141 of the ebook, what username would I use to login?

Atul,

I am trying to configure webgate and was successful in creating agent and registering it. But when I try to hit the web server on http port, it directs me to oam server on 14100 port but I cant connect to it. Somehow, I have never been able to telnet on 14100 even though my oam managed server is running and I can access oam console but instead I can telnet on 5575.
Also, my adminserver logs keep complaining about this error:

Is something wrong with my configuration?

Thanks

This is the error which I get in my admin sevrer logs.
Failed to communicate with any of configured Access Server, ensure that it is up and running.

I installed OAM and IAMSuiteAgent is enabled. Now how can i use IAMSuiteAgent?
Before install OAM, i used like “http://:7001/em”, now with IAMSuiteAgent installed by default how can i call EM.

Hi Atul,

I have installed the web-gate 11g for OHS11.1.1.5 and OAM11.1.1.5 BP3 on solaris 64, configured webgate by following steps mentioned by you, everything goes fine however when i try to access http://localhost:81 (OHS URL), it says:

“Sorry, Requested page can no be found – 404″

I have added few handler in mpd_wl_**.conf like for /odsm and also created a new resource, auth policy and authz policy in same domain in oam but when i try to access http://localhost:81/odsm, it says:

“Sorry, Requested page can no be found – 404″

When i disabled OHS_WG1 agent from OAM admin console, then i am able to access http://localhost:81/odsm.

Also checked for http://localhost:81/oam/pages/login.jsp , is not accessible when agent is enable.

Can you suggest me what wrong might be the possible problem.

Regards
Santosh

Hi Atul,

Thanks for quick reply.

I will try that.

As i have mentioned that i created a new resource /odsm and selected “LDAP Scheme” even for that, it throws same error.

I could not see any error in log file except ” could not read oblog_config.xml ( which can be ignored as per oracle doc.)

Regards
Santosh

@ Santosh,
To see if WebGate is an issues (if yes then you can apply fix in my previous update), disbale webgate by commenting include file for webgate.conf in httpd.conf and then bounce OHS.

If you see this working then issue is with webgate and define policy

If you see this NOT working then issue is with OHS and ensure that mod_wl_ohs.conf has correct entry to connect to weblogic server on which application (like ODSM) is running. To know more on mod_wl_ohs.conf check http://onlineappsdba.com/index.php/2009/09/23/configure-oracle-http-server-infront-of-oracle-weblogic-server-mod_wl_ohs/

Hi Atul,

I am able to access page after commenting webgate entry in httpd.conf file. so looks like issue is with webgate and define policy.

Shouls i delete the agent in OAM console and recreate using OAM Admin console.?
Do you suggest any other steps ?

Regards
Santosh

Hi Atul,

My OAM Admin server (weblogic admin ) is running on port 7001 and OAM manage server is on port 14100, just want to confirm, while registering webgate which port should i use in server address?

I used 7001, please confirm ?

Regards
Santosh

@ you don’t use any of these ports. You must use OAM proxy server port. Default value is 5575 , search on this blog about how to find OAM proxy port and you will get more information on this port.

This is also explained in our eBook oam integration with e-business suite

@Atul –

Thanks. I created new agent and policy manually using OAM console, its working now but i am getting another issue i.e. after OAM login, it give error while redirecting the page, page is getting hang but if i refresh the page then it display the welcome page ( error say something could be wrong on cookie setting or redirection in the browser)

Regards
Santosh

Hi Atul,

I have installed 10g webgate and trying to connect to OAM11gR2 server. It works fine when the communication mode is open but when I try to use simple mode, accee to url http://host/access/oblix/apps/webgate/bin/webgate.cgi?progid=1
gives error
The WebGate plug-in is unable to contact any Access Servers.

Oblix: 2012/11/09@01:45:07.419293 29507 29507 ACCESS_GATE FATAL 0x00001520 /scratch/alnguyen/Oblix/coreid1014/palantir/webgate2/src/apache2entry_web_gate.cpp:433 “Exception thrown during WebGate initialization”

I verified it twice as its working fine in open mode but not simple mode. HHTP server can telent to oam server on 5575 and everything else is running. There are no other errors in the logs.
Any suggestions?

Thanks,
Pratima

@ Pratima,
What all changes you made in order to change OAM from OPEN to SIMPLE ?

Note: There is a BUG in 11gR1 (not tried with 11gR2 yet) where if you use higher version of JDK (higher than 1.6.24) and use SIMPLE or CERT mode then WebGate doesn’t work (because of certificates). I am not sure if that BUG is still on 11gR2 but curious to know steps you carried out to convert from OPEN to SIMPLE

Atul,

I changed the mode of oam server to simple and then changed the webgates mode to simple. After that I copied the obaccessclient.xml under lib folder on webgate server, password.xml to config folder and aaa certificates under config/simple folder.. Please note that simple folder wasn’t already there as per the docs.. Then I restarted the web server and oam servers.

hi Atul,
i have installed OAM Webgate 11g on OHS 11g,
i am referring your book Oracle Identity and access manager 11g for Administartion.I am unable to edit EditHttpConf file for webgate configuration with the following error
./EditHttpConf -w /u01/oracle/apps/idam/Middleware/Oracle_WT1/instances/instance1/config/OHS/ohs1/ -oh /u01/oracle/apps/idam/Middleware/Oracle_OAMWebGate1 -o /u01/oracle/apps/idam/output2.txt

./EditHttpConf: error while loading shared libraries: libclntsh.so.11.1: wrong ELF class: ELFCLASS64
please help me to resolve this problem.
Thanks in Advance.

Atul:

We are following your book.
We are unable to see the default list in Resource Type in Policy Configuration.
HTTP
wl_authen
without them we cant register the weggates

Please help us
Thanks

Hi Atul,

I am getting follwoing error while creating data source for EBS Access Gate- after setting domain env, when i run –
/usr/sfw/bin/ant -f txkEBSAuth.xml createDataSource

It throws below error at the end –
createDataSource:
[echo] ********************************************************************
[echo] STEP 1: CREATING DATA SOURCE
[echo] ********************************************************************
[trycatch] Caught exception: Problem: failed to create task or type wlst
[trycatch] Cause: The name is undefined.
[trycatch] Action: Check the spelling.
[trycatch] Action: Check that any custom tasks/types have been declared.
[trycatch] Action: Check that any / declarations have taken place.
BUILD FAILED
/u01/iam/fmw11.1.1.5/appsutil/accessgate/ebs01/txkEBSAuth.xml:408: Error Creating DataSource

Total time: 44 seconds

Any idea, what could be wrong ?

Thanks
Santosh

/usr/sfw is ANT_HOME path.

when i run ant -f txkEBSAuth.xml, it say ant not found, even though ANT_HOME is already set.

Hi Atul,

When i run /usr/sfwant -f txkEBSAuth.xml
(create and deploy both)

BUILD FAILED
/u01/iam/fmw11.1.1.5/appsutil/accessgate/ebs01/txkEBSAuth.xml:171: Problem: failed to create task or type propertyregex
Cause: The name is undefined.
Action: Check the spelling.
Action: Check that any custom tasks/types have been declared.
Action: Check that any / declarations have taken place.

@ srshukla3,

You said “/usr/sfw is ANT_HOME path” is this the one that comes with Linux/Unix or is this your weblogic home too ?

If ANT_HOME is not from weblogic then try one from weblogic

Take a look at section 11.3 “deploy ebs accessGate” our eBook http://onlineappsdba.com/index.php/book/

Make sure that you set weblogic environment file setWLSEnv.sh

Hi Atul,

In EBS12.1.3 ,i can not see the profiles (FND: Validate User Type,FND: Validate IP address..).

Is it must to have these system profile ?
My access Gate deployment still fails –

BUILD FAILED
/u01/iam/fmw11.1.1.5/appsutil/accessgate/ebs01/txkEBSAuth.xml:408: Error

Please confirm, if i need to apply any patch.

Hi Atul,

I have taken defualt DBC file, did not generate it -can you verify if the format it is correct, i do not see APPS_JDBC_URL in this –

APPS_JDBC_DRIVER_TYPE=THIN
FND_JDBC_BUFFER_MIN=1
DB_NAME=prod
GWYUID=APPLSYSPUB/PUB
FND_JDBC_BUFFER_MAX=5
FND_JDBC_STMT_CACHE_SIZE=100
TWO_TASK=prodcln
JDBC\:oracle.jdbc.maxCachedBufferSize=358400
JDBC\:processEscapes=true
FND_MAX_JDBC_CONNECTIONS=500
FND_JDBC_USABLE_CHECK=false
FNDNAM=APPS
FND_JDBC_PLSQL_RESET=false
DB_PORT=1521
FND_JDBC_CONTEXT_CHECK=true
FND_JDBC_BUFFER_DECAY_SIZE=5
DB_HOST=sfinappstst01.testsf.testsp.edu.sg

I am getting error whilec creating datasource –
Caused by: weblogic.common.resourcepool.ResourceSystemException: Invalid port number for database URL: jdbc:oracle:thin:@${appsDBHostname}:${appsDBPort}:${appsDBSID}
[wlst] at weblogic.jdbc.common.internal.JDBCUtil.parseException(JDBCUtil.java:301)

Hi Atul,

Need one favour from you,

We have to set up IAM DR system replica of Live Prod IAM DC.

We have done below mentioned points as per document oracle e15250.pdf
1.We have tar and untar all directories from DC to DR.
2. Added Alias hostname at DR sitein /etc/hosts as per doc.
3.Our OID instance, OHS11g,Identity and Access Server’s are up.
4.We also configure the Webgate from
[dbuser@MPBPLDRIDA2 configureWebGate]$ ./configureWebGate -i /orahome/oracle/product/OAM_HOME/webgate/access -t Webgate
this command.
and shows :
Web Gate Installed Successfully.

But here the problem is the webgate entries is not updated in https.conf.
So can I confirm the its webgate installation.
I am trying to hit the confirmation url
url http://MPBPLDRIDA2:7777/access/oblix/apps/webgate/bin/webgate.cgi?progid=1
I am getting 404 error.

Hi Atul

I would like to know how to setup OAM 11gR2 SSO for a web page.

Can you please describe the required steps and all configuration?

Thank you
Aman

Hi Atul,
Issue resolved on move back the webgate entries in httpd.conf file and diagnose page appeared.

But I am facing one issue regarind the IP’s of DC.. which is showing in DR Setup (viz . Directoty Profiles, Identity Server and Wepass(Core id server) ) i.e. DC IP(10.10.x.x)insteadof DR Hostname, should i manually change at all place and restart the servers.

Dear Atul,

We have successfully configured OAM 11.1.1.5 with EBS 12.1.1 and OID 11.1.1.6 with WNA.
Now we need to configure another EBS application with same OAM access manager.
Can you please tell me is it possible to configure and how can be it done.

Thank you!!!

Arul

Hi Atul,

I am configuring oam 11gr2 in High Availability my admin server and access server is on node1 and another instance of access server is running on node2 and Here are my access server id’s (WLS_OAM1 and WLS_OAM2 ) they are in cluster.

Now I am installing 10g webgate on apache web server while installing webgate it asks for access server id and hostname where access servers are installed. If I gave access server id as WLS_OAM1 and hostname of node1. If WLS_OAM1 is down how it is said to be as HA ?

Can you please help me in configuring webgate with both instances of access servers ?

Thanks in advance.

Regards,
Narendra

@ Narendra,
Good question. When you configure WebGate and give access server ID as WLS_OAM1 then WebGate connects to OAM server and checks that there are two OAM servers . WebGate then downloads XML file with details of both OAM1 & OAM2 server as available servers.

ANy future connectsion are made using this XML file which has two OAM servers.

If you go to Webate Instance in OAM server then search for your webgate and under access servers you should see noth WLS_OAM1 and WLS_OAM2 listed.

Let me know if you can’t find name of xml file in WebGate

Atul,Thanks for a quick reply.

Is the file name is ObAccessClient.xml which is under WEBGATE_install_dir/webgate/access/oblix/lib ?

And on more question which is related to HA, I have no load balancer but I am using apache (Instance1)for failover and specified the apache hostname as loadbalancer name in access manager settings and it is working fine for me and on another apache (instance2) I have resources to protect, Now I am installing webgate to protect resource on apache instance2, Here what is the hostname I have to give to install webgate in HA ?

How to install webgate using OAP ?

Thanks in advance ?

Regards,
Narendra

Hi Atul,

I would like to install oracle access manager 11g webgate on OHS server which is installed by extending my existing environment where OID/OVD(IDM 11g 11.1.1.7.0) are installed previously.

But I am not able to install webgate, I am getting error like below ,

“The Oracle home for the following components are not installed. Oracle webtier Utilities.”

OHS is the Oracle webtier right ?

Please provide me a solution for this issue.

Thanks,
Viruls

@Viruls,
At what stage you are hitting this error ?

What is middleware home you selected duing WebGate installation ?

Is OHS oarcle_home installed in this Middleware Home ?

Hi Atul,

Thanks for a quick response,

Please find the answers for the above questions from you

1) I selected the MW_HOME where I installed oid,ovd,odsm,ohs

2)while installing the 11g Webgate through GUI after selecting the MW_HOME I am getting this error,

3)I just extended the domain to configure ohs.

Regards,
Viruls

@ Virual,
Problem is with Middleware Home Oracle Home for OHS and WebGate Oracle Home

Give me full path of these three directory (These three must be on same host)

Hi Atul,

Middle ware home path :
/u01/oracle/Middleware

Ohs path :
/u01/oracle/Middleware/ohs_inst1

While installing webgate in this middleware home I am getting that error.

@ Viruls

/u01/oracle/Middleware/ohs_inst1 looks more like ORACLE_INSTANCE which is different than ORACLE_HOME . If you share content of this directory then I can tell if this is ORACLE_INSTNACE or not.

Where is ORACLE_HOME for OHS ?

Hi Atul,

Thank you for letting me know the difference b/w oracle_instance and oracle_home , There is no OHS oracle_home (eg: Oracle_WT1) in my environment I installed Webtier utilities and it solved my issue.

Thanks You.

Hi,
When I tried to update httpd.cong it gives me following error on cmd prompt:
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application’s support team for more information.
My product version are:
Weblogic: 10.3.6
OAM: 11.1.2.0
webgate: 11.1.2.0
webtier: 11.1.1.6.0
VC++: Latest
OS: windows 7 64-bit

Please suggest me to to solve this error.

Hi Atul,
Thanks for the help,
Running command prompt as administrator didn’t work for me. I had done it manually.
When I login to OAM console using “http://:/oamconsole”
It open the welcome page but also shows that
“The policy configuration is not available”
Any help in this regards?

@ Sunil,
OAMconsole is deployed on Admin Server so check WebLogic Admin Server log files .

Hi Atul,
Looking at the log I have found following exception
java.lang.Exception: Exception occured in wireOAMWithRP
at oracle.security.am.install.oic.OAMOICWiringManager.wireOAMWithRP(OAMOICWiringManager.java:522)
at oracle.security.am.install.oic.OAMOICWiringManager.wireOAMWithOIC(OAMOICWiringManager.java:760)
at oracle.security.am.install.OAMInstaller.configureSystemConfig(OAMInstaller.java:434)
at oracle.security.am.install.startup.OamInstallTopologyConfigListener.OamSysConfigOperations(OamInstallTopologyConfigListener.java:89)
at oracle.security.am.install.startup.OamInstallTopologyConfigListener.initialize(OamInstallTopologyConfigListener.java:56)

and

oracle.security.am.common.policy.admin.PolicyManagerException: OAMSSA-06252: The policy store is not available; please see the log file for more details.
at oracle.security.am.common.policy.admin.PolicyAdminFactory.getProvider(PolicyAdminFactory.java:243)
at oracle.security.am.common.policy.admin.PolicyAdminFactory.init(PolicyAdminFactory.java:166)
at oracle.security.am.common.policy.admin.PolicyAdminFactory.getPolicyAdmin(PolicyAdminFactory.java:334)

Thanks,
SUnil

Hi,

I have deployed custom application in tomcat and I need to protect using OAM . I followed first procedure given by Mahendra in this blog, but when I am accessing to a page of that application it is prompting both OAM login page and application’s login page.
I want tomcat authentication to be happening directly so that it won’t throw tomcat login page again. The customer don’t want to change code in the Custom Application .

Can you please suggest me how can we achieve this.

Thanks

Atul my configuration just now started throwing…

[oracle@pic-oam03 ~]$ /oracle/Middleware/asinst_1/bin/opmnctl startall
opmnctl startall: starting opmn and all managed processes…
================================================================================
opmn id=pic-oam03:6701
0 of 1 processes started.

ias-instance id=asinst_1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
——————————————————————————–
ias-component/process-type/process-set:
oid1/oidmon/OID/

Error
–> Process (index=1,uid=259125200,pid=5330)
time out while waiting for a managed process to start
Log:
/oracle/Middleware/asinst_1/diagnostics/logs/OID/oid1/console~OID~1.log

[oracle@pic-oam03 ~]$
Message from syslogd@ at Thu Dec 5 16:57:48 2013 …
pic-oam03 Oblix: 2013/12/05@23:57:48.047524 4651 4683 ACCESS_GATE FATAL 0x00001520 /usr/abuild/Oblix/coreid1014/palantir/webgate2/src/apache2entry_web_gate.cpp:433 “Exception thrown during WebGate initialization”

I am running java version “1.4.2”, any ideas!?

Atul, the console~OID~1.log only contains

——–
13/12/05 16:57:21 Start process
——–

——–
13/12/05 16:57:38 Stop process
——–

Without any errors, any ideas if I need to turn of the log level? or another place I could look. Thanks Atul!

Check OPMN logs and also last file updated under

$ORACLE_INSTANCE/diagnostics/OID/oid1/logs

oidmon and other files in that folder

Thanks Atul, I found the error I think.

[2013-12-09T10:28:13-07:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: pic-oam03] [pid: 3856] [tid: 0] Guardian: Connecting to database, connect string is oiddb

[2013-12-09T10:28:13-07:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: pic-oam03] [pid: 3856] [tid: 0] Guardian: [gsdsiConnect] ORA-28001, ORA-28001: the password has expired

I will try and figure out which users password has expired and fix it.

@ Joshua,
Good, for now you can reset password back to same value and then re-start services.

As long term fix and avoid this happening in future, create profile in database and set password not to expire for application schemas like ODS, ODSSM, and all IAM schema created by RCU _OIM/OAM etc

Atul, thanks to your help I have made good progress.

I feel like I am on the last leg.

http://172.17.16.11:7001/console – WebLogic Admin Console
http://172.17.16.11:7005/odsm – Directory Services console

Both login fine

All my services seem good

[oracle@pic-oam03 ~]$ /oracle/Middleware/asinst_1/bin/opmnctl status

Processes in Instance: asinst_1

ohs1 | OHS | 3851 | Alive
ovd1 | OVD | 3849 | Alive
oid1 | oidldapd | 4702 | Alive
oid1 | oidldapd | 4697 | Alive
oid1 | oidmon | 3853 | Alive
EMAGENT | EMAGENT | 3850 | Alive

Unfortunately
http://172.17.16.11:7777/identity/oblix
&&
http://172.17.16.11:7777/access/oblix

Prompt for login and password but are failing with the creds I thought. Any idea which log files I should check for this issue?

I am at a lose. Run out of ideas.

Hi Atul,

I am getting below Certificate error while trying to validate my webgate configuration.

oracle@orgxdevidam01:/oracle/app/environments/dev/security/user_projects/domains/iam_domain/bin$ wget http://orgxdevidam01.in.oracle.com:7777/console
–2014-02-25 18:43:57– http://orgxdevidam01.in.oracle.com:7777/console
Resolving orgxdevidam01.in.oracle.com (orgxdevidam01.in.oracle.com)… 10.184.152.66
Connecting to orgxdevidam01.in.oracle.com (orgxdevidam01.in.oracle.com)|10.184.152.66|:7777… connected.
HTTP request sent, awaiting response… 302 Found
Location: https://orgxdevidam01.in.oracle.com:8004/oam/server/obrareq.cgi?encquery%3D5nRY9sfm69pQqvgi6AcUnTeKJGJpTpdLSRurAM8ZTvnudBPZJLbI0WQuva3OX7VinKLHIGJ%2FCT%2BPTmPnYP0VMlp%2BX9%2FBlBDiCloWX6ylpz7B81IRzePlkYIX8ub%2BC3vlBYliaxrJRp8Fw6I%2Bb%2FvY05ct1SYV4r1zrEjXpQXPyd%2Fuzvr94n8ozlcrHeWhF9a5g6T19yK%2FeemZqodml4pJtJhmyrn26xfvHXL4dWkt052ZwDm5y9aQ1%2BBX03ubcmO%2Fc7jt9Wifo%2BpuEvSCsR8U6UYf0HpVO18MLknBNY9%2FW1p5powJYOmHiTeZmGM4YC9m%20agentid%3DWebgate_IDM%20ver%3D1%20crmethod%3D2 [following]
–2014-02-25 18:43:58– https://orgxdevidam01.in.oracle.com:8004/oam/server/obrareq.cgi?encquery%3D5nRY9sfm69pQqvgi6AcUnTeKJGJpTpdLSRurAM8ZTvnudBPZJLbI0WQuva3OX7VinKLHIGJ%2FCT%2BPTmPnYP0VMlp%2BX9%2FBlBDiCloWX6ylpz7B81IRzePlkYIX8ub%2BC3vlBYliaxrJRp8Fw6I%2Bb%2FvY05ct1SYV4r1zrEjXpQXPyd%2Fuzvr94n8ozlcrHeWhF9a5g6T19yK%2FeemZqodml4pJtJhmyrn26xfvHXL4dWkt052ZwDm5y9aQ1%2BBX03ubcmO%2Fc7jt9Wifo%2BpuEvSCsR8U6UYf0HpVO18MLknBNY9%2FW1p5powJYOmHiTeZmGM4YC9m%20agentid%3DWebgate_IDM%20ver%3D1%20crmethod%3D2
Connecting to orgxdevidam01.in.oracle.com (orgxdevidam01.in.oracle.com)|10.184.152.66|:8004… connected.
ERROR: cannot verify orgxdevidam01.in.oracle.com’s certificate, issued by `/C=US/ST=MyState/L=MyTown/O=MyOrganization/OU=FOR TESTING ONLY/CN=CertGenCAB’:
Unable to locally verify the issuer’s authority.
To connect to orgxdevidam01.in.oracle.com insecurely, use `–no-check-certificate’.
oracle@orgxdevidam01:/oracle/app/environments/dev/security/user_projects/domains/iam_domain/bin$

Can you please help me in fixing the certiticate error.

Atul,

8004 is SSl port for oam_server1 configured under iam_domain hosted in orgxdevidam01 host.

We have configured web gate on Webtier OHS and created an agent in oamconsole and have followed all required configuration.

wget is working fine with no certificate.

@ Saurabh,
If I am not wrong wget (on linux) is trying to access https://orgxdevidam01.in.oracle.com:8004 from front end channel.

Cert on 8004 are issued by /C=US/ST=MyState/L=MyTown/O=MyOrganization/OU=FOR TESTING ONLY/CN=CertGenCAB’ and this CA is not in CA’s list.

To make this testing (don’t use this way to test butuse broweser and add CA cert in browser) add CA’s cert in unix’s trust store .

ok sure..

ya right actually i was testing through browser only. but due to certificate error i was not able to test. Let me configure the certs

Thanks

Hi Atul,

Certificates issue have been resolved, now we are able to receive SSO page for the url we are triggering. But single sign on is not happening.
Ex –

http://orkxdevidam01.in.oracle.com:7777/console

When we hit the above url it redirects us to SSO page. Since we have the done context mapping for oamconsole, console and oim in mod_ohs.conf.

When we authenticate the SSO page with oamadmin it redirects us to weblogi console page, rather than logging in console internally and taking us to console home page.

So we had authenticate again in console page. Can you please help, how to enable the SSO here.

The mode OAM agent is configured is “Open”. We are not using any SSL Certs and communication.

We missed OAMIdentityAsserter. After coniguring it, Our Single Sign on is working fine.

Hi,

We are having an issue with registering Webgate in OAM.

Our setup is as follows:

We have one Redhat machine where we have installed Oracle DB, OHS and WebGate

We have another Redhat machine where we have installed OAM and OUD.

The issue appears when we try to register a new “OAM 11g webgate” in OAM console. After we fill up the details in the page and click on appy we get a “Null pointer”.

We have also tried the command line option using “rreg” and the OAM11gRequest.xml” file. Here also we get a HTTP-500 from the admin server.

The following is appearing on the oam_server1 ( managed oam server ) console

Event response status is STATUS_FAIL for GET_AUTHN_SCHEME event. Error code OAM 0207.

WE tried again through OAM console, this time we unchecked ” auto create policies” . The webgate registration succeeded this time.
Although we have provided explicit protected and public urls, we are unable to access any content on OHS, including “/”.

There appears to be another issue also, no default resource type is being shown in policy configuration tab. Althoug “HTTP” is expected.

Hi Sir,

We a scenario for single user like Whenever he hits OIM selfservices URL which is protected in OAM and submits credentials in SSO login page, he is redirected to OIM default login page.Please help me, the issue is for only one user and there is no difference in user attributes when compared with working user attributes.

[…] these posts 1, 2 to understand concepts of WebGate registration in OAM 11g. Inband registration mode is used when […]

Great information. Lucky me I came across yor
blog by chance (stumbleupon). I’ve saved it for later!

Hi

i am doing the same process, a

i have integrated webgate with webtier and i have created a sso agent through console and i have copied the sso artifacts to webgate/config , and i have restarted the ohs server.

while accessing the server i am getting this error
…………………………………………………………………………………………………………………………………………
Internal Server Error

The server encountered an unknown error, possibly due to misconfiguration. Contact the server administrator: [no address given]

More information about this error may be available in the server error log.
………………………………………………………………………………………………………………………………..

please help me to solve this error

Thank you very much
Praveen