Leave a Comment:
30 comments
Very nice documentation. I was able to configure in seconds, and also understand differences between OAM 11.1.1.3 and OAM 11.1.1.5 in regards of Administrators.
Thank you.
Reply
Hi All,
Really an excellent document to configure OID as user store for OAM 11.1.1.5.0.
I had a doubt that is it possible to set OVD as System store for OAM 11.1.1.5.0?
Thanks & Regards,
Gupta katakam.
Hi All,
I have ODSEE 11g as my user store, can it be possible to integrate it with OAM 11.1.1.5.0. If so please let me know the integration details.
Regards,
Saurav Sharma
Reply
Hi Neha,
Thanks for the blog. It is very informative.
I have OID (11.1.1.6.0) deployed on WebLogic Server (10.3.6). Can you please tell me how to integrate this OID+WebLogic with OAM 11.1.1.5.0?
Also, http://docs.oracle.com/cd/E23943_01/webcenter.1111/e12405/wcadm_security_sso.htm#CEGGCAJE link wants us to configure the Authenticator at OAM WebLogic to connect to OID. Is it necessary?
Thanks for your time
Regards,
Somerset
Reply
@larry143,
To integrate OID 11.1..16 with OAM 11.1.1.5 , steps remain same as mentioned above.
Steps mentioned in link mentioned by you are for SSO. If you wish to integrate this OAM with fusion middleware application for SSO then yes OID as authenticator is required.
Note: Just for OID/OAM integration OID authenticator in weblogic is NOT required.
Reply Hi Atul,
Thank you.
I just found out that Customer wants to use Oracle Portal 11g (NOT Oracle WebLogic Portal 11g).
I guess the architecture of http://docs.oracle.com/cd/E23943_01/webcenter.1111/e12405/wcadm_security_sso.htm#CEGGCAJE is applicable for Oracle Portal which is deployed on WebLogic too.
Meaning I still need to configure the OID Authenticators at the WebLogic Server Domain which hosts Oracle Portal Application. Please correct me if I am wrong.
I understand the OAM and OID integration part of it. Thanks for that thread.
Regards,
Somerset
Reply
Hi Autul,
i am following your document EBS Integration with OID-OAM,
i am in step Create OAM Administrator user and Group in OID
1) Created oadmadin user in OID
2) Created OAMadmin in OID
3) Added user oamadmin to group OAMAdmin
Then i completed this step Configure OID as identity Store in OAM
I am stuck up this step Test that you can login to oamconsole using oamadmin user
i am trying to login as oadmin admin user(getting invalid username/password), its not letting me login and i am not able to login as weblogic user, i am getting Access Denied, please suggest me how to proceed next step.
Reply Hi Atul,
i am following your document EBS Integration with OID-OAM,
i am in step Create OAM Administrator user and Group in OID
1) Created oadmadin user in OID
2) Created OAMadmin in OID
3) Added user oamadmin to group OAMAdmin
Then i completed this step Configure OID as identity Store in OAM
I am stuck up this step Test that you can login to oamconsole using oamadmin user
i am trying to login as oadmin admin user(getting invalid username/password), its not letting me login and i am not able to login as weblogic user, i am getting Access Denied, please suggest me how to proceed next step.
Reply
@Satish
What error messages due you get in admin server logfile- $DOMAIN_HOME/servers/Adminserver/logs
Ensure you see as primary identity store under $DOMAIN_HOME/config/fmwconfig/oam-config.xml
Do an ldapbind from $ORACLE_OID_HOME/bin to ensure credentials used for oamadmin are correct.
Thanks
Neha Mittal
Hi Neha,
here is error message.
here is error message,when i tried to login as weblogic in OAM .
#### <
java.lang.IllegalStateException: The expression “#{bindings.region2.regionModel}” (that was specified for the RegionModel “value” attribute of the region component with id “region2”) evaluated to null.
This is typically due to an error in the configuration of the objects referenced by this expression.
If it helps, the expression “#{bindings.region2}” evaluates to “null”.
If it helps, the expression “#{bindings}” evaluates to “null”. Now using an empty RegionModel instead.
at oracle.adf.view.rich.component.fragment.UIXRegion.getRegionModel(UIXRegion.java:450)
at oracle.adfinternal.view.faces.taglib.region.RegionTag.doStartTag(RegionTag.java:109)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:50)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspNode.execute(OracleJspNode.java:89)
at oracle.jsp.runtimev2.ShortCutServlet._jspService(ShortCutServlet.java:89)
at oracle.jsp.runtime.OracleJspBase.service(OracleJspBase.java:29)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:422)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:802)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:726)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
here is error message when i tried to login as oamadmin user
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
####
####
#### <>
#### <>
Reply here is error message when i tried to login as oamadmin user
<>
<>
<>
<>
<>
<>
<>
<>
weblogic user error
#### <
java.lang.IllegalStateException: The expression “#{bindings.region3.regionModel}” (that was specified for the RegionModel “value” attribute of the region component with id “region3”) evaluated to null.
This is typically due to an error in the configuration of the objects referenced by this expression.
If it helps, the expression “#{bindings.region3}” evaluates to “null”.
If it helps, the expression “#{bindings}” evaluates to “null”. Now using an empty RegionModel instead.
at oracle.adf.view.rich.component.fragment.UIXRegion.getRegionModel(UIXRegion.java:450)
at oracle.adf.view.rich.component.fragment.UIXRegion._beginInterruptibleRegion(UIXRegion.java:682)
at oracle.adf.view.rich.component.fragment.UIXRegion.processRegion(UIXRegion.java:498)
at oracle.adfinternal.view.faces.taglib.region.RegionTag.doStartTag(RegionTag.java:127)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:50)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspNode.execute(OracleJspNode.java:89)
at oracle.jsp.runtimev2.ShortCutServlet._jspService(ShortCutServlet.java:89)
at oracle.jsp.runtime.OracleJspBase.service(OracleJspBase.java:29)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:422)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:802)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:726)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:523)
at weblogic.servlet.internal.RequestDispatcherImpl.include(RequestDispatcherImpl.java:444)
at weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:163)
at weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:184)
at oracle.jsp.runtime.tree.OracleJspIncludeNode.execute(OracleJspIncludeNode.java:47)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspIterationTagNode.executeHandler(OracleJspIterationTagNode.java:45)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
at oracle.jsp.runtime.tree.OracleJspBodyTagNode.executeHandler(OracleJspBodyTagNode.java:58)
at oracle.jsp.runtime.tree.OracleJspCustomTagNode.execute(OracleJspCustomTagNode.java:261)
at oracle.jsp.runtime.tree.OracleJspClassicTagNode.evalBody(OracleJspClassicTagNode.java:87)
here is oamadmin user error log.
Mar 20, 2012 9:48:50 AM IST> <> <> <> <> <> <> <> <> <Authentication Failure for user : oamadmin.
Reply some reason i am not able to post error log,again i am posting error msg
Mar 20, 2012 9:48:50 AM IST. .Notice. .Server. .oam.mbpert.com. .oam_server1. .[ACTIVE] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’. ..WLS Kernel.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-000000000000000e. .1332217130580. .BEA-002613. .Channel “Default” is now listening on 10.172.20.248:14100 for protocols iiop, t3, ldap, snmp, http.
Mar 20, 2012 9:48:50 AM IST. .Notice. .WebLogicServer. .oam.mbpert.com. .oam_server1. .[ACTIVE] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’. ..WLS Kernel.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-000000000000000e. .1332217130608. .BEA-000332. .Started WebLogic Managed Server “oam_server1” for domain “OAMDomain” running in Development Mode
Mar 20, 2012 9:48:52 AM IST. .Notice. .WebLogicServer. .oam.mbpert.com. .oam_server1. .Main Thread. ..WLS Kernel.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-000000000000000b. .1332217132716. .BEA-000365. .Server state changed to RUNNING
Mar 20, 2012 9:48:52 AM IST. .Notice. .WebLogicServer. .oam.mbpert.com. .oam_server1. .Main Thread. ..WLS Kernel.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-000000000000000b. .1332217132741. .BEA-000360. .Server started in RUNNING mode
Mar 20, 2012 9:49:28 AM IST. .Warning. .Default. .oam.mbpert.com. .AdminServer. .PoolWatcher. ..anonymous.. .. .d5cf3ce3b195ec27:-26249f06:1361a9f548e:-8000-0000000000000388. .1332217168255. .BEA-000000. .PoolLogger:PoolWatcher : Pool is not available but it still contains objects, these will be removed
Mar 20, 2012 9:51:50 AM IST. .Error. .oracle.oam.proxy.oam. .oam.mbpert.com. .oam_server1. .[ACTIVE] ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’. ..anonymous.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-0000000000000014. .1332217310019. .BEA-000000. .Session invalid as returned by PBL_check_valid_session_response responseEvent fail
Mar 20, 2012 9:51:50 AM IST. .Warning. .oracle.oam.agent-default. .oam.mbpert.com. .AdminServer. .[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’. .weblogic. .. .d5cf3ce3b195ec27:-26249f06:1361a9f548e:-8000-0000000000000bc8. .1332217310053. .BEA-000000. .OAM Server request failed: OpCode = 19 [GetSessionInfo], Returned Status = Major code: 71(SessionInvalid) Minor code: 2(NoCode)
Mar 20, 2012 9:51:50 AM IST. .Warning. .oracle.oam.agent-default. .oam.mbpert.com. .AdminServer. .[ACTIVE] ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’. .weblogic. .. .d5cf3ce3b195ec27:-26249f06:1361a9f548e:-8000-0000000000000bc8. .1332217310098. .OAMAGENT-00406. .Invalid authentication token: INVALID
Mar 20, 2012 9:52:06 AM IST. .Error. .oracle.oam.user.identity.provider. .oam.mbpert.com. .oam_server1. .[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’. ..anonymous.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-000000000000001f. .1332217326760. .OAMSSA-20023. .Authentication Failure for user : oamadmin.
Mar 20, 2012 9:52:13 AM IST. .Error. .oracle.oam.user.identity.provider. .oam.mbpert.com. .oam_server1. .[ACTIVE] ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’. ..anonymous.. .. .d5cf3ce3b195ec27:3daba191:1362e532124:-8000-0000000000000021. .1332217333943. .OAMSSA-20023. .Authentication Failure for user : oamadmin.
Reply
[…] Keberos Plug-In (This plug-in uses Identity store defined as default. Make sure AD is defined as default Identity Store in OAM 11g […]
Reply […] We are using Embedded Weblogic as System and default store. The concepts of these stores are well explained in this post. […]
Reply […] Double prompt login to OAM 11g Admin Console Posted in July 17th, 2012 byMahendra in idm, oam, troubleshooting, weblogic Print This Post I have OAM 11g setup in my environment and I have created 2 users in OID and assigned to Administrators group. I have configured OID as system store by specifying two users such as oamadmin and mahendra + a group Administrators (to have login access to OAM Admin console). In fact I followed this post. […]
Reply
What does this mean?
Manually Change Identity Store Settings at OPSS Level and configure the IDMDOmainAgent.
on mine says that to make it functional you need to manually change Identity Store Settings at OPSS Level and configure the IDMDOmainAgent.
Reply @ Sunil,
This could be because of different patchset like 11.1.1.5.0 or 11.1.1.5.1 or 11.1.1.5.2
HI,
I can’t see the artifacts under policy configuration tab in OAM11GR2 admin console.
Error:Policy store not available.
[…] h) OAM makes a ldap call to OID (identity store configured with OAM). More on OAM identity store configuration (steps mentioned here are manual integration) here and here […]
Reply […] to external LDAP store like OID/OVD/AD using step for 11.1.1.3 click here and for 11.1.1.5 click here . You can also integrate OAM with LDAP store using idmConfigTool.sh -configOAM more […]
Reply
Hi,
4) OAM uses OAMAdminConsole Autehntication Scehme for “System Store” which in turn calls the “LDAP Module”. This Ldap modules have an “identity store” value which will be used as “system store”. Change this value to newly configured “system store”
Under System Configuration tab–> Authentication modules–> LDAP Authentication Module–> LDAP –>change indentity store to New System store value–>Save
Please let me know how we can do the above step using wlst script or shell script.
Thanks
ankumar
@Ankumar
There are custom wlst commands which you can use to register identity store or modify them but as far as i know wlst dont offer a command to change value of Authentication Module.
For full list of OAM custom wlst commands please check Appendix F of OAM Administration Guide.
Thanks
Neha
Hi,
We integrated OAM with OID, We are able to login into OAM with OID users who are attched to Administrator group.In our environment OAM intergrated with EBS so users created in EBS are refelecting to OID and those are not assigned to Administrator group so SSO authentication is not happening, Any idea please for this
Thanks in advance,
Regards,
Narasimha
@Narasinha
EBS users who are not part of OAM Administrators group doesn’t have any link with SSO authentication failure.
A user who is part OAM Administrators group only have admin rights to access oamconsole and do admin actions on OAM.
For SSO authentication not happening, please check authentication policies, authentication scheme, authentication module define correctly.
Check OAM/OID log files.
Please provide more details on error you getting.
Thanks
Neha
Hi Neha,
Thanks for reply,
In our environment EBS,OBIEE,Liferay(front end application) integrated with OAM 11g. EBS in synchronization with OID so whenever user created in EBS reflecting to OID.Login into EBS through Accegate is working fine but login into frontend application via OAM is not working.If we assaign the user to Administrator group then sso login is happening successfully.
It showing the below error :
Access Denied …
Access to administration console is restricted.
Any idea ?
Thanks,
Narasimha
Hi All,
I am using OIM and OAM 11.1.1.5. I need to integrate OIM and OIM. I dont have OID 11.1.1.5. Is that possible to integrate OAM 11.1.1.5 and OID 11.1.1.5. If it is possible suggest me any document related to this.
Thank you
Reply
Hi Neha,
I am using OAM 11gR2 and I want to use the Security Token Service(STS) facility provided by oracle. I don’t have any idea of how to establish security token service between two web service partners. If you provide some good documentations for implementing Oracle security token service, that helps me.
Thanks
Gopi
Hi,
Nice quick step by step for changing id store to OID in 11.1.1.5.
One thing is not clear reading here & Oracle OAM doc is whether your apps users & groups should be in system store or the default store ?
My first impression is that good practic would be to set the embedded ldap as system store & the OID (where apps users & groups are kept) as the default store.
What’s your opinion ?
Thanks.
Reply