Leave a Comment:
33 comments
Hi Mahendra,
thanks for writing this post, Working with OAM Access Server SDK 11g.
I am currently working on a similar project using OAM Access Client with OAM 11g ASDK except my access client needs a simple mode rather than open mode.
I registered a 10 webgate in OAM 11g server. There are a few files generated, aaa_cert.pem, aaa_key.pem, cwallet.sso, ObAccessClient.xml, password.xml.
Suppose I still use D:\AccessSDK11g as my root directory for Access Client. Where do I copy these files in D:\AccessSDK11g, respectively?
Thanks in advanced!
Gary
Reply
Gary,
You have to import the certificate and key file can to oamclient-keystore.jks. The CA certificate used to issue the certificate and key should be imported into oamclient-truststore.jks.
http://docs.oracle.com/cd/E23943_01/doc.1111/e12491/as_api.htm#BABIEEDF
This link will help you to understanding importing certs and keys to jks files.
Create the structure ASDK_INSTALL_DIR/access/oblix/config
Copy the password.xml to config folder and let me know how it goes.
Reply Hi Mahendra,
I am glad to get your reply. Very appreicated!
In my previous post, I mentioned cwallet.sso, which is wrong, because 10g webgate has no such file generated (11g webgate will generate it).
Yes, I read the doc for “2.5.3 SSL Certificate and Key Files” and generated two jks files.
If the structure ASDK_INSTALL_DIR/access/oblix/config is created in my Access Client side, will all of the files (aaa_cert.pem, aaa_key.pem, ObAccessClient.xml, password.xml) be copied into this directory? Could you please specify where to put them?
Also where to put these two files, oamclient-keystore.jks and oamclient-truststore.jks?
Thanks,
Gary
Reply @Gary,
You would need to copy ObAccessClient.xml to $ASDK_INSTALL_DIR/oblix/lib folder
password.xml to $ASDK_INSTALL_DIR/oblix/config.
aaa_cert.pem, aaa_key.pem has to be imported to OAM key store as explained in doc http://docs.oracle.com/cd/E23943_01/doc.1111/e12491/as_api.htm#BABIEEDF
Please try and let me know how it goes.
Reply Hi Mahendra,
I copied these file under $ASDK_INSTALL_DIR/oblix/lib and $ASDK_INSTALL_DIR/oblix/config.
I haven’t got that far for whether these files are deployed correctly or not, because I got a new error from OAM 11g server,
It seems that the managed server with simple mode I used is not up and running.
I still remember how I created and registered the managed server. I created a new managed server via WebLogic Admin Console, for example: Name: oam_server2, Port: 15100. Then, I registered the server instance “oam_server2″ via OAM Admin Console with the following setting:
Server Name: oam_server2
Host: ghoam11g
Port: 15100
OAM Proxy setting:
Port: 5577 (I changed the default 5575 to 5577)
Proxy Server Id: ghoam11g
Mode: Simple
After running startWebLogic.sh &, I ran startManagedWebLogic.sh oam_server2 & (I didn’t run any other managed servers). Here is the log from the OAM 11g server about oam_server2:
It sounds like my oam_server2 (with simple mode) is up and running. But when I try to login OAM Admin Console, the server log always gives me ” ”
This issues now blocks me to continue testing my Access Client.
Any idea about ?
Thanks,
Gary
Reply I don’t know why the oam 11g server log message I copied and pasted in the previous comment didn’t show up. I copy and paste in this comment again:
Reply Started WebLogic Managed Server “oam_server2” for domain “oam_domain” running in Development Mode
Server state changed to RUNNING
Server started in RUNNING mode
Reply Hi Mahendra,
Sorry to post a few comments a mount ago. I just realize this forums will delete the comment with triangle bracket.
In my recent comment posted on May 30th, 2012 at 3:17 pm , I mentioned a new error, which is “Failed to communicate with any of configured Access Server, ensure that it is up and running.”
Thanks,
Gary
Reply It looks like OAM server is not started properly. Can you please paste the error message?
Reply Hi Mahendra,
I saw the error from the main console (starting the weblogic), “Failed to communicate with any of configured Access Server, ensure that it is up and running.”
Where do I get the error? from the below two files?
– /opt/oracle/Middleware/user_projects/domains/oam_domain/servers/AdminServer/logs/AdminServer.log
– /opt/oracle/Middleware/user_projects/domains/oam_domain/servers/oam_server2/logs/oam_server2.log
Thanks,
Gary
Reply
Hi Mahendra, great to know you and thanks for the wonderful post. My current work is creating a custom access gate as web service using access sdk . The goal is use the Obssocookie and further get the username, last updated time by other domains. For web service part i’m using the jersey libraries and that is fine. For OAM part I have quite no. of questions. Will be glad if you can guide me in the same. followed your post and copied the obsoocookie to specified path also oamasdk-api.jar file. Should i modify any content in the xml file, as i dont have any clue how the connection is going to happen, since i run the JAccessClient.java from my localhost. When i tried the same, the exception was ‘An AccessGate with id Portal has not been configured through the Access System Console’. I understand my primary server has the id as ‘Portal’. How can i proceed…
Reply /opt/oracle/Middleware/user_projects/domains/oam_domain/servers/oam_server2/logs/oam_server2.log
Also, see it in diagnostics file /opt/oracle/Middleware/user_projects/domains/oam_domain/servers/oam_server2/logs/oam_server2-diagnostics
.log
The exception is
java.lang.Exception: Failed to communicate with any of configured Access Server, ensure that it is up and running.
at oracle.security.am.common.aaaclient.ObAAAServiceClient.sendMessage(ObAAAServiceClient.java:1558)
at oracle.security.am.common.aaaclient.ObAAAServiceClient.getClientConfigInfo(ObAAAServiceClient.java:1328)
at oracle.security.am.asdk.AccessClient.readConfigFromServer(AccessClient.java:864)
Charles,
Please confirm if you are able to login to OAM admin console.
Are you seeing this error in OAM logs or webgate logs?
What is the webgate version?
To be simpler, you can modify the webgate profile in OAM console and reconfigure the webgate by running configureWebGate.
-Mahendra
Reply Hi Mahendra,
Thanks a lot for guiding me.
Yes, i’m able to login to the OAM admin console. There are no error in the OAM logs. Webgate version is 10g. the steps i followed is as below.
1. created host identifier and mentioned the server where my custom web gate code is running.
eg: 192.168.XXX.XXX and port:7100
2. created a 10g webgate with default settings.
3. in the 192.168.XXX.XXX server’s admin console under security realms -> Providers – > created the OAMIDAssertor and under this in provider specific mentioned all the details such as application domain, access gate name, primary access server(with port) and access gate password.
However i get the following exception.
<Internal error.
java.lang.Exception: Failed to communicate with any of configured Access Server, ensure that it is up and running.
at oracle.security.am.common.aaaclient.ObAAAServiceClient.sendMessage(ObAAAServiceClient.java:1558)
at oracle.security.am.common.aaaclient.ObAAAServiceClient.getClientConfigInfo(ObAAAServiceClient.java:1328)
at oracle.security.am.asdk.AccessClient.readConfigFromServer(AccessClient.java:864)
at oracle.security.am.asdk.AccessClient.updateConfig(AccessClient.java:890)
at oracle.security.am.asdk.AccessClient.initialize(AccessClient.java:616)
Charles,
You don’t need to edit ObAccessClient.xml. If you find webgate info incorrect, then login to OAM console and edit the profile accordingly and copy the latest ObAccessClient.xml file generated/updated under $DOMAIN_HOME/output/AGENT_NAME.
Second thing, Is there any specific reason why you are creating OAM ID Asserter in WLS?
All you need is to protect a web service using OAM 11g ASDK? Is that right?
OEG or OWSM is the right product to protect web services against OAM.
Reply I presume you are seeing the below exception at Access gate layer.
java.lang.Exception: Failed to communicate with any of configured Access Server, ensure that it is up and running.
Also, it looks to me that Access Gate is not able to contact the Access Server.
Confirm if Access Gate and OAM server are residing in two different machines. Are the timezones different? Is the OAM port open from Access Gate machine to OAM machine? Please check the connectivity.
Any of the other webgates (not access gates) in your env are working fine except the access gate?
Reply Hi Mahendra,
I got an issue for my access client deployed with the OAM 11g ASDK in the Java 7 environment.
The Access Client complains with the following log:
SEVERE 129 AccessLogger: Unsupported JRE Version specified. Version 1.7.0_03 Required Version 1.5 or 1.6
Since my environment must use Java 7 (not Java 6), how to resolve this issue?
Thanks,
gary
Reply Hi Gary,
I am afraid if there is way to make it work with java7.
Why can’t you use Java 6?
-Mahendra
Reply since my company product uses Java 7 as JRE and the access client is bundled with the product, this is why I cannot use Java 6.
Reply
[…] Silent installation/configuration of Access Gate & WebGate: After the partners are imported into target environment, webgate/access gates can be installed in silent mode. Access Gate concepts in OAM 11g are explained in this post. […]
Reply
Hi Mahendra.. I have installed OAM 11g as follows: 1. Installed jdk 1.6.0.30 2. Oracle DB. 3. Weblogic 10.3.5… 4.RCU to create tacbles for OAM. 5. Installed OAM using IDAM 11g and configure it with new weblogic domain. But after i restarted the Admin and managed server, I found that in Weblogic–>servers, the machine name is blank for both Admin and Managed servers. Also while starting the Admin server i found the below error:
SEVERE: Failed to communicate with any of configured Access Server, ensure that it is up and running.
<Cannot get connection from data source.
weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: 0:weblogic.common.ResourceException: Could not create pool connection. The DBMS driver exception was: IO Error: Socket read timed out
at weblogic.jdbc.common.internal.JDBCUtil.wrapAndThrowResourceException(JDBCUtil.java:250)
at weblogic.jdbc.pool.Driver.connect(Driver.java:161)
at weblogic.jdbc.jts.Driver.getNonTxConnection(Driver.java:651)
at weblogic.jdbc.jts.Driver.connect(Driver.java:127)
at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
at oracle.security.am.foundation.mapimpl.coherence.store.DataConnectionUtility.configureConnection(DataConnectionUtility.java:223)
at oracle.security.am.foundation.mapimpl.coherence.store.DataConnectionUtility.getConnection(DataConnectionUtility.java:191)
at oracle.security.am.engines.sme.mapimpl.db.SmeStoreLifecycle.run(SmeStoreLifecycle.java:234)
at java.lang.Thread.run(Thread.java:662)
2. While starting the managed server I found the below error:
<Cannot get connection from data source.
weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: 0:weblogic.common.ResourceException: Could not create pool connection. The DBMS driver exception was: IO Error: Socket read timed out
at weblogic.jdbc.common.internal.JDBCUtil.wrapAndThrowResourceException(JDBCUtil.java:250)
at weblogic.jdbc.pool.Driver.connect(Driver.java:161)
at weblogic.jdbc.jts.Driver.getNonTxConnection(Driver.java:651)
at weblogic.jdbc.jts.Driver.connect(Driver.java:127)
at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
at oracle.security.am.foundation.mapimpl.coherence.store.DataConnectionUtility.configureConnection(DataConnectionUtility.java:223)
———————————-
Also when I logged in OAM console and page opens but the page is blank. it shows some error inside after logging in.
Please help me what has gone wrong.. and how to solve the issue.
Reply Hello,
By default there won’t be machines configured in WLS server.
SEVERE: Failed to communicate with any of configured Access Server, ensure that it is up and running.
You will see the above error when OAM server is not running.
Regarding the DB exception, check the data sources created in weblogic. If admin server is not started check out in config.xml located under $WL_DOMAIN/config
Reply
Can we retrieve the principal from any of the 11g cookies. In 10g you can retrieve the principal from the obsso cookie, does 11g sdk provide this option?
–Thanks
Reply […] written a post earlier about working with 10g Access Gates using Oracle Access Manager 11g. Today, I would like to […]
Reply
I am getting below error. Please help.
Exception in thread “main” java.lang.NoClassDefFoundError: oracle/security/jps/JpsException
at oracle.security.am.asdk.impl.ConfigXMLHandler.(ConfigXMLHandler.java:113)
at oracle.security.am.asdk.AccessClient.initialize(AccessClient.java:1315)
at oracle.security.am.asdk.AccessClient.(AccessClient.java:928)
at oracle.security.am.asdk.AccessClient.createDefaultInstance(AccessClient.java:349)
at wtp.ConverterClient.main(ConverterClient.java:58)
Caused by: java.lang.ClassNotFoundException: oracle.security.jps.JpsException
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
… 5 more
Hi Mahendra,
Actually I am totally new to OAM.
I don’t know from where to start and how to start.
I am using Apache server .
Do i need to integrate this OAM server with apace?
and From where i will get all this files?(aaa_cert.pem, aaa_key.pem, ObAccessClient.xml, password.xml)
Only i downloaded the jar files.and i set all the jar files to class path.after that what to do,i don’t know.
For a web project I am trying .
could you please provide some sample project related to OAM SSO .
How i will start this OAM11g server?
Please help me .
Reply