I have OAM 11g setup in my environment and I have created 2 users in OID and assigned to Administrators group. I have configured OID as system store by specifying two users such as oamadmin and mahendra + a group Administrators (to have login access to OAM Admin console). In fact I followed this post.
However, when I try to login to OAM Admin console, the login page appears for first time is OAM Login Page that was configured in OAMAdminConsole authentication scheme. When I enter valid credentials and submit, I am seeing another login page but of different kind. When I enter credentials and submit again, it takes me to Admin Console.
Therefore, the login is happening but TWICE.
I could see that OAM authentication as succesful in OAM logs, but why do I see 2nd login page, I can see that from WebLogic server where the weblogic principal subject is not being set as the user is not available in WebLogic Server. To check this, login to WebLogic Admin console and goto myrealm -> Users and Groups.
Here is the fix:
- Login to WebLogic Admin console
- Create OID Authenticator and specify the flag as SUFFICIENT
- Modify the DefaultAuthenticator flag as SUFFICIENT.
- Reorder the providers as DefaultAuthenticator, IAMSuiteAgent, OIDAuthenticator and DefaultIdentityAsserter.
Bounce the OAM Managed server and WebLogic Admin server and try to login to OAM Admin console.
References: Metalink note 1355902.1
About the Author Mahendra
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc.,
Look @ my blog: http://talkidentity.blogspot.com
