Phone and DefenseCoding.com : 2014

Monday, December 29, 2014

IDM-FA Mass Reset steps- Using OIM APIs

I would like to share the code and article that I wrote this month for Oracle A-team site.

Link: http://www.ateam-oracle.com/mass-reset-password-part2-using-oim-apis/

This is very helpful code for people that are looking for do Mass Reset Password after P2T or any kind of change that affects critical data from production.

I hope it helps,
Thiago Leoncio.

Sunday, December 28, 2014

IOS - Blocks Objective C

Hello everyone,

this video below show how to create blocks and I also explain a little bit more about it, what is the purpose and much more. Please, watch it there and happy coding:

Link: https://youtu.be/0ygMaqNDBLU

Happy coding,
Thiago Leoncio.

Saturday, November 29, 2014

IOS SOAP BOX: How to populate UITableView with NSArray content in objective-C

Hello all,

Please watch the video on my channel:

Link: https://youtu.be/2ieUzFs0ork

---------------------------------------
Other great IOS articles:

IOS Exceptions:
http://thiagoleoncio.blogspot.com/2016/03/ios-exceptions.html

IOS - 3 big reasons why start coding in swift instead of Objective-C
http://thiagoleoncio.blogspot.com/2015/11/3-big-reasons-why-start-coding-in-swift.html

IOS - IOS App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure.
http://thiagoleoncio.blogspot.com/2016/01/ios-app-transport-security-has-blocked.html

IOS - Video using 3D framework
http://thiagoleoncio.blogspot.com/2015/11/ios-application-using-3d-framework.html

IOS - Video Application with Json and Mysql connection
http://thiagoleoncio.blogspot.com/2015/09/ios-application-with-mysql-database.html

IOS SOAP Box Tutotial- How to create Multiple Views
http://thiagoleoncio.blogspot.com/2015/08/ios-how-to-create-multiple-views-in.html

Happy coding,
Thiago Leoncio.

Thursday, November 20, 2014

IDM-FA Mass Reset steps- Using OID commands

hello everyone,

Please follow my recent article published on Oracle A-team website:

How to use Mass Reset(ability to reset multiple passwords simultaneously) into IDM-FA solution.
http://www.ateam-oracle.com/mass-reset-password-part1-oid/

I hope it helps,
Thiago Leoncio.

Saturday, October 4, 2014

OVD11G: How to change cn=orcladmin password only for OVD

Hello Folks,

Today I would like to explain to you that we have different types of cn=orcladmin user into OVD and OID products. The first one goes with 8899(Admin port) by default, as provided below. And second one goes by 3060(LDAP port). So, once you try to login into OVD administration WEB UI, you will not go to OID and check if this cn=orcladmin is there. It is a connection only related of OVD.

Let me explain it better: Let's start my example having cn=orladmin from oid and from ovd with same pwd. Then let's change ovd pwd:

First step: Go and login on /EM -->Expand Identity and Access --> Right click on OVD -->Administration --> Server properties.

Second step: You will see 2 tabs, go to 'Change SuperUser password' and type the old password and the new password.

Third step: Now you can go back to OVD adminsitration and try to login with your new password:

Fig3: You should be able to login successfully here.

Note: According to the first picture provided into this article and the explanation I provided, if you do ldapbind against 3060(OID LDAP) and 6501(OVD port) using "cn=orcladmin" on both, you should see different results as they have different passwords. So, I hope this will help you to understand these users , even if they have same name, they are different .

after the change:

ldapbind -p 3060 -D "cn=orcladmin" -q

Please enter bind password: oldpwd

bind successful

ldapbind -p 6501 -D "cn=orcladmin" -q

Please enter bind password: oldpwd

ldap_bind: Invalid credentials

ldapbind -p 6501 -D "cn=orcladmin" -q

Please enter bind password: newpwd

bind successful

Check also this:
How to change cn=orcladmin PW for OVD without EM

I hope it helps,
Thiago Leoncio.

Saturday, September 6, 2014

How to search by OIMITResource Type not ITResourceName

hello everyone,

Today I got stuck on OIM API because it was not clear for me how to get parameters values from OIM ITResource searching by ITResourceTYPE instead of ITResourceName. So, I would like to help everybody that maybe had problems on this and want some help:

...

try {

tcITResourceInstanceOperationsIntf op = oimClient.getService(tcITResourceInstanceOperationsIntf.class);

Hashmap mapLeoncio = new Hashmap();

//mapLeoncio.put("IT Resources.Name", itResourceName); ***OLD CALL by NAME***

mapLeoncio.put("IT Resources Type Definition.Server Type", itResourceType);

tcResultSet rs = op.findITResourceInstances(mapLeoncio);

if (rs.getRowCount() == 0) {

System.out.println("Cannot find the Directory Server IT Resource type:" + itResourceType);

}

rs.goToRow(0);

long key = rs.getLongValue("IT Resource.Key");

tcResultSet resth = op.getITResourceInstanceParameters(key);

return getValues(attributes, resth);

} catch (Exception e) {

System.out.println(e);

}

...

Into OIM API there is a small call regarding the 'IT Resources Type Definition.Server Type'. So, must check carefully to get the right information.

Ref:

http://docs.oracle.com/cd/E17904_01/apirefs.1111/e17334/Thor/API/Operations/tcITResourceInstanceOperationsIntf.html

I hope it helps you,

Thiago Leoncio.

Saturday, August 9, 2014

OID 11G: How to collect all password policies from all your tree levels using only one command.

Hello everyone,

I would like to share today how to get all pwd policies into oid using simple command. Even if they are into different tree levels you can get those by this process below:

[leoncio@ThiagoLeoncioserver~]$ ldapsearch -p 6501 -q -D "cn=orcladmin" -b " " -s sub "(objectclass=pwdpolicy)"

Please enter bind password:

cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=thiagoleoncio,dc =com

displayname=Password Policy for Realm dc=thiagoleoncio,dc=com

orclpwdminalphachars=0

pwdfailurecountinterval=0

orclpwdmaxrptchars=0

pwdlockoutduration=86400

objectclass=top

objectclass=pwdpolicy

pwdmaxfailure=10

orclpwdminuppercase=0

orclpwdencryptionenable=0

pwdminlength=6

orclpwdalphanumeric=1

cn=default

pwdlockout=0

pwdchecksyntax=1

orclpwdpolicyenable=1

pwdgraceloginlimit=6

pwdexpirewarning=604800

pwdmaxage=10368000

orclpwdminspecialchars=0

orclpwdminlowercase=0

cn=PolicyUserPolicy,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext, dc=thiagoleoncio,dc=com

orclpwdminalphachars=0

pwdfailurecountinterval=0

orclpwdmaxrptchars=0

pwdlockoutduration=4600

objectclass=top

objectclass=pwdpolicy

pwdmaxfailure=4

orclpwdminuppercase=0

pwdminlength=6

orclpwdencryptionenable=0

orclpwdalphanumeric=1

cn=PolicyUserPolicy

pwdlockout=1

pwdchecksyntax=1

orclpwdpolicyenable=1

pwdgraceloginlimit=6

pwdexpirewarning=0

pwdmaxage=0

orclpwdminspecialchars=0

orclpwdminlowercase=0

cn=IDMPolicy,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext

orclpwdminalphachars=0

pwdfailurecountinterval=0

orclpwdmaxrptchars=0

pwdlockoutduration=4600

objectclass=top

objectclass=pwdpolicy

pwdmaxfailure=4

orclpwdminuppercase=0

orclpwdencryptionenable=0

pwdminlength=8

orclpwdalphanumeric=1

cn=SystemIDPolicy

pwdlockout=1

pwdchecksyntax=1

orclpwdpolicyenable=1

pwdgraceloginlimit=6

pwdexpirewarning=0

pwdmaxage=0

orclpwdminspecialchars=0

orclpwdminlowercase=0

I hope it helps you and save your day, avoiding any struggling tries from your end. See you again next month.

Thiago Leoncio.

Thursday, July 31, 2014

How to disable change password and forgot password functionality into IDM or IDM FA Solution

I just published an article into chronicle site that explains how to disable "Change password" and "forgot password" functionality into FA-IDM as well as IDM(OIM) solution.

Link below is available now:
http://www.ateam-oracle.com/disabling-change-password-and-forgot-password-functionality-in-fa-idm/

I hope it helps you,
Thiago Leoncio.

Saturday, July 19, 2014

OID11G: Disabling LDAP NULL BASE SEARCH or how to disable ldapbind into OID.

Simple but very helpful article.

1)I always like to do it by command line as below:

ldapbind -h leonciohost -p 3060 -D cn=orcladmin
Result: bind successful

This above means the bind feature is enable.

If you look into this parameter below:

ldapsearch -p 3060 -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*" orclanonymousbindsflag -D cn=orcladmin -q
orclanonymousbindsflag=1

0 is disallow
1 is enabled
2 is disallow except for Read Access o the root DSE

So, you have to change this parameter thru ldapmodify as below:
...
orclanonymousbindsflag
...

command:

ldapmodify -p 3060 -D cn=orcladmin -w leonciopwd << EOF
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orclanonymousbindsflag
orclanonymousbindsflag: 0
EOF

ldapsearch -p 3060 -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*" orclanonymousbindsflag -D cn=orcladmin -q
orclanonymousbindsflag=0

This means anonymous bind is now disallow

2) But you can also do it by EM as below:

a. Navigate to "Identity and Access' -> oid1
b. Click on 'Oracle Internet Directory' and select 'Administration' -> 'Server Properties'
c. Switch 'Anonymous Bind' from 'Allows' to 'Disallow except for Read Access on the root DSE' or 'Disallow'
d. Click 'Apply'

I hope this helps you,
Thiago Leoncio.

Sunday, July 6, 2014

OAM 11G Troubleshooting session: "AMInitServlet" failed to preload on startup in Web application: "oam". java.lang.ExceptionInInitializerError

Hello everyone,

today I was installing my OAM environment and I had a very interesting issue that I would like to share into my troubleshooting article.

After finish my domains creation and Start AdminServer and OAM managed Server I received this issue below:

<BEA-000628> <Created "1" resources for pool "oamDS", out of which "1" are available and "0" are unavailable.>

####<Jul 05, 2014 2:35:56 PM EDT> <Error> <HTTP> <oam1.domdaman.intra> <WLS_OAM1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <0000KSmQ^QF9DgYjLpuHOA1Jkmq2000002> <1405300164014> <BEA-101216> <Servlet: "AMInitServlet" failed to preload on startup in Web application: "oam".

java.lang.ExceptionInInitializerError

at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.checkAndInit(AbstractSessionAdapterImpl.java:92)

at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.<init>(AbstractSessionAdapterImpl.java:75)

at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<init>(MultipleUserSessionAdapterImpl.java:56)

at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<clinit>(MultipleUserSessionAdapterImpl.java:45)

at oracle.security.am.engines.sso.adapter.SessionManagementAdapterFactory.getAdapter(SessionManagementAdapterFactory.java:46)

at oracle.security.am.engines.enginecontroller.SSOEngineController.processEvent(SSOEngineController.java:497)

at oracle.security.am.controller.MasterController.processEvent(MasterController.java:568)

at oracle.security.am.controller.MasterController.processRequest(MasterController.java:757)

at oracle.security.am.controller.MasterController.process(MasterController.java:680)

at oracle.security.am.pbl.transport.http.AMInitServlet.initializeAmServer(AMInitServlet.java:137)

at oracle.security.am.pbl.transport.http.AMInitServlet.init(AMInitServlet.java:79)

at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)

at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)

at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)

at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)

It took a lot of time to realize that my server was not starting properly because of a related multicast issue that is described into this WLS document:

http://docs.oracle.com/cd/E11035_01/wls100/cluster/multicast_configuration.html

So, what is the fix?

You have 2 possibilities to fix this:

1)-Djava.net.preferIPV4stack=true as WLS document describe below:

http://docs.oracle.com/middleware/1213/wls/WLSRN/issues.htm

http://docs.oracle.com/cd/E11035_01/wls100/cluster/multicast_configuration.html

2)Or force to not be IPV6 with -Djava.net.preferIPV6=false option

http://docs.oracle.com/javase/6/docs/technotes/guides/net/properties.html

Once your wls server recognize that you are using the proper IPV(Internet Protocol Version). This will make the OAM deployment to go thru and your managed server you start successfully.

I hope this helps you and don't make you loose time as I did,

Thiago Leoncio.

Friday, July 4, 2014

OIM11G Troubleshooting session: Error: Diagnostics data was not saved to the credential store.

Happy 04 July everyone!

Installing OIM11G PS2 and I got this issue(Starting AdminServer):

----------------

Info: Data source is: opss-DBDS

WLS ManagedService is not up running. Fall back to use system properties for configuration.

Error: Diagnostics data was not saved to the credential store.

Error: Validate operation has failed.

-----------------

This issue happens because you did skip two very important items described below:

In order to fix this issue you must do these:

1)Run the wlst command to create the security store:

CD $ORACLE_COMMON

wlst.sh /u01/app/oracle/Middleware/wls10360/Oracle_IAM/common/tools/configureSecurityStore.py -d /u01/app/oracle/Middleware/wls10360/user_projects/domains/IAMDomain11G -c IAM -m create

Info: Data source is: opss-DBDS

Please input data source password:

Info: DB JDBC driver: oracle.jdbc.OracleDriver

Info: DB JDBC URL: jdbc:oracle:thin:@leoncio.us.oracle.com:1521/leoncio.us.oracle.com

Connected:oracle.jdbc.driver.T4CConnection@153e9cb8

Disconnect:oracle.jdbc.driver.T4CConnection@153e9cb8

INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.

[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done

Jun 18, 2014 6:32:31 PM oracle.security.jps.internal.config.ldap.LdapCredStoreServiceConfigurator schemaCompatibleHandler

INFO: Credential store schema upgrade not required. Store Schema version 11.1.1.7.0 is compatible to the seed schema version 11.1.1.4.0

[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely

[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done

[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] seedSchemaAndCreateDIT - done

Jun 18, 2014 6:32:35 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData

INFO: Migration of Credential Store data in progress.....

Jun 18, 2014 6:32:35 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData

INFO: Migration of Credential Store data completed, Time taken for migration is 00:00:00

[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] migrateData - done

[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] testJpsService - done

[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done

Jun 18, 2014 6:32:35 PM oracle.security.jps.internal.config.ldap.LdapKeyStoreServiceConfigurator schemaCompatibleHandler

INFO: Keystore schema upgrade not required. Store Schema version 11.1.1.7.0 is compatible to the seed schema version 11.1.1.4.0

[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely

[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done

[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] seedSchemaAndCreateDIT - done

[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] migrateData - done

[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] testJpsService - done

Jun 18, 2014 6:32:37 PM oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial

INFO: Your Policy store schema is not upgraded to the latest version!

Please run the PSA (Patch Set Assistant) to upgrade the current schema version 11.1.1.7.0 to the latest version 11.1.1.7.2.

Or, you could continue to run in the backward-compatibility mode.

[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done

Jun 18, 2014 6:32:37 PM oracle.security.jps.internal.config.ldap.LdapPolicyStoreServiceConfigurator schemaCompatibleHandler

INFO: Policy schema upgrade not required. Store Schema version 11.1.1.7.0 is compatible to the seed schema version 11.1.1.4.0

[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely

[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done

Jun 18, 2014 6:32:37 PM oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial

INFO: Your Policy store schema is not upgraded to the latest version!

Please run the PSA (Patch Set Assistant) to upgrade the current schema version 11.1.1.7.0 to the latest version 11.1.1.7.2.

Or, you could continue to run in the backward-compatibility mode.

[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] seedSchemaAndCreateDIT - done

WLS ManagedService is not up running. Fall back to use system properties for configuration.

Jun 18, 2014 6:32:47 PM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateData

INFO: Migration of Admin Role Members started

Jun 18, 2014 6:32:47 PM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateData

INFO: Migration of Admin Role Members completed in 00:00:00

[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] migrateData - done

[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] testJpsService - done

[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done

Jun 18, 2014 6:32:47 PM oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator schemaCompatibleHandler

INFO: Audit store schema upgrade not required. Store Schema version 11.1.1.7.0 is compatible to the seed schema version 11.1.1.4.0

[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely

[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done

[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] seedSchemaAndCreateDIT - done

Jun 18, 2014 6:32:48 PM oracle.security.jps.internal.audit.AuditServiceImpl registerInternal

WARNING: Cannot register to audit service for component "JPS".

Jun 18, 2014 6:32:48 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData

INFO: Migration of Audit Store data in progress.....

Jun 18, 2014 6:33:51 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData

INFO: Migration of Audit Store data completed, Time taken for migration is 00:01:03

[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] migrateData - done

[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] testJpsService - done

persist to output: /u01/app/oracle/Middleware/wls10360/user_projects/domains/IAMDomain11G/config/fmwconfig - done

[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done

[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done

[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done

[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done

Jun 18, 2014 6:34:04 PM oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial