I would like to share the code and article that I wrote this month for Oracle A-team site.
Link: http://www.ateam-oracle.com/mass-reset-password-part2-using-oim-apis/
This is very helpful code for people that are looking for do Mass Reset Password after P2T or any kind of change that affects critical data from production.
I hope it helps,
Thiago Leoncio.
Thiago - Tech Director, Principal Architect and software developer for many different languages. I am passionate about the development of any kind. I am a developer since 1996, coding for many different styles such as Cold Fusion, Java, PHP, PL-SQL, Objective-C, Nodejs and many others..anything needed we can translate to code.
Monday, December 29, 2014
Sunday, December 28, 2014
IOS - Blocks Objective C
Hello everyone,
this video below show how to create blocks and I also explain a little bit more about it, what is the purpose and much more. Please, watch it there and happy coding:
Link: https://youtu.be/0ygMaqNDBLU
Happy coding,
Thiago Leoncio.
this video below show how to create blocks and I also explain a little bit more about it, what is the purpose and much more. Please, watch it there and happy coding:
Link: https://youtu.be/0ygMaqNDBLU
Happy coding,
Thiago Leoncio.
Saturday, November 29, 2014
IOS SOAP BOX: How to populate UITableView with NSArray content in objective-C
Hello all,
Please watch the video on my channel:
Link: https://youtu.be/2ieUzFs0ork
---------------------------------------
Other great IOS articles:
IOS Exceptions:
http://thiagoleoncio.blogspot.com/2016/03/ios-exceptions.html
IOS - 3 big reasons why start coding in swift instead of Objective-C
http://thiagoleoncio.blogspot.com/2015/11/3-big-reasons-why-start-coding-in-swift.html
IOS - IOS App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure.
http://thiagoleoncio.blogspot.com/2016/01/ios-app-transport-security-has-blocked.html
IOS - Video using 3D framework
http://thiagoleoncio.blogspot.com/2015/11/ios-application-using-3d-framework.html
IOS - Video Application with Json and Mysql connection
http://thiagoleoncio.blogspot.com/2015/09/ios-application-with-mysql-database.html
IOS SOAP Box Tutotial- How to create Multiple Views
http://thiagoleoncio.blogspot.com/2015/08/ios-how-to-create-multiple-views-in.html
Happy coding,
Thiago Leoncio.
Please watch the video on my channel:
Link: https://youtu.be/2ieUzFs0ork
---------------------------------------
Other great IOS articles:
IOS Exceptions:
http://thiagoleoncio.blogspot.com/2016/03/ios-exceptions.html
IOS - 3 big reasons why start coding in swift instead of Objective-C
http://thiagoleoncio.blogspot.com/2015/11/3-big-reasons-why-start-coding-in-swift.html
IOS - IOS App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure.
http://thiagoleoncio.blogspot.com/2016/01/ios-app-transport-security-has-blocked.html
IOS - Video using 3D framework
http://thiagoleoncio.blogspot.com/2015/11/ios-application-using-3d-framework.html
IOS - Video Application with Json and Mysql connection
http://thiagoleoncio.blogspot.com/2015/09/ios-application-with-mysql-database.html
IOS SOAP Box Tutotial- How to create Multiple Views
http://thiagoleoncio.blogspot.com/2015/08/ios-how-to-create-multiple-views-in.html
Happy coding,
Thiago Leoncio.
Thursday, November 20, 2014
IDM-FA Mass Reset steps- Using OID commands
hello everyone,
Please follow my recent article published on Oracle A-team website:
How to use Mass Reset(ability to reset multiple passwords simultaneously) into IDM-FA solution.
http://www.ateam-oracle.com/mass-reset-password-part1-oid/
I hope it helps,
Thiago Leoncio.
Please follow my recent article published on Oracle A-team website:
How to use Mass Reset(ability to reset multiple passwords simultaneously) into IDM-FA solution.
http://www.ateam-oracle.com/mass-reset-password-part1-oid/
I hope it helps,
Thiago Leoncio.
Saturday, October 4, 2014
OVD11G: How to change cn=orcladmin password only for OVD
Hello Folks,
Today I would like to explain to you that we have different types of cn=orcladmin user into OVD and OID products. The first one goes with 8899(Admin port) by default, as provided below. And second one goes by 3060(LDAP port). So, once you try to login into OVD administration WEB UI, you will not go to OID and check if this cn=orcladmin is there. It is a connection only related of OVD.
Let me explain it better: Let's start my example having cn=orladmin from oid and from ovd with same pwd. Then let's change ovd pwd:
First step: Go and login on /EM -->Expand Identity and Access --> Right click on OVD -->Administration --> Server properties.
Check also this:
How to change cn=orcladmin PW for OVD without EM
I hope it helps,
Thiago Leoncio.
Today I would like to explain to you that we have different types of cn=orcladmin user into OVD and OID products. The first one goes with 8899(Admin port) by default, as provided below. And second one goes by 3060(LDAP port). So, once you try to login into OVD administration WEB UI, you will not go to OID and check if this cn=orcladmin is there. It is a connection only related of OVD.
Let me explain it better: Let's start my example having cn=orladmin from oid and from ovd with same pwd. Then let's change ovd pwd:
First step: Go and login on /EM -->Expand Identity and Access --> Right click on OVD -->Administration --> Server properties.
Second step: You will see 2 tabs, go to 'Change SuperUser password' and type the old password and the new password.
Third step: Now you can go back to OVD adminsitration and try to login with your new password:
Fig3: You should be able to login successfully here.
Note: According to the first picture provided into this article and the explanation I provided, if you do ldapbind against 3060(OID LDAP) and 6501(OVD port) using "cn=orcladmin" on both, you should see different results as they have different passwords. So, I hope this will help you to understand these users , even if they have same name, they are different .
after the change:
ldapbind -p 3060 -D "cn=orcladmin" -q
Please enter bind password: oldpwd
bind successful
ldapbind -p 6501 -D "cn=orcladmin" -q
Please enter bind password: oldpwd
ldap_bind: Invalid credentials
ldapbind -p 6501 -D "cn=orcladmin" -q
Please enter bind password: newpwd
bind successful
Check also this:
How to change cn=orcladmin PW for OVD without EM
I hope it helps,
Thiago Leoncio.
Saturday, September 6, 2014
How to search by OIMITResource Type not ITResourceName
hello everyone,
Today I got stuck on OIM API because it was not clear for me how to get parameters values from OIM ITResource searching by ITResourceTYPE instead of ITResourceName. So, I would like to help everybody that maybe had problems on this and want some help:
...
try {
tcITResourceInstanceOperationsIntf op = oimClient.getService(tcITResourceInstanceOperationsIntf.class);
Hashmap mapLeoncio = new Hashmap();
//mapLeoncio.put("IT Resources.Name", itResourceName); ***OLD CALL by NAME***
mapLeoncio.put("IT Resources Type Definition.Server Type", itResourceType);
tcResultSet rs = op.findITResourceInstances(mapLeoncio);
if (rs.getRowCount() == 0) {
System.out.println("Cannot find the Directory Server IT Resource type:" + itResourceType);
}
rs.goToRow(0);
long key = rs.getLongValue("IT Resource.Key");
tcResultSet resth = op.getITResourceInstanceParameters(key);
return getValues(attributes, resth);
} catch (Exception e) {
System.out.println(e);
}
...
Into OIM API there is a small call regarding the 'IT Resources Type Definition.Server Type'. So, must check carefully to get the right information.
Ref:
http://docs.oracle.com/cd/E17904_01/apirefs.1111/e17334/Thor/API/Operations/tcITResourceInstanceOperationsIntf.html
I hope it helps you,
Thiago Leoncio.
Saturday, August 9, 2014
OID 11G: How to collect all password policies from all your tree levels using only one command.
Hello everyone,
I would like to share today
how to get all pwd policies into oid using simple command. Even if they are into
different tree levels you can get those by this process below:
[leoncio@ThiagoLeoncioserver~]$
ldapsearch -p 6501 -q -D "cn=orcladmin" -b " " -s sub "(objectclass=pwdpolicy)"
Please enter bind password:
cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=thiagoleoncio,dc
=com
displayname=Password Policy for Realm dc=thiagoleoncio,dc=com
orclpwdminalphachars=0
pwdfailurecountinterval=0
orclpwdmaxrptchars=0
pwdlockoutduration=86400
objectclass=top
objectclass=pwdpolicy
pwdmaxfailure=10
orclpwdminuppercase=0
orclpwdencryptionenable=0
pwdminlength=6
orclpwdalphanumeric=1
cn=default
pwdlockout=0
pwdchecksyntax=1
orclpwdpolicyenable=1
pwdgraceloginlimit=6
pwdexpirewarning=604800
pwdmaxage=10368000
orclpwdminspecialchars=0
orclpwdminlowercase=0
cn=PolicyUserPolicy,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext, dc=thiagoleoncio,dc=com
orclpwdminalphachars=0
pwdfailurecountinterval=0
orclpwdmaxrptchars=0
pwdlockoutduration=4600
objectclass=top
objectclass=pwdpolicy
pwdmaxfailure=4
orclpwdminuppercase=0
pwdminlength=6
orclpwdencryptionenable=0
orclpwdalphanumeric=1
cn=PolicyUserPolicy
pwdlockout=1
pwdchecksyntax=1
orclpwdpolicyenable=1
pwdgraceloginlimit=6
pwdexpirewarning=0
pwdmaxage=0
orclpwdminspecialchars=0
orclpwdminlowercase=0
cn=IDMPolicy,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext
orclpwdminalphachars=0
pwdfailurecountinterval=0
orclpwdmaxrptchars=0
pwdlockoutduration=4600
objectclass=top
objectclass=pwdpolicy
pwdmaxfailure=4
orclpwdminuppercase=0
orclpwdencryptionenable=0
pwdminlength=8
orclpwdalphanumeric=1
cn=SystemIDPolicy
pwdlockout=1
pwdchecksyntax=1
orclpwdpolicyenable=1
pwdgraceloginlimit=6
pwdexpirewarning=0
pwdmaxage=0
orclpwdminspecialchars=0
orclpwdminlowercase=0
I hope it helps you and save your day, avoiding
any struggling tries from your end. See you again next month.
Thiago Leoncio.
Thursday, July 31, 2014
How to disable change password and forgot password functionality into IDM or IDM FA Solution
I just published an article into chronicle site that explains how to disable "Change password" and "forgot password" functionality into FA-IDM as well as IDM(OIM) solution.
Link below is available now:
http://www.ateam-oracle.com/disabling-change-password-and-forgot-password-functionality-in-fa-idm/
I hope it helps you,
Thiago Leoncio.
Link below is available now:
http://www.ateam-oracle.com/disabling-change-password-and-forgot-password-functionality-in-fa-idm/
I hope it helps you,
Thiago Leoncio.
Saturday, July 19, 2014
OID11G: Disabling LDAP NULL BASE SEARCH or how to disable ldapbind into OID.
Simple but very helpful article.
1)I always like to do it by command line as below:
ldapbind -h leonciohost -p 3060 -D cn=orcladmin
Result: bind successful
This above means the bind feature is enable.
If you look into this parameter below:
ldapsearch -p 3060 -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*" orclanonymousbindsflag -D cn=orcladmin -q
orclanonymousbindsflag=1
0 is disallow
1 is enabled
2 is disallow except for Read Access o the root DSE
So, you have to change this parameter thru ldapmodify as below:
...
orclanonymousbindsflag
...
command:
ldapmodify -p 3060 -D cn=orcladmin -w leonciopwd << EOF
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orclanonymousbindsflag
orclanonymousbindsflag: 0
EOF
ldapsearch -p 3060 -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*" orclanonymousbindsflag -D cn=orcladmin -q
orclanonymousbindsflag=0
This means anonymous bind is now disallow
2) But you can also do it by EM as below:
a. Navigate to "Identity and Access' -> oid1
b. Click on 'Oracle Internet Directory' and select 'Administration' -> 'Server Properties'
c. Switch 'Anonymous Bind' from 'Allows' to 'Disallow except for Read Access on the root DSE' or 'Disallow'
d. Click 'Apply'
I hope this helps you,
Thiago Leoncio.
1)I always like to do it by command line as below:
ldapbind -h leonciohost -p 3060 -D cn=orcladmin
Result: bind successful
This above means the bind feature is enable.
If you look into this parameter below:
ldapsearch -p 3060 -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*" orclanonymousbindsflag -D cn=orcladmin -q
orclanonymousbindsflag=1
0 is disallow
1 is enabled
2 is disallow except for Read Access o the root DSE
So, you have to change this parameter thru ldapmodify as below:
...
orclanonymousbindsflag
...
command:
ldapmodify -p 3060 -D cn=orcladmin -w leonciopwd << EOF
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orclanonymousbindsflag
orclanonymousbindsflag: 0
EOF
ldapsearch -p 3060 -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*" orclanonymousbindsflag -D cn=orcladmin -q
orclanonymousbindsflag=0
This means anonymous bind is now disallow
2) But you can also do it by EM as below:
a. Navigate to "Identity and Access' -> oid1
b. Click on 'Oracle Internet Directory' and select 'Administration' -> 'Server Properties'
c. Switch 'Anonymous Bind' from 'Allows' to 'Disallow except for Read Access on the root DSE' or 'Disallow'
d. Click 'Apply'
I hope this helps you,
Thiago Leoncio.
Sunday, July 6, 2014
OAM 11G Troubleshooting session: "AMInitServlet" failed to preload on startup in Web application: "oam". java.lang.ExceptionInInitializerError
Hello everyone,
today I was
installing my OAM environment and I had a very interesting issue that I would
like to share into my troubleshooting article.
After finish my domains
creation and Start AdminServer and OAM managed Server I received this issue
below:
<BEA-000628>
<Created "1" resources for pool "oamDS", out of which
"1" are available and "0" are unavailable.>
####<Jul 05, 2014
2:35:56 PM EDT> <Error> <HTTP> <oam1.domdaman.intra>
<WLS_OAM1> <[ACTIVE] ExecuteThread: '0' for queue:
'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <>
<0000KSmQ^QF9DgYjLpuHOA1Jkmq2000002> <1405300164014> <BEA-101216> <Servlet:
"AMInitServlet" failed to preload on startup in Web application:
"oam".
java.lang.ExceptionInInitializerError
at
oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.checkAndInit(AbstractSessionAdapterImpl.java:92)
at
oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.<init>(AbstractSessionAdapterImpl.java:75)
at
oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<init>(MultipleUserSessionAdapterImpl.java:56)
at
oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<clinit>(MultipleUserSessionAdapterImpl.java:45)
at
oracle.security.am.engines.sso.adapter.SessionManagementAdapterFactory.getAdapter(SessionManagementAdapterFactory.java:46)
at
oracle.security.am.engines.enginecontroller.SSOEngineController.processEvent(SSOEngineController.java:497)
at
oracle.security.am.controller.MasterController.processEvent(MasterController.java:568)
at
oracle.security.am.controller.MasterController.processRequest(MasterController.java:757)
at
oracle.security.am.controller.MasterController.process(MasterController.java:680)
at
oracle.security.am.pbl.transport.http.AMInitServlet.initializeAmServer(AMInitServlet.java:137)
at oracle.security.am.pbl.transport.http.AMInitServlet.init(AMInitServlet.java:79)
at
weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
at
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at
weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at
weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
It took a lot of time to
realize that my server was not starting properly because of a related multicast
issue that is described into this WLS document:
So, what is the fix?
You have 2 possibilities to
fix this:
1)-Djava.net.preferIPV4stack=true as WLS document describe below:
2)Or force to not be IPV6
with -Djava.net.preferIPV6=false option
Once your wls server
recognize that you are using the proper IPV(Internet Protocol Version). This
will make the OAM deployment to go thru and your managed server you start successfully.
I hope this helps you and
don't make you loose time as I did,
Thiago Leoncio.
Friday, July 4, 2014
OIM11G Troubleshooting session: Error: Diagnostics data was not saved to the credential store.
Happy 04 July everyone!
Installing OIM11G PS2 and I got this issue(Starting
AdminServer):
----------------
Info:
Data source is: opss-DBDS
WLS ManagedService is not up running. Fall
back to use system properties for configuration.
Error:
Diagnostics data was not saved to the credential store.
Error:
Validate operation has failed.
-----------------
This issue happens because you did skip two
very important items described below:
In order to fix this issue you must do
these:
1)Run the wlst command to create the security store:
CD $ORACLE_COMMON
wlst.sh
/u01/app/oracle/Middleware/wls10360/Oracle_IAM/common/tools/configureSecurityStore.py
-d /u01/app/oracle/Middleware/wls10360/user_projects/domains/IAMDomain11G -c
IAM -m create
Info: Data source is: opss-DBDS
Please input data source password:
Info: DB JDBC driver:
oracle.jdbc.OracleDriver
Info: DB JDBC URL: jdbc:oracle:thin:@leoncio.us.oracle.com:1521/leoncio.us.oracle.com
Connected:oracle.jdbc.driver.T4CConnection@153e9cb8
Disconnect:oracle.jdbc.driver.T4CConnection@153e9cb8
INFO: Found persistence provider
"org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not
be used.
INFO: Found persistence provider
"org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not
be used.
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done
Jun 18, 2014 6:32:31 PM oracle.security.jps.internal.config.ldap.LdapCredStoreServiceConfigurator
schemaCompatibleHandler
INFO: Credential store schema upgrade not
required. Store Schema version 11.1.1.7.0 is compatible to the seed schema
version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSchema - Store schema has been
seeded completely
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] seedSchemaAndCreateDIT - done
Jun 18, 2014 6:32:35 PM
oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl
migrateCredentialData
INFO: Migration of Credential Store data in
progress.....
Jun 18, 2014 6:32:35 PM
oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl
migrateCredentialData
INFO: Migration of Credential Store data
completed, Time taken for migration is 00:00:00
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done
Jun 18, 2014 6:32:35 PM
oracle.security.jps.internal.config.ldap.LdapKeyStoreServiceConfigurator
schemaCompatibleHandler
INFO: Keystore schema upgrade not required.
Store Schema version 11.1.1.7.0 is compatible to the seed schema version
11.1.1.4.0
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSchema - Store schema has been
seeded completely
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] testJpsService - done
Jun 18, 2014 6:32:37 PM
oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial
INFO: Your Policy store schema is not
upgraded to the latest version!
Please run the PSA (Patch Set Assistant) to
upgrade the current schema version 11.1.1.7.0 to the latest version 11.1.1.7.2.
Or, you could continue to run in the
backward-compatibility mode.
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done
Jun 18, 2014 6:32:37 PM
oracle.security.jps.internal.config.ldap.LdapPolicyStoreServiceConfigurator
schemaCompatibleHandler
INFO: Policy schema upgrade not required.
Store Schema version 11.1.1.7.0 is compatible to the seed schema version
11.1.1.4.0
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSchema - Store schema has been
seeded completely
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done
Jun 18, 2014 6:32:37 PM
oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial
INFO: Your Policy store schema is not
upgraded to the latest version!
Please run the PSA (Patch Set Assistant) to
upgrade the current schema version 11.1.1.7.0 to the latest version 11.1.1.7.2.
Or, you could continue to run in the backward-compatibility
mode.
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
WLS ManagedService is not up running. Fall
back to use system properties for configuration.
Jun 18, 2014 6:32:47 PM
oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy
migrateData
INFO: Migration of Admin Role Members started
Jun 18, 2014 6:32:47 PM
oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy
migrateData
INFO: Migration of Admin Role Members
completed in 00:00:00
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done
Jun 18, 2014 6:32:47 PM
oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator
schemaCompatibleHandler
INFO: Audit store schema upgrade not
required. Store Schema version 11.1.1.7.0 is compatible to the seed schema
version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSchema - Store schema has been
seeded completely
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] seedSchemaAndCreateDIT - done
Jun 18, 2014 6:32:48 PM
oracle.security.jps.internal.audit.AuditServiceImpl registerInternal
WARNING: Cannot register to audit service for
component "JPS".
Jun 18, 2014 6:32:48 PM
oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl
migrateAuditStoreData
INFO: Migration of Audit Store data in progress.....
Jun 18, 2014 6:33:51 PM
oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl
migrateAuditStoreData
INFO: Migration of Audit Store data
completed, Time taken for migration is 00:01:03
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] testJpsService - done
persist to output:
/u01/app/oracle/Middleware/wls10360/user_projects/domains/IAMDomain11G/config/fmwconfig
- done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done
Jun 18, 2014 6:34:04 PM
oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial
INFO: Your Policy store schema is not
upgraded to the latest version!
Please run the PSA (Patch Set Assistant) to
upgrade the current schema version 11.1.1.7.0 to the latest version 11.1.1.7.2.
Or, you could continue to run in the
backward-compatibility mode.
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done
persist to output:
/u01/app/oracle/Middleware/wls10360/user_projects/domains/IAMDomain11G/config/fmwconfig
- done
INFO: Found persistence provider
"org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not
be used.
Jun 18, 2014 6:34:13 PM
oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial
INFO: Your Policy store schema is not
upgraded to the latest version!
Please run the PSA (Patch Set Assistant) to
upgrade the current schema version 11.1.1.7.0 to the latest version 11.1.1.7.2.
Or, you could continue to run in the
backward-compatibility mode.
INFO: Found persistence provider
"org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not
be used.
Jun 18, 2014 6:34:36 PM
oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial
INFO: Your Policy store schema is not
upgraded to the latest version!
Please run the PSA (Patch Set Assistant) to
upgrade the current schema version 11.1.1.7.0 to the latest version 11.1.1.7.2.
Or, you could continue to run in the
backward-compatibility mode.
Using default context in
/u01/app/oracle/Middleware/wls10360/user_projects/domains/IAMDomain11G/config/fmwconfig/jps-config-migration.xml
file for credential store.
Credential store location :
jdbc:oracle:thin:@leoncio.us.oracle.com:1521/leoncio.us.oracle.com
Credential with map
Oracle-IAM-Security-Store-Diagnostics key Test-Cred stored successfully!
Credential for map
Oracle-IAM-Security-Store-Diagnostics and key Test-Cred is:
GenericCredential
Info: diagnostic credential created in the
credential store.
Info: Create operation has completed successfully.
2) Upgrade OPSS using Patch Assistant:
CD MW_HOME/oracle_common/bin
./psa.sh
Conclusion:
After OPSS upgrade you can restart your
AdminServer successfully. And you will see that OPSS will be validated properly
as the output shows below:
....
....
Welcome to WebLogic Server Administration
Scripting Shell
Type help() for help on available commands
Info: Data source is: opss-DBDS
WLS ManagedService is not up running. Fall back to use system properties for configuration.
Info: Diagnostics data was saved to the credential store.
Info: Validate operation has completed successfully.
*****************************************************
** Setting up SOA specific environment...
*****************************************************
EXTRA_JAVA_PROPERTIES= -da:org.apache.xmlbeans...
.
LD_LIBRARY_PATH=/u01/app/oracle/Middleware/wls10360/patch_wls1036/profiles/default/native:/u01/app/oracle/Middleware/wls10360/patch_oepe180/profiles/default/native:/u01/app/oracle/Middleware/wls10360/patch_ocp371/profiles/default/native:/u01/app/oracle/Middleware/wls10360/patch_adfr1111/profiles/default/native:/u01/app/oracle/Middleware/wls10360/wlserver_10.3/server/native/linux/i686:/u01/app/oracle/Middleware/wls10360/wlserver_10.3/server/native/linux/i686/oci920_8:/u01/app/oracle/Middleware/wls10360/Oracle_SOA/soa/thirdparty/edifecs/XEngine/bin
.
USER_MEM_ARGS=-Xms512m -Xmx1024m
.
*****************************************************
** End SOA specific environment setup
*****************************************************
/u01/app/oracle/jrockit-jdk1.6.0_45-R28.2.7-4.1.0
/u01/app/oracle/jrockit-jdk1.6.0_45-R28.2.7-4.1.0/jre/bin/java
*****************************************************
** Setting up OIM specific environment...
.
USER_MEM_ARGS=-Xms1024m -Xmx2048m
Type help() for help on available commands
Info: Data source is: opss-DBDS
WLS ManagedService is not up running. Fall back to use system properties for configuration.
Info: Diagnostics data was saved to the credential store.
Info: Validate operation has completed successfully.
*****************************************************
** Setting up SOA specific environment...
*****************************************************
EXTRA_JAVA_PROPERTIES= -da:org.apache.xmlbeans...
.
LD_LIBRARY_PATH=/u01/app/oracle/Middleware/wls10360/patch_wls1036/profiles/default/native:/u01/app/oracle/Middleware/wls10360/patch_oepe180/profiles/default/native:/u01/app/oracle/Middleware/wls10360/patch_ocp371/profiles/default/native:/u01/app/oracle/Middleware/wls10360/patch_adfr1111/profiles/default/native:/u01/app/oracle/Middleware/wls10360/wlserver_10.3/server/native/linux/i686:/u01/app/oracle/Middleware/wls10360/wlserver_10.3/server/native/linux/i686/oci920_8:/u01/app/oracle/Middleware/wls10360/Oracle_SOA/soa/thirdparty/edifecs/XEngine/bin
.
USER_MEM_ARGS=-Xms512m -Xmx1024m
.
*****************************************************
** End SOA specific environment setup
*****************************************************
/u01/app/oracle/jrockit-jdk1.6.0_45-R28.2.7-4.1.0
/u01/app/oracle/jrockit-jdk1.6.0_45-R28.2.7-4.1.0/jre/bin/java
*****************************************************
** Setting up OIM specific environment...
.
USER_MEM_ARGS=-Xms1024m -Xmx2048m
.....
Ref:
I hope this helps you,
Thiago Leoncio.
Saturday, June 21, 2014
ODS11G troubleshooting permission error from HTTP status code = 400 : The request parameters did not match any components
Hello everyone,
Today it is troubleshooting session and I would like to start with one error during ODS11G installation:
Error creating ASComponent oid1.
Cause:
An internal operation has failed: Failed to start the component
Action:
See logs for more details.
And this into the display:
And into oidmon log shows several lines with this:
...cannot restore segment prot after reloc: Permission denied
In order to fix that you have to change your Oracle linux permissions as below:
Today it is troubleshooting session and I would like to start with one error during ODS11G installation:
Error creating ASComponent oid1.
Cause:
An internal operation has failed: Failed to start the component
Action:
See logs for more details.
And this into the display:
And into OID diagnostic logs shows these lines:
[2014-06-06T06:21:43.969-04:00] [as] [NOTIFICATION] []
[oracle.as.provisioning] [tid: 40] [ecid: 0000KPkePbxFw000jzwkno1J^P0q00000U,0]
Trying to start the component oid1
[2014-06-06T06:21:44.012-04:00] [as] [WARNING] []
[oracle.as.config] [tid: 40] [ecid: 0000KPkePbxFw000jzwkno1J^P0q00000U,0] Failed to start component oid1[[
oracle.as.config.ProvisionException: HTTP status code = 400 : The request parameters did not match any
components
at
oracle.as.config.impl.OracleASComponentBaseImpl.manageProcess(OracleASComponentBaseImpl.java:943)
at
oracle.as.config.impl.OracleASComponentBaseImpl.start(OracleASComponentBaseImpl.java:1062)
at
oracle.as.provisioning.fmwadmin.ASComponentProv.createComponent(ASComponentProv.java:153)
at
oracle.as.provisioning.fmwadmin.ASComponentProv.createComponent(ASComponentProv.java:73)
at
oracle.as.provisioning.fmwadmin.ASInstanceProv._createComponent(ASInstanceProv.java:401)
at
oracle.as.provisioning.fmwadmin.ASInstanceProv.createComponent(ASInstanceProv.java:364)
at
oracle.as.provisioning.fmwadmin.ASInstanceProv.createInstanceAndComponents(ASInstanceProv.java:136)
at
oracle.as.provisioning.engine.WorkFlowExecutor._createASInstancesAndComponents(WorkFlowExecutor.java:535)
at
oracle.as.provisioning.engine.WorkFlowExecutor.executeWLSWorkFlow(WorkFlowExecutor.java:439)
at
oracle.as.provisioning.engine.Config.executeConfigWorkflow_WLS(Config.java:866)
at oracle.as.provisioning.engine.Config.executeConfigWorkflow_WLS(Config.java:820)
at
oracle.as.idm.install.config.IdMDirectoryServicesManager.doExecute(IdMDirectoryServicesManager.java:945)
at
oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:375)
at
oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:88)
at
oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:105)
at
oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
at
oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:96)
at
oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:186)
at
oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
at
oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:86)
oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:86)
at
java.lang.Thread.run(Thread.java:662)
And into oidmon log shows several lines with this:
...cannot restore segment prot after reloc: Permission denied
In order to fix that you have to change your Oracle linux permissions as below:
Then recreate your repository and re-install your ODS
successfully as below:
I hope this
helps,
Thiago
Leoncio.
Saturday, May 31, 2014
How Oracle Fusion Apps works with IDM solution
This article I am doing an explanation how FA-IDM solution works, from flows perspective. Please check A-Team link below:
http://www.ateam-oracle.com/idm-fa-integration-flows
I hope this helps,
Thiago Leoncio
http://www.ateam-oracle.com/idm-fa-integration-flows
I hope this helps,
Thiago Leoncio
Saturday, April 19, 2014
What is the difference between OIMAuthenticator & OIMSignatureAutenticator in weblogic providers type?
Hello everybody,
Today I would like to discuss the authenticator provider for
IDM.
Basically , let's start answering
then main question. The difference comes from OIMSignatureAuthenticator
being used in situations where a digital signature can be inspected instead of
a password - which is useful in some specific integrations. Such as Quartz
Scheduler integration with OIM as: OAM
with OIM or SiteMinder with OIM.
So, it allows Weblogic Server and its provider to participate,
for example, in SSO solution for Web service applications. It validates
assertions by checking the signature and validates, if needed, the certificate
for trust based on data configured for a specific partner.
Trying to clarify a bit more with one simple example:
Use-case:
All authentication either via browser (http/https) or
non-http, such as Design Console login or t3/t3s route, must be handled by
Siteminder SSO. Only signature authentication will be handled by Oracle
Identity Manager.
This way you will allow only integration products to use
signature as part of the authentication process, all others will be controlled
by your SSO product , in my example SiteMinder.
So, into WLS(Home >Summary of Security Realms >myrealm
>Providers ) your authemtication chain will be like this:
SiteminderIdentityAsserter
DefaultAuthenticator SUFFICIENT
OIMSignatureAuthenticator SUFFICIENT
SiteminderAuthenticationProvider SUFFICIENT
DefaultIdentityAsserter SUFFICIENT
References:
1-Oracle® Fusion Middleware Administrator's Guide for Oracle
Identity Manager-11g Release 2 (11.1.2)-doc: E27149-04
Definitions from WLS Console:
OIMSignatureAuthenticator
Provider that performs signature based authentication thru
the Oracle Identity Manager relational database
OIM Authenticator or OIM Authenticator Provider
Provider that performs authentication thru the Oracle
Identity Manager relational database
I hope this helps,
Thiago Leoncio.
Subscribe to:
Posts (Atom)