Configuration of single sign on with OAM to ensure web application (no application from merger)

Hello world

I have configured single sign-on with OAM to guarantee a non fusion web application. But she cannot lead to the OAM sso login page. Could you please say nowhere I need to check?

The web application deployed in a weblogic domain, the console already be configured for authentication sso OAM successfully. But the deployed web application does not can be redirected to sso login page when go to a secure page.

The web.xml file is

<>login-config
< Auth-method >CLIENT-CERT< / auth-method >
< domain name > myRealm < / realm-name >
< / login-config >

Thank you.

Hello

Assuming that you go directly to the port of the Weblogic Server and not through a web server, acting as a proxy, try to add the url of your application as a resource in the Application domain 'IAM Suite' in the /oamconsole, which gives it an authentication strategy of 'Protected level policy' to see if this changes the behavior. This is a test - if it works, it's best to create your own application domain for your resources so that they can be managed without interfering with internal policies used by OAM.

Kind regards

Colin

Tags: Fusion Middleware

Similar Questions

  • Please need help with the deployment of web applications in Jdeveloper 12 c

    Hello

    I'm desperate for help guys. am trying to deploy a web application in weblogic server, but nothing works!

    I have created a project in jdeveloper and created a jsp page in the project, what I want is to run this page!

    I followed the instructions here: Deployment of Applications Web Fusion , I don't really know if I did good or bad, the document is too detailed and not understood clearly.

    I am a newbie oracle user and trying to build a jsp web application connected to the oracle database. fails application deployment it says: cannot run application deployment IntegratedWeblogic error...

    Please could you tell me the steps of deploying applications in Jdeveloper 12 c?
    What deployment profiles, I need to create (ear, war, mar)?

    This deployment descriptor, I need for my application work?

    Please guys I am newbie to oracle, if you could give me simplified answers and straight instructions it will be appreciated .

    Thank you

    It depends on your knowledge of jsp and the possible controllers like struts, the faces and the adf (which is an addon of jsf). ADF has the advantage that a large number of configurations and other stuff is handled for you. However, if you are familiar with Struts you can use it too.

    The decision also depends on demand and what he should do. I can't comment on this, as I don't know.

    As you use 12 c my recommendation is to use the stack complete adf, meaning adf faces and adfbc for access to the data in the Database.

    There is a license for the adf if you want to deploy on a WebLogic Server, however there is a free version (adf essentials) that uses a GlassFish server.

    Timo

  • With the PL/SQL Web application development?

    I create the following function without any problems.
    When I run, it displays error.

    How to use or test the function?

    I'm unable to get information on delivery or the use of the procedure?

    Where can I start for development based on the Web?

    CREATE OR REPLACE PROCEDURE html_page
    IS
    BEGIN
    HTP. HTMLOPEN; -generates < HTML >
    HTP. HEADOPEN; -generates < HEAD >
    HTP. TITLE ('Title'); -generates < TITLE > Hello < /title >
    HTP. HEADCLOSE; -generates < / HTML >

    -generates < BODY TEXT = "#000000" BGCOLOR = "#FFFFFF" >
    HTP. BODYOPEN (cattributes = > 'TEXT = "#000000" BGCOLOR = "#FFFFFF" ');

    -generates < H1 > section in the HTML < / H1 >
    HTP. Header (1, "section in the HTML file");

    HTP. PARA; -generates < P >
    HTP. PRINT ("of the text in the file HTML.");
    HTP. BODYCLOSE; -generates < / BODY >
    HTP. HTMLCLOSE; -generates < / HTML >
    END;



    SQL > EXECUTE html_page
    BEGIN html_page; END;

    *
    ERROR on line 1:
    ORA-06502: PL/SQL: digital error or value
    ORA-06512: at "SYS." OWA_UTIL", line 325
    ORA-06512: at "SYS." HTP", line 1322
    ORA-06512: at "SYS." HTP", line 1397
    ORA-06512: at "SYS." HTP", line of 1689
    ORA-06512: at "SYS." HTP", line 71
    ORA-06512: at the 'HARISH. HTML_PAGE', line 4
    ORA-06512: at line 1

    Published by: HARISH on August 25, 2008 16:48

    I don't think so. If you try to process web developing, I think that you do not want to display the HTML generated but the rendered html. I use developer PL/SQL that have an owa make this display make you it as in the browser.

    The solution proposed by michaels is very interesting for me because I don't know the solution, but this implies to use htp.showpage (); and owa.init_cgi_env (param_val); that you need not with dads.

    I think it depends on what you want to achieve.

  • With the help of various databases for an application from merger web ADF

    Hi all

    Here's the thing. Following some steps in a book of developing an application, and I must say looks really good, so I thought why not just change a little bit and use it for the company, I work for. Main problem is, the book uses the HR schema, and I want to use the database of the company. Is - it possible and what losses are should I watch? What are the areas that I need to fix?

    Thanks in advance to all

    dino2dy,

    What are the areas that I need to fix?

    Not much, just the design of database components business, provisions of screen, workflows and business logic (in other words, just about everything)

    The best thing to do would be to make the teachings of the book how to develop such an application, and then use what you learned to develop your application. There may be utility classes, techniques, layouts, etc that you could reuse the book maybe.

    John

  • Single Sign-On sequence 5.1 to 5.5 upgrade (multisite mode and bound)

    Hello

    I have trying to find SSO upgrade documentation that describes the options I have to choose for the following upgrade scenario:

    Before the upgrade to 5.5:

    • 2 x 5.1 vCentre servers (Windows 2K8R2) along with related modes.
    • Each vCentre has its own local SSO server that runs on the same server vCentre. Both have the same deployment ID.

    My understanding of what the upgrade for authentication UNIQUE and related modes cannot function after update 5.5 should go as follows (obviously related modes has been removed before the upgrade):

    1. On the first SSO server. Switch from 5.1 to 5.5 using the MULTISITE option. (Web Client follow-up, inventory Service & Server vCentre).
    2. On the 2nd Server SSO. Switch from 5.1 to 5.5 using the MULTISITE option. (Web Client follow-up, inventory Service & Server vCentre).

    The problem is the first SSO server when I select MULTISITE option on the next page, I get the details of the host partner and password I was do one of the following errors:

    1. Could not get the server certificate, or
    2. Unable to get the host name

    And cannot proceed with the upgrade. The only option that works is the AUTONOMOUS vCENTRE SSO SERVER option which I think related modes don't work after upgrade.

    Any help pointing me to a document that stresses the good options if bound mode is preserved after upgrade would be great.

    See you soon

    You use the 2 vCenter 5.5 Update Setup or an older version? Because there are a few changes on the descriptions of the modes of deployments between vCenter 5.5 GA/starting at day 1 and 5.5 Update 2, take a look:

    The deployment modes available for vCenter Single Sign-On are:

    For 5.5GA for vSphere vSphere 5.5 Update 1 b:

    • vCenter Single Sign-On for your first server vCenter Server
    • vCenter Single Sign-On for an additional vCenter Server into an existing site (formerly Cluster HA)
    • vCenter Single Sign-On for an additional vCenter server with a new site (formerly Multisite)

    For vSphere 5.5 Update 2 and beyond:

    • SSO Server vCenter standalone
    • High availability
    • Multisite

    For your first vCenter, you must select "vCenter Standalone single authentication server ' and the second 'Multisite' option, see this note:

    Multisite | vSphere 5.5 Update 2 and beyond

    This option installs a vCenter Single Sign-On additional server in a new site of logic. Single Sign-On Server vCenter are created using this option, they will all be members of the same domain of authentication vSphere.local. As an improvement on vSphere 5.1, provided Single Sign-On (policy, users of the solution/application, sources of identity) are now automatically replicated between each vCenter Server Single Sign-On in the same field of authentication vSphere.local 30 seconds. This mode should be used after the first Single Sign-On Server vCenter is deployed using the vCenter Single Sign-On for your first server vCenter Server or stand-alone vCenter Server SSO option, depending on your version of version 5.5 of vSphere .

    For more information, see this KB article: VMware KB: vCenter Single Sign-On deployment for vSphere 5.5 modes

  • Single sign - on

    Is single sign - on with interface possble web vCenter 4.1?

    Thank you

    Jof says:

    Is single sign - on with interface possble web vCenter 4.1?

    No, only using the GUI.

  • Problem with OBIEE/WLS and MS AD Single Sign-On configuration

    Hi all

    My apologies if this should be posted in the general forum of WebLogic security rather than here, but given that the Oracle support doc called "+ Oracle BI 11 g and Weblogic for Single Sign-On configuration... + ' I thought I would try this first forum.

    We lack OBIEE 11.1.1.6.5 on WLS 10.3.5.0 on Windows 2007 server.
    Active Directory (2008) is running on Windows 2008 R2 Standard edition.

    I followed the support document ID 1274953.1 mentioned above and have managed to get the AD authentication works between the OBIEE/WLS server and the MS AD server.
    In other words; We are able to manually restart the BI Analytics with our AD username.

    Now, when you try to configure Single Sign On, I'v reached the point where I'm just checking the configuration of Kerberos (page 19-20).

    This defective with the following result:
    C:\Oracle\..\middleware\user_projects\domains\ourdomain>java.exe -Dsun.security.krb5.debug=true sun.security.krb5.internal.tools.Kinit -k -t keytab [email protected]

    KinitOptions cache name is C:\Users\oracleservice\krb5cc_oracleservice
    Principal is [email protected]

    Kinit using keytab
    
Kinit keytab file name: keytab
    
KeyTabInputStream, readName(): OURDOMAIN.LOCAL
    
KeyTabInputStream, readName(): wlsuser
    
KeyTab: load() entry length: 44; type: 3
    
KeyTabInputStream, readName(): OURDOMAIN.LOCAL
    
KeyTabInputStream, readName(): wlsuser
    
KeyTab: load() entry length: 44; type: 1
    
KeyTabInputStream, readName(): OURDOMAIN.LOCAL
    
KeyTabInputStream, readName(): wlsuser
    
KeyTab: load() entry length: 52; type: 23
    
KeyTabInputStream, readName(): OURDOMAIN.LOCAL
    
KeyTabInputStream, readName(): wlsuser
    
KeyTab: load() entry length: 60; type: 16
    
KeyTabInputStream, readName(): OURDOMAIN.LOCAL
    
KeyTabInputStream, readName(): wlsuser
    
KeyTab: load() entry length: 52; type: 17
    Added key: 17version: 5
Added key: 16version: 5
Added key: 23version: 5
Added key: 1version: 6
Added key: 3version: 5
Ordering keys wrt default_tkt_enctypes list
Config name: C:\Windows\krb5.ini
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17

    Kinit realm name is OURDOMAIN.LOCAL
    
Creating KrbAsReq
    
KrbKdcReq local adresses for WLSSERVER are:
    
     WLSSERVER/10.0.0.2
IPv4 address

     WLSSERVER/0:0:0:0:0:0:0:1
IPv6 address

    KdcAccessibility: reset
    Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17

    KrbAsReq calling createMessage
    
KrbAsReq in createMessage
    
Kinit: sending as_req to realm OURDOMAIN.LOCAL
    Exception: krb_error 0 Cannot get kdc for realm OURDOMAIN.LOCAL No error
KrbException: Cannot get kdc for realm OURDOMAIN.LOCAL
     at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:196)
     at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:175)
     at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:298)
     at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:237)
     at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:107)
    Our krb5.ini looks like this:
    [libdefaults]
default_realm = OURDOMAIN.LOCAL
ticket_lifetime = 600

[realms]
OURDOMAIN.LOCAL = {
kdc = 10.0.0.1
admin_server = adserver.ourdomain.local
default_domain = OURDOMAIN.LOCAL
}

[domain_realm]
.ourdomain.local = OURDOMAIN.LOCAL

[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true
    The test above is done with a keytab file generated on the WLS server according to the documents.
    I also tried using "ktpass' on the ad server to generate a keytab file there, and then placing a keytab on the WLS server file.
    It doesn't work with ' Exception: krb_error 0, no key found in keytab support. "

    I am able to run a ping between servers and have checked that there is no firewall running on one of the servers (they have virtual servers in a closed network). If the AD server should be able to receive TCP/UDP traffic on port 88 Kerberos.

    I'm kinda stuck here, and I can't see that we have different document Metalink support in our configuration.
    All good tips and advice on how to solve this problem would be appreciated.

    Kind regards
    -Haakon-

    Hello

    There is an error in the krb5.ini or krb5.conf:

    > kinit HTTP/ukpsrv016.bah.com
    Password HTTP / [email protected]:welcome1
    Exception: krb_error 0 cannot get kdc for Kingdom BAH.COM errors
    KrbException: Failed to get kdc for BAH.COM domain
    at sun.security.krb5.KrbKdcReq.send (unknown Source)
    at sun.security.krb5.KrbKdcReq.send (unknown Source)
    at sun.security.krb5.KrbAsReq.send (unknown Source)
    to sun.security.krb5.internal.tools.Kinit. (Unknown source)
    at sun.security.krb5.internal.tools.Kinit.main (unknown Source)

    -Check the krb5.ini (Windows) or krb5.conf (Linux, Unix) syntax errors.
    -L' example above was due to lack of space on each side of the '='.
    -Search for missing parameters, lack of spaces, uppercase or lowercase differences
    misspellings, missing or unbalanced parentheses.

    Refer to:
    http://docs.Oracle.com/javase/1.5.0/docs/Guide/Security/jgss/tutorials/KerberosReq.html#SetProps

    Also if this force solves the issue, could you let us know how you created the keytabs, and also orders setspn (with the user account as an administrator in AD WLS account). ?

    I hope this helps. Pls mark if he does.

    Thank you
    SVS

  • vCenter Service was able to start with the error failed to create the front of SINGLE sign-on: vmodl.fault.SystemError

    Hello

    Can someone guide me how to solve this error? vCenter service is not getting started, I looked in the newspapers vpxd and found the following error.

    vCenter Service was able to start with the error failed to create the front of SINGLE sign-on: vmodl.fault.SystemError

    Thank you

    John

    Hi John,.

    This is due to host on the vCenter server entries. Please try the procedure below

    Connect to the vCenter server, edit the/drivers/etc/hosts file in Notepad

    C:\Windows\System32\drivers\etc\hosts

    # 127.0.0.1 localhost

    Note: If a line does not exist in the hosts file, add it at the end of the text.

    #) to remove the comment from the line of IPv4.

    1. 127.0.0.1 localhost
      ·  Save and close the file.
    • localhost127.0.0.1.

      • GoTo services.msc and start VMware Virtual Center Services.

    Thank you

    Venance

  • VCenter Server 5.1 installation fails on registration with vCenter Single Sign On

    Hi all

    Server 2008R2.

    The two level 5. 01b and new facility gives the same error message.

    vCenter installed Single Sign On OK

    vCenter Inventory Service installed OK

    VCenter Server installation is interrupted when the installation dialog box says:

    Recording with vCenter Single Sign On

    The error message is:

    Error 29113. Incorrect entry - a command line argument is not, a file is not found or file specifications doesen't contain the required information, or clocks on the two systems are not synchronized. Check vm_ssoreg.log in the temporary folder of the system for more details.

    Closed log file.

    Know someone at - it a solution for this?

    John

    I had the same problem with the certificate has expired. VMware has made a new kb article:

    http://KB.VMware.com/kb/2035413

    This vcsso file is only there if you do not click ok on the error window. but you do it anyway. Look under the VirtualCenter\SSL of C:\ProgramData\VMware\VMware and see if the rui certificate has expired. mine did and after I removed all the files in there and restart the installation, everything went well, and the new certificate is valid 10 years ;-)

    hope it does not help anyone.

  • Single Sign on authentication failed with error [user: username is found, but]

    Hello

    URGENT:

    One user is trying to connect to Essbase by Excle worksheet. To connect in Essbase, this user who connects to the network using the VPN connection. I suspect that this question arises because of an invalid password, but the user claiming that password is correct. When I checked the user information in Essabase, he gave an external authentication that is valid.

    Please help me on this issue. What should go wrong with this user?

    * Single Sign on authentication failed with error [user: username found, but could not authenticate] *.

    Thanks again for your help.

    Kind regards
    UB.

    If essbase uses an external authentication as MSAD, you can get the password changed at the level of the AD by someone who takes care of the administration.

    See you soon

    John
    http://John-Goodwin.blogspot.com/

  • OBIEE 11.1.1.6 SSO with OAM 11.1.1.5: problem of attribute OID 11.1.1.6

    Hello world!

    I configured an OAM (webgate) + DIO + OBIEE + OHS system.
    The OBIEE is protected via OHS(weblogic module) and webgate. It works very well.
    The CAO authenticates OID (default user identity store).
    The * "User research Base" * is the same (* "cn = Users, dc is mydomain, dc = com" *) in the store of identity and authentication provider OID of OBIEE too.
    SSO is enabled in OBIEE and suppliers are:
    OID (provider that performs authentication LDAP 1.0) JUST
    REQUIRED OAM (Oracle Access Manager identity Asserter 1.0) provider
    DefaultAuthenticator (WebLogic Authentication Provider 1.0) SUFFICIENT
    DefaultIdentityAsserter

    IF the * "User name attribute" * is * '' cn '' * in-store OAM of identity of the users and the provider of the OID of the OBIEE * "user name attribute" * is * "cn" * (by default) also, everything works fine.

    But I have to use * "orclSAMAccountName" * instead of * "cn" * (OAM and OID provider). And in this case, I have the problem.
    The OID of the OBIEE provider are:
    All users filter: (& (orclSAMAccountName = *)(objectclass=person))
    The user of the name filter: (&(orclSAMAccountName=%u)(objectclass=person)))
    Username attribute: orclSAMAccountName

    I did a test user:
    CN = test
    SN = test_sn
    orclsamaccountname = test_sama
    UID = test_uid
    krbprincipalname = test_krb
    I can authenticate with test_sama OAM, but OBIEE say: * "" you are not logged here: Oracle BI Server. "*"
    The bi log shows that:
    + By default (self-adjusting)' > < BISystemUser > <>< 00093dFuR ^ HFW7PMye7i6G00052S000Tt7 > < 1345642607333 > < BEA-000000 > < javax.security.auth.login.FailedLoginException: [Security: 090304] authentication failed: User test javax.security.auth.login.LoginException: identity [Security: 090300] Assertion failure: test user does not exist +.
    + oracle.security.jps.internal.api.jaas.AssertionException: javax.security.auth.login.FailedLoginException: [Security: 090304] authentication failed: User test javax.security.auth.login.LoginException: [Security: 090300] identity Assertion failure: test user does not exist.

    Why does search OBIEE the * '' cn '' * and why does not use the * "orclsamaccountname?"

    Any idea?

    Best regards, Jani

    Hello Joseph,.

    This is a known issue in OBIEE 11.1.1.6.0, please see: OBIEE 11.1.1.6 Agent failed with error code: IHVF6OM7:OPR4ONWY:U9IM8TAC [nQSError: 13039] the imposter does not exist in the BI [1446877.1 ID] Security Service

    We have configured OBIEE 11.1.1.6 on Linux and use Single Sign On (SSO) with authentication Native for Windows (Ondaaah).

    Configured authenticator AD, select sAMAccountName instead of CN for the attribute of the user. SSO in MS license. When you try to access the OBIEE presentation services we met the below error.

    «You are not logged here: Oracle BI Server.»

    When to check the logfile biserver1 found: failure of the Assertion of identity [Security: 090300]: user OracleSystemUser does not exist

    After you apply the hotfix 13553428 on top of 11.1.1.6.0 OBIEE we connected in OBIEE presentation services.

    It works very well with OBIEE, 11.1.1.5.0 and 11.1.1.6.1

    OBIEE fixed in 11.1.1.6.1. Apply Patch 13742915.

    If you want to stay in OBIEE 11.1.1.6.0. Apply Patch 13553428.

    Let me know if this solves the problem of Asserter.

    Pls mark so useful or response.

    Thank you
    SVS-

  • Oracle Enterprise Single Sign On Suite plus

    Please help me to install and work on Oracle Enterprise Single Sign-On Suite Plus if there is any blog or Web site please pass it on. @

    Be aware that there is often a difference between Oracle Enterprise Single Sign On Suite more and Oracle Enterprise Single Sign On (eSSO)

    Oracle Enterprise Single Sign On (eSSO) is a product which provides unique signature funds and other features. It is often simply called ESSO.

    Oracle Enterprise Single Sign On Suite is more often used to designate a license bundle which includes essentially the ESSO products with other IAM products which have SSO capabilities.

    Since this is a technical community, we are good at answering technical questions about each of these products, but when it comes to the issuance of licenses and related licenses for the group, then it is best to ask an Oracle sales person.

    Be aware that when we talk about Group we are talking about how products are compressed upwards, together, not groups of licenses.

    From a technical point, Oracle has so many products that are part of the bundle license to provide SSO functionality. These products, so that they can work together not all are integrated out of the box for some integration work and the same custom development is required to make them all work together.

    Products you might be interested for the SSO are likely:

    (OAM + OIF) Oracle access management

    Oracle Enterprise Single Sign On (ESSO)

    You might also need because they are used to store the users and their related products identification information:

    Oracle unified directory (OUD)

    Oracle Internet Directory (OID)

    Oracle Virtual Directory (OVD)

  • Assign roles to users for SINGLE sign-on integrated

    Hi all

    I'm trying to assign roles to users of the SSO, but I can't. I reached this local and LDAP users, but not for users of SINGLE sign-on (I want to use my AD users but without LDAP configuration)

    My platform is vCenter 5.5 U1 for SSO, vCAC camera + server IaaS and vCAD appliance. When you save your vCAD with vCAC you can use integrated vCAC SSO authentication. But, how can I assign roles to users of SSO?

    I can access vCAD with AD users via integrated authentication for SSO, but all options are read-only.

    Best regards

    Jose Luis Gomez

    Hi all

    Auto answer.

    When you have saved your vCAD with vCAC, new roles appears in vCAC. The roles are:

    • Applications architect
    • Request catalogue administrator
    • Director of Cloud applications
    • Deployer and publisher of the application
    • Director of application system

    You can apply this role to users or groups, but always vCAC--> Administration--> groups/users

    Best regards

    Jose Luis Gomez

  • Several Single-Sign-On or single SSO Server servers

    Hello

    How can KB2076692 of reading, for the purge of heart trouble, I check how the environment is configured with a SINGLE or Mult SSO authentication?

    Hello

    You can follow the steps described in 2035817 ko: KB VMware: VMware vCenter Single Sign-On deployment server mode identification

  • vCenter/Single Sign - on design recommendation

    Hello

    We would like to do a new install of our 2 virtual centres.

    The vCenters looks like this

    ----------------------------------------------------------------------------

    1 vCenter main Site (source vCenter for SRM)

    1 vCenter Site Backup (target vCenter for SRM)

    The current running configuration has a problem with SINGLE sign-on. If the primary vCenter is down you can't connect on the second, which should be the backup vcenter.

    My question is, how to configure the vCenters with SSO as the two vCenter are not affected by another (related modes and MRS. should also work).

    Somebody has experiences with this or has a few recommendations for me?

    Thanks so far

    Simon

    5.5 you will want to install the first VirtualCenter and create a new SSO domain.  Then when you install the second vcenter, you must also install SSO, but tell him to join an existing domain. This will cause the two bodies SSO replicate, but each vcenter has its own copy of the SSO database. In this way when the primary vcenter disconnects, the vcenter backup can still login with SSO and all the data you need.

    I'm not familiar enough with SSO s 5.1 - we skipped this upgrade (and boy, I'm happy). My advice would be to spend 5.5 with a clean if possible install and configure these organizations on both sides with replication.

Maybe you are looking for