OAM - Ondaaah - Urgent

Similar Questions

• Ondaaah with OAM

  Hello experts

  need for an overview on the work of the Ondaaah with OAM. We have a scenario where the domain controllers are located at geographically different locations in different data centers. Suppose that the OAM is installed in DC 1. Now, when a user in DC 2, she is authenticated by DC in DC 2. When the user tries to access a web resource, the request is routed to OAM in DC 1.

  At this stage, OAM is able to authenticate the user through DC 1 DC? as I am confused which will be so KDC runs in DC 2, DC 1 being able to authenticate domain controller?

  I really appreciate your response.

  Yes, your example would work. Ondaaah installation allows you to specify several KDC in the krb5.conf so file.

• Discoverer 11.1.1.7.0 against 12.1.3 with OAM 11.1.2 EBS to request the password for the user with Ondaaah

  Hello

  Oracle has not been able to help me to do this job; 2 open of SR for weeks and no good answer.  They referred me to the people of onlinappsdba and various other public Internet sites.  We run EBS 12.1.3 and Disco 11.1.1.7.0 with 10g SSO and Ondaaah and SSL.  That works very well, users, identity is established through Ondaaah on our corporate network, with zero sign - on.  I'm replacing 10gSSO by OAM 11.1.2.  OAM/OID works very well for EBS and OBIEE, always zero sign - on with the OID 11.1.1.7.0 and AccessGate piece (and a webgate for both).  (Too many servers to SSO support in my view, if something goes wrong, too many places to look.)  For Disco, I created the osso.conf in OAM 11.1.2 installed in a folder on the Disco and bounced of Disco.  This works OK if in OAM authentication method is based authentication forms, with OAM inviting the user to signon, OID and then passes the user name and password through the OID in Active Directory, and connect on Disco invites to indicate the user name, and then gives access to workbooks.  No prompt for password clubbing.  But when I try to activate Ondaaah as an authentication method in the OAM, discoverer invite first the "Oracle Applications" connection for a user name and the EUL.  But Disco then prompts the user a password, that no longer exists in fnd_user. because authentication is external.  Connections fail.  I am also unable to create a private connection; This dialog box Disco also invites a user password.  At the login page of Disco, the user session went to OAM and fact authentication successful via Ondaaah.  I can tell from follow-up to the session through Fiddler.  Transmitted to the disco but Disco missing something and password prompts.  Support OAM at Oracle seems to think that OAM is not send the cookie to Discoverer, although I'm not sure.

  First of all, Ondaaah with Disco should work with OAM, right?  Any thoughts on what might be missing?  I went through the MOS notes a few times, closely followed the tutorial onlinappsdba on it.

  Thank you very much.

  Tom

  The hotfix is described in Note 1616228.1 problem with mod_osso and custom authentication plugins.  Disco can work very well, with zero sign - we and OAM.

• Urgent: Authorization of OAM

  Hi all
  
  I'm trying to implement permission such as the user of belonging to a certain group of oid (oid is my store of users) are allowed to see a page. I implemented the strategy approval accordingly but somehow, it was not implemented and all users are able to access the http resource. I tried with authentication of faucet base OAAM and LDAP authentication simple oam on LDAP authentication, but the same results, my Tester of access, I get the success of permission each time.
  
  Details of my environment.
  
  OSH :-11.1.1.6.0
  WebGate :-11.1.1.5.0
  OAM :-11.1.1.5.0
  
  details of the strategy: -.
  Authorization policy
  
  Name:-political protection of resources
  Success URl:-null
  URL of failure:-null
  Use the implicit constraints:-ACTIVATED
  Identity:-DISABLED
  
  Resources:-protected.html
  
  Constraints
  Name:-enable Group
  Class:-identity
  Type:-allow
  
  Constraints: Details
  Type: allow
  StoreName: OIMIDStore (OID)
  Entity name: group1
  
  Answers
  Name: OAM_REMOTE_USER
  Type: Header
  Value: $user.userid
  
  I'm not going wrong somewhere or some other configuration is required for the feature to work.
  Please let me know if you need more input from me.
  
  Any input would be useful
  
  Kind regards

  Hello

  Before watching your authorization rules, can check the SSOOnlyMode parameter in the oam - config.xml is set to 'false '? Otherwise, OAM will only with authentications, no permissions.

  Kind regards
  Colin

• URGENT: Connect to a LDAP ID OAM 11 g on SSL store

  Hi Im creating a user identity store in OAM 11g (11.1.1.5). My requirement is to create the user identity store by activating SSL. The SSL port number is correct and when you test the connection, thru 'test connection', it's throwing error "unable to connect to the user identity store.
  
  Could someone tell me how to create the identity user via the SSL store
  
  
  
  
  
  
  
  
  Thank you
  Kumar

  You use what ldap? If its open ldap:
  http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.HTML#4.0
  Then generate the certificate first. See the link above and then import using keytool.

  If the certificate has already generated, you can open the browser openlink https:/// you can get certificate here of the browser itself. Copy and import certificate.

  Kind regards
  GP

• Urgent! OAM 10.1.4.0.1 to 10.1.4.2.0 upgrade

  Hi all
  
  Is it good to upgrade the MCO to 10.1.4.2.0 without stop of the OAM components and Web server?
  
  
  Thanks in advance.
  
  Siva NAKI.

  Hi Siva,

  Do not stop components OAM - you should be able to just stop, perform the upgrade to hotfix and restart everything with everything works OK. There is not a lot of functional difference between 10.1.4.0.1 and 10.1.4.2 (but a lot of corrections to make the valid upgrade) so that the system should behave the same as before the upgrade. However, as with any upgrade, you should try it in a test system just to make sure nothing is broken.

  If you perform the upgrade must be applied a recent Bundle Patch (BP) at the same time (the upgrade path is 10.1.4.0.1-> 10.1.4.2-> 10.1.4.2BPxx - you can't do as a simple upgrade).

  Kind regards
  Colin

• Managing roles using the solution of the OIM/OAM/OID

  Dear members

  I am faced with confusion while providing the solution about the OAM and OID.

  We have the portal WC system where authentication solution implemented using OAM 11 g. We expect authentication based on roles with the help of OID/IOM.

  I hear, by authentication based on roles, we're essentially the user roles will find in these roles. So they have will go through SSO system and their landing page will be the same. But the controls and links will be displayed according to their role.

  We do not use oracle role manager then manage it using OID.

  Is there a possible solution. Please help me its urgent.

  Thanks in advance.

  
  

  Concerning

  Arun Kumar Singh
  

  Hi Arun,

  In OAM, you can define authorization policies that allow or deny access to resources based on a value of attribute (of the logged in user). For example, you might allow access to the url/admin only to users who have a value of 'Administrator' in an attribute. Another approach is simply to set the attribute as a Variable for header (this is also defined in an OAM authorization policy) so that it is passed to the receiving application, which can then query the value of the attribute and take appropriate action.

  In these cases, OAM is only using the values of the attribute or send them to another application. To manage the values (put them properly for users/applications etc.) you would use a tool like the IOM to ensure that they are properly sized.

  Kind regards

  Colin

• No default resource in OAM 11.1.1.5.0 type

  Hi all
  
  I installed OAM 11.1.1.5.0 in my environment. In this console OAM, I only get the default resorce types(HTTP,Wl_athun...) to add resources in
  application domain.
  How to solve this problem. What is the cause of this problem?
  Please suggest me on this as soon as possible. Its very urgent.
  
  Kind regards
  Deena.

  It seems that OAM is not installed correctly. Visit this link I don't find the default resource Type in my console OAM.

• OBIEE 11.1.1.6 SSO with OAM 11.1.1.5: problem of attribute OID 11.1.1.6

  Hello world!
  
  I configured an OAM (webgate) + DIO + OBIEE + OHS system.
  The OBIEE is protected via OHS(weblogic module) and webgate. It works very well.
  The CAO authenticates OID (default user identity store).
  The * "User research Base" * is the same (* "cn = Users, dc is mydomain, dc = com" *) in the store of identity and authentication provider OID of OBIEE too.
  SSO is enabled in OBIEE and suppliers are:
  OID (provider that performs authentication LDAP 1.0) JUST
  REQUIRED OAM (Oracle Access Manager identity Asserter 1.0) provider
  DefaultAuthenticator (WebLogic Authentication Provider 1.0) SUFFICIENT
  DefaultIdentityAsserter
  
  IF the * "User name attribute" * is * '' cn '' * in-store OAM of identity of the users and the provider of the OID of the OBIEE * "user name attribute" * is * "cn" * (by default) also, everything works fine.
  
  But I have to use * "orclSAMAccountName" * instead of * "cn" * (OAM and OID provider). And in this case, I have the problem.
  The OID of the OBIEE provider are:
  All users filter: (& (orclSAMAccountName = *)(objectclass=person))
  The user of the name filter: (&(orclSAMAccountName=%u)(objectclass=person)))
  Username attribute: orclSAMAccountName
  
  I did a test user:
  CN = test
  SN = test_sn
  orclsamaccountname = test_sama
  UID = test_uid
  krbprincipalname = test_krb
  I can authenticate with test_sama OAM, but OBIEE say: * "" you are not logged here: Oracle BI Server. "*"
  The bi log shows that:
  + By default (self-adjusting)' > < BISystemUser > <>< 00093dFuR ^ HFW7PMye7i6G00052S000Tt7 > < 1345642607333 > < BEA-000000 > < javax.security.auth.login.FailedLoginException: [Security: 090304] authentication failed: User test javax.security.auth.login.LoginException: identity [Security: 090300] Assertion failure: test user does not exist +.
  + oracle.security.jps.internal.api.jaas.AssertionException: javax.security.auth.login.FailedLoginException: [Security: 090304] authentication failed: User test javax.security.auth.login.LoginException: [Security: 090300] identity Assertion failure: test user does not exist.
  
  Why does search OBIEE the * '' cn '' * and why does not use the * "orclsamaccountname?"
  
  Any idea?
  
  Best regards, Jani

  Hello Joseph,.

  This is a known issue in OBIEE 11.1.1.6.0, please see: OBIEE 11.1.1.6 Agent failed with error code: IHVF6OM7:OPR4ONWY:U9IM8TAC [nQSError: 13039] the imposter does not exist in the BI [1446877.1 ID] Security Service

  We have configured OBIEE 11.1.1.6 on Linux and use Single Sign On (SSO) with authentication Native for Windows (Ondaaah).

  Configured authenticator AD, select sAMAccountName instead of CN for the attribute of the user. SSO in MS license. When you try to access the OBIEE presentation services we met the below error.

  «You are not logged here: Oracle BI Server.»

  When to check the logfile biserver1 found: failure of the Assertion of identity [Security: 090300]: user OracleSystemUser does not exist

  After you apply the hotfix 13553428 on top of 11.1.1.6.0 OBIEE we connected in OBIEE presentation services.

  It works very well with OBIEE, 11.1.1.5.0 and 11.1.1.6.1

  OBIEE fixed in 11.1.1.6.1. Apply Patch 13742915.

  If you want to stay in OBIEE 11.1.1.6.0. Apply Patch 13553428.

  Let me know if this solves the problem of Asserter.

  Pls mark so useful or response.

  Thank you
  SVS-

• Integration of 11g OAM with Kerberos on cluster with virtualhost load balancing

  Hello!
  I need to make an integration of Kerberos with OAM.
  I find the rest of OAM 11 g notes: Configuration Ondaaah HA Clusters [1365888.1 ID] (https://support.oracle.com/epmos/faces/ui/km/SearchDocDisplay.jspx?_afrLoop=223640518878014 & type = DOCUMENT & id = 1365888.1 & displayIndex = 1 & _afrWindowMode = 0 & _adf.ctrl - State = 14ehvbh4z2_61).
  
  "In environment clustered OAM, OAM Principal for Ondaaah must be the same on all levels, i.e. balancing virtualhost to the OAM cluster."
  That's why each managed server OAM will reference the same keytab file generated for main HTTP / < virtualhost.domain >, and the keytab file will be in the same location on all OAM servers managed.
  For example: ${DOMAIN_HOME} /domains/$ {DomainName} / config/fmwconfig/oam / < the keytab file name >.
  
  After copying the file keytab to the same directory on all OAM manages the server machines, proceed to configuring the Kerberos authentication module in the Console of Administration of OAM (/ oamconsole).
  The AdminServer ensure that the config.xml file - oam on all levels of OAM managed server in the cluster is updated with this configuration."
  
  The question is; When I create oam.keytab with the following command, what is the name of the server I'll have to order? Node1 and Node2 (balanced) VirtualHost?
  
  Ktpass - princ HTTP / < servername > @domaine - pass XXXXXXX mapuser domain\user - on oam.keytab.
  
  Thanks in advance and best regards!
  
  PS: Sorry if my English is not clear.

  David,

  Your main name must match the URL of SSO LB. (ie: sso.mycomany.com)

  Ktpass - princ HTTP/sso.mycomany.com@DOMAIN-passer XXXXXXX mapuser domain\user - on oam.keytab.

  Also make sure that sso.mycomany.com has a reverse DNS configured correctly.
  You can check using the dig command

  Ping sso.mycomany.com
  Regardless of the ip address
  dig - x

  Check in the reverse DNS it takes 1 form.

  ;; SECTION OF THE ANSWER:
  1.1.1.1.in - addr.arpa. 3600 IN PTR sso.mycomany.com.

  Let me know if you have any other questions.

  Thank you
  Saurabh

• OAM11g-Ondaaah and OVD

  Hello, I'm testing OAM11g/Ondaaah (Native Windows without IIS authentication). I have OVD configured as storage of primary identity that virtualizes against areas from 16:00. Most of the documents/blogs around this tip of topic to creating identity AD save with associated Kerberos configurations in OAM. Can I pass the authentication Kerberos OVD and avoid creating the identity AD store. OAM 11.1.1.5 support store of multiple identities, because I have 4 domains, keeping separate krb5.conf and SPN file seems to be get complicated. Has anyone tried this before? Please, share your ideas.
  
  Thank you
  Sunil.

  Yes, Sunil, you can certainly do.

  Make sure that the TPM is default user store and ensure that this attribute of the user that you select here is similar to UserPrincipalName.

  HTH,
  REDA Mareddi
  http://www.freeoraclehelp.com

• Greetings, Im getting an urgent message when I try to open my safari browser. He said a number listed in the contact message. Is it a real Apple alert or a scam?

  Hello, I get an urgent message to communicate a number of phone about my safari browser. Is it a scam? What is the official support of Safari Apple #? Thanks for your help?

  It's a scam.

  Force Quit Safari using the command + Option + ESC shortcut keyboard, then restart Safari while hiding the SHIFT key .

  Then, to your Safari menu bar, click Safari > Preferences then select the Privacy tab, then click: delete all data of the website can leave then restart Safari.

  That should eliminate the alert/scam.

  message edited by;  CS

• How one mark messages as urgent or highimportance

  I want to mark a message as urgent and/or important how do I do this?

  Click WRITE to open your compose window.
  In the Menu, go to OPTIONS - PRIORITY - HIGHEST.

• Urgent need help: I run windows 10 on iMac. I can't boot into Windows 10 after update to El Capitan 10.11.5. Help, please!

  An urgent need to help!

  I've been running Windows 10 on my iMac via Boot Camp. I just upgraded to El Capitan 10.11 to 10.11.5. I don't know if it was because of this upgrade that made me not be able to return to Windows. In the windows startup disk, my windows HD and OS X HD icons are all grayed out. So, I can't select which one to be my default startup Mode of the disc. Help, please!

  Pisheng D.

  Unlock you the boot floppies pane by clicking the lock button? Look at the lower left corner of this screen.

  

• Urgent

  Urgent

  I have recive notifications in my IPad

  Since I have message which

  This number rose to the pair of power (can I posted?)

  I do not know this number

  and even several times

  message is from Apple about itune

  I have pay 1.00 dolla to keep certain elements

  before buying, which is absolutely not true

  1st quarter so can you please help me with this

  Q2, I went to learn how can I know which pair to my message I

  Thank you

  Hello

  Go to settings-safari erase data & historical web.

  See you soon

  Brian