I just published an article into chronicle site that explains how to disable "Change password" and "forgot password" functionality into FA-IDM as well as IDM(OIM) solution.
Link below is available now:
http://www.ateam-oracle.com/disabling-change-password-and-forgot-password-functionality-in-fa-idm/
I hope it helps you,
Thiago Leoncio.
Thursday, July 31, 2014
Saturday, July 19, 2014
OID11G: Disabling LDAP NULL BASE SEARCH or how to disable ldapbind into OID.
Simple but very helpful article.
1)I always like to do it by command line as below:
ldapbind -h leonciohost -p 3060 -D cn=orcladmin
Result: bind successful
This above means the bind feature is enable.
If you look into this parameter below:
ldapsearch -p 3060 -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*" orclanonymousbindsflag -D cn=orcladmin -q
orclanonymousbindsflag=1
0 is disallow
1 is enabled
2 is disallow except for Read Access o the root DSE
So, you have to change this parameter thru ldapmodify as below:
...
orclanonymousbindsflag
...
command:
ldapmodify -p 3060 -D cn=orcladmin -w leonciopwd << EOF
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orclanonymousbindsflag
orclanonymousbindsflag: 0
EOF
ldapsearch -p 3060 -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*" orclanonymousbindsflag -D cn=orcladmin -q
orclanonymousbindsflag=0
This means anonymous bind is now disallow
2) But you can also do it by EM as below:
a. Navigate to "Identity and Access' -> oid1
b. Click on 'Oracle Internet Directory' and select 'Administration' -> 'Server Properties'
c. Switch 'Anonymous Bind' from 'Allows' to 'Disallow except for Read Access on the root DSE' or 'Disallow'
d. Click 'Apply'
I hope this helps you,
Thiago Leoncio.
1)I always like to do it by command line as below:
ldapbind -h leonciohost -p 3060 -D cn=orcladmin
Result: bind successful
This above means the bind feature is enable.
If you look into this parameter below:
ldapsearch -p 3060 -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*" orclanonymousbindsflag -D cn=orcladmin -q
orclanonymousbindsflag=1
0 is disallow
1 is enabled
2 is disallow except for Read Access o the root DSE
So, you have to change this parameter thru ldapmodify as below:
...
orclanonymousbindsflag
...
command:
ldapmodify -p 3060 -D cn=orcladmin -w leonciopwd << EOF
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orclanonymousbindsflag
orclanonymousbindsflag: 0
EOF
ldapsearch -p 3060 -b "cn=oid1,cn=osdldapd,cn=subconfigsubentry" -s base "objectclass=*" orclanonymousbindsflag -D cn=orcladmin -q
orclanonymousbindsflag=0
This means anonymous bind is now disallow
2) But you can also do it by EM as below:
a. Navigate to "Identity and Access' -> oid1
b. Click on 'Oracle Internet Directory' and select 'Administration' -> 'Server Properties'
c. Switch 'Anonymous Bind' from 'Allows' to 'Disallow except for Read Access on the root DSE' or 'Disallow'
d. Click 'Apply'
I hope this helps you,
Thiago Leoncio.
Sunday, July 6, 2014
OAM 11G Troubleshooting session: "AMInitServlet" failed to preload on startup in Web application: "oam". java.lang.ExceptionInInitializerError
Hello everyone,
today I was
installing my OAM environment and I had a very interesting issue that I would
like to share into my troubleshooting article.
After finish my domains
creation and Start AdminServer and OAM managed Server I received this issue
below:
<BEA-000628>
<Created "1" resources for pool "oamDS", out of which
"1" are available and "0" are unavailable.>
####<Jul 05, 2014
2:35:56 PM EDT> <Error> <HTTP> <oam1.domdaman.intra>
<WLS_OAM1> <[ACTIVE] ExecuteThread: '0' for queue:
'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <>
<0000KSmQ^QF9DgYjLpuHOA1Jkmq2000002> <1405300164014> <BEA-101216> <Servlet:
"AMInitServlet" failed to preload on startup in Web application:
"oam".
java.lang.ExceptionInInitializerError
at
oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.checkAndInit(AbstractSessionAdapterImpl.java:92)
at
oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.<init>(AbstractSessionAdapterImpl.java:75)
at
oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<init>(MultipleUserSessionAdapterImpl.java:56)
at
oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<clinit>(MultipleUserSessionAdapterImpl.java:45)
at
oracle.security.am.engines.sso.adapter.SessionManagementAdapterFactory.getAdapter(SessionManagementAdapterFactory.java:46)
at
oracle.security.am.engines.enginecontroller.SSOEngineController.processEvent(SSOEngineController.java:497)
at
oracle.security.am.controller.MasterController.processEvent(MasterController.java:568)
at
oracle.security.am.controller.MasterController.processRequest(MasterController.java:757)
at
oracle.security.am.controller.MasterController.process(MasterController.java:680)
at
oracle.security.am.pbl.transport.http.AMInitServlet.initializeAmServer(AMInitServlet.java:137)
at oracle.security.am.pbl.transport.http.AMInitServlet.init(AMInitServlet.java:79)
at
weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
at
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at
weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at
weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
It took a lot of time to
realize that my server was not starting properly because of a related multicast
issue that is described into this WLS document:
So, what is the fix?
You have 2 possibilities to
fix this:
1)-Djava.net.preferIPV4stack=true as WLS document describe below:
2)Or force to not be IPV6
with -Djava.net.preferIPV6=false option
Once your wls server
recognize that you are using the proper IPV(Internet Protocol Version). This
will make the OAM deployment to go thru and your managed server you start successfully.
I hope this helps you and
don't make you loose time as I did,
Thiago Leoncio.
Friday, July 4, 2014
OIM11G Troubleshooting session: Error: Diagnostics data was not saved to the credential store.
Happy 04 July everyone!
Installing OIM11G PS2 and I got this issue(Starting
AdminServer):
----------------
Info:
Data source is: opss-DBDS
WLS ManagedService is not up running. Fall
back to use system properties for configuration.
Error:
Diagnostics data was not saved to the credential store.
Error:
Validate operation has failed.
-----------------
This issue happens because you did skip two
very important items described below:
In order to fix this issue you must do
these:
1)Run the wlst command to create the security store:
CD $ORACLE_COMMON
wlst.sh
/u01/app/oracle/Middleware/wls10360/Oracle_IAM/common/tools/configureSecurityStore.py
-d /u01/app/oracle/Middleware/wls10360/user_projects/domains/IAMDomain11G -c
IAM -m create
Info: Data source is: opss-DBDS
Please input data source password:
Info: DB JDBC driver:
oracle.jdbc.OracleDriver
Info: DB JDBC URL: jdbc:oracle:thin:@leoncio.us.oracle.com:1521/leoncio.us.oracle.com
Connected:oracle.jdbc.driver.T4CConnection@153e9cb8
Disconnect:oracle.jdbc.driver.T4CConnection@153e9cb8
INFO: Found persistence provider
"org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not
be used.
INFO: Found persistence provider
"org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not
be used.
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done
Jun 18, 2014 6:32:31 PM oracle.security.jps.internal.config.ldap.LdapCredStoreServiceConfigurator
schemaCompatibleHandler
INFO: Credential store schema upgrade not
required. Store Schema version 11.1.1.7.0 is compatible to the seed schema
version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSchema - Store schema has been
seeded completely
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] seedSchemaAndCreateDIT - done
Jun 18, 2014 6:32:35 PM
oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl
migrateCredentialData
INFO: Migration of Credential Store data in
progress.....
Jun 18, 2014 6:32:35 PM
oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl
migrateCredentialData
INFO: Migration of Credential Store data
completed, Time taken for migration is 00:00:00
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done
Jun 18, 2014 6:32:35 PM
oracle.security.jps.internal.config.ldap.LdapKeyStoreServiceConfigurator
schemaCompatibleHandler
INFO: Keystore schema upgrade not required.
Store Schema version 11.1.1.7.0 is compatible to the seed schema version
11.1.1.4.0
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSchema - Store schema has been
seeded completely
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] testJpsService - done
Jun 18, 2014 6:32:37 PM
oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial
INFO: Your Policy store schema is not
upgraded to the latest version!
Please run the PSA (Patch Set Assistant) to
upgrade the current schema version 11.1.1.7.0 to the latest version 11.1.1.7.2.
Or, you could continue to run in the
backward-compatibility mode.
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done
Jun 18, 2014 6:32:37 PM
oracle.security.jps.internal.config.ldap.LdapPolicyStoreServiceConfigurator
schemaCompatibleHandler
INFO: Policy schema upgrade not required.
Store Schema version 11.1.1.7.0 is compatible to the seed schema version
11.1.1.4.0
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSchema - Store schema has been
seeded completely
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done
Jun 18, 2014 6:32:37 PM
oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial
INFO: Your Policy store schema is not
upgraded to the latest version!
Please run the PSA (Patch Set Assistant) to
upgrade the current schema version 11.1.1.7.0 to the latest version 11.1.1.7.2.
Or, you could continue to run in the backward-compatibility
mode.
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
WLS ManagedService is not up running. Fall
back to use system properties for configuration.
Jun 18, 2014 6:32:47 PM
oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy
migrateData
INFO: Migration of Admin Role Members started
Jun 18, 2014 6:32:47 PM
oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy
migrateData
INFO: Migration of Admin Role Members
completed in 00:00:00
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done
Jun 18, 2014 6:32:47 PM
oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator
schemaCompatibleHandler
INFO: Audit store schema upgrade not
required. Store Schema version 11.1.1.7.0 is compatible to the seed schema
version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSchema - Store schema has been
seeded completely
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] seedSchemaAndCreateDIT - done
Jun 18, 2014 6:32:48 PM
oracle.security.jps.internal.audit.AuditServiceImpl registerInternal
WARNING: Cannot register to audit service for
component "JPS".
Jun 18, 2014 6:32:48 PM
oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl
migrateAuditStoreData
INFO: Migration of Audit Store data in progress.....
Jun 18, 2014 6:33:51 PM
oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl
migrateAuditStoreData
INFO: Migration of Audit Store data
completed, Time taken for migration is 00:01:03
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] testJpsService - done
persist to output:
/u01/app/oracle/Middleware/wls10360/user_projects/domains/IAMDomain11G/config/fmwconfig
- done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done
Jun 18, 2014 6:34:04 PM
oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial
INFO: Your Policy store schema is not
upgraded to the latest version!
Please run the PSA (Patch Set Assistant) to
upgrade the current schema version 11.1.1.7.0 to the latest version 11.1.1.7.2.
Or, you could continue to run in the
backward-compatibility mode.
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done
persist to output:
/u01/app/oracle/Middleware/wls10360/user_projects/domains/IAMDomain11G/config/fmwconfig
- done
INFO: Found persistence provider
"org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not
be used.
Jun 18, 2014 6:34:13 PM
oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial
INFO: Your Policy store schema is not
upgraded to the latest version!
Please run the PSA (Patch Set Assistant) to
upgrade the current schema version 11.1.1.7.0 to the latest version 11.1.1.7.2.
Or, you could continue to run in the
backward-compatibility mode.
INFO: Found persistence provider
"org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not
be used.
Jun 18, 2014 6:34:36 PM
oracle.security.jps.internal.policystore.ldap.LdapPolicyStore initial
INFO: Your Policy store schema is not
upgraded to the latest version!
Please run the PSA (Patch Set Assistant) to
upgrade the current schema version 11.1.1.7.0 to the latest version 11.1.1.7.2.
Or, you could continue to run in the
backward-compatibility mode.
Using default context in
/u01/app/oracle/Middleware/wls10360/user_projects/domains/IAMDomain11G/config/fmwconfig/jps-config-migration.xml
file for credential store.
Credential store location :
jdbc:oracle:thin:@leoncio.us.oracle.com:1521/leoncio.us.oracle.com
Credential with map
Oracle-IAM-Security-Store-Diagnostics key Test-Cred stored successfully!
Credential for map
Oracle-IAM-Security-Store-Diagnostics and key Test-Cred is:
GenericCredential
Info: diagnostic credential created in the
credential store.
Info: Create operation has completed successfully.
2) Upgrade OPSS using Patch Assistant:
CD MW_HOME/oracle_common/bin
./psa.sh
Conclusion:
After OPSS upgrade you can restart your
AdminServer successfully. And you will see that OPSS will be validated properly
as the output shows below:
....
....
Welcome to WebLogic Server Administration
Scripting Shell
Type help() for help on available commands
Info: Data source is: opss-DBDS
WLS ManagedService is not up running. Fall back to use system properties for configuration.
Info: Diagnostics data was saved to the credential store.
Info: Validate operation has completed successfully.
*****************************************************
** Setting up SOA specific environment...
*****************************************************
EXTRA_JAVA_PROPERTIES= -da:org.apache.xmlbeans...
.
LD_LIBRARY_PATH=/u01/app/oracle/Middleware/wls10360/patch_wls1036/profiles/default/native:/u01/app/oracle/Middleware/wls10360/patch_oepe180/profiles/default/native:/u01/app/oracle/Middleware/wls10360/patch_ocp371/profiles/default/native:/u01/app/oracle/Middleware/wls10360/patch_adfr1111/profiles/default/native:/u01/app/oracle/Middleware/wls10360/wlserver_10.3/server/native/linux/i686:/u01/app/oracle/Middleware/wls10360/wlserver_10.3/server/native/linux/i686/oci920_8:/u01/app/oracle/Middleware/wls10360/Oracle_SOA/soa/thirdparty/edifecs/XEngine/bin
.
USER_MEM_ARGS=-Xms512m -Xmx1024m
.
*****************************************************
** End SOA specific environment setup
*****************************************************
/u01/app/oracle/jrockit-jdk1.6.0_45-R28.2.7-4.1.0
/u01/app/oracle/jrockit-jdk1.6.0_45-R28.2.7-4.1.0/jre/bin/java
*****************************************************
** Setting up OIM specific environment...
.
USER_MEM_ARGS=-Xms1024m -Xmx2048m
Type help() for help on available commands
Info: Data source is: opss-DBDS
WLS ManagedService is not up running. Fall back to use system properties for configuration.
Info: Diagnostics data was saved to the credential store.
Info: Validate operation has completed successfully.
*****************************************************
** Setting up SOA specific environment...
*****************************************************
EXTRA_JAVA_PROPERTIES= -da:org.apache.xmlbeans...
.
LD_LIBRARY_PATH=/u01/app/oracle/Middleware/wls10360/patch_wls1036/profiles/default/native:/u01/app/oracle/Middleware/wls10360/patch_oepe180/profiles/default/native:/u01/app/oracle/Middleware/wls10360/patch_ocp371/profiles/default/native:/u01/app/oracle/Middleware/wls10360/patch_adfr1111/profiles/default/native:/u01/app/oracle/Middleware/wls10360/wlserver_10.3/server/native/linux/i686:/u01/app/oracle/Middleware/wls10360/wlserver_10.3/server/native/linux/i686/oci920_8:/u01/app/oracle/Middleware/wls10360/Oracle_SOA/soa/thirdparty/edifecs/XEngine/bin
.
USER_MEM_ARGS=-Xms512m -Xmx1024m
.
*****************************************************
** End SOA specific environment setup
*****************************************************
/u01/app/oracle/jrockit-jdk1.6.0_45-R28.2.7-4.1.0
/u01/app/oracle/jrockit-jdk1.6.0_45-R28.2.7-4.1.0/jre/bin/java
*****************************************************
** Setting up OIM specific environment...
.
USER_MEM_ARGS=-Xms1024m -Xmx2048m
.....
Ref:
I hope this helps you,
Thiago Leoncio.
Subscribe to:
Posts (Atom)