Enabling Diagnostics Trace Level Log for OAM SERVER

OAM Server Diagnostics Logging - Never so easy................ That's a myth now... ;-)

To capture OAM Server logs for diagnosis, we now just need to add few logger statement in logging.xml.

Important Point to note here is that NO SERVER RESTART IS REQUIRED ...........!!!!!!!

So first question that strikes where is this logging.xml is placed?

Ans - It is present in the weblogic server domains directory, like
/scratch/ckukreja/Oracle/Middleware/user_projects/domains/base_domain/config/fmwconfig/servers/wls_oam1/logging.xml

Note: My domain name is "base_domain" and oam server name is "wls_oam1"

Next question, why we need to see the OAM Server diagnostics?

Ans - It will help us to analyze the flow, like when webgate sends the IsRescProtected() NAP Call, in that case whether server is getting it or not. We can find it in the server logs. Moreover we can track that server thread, that what else operations it is performing. Whether sending success to webgate or failure. Or raising exception for performed operation.
All this can be very helpful while debugging an issue.

Now what logger statement need to be added?

Ans - Following are the logs statement need to be added:
<logger name='oracle.oam' level='TRACE:32'/>
<logger name='oracle.security.am' level='TRACE:32'/>
<logger name='oracle.oam.engine.policy' level='TRACE:32'/>
<logger name='oracle.oam.engine.session' level='TRACE:32'/>
<logger name='oracle.oam.engine.sso' level='TRACE:32'/>
<logger name='oracle.oam.engine.authz' level='TRACE:32'/>

Where to place the above snippet in the logging.xml?

Ans - You will find a statement "logger name='' level='ERROR:1'" in the file, place it just after its block.

<logger name='' level='ERROR:1'>
   <handler name='odl-handler'/>
   <handler name='wls-domain'/>
   <handler name='console-handler'/>
  </logger>
<logger name='oracle.oam' level='TRACE:32'/>
<logger name='oracle.security.am' level='TRACE:32'/>
<logger name='oracle.oam.engine.policy' level='TRACE:32'/>
<logger name='oracle.oam.engine.session' level='TRACE:32'/>
<logger name='oracle.oam.engine.sso' level='TRACE:32'/>
<logger name='oracle.oam.engine.authz' level='TRACE:32'/>

 Note: I have enabled the logs in TRACE level 32

Important Point to note here is that NO SERVER RESTART IS REQUIRED ...........!!!!!!!!

For more info related to logging, reference the below link:
http://www.ateam-oracle.com/logging-made-easy-in-oam-11g-with-this-simple-trick/


Enjoy :-)

Understanding the reason why to use OAAM

Understanding OAAM:

1) Risk Analysis: to find/detect the suspicious attack real time or offline.

• This involves keeping the logged in user activity prints, so that to understand the pattern performed. In case whenever pattern variance is detected, OAAM alarms the user.

2) Fraud Analysis: with this we can detect that whether a human is interacting with the system or some malware/bot is placed. To check such suspicious attack either by human or bot, OAAM offers:

• OTP
• KBA
• Fingerprint Detection
• Challenge Schemes...etc

 

Reference:
http://docs.oracle.com/cd/E23943_01/admin.1111/e14568/intro.htm#AAMAD636


Enjoy :-)

OAAM Basic vs Advance vs Advance using TAP Integration with OAM

What all we will be covering?

1. Understanding Basic OAAM Integration
2. Understanding Advance OAAM Integration
3. Understanding Advance TAP OAAM Integration

In this post we will be understanding Basic OAAM Integration

OAAM Basic Integration with OAM:

The basic integration of OAAM offers a limited set of functionality when integrated with OAM. There are extension libraries that bundles with OAM server itself, using which the basic integration is offered.

Knowledge Based Authentication is the only challenge mechanism offered in this basic integration.

What all is needed in this integration?

1) OAAM Admin Server
2) OAAM Database
3) OAM Admin + Managed Server

Note: Webgate 10g & 11g Agents are supported with this integration.

References:
http://docs.oracle.com/cd/E23943_01/doc.1111/e15740/aam.htm#AIING268


Enjoy :-)