Unable to login to OAM Console 11g:
Sometimes we get into a situation where we are unable to login to oamconsole when we change the identity store in OAM 11G oamonsole from EMBEDDED LDAP store to some other LDAP Store like OID, OVD or ODSEE etc...
In this case we should take caution by taking backup of oam-config.xml file; now the question comes in that why it is so important to take backup of this file?
This file contains all the configurations related info required for OAM Server and also it gets updated when update the server configuration.
For example: Default LDAP store configured in it will be like;
<Setting Name="UserIdentityStore" Type="htf:map">
<Setting Name="SECURITY_PRINCIPAL" Type="xsd:string">cn=Admin</Setting>
<Setting Name="GROUP_SEARCH_BASE" Type="xsd:string">ou=groups,ou=myrealm,dc=base_domain</Setting>
<Setting Name="USER_NAME_ATTRIBUTE" Type="xsd:string">uid</Setting>
<Setting Name="Type" Type="xsd:string">LDAP</Setting>
<Setting Name="IsSystem" Type="xsd:boolean">true</Setting>
<Setting Name="IsPrimary" Type="xsd:boolean">true</Sghetting>
<Setting Name="Name" Type="xsd:string">UserIdentityStore1</Setting>
<Setting Name="SECURITY_CREDENTIAL" Type="xsd:string">{AES}F8E3A9FAD9D662F753D842979423ED3D</Setting>
<Setting Name="LDAP_PROVIDER" Type="xsd:string">EMBEDDED_LDAP</Setting>
<Setting Name="USER_SEARCH_BASE" Type="xsd:string">ou=people,ou=myrealm,dc=base_domain</Setting>
<Setting Name="ENABLE_PASSWORD_POLICY" Type="xsd:boolean">false</Setting>
<Setting Name="LDAP_URL" Type="xsd:string">ldap://ldap-host:7001</Setting>
<Setting Name="UserIdentityProviderType" Type="xsd:string">OracleUserRoleAPI</Setting>
</Setting>
Similarly when you configure a new LDAP Store, a same sort of entry will be created where you will notice that the new IDENTITY Store will become the primary store and its flag will be set as true while the embedded ldap store isPrimary flag turns false;
<Setting Name="IsPrimary" Type="xsd:boolean">true</Setting>
Possible way outs:
1) Check whether the user you are logging with has admins rights; i.e. is that user added to the administrators group of the LDAP Store.
2) If the step 1 is fine than you might not have done proper configuration in weblogic console;
- Check for the users&groups configuration, whether the added user is present under users tab or not,
- Check for the roles&policies, i.e. under global roles->Admin-> is your admin group is present.
- Check whether the identity store is placed at the top in the providers tab, if not you need to reorder it.
3) If step 2 is ok than check oamconsole settings, now you will ask when i am not able to login than how can i check those?
- So the answer lies in below mentioned explanations.
Thus in case you are enable to login to the oamconsole than just replace the oam-config.xml file with the old one. Remember whenever you do changes in oam server configuration after applying the changes a backup file gets generated automatically.
So either replace the current oam-config.xml with the last saved auto backed up file or with the one you have saved as a copy.
Than restart the admin & manged server, you should be able to login with the default credentials of embedded ldap store.
Enjoy :-)