Unable to login to oam console with new identity store

Unable to login to OAM Console 11g:

Sometimes we get into a situation where we are unable to login to oamconsole when we change the identity store in OAM 11G oamonsole from EMBEDDED LDAP store to some other LDAP Store like OID, OVD or ODSEE etc...

In this case we should take caution by taking backup of oam-config.xml file; now the question comes in that why it is so important to take backup of this file?

This file contains all the configurations related info required for OAM Server and also it gets updated when update the server configuration.

For example: Default LDAP store configured in it will be like;

<Setting Name="UserIdentityStore" Type="htf:map">
     <Setting Name="SECURITY_PRINCIPAL" Type="xsd:string">cn=Admin</Setting>
    <Setting Name="GROUP_SEARCH_BASE" Type="xsd:string">ou=groups,ou=myrealm,dc=base_domain</Setting>
     <Setting Name="USER_NAME_ATTRIBUTE" Type="xsd:string">uid</Setting>
     <Setting Name="Type" Type="xsd:string">LDAP</Setting>
     <Setting Name="IsSystem" Type="xsd:boolean">true</Setting>
     <Setting Name="IsPrimary" Type="xsd:boolean">true</Sghetting>
     <Setting Name="Name" Type="xsd:string">UserIdentityStore1</Setting>
     <Setting Name="SECURITY_CREDENTIAL" Type="xsd:string">{AES}F8E3A9FAD9D662F753D842979423ED3D</Setting>
    <Setting Name="LDAP_PROVIDER" Type="xsd:string">EMBEDDED_LDAP</Setting>
    <Setting Name="USER_SEARCH_BASE" Type="xsd:string">ou=people,ou=myrealm,dc=base_domain</Setting>
    <Setting Name="ENABLE_PASSWORD_POLICY" Type="xsd:boolean">false</Setting>
    <Setting Name="LDAP_URL" Type="xsd:string">ldap://ldap-host:7001</Setting>
   <Setting Name="UserIdentityProviderType" Type="xsd:string">OracleUserRoleAPI</Setting>
   </Setting>

Similarly when you configure a new LDAP Store, a same sort of entry will be created where you will notice that the new IDENTITY Store will become the primary store and its flag will be set as true while the embedded ldap store isPrimary flag turns false;

<Setting Name="IsPrimary" Type="xsd:boolean">true</Setting>

Possible way outs:
1) Check whether the user you are logging with has admins rights; i.e. is that user added to the administrators group of the LDAP Store.
2) If the step 1 is fine than you might not have done proper configuration in weblogic console;

• Check for the users&groups configuration, whether the added user is present under users tab or not,
• Check for the roles&policies, i.e. under global roles->Admin-> is your admin group is present.
• Check whether the identity store is placed at the top in the providers tab, if not you need to reorder it.

3) If step 2 is ok than check oamconsole settings, now you will ask when i am not able to login than how can i check those?

• So the answer lies in below mentioned explanations.

Thus in case you are enable to login to the oamconsole than just replace the oam-config.xml file with the old one. Remember whenever you do changes in oam server configuration after applying the changes a backup file gets generated automatically.

So either replace the current oam-config.xml with the last saved auto backed up file or with the one you have saved as a copy.

Than restart the admin & manged server, you should be able to login with the default credentials of embedded ldap store. 



Enjoy :-)

Enable Debug Logs for OAM Server from Weblogic Console

Enabling Debug logs:

Let's start the process:

1) Log in to weblogic console: httpd://<host:port>/console

2) Select Environment option under Domain Structure:

• Select Servers option:

3) Select oam_server1: As we need to enable the debug log for a specific component.

• Select 'Debug' tab

4) Select the 'weblogic' & expand its view.

5) Select the component/s for which you want to enable the logging.

• Click 'Enable' to apply changes.

Note:

• Remember, it is possible that you might require to first select "Lock & Edit" option on top left of the screen. And than you need to "Activate Changes". So that it starts reflecting.

 
6) Now for the selected component you will start getting logging trace. You can view the logs for the same under:

• Log File Path: <Middleware_Home>/user_projects/domains/<domain_name>/servers/oam_server1/logs/

• File Name:

1. oam_server1.log
2. oam_server1-diagnostic.log

You are good to go.... Enjoy Debugging.....


Enjoy:-)

[OHS]: Configure Webgate to include Execution context ID (ECID)

Enabling Webgate ECID Logs:

1) Go to Webgate Instance Directory:

bash$> $OHS_HOME/instances/instance1/config/OHS/ohs1/

2) Change Directory to webgate config folder:

bash$> cd webgate/config

3) Open oblog_config_wg.xml file to edit it:

bash$> vi oblog_config_wg.xml

4) By default LOGLEVEL_ECID will be off. Thus it is required to 'On' the logging.

<!--  LOGLEVEL_ECID logs will be logged in a seperate file by default 
  --> 
- <!--  By default LOGLEVEL_ECID will be off.                           
  --> 
- <!--  To make it on change "LOG_STATUS" parameter to "On"             
  --> 
- <ValNameList xmlns="http://www.oblix.com" ListName="LogEcid2File">
  <NameValPair ParamName="LOG_LEVEL" Value="LOGLEVEL_ECID" /> 
  <NameValPair ParamName="LOG_WRITER" Value="MPFileLogWriter" /> 
  <NameValPair ParamName="FILE_NAME" Value="webgate.ecid.log" /> 
- <!--  Buffer up to 64 KB (expressed in bytes) of log entries before flushing to the file. 
  --> 
  <NameValPair ParamName="BUFFER_SIZE" Value="512" /> 
- <!--  Rotate the log file once it exceeds 50 MB (expressed in bytes). 
  --> 
  <NameValPair ParamName="MAX_ROTATION_SIZE" Value="52428800" /> 
- <!--  Rotate the log file after 24 hours (expressed in seconds). 
  --> 
  <NameValPair ParamName="MAX_ROTATION_TIME" Value="86400" /> 
  <NameValPair ParamName="LOG_STATUS" Value="Off" /> 
  </ValNameList>

5) Here we need to change the LOG_STATUS Value to "On"

<!-- <NameValPair ParamName="LOG_STATUS" Value="Off" /> -->

<NameValPair ParamName="LOG_STATUS" Value="On" />

6) If we want to get the logs write quickly, no buffer storage. We can reduce the BUFFER_SIZE to "1".

7) Save the changes. And we are good to go...!!!!
8) Restart the OHS Web Server.

9) You will see a log file created in the diagnoistics folder named "webgate.ecid.log"

bash$> cd $OHS_HOME/instances/<instance_name>/diagnostics/logs/OHS/ohs1/
bash$> ls *ecid*
webgate.ecid.log


Enjoy :-)

Installing & Configuring Apache 2.4 (64bit) on Linux Machine

This post is divided into 3 sections: Installation, Configuration & Verification. 

So let's start the process.........

Installing Apache 2.4 (64bit) on Linux Machine :

1. To install apache 2.4, we need the source code & than need to build it. This will generate the binaries.
2. Download the source code from http://httpd.apache.org/download.cgi#apache24 to your Linux 64bit box.
3. Pre-requisites:
1. Download & configure Apache Portable Runtime Libraries.
2. Download, Install & Configure PCRE (Perl Compatible Regular Expressions).
4.  Download APR & APR-Util:

1. bash$> wget http://apache.tradebit.com/pub//apr/apr-1.5.1.tar.gz
   bash$> wget http://apache.tradebit.com/pub//apr/apr-util-1.5.4.tar.gz

1. Untar both the archives.

                  bash$> gtar -xvzf apr-1.5.1.tar.gz

         bash$> gtar -xvzf apr-util-1.5.4.tar.gz

      4.  Now we need to copy the files from apr & apr-util unzipped folder to the apache 

           downloaded source code folder under "srclib".

               bash$> mv apr-1.5.1/* /scratch/ckukreja/apache24/srclib/apr

               bash$> mv apr-util-1.5.4/* /scratch/ckukreja/apache24/srclib/apr-util

      5.  Download the PCRE from http://sourceforge.net/projects/pcre/files/pcre/8.36/ 

1. Install the pcre. 

          bash$> wget http://sourceforge.net/projects/pcre/files/pcre/8.36/pcre-8.36.tar.gz/download

              2. Configure it.

           bash$> gtar -xvzf pcre-8.36.tar.gz

           bash$> cd pcre-8.36

           bash$> ./configure --prefix=/scratch/ckukreja/pcre

              3. Do make & make install 

            bash$> make

            bash$> make install        

          

      6.  Now we need to configure the environment for building the apache2.4 source code, for this 

           it is required to execute the 'configure' script present in the directory.

           For eg: /scratch/ckukreja/apache24/httpd2.4.10 is the directory where you have unzipped 

                       the source code

                       

                       bash$>ls -ltr configure

      7.  Execute the 'configure'  script.

./configure --with-included-apr --enable-so --with-pcre=/scratch/ckukreja/pcre/ --prefix=/scratch/ckukreja/myapache

      8. Now we need to build & install the binaries. Do the following:

• make
• make install

     9. Now go to the directory where you have install "myapache"

• Move to bin folder and execute the 'file' command on httpd executable file.

                 bash$> cd /home/ckukreja/myapache/bin 
                 bash$> file httpd
httpd: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), not stripped

• 'file httpd' - It's output will show you the type of file is it. Here it should show 64bit, if not than the binaries are of 32bit. Check the steps again.

    

Configure Apache 2.4 on Linux Box:

 As you have installed the apache 2.4 on your Linux Machine. Now it is required to configure it before we start the server.

1. Go to the "myapache" installation directory. Move to conf folder.

         bash$> cd /scratch/ckukreja/myapache/conf  

     2. Open httpd.conf file to edit it. 

          bash$> vi httpd.conf

• Change the port from '80' to the one you want. Like we use '8880'.
• By default username & group are configured as 'daemon'. Change them to the one you are logged in with.
• Save the changes & close the file.

      3. Now come out of the conf folder & change your directory to bin folder.

          

         bash$>cd /scratch/ckukreja/myapache/bin

      4. Execute the apachectl executable. It will start the httpd server process.

• ./apachectl -k  start

Verify the installation & configuration steps:

Try to access the default resource present on apache 2.4 server like index.html.

Syntax: http://<hostname>:<port>/index.html

Eg: http://slc0010:8880/index.html

It will display the "It Works!!!"

So guys you are done with the Installation & Configuration of Apache24-64bit on your Solaris Sparc Machine..........!!!!!!!!!!!!!! :-)

Installing & Configuring Apache 2.2 64bit on Solaris Sparc Box

 

This post is divided into 3 sections: Installation, Configuration & Verification. 

So let's start the process.........

Installing Apache22-64bit-

1. To install apache22, we need the source code & than need to build it. This will generate the binaries.
2. Download the source code from http://httpd.apache.org/download.cgi#apache22 to your Solaris Sparc box.
3. Now we need to 'export' some settings, i.e. per-requisites before we start the build process:
1. export LD_LIBRARY_PATH=/usr/sfw/lib/sparcv9:/usr/local/lib/sparcv9
   export PATH=/usr/sfw/bin:/usr/ccs/bin:/usr/local/ccs/bin:/usr/local/bin:$PATH
   # if you want it 64 bits:
   export CFLAGS=”-m64″
   # if you want it 32 bits:
   # export CFLAGS=”-m32″
   export LDFLAGS=”-L/usr/sfw/lib/sparcv9″
    

      4.  Unzip the downloaded apache22 source code.

      5.  Change the directory, move to the unzipped folder.

      6.  Now we need to configure the environment for building the source code, for this it is 

           required to execute the 'configure' script present in the directory.

           For eg: /home/ckukreja/sr_apache22 is the directory where you have unzipped the 

                       source code

                       

                       bash$>ls -ltr configure

      7.  Execute the 'configure'  script.

           ./configure --with-included-apr --enable-so --prefix=/home/ckukreja/apache22

      8. Now we need to build & install the binaries. Do the following:

• make
• make install

     9. Now go to the directory where you have install apache22

• Move to bin folder and execute the 'file' command on httpd executable file.

                 bash$> cd /home/ckukreja/apache22/bin
                 bash$> file httpd

• 'file httpd' - It's output will show you the type of file is it. Here it should show 64bit, if not than the binaries are of 32bit. Check the steps again.

    

Configure Apache22 on Solaris Sparc Box:

 As you have installed the apache22 on your Solaris Machine. Now it is required to configure it before we start the server.

1. Go to the apache22 installation directory. Move to conf folder.

         bash$> cd /home/ckukreja/apache22/conf  

     2. Open httpd.conf file to edit it. 

          bash$> vi httpd.conf

• Change the port from '80' to the one you want. Like we use '8880'.
• By default username & group are configured as 'daemon'. Change them to the one you are logged in with.
• Save the changes & close the file.

      3. Now come out of the conf folder & change your directory to bin folder.

          

         bash$>cd /home.ckukreja/apache22/bin

      4. Execute the apachectl executable. It will start the httpd server process.

• ./apachectl -k  start

Verify the installation & configuration steps:

Try to access the default resource present on apache22 server like index.html.

Syntax: http://<hostname>:<port>/index.html

Eg: http://slc0010:8880/index.html

It will display the "It Works!!!"

So guys you are done with the Installation & Configuration of Apache22-64bit on your Solaris Sparc Machine..........!!!!!!!!!!!!!! :-)

Enjoy :-)

Install & Configure Apache 2.2 (64bit) on AIX Machine

Install Apache 2.2 (64bit) on AIX Machine:

Follow the steps:

1. To install apache22, we need the source code & requires to build it. This will generate the binaries.
2. Download the source code from http://httpd.apache.org/download.cgi#apache22 to your AIX64 box.
3. Now we need to export setting, that is per-requisties before we start the build process:
1.  export OBJECT_MODE=64

     4. Untar the source zip. Change the directory to unzipped folder
     
     5. Execute the configure script present in the folder as follows:

LDFLAGS="-maix64" LD=gcc CFLAGS="-maix64" ./configure --prefix=/scratch/anikukum/chalja --enable-so --with-included-apr

 Note:

• Here we are using  'gcc' as complier, you can use other like 'xlc' etc.
• The flags CFLAGS & LDFLAGS are ensuring the 64 bit compilation to be done.
• --with-included-apr <this ensures that the APR, APR-Util library will be included>
• --prefix <here you need to provide the path where you want to install the apache22>

     6. Compile & install.

• make - it will compile the source code
• make install - this will install the binaries & other files at the location provided in 'prefix'.

     7. Now go to the directory where you have install apache22

• Move to bin folder and execute the 'file' command on httpd executable file.
• 'file httpd' - It's output will show you the type of file is it. Here it should show 64bit, if not than you have missed some step.

Configure Apache22 on AIX:

 As you have installed the apache22 on your AIX Machine. Now it is required to configure it before we run the server.

1. Go to the apache22 installation directory. Move to conf folder.
2. Open httpd.conf file to edit it.

• Change the port from '80' to the one you want. Like we use '8889'.
• By default username & group are configured as 'daemon'. Change them to the one you are logged in.
• Save the changes & close the file.

      3. Now come out of the conf folder & change your directory to bin folder.

      4. Execute the apachetl exe file. It will start the httpd server process.

• ./apachetl -k  start

Verify the installation & configuration:

Try to access the default resource present on apache22 server like index.html.

Syntax: http://<hostname>:<port>/index.html

Eg: http://slc0010:8889/index.html

So guys you are done with the Installation & Configuration of APache22-64bit on your AIX Machine.

Enjoy :-)



 

Installing and Configuring Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0)

Installing and configuring the latest version of Oracle Identity and Access Management 11g components involves the following steps:

• Obtaining the Oracle Fusion Middleware Software
• Database Requirements
• Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU)
• WebLogic Server and Middleware Home Requirements
• ** Installing Oracle SOA Suite (Oracle Identity Manager Users Only)
• Starting the Oracle Identity and Access Management Installer
• Installing Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0)
• Configuring Oracle Identity and Access Management (11.1.2.2.0) Products
• Upgrading OPSS Schema using Patch Set Assistant
• Configuring Database Security Store for an Oracle Identity and Access Management Domain
• Configuring Oracle Identity Manager Server, Design Console, and Remote Manager
• Starting the Servers

Note: ** If you are installing Oracle Identity Manager, you must install Oracle SOA Suite 11g Release 1 (11.1.1.7.0). Note that only Oracle Identity Manager requires Oracle SOA Suite. This step is required because Oracle Identity Manager uses process workflows in Oracle SOA Suite to manage request approvals.

Enjoy :-)

Deploy OAM11g R2PS2 Webgate on IIS7.5 Windows 2008

Installing Webgate On IIS7.5 Windows Server 2008R2 

This post is part of series Enabling Impersonation Module in OAM11G R2PS2 IIS7.5

1)      Download the Webgate 11g R2PS2 for Windows.

2)      Extract the webgate.zip.

3)      Go to Disk1 folder present under webgate folder.

4)      Copy the path & open command prompt.

a.       Change your directory to the path copied above.

5)      Now execute the setup.exe followed by jre location

                  o   It will start the installation process.

6)      Now follow the steps:

  o   Press Next

       ·         Skip Software Updates

       ·         Perquisite Checks – Proceed Next

       ·         Installation Location: Provide the installation directory location.

       

         ·        Installation Summary: Proceed Next to start the Installation

       

         ·         Installation Started:

              

   

         ·         Installation Completed:

So we are done with the Webgate Installation... Now let's proceed to Configuration Phase.. :-)

Configure Webgate with IIS7.5 

1)      Go to the Webgate Home Directory ->

a.       It is the location where we have install the webgate.

 For Eg: Our WG Home Location

C:\oracle\product\11.1.1\as_3

b.      Go to the deployWebgate folder present under

C:\oracle\product\11.1.1\as_3\webgate\iis\tools\deployWebGate

c.       Execute deployWebGateInstance.bat script

You can see the arguments passed to the script (self-explanatory)

d.      Now we need to execute ConfigureIISWebGate.bat present under

C:\oracle\product\11.1.1\as_3\webgate\iis\tools\ConfigureIISConf

e.      Your site is now mapped with the webgate. To show this mapping. Go to your webgate home location -> lib folder -> open webgate.ini

            ·         Now we need to add artifacts to the webgate instance dir (config folder).

            ·         Restart the IIS Server.

Guys we are done with the Webgate deployment on Windows Server 2008 R2 on IIS7.5 Web Server....!!!!!


Enjoy :-)