Friday 26 September 2014

Install & Configure Apache 2.2 (64bit) on AIX Machine

Install Apache 2.2 (64bit) on AIX Machine:

Follow the steps:

  1. To install apache22, we need the source code & requires to build it. This will generate the binaries.
  2. Download the source code from http://httpd.apache.org/download.cgi#apache22 to your AIX64 box.
  3. Now we need to export setting, that is per-requisties before we start the build process:
    1.  export OBJECT_MODE=64
     4. Untar the source zip. Change the directory to unzipped folder
     
     5. Execute the configure script present in the folder as follows:

LDFLAGS="-maix64" LD=gcc CFLAGS="-maix64" ./configure --prefix=/scratch/anikukum/chalja --enable-so --with-included-apr

 Note:
  • Here we are using  'gcc' as complier, you can use other like 'xlc' etc.
  • The flags CFLAGS & LDFLAGS are ensuring the 64 bit compilation to be done.
  • --with-included-apr <this ensures that the APR, APR-Util library will be included>
  • --prefix <here you need to provide the path where you want to install the apache22>
     6. Compile & install.
  • make - it will compile the source code
  • make install - this will install the binaries & other files at the location provided in 'prefix'.
     7. Now go to the directory where you have install apache22
  • Move to bin folder and execute the 'file' command on httpd executable file.
  • 'file httpd' - It's output will show you the type of file is it. Here it should show 64bit, if not than you have missed some step.

Configure Apache22 on AIX:

 As you have installed the apache22 on your AIX Machine. Now it is required to configure it before we run the server.


  1. Go to the apache22 installation directory. Move to conf folder.
  2. Open httpd.conf file to edit it.
  • Change the port from '80' to the one you want. Like we use '8889'.
  • By default username & group are configured as 'daemon'. Change them to the one you are logged in.
  • Save the changes & close the file.
      3. Now come out of the conf folder & change your directory to bin folder.
      4. Execute the apachetl exe file. It will start the httpd server process.
  • ./apachetl -k  start

Verify the installation & configuration:

Try to access the default resource present on apache22 server like index.html.
Syntax: http://<hostname>:<port>/index.html
Eg: http://slc0010:8889/index.html



So guys you are done with the Installation & Configuration of APache22-64bit on your AIX Machine.


Enjoy :-)



 

Monday 22 September 2014

Installing and Configuring Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0)

Installing and configuring the latest version of Oracle Identity and Access Management 11g components involves the following steps:


Note: ** If you are installing Oracle Identity Manager, you must install Oracle SOA Suite 11g Release 1 (11.1.1.7.0). Note that only Oracle Identity Manager requires Oracle SOA Suite. This step is required because Oracle Identity Manager uses process workflows in Oracle SOA Suite to manage request approvals.


Enjoy :-)

Identifying Installation Directories

The common directories names used while installing OAM/OIM include the following:



Locating Installation Log Files

  • The Installer writes log files to the ORACLE_INVENTORY_LOCATION/logs directory on UNIX systems and to the ORACLE_INVENTORY_LOCATION\logs directory on Windows systems.
  • On UNIX systems, if you do not know the location of your Oracle Inventory directory, you can find it in the ORACLE_HOME/oraInst.loc file.
  • On Microsoft Windows systems, the default location for the inventory directory is C:\Program Files\Oracle\Inventory\logs.

Enjoy :-)

Monday 8 September 2014

WebLogic server Error: Could not obtain an exclusive lock for directory.


Steps to make your  OAM Admin Server Start:


1.  Shutdown the Admin Server.
2.  Delete the lok file from <domain-home>/servers/<server-name>/tmp/.
      AdminServer.lok
3.  Now start the Admin Server.
4.  If the server still fails to start then we need to kill the the process which    is still running on the server 
      using following commands.

ps -ef | grep 'weblogic'

kill -9 PID

4.    Now start again the Admin Server.

Sunday 7 September 2014

Weblogic Server Error: "unable to get file lock, will retry ..."

<BEA-141281> <unable to get file lock, will retry ...> 


In case you see above error while starting the Weblogic Admin Server, do the following:

  1. Remove the AdminServer.lok file from <MW_Home>\user_projects\domins\base_domain\servers\AdminServer\tmp
  2. Manually start the weblogic form <MW_HOME>\user_projects\domains\base_domain\server\bin

Enjoy :-)

Friday 5 September 2014

Configuring OAM11G R2PS2 for Impersonation Module (Integrated Mode)

Enabling Impersonation Module:

1)     Registering Impersonation Module

·         We need to register the impersonation module at Global level and so that other sites can configure it at their end.
·         Go to the Global site level, open Modules



·         Go to “Configure Native Module” (see at the top right corner)




·         Click Register.
                                     




o   Provide a name -> “OAMImpersonation” & path to the IISImpersonationModule.dll (present in webgate install directory).
o   Press OK
o   As you can see the Module is added to the list.




o   But beware don’t add this module at Global Level. We only need to register it here & we will be adding this per site level.

2)     Adding Impersonation Module at Site Level:

           ·         Go to your site -> Open Modules



      ·         Configure Native Module:
                                              



          ·         The moment we add the module, web.config of the site gets updated.
Extract from it:


Note: The above configuration is valid for the site running in Integrated Mode.
         ·         Thus now we have configured the IISImpersonationModule.dll with our site.
         ·         Restart the IIS Server.
         ·         Now we need to do some configuration at OAM Console end.


·         Open OAM Console ->
     1)      Adding Response Header in Authorization Policy
·         Go to Application Domain -> Open WebGate Profile -> Authorization Policy -> Protected Policy
Note- It is not mandate to use ‘Protected Policy’, we are using because we have explicitly not specified the Policy.



·         Open Responses Tab (in authorization policy) & add a new response field.



Note: The header field name should be “IMPERSONATE” and value “$user.userid”.
·         Add the Response Header & Apply the changes.

·         Now at User defined parameter in Webgate Profile:

MSImpersonationCredential=clk:Welcome1



Remember: This user defined parameter contains username & password, this should be an admin user. Because an admin user has the rights to perform impersonation.
·         Apply the changes.

3)     Performing Impersonation:


       1)      Deploy the ASP.NET application in your created site.
       2)      Impersonation feature is activated.
       3)      Now we will access the resource /WebApp/default.aspx. <we have created a sample app>

o   Provide login credentials – try using some other user login rather than using admin login.



o   Before you sign in to the system, Open Event Viewer -> Under Windows Logs -> Click Security



o   Now do the login, after user authn & authz checks, user is provided the resource access.



Note: This is a sample app created.
·         Now to check whether user is impersonated or not.
For this we check the system security event logs, to see that user ‘test’ is impersonated by the admin user ‘clk’.
As we have already opened the event log viewer, now see we have an entry ‘Credential Validation’ entry log.

It shows that system is authenticating the user with credentials of the admin user ‘clk’ that we have provided in the user defined parameters.

o   Now Click ‘Log on’ event log above the ‘Credential Validation’ Log. It shows that the system has authenticated the user with ‘clk’. Thus it proves that user ‘test’ has logged in to the system with the credentials of ‘clk’ thus it is impersonated.




Configure Logout URL for Webgate 10g in OAM11G Server

Let's configure logout url for Webgate 10g interacting with OAM11G server:

To let the user logout properly in Webgate 10g, it is required to do a little bit of configuration so as to have a centralized logout.

The complete URL that needs to be triggered have 2 parts - URL + QueryString
 Syntax: hostname:port?end_url=<redirect_url>

Steps to do:

1) Configure logout url on OAM11g server Webgate Profile:







2) Now you need to check that logout.html page exists in your Webgate Install Dir:
    a) Go to <Webgate Inst Dir>/access/oamsso/ directory
    b) Check if logout.html page is present. If not than copy the logout.html page here.
        b.1) You can get this page from the directory where your 10g webgate artifacts are generated.

3) Make sure you have the "/oamsso" entry check in your httpd.conf file.
    a) Goto your Web server instance directory -> <Webserver instance dir>/config/OHS/ohs1
    b) Open httpd.conf file
    c) Check the entry for 'oamsso'.

       It should look like:

       #*******Default Login page alias***
      <LocationMatch "/oamsso/*">
      Satisfy any
      </LocationMatch>


4) Now you are good to go. But remember your "end_url" is the redirect URL where you want to redirect once you are logout.


5) Cool, now access the resource. Hit the logout URL having end_url in querystring.

6) Once your are logout properly, you will see the success page.

7) To be sure shot, now again access the resource. You will be challenged for credentials again.


For more info: References
http://docs.oracle.com/cd/E17904_01/doc.1111/e15478/webgate.htm#CACBFHDC


Enjoy... :-)