OAM 11G R2 Lab 5: Session Management in OAM Console

Session Management is manage sessions for users logged in.

Login to OAMConsole, localhost:7001/oamconsole.

1) Go to System Configuration -> Session Management

2) Open Session Management as shown in the figure 

3) Provide the search details of user id or client IP Address and click search

4) If you want to delete any session select one session and click on delete icon (Cross button with red color).

5) When ever user login, user session will get created. If admin deletes any user session from session manager then user will be throws to login page

Thanks !!! 

OAM 11g R2 Lab4: Protecting secure URL and Configuring Logout URL

1) Create Sample HTML Page

Code:



2) Place it in OHS Htdocs path:

D:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1\htdocs

Htdocs is like root folder for OHS, we can directly access page as localhost:7777/secure.html

3) In our previous lab we have already protected users under 7777/*

http://www.iamidm.com/2012/10/oim-11g-r2-lab-3-webgate-instance.html

4) If you want to confirm with policy login to OAMConsole and verify Resources under Application Domain, below image shows /** is protected Resource.

5) If we observer the code we have configured to go to logout2.html if user clicks on Logout.



6) To make any page as logoutpage we need to make changes in Agent configuration.

go to System Configuration -> Access Manager -> SSOAgents -> OAM Agents -> Open your Agent

7) Add your logout page urls to Logout URL.

8) Access secure URL: localhost:7777/secure.html, you should be redirected to OAM login page and after login you will shown secure.html.

9) Click on Logout and see it should be redirected to login page after logout.


Thanks !!!

OAM 11G R2 Lab 3: Webgate Instance Creation and Registration (OHS server)

Webgate Instance Creation:

1) Start Admin server and OAM Managed server.

2) Go to following path: D:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\deployWebGate

3)  Webgate Instance creation help.

deployWebGateInstance.bat --help


"Usage  : deployWebGateInstance -w -oh "

4) Run the following command: deployWebGateInstance.bat -w D:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1 -oh D:\Oracle\Middleware\Oracle_OAMWebGate1

OUTPUT: (Which copies files to OAM instance)

Copying files
D:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\config\oblog_config_wg.xml
1 File(s) copied
D:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\openssl\simpleCA\cacert.pem
1 File(s) copied
D:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\openssl\simpleCA\cakey.pem
1 File(s) copied

5) Webgate Registration:
To edit httpd config file we have tool in Webgate installation:
 D:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\EditHttpConf

6) To get help for EditHttpConf use following command:

EditHttpConf.exe --help

Output:

usage: EditHttpConf -w [-oh ] [-o
tput_file> ]


7) To generate new webgate.conf file run above command in following manner:


D:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\EditHttpConf>EditHttpConf.exe -w D:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1 -oh D:\Oracle\Middleware\Oracle_OAMWebGate1 -o webgate.conf

Output:
The web server configuration file was successfully updated

D:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1/httpd.conf h
as been backed up as D:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\
OHS\ohs1/httpd.conf.ORIG

which creates back up for already existing httpd.conf file and creates new httpd file with configuration in webtier instance.

8) Modify take back up of OAM11GRequest.xml file and modify as shown in below image with required URL.

9) Run:

D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg>.\bin\oamreg.bat inband input\O
AM11GRequest.xml

Output:
OAM_REG_HOME=D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..
CLASSPATH=D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\rreg.jar;D
:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib;D:\Oracle\Middleware\
Oracle_IDM1\oam\server\rreg\bin\..\lib\RequestResponse.jar;D:\Oracle\Middleware\
Oracle_IDM1\oam\server\rreg\bin\..\lib\commons-codec-1.3.jar;D:\Oracle\Middlewar
e\Oracle_IDM1\oam\server\rreg\bin\..\lib\commons-httpclient-3.1.jar;D:\Oracle\Mi
ddleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\commons-logging-1.1.1.jar;D:\Ora
cle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\ojmisc.jar;D:\Oracle\Middl
eware\Oracle_IDM1\oam\server\rreg\bin\..\lib\jps-api.jar;D:\Oracle\Middleware\Or
acle_IDM1\oam\server\rreg\bin\..\lib\jps-internal.jar;D:\Oracle\Middleware\Oracl
e_IDM1\oam\server\rreg\bin\..\lib\jps-common.jar;D:\Oracle\Middleware\Oracle_IDM
1\oam\server\rreg\bin\..\lib\identitystore.jar;D:\Oracle\Middleware\Oracle_IDM1\
oam\server\rreg\bin\..\lib\identityutils.jar;D:\Oracle\Middleware\Oracle_IDM1\oa
m\server\rreg\bin\..\lib\ldapjclnt11.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\se
rver\rreg\bin\..\lib\dms.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bi
n\..\lib\fmw_audit.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\l
ib\ojdl.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\oraclepk
i.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\osdt_cert.jar;
D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\osdt_core.jar;D:\Ora
cle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\osdt_jce.jar;D:\Oracle\Mid
dleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\osdt_saml.jar;D:\Oracle\Middlewar
e\Oracle_IDM1\oam\server\rreg\bin\..\lib\osdt_xmlsec.jar;D:\Oracle\Middleware\Or
acle_IDM1\oam\server\rreg\bin\..\lib\xmlparserv2.jar;D:\Oracle\Middleware\Oracle
_IDM1\oam\server\rreg\bin\..\lib\jps-unsupported-api.jar;D:\Oracle\Middleware\Or
acle_IDM1\oam\server\rreg\bin\..\lib\nap-api.jar;D:\Oracle\Middleware\Oracle_IDM
1\oam\server\rreg\bin\..\lib\utilities.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\
server\rreg\bin\..\lib\jps-ee.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rr
eg\bin\..\lib\rreg.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\l
ib;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\RequestResponse.j
ar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\commons-codec-1.3
.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\commons-httpcli
ent-3.1.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\commons-
logging-1.1.1.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\oj
misc.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\jps-api.jar
;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\jps-internal.jar;D:
\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\jps-common.jar;D:\Orac
le\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\identitystore.jar;D:\Oracle
\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\identityutils.jar;D:\Oracle\M
iddleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\ldapjclnt11.jar;D:\Oracle\Middl
eware\Oracle_IDM1\oam\server\rreg\bin\..\lib\dms.jar;D:\Oracle\Middleware\Oracle
_IDM1\oam\server\rreg\bin\..\lib\fmw_audit.jar;D:\Oracle\Middleware\Oracle_IDM1\
oam\server\rreg\bin\..\lib\ojdl.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\
rreg\bin\..\lib\oraclepki.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\b
in\..\lib\osdt_cert.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\
lib\osdt_core.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\os
dt_jce.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\osdt_saml
.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\osdt_xmlsec.jar
;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\xmlparserv2.jar;D:\
Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\jps-unsupported-api.jar
;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\nap-api.jar;D:\Orac
le\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\utilities.jar;D:\Oracle\Mid
dleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\jps-ee.jar;D:\Oracle\Middleware\O
racle_IDM1\oam\server\rreg\bin\..\lib\rreg.jar;D:\Oracle\Middleware\Oracle_IDM1\
oam\server\rreg\bin\..\lib;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\
..\lib\RequestResponse.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\
..\lib\commons-codec-1.3.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bi
n\..\lib\commons-httpclient-3.1.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\
rreg\bin\..\lib\commons-logging-1.1.1.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\s
erver\rreg\bin\..\lib\ojmisc.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rre
g\bin\..\lib\jps-api.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..
\lib\jps-internal.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\li
b\jps-common.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\ide
ntitystore.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\ident
ityutils.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\ldapjcl
nt11.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\dms.jar;D:\
Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\fmw_audit.jar;D:\Oracle
\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\ojdl.jar;D:\Oracle\Middleware
\Oracle_IDM1\oam\server\rreg\bin\..\lib\oraclepki.jar;D:\Oracle\Middleware\Oracl
e_IDM1\oam\server\rreg\bin\..\lib\osdt_cert.jar;D:\Oracle\Middleware\Oracle_IDM1
\oam\server\rreg\bin\..\lib\osdt_core.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\s
erver\rreg\bin\..\lib\osdt_jce.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\r
reg\bin\..\lib\osdt_saml.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bi
n\..\lib\osdt_xmlsec.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..
\lib\xmlparserv2.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib
\jps-unsupported-api.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..
\lib\nap-api.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\uti
lities.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\jps-ee.ja
r;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\rreg.jar;D:\Oracle
\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib;D:\Oracle\Middleware\Oracle_I
DM1\oam\server\rreg\bin\..\lib\RequestResponse.jar;D:\Oracle\Middleware\Oracle_I
DM1\oam\server\rreg\bin\..\lib\commons-codec-1.3.jar;D:\Oracle\Middleware\Oracle
_IDM1\oam\server\rreg\bin\..\lib\commons-httpclient-3.1.jar;D:\Oracle\Middleware
\Oracle_IDM1\oam\server\rreg\bin\..\lib\commons-logging-1.1.1.jar;D:\Oracle\Midd
leware\Oracle_IDM1\oam\server\rreg\bin\..\lib\ojmisc.jar;D:\Oracle\Middleware\Or
acle_IDM1\oam\server\rreg\bin\..\lib\jps-api.jar;D:\Oracle\Middleware\Oracle_IDM
1\oam\server\rreg\bin\..\lib\jps-internal.jar;D:\Oracle\Middleware\Oracle_IDM1\o
am\server\rreg\bin\..\lib\jps-common.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\se
rver\rreg\bin\..\lib\identitystore.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\serv
er\rreg\bin\..\lib\identityutils.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server
\rreg\bin\..\lib\ldapjclnt11.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rre
g\bin\..\lib\dms.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib
\fmw_audit.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\ojdl.
jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\oraclepki.jar;D:
\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\osdt_cert.jar;D:\Oracl
e\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\lib\osdt_core.jar;D:\Oracle\Midd
leware\Oracle_IDM1\oam\server\rreg\bin\..\lib\osdt_jce.jar;D:\Oracle\Middleware\
Oracle_IDM1\oam\server\rreg\bin\..\lib\osdt_saml.jar;D:\Oracle\Middleware\Oracle
_IDM1\oam\server\rreg\bin\..\lib\osdt_xmlsec.jar;D:\Oracle\Middleware\Oracle_IDM
1\oam\server\rreg\bin\..\lib\xmlparserv2.jar;D:\Oracle\Middleware\Oracle_IDM1\oa
m\server\rreg\bin\..\lib\jps-unsupported-api.jar;D:\Oracle\Middleware\Oracle_IDM
1\oam\server\rreg\bin\..\lib\nap-api.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\se
rver\rreg\bin\..\lib\utilities.jar;D:\Oracle\Middleware\Oracle_IDM1\oam\server\r
reg\bin\..\lib\jps-ee.jar;
------------------------------------------------
Welcome to OAM Remote Registration Tool!
Parameters passed to the registration tool are:
Mode: inband
Filename: D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\..\input\OAM11GRe
quest.xml
Enter admin username:weblogic
Username: weblogic
Enter admin password:
Do you want to enter a Webgate password?(y/n):
n
Do you want to import an URIs file?(y/n):
n

----------------------------------------
Request summary:
OAM11G Agent Name:RREG_OAM11G
Base URL:http://localhost:7777
URL String:RREG_HostId11G
Registering in Mode:inband
Your registration request is being sent to the Admin server at: http://localhost
:7001
----------------------------------------



Oct 30, 2012 7:15:56 PM oracle.security.jps.util.JpsUtil disableAudit
INFO: JpsUtil: isAuditDisabled set to true
Inband registration process completed successfully! Output artifacts are created
 in the output folder.


10) copy cwallet.sso, ObAccessClient.xml from D:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\output\RREG_OAM11G to D:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1\webgate\config

11) Restart OHS instances.

12) Check if domain got created or not in OAM console.

13) check the url which you have protected: (localhost:7777)

Thanks!!!

Webtier Status, Stop and Start

Webtier is required for Webgate. 

To stop Webtier process: opmnctl.bat stopall 

To start Webtier process: opmnctl.bat startall

To verify the status of Webtier: opmnctl.bat status

To know more help on opmnctl : opmnctl.bat --help

Thanks !!!

OAM 11g R2 Lab 2: Webgate installation.

WebGate installation and Configuration.

1) Download Webgate(ofm_oam_webgates_generic_11.1.1.3.0_disk1_1of1) from Oracle Edelivery.

2) Before starting webgate installation we need to have webtier installed.

3) Download webtier(ofm_webtier_win_11.1.1.6.0_64_disk1_1of1) from following link.

http://www.oracle.com/technetwork/java/webtier/downloads/index2-303202.html

4) Make sure that weblogic was installed and Admin server was started as it required during Webtier installation.

5) After webtier installation start Webgate installation by running setup file in Disk 1 through command prompt.

6) Webgate requires oracle middleware path and remaining steps are very straight forward.

Thanks !!!

OAM 11G R2 LAB1: DataSource Creation for AD

In this LAB we are going to see how to create DataSource (User Store) for AD in OAM 11G R2.

1) Login to OAM Console (Example: http://localhost:7001/oamconsole)

2)  Go to System Configuration

3) Click on User Identity Store and select new as shown below. 

4) Should receive empty form as shown below. 

5) Fill in Details as shown below. If you need to provide multiple AD servers separate by space or line (Location) and what ever user name attribute is given it should have some value filled in AD(Atleast for one user) 

6) Click on Test Connection and verify if connection is successfully or not. 

7) Click Apply. 

Thanks !!! 

Embedded LDAP in Weblogic

Today we are going to see embedded LDAP in weblogic.

• Login to Weblogic console.

• Click on Security Realm

• Select the Realm

• Click on Users and Groups: Which contains weblogic Users and Groups. 

• If you need to create new user click on new and provide values. To view Groups click on Groups tab and edit as required. 

Embedded LDAP can maximum accommodate up-to 10K users, if it is more than that we need to go for other user store. Embedded LDAP is Default Data Source for OAM. 

Thanks !!! 

Siteminder Installation Overview

Here are overview for Siteminder installation. 

1) Webagent Installation. 

2) Policy Store Configuration. 

3) Policy server installation. 

4) Webagent Registration. 

5) One view Monitor Installation(Optional)

6) Report server installation (Optional)

Thanks !!! 

OAM 11g R2 Installation Overview

Here are the steps/Overview about OAM (Oracle Access Manager) 11g R2

1) Install Database.
2) Start RCU and create Schema for Oracle Access Manger
3) Install Weblogic
4) Install OIM 11g R2 Suite
5) Run Oracle WebLogic Configuration Assistant from all programs, which creates domain.
6) Run Security Store python command.
7) Start Admin Server
8) Start Manager server (oam_server1)

Thanks !!!