Identity and Access management

I have Used Certgen utility to generate certificates. Copy the certgen utility on server and generate a ca authority. Run the below command to generate the ca. ./certgen ca ca-key.pem ca.pem Generate the server certificate as below: ./certgen.sh server ca-key.pem ca.pem Generated server certs and key. Generated files: key: server_key.pem , cert: server_cert.pem convert this cert into pkcs format using below command: openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem -out myserver. p12 -name "Server" Create 2 Custom Keystores to store Server and Root Certs on OAM server. You can generate Keystore using Keytool or other tools like Keystore Explorer on windows. Once these Keystores are created put them on OAM server. Below is the command to generate the keystore using keytool: keytool -genkey -alias mydomain -keyalg RSA -keystore Server.jks -keysize 2048 Login to WebLogic Admin Console. Navigate to OAM server instance >

Decide which OAM will act as SP and which one will act as Idp. Access the Idp metadata from by accessing the below URL: http://<IDP-OAM-Host>:14100/oamfed/idp/metadata Please not that this metadata also contains the SP metadata so remove the SP metadata tags from the metadata else it will give 'Invalid format error' while importing it in SP. Once the IDP metadata is downloaded and modified. Login to the SP-OAM and click on federation --> Service provider management. Click on create identity provider partner. Provide a name and select the metadata file to import. Provide the name of the id store from where it will be mapped. Also mention the attribute which will be mapped with the Name ID attribute from Assertion. Click on 'Create Authentication Scheme and module'. This will create the required scheme and module in the OAM. Below is the Authentication scheme: Use this Authentication Scheme to protect any existing resource.

If below error occurs while applying bundle patch on OIM deployed on windows then check the  patch_oim_wls.bat file:  Exit Code is 1" "Automation Failed. All the paths in this file should be with "/" rather than this "\". Wrong :  D:\apps\middleware\modules\org.apache.ant_1.7.1 RIght :  D:/apps/middleware/modules/org.apache.ant_1.7.1

User Management:- Create User Modify User (PUT) Modify User (PATCH) View Users with Pagination Delete User Lock User Unlock User Reset Password by Providing New Password Reset Password by Auto-Generated Password View User Self Registration Modify Self Profile (PATCH) Modify Profile (PUT) PasswordResetterWithChallenges PasswordValidator UserNameValidator UserNameGenerator UserNameRecoverer Role Management:- View Role Create Role Modify Role (PUT) Modify Role (PATCH) Delete Role Organization Management:- View Organization Create Organization Modify Organization (PUT) Modify Organizations (PATCH) Delete Organization Password Policy Management:- View Password Policy Create Password Policy Modify Password Policy (PUT) Modify Password Policy (PATCH) Delete Password Policy Notification Template Management:- View Notificatio

Most of the Application use “OAM_REMOTE_USER” or “Proxy-remote-user” for the SSO setup which is sent by OAM in the Header. But some applications (like some Apex apoplications) still use “REMOTE_USER” for SSO with OAM. This Remote_user is generated by Weblogic itself based on the user authenticated and retrieved by method “request.getRemoteUser()”. With version 10.3.x this method was deprecated and not enabled automatically with start of weblogic as it opens a security vulnerability. However this Remote user can be enabled explicitly when weblogic is started with the Run time argument “- Dweblogic.http.enableRemoteUserHeader=true ”. Add this value in JAVA Properties of setDomainenv.sh and Remote user will be enabled. Please note that this is not preferred way to do that as the logged in user can be retrieved with “proxy-remote-user” header but can be solution in the case many applications are using “request.getRemoteUser()” method for SSO setup.

Below is the JSP which can retrieve all the headers from the request and print it on the page.  <%  out.println("<ul>");  java.util.Enumeration names = request.getHeaderNames();  while (names.hasMoreElements()) {    String name = (String) names.nextElement();    String value = request.getHeader(name);    out.println(" <li>     <b>" + name + "=</b>" + value +"</li>");  }  out.println("</ul>");  %>

Oracle Business Intelligence Publisher is Oracle's primary reporting tool for authoring, manag-ing, and delivering all your highly formatted reports. BI Publisher is shipped with Oracle Identity Manager 11g Release 2 PS3. BI Publisher is deployed and configured as a separate managed server within the same Oracle Identity Manager domain. You have the choice of either leveraging the embedded BI Publisher or a standalone BI Publisher. It is recommended that you use the embedded BI Publisher if there are no other reporting requirements and you only need reporting for Oracle Identity Manager. After BI Publisher configuration, you can take advantage of the standard features of BI Publisher, such as:  Access Policy Reports  Request and Approval Reports  Password Reports  Resource and Entitlement Reports  User Reports  Certification Reports  Identity Audit Reports  Exception Reports The Screenshot of all the reports can be seen below: Every Report uses a Da

I faced this issue where OAM in Simple mode was not working when it was changed from CERT mode to Simple mode. It was giving SSLHandshake error in Simple Mode. Below is the solution to make it work. I believe this solution can work whenever any mode is changed and it is not working. a) Delete OamInternal_handler$py.class b) Delete Oam_common$py.class c) Delete Oam$py.class d) Restart the admin server e) Run ./wlst.sh script f) Run upgradeServerKeystoreCertificate() command and report the result.