Friday, July 03, 2009
Introducing Stitcher - OAM Configuration Migration Solution
But the time was right for a platform upgrade, some rebranding, and some minor issue fixes.
Stitcher lives at the same address as the original service. If it sounds like something you've been missing, check it out.
Labels: "COREid Migration Service", migration, OAM, Stitcher
Friday, June 12, 2009
Credential Mapping Error
So assuming you followed all of hte instructions and everything is set up perfectly, or at least you think it is, what do you do if you still have a problem. Specifically, what could be wrong if are getting a credential mapping error in the web browser and the access server oblog.log file.
I recently encountered just such a problem. I used the search base and filter from the credential mapping plugin and conducted my own search against the directory as the OAM service account and it worked perfectly. This was so puzzling. I looked for trailing spaces in the credential mapping plugin because I know that can occur with resource patterns and ldap urls in other parts of Policy Manager. I finally compared a working credential mapping plugin to the IWA one. The different was in the quotation marks. The IWA credential mapping had been copied and pasted from the Metalink article discussing how to set up IWA in OAM. They were obviously from the wrong character set. Replacing the quotation marks solved the problem.
Labels: Authentication Scheme, Credential Mapping Error, Integrated Windows Authentication
Wednesday, February 11, 2009
Panels in User Manager's Employees tab
- The defaultPanel
- The Header Panel
- The Search Results panel
- Any other user defined panels
Labels: jCardPanel tab panel user manager
Wednesday, November 19, 2008
OAM Identity Server Deletes User When RDN Modified (on OID)
This problem occurs when you use Oracle Internet Directory as the back-end repository. To fix this problem:
-
Edit the file
ldapreferentialintegrityparams.xmlin the following directory:Identity_Server_installation_directory\identity\oblix\data\common -
Change the value of the parameter
referential_integrity_usingfromoblixtods, as follows: -
Save the file.
-
Restart the Identity Server for the changes to take effect.
You should be able to modify the RDN attribute value without any problem.
-
If you have multiple instances of the Identity Server installed, make this change to every instance of the Identity Server.
Wednesday, August 20, 2008
SDK-Access Server Time Difference Reminder
However, the Access Server SDK installed correctly when it was installed. In previous incarnations the Access Server SDK would have never been able to be configured properly if a significant time difference existed.
This definitely falls squarely in the realm of user error, as the documentation clearly stipulates that when cert or simple mode are used the times have to be synchronized between client and server. In previous releases though you would never have been able to complete the SDK configuration. I can only imagine this has something to do with "backward compatibility" mode.
Tuesday, August 19, 2008
IdXml Change Attribute WF Does Not Run
Having demonstrated successful configuration, your real objective is to invoke this through IdXml. So you create the IdXml and test it out. It seems to work, however, the attribute in the underlying directory is not changed.
It turns out if you cannot read the attribute you cannot request it to be changed via IdXml. However, it works if you request the change attribute using a portal insert instead. Sure enough if you test it with a canIRequestUserAttrModification request it will return Denied if you do not have read access.
This is an odd problem. And I am not going to dump any more time into it. But if you change the attribute so that the participant has read access on the attribute everything works as expected.
My specific situation involved a change attribute workflow where the participant was self.
Labels: AAC, Change Attribute, IDXML, Workflow
Thursday, August 07, 2008
Reactivate OAM User
If the user is not a participant in a reactivate user workflow then the following message will be received when the "Deactivated User Identity" button is clicked:
You do not have sufficient access rights.
Labels: Deactivate, OAM, Reactivate
Wednesday, August 06, 2008
OID Indexes
Index an attribute
dn: cn=catalogs
changetype: modify
add: orclindexedattribute
orclindexedattribute: attributename
-
Remove an index
dn: cn=catalogs
changetype: modify
delete: orclindexedattribute
orclindexedattribute: attributename
-
Re-index an attribute
that was previously removed. If you remove an index form an attribute and the data remains and you need to re-index the data in place then you need to use the catalog command line tool.
$ORACLE_HOME/ldap/bin/catalog connect=oiddev add="TRUE" attribute="attributename"
Unwilling to perform
If after the attribute has been re-indexed the directory server will still not allow it to be searched and returns an unwilling to perform error, try restarting the OID gateway.
$ORACLE_HOME/opmn/bin/opmnctl restartproc ias-component=OID
Current Indexed AttirbutesUse ldapsearch to get the current indexed attributes
ldapsearch -h localhost -p 389 -x -s base -b "cn=catalogs" "objectclass=*"
