Tuesday, January 29, 2008
Sending "Authorization" header with initial HTTP request
If one does not want the browser to pop-up the dialog, or one is using a script/client application to access that resource, the "Authorization" header should be sent with the initial HTTP request. But the correct Authorization header by itself will not submit user credentials to Webgate. It seems the script/client application will also have to send a cookie in the request to make Webgate process the Authorization header. The cookie name and value are always the same:
To summarize, with all the other required HTTP headers and data, the application should send the following (for username/password as guest/password1234):
Authorization: Basic Z3Vlc3Q6cGFzc3dvcmQxMjM0
Edit: Please note that the Authorization header has the base64 encoded version of string username:password (in this case guest:password1234 which is 'Z3Vlc3Q6cGFzc3dvcmQxMjM0') and not username/password as the article mentions above. Thanks for pointing that out Filipe.
Global Database Name in Linux OAM and DB (OCI) environment for DB auditing
During a deployment, I faced this question, and after some trial and error and reading Oracle Instant Client documentation, I figured it out:
<DB Host>:<DB Port>/<ORACLE_SID>
Thursday, January 17, 2008
SelfSSL Connection Errors
- Move all the old certs into an archive directory located here: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
- When you run the selfssl.exe command to install the self-signed SSL certificate into IIS, you must include the fully qualified machine name in the /N:cn parameter. For example: selfssl.exe /T /V:3650 /N:cn=oam.company.com
Verify that the new cert has been generated and that your ADAM run as user has read permissions on the cert and that should solve the problem.
Test your connection using LDP.exe, also using the fully qualified host name.
This is an excellent link with step-by-step instructions, (including the download location for the IIS 6.0 Resource kit from MS): http://geekswithblogs.net/jimiz/archive/2007/02/11/106006.aspx
Labels: SelfSSL for IIS
WebGate Installation Error - Access Server you specified is currently down
The clocks of computers hosting various Oracle Access Manager components must be synchronized to within 75 or fewer seconds of each other. If the clocks are out-of-sync by more than 75 seconds, installation will fail. For installaion tasks or whenever you're attempting to connect, you will receive errors indicating that your Access Server is down if the clocks are not in sync.
Pay particular attention to this in VM environments, where system clocks may not be synchronized as they're created.
For this and other OAM installation woes, this and other useful nuggets can be found here:
Labels: OAM installation errors
Friday, January 04, 2008
Request for Feedback - Oracle Access Manager Configuration Manager
This is Oracle's productized solution to the OAM horizontal migration challenge... The product has been out for year now but I can't find anyone who says they've used it.
Have you deployed it? Do you have any plans to deploy it?
Please leave a comment with any input.
Wednesday, January 02, 2008
Installing Oracle Directory Manager
Turns out it is a bit of a maze to figure out what package you really need to get to have the tool at your disposal.
Here is where I found what I was looking for:
Oracle Database 10g Client Release 2 (10.2.0.1.0)
(requires OTN credentials)
Do a 'Custom' install and choose on the Directory Administration tools...