Facebook

Showing posts with label oracle access manager. Show all posts
Showing posts with label oracle access manager. Show all posts

Thursday, November 6, 2014

OAM 11.1.2.2 (11gR2) - System error after submitting credentials from Custom Login Page

Scenario : Standard Custom Login Page doing form post to /oam/server/auth_cred_submit with username/pwd and 'request_id' in cookie.

Issue - Sporadic redirection to an error page with 'System Error has occurred' message with details -
[oam_server1] [TRACE] [] [oracle.oam.binding] [tid: [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 004sto37QpzDoYX5HvH7if00063I00002b,0:2] [SRC_CLASS: oracle.security.am.pbl.protocol.plugin.oam.AMFailureResponseHandler] [APP: oam_server#11.1.2.0.0] [SRC_METHOD: processResponse] [URI: /oam/server/auth_cred_submit] OAM-02073[[
oracle.security.am.common.utilities.exception.AmRuntimeException: OAM-02073
at oracle.security.am.engines.enginecontroller.AuthzEngineController.checkProtected(AuthzEngineController.java:438)
at oracle.security.am.engines.enginecontroller.AuthzEngineController.processEvent(AuthzEngineController.java:177)
at oracle.security.am.controller.MasterController.processEvent(MasterController.java:570)
at oracle.security.am.controller.MasterController.processRequest(MasterController.java:759)


Solution
"Verify that the custom login page is submitting the credentials to /oam/server/auth_cred_submit with the correct OAM Server Host and Port.The OAM_SERVER_HOST.DOMAIN and SSLPORT values should match those configured in the OAM Console -> System Configuration -> Access Manager Settings page for Load Balancing OAM Server Host and OAM Server Port.

In  my case, the form post URL was pointing to https://<host>/oam/server/auth_cred_submit.
Once I had it changed to https://<host>:443/oam/server/auth_cred_submit, (adding missing port) this issue got resolved.

Please check the above support document for some other causes for this issue.
Posted by
Labels: , , , , , , , , , , , , , , , , ,

Tuesday, July 8, 2014

Oracle Access Manager(OAM) & Oracle Internet Directory(OID)'s restricted use license with WebCenter Portal

A restricted use of Oracle Access Manager(OAM) & Oracle Internet Directory(OID) is allowed with WebCenter Suite Plus licensing which is one of the most common licenses available to Customers implementing a WebCenter Portal.
Thus OAM & OID can be used to provide Single Sign On (SSO) between WebCenter , UCM/Content & IPM without the client having to buy any additional licenses albeit with a few technical limitations.
In addition out of the box features like Impersonation can be leveraged easily.
On a whole this should help customers easily leverage Single-Sign-On using OAM & use Oracle's LDAP - OID when implementing a WebCenter Portal.

Source :
"Oracle Access Manager(OAM) for enabling Single-Sign On (SSO) between WebCenter Portal components. Use of Oracle Access Manager to a) enable SSO for any custom services or functions or third party applications;
b) Direct Oracle Access Manager SDK calls; or c) Third party directory integration, is not allowed.
Oracle Internet Directory(OID) - The use of OID is restricted to storing credentials and policies specific to WebCenter Portal and its delivered components."

Limitations :
1) OAM & OID alongwith the WebTier would need to be installed in the same VMs as Webcenter Portal when leveraged as a part of this licensing.
This makes it slightly different from Oracle's recommended deployment Architecture for OAM.
Posted by
Labels: , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)