You are on page 1of 60

SSO Integration: OIM OAM SOA OID OHS

(ver.11gR2PS1)

SSO Integration: OIM OAM SOA OID OHS ................................. 1
(ver.11gR2PS1) ....................................................... 1
1.

Integration Roadmap ........................................... 4

2.

Environment Variables: ........................................ 4

3.

Populate Schema via RCU ....................................... 5

4.

Install WebLogic Server ....................................... 6

5.

Install OIAM Suite ............................................ 8

6.

Install SOA .................................................. 10

7.

Install IDM Suite ............................................ 11

8.

Patching ..................................................... 14

9.

Configure OID and OVD Instances .............................. 15

10.

Install and Configure Web Tier - OHS ......................... 20

11.

Installing Web Gate .......................................... 23

12.

Configure OIM and OAM components ............................. 25

13.

Configure Database Security Store ............................ 29

14.

Start Node, Admin and Managed Servers ........................ 29

15.

Configure OHS Admin File: .................................... 30

16.

Prepare Identity Store ....................................... 33

17.

Configure OIM with Ldapsync .................................. 36

18.

Create JAR File .............................................. 41

19.

Run POST LDAP Sync ........................................... 42

20.

Configuring OAM for Integration .............................. 43

21.

Configure OAM via Idm Tool ................................... 44

22.

Configure OIM via IdmTool .................................... 45

23.

Configuring Centralized Logout for the IAMSuiteAgent" ........ 49

24.

Remove Default Domain Agent .................................. 49

25.

Confirm Webgate Type and ID .................................. 49

26.

Increase number of Web Gate connections: ..................... 50

27.

Create an OAM 11g Web Gate Instance .......................... 51

28.

Registering OID with the WLS Domain .......................... 52

29.

Enable WLS Plugin & Update OHS FrontEnd ...................... 53

30.

Updating SOA Server Default Composite ........................ 54

31.

Verify OIM OAM OID Integration ............................... 54

32.

Start and Stop Sequence ...................................... 58

33.

References: .................................................. 59

34.

Notes: ....................................................... 59

Enable LDAP synchronization for Oracle Identity Manager.1.com $ export IAM_HOME=$ORACLE_HOME $ export JAVA_HOME=$BIN_HOME/jdk/jdk1. SOA OHS and OAM Webgate and configure prior to integration. OIM. Configure the Identity Store with the users required by Oracle Identity Manager. Test the integration. 2. Depending upon your environment. OID. Configure the Identity Store with the users required by Oracle WebLogic Server Edit the OIM URL and OVDLib Parameter so the oamEnabled parameter is set to true. Extend Access Manager to support Oracle Identity Manager Integrate Access Manager and Oracle Identity Manager Configure the Webgate on the OHS server to point to the 11g OAM Server Configure centralized logout for the IAMSuiteAgent. Remove the IDM Domain Agent and start the Oracle WebLogic Server Administration and Managed Servers. update the SOA server default composites.0_25 $ export IDM_HOME=/appl/oracle/fmw-idm/Oracle_IDM1 $ export MW_HOME=/appl/oracle/fmw $ export DOMAIN_HOME=/appl/oracle/fmw/user_projects/domains/base_domain $ export WT1_INSTANCE_HOME= /appl/oracle/fmw-web/Oracle_WT1/instances/instance1 $ export OHS_COMPONENT_NAME=ohs1 $ export OID_ORACLE_INSTANCE=/appl/oracle/fmw-idm/asinst_1 .us.6.oracle. Configure the Identity Store by extending the schema. - Integration Roadmap Install OIM. Configure the Identity Store with the users required by Access Manager. Environment Variables: $ export ORACLE_HOME=/appl/oracle/fmw/Oracle_IDM1 $ BIN_HOME=/appl/binaries $ export $HOSTNAME=server1.

2.1.1. Populate Schema via RCU $ $BIN_HOME/rcu/rcu_11.0/rcuHome/bin/rcu .3.

jar .4. Install WebLogic Server $ java -jar $BIN_HOME/wls/wls1036_generic.

.

6. Install OIAM Suite $ cd $BIN_HOME/oiam-r2ps1/11. /runInstaller -jreLoc $BIN_HOME/jdk/jdk1.1.0_25/ .1.5.2.0/Disk1/ $.

.

6. Install SOA $BIN_HOME/soa-1.6.6/soa_11.6.1.1.0_25/ .0/Disk1/runInstaller -jreLoc $BIN_HOME/jdk/jdk1.

7. Install IDM Suite $ $BIN_HOME/idm-oid/Disk1/runInstaller .

.

.

1. Patching # OIM Bundle Patching: $ export ORACLE_HOME=/appl/oracle/fmw/Oracle_IDM1/.echo $ORACLE_HOME $ $ORACLE_HOME/OPatch/opatch apply -silent -force $BIN_HOME/soa_patch/13973356 $ $ORACLE_HOME/OPatch/opatch apply -silent -force $BIN_HOME/soa_patch/14196234 $ $ORACLE_HOME/OPatch/opatch apply -silent -force $BIN_HOME/soa_patch/16024267 $ $ORACLE_HOME/OPatch/opatch apply -silent -force $BIN_HOME/soa_patch/16366204 $ $ORACLE_HOME/OPatch/opatch apply -silent -force $BIN_HOME/soa_patch/16385074 $ $ORACLE_HOME/OPatch/opatch lsinv # IDM Patching .1. echo $ORACLE_HOME $ $ORACLE_HOME/OPatch/opatch lsinv $ $ORACLE_HOME/OPatch/opatch apply -silent -force $BIN_HOME/bundle-patchoim/11.2.8. echo $ORACLE_HOME $ $ORACLE_HOME/OPatch/opatch apply integ/18138998/OAM/18123471 -silent -force $BIN_HOME/patch-oam-oim- $ $ORACLE_HOME/OPatch/opatch apply integ/18138998/OAAM/17564520 -silent -force $BIN_HOME/patch-oam-oim- $ $ORACLE_HOME/OPatch/opatch lsinv # SOA Patching $ export ORACLE_HOME=/appl/oracle/fmw/Oracle_SOA1/.0_bp8/drop2/18818451 $ $ORACLE_HOME/OPatch/opatch apply -silent -force /appl/binaries/idmtoolpatch/17008132 $ $ORACLE_HOME/OPatch/opatch lsinv # OAM Bundle Patching $ export ORACLE_HOME=/appl/oracle/fmw/Oracle_IDM1/.

echo $ORACLE_HOME $ $IDM_HOME/OPatch/opatch apply -silent -force $BIN_HOME/oid-patch/18686783 $ $IDM_HOME/OPatch/opatch lsinv 9.sh .$ export ORACLE_HOME=$IDM_HOME/. Configure OID and OVD Instances $ $IDM_HOME/bin/config.

.

Install and Configure Web Tier .10.OHS $ $BIN_HOME/webtier11g/Disk1/runInstaller .

.

.

11.0_25/ . $ Installing Web Gate $BIN_HOME/webgate11g/Disk1/runInstaller -jreLoc $BIN_HOME/jdk/jdk1.6.

.

12.sh . Configure OIM and OAM components $ /appl/oracle/fmw/Oracle_IDM1/common/bin/config.

.

.

.

Start Node. $ export DOMAIN_HOME=/appl/oracle/fmw/user_projects/domains/base_domain/ $ $MW_HOME/oracle_common/common/bin/wlst. Configure Database Security Store $ export MW_HOME=/appl/oracle/fmw.3 $ nohup $WL_HOME/server/bin/startNodeManager.out 2>&1 & $ nohup $DOMAIN_HOME/bin/startWebLogic.sh soa_server1 $ $DOMAIN_HOME/bin/startManagedWebLogic. Admin and Managed Servers Initially perform a manual start and then copy over boot.sh > /tmp/nohup-node.sh > /tmp/nohup-wls.properties within respective Managed Server Security folder for auto boot.py d $DOMAIN_HOME -c IAM -p Welcome1 -m create 14.13. $ export ORACLE_HOME=/appl/oracle/fmw/Oracle_IDM1.out 2>&1 & $ $DOMAIN_HOME/bin/startManagedWebLogic. $ export DOMAIN_HOME=/appl/oracle/fmw/user_projects/domains/base_domain $ export WL_HOME=/appl/oracle/fmw/wlserver_10.sh oam_server1 $ $DOMAIN_HOME/bin/startManagedWebLogic.sh oim_server1 .sh $ORACLE_HOME/common/tools/configureSecurityStore.

conf # Admin Server and EM <Location /console> SetHandler weblogic-handler WebLogicHost server1.oracle.com WebLogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.us.oracle. Configure OHS Admin File: # Create a new admin.com WeblogicPort 7001 </Location> <Location /consolehelp> SetHandler weblogic-handler WebLogicHost server1.com WebLogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.us.com WeblogicPort 7001 </Location> <Location /em> SetHandler weblogic-handler WebLogicHost server1.oracle.oracle.oracle.com .log" </Location> <Location /oam> SetHandler weblogic-handler WLCookieName jsessionid WebLogicHost server1.us.com WeblogicPort 7001 </Location> <Location /oamconsole> SetHandler weblogic-handler WebLogicHost server1.oracle.conf file: $ export WT1_INSTANCE_HOME=/appl/oracle/fmw-web/Oracle_WT1/instances/instance1 $ export ORACLE_INSTANCE=$WT1_INSTANCE_HOME $ cat > $ORACLE_INSTANCE/config/OHS/ohs1/moduleconf/admin.us.us.com WeblogicPort 7001 </Location> # OIM and SOA <Location /identity> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost server1.us.log" </Location> <Location /sysadmin> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost server1.15.oracle.us.

us.com WebLogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # SOA Callback webservice for SOD . SOA calls this when a request is approved/rejected # Provide the SOA Managed Server Port <Location /workflowservice> SetHandler weblogic-handler WebLogicHost server1.oracle.oracle.com WebLogicPort 14000 WLCookieName oimjsessionid WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> <Location /admin> SetHandler weblogic-handler WebLogicHost server1.com WebLogicPort 14000 WLCookieName oimjsessionid WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.x webapp (struts based) <Location /xlWebApp> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost server1.com WebLogicPort 8001 WLCookieName oimjsessionid WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.us.Legacy 9.us.oracle.oracle.oracle.com WebLogicPort 8001 WLCookieName oimjsessionid WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.us. .com WebLogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.us.log" </Location> # used for FA Callback service.log" </Location> # Callback webservice for SOA.oracle.log" </Location> # oim self and advanced admin webapp consoles(canonic webapp) <Location /oim> SetHandler weblogic-handler WebLogicHost server1.used for workflow designer and DM <Location /Nexaweb> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost server1.WebLogicPort 14100 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # Nexaweb WebApp .log" </Location> # xlWebApp .us.Provide the SOA Managed Server Ports <Location /sodcheck> SetHandler weblogic-handler WebLogicHost server1.

oracle.<Location /callbackResponseService> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost server1.log" </Location> <Location /HTTPClnt> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost server1.us.log” </Location> # Restart OHS: $ $WT1_INSTANCE_HOME/bin/opmnctl stopall.oracle.oracle.com WebLogicPort 8001 WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.us.oracle.oracle.us.us.us.com WebLogicPort 8001 WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> # spml xsd profile <Location /spml-xsd> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost server1.com WebLogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log” </Location> <Location /integration> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost server1.log” </Location> <Location /soa> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost server1.oracle.log" </Location> # SOA Infrastructure <Location /soa-infra> SetHandler weblogic-handler WLCookieName oimjsessionid WebLogicHost server1.com WebLogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.us.com WebLogicPort 14000 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.$WT1_INSTANCE_HOME/bin/opmnctl startall .com WebLogicPort 8001 WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.

ldif Sep 10.0_25 $ export MW_HOME=/appl/oracle/fmw # Extending Directory Schema for Access Manager $ cd /appl/oracle/fmw/Oracle_IDM1/idmtools/bin/ $ cat > extendOAMPropertyFile IDSTORE_HOST: server1.ldap.ldif Sep 10.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/oid_schema_extn.dc=com IDSTORE_SYSTEMIDBASE: cn=systemids.ldap.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/oam/server/oimintg/ldif/oid/schema/OID_oblix_pwd_schema_add.dc=com IDSTORE_SEARCHBASE: dc=mycompany.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/systemid_pwdpolicy.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/oam/server/oimintg/ldif/oid/schema/OID_oblix_schema_index_add.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/oam/server/oimintg/ldif/oid/schema/OID_oim_pwd_schema_add.ldif Sep 10./idmConfigTool.util.util.ldap.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/idm_idstore_groups_acl_template.LDIFLoader loadOneLdifFile .us. 2014 3:23:32 AM oracle.util.ldif Sep 10.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/idstore_tuning.ldap.util. 2014 3:23:45 AM oracle.ldif Sep 10.dc=com $ .LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/idm_idstore_groups_template.oracle.16.ldap.ldif Sep 10. 2014 3:23:41 AM oracle.dc=com IDSTORE_GROUPSEARCHBASE: cn=Groups.util.com IDSTORE_PORT: 3060 IDSTORE_BINDDN: cn=orcladmin IDSTORE_USERNAMEATTRIBUTE: cn IDSTORE_LOGINATTRIBUTE: uid IDSTORE_USERSEARCHBASE: cn=Users. 2014 3:23:45 AM oracle.dc=mycompany.ldap. 2014 3:23:44 AM oracle.ld if Sep 10.util. Prepare Identity Store # Set environment variables $ export ORACLE_HOME=/appl/oracle/fmw/Oracle_IDM1 $ export JAVA_HOME=$BIN_HOME/jdk/jdk1. 2014 3:23:40 AM oracle. 2014 3:23:56 AM oracle. 2014 3:23:39 AM oracle.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/oam/server/oimintg/ldif/oid/schema/OID_oblix_schema_add.dc=mycompany.ldap.ldif Sep 10.ldap.sh -preConfigIDStore input_file=extendOAMPropertyFile Enter ID Store Bind DN password : Sep 10.util.ldif Sep 10. 2014 3:23:37 AM oracle.ldap.util.dc=mycompany.util.ldap.6. 2014 3:36:58 AM oracle.

ldap.ldap.ldif The tool has completed its operation.ldif Sep 11.ldap.dc=com IDSTORE_SYSTEMIDBASE: cn=systemids.us.util.ldif Enter User Password for oimLDAP: Confirm User Password for oimLDAP: Sep 11.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/oim_groups_acl_template. 2014 6:19:52 AM oracle. 2014 6:19:43 AM oracle.sh -prepareIDStore mode=OAM input_file=preconfigOAMPropertyFile Enter ID Store Bind DN password : *** Creation of oimLDAP *** Sep 11.util.ldap.ldif *** Creation of Xel Sys Admin User *** Sep 11.util.ldif Sep 11.dc=mycompany.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/common/oim_group_member_template.INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/fa_pwdpolicy.ldif Enter User Password for xelsysadm: Confirm User Password for xelsysadm: The tool has completed its operation. 2014 6:19:52 AM oracle. 2014 6:19:52 AM oracle. Details have been logged to automation.util.com IDSTORE_PORT : 3060 IDSTORE_BINDDN : cn=orcladmin IDSTORE_USERNAMEATTRIBUTE: cn IDSTORE_LOGINATTRIBUTE: uid IDSTORE_USERSEARCHBASE: cn=Users.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/idm_xelsysadmin_user.dc=com IDSTORE_SEARCHBASE: dc=mycompany.ldap.log # Creating Users and Groups for Oracle Identity Manager .LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/oim_group_template.dc=mycompany.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/oim_user_template. 2014 6:19:52 AM oracle.dc=mycompany.ldap.dc=com IDSTORE_GROUPSEARCHBASE: cn=Groups.dc=com POLICYSTORE_SHARES_IDSTORE: true OAM11G_IDSTORE_ROLE_SECURITY_ADMIN:OAMAdministrators IDSTORE_OAMSOFTWAREUSER:oamLDAP IDSTORE_OAMADMINUSER:oamadmin $ . 2014 6:19:52 AM oracle. Details have been logged to automation.oracle.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/oim_reserve_template.log # Creating Users and Groups for Access Manager $ cat > preconfigOAMPropertyFile IDSTORE_HOST : server1.util.ldif Sep 11./idmConfigTool.

ldif Sep 11. 2014 6:19:52 AM oracle. Details have been logged to automation.dc=com IDSTORE_SEARCHBASE: dc=mycompany.util.com IDSTORE_PORT : 3060 IDSTORE_BINDDN : cn=orcladmin IDSTORE_USERNAMEATTRIBUTE: cn IDSTORE_LOGINATTRIBUTE: uid IDSTORE_WLSADMINUSER: weblogic_idm IDSTORE_WLSADMINGROUP: wlsadmingroup IDSTORE_USERSEARCHBASE: cn=Users.oracle.util.dc=mycompany. 2014 6:19:43 AM oracle.ldap.$ cat > preconfigOIMPropertyFile IDSTORE_HOST: server1.oracle.ldif *** Creation of Xel Sys Admin User *** Sep 11. 2014 6:19:52 AM oracle.dc=mycompany.ldap.ldap.dc=mycompany.com IDSTORE_PORT: 3060 IDSTORE_BINDDN: cn=orcladmin IDSTORE_USERNAMEATTRIBUTE: cn IDSTORE_LOGINATTRIBUTE: uid IDSTORE_USERSEARCHBASE: cn=Users.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/idm_xelsysadmin_user.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/common/oim_group_member_template.util.dc=mycompany.util.ldap.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/oim_groups_acl_template.dc=com IDSTORE_SEARCHBASE: dc=mycompany.us.ldif Enter User Password for oimLDAP: Confirm User Password for oimLDAP: Sep 11.dc=com POLICYSTORE_SHARES_IDSTORE: true .dc=mycompany.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/oim_group_template.ldif Sep 11. 2014 6:19:52 AM oracle.ldif Enter User Password for xelsysadm: Confirm User Password for xelsysadm: The tool has completed its operation.us.log # Creating Users and Groups for Oracle WebLogic Server $ cat > preconfigWLSPropertyFile IDSTORE_HOST : server1.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/oim_user_template.dc=com IDSTORE_GROUPSEARCHBASE: cn=Groups.sh -prepareIDStore mode=OIM input_file=preconfigOIMPropertyFile *** Creation of oimLDAP *** Sep 11.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/oim_reserve_template.util. 2014 6:19:52 AM oracle./idmConfigTool.ldap.dc=com IDSTORE_GROUPSEARCHBASE: cn=Groups.ldap.util.ldif Sep 11. 2014 6:19:52 AM oracle.dc=com POLICYSTORE_SHARES_IDSTORE: true IDSTORE_SYSTEMIDBASE: cn=systemids.dc=com IDSTORE_OIMADMINUSER: oimLDAP IDSTORE_OIMADMINGROUP: OIMAdministrators $ .

2014 6:20:23 AM oracle.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/oam_user_template.ldap.util.ldap.ldap. 2014 6:20:23 AM oracle. Configure OIM with Ldapsync $ /appl/oracle/fmw/Oracle_IDM1/bin/config.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/weblogic_admin_group.util.ldif Enter User Password for weblogic_idm: Confirm User Password for weblogic_idm: Sep 11.$ .sh .log # Validate Users/Groups creation in OID 17. 2014 6:20:23 AM oracle./idmConfigTool.sh -prepareIDStore mode=WLS input_file=preconfigWLSPropertyFile Enter ID Store Bind DN password : *** Creation of Weblogic Admin User *** Sep 11.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/common/group_member_template.ldap.util.ldif Sep 11. Details have been logged to automation. 2014 6:20:15 AM oracle.ldif The tool has completed its operation.ldif Sep 11.LDIFLoader loadOneLdifFile INFO: -> LOADING: /appl/oracle/fmw/Oracle_IDM1/idmtools/templates/oid/fa_add_pwdpolicy.

.

# You can also use port 14000 (the direct managed server port) .

.

.

1 gnawaz dba 55004433 Sep 11 06:42 wlfullclient.core.jar Restart Admin and Managed Servers after copying the boot.0.ja r Created new jar file: /appl/oracle/fmw/wlserver_10. Create JAR File $ cd $WL_HOME/server/lib $ java -jar wljarbuilder.bea.3/server/lib/wlfullclient.jar $ORACLE_HOME/designconsole/ext/ $ ls -l wlfullclient.core.accessor_1.Shutdown all the servers via console or command line .jarbuilder_1.jar Integrating jar <-(1)/(37365)/(96)//appl/oracle/fmw/modules/com.0.18.jar $ java -jar $MW_HOME/modules/com.0.properties file: #.0.jar $ cp $WL_HOME/server/lib/wlfullclient.7.5.jar -rw-r--r-.diagnostics.bea.

props OIMProviderURL=t3://server1.sh.0_25 export MW_HOME=/appl/oracle/fmw export OIM_ORACLE_HOME=/appl/oracle/fmw/Oracle_IDM1 export WL_HOME=/appl/oracle/fmw/wlserver_10.properties $DOMAIN_HOME/servers/oim_server1/security/ $ cp $DOMAIN_HOME/servers/AdminServer/security/boot.properties $DOMAIN_HOME/servers/oam_server1/security/ $ cp $DOMAIN_HOME/servers/AdminServer/security/boot.out 2>&1 & $ nohup $DOMAIN_HOME/bin/startManagedWebLogic.sh oim_server1 > /tmp/nohup-oim.sh > /tmp/nohup-wls. . Run POST LDAP Sync $ cd /appl/oracle/fmw/Oracle_IDM1/server/ldap_config_util $ vi ldapconfig.sh soa_server1 > /tmp/nohup-soa.out 2>&1 & $ nohup $DOMAIN_HOME/bin/startManagedWebLogic.sh oam_server1 > /tmp/nohup-oam.$ export DOMAIN_HOME=/appl/oracle/fmw/user_projects/domains/base_domain $ mkdir $DOMAIN_HOME/servers/oam_server1/security $ mkdir $DOMAIN_HOME/servers/oim_server1/security $ mkdir $DOMAIN_HOME/servers/soa_server1/security $ cp $DOMAIN_HOME/servers/AdminServer/security/boot.properties $DOMAIN_HOME/servers/soa_server1/security/ $ nohup $DOMAIN_HOME/bin/startWebLogic.com:14000 LIBOVD_PATH_PARAM=/appl/oracle/fmw/user_projects/domains/base_domain/config/fmwconfig/ ovd/oim # Set required environment variables.3 export DOMAIN_HOME=/appl/oracle/fmw/user_projects/domains/base_domain export LIBOVD_PATH_PARAM=/appl/oracle/fmw/user_projects/domains/base_domain/config/fmwconfig/ovd/oim # Update XEL_HOME parameter in the file setEnv.6.out 2>&1 & $ nohup $DOMAIN_HOME/bin/startManagedWebLogic.oracle.out 2>&1 & 19.us. $ $ $ $ $ $ $ $ cd /appl/oracle/fmw/Oracle_IDM1/server/ldap_config_util export APP_SERVER=weblogic export JAVA_HOME=$BIN_HOME/jdk/jdk1.

Update the domain agent password as follows: a. Successfully Updated Changelog based Reconciliation schedule jobs with last change number : 0 20.sh /appl/oracle/fmw/Oracle_IDM1/server/ldap_config_util For running the Utilities the following environment variables need to be set APP_SERVER is weblogic OIM_ORACLE_HOME is /appl/oracle/fmw/Oracle_IDM1 JAVA_HOME is $BIN_HOME/jdk/jdk1. then SSO Agents. Log in to the Oracle WebLogic Server administration console: e.. Set the environment variables required for idmconfigtool.../LDAPConfigPostSetup. d.eclipse. username xelsysadm UsernamePasswordLoginModule... Configuring OAM for Integration 1.0_25 MW_HOME is /appl/oracle/fmw WL_HOME is /appl/oracle/fmw/wlserver_10.PersistenceProvider". A Webgate page displays. Obtained LDAP Connection.persistence. http:oam_adminserver_host:port/console f.initialize(). then Access Manager Settings. Navigate to the System Configuration tab.oracle.jpa. 2. UsernamePasswordLoginModule.6. OpenJPA will not be used....Update below line: XEL_HOME=/appl/oracle/fmw/Oracle_IDM1/server # Execute the utility LDAPConfigPostSetup. debug enabled UsernamePasswordLoginModule. URL t3://server1.sh . Update the field Access Client Password with the desired password.. Navigate to Security Realms. Double-click OAM Agents. Open the Providers tab and edit IAMSuiteAgent.3 DOMAIN_HOME is /appl/oracle/fmw/user_projects/domains/base_domain [Enter OIM admin password:] INFO: Found persistence provider "org.login().sh $ cd /appl/oracle/fmw/Oracle_IDM1/server/ldap_config_util $ . Obtained Scheduler Service. Double-click IAMSuiteAgent. . Click Search to list all Webgate agents....com:14000 Authenticated with OIM Admin.$ vi /appl/oracle/fmw/Oracle_IDM1/server/bin/setEnv. http://oam_adminserver_host:port/oamconsole c. Successfully Enabled Changelog based Reconciliation schedule jobs.us. then myrealm. Open the Provider Specific tab and update the agent password. Log in to the Oracle Access Management administration console: b. Save the changes.login().

dc=mycompany.0_25 $ export MW_HOME=/appl/oracle/fmw $ export IDM_ORACLE_HOME=$IDM_HOME $ export IAM_ORACLE_HOME=/appl/oracle/fmw/Oracle_IDM1 $ export ORACLE_HOME=$IAM_ORACLE_HOME $ export IDM_HOME=$IDM_ORACLE_HOME 21.# Restart the Admin and Managed Servers.dc=mycompany. Configure OAM via Idm Tool $ cd /appl/oracle/fmw/Oracle_IDM1/idmtools/bin/ $ cat > OAMconfigPropertyFile WLSHOST: server1.com:5575 .com IDSTORE_PORT: 3060 IDSTORE_BINDDN: cn=orcladmin IDSTORE_USERNAMEATTRIBUTE: cn IDSTORE_LOGINATTRIBUTE: uid IDSTORE_USERSEARCHBASE: cn=Users. $ export DOMAIN_HOME=/appl/oracle/fmw/user_projects/domains/base_domain $ nohup $DOMAIN_HOME/bin/startWebLogic.oracle.out 2>&1 & $ nohup $DOMAIN_HOME/bin/startManagedWebLogic.oracle.out 2>&1 & $ nohup $DOMAIN_HOME/bin/startManagedWebLogic.sh > /tmp/nohup-wls.us.oracle.dc=mycompany.us.sh oam_server1 > /tmp/nohup-oam.dc=com IDSTORE_OAMSOFTWAREUSER: oamLDAP IDSTORE_OAMADMINUSER: oamadmin IDSTORE_DIRECTORYTYPE: OID POLICYSTORE_SHARES_IDSTORE: true PRIMARY_OAM_SERVERS: server1.sh oim_server1 > /tmp/nohup-oim.us.sh soa_server1 > /tmp/nohup-soa.dc=com IDSTORE_SEARCHBASE: dc=mycompany.out 2>&1 & # OAM Configuration File for Integration # Source environment variables $ export BIN_HOME=/appl/binaries $ export JAVA_HOME=$BIN_HOME/jdk/jdk1.out 2>&1 & $ nohup $DOMAIN_HOME/bin/startManagedWebLogic.com WLSPORT: 7001 WLSADMIN: weblogic WLSPASSWD: Welcome1 ADMIN_SERVER_USER_PASSWORD: Welcome1 IDSTORE_HOST: server1.6.dc=com IDSTORE_GROUPSEARCHBASE: cn=Groups.dc=com IDSTORE_SYSTEMIDBASE: cn=systemids.

us.oracle.WEBGATE_TYPE: ohsWebgate11g ACCESS_GATE_ID: Webgate_IDM OAM11G_IDM_DOMAIN_OHS_HOST:server1./em/targetauth/emaslogout.jsp.oracle.com OAM11G_WLS_ADMIN_PORT: 7001 .us.com OAM11G_IDSTORE_NAME: OID_Store1 OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators OAM11G_SSO_ONLY_FLAG: false OAM11G_OIM_INTEGRATION_REQ: true OAM11G_SERVER_LBR_HOST:server1.jsp.oracle./cgibin/logout.log 22.us.oracle.oracle. Configure OIM via IdmTool $ cat > OIMconfigPropertyFile LOGINURI: /${app.com OAM11G_IDM_DOMAIN_OHS_PORT:7777 OAM11G_IDM_DOMAIN_OHS_PROTOCOL:http OAM11G_WG_DENY_ON_NOT_PROTECTED: false OAM11G_IMPERSONATION_FLAG: false OAM_TRANSFER_MODE: open OAM11G_OAM_SERVER_TRANSFER_MODE:open OAM11G_IDM_DOMAIN_LOGOUT_URLS: /console/jsp/common/logout.html. Details have been logged to automation.sh -configOAM input_file=OAMconfigPropertyFile Enter ID Store Bind DN password : Enter User Password for IDSTORE_PWD_OAMSOFTWAREUSER: Confirm User Password for IDSTORE_PWD_OAMSOFTWAREUSER: Enter User Password for IDSTORE_PWD_OAMADMINUSER: Confirm User Password for IDSTORE_PWD_OAMADMINUSER: The tool has completed its operation.pl OAM11G_OIM_WEBGATE_PASSWD: Welcome1 OAM11G_SERVER_LOGIN_ATTRIBUTE: uid COOKIE_DOMAIN: .context}/adfAuthentication LOGOUTURI: /oamsso/logout./oamsso/logout.html AUTOLOGINURI: None ACCESS_SERVER_HOST: server1.us.com:7777/ SPLIT_DOMAIN: false $ .us.oracle.com OAM11G_SERVER_LBR_PORT:7777 OAM11G_SERVER_LBR_PROTOCOL:http COOKIE_EXPIRY_INTERVAL: 120 OAM11G_OIM_OHS_URL:http://server1./idmConfigTool.com ACCESS_SERVER_PORT: 5575 ACCESS_GATE_ID: Webgate_IDM COOKIE_DOMAIN: .us.oracle.com COOKIE_EXPIRY_INTERVAL: 120 OAM_TRANSFER_MODE: open WEBGATE_TYPE: ohsWebgate11g OAM_SERVER_VERSION: 11g OAM11G_WLS_ADMIN_HOST: server1.us.

dc=mycompany. Initialized MDS resources .MDS DB Config Sep 11.mds NOTIFICATION: PManager instance is created without multitenancy support as JVM flag "oracle.us.us./idmConfigTool.CSF Config Completed loading user inputs for .OAM11G_WLS_ADMIN_USER: weblogic SSO_ENABLED_FLAG: true IDSTORE_PORT: 3060 IDSTORE_HOST: server1.oracle.com WLSPORT: 7001 WLSADMIN: weblogic DOMAIN_NAME: base_domain OIM_MANAGED_SERVER_NAME: oim_server1 DOMAIN_LOCATION: /appl/oracle/fmw/user_projects/domains/base_domain $ .multitenant.us.com:7001 Connection to domain runtime mbean server established Seeding credential :SSOAccessKey ********* ********* ********* ********* Activating OAM Notifications ********* Completed loading user inputs for .sh -configOIM input_file=OIMconfigPropertyFile Enter sso access gate password : Enter mds db schema password : Enter idstore admin password : Enter admin server user password : Enter oam11g domain admin user password : ********* Seeding OAM Passwds in OIM ********* Completed loading user inputs for .dc=com MDS_DB_URL: jdbc:oracle:thin:@localhost:1521:orcl MDS_DB_SCHEMA_USERNAME: DEV_MDS WLSHOST: server1.com IDSTORE_DIRECTORYTYPE: OID IDSTORE_ADMIN_USER: cn=orcladmin IDSTORE_LOGINATTRIBUTE: uid IDSTORE_USERSEARCHBASE: cn=Users.dc=com IDSTORE_GROUPSEARCHBASE: cn=Groups.Dogwood Admin WLS Connecting to t3://server1.enabled" is not set to enable multitenancy support. 2014 7:00:03 AM oracle.oracle.oracle.dc=mycompany.

2014 7:00:05 AM oracle. Total number of documents successfully processed : 1. 2014 7:00:06 AM oracle.enabled" is not set to enable multitenancy support. Sep 11.enabled" is not set to enable multitenancy support. ********* ********* ********* ********* Seeding OAM Config in OIM ********* Completed loading user inputs for .mds NOTIFICATION: transfer is completed.multitenant. Upload to DB completed Releasing all resources Notifications activated. total number of documents failed : 0.mds NOTIFICATION: PManager instance is created without multitenancy support as JVM flag "oracle.enabled" is not set to enable multitenancy support.mds NOTIFICATION: transfer is completed. total number of documents failed : 0.Sep 11. 2014 7:00:06 AM oracle. Sep 11. Sep 11.mds NOTIFICATION: PManager instance is created without multitenancy support as JVM flag "oracle. Upload to DB completed Releasing all resources .OAM Access Config Validated input values Initialized MDS resources Sep 11. 2014 7:00:06 AM oracle.mds NOTIFICATION: transfer operation started.mds NOTIFICATION: transfer operation started. Download from DB completed Releasing all resources Updated /appl/oracle/fmw/Oracle_IDM1/server/oamMetadata/db/oim-config. Total number of documents successfully processed : 1. 2014 7:00:07 AM oracle. 2014 7:00:06 AM oracle. 2014 7:00:05 AM oracle.xml Initialized MDS resources Sep 11. Sep 11. 2014 7:00:06 AM oracle. Total number of documents successfully processed : 1.mds NOTIFICATION: transfer operation started.mds NOTIFICATION: PManager instance is created without multitenancy support as JVM flag "oracle. Sep 11. total number of documents failed : 0.mds NOTIFICATION: transfer is completed. 2014 7:00:06 AM oracle.multitenant. Sep 11.multitenant.

Configured inOIDAuthenticatornow LDAP details configured in OIDAuthenticator Control flags for authenticators set sucessfully Reordering of authenticators done sucessfully Saving the transaction Transaction saved Activating the changes Changes Activated. Edit session ended. Validating provider configuration Validated desired authentication providers Destroyed Authentication Provider: Security:Name=myrealmOIMAuthenticationProvider Created OAMIDAsserter successfuly OAMIDAsserter is already configured to support 11g webgate Created OIMSignatureAuthenticator successfuly Created OIDAuthenticator successfuly Setting attributes for OIDAuthenticator All attributes set. Connection closed sucessfully ********* ********* ********* .us.LDAP connection info Connecting to t3://server1.com:7001 Connection to domain runtime mbean server established Starting edit session Edit session started Connected to security realm. ********* ********* ********* ********* Configuring Authenticators in OIM WLS ********* Completed loading user inputs for .oracle. Please restart oim server.OAM configuration seeded.

then oracle. and change SSOEnabled to “true”. 2.1. Details have been logged to automation. then XMLConfig. 4. then SSOConfig. 25. 4. 6. 3. Select Security Realms from the Domain Structure menu. 3.The tool has completed its operation. Click the Providers tab. then Config.3. Restart WebLogic Administration Server and all running Managed Servers. Click Yes to confirm the deletion. Log in to the WebLogic Server Administration Console. The Webgate handles single sign-on. Change SSOEnabled to “true”. 2. Confirm Webgate Type and ID. 3. oim_server. Navigate to Identity and Access. oaam_admin.com/console. Remove Default Domain Agent The IDMDomain Agent provides single sign-on capability for administration consoles. Click Activate Changes from the Change Center. then Application:oim.iam. Click Lock and Edit from the Change Center.1. Select all the Servers where the IAMSuiteAgent is enabled and where logout is performed. select IAMSuiteAgent. oaam_server. Perform these steps to update the Webgate Type and Webgate ID using Oracle Enterprise Manager Fusion Middleware Control: 1. then Server: oim_server1. then OIM. Configuring Centralized Logout for the IAMSuiteAgent" To configure logout for the IAMSuiteAgent 1. then XMLConfig. 10.mycompany. For example. Click myrealm. . so you must remove the IDMDomain Agent and restart the Oracle WebLogic Server Administration Server and all running Managed Servers. Navigate to Application Defined Mbeans. Click Save. then oim(11. and so on. Navigate to Domain.SSOConfig.0) and select System Mbean Browser. 8. 2. oamsso_logout. Targets. In the list of authentication providers. Log in to the WebLogic Server administration console using the URL: http://admin. 5.1. Deployments. Right-click on oim (11. 1.1. 7. 4.0). 24. Click Delete. 9.3.log 23.

Increase number of Web Gate connections: # Login to /oamconsole and increase number of max connections to ‘4’ for both Webgates.26. .

conf" # As Webgate is already registered during configOAM.conf contain the following include "$WT1_INSTANCE_HOME/config/OHS/ohs1/webgate./deployWebGateInstance.log # Verify that last line of $WT1_INSTANCE_HOME/config/OHS/ohs1/httpd.sh soa_server1 > /tmp/nohup-soa.sh oim_server1 > /tmp/nohup-oim.sh > /tmp/nohup-wls.sh -w $WT1_INSTANCE_HOME/config/OHS/ohs1 -oh /appl/oracle/fmw-web/Oracle_OAMWebGate1 # Confirm folder creation and copy of files $ ls -l $WT1_INSTANCE_HOME/config/OHS/ohs1/webgate/tools/openssl/simpleCA/ca* $ export LD_LIBRARY_PATH=/appl/oracle/fmw-web/Oracle_WT1/lib $ cd /appl/oracle/fmw-web/Oracle_OAMWebGate1/webgate/ohs/tools/setup/InstallTools # Configure OAM 11g WebGate $ . Create an OAM 11g Web Gate Instance $ cd /appl/oracle/fmw-web/Oracle_OAMWebGate1/webgate/ohs/tools/deployWebGate $ .out 2>&1 & $ nohup $DOMAIN_HOME/bin/startManagedWebLogic.out 2>&1 & $ nohup $DOMAIN_HOME/bin/startManagedWebLogic.sh oam_server1 > /tmp/nohup-oam. hence next copy the WebGate artifact files from $DOMAIN_HOME/output/$WEBGATENAME% to $WT1_INSTANCE_HOME/config/OHS/ohs1/webgate/config $ cp /appl/oracle/fmw/user_projects/domains/base_domain/output/Webgate_IDM_11g/* $WT1_INSTANCE_HOME/config/OHS/ohs1/webgate/config/ # Restart OHS: .# Restart Admin and Managed Servers: $ export DOMAIN_HOME=/appl/oracle/fmw/user_projects/domains/base_domain $ nohup $DOMAIN_HOME/bin/startWebLogic./EditHttpConf -w $WT1_INSTANCE_HOME/config/OHS/ohs1 -oh /appl/oracle/fmwweb/Oracle_OAMWebGate1 -o out.out 2>&1 & $ nohup $DOMAIN_HOME/bin/startManagedWebLogic.out 2>&1 & 27.

us.ear file via weblogic deployment # Use weblogic Deployment > Install > ( Path Location : $IDM_HOME/ldap/odsm/odsm.out 2>&1 & tail -f /tmp/nohup-wl.sh nohup /appl/oracle/fmw-ora/user_projects/domains/IAM_IDM_Domain/bin/startWebLogic.com adminPort 7001 -adminUsername weblogic #./emctl switchOMS http://server1.oracle. Registering OID with the WLS Domain $ export ORACLE_HOME=$IDM_HOME $ export ORACLE_INSTANCE=$OID_ORACLE_INSTANCE $ $ORACLE_INSTANCE/bin/opmnctl registerinstance -adminHost server1.com:7001/em/upload #.$WT1_INSTANCE_HOME/bin/opmnctl startall 28.$ $WT1_INSTANCE_HOME/bin/opmnctl stopall.oracle.us.conf # ODSM <Location /odsm> SetHandler weblogic-handler WebLogicHost server1.ear ) # Choose Install this as an application instead of default library.com WeblogicPort 7001 </Location> $ $WT1_INSTANCE_HOME/bin/opmnctl stopall. Deploy odsm.out | grep -i RUNNING # Update OHS to allow /odsm context vi $WT1_INSTANCE_HOME/config/OHS/ohs1/moduleconf/admin.us.oracle.sh > /tmp/nohup-wl. Update the Enterprise Manager Repository URL $ cd $ORACLE_INSTANCE/EMAGENT/EMAGENT/bin $ .$WT1_INSTANCE_HOME/bin/opmnctl startall . # Restart the weblogc Admin Server /appl/oracle/fmw-ora/user_projects/domains/IAM_IDM_Domain/bin/stopWebLogic.

. Scroll down and check “Weblogic Plugin Enabled”) # Also: Click on Environment -> Servers -> AdminServer -> Protocols -> HTTP. Click on <IDMDomain> -> Configuration -> Web Applications. Change the Frontend port to 7777. Enable WLS Plugin & Update OHS FrontEnd #(Click Lock & Edit.29. Activate Changes # Perform same set of action for other Managed Servers.

Under the "Component Metrics" section. All SOA server default composites must be updated.0] and Oracle SOA CompositeDefaultRequestApproval [2.xml 31. Updating SOA Server Default Composite In an integrated environment.task-flow?_id=ApprovalTask_TaskFlow&_document=WEBINF/ApprovalTask_TaskFlow. Oracle Identity Manager is front ended by OHS.30. and then directly to the OIM identity page without any login to OIM page : . click "ApprovalTask" and add/update the following fields: Under SOA > soa-infra (<soa server name>) > default. there are following OOTB composites: DefaultRequestApproval DefaultOperationalApproval DefaultRoleApproval. Verify OIM OAM OID Integration # Verify that login to /identity or /sysadmin URL takes you to the SSO Login page. Follow the steps below to fix it: Log in to soa's em Expand SOA -> soa-infra (<soa server name>) -> default in the left panel. do the following two steps: a. double click to open b.0]. default 7777 HTTPS Port leave it blank URI /identity/faces/adf. Perform the following steps: There's a bug about self register. DefaultSODApproval BeneficiaryManagerApproval RequesterManagerApproval Application Name worklist Host Name <OHS host name> HTTP Port enter OHS HTTP port. For DefaultOperationalApproval [2.

com:7777/identity 1.# Login via xelsysadm. Create a new user 2. verify the user within OID. and login via newly created user. Verify User’s creation within OID: .us.oracle. and create a new user. # Verify SSO while creating a new user: http://server1.

oracle.# Login to http://server1.com:7777/sysadmin/ without any password prompt: 2. Login as newly created user.us. .

The user must be logged out and redirected back to the login page.# Verify the lock/disable feature works by opening a browser and logging in as a test user. .

32.out 2>&1 & $ nohup $DOMAIN_HOME/bin/startManagedWebLogic.out 2>&1 & $ nohup $DOMAIN_HOME/bin/startManagedWebLogic.sh oam_server1 > /tmp/nohup-oam.sh oim_server1 > /tmp/nohup-oim.sh soa_server1 > /tmp/nohup-soa. - Stop OHS $ export WT1_INSTANCE_HOME=/appl/oracle/fmw-web/Oracle_WT1/instances/instance1 $ export OHS_COMPONENT_NAME=ohs1 $ export OID_ORACLE_INSTANCE=/appl/oracle/fmw-idm/asinst_1 $ $WT1_INSTANCE_HOME/bin/opmnctl stopall - Stop OID $ $OID_ORACLE_INSTANCE/bin/opmnctl stopall # Start Sequence: - Start OID $ $OID_ORACLE_INSTANCE/bin/opmnctl startall - Start Admin and Managed Servers. Start and Stop Sequence # Stop Sequence: - Stop Admin and Managed Servers via console. Verify the SSO logout feature works by logging into Oracle Identity Self Service as test user or system administrator. $ export DOMAIN_HOME=/appl/oracle/fmw/user_projects/domains/base_domain $ nohup $DOMAIN_HOME/bin/startWebLogic.out 2>&1 & $ Start OHS $WT1_INSTANCE_HOME/bin/opmnctl startall .sh > /tmp/nohup-wls.out 2>&1 & $ nohup $DOMAIN_HOME/bin/startManagedWebLogic.3.

com/cd/E27559_01/integration. obLockoutTime has to be set to a value in the future. Notes: # OAM password management process: 1. OAM allows resource access.htm#CHDGDGAJ 34. References: - http://docs. 2. obUserAccountControl: The flag indicating whether the user is activated.1112/e27123/oim.co. # Directory attributes for Password Management     obLoginTryCount: Tracks the number of unsuccessful login tries attempted by the user. OAM identify the password management redirect required or not.htm#CACJDIDD - http://onlineappsdba. User logs in with username/password. Redirect the user to OAM with user assertion.1112/e27123/app_oid_oim. deactivated is assumed. To unlock an account. 5. In addition. 9. obLockoutTime must be set to the current time or a time in the past.in/2014/09/how-user-lock-unlock-functionality. OAM validate the password management attributes 4. OAM lower the authentication level. OAM validates the assertion and upgrade the session 10. OAM redirect the user to OIM for password management. activated is assumed. 7. obPasswordChangeFlag: Indicates whether a password needs to be reset during login.uk/2014/09/ldapsync-error-while-configuring-oim.com/cd/E40329_01/integration. To reset on password change.33. The value is reset on successful login.oracle. obLoginTryCount should be reset. OAM authenticates the user against OID/LDAP 3. . OIM does the password management operations 8. obLockoutTime: In order to lock an account.oracle.html - http://docs. Used for number of login tries.com/index. obPasswordChangeFlag must be unset. Possible values include: activated. deactivated.blogspot. If no value is present. In order to force password change on login. 6.blogspot. obPasswordChangeFlag must be set.php/2011/11/09/password-policy-in-oam-oim-oidintegration-user-not-locked-after-configured-value/ - http://idmexpress.html - http://shahbaz-chaudhry.