Tuesday, August 26, 2014

Active Directory userAccountControl

512 - Enable Account
514 - Disable account
544 - Account Enabled - Require user to change password at first logon
4096 - Workstation/server
66048 - Enabled, password never expires
66050 - Disabled, password never expires
262656 - Smart Card Logon Required
532480 - Domain controller

All Other Values:
===========================
1 - script
2 - accountdisable
8 - homedir_required
16 - lockout
32 - passwd_notreqd
64 - passwd_cant_change
128 - encrypted_text_pwd_allowed
256 - temp_duplicate_account
512 - normal_account
2048 - interdomain_trust_account
4096 - workstation_trust_account
8192 - server_trust_account
65536 - dont_expire_password
131072 - mns_logon_account
262144 - smartcard_required
524288 - trusted_for_delegation
1048576 - not_delegated
2097152 - use_des_key_only
4194304 - dont_req_preauth
8388608 - password_expired
16777216 - trusted_to_auth_for_delegation

Monday, August 18, 2014

Oracle IAM all articles published till date

This post lists all the articles published till date from the most recent to old in order
Clicking any link will open the page in a new window.
My linkedin profile is at http://au.linkedin.com/in/deepakdubeyidam. Please endorse some of my skills if you are benefitted by any of the articles below.

OIM 11g R2 PS2 - Windows 8 Installation Issue

OAM Web Gates and OHS : Debugging web server log file and webgate log file

OHS 12c : Change default log level

OHS 12c (12.1.3) and OHS 11g mod_wl_ohs.conf - SSL proxy setup


OID 11.1.1.7.0 Add Instance

OIM, OAM performance monitroing and matrics Java Flight Recorder

OAM 11g R2 Ps2 (11.1.2.2.0) - Social Authentication using Google
   
OVD 11.1.1.7.0 Add Instance

OHS 12c (12.1.3) webgate deployment and configuration

OHS 12c (12.1.3) Installation and Configuration

OIM 11g R2 PS2 - Create Custom UDF and Display on Create,View and Modify User Pages

OIM 11g R2 PS2 - ORCHPROCESS and ORCHEVENTS Tables

Sun Identity Manager to Oracle Identity Manager Migration

OAM 11g R2 PS2 (11.1.2.2) Cannot Open The Federation Settings Page, MBean Operation Access Denied

OIM 11g R2 PS2 List of all Metadata Files

OIM 11g - Add Child Data to Child Tables

OIM 11g R2 - Approval Policies deprecated request types

OIM 11g R2 PS2 : Disconnected Application Instances

OIM 11g R2 Ps2 (11.1.2.2.0) : Dynamic Organization Membership

OIM 11g R2 PS2 (11.1.2.2.0) : Email Notification Services

OIM 11g R2 PS2 (11.1.2.2.0) : Database Application Tables Installaton Issue-Resolution

OAM 11g R2 PS2 (11.1.2.2.0) Federation Setup

OIF 11g R2 : Self Federation Configuration and Testing

OIM 11g R2 PS2 : Configuring Direct URLs to home page sections in email

OIM 11g R2 PS2 : Configure Second OIM Weblogic Domain against existing DB schema

OIM 11g R2 PS2 - Notify User ID to User

OIM 11g R2 PS2 - Notify Failed Reconciliation Events

SSL Connectivity setup between OIM 11g (R1, R2) and Database

OAM 11g R2 PS2 (11.1.2.2.0) Custom Login Page Development and Configuration

OAM Mobile and Social Service (OAMMS) 11g R2 PS2 (11.1.2.2.0) Configuration and Testing

OAM - OAAM 11g R2 PS2 (11.1.2.2.0) Advanced integration

OAM 11g R2 PS2 (11.1.2.2.0) : Detached Credential Collector (DCC) Setup

OIM 11g R2 PS2 : Associating User to a Manager

OIM 11g R2 : Set Last Disable Date

OIM 11g R2 : Populate Organization Event Handler

OIM 11g R2 : Change Display Name on change of First Name or Last Name

OIM 11g SPML Test Data

OIM OIA Custom Code Integration via Web Services

OIM 11g Custom ADF Application Development

OIM OIA Integration

OAM 11g R2 PS2 (11.1.2.2.0) : Web Gate 11.1.2.2.0 Installation and Configuration, Protecting Web Application

OIM 11g R2 PS2 : SOA Approval Workflow Sample

OIM 11g : Service Provisioning Markup Language (SPML) Sample Code

Oracle Identity Management - Oracle Identity Federation (OIF), Oracle Virtual Directory (OVD), Oracle Internet Directory

Oracle Identity and Access Management 11G R2 PS2 (11.1.2.2.0) Screens

Oracle Identity Analytics (OIA) 11g Release 1, Patch Set 1 (11.1.1.5) Installation and Configuration

Setting up Red Hat Linux Server (RHEL) to the LDAP Server for Pluggable Authentication Module (PAM) setup

Setting up Solaris Server/Machine to the Directory Server Enterprise Edition for Pluggable Authentication Module

Oracle Identity Manager (OIM) 11G R2 PS2 (11.1.2.2.0) Configuration

Oracle Identity and Access Management (OIAM) 11G R2 PS2 (11.1.2.2.0) Installation & Configuration Overview

Oracle Identity and Access Management 11G R2 PS2 (11.1.2.2.0) : Configuring Database Security Store for

Oracle Identity and Access Management 11G R2 PS2 (11.1.2.2.0) : Upgrading OPSS Schema using Patch

Configuring Oracle Identity and Access Management 11g Release 2 PS2 (11.1.2.2.0) Products on WebLogic 

Oracle Access Manager (OAM) 11G R2 PS1 : Adding MobileJWTOAMTokenProviders

Oracle Identity and Access Management 11G R2 PS2 (11.1.2.2.0) Installation

Repository Creation Utility (RCU) 11.1.2.2.0

Oracle Database 11.2.0.1.0 Installation

Oracle Waveset 8.1 (aka Sun Identity Manager) Installation & Setup

Oracle Web Tier Utilities 11.1.1.7.0 Installation

Configure Oracle Unified Directory (OUD) 11.1.2.2.0 on Oracle WebLogic

Patch Oracle SOA Suite 11.1.1.7.0 with mandatory patches for Oracle Identity Manager 11.1.2.2.0

Oracle JDeveloper 11.1.1.7.0 Installation

Oracle Unified Directory (OUD) 11G R2 PS2 (11.1.2.2.0) Configuration Setup

Oracle Unified Directory (OUD) 11G R2 PS2 (11.1.2.2.0) Installation

Oracle SOA Suite 11.1.1.7.0 Installation

Oracle WebLogic Server 10.3.6.0 Installation

Oracle Unified Directory (OUD) 11G R2 PS2 (11.1.2.2.0) Installation & Configuration

OIM 11g R2 PS2 - Windows 8 Installation Issue

If your installation of Oracle Identity and Access Management 11g R2 PS2 (11.1.2.2.0) is failing while running the WebLogic Domain Configration Wizard Step then the fix for that is below.

Please change the paths as per your system.

C:\Oracle\Middleware\wlserver_10.3\common\wlst\modules\jython-modules.jar

unjar the file

jar -xvf jython-modules.jar

Modify the file
C:\Oracle\Middleware\wlserver_10.3\common\wlst\modules\Lib\javashell.py

Add ,'Windows 8' at the end.


  _osTypeMap = (
        ( "nt", ( 'nt', 'Windows NT', 'Windows NT 4.0', 'WindowsNT',
                  'Windows 2000', 'Windows 2003', 'Windows XP', 'Windows CE',
                  'Windows Vista', 'Windows Server 2008', 'Windows 7','Windows 8' )),
        ( "dos", ( 'dos', 'Windows 95', 'Windows 98', 'Windows ME' )),
        ( "mac", ( 'mac', 'MacOS', 'Darwin' )),
        ( "None", ( 'None', )),
        )

Update the jar back

jar -uvf jython-modules.jar Lib\javashell.py



Thursday, August 14, 2014

OAM Web Gates and OHS : Debugging web server log file and webgate log file

This post covers the files that are required to be modified to enable debug tracing.

In OHS 12c the file is required is httpd.conf under OHS/instances/ohs1
and for webgate it is  oblog_config_wg.xml




/var/oracle/fusionV12c/webserver/instances/mcpohs1/config/fmwconfig/components/OHS/instances/ohs1

OraLogDir "${ORACLE_INSTANCE}/servers/${COMPONENT_NAME}/logs"
OraLogMode odl-text
OraLogSeverity WARNING:32

Change to
OraLogSeverity TRACE:32



/var/oracle/fusionV12c/webserver/instances/mcpohs1/config/fmwconfig/components/OHS/instances/ohs1/webgate/config

   <SimpleList>
                <NameValPair
                        ParamName="LOG_THRESHOLD_LEVEL"
                        Value="LOGLEVEL_TRACE">
                </NameValPair>

original setting 
LOGLEVEL_WARNING



Monday, August 11, 2014

OHS 12c : Change default log level



file to modify httpd.conf

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
# The LogLevel directive will take effect only when OraLogMode is set to apache
#
# LogLevel warn
LogLevel debug
#Directives to setup logging via ODL
OraLogDir "${ORACLE_INSTANCE}/servers/${COMPONENT_NAME}/logs"
OraLogMode odl-text
OraLogSeverity TRACE:32
OraLogRotationParams S 10:70

Default

OraLogSeverity WARNING:32

OHS 12c (12.1.3) and OHS 11g mod_wl_ohs.conf - SSL proxy setup

In this post , I will cover an important difference between OHS 11g and 12c mod

_wl_ohs.conf which which is used to establish ssl proxy for the backend services.


this is how 11g mod_wl_ohs.conf looks like for SSL proxy setup

------------------------------------------------------------------------------------------------------------------


<Proxy *>

Order deny,allow

Allow from all

</Proxy>


SSLProxyEngine on

#SSLProxyWallet /var/oracle/webserver/instances/ohsinstance/config/OHS/ohs1/keystores/ssl-proxy

SSLProxyWallet /app/oracle/ohswallets/apiwallet



<Location /appContext>

ProxyPass https://host1:ssl_port/appContext

ProxyPassReverse https://host1:ssl_port/appContext

</Location>

 ------------------------------------------------------------------------------------------------------------------


in 12c SSL v3 protocol is not supported by default so we have to use to TLS v1 to establish SSL connectivity with backend services.




SSLProxyEngine on

SSLProxyWallet /path_to_wallet_folder

SSLProxyProtocol TLSv1



<Location /appContext>

ProxyPass https://host1:ssl_port/appContext

ProxyPassReverse https://host1:ssl_port/appContext

</Location>



The above proxy config uses apache proxy but if we want to switch to oracle weblogic ohs proxy then the following config will be required


<IfModule weblogic_module>
<Location /app1/path1>
WLSRequest On
WebLogicHost hostname
WebLogicPort port
SecureProxy On
WLProxySSL On
WLSSLWallet "/path_to_wallet_folder"
</Location>
</IfModule>