Wednesday, November 30, 2016

Oracle database service creation on 12c ,11gr2 RAC DATABASE SERVICE

https://unixoracledba.wordpress.com/2012/06/16/how-to-create-and-relocate-an-11gr2-rac-database-service/ How to see what services you have and where they are running: [oracle@Rac1 ~]$ srvctl status service -d RAC Service CONTACT is running on instance(s) RAC1 How to Add Service to your RAC database: [oracle@Rac1 ~]$ srvctl add service -s NEWSRV -r RAC1 -a RAC2 -d RAC [oracle@Rac1 ~]$ srvctl add service -s NEWSRV1 -d RAC -r rac1, rac2 How to see more detailed information about your service: oracle@Rac1 ~]$ srvctl config service -s NEWSRV -d RAC Service name: NEWSRV Service is enabled Server pool: RAC_NEWSRV Cardinality: 1 Disconnect: false Service role: PRIMARY Management policy: AUTOMATIC DTP transaction: false AQ HA notifications: false Failover type: NONE Failover method: NONE TAF failover retries: 0 TAF failover delay: 0 Connection Load Balancing Goal: LONG Runtime Load Balancing Goal: NONE TAF policy specification: NONE Preferred instances: RAC1 Available instances: RAC2 [oracle@Rac1 ~]$ srvctl config service -s NEWSRV1 -d RAC Service name: NEWSRV1 Service is enabled Server pool: RAC_NEWSRV1 Cardinality: 2 Disconnect: false Service role: PRIMARY Management policy: AUTOMATIC DTP transaction: false AQ HA notifications: false Failover type: NONE Failover method: NONE TAF failover retries: 0 TAF failover delay: 0 Connection Load Balancing Goal: LONG Runtime Load Balancing Goal: NONE TAF policy specification: NONE Preferred instances: RAC1,RAC2 Available instances: How to Start your Service after creating it: [oracle@Rac1 ~]$ srvctl start service -s NEWSRV -d RAC [oracle@Rac1 ~]$ srvctl start service -s NEWSRV1 -d RAC How to check if your service is registered: oracle@Rac1 ~]$ lsnrctl status LSNRCTL for Linux: Version 11.2.0.1.0 – Production on 16-JUN-2012 10:03:26 Copyright (c) 1991, 2009, Oracle. All rights reserved. Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)) STATUS of the LISTENER ———————— Alias LISTENER Version TNSLSNR for Linux: Version 11.2.0.1.0 – Production Start Date 16-JUN-2012 08:40:17 Uptime 0 days 1 hr. 23 min. 10 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /u01/app/11.2.0/grid/network/admin/listener.ora Listener Log File /u01/app/oracle/diag/tnslsnr/Rac1/listener/alert/log.xml Listening Endpoints Summary… (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.1.103)(PORT=1521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.1.113)(PORT=1521))) Services Summary… Service “+ASM” has 1 instance(s). Instance “+ASM1”, status READY, has 1 handler(s) for this service… Service “CONTACT.localdomain” has 1 instance(s). Instance “RAC1”, status READY, has 1 handler(s) for this service… Service “NEWSRV.localdomain” has 1 instance(s). Instance “RAC1”, status READY, has 1 handler(s) for this service… Service “NEWSRV1.localdomain” has 1 instance(s). Instance “RAC1”, status READY, has 1 handler(s) for this service… Service “RAC.localdomain” has 1 instance(s). Instance “RAC1”, status READY, has 1 handler(s) for this service… Service “RACXDB.localdomain” has 1 instance(s). Instance “RAC1”, status READY, has 1 handler(s) for this service… The command completed successfully How to connect to your Service: 1) Add following tns entry in your tnsnames.ora NEWSRV = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = scan-ip)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = NEWSRV.localdomain) ) ) 2) connect thru sqlplus [oracle@Rac1 admin]$ sqlplus system@NEWSRV SQL*Plus: Release 11.2.0.1.0 Production on Sat Jun 16 10:12:49 2012 Copyright (c) 1982, 2009, Oracle. All rights reserved. Enter password: Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 – 64bit Production With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP, Data Mining and Real Application Testing options SQL> select host_name from v$instance; HOST_NAME —————————————————————- Rac1.localdomain Relocating Services: 1) Service will relocate to available instance if preferred instance becomes unavailable: [oracle@Rac1 admin]$ ps -ef |grep smon oracle 5346 1 0 08:39 ? 00:00:00 asm_smon_+ASM1 oracle 6245 1 0 08:40 ? 00:00:02 ora_smon_RAC1 oracle 16371 8720 0 10:13 pts/2 00:00:00 grep smon [oracle@Rac1 admin]$ kill -9 6245 [oracle@Rac1 admin]$ ps -ef |grep smon oracle 5346 1 0 08:39 ? 00:00:00 asm_smon_+ASM1 oracle 16488 8720 0 10:14 pts/2 00:00:00 grep smon [oracle@Rac1 admin]$ srvctl status service -s NEWSRV -d RAC Service NEWSRV is running on instance(s) RAC2 [oracle@Rac1 admin]$ sqlplus system@NEWSRV SQL*Plus: Release 11.2.0.1.0 Production on Sat Jun 16 10:14:42 2012 Copyright (c) 1982, 2009, Oracle. All rights reserved. Enter password: Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 – 64bit Production With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP, Data Mining and Real Application Testing options SQL> select host_name from v$instance; HOST_NAME —————————————————————- Rac2.localdomain 2) You can manually relocate service back to original instance once it is back up: [oracle@Rac1 admin]$ srvctl relocate service -s NEWSRV -d RAC -i RAC2 -t RAC1 [oracle@Rac1 admin]$ srvctl status service -s NEWSRV -d RAC Service NEWSRV is running on instance(s) RAC1 yntax and Options Use the srvctl add service command with the following syntax: srvctl add service -d db_unique_name -s service_name -r preferred_list [-a available_list] [-P TAF_policy] Table A-6 srvctl add service Options Option Description -d db_unique_name Unique name for the database. -s service_name The service name. -r preferred_list The list of preferred instances. -a available_list The list of available instances -P TAF_policy The TAF policy (NONE, BASIC, or PRECONNECT). If you choose PRECONNECT, it creates a service_Preconn

java.lang.ClassNotFoundException: oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener

1286039.1 Click to add to Favorites Managed Server Fails to Restart with ClassNotFoundException After Deploying the Imaging Application IPM 11g (Doc ID 1286039.1) To BottomTo Bottom In this Document Symptoms Changes Cause Solution Applies to: Oracle Weblogic Server - Version 10.3.3 and later Information in this document applies to any platform. ***Checked for relevance on 5-Oct-2012*** Symptoms A managed server fails to start from the console with the following exception, after deploying an imaging application on IPM 11g. The server starts correctly when invoking the default start up scripts. It only fails when started through console using a node manager. The following error message is reported in the log file as the cause for the deployment failure: Caused By: java.lang.ClassNotFoundException: oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:280) Changes An imaging enterprise application (.ear file) was deployed in the IPM 11g environment. Cause The issue is caused because the required classes are not loaded in the classpath when starting the servers using the nodemanager; that is, the nodemanager is used when starting managed servers through console. In the nodemanager.properties files the following settings are set to false, and as a result the servers are not using the classes present in the start up script. StartScriptEnabled=false When the servers directly usie the startWeblogic.sh or startManagedweblogic.sh scripts, instead of via nodemanager, the servers start up correctly. This is because all the required classes are present in the classpath when using the scripts for starting the server. Solution Force the classpath to be set to the desired value when starting the server through the node manager. To achieve this, the most recommended and easy solution is to set the node manager to use startup scripts while starting the managed server. You can execute the following steps to implement the above solution: Open the nodemanager.properties file Set the following properties to 'true': StartScriptEnabled=true StopScriptEnabled=true Stop the Admin Server and other servers in the domain that are running. Restart the nodemanager. Start the Admin Server Retest the issue by restarting the managed server through the console. Migrate the solution as appropriate to other environments.

oam 11g good reference

http://yagneshg.blogspot.qa/2012/02/how-to-configure-oam-11g-server-and.html https://oraidm.wordpress.com/2014/01/30/install-and-configure-11g-oracle-access-manageroam/

Monday, November 28, 2016

ORACLE : How to DROP a User who is connected – forcefully

https://javaworks.wordpress.com/2009/10/29/oracle-how-to-drop-a-user-who-is-connected-forcefully/ The ideal way for all development shops to work is to have each developer have his own database, but as you all know life is not that easy on us!. So you want to update the schema, which requires to drop all users and you see that your script is complaining that some of the users (in oracle users are the schemas) are still conneted and cannot be dropped. This would normally mean some one is running an application/service/App server, which is holding some connections to your database. You have been nice to all, mailed the group, pinged some of your fellow developers, but there is a rogue application holding on to a user/schema. What would you do. wait for ever or take matter into your hands Here is some Mojo and fire power for you to boot/kill those users force fully ( ofcourse you need to have SysDba access to the database, otherwise you are out of luck ) find the sessions for the users/schema , as a DBA use : select sid,serial# from v$session where username = '' Then kill them with : alter system kill session ',' A query that produces ready-built kill-statements could be select 'alter system kill session ''' || sid || ',' || serial# || ''';' from v$session where username = '' This will return one kill statement per session for that user – something like: alter system kill session '375,64855'; alter system kill session '346,53146'; Now Drop the user : drop user cascade; That’s it – The User is vaporized !

Sunday, November 27, 2016

Non-Ignorable Error: ORA-01917: user or role 'ODS' does not exist

2016-11-27 15:56:27.339 INCIDENT_ERROR rcu: oracle.sysman.assistants.rcu.backend.action.ActionThread::run: Failed to execute method: Excepton: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at oracle.sysman.assistants.rcu.backend.action.ActionThread.run(JavaAction.java:510) at java.lang.Thread.run(Thread.java:745) Caused by: java.sql.SQLSyntaxErrorException: ORA-01917: user or role 'ODS' does not exist at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:91) at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:133) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:206) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:455) at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:413) at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:1034) at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:183) at oracle.jdbc.driver.T4CStatement.executeForRows(T4CStatement.java:942) at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1222) at oracle.jdbc.driver.OracleStatement.executeInternal(OracleStatement.java:1770) at oracle.jdbc.driver.OracleStatement.execute(OracleStatement.java:1739) at oracle.jdbc.driver.OracleStatementWrapper.execute(OracleStatementWrapper.java:299) at oracle.ias.version.SchemaVersion.grantRegistryAccess(SchemaVersion.java:2688) at oracle.ias.version.SchemaVersion.grantRegistryAccessToComponent(SchemaVersion.java:2632) at oracle.ias.version.SchemaVersionUtil.utilSetComponentValid(SchemaVersionUtil.java:419) ... 6 more 2016-11-27 15:56:27.341 ERROR rcu: oracle.sysman.assistants.rcu.backend.action.AbstractAction::handleNonIgnorableError: Received Non-Ignorable Error: ORA-01917: user or role 'ODS' does not exist Solution : orpidm@pidmdb01:/u01pd/DB/oracle/product/12.1.0/dbhome_1/network/admin$ sqlplus / as sysdba SQL*Plus: Release 12.1.0.2.0 Production on Sun Nov 27 15:57:09 2016 Copyright (c) 1982, 2014, Oracle. All rights reserved. Connected to: Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP, Advanced Analytics and Real Application Testing options SQL> alter profile default limit PASSWORD_VERIFY_FUNCTION null; Profile altered. SQL> commit; Commit complete. SQL>

Sunday, November 13, 2016

Oracle JDeveloper and Oracle ADF 12c (12.2.1.1.0): New Features

Oracle JDeveloper and Oracle ADF 12c (12.2.1.1.0): New Features http://www.oracle.com/technetwork/developer-tools/jdev/documentation/1213nf-2222743.html https://docs.oracle.com/cd/E13224_01/wlw/docs103/guide/webapplications/workshopJSP/tutorialJSP/TutorialJSPMakeJSP.html

Thursday, November 10, 2016

Post DB Installation Tasks :

Post Installation Tasks : sqlplus "/as sysdba" SQL> alter system set session_cached_cursors=100 scope=spfile; System altered. SQL> SQL> alter system set processes=500 scope=spfile; System altered. SQL> SQL> alter system set aq_tm_processes=1 scope=both; System altered. SQL> alter system set db_cache_size=150994944 scope=both System altered. SQL> alter system set java_pool_size=125829120 scope=both; System altered. SQL> alter system set shared_pool_size=183500800 scope=both; System altered. SQL> alter system set open_cursors=800 scope=both; System altered.

Wednesday, November 9, 2016

Web Application Integration Steps in OAM 11gR2 (High Level)

https://blogs.oracle.com/OIM11gR2/entry/web_application_integration_steps_in Install OAM, Webtier (OHS) and WebGate as per the standard installation steps. Create a WebGate instance (i.e deploy WebGate) A WebGate instance must be created that will copy required bits of agent from WEBGATE_HOME to WebGate instance location that shares the same INSTANCE_HOME with OHS ./deployWebGateInstance.sh –w /Oracle/Middleware/Oracle_WT1/instances/instance1/config/ohs1 –oh /Oracle/Middleware/Oracle_OAMWebGate1 Note: Here –w flag indicates OHS instance folder and –oh indicates the WebGate Oracle home Configure WebGate In the webgate configuration the EditHttpdConf utility will copy OUI instantiated apache_webgate.template from WEBGATE_HOME to webgate instance location (renamed to webgate.conf), and update httpd.conf with one additional line to include webgate.conf. export LD_LIBRARY_PATH=$ LD_LIBRARY_PATH:/Oracle/Middleware/Oracle_WT1/lib Navigate to /Oracle/Middleware/Oracle_OAMWebGate1/webgate/ohs/tools/setup/InstallTools ./EditHttpdConf –w /Oracle/Middleware/Oracle_WT1/instances/instace1/config/OHS/ohs1 –oh /Oracle/Middleware/Oracle_OAMWebGate1 –o webgate.conf Register WebGate Use RREG tool to register the OAM 11G WebGate Navigate to /Oracle/Middleware/Oracle_IDM1/oam/server/rreg/input Edit OAM11Grequest.xml. Change the specific xml content to include the weblogic admin URL, agentBaseURL, host identifier etc.. Navigate to /Oracle/Middleware/Oracle_IDM1/oam/server/rreg/bin Set permissions to oamreg.sh à chmod 777 oamreg.sh Edit oamreg.sh and set OAM_REG_HOME=/Oracle/Middleware/Oracle_IDM1/oam/server/rreg ./oamreg.sh inband input/OAM11Grequest.xml Enter the WebLogic admin credentials when prompted. After performing the above steps, there will be two artifcats created under Oracle/Middleware/Oracle_IDM1/oam/server/rreg/output, namely ObAccessClient.xml (Stroing webgate config parameters) and cwallet.sso (storing the agent key). These files must be copied to WebGate instance config folder (/Oracle/Middleware/Oracle_WT1/instances/instance1/config/ohs1/webgate/config) Restart OHS Deploy the web application (myApp) in WebLogic application server Proxy Configuration in OHS The mod_wl_ohs module enables requests to be proxied from Oracle HTTP Server 11g to Oracle WebLogic Server. Navigate to /Oracle/Middleware/Oracle_WT1/instances/instance1/config/OHS/ohs1 Edit mod_wl_ohs.conf file to include the following: WebLogicHost WebLogicPort # Debug ON # WLLogFile /tmp/weblogic.log MatchExpression *.jsp SetHandler weblogic-handler # PathTrim /weblogic # ErrorPage http:/WEBLOGIC_HOME:WEBLOGIC_PORT/ Note: Here WEBLOGIC_HOST and WEBLOGIC_PORT are the WebLogic admin server host and port respectively Restart OHS. Now if we access the web application URL with OHS host and port (Ex: http://OHS_HOST:/myApp) so that the requests will be proxied to WebLogic server. Create a new application domain Login to OAM Admin Console Navigate to Shared Componentsà Authentication Schemesà Create Authentication Scheme (Ex: LDAP Auth Scheme. Here the scheme is assoicated with LDAP Authentication Module) Navigate to Policy Configuration à Application Domain à Create Application Domain Enter the Application Domain Name and Click Apply. Navigate to Resources tab and add the resource urls (Web Application URLs that needs to be protected) Navigate to Authentication Policy tab à Create a new authentication ploicy by providing the Resource URLs (The sample Web Application URLs) and Authentication Scheme. Navigate to Authorization Policy tab à Create a new authorization policy à Enter authorization policy name and navigate to Resource Tab à Attach the Reource URL, Host Identifiers here. Navigate to Conditions tab à Add the conditions like whom to allow and whom to deny access. Navigate to Rules tab à Crate the Allow Rule and Deny Rule with the available conditions from the previous step so that the Authorization Policy may authorize the logins. Navigate to Resources tab and attach the Authentication and Authorization plocies created in the above steps. Test the Web Application Integration.

Oracle Access Manager SSO Request Flow

http://www.oraworld.co.uk/step-by-step-flow-of-user-request-for-sso-via-oracle-access-manager/ 1. The user requests a resource. 2. A WebGate forwards the request to OAM for policy evaluation. 3 OAM: – Checks for the existence of an SSO cookie – Checks policies to determine whether the resource is protected and, if so, how 4. The OAM server logs and returns decisions. 5. The WebGate responds as follows: – Unprotected Resource The resource is served to the user. – Protected Resource The request is redirected to the credential collector. The login form is served, based on the authentication policy. The authentication processing begins. 6. The user sends credentials. 7. OAM verifies the credentials. 8. OAM starts the session and creates the following host-based cookies: – One per partner: OAMAuthnCookie set by 11g WebGates (ObSSOCookie set by 10g WebGates) using the authentication token received from the OAM server after successful authentication Note: A valid cookie is required for a session. One for the OAM server: OAM_ID 9. OAM logs Success or Failure. 10. A credential collector redirects the request to the WebGate and the authorization processing begins. 11. The WebGate prompts OAM to look up policies, compare them to the user’s identity, and determine the user’s level of authorization. 12. OAM logs policy decision and checks the session cookie. 13. The OAM server evaluates authorization policies and caches the result. 14. The OAM server logs and returns decisions. 15. The WebGate responds as follows: – If the authorization policy allows access, the desired content or applications are served to the user. – If the authorization policy denies access, the user is redirected to another URL determined by the administrator. OAM 11g WebGate Request Flow 1. The OAM 11g WebGate intercepts a request, determines whether the resource is protected, and if it is, the server returns a response with the authentication scheme that is required to authenticate the user. 2. The WebGate sets the OAM_REQ cookie to keep track of the target or requested URL, and then redirects to the OAM 11g server, which routes the request to the credential collector. 3. The credential collector serves up the login page, which captures the credentials and posts them to the OAM server. 4. After the credentials are validated, the OAM server creates an authentication token, the session in Coherence, and sets the OAM_ID cookie, which has details about the user, the time the session was created, the idle timeout, and a session identifier to the Coherence session. 5. Then the OAM server constructs a response, which is encrypted with the WebGate’s key, and redirects to the WebGate. The WebGate decrypts the response, extracts the authentication token and the session identifier, and uses that information to set an OAMAuthnCookie, which is set as a host cookie: OAMAuthnCookie_. Note: If you are using a 10g WebGate, the response from the server will contain the information required to set ObSSOCookie. If you are using mod_osso, the response will contain the information required to set the OHS host cookie. 6. When subsequent requests are made from that WebGate, the authentication token is passed by the WebGate to the OAM server, which validates the authentication token, checks the validity of the OAM_ID cookie and session timeout, checks the server-side session object stored in Coherence, and does the appropriate authorization checks. 7. When a resource protected by a second WebGate is requested, the request flow is similar to the preceding points. WebGate2 (WG2) checks whether the resource is protected, and gets the authentication scheme details from the OAM server. From there, WG2 redirects to the OAM server and the OAM server checks the OAM_ID cookie, generates a new authentication token for WG2, creates an encrypted response by using the key for WG2, and then redirects to WG2. WG2 decrypts the response, extracts the authentication token and session identifiers, and sets an OAMAuthnCookie as a host cookie for WG2.

Sunday, November 6, 2016

How To Configure A Custom Login Page For OAM 11g (Doc ID 1281026.1)

Give Feedback... Click to add to Favorites How To Configure A Custom Login Page For OAM 11g (Doc ID 1281026.1) To BottomTo Bottom In this Document Goal Solution APPLIES TO: Oracle Access Manager - Version 11.1.1.3.0 and later Information in this document applies to any platform. GOAL How to configure an Oracle Access Manager ( OAM ) authentication scheme to use an external custom Form Login page ? The intention of this note is to provide only an example showing how to configure an external custom login page. A full description about how to configure authentication schemes and custom login pages can be found in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager 11g Release 1 (11.1.1). Managing Authentication Modules http://download.oracle.com/docs/cd/E14571_01/doc.1111/e15478/shared.htm#BABEIFCE and Oracle Fusion Middleware Developer's Guide for Oracle Access Management 11g Release 2 (11.1.2) 4.2 Developing Custom Login Pages http://docs.oracle.com/cd/E27559_01/dev.1112/e27134/custpages.htm#CHDIAFAJ This Note does not cover how to configure a custom login page for the Detached Credential Collector (DCC) introduced with OAM 11.1.2. Information how to configure a custom login page for the DCC could be found in the Oracle Fusion Middleware Developer's Guide for Oracle Access Management 11g Release 2 (11.1.2) . SOLUTION The following requirements exist for an OAM 11g external custom login page: Custom login pages require exactly two form fields (username and password). Oracle Access Manager supports authentication forms with two fields only. The form action has to be: "http://oamserverhost:port/oam/server/auth_cred_submit". The login page must submit back the "request_id" or the "OAM_REQ" value sent by OAM when redirecting to the external login page. Please note that to test any custom authentication scheme it must be used to protect a resource of some kind, so there must be an existing application domain and policy that this authentication scheme can be applied to. Further it may be a good idea to validate the access to such a resource with one of the out-of-the-box authentication schemes prior to any customization. Custom Login Page requirements dependent from the OAM Server "RequestCacheType" setting During the authentication process the client browser is redirected by the OAM Server to the login page. The OAM Server needs to store information about the client's original request to a protected resource. The "RequestCacheType" parameter defines how this information is stored and is configured in the oam-config.xml file. The "RequestCacheType" could be configured for the following values: BASIC: In this mode the OAM Server stores the information in memory. This mode could not be used in an OAM Cluster High Availability environment, because during the authentication process, the client might be redirected to different OAM Server instances and the information about the original request is only available in the memory of one OAM Server instance. This mode requires the Custom Login Page to return the "request_id" value. COOKIE: In this mode the OAM Server creates an encrypted OAM_REQ cookie to store the information. This mode could be used in a High Availability environment. The Custom Login Page only needs to return the username and password. FORM: In this mode the OAM Server sends the information about the original request via a POST request using an encrypted OAM_REQ value. This mode could be used in a High Availability environment. The login page must return the OAM_REQ value Example code to return the OAM_REQ parameter: ---------------------------------------------------------------------------------------- String oamReq = request.getParameter("OAM_REQ"); ---------------------------------------------------------------------------------------- 1. In this example a login JSP is used to be able to read the "request_id" parameter send by the OAM Server for each login request. Caution This sample code is provided for educational purposes only and not supported by Oracle Support Services. It has been tested internally, however, and works as documented. We do not guarantee that it will work for you, so be sure to test it in your environment before relying on it. <%@page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request. getServerPort()+path+"/"; String reqId = request.getParameter("request_id"); %> My JSP 'index.jsp' starting page Custom Login JSP
Login
Password
 
Note: You have to change "oamservername" and "oamport" in the form action URL. For OAM 11.1.1.3: You have to provide the full qualified hostname and port for the OAM Server as specified in the OAM Console under SSO Engine settings. For OAM 11.1.1.5 and OAM 11.1.2.x : You have to provide the full qualified hostname and port for the OAM Server as specified in the OAM Console under System Configuration -> Access Manager Settings -> Load Balancing 2. The login JSP page could be deployed either to the same WebLogic domain where OAM Server is running or on any external Server capable to execute JSP ( for example OC4J ) . 2.1. Deploying the login.jsp to the WebLogic Domain, where OAM is running. 2.1.1. Create a war file. - create the directory "customloginpage" and the subdirectory "pages" - copy the file login.jsp containing the above example code to the directory "customloginpage/pages" - change directory to ""customloginpage" - execute the following command to create a war file: jar cvf customloginpage.war * 2.1.2. Copy the customloginpage.war file to the directory $WLS_DOMAIN/servers/AdminServer/upload 2.1.3. Deploy the war file: - Log on to the WebLogic console - Choose "Deployments" and press the "Install" button. - Choose the customloginpage.war file - Use the default "Install this deployment as an application" and press the "Next" button - Select the Admin server and all OAM managed Server and press "Next" - Accept the defaults and press the "Finish" button The war file is now deployed under the context root "/customloginpage" 2.1.4. Create an OAM authentication scheme referencing the custom login JSP page. - Log on to your "OAMCONSOLE" (/oamconsole). - Click the Authentication Schemes node, then click the Create button in the tool bar. - Complete with the following parameters: Name: provide a name for the authentication scheme Authentication Level: choose an appropriate level Challenge Method : FORM Challenge Redirect URL : /oam/server Authentication Module : LDAP Challenge URL: /pages/login.jsp Context Type : customWar Context Value : /customloginpage - Click the Apply button. 2.2. Installing the login JSP on an external Server 2.2.1. Install a login.jsp containing the above example code on an external Server and test the accessibility via a browser. 2.2.2 Create an OAM authentication scheme referencing the external custom login JSP page - Log on to your "OAMCONSOLE" (/oamconsole). - Click the Authentication Schemes node, then click the Create button in the tool bar. 2.3. Complete with the following parameters: Name: provide a name for the authentication scheme Authentication Level: choose an appropriate level Challenge Method : FORM Challenge Redirect URL : /oam/server Authentication Module : LDAP Challenge URL: URL to access the external JSP (example: http://myserver.oracle.com:80/j2ee/login.jsp) Context Type : external 2.4. Click the Apply button. Note: If you have an OAM-OIM integration any OIM links in the original login page need to be manually added to the custom login page. Troubleshooting: If you find that when modifying the custom login page and redeploying that the changes do not take effect, try removing the OAM servers cache and restarting the OAM server: 1. Shutdown oam_server1 2. Rename cache and tmp folders under $MW_HOME/user_projects/domains/base_domain/servers/oam_server1 3. Restart oam_server1 Join the IDM MOS community Forum for general IDM discussions, questions, best practices, and other valuable information

Saturday, November 5, 2016

0ID 11G How to Unlock/Reset Super User cn=orcladmin When the ODS's Password Has Been Forgotten, Lost or is Unknown?

How to Unlock/Reset Super User cn=orcladmin When the ODS's Password Has Been Forgotten, Lost or is Unknown? (Doc ID 472752.1) https://itbitsolutions.wordpress.com/2010/02/18/how-to-change-or-reset-password-of-super-user-cnorcladmin-account/ http://ptotech.blogspot.qa/2014/08/oid-11117-unlocking-superuser-orcladmin.html http://orafapp.blogspot.qa/2012/09/reset-super-user-cnorcladmin-when-odss.html oidpasswd utility is used in changing the super user account (cn=orcladmin) and ODS database schema password. Note: cn=orcladmin is different from orasso orcladmin account which is used for SSO administration. if you want to change /pls/orasso orcladmin acccount you can do it directly from ODS or OIDDAS. I) Changing cn=orcladmin password if ODS password is known $oidpasswd conn=Connect string reset_su_password=true Command would prompt for ODS password ex: $oidpasswd conn=Connect string of MR reset_su_passwword=true OID DB user password: password: Enter password confirm password: Enter Password OID super user password reset successfully II) Unlocking super user cn=orcladmin account. $oidpasswd connect=connect_string unlock_su_account=true III) Changing cn=orcladmin password if ODS password is unkown or forgotten. Resetting the cn=orcladmin is bit lengthy and would require some down time on OID. 1. Shutdown the OID processes $ opmnctl stopproc ias-component=OID 2. Verify that there is no OID process running % ps -ef | grep -i oid 3. Rename ls oidpwd* files in $ORACLE_HOME/ldap/admin directory. 4. Login into OID database and change ODS password SQL> alter user ods identified by password; 5. Verify that you are able to login to the database using following command. $ sqlplus ods/password@connect_string 6. Execute the oidpasswd command to recreate the files renamed in step 3 %oidpasswd connect=connect_string create_wallet=true Note: To use in this step the same password defined in step 4. 7. Verify that the files renamed in step 3 have been recreated under $ORACLE_HOME/ldap/admin directory 8. If the orcladmin account is locked then use following command $ oidpasswd connect=connect_string unlock_su_acct=true 9. If the password for orcladmin needs to be changed then use following command $ oidpasswd connect=connect_string reset_su_password=true OID DB user password: password: Enter password confirm password: Enter Password OID super user password reset successfully 10. Start the OID process % opmnctl startproc ias-component=OID 11. Verify that the account orcladmin has been unlocked or that the password has been changed successfully $ $ORACLE_HOME/bin/ldapbind -p port -D cn=orcladmin -w newpasswd Reference: 472752.1 : How to Unlock/Reset Super User cn=orcladmin When the ODS’s Password Has Been Forgotten or is Unknown? 251354.1: OID Superuser Password Locked: How to Unlock the orcladmin Password OIDPASSWD: http://download.oracle.com/docs/cd/B14099_07/manage.1012/b14082/syntax.htm#sthref3864 A.9 OID Database Password Utility (oidpasswd) Syntax Note: if you want to change the passwords of cn=orcladmin and ODS Database schema and sync their passwords (cn=orcladmin & ODS would have same passwords). You need to change orcladmin and then ODS

Wednesday, November 2, 2016

12c database install Oracle Clusterware infrastructure error in OLSNODES (OS PID 6333): CLSD/ADR initialization failed

The issue is because of the permission given to the client folder in the GRID_HOME , After bringing down the crs run the below command as root user from both nodes and then list the olsnodes. It should list only the nodes which are the member of the rac. and then proceed with the installation . crsctl stop crs -f # cd /crs/install/ # ./rootcrs.sh -init crsctl start crs This solve the issue