Thursday, July 26, 2012

How to configure Apache Server with port less than 1024?

Goal: Apache Server runs on a http port and needs to be started/stopped as non-root user if Apache Server port is greater than 1024. How to make Apache server run as root user if port is less than 1024 in linux environment?

  1. Login as root user.
  2. Goto Apache directory say $ORACLE_HOME/Apache/Apache/bin
  3. Change ownership of apachectl as root chown root .apachectl
  4. Change permission as chmod 6750 .apachectl

Wednesday, July 25, 2012

Oracle Identity Management 11gR2 WebCast Q&A

As a follow up for my previous post on Oracle IDM 11gR2 release web cast, I would like to let you know that QA during that session was blogged here, very informative.

Friday, July 20, 2012

Oracle Access Manager patch numbers

You can find Oracle Access Manager patch numbers for any of the versions like 10g, 11g and so on here
 Metalink note: 736372.1

Highlights of Oracle Identity Management 11gR2 release webcast

I have attended the WebCast of Oracle IDM 11gR2 release yesterday and here is an overview of the discussion. This release is majorly into supporting mobile and social applications for Web SSO. Let us see various areas that are covered in this release.

  • First and foremost, the softwares of 11gR2 will be available in OTN/edelivery by mid of August.
  • Migration/Upgrade from Sun IDM to Oracle IDM: Oracle has already brought in some customer environments in house to test the migration process using scripts and tools. So automated process can be expected in this release.
  • 11gR2 with regards to cloud: Already Oracle cloud environment is being built on Oracle Identity Management stack and more features can be expected in future.
  • Mobile and Social Apps: This is the highlight of this release. SSO for these applications has been brought into Web Access Management. Lots of open standards have been incorporated such as OAuth, SAML, OpenID and REST. Some of the new features includes native mobile security and SSO with social applications such as Facebook/Twitter/Yahoo etc., and REST API for cloud and mobile application development and support for multi-data center configurations. I presume multi-data center configurations was available in 11gR1 but not certified or not officially brought out. To summarize the Oracle Access Manager spectrum has increased by large volume involving STS, Mobile & Social security, new open standards etc.,
  • More features of virtualization are included in Oracle Unified Directory. Undoubtedly it can be said that OUD has been more focused and will be future LDAP and virtual storage product beating OID/OVD/ODSEE - just my personal thought.
  • Connector reuse for both Oracle IDM and Sun IDM will be in place for target systems.
  • One of the most important integrations OIM-OIA (that leverages customers to provision the roles to downstream appplications through OIM by importing roles into OIA etc.,) has been enhanced with new feature called Entitlement Catalog in OIM that will allow us to define all business attributes and forms in catalog and be made available in recertification & approval process.
  • Simplied look and feel for Identity management & Access Governance capabilities such as Access Request, Provisioning and Certification etc.,
  • New product is introduced Oracle Privileged Account Manager OPAM that will be used across the entire breadth of IAM stack. OPAM is used to safely and easily manage shared and administrative passwords associated with business applications, middleware, database and operation systems. Integration is supported with Access Management and Identity Governance systems. It is very interesting to see this product playing role of automated approval of requests, change password management and so on. Eagerly waiting for this product.
Let me know if you have any comments.

Thursday, July 19, 2012

"ls command not found" in linux

I want to set environment variables in my linux environment and hence I updated .bash_profile with two lines at the end of the file.

export JAVA_HOME=/u01/app/Oracle/Middleware/jrockit_160_29_D1.2.0-10/bin/java
export PATH=/u01/app/Oracle/Middleware/jrockit_160_29_D1.2.0-10/bin

After sometime I had rebooted machine for something else and I am seeing a different screen after logging into linux system, an xclock and xterm stuff which was very unusual.

Later I noticed that ls and other bash commands are also not working as non-root user for which I modified the .bash_profile. See the error message given below.

-bash: ls: command not found
So I logged in as root user and modified the non-root user .bash_profile to include the actual PATH as shown below.

export PATH=$PATH:/u01/app/Oracle/Middleware/jrockit_160_29_D1.2.0-10/bin
Actually the PATH variable was earlier set as shown below.

I rebooted machine and it works fine!! A silly mistake killed my time :(

Oracle Identity Management 11gR2 webcast

Next big revolution release from Oracle is Oracle Identity Management 11gR2. WebCast is scheduled today IST 10.30 PM.

Register here.
I'll post the updates tomorrow after attending the webcast. Stay tuned!

Exploring OAM 11g

I am getting free time these days to explore on OAM 11g features more.
Few things I have started with are: Creating OAM 11g administrator users by configuring identity store. Logging and auditing stuff.

I am going to write up posts very soon on the above mentioned stuff. Next exploring topic is Custom Authentication plugins.
Stay tuned!!

Oracle Access Manager 11g is certified with Sharepoint 2010 server

One of the much awaited integrations in OAM 11g queue is Sharepoint 2010 server. Well, there is a good news and it is certified now. Check out the certification matrix.
Please contact me for integration documents.

Tuesday, July 17, 2012

Configure Node Manager for OAM Server 11g

Hi All,

Today I am going to explain the steps for configuring node manager for OAM Server 11g. In fact these steps can be used to configure node manager for any of the other managed servers too.

Before I get into the actual topic, let me explain you what a Node Manager is. Node Manager is a java utility tool that allows you to perform common operation tasks on Managed Servers. In a typical production environment where managed servers are distributed across geographic locations the Managed Servers can be operated from a single place called Node Manager.

Let's see how we can do this.
  1. Create a machine where Managed servers are running. If there are 3 managed servers present in a cluster, then 3 machines with respective hostnames has to be created in WebLogic Admin console. Specify the machine name as you like, but should be meaningful :)
  2. Specify the Type of Node Manager and machine hostname and listening port that the node manager has to communicate with.
  3. Specify a Managed server to associate with this machine.
  4. Execute the script and connect to WebLogic Admin server using WLST java command.
  5. Execute nmEnroll script to enroll the node manager for a specific weblogic domain
  6. Edit the file and set parameter SecureListener=false. This file is located at $MW_HOME/wlserver_10.3/common/nodemanager
  7. Start the node manager using script located at $MW_HOME/wlserver_10.3/server/bin. Wait for the message "Plain socket started listener on port 5556". You will see the port that was specified in step 2.
  8. Goto WLS Admin console and check the status of Node Manager in the machine.
  9. Now, its time to start managed server using node manager. Goto WLS Admin console and traverse to Environment -> Servers -> oam_server1 -> Control. Goto the end of the page and select the checkbox and click Start.
  10. Wait till the status appears RUNNING.

Wednesday, July 11, 2012

Planning to install Oracle Identity Management

I have written few posts here on planning the installation of Oracle Identity Management for various scenarios. The post also covers the installation steps with detailed screenshots.

Hope this helps!

Please get back to me in case of any queries/suggestions.

Updates on OES 11g with Java SM in Tomcat Server

Earlier I had written my comments about OES 11g with java SM in Tomcat container in this post. I'd like to redefine this with some changes.

First of all, OES is not supported on Tomcat Server 6.x. However if your client have no choice other than using Tomcat and there is an application to be protected against OES 11g, then here is what you can do:

Assuming that OES server and client + Java SM is installed and up and running.

  • Goto Tomcat install directory, edit the or setclasspath.bat and update the Tomcat Classpath with oes-client.jar as export CLASSPATH=$CLASSPATH:$OES_CLIENT_HOME/modules/oracle.oes.sm_11.1.1/oes-client.jar.
  • Specify the Java SM jps-config.xml in the Java OPTIONS (in the same file or setclasspath.bat) as export JAVA_OPTS= $JAVA_OPTS$OES_CLIENT_HOME/oes_sm_instances//config/jps-config.xml.
Test the Tomcat application with some authorization policies and it works!

Exceptions: In my case, our enterprise application was using xml parser jars which was conflicting with xmlparserv2.jar located under $OES_CLIENT_HOME/modules/...