SAML2 encoder/decoder

Hi All,

I was working on Fedlet setup with OIF 11g. I could not get to see SAML assertions in Fedlet debug logs, I don't know why. The goal is to look at the SAML request and response for nameid and other details.

So here is the simple way to get saml xml's. One should be able to see the SAMLRequest and SAMLResponse in http headers while testing the federation URLs in browser.

Use the tool https://rnd.feide.no/simplesaml/module.php/saml2debug/debug.php and paste the SAMLRequest encoded data and click the Decode SAML Message.
Another one here, http://openidtest.uninett.no/samldebug 
The same holds true for both SAMLRequest and SAMLResponse data.

Connecting to OID Server through client

OID 10.1.4.3 was installed on remote server. All I know are the connection details. I could use LDAP tools such as JExplorer, Apache studio but I wanted to work on password policies configured in OID. However I did not have access to OID server to login to Oracle Directory Manager tool using oidadmin tool. Hence I have downloaded and installed the Oracle Database client 10g (10201_client_win32.zip).

While installing the Oracle DB client, use the option Administrator (installs the management console, management tools, networking services, util, basic client software).

The installation went successful however some optional components failed, so I did not bother.

I was able to see Oracle Directory Manager installed and can login to OID server through this client successfully.

I have referred this post for using OIDAdmin client tool.

How to find OIM version?

Login to DB as OIM schema user and execute the below sql statement. Check the screenshot below.

select xsd_value from xsd where xsd_code='XL_BUILD_NUMBER';

OIA 11.1.1.5 is not certified with WebLogic 10.3.6

Oh my god! I had struggled for 2 days deploying OIA 11.1.1.5 on WebLogic 10.3.6 in Linux environment. I was hitting the below exception during deployment.

message : Cannot construct com.vaau.commons.util.fileUtils.FileUtils$WrappedFile as it does not have a no-args constructor
cause-exception : com.thoughtworks.xstream.converters.reflection.ObjectAccessException
cause-message : Cannot construct com.vaau.commons.util.fileUtils.FileUtils$WrappedFile as it does not have a no-args constructor
class : com.vaau.commons.util.fileUtils.FileUtils$WrappedFile
required-type : com.vaau.commons.util.fileUtils.FileUtils$WrappedFile

I'd tried several troubleshooting methods by following OIA Admin & install guides for replacing the stax jar versions, modifying the configuration xmls such as dataaccess-context.xml, conf-context.xml etc.,, without success.

Finally, I had installed WLS 10.3.5, created a domain and deployed OIA and it just took hardly 20 mins for this whole process to work.

Guys, I hope this post will help you save lot of time if you're hitting the same issue.

How to migrate users/groups from one OID instance to the other

Requirement: Migrate users/groups from source OID to target OID instance.
How To:
Source:

• Export ORACLE_HOME env variable of OID instance.
• Run ldapsearch command for exporting users as shown below.

$ORACLE_HOME/bin/ldapsearch -x -h OID_HOST -p OID_PORT -D cn=orcladmin -w password -L -b "USERS_DN" -s one "objectclass=*" dn cn givenname ....... sn telephonenumber userpassword > oid_filteruser.txt

•  Run ldapsearch command for exporting groups as shown below.

$ORACLE_HOME/bin/ldapsearch -x -h oidserver.corp.company.com -p 389 -D cn=orcladmin -w password -L -b "GROUPS_DN" -s one "objectclass=*" > oid_filtergroup.txt

NOTE: For exporting users, specify the attributes to be exported either mandatory/optional.

Copy the files  oid_filteruser.txt and oid_filtergroup.txt to the target OID instance at location say /oracle/db/oid_files.

Destination:

•  Export ORACLE_HOME env variable of OID instance.
• Stop OID server.
• Goto $ORACLE_HOME/ldap/bin 
• Run ldapsearch command for importing users as shown below. 

 ./bulkload connect="OID_SCHEMA_NAME" generate=true load=true file="/oracle/db/oid_files/oid_filteruser.txt"

• To get the OID_SCHEMA_NAME, refer the tnsnames.ora file of OID environment. 
• It will prompt for OID schema password.
• Run ldapsearch command for importing groups as shown below.

./bulkload connect="OID_SCHEMA_NAME" generate=true load=true file="/oracle/db/oid_files/oid_filtergroup.txt"

•  It will prompt for OID schema password.
• Start OID server.
• Login to OID console to see the changes.

How to start sshd service in linux during server bootup

Hi All,

This may be trivial but believe it to be useful too. This post explains how to start sshd service in Linux OS during server bootup so that there is no need to start sshd service explicitly.

1. Login as root user.
2. chkconfig --level 2345 sshd on
3. service sshd restart
4. chkconfig sshd --list
5. service sshd status
6. Reboot Linux OS.
7. Run the command service sshd status and verify if the sshd is running.

Hope this helps.

3rd party integrations supported in OAM 11gR2

This post will detail the 3rd party integrations that OAM 11gR2 supports.

1. Microsoft Sharepoint 2010: Oracle Doc here. OAM 11gR1 also supports Sharepoint 2010 integration.
2. RSA Authentication Manager 7.1: Oracle Doc here. OAM 11gR1 does not support this integration.
3. JBoss 5.1.0: Documentation here. OAM 11gR1 does not support this integration.

However there are few integrations coming up post R2 such as MS OWA, SAP Portal and IBM WebSphere Portal.