OAM 11g R2 PS2 (11.1.2.2.0) : Detached Credential Collector (DCC) Setup

-
This post covers the setting up of Detached Credential Collector (DCC) on OAM using Password Policy Validation Module.

Modify the C:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\oamsso-bin\login.pl to include the perl path.



                                                                                                                                                                 
                                                                                                                                                                 

                                                                                                                                                                 
                                                                                                                                                                                                                                                                                                                                  
                                                                                                                                                                 
Configure the Web Gate to act as DCC.










Modify the Authentication Scheme













Use the above PasswordPolicyValidationScheme in the Application Domain.











Exclude /favicon.ico and /oamsso-bin/login.pl from protected policy by marking them as excluded.










Modify the default password policy to include the password service URL to /oamsso-bin/login.pl













Try to access the resource











You will be redirected to










                                                                                                                                                                 
                                                                                                                                                                                                                                                                                                                                  
                                                                                                                                                                 


If you get the below error





















On the oam_server1 console, error message is










It means that your backend directory schema is not extended with the password policy object class and its contained attributes.


Import the schema file in OUD.











Schema file is located at C:\Oracle\Middleware\Oracle_IDM1\modules\oracle.idm.ipf_11.1.2\scripts\ldap\OUD_OblixSchema.ldif
There are schema files according to the Directory Server type at the same location.


After loading the schema , modify the test user in question with the oblixPersonPwdPolicy object class





























Now retest the by accessing the protected resource









                                                                                                                                                                 
                                                                                                                                                                                                                                                                                                                                  
                                                                                                                                                                                             
                                                                                                                                                                 

Issue resolved. Successful Authentication


Comments

Post a Comment

Popular posts from this blog

OIM 11g Custom ADF Application Development

-
Image
In this post , I will cover the steps required to create a custom ADF web application. What this application does is facilitate Account Claim Process. Users has been migrated from some other IAM product to OIM and exist in disabled state and hence cannot login to perform Self Service operations. User needs to identify themselves by providing their personal details like personal identification number, zip code and dob etc. After successfully Identifying themselves they will be able to set a new password and set their challenge questions and answers. During this process the application will activate their account and set the new password and QnA. At the end of the process, they will be able to login OIM with their new password set. The application has been developed using JDeveloper using ADF technology to render user interfaces and MVC design pattern to keep the concerns separate. Application Structure                                                                                  
Read more

Oracle Identity Manager (OIM) Interview Questions

-
This is my 100th post on my blog and in this post, I will list down interview questions on OIM. This post will always be work in progress as I keep appending this list with more and more questions. Please find the list of questions below :-) What are the new features in PS3 ? What are the differences between PS2 and PS3 ? How do you identify rogue account creation in target system ? What is the high level architecture of OIM 11g ? List out difference between OIM 9.1 and 11g and possibly 11gR2 What are the new features in 11gR2 PS2 , PS3 How do you save multi-valued attribute in process form and how the linking happens between process form & child form ,   1 child form per multi valued attribute Can we still use entity adapters in OIM 11g What is pluginservice in oim 11g/  What is the orchestration service in oim 11g. what is the difference between entity match found  and process match found ? what are service accounts in oim ? why remote manager is used ? What is a c
Read more

OIM 11g R2 PS2 : SOA Approval Workflow Sample

-
Image
In this post I am posting the sample code for a sample SOA approval workflow. Some of the features that this workflow addresses are Approval to Manager or Role Owners is dynamic based on the custom OIM system property "approval-condition". Value is set either "AND" or "OR". Manager or Role Owner can be set to be notified only with no approval required. In this case only email is sent to notify them but no approval is required from them. Custom OIM system property are created to address this.   manager-notify-only = TRUE or FALSE  TRUE = only notify the manager no approval request sent. FALSE = notify the manager and send an approval request.   roleowner-notify-only = TRUE or FALSE  TRUE = only notify the role owner no approval request sent. FALSE = notify the role owner and send an approval request. Third Level System Notification was required but it should be dynamic.  Custom OIM system property are created to address this sysadmin-noti
Read more