Back in the days of OAM 10g there was a set of 13 standard reports that Oracle made available for BI Publisher. These old reports can be found at http://www.oracle.com/technetwork/middleware/id-mgmt/oam-reports-1-132943.zip. I am now on the search for reports for OAM 11gR2. There are signs of hope, Oracle's license for OAM includes a Restricted Use License for BI Publisher.
HI + IM = Nulli
Nulli experts share their Human Information + Identity Management knowledge
It is unlikely that many will have this problem, but if you do this could save some time and headache troubleshooting...
Upgrade from COREid 7 to OAM 10.1.4.0.1 process drops the root CA......
I just had the most frustrating experience. I am in the midst of upgrading OAM 7.x to 10.1.4.3. I had all the components upgraded to 10.1.4.0.1 so I got backups taken.
SAML Service coming back to OAM in a future release?
Is your OAM installation setup in simple mode? Then chances are your installation is going to break on July 25, 2010. You may have heard a faint ticking every time you got near one of your OAM machines, but never had a chance to figure out where this impending failure was going to come from. As you know,according to Mayan Calendar, in 2012 in simple mode OAM generates certificates for you using the simpleCA root CA (tools\openssl\simpleCA). This root certificate is also used to complete the chain of trust when establishing SSL connections.
But did you know that root CA certificates expire? The OAM certificate expires Jul 25 18:03:57 2010 GMT after which your OAM components will no longer be able to communicate with each other
OAM supports UTF-8 in incoming data, and can generate HTML pages encoded with UTF-8, but what about internally? Is UTF-8 data available in plugins? In HTTP header variables?
The bind account that OAM uses to connect to OID directory services needs to have full rights over the portion of the DIT that you intend to manage with OAM.
One of the key tasks during development and deployment of OAM is running the product browser-based-setup process. It is this process that results in the initial 'oblix branch' being written to the directory service. So, when a customer wants to start again, the question is, "How do I make that setup process happen again?"
I was installing OAS 10.1.4.0.1 today as I needed to use OID for an OAM deployment.
Many of our readers are aware that we have had the "COREid Migration Service" available for public use for the past three years. This service has been a resounding success with several high profile North American OAM customers relying on it to maintain consistency across their environments. The expression, "If it ain't broke, don't fix it." best describes our attitude towards the initial release.
Setting up IWA is a fairly straight forward task.
Modifiying the RDN for User in Oracle Internet Directory (OID 10g) - known issue.....
When using a older Access Server SDK (7.0.4) with a newer Access Server (10.1.4) running in backward compatibility mode recently,
IdXml interprets attribute access differently vs using a portal insert to perform the same change....
In order to be able to search for deactivated users, the logged in user need to be a participant in a reactivate user workflow definition.
Certain actions (such as creating or removing an LDAP entry) are only available via OAM's 'workflow' engine. A freshly installed OAM system has no workflows configured, thus, no immediate mechanism to affect such actions.
It makes sense that the ideal HTTP Client for IDXML processing is the authenticated user's browser. After all, it already has the ObSSOCookie.
What if you want to include a virtual attribute in your search results that is derived form another attribute?
Creating a mapping file for OVD to use on inbound and/or outbound LDAP transactions can sometimes be tricky to get absolutely correct the first time. Invariably, the message
Could not complete mapping
is bound to show up at least once when you are trying something new.
When installing the 10.1.4 WebGate to protect an application with web services that relied on the Oracle Client for database connectivity, the application failed to run after the install. The following message is what was received back from the application:
The provider is not compatible with the version of Oracle client
If OAM protects a web resource with a basic authentication scheme, any browser request for that request returns a 401 with a "WWW-Authenticate: basic" header.
The IIS Resource Kit's SelfSSL tool is a quick and sneaky way to get both IIS and ADAM running SSL for quick OAM sandbox environments.
When you know that it is in fact not down, and you've checked that all your WebGate parameters are correct a million times...
This is a simple one, but a nuisance none-the-less.
This is a little bit off topic as OAM goes but everytime I want a quick OAM / Servlet container working environment, it takes me too long to discover this info.
IDXML can be cool. It can also cause one to question one's future in front of a keyboard.
When creating a custom style for Oracle Access Manager (formerly COREid) the product creates a localized directory for you in the default language, but all of the files in the localized copy point back to the main style sheets in the shared directory. In order to keep the vanilla sheets for style0 (Classic Style) intact it is advisable to create a duplicate shared directory (i.e. newstyle_shared).