Pages

Thursday, May 17, 2012

Enabling the SSL Oracle Identity Manager 11g

The following procedure is being used to enable the SSL in Oracle Identity Manager 11g.

Generating Identity Key Store

The following command is being to generate the private key , public key , and Key store.

keytool -genkey -alias identity -keyalg RSA -keysize 2048 -keypass <key password> -keystore trust.jks -storepass <storepassword>

Generating Trust Key Store

The following command is being to generate the private key , public key , and Key store of the Trust Key store.

keytool -genkey -alias trust -keyalg RSA -keysize 2048 -keypass <key password> -keystore trust.jks -storepass <storepassword>

Generating Cert Request From the Identity Key Store

The following command is being to generate the cert request.

keytool -certreq -alias identity -keystore identity.jks -file req.cer

Sending the Cert Request to the Signing Authority

Send the req.cer file to Certificate authority like verysign, thaw etc.

Import the Signed Certificate into the Identity Key Store

The following command is being used import the signed certificate into the identity key store

keytool -importcert -keystore identity.jks -alias server-o1 -file req-signed.cer

Import the Signed Certificate into the Trust Key Store

The following command is being used import the signed certificate into the trust key store

keytool -importcert -alias rootca -file rootca.crt -keystore trust.jks

Enabling the SSL Web Logic Console

1) Enter the following URL and it will display the Web Logic Admin Console Login page.
http://localhost.localdomain:7001/console/


2) Enter the User Name and Password and Click Login Button and It will display the following screen .



3) In the Left hand side menu Click Environment --> Servers and It will display the following screen.



4) Click soa_server1 and it will display the following screen.



Select the SSL Listen Port Enabled Check Box and Click Save Button.

5) Click the Keystores menu and It will display the following screen.



6) Click the Change Button and It will display the following screen

7) Select the Custom Identity and Custom Trust from the Key Stores Combo Box and Click Save Button. And It will Display the following screen.





Enter the Identity Key Store absolute path, Key Store Password, Confirm Key Store Password, absolute path of the Trust Key store, Key store password, Confirm Key Store password. The sample values are shown in the Screen Shot.



8) Click Save Button and It will display the following screen.



9) Click SSL Menu and It will display the following screen.



Finding the Private Key alias in the in the Identity Key store as follows.



identity, May 17, 2012, PrivateKeyEntry Enter the Private Key Alias,Private Key Passphrase, Confirm Private Key Passphrase and Click Save Button and It will display the following screen.



In the above screen shot private alias is identity.



Verifying the SSL URL

https://localhost:8002/integration/worklistapp

You will see the certificate in the browser after accessing the above url.

Please follow the same steps to enable the OIM Server from step 1 to 9.

Good Luck

Tuesday, May 8, 2012

Authentication Failed: User oiminternal denied

Problem:

I am getting the Authentication Failed: User oiminternal denied Exception while starting the web logic start up.

<Login Exception encountered when trying to login as admin {0} javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User oiminternal javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User oiminternal denied at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:199) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:684) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at Thor.API.Security.LoginHandler.weblogicLoginHandler.login(weblogicLoginHandler.java:62) at oracle.iam.platform.OIMClient.login(OIMClient.java:134) at oracle.iam.platform.OIMClient.login(OIMClient.java:114) at oracle.iam.platform.OIMInternalClient.loginAsOIMInternal(OIMInternalClient.java:102) at oracle.iam.scheduler.impl.util.SchedulerUtil.getSchedulerService(SchedulerUtil.java:841) at oracle.iam.scheduler.webapp.SchedulerStartupServlet.startScheduler(SchedulerStartupServlet.java:92) at oracle.iam.scheduler.webapp.SchedulerStartupServlet.init(SchedulerStartupServlet.java:46) at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120) at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64) at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58) at weblogic.servlet.internal.StubLifecycleHelper.(StubLifecycleHelper.java:48) at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:539) at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1985) at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1959) at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1878) at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3154) at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1508) at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:485) at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:427) at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52) at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119) at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:201) at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:249) at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:427) at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52) at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119) at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:28) at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:637) at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52) at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:205) at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:58) at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161) at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79) at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184) at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361) at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:52) at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200) at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:31) at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261) at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220) at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:170) at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:124) at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:181) at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:97) at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209) at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Cause:

The OIMAuthenticationProvider db-password-encrypted padding is corrupted.

Solution:

Go to the $DOMAIN_HOME/config directory. Edit the config.xml and search the OIMAuthenticationProvider entry in the config file. Once you found the OIMAuthenticationProvider entry in the config file and modify the <ext:db-password-encrypted> value.

Restart the Web Logic Server and the issue will be resolved.