Andreas' Adventures

Ran into a problem when installing Oracle Identity Management into a WLS 11g. Registering the OID with opmnctl gave me an oracle.as.config.ProvisionException. Solved it by extending the domain (although the configuration of the OID was specifically set to No Domain). Make sure that the Enterprise Manager is in the domain. After that (and this is the important part) make sure to restart the domain, at least the AdminServer.

When I was extracting some information from an OID I found that the LDIF lines contain a line break. Some searches on the Internet delivered a nice solution from Dan Norris: http://www.dannorris.com/2008/09/08/concatenating-lines-in-ldapsearch-results/ Using that the the ldif file was modified and was reusable for my purpose (creating provisioning profiles for DIP).

Lately I've been doing some AD-OID synchronization. Should be not that difficult, but as so often the devil is in the detail. The AD admin created a user that is capable of reading the complete AD - as it is described in the documentation. Then I tried to login. And tried, and tried. Password was reset, different password was used, etc. No luck. I tried a very easy ldapsearch and received the follwoing error: 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893 HEX: 0x531 - not permitted to logon from this workstation DEC: 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.) LDAP[userWorkstations: ] NOTE: Returns only when presented with valid username and password/credential. Aha, that gave me a clue. So the username and password seemed to be correct. Some googeling established the problem. The user was created but the AD admin did not allow the user to login to the machine where the AD was running.

Trying to fix the problems I encountered earlier I found out that the removal of the OID security provider is performed by the following steps. During the setup where OID is created as a security provider the ssoreg.sh is run on the OID layer. Remove this with the web-based ORASSO (http://host:port/pls/orasso). But the second step involved the usage of the new osso_newsite.conf file. This is done with the $ORACLE_AS10131_HOME/Apache/Apache/bin/osso1013 . Just comment out the entries in the httpd.conf and the mod_osso.conf, create a new empty_osso.conf in $OH/Apache/Apache/conf/osso/ and rerun the osso1013. This did the trick for me. cu Andreas

This seems to be a very difficult task. Here is my setup on a VMWare instance (RH 4.3): AS 10.1.2.0.2 Infrastructure with OID AS 10.1.3.1 SOA Suite AS 10.1.3.2 Webcenter Now I want to use the OID as the security provider for the SOA Suite. First I register the SOA Suite as a "remote_midtier" in the SSO. Then I go to the AS Control of the SOA Suite and configure the Identity Management for the two OC4J's - home and oc4j_soa. This does only work for the OC4J called home. The OC4J oc4j_soa does not get changed. Then after some restarts the whole system decides to just stop with using any of the two security providers (file-based JAZN and OID). Therefore I cannot login to the AS Control. After several attempts to fix this I parked this problem. This will probably be a reinstall :-( Any ideas are welcome. cu Andreas

This is an error I made and I thought sharing this will prevent other from searching in the wrong direction (as I did). When installing the SOA Suite you might want to integrate this with the OID. However there is a small problem when during the setup of the SOA Suite two OC4J's are created. You will have oc4j_home and oc4j_soa for example. When you integrate the OID into the SOA Suite you will need to manipulate the jazn.jar file in the oc4j configuration directory. As you have two oc4j's you need to copy the jazn.xml to the respective directories - otherwise you will get to the SSO page but will never be able to log in.