So let’s say that you’re working in an environment that happens to have Oracle Access Manager (OAM) installed twice. Yep, two instances. Why? Most likely because larger corporations and institutions tend to make decisions that have no real thought behind them. Anywho, a problem that will arise is that if you’re using a global cookie with the .domain.com as your suffix, they will conflict and overwrite eachother. This will cause a wonderful behavior of being SSO’d into one system and when you visit the other system it will overwrite the cookie and kill your other session for you. Why? Because OAM uses a cookie name of ObSSOCookie as the default name. By method of standard practice and IT reasoning, your impulse would be to rename one of the cookies so that there are two separate cookies and that they can be used independently. Weeellllll, surprise surprise, you can’t. Oracle Access Manager will NOT allow you to change the name of the cookie. The official response from Oracle on this is that, “it’s a security issue”. I’m calling B.S. and attributing this to the bad practice of hard-coded variables.

So, yeah. If for whatever reason, you want to change the name of the ObSSOCookie that Oracle Access Manager uses for it’s single sign on purposes, you can’t.

On behalf of Oracle / Oblix… sorry =)

.: Adam

1. Installing Oracle Enterprise Linux 5 Update 3 on VMWare
2. Installing and Configuring Oracle Database 11g Revision 2 (11gR2)
3. Installing WebLogic Server 11gR1 (10.3.3)
4. Executing and Configuring the Repository Creation Utility 11g
5. Installing, Patching, and Configuring Oracle Identity Management 11g
6. Installing and Patching the SOA Suite 11g
7. Installing Oracle Identity and Access Manager 11g
8. Configuration of Oracle Identity Manager 11g
9. WebLogic Server and Domain Start-up Options
10. Starting Oracle Database and Directories

Part 8 – Configuration of Oracle Identity Manager 11g

This video tutorial will walk you though the configuration of Oracle Identity and Access Manager 11g. These tools include:

• Oracle Access Manager 11g
• Oracle Adaptive Access Manager 11g
• Oracle Identity Navigator 11g
• Oracle Identity Manager 11g
• Platform Security Services
• Authorization Policy Manager

Next >> Part 9 – WebLogic Server and Domain Start-up Options

The original source videos are available for download via Vimeo.com You’ll have to sign in to download them though. To get there, click on the “Vimeo” logo in the video.

If you have any questions, please post them below. I’m pretty tied up at the moment, but others will be able to help too!

Thanks!

.: Adam

1. Installing Oracle Enterprise Linux 5 Update 3 on VMWare
2. Installing and Configuring Oracle Database 11g Revision 2 (11gR2)
3. Installing WebLogic Server 11gR1 (10.3.3)
4. Executing and Configuring the Repository Creation Utility 11g
5. Installing, Patching, and Configuring Oracle Identity Management 11g
6. Installing and Patching the SOA Suite 11g
7. Installing Oracle Identity and Access Manager 11g
8. Configuration of Oracle Identity Manager 11g
9. WebLogic Server and Domain Start-up Options
10. Starting Oracle Database and Directories

Part 7 – Installing Oracle Identity and Access Manager 11g

This video tutorial will walk you though the installation of Oracle Identity and Access Manager 11g. These tools include:

• Oracle Access Manager 11g
• Oracle Adaptive Access Manager 11g
• Oracle Identity Navigator 11g
• Oracle Identity Manager 11g
• Platform Security Services
• Authorization Policy Manager

You will need to download the 1.7GB Oracle Identity and Access Management (11.1.1.3.0) Generic Installer (ofm_iam_generic_11.1.1.3.0_disk1_1of1.zip).

Download Oracle Identity and Access Management

Next >> Part 8 – Configuration of Oracle Identity Manager 11g

The original source videos are available for download via Vimeo.com You’ll have to sign in to download them though. To get there, click on the “Vimeo” logo in the video.

If you have any questions, please post them below. I’m pretty tied up at the moment, but others will be able to help too!

Thanks!

.: Adam

Ok… after a ton of debating and drinking, I’ve finally come to a conclusion.

On what, you ask?

Well, over the past few weeks, I’ve been giving myself a crash-course on the new 11g stack for Oracle’s Identity Management Fusion Middleware. During this time, I finally figured out how to get everything installed (on Oracle Enterprise Linux 5 Update 3):

• Oracle Identity Manger 11g
• Oracle Access Manager 11g
• Oracle Adaptive Access Manager 11g
• Oracle Identity Federation 11g
• Oracle Internet Directory 11g
• Oracle Virtual Directory 11g
• Oracle HTTP Server
• Oracle Directory Integration Platform 11g
• Oracle WebLogic Server 11g
• Oracle Database 11gR2
• Oracle Identity Navigator 11g
• Oracle Authorization Policy Manager
• Oracle Platform Security Services

While doing this, I learned a lot…. srsly…

More importantly, I captured the whole process on video, and made video tutorials / guides on how to install and configure each product. Since it’s a video, you’ll also see a few mistakes that I made along the way, this way if the same happens in the future, the fixes are documented.

There are some documents out there, a few blogs with some high-level steps, and one guy I know is selling an eBook on the install process for about $100 (and it’s probably worth it!), so now my dilemma is two fold:

1. Should I make this information that’s worth more than gold available to others?

2. If so, how much should I charge?

Now back to the “I’ve made a decision” part:

1. Yes, I’m going to release these videos to the public.

2. I’m going to charge $1,000.

Hahahah… just kidding =)

I’ll be giving them away free, right here!

Once I get the write-up’s done, and the videos uploaded, I’ll starting posting the videos on my blog for everyone to use.

DONE!

1. Installing Oracle Enterprise Linux 5 Update 3 on VMWare
2. Installing and Configuring Oracle Database 11g Revision 2 (11gR2)
3. Installing WebLogic Server 11gR1 (10.3.3)
4. Executing and Configuring the Repository Creation Utility 11g
5. Installing, Patching, and Configuring Oracle Identity Management 11g
6. Installing and Patching the SOA Suite 11g
7. Installing Oracle Identity and Access Manager 11g
8. Configuration of Oracle Identity Manager 11g
9. WebLogic Server and Domain Start-up Options
10. Starting Oracle Database and Directories

Cheers!

.: Adam

A close friend of mine in the the IDM world just called me the other day saying that a company out of Tampa Florida, EMS Consulting, sent him a resume of an example employee they have named “Gene” that is their lead architect. This resume is MY RESUME! If anyone else out there is receiving resumes of so-called “employees” of this company, you may want to compare it with mine at AdamCallen.com first!

Here’s the story…

Last fall, EMS contacted me to help with a project, University of Louisville. After 2 weeks on the job I saved UofL thousands of dollars in unneeded hardware costs and cut the project time down almost three months, but that’s besides the point. I got sick while there… in the middle of the day. One of the UofL employees even drove me to the hospital (super awesome guy and I can’t thank him enough!). Turns out that it was just a side effect of some nasty flu I had, but that didn’t matter. When I returned the next day, the lead on the project accused me of taking METH! WTF?! Needless to say, I didn’t return.

Now their going around telling people that they have a guy, “Gene” is the name I’ve seen so far, that works for them. They’re sending out MY RESUME and MY CLIENT LIST as an example of employees that they have on staff. I was never even on staff with these people. It was a short-term contract.

So if you hear that they’ve worked at Tyco, University of Mass, and others, they’re LYING! This all goes back to what I keep telling people. CHECK COMPANY’S REFERENCES!

I kept all of the dealings between me and EMS quite with regards to what happened at UofL out of professional courtesy, but this I can’t let go by.

If you are an IDM consultant, you need to stay away from this company. I personally know 2 other people that have been burned from them!

If you’re looking to hire a company to implement your IDM project, take note of their business practices! I can easily recommend many other great companies with excellent reputations if you need them!

If you work for Oracle, or know anyone that does, please spread the word about this company internally! They will only wind up killing your name in the long run!

Lastly, please spread the word to as many people as possible about them so that others won’t be scammed as well.

Thank you!

.: Adam

I just finished up a PoC at Conde Nast with some Access Management tools and such. Everything went smoothly and had the wrap-up meeting today. Oracle sales and the heads of our company all met in their board room. This place was awesome!

I feel I should also add in some learned items as well =)

- If you have a comma in a DN, you need to escape it with a backslash (ie.  cn=Last\, First,ou=People,dc=domain,dc=com). Amazingly, this was the first time I’ve run into a situation where there was a comma in the dn =)

- Hooking up OAM to AD as the user repository with OVD as the proxy in the middle is amazingly simple and works out of the box perfectly! All the groups and memberships show up and work with all group based policies. Just make sure you select “Data Anywhere” as the LDAP, and in OVD, use the OAM-Active Directory Mapping script for the mapping , not the generic AD one. This will keep your corporate AD schema nice and clean, but still allow OAM to use it’s ob* attributes.

- One of the techie sales guys from Oracle told me that in the upcoming release of OAM (11g), there is going to be tighter integration between OAM and WebLogic. Making the two work out of the box together. No more SSPI pain in the ass plugin!

That’s it for today. Sorry for the delay in posts. I just haven’t had a lot of time to get info on here. I’ll try to update more!

.: Adam

A while ago, I put together a video walkthrough of installing Oracle Access Manager onto Oracle Enterprise Linux. If you’re looking to learn the basics, this may be a good start (OAM is a lot easier to learn than OIM)

It’s about 40 minutes long, so grab some popcorn and enjoy the show!

.: Adam

ps. You’re welcome

If you are installing OAM (Oracle Access Manager), and one of your requirements is to protect PeopleSoft, there’s a chunk of PeopleCode that you’ll need to install to get everything working properly.

The big thing here is to make sure that you’re using / referencing the most up to date documentation on this.

The scripts in the 10.1.4.2 documentation are different from the 10.1.4.1 documentation.

I mean to say that one can discern some odd special characters in the older (Aug 2006 10.1.4.1 documentation) and the newer (Dec 2007 10.1.4.2) documentation. E.g.,

The second first ” below is Ò

Old: &logfile.Writeline(Ò&authMethod <> “”SSO”"”);

New: &logfile.Writeline(“&authMethod <> “”SSO”"”);

It stands to reason that the old script would have caused problems.

The link below is for the newer documentation and the newer script.

http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/e10356/people.htm#PEOPLESOFT

Oracle does certify and support the newer released version of docs 10.1.4.2. I have seen the integration demonstrated and working.

.: Adam

In the “6 Integrating with Oracle Access Manager” section of OIM’s “Best Practice Guide” it says:

Locate the following Single Sign-On configuration (the following are the default settings without Single Sign-On):

< web-client>
< Authentication>Default< /Authentication>
< AuthHeader>REMOTE_USER< /AuthHeader>
< /web-client>

Edit the single sign-on configuration as follows.

Replace < SSO_HEADER_NAME> with the appropriate header configured in your  single sign-on system:

< web-client>
< Authentication>SSO< /Authentication>
< AuthHeader>< SSO_HEADER_NAME>< /AuthHeader>
< /web-client>

Most users will leave this value because it is the default.  It should be mentioned in the document that this default value *MUST* be changed.

Slightly important detail left out… sheesh!

.: Adam