OAM – OUD as Identity Store

dn: ou=people,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: people

dn: ou=Groups, dc=example,dc=com
objectClass: top
objectClass: organizationalunit
ou: Groups

dn: cn=oam_admin,ou=Groups, dc=example,dc=com
description: Administrators of the OAM Server
objectClass: top
objectClass: groupofuniquenames
uniqueMember: uid=vishal,ou=people,dc=example,dc=com
cn: oam_admin

dn: uid=vishal,ou=people,dc=example,dc=com
objectclass: top
objectclass: person
objectclass: inetOrgPerson
objectclass: organizationalperson
objectclass: orcluser
objectclass: orcluserv2
orclisenabled: ENABLED
orcltimezone: America/New_York
preferredlanguage: en-US
uid: vishal
givenname: Vishal
cn: Vishal Raj
sn: Raj
telephonenumber: 752-330-4301
employeenumber: 620451
mail: Vishal.Raj@mycompany.com
userpassword: Welcome1
postaladdress: 1865 Cliff Flds
l: Brooktondale
st: DE
postalcode: 98662-7671
title: Administrator

# Mbean Issue :


Configuring Oracle Unified Directory as an Identity Store for Access Manager 11gR2 (11.1.2)


OAM – Webgate Configuration

# Deploying the WebGate - 7778

cd /scratch/appl/oracle/fmw-webtier7778/Oracle_OAMWebGate1/webgate/ohs/tools/deployWebGate

./deployWebGateInstance.sh -w /scratch/appl/oracle/fmw-webtier7778/Oracle_WT1/instances/instance1/config/OHS/ohs1/ -oh /scratch/appl/oracle/fmw-webtier7778/Oracle_OAMWebGate1/

# Deploying the WebGate - 7779

cd /scratch/appl/oracle/fmw-webtier7779/Oracle_OAMWebGate1/webgate/ohs/tools/deployWebGate

./deployWebGateInstance.sh -w /scratch/appl/oracle/fmw-webtier7779/Oracle_WT1/instances/instance1/config/OHS/ohs1/ -oh /scratch/appl/oracle/fmw-webtier7779/Oracle_OAMWebGate1/

# Updating the OHS Configuration File - 7778

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/scratch/appl/oracle/fmw-webtier7778/Oracle_WT1/lib

cd /scratch/appl/oracle/fmw-webtier7778/Oracle_OAMWebGate1/webgate/ohs/tools/setup/InstallTools

./EditHttpConf -w /scratch/appl/oracle/fmw-webtier7778/Oracle_WT1/instances/instance1/config/OHS/ohs1

# start the OHS Server

cd  /scratch/appl/oracle/fmw-oiamr2ps2/Oracle_IDM1/oam/server/rreg/input

# Edit OAM11GRequest.xml


$ cd ../

$ bin/oamreg.sh outofband input/OAM11GRequest.xml

# Explore the input directory under $ORACLE_HOME/oam/server/rreg to see the response file oam11gr2_webgate_7778_Response.xml created by the utility. The security administrator will email this file to the application administrator.

Now, assume that you are the application administrator (this user need not be member of
OAM Administrator role or an LDAP user). Open a new command-line window and navigate

cd /scratch/appl/oracle/fmw-oiamr2ps2/Oracle_IDM1/oam/server/rreg and run the following command:

bin/oamreg.sh outofband input/oam11gr2_webgate_7778_Response.xml

You should get this message after a successful run:
Outofband registration (Part 2) completed successfully! Output
artifacts are created in the output folder.

# Notice that when you ran oamreg.sh this time, it did not prompt you for the agent username or password. Therefore, this can be run locally by the application administrator with no connection to the WLS admin server. Explore the output/oam11gr2_webgate_7778 directory under $ORACLE_HOME/oam/server/rreg to see the cwallet.sso and ObAccessClient.xml artifact files created by the utility.

$ cd /scratch/appl/oracle/fmw-oiamr2ps2/Oracle_IDM1/oam/server/rreg/output/oam11gr2_webgate_7778

cp * /scratch/appl/oracle/fmw-webtier7778/Oracle_WT1/instances/instance1/config/OHS/ohs1/webgate/config

=-=-=-=- # Updating the OHS Configuration File - 7779  -=-=-=-=-=-=-=-=-=-=

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/scratch/appl/oracle/fmw-webtier7779/Oracle_WT1/lib

cd /scratch/appl/oracle/fmw-webtier7779/Oracle_OAMWebGate1/webgate/ohs/tools/setup/InstallTools

./EditHttpConf -w /scratch/appl/oracle/fmw-webtier7779/Oracle_WT1/instances/instance1/config/OHS/ohs1

# Use Console to create the SSO Agent : 

a. Name :  oam11gr2_webgate_7779
b. Base URL :  http://db.example.com:7779
c. Host Identifier : oam11gr2hostid2
d. Public Resource List : /public/index.html

# Copy the artifacts : 

cd /scratch/appl/oracle/fmw-oiamr2ps2/user_projects/domains/base_domain/output/oam11gr2_webgate_7779

cp * /scratch/appl/oracle/fmw-webtier7779/Oracle_WT1/instances/instance1/config/OHS/ohs1/webgate/config/

# Restart the OHS Server.

check the 7779 link.

Create cluster OID instacnes in OAM Idstore


5.3.1 Using Identity Directory Services

Identity Directory Service offers a consistent and rationalized technology to access identity stores that eliminates redundant configurations and simplifies Identity Management operations. IDS provides the following benefits:

  1. Support for different types of user directories including integration with native user/password state managed by the directory.
  2. Consistent administration user interface and a paradigm for working with different identity stores across Oracle Identity Management components.
  3. Built in failover and load balancing capabilities.
  4. Logical to physical attribute mapping and entity relationships.

OAM – Force logoff

If you want to restrict any/all users to have a maximum of 2 sessions, then –

1. Navigate to ‘OAM Admin Console -> Configuration -> Common Settings’
2. Set ‘Maximum Number of Sessions per User’ to a desired value.

NOTE that this will affect all users.

In case you want to restrict all users to have a maximum of 2 sessions PER APPLICATION, then –

1. Navigate to ‘OAM Admin Console -> Application Security -> Application Domain -> Authentication Policies -> -> Advanced Rules -> Post-Authentication
2. Add the Rule Name, and set ‘Condition’ to session.count > 2 //this will restrict the user to have a max of 2 sessions.