Blog

Oracle Access Manager 11gR2 Installation

I created a video guide to help anyone trying to install the latest OAM. Here's some text to go along with it: Necessary software for installation: Oracle Database (11.2.0.3), Weblogic Server (10.3.6), RCU & OIAM (11gR2). You'll also need a JDK installed, correct limits.conf file, and the oracle-validated package from their yum repository. Step 1 is to install the database. Then set these parameters on it: SQL> alter system set processes=500 scope=spfile; SQL> alter system set open_cursors=1500 scope=spfile; SQL> alter system set session_cached_cursors=500 scope=spfile; SQL> alter system set session_max_open_files=50 scope=spfile; SQL> alter system set aq_tm_processes=1 scope=spfile; SQL> alter system set job_queue_processes=10 scope=spfile; Restart the database for these to take effect. Then install the OAM schema onto the DB from the latest RCU. If you're on a 64-bit system then set the linux32 bash before trying the RCU. Install the Weblogic server next, and then OIAM. Next is to run the domain configuration utility, and choose to configure it for OAM. Now to create the security store by using WLST. Navigate to the folder where you installed OIAM, and then from the "common" folder contained whithin: ./bin/wlst.sh tools/configureSecurityStore.py -d //user_projects/domains/oam_domain -c IAM -p -m create Now you can boot the AdminServer and the oam server from command line!

What is RISE?

It's been a year since we started UberEther and so far things have been wonderful. Honestly, things couldn't have gone better. We're up to a team of five right now with plans to at least double this year. We're major proponents of Jason Fried at 37 Signal's building of a slow company. While it helps keep us to our philosophy, our customers keep telling us, "If we only had more people like you guys all our problems would be solved." Identity and access management isn't about sending someone to class for a week and they come back experts. It's a mentality and a way of thinking that takes years to learn and is extremely hard to find right now. For us the satisfaction comes from mentoring our customers and watching their teams grow into performing IDM rockstars. We're hoping our friend Adam hasn't trademarked that term yet. Rapid Identity Solutions and Engineering (RISE) is our solution to helping our customers fill the identity and access management talent gap. We sit down with each of our customers and look at their highest priority, highest risk ...

Configuring Oracle Unified Directory as an Identity Store for Access Manager 11gR2 (11.1.2)

Hi all, Mike here. Today I'm writing about configuring and using OUD as a data source for OAM to store our identities.   First, we need to configure the directory instance to prepare it for OAM. We need to create user, group, and reserve containers. After updating it for your directory, insert the following into a file called OUDContainers.ldif: dn:cn=oracleAccounts,dc=uberether,dc=com cn:oracleAccounts objectClass:top objectClass:orclContainer dn:cn=Users,cn=oracleAccounts,dc=uberether,dc=com cn:Users objectClass:top objectClass:orclContainer dn:cn=Groups,cn=oracleAccounts,dc=uberether,dc=com cn:Groups objectClass:top objectClass:orclContainer dn:cn=Reserve,cn=oracleAccounts,dc=uberether,dc=com cn:Reserve objectClass:top objectClass:orclContainer   In your terminal, cd on over to /asinst_1/OUD/bin and execute these commands: ./stop-ds ./import-ldif --backendID userRoot --append --ldifFile /OUDContainers.ldif ./start-ds Now we need to add a few OIMAdmin users to the mix, create a file called oudadmin.ldif. Update and insert the following: dn: cn=systemids,dc=mycompany,dc=com changetype: add objectclass: orclContainer objectclass: top cn: systemids dn: cn=oimAdminUser,cn=systemids,dc=mycompany,dc=com changetype: add objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgperson mail: oimAdminUser givenname: oimAdminUser sn: oimAdminUser cn: oimAdminUser uid: oimAdminUser userPassword: welcome1 dn: cn=oimAdminGroup,cn=systemids,dc=mycompany,dc=com changetype: add objectclass: groupOfUniqueNames objectclass: top cn: oimAdminGroup description: OIM administrator role uniquemember: cn=oimAdminUser,cn=systemids,dc=mycompany,dc=com dn: cn=oracleAccounts,dc=mycompany,dc=com changetype: modify add: aci aci: (target = "ldap:///cn=oracleAccounts,dc=mycompany,dc=com")(targetattr = "*")(version 3.0; acl "Allow OIMAdminGroup add, read and write access to all attributes"; allow (add, read, search, compare,write, delete, import,export) (groupdn = "ldap:///cn=oimAdminGroup,cn=systemids,dc=mycompany,dc=com");) dn: cn=oimAdminUser,cn=systemids,dc=mycompany,dc=com changetype: modify add: ds-privilege-name ds-privilege-name: password-reset   Now execute this command: ./ldapmodify --hostname localhost --port 1389 --bindDN "cn=Directory Manager" \ --bindPassword --defaultAdd --filename /location/of/oudadmin.ldif Time to create a replication server. Make sure you have a file containing your directory manager's password. Execute ./dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" -j -X -n \ create-replication-server --provider-name 'Multimaster ...

Oracle Unified Directory 11gR2 Installation

I recorded a video installation guide for OUD 11gR2 on Oracle Enterprise Linux. Start here and search for Fusion Middleware. Download OUD 11.1.2 and Weblogic server 10.3.6. Then download the Application Development Framework 11.1.1.6 here. You'll also need an operating-system-appropriate version of JDK 1.6.0. First the shell limits must be addressed. As root, navigate to /etc/security/limits.conf and add this to the end of the file: <user_name> soft nproc 2047 <user_name> hard nproc 16384 <user_name> soft nofile 4096 <user_name> hard nofile 65536 where <user_name> is the user doing the installing. Next unpack and install the JDK. Remember where it installs itself to; in my case it was "/usr/java/jdk1.6.0_34". We'll be referencing this folder throughout the guide. Unzip the OUD archive. Reference the JDK folder above when asked for ...

Reset the Oracle Unified Directory Manager Password

My admin password to access the webconsole for OUD 11gR2 was somehow reset. This is what I did to remedy the situation. First, encode a new password. Use the utility provided in the /bin folder. $ ./encode-password -i -s SSHA512 -i is for interactive mode -s chooses the encoding method, in this case SSHA512. It will ask for entry & re-entry of the desired password and then spit out an encoded version. Copy this to the clipboard without the quotation marks. Open /config/config.ldif with a text editor. Search for "Directory Manager" and replace the existing entry for userPassword. Now just restart the OUD instance with the stop-ds and start-ds commands and you're all set.

Savor Beers: A Little Side Project

Last year a bunch of us went to the Savor Craft Beer event in DC (http://www.savorcraftbeer.com). If you've never been, its a must have trip at least once in your life if you consider yourself a beer lover. One of the challenges we had last year was their website isn't built for a mobile application and when you have 150+ beers to pick from it's helpful to have a guide in your pocket. We also thought it would be really great to have a quick way to find any new types of beers that we hadn't had before or you heard about a great tasting beer from a guy in the crowd but needed a fast way to find it. So this year we scratched our own itch and built Savor beers. It was a really handy pocket guide to the event and let us find everything we needed quickly. It was great walking around the crowd and seeing people use our first mobile app. I can't say we will be doing more mobile stuff in the future, but it was definitely fun for us to build and we look forward to expanding to the capabilities for next ...

It’s Been a While, RISE and 2-Way (Client Authenticated) SSL

It's been a while since we were back at the blog.  I wish we had a better excuse but to be honest we've been packed with client work.  Everything from leading a few large identity and access projects to building some custom mobile applications.  More on the latter in a few weeks. We've been busy hiring new team members and will be starting one of our RISE (Rapid Identity Solutions and Engineering) programs shortly.  For most of our careers there has been a shortage in talented young identity and access management engineers.  Most of the people we run into are mid or late in their careers and we feel that the industry needs some hungry young blood.  One of our clients is sponsoring a 6 month "bootcamp" of sorts where we are taking 5 team members 0-2 years out of college, pairing them up with 2 of our senior engineers for 6 months and developing some new solutions. One of the first lessons we teach the new team members is about client authenticated SSL.  Many of them don't even know Apache and mod_ssl yet, let alone client authentication.  So we're going to put up a tutorial here on generating a Certificate Authority, ...

Real World Web Service Security at Oracle Open World 2011

Last week Matt presented Real World Web Service Security at Open Open World.  Our team has been securing web services for over 10 years, long before anyone knew what REST was.  The presentation talks about the last 10 years of web service security and where we think the space is going next. Real World Web Service Security (PDF) Thank you to all the customers who came up to say hello during the week.  It was great to see you all and hopefully everyone's trip back home was uneventful.  We look forward to getting back to work solving your problems.

Little About Us

We Deliver Solutions. Our team is built differently.  We pride ourselves in simple, repeatable, and elegant solutions that are tested in our labs before they are tested on our customers.  Our products solve problems and fill painful gaps based on real ... Read More »