Wednesday, May 27, 2009

invalid policy configuration Netpoint/Oblix/CoreId/Oracle Access Manager

If you made a mistake during the configuration of a policy in the policy manager and you locked yourself out of the system it is possible to undo this in the LDAP Directory.
Use an LDAP browser/editor (for example: LDAP browser) to find the entry:
realm
+-o=oblix
+---obapp=PSC
+-----obname=OBAutoSSO_XXXXXXX (find the one you last changed, normally the last created is added at the bottom)

Change the value of the attribute: obenabled from enabled to disabled. Restart the Access Manager and after that it should be possible to log in.

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Unsuccessfull/incomplete product setup: Howto: restart product setup of Identity Server/Policy Manager, Netpoint/Oblix/CoreId/Oracle Access Manager

If something goes wrong (Empty browser window, no response) during the product setup of the Identity Server/Policy Manager in the browser it is possible to restart the product setup by changing the setup.xml of the product. Set the status Value to incomplete instead of done and you can start over with the product setup.

Location of setup.xml:
WebPass: $WEBPASS_HOME/access/oblix/config
Identity server: $IDENTITY_HOME/identity/oblix/config

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Tuesday, May 19, 2009

wsrp oc4j container on Oracle AS 10.1.3.4 + wsrp-samples.ear

How to install wsrp in an OC4J container on Oracle AS 10.1.3.4 and deploy wsrp-samples.ear and test if everything works in Oracle AS portal 10.1.4.

Download the wsrp sources from metalink: Patch number: 7356288
WSRP-PREDEPLOY.JAR IS DUPLICATING ENTRIES FOR THE SPRING CONTEXT LOADER

Download wsrp-samples.ear application:
http://download.oracle.com/otndocs/tech/webcenter/files/pdksoftware.zip


createinstance -instanceName oc4j_wsrp -groupname default


Output:

Creating OC4J instance "oc4j_wsrp"...
Set OC4J administrator password for "oc4j_wsrp" (password text will not be displayed as it is entered):
Enter password:
Confirm password:
A new OC4J instance "oc4j_wsrp" is created in the group "default".


Do not start the container!!!!!!

Install the wsrp in the oc4j container

java -jar portlet-server-install-v1.jar $ORACLE_HOME/j2ee/oc4j_wsrp


Output:

File "$ORACLE_HOME/j2ee/oc4j_wsrp/config/global-web-application.xml" modified successfully
File "$ORACLE_HOME/j2ee/oc4j_wsrp/config/server.xml" modified successfully
Beginning install of libraries to "$ORACLE_HOME/j2ee/oc4j_wsrp/applib"
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/commons-logging.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/dom4j.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/jaxrpc-api.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/jaxrpc-ri-patched.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/namespace.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/ptlshare.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/relaxngDatatype.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/saaj-api.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/saaj-ri.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/wsrp-common.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/wsrp-container.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/xml.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/xmlmesg.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/xmlparserv2.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/xsdlib.jar"...
Installing "$ORACLE_HOME/j2ee/home/jsp/lib/taglib/oracle-portlet-tags.jar"...
Install Complete


Start the oc4j container.

wsrp can work with an file based preference store or with an database as preference store. In this example we will user the file based option which is default.

Before we can deploy the wsrp-samples.ear we have to change the file $ORACLE_HOME/j2ee/oc4j_wsrp/config/server.xml import a jar. Under <shared-library name="oracle.wsrp" version="1.0"> add <import-shared-library name="oracle.ws.jaxrpc"/>.

Now unzip the downloaded pdk pdksoftware.zip.

Search for the wsrp-samples.ear (directory: pdk/portlet-container)

Deploy the ear file from the command line:

java -jar admin_client.jar deployer:oc4j:[HOSTNAME]:[OPMN_REQUEST_PORT] oc4jadmin [PASSWORD] -deploy -file wsrp-samples.ear -deploymentName sampleapp -bindAllWebApps


If everything is ok there should be a servlet:
http://[HOSTNAME]:[PORT]/portletapp/info

Now the provider can be registerd in portal with the WSDL:
http://[HOSTNAME]:[PORT]/portletapp/portlets?WSDL

If you want to make your application wsrp ready the following should be done to "infect" your ear file with the Oracle stuff:


java -jar wsrp-predeploy.jar


Refer:
http://download.oracle.com/docs/cd/B32110_01/webcenter.1013/b31074/jpsdg_java_intro.htm#BHCCCFID

Metalink note: 341922.1


Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Warning: View created with compilation errors.

During compilation of view I got the following error:

Warning: View created with compilation errors.

Show err gives No Errors.
SQL> SQL> show err
No errors.

With the following select statement it is possible to find the error:

select text from dba_errors where name = '[OBJECT_NAME]' and owner = '[OBJECT_OWNER]';

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Object id argument passed to DBMS_UTILITY.INVALIDATE is not legal

When executing the DBMS_UTILITY.COMPILE_SCHEMA procedure, the following errors are given:

ERROR at line 1:
ORA-20000:
ORA-06512: at "SYS.DBMS_UTILITY", line 347
ORA-24237: object id argument passed to DBMS_UTILITY.INVALIDATE is not legal
ORA-06512: at line 1

To check whether SYS has the required privileges, run the following query connected as SYS:

SQL> select username, privilege from user_sys_privs order by privilege;

If SYS does not have the following privileges, then grant them to SYS directly:

grant CREATE ANY DIMENSION to sys;
grant CREATE ANY EVALUATION CONTEXT to sys;
grant CREATE ANY INDEX to sys;
grant CREATE ANY INDEXTYPE to sys;
grant CREATE ANY LIBRARY to sys;
grant CREATE ANY MATERIALIZED VIEW to sys;
grant CREATE ANY OPERATOR to sys;
grant CREATE ANY PROCEDURE to sys;
grant CREATE ANY RULE to sys;
grant CREATE ANY RULE SET to sys;
grant CREATE ANY SYNONYM to sys;
grant CREATE ANY TRIGGER to sys;
grant CREATE ANY TYPE to sys;
grant CREATE ANY VIEW to sys;

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Friday, May 8, 2009

IdentityXML change password sample XML, Netpoint/Oblix/CoreId/Oracle Access Manager

With this XML sample it is possible to change the password of an user!


<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas-xmlsoap.org/soap/envelope/"
xmlns:oblix="http://www.oblix.com">
<SOAP-ENV:Body>
<oblix:authentication xmlns:oblix="http://www.oblix.com" type="basic">
<oblix:login>orcladmin</oblix:login>
<oblix:password>[PASSWORD]</oblix:password>
</oblix:authentication>
<oblix:request application="userservcenter" function="modifyUser"> <oblix:params>
<oblix:param name="uid">cn=[USERNAME],cn=users,dc=test,dc=com
</oblix:param>
<oblix:param name="attrName_1">userPassword</oblix:param>
<oblix:param name="attrValue_1">[NEW_PASSWORD]</oblix:param>
<oblix:param name="attrValue_1_confirm">[NEW_PASSWORD]</oblix:param>
<oblix:param name="attrValue_1_old">[OLD_PASSWORD]</oblix:param>
<oblix:param name="attrOperation_1">REPLACE</oblix:param>
<oblix:param name="noOfFields">1</oblix:param>
</oblix:params>
</oblix:request>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Refer:
http://www.oracle.com/technology/sample_code/products/id_mgmt/accmgr/id_developer.pdf

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Thursday, May 7, 2009

IdentityXML example, Netpoint/Oblix/CoreId/Oracle Access Manager

In the project I was working on there was a question to find out how users could change their password without using the GUI of the identity server. An Oracle Sales Consultant pointed me to IdentityXML as a possible solution for this problem. Together with a colleague (JAVA consultant) of IT-eye, Ron Weverwijk we found out how this works.

This blog is a simple description how IdentityXML works and we used the Oracle documentation which you can find at the end of this blog.

In the documentation there is an sample JAVA program which we used:


/**
* This is a very simple SOAP example of how to invoke Oracle Access Manager
* through SOAP.
*
* This program will make a soap request (send the request in soap.xml)
* to the argument hostname:port/oblix/apps/corpdir/bin/corpdir.cgi
*
* Requirements:
* *** ObSoapClient, a complete http client library from innovation, is
* required to run this test. The software is free, and licensed under the
* GNU Lesser General Public License.
* HTTPClient is available at http://www.innovation.ch/java/HTTPClient
* This program has been tested with HTTPClient Version 0.3-2
*
* To run:
* *** java ObSoapClient [-h hostname] [-p port] [-f inputfile] [-u oblixurl]
*
*/

import java.net.URL;
import java.io.IOException;
import java.io.FileReader;
import java.io.BufferedReader;
import HTTPClient.CookieModule;
import HTTPClient.HTTPConnection;
import HTTPClient.HTTPResponse;
import HTTPClient.ModuleException;
import HTTPClient.NVPair;

public class ObSoapClient
{
static String hostname = "sunlight.oracle.com";
static String filename = "soap.xml";
static int port = 80;
static String oburl = "/identity/oblix/apps/userservcenter/bin/userservcenter.cgi";

public static void collectArgs(String args[])
{
for (int i = 0; i < args.length; i++) {
if (args[i].equals("-h") && args.length >= i+1)
hostname = args[i+1];
else if (args[i].equals("-f") && args.length >= i+1)
filename = args[i+1];
else if (args[i].equals("-p") && args.length >= i+1)
port = Integer.parseInt(args[i+1]);
else if (args[i].equals("-u") && args.length >= i+1)
oburl = args[i+1];
else if (args[i].equals("-h") || args[i].equals("-help")) {
System.out.println("Usage: java ObSoapClient [-h hostname] [-p port] [-f filename] [-u oblixurl] \n");
}
}
}

/**
* Read from soap.xml in current directory and return as string.
*/
public static String getRequestFromFile()
{
StringBuffer data = new StringBuffer();
try {
BufferedReader reader = new BufferedReader(new FileReader(filename));

for (String line = reader.readLine(); line != null;
line = reader.readLine()) {
data.append(line);
data.append("\r\n");
}
} catch (Exception e) {
System.out.println(e.toString());
}
return data.toString();
}

public static void main(String args[]) throws Exception
{
try {
CookieModule.setCookiePolicyHandler(null);

// initiate connection
collectArgs(args);
HTTPConnection con = new HTTPConnection(hostname, port);

// collect response
NVPair header[] = new NVPair[1];
header[0] = new NVPair("Content-Type", "text/xml");
HTTPResponse rsp =
con.Post(oburl,
getRequestFromFile(),
header);

// get status and act accordingly
if (rsp.getStatusCode() >= 300) {
System.err.println("Received Error: "+rsp.getReasonLine());
System.err.println(new String(rsp.getData()));
} else
System.out.println(new String(rsp.getData()));
} catch (IOException ioe) {
System.err.println(ioe.toString());
} catch (ModuleException me) {
System.err.println("Error handling request: " + me.getMessage());
} catch (Exception e) {
System.out.println(e.toString());
}
}

}

/*
NVPair form_data[] = new NVPair[2];

form_data[0] = new NVPair("login", "J.Smith");
form_data[1] = new NVPair("password", "J.Smith");
// form_data[2] = new NVPair("uid",
// "cn=John Smith,ou=Corporate,o=Company,c=US");
// form_data[3] = new NVPair("program", "personPage");
// form_data[4] = new NVPair("tab_id", "Employees");

// HTTPResponse rsp = con.Post("/oblix/apps/corpdir/bin/corpdir.cgi", form_data);

*/



This program needs a jar file http_client.jar this file can be found in a $ORACLE_HOME of an Oracle Application Server in the directory $ORACLE_HOME/j2ee/home/lib.

First this program needs to be compiled (We used a Linux client)
cd $HOME
mkdir IdentityXML
cd IdentityXML
cp $ORACLE_HOME/j2ee/home/lib/http_client.jar .
vi ObSoapClient.java

Fill this file with the code example.

Compile the java file:

javac -classpath .:http_client.jar ObSoapClient.java


Now you have an ObSoapClient.class file.

All you need to test if it works is an example SOAP messages which can be found in the identity server directory. In this directory are examples of messages which can be used.

$IDENTITY_HOME/identity/oblix/unsupported/integsvcs

For this example we will query the OID for the attribute sn of an user in the OID.
The example used is: um_view.xml

To keep it simple we chosed to use orcladmin as the user in the authentication part of the message. But if you want to use another username a workflow should be created in the identity server which gives the user the privilege to view attributes of other users.

Create an file soap.xml with and fill this with:


<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas-xmlsoap.org/soap/envelope/"
xmlns:oblix="http://www.oblix.com">
<SOAP-ENV:Body>
<oblix:authentication xmlns:oblix="http://www.oblix.com" type="basic">
<oblix:login>orcladmin</oblix:login>
<oblix:password>[PASSWORD]</oblix:password>
</oblix:authentication>
<oblix:request function="view">
<oblix:params>
<oblix:param name="uid">cn=[USER_NAME],cn=users,dc=test,dc=com</oblix:param>
<oblix:param name="attrName">sn</oblix:param>
</oblix:params>
</oblix:request>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Now execute the java program:


java -classpath http_client.jar:. ObSoapClient -f soap.xml -h [HOSTNAME] -p [HTTP_PORT] -u /identity/oblix/apps/userservcenter/bin/userservcenter.cgi


Output of the program:

<?xml version="1.0" encoding="utf-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<Oblix xmlns:oblix="http://www.oblix.com/" xmlns="http://www.oblix.com/" oblang="en-us">
<ObProfile>
<ObPanel obname="defaultPanel" obpanelId="20090504T03484759854" obpanelClass="inetorgperson">
<ObAttribute obattrName="sn">
<ObDisplay obdisplayName="Last Name" obdisplayType="textS" obname="sn" obmode="view" obcanRequest="false" obrequired="false">
<ObTextS>
<ObValue>[LASTNAME]</ObValue>
</ObTextS>
</ObDisplay>
</ObAttribute>
</ObPanel>
<ObHeaderPanel></ObHeaderPanel>
<ObRequestInfo>158720928</ObRequestInfo>
<ObScripts>
<ObScript obname="../../../lang/en-us/msgctlg.js"></ObScript>
<ObScript obname="../../../lang/shared/i18n.js"></ObScript>
<ObScript obname="../../../lang/shared/nsiesetup.js"></ObScript>
<ObScript obname="../../../lang/shared/misc.js"></ObScript>
<ObScript obname="../../../lang/shared/miscsc.js"></ObScript>
<ObScript obname="../../../lang/shared/horizontalprofile.js"></ObScript>
<ObScript obname="../../../lang/shared/userservcenter.js"></ObScript>
</ObScripts>
<ObForm obname="profileForm" obmethod="post" obaction="userservcenter.cgi?tab_id=Employees&uid=cn%3D[USERNAME]%2Ccn%3Dusers%2Cdc%3Dtest%2Cdc%3Dcom%2C">
<ObInput obtype="hidden" obname="program" obvalue="view"></ObInput>
<ObInput obtype="hidden" obname="visiblePanel"></ObInput>
</ObForm>
<ObDisplay obdisplayName="ObTextMessage" obdisplayType="textS" obname="ObTextMessage" obmode="view" obcanRequest="false" obrequired="false">
<ObTextS>
<ObTextMessage></ObTextMessage>
</ObTextS>
</ObDisplay>
<ObTextMessage></ObTextMessage>
<ObSelectorInfoForm>
<ObForm obname=""></ObForm>
</ObSelectorInfoForm>
<ObButton obaction="initiateDeactivateUser"></ObButton>
<ObButton obaction="userreactivate"></ObButton>
<ObButton obaction="wfTicketDelete"></ObButton>
<ObButton obaction="userModify" obimageUrl="NAVmodify" obmouseOver="Modify this profile." obhref="../../userservcenter/bin/userservcenter.cgi?program=modify&tab_id=Employees&uid=cn%3D[USERNAME]%2Ccn%3Dusers%2Cdc%3Dtest%2Cdc%3Dcom"></ObButton>
<ObStatus>0</ObStatus>
</ObProfile>
<ObStatus>0</ObStatus>
</Oblix>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Refer:
http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b25346/idxmlows.htm

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.