Wednesday, August 31, 2016

Customizing "Oracle Access Manager Operation Error" message

                       This post covers about the steps to customize the standard Oracle messages that are thrown from OAM Webgates. For example, OAM Webgate throws following error message "Oracle Access Manager Operation Error" for a failure of user authorization as shown below. 

                    We can customize these standard messages with the below provided steps.

  • OAM BP07
  • OHS
  • OAM Webgate 11.1.2
  • Login to the server where OHS Webgate is installed
  • Browse to the following directory
    • <Oracle_OAMWebgate>/webgate/ohs/lang/en-us/Webgate.xml
  • Edit the above XML file
  • Find the below tag with name "HTMLpage500" as shown in screenshot.

  • Edit the message to your desired message as shown below.

  • Save the changes
  • Restart the OHS Webserver and access the protected page again.
  • Access the test page and now you can see the customized messages as shown below.
 Thank you for visiting.

Wednesday, August 10, 2016

OAM: User Profile Services through REST in OAM Mobile and Social

                In today's post, we are going to cover about the user profile services that are provided by OAM Mobile and Social component. From the Latest OAM versions in release2, Mobile and Social component comes with OOB capabilities in exposing the user profile services as REST services. This will help the applications to easily access the user data from Identity stores configured in OAM through REST services without going through additional development for user operations. In addition to these user profile services, Mobile and Social also provides services for Authentications and Authorizations.

Our example today specifically covers about simple configuration of these user profile services with your desired endpoint.

  • OAM BP07
  • OUD
  • RHEL6/OEL6
  •  Login to OAM Console and click on Configuration on top right
  • Go to Available Services and scroll down to see "Mobile and Social"
  • By default this "Mobile and Social" component is disabled as shown below. Click on "Enable Service"
  • Click on "Enable Service" on the confirmation box. This will make the "Mobile and Social" services available for use.
  • Now Click on  "Mobile Security" in the top navigation and Go to "Mobile and Social".
  • Lets create a Service Provider first which is of type User Profile Service provider. Click on "Create User Profile Service Provider"
  • Provide the Name of Service Provider and Identity Directory Service as shown below
    • Name : IdentitySP
    • Identity Directory Service Name : OUDIDSProfile
  • Make sure the IDSProfile with the name "OUDIDSProfile" is configured properly with the Users and Groups DN information.
  • Click on Save to create this Service Provider.
  • Next we will create a Service Profile in which we configure the above created Service Provider.
  • Click on "Create User Profile Service" to create the Service profile of type "User Profile" 
  • Provide the values as shown in below screenshot. In this configuration, you can define your desired endpoint name as given below.
  • Also specify the Service Provider that was created in earlier steps and check the "Service Enabled" to enable these services.
  • Click on Create to save this "IdentitySP" service profile configuration.
  • Next step is to add this new Service profile as part of a Service Domain. 
  • Click on "Default" service domain and click on Edit to add the service profile
  • Click on Add and provide this new Service Profile Name in the list. 
  • That's all the configuration. Now your services are ready for access.
  • Lets validate this REST service endpoint. Using "Postman" chrome extension, we can validate this REST services.
  • Invoke the REST endpoint by providing
    • Operation : GET
    • URL : http://<OAMHost>:<OAMPort>/oic_rest/rest/IdentitySP/people/<userid>
  • In my example, testuser1 is the user profile that I would like to access. so URL will be
    • http://oamhost:14100/oic_rest/rest/IdentitySP/people/testuser1
  •  As shown above, all the configured IDSProfile attributes can be retrieved using this UserProfile services through REST endpoints provided by OAM Mobile and Social.
  • Some more URIs for more operations like
    • Read all users:
    • Read all groups: http://oamhost:14100/oic_rest/rest/IdentitySP/groups
    • Read user groups : http://oamhost:14100/oic_rest/rest/IdentitySP/people/testuser1/memberOf
    • Read group memebers : http://oamhost:14100/oic_rest/rest/IdentitySP/groups/test/members  
For more information related to these REST services, you can refer to Oracle docs here. 
Thank you for visiting.