OAM : Create User Identity – You do not have sufficient rights : Create User Workflow

If you try to create a user in Oracle Access Manager (OAM) and hit error message like “You do not have sufficient rights” then ensure that you have created a “create user workflow” and user trying to create User Identity (new user via OAM) has access to execute this workflow.

You could use identity system application to create this workflow and use either Quick Start tool(explained in this post) or using Workflow Applet here

.

.

1.Login to Identity System (/identity/oblix)
2. Select tab User Manager
3. Select tab Configuration
4. Select tab Workflow Definition
5. Click on Click Here link 

.

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

6 comments
vishuenc says March 13, 2012

how would you test ?

Reply
Atul Kumar says March 15, 2012

@ vishuenc,
Test what ?

Reply
Mukesh Negi says October 28, 2013

How user authentication requests can be load balanced between different OId servers, like if i have one access server and two oid, oid1 and oid2, and i want requests from access server to load balance between oid1 and oid2. I am not talking about user, policy and configuration data load balancing. I want to know how user authentication requests can be load balanced.

Reply
    Atul Kumar says October 28, 2013

    @ Mukesh,
    You mentioned “”I am not talking about user, policy and configuration data load balancing. I want to know how user authentication requests can be load balanced”” – COuld you please explain this ? Does Authentication request not go via user store ?

    If this is for OAM 10g then you have two options for authentication

    a) Use load balancer in front of OID
    or
    b) In user store use load balancing (failover or load balancing)

    Share version of OAM and I’ll point you to documentation for specific version

    Reply
Mukesh Negi says October 28, 2013

Thanks for your kind attention Atul. I am using OAM 10g 10.1.4.3 version.

assuming with user store you mean with the user data ( default access server user directory profile )

After lot’s of testing scenarion, oracle prod support and docs I am still thinking authentication doesn’t go via user data, here user data means the user directory profiles.

I have gone through lot’s of metalink notes as well as oracle documents but still not able to find the answers of my question.

I know about both load balancing way but the big question is –

1)
According to oracle support and docs, access server reads xml files only at startup, means accessinstall/config/data/ldap xml files only used at STARTUP ONCE where OID information stored and attached with one of the OID server and use only that one, then how does load balancer doing load balancing using LB between access server and OID? if in case that OID server to which it was attached goes down then what is the failover option to another directory server?

2) If access server use xml ldap/*.xml files to create connections then it means it does not use the user directory profiles in anyway.

only the big question –
—————————————
How user authentication requests can be load balanced between two OID’s and how failover can achieve?

it would great if you can share your email id to discuss on more on this mukesh.negi0910@outlook.com

Reply
Mukesh Negi says October 28, 2013

Few Questions –

1. Does user authentication requests really go through directory profiles?

1.2 If yes, then what is the purpose and use of accessserverinstall/config/ldap/*.xml files which actually contain the OID hosts and ports details access server used as per Oracle support.

1.3 If no, and access server used only ldap/*.xml files not directory profiles then how load balancing can achive even using LB in xml file since access reads xml files only at startup only and attached with a OID server?

2. if we have two ways of load balancing as you have mentioned one with LB in front of OID and second using data store then

2.1 Does it mean LB in front of OID method we are bypassing and not using data store ?

Reply
Add Your Reply

Not found