• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


  • Categories

  • Archive

  • Part IX : Install OAM Agent – 11g WebGate with OAM 11g

    Posted by "" in "installation, oam" on 2011-01-10

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestEmail this to someone

    This is part IX of step by step installation of Oracle Identity Management (OAM, OIM, OAAM, OAPM & OIN) which covers configuring  WebGate for Oracle Access Manager .

    • For Part I Download Software and create Schema click here
    • For Part II Install WebLogic Server 10.3.3  click here
    • For Part III Install SOA Server and Upgrade to click here
    • For Part IV Install IDAM click here
    • For Part V Create Domain for OIM, OAM, OAAM, OAPM & OIN click here
    • For Part VI Configure Identity Manager click here
    • For Part VII Install & Configure OIM Design Console click here
    • For Part VIII Configure LDAP Sync with OIM 11g click here (Optional – Required only for OAM-OIM Integration)

    In this post I am going to show how to install 11g WebGate for Oracle HTTP Server (OHS) 11g with OAM 11g server.

    OAM WebGate :  also known as AccessGate (in 10g) or OAM Agent (in 11g) is a Web Server Plug-in installed with WebServer (OHS, IIS, Apache, IBM WebServer) and communicates with Oracle Access Manager Server (Access Server in OAM10g). When user access a resource protected by Oracle Access Manager (OAM) then WebGate communicate with OAM to find how resource is protected and ask user to provide credential based on Authentication Policy set for resource.  For Request flow for WebGate check my earlier post here . For overview of Agents in OAM 11g (OAM Agents & OSSO Agent) click here

    Note: WebGate of version 10g or 11g is certified with OAM 11g.


    High level installation/configuration step  points for OAM 11g/10g WebGate

    1. Ensure that WebServer is already installed for which you wish to install/configure WebGate.

    2. Download WebGate for your WebServer. Download latest WebGate wherever applicable (For OHS 11g use 11g WebGate, for OHS 10g, IHS, IIS, Apache use webgate).

    3. Create instance of WebGate on OAM server (This can be done either by GUI or Command line) a.k.a. Provisioning WebGate .
    a) GUI using OAM Administration Console.
    b) Command Line using Remote Registration Tool (RREG) – RREG is available in two modes (in-band or out-of-band) . More on Remote Registration Utility here

    4. Install WebGate on machine where Web Server is running.

    5. Configure Web Server to include WebGate configuration (adding webgate.conf in httpd.conf)

    6. Copy artifacts/files created by WebGate registration (in step 3) to WebGate Instance directory (created in step 4 above).

    7. Restart Web Server

    8. Test WebGate installation.


    Key points for OAM 11g WebGate Installation

    1. Currently (as of 3rd Jan 2011) 11g WebGate is available for Oracle HTTP Server 11g only. If you wish to configure WebGate for OHS 10g, IIS (Microsoft),  IHS (IBM HTTP Server) or Apache HTTP Server then user 10g WebGate for OAM 11g.

    2. An Instance of WebGate must be created on OAM Server (aka Provisioning Agent) which can be either done via Graphical Tool (OAM Administration Console) or Command Line tool (Remote Registration Tool – RREG)

    3. Remote Registration Tool (RREG) can be run in two modes i.e. in-band mode or out-of-band mode. In-Band mode is used where WebServer/WebGate and OAM server are managed by same team where as Out-of-band mode is used where WebServer/WebGate is managed by one team and OAM server is managed by different team.

    4. 11g WebGate requires JRE 1.6 , use JDK 1.6 shipped with OHS 11g to install 11g WebGate.

    5. WebGate on Unix/Linux machine requires compatible GCC which can be downloaded from here  (under GCC Libraries for Oracle Identity Federation)


    WebGate (10g/11g) Installation Steps with OAM 11g

    1. Download WebGate 11g from here  under “Oracle Access Manager WebGates (“. For 10g WebGate download them from  here  under “Oracle Access Manager 10g – non OHS11g Webgates and 3rd Party Integrations

    2. Register WebGate with OAM Server using Remote Registration Tool in inband mode
    2.1 cd $ORACLE_HOME/oam/server/rreg
    2.2 set OAM_REG_HOME (to above directory) and JDK_HOME in oamreg.sh
    2.3 Update serverAddress, agentBaseURL, agentName, HostIdentifier & applicationDomain in  $ORACLE_HOME/oam/server/rreg/input/OAM11GRequest.xml (For 10g WebGate update OAMRequest.xml )
    2.4 cd $ORACLE_HOME/oam/server/rreg/bin/
    2.5 ./oamreg.sh inband input/OAM11GRequest.xml   (This command will create an instance of 11gWebGate in OAM Sever and generate OAM WebGate artifacts in $ORACLE_HOME/oam/server/rreg/output)


    . 3. Install OAM 11g WebGate for OHS 11g using

    setup.exe -jreLoc <1.6_JRE_Location>  (For Windows)
    runInstaller -jreLoc <1.6_JRE_Location>  (For Unix)

    Enter Middleware Home and Oracle Home directory for WebGate installation.


    4. Configure OAM 11g WebGate with OHS Instance.

    4.1 cd $Webgate_Oracle_Home/webgate/ohs/tools/deployWebGate

    4.2  deployWebgateInstance.sh|bat -w $Webgate_Instance_Directory -oh $Webgate_Oracle_Home (This command will copy files from WebGate software location to OHS instance directory)

    WebGate_Instance_Directoryis OHS Instance Directory (default location is $ORACLE_HTTP_SERVER/ instance/ instance1/ config/ OHS/ ohs1) and

    Webgate_Oracle_Home is directory in which Webgate is installed during WebGate installation screen above


    4.3 Include OHS library files in to LD_LIBRARY_PATH as

    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:<Oracle_Home_for_Oracle_HTTP_Server>/lib

    4.4 Update httpd.conf of OHS

    cd $Webgate_Oracle_Home/webgate/ohs/tools/setup/InstallTools
    EditHttpConf -w $Webgate_Instance_Directory [-oh $Webgate_Oracle_Home>] [-o $output_file]


    4.5 Copy files generated in step 2.5 from $ORACLE_HOME/oam/server/rreg/output/[Agent_Name] to $WEBGATE_INSTANCE_DIR/webgate/config (For OHS 11g location is $MW_HOME/Oracle_WT1/instances/instance1/config/OHS/ohs1/webgate/config)

    5. Restart Oracle HTTP Server (OHS)
    5.1 $ORACLE_HOME_for_OHS11g/instances/instance1/bin/opmnctl stopall
    5.2 $ORACLE_HOME_for_OHS11g/instances/instance1/bin/opmnctl startall

    6. Test WebGate Installation
    6.1 Try accessing OHS 11g root page and it should redirect to OAM Single Sign-On Login page.


    Related Posts for Access Manager

    1. Integration Steps – 10g AS with OAM (COREid)
    2. OAS – OAM (Access Manager / Oblix COREid) Integration Architecture
    3. Oblix COREid and Oracle Identity Management
    4. Installing Oracle Access Manager (Oblix COREid / Netpoint)
    5. Oracle Access Manager (Oblix COREid) Upgrade
    6. Access Manager: WebGate Request Flow
    7. Introduction to Oracle Access manager : Identity and Access System – WebPass , Webgate, Policy Manager
    8. Certified Directory Server (AD, OID, Tivoli, Novell, Sun or OVD) and their version with Oracle Access Manager
    9. Install Oracle Access Manager (OAM) Identity Server, WebPass, Policy Manager, Access Server, WebGate
    10. Multi-Language or multi-lingual Support/Documentation for Oracle Access Manager (OAM)
    11. OAM Policy Manager Setup Issue “Error in setting Policy Domain Root” : OAM with AD and Dynamic Auxiliary Class
    12. OAM Installation Part II – Indentity Server Installation
    13. OAMCFGTOOL : OAM Configuration Tool for Fusion Middleware 11g (SOA/WebCenter) Integration with OAM
    14. Oracle Access Manager Installation Part III : Install WebPass
    15. OAM : Access Server Service Missing when installing Access Manager with ADSI for AD on Windows
    16. OAM : Create User Identity – You do not have sufficient rights : Create User Workflow
    17. Password Policy in Oracle Access Manager #OAM
    18. Changes in Oracle Access Manager 11g R1 (
    19. Agents in OAM 11g (WebGate 10g/11g, OSSO/mod_osso, AccessGate IDM Domain agent) aka PEP (Policy Enforcement Points)
    20. How to install Patches in Oracle Access Manager 10g : Bundle Patch / BPXX
    21. Session Management in #OAM 11g : SME , Idle Timeout, Session Lifetime
    22. Part IX : Install OAM Agent – 11g WebGate with OAM 11g
    23. How to integrate OAM 11g with OID 11g for User/Identity Store
    24. How to install Bundle Patch (BP) on OAM – BP02 (10368022) OAM
    25. Error starting OAM on IBM AIX : AMInitServlet : failed to preload on startup oam java. lang. Exception InInitializer Error
    26. OAMCFG-60024 The LDAP operation failed. OAMCFG-60014 Oracle Access Manager is not configured with this directory
    27. How to Edit (create, delete, modify) Identity Store of OAM 11g from command line (WLST) – editUserIdentityStoreConfig
    28. OAM WebGate Registration RREG – Resource URL format is not valid
    29. Blank Screen on OAM 10g Identity Server Console : /identity/oblix
    30. Oracle 10g/11g webgate software download location
    31. How to find Webgate 10g/11g Version and Patches Applied
    32. OAM integration with OIF : Authentication Engine or Service Provider
    33. OAM 11g integration with Microsoft Windows Active Directory (WNA, IWA, Kerberos) for Zero Sign-On
    34. OAM 11g : How to change Security Mode (OPEN, SIMPLE, CERT) – WebGate to Access Server Communication
    35. Forgot Password link on OAM Login Page
    36. OIM-OAM-OAAM integration – Account Lockout in OAM obLoginTryCount , oblockouttime, MaxRetryLimit
    37. How to identify which LDAP (OID/AD/OVD) server OAM 11g connects to and as what user ?
    38. OAM 10g WebGate installation failed with Sorry Invalid User or Invalid Group
    39. Beware if you are running OAM in SIMPLE mode with 10g WebGate : Oracle AccessGate API is not initialized
    40. Troubleshooting : 11g WebGate with OHS 11g integrated with OAM 11g : OBWebGate_AuthnAndAuthz: Oracle AccessGate API is not initialized
    41. Deploying OAM in high availability across data centres in Active Active cluster : New Feature in OAM 11gR2 PS2
    42. New OAMConsole in OAM 11gR2 PS2 : Enabling Federation, STS, Mobile & Social in Oracle Access Management Suite

    131 Responses to “Part IX : Install OAM Agent – 11g WebGate with OAM 11g”

    1. elkouz says:

      Dear Atul,
      I ve been working on the implementation of the above senario as part of a test case I am working on.
      I reached this point:

      4.3 Include OHS library files in to LD_LIBRARY_PATH as

      It doesnt seem to be clear for me wheather this is a comand that I have to write and if so to which directory should I navigate to before runing it.

      Many Thanks in advance Mr. Atul

    2. Atul Kumar says:

      When you run EditHttpConf command at that time your LD_LIBRARY_PATH should also include OHS library ($OHS_ORACLE_HOME/lib)

      which means that just before running above command run echo $LD_LIBRARY_PATH (Unix)

      or echo %LD_LIBRARY_PATH% (Windows)

      and lib directory of OHS ORACLE_HOME should also be displayed as part of this output.

    3. […] Part IX : Install OAM Agent – 11g WebGate with OAM 11g […]

    4. […] I also discussed about OAM 11g WebGate (10g or 11g) registration using RREG here […]

    5. Ramasamy says:


      Since Webgate 11g ( will have to be installed in OHS, do we need a separate OH for Webgate 11g (for example OAMWebGate1)? Or can we use the OHS’s OH?

      – Ramasamy

    6. Atul Kumar says:

      @ Ramasamy,
      Yes 11g webgate must be installed under separate OH but under same Middleware Home (MW_HOME) in which OHS 11g Oracle Home exists.

    7. Ramasamy says:


      We are trying to install 10g WebGate in OAM 11.1.13.. When I run the oamreg.sh, I am getting the following error:

      Aug 28, 2011 1:34:28 AM oracle.security.am.engines.rreg.client.RegClient main
      SEVERE: Exception encountered: RemoteAgentRegistrationException. Specific exception:HTTP Post Method failed: HTTP/1.1 500 Internal Server Error oracle.security.am.engines.rreg.common.RemoteAgentRegistrationException: HTTP Post Method failed: HTTP/1.1 500 Internal Server Error

      But I noticed from the oamconsole, I could see the Agent Name under Policy configuration tab, but I am not seeing anything under System Configuration tab…

      Any ideas?


    8. aengineer says:


      Is there any capability within OAM or within the webgates to apply some sort of content filtering rules? For example, we have been told that some webgates support the ability to deny the request if the payload is more than N characters, or if someone is trying to “inject SQL” into the OAM server, etc.

      The reason I ask this is because the current OAM design requires you to expose your OAM servers to the internet if you want to protect public facing sites. And this leaves open the possibility that someone could submit any data as part of the form POST to auth_cred_submit. We see this as a security risk and would like to prevent it.

      Aspi Engineer
      Putnam Investments

    9. oamadminuser says:

      Help; After installing WLS 10.3.5,OAM,OHS, Webgate, Access Gate – all 11g – my R12.1.3 mid tier is redirecting user logins to ebsauth_/ssologin. That gets error 404 from the OHS.
      What is this ssologin? Shouldn’t R12 redirect to OAMLogin.jsp? Any help appreciated.

    10. Atul Kumar says:

      @ oamadminuser

      What is value of profile option “Application Authentication Agent” in EBS R12 ?

    11. oamadminuser says:

      Hi Atul, Application Authentication Agent is set to http://:7777/ebsauth_/

      It is appending ssologin to the end of that url (as seen by trying various other values of Apps Auth Agent). But OHS does not know what to do with it.

      I am using 11g webgate, as also approved and described in 1309013.1 MOS note.

      I also see DENY entries in OAM log.

      Very interesting problem!

    12. oamadminuser says:

      That profile option should read: Application Authentication Agent is set to http://:7777/ebsauth_DATABASE_TWO_TASK/

    13. venkyd1985 says:

      HI Atul,

      I have followed your document, i was able to protect the Oracle HTTP server with OAM successfully. when i tried to access the http://:7777 it was re-directing to the OAM login page, but after the successful login into the OAM the page was not directing back to the HTTP server again, it displaying error page not found but i can see the url as http://:7777 in the browser. Can you help me out what i have missed here… or i need to any more….

    14. Atul Kumar says:

      @ venkyd1985,
      It could be just because /index.html is protected (by default with webgate 11g everything is protected)

      Define public policy for resource /index.html as public in both authentication and authorization policies (How to define policies is in my Book OAM/OIM 11g for administrators and also in Oracle Guides)

    15. Oam_Admin1 says:

      Hi ,

      i am trying the OAM/OIM integration. I have installed and configured oam, soa, oim serverrs in one domain, configured PIm with ldap sync enabled.

      Now trying to run the command :-
      idmConfigTool –configOAM input_file=propertiesFile

      But getting one error :-

      bash-3.2$ ./idmConfigTool.sh -configOAM input_file=OAMconfigPropertyFile
      Enter ID Store Bind DN password :
      Enter User Password for WLSPASSWD:
      Confirm User Password for WLSPASSWD:
      Enter User Password for OAM11G_OIM_WEBGATE_PASSWD:
      Confirm User Password for OAM11G_OIM_WEBGATE_PASSWD:
      Enter User Password for IDSTORE_PWD_OAMSOFTWAREUSER:
      Confirm User Password for IDSTORE_PWD_OAMSOFTWAREUSER:
      Enter User Password for IDSTORE_PWD_OAMADMINUSER:
      Confirm User Password for IDSTORE_PWD_OAMADMINUSER:
      at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.configOAM11gIdStore(OAM11gIntegrationHandler.java:352)
      at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.execute(OAM11gIntegrationHandler.java:696)
      at oracle.idm.automation.AutomationTool.configOAM(AutomationTool.java:593)
      at oracle.idm.automation.AutomationTool.parseCmdLine(AutomationTool.java:218)
      at oracle.idm.automation.AutomationTool.main(AutomationTool.java:132)
      There were errors found. Details have been logged to automation.log

      From automation.log:- i got :-
      (11:44:16 AM) : Jan 30, 2012 10:07:35 PM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOAM11gIdStore
      SEVERE: Error while configuring webgate and domain
      at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.configOAM11gIdStore(OAM11gIntegrationHandler.java:368)
      at oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler.execute(OAM11gIntegrationHandler.java:696)

      Please suggest .

    16. Oam_Admin1 says:

      correcting the typo error in my second line :-

      configured OIM with ldap sync enabled.


    17. Atul Kumar says:

      @ Oam_Admin1,
      What is value of JAVA_HOME, JDK version , ORACLE_HOME and other environment variable ?

      Did other idmConfigTool complete successfully ?

    18. […] on IBM AIX Posted in February 28th, 2012 byAtul Kumar in oam  Print This Post On WebGate 11g Installation (WebGate is Policy Enforcement Point installed with Web Server), as per Oracle […]

    19. avinash says:


      I am trying to remotely register the webgate with OAM server but there seems to be some issue. Heres what I am getting :

      Exception in thread “main” java.lang.NoClassDefFoundError: oracle/security/am/en
      Caused by: java.lang.ClassNotFoundException: oracle.security.am.engines.rreg.cli
      at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
      at java.security.AccessController.doPrivileged(Native Method)
      at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
      at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
      Could not find the main class: oracle.security.am.engines.rreg.client.RegClient.
      Program will exit.

      My OAM_REG_HOME is set to \oam\server\rreg dierctory at oamreg.bat file

    20. Atul Kumar says:

      @ avinash,
      This error means classpath is missing required java classes required to register webgate.

      Are you running rreg from OAM host or different host ?

      Which java version you are using ?

      java -version
      which java

    21. avinash says:

      Thanks for the prompt response Atul..

      Java Version is :

      java version “1.6.0_18″
      Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
      Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode)

      I am running it from the OAM Host itself.

      Enviromnet Variable settisgs are as follows :

      Classpath = C:\Oracle\Middleware\jdk160_18\bin
      JAVA_HOME = C:\Oracle\Middleware\jdk160_18

    22. Damon says:

      hi avinash ,i face the same problem ,do you have solve this issue? thank you!!!

    23. Atul Kumar says:

      @ Damon, Avinash,
      Are you running this from OAM host (machine on which OAM is installed and configured) or from some other host (connected to OAM server remotely)

    24. ratheesh.nan says:


      Me too getting this error; would like to know if somebody has succeeded in resolving this!

      Thanks in advance,


    25. Damon says:

      i solved the problem, i set my Enviromnet Variable as :
      Edit oamreg.bat
      REM set OAM_REG_HOME=”D:\Remote Registration\RREG client kit\rreg”
      Then i run oamreg.bat,everything is OK!

    26. Dheeraj says:

      I want to install Oracle 11g Webgate with 11g OAM on a IIS web-server.
      Can you help in this. I googled it and seems there is no support to install 11g web-gate on IIS.

    27. Dheeraj says:

      I was trying to install the web-gate 10g to be worked with OAM 11g.
      I created a web-gate 10g agent in OAM admin console window
      On the web-server I installed web-gate as well.
      I also copied OAAccessClient from OAM console to web-gate web-server location.

      When after the installation, I am hitting my URL, it says:
      “HTTP Error 404 – 404 Not Found

      The Web server cannot find the file or script you asked for. Please check the URL to ensure that the path is correct”

      In eventviewer it says “Oblix System Logger Initialized”.
      In the log files it says “ould not read file”filename^oblix/config/oblog_config.xml”. I googled this problem but on .Net i found this message is not the actual message.

      Can you suggest me what wrong might be the possible problem.

      • Atul Kumar says:

        @ Dheeraj,
        What URL is this that results in page not found ?

        Try disabling webgate from httpd.conf by commenting entries by webgate (in the end of httpd.conf) and see if you can still access URL via OHS .

    28. Dheeraj says:

      I should have mentioned in last post only that I am using IIS.
      This URL is of my web-site I want to protect under OAM.
      When disabling the web-gate at IIS, it works fine.(becuse in that case, it does not initiliaze anything related to OAM or web-gate).

    29. Dheeraj says:

      I am using IIS7 server.

      I got the clue of this error message. This was coming because in the access agent configurations, “Deny on not protected” was ticked. When I unticked this,checkbox the error got disappeared.
      However now I am struggling with the policy creation.
      Whenever I hit my page, inspite showing the sso login page, it show me my site home page.While as per the protection policy it should have shown the sso login page.
      I am using “/../*” or /* notation. but still getting my home page.

    30. Atul Kumar says:

      @ Dheeraj,
      Try with three dots /…/* in place of two DOTS

    31. Kumar says:

      I just installed OAM and then tried to login into OAM CONSOLE, i am not able to login. No error, but the same Login screen comes back. When i checked the log

      [2012-07-18T14:14:14.509-04:00] [AdminServer] [ERROR] [OAMSSA-20005] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000JYRJ1v^EWNW3tz^er11G1ikT00001F,0] [APP: oam_admin#] [dcid: a827fbd0cee0501e:41979a37:1389b0d9163:-8000-0000000000000070] [arg: null] Error initializing User/Role API : null.
      [2012-07-18T14:14:14.509-04:00] [AdminServer] [WARNING] [OAMSSA-20007] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000JYRJ1v^EWNW3tz^er11G1ikT00001F,0] [APP: oam_admin#] [dcid: a827fbd0cee0501e:41979a37:1389b0d9163:-8000-0000000000000070] [arg: Error initializing User/Role API : null.] Unable to connect to the User Store. User Store may not be initialized : Error initializing User/Role API : null..
      [2012-07-18T14:14:14.510-04:00] [AdminServer] [ERROR] [OAM-400016] [oracle.oam.admin.console.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000JYRJ1v^EWNW3tz^er11G1ikT00001F,0] [APP: oam_admin#] [dcid: a827fbd0cee0501e:41979a37:1389b0d9163:-8000-0000000000000070] Failed to authenticate the user[[

      Could you help me to fix it.

    32. Atul Kumar says:

      @ Kumar ,
      what user you are using ? what URL you are using to login ? Is OAM integrated with OID for authentication ? Which document you used to install and configure OAM ?

    33. Manju says:

      Hi Atul,
      I am getting same error as Kumar –
      Unable to connect to the User Store. User Store may not be initialized : Error initializing User/Role API : null..

      I followed the steps given in your tutorials. (I am using wls10.3.3, soa,OAM

      When I looked in oam-config.xml, the ldap entry is incorrect. could it be the reason?

    34. Manju says:

      Unfortunatly I wasn’t able to fix the issue. I am getting
      Exception in decryption
      javax.crypto.BadPaddingException: Given final block not properly padded
      at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
      at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)

      That is probably because of the AES encrypted password.

      Can you please let me know why it is not being auto configured.

      I have installed OID in a different machine, If I sync OAM with the OID(after I login to OAM), will oblix attributes/objects get created in OID ? The only reason I am trying to install OAM is to resolve “Failed to find obpasswordexpirydate in mandatory or optional attribute list. ” error. I have tried to import them manually, which it does succesfully. But when I try to import my ldif file, it throws the error mentioned before.

      Any help would be great.

    35. Atul Kumar says:

      @ Manju,
      Which document you are using ? Follow enterprise deployment guide if possible

    36. venkat28 says:

      Hello Atul;

      I am newbie in OAM. I was trying to configure webgate for OHS through OAM. When I try to run the following command (inband registration) I am getting an error. Can you please help me with this.

      ./bin/oamreg.sh inband input/OAMllGRequest.xml

      Error Message:

      oracle.security.am.engines.rreg.client.RegController processRegist ration
      SEVERE: Server side error occurred. Specific error messages are:Create policy re
      source exception. Resource type must not be null. URI=/
      The remote registration process did not succeed Please find the specific error
      message below.
      Error message passed from server is:Create policy resource exception. Resource t
      ype must not be null. URI=/
      oracle.security.am.engines. rreg.client.RegClient main
      SEVERE: Exception encountered: RemoteAgentRegistrationException. Specific except
      ion:Error message passed from server is:Create policy resource exception. Resour
      ce type must not be null. URI=/oracle.security.am.engines.rreg.common.RemoteAge
      ntRegistrationException: Error message passed from server is:Create policy resou
      rce exception. Resource type must not be null. URI=/

    37. venkat28 says:

      Hello Atul:

      Here’s my OAM11GRequest.xml file



    38. venkat28 says:

      Hello Atul:

      Here’s my OAM11GRequest.xml file



    39. venkat28 says:

      Hello Atul:

      I re-installed the OAM Server and I was able to get through the installation successfully.

      But after that when I try to view the OHS link (http://localhost:80), I get the following error.

      The browser says ” OAM Operation Error. The Web gate plug-in is unable to contact any Access servers.”

      The error message thrown in the console is:

      ACCESS GATE FATAL 0x00001520 /adefaime_h0025/ngamac/src/palantir/webgate2/src/apache

      2entry_web_gate.cpp:591 “Exception thrown during WebGate initialization”

      ACCESS_GATE FATAL 0x0000 182C /ade/aime_h0025/ngamac/src/palantir/webgate2/src/apache
      2entry_web_gate.cpp:592 “The AccessGate is unable to contact any Access Servers

      Can you please help with this?

    40. ChuLy says:

      Hello Atul,

      I have followed your document, i was unable to protect the Oracle HTTP server with OAM successfully.

      I stuck at step 2. Register WebGate with OAM Server.

      Could u provide more details in case default configuration with Oracle HTTP server and OAM are on single host?

      • Atul Kumar says:

        @ Chuly,
        I am assuming that you are installing 11g R1 ( WebGate, Did you follow steps mentioned here ? what issue you are hitting during webgate installation and configuration ?

    41. ChuLy says:

      Hi Kumar,

      I have create a default configuration webgate A on server OAM (server A) successfully.

      I also create another default configuration webgate B on the server B. And 2 webgate are SSO with an OID user: http://A:7777, http://B:7777.

      My matter at this moment is the Logout URL. I configure both Logout URL of 2 webgate agents is: /logout.html. But both website http://A:7777 and http://B:7777 only logout and redirect when i click the URL:
      http://A:7777/logout.html. If i use http://B:7777/logout.html, the website shows Page not found.

    42. ChuLy says:

      Hi Kumar,

      I got another critical problem. That is when i login or logout from http://A:7777 and http://B:7777. The http://A:7002/oamconsole is also login and logout. Even when the user to logging in to http://A:7777 and http://B:7777 is orcladmin user from OID and user to logging in http://A:7002/oamconsole is weblogic.

      Please help me solving this problem!!!

      • Atul Kumar says:

        @ ChuLy,
        This is expected behaviour if all three apps (including OAMCONSOLE) are protected by same SSO (OAM) server and user is using same browser. Use two different browser like IE and Firefox if you want to login or logout from two application (protected by same SSO) using same PC.

    43. Vivek Sharma says:

      Hi Atul,

      I bought your book from OnlineAppsDBA and am on Page 121 of the eBook. I am running into issues installing WebGate 10g, where it is not able to talk to OAM Managed Server, whereas the Managed Server is up!


    44. Atul Kumar says:

      @ Vivek,
      Check if

      1. There are any errors in OAM managed servers logs
      2. Check from weblogic console that OAM_SERVER application is in state active
      3. Check if OAM access server is listening on port 5575 (netstat -an | grep 5575 LISTEN )


    45. Vivek Sharma says:

      Thanks Atul for the response!
      Actually I was working on another project in parallel and there the my domain was marketsphere.com, whereas this server the domain was marketsphereconsulting.com. So I had a mixup odf domain I was providing the installer. When I corrected that, I could proceed further.
      Your help is very much appreciated!

      Thanks a lot


    46. Vivek Sharma says:

      Hi Atul,

      I bought your book from OnlineAppsDBA and am on Page 133 of the eBook. I am confused what the value of this port should be?
      Listen Port: 8602

      Is this the port that the EBS listens on, or just an arbitrary port for this managed server?

      Thanks for your help!

    47. Atul Kumar says:

      @ Vivek,
      This is just an arbitrary port for this managed server. If you choose a differnet port then change 8602 in eBook to this new port that you use.

    48. Vivek Sharma says:

      Hi Atul,

      I bought your book from OnlineAppsDBA.com and am on page 137, executing the ant script ant -f txkEBSAuth.xml to create data source. I am getting the following error.
      Buildfile: txkEBSAuth.xml
      [taskdef] Could not load definitions from resource net/sf/antcontrib/antcontrib.properties. It could not be found.


      [input] skipping input as property wlshosturl has already been set.

      /u01/sso/Middleware/appsutil/accessgate/OBA1S/txkEBSAuth.xml:62: Could not create task or type of type: if.

      Ant could not find the task or a class this task relies upon.

      This is common and has a number of causes; the usual
      solutions are to read the manual pages then download and
      install needed JAR files, or fix the build file:
      – You have misspelt ‘if’.
      Fix: check your spelling.
      – The task needs an external JAR file to execute
      and this is not found at the right place in the classpath.
      Fix: check the documentation for dependencies.
      Fix: declare the task.
      – The task is an Ant optional task and the JAR file and/or libraries
      implementing the functionality were not found at the time you
      yourself built your installation of Ant from the Ant sources.
      Fix: Look in the ANT_HOME/lib for the ‘ant-‘ JAR corresponding to the
      task and make sure it contains more than merely a META-INF/MANIFEST.MF.
      If all it contains is the manifest, then rebuild Ant with the needed
      libraries present in ${ant.home}/lib/optional/ , or alternatively,
      download a pre-built release version from apache.org
      – The build file was written for a later version of Ant
      Fix: upgrade to at least the latest release version of Ant
      – The task is not an Ant core or optional task
      and needs to be declared using .
      – You are attempting to use a task defined using
      or but have spelt wrong or not
      defined it at the point of use

      Remember that for JAR files to be visible to Ant tasks implemented
      in ANT_HOME/lib, the files must be in the same directory or on the

      Please neither file bug reports on this problem, nor email the
      Ant mailing lists, until all of these causes have been explored,
      as this is not an Ant bug.

      Total time: 0 seconds

    49. Vivek Sharma says:

      Actually I could proceed by fixing some paths, but I get another error
      [wlst] once the activation is completed.
      [wlst] ************************************************************************
      [wlst] ERROR: Error encountered while activating the changes.
      [wlst] Canceling the edit session.
      [wlst] ************************************************************************
      [wlst] Discarded all your changes successfully.
      [wlst] This Exception occurred at Mon Oct 15 13:47:54 CDT 2012.
      [wlst] weblogic.application.ModuleException:
      [wlst] at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:302)
      [wlst] at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
      [wlst] at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:518)
      [wlst] at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
      [wlst] at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
      [wlst] at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:47)
      [wlst] at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:614)
      [wlst] at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
      [wlst] at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:184)
      [wlst] at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:43)
      [wlst] at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
      [wlst] at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
      [wlst] at weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:208)
      [wlst] at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98)
      [wlst] at weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:217)
      [wlst] at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:749)
      [wlst] at weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1216)
      [wlst] at weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:218)
      [wlst] at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:160)
      [wlst] at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:171)
      [wlst] at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.prepare(DeploymentReceiverCallbackDeliverer.java:41)
      [wlst] at weblogic.deploy.service.internal.statemachines.targetserver.AwaitingContextUpdateCompletion.callDeploymentReceivers(AwaitingContextUpdateCompletion.java:164)
      [wlst] at weblogic.deploy.service.internal.statemachines.targetserver.AwaitingContextUpdateCompletion.handleContextUpdateSuccess(AwaitingContextUpdateCompletion.java:66)
      [wlst] at weblogic.deploy.service.internal.statemachines.targetserver.AwaitingContextUpdateCompletion.contextUpdated(AwaitingContextUpdateCompletion.java:32)
      [wlst] at weblogic.deploy.service.internal.targetserver.TargetDeploymentService.notifyContextUpdated(TargetDeploymentService.java:225)
      [wlst] at weblogic.deploy.service.internal.DeploymentService$1.run(DeploymentService.java:190)
      [wlst] at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
      [wlst] at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
      [wlst] at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
      [wlst] Caused by: weblogic.common.resourcepool.ResourceSystemException:
      [wlst] Could not connect to ‘oracle.apps.fnd.ext.jdbc.datasource.AppsDataSource’.
      [wlst] The returned message is: ORA-01017: invalid username/password; logon denied
      [wlst] It is likely that the login or password is not valid.
      [wlst] It is also possible that something else is invalid in
      [wlst] the configuration or that the database is not available.
      [wlst] at weblogic.jdbc.common.internal.JDBCUtil.parseException(JDBCUtil.java:301)
      [wlst] at weblogic.jdbc.common.internal.PooledConnectionEnvFactory.makeConnection(PooledConnectionEnvFactory.java:313)
      [wlst] at weblogic.jdbc.common.internal.PooledConnectionEnvFactory.createResource(PooledConnectionEnvFactory.java:97)
      [wlst] at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1249)
      [wlst] at weblogic.common.resourcepool.ResourcePoolImpl.makeResources(ResourcePoolImpl.java:1166)
      [wlst] at weblogic.common.resourcepool.ResourcePoolImpl.start(ResourcePoolImpl.java:249)
      [wlst] at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1155)
      [wlst] at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:154)
      [wlst] at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:455)
      [wlst] at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:372)
      [wlst] at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:255)
      [wlst] Traceback (innermost last):
      [wlst] File “/tmp/wlsttempfile89327382.py”, line 125, in ?
      [wlst] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      [wlst] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
      [wlst] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
      [wlst] at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
      [wlst] java.lang.Exception: java.lang.Exception: Error encountered while activating the changes
      [wlst] Exception in thread “Main Thread” java.lang.IllegalStateException: Traceback (innermost last):
      [wlst] File “/tmp/wlsttempfile89327382.py”, line 125, in ?
      [wlst] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      [wlst] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
      [wlst] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
      [wlst] at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
      [wlst] java.lang.Exception: java.lang.Exception: Error encountered while activating the changes
      [wlst] at weblogic.management.scripting.WLSTInterpreterInvoker.printError(WLSTInterpreterInvoker.java:110)
      [wlst] at weblogic.management.scripting.WLSTInterpreterInvoker.executePyScript(WLSTInterpreterInvoker.java:103)
      [wlst] at weblogic.management.scripting.WLSTInterpreterInvoker.main(WLSTInterpreterInvoker.java:27)

      /u01/sso/Middleware/appsutil/accessgate/OBA1S/txkEBSAuth.xml:47: The following error occurred while executing this line:
      /u01/sso/Middleware/appsutil/accessgate/OBA1S/txkEBSAuth.xml:408: Error Creating DataSource

      Total time: 44 seconds

    50. Vivek Sharma says:

      Which username is is trying to access? As I set the password for ASADMIN as ASADMIN as was in the book!

    51. Vivek Sharma says:

      And I can logon as asadmin in EBS

    52. Atul Kumar says:

      @ Vivek Sharma

      a) You copied fndext.jar file to the domain library and restarted the AdminServer after that

      b) User ASADMIN has connect schema role assigend

      c) Ensure that DBC file is correct

      d) Ensure that SERVERID in dbc file is one exists in FND_NODES table in EBS under apps schema

      e) If a-d are correct then try ASADMIN in upper case

    53. Vivek Sharma says:

      a-d were completed. Changing to upper case does not help.

      The only thing that I am suspecting can be a problem, was when I created the DBC file on the EBS server, I used just node name, instead of fqdn, as fqdn was more than 30 characters for me and the fnd_nodes has a limit. I had an SR open with Oracle and they suggested, it would be fine like this for a data source. What is your opinion?
      I used NODE_NAME=fusionidm, instead of fusionidm.marketsphereconsulting.com which was erroring the script java oracle.apps.fnd.security.AdminDesktop

    54. Atul Kumar says:

      @ Vivek,

      NODE_NAME=fusionidm should be OK.

      Paste content of your DBC file and output from FND_NODES table. Also update hostname of server where WebLogic Admin Server (one on which Access Gate is deployed) is running .

    55. Vivek Sharma says:

      Admin server is running on fusionidm.marketsphereconsulting.com

      [fmwidm@fusionidm OBA1S]$ more OBA1S_FUSIONIDM.dbc
      #Desktop DB Settings
      #Thu Oct 11 21:44:45 CDT 2012



    56. Vivek Sharma says:

      Hi Atul,
      I am on page 140 of your ebook, and am getting a 404 Not Found error?
      Even though the Application got deployed, I am getting the 404 Not Found error for the following URL:


      I have already put the following in the mod_wl_ohs.conf

      SetHandler weblogic-handler
      WebLogicHost fusionidm.marketsphereconsulting.com
      WebLogicPort 8602

      Any ideas?

    57. Vivek Sharma says:

      Is it possible, that during registration of the webgate step:
      ./oamreg.sh inband /u01/sso/Middleware/Oracle_IAM1/oam/server/rreg/input/oba1s.xml

      My oba1.xml had the following contents, where I used ebsauth_oba1s as the resource, instead of ebsauth_OBA1S, that could cause problems? and is there a way to fix this?






    58. Vivek Sharma says:

      After fixing this in oamconsole, I got the login page. On page 141 of the ebook, what username would I use to login?

    59. Pratima says:


      I am trying to configure webgate and was successful in creating agent and registering it. But when I try to hit the web server on http port, it directs me to oam server on 14100 port but I cant connect to it. Somehow, I have never been able to telnet on 14100 even though my oam managed server is running and I can access oam console but instead I can telnet on 5575.
      Also, my adminserver logs keep complaining about this error:

      Is something wrong with my configuration?


    60. Pratima says:

      This is the error which I get in my admin sevrer logs.
      Failed to communicate with any of configured Access Server, ensure that it is up and running.

    61. Kumar says:

      I installed OAM and IAMSuiteAgent is enabled. Now how can i use IAMSuiteAgent?
      Before install OAM, i used like “http://:7001/em”, now with IAMSuiteAgent installed by default how can i call EM.

    62. santosh says:

      Hi Atul,

      I have installed the web-gate 11g for OHS11.1.1.5 and OAM11.1.1.5 BP3 on solaris 64, configured webgate by following steps mentioned by you, everything goes fine however when i try to access http://localhost:81 (OHS URL), it says:

      “Sorry, Requested page can no be found – 404″

      I have added few handler in mpd_wl_**.conf like for /odsm and also created a new resource, auth policy and authz policy in same domain in oam but when i try to access http://localhost:81/odsm, it says:

      “Sorry, Requested page can no be found – 404″

      When i disabled OHS_WG1 agent from OAM admin console, then i am able to access http://localhost:81/odsm.

      Also checked for http://localhost:81/oam/pages/login.jsp , is not accessible when agent is enable.

      Can you suggest me what wrong might be the possible problem.


      • Atul Kumar says:

        @ Santosh,
        In 11g WebGate version if a resource is not protected/allowed then access is deined. Create a resource / and protect this resource via anonymous authentication scheme or select exclude.

        See if that works

    63. santosh says:

      Hi Atul,

      Thanks for quick reply.

      I will try that.

      As i have mentioned that i created a new resource /odsm and selected “LDAP Scheme” even for that, it throws same error.

      I could not see any error in log file except ” could not read oblog_config.xml ( which can be ignored as per oracle doc.)


    64. Atul Kumar says:

      @ Santosh,
      To see if WebGate is an issues (if yes then you can apply fix in my previous update), disbale webgate by commenting include file for webgate.conf in httpd.conf and then bounce OHS.

      If you see this working then issue is with webgate and define policy

      If you see this NOT working then issue is with OHS and ensure that mod_wl_ohs.conf has correct entry to connect to weblogic server on which application (like ODSM) is running. To know more on mod_wl_ohs.conf check http://onlineappsdba.com/index.php/2009/09/23/configure-oracle-http-server-infront-of-oracle-weblogic-server-mod_wl_ohs/

    65. santosh says:

      Hi Atul,

      I am able to access page after commenting webgate entry in httpd.conf file. so looks like issue is with webgate and define policy.

      Shouls i delete the agent in OAM console and recreate using OAM Admin console.?
      Do you suggest any other steps ?


    66. santosh says:

      Hi Atul,

      My OAM Admin server (weblogic admin ) is running on port 7001 and OAM manage server is on port 14100, just want to confirm, while registering webgate which port should i use in server address?

      I used 7001, please confirm ?


    67. Atul Kumar says:

      @ you don’t use any of these ports. You must use OAM proxy server port. Default value is 5575 , search on this blog about how to find OAM proxy port and you will get more information on this port.

      This is also explained in our eBook oam integration with e-business suite

    68. santosh says:

      @Atul –

      Thanks. I created new agent and policy manually using OAM console, its working now but i am getting another issue i.e. after OAM login, it give error while redirecting the page, page is getting hang but if i refresh the page then it display the welcome page ( error say something could be wrong on cookie setting or redirection in the browser)


    69. pratima says:

      Hi Atul,

      I have installed 10g webgate and trying to connect to OAM11gR2 server. It works fine when the communication mode is open but when I try to use simple mode, accee to url http://host/access/oblix/apps/webgate/bin/webgate.cgi?progid=1
      gives error
      The WebGate plug-in is unable to contact any Access Servers.

      Oblix: 2012/11/09@01:45:07.419293 29507 29507 ACCESS_GATE FATAL 0x00001520 /scratch/alnguyen/Oblix/coreid1014/palantir/webgate2/src/apache2entry_web_gate.cpp:433 “Exception thrown during WebGate initialization”

      I verified it twice as its working fine in open mode but not simple mode. HHTP server can telent to oam server on 5575 and everything else is running. There are no other errors in the logs.
      Any suggestions?


    70. Atul Kumar says:

      @ Pratima,
      What all changes you made in order to change OAM from OPEN to SIMPLE ?

      Note: There is a BUG in 11gR1 (not tried with 11gR2 yet) where if you use higher version of JDK (higher than 1.6.24) and use SIMPLE or CERT mode then WebGate doesn’t work (because of certificates). I am not sure if that BUG is still on 11gR2 but curious to know steps you carried out to convert from OPEN to SIMPLE

    71. pratima says:


      I changed the mode of oam server to simple and then changed the webgates mode to simple. After that I copied the obaccessclient.xml under lib folder on webgate server, password.xml to config folder and aaa certificates under config/simple folder.. Please note that simple folder wasn’t already there as per the docs.. Then I restarted the web server and oam servers.

    72. moulali says:

      hi Atul,
      i have installed OAM Webgate 11g on OHS 11g,
      i am referring your book Oracle Identity and access manager 11g for Administartion.I am unable to edit EditHttpConf file for webgate configuration with the following error
      ./EditHttpConf -w /u01/oracle/apps/idam/Middleware/Oracle_WT1/instances/instance1/config/OHS/ohs1/ -oh /u01/oracle/apps/idam/Middleware/Oracle_OAMWebGate1 -o /u01/oracle/apps/idam/output2.txt

      ./EditHttpConf: error while loading shared libraries: libclntsh.so.11.1: wrong ELF class: ELFCLASS64
      please help me to resolve this problem.
      Thanks in Advance.

    73. rnugooru says:


      We are following your book.
      We are unable to see the default list in Resource Type in Policy Configuration.
      without them we cant register the weggates

      Please help us

      • Atul Kumar says:

        @ rnugooru,

        It looks like something failed during installation/configuration of OAM. Try re-install including database schema for OAM . Ensure that you use right version of RCU to load OAM schema.

    74. srshukla3 says:

      Hi Atul,

      I am getting follwoing error while creating data source for EBS Access Gate- after setting domain env, when i run –
      /usr/sfw/bin/ant -f txkEBSAuth.xml createDataSource

      It throws below error at the end –
      [echo] ********************************************************************
      [echo] ********************************************************************
      [trycatch] Caught exception: Problem: failed to create task or type wlst
      [trycatch] Cause: The name is undefined.
      [trycatch] Action: Check the spelling.
      [trycatch] Action: Check that any custom tasks/types have been declared.
      [trycatch] Action: Check that any / declarations have taken place.
      /u01/iam/fmw11.1.1.5/appsutil/accessgate/ebs01/txkEBSAuth.xml:408: Error Creating DataSource

      Total time: 44 seconds

      Any idea, what could be wrong ?


    75. srshukla3 says:

      /usr/sfw is ANT_HOME path.

      when i run ant -f txkEBSAuth.xml, it say ant not found, even though ANT_HOME is already set.

    76. srshukla3 says:

      Hi Atul,

      When i run /usr/sfwant -f txkEBSAuth.xml
      (create and deploy both)

      /u01/iam/fmw11.1.1.5/appsutil/accessgate/ebs01/txkEBSAuth.xml:171: Problem: failed to create task or type propertyregex
      Cause: The name is undefined.
      Action: Check the spelling.
      Action: Check that any custom tasks/types have been declared.
      Action: Check that any / declarations have taken place.

    77. Atul Kumar says:

      @ srshukla3,

      You said “/usr/sfw is ANT_HOME path” is this the one that comes with Linux/Unix or is this your weblogic home too ?

      If ANT_HOME is not from weblogic then try one from weblogic

      Take a look at section 11.3 “deploy ebs accessGate” our eBook http://onlineappsdba.com/index.php/book/

      Make sure that you set weblogic environment file setWLSEnv.sh

    78. srshukla3 says:

      Hi Atul,

      In EBS12.1.3 ,i can not see the profiles (FND: Validate User Type,FND: Validate IP address..).

      Is it must to have these system profile ?
      My access Gate deployment still fails –

      /u01/iam/fmw11.1.1.5/appsutil/accessgate/ebs01/txkEBSAuth.xml:408: Error

      Please confirm, if i need to apply any patch.

    79. srshukla3 says:

      Hi Atul,

      I have taken defualt DBC file, did not generate it -can you verify if the format it is correct, i do not see APPS_JDBC_URL in this –


      I am getting error whilec creating datasource –
      Caused by: weblogic.common.resourcepool.ResourceSystemException: Invalid port number for database URL: jdbc:oracle:thin:@${appsDBHostname}:${appsDBPort}:${appsDBSID}
      [wlst] at weblogic.jdbc.common.internal.JDBCUtil.parseException(JDBCUtil.java:301)

    80. Girish says:

      Hi Atul,

      Need one favour from you,

      We have to set up IAM DR system replica of Live Prod IAM DC.

      We have done below mentioned points as per document oracle e15250.pdf
      1.We have tar and untar all directories from DC to DR.
      2. Added Alias hostname at DR sitein /etc/hosts as per doc.
      3.Our OID instance, OHS11g,Identity and Access Server’s are up.
      4.We also configure the Webgate from
      [dbuser@MPBPLDRIDA2 configureWebGate]$ ./configureWebGate -i /orahome/oracle/product/OAM_HOME/webgate/access -t Webgate
      this command.
      and shows :
      Web Gate Installed Successfully.

      But here the problem is the webgate entries is not updated in https.conf.
      So can I confirm the its webgate installation.
      I am trying to hit the confirmation url
      url http://MPBPLDRIDA2:7777/access/oblix/apps/webgate/bin/webgate.cgi?progid=1
      I am getting 404 error.

    81. aman1983 says:

      Hi Atul

      I would like to know how to setup OAM 11gR2 SSO for a web page.

      Can you please describe the required steps and all configuration?

      Thank you

    82. Girish says:

      Hi Atul,
      Issue resolved on move back the webgate entries in httpd.conf file and diagnose page appeared.

      But I am facing one issue regarind the IP’s of DC.. which is showing in DR Setup (viz . Directoty Profiles, Identity Server and Wepass(Core id server) ) i.e. DC IP(10.10.x.x)insteadof DR Hostname, should i manually change at all place and restart the servers.

    83. Arulmani says:

      Dear Atul,

      We have successfully configured OAM with EBS 12.1.1 and OID with WNA.
      Now we need to configure another EBS application with same OAM access manager.
      Can you please tell me is it possible to configure and how can be it done.

      Thank you!!!


    84. Narendra says:

      Hi Atul,

      I am configuring oam 11gr2 in High Availability my admin server and access server is on node1 and another instance of access server is running on node2 and Here are my access server id’s (WLS_OAM1 and WLS_OAM2 ) they are in cluster.

      Now I am installing 10g webgate on apache web server while installing webgate it asks for access server id and hostname where access servers are installed. If I gave access server id as WLS_OAM1 and hostname of node1. If WLS_OAM1 is down how it is said to be as HA ?

      Can you please help me in configuring webgate with both instances of access servers ?

      Thanks in advance.


    85. Atul Kumar says:

      @ Narendra,
      Good question. When you configure WebGate and give access server ID as WLS_OAM1 then WebGate connects to OAM server and checks that there are two OAM servers . WebGate then downloads XML file with details of both OAM1 & OAM2 server as available servers.

      ANy future connectsion are made using this XML file which has two OAM servers.

      If you go to Webate Instance in OAM server then search for your webgate and under access servers you should see noth WLS_OAM1 and WLS_OAM2 listed.

      Let me know if you can’t find name of xml file in WebGate

    86. Narendra says:

      Atul,Thanks for a quick reply.

      Is the file name is ObAccessClient.xml which is under WEBGATE_install_dir/webgate/access/oblix/lib ?

      And on more question which is related to HA, I have no load balancer but I am using apache (Instance1)for failover and specified the apache hostname as loadbalancer name in access manager settings and it is working fine for me and on another apache (instance2) I have resources to protect, Now I am installing webgate to protect resource on apache instance2, Here what is the hostname I have to give to install webgate in HA ?

      How to install webgate using OAP ?

      Thanks in advance ?


    87. Viruls says:

      Hi Atul,

      I would like to install oracle access manager 11g webgate on OHS server which is installed by extending my existing environment where OID/OVD(IDM 11g are installed previously.

      But I am not able to install webgate, I am getting error like below ,

      “The Oracle home for the following components are not installed. Oracle webtier Utilities.”

      OHS is the Oracle webtier right ?

      Please provide me a solution for this issue.


    88. Atul Kumar says:

      At what stage you are hitting this error ?

      What is middleware home you selected duing WebGate installation ?

      Is OHS oarcle_home installed in this Middleware Home ?

    89. Viruls says:

      Hi Atul,

      Thanks for a quick response,

      Please find the answers for the above questions from you

      1) I selected the MW_HOME where I installed oid,ovd,odsm,ohs

      2)while installing the 11g Webgate through GUI after selecting the MW_HOME I am getting this error,

      3)I just extended the domain to configure ohs.


    90. Atul Kumar says:

      @ Virual,
      Problem is with Middleware Home Oracle Home for OHS and WebGate Oracle Home

      Give me full path of these three directory (These three must be on same host)

    91. Viruls says:

      Hi Atul,

      Middle ware home path :

      Ohs path :

      While installing webgate in this middleware home I am getting that error.

    92. Atul Kumar says:

      @ Viruls

      /u01/oracle/Middleware/ohs_inst1 looks more like ORACLE_INSTANCE which is different than ORACLE_HOME . If you share content of this directory then I can tell if this is ORACLE_INSTNACE or not.

      Where is ORACLE_HOME for OHS ?

    93. Viruls says:

      Hi Atul,

      Thank you for letting me know the difference b/w oracle_instance and oracle_home , There is no OHS oracle_home (eg: Oracle_WT1) in my environment I installed Webtier utilities and it solved my issue.

      Thanks You.

    94. sunil says:

      When I tried to update httpd.cong it gives me following error on cmd prompt:
      This application has requested the Runtime to terminate it in an unusual way.
      Please contact the application’s support team for more information.
      My product version are:
      Weblogic: 10.3.6
      VC++: Latest
      OS: windows 7 64-bit

      Please suggest me to to solve this error.

      • Atul Kumar says:

        @ Sunil,
        When you started command prompt did you run it as administrator ?

        You can manually open httpd.config and including webgate.conf

        include [full_path_of_webgate.conf]

        and re-start OHS

    95. sunil says:

      Hi Atul,
      Thanks for the help,
      Running command prompt as administrator didn’t work for me. I had done it manually.
      When I login to OAM console using “http://:/oamconsole”
      It open the welcome page but also shows that
      “The policy configuration is not available”
      Any help in this regards?

    96. Atul Kumar says:

      @ Sunil,
      OAMconsole is deployed on Admin Server so check WebLogic Admin Server log files .

    97. sunil says:

      Hi Atul,
      Looking at the log I have found following exception
      java.lang.Exception: Exception occured in wireOAMWithRP
      at oracle.security.am.install.oic.OAMOICWiringManager.wireOAMWithRP(OAMOICWiringManager.java:522)
      at oracle.security.am.install.oic.OAMOICWiringManager.wireOAMWithOIC(OAMOICWiringManager.java:760)
      at oracle.security.am.install.OAMInstaller.configureSystemConfig(OAMInstaller.java:434)
      at oracle.security.am.install.startup.OamInstallTopologyConfigListener.OamSysConfigOperations(OamInstallTopologyConfigListener.java:89)
      at oracle.security.am.install.startup.OamInstallTopologyConfigListener.initialize(OamInstallTopologyConfigListener.java:56)


      oracle.security.am.common.policy.admin.PolicyManagerException: OAMSSA-06252: The policy store is not available; please see the log file for more details.
      at oracle.security.am.common.policy.admin.PolicyAdminFactory.getProvider(PolicyAdminFactory.java:243)
      at oracle.security.am.common.policy.admin.PolicyAdminFactory.init(PolicyAdminFactory.java:166)
      at oracle.security.am.common.policy.admin.PolicyAdminFactory.getPolicyAdmin(PolicyAdminFactory.java:334)


    98. Anand says:


      I have deployed custom application in tomcat and I need to protect using OAM . I followed first procedure given by Mahendra in this blog, but when I am accessing to a page of that application it is prompting both OAM login page and application’s login page.
      I want tomcat authentication to be happening directly so that it won’t throw tomcat login page again. The customer don’t want to change code in the Custom Application .

      Can you please suggest me how can we achieve this.


    99. Joshua says:

      Atul my configuration just now started throwing…

      [oracle@pic-oam03 ~]$ /oracle/Middleware/asinst_1/bin/opmnctl startall
      opmnctl startall: starting opmn and all managed processes…
      opmn id=pic-oam03:6701
      0 of 1 processes started.

      ias-instance id=asinst_1

      –> Process (index=1,uid=259125200,pid=5330)
      time out while waiting for a managed process to start

      [oracle@pic-oam03 ~]$
      Message from syslogd@ at Thu Dec 5 16:57:48 2013 …
      pic-oam03 Oblix: 2013/12/05@23:57:48.047524 4651 4683 ACCESS_GATE FATAL 0x00001520 /usr/abuild/Oblix/coreid1014/palantir/webgate2/src/apache2entry_web_gate.cpp:433 “Exception thrown during WebGate initialization”

      I am running java version “1.4.2”, any ideas!?

      • Atul Kumar says:

        @ Joshua,
        It looks like issue with OID and OAM , check first OID logs /oracle/Middleware/asinst_1/diagnostics/logs/OID/oid1/console~OID~1.log to find what is issue .

        I am suspecting issue with webgate is because OAM is not available which may be dependent on OID so first fix OID .

    100. Joshua says:

      Atul, the console~OID~1.log only contains

      13/12/05 16:57:21 Start process

      13/12/05 16:57:38 Stop process

      Without any errors, any ideas if I need to turn of the log level? or another place I could look. Thanks Atul!

    101. Atul Kumar says:

      Check OPMN logs and also last file updated under


      oidmon and other files in that folder

    102. Joshua says:

      Thanks Atul, I found the error I think.

      [2013-12-09T10:28:13-07:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: pic-oam03] [pid: 3856] [tid: 0] Guardian: Connecting to database, connect string is oiddb

      [2013-12-09T10:28:13-07:00] [OID] [NOTIFICATION:16] [] [OIDMON] [host: pic-oam03] [pid: 3856] [tid: 0] Guardian: [gsdsiConnect] ORA-28001, ORA-28001: the password has expired

      I will try and figure out which users password has expired and fix it.

    103. Atul Kumar says:

      @ Joshua,
      Good, for now you can reset password back to same value and then re-start services.

      As long term fix and avoid this happening in future, create profile in database and set password not to expire for application schemas like ODS, ODSSM, and all IAM schema created by RCU _OIM/OAM etc

    104. Joshua says:

      Atul, thanks to your help I have made good progress.

      I feel like I am on the last leg. – WebLogic Admin Console – Directory Services console

      Both login fine

      All my services seem good

      [oracle@pic-oam03 ~]$ /oracle/Middleware/asinst_1/bin/opmnctl status

      Processes in Instance: asinst_1

      ohs1 | OHS | 3851 | Alive
      ovd1 | OVD | 3849 | Alive
      oid1 | oidldapd | 4702 | Alive
      oid1 | oidldapd | 4697 | Alive
      oid1 | oidmon | 3853 | Alive
      EMAGENT | EMAGENT | 3850 | Alive


      Prompt for login and password but are failing with the creds I thought. Any idea which log files I should check for this issue?

    105. Joshua says:

      I am at a lose. Run out of ideas.

    106. Saurabh Gairola says:

      Hi Atul,

      I am getting below Certificate error while trying to validate my webgate configuration.

      oracle@orgxdevidam01:/oracle/app/environments/dev/security/user_projects/domains/iam_domain/bin$ wget http://orgxdevidam01.in.oracle.com:7777/console
      –2014-02-25 18:43:57– http://orgxdevidam01.in.oracle.com:7777/console
      Resolving orgxdevidam01.in.oracle.com (orgxdevidam01.in.oracle.com)…
      Connecting to orgxdevidam01.in.oracle.com (orgxdevidam01.in.oracle.com)||:7777… connected.
      HTTP request sent, awaiting response… 302 Found
      Location: https://orgxdevidam01.in.oracle.com:8004/oam/server/obrareq.cgi?encquery%3D5nRY9sfm69pQqvgi6AcUnTeKJGJpTpdLSRurAM8ZTvnudBPZJLbI0WQuva3OX7VinKLHIGJ%2FCT%2BPTmPnYP0VMlp%2BX9%2FBlBDiCloWX6ylpz7B81IRzePlkYIX8ub%2BC3vlBYliaxrJRp8Fw6I%2Bb%2FvY05ct1SYV4r1zrEjXpQXPyd%2Fuzvr94n8ozlcrHeWhF9a5g6T19yK%2FeemZqodml4pJtJhmyrn26xfvHXL4dWkt052ZwDm5y9aQ1%2BBX03ubcmO%2Fc7jt9Wifo%2BpuEvSCsR8U6UYf0HpVO18MLknBNY9%2FW1p5powJYOmHiTeZmGM4YC9m%20agentid%3DWebgate_IDM%20ver%3D1%20crmethod%3D2 [following]
      –2014-02-25 18:43:58– https://orgxdevidam01.in.oracle.com:8004/oam/server/obrareq.cgi?encquery%3D5nRY9sfm69pQqvgi6AcUnTeKJGJpTpdLSRurAM8ZTvnudBPZJLbI0WQuva3OX7VinKLHIGJ%2FCT%2BPTmPnYP0VMlp%2BX9%2FBlBDiCloWX6ylpz7B81IRzePlkYIX8ub%2BC3vlBYliaxrJRp8Fw6I%2Bb%2FvY05ct1SYV4r1zrEjXpQXPyd%2Fuzvr94n8ozlcrHeWhF9a5g6T19yK%2FeemZqodml4pJtJhmyrn26xfvHXL4dWkt052ZwDm5y9aQ1%2BBX03ubcmO%2Fc7jt9Wifo%2BpuEvSCsR8U6UYf0HpVO18MLknBNY9%2FW1p5powJYOmHiTeZmGM4YC9m%20agentid%3DWebgate_IDM%20ver%3D1%20crmethod%3D2
      Connecting to orgxdevidam01.in.oracle.com (orgxdevidam01.in.oracle.com)||:8004… connected.
      ERROR: cannot verify orgxdevidam01.in.oracle.com’s certificate, issued by `/C=US/ST=MyState/L=MyTown/O=MyOrganization/OU=FOR TESTING ONLY/CN=CertGenCAB':
      Unable to locally verify the issuer’s authority.
      To connect to orgxdevidam01.in.oracle.com insecurely, use `–no-check-certificate’.

      Can you please help me in fixing the certiticate error.

    107. Saurabh Gairola says:


      8004 is SSl port for oam_server1 configured under iam_domain hosted in orgxdevidam01 host.

      We have configured web gate on Webtier OHS and created an agent in oamconsole and have followed all required configuration.

      wget is working fine with no certificate.

    108. Atul Kumar says:

      @ Saurabh,
      If I am not wrong wget (on linux) is trying to access https://orgxdevidam01.in.oracle.com:8004 from front end channel.

      Cert on 8004 are issued by /C=US/ST=MyState/L=MyTown/O=MyOrganization/OU=FOR TESTING ONLY/CN=CertGenCAB’ and this CA is not in CA’s list.

      To make this testing (don’t use this way to test butuse broweser and add CA cert in browser) add CA’s cert in unix’s trust store .

    109. Saurabh Gairola says:

      ok sure..

      ya right actually i was testing through browser only. but due to certificate error i was not able to test. Let me configure the certs


    110. Saurabh Gairola says:

      Hi Atul,

      Certificates issue have been resolved, now we are able to receive SSO page for the url we are triggering. But single sign on is not happening.
      Ex –


      When we hit the above url it redirects us to SSO page. Since we have the done context mapping for oamconsole, console and oim in mod_ohs.conf.

      When we authenticate the SSO page with oamadmin it redirects us to weblogi console page, rather than logging in console internally and taking us to console home page.

      So we had authenticate again in console page. Can you please help, how to enable the SSO here.

    111. Saurabh Gairola says:

      The mode OAM agent is configured is “Open”. We are not using any SSL Certs and communication.

    112. Saurabh Gairola says:

      We missed OAMIdentityAsserter. After coniguring it, Our Single Sign on is working fine.

    113. sasmit says:


      We are having an issue with registering Webgate in OAM.

      Our setup is as follows:

      We have one Redhat machine where we have installed Oracle DB, OHS and WebGate

      We have another Redhat machine where we have installed OAM and OUD.

      The issue appears when we try to register a new “OAM 11g webgate” in OAM console. After we fill up the details in the page and click on appy we get a “Null pointer”.

      We have also tried the command line option using “rreg” and the OAM11gRequest.xml” file. Here also we get a HTTP-500 from the admin server.

      The following is appearing on the oam_server1 ( managed oam server ) console

      Event response status is STATUS_FAIL for GET_AUTHN_SCHEME event. Error code OAM 0207.

      WE tried again through OAM console, this time we unchecked ” auto create policies” . The webgate registration succeeded this time.
      Although we have provided explicit protected and public urls, we are unable to access any content on OHS, including “/”.

      There appears to be another issue also, no default resource type is being shown in policy configuration tab. Althoug “HTTP” is expected.

    114. Bala says:

      Hi Sir,

      We a scenario for single user like Whenever he hits OIM selfservices URL which is protected in OAM and submits credentials in SSO login page, he is redirected to OIM default login page.Please help me, the issue is for only one user and there is no difference in user attributes when compared with working user attributes.

    Leave a Reply

  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP