How to use OAM 11g Access Tester

OAM 11g has an inbuilt Access Tester which is used to test connectivity and troubleshooting with the actual physical deployment. Unlike OAM 10g Access Tester, OAM 11g Access Tester will verify the connectivity at run time. I would like to talk about the steps for using Access Tester in OAM 11g.

  1. Copy the jars oamtest.jar and nap-api.jar located at $ORACLE_HOME/oam/server/tester in OAM deployed machine to your local  system where you want to test the policies.
  2. Ensure that Java 1.6 is present in your environment. Test it using command line statement java -version.
  3. Locate the command prompt to the directory where OAM tester related jars are copied in Step1.
  4. Execute the command java -jar oamtest.jar as shown below.
  5. Tester wizard will display as shown below.
  6. Enter the following attribute values and click Connect as shown below:
    1. IP Address: IP address or Hostname of OAM server.
    2. Port: OAM Server Port. Default port is 5575.
    3. Max Conn: No. of max connections from WebGate to OAM Server.
    4. Agent ID: WebGate Profile ID.
    5. Agent Password: WebGate password
  7. Observe the connection result as shown below.
  8. Enter the values for fields Resource Hostname, Port, Resource URI and operation and click Validate. Observe the result as shown below.
  9. Enter the values for fields Username and Password to authenticate to the resource URI specified in step 8. Observe the result as shown below.
  10. Test the authorization by clicking Authorization button and observe the results as shown below.

That’s it. Please post your queries if you have any.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

13 comments
velkongu says August 17, 2012

Hi When I try to test oam test as u mentioned above. it gives

[8/17/12 5:50 PM][request][connect] no
[8/17/12 5:50 PM][response] Connection to access server not available. Can u please guide why the error occured.

Reply
Mahendra says August 17, 2012

Please check if OAM server is up and running. Are you able to telnet the OAM Access Server port?

Reply
velkongu says August 20, 2012

Hi Mahendra,
Thanks for ur reply. I have checked oam_server1 is up and running. I have checked it through Weblogic–>servers. Please find the telnet and nestat status. netstat is showing CLOSE_WAIT in 5575.

telnet 172.25.121.54 5575
Trying 172.25.121.54…
Connected to cch1utora3.corp.xyz.com (172.25.121.54).
Escape character is ‘^]’.

[root@cch1utora3 tester]# netstat -a | grep 5575
tcp 0 0 *:5575 *:* LISTEN
tcp 0 0 cch1utora3.corp.xyz:56942 cch1utora3.corp.xyza:5575 CLOSE_WAIT
tcp 0 0 cch1utora3.corp.xyz:56943 cch1utora3.corp.xyza:5575 CLOSE_WAIT.

Pls provide about what could cause this problem.

Reply
velkongu says August 20, 2012

when i run the oamtester.jar, below error occurs
Aug 20, 2012 12:16:42 PM oracle.security.am.common.nap.ObMessageChannelImpl readMessage
SEVERE: java.io.EOFException
Aug 20, 2012 12:16:42 PM oracle.security.am.common.nap.ObMessageChannelImpl readMessage
SEVERE: java.io.EOFException

Reply
velkongu says August 20, 2012

When i check oam_server.out, it shows the following error. Please look at this also

<Exception encountered while processing the request message. Exception EJB Exception: : java.lang.NumberFormatException: For input string: "a1"

Reply
Mahendra says August 20, 2012

Could you retest the scenario by bouncing the OAM machine (not just services).

I have not seen the NumberFormatException before…

Reply
Velkongu says September 3, 2012

Hi Mahendra,
Oracle has recommeded that issue is because we have configured Webgate with password using idmconfigtool. So i need to removed password from config_oam1.props file and i need to run test again. before that I need to know already i have webagent as Webgate_IDM, if I run the configuration script again will it run and update the existing webgate normally or will it create one more webagent. Also let me know will it create any harm to the exixting environment.

Reply
Velkongu says September 3, 2012

Hi Mahendra.. in continuation to the above post. pls let me know how to remove Webgate’s password completely. I have tried using the oam console.but the oamtest tool doesnt work. is it right way or do i need to run idmcofigtool to remove webgate password.

Reply
Mahendra says September 4, 2012

Velkongu,
In order to rerun the idmconfigtool you should delete the agent from OAM console and select appropriate action in props file to unselect auto create of policies (in case if you have updated the policies).

If you don’t have any custom info in policies then you can delete policies fro oam console and it prompts for deleting dependencies such as host identifiers and agents.

Please confirm why you don’t want to use the password for agent?

Reply
Velkongu says September 5, 2012

Hi Mahendra,
The above mentioned issue (oamtest not able to validate OAM) is because of bug in oamtest tool. It wont work with Wegagate 11g is password is configured for it. So I removed the password for Webgate through oam console and restarted it and tested. The test passed. Anyway thanks for your timely response.

Reply
Velkongu says September 5, 2012

Hi Mahendra,
Please let me know what is the latest version of OAM 11g and can u refer me some intallation and config document for it.

Reply
Gowda says October 8, 2012

Hi,

I am trying to integrate OIM11gr2 with OAM11gr2, I did perform all the steps as oracle documentation and when tried to do the test below the out put. After all I am trying to access OIM url http://idm:80/identity, it is not giving the OAM login page.

Any suggetions.

[10/8/12 1:58 PM][request][validate] yes
[10/8/12 1:58 PM][response] Authentication scheme : LDAPScheme, level : 2
[10/8/12 1:58 PM][response] Redirect URL : http://idm:80/oam/server/
[10/8/12 1:58 PM][response] Credentials expected : 0x4 (form)
[10/8/12 1:59 PM][request][authenticate] yes
[10/8/12 1:59 PM][response] User DN : cn=xelsysadm,cn=users,dc=utd,dc=edu
[10/8/12 1:59 PM][response] SessionID : SessionId^67fe752f-c096-45e8-8ed1-e2478fc761ee|OAMSessionType^v1S
[10/8/12 1:59 PM][response] Action Type : RETURN
[10/8/12 1:59 PM][response][action] OAM_IMPERSONATOR_USER :
[10/8/12 1:59 PM][request][authorize] yes
[10/8/12 1:59 PM][response][action] OAM_IMPERSONATOR_USER :
[10/8/12 1:59 PM][response][action] OAM_REMOTE_USER : xelsysadm
[10/8/12 1:59 PM][response][action] OAM_IDENTITY_DOMAIN : OIM_IDStore

Thanks.

Reply
David says September 30, 2018

We configured OAM webgate 11g with OHS that hosts many virtual hosts.
Our home page resources url and also the resources of the vhosts applications have protected resource authentication policy.
Our login page is pointing to the load balancer that is also a virtual host. Once we login to the home page everything is good, we can navigate to all url of the home portal correctly.
But when we want to navigate to an application – that is on another vhost – its redirecting to the login page and the session of the home page is invalid now.
All vhosts are in the same domain. We dont have OSSO agent just webgate
Both applications use same Authentication Scheme and policies
Please help me

Reply
Add Your Reply

Not found