Leave a Comment:
9 comments
[…] by Session Management Engine SME. How to retrieve session IDs from OAM server are explained in post. So this post will give a sample code snippet to set and retrieve session attributes from […]
Replyhi.
i was wondering if you were able to resolve this issue. we have the same problem with our environment. initially, we want to use KerberosScheme for authentication, but for testing purposes we are just using AD.
the AD is configured as default store in OAM and we have tested authentication against it (we are asked for username/pwd and can successfully log in with an AD-user). our code is almost the same as in your example and we are able to create an user session. we see this because we can get many of the attributes (level, start time, last use time and session token). however, getting the session id’s with method getSessionIds(…) always results in OAMAGENT-02005 error. we have tried using different combination of values for username (samaccountname, dn etc.), but the error is the same.
our final goal is to get the session attributes with the correct session ID.
best regards,
tinba
@Tinba,
I initially approached Oracle support for this and they also suggested to make Id Store as Default to resolve this issue an ER is already raised for the same.
Hence, there is no other solution for this issue. Make AD store as default store and try retrieving session IDs. Let me know if you face any issues.
-Mahendra
Replyhi again and thank you very much for the reply.
to remove possible errors due to bugs etc., we have patched OAM (p.nr. 13473393) and ASDK (p.nr. 14026048). we have changed the authentication scheme to form-login to AD and have made AD the Default Store in OAM. when we go via browser to the resource, we can log in with our AD-credentials.
using ASDK via AccessClient, we still get the same errors as before (OAMAGENT-02005). this applies to the following methods: UserSession.getSessionIds(…) and UserSession.getSessionAttributes(…). for the former we have tested with different values of the userid, for the latter we have tested with values for session-IDs gathered directly from database (oam_session table).
in addition, we see that the following methods also have issues:
* UserSession.getLocation() is not able to read our AccessClients IP-adress.
* UserSession.getUserIdentity() returns the DN only up to the first space in the DN (when one uses full name for CN, this is a problem since you have space between given name and surname).
any suggestions are appreciated.
best regards,
tinba
hi again.
have found the error. 🙂 we overlooked configuring our AccessClient as a privileged agent (“Allow Management Operations” in OAM Console). this has to be done if the agent is going to manage sessions. fixing this, the problem was solved.
thank you very much for the help.
best regards,
tinba
@Antony,
i don’t have access to OAM Console, but it should be under the agent configuration. search and open the agent you created and there should be a checkbox for “Allow Management Operations”. from OAM-documentation: http://docs.oracle.com/cd/E15586_01/doc.1111/e15478/agents.htm#CIHJEBJC
best regards,
tinba
@ Tinba,
I have 2 factor authentication. After user submits username and password and before validating OTP, i need to search for existing user sessions os user. If user has sessionId then stop him to login again. If user don’t have session Id user can proceed further for authentication.
Can you please let me know how we can write code for this.
ReplyHi Mahendra,
I am getting the following error when I try to use the API UserSession.getSessionAttributes(sessionID).
Error Message:
Exception in thread “main” oracle.security.am.asdk.OperationNotPermittedException: OAMAGENT-02005: Operation not permitted on this server.
at oracle.security.am.asdk.UserSession.getSessionIds(UserSession.java:863)
at oracle.security.am.asdk.UserSession.getSessionIds(UserSession.java:784)
at com.oam.accessgate.OAMInterceptor.__getUserSessions__(OAMInterceptor.java:46)
at com.oam.accessgate.OAMInterceptor.main(OAMInterceptor.java:99)
Allow Management Operations was checked. We are using ODSEE as user identity store and it has been set to default store. We also patched OAM SDK as per 14026048.
Can you please help me with this?
Thank you