How to avoid the extra login screen with WNA fallback login in OAM

After I configured WNA with weblogic/OAM and successfully tested it with a WNA enabled browser, I found that when a user tried to login with a browser that did not support WNA, he got two login screens, one for OAM11g and one for Weblogic. It appears that with the fallback login, the basic authentication scheme is used. This scheme is checked by OAM, but there is a second check by default, performed by Weblogic. If your user is not a weblogic user, authetication will fail.
I found that a setting must be added in config.xml in the security-settings section: <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>.
If it is not there, it will be defaulted to TRUE.

Weblogic 11g: change the AdminServer Port

In weblogic 11g, the admin server port (default 7001) can be changed from the EM console. No restarts are necessary.

==> Correction: it may be necessary to restart the admin server.  I have had cases where one did not need to, and cases where a restart had to be done.

After changing the admin server port, all managed  servers can still be started from the console. Starting managed servers with the startManagedWebLogic.sh script fails however. This is caused by the definition of the admin server url in the startManagedWebLogic.sh script.Change it in the line:

ADMIN_URL=”http://<serverurl>:<serverport>”

 

Change OID port in OID11g from Em console

It is possible to change the OID ports from the Enterprise manager console. Unfortunately, after changing the ports, EM will not be able to change server properties like ports (!).

After changing the ports, an OPMN command must be run to update EM with the right settings:

$ORACLE_INSTANCE/bin/opmnctl updatecomponentregistration -componentType OID -componentName oid1 -adminHost myoidhostname -adminPort 7001 -adminUsername weblogic -Port 3060 -Sport 3131

(change parameters as suited and restart OPMN)

If you are using DIP (Directory Integration Platform) as well, you will have to change the (SSL) port accordingly in …../config/fmwconfig/servers/wls_ods1/applications/DIP_11.1.1.2.0/configuration/dip-config.xml

 

Debugging Oracle OID/AD java plugin (oidexplg) for OID 10g

It took some time for me to find out how to debug the Oracle Internet Directory plug-in for Active Directory (oidexplg). Finally found this:

To debug operations for oidexplg.jar, use the following ldif file:

#———–debugon.ldif———–
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orcldebugflag
orcldebugflag: 402653185

dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype: modify
replace: orcldebugop
orcldebugop:65

#———–end of debugon.ldif———–
and use ldapmodify –f <this file> to set the debug flags.

Note: your instance name may differ from the one used here (oid1)

orcldebugflag value =
1 Signature (Heavy Trace Debugging in 10.1.X) +
134217728 (PlugIn Internal) + 268435456 (PlugIn External)

orcldebugop value =
1 (ldapbind) + 64 (ldapcompare)

Debug info is in file(s) oidldapd01s*.log

For less intensive logging use 64 in stead of 65 (a lot of binds are logged)

Actually, the same values go for OID 11g!