Friday, July 31, 2015

Oracle® Identity and Access Manager / SOA Workflows OWSM default-keystore.jks

Oracle® Identity and Access Manager / SOA Workflows  OWSM default-keystore.jks

Regenerate the default-keystore.jks following the steps descrided in the document below :  

1.In an empty working folder execute the following in order to generate a new keystore file:
keytool -genkey -alias xell -keyalg RSA -keysize 1024 -dname "CN=Customer, OU=Customer, O=Customer, L=City, ST=NY, C=US" -validity 3650 -keypass <password> -keystore default-keystore.jks -storepass <password> -storetype jks -provider sun.security.provider.Sun

Please ensure that JDK_HOME\jre\bin is in your PATH environment variable.


2.Generate a certifcate request:
keytool -certreq -alias xell -file xell.csr -keypass <password> -keystore default-keystore.jks -storepass <password> -storetype jks -provider sun.security.provider.Sun


3.Export the certificate:
keytool -export -alias xell -file xlserver.cert -keypass <password> -keystore default-keystore.jks -storepass <password> -storetype jks -provider sun.security.provider.Sun


4.Trust the certificate:
keytool -import -trustcacerts -alias xeltrusted -noprompt -keystore default-keystore.jks -file xlserver.cert -storepass <password>


5.Copy all the 3 generated files (default-keystore.jks, xell.csr, xlserver.cert) in MIDDLEWARE_HOME\user_projects\domains\<OIM Domain>\config\fmwconfig

You should repeat this step for each node in a clustered environment.


6.Change the values of the CSF keys for default-keystore.jks and xell:
- Login to Enterprise Manager
  - Right-click the domain
  - Navigate to Security, and then Credential
  - Expand oim
  - Edit default-keystore.jks and xell and change the password for both keys with the values used in steps 1-4.

Note: You should NOT change the passwords for other CSF keys!


7.Restart OIM server and check if everything is working fine.

One should do the following, saving in between :

1) Go to EM --> --> Security --> Credentials
2) Expand oracle.wsm.security map
3) Change paswords of the following keys
  - keystore-csf-key (user=owsm, password=keystore password)
  - enc-csf-key (user=xell, password)
  - sign-csf-key (user=xell, password)
  - recipient-alias-key (user=xell, password)

Thursday, July 16, 2015

Oracle® Identity Manager 11.1.2.2 and SOA 11.1.1.7: Callback and ReqSvc Service Discovery

In a recent project we had to face the challenge of debugging the issues with Callback and Reqsvc Services from SOA to OIM. The  URL doe the services is set during the install and configuration time, however this can be changed by using the following JMX Bean


  • Using the EM console, Navigate to Identity And Access 
  • Right Click on oim(11.1.2.0)
  • Go to the System MBean Browser
  • Navigate to Application Defined MBeans
  • Navigate to oracle.iam
  • Navigate to server_xxxxx (server name)
  • Navigate to XML Config
  • Navigate to Discovery Config




































  • On the RHS, for the OimFrontEndURL and OIMExternalFacingFrontEndURL, set the URL of the desired server https:://identitymindtelligent.com:14001














OCI Knowledge Series: OCI Infrastructure components

  Oracle Cloud Infrastructure (OCI) provides a comprehensive set of infrastructure services that enable you to build and run a wide range of...