2.5 About Logging Into the Oracle Access Management Console

When accessing the Oracle Access Management Console, the WebLogic Server (AdminServer) host and port must be specified in the URL.

Let's assume the following sample URL, https://wlsadminhost.example.com:7001/oamconsole. In this URL, the following is true.

  • HTTPS represents the Hypertext Transfer Protocol (HTTP) with the Secure Socket Layer (SSL) enabled to encrypt and decrypt user page requests and the pages returned by the Web server

  • wlsadminhost.example.com refers to fully-qualified domain name of the computer hosting the Oracle Access Management Console (AdminServer)

  • 7001 refers to the designated bind port for the Oracle Access Management Console, which is the same as the bind port used for AdminServer (the WebLogic Server Administration Console)

  • /oamconsole/ refers to the Oracle Access Management Console Log In page

Note:

If you specify an OAM Server host and port (as you would to access the ODSM console), the AdminServer redirects to the managed server which produces a ‘404 Not Found’ error.

When navigating to the /oamconsole URL, the default Oracle Access Management Console login page is displayed. The following sections have details on logging into the Oracle Access Management Console.

Note:

Ensure that you use the correct administrative credential to log in. Initially, the LDAP group for the Oracle Access Management Console Administrator is the same as the LDAP group defined for the WebLogic Server Administration Console (Administrators) and the common Default System User Identity Store store is the WebLogic Embedded LDAP.

2.5.1 Logging Into The Oracle Access Management Console

With appropriate administrative credentials, you can log into the Oracle Access Management Console.

Use this procedure to log in to the Oracle Access Management Console.

  1. In a browser window, enter the URL to the Oracle Access Management Console using the appropriate protocol (HTTP or HTTPS). For example: 
         https://hostname:admin_server_port/oamconsole/
  2. On the Log In page, enter the Oracle Access Management Console Administrator credentials. For example:

    Username: Admin_login_id

    Password: Admin_password

    Language: English

    See Choosing a User Login Language.

  3. Click the Login button.

2.5.1.1 Accessing Oracle Access Manager protected resource when login page is bookmarked

Oracle Access Manager (OAM) renders a login page on accessing an application protected by OAM. System Administrators can specify where they want to redirect the user to, if the user has bookmarked the login page. They can specify any protected resource URL as the default page under Challenge Parameters field of the authentication scheme. The login page URL will contain a context to locate the landing page. When a bookmarked login page is accessed , OAM server will redirect the user to the default login page defined in the authentication scheme that is tied to the login page.

Following is an example to set Challenge Parameter in Authentication scheme:

hostIdentifier=oam11g and bookmarkDefaultPage=http://example.com:7777/landingpage.html

In the above example landingpage.html will be defined as a protected resource and oam11g is the host identifier.

The following Oracle Access Manager server behavior is pertinent on accessing a bookmarked login page:

  • Oracle Access Manager server will redirect the user to the default login page defined in the authentication scheme that is tied to the login page.

  • If there is no default page defined in the authentication scheme that is tied to the login page, then Oracle Access Manager server will redirect the user to the default login page defined in the default authentication scheme.

  • If there is no default page defined both in the authentication scheme that is tied to the login page and the default authentication scheme then the following error message will be seen:

    System error. Please re-try your action. If you continue to get this error, please contact the Administrator.

Note:

Bookmarked login page contains a query parameter named ‘bmctx’. The parameter and its value are required to be submitted to the oam server when login credentials are submitted.

2.5.2 Logging Into the Secure Oracle Access Management Console (HTTPS)

After enabling SSL on the Adminserver and OAM Managed Server, or after configuring administration port (HTTPS), you can add the CA cert to the libOVD keystore. This allows logging in without connection issues.

To go into the Secure Oracle Access Management Console (HTTPS):

  1. Change to the directory that contains the DemoIdentity.jks.

    $ cd $MIDDLEWARE_HOME/wlserver_10.3/server/lib/

  2. Export the CA certificate from the Weblogic keystore using the following commands.

    The -list command prints the contents of the keystore for reference. DemoIdentityKeyStorePassPhrase is the default password for the keystore DemoIdentity.jks.

    $ keytool -list -keystore DemoIdentity.jks 
  -storepass DemoIdentityKeyStorePassPhrase

$ keytool -exportcert -keystore DemoIdentity.jks 
  -storepass DemoIdentityKeyStorePassPhrase -alias demoidentity 
  -file  ~/demoidentity.cer
  3. Import the Weblogic CA certificate to the libOVD keystore. 
    cd $DOMAIN_HOME/config/fmwconfig/ovd/default 

mkdir keystores

cd keystores

$ keytool -importcert -keystore adapters.jks -storepass New_Password 
 -alias demoidentity -file ~/demoidentity.cer
  4. Print the contents of the keystore to verify the import.

    $ keytool -list -keystore ./adapters.jks -storepass New_Password

  5. Add the password for the imported keystore to trustStorePassword in the server.os_xml file. 
    vim server.os_xml
server.os_xml: <keystore>keystores/adapters.jks</keystore>
server.os_xml: <trustStore>keystores/adapters.jks</trustStore>

<trustStore>keystores/adapters.jks</trustStore>
<trustStorePassword>New_Password</trustStorePassword>
  6. Change the value of ADMIN_URL in startManagedServer.sh to point to the SSL port of the Weblogic server.
  7. Restart both Adminserver and OAM Managed Server.
  8. Log in as documented in Logging Into The Oracle Access Management Console.