JPS-10702: The datasource jdbc/OPSSDBDS is not found.

JPS-10702: The datasource jdbc/OPSSDBDS is not found.

Issue: Failed to initialize the applcation jdbc/OPSSDBDS due to error weblogic.application.ModuleException

Note: 1 Generally you can face following below issue when your OIM&OAM schemas passwords got expired.

Note: 2 There will be a case like when OIM&OAM schemas got expired and passwords are changed to default or custom or random passwords. When you try starting Weblogic(Adminserver)or Managed Server you will face error like ORA-01017: invalid/password; login denied.

Note: 3 In some cases you can be able to access OIM or OAM schemas using sqldeveloper or using any clients but still you can face error ORA-01017: invalid/password; login denied while starting  Weblogic(Adminserver)or Managed Server

                                       

To Resolve Issue

1.  Contact your DBA to reset schema password got expiredOnce password reset is done using sqldeveloper or using any sql client
2. Try to access all OIM&OAM realted schemas you should be able to connect successfully.
3. Login to WebLogic Server Administration console (default port 7001) http://hostname:port/console
4. Select Data Sources under JDBC in Services section you can able to see list of data sources
5. Click on particular data sources---->connection pools---> Password--->New Password--->save it
6. Click on example Data sources for which you need to change password and in testing tab you can test your data source
7. Now you should be able to start Admin and Managed servers successfully.

Oracle Unified Directory 12c (12.2.1.3.0) standalone installation & configuration

Oracle Unified Directory 12c installation & configuration

Download link: http://www.oracle.com/technetwork/middleware/id-mgmt/oid-11gr2-2104316.html

Reference links:

https://docs.oracle.com/middleware/12213/oud/OUDIG/installing-oracle-unified-directory-software.htm#OUDIG186

https://docs.oracle.com/middleware/12213/oud/OUDIG/setting-oracle-unified-directory-directory-server.htm#GUID-D6FA4749-9D66-4890-B9E4-F81E9DE948C6

How to allow multiple login attributes in OAM/OAAM integrated environment

Requirement:

The requirement is to allow users to choose at login time from 2 different attributes from LDAP (e.g. uid and email address). 

Oracle solution:

Ref: How to allow multiple login attributes in OAM/OAAM integration using a custom TAP module (Doc ID 2190079.1)

For login user enters username and password on the OAAM page used when integrated with OAM (oaam_server/oamLoginPage.jsp).

Doing so, however, will imply that OAAM will have to keep two security profiles corresponding to each login attribute. When user is authenticated using a different attribute for the first time he will be seen as a new user (OAAM will create a new user record with login_id set to the new attribute value in the VCRYPT_USERS database table) so the registration process will take place again.

This will affect as well any pattern, behavior data which OAAM registers for that user (which will actually be seen by OAAM as 2 users now) so it's not recommended in case one wants to have highly accurate login and pattern data for each user.

Custom solution:

Since there is a limitation when OAAM is part of solution as mentioned in Oracle solution. Below custom solution will prevent creating duplicate OAAM security profiles for same user who login with either username or email address and no custom TAP modules need to be created in OAM.

By customizing OAAM login flow using OAAM extensions it can be achieved.

High level steps below.

1. Copy struts config file action mapping for /login.do from oaam_server.ear to OAAM extensions WAR file struts XML file.
2. Change the "/login.do" action mapping "success" redirect to custom action(Example: /validateUser.do)
3. Write an action class extending struts action with below logic.
1. Get user entered email address/username entered in OAAM login page screen from OAAM session.
2. Write custom logic(JNDI code) to get user login attribute(uid) from user store in custom action class
3. Update UIOSessionData instance with user login attribute(uid) retrieved from user store
4. Recreate VcryptAuthUser with login username(uid attribute retrieved from user store) if user has already OAAM security profile already created.
5. Send action forward to "/loginJump.do" to continue login process with username(uid attribute) even though user entered email address.
4. Build custom action class into a custom jar file and deploy in OAAM extensions war under /WEB-INF/lib folder

Thanks

Siva Pokuri.