I have installed Weblogic Policy Agent in OpenAM. Followed the URL “http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/agent-install-guide/index/chap-weblogic.html” to install the policy Agent.
I am using Oracle Weblogic server 10.3.5.0 to use deploy the .war file. Same Weblogic server used for Oracle Identity Manager 11.1.1.5.0.
In Weblogic Policy Agent post-installation steps need to select Agent Authenticator for the security Realm.
I have doubt here. Whether i want to create the "new realm" or i can use the existing realm "myrealm"? But , "myrealm" is consists the details of OIM.
I am thinking to create the new realm for openAM Weblogic policy Agent, if so what are the things i need to do create new realm for OpenAM.
Please suggest on this.
Thanks & Regards,
Karthick
I am also using openAM on weblogic 10.3.5. I just added the new authenticator to myrealm and set it as optional. My existing authenticator was not OIM but an ldap authenticator.
Related
I am trying to connect PostgreSQL database to Power Bi. Database is hosted on Heroku. I am getting the following error -
An error happened while reading data from the provider:
'The remote certificate is invalid according to the validation procedure.
I think i am getting this error because it needs "sslmode=require". but I am not sure how to proceed.
Can someone help me with this problem.
Thanks in advance.
These steps should help you connect to Power BI desktop via ODBC. Note, you should probably create a follower database in heroku so you're not using your production database credentials.
Download PostgreSQL ODBC driver and install. Note, be sure to check the GAC option during installation (https://www.postgresql.org/ftp/odbc/versions/msi/).
Restart computer.
Open Power BI and click "Get Data" button in the ribbon.
Click "Other" and then select "ODBC".
Choose "None" as the data source name.
Click the "Advanced options" and enter this connection string:
Driver={PostgreSQL Unicode};Server=HEROKU_HOST, where HEROKU_HOST is the "Host" from your heroku database credentials (example: ec2-xx-xxx-xx-xx.xxx.amazon.com).
On the next screen, enter the user name (user from heroku db credentials), password (password from heroku db credentials), and for connection string enter the following (with HEROKU_XXXX replaced with your info:
PORT=HEROKU_PORT;DATABASE=HEROKU_DATABASE;POOLING=True;MINPOOLSIZE=1;MAXPOOLSIZE=20;HOST=HEROKU_HOST;COMPATIBLE=2.2.3.0;USER ID=HEROKU_USER;PASSWORD=HEROKU_PASSWORD;SSLMODE=require
I don't use Heroku but had a similar problem with AWS and had to configure the db provider and certificates as described below. I would think that something similar is needed for Heroku.
I did some digging and found 2 possible solutions for Heroku:
Supply the additional settings sslmode=Require;Trust Server Certificate=true in the database connection. This does not seem to be an option with PowerBI, because even under "Advanced Settings" there is nowhere to provide these.
Download the certificate for you database as described here and then follow much the same process as I did below to register the certificate with Windows. If Heroku supplies a P7B (PKCS#7 or pfx (PKCS#12) format certificate you can register that with Windows without having to do the conversion I described.
My setup of the Npgsql provider and AWS Certificates
PowerBI and Excel support connections to Postgres using the Npgsql .NET Data Provider. This provider is not installed by default on Windows. Here's how to install it:
Download the appropriate .msi installer from the Npgsql releases page. The version you need depends on your version of Excel. I am running Office 365, which required version 4.0.x (I installed 4.0.10, download here).
Run the installer. During the install there is an option to install to the GAC which is switched off by default - you must select to have the files installed to the GAC.
Reboot your computer and you should be able to connect setup a Postgres connection in PowerBI or Excel.
AWS RDS Postgres - additional requirement
If you are connecting to a Postgres cluster running in AWS, when you attempt to connect to Postgres after installing the Npgsql provider you may get an error saying:
"The remote certificate is invalid according to the validation procedure"
Here's how to fix it:
Download the public keys for AWS RDS regions: https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
Convert the bundle to a Windows certificate in P7B/PKCS#7 format. There are many ways to do this, and easy one is to use https://www.sslshopper.com/ssl-converter.html.
In Windows, search for the "Manage User Certificates" utility and open it.
Right-click on "Trusted Root Certificate Authorities", "All Tasks", "Import..."
Select the .p7b file which was the output of converting the AWS keys to P7B format.
Choose to place all certificates in the Trusted Root Certification Authorities store.
You will probably have to confirm for each certificate - there is one per AWS region
You should now be able to connect to your AWS RDS Postgres database from PowerBI or Excel.
You need to check if the host based authentication in your postgres database is allowing this from connection from POWERBI.
[https://www.postgresql.org/docs/current/auth-pg-hba-conf.html][1]
The file is usually available in the postgres data folder and the structure is like below. Make sure the client host, username have the right permissions to access the database.
local database user auth-method [auth-options]
Note: If you are using a cluster manager like patroni, the pg_hba.conf file will be overwritten by Patroni every time you edit it. you will have to edit this configuration from the patronictl command.
I try to configure Reporting Server without selecting SSL Certificate for MS SQL Server. Can any body tell me that is that possible to deploy SSRS Report for testing purpose if I dont have SSL Certificate information. Because I am getting below error!
"The report server cannot open a connection to the report server database. A connection to the database is required for all requests and processing. (rsReportServerDatabaseUnavailable)"
.
Thanks in advance.
You can remove a certificate if one is applied to the service endpoint.
Open Reporing Service Configuration Manager.
under the targeted ssrs instance, navigate to the "Web Sercvices Url".
Make sure the SSL certificate is set to
Save the settings.
Also, make sure the database configured under the "Database" node is accesible from your SSRS instance.
Make sure the database is configured correctly in reporting services configuration manager.
If you updated the service account after the installation you probably want to use SQL Server Configuration Manager to update the account as it also sets the required permissions.
Regarding the SSL - reporting services encrypts the database using this certificate. as long as you are not importing the database or recovering from backup you can use the autogenerated certificate and deploy your projects from SSMS.
Hi Is there any one who can help me out with this....
I was trying to automate some DB scripts migration using Jenkins. All I am doing is Using a Jenkins job trying to migrate DB scripts which are in GIT repository to AWS server (SQL server 2008-R2) and execute those scripts...
What all the server and access credentials I need to have from DB server end(like access key, secret key, DNS name..etc) in order to configure a Jenkins job.
SQL access to the DB
For SQL access to the DB you need the following:
Hostname or RDS endpoint
TCP port number
DB name
DB user
DB password
The Jenkins machine needs network access to the DB host, which means you need to allow this in the Security Groups and have VPC connectivity.
AWS API access
For API access to AWS, the best practice is to have an IAM role assigned to the Jenkins machine. The role should have necessary permissions in the IAM policies attached to it.
In addition, you need to have internet access from the Jenkins machine or configure VPC endpoints so that Jenkins can reach the AWS API.
NOTE: You can't assign an IAM role to an existing EC2 machine. IAM roles can only be assigned during instance creation.
I am new to SSO, We had a application using java implementation of kerberos SSO. Now we need to migrate the application to some other machine. I need to know what changes will be required in:
1. Service account in Active directory used for authentication.
2. Keytab files
3. Can the same AD principle name be used or a new one will be required.
Please assist with appropriate steps which are needed to be followed.
Appreciate your help!
Thanks.
If you use service account in AD then I would expect not big changes:
DNS record for this service
Moving keytab to the new server
If machine account is in use then you would need:
Reconfigure DNS
Remove SPN from the current machine account
Generate keytab for a new machine
I am having to consume a web service via 2 way SSL. We have exchanged certificates and I am trying to connect and am getting a handshake failure. I am using Oracle Service Bus to connect to the web service. My questions:
What is the keystore in the fwmconfig folder (that I access from Oracle Enterprise Manager)?
What is the keystore in the weblogic server (that I access from the admin console/managed server keystore tab)?
What are the differences between these and which one should I use to import the servers cert and try to connect?
Also, there are cacerts in several directories in the installation, what do I use those for?
Not knowing where to import the server certificate. Can someone please help?
The enterprise manager keystore is used by fusion middleware for message level security (encrypting the message with certificates
The weblogic keystore is used by the webserver/load balancer to accept the HTTP requests and handles SSL
See above
The cacerts are the default trusted Root CA's
So the keystore to use for enabling SSL is the weblogic server version.
Also be sure to enable 2 way SSL in weblogic:
http://docs.oracle.com/cd/E14571_01/apirefs.1111/e13952/taskhelp/security/ConfigureTwowaySSL.html
Resources used:
http://theheat.dk/blog/?p=2059