After upgrading a Oracle Access Manager from 11.1.2.3 to 12.2.1.3, one of my customer requested from me to configure the Forget Password feature. This feature requires the User Messaging Service that was part of the SOA software in previous versions. Now it is part of the Oracle Access Manager software and the WebLogic Domain can be extended with the UMS services.
Extend WebLogic Domain
[oracle@vm03 ~]$ cd /u01/app/fmw_oim_12213/
[oracle@vm03 fmw_oim_12213]$ ls
cfgtoollogs coherence domain-registry.xml em idm inventory OPatch oracle_common oraInst.loc oui user_projects wlserver
[oracle@vm03 fmw_oim_12213]$ cd oracle_common/common/bin/
[oracle@vm03 bin]$ ./config.sh
In the next wizard, we will select the Oracle User Messaging Service Basic template that is a quick start template that defines the managed server, ums_server1, and targets all UMS components to that server.
We keep the file store persistence store but it should be placed on a shared drive if it is planned to use a UMS WebLogic cluster.
The OPSS was already configured in the OAM WebLogic Domain, there is noting to change in the two next wizards.
In the next wizards we get the JDBC connections from the RCU configuration schema.
The UMS repository schema was already installed. The JDBC connections shows correctly and the JDBC connections test went smoothly.
We had no keystore configured
We had to go through the topoligy to configure the UMS server and the UMS cluster.
In the next wizard, the new ums_server1 appeared listening on port 7003. This is the default for all new WebLogic Servers in the configuration wizard. Best is to change it to the default SOA port that is 8001 (it can help avoiding some troubles with hard coded ports in some applications).
As this OAM WebLogic Domain was configured with clusters, I had to create an UMS cluster named ums_cluster.
I did not use server templatres neither dynamic servers. Nothing changed in the next two wizards.
Assigned the ums_server1 to the ums_cluster moving it from the right panel to the left panel under the ums_cluster.
The coherence cluster existed already in the OAM WebLogic Domain and the machine too. Not changes was done in the next two wizards.
The ums_server1 was attached to the already existing machine moving it from the left panel to the right panel under the existing machine.
The deployments and the services were not changed. No actions was applied on the two next wizards.
We kept the persistence file store file name as it was proposed by default.
We checked the summary and clicked the Update button to extend the OAM WebLogic Domain.
All went smoothly without errors.
After the Domain has been Extended, it was started. The first time the ums_server1 had to be started manually using the startManagedWebLogic.sh script.
Configure the UMS email driver.
We decided to use mails to send the One Time Pin token to the users requesting to reset their password.
This configuration has to be done through the Fusion Middleware Enterprise Manager Console.
Select usermessaginserver (ums_server1)
At the bottom of the page, look for the Email driver and click the configure button. The next page allows t create a new Email driver and then to configure it.
here are the parameters that needs to be set for the UMS to be able to send mails.
- Name: MailServer
- Capability: Send
- Sender Address:
Check ‘Use Default Sender Address’ and set the default email ddress: EMAIL:[email protected] - Outgoing Mail Server: “to be filed with your email server name”
Usage
Using the Oracle Access Manager One Time Pin rest API, messages are pushed to the User Messaging Service JMS queue and sent by mails using the email driver.
My next blog will explain how to configure the Oracle Access Manager Forget Password feature using the One Time Pin sent by Mail
UJ
16.12.2023Hi Pascal ,
Do you have steps documented for upgrade OID from 11.1.1.9 to 12.2.1.3 and OAM from 11.1.2.3 to 12.2.1.3. If you have could you please create a blog post for the same.
Thanks,
UJ