After upgrading a Oracle Access Manager from 11.1.2.3 to 12.2.1.3, one of my customer requested from me to configure the Forget Password feature. This feature requires the User Messaging Service that was part of the SOA software in previous versions. Now it is part of the Oracle Access Manager software and the WebLogic Domain can be extended with the UMS services.

Extend WebLogic Domain

[oracle@vm03 ~]$ cd /u01/app/fmw_oim_12213/
[oracle@vm03 fmw_oim_12213]$ ls
cfgtoollogs coherence domain-registry.xml em idm inventory OPatch oracle_common oraInst.loc oui user_projects wlserver
[oracle@vm03 fmw_oim_12213]$ cd oracle_common/common/bin/
[oracle@vm03 bin]$ ./config.sh

Conf1
In the next wizard, we will select the Oracle User Messaging Service Basic template that is a quick start template that defines the managed server, ums_server1, and targets all UMS components to that server.
Conf2
We keep the file store persistence store but it should be placed on a shared drive if it is planned to use a UMS WebLogic cluster.
Conf3
The OPSS was already configured in the OAM WebLogic Domain, there is noting to change in the two next wizards.
Conf4
conf5
In the next wizards we get the JDBC connections from the RCU configuration schema.
conf6
conf7
The UMS repository schema was already installed. The JDBC connections shows correctly and the JDBC connections test went smoothly.
conf8
conf9
We had no keystore configured
conf10
We had to go through the topoligy to configure the UMS server and the UMS cluster.
conf11
In the next wizard, the new ums_server1 appeared listening on port 7003. This is the default for all new WebLogic Servers in the configuration wizard. Best is to change it to the default SOA port that is 8001 (it can help avoiding some troubles with hard coded ports in some applications).
conf12
As this OAM WebLogic Domain was configured with clusters, I had to create an UMS cluster named ums_cluster.
conf13
I did not use server templatres neither dynamic servers. Nothing changed in the next two wizards.
conf14
conf15
Assigned the ums_server1 to the ums_cluster moving it from the right panel to the left panel under the ums_cluster.
conf16
The coherence cluster existed already in the OAM WebLogic Domain and the machine too. Not changes was done in the next two wizards.
conf17
conf18
The ums_server1 was attached to the already existing machine moving it from the left panel to the right panel under the existing machine.
conf19
The deployments and the services were not changed. No actions was applied on the two next wizards.
conf20
conf21
We kept the persistence file store file name as it was proposed by default.
conf22
We checked the summary and clicked the Update button to extend the OAM WebLogic Domain.
conf23
All went smoothly without errors.
conf24
After the Domain has been Extended, it was started. The first time the ums_server1 had to be started manually using the startManagedWebLogic.sh script.

Configure the UMS email driver.

We decided to use mails to send the One Time Pin token to the users requesting to reset their password.

This configuration has to be done through the Fusion Middleware Enterprise Manager Console.
EM1
Select usermessaginserver (ums_server1)
EM2
EM3
At the bottom of the page, look for the Email driver and click the configure button. The next page allows t create a new Email driver and then to configure it.
Em4
EM5
here are the parameters that needs to be set for the UMS to be able to send mails.

  • Name: MailServer
  • Capability: Send
  • Sender Address:
    Check ‘Use Default Sender Address’ and set the default email ddress: EMAIL:[email protected]
  • Outgoing Mail Server: “to be filed with your email server name”

Usage

Using the Oracle Access Manager One Time Pin rest API, messages are pushed to the User Messaging Service JMS queue and sent by mails using the email driver.

My next blog will explain how to configure the Oracle Access Manager Forget Password feature using the One Time Pin sent by Mail