Release of Fixes to Support OAuth move from OAM to IDCS
(Doc ID 2998693.1)
Last updated on JANUARY 03, 2025
Applies to:
Enterprise Manager Base Platform - Version 13.4.0.0.0 and laterInformation in this document applies to any platform.
Details
For multiple major features in EM, required resources and data are accessed from MOS/ARU cloud services using respective endpoints at Oracle. The access mechanism is authenticated and authorized as follows:
- EM connects to the OAuth (Open Authentication) endpoint using a dedicated MOS login account, client ID, and secret to receive the authentication token.
- As part of the call to MOS, EM passes the OAuth token. MOS/ARU verifies the token against the OAuth endpoint and validates required access to the requested resource (e.g. MOS/ARU data). Once validated, MOS/ARU responds to EM with the requested resources.
To comply with the move of OAuth from OAM (Oracle Access Manager) to IDCS (Oracle Identity Cloud Service), EM needs to be equipped with changes to the IDCS OAuth endpoint. Follow the steps listed in the Actions section of this note to complete the transition.
Actions
Prerequisite:
Ensure the URL https://login-ext.identity.oraclecloud.com:443 is accessible between EM and My Oracle Support, including through a proxy or firewall, if required.
For OEM 13.5
A) Apply RU19 or later on the OMS home, and no one-off patch is required.
Reference: Enterprise Manager 13.5 Main Release Update List (Includes Plug-ins) <Note 2760230.2>
B) If you cannot take RU19 or later right away, apply the one-off <patch 35875342> which is available on top of RU16/RU17/RU18. Ensure that you download the correct version of patch 35875342 for the appropriate RU that you are on.
For OEM 13.4
Apply RU20 on the OMS_HOME and the one-off <patch 35875342>
Reference: Enterprise Manager 13.4 Main Release Update List (Includes Plug-ins) (Doc ID 2647078.2)
NOTE:
1) The following steps are not required if you are using "Offline mode". To validate if you are in online/offline mode, navigate to Setup -> Provisioning and Patching -> Offline Patching.
2) In a multi-OMS environment, executing the following steps on the Primary OMS should be sufficient.
After applying 13.5 RU19 patch or higher or one-off <patch 35875342> on top of 13.5 RU16,17,18 or 13.4 RU20 has been applied successfully, execute the following steps:
1) $OMS_HOME/bin> emctl set property -sysman_pwd <sysman password> -name oracle.sysman.emSDK.core.mos.load_client_from_wallet -value true
2) If Proxy is configured then follow the below steps:
Navigate to Setup -> Proxy Settings -> My Oracle Support.
Update the proxy settings (if required) and click on "Test Connection". This test should be successful.
Click on "Apply"
3) On the console, navigate to Setup > My Oracle Support > Set Credentials
Click on Apply (changing the credential is not necessary)
Please refer to Note: 3001658.1 EM 13.5 RU19: Setting MOS Credentials Fails with "Authentication Error: Please check your credentials"
4) Set the OMS property back to false:
$OMS_HOME/bin> emctl set property -sysman_pwd <sysman password> -name oracle.sysman.emSDK.core.mos.load_client_from_wallet -value false
With these steps, EM is equipped with the required changes.
Execute below command from OMS server to verify the connectivity between EM and My Oracle Support
With Proxy:
curl --proxy <PROXY SERVER:PROXY-PORT> -v https://login-ext.identity.oraclecloud.com:443
Without Proxy:
curl -v https://login-ext.identity.oraclecloud.com:443
Example output for failed connection:
$curl -v https://login-ext.identity.oraclecloud.com:443
* Could not resolve host: login-ext.identity.oraclecloud.com; Unknown error
* Closing connection 0
curl: (6) Could not resolve host: login-ext.identity.oraclecloud.com; Unknown error
Contacts
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Details |
| Actions |
| Contacts |
| References |