OAM 10g: Recovery Process After Shared Secret Key Corruption
Last updated on JUNE 07, 2017
Applies to:COREid Access - Version 188.8.131.52 to 10.1.4.3.0
Information in this document applies to any platform.
***Checked for relevance on 6-December-2010***
The Oracle Access Manager (OAM) is part of the Oracle Application Server product suite and consists of the components that specialize in Access and Identity Management.
OAM Access System consists of the following components:
- Policy Manager - This act as the Policy Administration Point in the OAM Access System.
- Access Server - This acts as the Policy Decision Point in the OAM Access System.
- WebGate - This acts as the Policy Enforcement Point in the OAM Access System.
- Identity Server - This acts as identity administration point in the OAM identity system.
- WebPass- This acts as the information exchanger between web server and OAM identity server.
This secret key can under some circumstances get corrupted causing an outage of OAM. This document covers the detection and recovery process of Shared Secret Key if it gets corrupted.
The following symptoms would suggest that the shared secret has been corrupted:
- Unable to access any resource protected by WebGate. The WebGate reports the following error:
"Oracle Access Manager Operation Error - The Access Server has returned a fatal error with no detailed information."
- In the case of form based authentication, the authentication form prompts again and again even with valid credentials.
- The OAM Access Server logs contain errors like the following:
2008/02/22@02:43:33.907015 26252 278545 LDAP DEBUG3 0x00000201 ../ldap_util3.cpp:1796 "ldap_parse_result of Async Search operation" ld handle^0x08A4FDF0 search base^cn=impersonationEncryptionKey,obcontainerId=encryptionKey,o=Oblix, o=oblix,dc=global,dc=acme,dc=com LDAP search operation status code^32
- Unable to login to the OAM Identity/Policy Manager system even after disabling WebGate. After submitting correct credentials, the login page is redisplayed without any errors.
- ObSharedSecret attribute value is NULL under the “cn=cookieEncryptionKey,obcontainerId=encryptionKey,o=oblix, <config tree>” entry in the LDAP directory
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms