SOA Suite 12c – Gmail as mail provider

Get the certificate for smtp.gmail.com

openssl s_client -connect smtp.gmail.com:465 | sed -n ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’

MobaXterm_Personal_10.5_2018-03-15_12-17-33

Copy the above highlighted into a text file.

Login to Enterprise Manager, got o keystore
firefox_2018-03-15_12-21-13
Select trust under system and click manage
firefox_2018-03-15_12-22-04
Click on import
firefox_2018-03-15_12-23-01
Enter the details as below, paste the earlier copied certificate text and click ok.
firefox_2018-03-15_12-25-47firefox_2018-03-15_12-26-33

Edit Set Domain Environment Script
Modifying the $DOMAIN_HOME/bin/setDomainEnv.sh script, remove the following from EXTRA_JAVA_PROPERTIES
-Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/DemoTrust.jks

Below is edited EXTRA_JAVA_PROPERTIES

EXTRA_JAVA_PROPERTIES=”${EXTRA_JAVA_PROPERTIES} -Dsoa.archives.dir=${SOA_ORACLE_HOME}/soa -Dsoa.oracle.home=${SOA_ORACLE_HOME} -Dsoa.instance.home=${DOMAIN_HOME} -Dtangosol.coherence.log=jdk -Djavax.xml.soap.MessageFactory=oracle.j2ee.ws.saaj.soap.MessageFactoryImpl -Dweblogic.transaction.blocking.commit=true -Dweblogic.transaction.blocking.rollback=true -Doracle.xml.schema/Ignore_Duplicate_Components=true -Doracle.xdkjava.compatibility.version=11.1.1 -Doracle.soa.compatibility.version=11.1.1 -Ddisable-implicit-bean-discovery=true”
export EXTRA_JAVA_PROPERTIES

Restart WebLogic servers.

Configure UMS mail driver
Login to Enterprise Manager, got
firefox_2018-03-15_12-40-41
firefox_2018-03-15_12-41-09
firefox_2018-03-15_12-41-37
firefox_2018-03-15_12-44-24
Specify sender email. (Format “EMAIL:sender@example.com”)firefox_2018-03-15_12-51-29
firefox_2018-03-15_12-50-29
firefox_2018-03-15_14-45-32firefox_2018-03-15_14-46-21
You can also verify from SOA server log
image

Set workflow properties
firefox_2018-03-15_14-47-01
firefox_2018-03-15_14-47-42

Test
firefox_2018-03-15_14-50-25
firefox_2018-03-15_14-50-55
firefox_2018-03-15_14-51-37
You can verify SOA server log
image
Check mailbox
image

Advertisements

OAM 11gR2PS3 Multi Factor Authentication – Adaptive Authentication Service

The Adaptive Authentication Service offers stronger multifactor (also referred to as second factor) authentication for sensitive applications that require additional security in addition to the standard user name and password type authentication.

The second factor can be a One Time Pin (OTP) or an Access Request (or push) Notification. After an initial successful user/password authentication, a Second Factor Authentication page is displayed from which the user selects the preferred method of second factor authentication.
The following options are available:

  • OTP from Oracle Mobile Authenticator

  • OTP through SMS

  • OTP through Email

  • Access Request Notification from Oracle Mobile Authenticator

For using Oracle Mobile Authenticator in this post you must complete steps 1,2,7,8,9 from below post
https://oraidam.wordpress.com/2018/01/29/integrate-oam-11g-r2-ps3-and-oracle-mobile-authenticator/

In this post we will configure OAM for multi factor authentication with OTP through Email or SMS or Oracle Mobile Authenticator.

1. Enable “Adaptive Authentication Service”, login to OAM console –> Configuration –> Available Services
firefox_2018-02-19_11-14-39

2. Configure AdaptiveAuthenticationPlugin
Click on AUthentication plugins from OAM Console
firefox_2018-02-19_11-16-44
Search for plugin and click on it to edit properties
firefox_2018-02-19_11-17-25

3. Edit below properties in AdaptiveAuthenticationPlugin

SFATypes
Totp:Sms:Email:Push

UmsAvailable
true

UmsClientUrl
http://identity.oracleads.com:8001/ucs/messaging/webservice

EmailMsgFrom
workflow.admin@oracleads.com

Totp_Enabled
true

Email_Enabled
true

Sms_Enabled
true

EmailField
mail

PhoneField
mobile

TotpSecretKeyAttribute
description

Click on Save
Make the same changes in

4. Add credentials for UMS in weblogic domain
Login to weblogic Enterprise Manager, go to domain –> security –> credentials
firefox_2018-02-19_11-26-12
Expand OAM_CONFIG click on create key
firefox_2018-02-19_11-27-57
firefox_2018-02-19_11-29-35
Create umsKey as shown above and click ok.

5. Protect the resource
Go to application domain
firefox_2018-02-19_11-31-27
Go to Authentication Policies –> Protected Resource Policy
firefox_2018-02-19_11-32-03
firefox_2018-02-19_11-32-33
Go to Advanced Rules –> Post Authentication and click on Add
firefox_2018-02-19_11-33-00
firefox_2018-02-19_11-34-01
Click Add and click on Apply

Testing:
As we mentioned in configuration, make sure all below attributes are populated in user profile for testing all options.
EmailField: mail
PhoneField: mobile
firefox_2018-02-19_11-37-53
TotpSecretKeyAttribute: description
This attribute description will be populated automatically when you setup Oracle Mobile Authentication as specified in https://oraidam.wordpress.com/2018/01/29/integrate-oam-11g-r2-ps3-and-oracle-mobile-authenticator/ at Step 8,9
firefox_2018-02-19_11-39-50

Now hit the requested resource, you will be prompted for login using username and password for first factor authentication.
image
Supply username and password and click on Login. After successful login you will be prompted for option to choose for second factor login.
image
Select the option and click on OK.
image
Then supply pin for second factor authentication and click login to access protected resource
image
image

Demo: https://youtu.be/LiP1O99EUGU

Weblogic State and HealthState Monitoring with Email Notification

Configure Weblogic Mail Session (Optional. Only if you want to send email alert)
1. Login to weblogic console
2. Go to Mail Sessions
3. Click New
4. Enter details Name,JNDI Name, JavaMail Properties.
JavaMail Properties:
mail.port=25
mail.user=weblogic
mail.host=xx.xx.xx.xx
mail.transport.protocol=smtp
mail.from=weblogic

Configure Email Notifications in Weblogic Diagnostic
Go to notifications –> click new –> Select SMTP (E-Mail) –> Click Next –> Enter Notification Name & Check Enable Notification –> Got to SMTP Properties –> Select Mail session ->Enter Email Recipients

Server State Monitoring
1. Login to weblogic console
2. Go to Diagnostic Modules
3. Click on “
Module-FMWDFW” module
4. Go to Configuration –> Watches and Notifications –> Watches
5. Click New
6. Enter Watch Name, Watch Type: Collected Metrics
7. Click Next
8. Click on Add Expressions
9. Select ServerRunTIme –> Select weblogic.management.runtime.ServerLifeCycleRuntimeMBean –> Click Next –> Click Next
6. Select Message Attribute “State”
7. Select Operator “!=”
8. Enter value RUNNING
9. Below watch rule will be generated
(${ServerRuntime//[weblogic.management.runtime.ServerLifeCycleRuntimeMBean]//State} != ‘RUNNING’)
10. ServerRuntime dies along with the managed Server. Therefore we need to DomainRuntime.
Edit rule manually replace ServerRuntime with DomainRuntime
(${DomainRuntime//[weblogic.management.runtime.ServerLifeCycleRuntimeMBean]//State} != ‘RUNNING’)
11. Click Next
12. Select Alarm (if required. Used for not spamming email)
13. Select the notifications
14. Click Finish

Health State Monitoring
Stuck thread is very common issue with weblogic servers. Below is a good article on dealing with stuck threads.
http://oraclemiddlewareblog.com/2014/06/10/dealing-stuck-threads-weblogic/
We had a requirement to capture server healthstate for stuck thread. By default healthstate is not collected from diagnostic module. A harvester must be created to gather healthstate data.
1. Go to Weblogic Console –> Diagnostic Modules
2. Configuration tab –> Collected Metrics tab
3. Click new
4. Select ServerRuntime –> Select weblogic.management.runtime.ThreadPoolRuntimeMBean
5. Add Attribute Expression as “HealthState.State”  (without quotes)
6. Select the Server Instance
7. Click Finish

Now create a watch rule to compare harvested attribute value
8. Now go to Watches and Notifications tab –> Watches –> Click New
9. Enter Name, Watch Type: Collected Metrics
10. Add Watch Rule
(${ServerRuntime//[weblogic.management.runtime.ThreadPoolRuntimeMBean]com.bea:Name=ThreadPoolRuntime,ServerRuntime=osb_InstSvr_1a,Type=ThreadPoolRuntime//HealthState.State} != 0)
11. For creating above rule you can select Add Expressions –> ServerRuntime –> weblogic.management.runtime.ThreadPoolRuntimeMBean –> Select instance –> Attribute Expression: HealthState.State –> Operator: != –> Value: 0)
12. Select Alarm (if required. Used for not spamming email)
13. Select the notifications
14. Click Finish