Wednesday, August 23, 2017

Oracle Mobile Authenticator (OMA) Offline secret key generation curl command


Curl command to generate Oracle Mobile Authenticator account registration in OMA app.

curl --user <<USERID>>:<<PASSWORD>> --data "" http://<<HOST_NAME>>:14100/ms_oauth/resources/userprofile/secretkey


Click Here for Oracle Mobile Authenticator integration with OAM.

Thanks
Siva Pokuri.

OIF 11g "Authentication request is expired" error message


Issue

When IDP and SP system time is not in sync you might see "Authentication request is expired" error message in OIF log messages. And you can notice "RequestDenied" status SAML message.

Error Message:

[2017-08-23T10:05:11.877-04:00] [oam_server1] [ERROR] [FED-15063] [oracle.security.fed.eventhandler.fed.profiles.utils.CheckUtils] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 8eeddbe1def2bc04:-43c8fb68:15df144d399:-8000-000000000106474c,0] [APP: oam_server#11.1.2.0.0] Authentication request is expired.

Cause

When Identity Provider (OIF) and Service Provider servers system time is not in sync above error message appears.

Resolution

Make sure both Service Provider and Identity Provider machines system time is in sync.

Thanks
Siva Pokuri.