Tuesday, November 26, 2013

Sample Custom Schedule Task

Version: Oracle Identity Manager 11g R2
Description: This post demonstrates how to develop a custom scheduled task.  Provided here is a sample custom scheduled task that creates a new OIM user with user data being provided through the scheduled task parameters.

Monday, November 25, 2013

Registering a Plugin using OIM APIs

Version: Oracle Identity Manager 11g R2
Description: Provided here is JAVA code to remotely register a plugin such an event handler or a scheduled task. The OIMClient and PlatformService are used. Adjust the variables (E.g. Path to zip file and OIM credentials) accordingly.

Sunday, November 24, 2013

Enabling Auto Login by Using the Boot Identity File

Version: WebLogic 10.3.5
Description: WebLogic contains out of the box scripts to start up your WebLogic server instances (E.g. startWebLogic.sh and startManagedWebLogic.sh). Whenever you run these scripts, you are prompted to enter the weblogic administrator credentials. A boot identity file contains user credentials for starting and stopping an instance of WebLogic Server. An Administration Server can refer to this file for user credentials instead of prompting you to provide them. The administration server is used as an example here.

Saturday, November 23, 2013

Automating WebLogic Server Instances Startup and Shutdown in Linux

Description: This post contains scripts to automate start up and shutdown Oracle Identity Manager managed server and WebLogic Admin server in a Linux environment. Before using these scripts, you need to configure Node Manager.
Start up Order:
  1. Start Node Manager.
  2. Connect to Node Manager using WebLogic Scripting Tool (WLST).
  3. Have Node Manager start up your WebLogic server instances.
 Shutdown Order:
  1. Connect to Node Manager using WebLogic Scripting Tool (WLST).
  2. Shutdown WebLogic Server instances.
  3. Terminate Node Manager.

Tuesday, November 19, 2013

Purging the Cache

Version: Oracle Identity Manager 11g R2
Description: The PurgeCache utility can be used to purge all elements in the cache.

Using OIM 11g R2 API

Setup and Configuration
Copy the "IDM_HOME/server/client/oimclient.zip" to your computer and unzip. This directory is referred to as OIM_CLIENT_HOME which include the necessary jars and configuration files needed to use the OIM client. Generate the wlfullclient by executing:

java -jar MW_HOME/modules/com.bea.core.jarbuilder_1.7.0.0.jar

Copy wlfullclient.jar into the OIM_CLIENT_HOME/lib directory.

Required Jars for Java Project
  • commons-logging  (Inside oimclient.zip) 
  • spring.jar (Inside oimclient.zip)
  • oimclient.jar (Inside oimclient.zip) 
  • wlfullclient.jar (To be generated)
  • jrf-api.api   (MW_HOME/oracle_common/modules/oracle.jrf_11.1.1/jrf-api.jar) 

Code Example
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.login.LoginException;
import oracle.iam.identity.exception.UserSearchException;
import oracle.iam.identity.usermgmt.api.UserManager;
import oracle.iam.identity.usermgmt.vo.User;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.authz.exception.AccessDeniedException;
import oracle.iam.platform.entitymgr.vo.SearchCriteria;

/**
 * Uses the OIMClient to access services in Oracle
 * Identity Manager.
 */

public class OracleIdentityManagerClient 
{
    public static final String OIM_HOSTNAME = "localhost";
    public static final String OIM_PORT = "14000";
    public static final String OIM_PROVIDER_URL = "t3://"+ OIM_HOSTNAME + ":" + OIM_PORT;
    public static final String OIM_USERNAME = "xelsysadm";
    public static final String OIM_PASSWORD = "Password1";
    public static final String OIM_CLIENT_HOME = "/home/oracle/Desktop/oimclient";
    public static final String AUTHWL_PATH = OIM_CLIENT_HOME + "/conf/authwl.conf";

    public static void main(String[] args) 
    {
        OIMClient oimClient = null;

        try 
        {
            //Set system properties required for OIMClient
            System.setProperty("java.security.auth.login.config", AUTHWL_PATH);
            System.setProperty("APPSERVER_TYPE", "wls");  

            // Create an instance of OIMClient with OIM environment information  
            Hashtable env = new Hashtable();
            env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, "weblogic.jndi.WLInitialContextFactory");
            env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, OIM_PROVIDER_URL);
            oimClient = new OIMClient(env);

            // Login to OIM with the approriate credentials
            oimClient.login(OIM_USERNAME, OIM_PASSWORD.toCharArray());

            // Lookup a service
            UserManager usermgr = oimClient.getService(UserManager.class);
  
            // Call a method from a service
            List<User> users = usermgr.search(new SearchCriteria("User Login", "*", SearchCriteria.Operator.EQUAL), new HashSet(), new HashMap());
            System.out.println(users);
        }  

        catch (LoginException ex) 
        {
            Logger.getLogger(OracleIdentityManagerClient.class.getName()).log(Level.SEVERE, null, ex);
        }

        catch (AccessDeniedException ex)
        {
            Logger.getLogger(OracleIdentityManagerClient.class.getName()).log(Level.SEVERE, null, ex);

        } 

        catch (UserSearchException ex) 
        {
            Logger.getLogger(OracleIdentityManagerClient.class.getName()).log(Level.SEVERE, null, ex);
        }

        finally
        {
            // Logout user from OIMClient
            if(oimClient != null)
                oimClient.logout();
        }
    }
}

Monday, November 18, 2013

Automating Oracle Database Startup and Shutdown in Linux

Operating System: Oracle Linux 6.3
Database Version: 11.2.0.1.0

Given here is a bash script to automate the start up and shutdown of an Oracle database. The bash script calls out of the box Oracle DB scripts. Your Oracle database instance and the listener are started/stopped when the bash script is executed.

Sunday, November 17, 2013

Close Reconciliation Events Through OIM API

Version: Oracle Idenity Manager 11g R1
Description: Reconciliation events are created when you run target user reconciliation. On a target system with a large number of accounts, it is likely to have events that are ophran accounts, which are users who does not exist in OIM but exists on the target system, and events that are in pending state. When you view these reconcilation events through the OIM console, you have the choice to manually link to an OIM user or close the event. Given here is code to close all the reconciliation events that were not linked.

Disabling a Schedule Task

Version: Oracle Identity Manager 11g R1
There are several ways to disable a schedule task from running. Here are several ways to do so:
  1. OIM API
  2. Manually disable through the OIM console
  3. Modify the schedule task metadata
  4. Disable the scheduler from running

Wednesday, November 13, 2013

How to Install OIM 11.1.2.1.0

This guide will show you how to install Oracle Identity Manager 11g R2 Patch Set 1 (PS1) in an Oracle Linux 6 (64-bit) environment.

Documentation References:
System Requirements and Specifications for OIAM

Identity and Access Management Documentation Library


Overview
  1. Environment Setup
  2. Oracle Database 11g R2 Installation
  3. JRockit Installation
  4. OIM 11.1.2.1 Schema Creation
  5. WebLogic 10.3.6 Installation
  6. SOA 11.1.1.6.0 Installation
  7. Apply Mandatory SOA Patches
  8. IDM 11.1.2.1 Installation
  9. Apply More Patches 
  10. Creating WebLogic Domain
  11. Configure Database Security Store for WebLogic Domain
  12. Configure Oracle Identity Manager 11.1.2.1.0
  13. Post Installation
Environment Setup
  • Create an oracle user in Linux. Use this user for your installations.
  • Modify your "/etc/hosts" file to include IP address and host name mapping.
  • The minimum Open File Limit should be 4096. Make the change in "/etc/security/limits.conf". 
    #Example
    * soft  nofile  4096
    * hard  nofile  65536  
  • Install the necessary packages.
    binutils-2.20.51.0.2-5.28.el6
    compat-libcap1-1.10-1
    compat-libstdc++-33-3.2.3-69.el6 for x86_64
    compat-libstdc++-33-3.2.3-69.el6 for i686
    gcc-4.4.4-13.el6
    gcc-c++-4.4.4-13.el6
    glibc-2.12-1.7.el6 for x86_64
    glibc-2.12-1.7.el6 for i686
    glibc-devel-2.12-1.7.el6 for i686
    libaio-0.3.107-10.el6
    libaio-devel-0.3.107-10.el6
    libgcc-4.4.4-13.el6
    libstdc++-4.4.4-13.el6 for x86_64
    libstdc++-4.4.4-13.el6 for i686
    libstdc++-devel-4.4.4-13.el6
    libXext for i686
    libXtst for i686
    openmotif-2.2.3 for x86_64
    openmotif22-2.2.3 for x86_64
    redhat-lsb-core-4.0-7.el6 for x86_64
    sysstat-9.0.4-11.el6
    uln-internal-setup-1.0.1-1.el6.noarch.rpm 
  • Change the value of SHMMAX to 4294967295 or higher by including the following line in /etc/sysctl.conf:
    kernel.shmmax = 4294967295 
Oracle Database 11g R2 Installation
Follow the guide given here.

JRockit Installation
Follow the guide given here.
Do not use JRockit 1.6.0_45 because you will get an error when trying to configure the database keystore. Read “Error Occurred While creating OPSS Security Store in OIM 11.1.2.1 Install (Doc ID 1555444.1)” about the known issue. Below is the error message you will get when trying the create the keystore:

Info: Data source is: opss-DBDS
Problem invoking WLST - Traceback (innermost last):
File "/u01/Oracle/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py", line 896, in ?
TypeError: cannot concatenate 'str' and 'NoneType' objects

OIM 11.1.2.1 Schema Creation
Version: Repository Creation Utility 11.1.2.1.0 (32-bit)
File: V37476-01.zip

Extract the file and change the JRE_DIR variable in the "rcuHome/bin/rcu" script to point to your java jre location. On the "Select Components" step, select Oracle Identity Manager. The following schemas are created: MDS, OPSS, OIM, SOAINFRA, and ORASDPM.


WebLogic 10.3.6 Installation
File: V29856-01.zip
Execute the jar file:
java -jar wls1036_generic.jar

SOA 11.1.1.6.0 Installation
Files:
V29672-01_1of2.zip
V29672-01_2of2.zip

After extracting both files, there should be five Disk directories. Navigate to the "Disk 1" directory and execute the runInstaller script specifying your JRE location.  
./runInstaller -jreLoc /home/oracle/java/jrockit64/jre

Apply Mandatory SOA Patches
Refer to the Release Notes under section "2.2.2 Mandatory Patches Required for Installing Oracle Identity Manager" for full list of mandatory patches. Read the README in each patch for additional information.

Files:
p16385074_111160_Generic.zip
p13973356_111160_Generic.zip
p14196234_111160_Generic.zip
p16366204_111160_Generic.zip

Note: Make sure the patches are for SOA 11.1.1.6.0. You will get a conflict issue if you try to apply a different SOA patch version (Other patches might get deleted if you try to proceed).

To apply a patch: 
  1. Temporarily set ORACLE_HOME and include SOA OPatch to PATH.
  2. Extract a patch. Navigate into the directory and execute "opatch apply". Only for patch 16385074, navigate to opatch/16385074 and then apply.
#Include the SOA OPatch in Path
export PATH=/home/oracle/Oracle/Middleware/Oracle_SOA1/OPatch:$PATH
#Set the ORACLE_HOME to the SOA Directory
export ORACLE_HOME=/home/oracle/Oracle/Middleware/Oracle_SOA1

#To check the patches applied
opatch lsinventory

IDM 11.1.2.1 Installation
Files:
V37472-01_1of2.zip
V37472-01_2of2.zip

After unzipping the two files, three Disk directories are created. Navigate to the "Disk 1" directory and execute the runInstaller script specifying your JRE location.
./runInstaller -jreLoc /home/oracle/java/jrockit64/jre

Apply More Patches
Refer to the Release Notes under section "2.2.2 Mandatory Patches Required for Installing Oracle Identity Manager" for full list of mandatory patches.

#IDM Oracle Home
export PATH=/home/oracle/Oracle/Middleware/Oracle_IDM1/OPatch:$PATH
export ORACLE_HOME=/home/oracle/Oracle/Middleware/Oracle_IDM1

#Common Oracle Home
export PATH=/home/oracle/Oracle/Middleware/oracle_common/OPatch:$PATH
export ORACLE_HOME=/home/oracle/Oracle/Middleware/oracle_common
Files:
p16400771_111160_Generic.zip
p16472592_111160_Generic.zip
p16513008_111210_Generic.zip

16472592: Oracle WebCenter Portal
* opatch/16472592 : Applicable for ORACLE_HOME [oracle_common]

16400771: Oracle Platform Security Services
Applicable for ORACLE_HOME [oracle_common]

16513008: Oracle Access Manager
Applicable for ORACLE_HOME [Oracle_IDM1]

Creating WebLogic Domain
Navigate to /home/oracle/Oracle/Middleware/oracle_common/common/bin and run command: ./config.sh
Select Oracle Identity Manager - 11.1.2.0.0.
The following are automatically selected:
Oracle SOA Suite
Oracle Enterprise Manager
Oracle Platform Security Service
Oracle WSM Policy Manager
Oracle JRF WebServices Asynchronous services
Oracle JRF

Configure Database Security Store for WebLogic Domain

#Create OPSS Database Keystore
#[mw_home]/oracle_common/common/bin/wlst.sh [iam_home]/common/tools/configureSecurityStore.py -d [domaindir] -c IAM -p [opss_schema_password] -m create
/home/oracle/Oracle/Middleware/oracle_common/common/bin/wlst.sh /home/oracle/Oracle/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py -d /home/oracle/Oracle/Middleware/user_projects/domains/oim_domain -c IAM -p Password1 -m create

#Validate OPSS Database Keystore
#[mw_home]/oracle_common/common/bin/wlst.sh [iam_home]/common/tools/configureSecurityStore.py -d [domaindir] -m validate
/home/oracle/Oracle/Middleware/oracle_common/common/bin/wlst.sh /home/oracle/Oracle/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py -d /home/oracle/Oracle/Middleware/user_projects/domains/oim_domain -m validate

Configure Oracle Identity Manager 11.1.2.1.0
Start WebLogic Administrator Console and SOA. The startup scripts are located in "MW_HOME/user_projects/domains/DOMAIN_NAME/bin".

#Start WebLogic AdminServer
./startWebLogic.sh

#Start SOA
./startManagedWebLogic.sh soa_server1

Navigate to MW_HOME/Oracle_IDM1/bin and run the config.sh script.

Post Installation
Shut down all servers and apply patch 16478722 to oracle common home.
File: p16478722_111160_Generic.zip

Tuesday, November 12, 2013

How to Check OIM Schema Version

To find out the your schema version, execute the following query:
select * from schema_version_registry;

Saturday, November 9, 2013

Flat File Connector: Creating a Process Form

This guide demonstrates how to create a process form. The flat file connector provided by Oracle is used as an example.

A process form stores identity attributes data from the target resource. During a provisioning process, data from the process form flow out to the target resource. On reconciliation, Oracle Idenity Manager reads from the target resource and stores the data in a process form.

Flat File Connector: Creating a Resource Object

This guide demonstrates how to create a resource object. The flat file connector provided by Oracle is used as an example.

A resource object is a virtual representation of an account on a target system. If an OIM user has an account on the target system and reconciliation is ran, the user gets a resource object instance associated with it.

Flat File Connector: Creating IT Resource Type

This guide demonstrates how to create an IT resource type. The flat file connector provided by Oracle is used as an example.

IT resource types are templates for the IT resource definitions that reference them. After defining an IT resource type, you will be able to create an instance of an IT resource of the new type.

Wednesday, November 6, 2013

ls Command: List Contents of Directory

Summary
The ls command list all files in a directory. This command is used often when navigating through your file system through the terminal.

SYNOPSIS
ls [OPTION] [FILE]

When you invoke the command with no arguments, the files in the current directory is listed.

Options
Given here are common options used often. You can combine options together.
-a    List all entries. For example, files that begin with a period (.) are listed.

-l    List in long format.
      1st column: File Type and file permissions for users, group, and others.
      2nd column: Number of links
      3rd column: File owner
      4th column: Group owner
      5th column: File size
      6th column: Last modification date
      7th column: Name of file
      Example: -rw-rw-r--  1  oracle  oracle  6880  Oct 21 23:10  README

-h   Print file sizes in human readable format (e.g. 8.3M, 1.1K, etc)

-R   Recursively list sub-directories encountered.

-F   Appends a character  revealing the nature of a file.
      Regular files have no suffix. 
      *   executable file
      @  symbolic link
      /   directory
      =  sockets

-t   Sort by time modified. Latest first.

-i   Print the i-number

-u   Use time of last access instead of last modification.

-1   Force one-entry-per-line output format.

Sunday, November 3, 2013

Oracle DB: Get All the Foriegn Keys References on a Specific Column

At times it is useful to know all the foreign keys of a specific table column. The query provided here will give you the table name that has the foreign key, the name of the foreign key constraint, the table and column the foreign key reference to. Change the value for ucc.column_name to the column name you want all the foreign key references of.

SELECT
   uc.table_name as foreign_table,
   uc.constraint_name as foreign_constaint_name,
   ucc.table_name,
   uc.r_constraint_name,
   ucc.column_name
FROM
   user_constraints uc,
   user_cons_columns ucc
WHERE
   uc.r_constraint_name = ucc.constraint_name AND
   uc.constraint_type = 'R' AND
   ucc.column_name = 'USR_KEY';