Chuyển đến nội dung chính

Bài đăng

Đang hiển thị bài đăng từ Tháng 6, 2017

Rich Diagnostics

Source: https://abhirockzz.wordpress.com Oracle IDM R2 PS2 provides some really efficient troubleshooting, monitoring and diagnostic features. This post will provide a quick overview of the same and delve into using one such feature to resolve a practical issue. New Diagnostic Features: Overview 1.  Orchestration diagnostics  – The EM console can be used to drill down into the Orchestration related details of events within OIM      A  Dashboard  to view recent operations and events Info regarding  ALL the event handlers  attached to a particular operation – including   CUSTOM  developed. No more digging into XMLs form MDS ! Powerful  search  features for all  Operations  (search by Operation Type, Operation ID etc) 2.  Dynamic Monitoring Service (DMS)  is an Oracle FMW component which enables  performance tracking  of various OIM modules and services such as scheduled tasks, event handlers, platform resources etc. One can  export  DMS metrics for de

Oracle IDM Auditing

Source: https://abhirockzz.wordpress.com Reporting  is a vital functionality in any product which deals with sensitive information. Same applies to Identity & Access Management tools. Oracle IDM’s Auditing module acts as a foundation for its OOTB Reporting capabilities. Let’s take a quick look at  Auditing engine  and how it facilitates the Reporting functionality within OIM The use case presented here is simple –  change to a user record in OIM. What are the sequence of events which get triggered from an Audit perspective? This is best explained by a diagram. I came up with the  figure below  in an attempt to better articulate the process. Although the diagram is self explanatory, a theoretical translation of the same is not going to harm us!  The updated/created user record gets pushed into the  USR  table (stores the user information) – Its a normal process by which the information gets recorded in the OIM Database The information is further propagated by the  OI

Registering a Plugin using OIM APIs

Version: Oracle Identity Manager 11g R2 package com.oracle.utility; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.util.Hashtable; import java.util.logging.Level; import java.util.logging.Logger; import javax.security.auth.login.LoginException; import oracle.iam.platform.OIMClient; import oracle.iam.platform.pluginframework.PluginException; import oracle.iam.platformservice.api.PlatformService; import oracle.iam.platformservice.api.PlatformUtilsService; import oracle.iam.platformservice.exception.PlatformServiceAccessDeniedException; /**  * @author Pham Thanh Tung  * Email: phamthanhtungdcn@gmail.com  * 21-06-2017  */ public class RegisterPlugin {     public static final String OIM_HOSTNAME = "10.4.18.101";     public static final String OIM_PORT = "14000";     public static final String OIM_PROVIDER_URL = "t3://"+ OIM_HOSTNAME + ":" + OIM_

Approval specific web services in Oracle IDM

Source: https://abhirockzz.wordpress.com Oracle IDM integrates with and leverages the SOA suite for approval related features (SOA is quite rich to be honest and is utilized as the back bone for Web Services connector as well). SOA is not just for namesake – SOA suite does in fact rely on the concept of loosely coupled and independent services. The approval engine makes use of three such web services Request web service : this is deployed on the OIM server Request Callback web service : this is deployed on SOA server Provisioning Callback web service : this too is deployed on OIM and used in context of approvals related to  Disconnected application instances But how/when are these (SOA) services leveraged ? Consider an example of a basic approval process OIM approval engine calls a SOA composite (from within an approval policy) in response to evaluation of a self service request.  The internals of this call are out of scope of this post (maybe some other time!) Operati

How to OIM cache work

Source: https://abhirockzz.wordpress.com Oracle IDM uses  OSCache  from the OpenSymphony project for  in memory caching  of objects in order to avoid repetitive calls to database and improve performance (of course !). In case you are not familiar with caching in general, I am pretty sure that as someone working on OIM, you would have executed  PurgeCache.sh  at some point in your career – so there it is ! If you have ever purged OIM’s cache, you have indirectly used OSCache.. yay ! How is it implemented ? OIM uses a facade/wrapper over the core OSCache caching APIs XLCacheProvider  is essentially used as the generic interface which is implemented by a class called  OSCacheProvider  (this is OIM specific). You should be able to see an entry of this class in  oim-config.xml  (caching categories config section). It’s FQDN is  oracle.iam.platform.utils.cache.OSCacheProvider This class implements the contract put forth in the XLCacheProvider interface and leverages internal OSCache A

The Identity Connector Framework (ICF)

Oracle IDM has lots of stable connector implementations (using ICF) which are being extensively leveraged in real world IDM deployments e.g. Active Directory, Generic Unix, Generic LDAP, Generic DB-UM, Flat File, IBM Domino Lotus Notes etc.

Uninstalling an OIM Connector

Version: Oracle Identity Manager 11.1.2.3.0 Step 1: Modify "ConnectorUninstall.properties" located in the "/home/oracle/Oracle/Middleware/Oracle_IDM1/server/bin" directory. Step 2: Here is a brief description of each parameter defined in the file: DatabaseURL: location of the Oracle Database DbUserName: Name of the OIM schema Location: Place where you want the log files of this process to be. ConnectorName: Name of the connector (Same as in the OIM console: Advanced-> Manage Connector -> search. Use the Connector Name field.) Step 3: Run the" uninstallConnector.sh" script located in "/home/oracle/Oracle/Middleware/Oracle_IDM1/server/bin" directory. [Enter the DB Password :] <OIM schema password> [Enter OIM Administrator Name :] xelsysadm [Enter the OIM Administrator Password :] [Enter OIM Server t3 URL [Ex. t3://localhost:7001/ ]:] t3://localhost:14000 Step 4: Execute the "DeleteJars.sh&quo

Allow Duplicate Emails

Version: Oracle Identity Manager 11.1.2.3.0 Step 1:  Login to Oracle Identity System Administration Step 2: On the navigation menu, select Configuration Properties under System Configuration. Step 3: Create the following System Property. Step 4: Verify using duplicate emails.

Giving an OIM User System Administrator Privileges

Version: Oracle Identity Manager 11.1.2.3.0 Step 1: Log into the Identity Self Service page as xelsysadm. Step 2: Navigate to the Manage section and then select Organizations. Step 3: Select the Top organization. Step 4: Navigate to the Admin Roles section. Highlight the System Administrator role and then click Assign. Step 5: On the pop-up box, search for your user and then add the selected user. Step 6:  Check Member