Chuyển đến nội dung chính

Oracle IDM Auditing

Source: https://abhirockzz.wordpress.com
Reporting is a vital functionality in any product which deals with sensitive information. Same applies to Identity & Access Management tools. Oracle IDM’s Auditing module acts as a foundation for its OOTB Reporting capabilities. Let’s take a quick look at Auditing engine and how it facilitates the Reporting functionality within OIM
The use case presented here is simple – change to a user record in OIM.
What are the sequence of events which get triggered from an Audit perspective?
This is best explained by a diagram. I came up with the figure below in an attempt to better articulate the process.

oim-auditing
Although the diagram is self explanatory, a theoretical translation of the same is not going to harm us! 
  • The updated/created user record gets pushed into the USR table (stores the user information) – Its a normal process by which the information gets recorded in the OIM Database
  • The information is further propagated by the OIM Auditing engine (as a part of core back end server logic) and it initiates a transaction
  • The Audit Engine inserts a new entry in the AUD_JMS table as a part of the audit transaction completion. The AUD_JMS table is nothing but a staging table
  • The Issue Audit Messages scheduled job picks up the Audit messages in the AUD_JMS table and submits the key to the oimAuditQueue JMS queue.
  • The MDB corresponding to the queue initiates the Audit data processing – the data is seeded into the UPA table. This data is in the form of XML. These are snapshots of the user profile at the instant when the user record was actually modified/created. The UPA table also stores the delta (changes to the profile)
  • Finally, the Post processors of the Audit engine pick up the XML snapshots from the central UPA table and store them in specific audit tables (in a de-normalized format) like UPA_USR, UPA_USR_FIELDS, UPA_RESOURCE, UPA_UD_FORMS etc
  • These tables serve as the primary source of information for the Reporting module. If you have ever worked on the OIM Reporting module, I am sure you can relate to the Data Sources which you configure on your BI Publisher instance – these are for executing direct queries on the above mentioned Audit tables for its data.

Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

Approval specific web services in Oracle IDM

Source: https://abhirockzz.wordpress.com Oracle IDM integrates with and leverages the SOA suite for approval related features (SOA is quite rich to be honest and is utilized as the back bone for Web Services connector as well). SOA is not just for namesake – SOA suite does in fact rely on the concept of loosely coupled and independent services. The approval engine makes use of three such web services Request web service : this is deployed on the OIM server Request Callback web service : this is deployed on SOA server Provisioning Callback web service : this too is deployed on OIM and used in context of approvals related to  Disconnected application instances But how/when are these (SOA) services leveraged ? Consider an example of a basic approval process OIM approval engine calls a SOA composite (from within an approval policy) in response to evaluation of a self service request.  The internals of this call are out of scope of this post (maybe some other time!) Operati
1 nhận xét
Đọc thêm

Allow Duplicate Emails

Version: Oracle Identity Manager 11.1.2.3.0 Step 1:  Login to Oracle Identity System Administration Step 2: On the navigation menu, select Configuration Properties under System Configuration. Step 3: Create the following System Property. Step 4: Verify using duplicate emails.
Đăng nhận xét
Đọc thêm

How to OIM cache work

Source: https://abhirockzz.wordpress.com Oracle IDM uses  OSCache  from the OpenSymphony project for  in memory caching  of objects in order to avoid repetitive calls to database and improve performance (of course !). In case you are not familiar with caching in general, I am pretty sure that as someone working on OIM, you would have executed  PurgeCache.sh  at some point in your career – so there it is ! If you have ever purged OIM’s cache, you have indirectly used OSCache.. yay ! How is it implemented ? OIM uses a facade/wrapper over the core OSCache caching APIs XLCacheProvider  is essentially used as the generic interface which is implemented by a class called  OSCacheProvider  (this is OIM specific). You should be able to see an entry of this class in  oim-config.xml  (caching categories config section). It’s FQDN is  oracle.iam.platform.utils.cache.OSCacheProvider This class implements the contract put forth in the XLCacheProvider interface and leverages internal OSCache A
Đăng nhận xét
Đọc thêm