Google Search

Sunday, December 28, 2014

Main difference between Application Server and Web Server

1. Application Server supports distributed transaction and EJB. While Web Server only supports Servlets and JSP.

2. Application Server can contain web server in them. most of App server e.g. JBoss or WAS has Servlet and JSP container.

3. Though its not limited to Application Server but they used to provide services like Connection pooling, Transaction management, messaging, clustering, load balancing and persistence. Now Apache tomcat also provides connection pooling.

4. In terms of logical difference between web server and application server. web server is supposed to provide http protocol level service while application server provides support to web service and expose business level service e.g. EJB.

5. Application server are more heavy than web server in terms of resource utilization.
Posted by at No comments:

Thursday, December 18, 2014

OIM 11g to Active Directory Connector Integration High Level Steps

    High level Steps to  Install and Configure Active Directory Connector in OIM 11g 
  
     1.       Download and unzip the connector files and place it under OIM_HOME\server\         ConnectorDefaultDirectory
     2.       Install AD Connector
     3.       Create a  Sandbox for AD and make it Active
     4.       Verify the IT Resource parameters
     5.       Install Connector server on AD machine or OIM machine
     6.       Start connector server as windows service with default port 8759
     7.       Create a new user in OIM  to try to provision manually to Active Directory
     8.       Create required fields population using  pre-populate Adapter
     9.       Create required fields population using  process-task  Adapter
   10.   Create a new Role with our Custom rule
   11.   Create an Access Policy for AD for direct provisioning purpose
   12.   Try to provision users automatically from OIM to AD using Access Policy
   13.   Verify the user is crated or not in Active Directory
   14.   Ran Organization Lookup Recon
   15.   Ran AD User Target Recon
   16.   Create change tasks for each attribute value updates from OIM to Process Form and AD
   17.   Verify Create, Update, Disable, Enable and Delete User scenarios.

   18.   Publish Sandbox
Posted by at No comments:

Custom Plugin Generation High Level Steps

      OIM 11g R2 PS2 - Custom Plugin Generation High Level Steps

   1.       Login to OIM sysadmin console
   2.       Go to System Configuration tab
   3.       Open Default User Name Policy property and update with our custom  plug-in
   4.       Create a UserID zip file which includes our custom jar
   5.       Place it under OIM_HOME\server\plugins
   6.       Register the plug-in ant utility and verify registration is success or not
   7.       Ran PurgeCache(Not needed but sometimes)

   8.       Verify plug-in is successfully updated OIM DB in Plugins table
Posted by at No comments:

Custom UDF Creation high-level steps in OIM 11g r2 ps2


   Custom UDF Creation high-level steps 

1.       Login to OIM sysadmin console
2.       Create a new sandbox for UDF customization and make it Active
3.       Create a new Custom UDF field by clicking Users in the left pane of Configuration tab
4.       Login to OIM identity console
5.       Click create user and click Customize and set the properties for the Created Custom UDF
6.       Add the custom UDF name to Create, Modify, View, Search forms using identity console
7.       Set  ValueChangeListener property to save the changes to the user form in OIM and Target Systems
8.       Verify the custom UDF attributes are visible in all the above forms

9.       Publish Sandbox
Posted by at No comments:

Tuesday, December 2, 2014

OEL 6 network configuration setup

It's a reported bug for RHEL 6, Follow these steps to get up and running network connection .

Setting up Automatic IP:

1.Enter into root user
 
   $su -
  
   Enter password for root user

2. #vi /etc/sysconfig/network-scripts/ifcfg-eth0 (which is your defualt first NIC configuration file)
  
    ONBOOT="yes"
    BOOTPROTO="dhcp"  (If you are using dhcp)

  Save & restart networking service,

3. Restart network
 
     #service network restart (or) #/etc/init.d/network restart
4. Check the ip address by using below commands.
 
     From root user : # ifconifig
    From normal user : $/sbin/ifconfig

Setting up Static/Manual IP:

If you are providing manual IP then, edit it like this;

DEVICE=eth0
           IPADDR=10.10.10.10
           NETMASK=255.255.255.0
           NETWORK=10.10.10.0
GATEWAY=10.10.10.253
           ONBOOT=yes
           BOOTPROTO=none
           USERCTL=no

Save & restart networking service.

1.Enter into root user
 
  $su -  
   Enter password for root user

2.Restart network
 
  #service network restart (or) #/etc/init.d/network restart          

3.Check the ip address by using below commands.

  From root user : # ifconifig
  From normal user : $/sbin/ifconfig

For more information regarding this network setup, please read the below URL for clear explanation.
http://oracle-base.com/articles/linux/linux-network-configuration.php

OR you can use simple Network Configuration tool  to configure IP's but the highlighted two lines are compulsory to add manually in the file.
 
Posted by at No comments:

Sunday, November 30, 2014

UDF Creation in OIM 11G R1

Before Creating User Defined Fields (UDF) in Oracle Identity Manager 11G R1,

make sure that Weblogic Server and Managed Server (SOA and OIM) should be up and running fine.

Log in to the Admin Console with your Oracle Identity Manager user name and password.

Now open the browser and enter url http://OIM_hostname:14000/oim/ and enter the credentials as

Username: xelsysadm

Password: *******




Click on Advanced tab à Configuration àUser Configuration àActionsà User Attributes



 Click on create attribute


Provide attribute details

Ex: Attribute Name : Company
Back-end Attribute Name : USR_UDF_COMPANY

Click on next

 Provide Attribute size and click on next
 Click on save

Now message will be displayed as attribute company was successfully created.

Click on OK
 Click on administration tab à create user

 Here you will find the newly created attribute
 Start SQL Developer which is in Start Menuàprogramsàoracle-Oradb11g_home1àApplication development

 Connect using Username: DEV_OIM

 Open USR table you will find column with name USR_UDF_COMPANY


Hope this will helpful!
Posted by at No comments:

Steps to Run Active Directory Target Recon in OIM 11g R1

1)    Create AD ITResource in OIM

          Go to Advanced Tab and Click on Manage IT Resource


          Click on Search



  Click on ADITResource


Click on Edit


Enter the following AD Connection Parameters

       Server Address :
       Port Number :
       Admin FQDN :
       Password :
       Root Suffix :

       Use SSL :         

Click on Update

Copy ldapbp.jar into the following folder

/apps/oracle/Middleware/Oracle_IDM1/server/ThirdParty ($ORACLE_OIM_HOME/server/ThirdParty)

 Go to Advanced in OIM Design Console and Click on Search Scheduler Jobs

Click on Search

Click on AD User Target Recon


Enter The following details

Search base : (AD Search Base)


Will Submit all records : yes


Click on Apply and Enable


Click on Run Now

AD Target Recon is successfully completed.

Posted by at No comments:

How to enable Virtualization Technology intel vt x is disabled in Virtualbox-vmware

Issue:

 Ubuntu 14.04 64-bit inside my Win 7 Home premium 64-bit, but I can't. "Binary translation is incompatible with long mode on this platform. Long mode will be disabled in this virtual environment. Applications requiring long mode will not function properly as a result." AND "This virtual machine is configured for 64-bit guest operating systems. However, 64-bit operation is not possible.

 This host supports Intel VT-x, but Intel VT-x is disabled.
Intel VT-x might be disabled if it has been disabled in the BIOS/firmware settings or the host has not been power-cycled since changing this setting.

 (1) Verify that the BIOS/firmware settings enable Intel VT-x and disable 'trusted execution.'
(2) Power-cycle the host if either of these BIOS/firmware settings have been changed.
(3) Power-cycle the host if you have not done so since installing VMware Player.
(4) Update the host's BIOS/firmware to the latest version."

 Resolution 1:

 The problem was, it only accepts Ubuntu 32-bit (even though my machine is 64-bit), and I also was trying to use Linux Mint. After downloading Ubuntu 14.04 32-bit, VM Player was happy to install it.

 Resolution 2:

 This error common in new windows server 2012.

 Steps :

 1. Shutdown Laptop

 2. Press F10 or F12 for boot options

 3. Click on Device Configuration tab

 4. Scroll-down and Enable Virtual Technology check-box

 5. Start the Laptop/system

 6. Now to VMware workstation -> Power on your Virtual Machine

 Once we perform all the above steps, it will resolve your issue.

 Hope this will helpful!
Posted by at No comments:

Friday, November 28, 2014

Reconciliation,Provisioning,Events in OIM 11g

Reconciliation :

Process of comparing and synchronizing accounts information in target system with OIM. Data flows into Oracle Identity Manager from External Source.

Type of Reconciliation - There are two type

a) Trusted Source Reconciliation – External Source is authoritative source (eg. HR), External Source drives creation, modification and deletion of user in Oracle Identity Manager.

b) Target resource reconciliation – external Source is non-authoritative source with which user is already provisioned.

Events in Reconciliation – Three type of events

a) Reconciliation Insert – OIM detects a user which does not exists in OIM
b) Reconciliation Update – OIM detects a modification to user  which already exists in OIM
c) Reconciliation Delete – OIM decides that user present in OIM should be removed

Provisioning :

Process to create, modify or delete user information in target resource is initiated by OIM. Data flow is from OIM to resource (external source)

Type of Provisioning in OIM

a) Day-one provisioning – involves initial creation of access privileges to resource(external source) for users and removal of these privileges.
b) Day-two provisioning – modification of privileges with resources (external source) based on business needs.
Posted by at No comments:

OAM 11g Webgate Flow

OAM 11g Webgate flow:

   1. An OAM 11g Webgate intercepts the incoming request for a resource, determines whether the resource is protected.

          a.  If it is Unprotected : User will able to see the requested application page without authentication and  authorization.
       
        b.  If it is Protected – the OAM 11g server constructs and returns a response back to the Webgate. That response contains the authentication scheme required to authenticate the user.
  
   2. Next the Webgate sets a cookie (OAM_REQ) to keep track of the target/requested URL and then redirects to the OAM 11g server, which routes the request to the credential collector.
   
   3. The detached credential collector (DCC) serves up the login page, which captures credentials and posts the credentials to the OAM server.
  
   4. The credentials are validated against the ID store configured for this particular authentication scheme.

   5. Once the credentials are validated, the OAM server creates an authentication token, the session in Coherence, and creates a server side session cookie called the OAM_ID cookie, which has details about the user, the time the session was created, the idle timeout, and session identifier to the coherence session.
   
   6. Then the OAM server constructs a response which is encrypted with the Webgate's key and redirects to the Webgate.
  
   7. The Webgate decrypts the response, extracts the authentication token and the session identifier, and uses that information to set OAMAuthnCookie, which is set as a host cookie: OAMAuthnCookie_. (In this step if you are using an OAM 10g webgate, the response from the server will contain the information required to set ObSSOCookie, if you are using mod_osso, the response will contain the information required to set the OHS host cookie.)
   
    8.When subsequent requests are made from that Webgate, the authentication token is passed by the Webgate to the OAM server, which validates the authentication token, checks the validity of the OAM_ID cookie and session timeout, and does the appropriate authorization checks.

    9.As the result of authorization checks, additional attributes may be added to HTTP Headers and passed to downstream applications. This is especially useful when asserting user identity and group or role information to downstream applications such as those running on Oracle Weblogic Server.
Posted by at No comments:

IAM Tech: Differences between OAM 10g Webgates and OAM 11g Webgates

IAM Tech: Differences between OAM 10g Webgates and OAM 11g Webgates
Posted by at No comments:

Differences between OAM 10g Webgates and OAM 11g Webgates

OAM 10g Webgates:

  1.   C-based agents that are to be deployed on Web servers
  2.   Domain-based cookie
  3.   ObSSOCookie (one for all 10g Webgates)
  4.   One Web server configuration supported per Webgate. Need to have multiple WebGates for multiple instances
  5.   There is no detached credential collector (DCC)
  6.   OAM 10g provides a proprietary multiple network domain SSO capability that predates Oracle Identity Federation. Complex configuration is required.

OAM 11g Webgates:

  1.  Java-based agents that are to be deployed on Web Servers (Specific to OHS Server)
  2.   Host-based cookie.
  3.   Individual Webgate OAMAuthnCookie_ making it more secure
  4.   Has separate install and configuration option.  Hence, single install and multiple instance configuration is supported. 
  5.  Capability to act as a detached credential collector (DCC)
  6.  OAM 11g supports cross-network-domain SSO out of the box.Oracle recommends you use Oracle Identity Federation for this situation.
Posted by at No comments:

Sunday, November 16, 2014

Event Handler ordering for User entity create/modify operations

Here is the list of MDS documents and corresponding event handlers that need to be changed.

MDS document name: /metadata/iam-features-identity/event-definition/EventHandlers.xml

Event Handler Name
Operation
Current Order
New Order
CreateUserPreviewHandler
CREATE
FIRST
1000
ModifyUserPreviewHandler
MODIFY
FIRST
1000
CreateUserValidationHandler
CREATE
FIRST
1000
ModifyUserValidationHandler
MODIFY
FIRST
1000
CreateUserPreProcessHandler
CREATE
FIRST
1000
ModifyUserPreProcessHandler
MODIFY
FIRST
1000
CustomPreProcessHandler
CREATE
LAST
2147483647 (MAXINT)
CustomPreProcessHandler
MODIFY
LAST
2147483647 (MAXINT)
CreateUserActionHandler
CREATE
FIRST
1000
ModifyUserActionHandler
MODIFY
FIRST
1000
CreateUserPostProcessHandler
CREATE
FIRST
1060
CustomPostProcessHandler
CREATE
LAST
2000000
CustomPostProcessHandler
MODIFY
LAST
2000000
CreateUserFinalizationHandler
CREATE
FIRST
1000
CreateUserVetoHandler
CREATE
FIRST
1000
CreateUserRequestFailedHandler
CREATE
FIRST
1000
UserCreateFailedHandler
CREATE
LAST
1000000

MDS document name: /metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml

Event Handler Name
Operation
Current Order
New Order
UserPasswordValidationHandler
CREATE
2
1020
PasswordNotificationHandler
CREATE
FIRST
1180
PasswordHistoryPostProcessHandler
CREATE
SECOND
1200

MDS document name: /metadata/iam-features-transUI/EventHandlers.xml

Event Handler Name
Operation
Current Order
New Order
GetCurrentUser
ANY
1
-2147483648 (MININT)
UpdateUsrPwdFields
CREATE
2
1040
UserAuditHandler
ANY
2
1000
ProvisionXellerateUserResource toUserOrg
CREATE
1
1080
TriggerUserProcesses
MODIFY
3
1080
RevokeResourcesOnDeProvisionedDate
MODIFY
LAST
1000000

MDS document name: /metadata/iam-features-request/event-definition/EventHandlers.xml

Event Handler Name
Operation
Current Order
New Order
PostSubmissionDataActions
ANY
FIRST
1020
PostProcessingInitiation
ANY
SECOND
-2147483648
RequestCompleted
ANY
LAST
2147483647

MDS document name: /db/ldapMetadata/EventHandlers.xml

Event Handler Name
Operation
Current Order
New Order
UserCreateLDAPPreProcessHandler
CREATE
9990
10020
UserModifyLDAPPreProcessHandler
MODIFY
9990
10020
UserCreateLDAPPostProcessHandler
CREATE
2
1120
UserModifyLDAPPostProcessHandler
MODIFY
FIRST
1020
LDAPAddMissingObjectClasses
CREATE
FIRST
1140

MDS document name: /metadata/iam-features-reconciliation/event-definition/EventHandlers.xml

Event Handler Name
Operation
Current Order
New Order
UserPostProcessEventHandler
CREATE
FIRST
1040
UserPostProcessEventHandler
MODIFY
FIRST
1040
ReconUserPasswordHandler
CREATE
2
1020
ReconScheduledTaskHandler
CREATE
2
1100
ReconScheduledTaskHandler
MODIFY
2
1060

MDS document name: /metadata/iam-features-autoroles /event-definition/EventHandlers.xml

Event Handler Name
Operation
Current Order
New Order
RoleChangeCalculator
CREATE
5
1220
RoleChangeCalculator
MODIFY
5
1100

MDS document name: /metadata/iam-features-accesspolicy /event-definition/EventHandlers.xml

Event Handler Name
Operation
Current Order
New Order
PolicyEvaluator
CREATE
6
1240
PolicyEvaluator
MODIFY
6
1120

MDS document name: /metadata/iam-features-asyncwsclient /event-definition/EventHandlers.xml

Event Handler Name
Operation
Current Order
New Order
AsyncHandler
CREATE
1000
1260
AsyncHandler
MODIFY
1000
1140

MDS document name: /metadata/iam-features-selfservice/event-definition/EventHandlers.xml
Event Handler Name
Operation
Current Order
New Order
SelfServiceNotificationHandler
CREATE
FIRST
1160
SelfServicePostHandler
CREATE
LAST
1000000
Posted by at No comments:
Subscribe to: Posts (Atom)