sion

Oracle Fusion Middleware : Oracle Identity and Access Management Suite 10g/11gR1/11gR2PS1,PS2,PS3 : OIM | OAM,OAAM,OIF | OID, OVD, DIP | OUD/ ODSEE | Microsft AD | OpenLDAP | ADF | EBS R12 | OECMCCR4 | Business Intelleigence - Bi Publisher | Banking | Demo Applications | Core Java | SQL | PLSQL | Web services | Weblogic | Tomcat | JBoss | OHS | WebGate | WebCenter | In any Queries please Contact Me : info@oratechsoft.com

Search This Blog

Tuesday, 21 July 2015

OIM : Pre Defined SOA Composites

OIM comes with pre-defined sets of composites for creating and managing requests. These SOA composites are deployed to the Oracle SOA Server and registered with Oracle Identity Manager by default. If you are creating any new SOA composites, or making changes to existing ones, you will need to redeploy your composites to the Oracle SOA Server and register the changed composite to the Oracle Identity Manager Server.



The source for all SOA composite workflows is available from the $ORACLE_OIM_HOME/server/workflows/composite directory.

Sunday, 19 July 2015

E-Business Suite R12 Server startup and Shutdown Steps

E-Business suite R12 Start Up 


Step 1: Login to Root User ::

#Connect to Oracle Database 

su - oradev
sqlplus / as sysdba
startup;

exit

lsnrctl start VIS
lsnrctl status VIS


and THEN


# Connect to ApplicationDevelopment scheme 

su - appldev

connect apps/apps

cd $ADMIN_SCRIPTS_HOME
./adstrtal.sh apps/apps@VIS



# ok this is startup procedure


Shut-down procedure 

su - appldev
 cd $ADMIN_SCRIPTS_HOME
./adstpall.sh apps/apps@VIS


su - oradev
lsnrctl stop VIS
sqlplus / as sysdba
shut immeidate;
exit


http://ebsdev.luckyfusion.com:8000/


    SYSADMIN/sysadmin

    MFG/welcome

    OPERATIONS/welcome

    SERVICES/welcome

    MRC/welcome

    HRMS/welcome




========================================================================

Thanks & Regards

Lakshmi Prasad Reddy Nandyala 

Per_Email :: nandyala@lakshmiprasad.co.in

Mobile No :: +91-9490059784



Thursday, 16 July 2015

MS Active Directory Password Synchronization with Oracle Identity Manager

 Step 1:  Install Windows Server 2008 R2

               a. set Static IP address
               b. Disable Firewall
               c. Create a Domain (dcpromo  ) Eg : activedirectory.com

Step 2 :  Install Connector Server in Windows Server

Step 3 :  Install Active Directory User Management Connector in " OIM  " and Configure IT Resources

Step 4 :  Install Active Directory password Sync Connector in " Windows Server "

Step 5 : Goto Run Command type " regedit"  Search "ADConfig " or Path  HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa\ oimpwdsync\ ADConfig


  1. ADPersistentStore is OU in Active Directory that will store data for users whose password can’t be synced from AD to OIM for various reasons .
  2. Change value of Log from N to Y , if you wish to enable logging in password synchronization 
  3. LogPath represents directory in which logs are enabled (to enable logging set value of field Log to Y )

Step 6 : Goto Run Command type " regedit"  Search "OIMConfig " or Path  HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa\ oimpwdsync\ OIMConfig



  1.  OIMhost is hostname where OIM managed server is running  ( Ex : oim.luckyfusion.com )
  2. OIMPort is port on OIM managed server  is running (Ex : 14000 )
  3. To disable Password Synchronization connector, set value of Disabled to 1
  4. AD will communicate to OIM server via SPML Web Service (WS) SOAPrequest over HTTP(S) like http(s)://oim.luckyfusion:14000/spmlws/OIMProvisioning for OIM on WebLogic Server (Make sure to deploy SPML-DSML application on OIM Managed Server and application is in ACTIVE state)


SPML-DSML Deployment Steps :


      Before you deploy the connector, deploy the SPML-DSML Service on the Oracle WebLogic Application Server on which Oracle Identity Manager is running:
  1. Log in to the Oracle WebLogic Server Administration Console.
  2. In the Change Center region, click Lock & Edit to enable modification to the settings on the page.
  3. In the Domain Structure region, click Deployments.
  4. On the right pane, click Install.
  5. On the Locate deployment to install and prepare for deployment page, in the Path field, enter OIM_HOME\server\apps. For example,D:\my_install\middleware\Oracle_IDM1\server\apps.
  6. In the region following the Current Location field, select spml-dsml.ear and then click Next.
  7. On the Choose targeting style page, click Next to accept the default selection and proceed with installation.
  8. On the Select deployment targets page, in the Available targets for spml-dsml region, select oim_server1 if Oracle Identity Manager is installed in a nonclustered environment. Otherwise, select oim_cluster.
  9. Click Next.
  10. On the Optional Settings page, in the Source accessibility region, select I will make the deployment accessible from the following location, and then click Next.
  11. On the Review your choices and click Finish page, verify the data that you have provided, and then click Finish.
  12. On the Settings for spml-dsml page, review the configuration information of the deployed SPML-DSML Service, and then click Save.
  13. In the Change Center region, click Activate Changes for the changes to take effect.
  14. On the left pane, in the Domain Structure region, click Deployments.
  15. On the right pane, in the Deployments table, select spml-dsml, and then from the Start list, select Servicing all requests.
    The SPML-DSML Service is started.
  
Step 7 : Goto Run Command type " regedit"  Search "Install " or Path  HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Lsa\ oimpwdsync\ Install

Step 8 : Reconfigure the IT Resources 

            set the Allow Password Provisioning parameter to no

Step 9 : Configure SSL 


Step 10 : 





Wednesday, 15 July 2015

Oracle Identity Manager11gR2(PS1) Complete Installation Steps


1. Install Virtual Box

2. Windows Server 2008 R2

-->Set the Static Ip Adderess
-->Disable and Stop the services of Firewall
-->ComputerName not execeed more than 13 characters

2.1 Install Firefox Browser

3.     Install Database 11.2.1.2.0

      SQL> alter system set aq_tm_processes=1 scope=both;
alter system set db_cache_size=150994944 scope=both;
alter system set java_pool_size=125829120 scope=both;
alter system set shared_pool_size=183500800 scope=both;
alter system set open_cursors=1000 scope=both;
alter system set processes=1000 scope=spfile;
                        alter system set sessions=500 scope=spfile;
alter system set aq_tm_processes=2 scope=both;


       SQL> grant execute on DBMS_LOCK to PUBLIC;
Grant succeeded.
       SQL> grant execute on DBMS_JOB to PUBLIC;
Grant succeeded.


3.1  Install RCU 11.1.1.7

4. Java (1.6/1.7) or JRocket 1.6
(install location c:\java)


4.1  Weblogic 10.3.6

5. SOA 11.1.1.6
--Soa Patches n0:16366204

6. OIAM 11.1.2.1.0

7. Weblogic Configuration

8. OIAM configation

9. http://lucky.nandyala.com:14000/sysadmin

-->xelsysadm -->PASSWORD

http://lucky.nandyala.com:14000/identity
   
-->xelsysadm -->PASSWORD

10.   Configure Design Console

Go to ::   cd  <Middleware_Home>\wlserver_10.3\server\lib>  directory.

   

    java -jar <Middleware_Home>modules/com.bea.core.jarbuilder_1.5.0.0.jar

    This command generates the wlfullclient.jar file.

    Copy the wlfullclient.jar file to the <Oracle_IDM1>\designconsole\ext

   Copy the wlfullclient.jar file to the <Oracle_IDM1>\designconsole\lib


    Start the Design Console  <IDM_Home>\designconsole\> ( ./xlclient.cmd/sh) directory.

    Log in to the Design Console with your Oracle Identity Manager user name and password.



Lakshmi Prasada Reddy Nandyala
Email : info@lakshmiprasad.co.in
Mobile No: +91-9490059784




  

Oracle DB & JAVA Environment Variables


# Oracle Settings
TMP=/tmp; export TMP
TMPDIR=$TMP; export TMPDIR

ORACLE_HOSTNAME=lucky.nandyala.com; export ORACLE_HOSTNAME
ORACLE_UNQNAME=DB11G; export ORACLE_UNQNAME
ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE
ORACLE_HOME=$ORACLE_BASE/product/11.2.0/db_1; export ORACLE_HOME
ORACLE_SID=DB11G; export ORACLE_SID
PATH=/usr/sbin:$PATH; export PATH
PATH=$ORACLE_HOME/bin:$PATH; export PATH

LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib; export LD_LIBRARY_PATH
CLASSPATH=$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPATH



-----------------------------------------------------------------------------------------

#Java Settings

JAVA_HOME=/usr/java/jdk1.6;export JAVA_HOME

PATH=%JAVA_HOME/bin:$PATH;export PATH

CLASSPATH=%JAVA_HOME/lib/tools.jar;export CLASSPATH

CLASSPATH=/usr/java/jre1.6/rt.jar;export CLASSPATH

Tuesday, 14 July 2015

OIM Custom Connector Development


Develop a Connector features: 

Create 

( Resource Object    +    Process definition   +   Form Designer    +    Provisioning Tasks  +   Java

Code(Jar)  +   Adapaters    +   IT Resources    +    Lookups   +    Schedulers    +   Password Policies

+ Rules   +     Recon Jobs   +  XYZ task  ) = Custom Connector.

 Thanks & Regards 
-------------------------
Lakshmi Prasada Reddy Nandyala

Custom Approvals ( SOA Approvals )


Method for deploying Custom Approvals in Weblogic & OIM:


  1. Create a Project (ApprProjectName, ApprProjectService, ApprProject.. using ANT command in oim machine.
  2.  Open the .JWS/JPR project file from Jdeveloper. 
  3. Edit Approval task flow using BPEL orchestration
  4. Add custom java code for Complex approval process
  5. Add human workflow in BPEL orchestration place.Deploy the Approval workflow in SOA and Weblogic
  6. Once it is deployed, will stored with MDS(Meta Data Service)
  7. Register the approval workflow in OIM Server..
  8. Once it is loaded will be available for OIM.
  9. Create a Approval Policy from approval Policy functionality in sysadmin 
 Thanks & Regards 
-------------------------
Lakshmi Prasada Reddy Nandyala

Custom Schedulers in OIM

Method for deploying Custom Scheduler in Weblogic & OIM

  1. Create a java file with reconciliation schedule job code
  2. Need to develop a plug-in.xml to deploy into weblogic
  3. Run Registration.xml command from cmd promt
  4. Once it is deployed, will stored with MDS(Meta Data Service)
  5. Once it is loaded will be available for OIM.
  6. Create a schedule from Scheduler functionality in sysadmin

Thanks & Regards 
-------------------------
Lakshmi Prasada Reddy Nandyala

Event Handlers in OIM

Event Handler is known as "Data Set"

11g feature only not there in 10g

Event handler is pre defined java code by Oracle, by default feature given with OIM installation for User ID and Password features only.

Method for deploying event handlers in Weblogic:


  1. Create a java file with User Id generation code
  2. Need to develop a plug-in.xml to deploy into weblogic
  3. Run Registration.xml command from cmd promt
  4. Once it is deployed, will stored with MDS(Meta Data Service)
  5. Once it is loaded will be available for OIM. 

 Thanks & Regards 
-------------------------
Lakshmi Prasada Reddy Nandyala

Custom Adapters & Rules in OIM

Custom Adapters: 

Pure Java – 3 types of Tasks

 (Functional Task{Java, Remote, Stored Procedures},

Utility Task{Utility, OIM API’s},

Logical Task) & Pre compiled Java program.


Pre-Populate rule Generator Adp:
( One form to another Form user fields population Ex: USR to UD_OIDUser)

Step1: fill the attribute values in user(USR) form.. pre-populated automatically to Process Form(UD_OIDUSER) before submitting target system. Note: There is no post Pre-Population operation supported by this adapter. Its one time Job.

Task Assignment Adp
 (Delegation time Ex: Manager can assign his task to another person when he is going on leave)

Process Task adp:
(Provisioning/Reconciliation time Ex: User provisioning to targets)

Entity Adp
(User ID/Password/Email/EmpCode id generation automatically Ex: First name: prasad Last Name: nandyala User id: prasad.nandyala & Email: prasad.nandyala@lakshmiprasad.co.in ) Supported Pre and Post operations (Insert, Update and Delete functions)

Rule-Generator Adp:
(User ID/Password/Email id generation automatically Ex: First name: prasad Last Name: lakshmi User id: prasad.lakshmi & Email: prasad.lakshmi@lakshmiprasad.co.in).. No Pre and Post operations – Only one time generation.

  1. Custom Rules: Non Java
General Rule: If “User Type=Contractor” rule in Role and User membership

Pre-Populate Rule: ( One form to another Form user fields population Ex: USR to UD_OIDUser)

Task Assignment Rule: assigning your tasks to others(Delegated Administration)

Process Determination Rule: This rule would trigger with the Resource object at the time of process intiated. 

Thanks & Regards 
-------------------------
Lakshmi Prasada Reddy Nandyala


Form Customization in OIM..


1.1: Object Form customization (Parent Form) -- Example: User Form(USR)

1.1.1: Open sysadmin --> Create Sandbox --> Form designer -- > Search User --> Add Field --> Save --> Export Sandbox -->Publish Sandbox --> Signout
Conclution: Prepared for Backend Process

1.1.2: Open identity Console--> Import Sandbox --> Create User --> Fill manadatory fields --> Click Customize button --> Place the attribute --> Save --> Publish Sandbox
Conclusion: Prepared for Front end(Framework)


1.2: Process Form Customization (child Form) -- Example: OID Form(UD_OID_USR)
1.2.1: Login to Design Console --> Form Designer --> Search OID User Form --> Create new Version select that version --> Add Custom field --> Add Pre Population logic if required--> Make Version Active

Conclution: Only one step process for Process Forms..

SSL Configuration for Tomcat Web Server By LuckySkills


1- Create Tomacat keystore in a path of your choice ( C:\store )

%JAVA_HOME%\bin\keytool -genkey -alias tomacat -keyalg RSA -keystore c:\stage\my.keystore

2- Create CSR :

%JAVA_HOME%\bin\keytool -certreq -keyalg RSA -alias tomcat -file c:\stage\certreq.csr -keystore c:\stage\my.keystore

3-request SSL certificate at C.A and use the C.S.R. Created in step2.

4- import Root and SSL certificate (Chain Certificate) :

keytool -import -alias root -keystore c:\stage\my.keystore -trustcacerts -file <filename of the chain certificate (full Path) >

keytool -import -alias root -keystore c:\stage\my.keystore -file <your certificate filename (full Path) >

5- change connectors in server.xml file in Tomacat:
commet-out the non ssl connector(port 0000 or 00) si it won't be used again.
and change the ssl connector ( and uncomment it if connected ) to

<Connector

protocol="HTTP/1.1"
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\stage\my.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>

6- Done. test your URL with SSL.



Reconciliation Workflow and Triggering functionalities in OIM

Create User in Target--> Run Scheduler

Schedule--> Reconciliation Rule --> Resource Object --> Process Definition

Resource Object --> Object Reconciliation --> Reconciliation Fields + Recon Action Rules

Process Definition(complete Workflow) --> Resource + Form Designer + Recon Field Mappings + Tasks + Adapters + Jar's(Java Code) + Lookups(Recon) + IT Resource + xyz Functionality = User Reconciled in OIM.

Information updated to Reconciliation Table in Sysadmin as Events..

After Reconciliation --> send Notification using Email Definition..

Important Things in Recon:

1. Recon Rules
2. Recon Fields in Resource Object
3. Recon Action Rules
4. Updated to Reconciliation in sysadmin

Provisioning Workflow and Triggering functionalities in OIM


Create User in OIM --> Accounts + request Accounts

Account --> Application Instance --> Access Policy + Resource Object + Process Definition

Resource Object --> Password Policies + Process Det Rules + Events/Adpaters

Process Definition(complete Workflow) --> Resource + Form Designer + Tasks + Adapters + Jar's(Java Code) + Lookups + IT Resource + xyz Functionality = User Provisioned in Target

After Provision(Provisioned) --> send Notification using Email Definition

Monday, 13 July 2015

Deployment Process and Procedures for HPSM PBMContractorsInitalLoadScheduler

1.1           Deploying Scheduler

1.1.1     Uploading Metadata (CVSInitialLoadPBMContractors.xml) file

Copy the MDS files (CVSInitialLoadPBMContractors.xml) from <TEMP-DIR/Scheduler/MDS> directory to <TEMP-DIR/Scheduler/MDS/MDS_Import> and make sure you have placed in the below directory, else please create as given below.
<TEMP-DIR>/Scheduler/MDS/MDS_Import/db/
1.       Make sure you have placed the CVSInitialLoadPBMContractors.xml file in the above location before you run weblogicImportMetadata.sh utility
2.       Go to <OIM_HOME>/server/bin directory and edit weblogic.properties as below.
wls_servername=oim_server1
application_name= OIMMetadata
metadata_from_loc= <TEMP-DIR/Scheduler/MDS_Import>metadata_files=db/ CVSInitialLoadPBMContractors.xml

3.       Then using <OIM_HOME>/server/bin/weblogicImportMetadata.sh utility using weblogic credentials, import those xml files as below.
Please enter your username [weblogic] :<weblogic-username>
Please enter your password [welcome1] :<weblogic-password>
Please enter your server URL [t3://localhost:7001] :<t3://ADMIN_URL:PORT>

If there are no error messages shown on the console implies successful uploading of Metadata.

4.       Check from MDS DB by connecting as MDS_SCHEMA_USER for the import by using the below query:
Select * from MDS_PATHS where PATH_FULLNAME like ‘%InitialLoadPBMContractors%’;

1.1.2     Plugin Registration & Un-Registration

You can use the Plugin Registration Utility for registering and unregistering plug-ins. The utilityuses the following files which are located in the OIM_HOME/plugin_utility/ directory:
1.       pluginregistration.xml
2.       ant.properties

Before using the utility, perform the following steps.

1.       Set the values for WLS_HOME and OIM_HOME in ant.properties.
Ex:
WLS_HOME =.../Middleware/wlserver_10.3
OIM_HOME =..../Middleware/Oracle_IDM1/server
2.       Build the wlfullclient.jar in Oracle WebLogic server:
Change directories to WLS_HOME/server/lib.
Run the following command:
java -jar ../../../modules/com.bea.core.jarbuilder_1.3.0.0.jar

a.       To register a plug-in
Execute the ant target "register"
1.       Make sure that below are set
a.       ANT_PATH à…/Middleware/modules/org.apache.ant_1.7.1/bin
b.      JAVA_HOME à/usr/java/jdk1.6.0_45
2.       Navigate to …/Middleware/Oracle_IDM1/server/plugin_utility/
3.       Run the below command
ant -f  pluginregistration.xml register
This will prompt for the Oracle Identity Manager Username and password along with the server information and the location of the plugin zip file.
[Enter Xellerate admin username :]xelsysadm               
[Enter the admin password :] <xelsysadm-pwd>
[Enter serverURL :[ t3://localhost:7001 ]]<t3://Admin URL>
Enter the complete path of the zip file location:

Enter the location of the zip file where plugin.zip is copied
Ex: <TEMP-DIR>/Scheduler/plugins/CVSInitialLoadPBMContractors.zip
A success message will be displayed as “BUILD SUCCESSFUL”.
b.      To Unregister a Plug-in
Note:No need to perform the step as part of this deployment. Refer this section if there is explicit need to un-register the plugin.
In future if there are any updates in the plugin and want to update it. First the existing plugin should be un-registered before the updated plugin can be register.
To unregister a plug-in, Execute the ant target "unregister"
Ex: ant -f  pluginregistration.xmlunregister
This will prompt for the Oracle Identity Manager username and password along with the server information and the classname of the plug-in class.
[Enter Xellerate admin username :]xelsysadm               
[Enter the admin password :] <xelsysadm-pwd>
[Enter serverURL :[ t3://localhost:7001 ]]<t3://Admin URL>
Enter the classname with the complete package
Ex: com.cvs.schedulers.initialload.PBMContractors.InitialLoadPBMContractors
If there are no error messages shown on the console implies successful un-registration.

1.2          Creating Scheduler

1.       Login to OIM with admin credentials
2.       Go to “Advanced Administration”.
3.       Click on under System Management.
4.       Click on to create a new scheduler.
5.       Enter the details as below
Job Information:
* Job Name        : HPSM PBMContractorsInitalLoad
* Task                   : CVSInitialLoadPBMContractors(Select using  icon)
* Retries              : 0
Scheduler Type : No pre-defined schedule.

6.       Click on Apply button.
7.       Once the scheduler got created successfully, should be able to search the scheduler and able to see as below.
The scheduler’s parameters are as follows
InputFilePath-The location where the csv input file is placed
e.g/usr/local/bea/wls1033/Oracle_IDM1/server/tmp/CSV/PBM.csv
Delimiter-Comma
e.g. ,
OutPutFile Path -The location where the csv  output file should be written
e.g./usr/local/bea/wls1033/Oracle_IDM1/server/tmp/CSV/MISSEDRECORDS.csv


8.        






Note: Input file should be of csv format with first line as header (Column1 –Userlogin,Column2-PBMUID) and corresponding values should be listed below