sion

Oracle Fusion Middleware : Oracle Identity and Access Management Suite 10g/11gR1/11gR2PS1,PS2,PS3 : OIM | OAM,OAAM,OIF | OID, OVD, DIP | OUD/ ODSEE | Microsft AD | OpenLDAP | ADF | EBS R12 | OECMCCR4 | Business Intelleigence - Bi Publisher | Banking | Demo Applications | Core Java | SQL | PLSQL | Web services | Weblogic | Tomcat | JBoss | OHS | WebGate | WebCenter | In any Queries please Contact Me : info@oratechsoft.com

Search This Blog

Wednesday, 27 January 2016

Logs : How to checks the logs for Weblogic/SOA/OIM and OAM Servers in Linux

Logs     :    How to checks the logs for Weblogic/SOA/OIM and OAM Servers in Linux
               
                Server Logs locations :
               
   
                    1. $DOMAIN_HOME/servers/Admin_server/logs
       
                    2. $DOMAIN_HOME/servers/oim_server1/logs
                   
                    3. $DOMAIN_HOME/servers/oam_server1/logs
                   
                    4. $DOMAIN_HOME/servers/soa_server1/logs
   
               
                Server diagnostic Logs locations :
               

                    1. Weblogic Server : $DOMAIN_HOME/servers/Admin_server and view admin_server_diagnostic.log

                    2. SOA Server : $DOMAIN_HOME/servers/soa_server1 and view soa_server1_diagnostic.log

                    3. OIM Server : $DOMAIN_HOME/servers/oim_server1 and view oim_server1_diagnostic.log

                    4. OAM Server : $DOMAIN_HOME/servers/oam_server1 and view oam_server1_diagnostic.log




Thanks & Regards
LuckyFusion

Wednesday, 13 January 2016

Oracle Identity & Access Management Terminology


    ORACLE IDENTITY & ACCESS MANAGEMENT
               
                1. Introduction of Product Overview
               
                2. Components of Oracle IAM
               
                3. Components of OIM
               
                4. History of OIM
               
                5. History of OAM
   
   
    Middleware components  Installation & Configuration :
   
                1. Oracle Identity Manager
               
                2. Oracle Access Manager

                3. Oracle Identity Federation
               
                4. Oracle Adaptive Access Manager
               
                5. Oracle Internet Directory
               
                6. Oracle Unified Directory
               
                7. Oracle Directory Server Enterprise Edition ( ODSEE )
               
                8. Oracle Entitlement Server
               
                9. Oracle E-Business Suite
               
                10. Oracle PeopleSoft

                11. Jdevloper
               
                12. Eclipse


                13. Tomcat server

                14. BI Publisher

                15. Oracle Privileged Account Manager

                 16. JES

                        
        - Automated Oracle Identity & Access Management Deployement
       
                1. Using LCM tool
               
               
    LDAPSync    :
   
                1. OIM sync vth OID
               
                2. OIM sync vth OUD
               
                3. OIM sync vth MS AD
               
           
    PasswordSync  :
   
                1. MS AD Password Sync
               
           
               
    Integrations :
   
                1. OIM integration vth MS AD - OOTB
               
                2. OIM integration vth OID/OVD
               
                3. OIM integration vth OUD/ODSEE
               
                4. OIM integration vth Exchange 
               
                5. OIM integration vth E-Business Suite
               
                6. OIM integration vth Peoplesoft
               
                7. OIM integration vth OAM
               
                8. OID Integration vth MS AD
               
                9.OIM integration vth 3rd Party Application ....
               
                   
    Provisioning :    
           
                1. Manual / Direct Provisioning
                   
                2. AutoMated Provisioing

                Eg: Provisioing Usr/Group/Org to MS AD
               
               
    Reconciliation :
       
                1. Trusted Reconciliation - tRUSTED SYSTEMS ( EX : core hr , AD )- To create user Accouts
               
                2. Target Reconciliation - User Profiles - processform
               
               
    Forms    :   
       
                1. UserObjectForm ( Resource Object )
               
                2. ProcessForm ( TargetProcessForm )
               
               
   
    Logs     :    How to checks the logs for Weblogic/SOA/OIM and OAM Servers in Linux
               
                Server Logs locations :
               
   
                    1. $DOMAIN_HOME/servers/Admin_server/logs
       
                    2. $DOMAIN_HOME/servers/oim_server1/logs
                   
                    3. $DOMAIN_HOME/servers/oam_server1/logs
                   
                    4. $DOMAIN_HOME/servers/soa_server1/logs
   
               
                Server diagnostic Logs locations :
               

                    1. Weblogic Server : $DOMAIN_HOME/servers/Admin_server and view admin_server_diagnostic.log

                    2. SOA Server : $DOMAIN_HOME/servers/soa_server1 and view soa_server1_diagnostic.log

                    3. OIM Server : $DOMAIN_HOME/servers/oim_server1 and view oim_server1_diagnostic.log

                    4. OAM Server : $DOMAIN_HOME/servers/oam_server1 and view oam_server1_diagnostic.log


               
    Adapters :   
   
                1. Entity Adapters ( pre insert, post insert, pre-update, post-update, pre-delete, post-delete  )
               
                2. Process Task Adapters
               
                3. Pre-populate Adapters
               
                4. Task Assignment Adapters
               
                5. RuleGenerator Adapters
               
               
   
    Event Handlers : (Pre-Insert, Pre-Update )
   
                1. Validation
                   
                   Ex:  TelephoneNumberValidation           
               
                2. Pre-process Event Handlers
                   
                    Ex: To Generate a "Userid", "Password", "CustomerId", etc...
               
                3. Post-Process Event Handlers
                   
                    Examples : I . Populate Organization Event Handler
                   
               
               
   
    Soa Composites :
       
                0. Default SOA Default Composite
   
                1. SelfRegistrationApprovalSoaComposite ( User, Role, Group )
       
                2. RoleApprovals
               
                3. Group Approvals
               
                4. Resource Approval
   
   
   
    WorkFlows     :
   
                1. Approval WorkFlows
       
                2. Provisioning WorkFlows
       
       
    UI Custumizations :( Branding )

                1. UDF / UI Entities
               
                2. Logo
               
                3. ADF Faces
               
               
               
    PlugIns   :
   
                1. UserIDGeneration
               
                2. DisableUserDate
               
                         
               
               
    Connectors :
   
                1. OOTB - Out Of Box Connectors (Pre-Defined Connectors ) - Download from Oracle suport
               
                2. GTC Connectors - Generic Technology Connectors 
                   
                    a. Flatfile
                    b. Database
                    c. webservices
                   
                3. Custom Connectors
               
                    a. SMPL(webservices) & Database (JDBC)
                    b. ICF Connectors - 11g
                        Eg1 : FlatFile
                        Eg2 : Database

                   
   
    Schedulers  :
   
                1. PreDefined Sechedulers
               
                2. Custom Schedulers
                   
                    a. Recon_Job
                   
                                    
                   
   
    Bulk Operations :
   
                    1. BulkLoad Utility
                   
                    2. Bulk Password update for OID
                   
                    3. BulkChanges
                   
   
    Simple Soket Layer ( SSL )- Configuration
   
                1. Configure SSL for Design Console
               
                2. Configure SSL for Managed Servers
               
                        NO SSL : http://www.oratechsoft.com or http://localhost:14000/sysadmin

                        SSL    : https://www.google.com or https://localhost:14000/identity
                       
       
           
           
               
               
    ByPass the UserName & Password for following ( boot.properties -->  vim "username = weblogic password=Lucky1234" )
   
                1. At Production Mode - Weblogic ( Admin Server )
               
                2. At DEV , QA & Production - ManagedServer ( OIM, OAM, SOA, ...)
           
   
   
   
   
    Notifications ::

                1. Configuring UMS Email Notification
               
                2. Configuring SOA Email Notification
               
               
    SOD         ::
   
   
   
   
   
    ENTILEMENTS ::
   
   
   
   
   
   
    UpGrade : OIM11gR1 to 11gR2 PS3
   
   
   
    Migration :
       
            1. SIM to OIM
               
               
    
   
   
   
    BI Publisher :
   
        1. Reports
       
       
       
    Monitoring
   
        1. EMCC Monitoring
   
   
   
 
   
    Windows Server ::
    ------------------------------------------------------------------------
   
   
    1. Install & Config MS AD  ( DCPROMO )
   
    2. Install Connector Server
   
    3. User/GRoup/Org Manageemnt
   
    4. To Change the time Zone ( tzutil/g - current Zone , tzutil/l - list of time zones, tzutil/s "Indian Stand TIme")
   
   
   
   
   
       
        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   
                            Oracle Access Manager
                           
        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   
    1. Webtier & Webgate Installation & Cong and Registration
   
        a. OHS WebGate
       
        b. IIS WebGate
       
        c. Apache WebGate
       
   
    2. AccessGate
   
    3. URL Protection --Oam SERVER - hTdOCS ( FILE.HTML )
   
    4. Datastorages
   
    5. Single Sign On
   
    6. Reverse Proxy
   
    7. SessionManagement
   
    8. OAM Plugins
   
    9. SSL Certifications
   
        A. OPEN
        B. Cert
        C. SIMPLE

    10. Windows Native Authentication
   
   
   
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   
                                    Certifications ::
                                   
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++                               
   
   
        1. Oracle Identity Governance 1z0-549
       
       
       
       
       
       
       
       

        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
       
                            Questions & Answers
       
        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
       
       
       
    OIM Interview Questions

                1.    What are the new features in PS3?
                2.    What are the differences between PS2 and PS3?
                3.    How do you identify rogue account creation in target system?
                4.    What is the high level architecture of OIM 11g R2?
                5.    List out difference between OIM 9.1 and 11g and possibly 11gR2
                6.    What are the new features in 11gR2 PS2 , PS3
                a.    7.    How do you save multi-valued attribute in process form and how the linking happens between process form & child form ,   1 child form per multi valued attribute
                7.    Can we still use entity adapters in OIM 11g
                8.    What is plugin service in oim 11g/ what is the orchestration service in oim 11g.
                9.    What is the difference between entity match found and process match found?
                10.    What are service accounts in oim?
                11.    Why remote manager is used?
                12.    What is a connector server and types of connector server available?
                13.    What is ICF, ICF architecture?
                14.    Why connector server (ICF) is used. Can connector server replace remote manager? Types of connector server.  Which OOTB connector is ICF based now - 11g?
                15.    What is Lookup.USR_PROCESS_TRIGGERS, how data flow happens during provisioning.
                16.    How will you develop a custom connector from scratch? List all the components involved.
                17.    What are the different types of adapters and under which circumstances they are used.
                18.    List some OIM API java classes.  How do we initialize the api before we can use them  (example tcUserOperationsIntf)
                19.    List some differences in api classes / new classes from 11g point of view
                20.    How you create a plugin in oim 11g (packaging, registration, MDS seeding etc.)
                21.    Difference between execute and bulk Execute in post process handler and under which scenarios they are used?
                22.    Can preprocess event handler be used during trusted user recon
                23.    Email templates are now removed in oim 11g and how do we send emails in oim 11g?
                24.    What are notification templates, notification resolvers, notification event xml file registration?
                25.    Oim 9.1 - formmetadata.xml - why we use it and what all is possible by changing/configuring it.
                26.    How do you modify self-registration page in 11g?
                27.    A lot of questions on MDS , how we use it, what all configuration objects are stored, the structure of configuration objects , oim-config.xml, list some very common file names
                28.    What is the difference between object form and process form (9.1)
                29.    What has replaced object form in 11g?
                30.    What is the difference between approval policy, authorization policy and access policy?
                31.    How do we deploy the SOA workflows in 11g?
                32.    What is basic Request Templates model, how are they extended to create custom ones, how authorization is enforced while defining new one,  Is it possible that certain set of users can only see the certain request templates (yes).
                33.    How do you create a custom scheduled task in OIM 11g?
                34.    How do you create a custom plugin in OIM 11g?
                35.    What performance improvement measures have been implemented in OIM 11g in terms of reconciliation?
                36.    How do you use task assignment adapter in OIM?
                37.    Under what circumstances spml is used?
                38.    Attestation - Why / what / when / how?
                39.    Certification - Why / what / when / how?
                40.    List out the difference between LDAP sync and OID Connector when both can essentially sync the user info between oim and OID (11g )
                41.    How can you disable certain menu item on OIM 11g R2 PS2 based on the user's role?
                42.    What is request dataset status change plugin and how do you use it?
                43.    What is request dataset validator plugin and how do you use it?
                44.    What are application instances, disconnected applications?
                45.    What is a sandbox and how will you go about doing sandbox management, its issues and limitations?
                46.    What is a dynamic organization and how do we use it ?
                47.    Pre Process Event Handlers are applicable on what all entities and event types?
                48.    What is a catalog, what all it contains, how do you publish item to a catalog, how will you do catalog management?
                49.    What is a public task flow and how do you develop and use it in OIM?
                50.    What is Access Policy Harvesting and how will you set it up?
                51.    Difference between OIM 11g R1 and OIM 11g R2?
                52.    Difference between OIM 10g and OIM 11g R2?
                53.    What is Request Catalog?
                54.    What is Request Profile?
                55.    Difference between Application Instance and Resource Object?
                56.    What are Admin Roles?
                57.    Experience with UI Customization in OIM 11g R2?
                58.    Experience with ICF Connector?
                59.    Experience in upgrading existing OIM implementation to OIM 11g R2?
                60.    List of connectors which you have worked on?
                61.    High level steps for Custom Connector?
                62.    What are Archival Utilities?
                63.    How do you hide Admin Links for End Users from Identity Console?
                64.    What are factors which one should keep in mind for upgrade project?
                65.    How will you plan an upgrade project?
                66.    What are the new features in PS3?
                67.    What are the differences between PS2 and PS3?
                68.    How do you identify rogue account creation in target system?
                69.    What is the high level architecture of OIM 11g R2?
                70.    What are the new features in 11gR2 PS2 , PS3
                71.    What are Archival Utilities?
                72.    What are factors which one should keep in mind for upgrade project?
                73.    How will you plan an upgrade project?
                74.    What are the high level steps to install OIM 11g R2 PS2 on High Availability Mode?
                75.    What is the use of Node Manager?
                76.    How many ways, we can start or stop the entire managed servers in OIM?
                77.    How to verify the logs in OIM?
                78.    How to troubleshoot the provisioning issues in OIM 11g R2 PS2?
                79.    What are the high levels steps to perform performance tuning in OIM 11g R2 PS2?
                80.    How to assign/remove admin privileges to a user in OIM 11g R2 PS2?
                81.    How to troubleshoot Reconciliation issues in OIM 11g R2 PS2?
                82.    How many schemas will be created while installing RCU for OIM?
                83.    What is the use of Load Balancer and Clustering?
                84.    List of table names you knows in OIM 11g R2 PS2?
                85.    How many ways we can upload/register .jar files in OIM 11g R2 PS2?
                86.    How to change the log levels in OIM 11g R2 PS2?
                87.    How to resolve password issues in OIM 11g R2 PS2?
                88.    How to assign/revoke specific group access to a user in OIM 11g R2 PS2?
                89.    What is catalog and usage?
                90.    What is Sandbox and usage?
                91.    How do we get reports in OIM 11g R2 PS2?
               
               
                92. What are the differences between LDAP and Active Directory?
               
                ANS :

                        Active Directory is a database based system that provides authentication, directory, policy, and other services in a Windows environment

                        LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory, which supports a form of LDAP.

                        Short answer: AD is a directory services database, and LDAP is one of the protocols you can use to talk to it.



                        Active directory is a directory service provider, where you can add new user to a directory, remove or modify, specify privilages, assign policy etc. Its just like a phone directory where every person have a unique contact number. Every thing in AD(Active Directory) are considered as Objects and every object is given a Unique ID.(similar to a unique contact number in a phone directory.

                        Ldap is a protocol specially designed for directory service providers. Windows server OS uses AD as a directory server, AIX which is a UNIX version by IBM uses Tivoli directory server. Both of them uses LDAP protocol for interacting with directory.

                        Apart from protocol there are LDAP servers, LDAP browsers too.

                        active directory is the directory service database to store the organizational based data,policy,authentication etc whereas ldap is the protocol used to talk to the directory service database that is ad or adam.
                                       
               
    References :
   
    1. docs.oracle.com/cd/E11223_01/doc.910/e11217/cnnctrcmpnts.htm#CEGIBDFG
   
    2. ThorAPI's         : http://otndnld.oracle.co.jp/document/products/id_mgmt/idm_903/doc_cd/javadocs/operations/Thor/API/Operations/package-summary.html

   
   
   

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------
   
                                Oracle Identity Manager Connector Component Concepts
   
    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------
   
   
    1. Introduction to OIM Connectors
   
            * Target account management
                - Target Resource Reconciliation
                - Provisioing
               
            * Trusted Source Reconciliation
           
        Connectors Types
       
            1. PreDefined Connectors
            2. GTC Connectors
            3. Custom Connectors
           
       
        Reconciliation
       
            Reconciliation Configuration Options
       
                # Reconciliation Type : Target Resource or Trusted Source
                # Reconciliation Mode : Full or Incremental
                # Batched Reconciliation
                # Limited Reconciliation
                # Periodic, On-Demand, or Real-Time Reconciliation
       
            Regular Reconciliation Events vs Delete Reconciliation Events
           
                1. The data for deleting an account is provided and the Oracle Identity Manager locates the matching account based on existing rules.
               
                2. The matching account record in Oracle Identity Manager is provided as the data for deleting an account.
           
       
        Provisioning
       
            * Request-based provisioning
           
            * Policy-based provisioning
           
            * Direct provisioning
           
   
        Target System Configuration Enabled by a Connector
       
            * Target System Configured As a Target Resource
           
                During target resource reconciliation:

                     # For a newly created target system identity that is fetched from the target system, a target resource account (resource object) is granted (provisioned) to the corresponding OIM User. This takes place only if an OIM User already exists for the target system identity.

                    # For a modified target system identity that is fetched from the target system, the same modifications are made to its corresponding resource object provisioned to an entity in Oracle Identity Manager.

           
            * Target System Configured As a Trusted Source
           
                During trusted source reconciliation:

                    # For a newly created target system identity that is fetched from the target system, a corresponding OIM User is created in Oracle Identity Manager.

                    # For a modified target system identity that is fetched from the target system, the same modifications are made to its corresponding OIM User.

                    # If you specify certain attributes of a target system as trusted sources, then Oracle Identity Manager must be disabled from provisioning the same set of attributes in the target system.

       
   
   
    2.  Components Used for Connector Operations
       
         * Oracle Identity Manager Components
       
           
                Reconciliation APIs

                Reconciliation Engine

                Reconciliation Manager

                Remote Manager

       
         * Connector Components
       
                Reconciliation Field Definitions

                Reconciliation Field Mappings

                Reconciliation Rules

                Reconciliation Action Rules

                Reconciliation Provisioning Tasks

                IT Resource

                IT Resource Type

                Lookup Definitions

                Scheduled Tasks

                Resource Object

                Process Form

                Provisioning Process, Process Tasks, and Adapters

   
   
   
   
    3. Reconciliation and Provisioing Processes
   
       
        Target Resource Reconciliation

        Provisioning
   
        Trusted Source Reconciliation
   
   
    4. Performing Connector Operation   
       
        Guidelines on Running Reconciliation

        Managing Scheduled Tasks

        Guidelines on Performing Provisioning Operations

        Provisioning Resources

   
   
    #
   
   
    #
   
    #
   
   
    IAM - Custom Connector Development Questions
   
       
           
        1.Provisioning/Reconciliation/or Both: Generally provisioning is assumed by default as that is the whole point of connector development but we should keep the reconciliation estimate also in mind if that is required. If both are required then estimates obviously go higher and with much longer development cycle.
       
        2.Is Authoritative Source (Yes/No) ? : If the end system is an authoritative source of data for user,role or organization information then a slightly different design is required for connector development with more checks and balances in place.
       
        3.Provisioning Functions (CRUD) ? Which all provisioning functions should be considered for connector development. It is most likely all but in some situations delete or update of all attributes are not required so that will save some time and effort for a tailored solution.
       
        4.Reconciliation Features (Agent less or Agent based) ? Most connector should work without actually installing anything on end systems (i.e. Agent less) there by reducing time, effort and complexity involved but in situations where an Agent based connector is required , two components are developed, one on end system and one on IAM system. This requires more testing and fault tolerance.
       
        5.Is Password or any other secure attribute part of connector development ?
       
        6.What will be connectivity channel requirement for the connector like SSL/TLS or any other protocol ?
       
        7.What type of User Accounts this connector should support  (Regular Users/ Service Accounts/ Any Other  ) ?
       
        8.How many number of Attributes that this connector should support ?  This can greatly affect the time and effort as this more attributes require some generic design which can make the connector more flexible but with initial effort early on.
       
        9.Group/Role/Entitlement/Org or any other Entity management part of the connector solution.
       
        10.Any other additional capabilities that this connector should support ?


   
   
    #
   
    #
   
    #
   
   
    IAM - Application Integration Questionnaire :
    -------------------------------------------
   
       
        I have come up with a list of questions that can be asked to integrate any standard or custom third party applications with the IdM product.
        This questions will be specially helpful if the number of Apps are large enough.

            1.       App Name
            2.       App Description
            3.       No. of Users
            4.       Types of Users
            5.       Type of App (online/thick client/legacy/cloud/any other) : Please mention
            6.       No. of App Instances
            7.       Type of Connectivity available (JDBC/Web Service/Directory/Messaging system/File system/any other)
            8.       Database used by the App (Proprietary/Standard)
            9.       Mention database name if known
            10.   Is it Authoritative source of data for Users/Role/Org or any other entity?
            11.   Does this App depend on any other App?
            12.   If yes, mention the other App Name
            13.   Network zone this app resides in (public/subnet/intranet/firewalled/limited etc.)
            14.   Any web services exposed by this App.
            15.   Is SSO a requirement for App ?
            16.   Is provisioning a requirement for this App ?
            17.   Is reconciliation a requirement for this App ?
            18.   Is password sync a requirement for this App ?
            19.   Does this App require any special treatment from performance, security or high availability perspective?
            20.   What does this App store? Put a tick (Users/Groups/Roles/Entitlement/Org Structure)
               
               
   
   
   
   
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   
   
                                                                        OIM Database Back up / Restore
                                                                       

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Backup
========

        @echo on
        set ORACLE_SID=ORCL
        exp DEV_OIM/Lucky1234 full=no owner=DEV_OIM file=D:\Backupof_ORCL_DEV_OIM_dontdelete\BACKUP\emptydb log=D:\Backupof_ORCL_DEV_OIM_dontdelete\BACKUP\emptydb
        @echo off

Restore::
==========

        sqlplus /nolog
        CONNECT sys/sys123@ORCL AS SYSDBA
        DROP USER DEV_OIM CASCADE;
        @D:\oracle\javavm\install\initxa.sql

        CREATE USER DEV_OIM IDENTIFIED BY Lucky1234 DEFAULT TABLESPACE DEV_OIM TEMPORARY TABLESPACE temp QUOTA UNLIMITED ON DEV_OIM;
   
        GRANT connect, resource, aq_administrator_role, dba, query rewrite TO DEV_OIM with ADMIN OPTION;
        @D:\oracle\RDBMS\ADMIN\dbmspool.sql
        GRANT EXECUTE ON sys.dbms_shared_pool TO DEV_OIM WITH GRANT OPTION;

        BEGIN
                    dbms_resource_manager_privs.grant_switch_consumer_group( grantee_name => 'DEV_OIM',consumer_group => 'SYS_GROUP',grant_option => TRUE);
        END;
        /
        Exit
        imp DEV_OIM/Lucky1234@ORCL fromuser=DEV_OIM touser=DEV_OIM file=D:\Backupof_ORCL_DEV_OIM_dontdelete\BACKUP\emptydb.DMP log=D:\Backupof_ORCL_DEV_OIM_dontdelete\BACKUP\emptydb.log
           
           
           
   
     +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   
                                                                       OIM 11G R2 Server Performance Tuning
   
   
     +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   
   
                I will list some of the server tuning parameter that can be used to tune oim managed server.

                JVM Memory

                For Hotspot JVM

                Min Heap Size(Xms) = 4GB, Max Heap Size(Xmx) = 8GB, PermSize(-X:PermSize) = 500m and PermGen size (-XX:MaxPermSize) = 1 GB.

                For JRockit JVM

                Min Heap Size(Xms) = 4GB, Max Heap Size(Xmx) = 8GB, PermSize(-X:PermSize) = N/A and PermGen size (-XX:MaxPermSize) = N/A


                To change the JVM memory setting:
                1. If your OIM version is 11.1.2.1.0 or above, use DOMAIN_HOME/bin/setOIMDomainEnv.sh
                (Unix) or setOIMDomainEnv.cmd (Windows). If not, continue to use
                DOMAIN_HOME/bin/setDomainEnv.sh (Unix) or setDomainEnv.cmd (Windows) to
                change the heap size settings.
                2. Change the value of DEFAULT_MEM_ARGS and PORT_MEM_ARGS from the default value and
                save.
                3. Restart OIM Server
               
               
               
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   
   
                                                            Oracle Identity & Access Managers Features
   
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   
    Oracle Identity Manager (OIM) 11G R2 PS1 (11.1.2.1.0) New Features
   
   
   
    Oracle Identity Manager (OIM) 11G R2 PS2 (11.1.2.2.0) New Features
   
   
   
    Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) New Features :
    -------------------------------------------------------------------


                    Improved Self Service UI
                    In PS3 , the UI has gone a major overhaul and looks much more tablet and mobile friendly with tiles and easy access. faster navigation is what we are looking for in PS3.
                    There is less drop down and complicated web structure and all the items that you need are easily accessible.


                    Access Catalog with Guided Navigation
                    Complications involved in PS2 navigation are done away and now you have guided navigation feature which helps you in better understanding and manageability of your current accesses.


                    Temporal Grants for New and Existing Access
                    Users can now set start date and end date while making the requests which helps in access being given on the exact dates and also there are empowered users who can modify the grant duration as well.


                    Self Capabilities
                    PS3 comes with Self Capabilities feature that allows what action an end user can perform on themselves and on others.
                    This feature allows specifying rules an what all actions can be performed either on themselves or on others.


                    Simplified Admin Roles
                    These admin roles allows assigning functional capabilities to the admin role, specify members and membership rules, and organizations that the admin role members can manage.
                    This also makes APM obsolete and it is of no use in PS3.


                    Role Lifecycle Management
                    PS3 comes with complete end to end role life-cycle management capabilities thus making OIA obsolete.


                    Identity Audit Policy Management
                    Basically this feature performs Segregation of Duties (SoD) violation during the request process itself and checks the existing user access and also what is being requested.


                    Enhanced Auditing
                    This is a new engine which replaces older auditing engine. This one does not depend on audit snapshots and JMS and is synchronous in operation.
                    used by user, role, and organization management, and other components excluding provisioning


                    Enhanced Password Policy Management
                    This solves the older issue of how to password policy management when you have OIM-OAM integrated. It also allow to define challenge questions at global or at per user level.
                    policies can be defined at Org level.


                    SCIM-Based REST Services
                    SCIM stands for System for Cross-Domain Identity Management
                    and
                    REST - Representational State Transfer
                    Both these standards allows for a industry standard approach for integrating with other identity management components or from third party vendors.
                    SPML XSD-based SOAP web service is deprecated with this particular feature.


                    Simplified Workflow Policies
                    This new feature replaces approval policies and provides perform better, expose additional configuration options, and conform to the UI of this release.


                    Simplified SSO Integration
                    Weblogic authenticators and plugins are deprecated and it looks like PS3 has gone in favour of older HTTP Header based SSO solution which was present in 10G release.
                    This allows better and simpler integration with other vendors also.




Regards
LuckyFusion