sion

Oracle Fusion Middleware : Oracle Identity and Access Management Suite 10g/11gR1/11gR2PS1,PS2,PS3 : OIM | OAM,OAAM,OIF | OID, OVD, DIP | OUD/ ODSEE | Microsft AD | OpenLDAP | ADF | EBS R12 | OECMCCR4 | Business Intelleigence - Bi Publisher | Banking | Demo Applications | Core Java | SQL | PLSQL | Web services | Weblogic | Tomcat | JBoss | OHS | WebGate | WebCenter | In any Queries please Contact Me : info@oratechsoft.com

Search This Blog

Thursday, 1 October 2015

List Of Identity & Access Management

Top List Identity & Access Management Security Tools 


2. Sap Identity Management 

3. Tivoli Identity Management 

4. Forefront Identity Manager

5. ForgeRock Identity Management 

6. Deep IACM 

7. Ping IdM

8. MicroSoft IdM

9. SailPoint IdM

10. RSA IdM

11. AlertEnterprise IdM

12. Authentify IdM

13. Avatier IdM

14. Ca. Technologies 

15. Centrify IdM

16. Fortuna IdM

17. Dell IdM

18. CyberArk IdM

19. Courian IdM

20. LightHouse Gateway 

21. NetIQ IdM

22. Fischer IdM


24. unboundid

25. Sun IdM 


Thanks & Regards 
Lakshmi Prasad Reddy 


Thursday, 17 September 2015

Oracle Identity & Access Management Environment Setup Guide Lines

OFM | Directory Services ( LDAP ) | ERP'S 


 Node 1 ( OIM - Oracle Identity Manager  )



Hardware Requirements 

RAM :: 16GB     HD :: 500GB Processor : Intel i3 or Above 


1. Install VM / Virtual Box

2. Install OS like as Windows Server / Linux 

3. Install Oracle Database ( Single Instance or RAC )

4. Create schemes of Managed Servers like OIAM suite, BI, WC, etc By Using RCU 

5. Install JDK / JRockit 1.6 

6. Install Application Server ( WebLogic or JBOSS )

7.Install SOA and apply Patches. 

8. Install OIAM Server 

8.  Install Directory Services 

     a. Install Oracle Identity Management Suite ( OID/OVD/ODIP ) from Oracle 

     b. Install Oracle Unified Directory ( OUD )

    c. Install the Active Directory on windows only 
 
 
9.  Configure the Web Logic Domain 

10 . Configure the OIAM Domain 

11. Configure the Design Console 

12. Install Application Development with JDeveloper

13. Install Eclipse 


Node 2 ( OAM - Oracle Access Manager  )


Note : Oracle Access management consisting OAM, OAAM & OIF 

Hardware Requirements 

RAM :: 16GB     HD :: 500GB Processor : Intel i3 or Above 


1. Install Virtual Machine / Virtual Box

2. Install Oracle Linux 6.5 or Red-hat Linux 6.5 

3. Install Oracle Database 

4. Install RCU 

5. Install JDK / JRockit 1.6

6. Install WebLogic

7. Install OAM Server | OAAM Server | OIF Sever 

8. Install OUD 

9. Install WebTier ( OHS )

10. Install WebGate 

11. webtier register with weblogic 


Node 3 ( MS AD - MicroSoft Active Directory ) 


Hardware Requirements 

RAM :: 4GB     HD :: 320GB Processor : Intel core / i3 or Above 


Note : Microsoft Active Directory can be installed in Only Windows Server but not Linux 


1. Install VM / Virtual Box 

2. Install Windows Server 2003/2008 R2/2012

3. Configure AD domain 

4. Install the Connector Server Connector ( OOTB Connector )



Node 4 ( OID/OVD/ODIP -  Oracle Internet Directory )



Hardware Requirements 

RAM :: 8GB     HD :: 320GB Processor : Intel core / i3 or Above 


1. Install VM / Virtual Box 

2. Install Database 


3. Run RCU 

4. Install JRockit / JDK 

5. Install WebLogic

6. Install Identity Management Suite ( OID,OVD,ODIP )

Node 5 ( OUD - Oracle Unified Directory



Hardware Requirements 

RAM :: 4GB     HD :: 320GB Processor : Intel core / i3 or Above 


1. Install VM / Virtual Box  

2. Install Oracle Linux 6.5 

3. Install Oracle Database 11gR2

4. Install JDK / JRockit 

5. Install OUD

6. Install WebLogic Server

7. Application Development Framework ( App Dev Run )

8. Install ODSM or Configure Weblogic 




Node 6 ( EBS -  Oracle E-Business Suite R12



Hardware Requirements 

RAM :: 12GB       ||            HD :: 500GB || Processor : Intel i3 or Above 


1. Install VM / Virtual Box with OS Linux 6.5 

2. Install Database 11g

3. Install E-Business Suite R12


Node 7 ( PS - PeopleSoft



Hardware Requirements 

RAM :: 8GB     HD :: 320GB Processor : Intel i3 or Above 


1. Install VM with OS Linux 6.5 

2. MS SQL Server 2008

3. Jdk_Update_7

4. Tuxedo

5. weblogic Server

6. Peopletools( Disk1,Disk2,Disk3)

7. ApplicationHCM92(Disk1)


Node 8 ( Fusion Apps R8 / R9 - HCM & FI  ) 



Hardware Requirements 

RAM :: 296GB                                     HD :: 2TB Processor : Xeon dual Processer    

0. Install Vitual Box with OS Linux 6.5 

1. Install Oracle OIAM Fusion 11gR1 

2. Install Oracle Fusion Applications R9( hcm, fi )



Node 9 ( ADF - Application Development Framework  ) 



Hardware Requirements 

RAM :: 16GB     HD :: 500 Processor : Intel I3 or Above     


1. Install Virtual Box  with OS Linux 6.5 

2. Install ADF with Jdeveloper 

3. Install WebCenter

4. Install Android SDK 

Note : Xcode Must be Install only on MAC OS 

5.  Install Xcode ( IOS ) On MAC 



Node 10 ( OEMCC R4 - Oracle Enterprise Cloud Control  



1. Install Virtual Box   with OS Linux 6.5 

2. Install Oracle Database

3. Install OEM  - R4


Node 11 ( Workday  - HCM / FI  


Note :: Workday is Cloud based server 






Thanks & Regards

Lakshmi Reddy





Oracle Identity & Access Management Syllabus By Lucky-fusion

Oracle Identity & Access Management 10g/ 11gR1 / 11gR2 Ps1 | PS2 | PS3 By LuckyFusion 


Oracle Identity & Access Management can be classified into 3 Parts like as 

I. Oracle Identity & Access Management suite

II. Oracle Identity & Access Management Deployement 

III. Oracle Identity & Access Management Fusion 


OIAM Can be clasified into Mainly Two Roles 

I . Oracle Identity & Access Management Admin 

II. Oracle Identity & Access management Implementation 

OIM - Oracle Identity Manager ( User Life cycle Management - Create, Modify, Delete, Enable, Disable, Reset Password )

0. Overview of oracle | Fusion | Middleware

1. Overview of Oracle Identity & Access Management and its components

2. Overview & Architecture of Oracle Identity Manager

3. Installation & Configuration of OIAM Suite on Both Windows & Linux

4. Installation & Configuration of OIAM suite in Cluster Environments ( RAC : cluster,cloning )

5. Overview of Repository Creation Utility  ( Scheme Creation )

6. Overview of Admin Server :  Weblogic Server | JBOSS  (Application Server )

7. Overview of SOA Suite & Overview of Patches

8. Overview of Managed Servers ( OIM, OAM, OAAM, OIF, BI, SOA,WC )

9. Provisioning

    a. Provision        b. Recon

10. Workflows ( Provisioning & Approval )

11. Adapters ( Event , Role Generate, Pre-populate, Task AssignMent, Process Task)

12. Event Handlers

13. Connectors ( GTC Connectors, OOTB, Custom ( ICF, and other )

14. User Defined Framework ( UDF )

15. Overview of Jdeveloper, Eclipse & NetBeans

16. Self Registration & Delegation of Administration

17. Overview & Installation  of Microsoft Active Directory Domain Services

18. Overview  & Installation of Oracle Internet Directory / Oracle virtual Directory

19. Overview of Oracle Unified Directory

20. Overview of Oracle Directory Integration platform

21. Access Policies

22. Approval Policies

23. LDAP Sync pre and post.... like OID , OUD

24. AutN policy

25.  UI Customizations

26.  Schedulers

27. LookUps

28. Overview of HRMS Systems

29. Overview of Target Application ( Demo Sample Bank Application )

30. Application Development Framework 11g/12c


LAB Exercise  : Nearly 100 Labs

Exercise 1: Self Registration

Exercise 2: Approvals ( Request level, Operational Level )

Exercise 3:  Delegation of Administration

Exercise 4 : Flatfile Reconciliation through GTC Connector

Exercise 5 : Database Prov & Recon through OOTB Connector

Exercise 6 : Prov & Recon  to Directory Services  OID,OUD & MS AD through OOTB Connector

Exercise 7 : Prov & Recon to Bank Application through Custom Connector

Exercise 9 : Webservices Prov & Recon

Exercise 10 : Provisioning to Dis Connected Resource

Exercise 11 : UI Customizations

Exercise 12 : Pre-populate the Citizenship
                     
                       Ex : IND -- Indian

Exercise 13: Access Policies

Exercise 14 : Approval Policies

Exercise 15 : Password Policies

Exercise 16 : Logo Customization

Exercise 17 : Adapters

Exercise 18 : Entity Adapter with Example

Exercise 19 : Role Generated Adapter with Example

Exercise 20 : Task Assignment Adapter with Example

Exercise 21 : Pre-Populate Adapter with Example

Exercise 22 : Process Task Adapter with Example

Exercise 23 : Event Handler with Example

Exercise 24 : Change the Employee type from Consultant to Full Time Employee

Exercise 25 :  LDAP Sync (OID) with OIM ( Pre & Post )

Exercise 26 :  MS AD Installation & Configuration

Exercise 27 : Provisioning & Reconciliation lies between OIM and MS AD

Exercise 28 : MS AD Password Sync

Exercise 29 : LDAP Password Sync

Exercise 30 : OIM Integration with EBS ( Recon  & UM )

Exercise 31 : Add custom attribute as " Responsibilities " in OIM

Exercise 32 : assign the Responsibilities to Role through OIM

Exercise 32 : OIM integration with PeopleSoft

Exercise 33 : Prov & Recon lies b/w OIM & PS

Exercise 34 : OIM integrate with OAM

Exercise 35 : Prov & Rec lies b/w  WorkDay ( OIM Integrate with WorkDay )

Exercise 36 :  SOA Composites ( Approvals & Provisioning )

Exercise 37 : Provision  ::           Manual Provisioning

Exercise 38 : Provision  ::           Automated Provisioning

Exercise 39 : Provision  ::          Request Based Provisioning

Exercise 40 : Reconciliation ::   Trusted Reconciliation & Target Reconciliation

Exercise 41 : Custom schedulers

Exercise 42 : BulkLoad Utility

Exercise 43 : Notifications

Exercise 44 : OIM integrate with E-Mail server

Exercise 45 : provision an user to Multiple Resources of LDAP Services like OID, OUD

Exercise 46 : Add custom attributes in MS AD

Exercise 47:  OIM Integrate with Oracle Fusion Applications




OAM - Oracle Access Manager  

1. Architecture & Silent Features 

2. Installation & Configuration of OAM , WebTier and WebGate 

3. Installation & Configuration of LDAP like OUD, OID/OVD

4.  Data Sources ( Default WebLogic Server ) 

5.  URL Protection 

6. Single Sign ON

7. Single Logout 

8. ESSO

9. Session Management 

10. Cookies 

11. Installation & Configuration of E-Business Suite R12 

12. SSO to Oracle E-Business Suite R12 

13. OIM integration with OAM 

14. AutN

15. AutZ 


Thanks & Regards

Lakshmi Reddy  







Saturday, 12 September 2015

Oracle Identity & Access Management Domain Overview

Oracle Identity & Access Management Domain Overview 

 Note : Oracle IdM is one of the Component in Oracle Fusion Middleware 
    
 1. Oracle Identity & Access Management Suite

 2. Oracle Identity & Access Management Deployment suite

 3. Oracle Identity & Access Management Fusion suite 


Pre- Requirements 
-------------------------------------------------------------------------------------------------------------

Knowledge Requirement 
  •   Complete Core java and J2EE 
  •   Oracle SQL & PLSQL
  •    Application Development Framework ( Optional  ) 
  •    Good Knowledge on Both Windows & Linux ( Mandatory )
Hardware Requirements 
  • Minimum 8GB RAM , ( if 16GB RAM taken its very Good )
  • Minimum 320GB Hard Disk  
  • Intel I3 Processor  or Above 

Software Requirement 
  • Operating System Eg, Windows or LINUX
  • Database & Scheme Creation 
  • JDK
  • Web server & Application Server Eg, Tomcat, Weblogic, JBoss
  •  SOA Suite 
  • OIAM Suite  
  • Web center
  • JDeveloper
  • Eclipse
  • Web Gate 
  • Web Tier  ( Oracle Http Server )
  • BI Publisher
  • Oracle Identity Management Suite
  • Oracle Unified Directory 
  • Oracle Entitlement Server 
  • Microsoft Active Directory Services 
  • Oracle E-Business Suite 
  • PeopleSoft
  • JDEdwards 
  • Oracle Fusion Applications 
  • Others Depends on Client Request 

Oracle Identity & Access Manager Arch...
-----------------------------------------------------




Thanks & Regards
----------------------------
Lakshmi Reddy N
  

Monday, 31 August 2015

How to Configuring an OID Authentication Provider in WebLogic 10.3.6

Ans :   Configuring an OID Authentication Provider in WebLogic 10.3.6

-----------------------------------------------------------------------------------------


This is the architecture that depicts the configuration of an OID LDAP-based authentication provider used by OPSS applications deployed on a WebLogic Server environment. 

Follow the steps below to configure an OID authentication provider using the Weblogic Administration Console:

1.Open the Firefox web browser using the  icon on the launch panel. Make sure the WebLogic Server is running before continuing on to the next step.
2.Open the WebLogic Administration Console by browsing to http://localhost:7001/console.
Screenshot for Step
Login using the following credentials:
Username: weblogic
Password: welcome1
Screenshot for Step
3.Click the Security Realms link in the Domain Structure pane to show the list of security realms for the domain.
Screenshot for Step
4.Click the myrealm link in the Realms pane to show the settings for the domain's security realm.
Screenshot for Step
5.Click the Providers tab to show the security providers configured for myrealm.
Screenshot for Step
6.Click the Authentication tab to list the currently configured authentication providers for this domain's security realm. The default out-of-the-box providers are shown for the embedded LDAP authentication provider and identity asserter. This is where you configure the new OID authentication provider.
Screenshot for Step
7.Click New to create a new authentication provider for this domain.
Screenshot for Step
8.The Create a new Authentication Provider page is displayed. Give your new authentication provider a name, such as OID Authenticator, select the type called OracleInternetDirectoryAuthenticator, and click OK.
Screenshot for Step
9.You should now see your new OID authenticator in the list of authentication providers, at the bottom of the list.
Screenshot for Step
10.Click the link for your OID authentication provider to configure its settings.
Screenshot for Step
11.The Settings for OID Authenticator is displayed. Click the Provider Specific tab to configure the detailed settings for this provider.
Screenshot for Step
12.This step guides you through all of the settings for configuring your new OID authentication provider. All the settings are made on a single configuration page, however we go through them one section at a time in this instruction.
The first section contains the Connection settings for the OID server. Use the values from the table below for this section:
NameValuePurpose
Host:localhostThe OID host name
Port:3060The standard OID listening port
Principal:cn=orcladminThe LDAP user that logs into OID on behalf of your authentication provider
Credentials:welcome1Password for the principal user
Confirm Credentials:welcome1Confirmation of the password
SSL Enabled:UncheckedEnables or disables SSL connectivity
Validate your settings against the screen shot below:
Screenshot for Step
The next section contains the Users settings for the OID provider. Use the values from the table below for this section:
NameValuePurpose
User Base DN:cn=Users,dc=us,dc=oracle,dc=comThe root (base DN) of the LDAP tree where searches are performed for user data
All Users Filter:Leave as defaultThe LDAP search filter that is used to show all the users below the User Base DN
User From Name Filter:Leave as defaultThe LDAP search filter used to find the LDAP user by name
User Search Scope:Leave as defaultSpecifies how deep in the LDAP tree to search for users
User Name Attribute:Leave as defaultThe attribute of the LDAP user that specifies the user name
User Object Class:Leave as defaultThe LDAP object class that stores users
Use Retrieved User Name as Principal:CheckedSpecifies if the user name retrieved from the LDAP directory will be used as the Principal in the Subject
Validate your settings against the screen shot below:
Screenshot for Step
The next section contains the Groups settings for the OID provider. Use the values from the table below for this section:
NameValuePurpose
Group Base DN:cn=Groups,dc=us,dc=oracle,dc=comThe root (base DN) of the LDAP tree where searches are performed for group data
All Groups Filter:Leave as defaultThe LDAP search filter that is used to show all the groups below the Group Base DN
Group From Name Filter:Leave as defaultThe LDAP search filter used to find the LDAP group by name
Group Search Scope:Leave as defaultSpecifies how deep in the LDAP tree to search for groups
Group Membership Searching:Leave as defaultSpecifies whether group searches into nested groups are limited or unlimited
Max Group Membership Search Level:Leave as defaultSpecifies how many levels of group membership can be searched. This setting is only valid if GroupMembershipSearching is set to limited
Ignore Duplicate Membership:UncheckedDetermines whether duplicates members are ignored when adding groups.
Validate your settings against the screen shot below:
Screenshot for Step
Click Save to persist your changes.
Screenshot for Step
13.Click the Common tab in the Settings for OID Authenticator pane to show settings common to all authentication providers.
Screenshot for Step
14.Change the Control Flag setting to SUFFICIENT and click Save. This setting allows this provider to participate in the authentication process without requiring the user to be in its identity store.
Screenshot for Step
15.Click the Providers link the breadcrumb displayed near the top of the page to quickly navigate back to theAuthentication Providers page.
Screenshot for Step
16.Click the DefaultAuthenticator link to display its common settings so you can change its control flag toSUFFICIENT as well.
Screenshot for Step
17.Change the Control Flag setting to SUFFICIENT and click Save. This setting allows this provider to participate in the authentication process without requiring the user to be in its identity store.
Screenshot for Step
18.Click the Providers link the breadcrumb displayed near the top of the page to quickly navigate back to theAuthentication Providers page.
Screenshot for Step
19.Click Reorder to change the order of your configured authentication providers.
If you remember from the OPSS Concepts self-study course, OPSS obtains its authentication configuration from the authentication provider configuration found in the WebLogic Server domain. It also states that OPSS first looks at all of the LDAP-based authentication providers in the list, and chooses the first one in the list with the highest control flag setting. Because we configured both LDAP-based authentication providers to use the SUFFICIENTcontrol flag setting, OPSS would use the default authenticator if we left the configuration as it is now. In order to ensure that OPSS recognizes your new OID authenticator as its authentication provider, you must reorder your list of authentication providers so that the OID authentication provider is first in the list.
Screenshot for Step
20.Select the OID Authenticator and use the arrows on the right to move it into the first position. Click OK.
Screenshot for Step

Thursday, 27 August 2015

Oracle identity Manager CustomConnector for OracleDatabase ( MobileApplication )

/*
Source Code :

OracleDBApplication.java
-----------------------------
*/


package com.luckyfusion.customdbconnector;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Properties;

/**
 * @author Lakshmi Prasad Reddy
 *
 */
public class OracleDBApplication {

/**
* @param args
*/

public static void main(String[] args) {



// TODO Auto-generated method stub


/***
* Properties connectionProps = new Properties();
        connectionProps.setProperty("user", "mobileadmin");
        connectionProps.setProperty("password", "oimdb");
     
        String jdbcUrl = "jdbc:oracle:thin:@" +"192.168.1.100" +":" +"1521" +":"+"oimdb";
        System.out.println("JDBC URL :: " + jdbcUrl);
        String jdbcDriver = "oracle.jdbc.driver.OracleDriver";

OracleDBApplication oDbApp = new OracleDBApplication();
   oDbApp.createUser("192.168.1.100", "1521", "oimdb", "mobileadmin", "oimdb", jdbcDriver, "Lakshmi", "Prasad", "lucky", "1149", "LREDDY", "IN", "IDM", "LuckyFusion");
oDbApp.modifyUser("192.168.1.100", "1521", "oimdb", "mobileadmin", "oimdb", jdbcDriver, "YYY", "EMAIL", "YTR", "CCC");
oDbApp.deleteUser("192.168.1.100", "1521", "oimdb", "mobileadmin", "oimdb", jdbcDriver, "MOBILEDATA", "USERID", "USERID");
*
*
*
*/



}

// Get Oracle Database connector Connection


public Connection getDatabaseConnection(String url, Properties properties, String jdbcDriver)

{
System.out.println("Entering getConnectionWithTimeout");

        Connection connection = null;
     
try {
        Class.forName(jdbcDriver);
connection = DriverManager.getConnection(url,properties);
System.out.println("Connection :: " + connection);
  }

catch (SQLException e)
{
System.out.println("Error ::  Error while creating the connection with database :: " + e.getMessage());
e.printStackTrace();
}

catch (ClassNotFoundException e)
{
System.out.println("Error ::  Error while creating the connection with database :: " + e.getMessage());
e.printStackTrace();
}
     
System.out.println("Exiting getConnectionWithTimeout");
        return connection;
    }



// Create an User

public String createUser(String serverAddress,String portNumber,String sid,String dbAdminID,String dbAdminPassword,String jdbcDriver,String userID,String firstName,String lastName,String mobileNumber,String manager,
String country,String company,String email)
{
System.out.println("\n\n*********** Entering createUser ***************");
System.out.println("User ID :: " + userID + " First Name :: " + firstName + " Last Name :: " + lastName +" Email :: " + email);
System.out.println("Manager :: " + manager + " Country :: " + country + " Company :: " + company +" Mobile :: " + mobileNumber);

String taskResponse = "NOT_COMPLETED"; // It's the default response
String insertQuery = "INSERT INTO MOBILEDATA (USERID, FIRSTNAME, LASTNAME, EMAIL, MOBILENUMBER, MANAGER, COUNTRY, COMPANY) VALUES (?,?,?,?,?,?,?,?)";

Connection connection = null;
Properties connectionProps = new Properties();
    connectionProps.setProperty("user",dbAdminID);
    connectionProps.setProperty("password",dbAdminPassword);
 
    String jdbcUrl = "jdbc:oracle:thin:@" +serverAddress +":" +portNumber +":"+sid;
    System.out.println("JDBC URL :: " + jdbcUrl);
 
    connection = getDatabaseConnection(jdbcUrl, connectionProps, jdbcDriver);
    if(connection != null){
    try

{
   
   
    // JDBC CODE SAMPLE: http://www.mkyong.com/jdbc/jdbc-preparestatement-example-insert-a-record/
   
   
   
PreparedStatement preparedStatement = connection.prepareStatement(insertQuery);
preparedStatement.setString(1, userID);
preparedStatement.setString(2, firstName);
preparedStatement.setString(3, lastName);
preparedStatement.setString(4, email);
preparedStatement.setString(5, mobileNumber);
preparedStatement.setString(6, manager);
preparedStatement.setString(7, country);
preparedStatement.setString(8, company);
int count = preparedStatement.executeUpdate(); // It returns how many records are inserted

if(count == 1)
{
taskResponse = "CREATE_SUCCESS";
}
else
{
taskResponse = "CREATION_FAILURE";
}

   }

catch (SQLException e)

{
taskResponse = "CREATION_FAILURE";
System.out.println("Error :: While creating the user" );
e.printStackTrace();
}


    }

else {
    taskResponse = "NULL_CONNECTION";
    }
 
    System.out.println("\n\n*********** Exiting createUser ***************");
return taskResponse;
}


// Update or Modify an user


public String modifyUser(String serverAddress, String portNumber, String sid, String dbAdminID, String dbAdminPassword, String jdbcDriver, String userID, String fieldName, String fieldValueNew, String fieldValueOld){
System.out.println("\n\n*********** Entering modifyUser ***************");
System.out.println("User ID :: " + userID + " Field Name :: " + fieldName + " Field Value (New) :: " + fieldValueNew +" Field Value (Old) :: " + fieldValueOld);

String taskResponse = "NOT_COMPLETED"; // It's the default response
String updateQuery = "UPDATE MOBILEDATA SET ? = ? WHERE USERID = ?";
Connection connection = null;
Properties connectionProps = new Properties();
    connectionProps.setProperty("user", dbAdminID);
    connectionProps.setProperty("password", dbAdminPassword);
 
    String jdbcUrl = "jdbc:oracle:thin:@" +serverAddress +":" +portNumber +":"+sid;
    System.out.println("JDBC URL :: " + jdbcUrl);
 
    connection = getDatabaseConnection(jdbcUrl, connectionProps, jdbcDriver);
    if(connection != null){
    try {
    // JDBC CODE SAMPLE: http://www.mkyong.com/jdbc/jdbc-preparestatement-example-insert-a-record/

PreparedStatement preparedStatement = connection.prepareStatement(updateQuery);
preparedStatement.setString(1, fieldName);
preparedStatement.setString(2, fieldValueNew);
preparedStatement.setString(3, userID);
int count = preparedStatement.executeUpdate(); // It returns how many records are inserted
System.out.println("\n*******************************");
System.out.println("\nUser Modified :: " + userID );
System.out.println("\n*******************************");
if(count == 1){
taskResponse = "MODIFY_SUCCESS";
}
else {
taskResponse = "MODIFY_FAILURE";
}

}

catch (SQLException e)
{
taskResponse = "MODIFY_FAILURE";
System.out.println("Error :: While Modifying the user" );
e.printStackTrace();
}

    }

else

{
    taskResponse = "NULL_CONNECTION";
    }
 
    System.out.println("\n\n*********** Exiting modifyUser ***************");
return taskResponse;
}

// Delete an User


public String deleteUser(String serverAddress, String portNumber, String sid, String dbAdminID, String dbAdminPassword, String jdbcDriver, String userID, String tableName,
String userIDColumn){
System.out.println("\n\n*********** Entering Delete User ***************");
System.out.println("User ID :: " + userID );

String taskResponse = "NOT_COMPLETED"; // It's the default response
String insertQuery = "DELETE FROM ? where ? = ?";
Connection connection = null;
Properties connectionProps = new Properties();
    connectionProps.setProperty("user", dbAdminID);
    connectionProps.setProperty("password", dbAdminPassword);
 
    String jdbcUrl = "jdbc:oracle:thin:@" +serverAddress +":" +portNumber +":"+sid;
    System.out.println("JDBC URL :: " + jdbcUrl);
 
    connection = getDatabaseConnection(jdbcUrl, connectionProps, jdbcDriver);
    if(connection!= null){
    try {
PreparedStatement preparedStatement = connection.prepareStatement(insertQuery);
preparedStatement.setString(1, tableName);
preparedStatement.setString(2, userIDColumn);
preparedStatement.setString(3, userID);
int count = preparedStatement.executeUpdate(); // It returns how many records are inserted
System.out.println("\n*******************************");
System.out.println("\nUser Got Deleted :: " + userID);
System.out.println("\n*******************************");
if(count == 1){
taskResponse = "DELETE_SUCCESS";
} else {
taskResponse = "DELETE_FAILURE";
}

} catch (SQLException e) {
taskResponse = "DELETE_FAILURE";
System.out.println("Error :: While Deleting the user" );
e.printStackTrace();
}
    } else {
    taskResponse = "NULL_CONNECTION";
    }

    System.out.println("\n\n*********** Exiting Delete User ***************");
return taskResponse;
}


// Enable an User

// Disable an User

// Lock an User

// Unlock an User

// Search User

}


Thanks & Regards

Lakshmi Reddy N

Friday, 21 August 2015

OIM Account Restore User Status From Deleted to Active

 OIM Account Restore User Status From Deleted to Active


Restoring the Deleted Account in OIM

When you delete the user from the Oracle Identity Manager System, the user will not been removed physically from the system and also it changes the status from Active to Deleted. It also revoke the resources from the target system for the deleted user.
I need to reactivate the deleted user from the Oracle Identity Manager as follows:
1. Login to the OIM data base user into the data base and update the user status from Deleted to Active.
2. Execute the following sql to update the user status
UPDATE USR SET USR_STATUS = 'Active' WHERE usr_login='login id'
replace login id with your login id.
3. Login to the OIM Admin Console and verify the user status is changed  from Deleted to Active.
4. Re-Provision the users.


Thanks & Regards 
---------------------------

Lakshmi Prasada Reddy Nandyala 

Thursday, 20 August 2015

A Tour of Oracle Privileged Account Manager

A Tour of Oracle Privileged Account Manager

Usage management of sensitive accounts of LDAP, Database, Linux or custom applications using Oracle Privileged Account Manager 11gR2PS1

Downloads:

Overview:

Oracle Privileged Account Manager is a new product added in the Oracle Identity Management 11gR2 release. As its name suggests, it deals with the management of privileged accounts. By the word “privileged account” we mean that these accounts can access the sensitive data in the organization. Following are the examples of the privileged accounts:
  • Unix root account
  • Database SYSDBA / SYSOPER accounts
  • Windows Administrator accounts
  • Application accounts which access sensitive information
  • System Administrator accounts
Oracle Privileged Account Manager provides an easy to implement and versatile solution for managing high risk accounts. It lets you manage the password policies and the usage policies (e.g. time duration for which you can use the account) for the accounts. It leverages Identity Connector Framework to integrate with third party applications which are supported out of the box. It supports the break the glass facility where one person performs the tasks of another person in case the person is not available due to some emergency. One of the highlighting features is the ability of OPAM to provide comprehensive auditing and reporting of who has acted on a particular account at certain point in time as well as the real time data. It can be combined with Oracle BI Publisher to generate reports. Figure 1 shows the overall architecture of OPAM.



Figure 1
There are two ways in which you can access the Oracle Privileged Account Manager features: Graphical User Interface (GUI) and Command Line Interface (CLI). The latter can be extended to invoke all CLI supported operations through Java API which is given this post. The GUI and CLI interact with the Oracle Privileged Account Manager Server over REST services. The OPAM Server is a component that handles password requests, generates passwords, and protects the password keystore. Figure 2 shows the GUI, CLI and other clients communicate with OPAM using the RESTful interface.



Figure 2

Authentication:

 The authentication framework of the Oracle Privileged Account Manager leverages SAML based token authentication. It can be integrated with Oracle Access Manager Single Sign On. OPAM CLI Supports HTTP Basic Authentication over SSL to connect to OPAM Server.

Authorization:

 There are several Admin Roles supported by OPAM to restrict the sensitive usage of the application:
  • Application Configurator – OPAM_APPLICATION_CONFIGURATOR
  • Security Administrator – OPAM_SECURITY_ADMIN
  • Security Auditor – OPAM_SECURITY_AUDITOR
  • User Manager – OPAM_USER_MANAGER

Administration:


1.     Targets:

A target in OPAM is a system which contains users, and relies on users, system, or application accounts. You need to register the target system in order to manage the accounts associated with the target.  Currently as of release 11.1.2.1.0 OPAM supports four types of pre-built targets. You can see the four supported targets in Figure 3.



Figure 3
Generally adding a target involves providing the values of the host, port, domain and other minimum useful information required to retrieve the accounts from the target system. The two targets needs extra attention - The database target is supported for Oracle, MSSQL, MYSQL, DB2 and Sybase. Lockbox allows us to manage a specific target without configuring any connector.

2.     Accounts:

An account represents the privileged account on a target system. OPAM does not create or delete accounts on the target system; it only manages the existing accounts. When a new account is added in OPAM server, only a reference to that account gets created. Deletion of account from OPAM does not delete the account from the target. OPAM enables you to specify whether an account is shared or not shared. Shared accounts enable multiple users to use the account at the same time. Default (unshared) accounts can be used by only one user at a time. Below Figure 4 shows the database accounts containing the word sys in a database target.



Figure 4

3.     Grantee:

Grantees are users or groups that have been granted access to one or more privileged accounts. Users or groups are assigned to a privileged account in the Account tab. As you can see in Figure 5, user.0 is a grantee for the account DEVOAM_OPAM and there is no group specified.



Figure 5

4.     Check out and Check in:

Administrators or end users can check out an account if they have been granted access to that account. When a user checks out an account, by providing a comment, it gets the access to the password of the account. The password is generated based on the Password Policy attached to the privileged account. On successful checking out, unshared accounts become unavailable for other users to check out until the account is checked in again by the user. Checking in of account resets the password of the account. In case of shared accounts, the password is reset only when all the users check in the account. Figure 6 shows that the accounts which are granted to the logged in user are checked in and ready to be checked out.



Figure 6

5.     Password Policies:

The password policies capture the password construction rules enforced by a specific target on an associated privileged account. Every privileged account must have an associated password policy. OPAM provides Default Password Policy. However you can create custom password policies as per your requirements.

6.     Usage Policies:

The usage policies define when and how a privileged account can be used by a grantee. These are applied at the level of a grant. OPAM provides Default Usage Policy. However you can create custom usage policies as per your requirements.

7.     Reports:

The reports provide the real time information about the status of accounts and targets being managed by OPAM. OPAM provides support for 3 types of reports:
  • Deployment Reports : View information about how targets and privileged accounts are currently deployed
  • Usage Reports : View information about how privileged accounts are currently being used in the deployment
  • Failure Reports : View information about current state of target and account failures

8.     ICF Connectors:

Connectors enable OPAM to interact with the third party target systems. OPAM leverages connectors that are compliant with the ICF standard. OPAM can use custom connectors to interact with the target systems other than the traditional LDAP, database and UNIX system. After the connector is developed and ready to be integrated with OPAM, the connector bundle needs to be put in a location where OPAM can access it at runtime. All the connector related configurations are stored in the file ORACLE_HOME/opam/config/opam-config.xml which schematically is governed by ORACLE_HOME/opam/config/opam-config.xsd. If you have made correct <connectorConfig> entries in opam-config.xml, you will see the new target in the Target dropdown after the server is restarted.

Command Line Interface:

Oracle Privileged Account Manager lets you interact with the OPAM server via HTTP Basic Authentication over SSL. You can perform certain tasks via command line which you can do via GUI. CLI can be launched by ORACLE_HOME/opam/bin/opam.sh (UNIX) or ORACLE_HOME/opam/bin/opam.bat (Windows) . Supported commands are - addaccount, addtarget, checkin, checkout, displayallaccounts, displayallgroups, displayalltargets, displayallusers, displaycheckedoutaccounts, displaydomaintree, displaytargettypetree, grantgroupaccess, grantuseraccess, removeaccount, removegroupaccess, removetarget, removeuseraccess, retrieveaccount, retrievegrantees, retrievegroup, retrievetarget, retrieveuser, searchaccount, searchgroup, searchtarget, searchuser, showpassword
Following command shows an example of how to issue addaccount command:
-url https://hostname:sslport/opam -u <username> [-p <password>] [debug] -x addtarget -targetname <targetname> -host <hostname> -port 22 -organization <organization>

Interacting with RESTful Interface:

OPAM Server has exposed certain RESTful interfaces which are consumed by the GUI and also can be incorporated with other applications which provide the ability to consume REST services. Using RESTful interface of OPAM, you can perform several operations on Targets, Accounts, Users, Groups, Password and Usage Policies. Following is the Java code sample showing the basic REST operations that you can perform:
OPAMRestClient.java

package com.mycompany.opam.demo.rest.client;

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;

import org.apache.commons.codec.binary.Base64;

/**
 * @author Ganesh
 *
 */
public class OPAMRestClient {

        /**
         * @param args
         */
        public static void main(String[] args) {
                OPAMRestClient client = new OPAMRestClient();
                client.authAndGet();
                client.checkOutAccount();
                client.checkInAccount();
        }

        private void authAndGet() {
                String webPage = "https://192.168.1.31:18102/opam/";
                String result = execute(webPage, "opamadmin", "welcome1", "GET");
                System.out.println("*** RESULT ***");
                System.out.println(result);
        }

        private void checkOutAccount() {
                String webPage = "https://192.168.1.31:18102/opam/account/3a32f71b320645f7b9b594fc8e864089/checkout";
                String result = execute(webPage, "user.0", "welcome1", "PUT");
                System.out.println("*** RESULT ***");
                System.out.println(result);
        }

        private void checkInAccount() {
                String webPage = "https://192.168.1.31:18102/opam/account/3a32f71b320645f7b9b594fc8e864089/checkin";
                String result = execute(webPage, "user.0", "welcome1", "PUT");
                System.out.println("*** RESULT ***");
                System.out.println(result);
        }

        /**
         * @param webPage
         * @return
         * @throws MalformedURLException
         * @throws IOException
         */
        private String execute(String webPage, String name, String password,
                        String requestMethod) {
                String authString = name + ":" + password;
                System.out.println("auth string: " + authString);
                byte[] authEncBytes = Base64.encodeBase64(authString.getBytes());
                String authStringEnc = new String(authEncBytes);
                System.out.println("Base64 encoded auth string: " + authStringEnc);

                URL url;
                HttpsURLConnection httpsCon = null;
                String result = null;
                try {
                        url = new URL(webPage);
                        httpsCon = (HttpsURLConnection) url.openConnection();
                        httpsCon.setRequestMethod(requestMethod);
                        httpsCon.setHostnameVerifier(new HostnameVerifier() {
                                @Override
                                public boolean verify(String hostname, SSLSession session) {
                                        return true;
                                }
                        });
                        httpsCon.setRequestProperty("Authorization", "Basic "
                                        + authStringEnc);
                        httpsCon.connect();
                        InputStream is = httpsCon.getInputStream();
                        InputStreamReader isr = new InputStreamReader(is);

                        int numCharsRead;
                        char[] charArray = new char[1024];
                        StringBuffer sb = new StringBuffer();
                        while ((numCharsRead = isr.read(charArray)) > 0) {
                                sb.append(charArray, 0, numCharsRead);
                        }
                        result = sb.toString();
                } catch (MalformedURLException e) {
                        e.printStackTrace();
                } catch (IOException e) {
                        e.printStackTrace();
                } finally {
                        if (httpsCon != null) {
                                httpsCon.disconnect();
                        }
                }
                return result;
        }
}

Integration with Oracle Identity Management solutions:

Oracle Privileged Account Manager can be integrated with Oracle Identity Governance, Oracle Access Management and Oracle Directory Services – the three building tiers of Oracle Identity Management Suite. OPAM provides the ability to manually request access to accounts and to get approvals for requests in Oracle Identity Manager. OPAM can be protected by enabling Single Sign On using a Webgate agent in Oracle Access Manager.

Backend:

Following is a list of tables from DEV_OPAM schema used by the Oracle Privileged Account Manager:
TARGET, ACCOUNT, GRANTS, USGPOL, PWDPOL, FAILURE, ACTSESSION, FLEXFIELD, FLEXOBJ, FLEXSECFIELD
The Metadata information and passwords managed by OPAM are encrypted and persisted in the Oracle Database. It is recommended to leverage Oracle Database Vault and Transparent Data Encryption (TDE) for additional security.

Conclusion:

Oracle Privileged Account Manager is a complete product which has a comprehensive set of features that are required to manage the password lifecycle of privileged accounts – an  activity for which there was no solution available earlier. OPAM delivers more value when used in conjunction with other Oracle Identity Management Products.

References: