Wednesday May 19, 2010

Email templates

Hello All,

 Sorry for the long lag between posts. As you can imagine its been pretty crazy around here.

I ran into an issue that I thought I would post .

I had a customer upgrade from 5.5 to 7.1.1.14

End Users start a workflow for account creation which launch a manager approval
Manager Approval not getting generated . This means when you set a manual action in a customized WF it doesn't get created and throws back the error:
[Read More]

Wednesday Dec 02, 2009

JSESSIONID with Weblogic 10.3 and IDM 7.1.1.13

Hello All,

I hope you're enjoying the holidays. I wanted to make a post before the new year so I went back to review some of my old cases and I came up with this one.


Issue:

After an upgrade from 7.0 to 7.1.1.13 we would run a recon and then go check the recon status and we saw the error:

[Read More]

Friday Oct 16, 2009

Recon Part 2


Hello All,
    This is part two of the Recon blog. Sorry it took so long to get this out but if you know me, you know once I go down a road I keep digging. In this case I kept get deeper and deeper into the subject and this is what I came up with. 

What I will do is walk through a AD reconciliation and talk about the gateway. I will end with some tips on why Recons fail and what to look for.
[Read More]

Friday Apr 24, 2009

JSP's in the debug directory

Hello Again, What I want to do is go through some debugging utilities that I tend to use to troubleshoot issues with IDM. I will not attempt to go through them all as we have tons in the idm/debug directory. I will list 8 below. All of these can be called by going to http://<idm-instance>:port/debug/<Jsp>


The first one I want to go over is the callTimers.jsp. What this does is provide a interface for basic method profiling. In here you can take a look at what is being called how many time and how long . You can even click on the method to see what is calling it. The best way to collect this is to

[Read More]

Wednesday Mar 25, 2009

What is a View?

What is a View?

A view is a collection of Attributes that come together from one or more objects that are managed by IDM. They are transient, dynamic and are not stored in the Repo. Basically think of it as a snapshot of Attributes. It can change depending on what your Workflow/Form is doing. You run into views primarily in Workflows and Forms.

[Read More]

Monday Mar 09, 2009

java.io.EOFException while doing a test connection to gateway

I ran into this issue the other day and thought I would post this . I was upgrading my IDM server from 6.0sp2 to 6.0sp4 and noticed that when I was doing a test connection for my AD resource I saw the following error.


The error you will see is "AD: ==> java.io.EOFException:\\n"

I went to the debug/Gateway.JSP and tried to check the version. I got the same error message.

Once you see this, if you look at the gateway trace from the command line by running gateway where ever you have your gateway.exe file.

03/02/2009 10.28.38.515000 [2900] (../../../../src/wps/agent/connect/RASecureConnection.cpp,287): ReceivePrivate:
TERMINATING CONNECTION: incoming sequence number -1141250322 does not match receive count 0
03/02/2009 10.28.38.515000 [2900] (../../../../src/wps/agent/connect/client_handler.cpp,350): ReceivePrivate() mesage refused 1

To fix this issue:

1. Open registry (ie. regedit)

2. Locate gateway entry (ie. Software\\\\Waveset\\\\Lighthouse\\\\Gateway)

3. If you see "ServerSignature" key, delete it by right clicking on the key and select "Delete"

This default key is used to encrypt the communication between IdM and the gateway.

This will fix your issue in most cases


On certain occasions you might have to also do:

Remove the key on the IDM side from the resource itself using these instructions:

1. First please go to the debug URL

2. List objects of type "Resource"

3. Take a back-up of one of the resources in question that uses the GW. We only need to test with one of them to see if this change makes it work. No need to worry about the other one(s) at this point.

4. After taking a back-up, click on the "edit" link for the resource in question.

5. Scroll down to the very bottom of the text box and delete the entry that looks like this. All 3 or 4 lines need to be removed.


   <RPCEncryptionKey>
   <ObjectRef type='EncryptionKey' id='#ID#1ADD6A42FBB66F6A:15E0C2B:11A70463869:-7B40' name='GatewayEncryptionKey'/>
   </RPCEncryptionKey>

6. Then save it and try the test connection again for the resource to see if it's successful.

I hope you find this little tidbit useful as it doesn't happen often but when you install and uninstall as much as I do it seems to happen more.

Wednesday Mar 04, 2009

Foreign Characters in IDM

I ran into an issue a while back on getting Internationalization to work in IDM.  This particular instance was for Czech Characters which needs a custom message file.  One thing to note with this is for Internationalization to work you need to make sure your Database and Application server can handle it.  Meaning it needs to support UTF-8 .

Here is what I did:

1. I installed a fresh copy of IDM 6.0sp4 with Websphere 6.0 on Oracle 10



2 . I enabled Internationalization by:

1. Editing the waveset.properties file and turning on internationalization from false to true.


2. I copied the language files IDM_5_0_l10n_ja_JP.jar or what ever language you want to use  into idm-root/WEB-INF/lib directory. I did this just to make sure the default languages would work.

3. Edit the i18n.xml file to show the languages I want to set

            <Object name='cs_CZ'>
            <Attribute name='lang' value='cs'/>
            <Attribute name='cntry' value='CZ'/>
            <Attribute name='gif' value='images/f0-cs.gif'/>
            </Object>

I imported the i18n.xml file into IDM. This file is located in the samples directory



3. Next you need to create a custom message catalog for Czech characters. See previous post on how to do this.

In the custom Message catalog I add the line:

<Msg id='UI_PWD_LABEL'>á â ä č ď é ě ë í î ľ ň ó ö ô ř š ť ú ů ü ý ž</Msg>

click save and the line turns into

Msg id='UI_PWD_LABEL'>á â ä ¿ ¿ é ¿ ë í î ¿ ¿ ó ö ô ¿ ¿ ¿ ú ¿ ü ý ¿</Msg>

also IDM Login shows the same missing characters.

4.  I set the encoding for UTF-8 for JVM for WebSphere application server:

Below are the steps:
1. In the administrative console, click Servers > Application servers and select the server you want to enable for UCS Transformation Format.
2.  Then, under Server Infrastructure, click Java and Process Management > Process Definition > Java Virtual Machine.
3.  Specify -Dclient.encoding.override=UTF-8 for Generic JVM Arguments and click OK. When this argument is specified, UCS Transformation Format is used instead of the character encoding that would be used if the autoRequestEncoding option was in effect.
4. Click Save to save your changes.
5. Restart the application server.

I edit the line again to remove the ? above <Msg id='UI_PWD_LABEL'>á â ä č ď é ě ë í î ľ ň ó ö ô ř š ť ú ů ü ý ž</Msg>

click save and I see
<Msg id='UI_PWD_LABEL'>á â ä ¿ ¿ é ¿ ë í î ¿ ¿ ó ö ô ¿ ¿ ¿ ú ¿ ü ý ¿</Msg>

Nothing has changed.

5.  I will now edit Oracle database properties

I test the Oracle for the Czech characters. I get question marks. I check the database parameters. I see the
NLS_CHARACTERSET WE8ISO8859P1

This can be done by command line as well 

SQL> select \* from nls_database_parameters;

PARAMETER VALUE
------------------------------ ----------------------------------------
NLS_LANGUAGE AMERICAN
NLS_TERRITORY AMERICA
NLS_CURRENCY $
NLS_ISO_CURRENCY AMERICA
NLS_NUMERIC_CHARACTERS .,
NLS_CHARACTERSET WE8ISO8859P1
NLS_CALENDAR GREGORIAN
NLS_DATE_FORMAT DD-MON-RR
NLS_DATE_LANGUAGE AMERICAN
NLS_SORT BINARY
NLS_TIME_FORMAT HH.MI.SSXFF AM

PARAMETER VALUE
------------------------------ ----------------------------------------
NLS_TIMESTAMP_FORMAT DD-MON-RR HH.MI.SSXFF AM
NLS_TIME_TZ_FORMAT HH.MI.SSXFF AM TZR
NLS_TIMESTAMP_TZ_FORMAT DD-MON-RR HH.MI.SSXFF AM TZR
NLS_DUAL_CURRENCY $
NLS_COMP BINARY
NLS_LENGTH_SEMANTICS BYTE
NLS_NCHAR_CONV_EXCP FALSE
NLS_NCHAR_CHARACTERSET AL16UTF16
NLS_RDBMS_VERSION 10.2.0.1.0

20 rows selected

$ ./sqlplus /nolog

SQL\*Plus: Release 10.2.0.1.0 - Production on Wed Jun 20 16:54:56 2007

Copyright (c) 1982, 2005, Oracle. All rights reserved.

SQL> connect sys/password as sysdba
Connected.


SQL> shutdown immediate;

Database closed.
Database dismounted.
ORACLE instance shut down.

SQL> STARTUP RESTRICT;
ORACLE instance started.

Total System Global Area 1593835520 bytes
Fixed Size 1978976 bytes
Variable Size 385879456 bytes
Database Buffers 1191182336 bytes
Redo Buffers 14794752 bytes
Database mounted.
Database opened.

SQL> alter database character set internal_use AL32UTF8;

Database altered.

SQL> shutdown;
Database closed.
Database dismounted.
ORACLE instance shut down.

SQL> startup;
ORACLE instance started.

Total System Global Area 1593835520 bytes
Fixed Size 1978976 bytes
Variable Size 385879456 bytes
Database Buffers 1191182336 bytes
Redo Buffers 14794752 bytes
Database mounted.
Database opened.

I run the following :


SQL> select \* from nls_database_parameters;

PARAMETER VALUE
------------------------------ ----------------------------------------
NLS_LANGUAGE AMERICAN
NLS_TERRITORY AMERICA
NLS_CURRENCY $
NLS_ISO_CURRENCY AMERICA
NLS_NUMERIC_CHARACTERS .,
NLS_CHARACTERSET AL32UTF8
NLS_CALENDAR GREGORIAN
NLS_DATE_FORMAT DD-MON-RR
NLS_DATE_LANGUAGE AMERICAN
NLS_SORT BINARY
NLS_TIME_FORMAT HH.MI.SSXFF AM

PARAMETER VALUE
------------------------------ ----------------------------------------
NLS_TIMESTAMP_FORMAT DD-MON-RR HH.MI.SSXFF AM
NLS_TIME_TZ_FORMAT HH.MI.SSXFF AM TZR
NLS_TIMESTAMP_TZ_FORMAT DD-MON-RR HH.MI.SSXFF AM TZR
NLS_DUAL_CURRENCY $
NLS_COMP BINARY
NLS_LENGTH_SEMANTICS BYTE
NLS_NCHAR_CONV_EXCP FALSE
NLS_NCHAR_CHARACTERSET AL16UTF16
NLS_RDBMS_VERSION 10.2.0.1.0

20 rows selected

6. Run a Oracle test by doing the following

I logged to http://host:5560/isqlplus/workspace.uix

as waveset/waveset

then

update userobj set ATTR3='á â ä č ď é ě ë í î ľ ň ó ö ô ř š ť ú ů ü ý ž' where name='ADMINISTRATOR';
commit;

then

select \* from userobj where name='ADMINISTRATOR';

Oracle picks them up and I see



Now I will edit the customMessageCatalog again with

<Msg id='UI_PWD_LABEL'>á â ä č ď é ě ë í î ľ ň ó ö ô ř š ť ú ů ü ý ž</Msg>

I click save and I get the same line back
<Msg id='UI_PWD_LABEL'>á â ä č ď é ě ë í î ľ ň ó ö ô ř š ť ú ů ü ý ž</Msg>

I restart WebSphere

and I get all the characters showing up



Note: I didn't do anything to the OS or the java on the OS. I used the default java that came with WebSphere.

root@pplus3 >env

JAVA_HOME=/opt/IBM/WebSphere/AppServer/java
LANG=C
LC_ALL=C
LC_CTYPE=C
LOGNAME=root
MAIL=/var/mail//root
PATH=/usr/sbin:/usr/bin
SHELL=/sbin/sh
TERM=xterm
TZ=US/Mountain
USER=root
WSHOME=/idm_staging

root@pplus3 >/opt/IBM/WebSphere/AppServer/java/bin/java -version
java version "1.4.2_05"
Java(TM) 2 Runtime Environment, Standard Edition (IBM build 1.4.2_05-b04 20041029)
Java HotSpot(TM) Client VM (build 1.4.2_05-b04, mixed mode)
IBM Java ORB build orb142-20041021
XML build XSLT4J Java 2.6.3
XML build XmlCommonsExternal 1.2.04
XML build XML4J 4.3.3


IBM WebSphere Application Server - ND, 6.0.0.1
Build Number: o0445.08
Build Date: 11/10/04
---------------------------------------

Wednesday Feb 25, 2009

Custom Message Files in IDM

For my first post I wanted to tackle something that is easy and comes up often with customers. In this first post I want to talk about how to set up a custom message catalog in IDM.  

What a custom message catalog can do is reduce maintenance in a clustered environment and simplifies version control.

IDM retrieves the message catalog in the following order.

1. User defined Message catalog ( only 1 is permitted)
2. System defined defaultCustomCatalog
3. config/WPMessages.properties file
4. WPMessages.properties file in idmcommon.jar


Steps to create a custom message catalog

1. If overriding the default message catalog entries, locate the appropriate error message keys in the WPMessages.properties file. These keys must be in the customized message file.

2. Create the XML file. I have a sample below.

3. Import into IDM

4. Add the following line in the System Configuration  within the <Configuration><Extension><Object> element:

<Attribute name='customMessageCatalog' value='CatalogName'/>

5. Save the changes and restart the App Server.

When you start up the app server you will see something like the following


Starting: Identity Server...
LOADED: custom catalog: CustomMessageCatalog
Starting: Identity Manager Service Provider Edition...
...Finished starting Startup Servlet

This tells you that the custom message file is loaded.

Sample custom message file :

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Configuration PUBLIC 'waveset.dtd' 'waveset.dtd'>
  <Extension>
    <CustomCatalog id='customMessageCatalog' enabled='true'>
      <MessageSet language='po' country='PL'>
      <Msg id='UI_USERID_LABEL'>konto</Msg>
      <Msg id='UI_PWD_LABEL'>haslo </Msg>

MessageSet language='cs' country='CZ'>
      <Msg id='UI_USERID_LABEL'>ucet</Msg>
      <Msg id='UI_PWD_LABEL'>heslo </Msg>

</MessageSet>
    </CustomCatalog>
  </Extension>
  <MemberObjectGroups>
    <ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>
  </MemberObjectGroups>
</Configuration>

In here you can see it is a little different than the WPMessages.properties file. In the WPMessages.properties file it is listed as KeyName=MessageText but in the custom file the KeyName is specified in the ID attribute while the Messagetext is between the <Msg> and </Msg> tags.


For Internationalization you need to create a message catalog with the KeyNames and messagetext in your appropriate languages. You also need to edit the System Configuration with the following before it will work.


<Attribute name='LoadedLanguages'>
        <List>
          <Object name='cs_CZ'>
            <Attribute name='cntry' value='CZ'/>
            <Attribute name='gif' value='images/f0-cs.gif'/>
            <Attribute name='lang' value='cs'/>
          </Object>
          <Object name='po_PL'>
            <Attribute name='cntry' value='PL'/>
            <Attribute name='gif' value='images/f0- po.gif'/>
            <Attribute name='lang' value='po'/>
          </Object>
           </List>

<Attribute name='customMessageCatalog' value='customMessageCatalog'/>

Tuesday Feb 24, 2009

Welcome to Identity at a Glance..

What I plan to do with this blog is to post issues and technical deep dives into the Identity Management Product. I will sometimes use customer cases that I have come across over the years. I will talk about other products that also work with IDM but overall it will have to do with IDM. I have been supporting IDM since the 4.x version so I am very familiar with the product. If you have a topic that you would like me to cover please let me know.

            -Jeff

About

I have been in support for about 10 years now and have been doing IDM support for 5 years now. I have been working for SUN for 9 years and have supported the whole JES Stack during that time.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today