Tuesday Jul 22, 2014

[Oracle Identity Manager] Custom Event Handlers

In an Identity Management system, any action performed by a user or system is called an operation. Examples of operations are creating users, modifying roles, and creating password policies. The process of any Oracle Identity Manager operation that goes through a predefined set of stages and executes some business logic in each stage is called an orchestration. The type of object that is changed by the orchestration is called an orchestration target. 

Orchestration is divided into predefined steps called stages. Every operation moves through these stages until it reaches finalization. Orchestration has the following stages:

  • Validation: Stage to perform validation on the orchestration, such as validity of orchestration parameters. Orchestration parameter is the data that is required to carry out the orchestration operation.
  • Preprocess: Stage to perform orchestration parameter manipulations or get approvals or perform Segregation of Duties (SoD) checks.
  • Action: Stage in which the action takes place.
  • Audit: Stage in which the auditing of operation is performed.
  • Postprocess: Stage in which consequent operations related to the current operation takes place. Examples of consequent operations are auto role membership and policy evaluation on a user creation.
  • Finalization: Last stage in the process to perform any clean up.

Oracle Identity Manager allows you to implement Service Provider Interfaces (SPIs) to customize the functionality of orchestration operations. Only customization of preprocess, postprocess, validation, and finalization stages of an operation in an entity orchestration is supported.

In my example, i will explain user enable operation. For example, we may want to change user's end-date when user's status change to enable.

1-) Develop custom event handler Java code.

For our example, I will use Postprocess stage therefore our class must be extended from oracle.iam.platform.kernel.spi.PostProcessHandler.

public class RoleUserEventManagement
  implements PostProcessHandler
{
private RoleUserEventProcessors roleUserEventProcessor;

  private RoleUserEventProcessors getRoleUserEventProcessor()
  {
    if (this.roleUserEventProcessor == null) {
      this.roleUserEventProcessor = new RoleUserEventProcessors();
    }

    return this.roleUserEventProcessor;
  }

  public void initialize(HashMap<String, String> arg0)
  {
  }

  public boolean cancel(long arg0, long arg1, AbstractGenericOrchestration arg2)
  {
    return false;
  }

  public void compensate(long arg0, long arg1, AbstractGenericOrchestration arg2)
  {
  }

  public EventResult execute(long processId, long eventId, Orchestration orchestration)
  {
    Utils.logger.error("[RoleUserEventManagement][execute] : Starting.");

    EventResult eventResult = new EventResult();
    String type = orchestration.getTarget().getType();
    Utils.logger.error("[RoleUserEventManagement][execute] type : " + type);

    if ("RoleUser".equalsIgnoreCase(type)) {
      try {
String operation = orchestration.getOperation();
             User user = getUserManager().getUser(processId, orchestration);
              if (UserManagerConstants.Operations.ENABLE.name().equalsIgnoreCase(operation)) {
                    updateUserEnddate(user);
               }

      } catch (Exception e) {
        eventResult.setFailureReason(e);
      }
    }

    return eventResult;
  }

  public BulkEventResult execute(long arg0, long arg1, BulkOrchestration arg2)
  {
    return null;
  }
}

2-) Create a jar.

Create a jar with custom event handler Java class. Jar must be include the following JAR files in the class path to compile a custom class:

From the OIM_ORACLE_HOME/server/platform/ directory:
  • iam-platform-kernel.jar
  • iam-platform-utils.jar
  • iam-platform-context.jar
  • iam-plaftorm-authz-service.jar
From the OIM_ORACLE_HOME/designconsole/lib/ directory:
  • oimclient.jar
  • xlAPI.jar

3-)  Define a XML file.

<?xml version = '1.0' encoding = 'UTF-8'?>
<xl-ddm-data version="2.0.1.0" user="XELSYSADM" database="jdbc:oracle:thin:@trkist01-odb-01:1521/MIDM" exported-date="1354621487559" description="RoleUserEventManagement">
     <eventhandlers repo-type="MDS" name="RoleUserEventManagement" mds-path="/db" mds-file="RoleUserEventManagement.xml">
          <completeXml>
               <eventhandlers xmlns="http://www.oracle.com/schema/oim/platform/kernel" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/platform/kernel orchestration-handlers.xsd">
                    <action-handler orch-target="oracle.iam.platform.kernel.vo.EntityOrchestration" class="com.mypackage.oim.plugins.events.RoleUserEventManagement" entity-type="RoleUser" operation="CREATE" name="RoleUserEventManagement" stage="postprocess" sync="TRUE" order="FIRST" />
               </eventhandlers>
          </completeXml>
     </eventhandlers>
</xl-ddm-data>

4-)  Create a plug-in zip file

  a.Define a plug-in XML.

<?xml version="1.0" encoding="UTF-8"?>
<oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <plugins pluginpoint="oracle.iam.platform.kernel.spi.EventHandler">
         <plugin pluginclass="com.mypackage.oim.plugins.events.RoleUserEventManagement" version="1.0" name="RoleUserEventManagement"/>
     </plugins>
</oimplugins>

b.Package the plug-in XML and the JAR file that contains the custom class or classes into a plug-in ZIP file.

5-) Copy zip file to OIM_HOME/server/plugins directory.
6-) Register plug-in ZIP file.

You can use the Plugin Registration Utility for registering and unregistering plug-ins. The utility uses the following files:

  • pluginregistration.xml
  • ant.properties
These files are located in the OIM_HOME/plugin_utility/ directory.

Before using the utility, perform the following:

  1. Set the values for WLS_HOME and OIM_HOME in ant.properties.
  2. For example:

    WLS_HOME =.../middleware/wlserver_10.3

    OIM_HOME =..../middleware/Oracle_IDM1/server

    In addition, set the path for MW_HOME in the ant.properties file.

  3. Build the wlfullclient.jar in Oracle WebLogic server:
      1. Change directories to WLS_HOME/server/lib.
  4. Run the following command:
java -jar ../../../modules/com.bea.core.jarbuilder_1.3.0.0.jar

To register a plug-in:

  1. Execute the ant target "register":
  2. ant -f  pluginregistration.xml register
  3. This will prompt for the Oracle Identity Manager username and password along with the server information and the location of the plugin zip file. Enter the complete path of the zip file location.

Thursday Jun 26, 2014

Oracle Fusion Middleware 12c (12.1.3.0.0) Released

Oracle Fusion Middleware 12c (12.1.3.0.0) Media is being made available for download on the Oracle Technology Network (OTN), and the Oracle Software Delivery Cloud (OSDC). This includes the following products:

  • Oracle WebLogic Server 12c (12.1.3.0.0)
  • Oracle Coherence 12c (12.1.3.0.0)
  • Oracle TopLink 12c (12.1.3.0.0)
  • Oracle Fusion Middleware Infrastructure 12c (12.1.3.0.0)
  • Oracle HTTP Server 12c (12.1.3.0.0)
  • Oracle SOA Suite and Business Process Management 12c (12.1.3.0.0)
  • Oracle MapViewer 12c (12.1.3.0.0)
  • Oracle B2B and Healthcare 12c (12.1.3.0.0)
  • Oracle Service Bus 12c (12.1.3.0.0)
  • Oracle Event Processing 12c (12.1.3.0.0)
  • Oracle Managed File Transfer 12c (12.1.3.0.0)
  • Oracle Data Integrator 12c (12.1.3.0.0)
  • Oracle Enterprise Data Quality 12c (12.1.3.0.0)
  • Oracle Data Service Integrator 12c (12.1.3.0.0)
  • Oracle GoldenGate Monitor and Veridata 12c (12.1.3.0.0)
  • Oracle JDeveloper 12c (12.1.3.0.0)
  • Oracle Enterprise Pack for Eclipse 12c (12.1.3.0.0)
You can also visit the Oracle Fusion Middleware page on OTN to find more information about the products.

JDeveloper And ADF 12c(12.1.3.0.0) Is Available Now!

JDeveloper 12.1.3 and ADF 12.1.3 announced today! This version aligns with the release of Fusion Middleware 12.1.3 which also include Weblogic and SOA Suite.

You can download from here : http://www.oracle.com/technetwork/developer-tools/jdev/downloads/index.html

New In This Release

General

  • Oracle Fusion Middleware 12c: This release of JDeveloper and ADF correspond with Oracle Fusion Middleware 12c (12.1.3.0.0), which includes updated versions of WebLogic Server, TopLink, Coherence, and SOA in additional to other middleware components.

IDE

  • Java SE 8 Preview While this version of JDevleoper must run with a Java SE 7 JDK, you can add Java SE 8 as a Java SE library (Tools > Manage Libraries, Java SE Definitions tab) and use that to compile and test against. Make sure your target deployment environment supports Java SE 8!
    • With Java SE 8, JDeveloper introduces a new refactoring to transform an anonymous inner class into a Lambda expression
  • Maven enhancements We've squashed quite a few bugs in this area (including removing absolute path references) as well as incorporating a couple new features:
    • New ADF "oracle-adffaces-ejb" archetype introduced to enable creating a basic ADF application using ADF Faces and EJB from Maven.
    • JDeveloper now supports creating a project from an archetype which takes parameters.
  • Download and Apply patches from Update Center We now have the option to distribute critical patches (in Opatch format) through JDeveloper's Check for Updates tool.

Java EE and Web Development

  • No Paging mode New option when creating EJB and Bean data controls to control paginated fetching of data.
  • AccessMode specification Ability to use the AccessMode annotation on either the session bean class or the interface (remote or local) on which the data control is based.
  • Data Control property annotations Define data control properties (for example UI Hints) through annotations directly on the bean classes and avoid the prior requirement to maintain separate XML structure files for this purpose.
  • Customizable configuration classes Ability to specify a configuration class to hold the metadata for custom bean data controls.
  • Servlet-based EJB clients Ability to generate servlets that operate as EJB clients for improved EJB client testing.
  • ID Generator audit If an JPA Entity does not have ID generation an audit tip to create @GeneratedValue annotation will appear.
  • Configurable beans.xml location Beans.xml may now be added to either WEB-INF or META-INF depending on user requirements.
  • Web Sockets The properties window now supports the option to create and edit Web Socket annotations for Java classes.

Web Services Development

  • JAX-RS REST services JDeveloper provides support for creating JAX-RS 1.1 and 2.0 REST services and clients using provided Jersey implementations.
  • WADL viewer enhancements The WADL preview has been redesigned for improved readability and usability.
  • HTTP Analyzer REST structure page enhancements The Structure view of the HTTP Analyzer for REST requests and responses has been redesigned for improved usability.
  • Fast Infoset Fast Infoset is now enabled by default on SOAP Services in JDeveloper to improve SOAP messaging performance.

Application Server Integration

  • Coherence (GAR) deployment JDeveloper now supports the creation and deployment of GAR files for Coherence projects.
  • ojserver ojserver is process that can service ojdeploy requests with less overhead per request. The Ant task generation for ojdeploy now supports options to use ojserver instead.
  • Browser configuration script In the Web Browser and Proxy settings of JDeveloper, it's now possible to use a configuration script (for example, wpad.dat) for the proxy definition.

Database Development

  • SQL Developer 4.0 This JDeveloper version is aligned with SQL Developer 4.0, so many of the new features of SQL Developer are exposed in JDeveloper, including new Reporting, Cart features, improved searching, and more.
  • Database Connection enhancements In addition to updating the third-party databases you can connect to, we have also added the ability to pass additional/arbitrary JDBC parameters to the connection.
  • Code Insight in Database Modeler Code insight is now triggered when typing entries in the Database Modeler.
  • Many SQL & PL/SQL Coding improvements There are a number of enhancements to SQL and PL/SQL coding including:
    • Shared implementation with IDE of code folding, usage highlighting, code insight, and use of audits for highlighting and fixing missing methods
    • Offline PL/SQL can be compiled against a database connection
    • Ability to test SELECT statements embedded in PL/SQL.
    • Synchronize package specifications and bodies to add and remove member declarations.

ADF View (ADF Faces, DVT)

  • The New DVT Client Side Charting Solution provides the following benefits:
    • Client Side Resizing: Ability to resize and fit to containers without the need to go back to the server for layout.  
    • Improved Server Scalability: Layout is offloaded to the client, reducing server workload and increasing scalability of applications.
    • Rich Set of Features:
      • Over 30+ chart types
      • Redesigned zoom and scroll
      • Marquee zoom and selection
      • Redesigned Time axis
      • Hide and show series and ability to change layout with client side rescale
      • Improved data labeling

ADF Controller

  • Recursive bounded task flows Support for calling bounded task flows recursively. In previous versions, the view layer did not detect that the view activity had occurred and did not re-render the region.

ADF Business Components

  • Groovy Debugging: Groovy is utilized in a number of places, including Business Rule validator and trigger expressions. Now, one can set breakpoints and use the JDeveloper debugger to debug Groovy expressions.
  • Groovy Support for attribute UI hints: Entity and view attributes have a list of UI hints that can be utilized to how best render an attribute in their user interface. With Groovy support, now these hints can be calculated at runtime.

ADF Desktop Integration

  • Windows 8 & Excel 2013 support Updated support for Windows 8 and Excel 2013.
  • New Components Several new components are introduced in this release:
    • Image: The ADF Image component can be used to add images to an Excel workbook.
    • Output Text (Worksheet Errors): Used to display worksheet errors.
    • Output Text (Table Errors): Used to display database table errors.
  • New Properties Several new properties have been added in this release:
    • AllowCancel (Status message): Allows the user to cancel an ActionSet call that may be hung or taking too long.
    • ResizeMode, ResizeColumnsMode properties and ResizeColumns action (Table): Allow more control over table resizing behavior.
    • Tooltip: Many UI components now have a Tooltip property for specifying tooltips.

Tuesday Jun 24, 2014

[Oracle Identity Manager] Manage Child Process Forms With API

Oracle Identity Manager allows you to manage roles, responsibility or group membership as an entitlement. An entitlement granted to an account on a target system enables the account user to a specific task or function.In Oracle Identity Manager, there is one process form for each account (resource) provisioned to an OIM User. Entitlement data is stored in child process forms of the process form.

You can manage child form with Oracle Identity Manager api such as remove and add data. For this operations, you can use tcFormOperationsIntf service.

First,you have process instance key for find the right child table. 

    import Thor.API.Operations.tcFormInstanceOperationsIntf;

    private tcFormInstanceOperationsIntf service;

    /**
     * Default constructor.
     */
    public ProcessFormManagerImpl() {
        service = getClient().getService(tcFormInstanceOperationsIntf.class);
    }

    public void addDataChildProcessForm(long processInstanceKey, String columnName,
                                 String columnValue) throws Exception {
//columnName example UD_ADUSRC_GROUPNAME
        long processFormDefinitionKey =
            service.getProcessFormDefinitionKey(processInstanceKey);
        int processParentFormVersion =
            service.getProcessFormVersion(processInstanceKey);
        tcResultSet childFormDef =
            service.getChildFormDefinition(processFormDefinitionKey,
                                           processParentFormVersion);
        long childKey =
            childFormDef.getLongValue("Structure Utility.Child Tables.Child Key");
        HashMap addAttr = new HashMap();
        addAttr.put(columnName, columnValue);
        service.addProcessFormChildData(childKey, processInstanceKey, addAttr);
    }

    public void removeDataChildProcessForm(long processInstanceKey,
                                           String childFormKey,
                                           String columnName,
                                           String columnValue) throws Exception {
        long processFormDefinitionKey =
            service.getProcessFormDefinitionKey(processInstanceKey);
        int processParentFormVersion =
            service.getProcessFormVersion(processInstanceKey);
        tcResultSet childFormDef =
            service.getChildFormDefinition(processFormDefinitionKey,
                                           processParentFormVersion);
        long childKey =
            childFormDef.getLongValue("Structure Utility.Child Tables.Child Key");
        tcResultSet childData =
            service.getProcessFormChildData(childKey, processInstanceKey);
        for (int i = 0; i < childData.getRowCount(); i++) {
            childData.goToRow(i);
            String groupName = childData.getStringValue(columnName);
            if (groupName.equals(columnValue)) {
                long rowKey = childData.getLongValue(childFormKey);
                service.removeProcessFormChildData(childKey, rowKey);
            }
        }
    }

Monday Apr 28, 2014

Oracle Orta Katman Ürünleri Zirvesi 2014

Oracle

Oracle Orta Katman Ürünleri Zirvesi 2014

Mobilite, şirketler için her geçen gün daha fazla zorunluluk haline geliyor. Kurumların çalışanları, tedarikçileri ve müşterileri için sağlamak istedkleri esneklikler, kuşkusuz mobil dünyanın sağladığı en önemli katma değerlerden biri.

Mobil dünyanın uygulama katmanında sağladığı faydaları, kurumunuzun teknoloji altyapısının her seviyesinde kullanmak kuşkusuz etkinliğinizi daha da arttıracaktır. Kurum içerisinde kullanılan iş uygulamalarının artık mobil dünyada da daha entegre ve daha bütünleşik çalışması sağlanırken aynı zamanda tüm bu sistemlerin daha basit, daha güvenli ve yönetilebilir olması gerekmektedir.

Oracle, Orta Katman çözümleri ile tam da bu yetenekleri hedeflemektedir. Bunları gerçekleştirirken aynı zamanda iş uygulamalarına yeni fonksiyonların eklenmesi için gerekli geliştirme platformunu da sağlamak Oracle Orta Katman çözümlerinin hedefleri arasında yer almaktadır.

Bu doğrultuda, 6 Mayıs 2014, Salı günü Four Seasons Otel, Bosphorus'ta Intel’in ana sponsorluğunda gerçekleşecek "Oracle Orta Katman Ürünleri Zirvesi 2014" etkinliğimizde yanıtını bulacağınız sorulardan bazıları şöyle:

 Kurumunuzu Mobil Dünyaya Daha kolay ve Hızlı Entegre Nasıl Edebilirsiniz?
 Java'nın Kurumunuza Katacağı Gücün Farkında mısınız?
 Yeni Nesil Bütünleşik Sistemler ile Nasıl Katma Değer Yaratabilirsiniz?
 Süreçlerinizi Daha Etkin Nasıl Yönetebilirsiniz?
 Kurumsal Mimarinizi Daha Sağlam Temeller Üzerinde İnşa Etmek İster misiniz?
 Mobil Cihazlarla Erişimde Güvenliği Nasıl Sağlarsınız?

Zirvede Oracle teknolojilerini kullanan müşterilerimizin ve iş ortaklarımızın farklı sektörlerde; Kurumsal Mobil Uygulamalar, Süreç Yönetimi ve Entegrasyon Mimarileri, Uygulama Geliştirme Platformu, Yeni Nesil Bütünleşik Sistemler, Güvenli İş Uygulamaları konularında gerçekleştirdikleri başarılı projeleri sizlerle paylaşma fırsatı bulacağız. Etkinliğimizde sizleri de aramızda görmekten mutluluk duyacağız.

Saygılarımızla,
Oracle Türkiye

 06 Mayıs 2014
13:00 - 19:00

Google Maps
Four Seasons Bosphorus
Çırağan Caddesi, No:28
Beşiktaş / İstanbul

LCV:
Alp Canbakış
lcv@stoktours.com
0216 250 4 111
Gold Sponsor
Intel
Sunum Sponsorları
Etiya
Basistek
Program
13:00 - 13:30 Kayıt
13:30 - 13:45 Hoşgeldiniz
13:45 - 14:30 Mobile Business with the Cloud - Get there faster with Fusion Middleware 12c *
James Allerton-Austin, Oracle EMEA Ürün Yönetimi
14:30 - 15:00 Yeni Dünya, Yeni Tüketici, Yeni Şirket
Serdar Kuzuloğlu, Teknoloji / Trend Editörü
15:00 - 15:15 e-İçişleri e-Dönüşüm
T.C. İçişleri Bakanlığı Bilgi İşlem Dairesi Başkanlığı
15:30 - 16:00 Ara
Salon I
Salon II
16:00 - 16:30 En iyi teklifi biz yaptık. İhaleyi kaptık.
Zer, ihale süreçlerini Oracle BPM ile verimli ve izlenebilir yaptı.
Brisa Kimlik Yönetimi Projesi
Zer A.Ş.
Brisa, Basistek
16:30 - 16:40 Ara
16:40 - 17:10 Servis Mükemmelleştirme Projesi Sonrasi TTNET'te Hizmet Yaşam Döngüsü Aboneden Müşteriye - Enerji Sektöründe CRM Dönüşümü
TTNet
Etiya
17:10 - 17:20 Ara
17:20 - 17:50 Türkiye’nin Merkezi Muhasebe Yazılımı Akıllı Cihazlar, Güvenli Kurumsal Uygulamalar
TURMOB - Luca
Oracle
17:50 - 19:00 Kokteyl

* Sunum İngilizcedir.

Thursday Apr 24, 2014

[Oracle Identity Manager] Management of Oracle Database Authorization

Oracle Identity Manager projects usually starts with management of user identity life-cycle from trusted resource to target systems. After completed user's identity management in first step second step is entitlement management of user's. For example role management of user's on Oracle Databases or Windows Servers or any custom applications.

I want to share my experience about management of Oracle Database authorization through Oracle Identity Manager in a project on this post.

We used three component for management of Oracle Database Authorization. These are Oracle Database Enterprise User Security(EUS), Oracle Unified Directory(OUD) and Oracle Identity Manager(OIM).  

Enterprise User Security enables you to centrally manage database users across the enterprise. This is a component of Oracle Database.

Oracle Unified Directory is a comprehensive next generation directory service that is designed to address large deployments, to provide high performance, to be highly extensive and to be easy to deploy, manage, and monitor. Oracle Unified Directory is used to role management integrated with Enterprise User Security.Integrating Oracle Unified Directory with Oracle's Enterprise User Security (EUS) enables you to store user identities in Oracle Unified Directory for Oracle Database authentication.

Oracle Identity Manager is used to management of Oracle Unified Directory user's life-cycle with right value and user's group.All of this process stars from Oracle Identity Manager and then insert user to OUD group or delete user from OUD group.So user will have rights via Oracle Unified Directory and Enterprise User Security.


Following steps explain integration of these three tools.

1- Enabling Oracle Unified Directory for Enterprise User Security by using Oracle Directory Services Manager(ODSM).

  • Connect to the directory server from ODSM.
  • Select the Home tab.
  • Under the Configuration menu, select Create Base DN.
  • On the Configuration Wizard, enter the details of the new suffix.
  • Select the EUS Enabled check box.
  • Click Create to add the new, EUS-enabled suffix.

2- After OUD has been enabled for EUS, you must update the realm information in the OUD configuration by performing the following steps:

  • Locate the LDIF template file at install_dir/config/EUS/modifyRealm.ldif.
  • Edit the modifyRealm.ldif file as follows:

-Replace dc=example,dc=com with the correct naming context for your server instance.

-Replace ou=people and ou=groups with the correct location of the user and group entries in your DIT.

  • Use the ldapmodify command to update the configuration with the edited LDIF template file, for example:

- $ ldapmodify -h localhost -p 4444 -D "cn=directory manager" -j pwd-file -v -f modifyRealm.ldif

3- Complete below configuration on Oracle Database

  • Configure your database for directory usage by using NetCA.
  • Register the database with the directory by using DBCA.
  • Creating a shared schema in the database.
  • Mapping enterprise users to the shared schema.

4-Install Oracle Internet Directory Connector to Oracle Identity Manager because of user provisioning to Oracle Unified Directory and manage groups so roles.

When complete all of above steps.First Enterprise User Security enabled on DB,then create DB roles -enterprise role- and map this roles to the Oracle Unified Directory global roles.And last manage user's Oracle database authorization with Oracle Identity Manager through Oracle Unified Directory.

P.S.: if you want to manage Oracle Database 9i you have to use Oracle Internet Directory instead of Oracle Unified Directory.

Friday Apr 18, 2014

April 2014 FMW Proactive Patches Released

The following Fusion Middleware Productive patches were released April 15, 2014. You can get more information from here.

Bundle Patches :

Bundle patches are collections of controlled, well tested critical bug fixes for a specific product  which may include security contents and occasionally minor enhancements. These are cumulative in nature meaning the latest bundle patch in a particular series includes the contents of the previous bundle patches released.  A suite bundle patch is an aggregation of multiple product  bundle patches that are part of a product suite.

  • Oracle Business Intelligence Enterprise Edition (OBIEE) 11.1.1.7.140415 bundle patch
  • Oracle Directory Server Enterprise Edition (ODSEE) 11.1.1.7.1 bundle patch.
  • Oracle GlassFish Server (OGFS) 2.1.1.23 bundle patch.
  • Oracle Identity Analytics 11.1.1.5.7 bundle patch.
  • Oracle Sun Role Manager (SRM) 5.0.3.3 bundle patch.
  • Oracle Identity Management Suite Bundle Patch 11.1.1.7.1 consisting of 
    • Oracle Identity Manager (OIM) 11.1.1.7.1 bundle patch
    • Oracle Access Manager (OAM) 11.1.1.7.1 bundle patch.
  • Oracle Identity Management Suite Bundle Patch 11.1.2.1.3 consisting of 
    • Oracle Access Manager (OAM) 11.1.2.1.3 bundle patch.
    • Oracle Adaptive Access Manager (OAAM) 11.1.2.1.2 bundle patch.
  • Oracle Identity Management Suite Bundle Patch 11.1.2.2.1 consisting of 
    • Oracle Access Manager (OAM) 11.1.2.2.1 bundle patch.
  • Oracle Identity Manager (OIM) 11.1.2.1.6 bundle patch
  • Oracle OpenSSO Policy Agents 3.0.0.4 bundle patch.
  • Oracle SOA Suite (SOA) 11.1.1.7.3 bundle patch
  • Oracle WebCenter Portal (WCP) 11.1.1.8.3 bundle patch

Patch Set Updates (PSU)

Patch Set Updates (PSU)  are collections of well controlled, well tested critical bug fixes for a specific product  that have been proven in customer environments. PSUs  may include security contents but no  enhancements are included. These are cumulative in nature meaning the latest PSU  in a particular series includes the contents of the previous PSUs  released.  

  • Oracle Exalogic 2.0.3.0.6 (X3-2, X2-2) and 2.0.6.1.1 (X4-2) Physical Linux x86-64 PSUs.
  • Oracle Exalogic 2.0.4.0.6 (X3-2, X2-2) and 2.0.6.1.1 (X4-2) Physical Solaris x86-64 PSUs
  • Oracle Exalogic 2.0.6.0.1 (X3-2, X2-2)  and 2.0.6.1.1 (X4-2) Virtual PSUs.
  • Oracle WebLogic Server 10.3.6.0.8 , 12.1.1.0.7 and 12.1.2.0.1 PSUs. 
Critical Patch Update (CPU) :

The Critical Patch Update program is Oracle's quarterly release of security fixes. 

The following additional patches were released as part of Oracle's Critical Patch Update program:

  • Oracle Access Manager (OAM) 11.1.1.5.0.
  • Oracle Container for Java (OC4J) 10.1.3.5. 
  • Oracle Data Integrator Data Quality 11.1.1.3.0
  • Oracle Endeca Information Discovery 2.2.2 (Formerly Latitude)
  • Oracle Event Processing 11.1.1.7.0
  • Oracle OpenSSO Server 8.0.2.0.
  • Oracle WebCenter Portal 11.1.1.7.0
  • Oracle WebLogic Server 10.0.2.0

Wednesday Jan 15, 2014

January 2014 Fusion Middleware Proactive Patches Released

The following Fusion Middleware (FMW) Proactive  patches were released on January 14, 2014.

You can get more information from here.

Bundle Patches :

Bundle patches are collections of controlled, well tested critical bug fixes for a specific product  which may include security contents and occasionally minor enhancements. These are cumulative in nature meaning the latest bundle patch in a particular series includes the contents of the previous bundle patches released.  A suite bundle patch is an aggregation of multiple product  bundle patches that are part of a product suite.

  • Oracle Business Intelligence Enterprise Edition (OBIEE) 11.1.1.7.140114 bundle patch
  • Oracle Data Integrator (ODI) 12.1.0.2.1 bundle patch
  • Oracle Identity Management Suite Bundle Patch 11.1.1.5.6 consisting of
    • Oracle Identity Manager (OIM) 11.1.1.5.10 bundle patch
    • Oracle Access Manager (OAM) 11.1.1.5.6 bundle patch.
    • Oracle Adaptive Access Manager (OAAM) 11.1.1.5.2 bundle patch.
    • Oracle Entitlement Server (OES) 11.1.1.5.4 bundle patch.
  • Oracle Identity Management Suite Bundle Patch 11.1.2.0.5 consisting of
    • Oracle Access Manager (OAM) 11.1.2.0.5 bundle patch.
    • Oracle Adaptive Access Manager (OAAM) 11.1.2.0.3 bundle patch.
    • Oracle Entitlement Server (OES) 11.1.2.0.2 bundle patch.
    • Note : This suite BP is delayed by few days
  • Oracle Identity Management Suite Bundle Patch 11.1.2.1.2 consisting of
    • Oracle Access Manager (OAM) 11.1.2.1.2 bundle patch.
    • Oracle Adaptive Access Manager (OAAM) 11.1.2.1.2 bundle patch.
  • Oracle Identity Manager (OIM) 11.1.2.0.13 bundle patch
  • Oracle Identity Manager (OIM) 11.1.2.1.4 bundle patch
  • Oracle GlassFish Server (OGFS) 3.1.2.8 bundle patch.
  • Sun Java System Application Server 8.1.36 and 8.2.20 bundle patches.
  • Oracle iPlanet Web Server (OiWS) 6.1.18 and 7.0.19 bundle patches
  • Oracle iPlanet Web Proxy Server (OiWPS) 4.0.23 bundle patch
  • Oracle SOA Suite (SOA) 11.1.1.7.2 bundle patch
  • Oracle WebCenter Portal (WCP) 11.1.1.8.2 bundle patch

Patch Set Updates (PSU)

Patch Set Updates (PSU)  are collections of well controlled, well tested critical bug fixes for a specific product  that have been proven in customer environments. PSUs  may include security contents but no  enhancements are included. These are cumulative in nature meaning the latest PSU  in a particular series includes the contents of the previous PSUs  released. 

  • Oracle Exalogic 2.0.3.0.5 Physical Linux x86-64 , 2.0.4.0.5 Physical Solaris x86-64 PSUs and  Exalogic 2.0.6.0.1 Virtual.
  • Oracle WebLogic Server 10.3.6.0.7 PSU.

Critical Patch Update (CPU) :

The Critical Patch Update program is Oracle's quarterly release of security fixes.

The following additional patches were released as part of Oracle's Critical Patch Update program:

  • Oracle Container for Java (OC4J) 10.1.3.5.
  • Oracle Enterprise Data Quality  9.0.8 and 8.1
  • Oracle HTTP Server (OHS)  12.1.2, 11.1.1.7.0, 11.1.1.6.0 , 10.1.3.5 and 1.0.2.2
  • Oracle Help Technologies  12.1.2.0, 11.1.1.8.0,  11.1.1.7.0 and 11.1.1.6.0
  • Oracle Internet Directory (OID) 11.1.1.7.0 and 11.1.1.6.0
  • Oracle Outside In Technology 8.4.0 and  8.4.1
  • Oracle Portal 11.1.1.6.0
  • Oracle Security Service 12.1.2.0.0
  • Oracle Traffic Director (OTD) 11.1.1.7.0 and 11.1.1.6.0
  • Oracle WebCenter Sites 11.1.1.8.0, 11.1.1.6.1 and 7.6.2      

Sunday Nov 24, 2013

Oracle Identity Manager Architecture

Originally Published on Oracle Fusion Middleware Blog

Oracle Identity Governance includes Oracle Identity Manager,Oracle Identity Analytics and Oracle Privileged Account Manager. I will write about Oracle Identity Manager architecture in this post. 


In basically, Oracle Identity Manager is a n-tier standard  Java EE application that is deployed on Oracle WebLogic Server and uses  a database . 

oracle identity manager architecture


Oracle Identity Manager presentation tier has three different screen. Identity Self Service and Identity System Administration are web-based thin client. Design Console is a Java Swing Client that communicates directly with the Business Service Tier.  Identity Self Service provides end-user operations and delegated administration features. System Administration provides system administration functions. And Design Console mostly use for development management operations such as  create and manage adapter and process form,notification , workflow desing, reconciliation rules etc.

Business service tier is implemented as an Enterprise JavaBeans(EJB) application. So you can extense Oracle Identity Manager capabilities. 
-The SMPL and EJB APIs allow develop custom plug-ins such as management roles or identities. 
-Identity Services allow use core business capabilites of Oracle Identity Manager such as The User provisioning or reconciliation service.
-Integration Services allow develop custom connectors or adapters for various deployment needs.
-Platform Services allow use Entitlement Servers, Scheduler or SOA composites.

The Middleware tier allows you using capabilites ADF Faces,SOA Suites, Scheduler, Entitlement Server and BI Publisher Reports. So OIM allows you to configure workflows uses Oracle SOA Suite or define authorization policies use with Oracle Entitlement Server. Also you can customization of OIM UI without need to write code and using ADF Business Editor  you can extend custom attributes to user,role,catalog and other objects.


Data tiers; Oracle Identity Manager is driven by data and metadata which provides flexibility and adaptability to Oracle Identity Manager functionlities. 
-Database has five schemas these are OIM,SOA,MDS,OPSS and OES. Oracle Identity Manager uses database to store runtime and configuration data. And all of entity, transactional and audit datas are stored in database.
-Metadata Store; customizations and personalizations are stored in file-based repository or database-based repository.And Oracle Identity Manager architecture,the metadata is in Oracle Identity Manager database to take advantage of some of the advanced performance and availability features that this mode provides.
-Identity Store; Oracle Identity Manager provides the ability to integrate an LDAP-based identity store into Oracle Identity Manager architecture. 

Oracle Identity Manager

Oracle Identity Manager uses the human workflow module of Oracle Service Oriented Architecture Suite. OIM connects to SOA using the T3 URL which is front-end URL for the SOA server.Oracle Identity Manager uses embedded Oracle Entitlement Server for authorization checks in OIM engine. 

Several Oracle Identity Manager modules use JMS queues. Each queue is processed by a separate Message Driven Bean (MDB), which is also part of the Oracle Identity Manager application. Message producers are also part of the Oracle Identity Manager application.

Oracle Identity Manager uses a scheduled jobs for some activities in the background.Some of scheduled jobs come with Out-Of-Box such as the disable users after the end date of the users or you can define your custom schedule jobs with Oracle Identity Manager APIs.

You can use Oracle BI Publisher for reporting Oracle Identity Manager transactions or audit data which are in database.

About me:

Mustafa Kaya is a Senior Consultant in Oracle Fusion Middleware Team, living in Istanbul. Before coming to Oracle, he worked in teams developing web applications and backend services at a telco company. He is a Java technology enthusiast, software engineer and addicted to learn new technologies,develop new ideas.

Follow Mustafa on Twitter,Connect on LinkedIn, and visit his site for Oracle Fusion Middleware related tips.

Thursday Oct 31, 2013

A Great Work : ADF Architecture TV

product logoI would like to information about Oracle ADF Product Management's great work ; ADF Architecture TV. This channel has various subjects such as before start a new ADF or any software project what will you need or how can you select team member's skills, or how to implement and design an ADF projects etc.

When developing with a new technology, one of the challenges for technical staff is to both learn the features of the technology and how to implement them, and also consider the broader concepts of design, engineering and architecture. Many an IT project has come undone because IT staff have been focused on the nitty gritty details of writing software, rather than looking at the "bigger picture" of how it will all go together.

Oracle's "ADF Architecture TV" plans to address this issue by focusing on architectural issues and developer guidelines for writing ADF software solutions. The goal, to give ADF developers an understanding of the decisions you need to build a successful ADF application, potential architectural blueprints to choose from when putting the ADF application together, and potential best practices to take back to your development team.

 You can click here for ADF Architecture TV. 

Monday Oct 21, 2013

October 2013 FMW Proactive Patches Released

The following Fusion Middleware (FMW) Proactive patches were released on October 15, 2013.

Bundle Patches :

Bundle patches are collections of controlled, well tested critical bug fixes for a specific product  which may include security contents and occasionally minor enhancements. These are cumulative in nature meaning the latest bundle patch in a particular series includes the contents of the previous bundle patches released.  A suite bundle patch is an aggregation of multiple product  bundle patches that are part of a product suite.

  • Oracle Identity Management Suite Bundle Patch 11.1.1.5.5 consisting of
    • Oracle Identity Manager (OIM) 11.1.1.5.9 bundle patch
    • Oracle Access Manager (OAM) 11.1.1.5.6 bundle patch.
    • Oracle Adaptive Access Manager (OAAM) 11.1.1.5.2 bundle patch.
    • Oracle Entitlement Server (OES) 11.1.1.5.4 bundle patch.
  • Oracle Identity Management Suite Bundle Patch 11.1.2.0.4 consisting of
    • Oracle Access Manager (OAM) 11.1.2.0.4 bundle patch.
    • Oracle Adaptive Access Manager (OAAM) 11.1.2.0.2 bundle patch.
    • Oracle Entitlement Server (OES) 11.1.2.0.2 bundle patch.
  • Oracle Identity Analytics (OIA ) 11.1.1.5.6  bundle patch.
  • Oracle GlassFish Server (OGFS) 2.1.1.22, 3.0.1.8 and 3.1.2.7 bundle patches.
  • Oracle iPlanet Web Server (OiWS) 7.0.18 bundle patch
  • Oracle SOA Suite (SOA) 11.1.1.7.1 bundle patch
  • Oracle WebCenter Portal (WCP) 11.1.1.8.1 bundle patch
  • Sun Role Manager (SRM) 4.1.7 and 5.0.3.2 bundle patches.

Patch Set Updates (PSU)

Patch Set Updates (PSU)  are collections of well controlled, well tested critical bug fixes for a specific product  that have been proven in customer environments. PSUs  may include security contents but no  enhancements are included. These are cumulative in nature meaning the latest PSU  in a particular series includes the contents of the previous PSUs  released. 

  • Oracle Exalogic 2.0.3.0.4 Physical Linux x86-64 and 2.0.4.0.4 Physical Solaris x86-64 PSUs.
  • Oracle WebLogic Server 10.3.6.0.6 and 12.1.1.0.6 PSUs.

Critical Patch Update (CPU) :

The Critical Patch Update program is Oracle's quarterly release of security fixes.

The following additional patches were released as part of Oracle's Critical Patch Update program:

  • Oracle JDeveloper 11.1.2.3.0, 11.1.2.4.0 and 12.1.2.0.0
  • Oracle Outside In Technology 8.4.0 and  8.4.1
  • Oracle Portal 11.1.1.6.0
  • Oracle Security Service  11.1.1.6.0, 11.1.1.7.0 and 12.1.2.0.0
  • Oracle WebCache 11.1.1.6.0 and 11.1.1.7.0
  • Oracle WebCenter Content 10.1.3.5.1, 11.1.1.6.0, 11.1.1.7.0 and 11.1.1.8.0
  • Oracle WebServices 10.1.3.5.0 and 11.1.1.6.0

For more information;

Monday Oct 07, 2013

[Oracle Identity Manager] 11g R2 Bundle Patch 11 is Available!

Oracle Identity Manager Bundle Patch 11 is available now. You can download BP11 from here.

 List of bugs fixed with BP11;

Bug Number Description

13813724

Date format mismatch occurs between various date fields in the manage user forms.

14287934

For the Enable User, Disable User, or Delete User request types, the approver is not able to approve the task by opening the popup for approving the task, and the page refreshes with no result.

14634183

Localization for challenge questions is not upgrade-safe.

14724980

Need to modify the Transformation and Analysis layer of SIL layer to implement SAP GRC (AC) 5.3 and 10.

16102603

On importing users, accounts, user role memberships, or entitlements, the import job fails on Oracle Identity Analytics (OIA) when the user-role memberships option is selected.

16302094

Need to modify the Transformation and Analysis layer of SIL layer to implement SAP GRC (AC) 5.3 and 10, and in SAP UM, UME, and legacy connector.

16400040

Entitlement provision date displays the account provision date.

16737929

Provisioning task status is different in the task list and task details.

16800609

Illegal state exception is thrown when cache is trying to put value to cache or to cancel update

16906076

Exceptions related to the tcDatabase close method are displayed in the logs.

16984573

Duplicate Role Names in different cases are created.

17086833

More than 25 saved request profiles are not displayed.

17179590

Enable pagination in my accounts pages for performance optimization.

17237114

Ad hoc linking does not work.

17254699

Performance issues are encountered while exporting roles by using the Deployment Manager.

Sunday Sep 29, 2013

[Oracle Identity Manager] Provision Account With OIM Api

Oracle Identity Manager allows you to provision account using the OIM api. Sometimes you will need give account from remote operations (webservice or some remote connector).

For this operations , first , you have to find right application instance for provision account. You can use findApplicationInstanceByName method of oracle.iam.provisioning.api.ApplicationInstanceService service for find application instance. Then,you can provision an application instance with OIM api, using  oracle.iam.provisioning.api.ProvisioningService service.

import oracle.iam.provisioning.api.ProvisioningService;

import oracle.iam.provisioning.api.ApplicationInstanceService;

    public void provisionAccount(String userKey) throws ApplicationInstanceNotFoundException,

                                                                        GenericAppInstanceServiceException,

                                                                        UserNotFoundException,

                                                                        GenericProvisioningException {

ProvisioningService service=getClient().getService(ProvisioningService.class); 

ApplicationInstance appInstance=findApplicationInstanceByName("Application Instance Name");

                //serverName example : UD_ADUSER_SERVER

        //itResourceName example : Active Directory

        FormInfo formInfo = appInstance.getAccountForm();

        Map parentData = new HashMap();

        parentData.put(serverName, itResourceName);

        String formKey = String.valueOf(formInfo.getFormKey());

        AccountData accountData = new AccountData(formKey, null, parentData);

        Account account = new Account(appInstance, accountData);

        account.setAccountType(Account.ACCOUNT_TYPE.Primary);

        service.provision(userKey, account);

}


    public ApplicationInstance findApplicationInstanceByName(String applicationInstanceName) throws ApplicationInstanceNotFoundException,

                                                                                                GenericAppInstanceServiceException {

ApplicationInstanceService service=getClient().getService(ApplicationInstanceService.class);

        ApplicationInstance appInstance=service.findApplicationInstanceByName(applicationInstanceName);

        return appInstance;

    }

Wednesday Aug 21, 2013

[Oracle Identity Manager] 11g R2 Basic Performance Tuning

We have to configuration performance tuning changes for optimal performance for Oracle Identity Manager such as application server,database and etc. I'll write some basic tuning settings  recommended by Oracle.

Also, you can read this guide for other tuning settings such as caching and learn how to monitor Oracle Identiy Manager performance. http://docs.oracle.com/cd/E27559_01/doc.1112/e28552/oim.htm

Basic UI Tuning :

Following are the recommended application module settings for OIM. Add these settings under WebLogic ServerAdministration Console>> Servers >> oim_server1>> Server Start >> Arguments and restart the admin server.

-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1

-Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60

-Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true

-Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1

-Djbo.connectfailover=false -Djbo.max.cursors=5

-Doracle.jdbc.implicitStatementCacheSize=5

-Doracle.jdbc.maxCachedBufferSize=19

These recommended settings assume that 100 concurrent users per node. Use the below formula to change

Djbo.ampool.maxavailablesize if your # of concurrent users is different.

Djbo.ampool.maxavailablesize = # of concurrent users + 20%

Basic Server Tuning:

JVM Parameter HotSpot JVM JRockit JVM

Min. Heap Size (Xms) 4GB 4GB

Max Heap Size (Xmx) 4GB 4GB

PermSize (-XX:PermSize) 500m N/A

PermGen size (-XX:MaxPermSize) 1GB N/A

JDBC Connection Pool parameters: 

Parameter name Value

Initial Capacity 50

Minimum Capacity 50

Max. Capacity 150

Inactive Connectiontimeout 30

To increase the capacity of the JDBC connection pools:

Goto WebLogic Server Administration Console and then Click Services=>Data Sources.

OIM also uses DirectDB data source and you can increase its capacity as below.

Go to Enterprise Manager -> Oracle Identity Manager -> System MBean Browser -> Application Defined MBeans -> oracle.iam -

>OIM Server -> Application oim -> XMLConfig -> Config -> XMLConfig.DirectDBConfig.

Set the following values for attributes.

Attribute name Value

MinConnections 50

MaxConnections 150

Friday Aug 02, 2013

[Oracle Identity Manager] 11g R2 Bundle Patch 09 is Available!

Oracle Identity Manager Bundle Patch 09 is available now. You can download BP09 from here.

Also,there is a important recommendation for BP08!

 List of bugs fixed with BP09;

Bug:12699224 : Trusted source reconciliation fails to create users with many reconciliation field mappings.

Bug:14407437 : Provisioning through bulk request inserts null records into child tables.

Bug:14493217 : Target resource reconciliation throws ORA-06512 error when the Descriptive field is mapped to a field that does not have a reconciliation field mapping.

Bug:16044671 : User form customization fails if a UDF contains invalid character.

Bug:16545968 : Modifying any attribute on a service account changes the account type as a primary account.

Bug:16562633 : Oracle Identity Manager throws javax.el.elexceptions while viewing profile under direct report.

Bug:16662834 : User not reprovisoned after user is deleted and created in the target with the same orclguid.

Bug:16662905 : If an LOV field is required on an Application Instance form, no validation is enforced on the LOV field although it is required.

Bug:16701873 : The Members tab of a role displays only enabled users and does not display disabled users.

Bug:16862846 : When a notification is being sent, the mail ID in the Reply To field is set as the recipient's mail ID instead of the sender's mail ID.

Bug:16824062 : When you use API to fetch or delete child data from an account, the child data row value is null. Therefore, child data is not returned.

Bug:16912736 : There is a performance issue when the provisioned application instance details is opened for a user.

About

Türkçe versiyon için tıklayınız.

profile image
Welcome to my blog, a space for me to share information on various Oracle middleware technology issues. My day job as a consultant within Oracle Consulting Fusion Middleware Team.I will share some of these issues and solutions here in the hope that it will help you out some day!


Search

Categories
Archives
« March 2015
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today