Friday Jul 11, 2014

Prepare for My Oracle Support (MOS) Release 14.3—Browser Requirements

If you have a CSI number, then you are eligible for technical support for your Oracle products using the My Oracle Support (MOS) portal.

With the rollout of My Oracle Support 14.3 on July 18, 2014, there will be changes to certified browsers.

If your browser is not upgraded, you may encounter issues or receive unexpected results and the solution will be to move to the certified browser. Fixes will not be generated for browsers that are no longer supported.

Check your browser version before July 18 to minimize any adverse impact later, when you do need to use MOS for any research or to file an SR.

Happy Trails!


Wednesday May 28, 2014

MOSC Bits - Personalized Profile

It is a good idea to have a unique profile in MOSC. Your activities there are better recognized and might even become a well known brand! This leads to recognition and trust.

My Oracle Support Communities (MOSC)  is a well established platform where experiences are shared. Reputation and trust are the basis for the quality of all communication there.

A personalized  profile can help to build up a good reputation. Besides the experience counter, a good name, details about your location and business experience are valuable details. Although a little bit hidden, the profile's avatar can be customized, too. The profile's avatar is an eye catcher and can act as an unique visual representation for  you. 

How to add / modify MOSC profile avatar (picture, icon)  ?   

  • Don't look in Edit Profile section.
  • After login, click on  your profile's name on top right.  

  • This lists all public information as part of the Bio section.
  • Select the Activity tab.

  • The Change Avatar link is on same level at far right.
  • A list of predefined symbolic pictures is populated.
  • Choose from the list of existing pictures or try Add Another to upload an image file from your local computer (JPG, PNG, GIF, or BMP only, maximum file size of 2.0 MB).
  • Note: New added images can be used only after running through a review process. Usually after one business day they can be selected for your personal avatar.

Wednesday May 21, 2014

We Bring You OAM Pirate Treasure

What is found among the nooks and crannies, in dark corners, can be exciting and sometimes dangerous.

While diving in Monterey, off the coast of California, my husband was poking around a jetty, motioned to me to come see a moray eel whose mouth was slowly opening and closing. He assured me it was not warning me to swim away as fast as I could, but that it was sleeping, breathing rhythmically with the motion of the waves above. Just an arm's length was visible, the tip of the iceberg, if you will, as these animals are scary long. He's a Divemaster, but I'm not convinced that makes him all that much more cautious among the critters, as one time he surfaced in a herd of barking sea lions.

Another time we were diving in Hawaii and he and our young son went into a cave to get a closer look at a shark that he, yet again, assured me was asleep, despite its swimming back and forth at the back of the cave, clearly alert as it was not crashing into anything. The sea turtle just outside the cave that was floating on the sandy bottom I KNEW was asleep as it wasn't moving at all, just enjoying the massage from little fish picking gunk off its shell, and that's where I chose to position myself in case the shark attacked and I had to swim for help.

A few months ago, one of my colleagues was poking around the innumerable internal wiki pages with the help of our Dev contact (our "Devmaster"?), but instead of finding something threatening, he found a pirate's treasure. Oracle OAM Development had put together an impressive collection of Cloud troubleshooting wikis that have concrete steps to follow, showing what to expect, what is problematic and what isn't.

Over the course of a month, several of us converted the wikis into about 30 Knowledge Base articles that we now bring to you. There are flowcharts with boxes to click on, and you can go back up a level or back to the top article.

So -- TA DA! Start here:

It's big with lots of dank corners, but we assure you that exploration in the world of OAM FA Cloud troubleshooting will give you new insights and understanding to make the journey worthwhile.

Happy Trails!

Tuesday May 06, 2014

Finding Your Way in the OIM RDA - a cheat sheet

Have you used the Remote Diagnostic Agent (RDA)?

It's a remarkable tool that keeps evolving, with new files added to give you a comprehensive look at your environment. Our Support Engineers use it to get a quick, accurate picture of your system without all the back and forth it would otherwise take for you to run commands and to collect necessary files used to troubleshoot and solve problems.

But because it changes and grows, with lots of modules and profiles, it can be hard to find what you're looking for. We constantly strive to improve its usability, most recently completing a project to reduce the number of questions you are asked when running it.

So, for Oracle Identity Manager (OIM), we are announcing a Cheat Sheet listing navigation to the most commonly referenced files, so that you can find what you're looking for more easily.

Let us know what you think! Do you have other files that you often use, but may have trouble finding in an RDA? We will add it to the Cheat Sheet.

For details on how to run an RDA, start here:  Resolve Problems Faster! Use Remote Diagnostic Agent ( RDA ) - Fusion Middleware and WebLogic Server (Doc ID 1498376.1)

For our previous blog post on the RDA, see: Accelerate your resolution…

Don't be afraid to run the RDA, just to see how robust a tool it can be!

And if you run into a problem that you can't figure out, please upload a fresh copy of the RDA output to a Service Request for your Support Engineer to review.

Happy Trails

Tuesday Apr 22, 2014

OIM Clustering: Keeping separate environments separate

Oracle Identity Manager 11g incorporates several clustering technologies in order to ensure high-availability across its different components. Several of these technologies use multicast to discover other cluster nodes on the same subnet. For testing and development purposes, it is common to have multiple distinct OIM environments co-existing on the same subnet. In that scenario, it is essential that the distinct environments utilise separate multicast addresses, so that they do not talk to each other – if they do, they will confuse one another, and many things can go wrong. This problem is less common with production environments, since best practice dictates that the production environment should be on a separate subnet from development and test, and multicast traffic cannot transverse subnet boundaries without special configuration.

Overview of OIM Clustering

Here’s a rough diagram of the clustering components inside OIM:

Quartz Scheduler Cluster

Data Caching Cluster

( and earlier only)


Application Server Cluster
(WebLogic or WebSphere)

There are three basic layers of clustering in OIM:

  • Application Server Clustering: This is the clustering layer of the underlying Java EE Application Server (Oracle WebLogic or IBM WebSphere). This is responsible for replication of the JNDI tree, EJBs, HTTP sessions, etc.
  • Data Caching: This provides in-memory caching of data to improve performance, while ensuring that database updates made on one node are propagated promptly to the others. OIM uses OSCache (OpenSymphony Cache) as the underlying technology for this.
  • Scheduler Clustering: This is used to ensure that in a cluster each execution of a scheduled job only runs on one node. Otherwise, if a job is scheduled to start at 9am, every node in the cluster might try to start it at the same time, resulting in multiple simultaneous executions of that job

Clustering layers present in older versions only

  • In OIM 11gR1, and 11gR2 base release, OIM used EclipseLink data caching, which included its own multicast clustering layer. From OIM onwards, while EclipseLink is still being used for data access, its caching features are no longer used, so this form of multicast clustering is no longer present.
  • As well as using JGroups for OSCache, OIM 9.x also used JGroups for a couple of additional functions (forcibly stopping scheduled tasks and diagnostic dashboard JMS test.) In OIM 11g, JGroups is now used for OSCache only.

Underlying technologies used

Different clustering components in OIM use different technologies:

Component Technology Details
Application Server Cluster Unicast or Multicast Consult Application Server documentation:
(OIM and earlier only)
  • Multicast for node discovery
  • T3 JNDI for node-to-node communication (WebLogic)
  • RMI for node-to-node communication (WebSphere)
Multicast is only used to find other nodes in the cluster. With WLS, JNDI connections are opened between the nodes for the cache coordination traffic. On WebSphere, RMI is used instead.
  • Multicast using JGroups package

Quartz Scheduler
  • Database tables
Unlike other clustering components, Quartz does not use direct network communication between the nodes. Database tables are used for inter-cluster communication

Relevant Configuration Settings

I’m only going to talk about the OIM-specific clustering settings here. So I won’t go into the configuration of the WebLogic/WebSphere clustering layer, only the data cache and scheduler clustering layers. All configuration relevant to these can be found in the /db/oim-config.xml file in MDS. So let’s discuss the settings in this file which are relevant to clustering.

Setting Explanation
<cacheConfig clustered=”…”> Must be set to true in a clustered install, and false for a single-instance install. This controls whether OSCache operates in a clustered mode.
<cacheConfig>/<xLCacheProviderProps multicastAddress=””> Multicast address which is used for OSCache. (Also used by EclipseLink in versions and earlier; the same address is used for both.) Make sure this address is unique for each distinct OIM environment on the same subnet.
<xLCacheProviderProps>/<properties> Can be used to manually override JGroups configuration used by OSCache. Not recommended.
<schedulerConfig clustered=”…”> Must be set to true in a clustered install, and false for a single-instance install.
<schedulerConfig multicastAddress=”…”> In OIM 9.x, JGroups was used to forcibly stop jobs. In OIM 11g, a different mechanism is used instead. This configuration setting is a left-over from OIM 9.x, and is now ignored. However, to avoid confusion, it is recommended to set this to the same multicastAddress as the xLCacheProviderProps above.
<deploymentConfig>/<deploymentMode> In a clustered install, should be set to clustered; in a single instance, should be set to simple. This is used to control whether EclipseLink operates in a clustered mode.
<SOAConfig>/<username> As its name implies, this is the username used by OIM to login to SOA. However, in OIM and earlier, it also serves an additional purpose – on WebLogic, this username is used by EclipseLink clustering for inter-node communication. By default, this is weblogic; if you have renamed the weblogic user, you must change it; you are free to use another user if you wish, so long as they are a member of the Administrators group. (On WebSphere, this user is used for OIM-SOA integration only, not for EclipseLink clustering.)To change this, see “2.6 Optional: Updating the WebLogic Administrator Server User Name in Oracle Enterprise Manager Fusion Middleware Control (OIM Only)”. (If step 11 in those steps gives you a permissions error, just skip that step.)
<SOAConfig>/<passwordKey> This is the name of the CSF Credential which stores the password for the <SOAConfig> user. You should never change this setting in oim-config.xml from its default of SOAAdminPassword, but you will need to change the corresponding CSF entry whenever you change that user’s password.

What can go wrong

As I’ve mentioned, it is important that you have the correct clustering configuration for your environment. If you do not, many things can go wrong. I don’t propose to provide an exhaustive list of potential problems in this blog post, but just give one example I recently encountered at a customer site.

This customer was preparing to go live with Oracle Identity Manager As part of their pre-production activities, they needed to document and test the procedure for periodic change of the weblogic password. They began by their testing by changing the weblogic password in one of their development environments. Restarting the OIM managed server, they saw this message multiple times in their WebLogic log: <Authentication of user weblogic failed because of invalid password>. They also found that the WEBLOGIC user in OIM was locked.

What went wrong here? Well, several things were wrong in this environment:

  • They had <SOAConfig>/<username> set to weblogic, but they had not updated the SOAAdminPassword credential in CSF to the new weblogic password. This customer does not currently use any of the OIM functionality which requires SOA, so they normally leave their SOA server down, including for this test. You would think therefore that the <SOAConfig> would not be relevant to them; but, as I have pointed out above, it is also used for EclipseLink clustering.
  • Even though their development environments were single instance installs, they all had <deploymentConfig>/<deploymentMode> set to cluster instead of simple. As a result, EclipseLink clustering was active even though it did not need to be.
  • <cacheConfig>/<xLCacheProviderProps multicastAddress=””> was set to the same address in multiple development environments on the same subnet. As a result, even though these environments were meant to be totally separate, they were formed into a single EclipseLink cluster.

So, what would happen, was that this environment (let’s call it DEV1) at startup would initialise EclipseLink clustering (since <deploymentConfig>/<deploymentMode> is set to cluster.) It would then add itself to the multicast group configured in <cacheConfig>/<xLCacheProviderProps multicastAddress=””>. At this point, DEV1 becomes visible to the other development environments (say DEV2 and DEV3). DEV2 tries to login to DEV1 over T3, using the <SOAConfig>/<username> user (weblogic) and the SOAAdminPassword password from CSF. However, the weblogic password having changed, both DEV2 and DEV3 will receive an invalid credential error, and DEV1 will experience <Authentication of user weblogic failed because of invalid password>. Setting <deploymentConfig>/<deploymentMode> to simple resolved this.

Wednesday Apr 09, 2014

Free Learning Sessions on Oracle Fusion Middleware

Free Learning Sessions on Oracle Fusion Middleware
Each session runs 2 hours and will provide an in-depth look into each topic. There will be demos, a Question and Answer session as well as a brief overview of next steps for those who require more detailed training.[Read More]

Oracle Fusion Middleware Support News : March 2014

See the latest Fusion Middleware Support News : March 2014!


Thursday Feb 27, 2014

Sustaining Engineer Release Announcment OIM Bundle Patches Released

Oracle Sustaining Engineering
Release Announcement

Oracle Identity Manager (OIM) Bundle Patches Released

We are pleased to announce that the following Oracle Identity Manager (OIM) patches were released on February 25, 2014. Specifically:

  • Oracle Identity Manager (OIM) Bundle Patch
  • Oracle Identity Manager (OIM) Bundle Patch

For more information:

We want to acknowledge everyone's hard work to get high-quality patches out to our Customers on schedule.

Thank you,

Friday Feb 14, 2014

Olympic Athletes Wish They Knew Our Quick Training Secrets

All the talk on the planet lately is about the Olympics, everyone cheering for the individuals who have dedicated their lives to pushing the human body to its limits. We admire and respect them, sometimes wish we had a fraction of that dedication. There is no quick route to that level of fitness and skill.

Seeing snow on the ground as I look out the window, my thoughts wander toward summer, remembering the color "green", and I begin preparing for a half marathon -- just a few months of training followed by a couple of hours of stress on the race course. There will be no cheering crowd throwing me flowers as I cross the finish line, only satisfaction in achieving a goal that I worked hard for.

Do you spend a lot of time training, not just in your personal life, but also at work?

We just upgraded the MOS Communities (MOSC) to Jive, merged them with the OTN Forums, so now we are together having to learn to navigate the new interface, along with all our other tasks.

One thing that might help you quickly get up to speed with the new MOSC and other features of MOS is this article, that has short videos explaining different MOS features:

Discover how to use My Oracle Support Video Series (Doc ID 603505.1)

  • How do you stay on top of the latest patches?
  • Where can you check that products are certified to work together before you begin installing willy nilly?
  • Is there a way to access our knowledge base while you're standing in line at the grocery store?
  • Will your product really be desupported at the end of the year?

All these and more are covered. Check out the videos while you're on the treadmill, and improve your life in multiple ways simultaneously.

We also have webcasts coming up that you might be interested in:

Get Proactive Essentials Webcast Series - My Oracle Support Community (Doc ID 1615047.1)
  • Register for one of many in the timezone of your choice (through March). Lasting 40 minutes, these sessions will get you setup and using the new MOS Community in record time
Essentials Webcast: Oracle Cloud Support (Doc ID 1555872.1)
  • Thirty minute presentations, scheduled through February, will explain what Cloud Support is all about. Sign up for one today!

There are times when long trainings make enormous impact. Other times when they don't. We hope that we can streamline the work-related trainings so that you can devote more time to personal goals.

Happy Trails

Friday Feb 07, 2014

New My Oracle Support Community (MOSC) Platform

The My Oracle Support Community (MOSC) recently migrated to a new platform with a completely new look and feel and navigation.  There is a series of 5 short videos to help learn the basic features and get you started.  Please see My Oracle Support Community - New Platform Overview to start out with the first video.  Once done with that video, click on the [Watch the Next in this series ] at the bottom left and it will automatically take you to the next video in the series.  Each video page has the [ Watch the Next in this series ] link to advance to the next video.

Although it is preferable to watch the videos in sequence, you can also individually select which videos you want to watch.  For reference, here are the individual links to the five videos in the series:

My Oracle Support Community - New Platform Overview [ Video 1 ] (Doc ID 1614073.1)
My Oracle Support Community - How to complete your profile setup. [ Video 2 ] (Doc ID 1614358.1)
My Oracle Support Community - How to start a community discussion [ Video 3 ] (Doc ID 1614724.1)
My Oracle Support Community - How to reply to discussions [ Video 4 ] (Doc ID 1614734.1)
My Oracle Support Community - Participating in the community [ Video 5 ] (Doc ID 1614725.1)

Wednesday Jan 29, 2014

IMPORTANT: My Oracle Support Community and OTN Profiles Merge January 31, 2014

IMPORTANT: My Oracle Support Community and OTN Profiles Merge January 31, 2014

Dear My Oracle Support Community User,

On January 31, 2014, we plan to migrate My Oracle Support Community to the same platform used for the Oracle Technology Network (OTN) forums. This platform will bring new community features to help make it easier to find information through a more intuitive interface, and enhance the way you connect with Oracle experts and industry peers. We have identified you as a user who has the same email address to access both My Oracle Support Community and OTN forums. As part of the migration to a single platform these profiles will be merged and the following will occur:
  • Activities and points from both accounts will be combined into a single consolidated account
  • Your OTN handle will be preserved and you will continue to use your email address to access My Oracle Support Community and OTN forums
  • Your existing username will become visible to both My Oracle Support Community and OTN forum members, however, we will set all of your other profile information to be private
  • Some of your existing profile information will not be migrated and will need to be re-entered into your new account profile
We encourage you review your username and profile information once the migration is complete and make the necessary updates based on your privacy preferences.

If you prefer to maintain two separate accounts (one for OTN forums and the other for My Oracle Support Community), you will need to select a different email address to access OTN forums and update your OTN profile. You must take the following action before January 31, 2014:
  • Log into
  • Click on the arrow beside your username at the top right corner of the page
  • Click "Edit Profile and Privacy"
  • Click "Edit Manage your Profile account" located beside your email address
  • Select the Change Username link at the top of the page
  • Enter your current password and the new email address
  • Log out and log back in to confirm that you are able to log in with the new email address
We look for forward to enhancing your Oracle community experience and appreciate your patience as we implement these changes. For more details about My Oracle Support Community features and enhancements, please read the My Oracle Support Community Spotlight.


Oracle Support

Friday Jan 17, 2014

New FMW Patches - January 2014

The first NEWLY RELEASED patches you should be aware of are the CPUs (Critical Patch Updates). These include, among others:

  • Oracle Container for Java (OC4J)
  • Oracle HTTP Server (OHS) 12.1.2,, , and
  • Oracle Internet Directory (OID) and
  • Oracle Security Service

Details can be found at OTN here.

In addition, there are some new Fusion Middleware Proactive Patches, which include (among others):

  • Oracle Identity Management Suite Bundle Patch consisting of
    • Oracle Identity Manager (OIM) bundle patch
    • Oracle Access Manager (OAM) bundle patch.
    • Oracle Adaptive Access Manager (OAAM) bundle patch.
    • Oracle Entitlement Server (OES) bundle patch.
  • Oracle Identity Management Suite Bundle Patch consisting of
    • Oracle Access Manager (OAM) bundle patch.
    • Oracle Adaptive Access Manager (OAAM) bundle patch.
    • Oracle Entitlement Server (OES) bundle patch.
    • Note : This suite BP is delayed by few days
  • Oracle Identity Management Suite Bundle Patch consisting of
    • Oracle Access Manager (OAM) bundle patch.
    • Oracle Adaptive Access Manager (OAAM) bundle patch.
  • Oracle Identity Manager (OIM) bundle patch
  • Oracle Identity Manager (OIM) bundle patch

For more information :

Where is the OUD Certification Matrix?

OUD was it's own product (separate certification matrix, download, etc.) until when it was merged with the Identity and Access Management 11gR2 release. Since then, there has been an Identity and Access Management, and OUD continues to be part of it. It is also part of the upcoming release.

Because OUD previously had its own certification matrix, it is natural to look for one in current versions, separate from the Identity and Access Management cert matrices. This is no longer the case.

Be aware that OUD certifications have been consolidated into the overall Identity and Access Management certification matrix & the Identity and Access Management certification matrix. Both of these are available from the Certification Central Hub on OTN. In addition, OUD details have also been loaded into MOS Certify.

Please reference the certification matrices when making decisions regarding new installations or upgrades.

Happy Trails!

Friday Dec 27, 2013

Premier Support Ends Dec 31, 2013 for the following products:

Oracle Adaptive Access Manager (OAAM) 10g

Sun Java System Access Manager 7.1

OSSO 10gR3

OIM 9x 

As of January 1, 2014, the above mentioned Oracle products are moving from the Extended stage of Lifetime Support into the Sustaining stage.

Because product releases supported by Sustaining Support are not fully supported, information and skills regarding those releases may be limited. The availability of hardware systems to run such product releases may also be limited.

For full details see the Lifetime Support Policy and the Technical Support Polices.

Per the Technical Support Polices:

  • Sustaining Support does not include the 24-hour commitment and response guidelines for Severity 1 Service Requests as defined in the Severity Level section of the Technical Support Policy.
  • Existing patches and upgrade scripts will continue to be available.
  • Support continues to be available via My Oracle Support.

Details are available here:

Oracle Adaptive Access Manager (OAAM) 10g (Doc ID 1609012.1)

Sun Java System Access Manager 7.1 (Doc ID 1608469.1)

OSSO 10gR3 (Doc ID 1608519.1)

OIM 9.x  (Doc ID 1608487.1)

Tuesday Dec 10, 2013

Oracle Fusion Middleware Support News : December 2013

See the latest Fusion Middleware Support News : December 2013!



This is the official blog of the Proactive Support Team for Identity Management: OIM, OAM, OID, OVD, OUD, DSEE, etc. Find information about our activities, publications, product related information and more.


« May 2015