Posts Tagged ‘Oracle Identity Manager’

Newer Entries »

Oracle Identity Manager (OIM) 11g install for Beginners (in the Cloud baby)!

Friday, March 4th, 2011

***NOTE: As with all Tips and Tricks we provide on the IDMWorks blog, use the following AT YOUR OWN RISK.  We do not guarantee this will work in your environment and make no warranties***

This is  a supplement to the post Setting up Oracle Identity and Access Management Suite (11g) in the Cloud: A few things that work & don’t work detailing  a basic install and the little errors that prevented it from running that were encountered when someone new to Oracle Identity Manager (11g) installed it in a Cloud environment.

To install OIM you have to go through several steps before you even start installing it.  Now I’m sure that most folks reading this have pre-existing environments that allow you to skip many of the following steps but let’s assume you are doing this from a brand spankin’ new MS Windows server.

Basically, you want to do the install first, and then the configuration.

1) You need to have the Java Development Kit (JDK) installed. Now you might think that just having it installed is good enough however the default installation path will put it in the ‘Program Files‘ folder.  Most MS Windows systems don’t have any particular preference however, your IDM install doesn’t like spaces in the file paths So be sure you have it installed in  a folder without spaces.

2) Be certain you are utilizing a static IP address. If you don’t, I would suggest reviewing the suggested fixes in the Setting up Oracle Identity and Access Management Suite (11g) in the Cloud: A few things that work & don’t work post.  Otherwise you will likely get a fair amount of errors when everything is up and running. The entire suite depends on having a static DNS name and IP address. When it doesn’t things fail without warning.

3) Now you should install the database. A few things to note here:

  • The database is where everything points to. Fortunately it’s not particularly hard to set up the software. Unfortunately the database itself has a few requirements. The  Setting up Oracle … in the Cloud post again covers the tricks needed to get this working properly but one thing I would add is that the default for the desktop install on the database has the wrong language code set. Don’t use it but do use “server” instead.

4) Once you have the database installed you have to run RCU.  Unfortunately RCU is a 32 bit program that is very picky about 64 bit operating systems. When installed in conjunction with a 64 bit database and then attempting to link the 32 bit RCU it would work until it attempted to add the OIM tables in.  Then it broke. The only fix I found was to use a 32 bit database. The RCU is just putting tables for the systems you are installing next to run off of, so we can assume it’s fully possible to drop the tables in manually, but I wouldn’t want to do it.

5) Assuming you finished the last few steps you can go onto the actual install of the programs. WebLogic first. If you are using the generic JAR installer, which you probably should be, you have to use your Java install to unpack it.  Now there is something you should take note of when you install WebLogic. There is a screen where it’s looking for Java packages. The generic JAR doesn’t have these with it. Again it is very picky about what folder it has selected to do the Java install with. It’s not so picky about whether or not the folder is occupied. Make sure it’s pointing to the right place. If all else fails, copy the Java bin to the area the installer wants. If you don’t things will install fine but never run (note: be sure to have the correct version installed as the systems are very specific about what they are compatible with).

6) Alrighty then, WebLogic is installed. Web/logic is the heart of everything else OIM related. With OIM installed you also need SOA. You have to install the .2 version and then upgrade to the .3 version. Typically this is a pretty straight forward install.

7) NOW we can install OIM. The OIM install itself is pretty easy again but it is the next few steps that can mess you up. Make sure you don’t start up the Configuration Manager quite yet.

8 ) Now we configure Weblogic. You are looking for a file called config.sh in a folder called common. It’s in the directory you installed all the stuff you have already installed. Now when you bring it up, you want to select the programs you want Weblogic to support. Then you have to connect to the database you have running still.  If you can’t connect make sure your password is right. If you still can’t connect then your database isn’t liking something.

9 ) Since you have WebLogic configured you now have to configure OIM.  It’s pretty straightforward. You point it at the WebLogic address that you setup and the program will register yourself. One thing you should look out for is the line OIM HTTP URL. This line should have your WebLogic connection address with a different port. In my silliness installing this once I had it as the same port, it allowed WebLogic to run, and OIM started up just fine, but after a moment OIM alone would stop, as well as the soa-infra server.

10) Start everything up!

Questions? Feel free to reach out to us at IDMWorks.

Tags: , , , , , ,
Posted in Cloud Computing, Identity Management, Oracle Identity Manager, Tips & Tricks, WebLogic | No Comments »

Migrating away from Sun Identity Manager? If only it were that simple.

Thursday, March 3rd, 2011

Here at IDMWorks we get asked time and again to migrate from Sun Identity Manager to a number of products including Oracle, Novell, IBM, and CA Identity Manager.

We can tell you with no uncertainty that regardless of what a vendor or implementation partner has stated that there is no cut and dry methodology for “migrating” from Sun IdM to any of the other major IdM products.

As of now, there simply is no magic tool that you can use to export a Sun IdM environment into another product.  A vendor may be able to write a tool or two to migrate some of the important pieces of Sun IdM over, like resources, users, or basic meta-data that is common to all Sun IdM implementations (we speak from having done so a few times now ourselves) but as Identity Management is never a simple plug and play right out of the box, with no customization, it is not and cannot be done that simply.

So if you have a plain vanilla out-of-the-box implementation of Sun IdM, you might be in luck :) . If you’re like every Sun IdM implementation that IDMWorks has implemented, you have custom forms and workflows that have been written to facilitate your company’s processes for on-boarding, requests, off-boarding, approvals, etc.

The majority of these customizations are written in XPRESS.   XPRESS, unfortunately, is a proprietary XML language that was created expressly for the Waveset IdM product, which was purchased by Sun Microsystems, which was in turn purchased further down the road (and is being “phased out” under the name Oracle Waveset) by Oracle.  Each of the XPRESS forms and workflows is useless to another product.  Even if somehow translated they would be awkward at best to integrate into most other products as the product architecture and internal logic are very different.

The method many of our customers are taking to migrate is to document each process and configuration and create a migration plan to slowly bring up the new product solution to replace the functionality they currently have.  In other words, start from scratch using your original requirements and tools.  The key to success there is to have awesome, thorough, well planned and written documentation! Something we push VERY hard on our customer base here at IDMWorks.

With some luck (and a good vendor/partner) you have documented lessons learned from your original IdM implementation that you can use to expedite the new project and avoid some of the pitfalls that may have occurred the first time. The first and most important step to moving from one IdM platform to another is coming up with a rock solid migration plan that makes the transition as smooth as possible.

In all fairness, at IDMWorks, we don’t have the magic migration tool, but we do have the expertise to make your transition to a new IdM product a success.  Feel free to reach out to us to and let us show you what we can do to smooth the process.  As our front page says, “Get to know Peace of Mind”.

Tags: , , , , , , , , ,
Posted in Best Practices, Identity Management, Oracle Waveset, Sun Identity & Access Management, Sun Identity Manager | No Comments »

Setting up Oracle Identity and Access Management Suite (11g) in the Cloud: A few things that work & don’t work

Wednesday, March 2nd, 2011

***NOTE: As with all Tips and Tricks we provide on the IDMWorks blog, use the following AT YOUR OWN RISK.  We do not guarantee this will work in your environment and make no warranties***

The Oracle IAM 11g suite consists of several different products,  Identity Federation, Identity Manager, Internet Directory, and Access Manager, to name a few.  All of the products, rather most of the products, have the same basic requirements…database, RCU, WebLogic, and IDM  that must be installed.   Because of the nature of the Amazon EC2 Cloud there are a few things to keep in mind when building these components in the Cloud and a few things to do before starting your applications.  Please note this is all MS Windows centric.

Install order…

You can install the database or WebLogic first, it really doesn’t matter, but I typically will use the following order as it provides a good restore point:

FIRST:

  1. Database (software) install
  2. WebLogic 10.3.4 install
  3. IDM (software only install)

Back EVERYTHING Up

THEN:

  1. Install the listener
  2. Create database
  3. Run RCU
  4. Install SOA (only if needed)
  5. Configure IDM

When Installing the Database:

  1. A few things to do when installing the database (Cloud or not) is to set some environment variables in Windows, (this isn’t necessarily required with 11g as with older installs but can still be a time saver).   Regarding the Cloud, setting the ORACLE_HOSTNAME=”permanent name of machine”, is very helpful as both the listener and the dbconsole have real trouble starting after a reboot with changing names.  This will allow the database as a service in Windows successfully thus making it easier to remember what to type into the IDM RCU setup and IDM configuration setup.
  2. When creating the database set open cursors to 500, session cached cursors to 100, and processes to 500.  This can be done in the DBCA when creating the database by pressing the “All Initialization Parameters” button on the Configure Options screen (where you configure both the memory and character set.)

When Installing WebLogic:

Make sure you use the generic jar file with any 64 bit install.

  1. Install Java if needed and from a command prompt go to the directory where the jar file is located and type: ” java –jar wls1034_generic.jar” (or whatever the name of the jar is).

When Installing the Oracle IAM Suite:

Once the suite is configured for your application and the WebLogic domain created there are a few things that can be done to make life a little easier:

  1. You can edit the config.xml (located at Oraclehome\user_projects\domains\IDMDomain\config) file to point to the correct host name by changing all instances from ip-xxxxxxxx.ec2.internal to the hostname.cloud.<organization>.net to insure the admin console starts correctly.
  2. For those who use the Fusion Enterprise Console, it may have trouble starting due to a class path issue, however to correct the error open the setdomainenv.cmd and search for the following line

set POST_CLASSPATH=(Oracle_home)\wlserver_10.3\server\lib\weblogic.jar:;%POST_CLASSPATH%

Just after that line, add the following

set POST_CLASSPATH=(Oracle_home)\Oracle_IDM1\oui\jlib\lib\http_client.jar:;%POST_CLASSPATH%

3.  Save and Close the file

4.  Restart WebLogic for it to take effect.

Last but not least:

  1. Add the  host name ” ip-xxxxxxxxxxx.internal” from when the applications were configured to your Hosts file located at c:\windows\system32\drivers\etc pointing to 127.0.0.1 (the IP loop-back address in Windows).   This should help solve everything else not already solved.  This way, whenever you boot, any app that asks for the old name will be able to route to the server directly.  This might not be the cleanest solution but it’ll work.
  2. In fact, make sure all listening addresses in WebLogic are set to blank and the nodemanager set to localhost (if you set it to blank, it automatically sets to localhost) and launch your managed weblogic sessions with the loopback address ( to be sure it launches successfully).

The combination of these tricks should resolve most, if not all, issues in getting IDM environments up and running in the cloud.

PS: In order to start your environment:

To start WebLogic: oracle_home\user_projects\domains\IDMDomain\starweblogic.cmd

To start your Application: oracle_home\user_projects\domains\IDMDomain\bin\startmanagedweblogic Appservername http://serverhostname:7001

Questions? Feel free to reach out to us at IDMWorks.

Tags: , , , , , ,
Posted in Best Practices, Cloud Computing, Identity Management, Oracle Access Manager, Oracle Identity Manager, Tips & Tricks, WebLogic | 3 Comments »

Fixing a pain in the neck with an OIM API – Generic Class

Friday, February 11th, 2011

***NOTE: As with all Tips and Tricks we provide on the IDMWorks blog, use the following AT YOUR OWN RISK.  We do not guarantee this will work in your environment and make no warranties***

In my early days of playing with OIM’s API, I quickly discovered the cumbersome process of constantly changing your code between your development environment and OIM.

I use Eclipse for my Java development and I really enjoy the ability to run code right from Eclipse against OIM and to see the results in the console.  This saves me a tremendous amount of development time.  To run code in Eclipse you have to initialize your OIM connection differently than you would if that code was executed from an Adapter.  From Eclipse, you have to initialize  a new tcUtilityFactory passing it the username and password of the account you’re using to test (most likely, xelsysadm).  When you run your code from within OIM, you get your utility factories from the Database Reference object (tcDataProvider).  Thus, if you’re testing code in Eclipse, you have to change your code before exporting the JAR to OIM.  If you go back and forth enough times this will quickly become rather frustrating.   So I decided to write a generic class template that doesn’t need this constant switch.

Here’s how it works:

Any time you need to perform an API function, you need to get a copy of that API’s utility, using the getUtility method of either Thor.API.tcUtilityFactory (if you’re executing remotely) or your tcDataProvider (if you’re executing within OIM).

My class has two constructors:

public Generic()

and

public Generic(tcDataProvider db)

When you run the code in Eclipse,  I create a new Generic() class.

When I create the adapter in OIM,  I use the second constructor and map the Adapter Reference -> Database Adapter object to the constructor’s input.

When I need an API utility object, I call my own getUtility() method which, based on the constructor used, grabs the utility from the correct place.

Here’s the code:

package OIM.Generic;

//Generic Template class
//Works both in local and remote environments (OIM and Eclipse)
import java.util.Hashtable;

import Thor.API.tcResultSet;
import Thor.API.tcUtilityFactory;
import Thor.API.Base.tcUtilityOperationsIntf;
import Thor.API.Operations.tcUserOperationsIntf;

import com.thortech.xl.crypto.tcCryptoUtil;
import com.thortech.xl.crypto.tcSignatureMessage;
import com.thortech.xl.dataaccess.tcDataProvider;
import com.thortech.xl.util.config.ConfigurationClient;

public class Generic {
	boolean local = false;
	tcDataProvider db;
	tcUtilityFactory tcu;

	public Generic(){
		initRemote();
	}

	public Generic(tcDataProvider db){
		initLocal(db);
	}

	private tcUtilityOperationsIntf getUtility(String s){
		tcUtilityOperationsIntf result = null;
		try{
			if (local){
				return Thor.API.tcUtilityFactory.getUtility(db, s);
			}else{
				return tcu.getUtility(s);
			}
		}catch(Exception e){
			e.printStackTrace();
		}
		return result;
	}

	public void test(){
		try{
			tcUserOperationsIntf moUserUtility = (tcUserOperationsIntf) getUtility("Thor.API.Operations.tcUserOperationsIntf");
			Hashtable mhSearchCriteria = new Hashtable();
			mhSearchCriteria.put("Users.Key", "1");
			tcResultSet moResultSet = moUserUtility.findUsers(mhSearchCriteria);
			for (int i = 0; i < moResultSet.getRowCount(); i++) {
				moResultSet.goToRow(i);
				System.out.println(moResultSet.getStringValue("Users.User ID"));
			}
		}catch(Exception e){
			e.printStackTrace();
		}

	}

	private void initLocal(tcDataProvider db){
		this.db = db;
		this.local=true;

	}

	private void initRemote(){
		this.local = false;
		try{
			ConfigurationClient.ComplexSetting config = ConfigurationClient.getComplexSettingByPath("Discovery.CoreServer");
			final Hashtable env = config.getAllSettings();
			tcu = new tcUtilityFactory(env, "xelsysadm","xelsysadm");

		}catch (Exception e){
			e.printStackTrace();
		}
	}

	public static void main(String[] args) {
		Generic api = new Generic();
		api.test();
	}
}

As always, we at IDMWorks value our feedback and your ideas.  Feel free to sound off below or contact us here.

Tags: , , , ,
Posted in Best Practices, Identity Management, Java Development, Oracle Identity Manager, Tips & Tricks | No Comments »

So now what? What to do with your Sun IAM stack (hint: start looking)

Friday, November 12th, 2010

Legacy Sun Java System Identity and Access Management (IAM) customers have been calling us up often to ask about the state of the industry and their options with the Sun IAM stack moving forward.   The choices are many right now but one fact remains, Sun IDM and Open SSO’s days are numbered.  The products will be around for a while, years in fact, but eventually like that Saturn dealership on the corner, it will go away. Thus the grand migration is underway.  As an IAM enabled company the question of where to migrate to is paramount.  So let’s talk options.

Option 1) Stick with Sun As-Is

The old wait and see approach, but let’s be honest, the clock is ticking.  Like a legacy application your IT staff built in their garage it won’t keep up with the rest of market and the future of IDM.  There will never be a grand Cloud version of Sun IDM.  What is most interesting is that there are options to move away from Sun that pretty much expire by years end.

So let’s move away from Option 1 for now and take a look at the future.

Option 2) “Migrate” to Oracle IAM (as part of Oracle Fusion Middleware)

I say migrate because with any non-Sun tool (and Oracle IAM is a much different beast) there is NO upgrade path. Oracle is attempting to woo existing Sun implementations into the fold by offering license swaps in the short term. For those looking to definitively move into Oracle IAM then this is the best bet and should be done ASAP as the swap cycle is time limited.

Option 3) Migrate to Novell IAM

Similar to Oracle, Novell is offering a swap out of the Sun software and licenses.  This is a very interesting proposition.  Novell is willing to give the product up for free in order to build the relationship.  Basically from what the Novell Website states:

  • The Sun Identity Manager swap gives you Novell Identity Manager, roles based provisioning module and enterprise integration module.
  • The Sun Role Manager swap gives you Novell Access Governance Suite.
  • The Sun Open SSO swap gives you Novell Access Manager.
  • The Sun Directory Server EE swap gives you Novell eDirectory.
  • Sun subscription customers can opt in for equivalent Novell product subscriptions and will be considered for additional incentives on a case-by-case basis.

I think this is brilliant tactic that I am surprised a few other vendors haven’t tried.  To be straight, Novell has a great directory and SSO offering and is making huge strides in the Provisioning and Federation space.  At a minimum for a no-cost look I might suggest talking to a Novell rep.  But alas, much like Oracle, Novell’s offer is time-boxed.  Come Dec.31, 2010 a statement of interest (not a purchase mind you, this simply locks in Novell’s committment in 2011 for the swap) must be signed or that coach turns back into a pumpkin.

Option 4)  Migrate to CA IAM, IBM IAM, Microsoft IAM, etc. (there are many to chose from)

Choices, choices, choices.  I can say that CA is making a major push in the IAM space and IBM seems to be lagging a bit but has been a big player in the past.  Microsoft is also making strides to broaden their footprint in the IAM space.  And there are plenty more vendors to look at. My guess is there are deals to be had even if there is no published “sale” going on.

I wouldn’t keep any pre-conceived notions about any of the vendors right now and thanks to the Oracle-Sun purchase the alternative vendors are pumping time and money into getting your business.  We at IDMWorks are happy to work with you on any and all of the products in the market.  We can help to dissect and divide the various offerings and help you to understand the best choice that fits into your environment.

The point is NOW is the time to take the Pepsi challenge.  If you have a SUN IAM implementation you should be taking a look at the various vendors (including those not listed in Option 4) and line up a chat (or webcast, lunch-and-learn, email or phone call) with your local vendor representative because by 2011 a potential low cost update may go away.

Feel free to shoot us a note if you have questions.

Tags: , , , , , , , , , ,
Posted in Access Management, CA, CA Identity Manager, Identity Management, Identity Provisioning, Novell, Novell Access Manager, Novell Identity Manager, Oracle Access Manager, Oracle Fusion Middleware, Oracle Identity Manager, Sun Identity & Access Management, Sun Identity Manager | 5 Comments »

No Need to Re-invent the OIM Wheel

Tuesday, October 19th, 2010

***NOTE: As with all Tips and Tricks we provide on the IDMWorks blog, use the following AT YOUR OWN RISK.  We do not guarantee this will work in your environment and make no warranties***

Recently for an Oracle Identity Manager project, I was given what most would consider a “simple” requirement. The requirement was to add a field to the out of the box OIM Self Registration Form. The field was to be used to confirm the users email address entered, similar to how currently there is a password confirm field on the form which forces the user to enter their password twice to mitigate typos. Oracle’s documentation is pretty straight forward for modifying the OOTB Registration form. If you want to add a field, just edit the FormMetaData.xml file. Simple enough, but the problem comes in when you want to add logic to the form to have the Email confirm field match the Email field.

To solve that dilemma most people would create their own custom Self Registration form and then update the link off of the Login Page to point to their new page. But why re-invent the wheel? You only want to add one additional functional to the Self Registration form. So instead of going the time consuming complete customization route, I instead decided to de-compile the tcSelfRegistrationAction.class, which handles all the functionality for the Self Registration page. After de-compiling the class file using jd-gui, I simply copied the logic already in the code for the Password Confirm field and applied it to the Email Confirm field. Then it was as simple as compiling the updated java file and replacing the current tcSelfRegistrationAction.class in the deployed XellerateFull.ear file.

Questions? Feel free to reach out to us at IDMWorks.

Tags: ,
Posted in Identity Management, Identity Provisioning, Oracle Identity Manager, Tips & Tricks | 3 Comments »

Elvis has left the building (what to do when a new version of the software is released).

Wednesday, August 25th, 2010

RE: Oracle Fusion Middleware 10g vs. 11g stack selection (OID, OVD, OIM, OAM specifically).

Here at IDMWorks we specialize in Identity and Access Management full life-cycle services.

Discovery √ Design √ Implementation √ Development √ Support √

During a recent trip to a customer site for an installation of the Oracle Fusion Middleware stack we ran into an interesting conundrum. We were to install the 10g release of OVD, OID, OAM and OIM into the development environment. The customer pointed out that 11g had been released approximately 3 weeks prior and asked for a recommendation of whether we should jump to the 11g implementation path or continue down the 10g path.

First, let me say, the customer was right on point with the question. We like a customer who is knowledgeable and will challenge the decisions and recommendations that we make as a team because that is the same customer who will “take care” of their system long after Elvis (or in this case IDMWorks) has left the building.

Conventional wisdom states that you never jump to the next release of a product in the first month. You wait for stabilization (and typically the first service pack). However in this case we must keep in mind that the products, at least the directory components, are pretty mature. So we can add another option of a mixed upgrade, perhaps 11g OID and OVD, with the 10g release of OAM and OIM. Additionally, with a new release, and this speaks to stabilization, you don’t have the luxury of all the little “gotchas” that have been addressed with implementations of the past. In our case, when we had a Linux Service Pack Library dependency issue, we had Google to rely on to find the fix in less than 5 minutes. No call to Oracle Support, no waiting for recreation and resolution, no explanation to the customer on why we must halt progress while we investigate the issue.

So we created a game plan as follows:

1) Stick with what works!
The known 10g release, while the “older” release, provides a level of maturity and issue resolution that will allow our project to remain on budget and time. This is HUGE. The unknowns that a fresh release present, if the customer has time and budgetary constraints (don’t they all?), means that time spent resolving the “basics” is time lost (and hence money).

2) Plan, Plan, Plan for the future!
In order to address the 11g want of the customer, the resolution we opted for, was to develop an upgrade path and plan to 11g including the steps, the timeline, the associated cost and the follow up procedures that will allow, in a cost and time effective manner, the ability to smoothly transition into the next release in a matter of months instead of years.

3) Work with the customer
This should go without saying but don’t let personal agendas drive the project to failure. The customer wants (and rightfully so) the latest and greatest they can have. If that means the latest technology, than so be it. In our case we have three options, Old, New, and Newish (a little old and new mixed together). However, because we are the implementation partner ours is not to decide but to recommend. As such we explained all available options, gave our recommended approach and let the customer know that if they choose to move forward with another option (the non-recommended one) we would support them 100% and move forward in that direction.

In the end the customer stuck with the recommendation approach and we are well on our way to a successful implementation with a path to the future product laid over the existing framework!

Tags: , , , , , , , , , ,
Posted in Access Management, Best Practices, Identity Management, Oracle Access Manager, Oracle Fusion Middleware, Oracle Identity Manager, Oracle Internet Directory, Oracle Virtual Directory | No Comments »

Oracle Identity Manager (OIM): IT Resources in the database

Friday, June 11th, 2010

***NOTE: As with all Tips and Tricks we provide on the IDMWorks blog, use the following AT YOUR OWN RISK.  We do not guarantee this will work in your environment and make no warranties***

While setting up a staging environment at a client’s site, I needed to mirror the Production OIM instance to the Staging environment. The steps involved are outside the scope of this blog, outlined in detail in Oracle’s Metalink article How To Export and Import an OIM Instance? [ID 555655.1]

There is one very important caveat to note when doing this. If you take a snapshot of the production database and insert it into your development environment, when you bring that OIM instance up, it will contain all production data; including IT Resource connections. If there were any scheduled tasks in your production instance that would’ve ran during your transition, they may run as soon as you bring your development OIM instance up. Against your production resources!!

The way I found to avoid this is to blank the server name/IP values out directly in the database prior to launching your freshly imported development environment. For this, you need to know where IT Resources are stored in the database.

While there are more tables to hold other metadata, the following 3 have the key information:

  • SVR – Contains all the different resource names (ie.  AD Server, iPlanet User, Exchange Server, etc…)
  • SPD – Contains a list of all the fields (ie. Server Name, SSL, Port, Root DN, etc…)
  • SPV – Contains values for all fields – This list is encrypted, but since all we want to do is blank them, it’s ok.

The following SQL code will show you a list of the Resources, Fields, and Values

select svr.svr_name, spd.spd_field_name, svp.svp_key,svp_field_value
from svp
inner join spd on spd.spd_key = svp.spd_key
inner join svr on svr.svr_key = svp.svr_key;

Browse through the results and look for the field names that suggest a server name or ip address. This will depend on each resource, but common names are “Server Address” or “Server Name”. For each resource you want to blank out, note the corresponding key (column svp.svp_key).

For each field, run the following UPDATE statement substituting the svp_key value for X,Y,Z

UPDATE SVP SET svp_field_value = '' WHERE svp_key in (X,Y,Z)

That’s it. You can now safely launch your development OIM instance without worrying it may touch production data. Please note that if you have custom or funny adapters that don’t user server names/ip as the source, for example a file path, you need to figure out which field name is the correct one that stores your production resource.

Questions? Ask at IDMWorks.

Tags: , ,
Posted in Identity Management, Oracle Identity Manager, Tips & Tricks | No Comments »

Logging into & setting up iManager

Sunday, January 31st, 2010

Logging into iManager is a little deceptive if trying to do it for the first time. You will need three items:

  1. The eDirectory login username. In my case this is: admin
  2. The password for the user identified in step #1
  3. The IP address of the server. Using the Tree name isn’t always reliable I have found.

Once you’re logged into iManager, you can setup Role (RBAC) within iManager using the RBS Configuration Wizard (found at Configuration->RBS Configuration Wizard).

  • After restarting Tomcat, you should see a bunch of new stuff in iManager including “Identity Manager Administration”
  • Navigate to the “Roles & Tasks”, Expand “Identity Manager Utilities” and select “Import Multiple Drivers”
  • Create a new driver, giving a name of your choice

..more to come

Tags: ,
Posted in Oracle Identity Manager | 1 Comment »

Moving Attributes between OIM and ORM

Thursday, May 14th, 2009

As you can tell I’m working on an OIM-ORM integration, but who isn’t right?

Okay so my mission is to have attributes flow from OIM to ORM.. this should be fairly easy right? Well, it’s not working, and if you were to look at the posts on http://forums.oracle.com, I’ve found that there are a lot of people have the same challenges.

Here’s what I have tried to do (with the attribute UserID):

1. Update the file “bizlogic.oim_integration.xml” file with the attributes that you would like to push from OIM to ORM. Add the following entries:
* personuserID
* [in the CDATA section]
2. Modify the filename oim_integration.xml in the oracle.iam.rm.event.incoming directory as follows:
* Users.User IDuserIDjava.lang.String>NULL_IF_NULL>

The attribute specified in “source-name” should come from OIM (use this website to figure out what the correct source-name should be: http://rajnishbhatia19.blogspot.com/2008/09/oim-91-metadata.html).

Last two steps are to create a DAR file, deploy this to your app server and test away…

Good luck!

Tags: ,
Posted in Oracle Identity Manager, Oracle Role Manager | 2 Comments »

Newer Entries »