Sunday, May 27, 2012

Oracle Identity Manager 11.1.1.5 Integration With Oracle Identity Analytics 11.1.1.5


Oracle Identity Manager 11.1.1.5 Integration With Oracle Identity Analytics 11.1.1.5

  • At least Oracle Identity Manager version 9.1.0.2 BP17 or version 11.1.1.5.0 (11gR1 PS1) is required. (Oracle Identity Manager 11gR1 (version 11.1.1.3.0) is not supported.)
  • At least Oracle Identity Analytics 11.1.1.5.0 is required.

Step 1: Copy the Required Files From the OIM Server

  • Copy the following Oracle Identity Manager Java API JAR files located in the <OIMDesignConsole>/lib folder to the Oracle Identity Analytics $RBACX_HOME/WEB-INF/lib folder:
    • xlAPI.jar
    • xlCache.jar
    • xlDataObjectBeans.jar
    • xlDataObjects.jar
    • xlScheduler.jar
    • xlUtils.jar
    • xlVO.jar
  • Copy the following JAR files located in the <IDM-HOME>/server/lib folder to the Oracle Identity Analytics $RBACX_HOME/WEB-INF/lib folder:
    • xlCrypto.jar
    • wlXLSecurityProviders.jar
    • xlAuthentication.jar
    • xlLogger.jar
  • Copy the config folder located at <OIMDesignConsole>/config and paste it in the Oracle Identity Analytics $RBACX_HOME/xellerate folder.
  • If using at least Oracle Identity Manager 11.1.1.5.0 ( 11gR1 PS1), copy the following OIM files to the Oracle Identity Analytics $RBACX_HOME/WEB-INF/lib folder:
    • oimclient.jar
    • Use the version located in the <OIMDesignConsole>/lib folder. (Important: Do not use a copy of this JAR file located in any other directory.)
    • iam-platform-utils.jar
    • This file is located in the <OIMDesignConsole>/lib folder.
  • If deploying to a WebLogic application server, and if Oracle Identity Analytics and Oracle Identity Manager are on different WebLogic domains, copy the <WLS-HOME>/server/lib/wlfullclient.jar file to the Oracle Identity Analytics $RBACX_HOME/WEB-INF/lib folder.
          Note - If the wlfullclient.jar file is not present, follow these steps to generate it:
          1.Type cd<WLS-HOME>/server/lib, where <WLS-HOME> is the base WebLogic installation directory
          2.Type java -jar wljarbuilder.jar
          3.Copy the wlfullclient.jar file to the $RBACX_HOME/WEB-INF/lib folder

Step 2: Edit the Oracle Identity Analytics Configuration Files

  • Stop Oracle Identity Analytics.
  • Enable Oracle Identity Manager as a supported provisioning server by editing iam-context.xml in the $RBACX_Home/WEB-INF folder as follows:
    • Uncomment the following lines at the start of iam-context.xml:
                     <import resource="oim-commons-context.xml"/>
                      <import resource="oim-11g-context.xml"/> <!-- This also works with at least Oracle Identity Manager 9.1.0.2 BP17-->
    • Enable the following:
                  <entry key="oracle">
                    <ref bean="oimSolution"/>
                  </entry>
    • Save your changes.
  • Start Oracle Identity Analytics.
  • Edit $RBACX_HOME/conf/oimjdbc.properties. This should contain the Oracle Identity Manager database information.

    • Run the OIA Property Encryption Utility to encrypt the database password located in the oimjdbc.properties file.
    • For details, see the Administrator’s Guide for Oracle Identity Analytics, "Securing Oracle Identity Analytics" chapter, "Understanding the Property Encryption Utility" section.
    • Open the oim-11g-context.xml file for editing and search for the word password.`
    • Comment out the oim.jdbc.password line and uncomment the oim.jdbc.password.encrypted line. The XML should look like the following sample:
                     <property name="URL" value="${oim.jdbc.url}"/>
                     <property name="user" value="${oim.jdbc.username}"/
                     <!--<property name="password" value="${oim.jdbc.password}"/>-->
                     <property name="password" value="${oim.jdbc.password.encrypted}"/>


Step 3: Modify the Oracle Identity Manager Forms Using the Form Designer

In this step you will open Form Designer and, for each OIM resource, add the properties that OIA needs to exchange data with OIM.

  1. Log in to the Oracle Identity Manager Design Console.
  2. Open the Form Designer.
  3. For each Resource, the following properties need to be added to some identified feed for accounts, policies, and entitlements imports:
    1. AccountName - Identifies the unique account in the target system
    2. ITResource - Identifies the unique IT Resource field for the target system
    3. Entitlement - Identifies the account attribute designated for privileges
    4. OIAParentAttribute - This property identifies the parent or mandatory entitlement attributes. Add this property only if you have installed at least OIM 11.1.1.5.0 or at least OIM 9.1.0.2 BP17.

                Complete this step as follows:

      1. Locate the Process Form for the given resource.
      2. Open the child Process Form and create a new version.
      3. Click the Properties tab.
      4. Locate ONLY ONE entitlement field per form, click Add Property, and add the Entitlement = true property setting.
      5. If there are multiple Entitlement child forms, add one Entitlement = true property setting per Entitlement form.
      6. If you have installed at least OIM 11.1.1.5.0 or at least OIM 9.1.0.2 BP17, add the OIAParentAttribute property.
      7. Save the child form and make it active.
      8. Locate the parent process form and create a new version.
      9. Click the Properties tab.
      10. Locate the field that uniquely identifies the account in the target system, click Add Property, and add the AccountName = true
      11. Locate the ITResource field for the target system, click Add Property, and add the ITResource = true property setting.
      12. Save the parent form and make it active.
      13. Repeat for each Resource.
      14. Restart the Oracle Identity Analytics server.

Step 4: Configure the Oracle Identity Manager Data Collection Scheduler


  • Before You Begin - Verify that the OIM installation/upgrade script created the DataCollection Schedule Job in OIM and that the job is enabled but not scheduled for execution. Your integration will not work without this important job.
  • Follow these steps to register the task with OIM:
    1. Enable the DataCollection Schedule task if you are using Oracle Identity Manager 9.1.0.2. (If you are using at least Oracle Identity Manager 11.1.1.5.0, the DataCollection Schedule task is already enabled so you should skip this step.)  To enable the DataCollection Schedule task, open the Design Console, search for the    DataCollection Schedule task, and make it Active.
    2. Enable the following system property in Oracle Identity Manager by setting the value to TRUE:
                 OIM.IsOIAIntegrationEnabled = TRUE

Step 5: Configure Oracle Identity Analytics to Connect to Oracle Identity Manager

         1.Log in to Oracle Identity Analytics.
         2.Choose Administration > Configuration.
         3.Click Provisioning Servers.
         4.Click New Provisioning Server Connection.
                The New Provisioning Server Connection wizard asks you to choose the type of provisioning server connection that you want to create.
         5.From the Type of Provisioning Server Connection drop-down menu, select oracle and click Next.
        6.Complete the form:
    • Server Name - Type the Oracle Identity Manager server name.
    • Xellerate Home - Type the path to the xellerate folder in OIM. (Example: C:\oracle\xellerate)
              If Oracle Identity Manager is on a separate machine, create a local xellerate folder and copy the  config folder from <OIMDesignConsole> in the xellerate folder.
    • Login Config - Type the path to the authentication configuration (auth<AS>.conf) file. (Example: C:\oracle\xellerate\config\authwl.conf)
    • User Name - Enter the OIM user name. (For example, xelsysadm.) The specified OIM user needs to have system administrator privileges.
    • Password - Enter the OIM password.
           7.Click Save.

Wednesday, May 23, 2012

Weblogic 10.3.5: WLST in Embedded Mode

Weblogic 10.3.5: WLST in Embedded Mode

In embedded mode, you instantiate the WLST interpreter in your Java code and use it to run WLST commands and scripts. All WLST commands and variables that you use in interactive and script mode can be run in embedded mode.

This example illustrates how to instantiate the WLST interpreter and use it to connect to a running server, create two servers, and assign them to clusters.


package wlst;
import java.util.*;
import weblogic.management.scripting.utils.WLSTInterpreter;
import org.python.util.InteractiveInterpreter;

/**
 * Simple embedded WLST example that will connect WLST to a running server,
 * create two servers, and assign them to a newly created cluster and exit.
 * <p>Title: EmbeddedWLST.java</p>
 * <p>Copyright: Copyright (c) 2004</p>
 * <p>Company: BEA Systems</p>
 */

public class EmbeddedWLST 
{
  static InteractiveInterpreter interpreter = null;

  EmbeddedWLST() {
    interpreter = new WLSTInterpreter();
  }

private static void connect() {
    
  String user="user1";
  String pass="pw12ab";
  String url ="t3://localhost:7001";
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(user);
  env.setSecurityCredentials(pass);
  Context ctx = env.getInitialContext();
  interpreter.exec
   ("connect('"+user+"','"+pass+"','"+url+"')");
  }

private static void createServers() {
    StringBuffer buf = new StringBuffer();
    buf.append(startTransaction());
    buf.append("man1=create('msEmbedded1','Server')\n");
    buf.append("man2=create('msEmbedded2','Server')\n");
    buf.append("clus=create('clusterEmbedded','Cluster')\n");
    buf.append("man1.setListenPort(8001)\n");
    buf.append("man2.setListenPort(9001)\n");
    buf.append("man1.setCluster(clus)\n");
    buf.append("man2.setCluster(clus)\n");
    buf.append(endTransaction());
    buf.append("print ‘Script ran successfully ...’ \n");
    interpreter.exec(buf.toString());
  }

private static String startTransaction() {
    StringBuffer buf = new StringBuffer();
    buf.append("edit()\n");
    buf.append("startEdit()\n");
    return buf.toString();
  }

private static String endTransaction() {
    StringBuffer buf = new StringBuffer();
    buf.append("save()\n");
    buf.append("activate(block='true')\n");
    return buf.toString();
  }

  public static void main(String[] args) {
    new EmbeddedWLST();
    connect();
    createServers();
  }
}

Reference: http://docs.oracle.com/cd/E13222_01/wls/docs90/config_scripting/using_WLST.html 

Weblogic 10.3.5: Enable Debugging Using the WebLogic Scripting Tool WLST Scripts and WLST from Java


Weblogic 10.3.5: Enable Debugging Using the WebLogic Scripting Tool  WLST Scripts and WLST from Java

WebLogic Scripting Tool (WLST) can be used to set the debugging values. For example, the following command runs a program for setting debugging values called debug.py:
java weblogic.WLST debug.py
The main scope, weblogic, does not appear in the graphic; jms is a sub-scope within weblogic. Note that the fully-qualified DebugScope for DebugJMSBackEnd is weblogic.jms.backend.
The debug.py program contains the following code:
user='user1'
password='password'
url='t3://localhost:7001'
connect(user, password, url)
edit()
cd('Servers/myserver/ServerDebug/myserver')
startEdit()
set('DebugJMSBackEnd','true')
save()
activate()
Note that you can also use WLST from Java. The following example shows a Java file used to set debugging values:
import weblogic.management.scripting.utils.WLSTInterpreter;
import java.io.*;
import weblogic.jndi.Environment;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;

public class test {
  public static void main(String args[]) {
 try {
  WLSTInterpreter interpreter = null;
  String user="user1";
  String pass="pw12ab";
  String url ="t3://localhost:7001";
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(user);
  env.setSecurityCredentials(pass);
  Context ctx = env.getInitialContext();

  interpreter = new WLSTInterpreter();
  interpreter.exec
   ("connect('"+user+"','"+pass+"','"+url+"')");
  interpreter.exec("edit()");
  interpreter.exec("startEdit()");
  interpreter.exec
   ("cd('Servers/myserver/ServerDebug/myserver')");
  interpreter.exec("set('DebugJMSBackEnd','true')"); 
  interpreter.exec("save()");
  interpreter.exec("activate()");

 } catch (Exception e) {
 System.out.println("Exception "+e);
 }
 }
}
Using the WLST is a dynamic method and can be used to enable debugging while the server is running.

Saturday, May 12, 2012

AIA 11.1.1.6 Develop and Implement a Simple Inbound B2B Flow


AIA 11.1.1.6 Develop and Implement a Simple Inbound B2B Flow




The following figure shows the high-level steps involved in developing a simple inbound business-to-business (B2B) flow from an application to trading partners using Oracle Application Integration Architecture (AIA).




Step 1: Identifying the B2B Document and Analyzing Requirements



  1. The source and targets in the mapping are reversed. The B2B document received from trading partners is the source of the mapping. The AIA Enterprise Business Message (EBM) is the target of the mapping.
  2. At the end of this step:
    1. The B2B document is defined in Oracle B2B.
    2. The XML schema of the B2B document is uploaded in the AIA Metadata Repository.
    3. The Enterprise Business Object (EBO) and the EBM to be used in the integration are identified. 
    4. Functional mapping between the B2B document and the AIA EBM is complete.
Step 2: Adding Inbound Routing Rules to an AIA B2B Interface

  1. In inbound B2B document flows, the AIAB2BInterface service listens for new B2B documents received by Oracle B2B and routes them to the requester B2B services.


Step 3: Developing a New Requester B2B Connector Service


The key function provided by a requester B2BCS is to enable inbound B2B document
integration by performing the following tasks:
■ Receive B2B documents sent by trading partners from Oracle B2B.
■ Transform B2B documents into AIA EBMs.
■ Use EBMs as request payloads to invoke AIA Enterprise Business Services (EBSs).


Step 4: Developing or Extending an Existing Enterprise Business Service
  1. The next step,   is to develop a new EBS or use an existing EBS that is invoked by the requester B2BCS.
Step 5: Developing or Extending an Existing Provider ABCS
  1. The next step,   is to develop a new or extend an existing provider ABCS. The provider ABCS processes the AIA EBM by invoking application APIs or web-services.
Step 6: Configuring Oracle B2B and Defining Trading Partner Agreements

  1. The next step, as shown in Figure 18–21, is to create trading partner agreements in Oracle B2B.
Step 7: Deploying and Configuring AIA Services

  1. The next step, is to deploy the AIA services. You can deploy the services to a target Oracle SOA server using Oracle JDeveloper.
Step 8: Testing and Verifying
  1. The next step, is to test and verify. Before you go live with your B2B integration flows with your trading partners, we recommend that you complete a sequence of tests for your newly developed or deployed AIA services, which make up the B2B integration flow.
Step 9: Going Live and Monitoring

Oracle Fusion Middleware Security for Web Services 11g Release 1 (11.1.1.6) Policy Sets using WLST

Policy sets provide a means to attach policies globally to a range of endpoints of the same type. 


  • In addition to attaching policies directly to endpoints, you can create policy sets that allow you to attach policies globally to a range of endpoints of the same type, regardless of the deployment state. You can create and manage policy sets using both Fusion Middleware Control and the WebLogic Scripting Tool, WLST. 
  • Attaching policies globally using policy sets allows an administrator to ensure that all subjects are secured in situations where the developer, assembler, or deployer did not explicitly specify the policies to be attached.
  • Policies attached globally using policy sets also provide the following:
    • Override the policies
    • Specify run time constraint
  • Policy subjects to which policy sets can be attached include SOA components, SOA service endpoints, SOA references, Web services endpoints, Web service clients, Web service connections, and asynchronous callback clients. Policy sets can be attached at the following scopes:
    • Domain — all policy subjects of the specified type in a domain
    • Server instance—all policy subjects of the specified type in a server instance
    • Application or Partition—all policy subjects of the specified type in an application or SOA partition
    • Application module or SOA composite—all policy subjects of the specified type in an application module or SOA composite
    • Service or reference—all policy subjects of the specified type in a SOA service or reference
    • Port or component—all policy subjects of the specified type in a port or SOA component

    CREATING A POLICY SET USINg  WLST

    CreatePolicySet.py


    import os
    propInputStream = FileInputStream("PolicySets.properties")
    configProps = Properties()
    configProps.load(propInputStream)
    connect(configProps.get("userName"),configProps.get("passWord"),'t3://'+configProps.get("wlsHost")+':'+configProps.get("adminServerListenPort"))
    splits=String(configProps.get("policysets_to_be_created")).split(",")
    for dsIndex in splits:
        beginRepositorySession()
        #Variable Definitions
        policySetName=configProps.get("policySetName_"+ str(dsIndex))
        policySetType=configProps.get("policySetType_"+ str(dsIndex))
        policySetAttachTo=configProps.get("policySetAttachTo_"+ str(dsIndex))
        policySetDescription=configProps.get("policySetDescription_"+ str(dsIndex))
        policySetEnabled=configProps.get("policySetEnabled_"+ str(dsIndex))
        policySetUrl=configProps.get("policySetUrl_"+ str(dsIndex))

        print "Creating Policy Sets for System Resource Name:"+policySetName + ", Policy Set Type:" + policySetType +" Attached To: "+ policySetAttachTo + " , Description:" + policySetDescription + ", Enabled true or false: "+ policySetEnabled 
        createPolicySet(policySetName,policySetType,policySetAttachTo,description=policySetDescription,enable=policySetEnabled)
        print "Attaching Policy Sets"
        attachPolicySetPolicy(policySetUrl)
        print "Commiting Session"
        commitRepositorySession() 

    PolicySets.properties

    userName=username
    passWord=password
    wlsHost=localhost
    domainDir=domainDir
    adminServerListenPort=7001
    #Total Number of Data Sources 
    policysets_to_be_created=1
    #Properties for the first PolicySets
    policySetName_1=TestWSClientPolicySet
    policySetType_1=sca-reference
    policySetAttachTo_1=Domain("domain") and Server("server1") and Composite("*CBP*")
    policySetDescription_1=Global policy attachments for SOA Reference resources.
    policySetEnabled_1=true
    policySetUrl_1=oracle/wss10_saml_token_client_policy_OPT_ON


    Monday, May 7, 2012

    Oracle Fusion Middleware Security for Web Services 11g Release 1 (11.1.1.6) Policy Sets

    Oracle Fusion Middleware Security  for Web Services 11g Release 1 (11.1.1.6) Policy Sets

    Policy sets provide a means to attach policies globally to a range of endpoints of the same type. 



    • In addition to attaching policies directly to endpoints, you can create policy sets that allow you to attach policies globally to a range of endpoints of the same type, regardless of the deployment state. You can create and manage policy sets using both Fusion Middleware Control and the WebLogic Scripting Tool, WLST. 
    • Attaching policies globally using policy sets allows an administrator to ensure that all subjects are secured in situations where the developer, assembler, or deployer did not explicitly specify the policies to be attached.
    • Policies attached globally using policy sets also provide the following:
      • Override the policies
      • Specify run time constraint
    • Policy subjects to which policy sets can be attached include SOA components, SOA service endpoints, SOA references, Web services endpoints, Web service clients, Web service connections, and asynchronous callback clients. Policy sets can be attached at the following scopes:
      • Domain — all policy subjects of the specified type in a domain
      • Server instance—all policy subjects of the specified type in a server instance
      • Application or Partition—all policy subjects of the specified type in an application or SOA partition
      • Application module or SOA composite—all policy subjects of the specified type in an application module or SOA composite
      • Service or reference—all policy subjects of the specified type in a SOA service or reference
      • Port or component—all policy subjects of the specified type in a port or SOA component

      Creating a Policy Set


      • Navigate to the Policy Set Summary page.


      • From the Policy Set Summary page, click Create.
      • In the Enter General Information page, as shown in enter a name for the policy set.
      • Select the Enabled check box if you want to enable the policy set.
      • In the Type of Resources field, select the type of policy subject to which you want to attach policies. On the next page you define the scope of resources to which you want the policy set to apply. The type of policy subjects that you can select are as follows:
        • SOA Component
        • SOA Service
        • SOA Reference
        • Web Service Connection
        • Web Service Endpoint
        • Web Service Client
        • Asynchronous Callback Client
        • Press Next on the Top Right


      • Attach the policies and selecting the policy and pressing the Attach button; press Next

      Oracle SOA Stack 12.2.1.3

      SOA Suite 12c has a new  component: Oracle Enterprise Scheduler Service (ESS). ESS provides the ability to run different job types distribut...