Tuesday, September 24, 2013

Configuring and Installation Talend ESB 5.2 on Tomcat 6.0 on Linux- Part 1 Installation of Administration Center

Configuring and Installation Talend ESB 5.2 on Tomcat 6.0  Part 1 Installation of Administration Center

First, install the Apache Tomcat application server and stop the Tomcat service if it is automatically started.
In the rest of this documentation, <TomcatPath> points out the path where Tomcat has been installed.
Indeed we recommend you to stop this service prior to deploying the Web application
(org.talend.administrator.war).

Using 7zip:

1. Unzip the package delivered by Talend: Talend-AdministrationCenter-rYYYYY-VA.B.C.
This will give you access to the different components needed to benefit from all the Talend Administration
Center functionalities:

       • org.talend.administrator.war, the archive containing the actual Talend Administration Center Web
         application.

        • Talend-Artifact-Repository-VA.B.C.zip, the archive containing an artifact repository software, based         on Apache Archiva, that will be used to handle software updates, and also ESB artifacts, only if you             subscribed to one of Talend ESB oriented solutions.

       • an endorsed folder containing a library necessary to use the ESB Conductor of Talend Administration
          Center, only if you subscribed to one of our ESB oriented solutions.


2. Unzip the Web application, org.talend.administrator.war, into the following directory of Tomcat:
<TomcatPath>/webapps/.

3. If you subscribed to one of our ESB oriented solutions, to be able to use the ESB Conductor module of Talend Administration Center, copy the endorsed folder provided into the root directory of Tomcat.

Configuration of  Administration Center

Using a browser navigate to URL
  • http://localhost:8080/org.talend.administrator
  • Click on Set new license











  • On Selection of the license. The Admin Center validates that information and following screen is displayed.

  • Clock on "Go to login page" and enter username admin@company.com and password admin to start using the Admin Center





Sunday, August 25, 2013

Putty with XMING for OFM installations

Putty with XMING for OFM installations


PuTTY

PuTTY is a free terminal emulator that supports SSH, Telnet and Rlogin network protocols.
PuTTY has a graphical configuration interface with features like; storage of connection data, port forwarding and SCP and SFTP support

URL:     à http://www.putty.org/
           
SUGGESTED CONFIGURATION:

1)   Connection à Data – set Terminal-type = xterm or vt220.
        2)  Connection à SSH – order Blowfish then 3DES
3)    Window à Colours – leave background as black, Modify Default Foreground(text) as desired.
4)    Connection à SSH à X11 – click on Enable X11 forwarding box
5)    Click on Save, then Open


Xming:
Xming is the leading Free Software X Window Server for Microsoft Windows.
 
URL:        http://www.straightrunning.com/XmingNotes/
 
 
FILE LIST –
1.       Xming-6-9-0-31-setup.exe
-Xming 2.15MB Microsoft Windows program installer.
-Standard Xming uses the OpenGL renderer.
-Installs only the absolute minimum fonts and includes the XLaunch wizard as an optional component.

2.       Xming-fonts-7-3-0-15-setup.exe
-Font package
-Xming-fonts 30.0MB optional extra, may be used to supersede the
-absolute minimum 'Bitmap fonts' installed with Xming as well as
-providing the bulk of X Window standard fonts.
àRequired for Oracle GUI
àInstall fonts in the folder where Xming is already installed.

USAGE:
Execute Xming – icon will open in system tray on bottom right of screen.

Execute PuTTY à connect to server à enter xterm – the new window will open.
In the new xterm window start your GUI

OPEN SSL Commands

OPEN SSL to create PKCS12 Keystore

A root certificate is a fundamental component of the Public Key Infrastructure (PKI) that forms the backbone of secure communications on the internet. It is issued by a trusted entity called a Certificate Authority (CA) and is used to establish trust for a chain of certificates.


Key Characteristics of a Root Certificate:

  1. Self-Signed Certificate:

    • A root certificate is self-signed, meaning it is signed by the Certificate Authority (CA) itself.
    • This makes it the "trust anchor" of the certificate chain.
  2. Trusted by Operating Systems and Browsers:

    • Root certificates are pre-installed in the trust stores of operating systems (e.g., Windows, macOS, Linux) and browsers (e.g., Chrome, Firefox).
    • If a root certificate is in the trust store, all certificates signed by it (or intermediates it has signed) are trusted.
  3. Top of the Certificate Chain:

    • In the certificate chain, the root certificate is at the top, followed by one or more intermediate certificates, and finally the end-entity certificate (e.g., a website certificate).

Structure of a Root Certificate:

A root certificate includes:

  • Issuer: The name of the CA that issued the root certificate (usually itself, since it's self-signed).
  • Subject: The name of the entity the certificate is issued to (the CA itself).
  • Public Key: The CA's public key, used to verify signatures.
  • Validity Period: The start and expiry dates of the certificate.
  • Signature Algorithm: The cryptographic algorithm used to create the certificate's signature.

Why Root Certificates Are Important:

  1. Trust Establishment:

    • Root certificates enable secure connections (e.g., HTTPS, email encryption) by creating a chain of trust.
  2. Certificate Chain Validation:

    • When you visit a website, your browser validates the website’s certificate by following the chain of trust back to a root certificate in its trust store.
  3. Security:

    • Root certificates ensure that only trusted parties (like websites or services) can communicate securely with users.

Example of a Certificate Chain:

  1. Root Certificate:

    • Issued by "GlobalSign Root CA."
    • Installed in your system/browser's trust store.
  2. Intermediate Certificate:

    • Issued by "GlobalSign Intermediate CA" and signed by the root certificate.
  3. End-Entity Certificate:

    • Issued to "example.com" and signed by the intermediate certificate.

When you visit example.com, the browser validates the chain:

  • The end-entity certificate is trusted because it is signed by the intermediate certificate.
  • The intermediate certificate is trusted because it is signed by the root certificate.

1.)Create a Self Signed Certificate
openssl req -x509 -nodes -days 365  -newkey rsa:1024 -keyout selfsigned.pem -out selfsigned.pem

2.) Verify a self-signed certificate
openssl verify selfsigned.pem

3.) Export selfsigned.pem as PKCS#12 file, identity.pfx 
openssl pkcs12 -export -out identity.pfx -in selfsigned.pem -name "selfsigned"

4:) Extract public certificate from url
openssl s_client -showcerts -connect core-integrations.mindtelligent.com:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > certificate.pem

5:) Extract Private Key

If you have a .p7b (PKCS#7) certificate file and need to extract the private key, it’s important to note that .p7b files typically do not include the private key. They usually only contain the certificate chain (public certificates).

If you still want to extract a private key and believe the key is associated with this file, you will need the original private key that was created during the Certificate Signing Request (CSR) process or convert the .p7b to another format like .pem to handle certificates and key extraction.


To extract the private key from a .p12 (PKCS#12) file, you can use the openssl command. Here's how to do it:


 openssl pkcs12 -in ./core-integrations.mindtelligent.com.p12 -out privatekey.pem -nodes -password pass:password123

6:) Extract Certificate Chain
 
 openssl pkcs12 -in core-integrations.mindtelligent.com.p12 -clcerts -nokeys -out  core-integrations-mindtelligent.com.certchain.pem -password pass:password123




Tuesday, August 20, 2013

Mule ESB 3.4.4: Configure Oracle JDBC driver in Mule Developer Studio

Mule ESB 3.4.4: Configure  Oracle JDBC driver in Mule Developer Studio

JDBC driver is a software component enabling a Java application to interact with a database

To connect with individual databases, JDBC (the Java Database Connectivity API) requires drivers for each database. The JDBC driver gives out the connection to the database and implements the protocol for transferring the query and result between client and database.

  • Right Click on Project Explorer
  • Right Click on Build Path
  • Right Click on Add External Archives


  • Choose the location of the Oracle JDBC driver. Press Open.

  • You can the driver in the Referenced Libraries .

Create a Data Source

  • 1.) Click on Global Elements; 2.) Click on Create; 3.) Click on Data Sources; 4.) Click on Oracle Data Sources;5.)Click on OK

  • 1.) Enter JDBC URL;2.) Enter user name; 3.)Enter password.

Create a connector

  • 1.) Click on Global Elements; 2.) Click on Create; 3.) Click on Connectors; 4.) Click on Database;5.)Click on OK

  • Choose the Data Source and Press OK.

Wednesday, August 14, 2013

OIAM 11.1.2. / SOA 11.1.1.7 : Reset Expired Passwords for Infrastructure tables

OIAM 11.1.2. / SOA 11.1.1.7 : Reset Expired Passwords for Infrastructure  tables

By default the passwords for OIM and SOA infrastructure tables expire in 180 days. Incase the password expire we need to reset the password so the OIAM and SOA managed servers can be started.

To resolve this issue, following steps can be taken.

1.)  Connect to database using sys users.


2.)  Run the SQL statement select * from dba_profiles;

Here PASSWORD_LIFE_TIME field is responsible for expiring of password after 180 days.








3.  Execute following command to disable this feature:

Sql> ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;



SQL> select * from dba_profiles;



5.) We need to Reset the password of the locked user. We can use the same password or a different password.

SQL> SPOOL PassworrdResetList.sql

SQL> select 'alter user "'||d.username||'" identified by values '''||u.password||''';' c
from dba_users d, sys.user$ u
where u.user# = d.user_id
and  d.username IN (select username from dba_users where account_status like 'EXPIRED%')

SQL>SPOOL OFF

6.) SPOOL file will give a list of ALTER USER commands. execute these commands to reset the passwords.

7.) 

SQL> SPOOL LockedUsers.sql

SQL> select 'ALTER USER ' || username || ' ACCOUNT UNLOCK;' from dba_users where account_status like '%LOCKED%';

SQL> SPOOL OFF

8.) Run all the ALTER USER username ACCOUNT UNLOCK from the spool file. Please ensure that you DO NOT UNLOCK those users which are recommended to remain LOCKED by Oracle.

Sunday, August 4, 2013

OFM 10.3.6 Java code to import the certificates in JKS

OFM 10.3.6 Java code to import the certificates in JKS


package mindtelligent.custom.jks;


import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectInputStream;
import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.util.List;

public class ImportPublicCertificateToJKS {
  public static void main(String args[]) throws Exception {
    FileInputStream f = new FileInputStream("CertificatePath.dat");
    ObjectInputStream b = new ObjectInputStream(f);
    CertPath cp = (CertPath) b.readObject();

    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(null, null);
    List cplist = cp.getCertificates();
    Object[] o = cplist.toArray();
    for (int i = 0; i < o.length; i++) {
      X509Certificate c = (X509Certificate) o[i];
      ks.setCertificateEntry("my" + i, c);
    }
    FileOutputStream output = new FileOutputStream("MyCertPathStore");
    ks.store(output, "mypass".toCharArray());
    output.close();

  }
}

Sunday, July 14, 2013

OIM 11.1.2.1 Design Console Configuration

OIM 11.1.2.1 Design Console Configuration

  1. On the machine where Oracle WebLogic Server is installed (the machine where Oracle Identity Manager Server is installed), create the wlfullclient.jar file as follows:
    1. Use the cd command to move from your present working directory to the <Middleware_Home>\wlserver_10.3\server\lib directory.
    2. Ensure that JAVA_HOME is set, as in the following example:
      D:\oracle\<Middleware_Home>\jdk160_11
      To set this variable, right-click the My Computer icon and select Properties. The System Properties screen is displayed. Click the Advanced tab and click the Environment Variablesbutton. The Environment Variables screen is displayed. Ensure that the JAVA_HOME variable in the User Variables section is set to the path of the JDK directory installed on your machine.
      After setting the JAVA_HOME variable, select the Path variable in the System Variables section on the same Environment Variables screen, and click Edit. The Edit System Variable dialog box is displayed. In the variable value field, enter the complete path to your JAVA_HOME, such as D:\oracle\<Middleware_Home>\jdk160_11, preceded by a semicolon (;). The semicolon is used as the delimiter for multiple paths entered in this field.
    3. After verifying the values, click OK.
  2. At the DOS command prompt, type the following command:
    java -jar <Middleware_Home>modules/com.bea.core.jarbuilder_1.5.0.0.jar
    This command generates the wlfullclient.jar file
  3. Please refer to url http://oraclesoaandoim.blogspot.com/2013/12/creating-wlfullclientjar-for-jdk-16.html
  4. Copy the wlfullclient.jar file to the <Oracle_IDM2>\designconsole\ext\ directory on the machine where Design Console is configured.
  5. Ensure that the Administration Server and the Oracle Identity Manager Managed Server are started.  
  6. Start the Design Console client by running the xlclient.cmd executable script, which is available in the <IDM_Home>\designconsole\ directory.
  7. Log in to the Design Console with your Oracle Identity Manager user name xelsysadm  and  password.

Sunday, June 30, 2013

OFM 10.5.6: Java Code to export the certificates from JKS

OFM 10.5.6: Java Code to export the certificates from JKS


package mindtelligent.custom.jks;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.cert.Certificate;

public class ExportACertificateFromJKSToFile {
  public static void main(String[] argv) throws Exception {
    FileInputStream is = new FileInputStream("mykeystore.jks");

    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    keystore.load(is, "my-keystore-password".toCharArray());

    String alias = "myalias";
    Certificate cert = keystore.getCertificate(alias);

    File file = null;
    byte[] buf = cert.getEncoded();

    FileOutputStream os = new FileOutputStream(file);
    os.write(buf);
    os.close();

    Writer wr = new OutputStreamWriter(os, Charset.forName("UTF-8"));
    wr.write(new sun.misc.BASE64Encoder().encode(buf));
    wr.flush();

  }
}

Friday, June 21, 2013

Download and install Python on RHEL

Download and install Python 2.7.3

# wget http://python.org/ftp/python/2.7.3/Python-2.7.3.tar.bz2
# tar xf Python-2.7.3.tar.bz2
# cd Python-2.7.3
# ./configure --prefix=/usr/local
# make && make altinstall
 

Download and install Python 3.3.0

# wget http://python.org/ftp/python/3.3.0/Python-3.3.0.tar.bz2 # tar xf Python-3.3.0.tar.bz2 # cd Python-3.3.0 # ./configure --prefix=/usr/local # make && make altinstall


Download and install Distribute

Distribute provides a framework for installing packages from the Python Package Index. Each Python interpreter on your system needs its own install of Distribute.
You can find out what the latest version of Distribute is here. At the time of this edit the current version is 0.6.35. Replace the version number below if there is a newer version available.

Download and install Distribute for Python 3.3

# wget http://pypi.python.org/packages/source/d/distribute/distribute-0.6.35.tar.gz
# tar xf distribute-0.6.35.tar.gz
# cd distribute-0.6.35
# python3.3 setup.py install


 

Sunday, June 9, 2013

OIM 11g Release 2 (11.1.2) Download, Installation, and Configuration- Part 5 Configuring Database Security Store for an Oracle Identity and Access Management Domain

OIM 11g Release 2 (11.1.2) Download, Installation, and Configuration- Part 5 Configuring Database Security Store for an Oracle Identity and Access Management Domain




You must run the configureSecurityStore.py script to configure the Database
Security Store as it is the only security store type supported by the Oracle Identity &

Access Management 11g Release 2 (11.1.2).

The configureSecurityStore.py script is located in the <IAM_
HOME>\common\tools directory. You can use the -h option for help information
about using the script. Note that not all arguments will apply to configuring the
Database Security Store.
For example:
On Windows:
<MW_HOME>\oracle_common\common\bin\wlst.cmd <IAM_
HOME>\common\tools\configureSecurityStore.py -h
On UNIX:
<MW_HOME>/oracle_common/common/bin/wlst.sh <IAM_
HOME>/common/tools/configureSecurityStore.py -h


Configuring the Database Security Store Using Create Option

To configure a domain to use a database security store using the -m create option,
you must run the configureSecurityStore.py script as follows:
On Windows:
<MW_HOME>\oracle_common\common\bin\wlst.cmd <IAM_
HOME>\common\tools\configureSecurityStore.py -d <domaindir> -c IAM -p <opss_
schema_password> -m create
For example:
C:\OIM\Oracle\Middleware\oracle_common\common\bin\wlst.cmd C:\OIM\Oracle\Middleware\Oracle_IDM1\common\tools\configureSecurityStore.py -d C:\OIM\Oracle\Middleware\user_projects\domains\base_domain -c IAM -p welcome1-m create 
On UNIX:
<MW_HOME>/oracle_common/common/bin/wlst.sh <IAM_
HOME>/common/tools/configureSecurityStore.py -d <domaindir> -c IAM -p <opss_schema_password> -m create



wls:/offline> C:/OIAM/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py -d C:/OIAM/Middleware/user_projects/domains/base_domain -c IAM -p Welcome1
-m create

On successful execution of this script, you should see following screen status




OIM 11g Release 2 (11.1.2) Download, Installation, and Configuration- Part 2 Repository Creation Utility

OIM 11g Release 2 (11.1.2) Download, Installation, and Configuration- Part 2 Repository Creation Utility

  • Please view the Part 1 of this thread. Installation of JDK and Weblogic Server 
  • Download Oracle Fusion Middleware Repository Creation Utility 11g (11.1.2.1.0) for Microsoft Windows (32-bit)
  • Unzip the downloaded RCU file. Navigate to RCU_HOME/bin directory and run utility



  • Launch of rcu will bring the following screen. Click Next.


  • Choose the option to Create






  • Enter Database Information Host, Port, Service Name, Username and Password.




  • Click OK on Checking Prerequisites window.


  • Choose the Components to be created. Press Next 

  • Enter the password for all schemas and press Next



  • Press Create

  • Press Close when done.


OIM 11.1.2 R2: Install AD connector on Connector Server

OIM 11.1.2 R2: Install AD connector on Connector Server

Prior to installing the AD connector on the connector server, please ensure that the connector server is installed is installed. Please click here for more details on installation of connector server.


1.       Stop the Connector Server.

2.       From the installation media, copy the ActiveDirectory.Connector-1.1.0.6380.zip file from the bundle directory to the CONNECTOR_SERVER_HOME directory. For Example: C:\Program Files\Identity Connectors\Connector Server. And unzip the ActiveDirectory.Connector-1.1.0.6380.zip file there. The contents of zip file should be directly in Connector Server directory.




3.       Delete the zip file and start the Connector Server Service for the connector bundle to be picked up by the Connector Server.

OIM 11g Release 2 (11.1.2) Download, Installation, and Configuration- Part 6 Configure Oracle Identity Manager Server.

OIM 11g Release 2 (11.1.2) Download, Installation, and Configuration- Part 6 Configure Oracle Identity Manager Server.




  • Start the Administrator server $FM_HOME\user_projects\domains\base_domain\startWeblogic.cmd
  • To start the Oracle Identity Manager 11g Configuration Wizard, execute the <IAM_Home>/bin/config.sh script (on UNIX) on the machine where the Administration Server is running. (<IAM_Home>\bin\config.bat on Windows). The Oracle Identity Manager 11g Configuration Wizard starts, and the Welcome Screen appears.

  • Select OIM Server, Design console and Remote Manager


  • Enter Connection string and Infrastructure Information, press Next

  • Enter Weblogic Server URL, Username and Password















Sunday, June 2, 2013

OIM 11.1.2.2 : Deploying the SPML-DSML Service

OIM 11.1.2.2 : Deploying the SPML-DSML Service

1. Log in to the Oracle WebLogic Server Administration Console.


2. In the Change Center region, click Lock & Edit to enable modification to the settings on the page.

3. In the Domain Structure region, click Deployments.





















4. On the right pane, click Install.














5. On the Locate deployment to install and prepare for deployment page, in the Path field, enter      
    OIM_HOME\server\apps. 




6. In the region following the Current Location field, select spml-dsml.ear and then click Next.





7. On the Choose targeting style page, click Next to accept the default selection and proceed with            installation.



8. On the Select deployment targets page, in the Available targets for spml-dsml region, select oim_server1 if Oracle Identity Manager is installed in a nonclustered environment. Otherwise, select oim_cluster.




9. Click Next.

10. On the Optional Settings page, in the Source accessibility region, select I will make the deployment accessible from the following location, and then click Next.




11. On the Review your choices and click Finish page, verify the data that you have provided, and then click Finish.







12. On the Settings for spml-dsml page, review the configuration information of the deployed SPML-DSML Service, and then click Save.




13. In the Change Center region, click Activate Changes for the changes to take effect.

14. On the left pane, in the Domain Structure region, click Deployments. 




15. On the right pane, in the Deployments table, select spml-dsml, and then from the Start list, select Servicing all requests. The SPML-DSML Service is started.







16 For Oracle WebLogic Server:
http://IP ADDRESS:NON-SSL PORT NUMBER/spmlws/OIMProvisioning

https://IP ADDRESS:SSL PORT NUMBER/spmlws/OIMProvisioning

Sunday, May 12, 2013

OIM 11.1.2 R2: Installation of Connector Server


OIM 11.1.2 R2: Installation of Connector Server

The connector server is the Windows server. Before installing the Connector Server, ensure that .NET Framework 3.5 or above is installed on the same server where we are installing the Connector Server.
1.       Login on the Windows server (as referred as Dot Net Connector server)
2.       Extract the contents of the Connector Server package (Connector_Server_111210.zip) and locate the ServiceInstall-1.4.0.0.msi file.
3.       Install the Connector Server by running the ServiceInstall-1.4.0.0.msi file and following the wizard. The wizard takes you through the installation process step-by-step. After completion, the .NET Connector Server is registered as a Windows service.







4.  Start the Microsoft Services Console.
5.       If the .NET Connector Server is running, stop it by stopping the Windows service named Connector Server.
6.       To set a custom key for the .NET Connector Server, use the /setkey command-line argument, as follows:
a.       Change to the directory where the .NET Connector Server was installed. The default directory is:
C:\Program Files\Identity Connectors\Connector Server
b.      Run the following command:
ConnectorServer.exe /setkey NEW_KEY
In this command, NEW_KEY is the value for the new key. This key is required by any client that connects to this .NET Connector Server.
7.       Check the settings in the .NET Connector Server configuration file (ConnectorServer.exe.config). These settings are in the element named AppSettings. For example:
<add key="connectorserver.port" value="8759" />
<add key="connectorserver.usessl" value="false" />
<add key="connectorserver.certificatestorename" value="ConnectorServerSSLCertificate" />
<add key="connectorserver.ifaddress" value="0.0.0.0" />
Note: The most common settings you might want to change are:
ü  Port number: To change the port, set connectorserver.port to a value other than 8759 (If require in Production. For example: port enablement or Firewall issue).
Note: This port should be accessible from OIM server (Firewall opened)
ü  SSL settings: To use SSL, set connectorserver.usessl to true and then set connectorserver.certificatestorename to your certificate store name. (If the SSL is implemented)
8.       Save the following configuration information from the .NET Connector Server installation. This information must be specified while configuring the IT resource for the Connector Server:
ü  Host name or IP address
ü  Connector Server port
ü  Connector Server key values
ü  Whether SSL is enabled

9.       Restart Connector Server by restarting the Windows service.

Amazon Bedrock and AWS Rekognition comparison for Image Recognition

 Both Amazon Bedrock and AWS Rekognition are services provided by AWS, but they cater to different use cases, especially when it comes to ...