lab 1 - getting started with oim 11g - · pdf filelab 1 - getting started with oim 11g ......
TRANSCRIPT
Lab 1 - Getting started with OIM 11g
Contents Lab 1 - Getting started with OIM 11g..................................................................................................................................... 1
1. Introduction .............................................................................................................................................................. 1
2. Contents ................................................................................................................................................................... 3
2.1 VM Accessibility .................................................................................................................................................... 3
2.2 Understand directory structures ............................................................................................................................ 4 2.3 Database Details................................................................................................................................................... 5 2.4 Middleware components – Server startup/shutdown and Topology ...................................................................... 9
2.5 Basic usage principles about navigating OIM consoles ...................................................................................... 27 2.6 Installing OIM Customization Installer Extension on JDeveloper ........................................................................ 51
2.7 Verification of plug-in deployment / undeployment from JDeveloper .................................................................. 68
Appendix - Adding support for newer JDeveloper versions .......................................................................................... 92
1. Introduction
A pre-installed OIM 11g environment is already available in the VM and it can be used for experiencing the product through practicing various scenarios. In this lab, which is first in the current workshop, basic but relevant aspects of OIM 11g usage have been covered that will help you to get started with the exploration. This lab will include details about important post-install steps including understanding directory structures, understanding oracle database users, starting necessary server components and launch the various consoles to understand the basic usage of the changed UI layout/framework.
1.1 VM Accessibility
1.2 Understand directory structures
Oracle database installation directory
Weblogic middleware home directory
Weblogic domain for OIM and SOA
OIM Home directory within Weblogic Middleware home
SOA Home directory within Weblogic Middleware home
Design Console Installation directory
Jdeveloper Installation directory
Connector Server Installation directory
1.3 Database Details
Database instance
Database Users
Startup/Shutdown
1.4 Middleware components – Server startup/shutdown and Topology
Weblogic domain Admin server (including SOA application also) – compact environment
OIM Managed server
OIM Design Console
DSEE Server
Connector Server
JDeveloper
View deployment topology (in Weblogic)
1.5 Basic usage principles about navigating OIM consoles
Unauthenticated Self Service
Authenticated Self Service
Administration Console
Advanced Administration Console
Transitional UI
Navigation through consoles to use functional modules
UI Layout, Left side section
Simple search
Advanced search
Online Help integration
BI Publisher console
1.6 Install OIM Customization Installer Extension As JDev Plugin
oim-customization-installer.zip
1.7 Verification of Customizations Deployment in MDS
Creating Database Connection in Jdeveloper
Creating SOA- MDS Connection
2. Contents
2.1 VM Accessibility
OS credentials to login:
Username : oracle
Password : abcd1234
All the applications should always be run within the user session of the oracle user.
If needed, the root user password is also abcd1234.
2.2 Understand directory structures
Oracle database installation directory
Oracle Database 11.1.0.7 with few required minor patches has been installed on the VM at
the following location
/u01/app/oracle/product/11.1.0/db_1
Weblogic middleware home directory Weblogic <version> has been installed at the following location
/odrive/oracle/oim11g_MWH
Weblogic domain for OIM and SOA
The directory for Weblogic domain which contains the server components for OIM and SOA is
at the following location:
/odrive/oracle/oim11g_MWH/user_projects/domains/oim11g_domain
SOA Home directory within Weblogic Middleware home
/odrive/oracle/oim11g_MWH/Oracle_SOA1
OIM Home directory within Weblogic Middleware home
/odrive/oracle/oim11g_MWH/Oracle_IDM1
Design Console installation directory
/odrive/oracle/oim11g_MWH/Oracle_IDM1/designconsole
Jdeveloper installation directory
/odrive/oracle/oim11g_MWH/jdeveloper
Connector Server Installation directory
/odrive/oracle/oim11g_MWH/Oracle_IDM1/connector_server_java-1.2.6195
JES Email Server directory
/odrive/installs/jes-1.6.1.zip_FILES
2.3 Database Details
Database Instance Hostname – orclfmw.example.com Name of the SID – idm11gdb
Database Users o sys
It is the sys (role SYSDBA) user of the database. Password – abcd1234
o FETRNG3_OIM It is the database user holding OIM product database schema. Password – abcd1234
o FETRNG3_MDS It is the database user holding configuration database schema for OIM and SOA products. Password – abcd1234
o FETRNG3_SOAINFRA It is the database user holding SOA product database schema. Password – abcd1234
o FETRNG3_ORASDPM It is the database user holding SOA User Messaging product database schema. Password – abcd1234
Startup/Shutdown Common environment variables
[[email protected] ~]$ export ORACLE_HOME=/u01/app/oracle/product/11.1.0/db_1
[[email protected] ~]$ export ORACLE_SID=idm11gdb
[[email protected] ~]$ export PATH=$ORACLE_HOME/bin:$PATH
[[email protected] ~]$ lsnrctl start
[[email protected] ~]$ sqlplus /nolog
SQL> connect /as sysdba;
Startup command
SQL> startup force;
Shutdown command
SQL> shutdown immediate;
[[email protected] ~]$ lsnrctl stop
Easy way available in VM
On DB startup, if you see the following error, follow the step mentioned below.
Error - ORA-00838: Specified value of MEMORY_TARGET is too small, needs to be at least 996M
Solution - SQL> create pfile from spfile;
open file /odrive/oracle/database/product/11.1.0/db_1/dbs/initidm11gdb.ora
comment the line *.sga_target
SQL> startup pfile=/odrive/oracle/database/product/11.1.0/db_1/dbs/initidm11gdb.ora
2.4 Middleware components – Server startup/shutdown and Topology
Weblogic domain Admin server (including SOA application also) – compact environment Startup
[[email protected] ~]$ cd
/odrive/oracle/oim11g_MWH/user_projects/domains/oim11g_domain
[[email protected] ~]$ ./startWebLogic.sh
Weblogic username/password when prompted: weblogic/abcd1234
Note: As this is a compact environment, relevant SOA Application (soa-infra) among the entire SOA Suite has been deployed on the Admin server itself instead of having a separate managed server for SOA Suite, which is the conventional deployment topology when you install the product OOTB.
Shutdown
[[email protected] ~]$ cd
/odrive/oracle/oim11g_MWH/user_projects/domains/oim11g_domain
[[email protected] ~]$ ./stopWebLogic.sh
Easy way available in VM
On Admin server startup, if you see the following error, follow the step mentioned below.
Error - Caused By: weblogic.jdbc.extensions.ConnectionDeadSQLException:
weblogic.common.resourcepool.ResourceDeadException: 0:weblogic.common.ResourceException:
Could not create pool connection. The DBMS driver exception was: Socket read timed out
Solution - Remove /etc/resolv.conf and restart the weblogic processes. You may also want to restart the
listener processes as well. You could also edit /etc/nsswitch.conf. Note if you are using DHCP and you
reboot resolv.conf may get created again.
OIM managed server Startup
[[email protected] ~]$ cd
/odrive/oracle/oim11g_MWH/user_projects/domains/oim11g_domain/bin
[[email protected] ~]$ ./startManagedWebLogic.sh oim_server1
http://orclfmw.example.com:7001
Shutdown
[[email protected] ~]$ cd
/odrive/oracle/oim11g_MWH/user_projects/domains/oim11g_domain/bin
[[email protected] ~]$ ./stopManagedWebLogic.sh oim_server1
t3://orclfmw.example.com:7001 weblogic abcd1234
Easy way available in VM
OIM Design Console [[email protected] ~]$ cd /odrive/oracle/oim11g_MWH/Oracle_IDM1/designconsole
[[email protected] ~]$ ./xlclient.sh
Easy way available in VM
Deployment topology (in Weblogic) Weblogic admin console can be accessed from host machine at following URL:
http://orclfmw.example.com:7001/console OR http://127.0.0.1:7001/console
In case of accessing from other machine, put IP address or qualified hostname
http://orclfmw.example.com:7001/console
Username/password: weblogic/abcd1234
Login to OIM Console
OIM console can be accessed from host machine at following URL:
http://orclfmw.example.com:14000/oim OR http://127.0.0.1:14000/oim
In case of accessing from other machine, put IP address or qualified hostname
http://orclfmw.example.com:14000/oim
Username/password: xelsysadm/Abcd1234
2.5 Basic usage principles about navigating OIM consoles
OIM - Unauthenticated console Any user without a valid user account in OIM repository can access this console for various relevant operations. The most natural usage of the unauthenticated console will be Self-registration. Open the browser and access the following URL: http://orclfmw.example.com:14000/oim
Any user with a valid user account in OIM repository can access this console for various relevant operations. From unauthenticated console above enter User Login, Password and click Sign In to get to Self Service Console
Note: If you are logging in with an OIM user account for the first time, the user interface will get redirected to the page for setting preferable password and also challenge response questions (except the scenario where user account would have been created through self registration). This information is required for serving “Forgot Password” requests later on day 2, if the user loses her password and then would have to provide answers to the registered challenge questions.
OIM - Identity Administration console Any user with a valid user account in OIM repository and appropriate privileges can access the Identity Administration console. Click Administration tab from Self Service Console to get here
OIM - Advanced Administration console Any user with a valid user account in OIM repository and appropriate privileges can access the Advanced Administration console. Click Advanced tab from Self Service or Administration Console to get here
OIM Transitional UI UI for some of the functionalities exposed through Advanced Administration console is still available in a legacy mode, with the same LAF as OIM 9.1.x version UI. On the Advanced Administration console, click the link Create Access Policy. The following screen entitled Create Access Policy will open in a new pop-up, which is one of the screens available in the transitional UI.
Navigation through consoles to use functional modules It is important to understand the basic form of all OIM consoles to identify easy ways of accessing functional modules exposed by them.
All OIM consoles provide two points of entry into any exposed functional module. In the Identity Administration console screen shown below, look at one of the functional modules, which is OIM Authorization policy modeling that could be accessed either by clicking on the tab entitled Authorization Policy or the panel of the Welcome page entitled Authorization Policies.
The set of operations/options available within a tab (representing functional module) are also available in the corresponding panel for that module on the welcome page. Using the same example shown above, the operations Advanced Search - Authorization Policies and Create Authorization Policy are available on the welcome page panel entitled Authorization Policies and also within the tab Authorization (below)
Same behavior is true for ALL OTHER OIM consoles exposing any functional modules that we have discussed in this step
UI Layout, left side section Most of the OIM consoles have a thinner section on the left hand side, which would generally have the simple search feature for the relevant set of entities selected in the above combo. Also the width of this thinner left-sided section can be re-sized by dragging the vertical line (highlighted by a thick red band in the screen below). Also notice a arrow button that can hide this left side section.
On the top horizontal bar of this thin left side section, there are icons representing various operations (screen below). The same set of operations is also available as values in a dropdown titled Action. These operations could be executed on the entities, which are obtained as simple search results
Simple Search As already discussed, the left side thinner re-sizable section mainly contains the simple search wizard. As an example in the screen below, you can check how users can be rapidly searched using the simple search wizard by providing the value xelsysadm (which means value of ANY attribute for an OIM user) in the textfield in front of the combo Users.
Results of a simple search will be displayed as in the screen below and clicking on the record from search will open up the record details.
As shown in the screen below this interface can be launched by clicking on the link Advanced Search, present in most of the OIM consoles. It can also be launched by clicking the link Advanced Search-<<Entity Name>> in any relevant functional module section (sub page) on the right side.
Once launched, one needs to provide input values for the relevant attributes to define the search filter, as shown in the screen below. Finally the search gets executed after clicking the button Search.
If the default set of fields/attributes present on the advanced search screen is not sufficient, more can be added by clicking the combo button Add Fields and selecting the desirable attributes.
A field (like Display Name in the screen below) could also be added in the search filter twice, if the matching criterion is different (below example, Contains and Not Contains). A custom added search attribute could also be deleted again by clicking the red cross icon (X)
On the top horizontal bar of the search results table, there are icons representing various operations (screen below). The same set of operations is also available as values in a dropdown titled Action. These operations could be executed on the entities which are obtained as advanced search results
In order to show more attributes for the search result entities, click on View > Columns > and select as many columns as desired.
In order to reorder display of attributes for the search result entities, click on View > Reorder Columns > and reorder the columns by using the up and down arrows available in the popup (as shown below).
Online Help Integration All OIM consoles are linked to online help module which is populated with the content relevant to the parent console from where it is launched. Screen shown below shows the link to launch Online Help module for Identity Administration console. Click Help.
The Help content gets displayed in popup as shown in the screen below. Click Contents to see a tree based list of contents available to read.
BI Publisher Console
BI Publisher is running at http://orclfmw.example.com:7001/xmlpserver Login as “Administrator” with “Administrator” as password and verify that BI Publisher is installed and working.
2.6 Installing OIM Customization Installer Extension on JDeveloper
Before using OIM Customization Installer,
JDeveloper 11.1.1.5 should be installed on the system, which has been done already on the VM
For any customization that has to be deployed using this framework, below folder structure should be followed to package its source as it should show up in the JDeveloper IDE. The package of all the customization artifacts that will be used in this training course, already follow this recommended structure.
Folder Structure Description PROJECT-CONTEXT]/config All .xml files [PROJECT-CONTEXT]/resources All the required resources files [PROJECT-CONTEXT]/lib All the required jar files [PROJECT-CONTEXT]/src All java source files
Please note that the above folder structure is mandatory. A directory can be left empty, but should not be missed out from the folder structure.
Install OIM Customization Installer Extension on JDeveloper
Select menu “Help” -> “Check for Updates”
Reinstall OIM Customization Installer Extension on JDeveloper
Manually delete all the files from the {JDEVELOPER-HOME}/jdev/extensions folder (See the screenshots below).
{JDEVELOPER-HOME}/jdev/extensions/OIMCustomizationInstaller.jar (JAR file to be deleted)
{JDEVELOPER-HOME}/jdev/extensions/oracle.ide.lcm (Folder to be deleted)
Other backup files such as OIMCustomizationInstaller.jar.backup may also be deleted. However it is not necessary that you delete them.
To Install/Reinstall OIM Customization Installer, the process of reinstallation of JDeveloper is similar as installation. If plug-in is already installed then JDeveloper will show below screen.
Java Project Build Path settings in JDeveloper
Please make sure you have added all required jar files for your plug-in java project in JDeveloper.
Select desired project and right click on “Project Properties”.
Browse and add required JAR from local disk.
Using OIM Customization Installer Extension for OIM Plugins
After restart, “OIM customization installer” Menu will be displayed under “Tools”.
After saving the configuration details, user can verify connection using “Test connection” button.
Before trying to deploy any project, please make sure you have added the dependent JAR files in the project classpath and have good package folder structure in place.
If you wish that these dependent JAR files should also be moved to OIM, then copy these files to [PROJECT-CONTEXT]/lib folder.
To perform single click deployment of implemented plug-in in JDeveloper, “Tools” -> “OIM customization installer”-> “Deploy”
If the deployment is successful, a success dialog will be shown.
If the deployment fails, a failure dialog will be shown.
If a plug-in is not already installed, it will show up an error window.
To perform single click undeployment of deployed plug-in,
“Tools” -> “OIM customization installer”-> “undeploy”
If the undeployment is successful, a success dialog will be shown.
2.7 Verification of plug-in deployment / undeployment from JDeveloper
Creating Database Connection in JDeveloper.
Open JDeveloper and select “File” -> “New”.
Verify connection status to OIM Database using “Test Connection” Open “Resource Palette” to navigate the created database connection
Create SOA-MDS Connection. [This option will be available only if the “Oracle SOA Composite Editor” extension is
installed on JDdeveloper. This can be downloaded from “Oracle SOA Composite Editor”].
SOA-MDS connection is nothing but a user-friendly interface to view MDS database details. All the metadata files that have been imported in MDS can be viewed easily in a hierarchical tree structure.
Create SOA –MDS connection.
Please make sure you have selected “Connection” to MDS database and MDS partition as “oim”.
2. Fire “select * from plugins;” query in database SQL worksheet and verify plug-in ids which is given in plugin.xml
while deployment.
Appendix - Adding support for newer JDeveloper versions
Not for this training but later if you want to use the OIM Customization installer on a later upcoming version of JDeveloper, follow the procedure mentioned below to update this JDeveloper plugin.
4.1 Extract the contents of oim-customization-installer.zip
4.2 Navigate inside the META-INF directory and open bundle.xml in a text editor
4.3 Update the highlighted line in the below screenshot to specify the latest JDeveloper version for which
the support needs to be added.
4.4 Repackage oim-customization-installer.zip.
4.4.1 Delete existing oim-customization-installer.zip file.
4.4.3 The below highlighted will be the latest oim -customization-installer.zip file with the support for the specified
version of JDeveloper.
Appendix – Accessing JES based Email server INBOX
The section below and document illustrates the steps to be taken to configure Thunderbird client for the email ids created in the local email server (JES).
1. Open Thunderbird client. Click on ‘Tools’-> ‘Account Settings’
3. In the pop-up window,
- Enter the server name (which should be your full computer name in which you have installed the mail server (like
JES)).
- Give the outgoing port number as configured in the mail server (the default is 25).
- Click ‘OK’.
- Enter the email address which needs to be configured and the account password.
- Click ‘Continue’.
- Allow the client to identify the server details.
9. Click on ‘Server Settings’ option.
- Give you full computer name in ‘Server Name’ field.
- Enter the email address in ‘User Name’ field.
- Enter the port as defined in the email server for Incoming. (The default value is 110).
- Ensure that the server Type is POP Mail Server.
10. The above steps complete the configuration of the email account in Thunderbird. Verify the setup by sending an email
on the same account to the same account as shown below.