Post Installation Steps

Recommended - Follow previous steps for Weblogic Domain Creation before running the post installation steps - https://rite-oim.blogspot.com/2019/12/weblogicdomain-configuration-22.html (Ignore, if already done)

After completing the above steps, start executing below scripts -

vi /home/oracle/.bash_profile

DOMAIN_HOME=/home/oracle/12C/middleware/user_projects/domains/OIG12C

source ~/.bash_profile

cd $DOMAIN_HOME

mkdir servers

mkdir servers/AdminServer

mkdir servers/oim_server1

mkdir servers/soa_server1

mkdir servers/AdminServer/security

mkdir servers/oim_server1/security

mkdir servers/soa_server1/security

vi boot.properties

username=weblogic

password=Oracle123

cp boot.properties servers/AdminServer/security

cp boot.properties servers/oim_server1/security/

cp boot.properties servers/soa_server1/security/

rm boot.properties

Set Alias

vi /home/oracle/.bash_profile

# Oracle Navigation aliases

alias godb='cd /home/oracle/12C/oracle_db/db_home/ && echo "-- ORACLE DATABASE HOME --"'

export godb

alias gomwh='cd /home/oracle/12C/middleware/ && echo "-- ORACLE MIDDLEWARE HOME --"'

export gomwh

alias godh='cd $DOMAIN_HOME && echo "-- ORACLE OIM DOMAIN HOME --"'

export godh

alias gooim='cd $DOMAIN_HOME/servers/oim_server1 && echo "-- OIM SERVER HOME --"'

export gooim

alias gosoa='cd $DOMAIN_HOME/servers/soa_server1 && echo "-- SOA SERVER HOME --"'

export gosoa

alias goadmin='cd $DOMAIN_HOME/servers/AdminServer && echo "-- WL ADMIN SERVER HOME --"'

export goadmin

# Oracle startup shortcuts

alias startnm='nohup $DOMAIN_HOME/bin/startNodeManager.sh > $DOMAIN_HOME/nodemanager/nodemanager.log &'

export startnm

alias stopnm='nohup $DOMAIN_HOME/bin/stopNodeManager.sh >> $DOMAIN_HOME/nodemanager/nodemanager.log &'

export stopnm

alias startadmin='nohup $DOMAIN_HOME/bin/startWebLogic.sh > $DOMAIN_HOME/servers/AdminServer/admin.log &'

export startadmin

alias stopadmin='nohup $DOMAIN_HOME/bin/stopWebLogic.sh >> $DOMAIN_HOME/servers/AdminServer/admin.log &'

export stopadmin

# Oracle log shortcuts

alias nmlog='tail -f $DOMAIN_HOME/nodemanager/nodemanager.log'

export nmlog

alias adminlog='tail -f $DOMAIN_HOME/servers/AdminServer/admin.log'

export adminlog

alias soalog='tail -f $DOMAIN_HOME/servers/soa_server1/logs/soa_server1.out'

export soalog

alias oimlog='tail -f $DOMAIN_HOME/servers/oim_server1/logs/oim_server1.out'

export oimlog

source ~/.bash_profile

Offline Configuration

DOMAIN_HOME=/home/oracle/12C/middleware/user_projects/domains/OIG12C/

export DOMAIN_HOME

JAVA_HOME=/home/oracle/12C/jdk1.8.0_231/

export JAVA_HOME

cd /home/oracle/12C/middleware/idm/server/bin

chmod 777 offlineConfigManager.sh

./offlineConfigManager.sh

Run Node Manager

startnm

nmlog

Run Admin Server

startadmin

adminlog

After Admin server comes up

start soa from admin console

After soa server is up -

start oim from admin console

Tunneling

Download moba-xtrem home edition - https://mobaxterm.mobatek.net/download.html

Click on tunneling and configure it like below - 

IP Address below is VM's IP address

Access weblogic with url http://localhost:7001/console

After this - Start SOA-OIM Integration - https://rite-oim.blogspot.com/2019/12/soa-oim-integration-recommended-follow.html

SOA OIM Integration

Recommended - Follow previous steps for completing post installation steps before SOA OIM integration - https://rite-oim.blogspot.com/2019/12/post-installation-steps-23-december.html (Ignore if already done)

After completing the above steps, start performing below steps.

Open em console and start integrating

After successful integration , tunnel another port 14000 for OIM in moba-xterm and access the url - http://localhost:14000/identity

OIM Connector / DBAT connector Trusted Recon not working - No Recon Profile generated


Solution :

Please try one of this -

1. Create Recon Profile from Resource History for the connector you are looking for in Design Console and save.
2. There is a bug in ICF connectors Bug 19329379 - Check OIM system property for Batch Size - OIM.ReconBatchSize , edit this from 0 to 500 and restart the OIM servers.
3. Check the filters in Schedule Job , remove irrelevant filters.

Chart.js or chart js update chart on Angular 2 and above

After burning a lot of hours finally got the perfect solution

Chart.js or chart js update chart Angular 2 and above

Follow Angular2-chartjs to create charts in Angular 2 and above.

Once your project is working as expected and you want to update the charts as per your desired data please follow below easy and simple steps -

1. Add your chart id in html file and add a method to land in your component.

<chart #monthlyChart [type]="typeItems" [data]="dataItems" [options]="optionsItems" (click)="updateItemCategory()"></chart>

for example -

#monthlyChart is chart id

and

(click)="updateItemCategory()" is for invoking the update method

2. In your app component - 

import { ChartComponent } from 'angular2-chartjs';

then inside component class 


@ViewChild(ChartComponent,{static:false}) monthlyChart: ChartComponent; 

private updateItemCategory(){
   setTimeout(() => {
       this.monthlyChart.chart.data.datasets[0].data = [565, 539, 680, 381, 556];
       this.monthlyChart.chart.data.labels =  ["January", "February", "March", "April", "May"];
       this.monthlyChart.chart.update();
   }, 10);
}

Done - Just run your project again and check ☺☺

References -Angular2-chartjs

Angular2-chartjs_issues

OIM - Recon Event is not getting generated or Create Reconciliation Profile Failed or Failed to Create Index on RA_ in OIM Diagnostic Logs

Issue :

OIM - Recon Event is not getting generated or Create Reconciliation Profile Failed or Failed to Create Index on RA_ in OIM Diagnostic Logs

Solution : 

The issue was due to Child form must have atleast 1 key field

To resolve set Required=true as properties in key attribute for child process form.

Data AccessException: com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: Description: ORA-00936: missing expression SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException

Issue - 

Data AccessException:SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException

com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: = Description: ORA-00936: missing expression

Solution - 

Correct the Mapping of adapter variables in Process Task.

This issue is typically due to incorrect mapping of Columns in Process Task Adapter.

Mostly this issue occurs when Process task's Adapter Variable is mapped with wrong Column_Name/Table_Name required in Adapter. Check the Process Task Adapter Mapping and its literal value for Process Form - Column_Name/Table_Name. The column name and table name must be exactly same as provided in Process Form.

For example :

Child Table name = UD_SIEBEL_C

Child Table Column Name = UD_SIEBEL_C_USER_LOGIN

So your adapter mapping must contain same/exact value as provided in Process Form.

In my case I configured the wrong Child Process form column_name in my Process Task's Adapter mapping , which is required to update the Child Process Form's column value.

Let's say Instead of "UD_SIEBEL_C_USER_LOGIN", I configured it to UD_SIEBEL_C_U_LOGIN

OIM - Target Reconciliation - Child Table entry is coming Blank.

Follow

24 people are following Ritesh Maddala. Be the first of your friends.

OIM - Target Reconciliation - Child Table entry is coming Blank.

Issue -

During target reconciliation, the users are getting linked properly and reconciliation data is also visible in Reconciliation Event, but the issue is, the Role Name is not visible or a blank value is coming in Child table.

Solution -

1. Configure/Create a lookup to get the Groups or Role from Target System.

2. Run lookup reconciliation scheduler.

3. Check the groups in lookup configured/created in step 1.

4. If Groups/Roles are present in the above lookup, run Entitlement List Scheduler.

5. Check Entitlement Tab under App Instance for Particular App Instance.

6. Now run the Target reconciliation again.

7. If you face the same issue, then check ReconAttrMap Lookup. It might be possible that, you have missed to append  "[LOOKUP]" as keyword for code key for the role attribute. 

Check your Connector DOC first for how to Map the Child Table Attributes in ReconAttrMap.

For example - If you are using DBAT connector then Replace --> Groups~Group Name to Groups~Group Name[LOOKUP]

Here in the above example - Groups is Multi Valued Attribute in Resource Object and Group Name is an attribute for Role/Group.

Error ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER BEA-000000 oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : doUpdate : Error while updating user java.lang.RuntimeException: Parameter 'uid' must not be null.

Issue - 

Error while disabling user - Parameter 'uid' must not be null.

Error ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER  BEA-000000     oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : doUpdate : Error while updating user

 java.lang.RuntimeException: Parameter 'uid' must not be null.

Solution -

1. Check your  ProvAttrMap lookup and add only those attributes as code and decode key which are in Resource Object.

2. Test your use case again.

3. If you are still facing issue - then check the Code and Decode key - also check the Process Form labels for Code Key or (Compare with your connector document for correct mapping of Code and Decode key in ProvAttrMap) 

DBAT Connector throwing Null Pointer Exception while Disabling User Account - ICProvisioningManager : doUpdate : Error while updating user java.lang.NullPointerException

Issue -

             ICProvisioningManager : doUpdate : Error while updating user 

                java.lang.NullPointerException

                at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.doUpdate(ICProvisioningManager.java:640)

                at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.doEnable(ICProvisioningManager.java:619)

                at oracle.iam.connectors.icfcommon.prov.ICProvisioningManager.disableUser(ICProvisioningManager.java:553)

Solution -

OIM expects UID as an object to be returned From groovy script. SO add the below line in your groovy script at the end - 

return new Uid(uid); 

Replace uid with the user id attribute in your groovy script. 

RACF - Target Recon Issue - Not linked to any user - IAM-0050000[[ oracle.iam.platform.utils.SuperRuntimeException: oracle.iam.platform.tx.OIMTransactionException: java.sql.SQLException: ORA-01407: cannot update ("IAM_OIM"."OIU"."OST_KEY") to NULL

Problem :

IAM-0050000[[

oracle.iam.platform.utils.SuperRuntimeException: oracle.iam.platform.tx.OIMTransactionException: java.sql.SQLException: ORA-01407: cannot update ("IAM_OIM"."OIU"."OST_KEY") to NULL

Solution :

1. Login to OIM - Sysadmin Console.
2. Open Scheduler Window.
3. Search for "RACF Reconcile All Users"
4. Modify the "SingleValueAttributes" Parameter with all your required fields on the process form.

5. I have populated the "SingleValueAttributes" Parameter with below values -

cn,

defaultGroup,

instdata,

lastaccessdate,

lastconnectdate,

location

owner,

resumeDate,

revokeDate,

Status,

tsoaccess,

tsoAcctNum,

tsoHoldclass,

tsoMaxSize,

tsoMsgclass,

tsoProc,

tsoSize,

tsoSysoutclass,

tsoUnit,

tsoUserdata,

uid,

userPassword,

waaccnt.

6. After changing the parameter value click Apply and re run the Scheduler.

OAM Interview Questions, Oracle Access Manager Interview Questions, Access Management Interview Questions.

Disclaimer : The contents of this post is meant only to help IAM professionals to get the basic understanding of OIM and is an extract from various sites and standard Oracle^® Documents.

Oracle Identity Manager Interview Questions, OIM Interview Questions, IDM Interview Questions, Identity Management Interview Questions, Identity Manager Interview Questions.

Disclaimer : The contents of this post is meant only to help IDM professionals to get the basic understanding of OIM and is an extract from various sites and standard Oracle^® Documents.

Click this image to access the OIM Interview Questions PDF

OAM Interview Questions : http://rite-oim.blogspot.in/2014/09/oam-interview-questions-oracle-access.html

Ritesh's Oracle Identity Management Help Engine

Index :

UDF in OIM 11g R2, User Defined Fields in OIM 11g R2, Custom Attributes in OIM 11g R2

ObAccessClient.lst does not contain a client id - ACCESS_GATE FATAL 0x00001824

ClassCastException error during OIM- Siebel Provisioning and Reconciliation

Web Services

Managing User Life Cycle in Oracle Identity Management OIM 11g, User Life Cycle Management OIM 11g, Custom User Life Cycle

Logging, Auditing, and Monitoring the Directory, Enable Audit Logging in OID 11g, Audit Logs in OID, Configure OID Audit Logs, OID logs, Auditting in OID 11g

Flat File Reconciliation OIM 11g, OIM 11g R1, OIM 11g R2

DBAT Connector Throwing Null Pointer Exception - ICProvisioningManager : doUpdate : Error while updating user java.lang.NullPointerException

Parameter 'uid' must not be null

OIM Target Reconciliation - Role Name in Child Table is coming Blank

Logging, Auditing, and Monitoring the Directory, Enable Audit Logging in OID 11g, Audit Logs in OID, Configure OID Audit Logs, OID logs, Auditting in OID 11g

Logging, Auditing, and Monitoring the Directory

Managing and Enabling Audit Logging in OID 11g

In Oracle Fusion Middleware 11g Release 1 (11.1.1), auditing provides a measure of

accountability and answers the "who has done what and when" types of questions.

Prerequisites:

• OID 11g is installed in Environment.
• OID instances must be Up and Running.
• OID managed Servers must be Up and Running.

Here are the Steps, that an individual should follow to Enable Audit Logs in OID 11g:

1. Checking the Configurations. 
2. Checking the output file.
3. Preparing LDIF file.
4. Enabling the Audit Logging using Command Prompt.
5. Re-Checking the Configurations. 
6. Testing Audit Logging.

1. Checking the Configurations 

This step will help us to check the configuration of OID instance whether OID Audit Logging is Enabled or not .

Run the below Command in Command Prompt(Windows) or Terminal(Linux) where OID instance is installed.

Note: To run this command you may have to set the Environment Variables based on your server configurations. Normally In Windows we dont have to set the environment variables to run the below command.

Syntax:

ldapsearch -p <oid_port> -h <hostname> -D <username> -q \ -b "cn=oid2,cn=osdldapd,cn=subconfigsubentry" \ -s base "objectclass=*" > <filepath>

Example:

In Windows:
ldapsearch -p 3060 -h localhost -D cn=orcladmin -q \ -b "cn=oid2,cn=osdldapd,cn=subconfigsubentry" \ -s base "objectclass=*" > C:\Oracle\Middleware\c5.txt

Provide  Password and Hit Enter

In Linux:
ldapsearch -p 3060 -h localhost -D cn=orcladmin -q \ -b "cn=oid2,cn=osdldapd,cn=subconfigsubentry" \ -s base "objectclass=*" > /u01/app/Oracle\Middleware\c5.txt

Provide  Password and Hit Enter

2. Checking the output File.

Open file c5.txt  from the location 

Windows:
 C:\Oracle\Middleware\ 

Linux:
/u01/app/Oracle\Middleware\

Search for the ObjectClass "orclaudcustevents" and check the value Against this ObjectClass. If the value is blank then the configuration is not enabled for Audit Logging and we have to Enable logging which is given in next step.

3.Preparing LDIF file:

We will set the "orclaudcustevents" value using LDIF file.

Open any text editor and enter the values below:

dn: cn=oid2,cn=osdldapd,cn=subconfigsubentry

changetype: modify

replace: orclaudFilterPreset

orclaudFilterPreset: Custom

-

replace: orclaudcustevents

orclaudcustevents: UserLogin 

Save this file as LDIF file (for e.g. : aud.ldif)

Here OID2 is the component name, check the instance home for your component name and  UserLogin is the event for which we are enabling the Audit Logs. There are different types of events for which you can enable Audit Logging simultaneously. Some events are listed below which can be used with UserLogin.

UserLogin.FAILURESONLY, UserLogout, CheckAuthorization,

ModifyDataItemAttributes, CompareDataItemAttributes, ChangePassword.FAILURESONLY

orclaudfilterpreset=custom

4.Enabling the Audit Logs using Command Prompt.

LDAP Modify command is used  to Enable the Audit Logs and modify the value of orclaudcustevents

Run the command below:

Syntax:

ldapmodify -D <username> -q -p <port> -h <hostname> -f <filelocation>

Example:

ldapmodify -D cn=orcladmin -q -p 3060 -h localhost -f C:\Oracle\Middleware\aud.ldif

Enter Password when prompted:

5. Re-Checking the Configurations:

Rerun the LDAP Search command to check new Configurations.

Do the steps 1 and 2 from above. This time in Step 2 the output must show the below result:

6. Testing Audit Logging:

Open the ODSM page in browser using the URL below: 

http://<hostname>:<port>/odsm

In my case http://localhost:7005/odsm

Try to Log-in using any User say cn=orcladmin with Correct password:

If user logs in correctly, log out and re-log-in with different user say cn=testuser and with Incorrect Password this time.

Now we will see the Audit Logs whether Our UserLogin Events are captured or not:

Open Location 

INSTANCE_HOME/AuditLogs/component-name/

In my case : C:\Oracle\Middleware\asinstance1\auditlogs\OID\oid2\

and open the latest audit log file 

for e.g: file with name audit_pid3924.txt

You must receive the logs with events captured for UserLogin as below example. Click the image below to see results:

The Other way to check the Audit Logging in OID is, using EM console : http://onlineappsdba.com/index.php/2012/08/28/how-to-findaudit-failed-login-attempts-in-oid-11g/

*********************************************************************************