Pages

Monday, July 18, 2016

API Methods Deprecated in RequestService After Upgrading to Oracle Identity Manager 11g Release 2 (11.1.2.3.0)

The following is a list of API methods deprecated in RequestService:
  • public List getTemplateNames() throws RequestServiceException
  • public RequestModel getModelForTemplate(String templateName) throws RequestServiceException
  • public RequestDataSet getRestrictedDataSet(String templateName, String entityType) throws RequestServiceException
  • public RequestTemplate getTemplate(String templateName) throws RequestServiceException
  • public void updateApproverOnlyData(String reqId, List benEntities, List reqEntities) throws RequestServiceException
  • public List getTemplateNamesForSelf() throws RequestServiceException
  • public List getRequestTemplates(RequestTemplateSearchCriteria searchCriteria, Set returnAttrs, Map configParams) throws RequestServiceException
The following is a list of API methods deprecated due to storing comments in SOA Human Task comments feature:
  • public void addRequestComment(String reqId, RequestComment comment) throws RequestServiceException
  • public List getRequestComments(String reqId) throws RequestServiceException
  • public List getRequestComments(String reqId, RequestComment.TYPE type) throwsRequestServiceException
  • public List getRequestComments(String reqId, String taskId, RequestComment.TYPE type) throwsRequestServiceException

Thursday, July 14, 2016

OIM Certifications in offline mode

1)       You have the option to download user certification data to your local computer and work on it in an offline mode by using Microsoft Excel without having an active session with Oracle Identity Manager.
The availability of this option can be controlled by enabling or disabling the Enable Interactive Excel option in the Certification Configuration page in Oracle Identity System Administration
2)       After making decisions on the certifications, you can connect to Oracle Identity Manager and upload your decisions.
Configuring Certification Options in Identity System Administration:
1.       In the left pane of Oracle Identity System Administration, under Certifications, click Certification Configuration. The Certification Configuration page is displayed.
  • Select Enable Interactive Excel 
2.       The option to download user certification data to your local computer and work on it in an offline mode is available for user certifications only.
3.       This functionality is not available for role, application instance, and entitlement certifications 
4.       For this functionality to work, you must have Microsoft Excel 2007 or 2010
Configure Microsoft Excel to support offline certification:

Step 1: Enable Microsoft .Net Programmability Support


  1.  Before you can install the Oracle ADF Desktop Integration add-in, Microsoft Office Excel 2007 or 2010 must have Microsoft .NET programmability support enabled. 
  2. You can enable .NET programmability during the installation of Microsoft Office Excel 2007 or 2010. However, if you did not enable it at that time, follow the steps below.
  1. On your desktop click the Start button.
  2. In the Start Menu, select Control Panel
  3. In the Control Panel, double-click the Add or Remove Programs option.
  4.  Once the list of installed programs is populated, scroll down to the Microsoft Office Standard 2007 (or 2010) entry and select it.
  5.  Click the Change button
  6. Select the Add or Remove Features radio button and click Continue
  7. Expand the Microsoft Office | Microsoft Office Excel nodes. Select .NET Programmability Support. Click Continue
  8. Wait for the Configuration to proceed and when finished, click Close
  9.  Close the Add or Remove Programs window
  10. Close the Control Panel window
 You've successfully added .NET programmability support to Excel. 
  Step 2: Install the Oracle ADF 11g Desktop Integration Add-in for Excel

You can install the ADF Desktop Integration add-in from JDeveloper, or from the setup tool provided in \jdeveloper\adfdi. This part of the tutorial guides you through installing the add-in from JDeveloper.
  1. Start JDeveloper by selecting  Start > All Programs > Oracle Fusion Middleware 11.1.2.0.0 > JDeveloper Studio 11.1.2.0.0.
If the Migrate User Settings dialog box opens, click NO.

  1. If prompted for a User Role, choose Studio Developer (All Features)  and Close the Tip of the Day window.
  2. The JDeveloper IDE should now be displayed.
  3. From the Tools menu choose Install ADF Desktop Integration
  4. Accept the licence agreement then The ADF Desktop Integration installer is started.
  5. Various verification checks are carried out, and if all is in order, installation can begin. Click the Install button to proceed
  6. Installing the ADF Desktop Integration add-in starts. Notice that depending on software already installed, you might be prompted to install other mandatory prerequisites, and in some cases to reboot your computer
  7. Once Microsoft Office customization has been successfully installed, click Close to exit.
Step 3: Configure Excel to Run an Integrated Excel Workbook

You need to configure Microsoft Excel settings to make it accessible from ADF Desktop Integration. You only need to perform this procedure once for a given installation of Excel.
  1. On your desktop, click the Start button.
  2. In the Start menu, select All Programs > Microsoft Office > Microsoft Office Excel 2007 (or 2010).
  3. Once Microsoft Excel is started, click the Office button
  4. In the Office window, click Excel Options.
  5. In the Excel Options window, click the Trust Center tab, then click the Trust Center Settings button
  6. In the Trust Center window, click the Macro Settings tab, then check the Trust access to the VBA project object model checkbox. Click OK
  7. Back in the Excel Options window, click OK
  8. Back in Excel, close the application
Step 4: Add certificate to trust the software that was installed

The Certificate Manager tool (Certmgr.exe) is a command-line utility, whereas Certificates (Certmgr.msc) is a Microsoft Management Console (MMC) snap-in.
  1.  To open the certificate Management Console  windows+R
  2. in the MMC, select the Trusted Publisher and import the certificate.
  3. The certificate is located at MW_HOME/oracle_common\modules\oracle.adf.desktopintegration_11.1.1
  4. Extract the adfdi-excel-runtime-client-installer to obtain the certificate
  5. The Certificate name is adfdi-public-key and load this certificate into Trusted Publishers through MMC
Now the Excel ready to show the data that is been downloaded from OIM dashboard.

Offline Certification Process:

When the Enable Interactive Excel option is enabled, the Download to Editable Excel menu option is available in the Actions menu in the certification detail and certification summary pages of the user certification.
To work on a user certification in offline mode:
  1. Open a user certification from the Dashboard or Inbox.
  2. From the Actions menu, select Download to Editable Excel. A message box is displayed with the options to open or save the file.
  3. Select Open with.
  4. Make sure that Microsoft Office Excel is selected instead of Microsoft Office Excel (Default). Microsoft Office Excel (Default) is the version of Excel for which the plugin for this functionality is not enabled.
  5. Click OK. A message box is displayed asking whether you want to connect to the corresponding server where the application is running and from where the spreadsheet was downloaded.
  6. Click Yes. The page to login to Oracle Identity Self Service is displayed. This provides an extra layer of security before you can download the data to work on.
  7. Login to Oracle Identity Self Service by providing the credentials. The user certification data is downloaded into a spreadsheet.
  8. Click the Certification tab. This displays the list of options available when you work on a record
  9. Select the decisions from the drop-down for each user. When a decision is selected, the Changed column displays a flag that indicates the change. The area highlighted in grey color is a read-only area and no changes can be made there.
  10. Decisions other than Certify cannot be updated unless certain conditions are met, and as a result, the data upload will fail. To view these errors, double-click the error field under the status column. Then, you can perform the necessary action to fix it before trying to upload again.
The actions can be:

  • Revoke: Comments are required. 
  • Abstain: Comments are required.
  • Certify Conditionally: Comments and an end date are required.

Once the decison been taken then   Please click on Save to Server to load back the certifications. 

Thursday, July 7, 2016

Migrating User Modifiable Metadata Files in OIM 11g R2 PS3

This post covers  the user modifiable metadata XML files can be exported to MDS, imported from MDS,  and deleted from MDS by using Oracle Enterprise Manager.

Exporting Metadata Files to MDS
  • Login into Oracle Enterprise Manager as web logic Administrator.  http://ADMINSTRATION_SERVER/em 
  • Make sure that the Administrative Server and at least one Oracle Identity Manager Managed Server are running.
  • Navigate to Identity and Accessoimoim(VERSION). Right-click and navigate to System MBean Browser


  • Under Application Defined MBeans, navigate to oracle.mds.lcmServer:oim_server1Application:OIMMetadataMDSAppRuntime.
  • Export metadata by using the operations. To do so:
    • Select and open the first exportMetadata operation in the list.
    • For toLocation, provide the path to a temporary directory, in which this file is to be exported. This file will be exported to the computer on which Oracle Identity Manager is running. Therefore, make sure that the directory path you specify exist on that computer.
    • For docs, click the pencil icon, click Add, and in the Element box, provide the full path of the file to be exported. By clicking Add, you can provide the path to multiple docs. Click OK at the bottom after adding the metadata docs to be exported.
    • Invoke the operation.
Importing Metadata Files from MDS


To import metadata XML files from MDS:
  • Login to Oracle Enterprise Manager as the admin user. Make sure that the Administrative Server and at least one Oracle Identity Manager Managed Server are running if the Domain is clustered.
Navigate to Identity and Accessoimoim(VERSION). Right-click and navigate to System MBean Browser.

  • Under Application Defined MBeans, navigate to oracle.mds.lcmServer:oim_server1Application:OIMMetadataMDSAppRuntime.

  • Import metadata by using the operations. To do so:
    • In the Operations tab, select the first importMetadata operation in the list.

    • For fromLocation, provide the directory path of the Oracle Identity Manager host from where documents are to be imported.
    • For docs, click the pencil icon, click Add, and in the Element box, provide the full path of the file to be imported. By clicking Add, you can provide the path to multiple docs. If no value is provided, then it imports everything under the fromLocation directory recursively.
    • Invoke the operation.

Deleting Metadata Files from MDS

  • To delete metadata XML files from MDS.
  • Navigate to MDSAppRuntime mbeans, as described in step 1 of Exporting Metadata Files to MDS.
  • Delete metadata by using the operations. To do so:
    • In the Operations tab, select the first deleteMetadata operation in the list.
    • For docs, click the pencil icon, click Add, and in the Element box, provide the full path of the file to be deleted. By clicking Add, you can provide the path to multiple docs to be deleted.
    • Invoke the operation.
Creating MDS Backup
  • You might need to create a backup of the MDS before performing customizations. To create a backup of the MDS by using Oracle Enterprise Manager:
  • Login to Oracle Enterprise Manager as the administrator.
  • Navigate to Application Deploymentsoracle.iam.console.identity.self-service.ear(V2.0). Right-click and navigate to MDS configuration.
  • Under Export, select the Export metadata documents to an archive on the machine where this web browser is running option, and then click Export.
    All the metadata is exported in a ZIP file.
Exporting All MDS Data using Scripts
Some configurations for Oracle Identity Manager are stored in an MDS repository rather than on a file system on the Oracle Identity Manager Server. Troubleshooting configuration issues can sometimes require exporting all MDS data in order to examine it and make corrections if required.
To export all of the Oracle Identity Manager metadata contained in the MDS repository:
  1. Setup the environment as a prerequisite:
    1. To perform MDS operations, log in to the Oracle Identity Manager server host with the account used to install and run WebLogic Application Server.
    2. Set you environment variables for the Oracle Identity Manager domain by running the appropriate setDomainEnv script found in theMIDDLEWAR_HOME/user_projects/domains/DOMAIN_NAME/bin/ directory. The command is as shown:
      $ cd MIDDLEWARE_HOME/user_projects/domains/OIMDomain/bin
      $ .setDomainEnv.sh
      
    3. Create a temporary directory, such as /tmp/OIM/MDSData/, which will be used to store the resulting XML files from the database.
    4. Verify that the application server is up and running.
    5. Ensure that you know the WebLogic administrator username and the URL to the Admin Server.
  2. Perform the export, as follows:In the command shell or console window, go to the OIM_ORACLE_HOME/common/bin/ directory.
    1. Run the wlst.sh command, and then run the connect() command, as shown:
      $ ./wlst.sh
      CLASSPATH=/opt/oracle/Middleware/wlserver_10.3/server/ext/jdbc/oracle/11g/ojdbc6dms.jar:...
      ...
      Your environment has been set.
      ...
      Initializing WebLogic Scripting Tool (WLST) ...
       
      Welcome to WebLogic Server Administration Scripting Shell
       
      Type help() for help on available commands
      wls:/offline> connect()
      Please enter your username [weblogic] :
      Please enter your password [welcome1] :
      Please enter your server URL [t3://localhost:port] :
      Connecting to t3://localhost:port with userid weblogic ...
      Successfully connected to Admin Server 'AdminServer' that belongs to domain 'OIMDomain'.
       
      Warning: An insecure protocol was used to connect to the server. To ensure on-the-wire security, the SSL port or Admin port should be used instead.
      
    2. Provide the WebLogic administrator username and password and the URL to the Admin Server.
    3. Run the exportMetadata command providing at least the applicationserver, and toLocation arguments, as shown:
      Note:
      Be sure to pass the argument data in single quotes, such as:
      server='oim_server1'
      
      wls:/OIMDomain/serverConfig> exportMetadata(application='OIMMetadata', server='oim_server1', toLocation='/tmp/OIM/MDSData')
      
    4. A list of the files exported is displayed. At this point, you can run the disconnect() command followed by the exit() command, as shown:
      wls:/OIMDomain/serverConfig> disconnect()
      Disconnected from weblogic server: AdminServer
      wls:/offline> exit()
       
       
      Exiting WebLogic Scripting Tool.
       
      $
      
    5. Go to the /tmp/OIM/MDSData/ directory, and view the db/oim-config.xml file, or the db/form-metadata/FormMetaData.xml file, or any other exported MDS file

Migrating JAR Files and Resource Bundle in OIM 11g R2 PS3

When migrating from test to production environment, all the connector artifacts must be migrated to the respective database tables, which can be done using the following utilities to migrate JAR files and resource bundle

Setting up environment variables 

Set APP_SERVER, OIM_ORACLE_HOME, JAVA_HOME, MW_HOME, WL_HOME, and DOMAIN_HOME before running the scripts

export APP_SERVER='weblogic'
export OIM_ORACLE_HOME=$OIM_HOME
export JAVA_HOME=$JAVA_HOME
export MW_HOME=$MW_HOME
export WL_HOME=$WL_HOME
export DOMAIN_HOME=$WL_DOMAIN_HOME

Upload JAR Utility

The UploadJars.sh and UploadJars.bat scripts are available in the OIM_HOME/bin/ directory. Running these scripts upload the JAR files in to the database.
A sample invocation of this utility is as shown:
[Enter Xellerate admin username :]ADMISTRATOR_LOGIN
[Enter the admin password :]ADMINISTRATOR_PASSWORD
[[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic)]:]t3://xyz.com:14000
[[Enter context (Ex. weblogic.jndi.WLInitialContextFactory for weblogic)]:]weblogic.jndi.WLInitialContextFactory
Enter the jar type
 1.JavaTasks
 2.ScheduleTask
 3.ThirdParty
 4.ICFBundle
1
Enter the path/location of jar file :
/tmp/example.jar
Do u want to load more jars [y/n] :n
Note:
14000 is Oracle Identity Manager port.

Download JAR Utility

The DownloadJars.sh and DownloadJars.bat scripts are available in the OIM_HOME/bin/ directory. Running these scripts download the JAR files from the database.
A sample invocation of this utility is as shown:
[Enter Xellerate admin username :]ADMINISTRATOR_LOGIN
[Enter the admin password :]ADMINISTRATOR_PASSWORD
[[Enter serverURL (Ex. t3://oimhostname:oimport for weblogic)]:]t3://localhost:14000
[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic)]:]weblogic.jndi.WLInitialContextFactory
Enter the jar type
1.JavaTasks
2.ScheduleTask
3.ThirdParty
4.ICFBundle
1
Enter the full path of the download directory :
/home/joe/tmp
Enter the name of jar file to be downloaded from DB :
example.jar
Do u want to download more jars [y/n] :n
Note:
14000 is Oracle Identity Manager port.

 Delete JAR Utility

The DeleteJars.sh and DeleteJars.bat scripts are available at the OIM_HOME/bin/ directory. Running these scripts delete the JAR files from the database.
A sample invocation of this utility is as shown:
[Enter Xellerate admin username :]ADMINISTRATOR_LOGIN
[Enter the admin password :]ADMINISTRATOR_PASSWORD
[[Enter serverURL (Ex. t3://oimhostname:oimport for weblogic)]:]t3://localhost:14000
[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic)]:]weblogic.jndi.WLInitialContextFactory
Enter the jar type
1.JavaTasks
2.ScheduleTask
3.ThirdParty
4.ICFBundle
1
Enter the name of jar to be deleted from DB :
example.jar
Do u want to delete more jars [y/n] :n 

Upload Resource Bundle Utility

The UploadResourceBundles.sh and UploadResourceBundles.bat scripts are available in the OIM_HOME/server/bin/ directory. Running these scripts upload the connector or custom resources to the database.
A sample invocation of this utility is as shown:
Enter Xellerate admin username :]ADMINISTRATOR_LOGIN
[Enter the admin password :]ADMINISTRATOR_PASSWORD
[[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic)]:]t3://localhost:14000
[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic)]:]weblogic.jndi.WLInitialContextFactory
Enter the resource bundle type
 1.Custom Resource
 2.Connector Resource
 2
Enter the path/location of resource bundle file :
/tmp/example.properties
Do u want to load more resource bundles [y/n] :n

 Download Resource Bundle Utility

The DownloadResourceBundles.sh and DownloadResourceBundles.bat scripts are available in the OIM_HOME/bin/ directory. Running these scripts download the resource bundles from the database.
A sample invocation of this utility is as shown:
[Enter Xellerate admin username :]ADMINISTRATOR_LOGIN
[Enter the admin password :]ADMINISTRATOR_PASSWORD
[[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic)]:]t3://localhost:14000
[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic)]:]weblogic.jndi.WLInitialContextFactory
Enter the resource bundle type
1.Custom Resource
2.Connector Resource
2
Enter the full path of the download directory :
/home/joe/tmp
Enter the name of resource bundle file :
example.properties
Do u want to download more resource bundles [y/n] :n

 Delete Resource Bundle Utility

The DeleteResourceBundles.sh and DeleteResourceBundles.bat are available in the OIM_HOME/bin/ directory. Running these utilities delete the resource bundles from the database.
A sample invocation of this utility is as shown:


[Enter Xellerate admin username :]ADMINISTRATOR_LOGIN
[Enter the admin password :]ADMINISTRATOR_PASSWORD
[[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic)]:]t3://localhost:14000
[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic)]:]weblogic.jndi.WLInitialContextFactory
Enter the resource bundle type
1.Custom Resource
2.Connector Resource
2
Enter the name of resource bundle file to be deleted from DB:
example.properties
Do u want to delete more resource bundles [y/n] :n

SailPoint Admin Password Change

Sailpoint Administrator comes with a default password. Here are the default username and passwords of admin:

Username: spadmin
Password: admin

To change password of administrator:

1) Navigate to Administrator Settings on Right Top Corner

2) Select Preferences

3) Click on Change Password.

4) After changing password click on Save.

At the same location Email address and name of the administrator can be changed.

Thanks !!!

Wednesday, July 6, 2016

Sailpoint 7.0 Installation & Configuration

In this post we are going to cover how to install and configure SailPoint 7.0.

**Stop Apache tomcat Server before making configuration changes.

1) Create a temporary folder called identityiq in C Drive

2)  Copy installable files to C:/identityiq


3) Create identityiq folder in webapps location in Apache tomcat.


4) Copy the war file to identityiq folder in webapps.


5) Unzip the war file using following command.


6) Following are the files that will get extracted from war file.



7) Run the database schema creation file which is under following location:

Tomcat/webapps/identityiq/WEB-INF/database

In my case I am using mysql so I am using create_identityiq_tables-7.0.mysql

8) Go to MySQL workbench and run the file.



9) After running this file database schema gets created with the name identityiq and also tables related to IQ gets created.

By default username and password for the database will be identityiq and identityiq if you don't modify the script.


10)Database schema created also can be verified in sql command line using following command.


11) Test Schema connection before proceeding further.


12) Database connection details need to modified in iiq.properties file which is located under classes folder in WEB-INF

13) It is recommended to use encrypted password as anyone can open file and view the password. To generate encrypted password use the following command.


14) Update the following properties.


15) To configure IQ run the following command and import init.xml


16)  Status after import.


17) Start Apache Tomcat server.


18) Navigate to http://localhost:8080/identityiq/