Thursday, May 29, 2014

OIMTuning


OIM Tuning


  1. OIM- OS Tuning:

Change the ulimit param to 8192  or unlimited
Make sure OS host machine has sufficient memory & hard disk space available

 
2.   OIM- Weblogic tuning:
a)   Increase the Weblogic managed servers heapsize to 4GB 

change in startWebLogic.sh file:

[USER_MEM_ARGS="-Xms4096m –Xmx4096m -Xmn1648m -Xss256k -XX:PermSize=384m -XX:MaxPermSize=384m"]


if [ "${SERVER_NAME}" = "" ] ; then
    echo "Admin Server "
else
    echo "oam and oim mgmd servers"
MEM_ARGS="-Xms2048m –Xmx4096m -Xmn1648m -Xss256k -XX:PermSize=384m -X:MaxPermSize=384m"
export MEM_ARGS
fi

b)   Make sure the DB connection pools atleast the below number or more based on the load on weblogic connection pools:

<<This section requires to update still! >>




Datasource Name
initial
Max
Increment
Mds-oim
2
50
1
mds-owsm
 
0
15
1
oimJMSStoreDS
50
50
1
oimOperationsDB
100
100
1
<<SOA specific Datasource >>
default
default
default

 

c)   Updating the Distributed Lock Timeout from 60 seconds to 300 seconds and in oim-config.xml, update the checkout time from 1200 secs to 2700 secs.

For Distributed Lock Timeout changes: in WLS console, select each OIM Datasource-configuration – transaction - XA Transaction Timeout = 300

For checkout time in OIM configurations: <<Middleware home>>/ Oracle_IAM1/server/metadata/db/oim-config.xml

<directDBConfigParams driver="oracle.jdbc.OracleDriver"
.. checkoutTimeout="12002700"


 






Note: when DB connection pool configured then compare the other applications (OID, OAM, OIM) connection pool configurations and the sum of pool size should be served by DB server and the max values of the DB env parameters should set.

**Note: Above configuration changes requires bouncing the component application servers to get effective the changes.
Posted by at No comments:

Wednesday, April 23, 2014

OIM Load the Access Policies from File

package prod.oim.utilities.run;

import java.io.BufferedReader;
import java.io.FileReader;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import com.thortech.xl.client.dataobj.tcDataBaseClient;
import com.thortech.xl.dataaccess.tcDataProvider;
import com.thortech.xl.dataaccess.tcDataSet;
import com.thortech.xl.dataobj.util.XLDatabase;
import com.thortech.xl.vo.AccessPolicyResourceData;
import com.thortech.xl.vo.PolicyChildTableRecord;
import com.thortech.xl.vo.User;
import Thor.API.tcResultSet;
import Thor.API.Base.tcBaseUtility;
import Thor.API.Operations.tcAccessPolicyOperationsIntf;
import Thor.API.Operations.tcFormDefinitionOperationsIntf;
import Thor.API.Operations.tcITResourceInstanceOperationsIntf;
import Thor.API.Operations.tcObjectOperationsIntf;
import Thor.API.Security.XLClientSecurityAssociation;
import oracle.iam.identity.usermgmt.api.UserManagerConstants.AttributeName;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.Platform;
import oracle.iam.selfservice.self.selfmgmt.api.AuthenticatedSelfService;
public class InitialAccessPolicyLoad {
 private static final String OIM_URL = "t3s://<<host>>:<<port>>";
 private static final String AUTH_CONF = "C:/designconsole/config/authwl.conf";
 private static final String OIM_USERNAME = "xelsysadm";
 private static final String OIM_PASSWORD = "XXXXXXXXX";
 private static OIMClient oimClient = null;
 Hashtable<String, String> env = new Hashtable<String, String>();
 tcAccessPolicyOperationsIntf moAccesspolicyutility = null;
 HashMap<String, HashSet<String>> mapping = new HashMap<String, HashSet<String>>();
 private static final String objName = "OID User";
 private static final String fParentName = "UD_OID_USR";
 private static final String fChildName = "UD_OID_GRP";
 private static final String ITResourceName = "OID Server";
 private static final String groupSuffix = ",cn=Groups,dc=ftb,dc=ca,dc=gov";
 public InitialAccessPolicyLoad() {
  try {
   env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
     "weblogic.jndi.WLInitialContextFactory");
   env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, OIM_URL);
   System.setProperty("java.security.auth.login.config", AUTH_CONF);
   System.setProperty("OIM.AppServerType", "wls");
   System.setProperty("APPSERVER_TYPE", "wls");
   oimClient = new OIMClient(env);
   oimClient.login(OIM_USERNAME, OIM_PASSWORD.toCharArray());
  } catch (Exception e) {
   e.printStackTrace();
  }
 }
 public void uploadMapping() {
  try {
   int validRecorddCount = 0;
   int invalidRecordCount = 0;
   String File1 = "C:\\Projects\\OIM\\InputFiles\\InitialAccessPolicyLoad.csv";
   String ROLE_DELIMITER = ";";
   String FILE_DELIMITER = ",";
   BufferedReader buff = new BufferedReader(new FileReader(
     File1));
   buff.readLine();
   String Line = null;
   boolean isValidRecord = true;
   String PolicyName = null;
   String Groups = null;
   ArrayList<String> GroupList = new ArrayList<String>();
   while ((Line = buff.readLine()) != null) {
    if (Line.startsWith("#")) {
     isValidRecord = false;
    }
    String[] values = Line.split(FILE_DELIMITER);
    if (values.length == 0) {
     isValidRecord = false;
     System.out
       .println("Missing Policy Name & ABC Groups in Record: "
         + Line);
    }
    if (values.length == 1) {
     PolicyName = values[0].trim();
     isValidRecord = false;
     System.out.println("Missing ABC Groups in Record: " + Line);
    }
    if (values.length == 2) {
     isValidRecord = true;
     PolicyName = values[0].trim();
     if (PolicyName.trim().isEmpty()) {
      System.out.println("Access Policy Missing in Record: "
        + Line);
      isValidRecord = false;
     } else if (!AccessPolicyExist(PolicyName)) {
      System.out
        .println("Access Policy doesn't exist in OIM: "
          + Line);
      isValidRecord = false;
     } else {
      Groups = values[1];
      String[] gList = Groups.split(ROLE_DELIMITER);
      for (int i = 0; i < gList.length; i++) {
       GroupList.add(gList[i].trim());
      }
     }
    }
    if (isValidRecord) {
     System.out.println("ADDING RECORD: " + Line);
     uploadPolicyData(PolicyName, GroupList);
     validRecorddCount++;
    } else {
     invalidRecordCount++;
    }
    GroupList = new ArrayList<String>();
    PolicyName = null;
    Groups = null;
   }
   buff.close();
   System.out.println(" Access Policies Data Load Complete from File "
     + File1);
   System.out.println("Record Processed : " + +validRecorddCount
     + " & Record Ignored :" + invalidRecordCount);
  } catch (Exception e) {
   e.printStackTrace();
  }
 }
 public Long findObjectKey() {
  final String METHOD_NAME = "findObjectKey :: ";
  String objectKey = null;
  try {
   HashMap<String, String> attributes = new HashMap<String, String>();
   attributes.put("Objects.Name", objName);
   tcObjectOperationsIntf objIntf = oimClient
     .getService(tcObjectOperationsIntf.class);
   tcResultSet resultSet = objIntf.findObjects(attributes);
   for (int i = 0; i < resultSet.getRowCount(); i++) {
    objectKey = resultSet.getStringValue("Objects.Key");
   }
  } catch (Exception e) {
   e.printStackTrace();
  }
  return Long.parseLong(objectKey);
 }
 public Long findParentFormKey() {
  String ParentformKey = null;
  try {
   final String METHOD_NAME = "findParentFormKey :: ";
   tcFormDefinitionOperationsIntf objIntf = oimClient
     .getService(tcFormDefinitionOperationsIntf.class);
   HashMap<String, String> attributes = new HashMap<String, String>();
   attributes.put("Structure Utility.Table Name", fParentName);
   tcResultSet resultSet = objIntf.findForms(attributes);
   for (int i = 0; i < resultSet.getRowCount(); i++) {
    ParentformKey = resultSet
      .getStringValue("Structure Utility.Key");
   }
  } catch (Exception e) {
   e.printStackTrace();
  }
  return Long.parseLong(ParentformKey);
 }
 public String findChildFormKey() {
  String ChildformKey = null;
  try {
   final String METHOD_NAME = "findChildFormKey :: ";
   tcFormDefinitionOperationsIntf objIntf = oimClient
     .getService(tcFormDefinitionOperationsIntf.class);
   HashMap<String, String> attributes = new HashMap<String, String>();
   attributes.put("Structure Utility.Table Name", fChildName);
   tcResultSet resultSet = objIntf.findForms(attributes);
   for (int i = 0; i < resultSet.getRowCount(); i++) {
    ChildformKey = resultSet
      .getStringValue("Structure Utility.Key");
   }
  } catch (Exception e) {
   e.printStackTrace();
  }
  return ChildformKey;
 }
 public String findITResourceKey() {
  String ITResourceKey = null;
  try {
   final String METHOD_NAME = "findITResourceKey :: ";
   tcITResourceInstanceOperationsIntf objIntf = oimClient
     .getService(tcITResourceInstanceOperationsIntf.class);
   HashMap<String, String> attributes = new HashMap<String, String>();
   attributes = objIntf.getITResourceInstances(ITResourceName);
   Set s = attributes.keySet();
   Iterator it = s.iterator();
   while (it.hasNext()) {
    ITResourceKey = it.next().toString();
   }
  } catch (Exception e) {
   e.printStackTrace();
  }
  return ITResourceKey;
 }
 public void uploadPolicyData(String PolicyName, ArrayList<String> GroupList) {
  final String METHOD_NAME = "uploadPolicyData :: ";
  boolean policyExist = true;
  String policyDescription = null;
  SimpleDateFormat sdfDate = new SimpleDateFormat("yyyy-MM-dd");
  Date now = new Date();
  String strDate = sdfDate.format(now);
  System.out.println(strDate);
  String groupPrefix = findITResourceKey() + "~cn=";
  try {
   tcAccessPolicyOperationsIntf moAccesspolicyutility = oimClient
     .getService(tcAccessPolicyOperationsIntf.class);
   HashMap<String, String> searchPolicy = new HashMap<String, String>();
   searchPolicy.put("Access Policies.Name", PolicyName);
   tcResultSet result = moAccesspolicyutility
     .findAccessPolicies(searchPolicy);
   if (result.getRowCount() == 0) {
    System.out.println("Access Policy " + PolicyName + "not Found");
    policyExist = false;
   } else {
    policyDescription = result
    .getStringValue("Access Policies.Description");
    System.out.println("policyDescription"+policyDescription);
    long policyKey = result.getLongValue("Access Policies.Key");
    for (int i = 0; i < GroupList.size(); i++) {
     HashMap<String, String> childTableMap = new HashMap<String, String>();
     String groupName = groupPrefix + GroupList.get(i).trim()
       + groupSuffix;
     System.out.println("OID Group Name: " + groupName);
     childTableMap.put("UD_OID_GRP_GROUP_NAME", groupName);
     AccessPolicyResourceData policyData = new AccessPolicyResourceData(
       findObjectKey(), objName, findParentFormKey(),
       fParentName, "P");
     PolicyChildTableRecord pChildTableData = policyData
       .addChildTableRecord(findChildFormKey(),
         "fChildName", "Add", childTableMap);
    
      moAccesspolicyutility.setDataSpecifiedForObject(policyKey,
      findObjectKey(), findParentFormKey(), policyData);
     
     System.out.println(" Group: " + GroupList.get(i)
       + " attached to the Access Policy: " + PolicyName);
    }
   }
  } catch (Exception e) {
   e.printStackTrace();
  }
 }


 public boolean AccessPolicyExist(String policyName) {
  boolean policyExist = true;
  try {
   tcAccessPolicyOperationsIntf moAccesspolicyutility = oimClient
     .getService(tcAccessPolicyOperationsIntf.class);
   HashMap<String, String> searchPolicy = new HashMap<String, String>();
   searchPolicy.put("Access Policies.Name", policyName);
   tcResultSet result = moAccesspolicyutility
     .findAccessPolicies(searchPolicy);
   if (result.getRowCount() == 0) {
    policyExist = false;
   }
  } catch (Exception e) {
   e.printStackTrace();
  }
  return policyExist;
 }
 public static void main(String args[]) {
  InitialAccessPolicyLoad obj = new InitialAccessPolicyLoad();
  obj.uploadMapping();
 }
}
Posted by at No comments:

Wednesday, April 16, 2014

Event Handlers:
            http://www.ateam-oracle.com/oim-11g-event-handlers/
            http://idmoim.blogspot.com/2011/07/developing-and-deploying-oim-11g-custom_29.html
            http://idmoim.blogspot.com/2014/04/event-handler-handler-deployment-in-oim.html
                http://idmoim.blogspot.com/2011/07/developing-and-deploying-oim-11g-custom_29.html
                http://docs.oracle.com/cd/E14571_01/doc.1111/e14309/oper.htm

Custom user attribute & Event Handdler implementation: 
http://fusionsecurity.blogspot.com/2011/09/oim-11g-event-handler-example.html

Posted by at No comments:
Subscribe to: Posts (Atom)