(1) Execute the following query against OIM schema.
select XSD_VALUE from XSD where XSD_CODE='XL_BUILD_NUMBER';
(2) .../Oracle/Middleware/Oracle_IDM1/OPatch/opatch lsinventory -details
Monday, January 9, 2012
Friday, January 6, 2012
OIM 11g: exporting User.xml using MDS utilities
Here are the steps to export OIM's User.xml from metadata using weblogic MDS utilities.
$ cd /opt/Oracle/Middleware/Oracle_OIM/server/bin
Aassuming you have installed OIM at /opt/Oracle/Middleware/Oracle_OIM. The default directory could be /opt/Oracle/Middleware/Oracle_IDM2 for 11.1.1.5 installation
$ vi weblogic.properties. Set the value similar to the example below.
wls_servername=oim_server1
application_name=OIMMetadata
metadata_from_loc=@From_location
metadata_to_loc=/opt/export
metadata_files=/file/User.xml
- The above said example assumes that your oim server name is oim_server1.
- The exported file will land in directory mentioned in metadata_to_loc
- Export operation ignores the value mentioned in metadata_from_loc proerty field.
- Rest of the property fields should be hard-coded as shown in the example.
$ ./weblogicExportMetadata.sh
User Name = weblogic
Password = Your Password
Server URL = t3://weblogic-admin-server:7001
While running this, you may see some warning about the SSL port and admin port. Just ignore it. If the above runs successfully, your exported User.xml will be in /opt/export/file directory.
$ cd /opt/Oracle/Middleware/Oracle_OIM/server/bin
Aassuming you have installed OIM at /opt/Oracle/Middleware/Oracle_OIM. The default directory could be /opt/Oracle/Middleware/Oracle_IDM2 for 11.1.1.5 installation
$ vi weblogic.properties. Set the value similar to the example below.
wls_servername=oim_server1
application_name=OIMMetadata
metadata_from_loc=@From_location
metadata_to_loc=/opt/export
metadata_files=/file/User.xml
- The above said example assumes that your oim server name is oim_server1.
- The exported file will land in directory mentioned in metadata_to_loc
- Export operation ignores the value mentioned in metadata_from_loc proerty field.
- Rest of the property fields should be hard-coded as shown in the example.
$ ./weblogicExportMetadata.sh
User Name = weblogic
Password = Your Password
Server URL = t3://weblogic-admin-server:7001
While running this, you may see some warning about the SSL port and admin port. Just ignore it. If the above runs successfully, your exported User.xml will be in /opt/export/file directory.
Tuesday, October 25, 2011
OIM 11g logging.xml getting overwritten issue
After installing and configuring OID-Connector, I tried to do a simple manual user provisioning to OID. As expected, the user creation in OID was rejected. Time to debug :( So I included OID related login handler in $DOMAIN_NAME/config/fmwconfig/
Finally found the solution in support.oracle.com under support id 1335539.1. This issue shows up when your admin server is in box1 and managed server is in box2. The solution is simple. Just modify the logging.xml file of Box1 (admin server) and restart the OIM managed server. The change will propagate to Box2 where the OIM managed server is running.
Finally found the solution in support.oracle.com under support id 1335539.1. This issue shows up when your admin server is in box1 and managed server is in box2. The solution is simple. Just modify the logging.xml file of Box1 (admin server) and restart the OIM managed server. The change will propagate to Box2 where the OIM managed server is running.
Saturday, May 14, 2011
STRIDE Threat modelling and counter measure
Here is a quick list of threats and its counter measures based on STRIDE treat model. More information at http://msdn.microsoft.com/en-us/magazine/cc163519.aspx .
THREAT COUNTER MEASURE
-------------------------------------------------------------
Spoofing Authentication
Tampering Digital Signature, Hashing
Repudiation Audit
Information Disclosure Encryption
DOS Availability
Elevation of Privileges Authorization, Input data sanitation
THREAT COUNTER MEASURE
-------------------------------------------------------------
Spoofing Authentication
Tampering Digital Signature, Hashing
Repudiation Audit
Information Disclosure Encryption
DOS Availability
Elevation of Privileges Authorization, Input data sanitation
Thursday, December 23, 2010
OIM Troubleshoot : .NullPointerException at getAttrColumnName during Trusted Recon
Problem Description :- I imported a Trusted-Reconciliation set up from one of the working environment to another environment. When I run the trusted recon on the new environment, I got the following error.
ERROR,21 Dec 2010 17:33:45,658,[XELLERATE.SERVER],Class/Method: tcRCE/createUserRecord encounter some problems: {1}
java.lang.NullPointerException
at com.thortech.xl.dataobj.util.tcAttributeSource.getAttrColumnName(Unknown Source)
I examined the "Reconciliation Event History" (Design console -> Recon Manager) and found only one Action called "Event Received" is logged. The successful recon usually have at least three Actions like
1. Event Received
2. Data Sorted
3. Created User
In my case the user is not getting created in OIM's USR table .
Solution : After banging my head for 2 days, finally I found the dumb solution.
1. Go to "Xellerate User" process definition.
2. Delete all field maps from "Reconciliation Field Mapping".
3. Redo all the field mapping again.
I think this occurs when export and import of configuration done from one environment to other. Definitely a bug in OIM 9102 BP11.
ERROR,21 Dec 2010 17:33:45,658,[XELLERATE.SERVER],Class/Method: tcRCE/createUserRecord encounter some problems: {1}
java.lang.NullPointerException
at com.thortech.xl.dataobj.util.tcAttributeSource.getAttrColumnName(Unknown Source)
I examined the "Reconciliation Event History" (Design console -> Recon Manager) and found only one Action called "Event Received" is logged. The successful recon usually have at least three Actions like
1. Event Received
2. Data Sorted
3. Created User
In my case the user is not getting created in OIM's USR table .
Solution : After banging my head for 2 days, finally I found the dumb solution.
1. Go to "Xellerate User" process definition.
2. Delete all field maps from "Reconciliation Field Mapping".
3. Redo all the field mapping again.
I think this occurs when export and import of configuration done from one environment to other. Definitely a bug in OIM 9102 BP11.
Tuesday, November 2, 2010
OIM How to : Delete OIM Users
Never delete the OIM users. That is the OIM recommendation. But while playing in development environment, we sometime mess up OIM with too many unwanted Users. In case you wanted to clean it up here is the little script that may help. I got this from http://forums.oracle.com/forums/thread.jspa?threadID=1997648&tstart=15 .
delete from oud where oiu_key in (select oiu_key from oiu where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX'));
delete from osi where req_key in (select req_key from req where orc_key in (select orc_key from orc,usr where orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX'));
delete from osi where osi_assigned_to_usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from osh where osh_assigned_to_usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from rcd where rce_key in (select rce_key from rce,orc,usr where rce.orc_key = orc.orc_key and orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from rch where rce_key in (select rce_key from rce,orc,usr where rce.orc_key = orc.orc_key and orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from rcu where rce_key in (select rce_key from rce,orc,usr where rce.orc_key = orc.orc_key and orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from rcb where rce_key in (select rce_key from rce,orc,usr where rce.orc_key = orc.orc_key and orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from rpc where rce_key in (select rce_key from rce where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX'));
delete from rcm where rce_key in (select rce_key from rce where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX'));
delete from rcp where rce_key in (select rce_key from rce where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX'));
delete from rce where orc_key in (select orc_key from orc,usr where orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from oio where orc_key in (select orc_key from orc,usr where orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from oiu where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from oti where orc_key in (select orc_key from orc,usr where orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from osi where orc_key in (select orc_key from orc,usr where orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from orc where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from upd where upp_key in (select upp_key from upp,usr where upp.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from upp where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from usg where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from uhd where uph_key in (select uph_key from uph,usr where uph.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from uph where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from pcq where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from rcu where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from usr where USR_LOGIN='USERXXX';
delete from oud where oiu_key in (select oiu_key from oiu where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX'));
delete from osi where req_key in (select req_key from req where orc_key in (select orc_key from orc,usr where orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX'));
delete from osi where osi_assigned_to_usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from osh where osh_assigned_to_usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from rcd where rce_key in (select rce_key from rce,orc,usr where rce.orc_key = orc.orc_key and orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from rch where rce_key in (select rce_key from rce,orc,usr where rce.orc_key = orc.orc_key and orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from rcu where rce_key in (select rce_key from rce,orc,usr where rce.orc_key = orc.orc_key and orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from rcb where rce_key in (select rce_key from rce,orc,usr where rce.orc_key = orc.orc_key and orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from rpc where rce_key in (select rce_key from rce where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX'));
delete from rcm where rce_key in (select rce_key from rce where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX'));
delete from rcp where rce_key in (select rce_key from rce where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX'));
delete from rce where orc_key in (select orc_key from orc,usr where orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from oio where orc_key in (select orc_key from orc,usr where orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from oiu where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from oti where orc_key in (select orc_key from orc,usr where orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from osi where orc_key in (select orc_key from orc,usr where orc.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from orc where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from upd where upp_key in (select upp_key from upp,usr where upp.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from upp where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from usg where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from uhd where uph_key in (select uph_key from uph,usr where uph.usr_key = usr.usr_key and USR_LOGIN='USERXXX');
delete from uph where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from pcq where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from rcu where usr_key in (select usr_key from usr where USR_LOGIN='USERXXX');
delete from usr where USR_LOGIN='USERXXX';
Monday, April 12, 2010
OAM "No schema definition for attribute XX found" error.
Does this error below looks familiar to you ? This occurs if an attribute is deleted from one of the configured object without deleting the corresponding object configuration of COREid.
{
Bug Report Form
An error has occurred while executing the application.
Your browser doesn't support sending mail automatically!
Please send E-Mail to with the following information:
# Your Name
# Organization
# E-Mail Address
# Phone Number
# Comment
Make sure to append the following traceback in the mail.
Traceback
data\module_main.cpp:568: Error: Exception re-thrown in HandleEvent.
common\obprogram_registry.cpp:794: Error: Exception re-thrown in ObProgramRegistry::Execute.
common\obprogramservice.cpp:314: Error: Exception re-thrown in ObProgramService::Execute.
admin_console\acps_metaattribute.cpp:39: Error: Exception re-thrown in ACMetaAttributeProgram::Execute.
admin_console\metaattribute.cpp:1513: Error: Exception re-thrown in ACPS::MetaAttributeGenTabMainMetaAttributePage().
admin_console\metaattribute.cpp:1412: Error: No schema definition for attribute mdeTempEscalationAuthZId was found.
Product
User Manager AdminVersion
Platform
Microsoft Windows
}
For example, say you have an an extra attribute called 'userPreference' configured part of an auxiliary object 'myCompanyAddistionalUser'. All the attributes with this object is configured via "Common Configuration" as well as in some specific user tab in "User Configuration". If you delete this attribute 'userPreference' in LDAP, make sure you delete it from corresponding common and tab configuration. Otherwise you will see this error.
For the above said example, The common configuration may be found at "dn: obattr=userPreference, obclass=myCompanyAddistionalUser, o=Oblix,o=abc,dc=com". Similarly the tab configuration may be found out at "dn: obattr=userPreference, obpanelid=Employees, obapp=userservcenter, o=Oblix,o=abc,dc=com". Just delete these two entries in LDAP followed by clearing the cache of Identity Server. Your Id Server will be happy again.
{
Bug Report Form
An error has occurred while executing the application.
Your browser doesn't support sending mail automatically!
Please send E-Mail to with the following information:
# Your Name
# Organization
# E-Mail Address
# Phone Number
# Comment
Make sure to append the following traceback in the mail.
Traceback
data\module_main.cpp:568: Error: Exception re-thrown in HandleEvent.
common\obprogram_registry.cpp:794: Error: Exception re-thrown in ObProgramRegistry::Execute.
common\obprogramservice.cpp:314: Error: Exception re-thrown in ObProgramService::Execute.
admin_console\acps_metaattribute.cpp:39: Error: Exception re-thrown in ACMetaAttributeProgram::Execute.
admin_console\metaattribute.cpp:1513: Error: Exception re-thrown in ACPS::MetaAttributeGenTabMainMetaAttributePage().
admin_console\metaattribute.cpp:1412: Error: No schema definition for attribute mdeTempEscalationAuthZId was found.
Product
User Manager AdminVersion
Platform
Microsoft Windows
}
For example, say you have an an extra attribute called 'userPreference' configured part of an auxiliary object 'myCompanyAddistionalUser'. All the attributes with this object is configured via "Common Configuration" as well as in some specific user tab in "User Configuration". If you delete this attribute 'userPreference' in LDAP, make sure you delete it from corresponding common and tab configuration. Otherwise you will see this error.
For the above said example, The common configuration may be found at "dn: obattr=userPreference, obclass=myCompanyAddistionalUser, o=Oblix,o=abc,dc=com". Similarly the tab configuration may be found out at "dn: obattr=userPreference, obpanelid=Employees, obapp=userservcenter, o=Oblix,o=abc,dc=com". Just delete these two entries in LDAP followed by clearing the cache of Identity Server. Your Id Server will be happy again.
Subscribe to:
Posts (Atom)
