OAM and OAAM TAP Integration (High Level Steps)

Prerequisites : OAM and OAAM servers are installed and running.

1. Create a directory where OAM and OAAM servers are installed to store the certificate.

2. Run wlst.sh command from <Middleware_home>/Oracle_IDM1/common/bin location.

3. Run connect() command to connect to OAM Admin server and provide the OAM Admin server details.

4. Run the below command to register the OAAM with OAM:

registerThirdPartyTAPPartner(partnerName= "OAAMTAPPartner" , keystoreLocation= "<Directory_created_to store_Keystore>/TapKeystore.jks" , password="<Password> " , tapTokenVersion="v2.0" , tapScheme= "TAPScheme" , tapRedirectUrl= "http://<OAM_Host>:14300/oaam_server/oamLoginPage.jsp")

5. Login to OAM console and open the TAP Scheme.

6. Add “MatchLDAPAttribute=uid” in challenge Parameter as uid is being used for authentication (in case).

7. Open OAM agents and click on IAMSuiteAgent. Update the agent and provide a password for ‘Access Client Password’.

8. Login to Weblogic console and open providers under realm. Select IAMSuiteAgent provider and update the same password for ‘Agent Password’ under provider specific tab.

9. Search for the oaam_cli.properties file and update the details below:

10. Run ./setupOAMTapIntegration.sh script as below to complete the TAP Integration:

./setupOAMTapIntegration.sh <Location_of_modified_oaam_cli.properties>/oaam_cli.properties

11. Provide all the required details from script and restart the OAM and OAAM servers. If script ran successfully Integration is completed.

Comments

Developing Prepopulate Adapter with OIM 11g R2

1. Prepopulate Adapter in OIM uses the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. 2. Write the Java code which returns the value which has to be populated on the form. 3. This code will implement the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. Code Snippet: - package com.oracle.oim.utility.eventhandler; import java.io.Serializable; import java.util.Iterator; import java.util.List; import java.util.logging.Logger; import oracle.iam.identity.exception.NoSuchUserException; import oracle.iam.identity.exception.UserLookupException; import oracle.iam.identity.usermgmt.api.UserManager; import oracle.iam.identity.usermgmt.vo.User; import oracle.iam.platform.Platform; import oracle.iam.platform.authz.exception.AccessDeniedException; import oracle.iam.request.exception.RequestServiceException; import oracle.iam.request.vo.Beneficiary; import oracle.iam.request.vo.RequestData; public c

OIM Tuning

Application Module tuning is a critical setting which will affect the UI performance. Following are the recommended application module settings for OIM and these are already set out-of-box (OOB) in later releases of OIM 11g R2. Ensure that these settings are implemented as recommended in your environment. -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60 - Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true - Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1 - Djbo.connectfailover=false -Djbo.max.cursors=5 - Doracle.jdbc.implicitStatementCacheSize=5 - Doracle.jdbc.maxCachedBufferSize=19 open DOMAIN_HOME/bin/setDomainEnv.sh file for the WebLogic Server instance.find these lines: JAVA_OPTIONS="${JAVA_OPTIONS}" export JAVA_OPTIONS and change it to: JAVA_OPTIONS="-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -D

What is Application Instance

Application instance is a provisionable entity. It is a combination of IT resource instance (target connectivity and connector configuration) and resource object (provisioning mechanism) . Creating and managing application instances are performed by using the Oracle Identity System Administration. Once Created Application Instance can be requested from the catalog. Application instances can be connected or disconnected. Connected application instance -It has a connector defined for the provisioning of entities. Account is created in the target system real time in case of connected Application Instance. Disconnected application instance - It is used for the provisioning of a disconnected resource, for which a connector is not defined, and therefore, the provisioning is performed manually by the administrator. A mail trigger system can also be attached which sends the account creation/modification/deletion mails to the application owner.

Identity and Access management

Search This Blog