Wednesday, December 26, 2012

OIM 11g R2 UI Customization Tips and Tricks



Introduction

OIM 11g R2 has finally provided OIM Developers with the means to implement very sophisticated and functional rich customizations to the Out of the Box User Interface of OIM; and the best part is, all these customizations are patching and upgrade transparent, which means that when the OIM installation is upgraded or patched, the customizations don’t have to be re-applied. Everything is stored in the metadata repository (MDS) and it is applied on top of the standard user interface. This article presents a few techniques to implement customizations that go a little beyond the capabilities of Web Composer; but still are within the scope of OIM’s MDS. Each technique will be presented in the context of a use case addressed by the customization implemented using the given technique.

On a recent post by Daniel Gralewski, there was a very nice customization for the Catalog. The purpose of such customization was to filter the resources already provisioned to a user from the results of a catalog search. In a follow up question, one of our readers asked if the search screen could be customized to add a drop down box that can be used to trigger a predefined search, like a catalog search based on role category.

So I thought that would be a nice use case to start, here is what I envisioned based on certain requirements from an actual customer I am helping at the present time.

Wednesday, December 19, 2012

More on Upstart

I did a couple of blog posts on Upstart - introducing it in my post Starting and stopping WebLogic automatically using Upstart and doing the same for OID.

I pointed a couple of people at those posts and they told me they wanted more. More explanation, more clarity, and more about how to use Upstart to boot the entire environment.

So in this post I'm going to show how to use Upstart to start the Oracle database, then (once the database is started) start OID and OVD, and only then start OAM and the other WebLogic services.

The first thing I did was convert my Oracle database startup from a SysV-style init script to Upstart. Colm Divilly did the heavy lifting for me and blogged his config file for Ubuntu. I took that and tweaked it for OEL.
This goes in /etc/init/oracledb.conf:

description  "Oracle Database"

# Based on blog post at
# https://cdivilly.wordpress.com/2010/10/28/ubuntu-upstart-script-for-oracle-database/

# The location of the Oracle install
env ORACLE_HOME=/home/oracle/database/product/11.2.0/dbhome_1
# The user to execute Oracle as
env ORACLE=oracle

start on runlevel [2345]
stop on runlevel [016]

expect fork

pre-start script
    logger "Starting Oracle DB"
    su - $ORACLE -c "$ORACLE_HOME/bin/dbstart $ORACLE_HOME"
end script

post-stop script
    logger "Stopping Oracle DB"
    su - $ORACLE -c "$ORACLE_HOME/bin/dbshut $ORACLE_HOME"
end script

Then /etc/init/oid.conf for OID, OVD and the WebLogic server where I run ODSM:

start on started oracledb
stop on stopping oracledb

# This is good for debugging purposes but it's a bad idea to leave
# this on long term.
#console output

# this starts OPMN, OID and OVD
pre-start script
    logger "pre-start for OID/OVD"
    /bin/su - oracle -c "/home/oracle/middleware/asinst_1/bin/opmnctl startall"
    logger "pre-start for OID/OVD complete"
end script

# and this stops them
post-stop script
    logger "pre-stop for OID/OVD complete"
    /bin/su - oracle -c "/home/oracle/middleware/asinst_1/bin/opmnctl stopall"
    logger "pre-stop for OID/OVD complete"
end script

# this is the AdminServer only:
exec /bin/su - oracle -- /home/oracle/middleware/user_projects/domains/IDMDomain/bin/startWebLogic.sh

The important thing there is the "start on started oracledb" stanza. What that says in English is much as you would expect - "start this once the 'oracledb' service is started". The "stop on" does the same for when the database is being stopped; which will cause Upstart to stop OID and OVD before it tries to stop the database.

Upstart works out the dependencies automatically so no need to worry about numbers or pinging the database via sqlplus or tnsping.

The Upstart config for the OAM Server looks the much the same:
/etc/init/oamadminserver.conf

start on started oracledb
stop on stopping oracledb

exec /bin/su - oracle -- /home/oracle/middleware/user_projects/domains/IAMDomain/bin/startWebLogic.sh
Enjoy.

Monday, December 17, 2012

OIM 11g Assets

Since the first 11g release, OIM engineering and product management teams have been working hard on field enablement. As part of this work, they created a wonderful set of reusable OIM customizations examples. Such components are called 'OIM assets'.

Among these great assets, you can find examples of approval workflow, event handler, scheduled task, UI customization, and others.  They can be used as learning assets; and they can be easily modified and deployed to your OIM environment to address some common use cases. Another nice thing is that there are examples for the three major releases of OIM 11g: 11.1.1.3, 11.1.1.5 and 11.1.2.0.

They can be found at Oracle Technology Network on this page. Have fun!


Unsolicited login with OAM 11gR2

In a previous post Chris Johnson has discussed unsolicited login with OAM 11g.


In OAM 11gR2 this functionality is supported out of the box and with little effort you can implement Unsolicited Login.

This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available.

If you're interested to authenticate using unsolicited POST, please read on…

Friday, December 14, 2012

My Silly (and common) Mistake with the OAM Mobile and Social SDK on iOS

I recently created an iOS application using the OAM Mobile and Social SDK for iOS and got an error in my debugger output window:
2012-12-05 19:06:38.038 PiggyBank[24799:1303] -[__NSCFString OMJSONValue]: unrecognized selector sent to instance 0xb2be000
This error appeared after the Application Profile was downloaded and I couldn't figure out what I had done wrong.

Turns out I'd forgotten one step after adding the SDK bits to the XCode project - I had forgot to add the linker flags "-ObjC -all_load" under Build Settings.

To fix this click on the Project, then click the Target, then click the "Build Settings" tab and find the "Other Linker Flags" row. Edit it and add -ObjC -all_load to whatever's already there. Here's a screen shot:

Those flags are needed whenever a new message (function) will be passed to existing class without extending it. Inside the bits of the M&S SDK NSString doesn't have OMJSONValue but the SDK will pass OMJSONValue to NSString, so those flags are needed to make it work.

Of course this is documented in a block marked "Important:" but I missed it and I'm guessing if you found this blog post via Google you did too!

Wednesday, December 12, 2012

Password Policy in OAM 11g R2

One of the features in the new 11G R2 (or 11.1.2) release of Oracle Access Manager that's been most eagerly anticipated is the support for password policy within the OAM product; that is, the ability for OAM itself to support a subset of password management processes without the need to use Oracle Identity Manager and LDAP Sync. In this post, I'd like to explore this functionality in a little more detail and also explore exactly which use cases are supported.

This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available.

Tuesday, December 4, 2012

Starting OID 11g with Upstart

If you read my post on Upstart a while ago you know that I'm a fan of Upstart.

But I hadn't sat down to redo my old (and crummy) OID/OVD start scripts to use Upstart until this week partly because "if it ain't broke don't fix it" but partly because who the heck has time?!

This week I needed to create a new environment to put together a demo of the Mobile side of OAM Mobile and Social and thought I'd take a few minutes to fix that. It didn't take all that long.

Here's my /etc/init/oid.conf

start on runlevel [345]

# This is good for debugging purposes but it's a bad idea to leave
# this on long term.
#console output

# this starts OPMN, OID and OVD
pre-start script
    /bin/su - oracle -c "/home/oracle/middleware/asinst_1/bin/opmnctl startall"
end script

# and this stops them
post-stop script
    /bin/su - oracle -c "/home/oracle/middleware/asinst_1/bin/opmnctl stopall"
end script

# note that I'm only starting the AdminServer here
exec /bin/su - oracle -- /home/oracle/middleware/user_projects/domains/IDMDomain/bin/startWebLogic.sh
Note: Because this is a little test environment and I want to keep the memory down and don't need DIP or a bunch of other stuff I simply moved ODSM from wls_ods1 to the Admin Server. That lets me run OID and ODSM without needing to start the wls_ods1 managed server.