| Oracle® Access Manager Access Administration Guide 10g (10.1.4.2.0) Part Number B32420-01 |
|
|
View PDF |
| Oracle® Access Manager Access Administration Guide 10g (10.1.4.2.0) Part Number B32420-01 |
|
|
View PDF |
Some Access System administration tasks are performed outside the Access System Console. This chapter contains the following topics:
For more information about managing the Access System, see:
Oracle Access Manager should be installed and set up as described in the Oracle Access Manager Installation Guide. Read the Oracle Access Manager Introduction manual, which provides an overview of Oracle Access Manager not found in other manuals. Also, familiarize yourself with the chapters in this manual that explain Access System configuration and administration. Finally, the Oracle Access Manager Administration Guide describes functions that are common to the Identity and Access Systems.
The Identity System and the Access System use different user and group caches. You can implement automatic cache flushing for the Access System to ensure that the Access Server's cache is replaced with the latest information.
For more information about flushing the Access Server caches, see:
The Oracle Access Manager Deployment Guide provides more information about Oracle Access Manager caches.
You can synchronize two aspects of the Access System:
System Clocks: This is required.
Component Configurations: You have the option of copying some or all configuration information from one Access System component to another.
For information on synchronizing the configuration of two Access System components, see the Oracle Access Manager Installation Guide.
The clocks of all computers hosting Oracle Access Manager components must be synchronized. Without synchronization, users may not be able to log in to the components or log in to the System Console.
The two possible scenarios are:
WebPass and Policy Manager are installed on one machine, and Identity Server is installed on another machine.
WebPass is installed on a machine without Policy Manager, and is configured to route requests to two or more Identity Servers.
Specify a value for the loginslack parameter, located in each of these files:
PolicyManager_install_dir/access/oblix/apps/common/bin/oblixbaseparams.lst
Identity_install_dir/identity/oblix/apps/common/bin/oblixbaseparams.xml
where PolicyManager_install_dir is the directory in which the Policy Manager is installed and Identity_install_dir is the directory in which Identity Server is installed.
The value that you set specifies the acceptable maximum time difference, in seconds, between the two clocks.
For the first scenario, you must set the value for the loginslack parameter in both files to the same number. For the second scenario, you must set the value for the parameter in each identity server installation directory to the same number.
A second way to reduce off-time network traffic between both the WebGate and Access Server and between the Access Server and the LDAP directory server is to change the default configuration cache timeout for WebGate and Access client configurations that are cached in the Access Server.
To change the default configuration cache timeout
Navigate to the globalparams.xml file located in:
WebGate_install_dir/access/oblix/apps/common/bin/globalparams.xml
where WebGate_install_dir is the directory where WebGate is installed.
Add the following parameters and specify their values:
clientConfigCacheMaxElems
The default value is 9999.
clientConfigCacheTimeout
The default value is 59 seconds.
The default values listed should cause no change in the system behavior on non-Apache Access clients. An Apache Web server with WebGate will now avoid excessive hits to the directory server.
You can reduce overhead on the My Policy Domains page by turning off the display of the Resource Type and URL Prefix columns on that page. Note that these columns may contain useful information, so the gain in performance is a tradeoff.
To turn off the display of Resource Type and URL Prefix columns
Locate the PolicyManager_install_dir/access/oblix/apps/common/bin/globalparams.xml file.
where PolicyManager_install_dir is the directory where Policy Manager is installed.
Set the value of the parameter limitAMPolicyDomainResourceDisplay to true.
By default, the value of this parameter is false. The Resource Type and URL Prefix columns are displayed by default. For more information on Policy Domains, see "About Policy Domains and Their Policies".
When you invoke the Policy Manager, the My Policy Domains page is displayed. This page lists all of your policy domains. If you are interested in a certain policy domain, you can scroll through the list to find it. If you are responsible for a large number of policy domains, the list will be long. An easier and faster way to find the desired policy domain would be to search for it by name.
Rather than displaying the My Policy Domains page as the first page you see in the Policy Manager, you may set the Search page as the default. In addition, you may customize the Search page. Topics in this section explain:
For additional information on customizing these items, see the Oracle Access Manager Customization Guide.
With the Access System, you can change the first page displayed by the Policy Manager from the My Policy Domains page to the Search page. The Master Administrator responsible for the Web server can change the default by modifying the configuration base parameter list file, oblixbaseparams.lst. Changes made to this file occur at the Access Server level. If you change the default, it affects all users of the Policy Manager.
To set Search as the default page
Open the following file in an editor:
PolicyManager_install_dir/access/oblix/apps/common/bin oblixbaseparams.lst
where PolicyManager_install_dir is the directory where Policy Manager is installed.
Locate the following section in the file:
policyservcenter_application_info:
Change the entry as follows:
From:
PROGRAM:../../policyservcenter/bin/policyservcenter.cgi
To:
PROGRAM:../../policyservcenter/bin/policyservcenter.cgi?program=navbar&selected_prog= searchframepage
Save the file and close it.
Restart the Web server.
When you perform a search in the Policy Manager, the default number of results shown is 8. This means that 8 results are displayed just beneath the search bar. You may want to change the default value. You may also want to limit the type of searches by altering what appears in the Policy Manager Search page list, which by default includes the following values:
That Contains
Contains in Order
That Begins with
That Ends with
For more information, see the following procedures:
To change the default number of search results
Locate and open the following file in a text editor:
PolicyManager_install_dir\access\oblix\apps\common\bin\oblixbaseparams.lst
Change the default value of defaultDisplayResultVal to a number other than 8.
Save the file, and restart the Web server.
Locate and open in a text editor the policyservcenparams.lst file:
PolicyManager_install_dir\access\oblix\config\policyservcenparams.lst
Locate the following ObEnhanceSearchList parameter and values:
\ObEnhanceSearchList: BEGIN:vNameList OOS:MOOS OSM:MOSM OBW:MOBW OEW:MOEW END:vNameList
Comment out or delete the values from this list of values.
Save the file and restart the Web server.
