Oracle WebLogic Server provides three utilities to enable you to modify Oracle Identity Manager metadata. They are:
weblogicExportMetadata.sh - export specific metadata files from the MDS database
weblogicImportMetadata.sh - import specific metadata files into the MDS database
weblogicDeleteMetadata.sh - delete specific metadata files from the MDS database
This section explains how to use the utilities. Topics include:
There are two steps needed to set up the environment for the MDS utilities:
set an environment variable
set up the properties file to specify the parameters needed by the utilities
Set the OIM_ORACLE_HOME environment variable to the C:\Oracle\Middleware\Oracle_IDM1\ directory.
Set the necessary properties in the weblogic.properties file, which is located in the same folder as the utilities.
Table 30-1 Parameters in the Properties File
| Property Name | Description | Notes |
|---|---|---|
|
wls_servername |
Name of the Oracle WebLogic Server on which Oracle Identity Manager is deployed |
|
|
application_name |
The application name |
Value is:
If importing or exporting custom data, set application_name to |
|
metadata_from_loc |
Directory location from which an XML file should be imported. This property is used by weblogicImportMetadata.sh script. |
Microsoft Windows paths include // as file or directory separator. |
|
metadata_to_loc |
Directory location to which an XML file should be exported. This property is used by the weblogicExportMetadata.sh script. |
Microsoft Windows paths include // as file or directory separator. |
|
metadata_files |
Full path and name of an XML file. This property is used by weblogicExportMetadata.sh and weblogicDeleteMetadata.sh scripts. |
For example, you may specify /file/User.xml to export a user entity definition. You can indicate multiple xml files as comma-separated values. |
When you run the weblogicImportMetadata.sh utility, all files specified in metadata_from_loc will be imported.
For example, you want to import User.xml which exists in /scratch/johnny/temp/oim/file/User.xml. You must define metadata_from_loc as /scratch/johnny/temp/oim.
Note:
Make sure no other files exist in the directory specified by metadata_from_loc or its subdirectories. The import utility tries to recursively import all the files under the directory.
When you run the weblogicExportMetadata.sh utility, the files specified in metadata_files will be exported to the folder specified by metadata_to_loc.
Note:
If the file name contains spaces, then you must specify the file name as is, without quotes or any escape characters. For example, to export a file named ProvisionResourceeBusiness Suite User.xml, where the path is /db/ProvisionResourceeBusiness Suite User.xml, you must specify the metadata files property as follows:metadata_files=/db/ProvisionResourceeBusiness Suite User.xml
When you run the weblogicDeleteMetadata.sh utility, the files specified in metadata_files will be deleted from MDS.
Note:
If the file name contains spaces, then you must specify the file name as is, without quotes or any escape characters. For example, to delete a file named ProvisionResourceeBusiness Suite User.xml, where the path is /db/ProvisionResourceeBusiness Suite User.xml, you must specify the metadata files property as follows:metadata_files=/db/ProvisionResourceeBusiness Suite User.xml
The properties file looks like this:
# Weblogic Server Name on which OIM application is running
wls_servername=@servername
# If you are importing or exporting any out of box event handlers, value is oim.
# For rest of the out of box metadata, value is OIMMetadata.
# If you are importing or exporting any custom data, always use application name as OIMMetadata.
application_name=@appname
# Directory location from which XML file should be imported.
# Lets say I want to import User.xml and it is in the location /scratch/johnny/temp/oim/file/User.xml,
# I should give from location value as /scratch/johnny/temp/oim. Make sure no other files exist
# in this folder or in its sub folders. Import utility tries to recursively import all the files under the
# from location folder. This property is only used by weblogicImportMetadata.sh
metadata_from_loc=@metadata_from_loc
# Directory location to which XML file should be exported to
metadata_to_loc=@metadata_to_loc
# For example /file/User.xml to export user entity definition. You can specify multiple xml files as comma separated values.
# This property is only used by weblogicExportMetadata.sh and weblogicDeleteMetadata.sh scripts
metadata_files=@metadata_files
The following metadata is used for configuring LDAP Container Rules to determine in which container user and roles should be created in LDAP.
/db/LDAPContainerRules.xml
The following metadata is used for configuring reconciliation profile and reconciliation horizontal table entity definition for LDAP user, role, role hierarchy, and role membership reconciliation:
/db/LDAPUser /db/LDAPRole /db/LDAPRoleHierarchy /db/LDAPRoleMembership /db/RA_LDAPROLE.xml /db/RA_LDAPROLEHIERARCHY.xml /db/RA_LDAPROLEMEMBERSHIP.xml /db/RA_LDAPUSER.xml /db/RA_MLS_LDAPROLE.xml /db/RA_MLS_LDAPUSER.xml
The following metadata is used for configuring LDAP user, role entity definitions and membership, and hierarchy relationship definitions:
/metadata/iam-features-ldap-sync/LDAPRole.xml /metadata/iam-features-ldap-sync/LDAPRoleMembership.xml /metadata/iam-features-ldap-sync/LDAPUser.xml /metadata/iam-features-ldap-sync/LDAPUserMembership.xml
The following metadata contain the request model and dataset definitions for default request types:
/metadata/iam-features-requestactions/model-data/AssignRolesDataset.xml /metadata/iam-features-requestactions/model-data/AssignRolesRequest.xml /metadata/iam-features-requestactions/model-data/CreateRoleDataSet.xml /metadata/iam-features-requestactions/model-data/CreateRoleRequestModel.xml /metadata/iam-features-requestactions/model-data/CreateUserDataSet.xml /metadata/iam-features-requestactions/model-data/CreateUserRequestModel.xml /metadata/iam-features-requestactions/model-data/DeleteRoleDataSet.xml /metadata/iam-features-requestactions/model-data/DeleteRoleRequestModel.xml /metadata/iam-features-requestactions/model-data/DeleteUserDataset.xml /metadata/iam-features-requestactions/model-data/DeleteUserRequest.xml /metadata/iam-features-requestactions/model-data/DeprovisionResourceRequest.xml /metadata/iam-features-requestactions/model-data/DisableProvisionedResourceRequest.xml /metadata/iam-features-requestactions/model-data/DisableUserDataset.xml /metadata/iam-features-requestactions/model-data/DisableUserRequest.xml /metadata/iam-features-requestactions/model-data/EnableProvisionedResourceRequest.xml /metadata/iam-features-requestactions/model-data/EnableUserDataset.xml /metadata/iam-features-requestactions/model-data/EnableUserRequest.xml /metadata/iam-features-requestactions/model-data/ModifyResourceRequest.xml /metadata/iam-features-requestactions/model-data/ModifyRoleDataSet.xml /metadata/iam-features-requestactions/model-data/ModifyRoleRequestModel.xml /metadata/iam-features-requestactions/model-data/ModifyUserDataset.xml /metadata/iam-features-requestactions/model-data/ModifyUserRequestModel.xml /metadata/iam-features-requestactions/model-data/ProvisionResourceRequest.xml /metadata/iam-features-requestactions/model-data/RemoveRolesDataset.xml /metadata/iam-features-requestactions/model-data/RemoveRolesRequest.xml /metadata/iam-features-requestactions/model-data/ResourceCommonDataset.xml /metadata/iam-features-requestactions/model-data/SelfAssignRolesRequest.xml /metadata/iam-features-requestactions/model-data/SelfCreateUserDataset.xml /metadata/iam-features-requestactions/model-data/SelfCreateUserRequest.xml /metadata/iam-features-requestactions/model-data/SelfDeProvisionResourceRequest.xml /metadata/iam-features-requestactions/model-data/SelfModifyProvisionedResourceRequest.xml /metadata/iam-features-requestactions/model-data/SelfModifyUserRequest.xml /metadata/iam-features-requestactions/model-data/SelfProvisionResourceRequest.xml /metadata/iam-features-requestactions/model-data/SelfRemoveRolesRequest.xml
The following metadata contains the predefined event handler definitions for Oracle Identity Manager operations:
Note:
These are read only documents. Contact Oracle support if there is a need to modify and delete any of the event handlers that are defined in these metadata file./db/ldapMetadata/EventHandlers.xml /metadata/iam-features-OIMMigration/EventHandlers.xml /metadata/iam-features-Scheduler/EventHandlers.xml /metadata/iam-features-accesspolicy/event-definition/EventHandlers.xml /metadata/iam-features-asyncwsclient/EventHandlers.xml /metadata/iam-features-autoroles/event-definition/EventHandlers.xml /metadata/iam-features-callbacks/event_configuration/EventHandlers.xml /metadata/iam-features-configservice/event-definition/EventHandlers.xml /metadata/iam-features-identity/event-definition/EventHandlers.xml /metadata/iam-features-notification/EventHandlers.xml /metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml /metadata/iam-features-reconciliation/event-definition/EventHandlers.xml /metadata/iam-features-request/event-definition/EventHandlers.xml /metadata/iam-features-requestactions/event-definition/EventHandlers.xml /metadata/iam-features-selfservice/event-definition/EventHandlers.xml /metadata/iam-features-sod/EventHandlers.xml /metadata/iam-features-system-configuration/EventHandlers.xml /metadata/iam-features-tasklist/EventHandlers.xml /metadata/iam-features-templatefeature/EventHandlers.xml /metadata/iam-features-transUI/EventHandlers.xml /metadata/iam-features-spmlws/EventHandlers.xml
To write additional event handlers for any kernel operations, you need to define this event handler in an XML file and seed it into MDS.
For example, suppose you need to write a pre-process event handler on the user create operation to generate the user ID. A sample event handler definition would be like this:
<eventhandlers>
<preprocess-handler
class="oracle.iam.user.ComputeUserID"
entity-type="User"
operation="CREATE"
name="Compute User ID"
order="1001"
stage="preprocess"
sync="TRUE">
</preprocess-handler>
</eventhandlers>
You would put this content in an XML file called EventHandlers.xml and place it in a directory, such as /scratch/data with a path such as /metadata/user/custom/.
Note:
Only Oracle Identity Manager looks into MDS with file paths starting with /metadata or /db. So, make sure that starting path/folder name for any XML document is either one of theseTo import the file into MDS, modify the following values in the weblogic.properties file and run the weblogicImportMetadata.sh/weblogicImportMetadata.bat file:
wls_servername=oim server name, for example oim_server1
application_name=oim
metadata_from_loc=/scratch/data
The above metadata/XML file is imported into MDS with the full path /metadata/user/custom/EventHandlers.xml.Lets say you want to update the document and change the order in which this event handler is executed. First, export the document by modifying the following values in the weblogic.properties file and running the weblogicExportMetadata.sh/weblogicExportMetadata.bat file:
wls_servername=oim server name, for example oim_server1
application_name=oim
metadata_to_loc=/scratch/data
metadata_files=/metadata/user/custom/EventHandlers.xml
The document will be exported to the /scratch/data/metadata/user/custom folder. Under /scratch/data, if the folder structure /metadata/user/custom does not exist, MDS will create it.
You can now edit the file to change the order and run the import command as describe above.
Finally, suppose you decide that instead of being computed, the user ID should be specified during user creation. In that case, this document/XML needs to be deleted. To delete the document, modify the following values in the weblogic.properties file and run the weblogicDeleteMetadata.sh/weblogicDeleteMetadata.bat file:
wls_servername=oim server name, for example oim_server1
application_name=oim
metadata_files=/metadata/user/custom/EventHandlers.xml