Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Federation
11g Release 1 (11.1.1)

Part Number E13400-07
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

A Oracle Identity Federation MBeans

Several MBeans manage the underlying configuration of the Oracle Identity Federation server. The configuration data is stored in three files:

This appendix describes the function of each MBean and the corresponding configuration file elements, and contains these sections:

A.1 Server-wide Configuration (config.xml)

FederationConfig, Config, PropertiesMap, and PropertiesList MBeans manage server wide configuration in config.xml.

A.1.1 FederationConfig

This section describes the FederationConfigMXBean and its corresponding FederationConfig element.

A.1.1.1 FederationConfigMXBean

The FederationConfigMXBean manages the sequence of Config elements and the life cycle of their corresponding ConfigMXBeans. It exposes the following operations:

  • createEmptyConfig: Given a name, creates a new Config element and a corresponding ConfigMXBean. The given name cannot be null or the empty string, and it must be unique across all Config elements in this FederationConfig

  • destroyConfig: Given a name, destroys the Config element with the given name and un-registers its corresponding ConfigMXBean.

  • hasConfig: Given a name, returns true if and only if there exists a Config element in this Federation Config with the given name.

  • retrieveConfig: Given a name, returns the ObjectName with which the ConfigMXBean corresponding to the given Config element is registered in the MBean server.

  • retrieveConfigs: Returns the ObjectNames with which the ConfigMXBeans corresponding to all child Config elements are registered in the MBean server.

A.1.1.2 The FederationConfig Element

FederationConfig is the top element of the config.xml file. It contains a sequence of Config elements.

<fed:FederationConfig xmlns:fed="http://xmlns.oracle.com/fed/schema/oif-11_2.xsd">
        <fed:Config name="serverconfig">
                …
        </fed:Config>
        <fed:Config name="idpglobal">
                …
        </fed:Config>
         … 
</fed:FederationConfig>

A.1.2 Config

This section describes the ConfigMXBean and its corresponding Config element.

A.1.2.1 ConfigMXBean

The ConfigMXBean manages the addition, removal and retrieval of properties, and manages its PropertiesList and PropertiesMap children by managing the life cycle of their corresponding PropertiesListMXBeans and PropertiesMapMXBeans. It exposes the following operations:

  • element name retrieval

  • retrieval, addition, and removal of properties

  • life cycle management of PropertiesListMXBeans

  • life cycle management of PropertiesMapMXBeans

Element Name Retrieval

getName retrieves the name of its corresponding Config element.

Retrieval, Addition, and Removal of Properties

Operations to manage addition, removal, and retrieval of properties are:

  • hasProperty: Given a name, returns true if and only if there exists a Property in this Config with the given name.

  • putProperty: Given a name, a value, and a type, adds a Property to this Config with the specified name, value and type.

    If there already exists a Property with the specified name, sets the value and type of the existing property to the given ones. However, if there already exists a Property with the given name, the given type must match the type of the existing property.

    In either case, the type must be one of: 'string', 'boolean', 'long', and the value must be of the specified type. The name cannot be null or the empty string.

  • removeAllProperties: Removes all Property elements in this Config.

  • removeProperty: Given a name, removes the Property with the given name from this Config.

  • retrievePropertyType: Given a name, returns the type of the Property in this Config with the given name.

  • retrievePropertyValue: Given a name, returns the type of the Property in this Config with the given name.

Manage Life Cycle of PropertiesListMXBeans

Operations for life cycle management of PropertiesListMXBeans include:

  • createPropertiesList: Given a name, creates a new PropertiesList element and a corresponding PropertiesListMXBean. The given name cannot be null or the empty string and it must be unique across all PropertiesList elements in this Config.

  • destroyAllPropertiesLists: Destroys all PropertiesList elements and unregisters their corresponding PropertiesListMXBeans.

  • destroyPropertiesList: Given a name, destroys the PropertiesList element in this Config with the given name, and unregisters its corresponding PropertiesListMXBean.

  • hasPropertiesList: Given a name, returns true if and only if there exists a PropertiesList in this Config with the given name.

  • retrieveAllPropertiesLists: Returns the ObjectNames with which the PropertiesListMXBeans corresponding to all child PropertiesList elements are registered in the MBean server.

  • retrievePropertiesList: Given a name, retrieves the ObjectName with which the PropertiesListMXBean corresponding to the PropertiesList element in this Config with the given name is registered in the MBean server.

Manage Life Cycle of PropertiesMapMXBeans

Operations for life cycle management of PropertiesMapMXBeans are equivalent to those that manage the life cycle of child PropertiesListMXBeans.

A.1.2.2 The Config Element

Config elements have a name attribute and Property, PropertiesList, and PropertiesMap elements as children:

<fed:FederationConfig xmlns:fed="http://xmlns.oracle.com/fed/schema/oif-11_2.xsd">
        <fed:Config name="serverconfig">
                …
        </fed:Config>
        <fed:Config name="idpglobal">
<fed:Property name="providerid" type="string">          http://node1.us.example.com:1234/fed/idp</fed:Property>
                <fed:Property name="lib11enabled" type="boolean">true</fed:Property>            
                <fed:PropertiesList name="sendattributefornameid">
                 …       
</fed:PropertiesList>
<fed:PropertiesMap name="attr-value-filters">
…
</fed:PropertiesMap>
                <fed:PropertiesMap name="attr-value-mappings">
                …
</fed:PropertiesMap>
 </fed:Config>
         … 
</fed:FederationConfig>

A.1.3 PropertiesList

This section describes the PropertiesListMXBean and its corresponding PropertiesList element.

A.1.3.1 PropertiesListMXBean

A PropertiesListMXBean manages the addition, removal, and retrieval of properties at a given index. It exposes the following operations:

  • addProperty (overloaded): Given a value, a type and an index, adds a Property with the specified name and type at the given index. The type must be one of: 'string', 'boolean', 'long', and the value must be of the type specified.

  • addProperty (overloaded): Given a value and a type, adds a Property with the specified name and type to the end of this PropertiesList. The type must be one of: 'string', 'boolean', 'long', and the value must be of the type specified.

  • getName: Returns the name of this PropertiesList.

  • hasPropertyValue: Given a value, returns true if and only if there exists a Property in this PropertiesList with the given value.

  • indexOf: Given a value, returns the index of the first Property that has the specified value, or -1 if no Property in this PropertiesList has the specified value.

  • removeAllProperties: Removes all Property elements from this PropertiesList.

  • removeProperty (overloaded): Given an index, removes the Property element at the given index.

  • removeProperty (overloaded): Given a value, removes the first Property element that has the specified value.

  • retrieveAllPropertyValues: Returns a list containing the values of the Property elements in this PropertiesList. The values are returned in the same order in which the Property elements appear.

  • retrieveNumberOfProperties: Returns the number of Property elements in this PropertiesList.

  • retrievePropertyType: Given an index, returns the type of the Property element at the given index.

  • retrievePropertyValue: Given an index, returns the value of the Property element at the given index.

A.1.3.2 The PropertiesList Element

A PropertiesList has a name attribute and Property elements as children. Property elements inside a PropertiesList do not have names.

<fed:FederationConfig xmlns:fed="http://xmlns.oracle.com/fed/schema/oif-11_2.xsd">
        <fed:Config name="serverconfig">
                …
        </fed:Config>
        <fed:Config name="idpglobal">
         … 
 </fed:Config>
 <fed:Config name="idpliberty11">
        <fed:PropertiesList name="ssobindings">
                <fed:Property type="string">artifact</fed:Property>
                <fed:Property type="string">httppost</fed:Property>
        </fed:PropertiesList>
        <fed:PropertiesList name="authnreqbindings">
                <fed:Property type="string">httppost</fed:Property>
                <fed:Property type="string">httpredirect</fed:Property>
        </fed:PropertiesList>
         …
 </fed:Config>
         … 
</fed:FederationConfig>

A.1.4 PropertiesMap

This section describes the PropertiesMapMXBean and its corresponding PropertiesMapMXBean element.

A.1.4.1 PropertiesMapMXBean

A PropertiesMapMXBean manages the addition, removal and retrieval of properties, and manages its PropertiesList and PropertiesMap children by managing the life cycle of their corresponding PropertiesListMXBeans and PropertiesMapMXBeans. It exposes the same operations as a ConfigMXBean, with the addition of the following operation:

retrieveAllPropertyNames: Returns a list containing the names of the Property elements in this PropertiesMap.

A.1.4.2 The PropertiesMap Element

PropertiesMap elements have a name attribute and Property, PropertiesList, and PropertiesMap elements as children.

<fed:FederationConfig xmlns:fed="http://xmlns.oracle.com/fed/schema/oif-11_2.xsd">
        …
<fed:Config name="fedusersearch">
<fed:PropertiesMap name="fedldap">
<fed:Property name="includesearchattrs" type="boolean">true</fed:Property>
<fed:Property name="defaultsorton"
type="string">orclFedOwnerGUID</fed:Property>
                 <fed:PropertiesList name="defaultsearch">
                 …
                </fed:PropertiesList>
                <fed:PropertiesList name="defaultdisplay">
                 …               
                </fed:PropertiesList>
<fed:PropertiesMap name="displaynames">
                 …
                </fed:PropertiesMap>
                </fed:PropertiesMap>
                 …
</fed:Config>
…
</fed:FederationConfig>

A.2 Provider-specific Configuration

CircleOfTrust, PeerProvider MBeans support provider-specific configuration in cot.xml.

A.2.1 CircleOfTrust

This section describes the CircleOfTrustMXBean and its corresponding CircleOfTrust element.

A.2.1.1 CircleOfTrustMXBean

The CircleOfTrustMXBean manages the sequence of PeerProvider elements and the life cycle of their corresponding PeerProviderMXBeans. It exposes the following operations:

  • createPeerProvider: Given a description, provider ID, provider type, and version, creates a new PeerProvider element and a corresponding PeerProviderMXBean. None of the parameters passed can be null, and the provider ID, provider type, and version cannot be the empty string. If there already exists a PeerProvider with the given provider ID, the existing provider is destroyed and replaced by the new provider.

  • destroyPeerProvider: Given a provider ID, destroys the PeerProvider element in this CircleOfTrust with the given provider ID, and unregisters its corresponding PeerProviderMXBean from the MBean server.

  • hasPeerProvider: Given a provider ID, returns true if and only if there exists a PeerProvider element in this CircleOfTrust with the given provider ID.

  • loadMetadata: Given a String with a Peer Provider's metadata, creates a new PeerProvider element with the information found in the metadata and creates a corresponding PeerProviderMXBean. The metadata cannot be null and it must be in XML format. The metadata must also comply to SAML 1.x, SAML 2.0, or Liberty 1.x specifications.

  • retrievePeerProvider: Given a provider ID, returns the ObjectName with which the PeerProviderMXBean corresponding to the PeerProvider element in this CircleOfTrust with the given provider ID, is registered on the MBean server.

  • retrievePeerProviders: Returns the ObjectNames with which the PeerProviderMXBeans corresponding to all child PeerProvider elements are registered in the MBean server.

A.2.1.2 The CircleOfTrust Element

CircleOfTrust is the top element of the cot.xml file. It contains a sequence of PeerProvider elements:

<CircleOfTrust xmlns="http://xmlns.oracle.com/fed/schema/oif-11_2.xsd">
        …
        <PeerProvider version="SAML1.0" succinctID="Iyrw+aKYfAkLFKROZCE2qe2w0Qk=" providerType="idp" providerID="http://node2.us.example.com:1234/fed/idp" description="">
        …
</PeerProvider>
        <PeerProvider version="SAML2.0" succinctID="AZh2wC8biWp6uPwO4KgKLY82EQ8=" providerType="idp" providerID="http://node3.us.example.com:1234/fed/idp" description="">
        …
</PeerProvider>
…
</CircleOfTrust>

A.2.2 PeerProvider

This section describes the PeerProviderMXBean and its corresponding PeerProvider element.

A.2.2.1 PeerProviderMXBean

The PeerProviderMXBean manages the retrieval and setting of attributes and text content of the Metadata element. It also manages the life cycle of the Config element's corresponding ConfigMXBean. It exposes the following operations:

  • retrieving and setting attributes

  • retrieving and setting child Metadata element

  • life cycle management of child ConfigMXBean

Retrieving and setting of attributes

Operations to retrieve and set attributes include:

  • get/setDescription: gets/sets the value of the description attribute. The value to be set cannot be null.

  • getProviderID: gets the value of the provider ID attribute.

  • get/setProviderType: gets/sets the value of the provider type attribute. The value to be set cannot be null or the empty string.

  • get/setVersion: gets/sets the value of the version attribute. The value to be set cannot be null or the empty string.

  • get/setSuccinctID: gets/sets the value of the succinct ID attribute. The value to be set cannot be null or the empty string.

Retrieving and setting of child Metadata element

Operations to retrieve and set the Metadata element include:

  • retrieveMetadata: Returns a String containing this Peer Provider's metadata in XML format.

  • updateMetadata: Given a String containing metadata, sets the text value of this Peer Provider's Metadata element to the given metadata. The given metadata must be in XML format.

Life cycle management of child ConfigMXBean

retrieveConfig returns the ObjectName with which the ConfigMXBean corresponding to the Config element in this PeerProvider is registered in the MBean server.

A.2.2.2 The PeerProvider Element

PeerProvider elements have the following attributes: description, provider ID, provider type, version, and succinct ID. They also have a single Metadata element and a single Config element as child elements.

<CircleOfTrust xmlns="http://xmlns.oracle.com/fed/schema/oif-11_2.xsd">
        …
<PeerProvider version="SAML2.0" succinctID="AZh2wC8biWp6uPwO4KgKLY82EQ8=" providerType="idp" providerID="http://node3.us.example.com:1234/fed/idp" description="">
                <Metadata>
                …
                <Metadata>
                <Config name="http://node2.us.example.com:1234/fed/idp">
        …
                </Config>
</PeerProvider>
…
</CircleOfTrust>

A.3 Data-store Configuration

Datastore and DiscoveryProvider MBeans manage configuration of data stores in data-store.xml.

A.3.1 Datastore

This section describes the DatastoreMXBean and its corresponding datastore element.

A.3.1.1 DatastoreMXBean

The DatastoreMXBean manages the retrieval of the defaultPackage attribute and also manages the sequence of DiscoveryProvider elements by controlling their corresponding DiscoveryProviderMXBeans. It exposes the following operations:

  • getDefaultPackage: returns the value of the defaultPackage attribute.

  • createDiscoveryProvider: Given a type, setter, classname, and dependsOn, creates a new DiscoveryProvider element and a corresponding DiscoveryProviderMXBean. None of the parameters can be null, and the classname and setter cannot be the empty string. The type must be unique across all DiscoveryProvider elements in this datastore.

  • destroyDiscoveryProvider: Given a type, destroys the DiscoveryProvider element with the given type, and unregisters its corresponding DiscoveryProviderMXBean.

  • hasDiscoveryProvider: Given a type, returns true if and only if there exists a DiscoveryProvider in this datastore with the given type.

  • retrieveDiscoveryProvider: Given a type, returns the ObjectName with which the DiscoveryProviderMXBean corresponding to the DiscoveryProvider in this datastore with the given type is registered in the MBean server.

  • retrieveDiscoveryProviders: Returns the ObjectNames with which the DiscoveryProviderMXBeans corresponding to all child DiscoveryProvider elements are registered in the MBean server.

A.3.1.2 The datastore Element

datastore is the top element of the data-store.xml file. It has a defaultPackage attribute and it contains a sequence of DiscoveryProvider elements:

<datastore xmlns="http://xmlns.oracle.com/fed/schema/oif-11_2.xsd" defaultPackage="oracle.security.fed.jvt.discovery.model">
    <DiscoveryProvider type="ActiveIdentityProviderFederationDiscovery">
        …
    </DiscoveryProvider>
    <DiscoveryProvider type="ActiveServiceProviderFederationDiscovery">
        …
    </DiscoveryProvider>
     …
    <DiscoveryProvider type="ConfigurationDiscovery">
        …
    </DiscoveryProvider>
     …
</datastore>

A.3.2 DiscoveryProvider

This section describes the DiscoveryProviderMXBean and its corresponding DiscoveryProvider element.

A.3.2.1 DiscoveryProviderMXBean

The DiscoveryProviderMXBean manages the retrieval and setting of attributes and of the text content of the ClassName element. It also manages the sequence of DiscoveryProvider elements in its child Dependencies element by managing the life cycle of their corresponding DiscoveryProviderMXBeans. It contains operations to:

  • manage retrieval and setting of attributes

  • manage retrieval and setting of child ClassName elements

  • manage the life cycle of grandchild DiscoveryProviderMXBeans

Retrieve and Set Attributes

Operations to retrieve and set attributes include:

  • getDependsOn: Returns the value of the dependsOn attribute

  • getSetter: Returns the value of the setter attribute

  • getType: Returns the value of the type attribute

Retrieve and Set the Child ClassName Element

Operations to retrieve and set the child ClassName elements include:

  • changeClassNameTo: Given a class name, sets the text value of the ClassName element to the given class name. The given class name cannot be null or the empty string.

  • retrieveClassName: Returns the text value of the ClassName element of this DiscoveryProvider

Manage the Life Cycle of the Grandchild DiscoveryProviderMXBeans

Operations to manage the life cycle of DiscoveryProviderMXBeans include:

  • createDiscoveryProviderDependency: Given a setter, class name, and dependsOn, creates a new DiscoveryProvider element inside this DiscoveryProvider's child Dependencies element with the given setter, class name, and dependsOn, and the type of this DiscoveryProvider. Also creates a corresponding DiscoveryProviderMXBean.

  • destroyDiscoveryProviderDependency: Given a setter, destroys the DiscoveryProvider element in this DiscoveryProvider's Dependencies with the given setter, and unregisters its corresponding MBean from the MBean server.

  • hasDiscoveryProviderDependency: Given a setter, returns true if and only if there exists a DiscoveryProvider in this DiscoveryProvider's Dependencies with the given setter.

  • retrieveDiscoveryProviderDependencies: Returns the ObjectNames with which the DiscoveryProviderMXBeans corresponding to all child DiscoveryProvider elements in this DiscoveryProvider's Dependencies are registered in the MBean server.

  • retrieveDiscoveryProviderDependency: Given a setter, returns the ObjectName with which the DiscoveryProviderMXBean corresponding to the DiscoveryProvider element with the given setter in this DiscoveryProvider's Dependencies, is registered in the MBean server.

A.3.2.2 The DiscoveryProvider Element

DiscoveryProvider elements have type, setter, and dependsOn attributes. They also have a single ClassName element and a single Dependencies element as children. The Dependencies element contains a sequence of DiscoveryProvider elements:

<datastore xmlns="http://xmlns.oracle.com/fed/schema/oif-11_2.xsd" defaultPackage="oracle.security.fed.jvt.discovery.model">
    …
    <DiscoveryProvider type="ConfigurationDiscovery">         
<ClassName>
oracle.security.fed.jvt.discovery.model.config.ChainingConfigDiscoveryProvider
       </ClassName>
       <Dependencies>
   <DiscoveryProvider type="ConfigurationDiscovery"       setter="setConfigurationDiscovery">
              …  
           </DiscoveryProvider>
            … 
       </Dependencies>
    </DiscoveryProvider>
     …
</datastore>

A.4 Oracle Identity Federation Schema

The Oracle Identity Federation schema is as follows:

<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
            targetNamespace="http://xmlns.oracle.com/fed/schema/oif-11_2.xsd"
            elementFormDefault="qualified" attributeFormDefault="unqualified"
            xmlns:fed="http://xmlns.oracle.com/fed/schema/oif-11_2.xsd">
  <xsd:element name="FederationConfig" type="fed:FederationConfigType"/>
  <xsd:complexType name="FederationConfigType">
    <xsd:sequence>
      <xsd:element maxOccurs="unbounded" minOccurs="0"
                   ref="fed:Config"/>
    </xsd:sequence>
  </xsd:complexType>
  <xsd:element name="Config" type="fed:ConfigType"/>
  <xsd:complexType name="ConfigType">
    <xsd:sequence>
      <xsd:element maxOccurs="unbounded" minOccurs="0"
                   ref="fed:Property"/>
      <xsd:element maxOccurs="unbounded" minOccurs="0"
                   ref="fed:PropertiesList"/>
      <xsd:element ref="fed:PropertiesMap" maxOccurs="unbounded" minOccurs="0"/>
    </xsd:sequence>
    <xsd:attribute name="name" use="required" type="xsd:string"/>
  </xsd:complexType>
  <xsd:element name="Property" type="fed:PropertyType"/>
  <xsd:complexType name="PropertyType">
    <xsd:simpleContent>
      <xsd:extension base="xsd:string">
        <xsd:attribute name="name" use="required" type="xsd:string"/>
        <xsd:attribute name="type" type="xsd:string" use="required"/>
      </xsd:extension>
    </xsd:simpleContent>
  </xsd:complexType>
  <xsd:element name="PropertiesList" type="fed:PropertiesListType"/>
  <xsd:complexType name="PropertiesListType">
    <xsd:choice>
      <xsd:element ref="fed:Property" minOccurs="0" maxOccurs="unbounded"/>
    </xsd:choice>
    <xsd:attribute name="name" use="required" type="xsd:string"/>
  </xsd:complexType>
  <xsd:element name="PropertiesMap" type="fed:PropertiesMapType"/>
  <xsd:complexType name="PropertiesMapType">
    <xsd:choice>
      <xsd:element ref="fed:Property" maxOccurs="unbounded" minOccurs="0"/>
      <xsd:element ref="fed:PropertiesList" maxOccurs="unbounded"
                   minOccurs="0"/>
      <xsd:element ref="fed:PropertiesMap" maxOccurs="unbounded" minOccurs="0"/>
    </xsd:choice>
    <xsd:attribute name="name" use="required" type="xsd:string"/>
  </xsd:complexType>
<xsd:element name="CircleOfTrust" type="fed:CircleOfTrustType"/>
  <xsd:complexType name="CircleOfTrustType">
    <xsd:sequence>
      <xsd:element maxOccurs="unbounded" minOccurs="0" ref="fed:PeerProvider"/>
    </xsd:sequence>
  </xsd:complexType>
  <xsd:element name="PeerProvider" type="fed:PeerProviderType"/>
  <xsd:complexType name="PeerProviderType">
    <xsd:sequence>
      <xsd:element ref="fed:Metadata"/>
      <xsd:element ref="fed:Config"/>
    </xsd:sequence>
    <xsd:attribute name="providerID" type="xsd:string" use="required"/>
    <xsd:attribute name="succinctID" type="xsd:string" use="required"/>
    <xsd:attribute name="description" type="xsd:string"/>
    <xsd:attribute name="providerType" type="xsd:string" use="required"/>
    <xsd:attribute name="version" type="xsd:string" use="required"/>
  </xsd:complexType>
  <xsd:element name="Metadata" type="fed:MetadataType"/>
  <xsd:complexType name="MetadataType">
    <xsd:simpleContent>
      <xsd:extension base="xsd:string"/>
    </xsd:simpleContent>
  </xsd:complexType>
  <xsd:element name="datastore" type="fed:datastoreType"/>
  <xsd:complexType name="datastoreType">
    <xsd:sequence>
      <xsd:element maxOccurs="unbounded" minOccurs="0"
                   ref="fed:DiscoveryProvider"/>
    </xsd:sequence>
    <xsd:attribute name="defaultPackage" type="xsd:string" use="required"/>
  </xsd:complexType>
  <xsd:element name="DiscoveryProvider" type="fed:DiscoveryProviderType"/>
  <xsd:complexType name="DiscoveryProviderType">
    <xsd:sequence>
      <xsd:element ref="fed:ClassName"/>
      <xsd:element ref="fed:Dependencies"/>
    </xsd:sequence>
    <xsd:attribute name="type" use="required" type="xsd:string"/>
    <xsd:attribute name="setter" type="xsd:string"/>
    <xsd:attribute name="dependsOn" type="xsd:string"/>
  </xsd:complexType>
  <xsd:element name="ClassName" type="fed:ClassNameType"/>
  <xsd:complexType name="ClassNameType">
    <xsd:simpleContent>
      <xsd:extension base="xsd:string"/>
    </xsd:simpleContent>
  </xsd:complexType>
<xsd:element name="Dependencies" type="fed:DependenciesType"/>
  <xsd:complexType name="DependenciesType">
    <xsd:sequence>
      <xsd:element maxOccurs="unbounded" minOccurs="0"
                   ref="fed:DiscoveryProvider"/>
    </xsd:sequence>
  </xsd:complexType>

A.5 Programmatic Access to Oracle Identity Federation MBeans

This section explains how you can remotely access the MBean server and perform operations on the MBeans.

A.5.1 Access the MBean Server

You must define certain variables when accessing the MBean server remotely:

  • HOSTNAME: the hostname of the machine where Oracle Identity Federation is deployed

  • PORT: Oracle Identity Federation listening port

  • USERNAME and PASSWORD: the username and password of an administrator

The following code demonstrates how to access the MBean Server remotely. To run this code, you must have the following libraries in your classpath:

  • WL_HOME/server/lib/weblogic.jar

  • WL_HOME/server/lib/wljmxclient.jar

  • WL_HOME/server/lib/wlclient.jar

MBeanServerConnection mbs = null;
try{
JMXServiceURL url = new JMXServiceURL ("t3", HOSTNAME, Integer.parseInt(PORT), "/jndi/weblogic.management.mbeanservers.runtime");
 
HashMap<String, Object> env = new HashMap<String,Object>();
env.put(javax.naming.Context.SECURITY_PRINCIPAL, USERNAME);
env.put(javax.naming.Context.SECURITY_CREDENTIALS, PASSWORD);
env.put(javax.management.remote.JMXConnectorFactory.PROTOCOL_PROVIDER_PACKAGES, "weblogic.management.remote");
JMXConnector connector = JMXConnectorFactory.connect(url, env);
mbs = connector.getMBeanServerConnection();
} catch(Exception e){ //should log exception throw new RuntimeException(e.toString(), e);
}

A.5.2 Access Oracle Identity Federation MBeans

The 'top' Oracle Identity Federation Configuration MBeans are registered with the 'global/translated' versions of the ObjectNames shown in Table A-1 (ObjectNames are translated to avoid name collisions):

Table A-1 ObjectNames for Oracle Identity Federation Configuration MBeans

Configuration MBean ObjectName

FederationConfig

com.oracle.security.fed:type=OIFConfigMBean,name=ServerConfig

CircleOfTrust

com.oracle.security.fed:type=OIFConfigMBean,name=CircleOfTrust

Datastore

com.oracle.security.fed:type=OIFConfigMBean,name=Datastore


You use queries to find the global/translated ObjectName of an MBean. Here is an example of a query to find the ObjectName of the FederationConfigMXBean:

String fedObjNameQueryString = "com.oracle.security.fed:name=ServerConfig,type=OIFConfigMBean,*";
Set s = mbs.queryNames(new ObjectName(fedObjNameQueryString), null);
ObjectName FED_CONFIG_OBJ_NAME = null;
if(s != null && !s.isEmpty())
    FED_CONFIG_OBJ_NAME = (ObjectName)s.iterator().next();
else{
    //should log exception
    throw new RuntimeException("Cannot find FedConfigMBean");
}

You can operate on these MBeans directly by using the MBeanServerConnection invoke method.

Here is an example invoking the 'retrieveConfig' operation in the FederationConfigMXBean:

try
{
ObjectName configObjName =  (ObjectName)mbs.invoke(FED_CONFIG_OBJ_NAME, "retrieveConfig", new Object[]{configName}, new String[]{String.class.getName()});
} catch(Exception e){
    //should log exception
    throw new RuntimeException(e.toString(), e);
}

After obtaining the ObjectName of the ConfigMXBean, you can perform operations in a similar manner. For example, to add a new property:

try
{
String previousValue = (String)mbs.invoke(configObjName, "putProperty", new Object[]{propertyName, propertyValue, propertyType}, new String[]{String.class.getName(), String.class.getName(), String.class.getName()});
} catch(Exception e){
    //should log exception
    throw new RuntimeException(e.toString(), e);
}

A.6 Oracle Identity Federation MBeans API

The Oracle Identity Federation MBeans API (javadoc) is available at:

Oracle Fusion Middleware Configuration MBean Java API Reference for Oracle Identity Federation