Skip Headers
Oracle® Access Manager Access Administration Guide
10g (

Part Number E12488-01
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
View PDF

9 Managing Access System Configuration Files

Some Access System administration tasks are performed outside the Access System Console. This chapter contains the following topics:

For more information about managing the Access System, see:

9.1 Prerequisites

Oracle Access Manager should be installed and set up as described in the Oracle Access Manager Installation Guide. Read the Oracle Access Manager Introduction manual, which provides an overview of Oracle Access Manager not found in other manuals. Also, familiarize yourself with the chapters in this manual that explain Access System configuration and administration. Finally, the Oracle Access Manager Identity and Common Administration Guide describes functions that are common to the Identity and Access Systems.

9.2 Automatic Access System Cache Flush

The Identity System and the Access System use different user and group caches. You can implement automatic cache flushing for the Access System to ensure that the Access Server's cache is replaced with the latest information. For this, you must set the Access Management Service option to "On" for the Access Server and associated AccessGate configuration profiles. For more information about flushing the Access Server caches, see:

9.3 Synchronization of Access System Components

You can synchronize two aspects of the Access System:

For information on synchronizing the configuration of two Access System components, see the Oracle Access Manager Installation Guide. See also:

9.3.1 Synchronizing System Clocks

The clocks of all computers hosting Oracle Access Manager components must be synchronized. Without synchronization, users may not be able to log in to the components or log in to the System Console.

The two possible scenarios are:

  • WebPass and Policy Manager are installed on one computer, and Identity Server is installed on another computer.

  • WebPass is installed on a computer without Policy Manager, and is configured to route requests to two or more Identity Servers.

To implement synchronization

  1. Specify a value for the loginslack parameter, located in each of these files:


    where PolicyManager_install_dir is the directory in which the Policy Manager is installed and Identity_install_dir is the directory in which Identity Server is installed.

  2. The value that you set specifies the acceptable maximum time difference, in seconds, between the two clocks.

For the first scenario, you must set the value for the loginslack parameter in both files to the same number. For the second scenario, you must set the value for the parameter in each identity server installation directory to the same number.

9.3.2 Changing Default Configuration Cache Timeout

A second way to reduce off-time network traffic between both the WebGate and Access Server and between the Access Server and the LDAP directory server is to change the default configuration cache timeout for WebGate and Access client configurations that are cached in the Access Server.

See Also:

"About the Cache Timeout", in the Oracle Access Manager Deployment Guide.

To change the default configuration cache timeout

  1. Navigate to the globalparams.xml file located in:


    where WebGate_install_dir is the directory where WebGate is installed.

  2. Add the following parameters and specify their values:

    • clientConfigCacheMaxElems

      The default value is 9999.

    • clientConfigCacheTimeout

      The default value is 59 seconds.

The default values listed should cause no change in the system behavior on non-Apache Access clients. An Apache Web server with WebGate will now avoid excessive hits to the directory server.

9.4 Reducing Overhead for Viewing Policy Domains

You can reduce overhead on the My Policy Domains page by turning off the display of the Resource Type and URL Prefix columns on that page. Note that these columns may contain useful information, so the gain in performance is a tradeoff.

To turn off the display of Resource Type and URL Prefix columns

  1. Locate the Policy Manager's globalparams.xml file:

    PolicyManager_install_dir/access/oblix/apps/common/bin/globalparams.xml file

    where PolicyManager_install_dir is the directory where Policy Manager is installed.

  2. Set the value of the parameter limitAMPolicyDomainResourceDisplay to true.

    By default, the value of this parameter is false. The Resource Type and URL Prefix columns are displayed by default. For more information on Policy Domains, see "About Policy Domains and Their Policies".

9.5 Customizing the Policy Manager User Interface

When you invoke the Policy Manager, the My Policy Domains page is displayed. This page lists all of your policy domains. If you are interested in a certain policy domain, you can scroll through the list to find it. If you are responsible for a large number of policy domains, the list will be long. An easier and faster way to find the desired policy domain would be to search for it by name.

Rather than displaying the My Policy Domains page as the first page you see in the Policy Manager, you may set the Search page as the default. In addition, you may customize the Search page. Topics in this section explain:

For additional information on customizing these items, see the Oracle Access Manager Customization Guide.

9.5.1 Setting the Search page as the Default Page

With the Access System, you can change the first page displayed by the Policy Manager from the My Policy Domains page to the Search page. The Master Administrator responsible for the Web server can change the default by modifying the configuration base parameter list file, oblixbaseparams.lst. Changes made to this file occur at the Access Server level. If you change the default, it affects all users of the Policy Manager.

To set Search as the default page

  1. Open the following file in an editor:

    PolicyManager_install_dir/access/oblix/apps/common/bin oblixbaseparams.lst

    where PolicyManager_install_dir is the directory where Policy Manager is installed.

  2. Locate the following section in the file:


  3. Change the entry as follows:




    PROGRAM:../../policyservcenter/bin/policyservcenter.cgi?program=navbar&selected_prog= searchframepage

  4. Save the file and close it.

  5. Restart the Web server.

9.5.2 Customizing the Policy Manager Search Interface

When you perform a search in the Policy Manager, the default number of results shown is 8. This means that 8 results are displayed just beneath the search bar. You may want to change the default value. You may also want to limit the type of searches by altering what appears in the Policy Manager Search page list, which by default includes the following values:

  • That Contains

  • Contains in Order

  • That Begins with

  • That Ends with

For more information, see the following procedures:

To change the default number of search results

  1. Locate and open the following file in a text editor:

  2. Change the default value of defaultDisplayResultVal to a number other than 8.

  3. Save the file, and restart the Web server.

To change search parameters

  1. Locate and open in a text editor the policyservcenparams.lst file:

  2. Locate the following ObEnhanceSearchList parameter and values:

  3. Comment out or delete the values from this list of values.

  4. Save the file and restart the Web server.