Oracle® Access Manager Customization Guide 10g (10.1.4.3) Part Number E12498-01 |
|
|
View PDF |
This section describes new features of the Oracle Access Manager release 10.1.4. This includes details for 10g (10.1.4.0.1), 10g (10.1.4.2.0), and 10g (10.1.4.3).
The following sections are included:
Note:
For a comprehensive list of all new features and functions in Oracle Access Manager 10.1.4, and a description of where each is documented, see the chapter on what's new in the Oracle Access Manager Introduction.The original product name, Oblix NetPoint, has changed to Oracle Access Manager. Most component names remain the same. However, there are several important changes that you should know about, as shown in the following table:
All legacy references in the product or documentation should be understood to connote the new names.
Globalization, localization, and multibyte encoding schemes are discussed
Oracle Access Manager has undergone a globalization process to provide international languages, and multibyte support through the use of Unicode to enable processing of internationalized data.
To prepare your environment for modifying the PresentationXML stylesheets, you need an XML editor and local XML and image files for the Identity application function that you want to customize.
Information has been added about preparing your work environment and using XMLSpy to test stylesheet modifications.
You can modify the Subject line of the default email notifications that are sent as part of a workflow step.
You can customize the confirmation page that is displayed after a user completes self-registration.
A syntax error has been corrected in Step 2 of the procedure "To import an Identity System XML file to work with its respective XSL stylesheet", as follows:
From:
&format=xmlnoxsy
To:
&format=xmlnoxsl
See Also:
Chapter 2.To verify that a stylesheet is coded correctly, open it in Internet Explorer. The browser indicates the line number of any errors in the code.
See Also:
"Verifying XSL Files".The WebGateStatic.lst file no longer exists:
WebGates have been updated to use the same code as the Access System, and WebGate configuration parameters that once existed in WebGateStatic.lst have been moved to the Access System GUI.
After upgrading WebGates, you can now configure such parameters as IPValidation and IPValidationExceptions from the Access System Console.
See Also:
"Parameter Reference" for the discussion of the isBackwardCompatible flag in the globalparams.xml file
Following is a brief introduction to the latest parameter additions:
See Also:
Appendix BIn the Identity Server globalparams.xml file, you can use the negativeListForEntityAttributes
parameter to identify specific attributes that are not read or cached during view and modify profile operations.
In the Identity Server groupdbparams.xml file, TurnOffDynamicGroupEvaluation
and TurnOffNestedGroupEvaluation
can be set to true
to enhance performance during group evaluation by eliminating dynamic or nested groups when these are not used. See also the chapter on performance in the Oracle Access Manager Deployment Guide.
In the Identity Server globalparams.xml file, you can use the UseDefaultOptionsForAllMails
parameter enables you to configure an email ID to be used to send all email notifications.
In the Identity Server globalparams.xml file, you can use the isLPMResponseCaseSensitive
parameter to trigger case sensitive comparisons of the LPM response.
In the WebPass globalparams.xml file, the SetContentLengthHeader
parameter can be added to set the "Content-length" header in the response coming from WebPass to its Web server.
In the Policy Manager globalparams.xml file, you can use the PreferredHostValidityCheckEnabled
parameter to validate the value in the Preferred HTTP Host field of a WebGate profile.
In the Policy Manager globalparams.xml file, AllowEmptyPreferredHost
can be added which allows you to leave empty the Preferred HTTP Host field in a WebGate configuration in the Access System Console. For more information, see the table on globalparams.xml in the chapter on parameters in the Oracle Access Manager Customization Guide.
In the Access Server globalparams.xml file, the UserMgmtNodeEnabled
parameter can be used. This parameter controls the enabling and disabling of a feature that manages WebGate memory growth. For more information, see the chapter on parameters in the Oracle Access Manager Customization Guide. See also, the tip on "Cache Flush Issues with Active Directory" in the Oracle Access Manager Access Administration Guide.
In the Access Server globalparams.xml file, the splTimeout
parameter can be used to specify the time in seconds for Access Server cache flush operations in replicated environments. See also the caching chapter of the Oracle Access Manager Deployment Guide.
In the Access Server or Policy Manager globalparams.xml file, the CacheFlushTimeOut
parameter can be used to specify a limited wait period for sockets for synchronous cache flush requests. See also the caching chapter of the Oracle Access Manager Deployment Guide.
In the Access Server and Policy Manager globalparams.xml file, the setAccessFlushInOpenMode
parameter enables you to set the mode for cache flush operations. See also the caching chapter of the Oracle Access Manager Deployment Guide.
In the Access Server globalparams.xml file, the DynamicGroupFilterMaxSize
enables a dynamic filter size greater than 4k. For use while migrating a group dynamic filter (4K of data only) during or after an Access Server upgrade.
In the Access Server and Policy Manager globalparams.xml file, the policyDSMaxAttrValueLength
parameter enables you to add large authorization expressions (more than 4000 characters). You might also need to configure the directory server to accept large attribute values.
In the Access Server (and Policy Manager when using the Access Tester) evaluates the group for membership as a type, only if that type is enabled. To improve performance during group evaluations when you do not use dynamic groups, or when you have dynamic groups but do not want to evaluate them while processing ObMyGroups, you can turn off dynamic group evaluation using the TurnOffDynamicGroupEvaluation
parameter in the Access Server (or Policy Manager) globalparams.xml file. See also "Improving Performance During Group Search When Dynamic Groups Are Not Used", in the chapter on performance in the Oracle Access Manager Deployment Guide.
In the Access Server globalparams.xml file, a new algorithm can be used during group evaluation involving ObMyGroups: TurnOffNewAlgorithmForObmyGroups
. This algorithm works equally when you have static, dynamic, and nested groups. See also the topic, "Improving Performance of ObMyGroups Evaluations", in the chapter on performance in the Oracle Access Manager Deployment Guide.
The GroupCacheTimeout
parameter enables you to specify the amount of time an element remains valid in the Access Server group cache. The parameter is provided in the Access Server globalparams.xml file (or the Policy Manager file if you are using the Access Tester). See also the topic, "Configuring the Access Server Group Cache Timeout and Maximum Elements", in the chapter on performance in the Oracle Access Manager Deployment Guide.
The GroupCacheMaxElement
parameter specifies the maximum number of elements that can be stored in the Access Server group cache. The parameter is provided in the Access Server globalparams.xml file (or the Policy Manager file if you are using the Access Tester). See also the topic, "Configuring the Access Server Group Cache Timeout and Maximum Elements", in the chapter on performance in the Oracle Access Manager Deployment Guide.
The NestedQueryLDAPFilterSize
parameter can be used In the Access Server globalparams.xml file, if TurnOffNewAlgorithmForObmyGroups
is false
. This improves evaluation performance of ObMyGroups. With this parameter, the LDAP search query is divided and then executed. For more information, see the chapter on performance in the Oracle Access Manager Deployment Guide.