Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Manager
11
g
Release 1 (11.1.1)
Part Number E14308-06
Home
Book List
Index
Contact Us
Next
View PDF
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
Part I Application Management
1
Managing Reconciliation Events
1.1
Reconciliation Features in Oracle Identity Manager
1.1.1
Performance Enhancements
1.1.1.1
New Metadata Model - Profiles
1.1.1.2
Parameters to Control Flow and Processing of Events
1.1.1.3
Grouping of Events by Reconciliation Runs
1.1.1.4
Grouping of Events by Batches
1.1.1.5
Implementing Reconciliation Engine Logic in the Database
1.1.1.6
Improved Java Engine
1.1.1.7
Improved Database Schema
1.1.2
Web-Based Event Management Interface
1.1.3
Other Enhancements
1.1.3.1
Horizontal Tables
1.1.3.2
Handling of Race Conditions
1.1.3.3
OES Integration
1.1.3.4
Ad Hoc Linking
1.2
Event Management Tasks
1.2.1
Searching Events
1.2.1.1
Performing a Simple Search for Events
1.2.1.2
Performing an Advanced Search for Events
1.2.2
Displaying Event Details
1.2.3
Determining Event Actions
1.2.4
Re-evaluating Events
1.2.5
Closing Events
1.2.6
Linking Reconciliation Events
1.2.6.1
Ad Hoc Linking
1.2.6.2
Manual Linking
1.2.6.3
Linking Orphan Accounts
1.3
Updating Reconciliation Profiles Manually
1.3.1
Creating New Reconciliation Profiles
1.3.1.1
Creating Additional Nondefault Profiles for Reconciliation Based on Resource Objects
1.3.1.2
Creating New Profiles for Trusted Source Reconciliation
1.3.2
Updating Reconciliation Profiles
1.3.3
Changing the Profile Mode
1.4
Populating Data in the RECON_EXCEPTIONS Table
2
Managing Scheduled Tasks
2.1
Configuring the oim-config.xml File
2.2
Starting and Stopping the Scheduler
2.3
Scheduled Tasks
2.3.1
Predefined Scheduled Tasks
2.3.2
LDAP Scheduled Tasks
2.3.3
Creating Custom Scheduled Tasks
2.4
Jobs
2.4.1
Creating Jobs
2.4.2
Searching Jobs
2.4.2.1
Performing a Simple Search for Jobs
2.4.2.2
Performing an Advanced Search for Jobs
2.4.3
Viewing Jobs
2.4.4
Modifying Jobs
2.4.5
Disabling and Enabling Jobs
2.4.6
Starting and Stopping Jobs
2.4.7
Deleting Jobs
3
Managing Notification Templates
3.1
Defining Event Metadata
3.2
Creating a Notification Template
3.3
Searching for a Notification Template
3.4
Modifying a Notification Template
3.5
Deleting a Notification Template
3.6
Adding and Removing Locales from a Notification Template
3.7
Configuring Notification for a Proxy
4
Administering System Properties
4.1
System Properties in Oracle Identity Manager
4.2
Creating and Managing System Properties
4.2.1
Creating System Properties
4.2.2
Purging Cache
4.2.3
Searching for System Properties
4.2.3.1
Performing a Simple Search
4.2.3.2
Performing an Advanced Search
4.2.4
Modifying System Properties
4.2.5
Deleting System Properties
5
Importing and Exporting Data Using the Deployment Manager
5.1
Features of the Deployment Manager
5.2
Exporting Deployments
5.3
Importing Deployments
5.3.1
Deployment Manager Actions on Reimported Scheduled Tasks
5.3.2
Importing an XML File
5.4
Horizontal Migration of Entities
5.4.1
Creating a Backup of the Existing Entities
5.4.2
Running the Horizontal Migration Utility
5.4.3
Data Migration for Supported Entities
5.4.3.1
Custom Resource Bundle
5.4.3.2
Plug-ins
5.4.4
Horizontal Migration Report
5.5
Best Practices Related to Using the Deployment Manager
5.5.1
Export System Objects Only When Necessary
5.5.2
Export Related Groups of Objects
5.5.3
Group Definition Data and Operational Data Separately
5.5.4
Use Logical Naming Conventions for Versions of a Form
5.5.5
Export Root to Preserve a Complete Organizational Hierarchy
5.5.6
Provide Clear Export Descriptions
5.5.7
Check All Warnings Before Importing
5.5.8
Check Dependencies Before Exporting Data
5.5.9
Match Scheduled Task Parameters
5.5.10
Compile Adapters and Enable Scheduled Tasks
5.5.11
Export Entity Adapters Separately
5.5.12
Check Permissions for Roles
5.5.13
Back Up the Database
5.5.14
Import Data When the System Is Quiet
5.5.15
Update the SDK Table
5.5.16
Remove Data Object Fields Before Importing Event Handlers as Dependencies
5.6
Best Practices for Using the Horizontal Migration Utility
5.7
Troubleshooting
6
Managing Connector Lifecycle
6.1
Lifecycle of a Connector
6.2
Connector Lifecycle and Change Management Terminology
6.3
Viewing Connector Details
6.4
Installing Connectors
6.4.1
Overview of the Connector Deployment Process
6.4.2
Creating the User Account for Installing Connectors
6.4.3
Installing a Connector
6.5
Defining Connectors
6.6
Cloning Connectors
6.7
Exporting Connector Object Definitions in Connector XML Format
6.8
Upgrading Connectors
6.8.1
Upgrade Use Cases Supported by the Connector Upgrade Feature
6.8.2
Connector Object Changes Supported by the Upgrade Connectors Feature
6.8.2.1
Resource Object Changes
6.8.2.2
Process Definition Changes
6.8.2.3
Connector Code Files Changes
6.8.2.4
Resource Object Changes
6.8.2.5
Process Form Changes
6.8.2.6
Lookup Definition Changes
6.8.2.7
Adapter Changes
6.8.2.8
Rule Changes
6.8.2.9
IT Resource Type Changes
6.8.2.10
IT Resource Changes
6.8.2.11
Scheduled Task Changes
6.8.3
What Happens When You Upgrade a Connector
6.8.4
Summary of the Upgrade Procedure
6.8.5
Procedure to Upgrade a Connector
6.8.5.1
Preupgrade Procedure
6.8.5.2
Upgrade Procedure
6.8.5.3
Postupgrade Procedure
6.8.6
Procedure to Upgrade a Non-Converged Connector to a Converged Connector
6.9
Uninstalling Connectors
6.9.1
Use Cases Supported by the Uninstall Connectors Utility
6.9.2
Overview of the Connector Uninstall Process
6.9.3
Setting Up the Uninstall Connector Utility
6.9.4
Uninstalling Connectors and Removing Connector Objects
6.9.4.1
Uninstalling a Connector
6.9.4.2
Removing Adapters, Lookup Definitions, Resource Objects, and Scheduled Tasks
6.9.4.3
Running the Script to Uninstall Connectors and Connector Objects
Part II System Management
7
Starting and Stopping Servers
7.1
Configuring the Node Manager
7.2
Starting the Node Manager
7.3
Starting or Stopping WebLogic Administration Server
7.4
Starting or Stopping WebLogic Managed Servers
7.4.1
Starting or Stopping the Managed Servers By Using Command Prompt
7.4.2
Starting or Stopping the Managed Server Using Oracle Enterprise Manager Console
7.4.3
Starting or Stopping Servers By Using Oracle WebLogic Server Administration Console
8
Enabling System Logging
8.1
Logging in Oracle Identity Manager By Using ODL
8.1.1
Message Types and Levels
8.1.2
Log Handler and Logger Configuration
8.1.3
Configuring Log Handlers
8.1.3.1
Log Handler Configuration Tools
8.1.4
Configuring Loggers
8.1.5
Sample ODL Log Output
8.2
Logging in Oracle Identity Manager By Using log4j
8.2.1
Log Levels
8.2.2
Loggers
8.2.3
Configuring and Enabling Logging
9
Enabling Secure Cookies
10
Enabling LDAP Synchronization
10.1
Enabling Postinstallation LDAP Synchronization
10.2
Enabling SSL Between Identity Virtualization Library (libOVD) and the Directory Server
10.2.1
Enabling SSL Between Identity Virtualization Library (libOVD) and Microsoft Active Directory
10.2.2
Enabling SSL Between Identity Virtualization Library (libOVD) and iPlanet
10.2.3
Enabling SSL Between Identity Virtualization Library (libOVD) and OID
10.3
Provisioning Users and Roles Created Before Enabling LDAP Synchronization to LDAP
10.4
Disabling LDAP Synchronization
10.5
Managing Identity Virtualization Library (libOVD) Adapters
11
Configuring LDAP Authentication When LDAP Synchronization is Enabled
12
Integrating with Other Oracle Components
12.1
Oracle Access Manager
12.2
Oracle Adaptive Access Manager
12.3
Oracle Identity Analytics
12.3.1
Integration Configuration in Oracle Identity Analytics
12.3.2
Integration Configuration in Oracle Identity Manager
12.3.2.1
The DataCollectionOperationsIntf API Interface
12.3.2.2
Staging Tables
12.3.2.3
Data Collection Process
12.4
Oracle Identity Navigator
12.5
Oracle Virtual Directory
12.5.1
Postinstallation Configuration for OVD
12.6
Oracle Service-Oriented Architecture
12.7
Oracle Business Intelligence Publisher
13
Handling Lifecycle Management Changes
13.1
URL Changes Related to Oracle Identity Manager
13.1.1
Oracle Identity Manager Database Host and Port Changes
13.1.2
Oracle Virtual Directory Host and Port Changes
13.1.3
Oracle Identity Manager Host and Port Changes
13.1.3.1
Changing OimFrontEndURL in Oracle Identity Manager Configuration
13.1.3.2
Changing backOfficeURL in Oracle Identity Manager Configuration
13.1.4
BI Publisher Host and Port Changes
13.1.5
SOA Host and Port Changes
13.1.6
OAM Host and Port Changes
13.2
Password Changes Related to Oracle Identity Manager
13.2.1
Changing Oracle WebLogic Administrator Password
13.2.2
Changing Oracle Identity Manager Administrator Password
13.2.3
Changing Oracle Identity Manager Database Password
13.2.4
Changing Oracle Identity Manager Passwords in the Credential Store Framework
13.2.5
Changing OVD Password
13.3
Configuring SSL for Oracle Identity Manager
13.3.1
Generating Keys
13.3.2
Signing the Certificates
13.3.3
Exporting the Certificate
13.3.4
Importing the Certificate
13.3.5
Enabling SSL for Oracle Identity Manager and SOA Servers
13.3.5.1
Enabling SSL for Oracle Identity Manager
13.3.5.2
Changing OimFrontEndURL to Use SSL Port
13.3.5.3
Changing backOfficeURL to Use SSL Port
13.3.5.4
Changing SOA Server URL to Use SSL Port
13.3.5.5
Configuring SSL for Design Console
13.3.5.6
Configuring SSL for Oracle Identity Manager Utilities
13.3.5.7
Configuring SSL for MDS Utilities
13.3.5.8
Configuring SSL for SPML/Callback Domain
13.3.6
Enabling SSL for Oracle Identity Manager DB
13.3.6.1
Setting Up DB in Server-Authentication SSL Mode
13.3.6.2
Creating KeyStores and Certificates
13.3.6.3
Updating Oracle Identity Manager
13.3.6.4
Updating WebLogic Server
13.3.7
Enabling SSL for LDAP Synchronization
13.3.7.1
Enabling OVD-OID with SSL
13.3.7.2
Updating Oracle Identity Manager for OVD Host/Port
Part III Configuration
14
Configuring User Attributes
14.1
Entity Configuration Operations
14.1.1
Listing Entity Attributes
14.1.2
Creating Entity Attributes
14.1.2.1
Attribute Properties
14.1.3
Modifying Entity Attributes
14.1.4
Deleting Entity Attributes
14.1.5
Performing Category Configuration
14.1.5.1
Creating Category
14.1.5.2
Renaming Category
14.1.5.3
Deleting Category
14.1.5.4
Ordering Attributes Within a Category
14.2
Search Operation Configuration
14.3
User Configuration Management Authorization
14.4
Synchronizing User-Defined Fields Between Oracle Identity Manager and LDAP
14.4.1
Synchronizing the Attribute Manually
14.4.2
Synchronizing UDFs Between Oracle Identity Manager and LDAP By Using the ldapsyncudf Utility
14.4.2.1
Configuring the Properties File
14.4.2.2
Configuring the Input File
14.4.2.3
Running the Utility
14.5
Configuration Management Architecture
15
Managing Password Policies
15.1
Creating a Password Policy
15.1.1
The Policy Rules Tab
15.1.2
The Usage Tab
15.2
Setting the Criteria for a Password Policy
16
Managing Identity and Resource Information
16.1
Overview of User Management
16.2
Managing Organization Information
16.3
Viewing Resources Allowed or Disallowed for Users
16.3.1
Policy History Tab
16.4
Assigning Role Entitlements
17
Managing Asynchronous Execution
17.1
Overview of AsyncService
17.2
Async Routing and Configuration
17.2.1
Configuration Parameters
17.3
Troubleshooting Failed Async Tasks
17.3.1
Automated Retry Error Handling Mechanism
17.3.2
Manual Retry Error Handling Mechanism
17.4
Working with the Diagnostic Dashboard UI
17.4.1
Starting the Diagnostic Dashboard UI
17.4.2
Viewing Failed Async Tasks
17.4.2.1
To view failed async tasks
17.4.3
Retrying Failed Async Tasks
17.4.3.1
To retry failed Async task
17.4.4
Resubmitting Failed Async Tasks
17.4.5
Purging Failed Async Tasks
17.4.5.1
To purge failed Async tasks
18
Enabling Offline Provisioning
18.1
Features of Offline Processing
18.2
Enabling and Disabling Offline Provisioning
18.3
Reports Related to Offline Provisioning
18.4
Configuring the Remove Failed Off-line Messages Scheduled Task
19
Using Enterprise Manager for Managing Oracle Identity Manager Configuration
19.1
Using MBeans for Configuration Changes
19.2
Exporting and Importing Configuration Files
20
Setting the Language for Users
Part IV Administrative Utilities
21
Working with the Diagnostic Dashboard
21.1
Overview of the Diagnostic Dashboard
21.2
Installing the Diagnostic Dashboard
21.2.1
Installing the Diagnostic Dashboard on Oracle WebLogic Server
21.3
Starting the Diagnostic Dashboard
21.4
Using the Diagnostic Dashboard
21.5
Running Tests By Using the Diagnostic Dashboard
21.5.1
Oracle Database Prerequisites Check
21.5.2
Database Connectivity Check
21.5.3
Account Lock Status
21.5.4
Data Encryption Key Verification
21.5.5
Scheduler Service Status
21.5.6
Remote Manager Status
21.5.7
JMS Messaging Verification
21.5.8
Target System SSL Trust Verification
21.5.9
Java VM System Properties Report
21.5.10
Oracle Identity Manager Libraries and Extensions Version Report
21.5.11
Oracle Identity Manager Libraries and Extensions Manifest Report
21.5.12
Test Basic Connectivity
21.5.13
Test Provisioning
21.5.14
Test Reconciliation
21.5.15
SOA-Oracle Identity Manager Configuration Check
21.5.16
Request Diagnostic Information
21.5.17
Orchestration Status
21.5.18
Retry Failed Orchestration
21.5.19
SPML Web Service
21.5.20
Test OWSM Setup
21.5.21
Test SPML to Oracle Identity Manager Request Invocation
21.5.22
SPML Attributes to Oracle Identity Manager Attributes
21.5.23
Username Test
21.5.24
Diagnose Creation of User and Role in Oracle Identity Manager and LDAP
21.5.25
Diagnose OVD Connection
21.5.26
Diagnose LDAP Reserve Container
22
Installing and Configuring a Remote Manager
22.1
Overview of Oracle Identity Manager Configuration
22.2
Configuring Oracle Identity Manager to Reference JAR and Class Files
22.3
Installing the Remote Manager
22.4
Creating and Testing a Remote Manager IT Resource
22.4.1
Adding the Trust Relation
22.4.2
To Create and Test a Remote Manager IT Resource
22.5
Updating xlconfig.xml file to Change the Port for Remote Manager
22.6
Configuring the Remote Manager by Using Your Own Certificate
23
Using the Form Version Control Utility
23.1
Use Cases Supported by the FVC Utility
23.2
Use Cases That Are Not Supported by the FVC Utility
23.3
Summary of the Form Version Control Process
23.4
Components of the FVC Utility
23.5
Using the FVC Utility
23.5.1
Preparing the Properties File
23.5.2
Addressing Prerequisites for Using the FVC Utility
23.5.3
Running the Utility
23.5.4
Setting Up the Association Between Fields and Their Error-Handling Adapters
23.6
Troubleshooting
24
Using the Archival Utilities
24.1
Using the Reconciliation Archival Utility
24.1.1
Understanding the Reconciliation Archival Utility
24.1.2
Prerequisite for Running the Reconciliation Archival Utility
24.1.3
Archival Criteria
24.1.4
Running the Reconciliation Archival Utility
24.1.5
Log File Generated by the Reconciliation Archival Utility
24.2
Using the Task Archival Utility
24.2.1
Understanding the Task Archival Utility
24.2.2
Preparing Oracle Database for the Task Archival Utility
24.2.3
Running the Task Archival Utility
24.2.4
Reviewing the Output Files Generated by the Task Archival Utility
24.3
Using the Requests Archival Utility
24.3.1
Understanding the Requests Archival Utility
24.3.2
Prerequisites for Running the Requests Archival Utility
24.3.3
Input Parameters
24.3.4
Running the Requests Archival Utility
24.3.5
Log Files Generated by the Utility
24.4
Using the Audit Archival and Purge Utility
24.4.1
Overview
24.4.2
Prerequisites for Using the Utility
24.4.3
Preparing the UPA Table for Archival and Purge
24.4.4
Archiving or Purging the UPA Table
24.4.4.1
Partitions That Must Not Be Archived or Purged
24.4.4.2
Ongoing Partition Maintenance
24.4.4.3
Archiving or Purging Partitions in the UPA Table
Part V Performance Tuning and Best Practices
25
Tuning Oracle Database
25.1
Using Database Roles/Grants for Oracle Identity Manager Database
25.2
Sample Instance Configuration Parameters
25.3
Physical Data Placement
25.4
Database Performance Monitoring
26
Tuning Application Server Performance
26.1
JVM Memory Settings
26.2
JDBC Connection Pool
26.3
Number of Message Driven Beans
26.4
User Interface Threads
26.5
Disable Reloading of Adapters and Plug-in Configuration
26.6
Changing the Number of Open File Descriptors for UNIX (Optional)
27
Tuning Connector Performance
27.1
Indexes for Connector Tables
27.2
Collecting Database Schema Statistics for Reconciliation Performance
28
Tuning and Managing Application Cache
28.1
Introduction to Caching
28.2
Tuning Oracle Identity Manager Cache
28.3
Purging the Cache
Index
Scripting on this page enhances content navigation, but does not change the content in any way.