Oracle® Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service 11g Release 1 (11.1.1) Part Number E15478-06 |
|
|
PDF · Mobi · ePub |
This chapter describes how to monitor performance and log messages for Oracle Access Manager and Oracle Security Token Service using Oracle Fusion Middleware Control. This chapter focuses on general tasks that administrators can perform from Fusion Middleware Control, which does not replace details in the Oracle Fusion Middleware Administrator's Guide.
Note:
Unless explicitly stated, information in this chapter is the same whether you are using Oracle Access Manager alone or with Oracle Security Token Service.This chapter includes the following topics:
Oracle Fusion Middleware Control must be deployed with Oracle Access Manager 11g on the WebLogic Administration Server, as described in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
Within Fusion Middleware Control, information is updated dynamically during live sessions of Oracle Access Manager with Oracle Security Token Service (and other products).
Fusion Middleware Control organizes a wide variety of performance data and administrative functions into distinct Web-based pages. This helps administrators easily locate the most important monitoring data and the most commonly used administrative functions from a Web browser.
Note:
Enterprise Manager Grid Control is an independently licensed product that provides additional capabilities not found in Fusion Middleware Control (primarily, the ability to collect and maintain data for historical purposes and trending).Oracle Access Manager 11g is deployed as a Java EE application in a WebLogic container. For high availability and failover, Oracle Access Manager with Oracle Security Token Service is typically deployed in a WebLogic cluster environment.
A WebLogic Server domain can have multiple clusters. To provide monitoring and performance statistics for all clustered components requires a composite target. This target provides status and rolled-up load and response performance metrics for member instances. In addition to the metrics exposed for Oracle Access Manager with Oracle Security Token Service, generic performance metrics are also available for Java EE application and composite Java EE applications.
Fusion Middleware Control must be deployed with Oracle Access Manager 11g on the WebLogic Administration Server, as shown in Figure 26-1.
Figure 26-1 Fusion Middleware Control (AS-Control) Deployment Architecture
Using Fusion Middleware Control for Oracle Access Manager with Oracle Security Token Service targets is supported through the Oracle Dynamic Monitoring Systems instrumentation within Oracle Access Manager. This instrumentation is used to provide:
Performance overview and drill down
Log message searches and dynamic log level changes
Routing topology overview
Mbean browser
Component- and cluster-level metrics for Oracle Access Manager with Oracle Security Token Service
This section provides the following topics:
The Fusion Middleware Control Login page provides the usual fields for the User Name and Password. The bottom of the Fusion Middleware Control Login page provides topics that you can click for additional information. The Login page is shown in Figure 26-2.
Figure 26-2 Fusion Middleware Control Login Page with Help Topics
Only Fusion Middleware Control administrators can perform this task.
See Also:
Oracle Fusion Middleware Administrator's Guide for details about getting started using Fusion Middleware ControlTo log in to Fusion Middleware Control
In a browser window, enter the URL to Fusion Middleware Control. For example:
http://host.domain.com:8888/em/
Expand a topic at the bottom of the Login page to learn about the enhanced user experience or new features.
Log in as a Fusion Middleware Control administrator.
Choose the farm containing Oracle Access Manager 11g, if needed.
Help: From the Farm Resource Center on the OAM Farm page, choose topics of interest (or click Help in the upper-right corner of the page) to get more information.
Proceed to any topic in this chapter for viewing and configuration details.
This section provides the following topics for Oracle Access Manager with Oracle Security Token Service:
See Also:
Oracle Fusion Middleware Administrator's Guide for details about getting started using Fusion Middleware ControlFigure 26-3 illustrates the Oracle Access Manager Farm page in Fusion Middleware Control. Each Farm page includes similar information. The Farm Resource Center provides immediate access to online information.
Figure 26-3 OAM Farm Page in Fusion Middleware Control
Sections on the Farm page are described in Table 26-1.
Table 26-1 Farm Page Sections
Farm Page Sections | Description |
---|---|
Deployments |
Within the farm, this section displays the Status and Target of each Internal Application within the Application Deployment. Clicking any link in the Deployments section (or in the navigation tree) displays a page containing more information. |
Fusion Middleware |
Within the farm, this section displays the status, host, and CPU usage for server instances in the:
Clicking any link on the page (or in the navigation tree) displays a page containing a more detailed summary. |
Farm Resource Center |
Provides a wealth of online information in the following categories:
Clicking any link in the resource center displays information on the chosen subject. With a wealth of information online, these details are not repeated in this book. |
The navigation tree on the left side of the page, like the one in Figure 26-4, enables you to choose a specific instance (target) on which to operate regardless of the page you are currently viewing. Target names in your environment will be different.
Figure 26-4 Farm Navigation Tree in Fusion Middleware Control
For more information, see "Logging In To Fusion Middleware Control".
For Oracle Access Manager with Oracle Security Token Service, Farm details in Fusion Middleware Control are divided into the following nodes within the navigation tree:
Application Deployments
Internal Applications (includes logout page and other details for the OAM AdminServer and OAM Server instances)
WebLogic Server domains (WebLogic Server details, including the OAM Farm)
Identity and Access (includes Oracle Access Manager Cluster or individual Oracle Access Manager Server instances, which includes Oracle Security Token Service)
Clicking a node in the navigation tree displays an information page with individual links and a description of the Target, Type, and Full Name, as shown in Figure 26-5 for Application Deployments.
Figure 26-5 Node Information Page in Fusion Middleware Control
Clicking an instance (target) name (from either the navigation tree or a page), displays a context menu and a more detailed summary page. The Internal Application target is highlighted in the navigation tree and a page of the same name is displayed on the right. The context menu is available beneath the target name at the top of the page, as shown in Figure 26-6.
Figure 26-6 Application Deployment Summary for the Selected Internal Application
The Application Deployment menu is shown in Figure 26-7.
WebLogic Server domain: The WebLogic Server domain page is shown in Figure 26-8 with the corresponding menu displayed. The Oracle WebLogic Server domain Resource Center, with links to online documentation, is visible in the bottom-left corner. This page more closely resembles the Farm landing page.
Figure 26-8 WebLogic Server Domain Summary with Context Menu Exposed
Selecting a target name within the WebLogic Server domain node displays a target summary page that more closely resembles the Application Deployment page in Figure 26-6.
For more information, see "Displaying Context Menus and Target Details in Fusion Middleware Control".
See Also:
"Viewing Performance in Fusion Middleware Control" for information about the Identity and Access node and related pages.Fusion Middleware Control administrators can use the following procedure to view context menus and target pages for Oracle Access Manager with Oracle Security Token Service.
Note:
From the Farm Resource Center on the Oracle Access Manager Farm page, choose topics of interest (or click Help in the upper-right corner of the page) to get more information.To display context menus and target information
Log in as described in "Logging In To Fusion Middleware Control".
Expand the Farm containing Oracle Access Manager, if needed.
Information Pages: From the navigation tree, click one of the following to display the related information page:
Application Deployments
WebLogic Server domain
Identity and Access
Menus and Summary Pages: Click an instance name (in either the navigation tree or the related page) to display a summary page and menu (Figure 26-6 and Figure 26-7).
Oracle Access Manager Cluster or Server Pages: See "Viewing Performance in Fusion Middleware Control".
Fusion Middleware Control provides administrators with:
A cluster-wide view of performance for Oracle Access Manager with Oracle Security Token Service
A per-server drill-down of key performance metrics
The ability to quickly add or remove performance metrics
Using Fusion Middleware Control, you can view performance metrics for live sessions in a variety of formats. Table 26-2 summarizes the pages for selected nodes and target instances.
Table 26-2 Resulting Pages for Selected Nodes and Targets
Node | Target | Information Summary Page | Performance Overview | Performance Summary w/Metrics |
---|---|---|---|---|
Application Deployment Internal Applications |
...AdminServer oamsso_logout(11.1.1.3.0) AdminServer oamsso_logout(11.1.1.3.0) oam_server |
Yes Yes Yes |
No No No |
Yes Yes Yes |
WebLogic Server domain |
oam_bd (Cluster name) AdminServer oam_server |
Yes Yes Yes |
No No No |
No Yes Yes |
Identity and Access |
OAM (Oracle Access Manager Cluster) oam_server (Oracle Access Manager Server) |
No No |
Yes Yes |
Yes Yes |
Note:
Oracle Security Token Service performance is included with both Oracle Access Manager Cluster and Oracle Access Manager Server pages.This section provides the following topics:
The Fusion Middleware Control Performance Overview for Oracle Access Manager with Oracle Security Token Service can be used to reflect WebLogic cluster information down to specific performance metrics for individual Oracle Access Manager Cluster and Server targets.
Oracle Access Manager Cluster Page: The top node within Identity and Access leads to a page for the OAM Cluster Deployment, which includes a Performance Overview. For Figure 26-9, the Oracle Access Manager Cluster is selected in the navigation tree, beneath the Identity and Access node. Figure 26-9 illustrates the Oracle Access Manager Cluster Deployments and Performance Overview sections. This page includes a table for Token Issuance and Token Validations.
Figure 26-9 Oracle Access Manager Cluster Page
OAM Server Pages: Selecting an OAM Server target name from the navigation tree (or the open page), displays a Performance Overview for the target. At the top of the OAM Server page, a summary of Key Metrics for the server instances appears instead of the Oracle Access Manager Cluster Deployment section. Figure 26-10 illustrates the OAM Server instance Key Metrics, which include Token Issuance and Token Validations per second. The Token Validation success rate is included.
Figure 26-10 Key Metrics for Oracle Access Manager Server Pages
Table 26-3 describes the elements of the Performance Overview for Oracle Access Manager Clusters and Oracle Access Manager Server instances in Fusion Middleware Control. There are only a few differences.
Table 26-3 Summary of Performance Overviews in Fusion Middleware Control
Section or Column Name | Description |
---|---|
Oracle Access Manager Cluster Menu |
Dynamic context menus provide functions related to the selected target (also available when you right-click a target in the navigation tree). This menu is available for the selected Oracle Access Manager Cluster. The Component Performance command enables you to choose between displaying Access Manager or Security Token Service metrics. See Also: "Access Manager Component Pages" and "Security Token Service Component Pages". |
Deployments, OAM Cluster pages |
This section appears only on OAM Cluster pages. It describes the status of each instance in the cluster. The following information is included:
|
Instance Name |
This column includes the name of each OAM Server instance in the cluster. For example: OAM_server_name |
Status |
This column identifies the status of each OAM Server instance in the cluster with either a:
|
Authentications |
Authentications columns identify:
|
Authorizations |
This column identifies the number of authorizations per second for each OAM Server instance in the cluster. Authorizations columns identify:
|
Oracle Access Manager Server Instance Menu |
Dynamic context menus provide functions related to the selected target (also available when you right-click a target in the navigation tree). This menu is available for the selected Oracle Access Manager server instance. The Component Performance command enables you to choose between displaying specific Access Manager or Security Token Service metrics. See Also: "Access Manager Component Pages" and "Security Token Service Component Pages". |
Key Metrics, OAM Server Page |
This table provides a summary of statistics for only the selected OAM Server instance. Key metrics include details for both Oracle Access Manager and Oracle Security Token Service:
|
Performance Overview, OAM Cluster and OAM Server Pages |
This section provides a graphic representations of Oracle Access Manager authentication and authorization operations and Oracle Security Token Service Token Issuance and Token Validation operations. Metrics in the Performance Overview are not configurable. The Metrics Palette is available for only the Performance Summary. Whether you have an OAM Cluster or OAM Server instance selected, the Performance Overview includes:
Within each table:
|
Table View |
Click the Table View link on the bottom-right side of the Performance Overview to display performance information in columns within a pop up window. |
LDAP Servers, OAM Cluster and OAM Server Pages |
This section is available when either an OAM Cluster or a single OAM Server instance is selected. It provides information for the default LDAP user identity store:
|
Application Domains, OAM Cluster and OAM Server Pages |
This section of the OAM Cluster and OAM Server pages provides information for all Application Domains that were used during authentication and authorization processing. Columns in this section provide the:
|
The Component Performance command on both the Oracle Access Manager Cluster and Oracle Access Manager Server instance menus enables you to display Access Manager-specific metrics.
Oracle Access Manager Cluster component-specific metrics are aggregated across the cluster. illustrated in Figure 26-11. Details follow in Table 26-4.
Figure 26-11 Aggregated Access Manager Component Metrics for the Cluster
Figure 26-12 illustrates the Access Manager component metrics for a single OAM Server instance.
Figure 26-12 Access Manager Component Metrics for a Single OAM Server Instance
Table 26-4 describes the component-specific metrics for Oracle Access Manager.
Table 26-4 Access Manager Component Metrics
Access Manager Component Metrics | Description |
---|---|
Access Manager Clients |
Based on your selection (Cluster or Server instance), this page provides information for all active Access Clients in a cluster (or for the active Access Clients of an individual OAM Server). Details include:
|
Client ID |
Displays the name of the Agent, as defined in the Agent registration in the Oracle Access Manager Console. For example: IAMSuiteAgent |
Type |
Displays the Agent. type For example: OAM Webgate |
Authentications |
Authentications columns identify:
|
Authorizations |
Authorizations columns identify:
|
The Component Performance command on both the Oracle Access Manager Cluster and Oracle Access Manager Server instance menus enables you to display Security Token Service (STS) component-specific metrics.
Component-specific metrics are aggregated for the Oracle Access Manager Cluster, as illustrated in Figure 26-11.
Figure 26-13 Aggregated STS Component Metrics for the Cluster
For each individual server instance, STS component-specific metrics are also available, as illustrated in Figure 26-11.
Figure 26-14 STS Component Metrics for an Individual OAM Server Instance
Table 26-5 introduces the STS component specific metrics.
Table 26-5 STS Component-Specific Metrics
Security Token Service Component Metrics | Description |
---|---|
Requestor Partners |
Statistics summary for either the selected OAM Server instance (or an aggregated summary for the Cluster):
Selecting a Requestor Partner ID reveals Relying Party Details with specific information for only the named partner. |
Token Operations |
Metrics for STS Token Operations include:
|
The Performance Summary command on the Oracle Access Manager Cluster or Server menu displays metrics charts for the selected target.
On the Performance Summary page, a chart is displayed for each selected metric. An OAM Server Performance Summary page. Figure 26-16 shows the Performance Summary page with an open Metric Palette from which you can choose metrics to chart. Stacked charts allow you to easily compare multiple metrics for the same time frame, change the time frame to go back in time, or zoom in or out.
Figure 26-16 Performance Summary Page with Metric Palette
Table 26-6 describes the status and controls available on the Performance Summary page.
Table 26-6 Status and Controls on Performance Summary Pages
Status or Control | Description |
---|---|
Past n minutes |
Status is based on the specified time period, which can be adjusted using the slider. |
All |
|
n Minutes |
The specified time period, which can be adjusted using the slider. |
Slider |
The tool you use to adjust the time period. |
Chart Set |
A list from which you can choose the set of saved charts to view. |
View |
A menu that enables you to add a grid, save a chart, and order information on the page. |
Overlay |
A menu that enables you to search for and view another instance of the same type and compare this against the instance in the summary. |
Metric Palette |
A listing from which you can select performance metrics to chart. Items unique to Oracle Access Manager with Oracle Security Token Service are shown here. Left: Metric Palette for the Cluster Right: Metric Palette for a Single OAM Server |
Fusion Middleware Control administrators can use the following procedure to add or change the metrics that are displayed in the Performance Summary. for Oracle Access Manager with Oracle Security Token Service.
See Also:
To add or change metrics displayed in the Performance Summary
Log in as described in "Logging In To Fusion Middleware Control".
Performance Overview:
Expand the desired node and select a target. For example: Identity and Access.
Review the Performance Overview.
Performance Summary:
Select a target (Step 1).
From the context menu, select Performance Summary.
Review the Summary Page.
Changing Metrics:
From the Performance Summary page (Step 2), click the Show Metrics Palette button.
From the Metrics Palette, expand nodes and check (or clear) boxes to add (or remove) metrics from the summary.
Review the updated the Summary page.
Click Hide Metrics Palette when you finish.
Saving a Chart Set:
From the View menu on the Performance Summary page, click Save Chart Set.
In the dialog box that appears, enter a unique name for this chart set and click OK when the operation is confirmed.
Click Hide Metrics Palette when you finish.
Review the updated information on the Summary Page.
Adding an Overlay, Oracle Access Manager:
From the Overlay menu on the Performance Summary page, click Another Oracle Access Manager.
In the Search and Select Targets dialog, enter the target name and host name, then click Go.
In the target results table, click the name of the desired target and then click Select.
When finished viewing the overlay, click Remove Overlay from the Overlay menu.
Adding an Overlay, Today with Yesterday:
From the Overlay menu on the Performance Summary page, click Today with Yesterday.
When finished viewing the overlay, click Remove Overlay from the Overlay menu.
Testing:
Using the Access Tester, perform several authentication and authorization tests (see Chapter 14).
In Fusion Middleware Control, check performance metrics.
Fusion Middleware Control administrators can use the following procedure to view and compare component-specific performance data for either Oracle Access Manager or Oracle Security Token Service.
To display component-specific performance details
Log in as described in "Logging In To Fusion Middleware Control".
Expand the desired node and select a target. For example:
From the context menu, select Component Performance.
Choose Access Manager (or Security Token Service).
STS Partner ID: Choose a Partner ID in the Security Token Service results table for more details, if needed.
Component Performance:
From the context menu, select Component Performance.
Choose either Access Manager or Security Token Service.
Choose an item in the results table to get more details, if available.
Testing:
Using the Access Tester, perform several authentication and authorization tests (see Chapter 14).
In Fusion Middleware Control, check performance metrics.
Oracle Fusion Middleware components generate log files containing messages that record all types of events. Administrators can set log levels using Fusion Middleware Control, as described in this chapter.
Note:
Alternatively, administrators can set OAM logger levels using custom WebLogic Scripting Tool (WLST) commands, as described in Chapter 22.Topics in this section include:
Using Fusion Middleware Control, administrators can change log levels dynamically for Oracle Access Manager with Oracle Security Token Service.
Table 26-7 outlines log availability and functions in Fusion Middleware Control.
Table 26-7 OAM Log Availability and Functions in Fusion Middleware Control
Node | Target | View Log Messages | Log Configuration |
---|---|---|---|
Application Deployment Internal Applications |
...AdminServer oamsso_logout(11.1.1.3.0) AdminServer oamsso_logout(11.1.1.3.0) oam_server |
Yes Yes Yes |
Yes Yes Yes |
WebLogic Server domain |
oam_bd (Cluster name) AdminServer oam_server |
Yes Yes Yes |
No Yes Yes |
Identity and Access |
OAM (Oracle Access Manager Cluster) oam_server (Oracle Access Manager Server) |
No Yes |
No Yes |
Figure 26-17 shows the Log Levels configuration page in Fusion Middleware Control. Notice that Runtime Loggers is the selected View and oracle.oam logger names are currently displayed. With Oracle Security Token Service there is only one logger that affects the log levels for Oracle Security Token Service: oracle.security.fed
.
Figure 26-17 Oracle Access Manager Log Levels on the Log Configuration Tab
Figure 26-18 Log Levels for Oracle Security Token Service
The Log Levels tab on the Log Configuration page allows you to configure the log level for both persistent loggers and active runtime loggers:
Persistent loggers are saved in a configuration file and become active when the component is started.
The log levels for these loggers are persisted across component restarts.
Runtime loggers are automatically created during runtime and become active when a particular feature area is exercised.
For example, oracle.j2ee.ejb.deployment.Logger is a runtime logger that becomes active when an EJB module is deployed. Log levels for runtime loggers are not persisted across component restarts.
Table 26-8 explains the configuration status and options for log levels.
Table 26-8 Log Levels Tab on Log Configuration Page
Element | Description |
---|---|
Apply |
Submits and applies log level configuration changes, which take affect immediately. |
Revert |
Restores the target's previous log level configuration, which take affect immediately. |
View |
Use this list to view runtime loggers or loggers with a persistent log level state.
|
Search |
Use this list to specify the categories you would like to search. |
Table |
|
Logger Name |
The name of the loggers found during the search. You can expand names in the list to see any loggers beneath the top node. |
Oracle Diagnostic Logging Level (Java Level) |
Choose the logging level for the corresponding logger; c. Click Apply and review confirmation messages displayed in a pop-up window: Updating log levels Updating the log levels of runtime loggers The log levels of runtime loggers have been updated successfully The log levels have been updated successfully |
Log File |
Clicking a name in the Log File column displays the Log Files page, which you can use to create and edit the file where log messages are logged, the format of the log messages, rotation policies, and other logging parameters. See Also: "Managing Log File Configuration from Fusion Middleware Control". |
Persistent Log Level State |
Identifies the persistent state for this specific logger, which is set when you create or edit the value using the Log Files tab. |
Fusion Middleware Control administrators can use the following procedure to set the log level dynamically for Oracle Access Manager with Oracle Security Token Service.
See Also:
"About Dynamic Log Level Changes"Note:
Alternatively, administrators can set logger levels using custom WebLogic Scripting Tool (WLST) commands, as described in Chapter 22.To configure logging levels dynamically in Fusion Middleware Control
Log in as described in "Logging In To Fusion Middleware Control".
Expand the desired node, and select a target. For example:
From the Oracle Access Manager context menu, select Logs and then choose Log Configuration.
From the Log Levels tab, View list, choose the loggers to display. For example: Runtime Loggers.
From the Search list, choose a category, enter your search criteria, and click the search button. For example: All Categories sts.
In the results table, expand nodes to reveal information as needed.
In the results table, choose log levels for your environment, then click Apply (or Revert).
Proceed to "Managing Log File Configuration from Fusion Middleware Control"
This section provides the following information for Oracle Access Manager with Oracle Security Token Service:
Figure 26-18 shows the Log Files Configuration. Use this page to create and edit where the log messages will be logged to, the format of the log messages, the rotation policies used, as well as other parameters depending on the log file configuration class.
Figure 26-19 Log Files Configuration Page
Table 26-9 describes the log files configuration parameters for Oracle Access Manager with Oracle Security Token Service.
Table 26-9 Log Files Elements
Element | Description |
---|---|
Create |
Click this button to display the fresh form to create a new file for logged messages. Notes:
|
Create Like |
Click this button to display a partially filled-in form to create a new file for logged messages. |
Edit Configuration |
Click this button to display and edit the selected log file configuration. |
View Configuration |
Click this button to view a read-only description of the selected log file configuration. |
Table |
The information in this table is based on log file configuration parameters in this table. |
Handler Name |
The Log File name assigned during log file creation. |
Log Path |
The file system directory path assigned during log file creation. |
Log File Format |
The Log File format assigned during log file creation. |
Rotation Policy |
The rotation policy selected during log file creation. |
Fusion Middleware Control administrators can use the following procedure to create a log file, edit the configuration, or view a read-only version of the log file configuration.
See Also:
"About Log File Configuration"To manage log files for OAM in Fusion Middleware Control
Log in as described in "Logging In To Fusion Middleware Control".
Expand the desired node, and select a target. For example:
From the Oracle Access Manager menu, select Logs and then Log Configuration.
Create a Log File: From the Log Files tab (Table 26-9):
Click the Create button to display a fresh Create Log File form.
Enter a name and file system path for this log file. For example:
Log File oam-odl-handler
Log Path domains/oam_db/servers/oam-server1/log/oam.log
Click the desired Log File Format. For example: ... Text
Set the logging attributes. For example:
Use Default Attributes X
Supplemental Attributes
Associate a Logger. For example: Root Logger
Specify the Rotation Policy. For example: Size Based
Maximum Log File Size (MB) 10.0
Maximum Size of All Log File Size (MB) 1000.0
Click OK to submit the configuration.
Create Like:
From the Log Files tab, click the name of an existing log file.
Click the Create Like button.
On the Create Log File form, enter your own information:
Log File name
Log Level
Attributes
Edit any other details as needed, then click OK to submit the configuration.
Edit Configuration:
From the Log Files tab, click the name of an existing log file.
Click the Edit Configuration button.
Change configuration details as needed.
Click OK to submit the changes.
View Configuration:
From the Log Files tab, click the name of an existing log file.
Click the View Configuration button.
Review the information, then click OK to dismiss the configuration page.
Proceed to "Viewing Log Messages in Fusion Middleware Control".
This section includes the following topics:
By using the context menu for an Oracle Access Manager Server instance in Fusion Middleware Control, administrators can locate, view, and export key log information for:
Application Deployment targets, including the WebLogic (and OAM) AdminServer and the OAM SSO logout pages on both AdminServer and OAM Servers
WebLogic Server domain targets, including the OAM Farm, AdminServer, and OAM Servers
Identity and Access targets, including the Oracle Access Manager Farm, Clusters, and individual OAM Servers
Using log files to troubleshoot common problems requires that you:
Get familiar with the Oracle Diagnostic Logging (ODL) format used by Oracle Fusion Middleware components, as described in the Oracle Fusion Middleware Application Security Guide
Configure log files to collect the appropriate level of information
Search, view and export key log information in the farm
Correlate messages in log files across components
Figure 26-20 shows the Log Messages page for Oracle Access Manager with Oracle Security Token Service in Fusion Middleware Control.
Figure 26-20 Typical Log Messages Page in Fusion Middleware Control
Table 26-10 describes elements on the Log Messages page in Fusion Middleware Control, which you can use to locate and view messages.
Table 26-10 OAM Log Message Search Controls in Fusion Middleware Control
Element | Description |
---|---|
Broaden Target Scope |
Select items on this list to expand (or narrow) the targets that are used in this search:
|
Target Log Files... |
Displays a list of all log files for the target scope from which you can select a specific log file to view or download. |
Refresh Options |
Select an item from this list to specify the refresh method:
|
Search Options |
|
Date Range |
The period during which the desired set of messages was logged:
|
Message Types |
Check all message types that apply for this search:
|
Message |
Choose an identifier from this list and add a value in the blank field beside it to refine your search criteria: |
Add Fields |
Click this button to display a list of additional search criteria you can include. |
Search |
Click this button to initiate a search using the specified criteria. |
Viewing Options |
|
View |
Choose items from this menu to view or reorder columns in the search results table: |
Show |
Select the entity to view: |
View Related Messages |
This menu is available when at least one message is listed in the search results. |
Export Messages to a File |
A menu of viewing commands that are available when at least one message is listed in the search results. You can choose from the following commands: |
Results Table Columns |
These are based on selections in the View menu on the Log Messages page. |
Message Area |
Displays details for the selected message in the search results table. |
Fusion Middleware Control administrators can use the following procedure to view and download log messages for the target. This procedure explains how to search for messages, view messages (or view related messages), view all messages in a single log file, and export or download messages.
To view OAM Server log messages within Fusion Middleware Control
Log in as described in "Logging In To Fusion Middleware Control".
Expand the desired node and select a target. For example:
From the OAM context menu, select Logs and then choose View Log Messages.
Search (Table 26-10):
Specify a Date Range.
Check all Message Types to be included in your search.
Define Message content options.
Add Fields: Enter details to further refine message content.
Click Search to display a list of messages that fit your search criteria.
View Messages: From the table of search results, click one or more messages to view on the lower half of the page.
View Related: Use one of the following methods to organize the table of search results.
By Time: From the View Related menu, select by Time.
By ECID: Click ECID in the message on the screen (or, from the View Related menu, select by ECID Execution Context ID).
From the Scope menu, select a time period.
Log File: From the table of search results, click a name in the Log File column to view all messages in the file.
Export Messages
Select one or more messages in the search results table.
From the Export Messages menu, choose the desired export format. For example: As Oracle Diagnostic Log (.txt).
In the dialog box, click Open with and then choose the desired program.
From the open program, save the file to a new path.
Download
Select one or more messages in the search results table.
Click the Download button.
In the dialog box, click Open with and then choose the desired program.
From the open program, save the file to a new path.
Testing:
Using the Access Tester, enter an invalid user name and try to authenticate (see Chapter 14).
In Fusion Middleware Control, go to the log viewer and review the error.
Using the Access Tester, enter an invalid password and try to authenticate.
In the Fusion Middleware Control log viewer, check the error and then view all related log messages.
Repeat this test using different log levels, as described in "Managing Log Level Changes in Fusion Middleware Control".
A Java object is a unit of code that runs the computer. Each object is an instance of a particular class or subclass that relies on the class's methods or procedures or data variables. Within the Java programming language, a Java object that represents a manageable resource (application, service, component, or device) is known as an MBean (managed bean).
Fusion Middleware Control enables you to:
View information on key MBean Attributes and Operations
Invoke methods
This section provides the following topics:
The Fusion Middleware Control System Mbean Browser can be used to view the items outlined in Table 26-11.
Table 26-11 System MBean Browser
Node | Target | System Mbean Browser |
---|---|---|
Application Deployment Internal Applications |
...AdminServer oamsso_logout(11.1.1.3.0) AdminServer oamsso_logout(11.1.1.3.0) oam_server |
Yes Yes Yes |
WebLogic Server domain |
oam_bd (Cluster name) AdminServer oam_server |
Yes Yes Yes |
Identity and Access |
OAM (Oracle Access Manager Cluster) oam_server (Oracle Access Manager Server) |
No Yes |
Note:
Oracle Security Token Service MBeans are also available as described here.Table 26-12 describes the MBeans that Oracle Access Manager and Oracle Security Token Service deploy on the AdminServer on the domain runtime server (OAM Server).
Table 26-12
MBeans For | Description |
---|---|
Configuration Service |
oracle.oam:type=Config |
Partner and Trust Service |
oracle.oam:type=PATConfig |
STS MBeans |
oracle.sts:type=Config |
Certificate Validation Module |
These are used for CRL management. oracle.sts:type=CertRevocationListConfig |
Figure 26-21 Shows the System MBean Browser and the related Attributes tab displaying information for the Oracle Security Token Service CertRevocationListConfig: oracle.sts:Location=oam_server1,type=CertRevocationListConfig
.
Figure 26-21 System MBean Browser and Attributes Tab
Table 26-13 describes the System MBean Browser and associated tab in greater details.
Table 26-13 System MBean Browser
System MBean Browser | |
---|---|
System MBean Browser |
Expand items in this section to display Mbeans for the selected target. Under Application Defined Beans, find |
MBean Information |
Details for Attributes and Operations related to the MBean for the selected target are displayed on the right. |
Attributes |
This tab describes MBean attributes for the selected target. |
Operations |
This tab describes MBean operations for the selected target. |
Notifications |
This tab lists any notifications resulting from the invocation of an MBean. |
Controls |
The following controls are available from these pages:
|
Fusion Middleware Control administrators can use the following procedure to view MBeans for Oracle Access Manager or Oracle Security Token Service. Additionally, you can apply values (or revert the change) and invoke MBeans.
To view, edit, or invoke MBeans for Oracle Access Manager and Oracle Security Token Service
Log in as described in "Logging In To Fusion Middleware Control".
Expand the desired node and select a target. For example:
From the Oracle Access Manager context menu, select System MBean Browser.
System MBean Browser: Expand classes and select an MBean target to display related attributes and operations. For example: oracle.sts or oracle.oam.
Manage MBean Attributes:
Click the Attributes tab.
Review the name and description of MBean attributes for the selected target.
Edit values for one or more attributes and click Apply to submit changes (or click Revert to cancel changes).
Alternatively: Click a Name in the Attributes table to display a full description and the value; change the value and click Apply (or click Revert to cancel the change).
Manage MBean Operations:
Click the Operations tab.
Review the name, description, number of parameters, and return type for each MBean operation for the selected target.
Click a name in the Operations table to display the parameters and related name, description, type, and value.
Edit values for the operation and click Apply to submit changes (or click Revert to cancel changes).
Click Invoke to invoke the MBean and review the message that appears.
Fusion Middleware Control enables you to view a graphical representation of the Oracle Access Manager routing topology.
This section provides the following topics:
Figure 26-22 shows the Farm routing topology page in Fusion Middleware Control.
Figure 26-22 Routing Topology with Context Menu
Table 26-14 describes the status and controls on the Farm topology page.
Table 26-14 Farm Topology
Element | Description |
---|---|
Save Image |
Saves the image. |
|
Prints the image. |
Scales the image. |
|
Find |
Enter a value or simply click Find to display results. |
+ |
Expands the instance on the topographical view to provide more information. |
Status Bar |
Displays the full farm name and targets within the farm., as well as the up and down status. You can choose to overlay the status and metrics on individual instances in the topology view. |
Fusion Middleware Control Administrators can use the following procedure to view the routing topology of the farm that includes OAM 11g.
See Also:
"About the Routing Topology"To view Farm routing topology
Log in as described in "Logging In To Fusion Middleware Control".
Select the Farm in the navigation tree.
Click Topology above the navigation tree.
In the Topology Browser window, click the name of the farm and click OK.
Use the scaling tool to shrink or grow the image.
Expand instances in the topology to display details about each one.
Use the Overlay options to add status and metrics information to the instances.
Use the Find option to locate specific information (Table 26-14).
Click Print or Save, as needed.