Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Manager
11
g
Release 1 (11.1.1)
Part Number E14308-08
Home
Book List
Index
Contact Us
Next
PDF
·
Mobi
·
ePub
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
Part I Application Management
1
Managing Reconciliation Events
1.1
Reconciliation Features in Oracle Identity Manager
1.1.1
Performance Enhancements
1.1.1.1
New Metadata Model - Profiles
1.1.1.2
Parameters to Control Flow and Processing of Events
1.1.1.3
Grouping of Events by Reconciliation Runs
1.1.1.4
Grouping of Events by Batches
1.1.1.5
Implementing Reconciliation Engine Logic in the Database
1.1.1.6
Improved Java Engine
1.1.1.7
Improved Database Schema
1.1.2
Web-Based Event Management Interface
1.1.3
Other Enhancements
1.1.3.1
Horizontal Tables
1.1.3.2
Handling of Race Conditions
1.1.3.3
OES Integration
1.1.3.4
Ad Hoc Linking
1.2
Event Management Tasks
1.2.1
Searching Events
1.2.1.1
Performing a Simple Search for Events
1.2.1.2
Performing an Advanced Search for Events
1.2.2
Displaying Event Details
1.2.3
Determining Event Actions
1.2.4
Re-evaluating Events
1.2.5
Closing Events
1.2.6
Linking Reconciliation Events
1.2.6.1
Ad Hoc Linking
1.2.6.2
Manual Linking
1.2.6.3
Linking Orphan Accounts
1.3
Updating Reconciliation Profiles Manually
1.3.1
Creating New Reconciliation Profiles
1.3.1.1
Creating Additional Nondefault Profiles for Reconciliation Based on Resource Objects
1.3.1.2
Creating New Profiles for Trusted Source Reconciliation
1.3.2
Updating Reconciliation Profiles
1.3.3
Changing the Profile Mode
1.4
Populating Data in the RECON_EXCEPTIONS Table
2
Managing Scheduled Tasks
2.1
Configuring the oim-config.xml File
2.2
Starting and Stopping the Scheduler
2.3
Scheduled Tasks
2.3.1
Predefined Scheduled Tasks
2.3.2
LDAP Scheduled Tasks
2.3.3
Creating Custom Scheduled Tasks
2.4
Jobs
2.4.1
Creating Jobs
2.4.2
Searching Jobs
2.4.2.1
Performing a Simple Search for Jobs
2.4.2.2
Performing an Advanced Search for Jobs
2.4.3
Viewing Jobs
2.4.4
Modifying Jobs
2.4.5
Disabling and Enabling Jobs
2.4.6
Starting and Stopping Jobs
2.4.7
Deleting Jobs
3
Managing Notification Templates
3.1
Defining Event Metadata
3.1.1
Creating the Resolver Class
3.1.2
Deploying the Notification Event
3.2
Creating a Notification Template
3.3
Searching for a Notification Template
3.4
Modifying a Notification Template
3.5
Deleting a Notification Template
3.6
Adding and Removing Locales from a Notification Template
3.7
Configuring Notification for a Proxy
4
Administering System Properties
4.1
System Properties in Oracle Identity Manager
4.2
Creating and Managing System Properties
4.2.1
Creating System Properties
4.2.2
Purging Cache
4.2.3
Searching for System Properties
4.2.3.1
Performing a Simple Search
4.2.3.2
Performing an Advanced Search
4.2.4
Modifying System Properties
4.2.5
Deleting System Properties
5
Importing and Exporting Data Using the Deployment Manager
5.1
Features of the Deployment Manager
5.2
Exporting Deployments
5.3
Importing Deployments
5.3.1
Deployment Manager Actions on Reimported Scheduled Tasks
5.3.2
Importing an XML File
5.4
Horizontal Migration of Entities
5.4.1
Creating a Backup of the Existing Entities
5.4.2
Running the Horizontal Migration Utility
5.4.3
Data Migration for Supported Entities
5.4.3.1
Custom Resource Bundle
5.4.3.2
Plug-ins
5.4.4
Horizontal Migration Report
5.5
Best Practices Related to Using the Deployment Manager
5.5.1
Export System Objects Only When Necessary
5.5.2
Export Related Groups of Objects
5.5.3
Group Definition Data and Operational Data Separately
5.5.4
Use Logical Naming Conventions for Versions of a Form
5.5.5
Export Root to Preserve a Complete Organizational Hierarchy
5.5.6
Provide Clear Export Descriptions
5.5.7
Check All Warnings Before Importing
5.5.8
Check Dependencies Before Exporting Data
5.5.9
Match Scheduled Task Parameters
5.5.10
Compile Adapters and Enable Scheduled Tasks
5.5.11
Export Entity Adapters Separately
5.5.12
Check Permissions for Roles
5.5.13
Back Up the Database
5.5.14
Import Data When the System Is Quiet
5.5.15
Update the SDK Table
5.5.16
Remove Data Object Fields Before Importing Event Handlers as Dependencies
5.6
Best Practices for Using the Horizontal Migration Utility
5.7
Troubleshooting
6
Managing Connector Lifecycle
6.1
Lifecycle of a Connector
6.2
Connector Lifecycle and Change Management Terminology
6.3
Viewing Connector Details
6.4
Installing Connectors
6.4.1
Overview of the Connector Deployment Process
6.4.2
Creating the User Account for Installing Connectors
6.4.3
Installing a Connector
6.5
Defining Connectors
6.6
Cloning Connectors
6.6.1
Guidelines for Cloning a Connector
6.6.2
Cloning a Connector
6.6.3
Postcloning Steps
6.7
Exporting Connector Object Definitions in Connector XML Format
6.8
Upgrading Connectors
6.8.1
Upgrade Use Cases Supported by the Connector Upgrade Feature
6.8.2
Connector Object Changes Supported by the Upgrade Connectors Feature
6.8.2.1
Resource Object Changes
6.8.2.2
Process Definition Changes
6.8.2.3
Connector Code Files Changes
6.8.2.4
Resource Object Changes
6.8.2.5
Process Form Changes
6.8.2.6
Lookup Definition Changes
6.8.2.7
Adapter Changes
6.8.2.8
Rule Changes
6.8.2.9
IT Resource Type Changes
6.8.2.10
IT Resource Changes
6.8.2.11
Scheduled Task Changes
6.8.3
What Happens When You Upgrade a Connector
6.8.4
Summary of the Upgrade Procedure
6.8.5
Procedure to Upgrade a Connector
6.8.5.1
Preupgrade Procedure
6.8.5.2
Upgrade Procedure
6.8.5.3
Postupgrade Procedure
6.8.6
Procedure to Upgrade a Non-Converged Connector to a Converged Connector
6.9
Uninstalling Connectors
6.9.1
Use Cases Supported by the Uninstall Connectors Utility
6.9.2
Overview of the Connector Uninstall Process
6.9.3
Setting Up the Uninstall Connector Utility
6.9.4
Uninstalling Connectors and Removing Connector Objects
6.9.4.1
Uninstalling a Connector
6.9.4.2
Removing Adapters, Lookup Definitions, Resource Objects, and Scheduled Tasks
6.9.4.3
Running the Script to Uninstall Connectors and Connector Objects
Part II System Management
7
Starting and Stopping Servers
7.1
Configuring the Node Manager
7.2
Starting the Node Manager
7.3
Starting or Stopping WebLogic Administration Server
7.4
Starting or Stopping WebLogic Managed Servers
7.4.1
Starting or Stopping the Managed Servers By Using Command Prompt
7.4.2
Starting or Stopping the Managed Server By Using Oracle Enterprise Manager Fusion Middleware Control
7.4.3
Starting or Stopping Servers By Using Oracle WebLogic Server Administration Console
8
Enabling System Logging
8.1
Logging in Oracle Identity Manager By Using ODL
8.1.1
Message Types and Levels
8.1.2
Log Handler and Logger Configuration
8.1.3
Configuring Log Handlers
8.1.3.1
Log Handler Configuration Tools
8.1.4
Configuring Loggers
8.1.5
Sample ODL Log Output
8.2
Logging in Oracle Identity Manager By Using log4j
8.2.1
Log Levels
8.2.2
Loggers
8.2.3
Configuring and Enabling Logging
9
Enabling Secure Cookies
10
Enabling LDAP Synchronization
10.1
Enabling Postinstallation LDAP Synchronization
10.2
Enabling SSL Between Identity Virtualization Library (libOVD) and the Directory Server
10.2.1
Enabling SSL Between Identity Virtualization Library (libOVD) and Microsoft Active Directory
10.2.2
Enabling SSL Between Identity Virtualization Library (libOVD) and iPlanet
10.2.3
Enabling SSL Between Identity Virtualization Library (libOVD) and OID
10.3
Provisioning Users and Roles Created Before Enabling LDAP Synchronization to LDAP
10.4
Disabling LDAP Synchronization
10.5
Managing Identity Virtualization Library (libOVD) Adapters
10.6
Configuring LDAP Authentication When LDAP Synchronization is Enabled
11
Integrating with Other Oracle Components
11.1
Oracle Access Manager
11.2
Oracle Adaptive Access Manager
11.3
Oracle Identity Analytics
11.3.1
Integration Configuration in Oracle Identity Analytics
11.3.2
Integration Configuration in Oracle Identity Manager
11.3.2.1
The DataCollectionOperationsIntf API Interface
11.3.2.2
Staging Tables
11.3.2.3
Data Collection Process
11.4
Oracle Identity Navigator
11.5
Oracle Virtual Directory
11.6
Oracle Service-Oriented Architecture
11.7
Oracle Business Intelligence Publisher
12
Handling Lifecycle Management Changes
12.1
URL Changes Related to Oracle Identity Manager
12.1.1
Oracle Identity Manager Database Host and Port Changes
12.1.2
Oracle Virtual Directory Host and Port Changes
12.1.3
Oracle Identity Manager Host and Port Changes
12.1.3.1
Changing OimFrontEndURL in Oracle Identity Manager Configuration
12.1.3.2
Changing backOfficeURL in Oracle Identity Manager Configuration
12.1.4
BI Publisher Host and Port Changes
12.1.5
SOA Host and Port Changes
12.1.6
OAM Host and Port Changes
12.2
Password Changes Related to Oracle Identity Manager
12.2.1
Changing Oracle WebLogic Administrator Password
12.2.2
Changing Oracle Identity Manager Administrator Password
12.2.3
Changing Oracle Identity Manager Database Password
12.2.4
Changing Oracle Identity Manager Passwords in the Credential Store Framework
12.2.5
Changing OVD Password
12.3
Configuring SSL for Oracle Identity Manager
12.3.1
Generating Keys
12.3.2
Signing the Certificates
12.3.3
Exporting the Certificate
12.3.4
Importing the Certificate
12.3.5
Enabling SSL for Oracle Identity Manager and SOA Servers
12.3.5.1
Enabling SSL for Oracle Identity Manager
12.3.5.2
Changing OimFrontEndURL to Use SSL Port
12.3.5.3
Changing backOfficeURL to Use SSL Port
12.3.5.4
Changing SOA Server URL to Use SSL Port
12.3.5.5
Configuring SSL for Design Console
12.3.5.6
Configuring SSL for Oracle Identity Manager Utilities
12.3.5.7
Configuring SSL for MDS Utilities
12.3.5.8
Configuring SSL for SPML/Callback Domain
12.3.6
Enabling SSL for Oracle Identity Manager DB
12.3.6.1
Setting Up DB in Server-Authentication SSL Mode
12.3.6.2
Creating KeyStores and Certificates
12.3.6.3
Updating Oracle Identity Manager
12.3.6.4
Updating WebLogic Server
12.3.7
Enabling SSL for LDAP Synchronization
12.3.7.1
Enabling OVD-OID with SSL
12.3.7.2
Updating Oracle Identity Manager for OVD Host/Port
Part III Configuration
13
Configuring User Attributes
13.1
Entity Configuration Operations
13.1.1
Listing Entity Attributes
13.1.2
Creating Entity Attributes
13.1.2.1
Attribute Properties
13.1.2.2
LKU and LKV Table Definitions
13.1.3
Modifying Entity Attributes
13.1.4
Deleting Entity Attributes
13.1.5
Performing Category Configuration
13.1.5.1
Creating Category
13.1.5.2
Renaming Category
13.1.5.3
Deleting Category
13.1.5.4
Ordering Attributes Within a Category
13.2
Search Operation Configuration
13.3
User Configuration Management Authorization
13.4
Enabling the Usage of UDFs in Requests
13.5
Synchronizing User-Defined Fields Between Oracle Identity Manager and LDAP
13.5.1
Synchronizing the Attribute Manually
13.5.2
Synchronizing UDFs Between Oracle Identity Manager and LDAP By Using the ldapsyncudf Utility
13.5.2.1
Configuring the Properties File
13.5.2.2
Configuring the Input File
13.5.2.3
Running the Utility
13.6
Configuration Management Architecture
14
Managing Password Policies
14.1
Creating a Password Policy
14.1.1
The Policy Rules Tab
14.1.2
The Usage Tab
14.2
Setting the Criteria for a Password Policy
15
Managing Identity and Resource Information
15.1
Overview of User Management
15.2
Managing Organization Information
15.3
Viewing Resources Allowed or Disallowed for Users
15.3.1
Policy History Tab
15.4
Assigning Role Entitlements
16
Managing Asynchronous Execution
16.1
Overview of AsyncService
16.2
Async Routing and Configuration
16.2.1
Configuration Parameters
16.3
Troubleshooting Failed Async Tasks
16.3.1
Automated Retry Error Handling Mechanism
16.3.2
Manual Retry Error Handling Mechanism
16.4
Working with the Diagnostic Dashboard UI
16.4.1
Starting the Diagnostic Dashboard UI
16.4.2
Viewing Failed Async Tasks
16.4.2.1
To view failed async tasks
16.4.3
Retrying Failed Async Tasks
16.4.3.1
To retry failed Async task
16.4.4
Resubmitting Failed Async Tasks
16.4.5
Purging Failed Async Tasks
16.4.5.1
To purge failed Async tasks
17
Enabling Offline Provisioning
17.1
Features of Offline Processing
17.2
Enabling and Disabling Offline Provisioning
17.3
Reports Related to Offline Provisioning
17.4
Configuring the Remove Failed Off-line Messages Scheduled Task
18
Using Enterprise Manager for Managing Oracle Identity Manager Configuration
18.1
Using MBeans for Configuration Changes
18.2
Exporting and Importing Configuration Files
19
Setting the Language for Users
Part IV Administrative Utilities
20
Working with the Diagnostic Dashboard
20.1
Overview of the Diagnostic Dashboard
20.2
Installing the Diagnostic Dashboard
20.2.1
Installing the Diagnostic Dashboard on Oracle WebLogic Server
20.3
Starting the Diagnostic Dashboard
20.4
Using the Diagnostic Dashboard
20.5
Running Tests By Using the Diagnostic Dashboard
20.5.1
Oracle Database Prerequisites Check
20.5.2
Database Connectivity Check
20.5.3
Account Lock Status
20.5.4
Data Encryption Key Verification
20.5.5
Scheduler Service Status
20.5.6
Remote Manager Status
20.5.7
JMS Messaging Verification
20.5.8
Target System SSL Trust Verification
20.5.9
Java VM System Properties Report
20.5.10
Oracle Identity Manager Libraries and Extensions Version Report
20.5.11
Oracle Identity Manager Libraries and Extensions Manifest Report
20.5.12
Test Basic Connectivity
20.5.13
Test Provisioning
20.5.14
Test Reconciliation
20.5.15
SOA-Oracle Identity Manager Configuration Check
20.5.16
Request Diagnostic Information
20.5.17
Orchestration Status
20.5.18
Retry Failed Orchestration
20.5.19
SPML Web Service
20.5.20
Test OWSM Setup
20.5.21
Test SPML to Oracle Identity Manager Request Invocation
20.5.22
SPML Attributes to Oracle Identity Manager Attributes
20.5.23
Username Test
20.5.24
Diagnose Creation of User and Role in Oracle Identity Manager and LDAP
20.5.25
Diagnose OVD Connection
20.5.26
Diagnose LDAP Reserve Container
21
Installing and Configuring a Remote Manager
21.1
Overview of the Remote Manager Configuration
21.2
Configuring the Remote Manager
21.2.1
Adding the Trust Relation
21.2.2
Configuring the Remote Manager by Using Your Own Certificate
21.2.3
Testing the Remote Manager Connection
21.2.4
Updating the xlconfig.xml File to Change the Port for Remote Manager
21.3
Stopping and Starting the Remote Manager
21.4
Troubleshooting Remote Manager
22
Using the Form Version Control Utility
22.1
Use Cases Supported by the FVC Utility
22.2
Use Cases That Are Not Supported by the FVC Utility
22.3
Summary of the Form Version Control Process
22.4
Components of the FVC Utility
22.5
Using the FVC Utility
22.5.1
Preparing the Properties File
22.5.2
Addressing Prerequisites for Using the FVC Utility
22.5.3
Running the Utility
22.6
Troubleshooting
23
Using the Archival Utilities
23.1
Using the Reconciliation Archival Utility
23.1.1
Understanding the Reconciliation Archival Utility
23.1.2
Prerequisite for Running the Reconciliation Archival Utility
23.1.3
Archival Criteria
23.1.4
Running the Reconciliation Archival Utility
23.1.5
Log File Generated by the Reconciliation Archival Utility
23.2
Using the Task Archival Utility
23.2.1
Understanding the Task Archival Utility
23.2.2
Preparing Oracle Database for the Task Archival Utility
23.2.3
Running the Task Archival Utility
23.2.4
Reviewing the Output Files Generated by the Task Archival Utility
23.3
Using the Requests Archival Utility
23.3.1
Understanding the Requests Archival Utility
23.3.2
Prerequisites for Running the Requests Archival Utility
23.3.3
Input Parameters
23.3.4
Running the Requests Archival Utility
23.3.5
Log Files Generated by the Utility
23.4
Using the Audit Archival and Purge Utility
23.4.1
Overview
23.4.2
Prerequisites for Using the Utility
23.4.3
Preparing the UPA Table for Archival and Purge
23.4.4
Archiving or Purging the UPA Table
23.4.4.1
Partitions That Must Not Be Archived or Purged
23.4.4.2
Ongoing Partition Maintenance
23.4.4.3
Archiving or Purging Partitions in the UPA Table
Part V Performance Tuning and Best Practices
24
Tuning Oracle Database
24.1
Using Database Roles/Grants for Oracle Identity Manager Database
24.2
Sample Instance Configuration Parameters
24.3
Physical Data Placement
24.3.1
Tasks Tables
24.3.2
Reconcliation Tables
24.3.3
Audit Tables
24.3.4
Redo-Log Files
24.3.5
Keep Pool Changes
24.4
Database Performance Monitoring
25
Tuning Application Server Performance
25.1
JVM Memory Settings
25.2
JDBC Connection Pool
25.3
Number of Message Driven Beans
25.4
User Interface Threads
25.5
Disable Reloading of Adapters and Plug-in Configuration
25.6
Changing the Number of Open File Descriptors for UNIX (Optional)
25.7
Tuning the JVM Garbage Collection for Solaris Sparc T3 or T4
26
Tuning and Managing Application Cache
26.1
Introduction to Caching
26.2
Tuning Oracle Identity Manager Cache
26.3
Purging the Cache
27
Securing a Deployment
Index
Scripting on this page enhances content navigation, but does not change the content in any way.