This chapter contains the following topics:
The user modifiable metadata XML files can be exported to MDS, imported from MDS, and deleted from MDS by using Oracle Enterprise Manager.
This section contains the following topics:
To export metadata XML files to MDS:
Login to Oracle Enterprise Manager as the administrator user by navigating to the URL in the following format:
http://ADMINSTRATION_SERVER/em
Make sure that the Administrative Server and at least one Oracle Identity Manager Managed Server are running.
Navigate to Identity and Access, oim. Right-click and navigate to System MBean Browser.
Under Application Defined MBeans, navigate to oracle.mds.lcm, Server:oim_server1, Application:OIMMetedata, MDSAppRuntime.
Export metadata by using the operations. To do so:
Select and open the first exportMetadata operation in the list.
For toLocation, provide the path to a temporary directory, in which this file is to be exported. This file will be exported to the computer on which Oracle Identity Manager is running. Therefore, make sure that the directory path you specify exist on that computer.
For docs, click the pencil icon, click Add, and in the Element box, provide the full path of the file to be exported. By clicking Add, you can provide the path to multiple docs. Click OK at the bottom after adding the metadata docs to be exported.
Invoke the operation.
To import metadata XML files from MDS:
Login to Oracle Enterprise Manager as the admin user. Make sure that the Administrative Server and at least one Oracle Identity Manager Managed Server are running.
Navigate to Identity and Access, oim, oim(VERSION). Right-click and navigate to System MBean Browser.
Under Application Defined MBeans, navigate to oracle.mds.lcm, Server:oim_server1, Application:OIMMetedata, MDSAppRuntime.
Import metadata by using the operations. To do so:
In the Operations tab, select the first importMetadata operation in the list.
For fromLocation, provide the directory path of the Oracle Identity Manager host from where documents are to be imported.
For docs, click the pencil icon, click Add, and in the Element box, provide the full path of the file to be imported. By clicking Add, you can provide the path to multiple docs. If no value is provided, then it imports everything under the fromLocation directory recursively.
Invoke the operation.
To delete metadata XML files from MDS.
Navigate to MDS runtime mbeans, as described in step 1 of "Exporting Metadata Files to MDS".
Delete metadata by using the operations. To do so:
In the Operations tab, select the first deleteMetadata operation in the list.
For docs, click the pencil icon, click Add, and in the Element box, provide the full path of the file to be deleted. By clicking Add, you can provide the path to multiple docs to be deleted.
Invoke the operation.
The following metadata is used for configuring LDAP Container Rules to determine in which container user and roles should be created in LDAP.
Note:
Oracle Identity Manager looks into MDS with file paths starting with /metadata, /db, or /custom. Make sure that starting path or directory name for any XML document is /custom./db/LDAPContainerRules.xml
The following metadata contains the predefined event handler definitions for Oracle Identity Manager operations:
Note:
These are read only documents. Contact Oracle support if there is a need to modify and delete any of the event handlers that are defined in these metadata file./db/ldapMetadata/EventHandlers.xml /metadata/iam-features-OIMMigration/EventHandlers.xml /metadata/iam-features-Scheduler/EventHandlers.xml /metadata/iam-features-accesspolicy/event-definition/EventHandlers.xml /metadata/iam-features-asyncwsclient/EventHandlers.xml /metadata/iam-features-autoroles/event-definition/EventHandlers.xml /metadata/iam-features-callbacks/event_configuration/EventHandlers.xml /metadata/iam-features-configservice/event-definition/EventHandlers.xml /metadata/iam-features-identity/event-definition/EventHandlers.xml /metadata/iam-features-notification/EventHandlers.xml /metadata/iam-features-passwordmgmt/event-definition/EventHandlers.xml /metadata/iam-features-reconciliation/event-definition/EventHandlers.xml /metadata/iam-features-request/event-definition/EventHandlers.xml /metadata/iam-features-requestactions/event-definition/EventHandlers.xml /metadata/iam-features-selfservice/event-definition/EventHandlers.xml /metadata/iam-features-sod/EventHandlers.xml /metadata/iam-features-system-configuration/EventHandlers.xml /metadata/iam-features-tasklist/EventHandlers.xml /metadata/iam-features-templatefeature/EventHandlers.xml /metadata/iam-features-transUI/EventHandlers.xml /metadata/iam-features-spmlws/EventHandlers.xml /db/ssointg/EventHandlers.xml /metadata/iam-features-catalog/EventHandlers.xml /metadata/iam-features-provisioning/event-definition/EventHandlers.xml /metadata/iam-features-requestprofile/event-definition/EventHandlers.xml /metadata/iam-features-rolesod/EventHandlers.xml
You might need to create a backup of the MDS before performing customizations. To create a backup of the MDS by using Oracle Enterprise Manager:
Login to Oracle Enterprise Manager as the administrator.
On the landing page, click oracle.iam.console.identity.self-service.ear(V2.0).
From the Application Deployment menu at the top, select MDS configuration.
Under Export, select the Export metadata documents to an archive on the machine where this web browser is running option, and then click Export.
All the metadata is exported in a ZIP file.
Some configurations for Oracle Identity Manager are stored in an MDS repository rather than on a file system on the Oracle Identity Manager Server. Troubleshooting configuration issues can sometimes require exporting all MDS data in order to examine it and make corrections if required.
To export all of the Oracle Identity Manager metadata contained in the MDS repository:
Setup the environment as a prerequisite:
To perform MDS operations, log in to the Oracle Identity Manager server host with the account used to install and run WebLogic Application Server.
Set you environment variables for the Oracle Identity Manager domain by running the appropriate setDomainEnv script found in the MIDDLEWAR_HOME/user_projects/domains/DOMAIN_NAME/bin/ directory. The command is as shown:
$ cd MIDDLEWARE_HOME/user_projects/domains/OIMDomain/bin
$ .setDomainEnv.sh
Create a temporary directory, such as /tmp/OIM/MDSData/, which will be used to store the resulting XML files from the database.
Verify that the application server is up and running.
Ensure that you know the WebLogic administrator username and the URL to the Admin Server.
Perform the export, as follows:
In the command shell or console window, go to the OIM_ORACLE_HOME/common/bin/ directory.
Run the wlst.sh command, and then run the connect() command, as shown:
$ ./wlst.sh CLASSPATH=/opt/oracle/Middleware/wlserver_10.3/server/ext/jdbc/oracle/11g/ojdbc6dms.jar:... ... Your environment has been set. ... Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands wls:/offline> connect() Please enter your username [weblogic] : Please enter your password [welcome1] : Please enter your server URL [t3://localhost:port] : Connecting to t3://localhost:port with userid weblogic ... Successfully connected to Admin Server 'AdminServer' that belongs to domain 'OIMDomain'. Warning: An insecure protocol was used to connect to the server. To ensure on-the-wire security, the SSL port or Admin port should be used instead.
Provide the WebLogic administrator username and password and the URL to the Admin Server.
Run the exportMetadata command providing at least the application, server, and toLocation arguments, as shown:
Note:
Be sure to pass the argument data in single quotes, such as:server='oim_server1'
wls:/OIMDomain/serverConfig> exportMetadata(application='OIMMetadata', server='oim_server1', toLocation='/tmp/OIM/MDSData')
A list of the files exported is displayed. At this point, you can run the disconnect() command followed by the exit() command, as shown:
wls:/OIMDomain/serverConfig> disconnect() Disconnected from weblogic server: AdminServer wls:/offline> exit() Exiting WebLogic Scripting Tool. $
Go to the /tmp/OIM/MDSData/ directory, and view the db/oim-config.xml file, or the db/form-metadata/FormMetaData.xml file, or any other exported MDS file.
The following is an example WLST script for exporting all MDS files:
connect('WEBLOGIC_USERNAME','PASSWORD','t3://localhost:PORT')
exportMetadata(application='OIMMetadata', server='oim_server1', toLocation='/tmp/OIM/MDSData')
disconnect()
exit()
You can save this script in a .py file, for example /tmp/exportOIMMDS.py, which you can run to automatically produce the same results. The following is a sample .py file:
cd MIDDLEWARE_HOME/user_projects/domains/OIMDomain/bin . setDomainEnv.sh mkdir -p /tmp/OIM/MDSData cd $OIM_ORACLE_HOME/common/bin ./wlst.sh /tmp/exportOIMMDS.py
When migrating from test to production environment, all the connector artifacts must be migrated to the respective database tables, which can be done by using the following utilities to migrate JAR files and resource bundle:
Note:
All the Upload JAR and Resource Bundle utilities must be run from the OIM_HOME/bin/ directory.
Make sure that wlfullclient.jar is generated before running these utilities.
Set APP_SERVER, OIM_ORACLE_HOME, JAVA_HOME, MW_HOME, WL_HOME, and DOMAIN_HOME before running the scripts.
All the scripts for the JAR files and resource bundles support both interactive mode and command-line mode usage. But it is recommended to use interactive mode because this is secure and the passwords are not echoed on the console.
For running the scripts in command-line mode, run it with the -help argument. For example:
sh UploadJars.sh -help
To upload a JAR file in the silent mode:
UploadJars.sh [-username USERNAME] [-password PASSWORD] [-serverURL <t3://OIM_HOSTNAME:OIM_PORT>] [-ctxFactory <weblogic.jndi.WLInitialContextFactory>] [-JavaTasks LOCATION_OF_JAVA_TASK_JAR]
For information about configuring the utilities to upload/download JAR files and resource bundle over SSL, see "Configuring SSL for Oracle Identity Manager Utilities" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.
To upload multiple JAR files in the silent mode:
UploadJars.sh [-username USERNAME] [-password PASSWORD] [-serverURL <t3://OIM_HOSTNAME:OIM_PORT>] [-ctxFactory <weblogic.jndi.WLInitialContextFactory>] [-JavaTasks LOCATION_OF_JAVA_TASK_JAR] [-ScheduleTask LOCATION_OF_SCHEDULED_TASK_JAR] [-ThirdParty LOCATION_OF_THIRD_PARTY_JAR] [-ICFBundle LOCATION_OF_ICF_BUNDLE_JAR]
In this document, interactive mode usage of the JAR and Resource Bundle utilities are explained because it is a secure way of running the utilities and is recommended.
To run the JAR or Resource Bundle utilities in interactive mode, run the scripts without specifying any arguments. For example:
sh UploadJars.sh
After running the UploadResourceBundles.sh script, you must purge Oracle Identity Manager cache or restart Oracle Identity Manager to load the new objects from MDS into Oracle Identity Manager cache. If Oracle Identity Manager cache is not refreshed, then Oracle Identity Manager reads the contents from the local resource bundle files.
The UploadJars.sh and UploadJars.bat scripts are available in the OIM_HOME/bin/ directory. Running these scripts upload the JAR files in to the database.
A sample invocation of this utility is as shown:
[Enter Xellerate admin username :]ADMISTRATOR_LOGIN [Enter the admin password :]ADMINISTRATOR_PASSWORD [[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic or corbaloc:iiop:localhost:2801 for websphere)]:]t3://xyz.com:14000 [[Enter context (Ex. weblogic.jndi.WLInitialContextFactory for weblogic or com.ibm.websphere.naming.WsnInitialContextFactory for websphere)]:]weblogic.jndi.WLInitialContextFactory Enter the jar type 1.JavaTasks 2.ScheduleTask 3.ThirdParty 4.ICFBundle 1 Enter the path/location of jar file : /tmp/example.jar Do u want to load more jars [y/n] :n
Note:
14000 is Oracle Identity Manager port.The DownloadJars.sh and DownloadJars.bat scripts are available in the OIM_HOME/bin/ directory. Running these scripts download the JAR files from the database.
A sample invocation of this utility is as shown:
[Enter Xellerate admin username :]ADMINISTRATOR_LOGIN [Enter the admin password :]ADMINISTRATOR_PASSWORD [[Enter serverURL (Ex. t3://oimhostname:oimport for weblogic or corbaloc:iiop:localhost:2801 for websphere)]:]t3://localhost:14000 [[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic or com.ibm.websphere.naming.WsnInitialContextFactory for websphere)]:]weblogic.jndi.WLInitialContextFactory Enter the jar type 1.JavaTasks 2.ScheduleTask 3.ThirdParty 4.ICFBundle 1 Enter the full path of the download directory : /home/joe/tmp Enter the name of jar file to be downloaded from DB : example.jar Do u want to download more jars [y/n] :n
Note:
14000 is Oracle Identity Manager port.The DeleteJars.sh and DeleteJars.bat scripts are available at the OIM_HOME/bin/ directory. Running these scripts delete the JAR files from the database.
A sample invocation of this utility is as shown:
[Enter Xellerate admin username :]ADMINISTRATOR_LOGIN [Enter the admin password :]ADMINISTRATOR_PASSWORD [[Enter serverURL (Ex. t3://oimhostname:oimport for weblogic or corbaloc:iiop:localhost:2801 for websphere)]:]t3://localhost:14000 [[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic or com.ibm.websphere.naming.WsnInitialContextFactory for websphere)]:]weblogic.jndi.WLInitialContextFactory Enter the jar type 1.JavaTasks 2.ScheduleTask 3.ThirdParty 4.ICFBundle 1 Enter the name of jar to be deleted from DB : example.jar Do u want to delete more jars [y/n] :n
The UploadResourceBundles.sh and UploadResourceBundles.bat scripts are available in the OIM_HOME/server/bin/ directory. Running these scripts upload the connector or custom resources to the database.
A sample invocation of this utility is as shown:
Enter Xellerate admin username :]ADMINISTRATOR_LOGIN [Enter the admin password :]ADMINISTRATOR_PASSWORD [[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic or corbaloc:iiop:localhost:2801 for websphere)]:]t3://localhost:14000 [[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic or com.ibm.websphere.naming.WsnInitialContextFactory for websphere)]:]weblogic.jndi.WLInitialContextFactory Enter the resource bundle type 1.Custom Resource 2.Connector Resource 2 Enter the path/location of resource bundle file : /tmp/example.properties Do u want to load more resource bundles [y/n] :n
The DownloadResourceBundles.sh and DownloadResourceBundles.bat scripts are available in the OIM_HOME/bin/ directory. Running these scripts download the resource bundles from the database.
A sample invocation of this utility is as shown:
[Enter Xellerate admin username :]ADMINISTRATOR_LOGIN [Enter the admin password :]ADMINISTRATOR_PASSWORD [[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic or corbaloc:iiop:localhost:2801 for websphere)]:]t3://localhost:14000 [[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic or com.ibm.websphere.naming.WsnInitialContextFactory for websphere)]:]weblogic.jndi.WLInitialContextFactory Enter the resource bundle type 1.Custom Resource 2.Connector Resource 2 Enter the full path of the download directory : /home/joe/tmp Enter the name of resource bundle file : example.properties Do u want to download more resource bundles [y/n] :n
The DeleteResourceBundles.sh and DeleteResourceBundles.bat are available in the OIM_HOME/bin/ directory. Running these utilities delete the resource bundles from the database.
A sample invocation of this utility is as shown:
[Enter Xellerate admin username :]ADMINISTRATOR_LOGIN [Enter the admin password :]ADMINISTRATOR_PASSWORD [[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic or corbaloc:iiop:localhost:2801 for websphere)]:]t3://localhost:14000 [[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic or com.ibm.websphere.naming.WsnInitialContextFactory for websphere)]:]weblogic.jndi.WLInitialContextFactory Enter the resource bundle type 1.Custom Resource 2.Connector Resource 2 Enter the name of resource bundle file to be deleted from DB: example.properties Do u want to delete more resource bundles [y/n] :n