17 Managing the Scheduler
This chapter describes about the Scheduler in Oracle Identity Manager. This chapter contains the following sections:
17.1 About Scheduler
The scheduler enables you to schedule jobs that automatically run predefined scheduled tasks at the specified time.
This is illustrated by the following example:
To meet the security policies of an organization, employees may be required to change their product application password every 60 days. For this purpose, the system administrator has to ensure that an email is sent to all employees whose passwords for the respective product applications have expired. One approach would be to identify the set of users whose passwords have expired and send email to each employee manually. Alternatively, the system administrator can use a service, such as scheduler. In Oracle Identity Manager, there is a predefined scheduled task called Password Warning Task. The system administrator can use this scheduled task to create a scheduled job with the intended schedule.
See Also:
Table 17-2 for information about the Password Warning Task scheduled task
Scheduler also enables you to create your own scheduled tasks that can be run by a job at a set time.
A scheduled task configures the metadata for a job, which is to be run, and the parameters required for execution of that task. This metadata is predefined for the predefined tasks. A new task can be added by the user, which will have the new metadata or the existing tasks can be updated to add/update the parameters for other configuration details. A job can be scheduled to run at the specified interval. You can create multiple jobs scheduled to run at different time intervals. A job run is a specific execution of a job. Each job run includes information such as the start time, stop time, exceptions and status of the execution.
17.2 Configuring the oim-config.xml File
The oim-config.xml file consists of the Scheduler element, whose child elements define the scheduler settings.
After you install Oracle Identity Manager, you can configure the scheduler settings by editing the child elements of the Scheduler element in the oim-config.xml file located in the MDS. To access the oim-config.xml file by using Oracle Enterprise Manager:
- Log in to Oracle Enterprise Manager.
- Click Application Deployments.
- Right-click OIMAppMetadata(11.1.2.0.0)(oim_server_name), and select System MBean Browser.
- In the System MBean Browser, navigate to Application Defined MBeans, oracle.iam, Server: oim server, Application: oim, XMLConfig, Config, XMLConfig.SchedulerConfig, Scheduler.
Table 17-1 lists the default elements that you can configure within the Scheduler element in the oim-config.xml file.
Note:
You can add new configurable child elements. For the information about new child elements, refer to the following URL:
Table 17-1 Child Elements of the Scheduler Element
Element Within Scheduler Element | Description |
---|---|
DSJndiURL |
This element is used for configuring transactional data source in the application server, which is used by Quartz to establish the connection. Default value: jdbc/operationsDB |
nonTxnDSJndiURL |
This element is used for configuring non-transactional data source in the application server, which is used by Quartz to establish the connection. Default value: jdbc/oimJMSStoreDS |
Clustered |
Enter Default value: NOTE: In a clustered environment, the clocks on all nodes of the cluster must be synchronized. |
implementationClass |
Enter the name of the Java class that implements scheduler. Default value: oracle.iam.scheduler.impl.quartz.QuartzSchedulerImpl |
instanceID |
Enter a unique string value in this element. This value represents a string that uniquely identifies an Oracle Identity Manager scheduler instance. NOTE: In a clustered environment, each node of the cluster must have a unique InstanceId. This can be achieved by entering a value of |
startOnDeploy |
Enter Default value: true |
threadPoolSize |
Enter an integer value in this element. This value represents the number of threads that must be used for running jobs. Default Value: 10 |
17.3 Start and Stop the Scheduler
Starting or stopping the scheduler involves understanding the Started and Stopped scheduler statuses, and controlling the scheduler status in a single-node or clustered deployment.
This section describes how to start and stop the scheduler. This section contains the following:
17.3.1 About Starting and Stopping the Scheduler
At a given instance, the scheduler status can either be Started or Stopped.
The Scheduler Status page is an authenticated UI page that displays the current status of the scheduler. At any given instance, the scheduler can be in one of the following statuses:
-
Started
If the scheduler is in the started status, then jobs can be scheduled and jobs that have already been scheduled will continue to run at the scheduled time.
-
Stopped
If the scheduler is in the stopped status, then all jobs are stopped. When the scheduler gets the stopped status while jobs are running, the currently running jobs are stopped. In addition, the jobs that are scheduled to run does not run, but are submitted for run according to the schedule. When the Scheduler Service is up in the future, all submitted jobs are run.
The Scheduler Status page also displays a detailed error message in the Last Error field, if any.
You can use the Scheduler Status page to either start, stop, or reinitialize the scheduler.
By default, the scheduler is in the started status after you install Oracle Identity Manager. However, if you want to stop scheduler for any reason and then restart it, then you must follow the procedure discussed in this section.
17.3.2 Starting and Stopping the Scheduler
Use the Scheduler Status page to start, stop, or re-initialize the scheduler.
To start or stop the scheduler:
Note:
-
You need to have Scheduler Admin role to start or stop the scheduler.
-
In a clustered environment, you must perform this procedure on each node of the cluster.
17.3.3 Controlling Scheduler Start or Stop in a Clustered Environment
The scheduler.disabled system property is required if you want to control scheduler start or stop on a clustered setup. The scheduler.disabled system property must be set to true if you do not want to start the scheduler service on that node of the cluster.
This section contains the following topics:
17.3.3.1 Adding the Server Side Property for Oracle Identity Governance
To add the scheduler.disabled server-level property:
- Log in to the WebLogic Administrative Console.
- On the left panel, select Environment, Servers.
- Click the name of the managed server where you want to add the scheduler.disabled=false property.
- Select Lock and Edit.
- Select Configuration, Server Start.
- In the Arguments box, add the scheduler.disabled=false property, and click Save.
- Click Activate Change.
Restart the managed server using node manager so that the newly added property is picked up. Restarting from the Command-Line Interface does not work.
17.3.3.2 Restarting Oracle Identity Governance Managed Servers from the Node Manager
To restart Oracle Identity Governance Managed Servers from the Node Manager:
-
Start the Administration server. To do so:
-
From your current working directory, go to the MW_HOME/user_projects/domains/base_domain/ directory.
-
Run the following command:
For UNIX:
startWebLogic.sh
For Windows:
startWebLogic.cmd
-
-
Start the Node Manager. To do so:
-
From your current working directory, go to the MW_HOME/wlserver_10.3/server/bin/ directory.
-
Run the following command:
For UNIX:
startNodeManager.sh
For Windows:
startNodeManager.cmd
-
-
Log in to the WebLogic Administrative Console.
-
On the left panel, select Environment, Servers.
-
Select Control from the right panel.
-
Select the option where the property is added, and click Start.
17.4 Scheduled Tasks
Oracle Identity Manager provides a list of predefined scheduled tasks. In addition, you can create your own custom scheduled tasks based on the requirement.
This section describes the scheduled tasks. This is discussed in the following topics:
17.4.1 About Scheduled Tasks
In Oracle Identity Manager, metadata is predefined for the default scheduled tasks. New tasks can be added by the user with new metadata, or the existing tasks can be updated to add or update the parameters or other configuration details.
For example, you can configure a reconciliation run using a scheduled task that checks for new information on target systems periodically and replicates the same in Oracle Identity Manager. Each scheduled task contains the following metadata information:
-
Name of the scheduled task
-
Name of the Java class that runs the scheduled task
-
Description
-
Retry
-
(Optional) Parameters that the scheduled task accepts. Each parameter contains the following additional information:
-
Name
-
Data Type
-
Required/ Optional
-
Help Text
-
Encryption
-
17.4.2 Predefined Scheduled Tasks
Oracle Identity Manager provides a set of predefined scheduled tasks that you can use while creating or working with jobs.
Table 17-2 lists the predefined scheduled tasks.
Table 17-2 Predefined Scheduled Tasks
Job Name | Description | User-Configurable Attributes | Enabled By Default |
---|---|---|---|
Application Instance Post Delete Processing Job |
This scheduled task is used to revoke, delete, or decommision applicaion instances that have been soft-deleted. It can be run in the following modes:
|
None |
Yes |
Application Bulk Create |
This scheduled task is used to seed Application and Instance Application in bulk. There is no default job for this scheduled task however, you can create job using this task.You need to provide directory path of list of Application and Instance Application Template. Template will be processed as per below convention:
|
Template Directory and Archive Directory |
Yes |
Application Template Generation Job |
This scheduled task is used to generate the template for applications that are created through connector installer or if there is a upgrade. The generated templates are stored in internal database table, which is used to manage the application from Application Tab in Identity Self Service. Note: For authoritative applications, create an application instance using API and then use this job to generate the template. |
Application Names: A list of comma separated application instance names for which templates have to be generated. Generate in Bulk: If set to Yes, template is generated for all application instances which are not Deleted. If Generate in Bulk is set to Yes, then Application Names should not be set. Default value is No. |
Yes |
Attestation Grace Period Expiry Checker |
This scheduled task delegates the attestation process after the grace period expires. |
None |
Yes |
Automated Retry of Failed Async Task |
This scheduled task retries Async Tasks (JMS Messages) that have failed. If the execution of the task succeeds, it is removed from the list of failed tasks. If it fails, the retry count is incremented. The maximum number of times a Failed Task is retried is determined by the 'maxRetries' defined for that task in async-messaging.xml. |
None |
Yes |
Automatically Unlock User |
This scheduled task automatically unlocks a user after the specified number of days. This job supports job frequency in days, minutes, and hours. As password policy in supports lockout duration in minutes, It is recommended to keep the frequency of this scheduled job in minutes. |
None |
Yes |
Bulk Load Archival Job |
This scheduled task cleans up the processed entries in the Oracle Identity Manager Database staging tables used during bulk load post processing. |
|
No |
Bulk Load Post Process |
This scheduled task starts post processing jobs for the Bulk Load Utility. |
|
No |
Catalog Synchronization Job |
The scheduled task is used to harvest roles, application instances, and entitlements into the catalog. It is also used to load catalog metadata. |
Mode: The Catalog Synchronization Job scheduled job can be run in the following modes:
|
Yes |
Certification Event Trigger Job |
This scheduled task is responsible for running event listeners against the set of user modification events that have occurred in the system. All event listeners will be executed by default if none are listed in the Event Listener Name List parameter. See Configuring Event Listeners and Certification Event Trigger Jobs in Performing Self Service Tasks with Oracle Identity Governance for more information. |
Event Listener Name List: This is a comma-separated list of event listeners to be evaluated. If no value if specified for this attribute, then all event listeners will be evaluated. |
No |
Certification Maintenance Job | This job populates the required data for pre-upgrade certifications. If you are using an upgraded deployment of Oracle Identity Manager, then run this job to access certifications from Certification Dashboard UI.
See Accessing Pre-Upgrade Certifications in the Dashboard in Performing Self Service Tasks with Oracle Identity Governance for information about populating pre-upgrade certifications in the Dashboard by running this scheduled job. |
|
Yes |
DataCollection Scheduled Task |
This scheduled task is used to populate data from Oracle Identity Manager operational tables to the staging tables in an offline manner. The scheduled task is set to run manually, and is triggered when Oracle Identity Analytics (OIA) invokes the DataCollectionOperationsIntf->startDataCollection API. |
None |
Yes |
Delayed Delete User |
This scheduled task automatically deletes the user whose delete date is before the start of today. The XL.UserDeleteDelayPeriod system property indicates the number of days after which the user is to be deleted. When the administrator deletes a user, the user is marked in the Disabled state, and the user's 'Automatically Delete On' date is set for the future date after the number of days indicated in the XL.UserDeleteDelayPeriod system property. This scheduled task finds all such users for whom the 'Automatically Delete On' date is less than the start of today. All those users are marked as Deleted. For example, Jane Doe is a user with '2014-03-24 01:55:00' as the 'Automatically Delete On' date, and John Doe is a user with '2014-03-25 18:55:00' as the 'Automatically Delete On' date. When the scheduler is run on '2014-03-25', only Jane Doe is deleted. John Doe will be deleted when the scheduler runs on '2014-03-26'. Note: See Default System Properties in Oracle Identity Governance for information about the XL.UserDeleteDelayPeriod system property. Note: Oracle recommendation is to run this scheduled task once per day. |
None |
No |
Disable/Delete User After End Date |
An end date is defined when a user account is created. This scheduled task disables user accounts for which the end date had passed the current date at the time when the task is run. Note: Oracle recommendation is to run this scheduled task every 30 minutes or 1 hour. |
None |
Yes |
Enable User After Start Date |
A start date is set when a user account is created. This scheduled task enables user accounts for which the start date has passed, and the user status is Disabled Until Start Date. These users are enabled thorough this scheduled task, thereby making the users ACTIVE. |
None |
Yes |
Entitlement Assignments |
This scheduled task populates Entitlement Assignment schema from child process form table whose field, Entitlement is marked as true. |
RECORDS_TO_PROCESS_IN_BATCH: Number of records to process in a batch. |
No |
Entitlement List |
This scheduled task populates Entitlement schema from the lookup table whose child process form field |
Auto Publish: When the value of this field is true, the entitlement is automatically published to the organization that is already part of the application instance. The default value of this field is true. If the value is false, then the entitlement is not published to the organization that is already part of the application instance. |
No |
Entitlement Post Delete Processing Job |
This scheduled task is used for post-processing of entitlement soft deletion in the provisioning component. It is used to revoke or delete entitlements that have been soft-deleted. It can be run in the following modes:
Irrespective of the mode, the entitlement grant entry is removed from the ENT_ASSIGN table. |
None |
Yes |
Evaluate User Policies |
This scheduled task evaluates the access policies. |
Number of Threads: Use this attribute to specify the total number of threads that will process re-evaluation. The default value is 20. Batch Size: Use this attribute to fetch number of records from the database to be processed in one iteration. The default value is 500. Time Limit in mins: Use this attribute to specify time in minutes, after which the schedule task will stop. By default, this attribute is not specified and disabled. You must enable and configure the time. |
Yes |
Form Upgrade Job |
This scheduled task updates the form version to the latest active version and the form data to the value specified during the field's creation for all accounts. Note: If this scheduled task is not run, then the form version and data will be incorrect in the audit snapshot and the reporting tables. |
|
Yes |
Get SOD Check Results Approval |
This scheduled task gets back the result of SoD Evaluation from the SoD Server, for example, OAACG, SAP, and GRC for all requests waiting for SoD Check results. It reflects the SoDCheckResult and violation in appropriate dataset attributes. It will pick up all requests that are in 'SoD check result pending' state and mark them as 'SoD check completed'. |
None |
No |
Get SOD Check Results Provisioning |
This scheduled task gets back the result of SoD Evaluation from the SoD Server, for example, OAACG, SAP, and GRC for all pending SoDCheck provisioning tasks. It reflects the SoDCheckResult and violation in appropriate process form attributes. |
None |
No |
Identity Audit Scan Cleanup |
This scheduled task processes existing detective scan runs and purges old data from the tables used to store history of users and policies connected with the scan runs. Records are purged from the IDA_SCAN_RUN_POLICIES and IDA_SCAN_RUN_USERS tables. To retain the history, enable the job and schedule it to run periodically based on the activity in the system. |
Number of Threads: Use this field to specify the number of threads to be used while running a scan cleanup job. Default value is 4. Scan Run Batch Size: Use this field to specify the number of scan run entities per batch for a single processing thread. Default value is 20. |
No |
Issue Audit Messages Task |
This scheduled task fetches audit message details from the aud_jms table and sends a single JMS message for a particular identifier and auditor entry in the aud_jms table. An MDB processes the corresponding audit message. |
Max Records: Use this attribute to specify the maximum number of audit messages to be processed for a specified scheduled task run. The default value of this attribute is 400. |
Yes |
Job History Archival |
This scheduled task is designed to archive/purge entries for Job History. |
Archival Date: Use this attribute to specify date till which the records need to be archived/purged. Supported archival date format is ddMMyyyy. Note: Archival Date parameter is auto incremented by one day on each job execution. So job should be scheduled with daily frequency to work as expected.Batch Size: Use this attribute to specify the size of a batch in which the records must be processed. Operation Type: Use this attribute to specify the operation type. This attribute can have two possible values, Archive and Purge. The default value is Archive. |
No |
Non Scheduled Batch Recon |
This scheduled task tries to process all the events created by non scheduled task based connectors such as PeopleSoft. Such connector created events are in either Event Received State or Data Received State, they only get processed if the batch size specified by the set of events is reached or via this scheduled task. This task executes as per settings to pick up all the unprocessed non scheduled task based events and submits them to the reconciliation engine for processing. |
None |
No |
OIM Certification Purge Job |
This scheduled task is used to purge data from the certification tables. It provides for some critical parameters to be specified or configured (although default values are available for these), such as retention period, run duration, and purge criteria, for online and continuous purge of data in the background. Note: By default, the OIM Certification Purge Job is seeded with default values for input parameters, such as purge interval and purge retention period. You must revisit the input parameters to change their default values as required. |
For information about the user-configurable attributes, see Configuring Real-Time Certification Purge Job. |
No |
OIM Data Purge Job |
This scheduled task is used as a single unified interface for archive/purge of data for the Requests, Reconciliation,Provisioning Tasks, and Orchestration entities. It provides for some critical parameters to be specified/configured (although default values are available for these), such as retention period, run duration, and purge criteria, for online and continuous purge of data in the background. Note: By default, the OIM Data Purge Job scheduled job is seeded in the enabled state with a retention period of 90 days. You must revisit the job parameters to disable or to change the purge interval as required. |
For information about the user-configurable attributes, see Configuring Real-Time Purge and Archival. |
Yes |
Password Expiration Task |
This scheduled task sends e-mail to users whose password expiration date had passed at the time when the task was run and then updates the USR_PWD_EXPIRED flag on the user profile. |
Email Definition Name: Name of the email definition created in the Design Console for sending password expired notification to the user. The default value is "Password Expired". |
Yes |
Password Warning Task |
This scheduled task sends e-mail to users whose password warning date had passed at the time when the task was run and then updates the USR_PWD_WARNED flag on the user profile. |
Email Definition Name: Name of the email definition created in the Design Console for sending password expiration warning notification to the user. The default value is "Password Expiration Warning". |
No |
Process Pending Role Grants |
This scheduled task is responsible for processing of future role grants. It grants the role for which start date has reached and revokes the role if role grant end date has reached. This task is scheduled to run daily. |
None |
Yes |
Reconciliation Retry Scheduled Task |
This scheduled task processes the failed reconciliation event for the users whose status is set as Failed. |
None |
Yes |
Refresh Materialized View |
The materialized view is used to generate reports related to reconciliation. This view needs to be updated periodically (at a specified interval, for instance, once a day). Therefore, this scheduled task was created to update the view on a periodic basis. |
None |
No |
Refresh Organization Memberships |
This evaluates the organization memberships and assigns users to organizations based on rules. This job evaluates all the organizations whose membership rules have changed since the last job run and their immediate evaluation have not been opted by the administrator. |
None |
Yes |
Refresh Role Memberships |
This evaluates the role memberships and assigns users to roles based on rules. This job evaluates all the roles whose membership rules have changed since the last job run and their immediate evaluation have not been opted by the administrator. |
None |
Yes |
Remove Audit Log Entries |
This scheduled task is used to permanently remove audit log events which are older than a specified number of days. On job completion, the scheduled task will add a single audit log event in AUDIT_EVENT table recording the number of records removed from the database, the job return code, and an error message if the job fails. For more information on how to control audit data growth in Lightweight audit framework, see About Audit Data Growth Control Measures in Lightweight Audit Framework. |
|
Yes |
Remove Open Tasks |
This scheduled task removes information about open tasks from the table that serves as the source for the list displayed in Oracle Identity System Administration. |
Day Limit Number of days for which information about an open task should be retained in the table before the information is deleted By default, this attribute is not specified and disabled. You must enable and configure the time. |
No |
Request Execution Scheduled Task |
This is a periodic scheduled task searches for requests with status "Request Awaiting Completion" and moves requests forward to the next stage "Operation Initiated" if the effective date set during the request submission is prior or equal to the current date. |
Job Periodic Settings: Use this attribute to specify the time interval for the scheduled task to be run. The default value is 6 hours. |
Yes |
Resubmit Uninitiated Approval SODChecks |
This scheduled task tries to initiate SoD Check for pending requests, which have SoDCheckStatus as "SoD check not initiated" or "SoD check completed with error". The pending requests are the ones for which SoD initiation failed in first try and are pending for some level of approval. |
None |
No |
Resubmit Uninitiated Provisioning SODChecks |
This scheduled task tries to initiate SoD Check by submitting a JMS message for all pending SoDCheck provisioning tasks. The SoD Check initiation may have failed because of SoD server being down at the time of entitlement add/update via direct provisioning. |
None |
No |
Retry Failed Orchestrations |
This scheduled task retries all failed orchestrations based on the attribute values provided. If there is no parameter value defined, no orchestration will be retried. |
|
No |
Retry Reconciliation Batch Job |
This scheduled task is used to re-process batches with the 'Ready for Processing' status. |
Batch ID: This is the comma-separated ID of the batches to be retried. |
No |
Risk Aggregation Job |
This scheduled task is used for calculating the risk summary value for users, roles, and accounts based on their item-risk and risk-factor levels as defined in the system Note: See About Risk Aggregation and Risk Summaries in the Performing Self Service Tasks with Oracle Identity Governance for more information. |
|
No |
Run Future Dated Reconciliation Events |
This scheduled task processes the current dated reconciliation event for the users whose status is set as Deferred. |
None |
No |
Set User Deprovisioned Date |
A deprovisioning date is defined when a user account is created. For users whose deprovisioning date had passed at the time when this scheduled task was run, the task sets the deprovisioned date as the current date. |
None |
Yes |
Set User Provisioned Date |
This scheduled task sets the provisioned date to the current date for users for whom all of the following conditions are true:
|
None |
Yes |
Seed Home Organization |
This scheduled task evaluates and updates organization data for existing users based on configured Home Organization Policy. For more information, see Managing the Home Organization Policy. Ensure that Home Organization Policy rule for organization evaluation is configured correctly, and the organization should already exist in Oracle Identity Manager. This job can be run for environments that are based on LDAP synchronization. For information about LDAP synchronization, see Enabling LDAP Synchronization in Oracle Identity Manager in Oracle Fusion Middleware Integration Guide for Oracle Identity Management Suite. Example scenario for LDAP synchronization: During first time identity data sync from the directory server to Oracle Identity Manager, you want to sync organizations based on a rule, which is based on, say department number. To do so:
Note: Run the Seed Home Organization scheduled job with |
Batch Size: Use this attribute to fetch number of entries from the persistent store in each query. Reset Home Organization: Use this attribute to determine if the organization value of default users will be re-evaluated and overwritten. Select one of the following options:
|
No |
Sunrise of Accounts and entitlements |
This scheduled task sets the status of an account to ENABLE when the start date of the account is reached. In the case of entitlements, this scheduled task grants an entitlement to an account when the start date of the entitlement is reached. Note: This task impacts only the accounts and entitlements provisioned directly or through a request. |
|
Yes |
Sunset of Accounts and entitlements |
This scheduled task sets the status of an account to REVOKE or DISABLE when the end date of the account is reached. In the case of entitlements, this scheduled task revokes an entitlement from an account when the end date of the entitlement is reached. Note: This task impacts only the accounts and entitlements provisioned directly or through a request. |
|
Yes |
Task Escalation |
This scheduled task escalates pending tasks whose escalation time had elapsed at the time when the scheduled task was run. |
None |
Yes |
Task Timed Retry |
This scheduled task creates a retry task for rejected tasks whose retry time has elapsed and whose retry count was greater than zero. |
None |
Yes |
Update Accounts with App Instance Job |
This scheduled task is used to ensure that application instance keys are populated for all entries in the OIU table. In some instances, the application instance might not be available when the account is provisioned. This is possible when:
The Update Accounts with App Instance Job scheduled task checks all the entries in the OIU table corresponding to the resource objects that have a null app_instance_key. It attempts to determine the application instance key based on the obj_key and the IT Resource instance value in the process form. If the scheduled task finds an application instance corresponding to the obj_key and IT resource instance value, then it updates the app_instance_key in the OIU table. |
None |
Yes |
User Operations |
This scheduled task performs the operation specified by the UserOperation attribute on the user account specified by the UserLogin attribute. |
|
No |
17.4.3 Creating Custom Scheduled Tasks
You can create your own scheduled task metadata, develop the scheduled task class, package it in a JAR file, and upload the JAR file to MDS.
See Also:
Developing Scheduled Tasks in Developing and Customizing Applications for Oracle Identity Governance for detailed information about creating a scheduled task.
To create a custom scheduled task:
-
Create the scheduled task XML file and seed it in MetaData Store (MDS).
-
Develop the schedule task class and package it in a Jar.
-
Upload the Jar by:
Using Plug-ins:
You can upload the jar using the Plug-in Framework provided by Oracle Identity Manager.
To upload the jar using plug-ins:
-
Create the plugin.xml file.
-
Create the directory structure (plugin.zip) for the scheduled task.
-
Place the ZIP file in the file store (the OIM_HOME/plugins/ directory) or database store.
Using DB:
You can upload the jar in the database (DB) of Oracle Identity Manager.
To upload the jar using DB:
Upload the jar in DB using UploadJar utility. You can run this utility from the following location:
$OIM_HOME/bin/
-
See Also:
Upload Jar Utility in Developing and Customizing Applications for Oracle Identity Governance for information about running the Upload Jar utility
17.5 Managing Jobs
A job is a task that can be scheduled to run at the specified interval. A job run is a specific execution of a job. Each job run includes information such as the start time, stop time, job status, exceptions and status of the execution.
This section contains the following topics:
17.5.1 Creating Jobs
Use the Create Job page in the Scheduler section of Identity System Administration to create a new job.
Note:
The procedure described in this section assumes that the XML file for the scheduled task, which contains the job description is available in the OIM_HOME/metadata/file directory.
To create a job:
17.5.2 Searching Jobs
Use the Scheduler section of Identity System Administration to perform simple and advanced search for scheduled jobs.
You can perform the following search operations to search for jobs in the Oracle Identity Administration:
17.5.3 Viewing Jobs
Use the Job Details page in Identity System Administration to view job-related information, such as job status, scheduled job failed notifications, job history information, along with a display of errors and milestones during the job search operation.
To view the details of a job:
-
Search for the job whose details you want to view. See Searching Jobs for information about how to search a job.
-
Click the job whose details you want to view in the Job Name column of the search results table.
The Job Details page is divided into the following sections:
-
Job Information: This section displays the fields that provide information about the job. For example, Job Name, Task, Retries, and Start Date fields. If you want to modify the details of the job, then make the relevant change and click Apply. See Modifying Jobs for more information about modifying jobs.
-
Scheduling Failed Notification: This section displays the beneficiary to whom the scheduled job failure notification email is sent. If you want to modify the details, then make the relevant change and click Apply. See Modifying Jobs for more information about modifying jobs.
-
Job Status: This section displays details of the status of the job in the following fields:
-
Current Status: This field displays the status of the job.
-
Last Run Start: This field displays the date and time of when the job started to run last.
-
Last Run End: This field displays the most recent date and time of when the job stopped running
-
Next Scheduled Run: This field specifies that no schedule is attached to the job you are creating and therefore the job is not triggered automatically. The only option to trigger the job in this case is performing "Run Now".
Note:
No value is displayed in this field if the Schedule Type is No pre-defined schedule.
-
-
Parameters: The parameter values specified are used at run-time while the job is being executed. The values need not be provided at the runtime, they can be there for each job and are used when the job is executed.
-
Job History: This section displays a list of all job runs for the job in a table.
Each row of the table displays the following information about the job:
-
Start Time: This column displays the date and time at which the job run started its run.
-
End Time: This column displays the time at which the job run ended its run.
-
Job Status: This column displays the status of the job.
-
Execution Status: This column displays the job execution status.
-
Job Parameters: This column displays the overall execution summary information of the job.
-
Additional Information: This column displays the addition runtime information related to the job.
Additionally, there are two tabs, Show Error Details and Show Milestones.
-
Show Error Details is enabled for jobs with status Failed. Show Error Details tab displays the Exception message and details.
-
Show Milestones is enabled for jobs with milestone level details. Show Milestones tab displays the information, information level, exception messages, create time, and create by details.
-
To add or remove the columns displayed in the table under the History section:
-
From the View list, select Columns.
-
Depending on your requirement, select one of the following:
- Show All
- Start Time
- End Time
- Job Status
- Execution Status
-
Repeat Steps 1 and 2 for each column that you want to add or remove.
-
-
You can reorder the display of columns in the table under the History section:
-
From the View list, select Reorder Columns.
-
In the Reorder Columns dialog box, select the column name that you want to move.
-
Depending on the order in which you want to columns to appears, click the up or down arrows.
-
-
After viewing the details of the job, you can either modify, run, or stop the job. In addition, you can also enable or disable the job. Job Detail screen can be refreshed.
After you view the details of the job on the Job Details page, you can perform one of the following:
-
If you want to modify the details of the job, then make the relevant change and click Apply. See Modifying Jobs for more information about modifying jobs.
-
If you want to run the job, then click Run Now.
-
If the Disable button is enable, then it means that the job is currently enabled and you can disable the job by clicking Disable.
-
If the Enable button is enable, then it means that the job is currently disabled and you and enable the job by clicking Enable.
-
If you want to refresh a job detail screen, then click Refresh.
-
If the Stop button is displayed, then it means that the job is currently running and you can stop the job by clicking Stop.
-
17.5.4 Modifying Jobs
Use the Job Details page to modify the attributes of a scheduled job, except for the Job Name and Task fields under the Job information section and the fields under the Job Status section.
To modify a job:
17.5.5 About Disabling and Enabling Jobs
You can disable a job that is currently enabled, and enable a job that has been disabled earlier.
On the Job Details page:
-
If the Enabled button is enable, then it means that the job is currently disabled and you can enable it by clicking Enable. A job that has been enabled will run only when one of the following is true on the Job Details page:
-
The date and time displayed in the Start Date field matches the current date and time.
-
The date and time displayed in the Next Scheduled Run field matches the current date and time.
-
-
If the Disabled button is enable, then it means that the job is currently enabled and you can disable the job by clicking Disable. A job that has been disabled will not run even when the date and time on which the job has been scheduled to run matches the current date and time.
17.5.6 Disabling and Enabling Jobs
Use the Job Details page to enable or disable a scheduled job.
To enable or disable a job:
- Search for the job that you want to enable or disable by performing the procedure described in Searching Jobs.
- On the left pane, in the search results table, right click on the job name and select Enable or Disable. Depending on whether you click Enable or Disable, a message indicating that the job has either been successfully enabled or disabled is displayed.
- Click OK to close the dialog box.
17.5.7 Starting and Stopping Jobs
In addition to scheduling jobs to run automatically at the specified time, you can manually start or stop a job at any given time.
For example, you create and schedule a job that runs every Friday. However, if you want to run the job on any day other than Friday, then you must run the job manually.
To start or stop a job:
17.6 Diagnosing Scheduled Jobs
Diagnose issues related to scheduled job run when the scheduled job is not running according to the scheduled time.
This section describes how to diagnose issues related to scheduled job run.
17.6.1 Schedule Job Errors
Typical scheduled job errors include no job run at the specified time, no entry in the JOB_HISTORY table for the run, and no exceptions recorded in the server logs.
Scheduled job is not running according to the scheduled time, and the following is observed:
-
Scheduled job is not run on the scheduled time.
-
No entry exists in JOB_HISTORY table for this run. This can be verified by opening the job details in the Scheduler section of Identity System Administration.
-
No exceptions are recorded in the server logs.
17.6.2 Resolving the Schedule Job Errors
Diagnosing scheduled job errors include activities such as, enabling scheduler logging, and verifying that scheduler is running, the job is enabled, and clocks are in sync on all nodes.
To diagnose this issue:
-
Verify whether scheduler service is running or not. Scheduler service is deployed on each node of the cluster until this service is not explicitly disabled. This can be disabled by setting the
scheduler.disabled
server level property tofalse
for that node. The following URL can be used to verify the status of the scheduler service:http://OIM_HOST:OIM_PORT/SchedulerService-web/status
In this URL, OIM_HOST is the name of the computer hosting the Oracle Identity Manager server and OIM_PORT is the port on which Oracle Identity Manager server is listening.
-
Verify whether the specific job is enabled or not. This can be verified from the Scheduler section of Identity System Administration. The job must be enabled to run per the schedule.
-
Verify whether clocks are in sync for all nodes. Clocks must be within a second of each other
-
Delete the existing trigger from Scheduler UI, and schedule a new trigger from the UI. Verify whether the issue persists or not.
-
Enable scheduler logs by changing log level to
DEBUG
. This can be done by changing log level for theoracle.iam.scheduler.impl
package from Oracle Enterprise Manager. Verify whether the following messages are traced in logs or not:Job Listener, Job was executed '$JOB_NAME' Job Listener, Job to be executed '$JOB_NAME'
Here, $JOB_NAME is the name of the job that is supposed to be executed at that time.
If the messages are not logged, then contact Oracle Support.
-
In Oracle Enterprise Manager, check the
threadPoolSize
parameter for theschedulerConfig
segment in theoim-config.xml
file. This is the number of threads that are available for concurrent execution of jobs. Therefore, the number of jobs that can be executed on a particular time cannot be more than the configuredthreadPoolSize
count. Running of such jobs is skipped and executed as per the next scheduled time, which gives an impression that the job is not executed per the scheduled time. The default value of this parameter is10
, but is can be tuned as required. -
Restart the server and verify whether the job has been run or not.
-
Verify whether the following exception is logged:
Caused By: java.lang.NullPointerException at org.quartz.SimpleTrigger.computeNumTimesFiredBetween(SimpleTrigger.java:800)
Run following query to fix this issue:
UPDATE QRTZ92_TRIGGERS SET NEXT_FIRE_TIME=1 WHERE NEXT_FIRE_TIME<1;
-
Sometimes the trigger status is not updated in the
QRTZ92_TRIGGER
table fromBLOCKED
toPAUSED
state. This situation happens if the environment is not tuned properly, and database connections from the pool are exhausted by other parallel operations running on the server. As a result, QUARTZ framework is not able to get connection from the pool to update the running job. This situation can be identified if exceptions related to database connection pool is observed in the server logs. Usually, such triggers get fixed after server restart, but if trigger status still remains the same, then running the following query can help:UPDATE QRTZ92_TRIGGERS SET TRIGGER_STATUS='WAITING' WHERE JOB_NAME ='$JOB_NAME'
Replace $JOB_NAME with the job name.
-
Sometimes manual trigger for a job is not updated in the
QRTZ92_TRIGGER
table. Manual trigger is created in the system when you execute the job by clicking Run Now from the Scheduler UI or use the SchedulerrunNow()
API. Such trigger is supposed to be deleted after the job is executed successfully. To fix this issue:-
Shutdown the server.
-
Run the following queries on Oracle Identity Manager database:
DELETE FROM QRTZ92_FIRED_TRIGGERS where TRIGGER_NAME like ('MT_%'); DELETE FROM QRTZ92_SIMPLE_TRIGGERS where TRIGGER_NAME like ('MT_%'); DELETE FROM QRTZ92_TRIGGERS where TRIGGER_NAME like ('MT_%');
Automatic deletion of such manual triggers is maintained by the Quartz framework.
-