24 Deploying and Undeploying Customizations

You can deploy and undeploy customizations in Oracle Identity Manager by migrating metadata files, JAR files containing various artifacts, and resource bundles.

This chapter describes how to deploy and undeploy customizations in Oracle Identity Manager. It contains the following topics:

• Migrating User Modifiable Metadata Files

• Migrating JARs and Resource Bundle

24.1 Migrating User Modifiable Metadata Files

The user modifiable metadata XML files can be exported to MDS, imported from MDS, and deleted from MDS by using Oracle Enterprise Manager.

This section contains the following topics:

• Exporting Metadata Files to MDS

• Importing Metadata Files from MDS

• Deleting Metadata Files from MDS

• Creating MDS Backup

• Exporting All MDS Data for Oracle Identity Governance

• Sample WLST Script

24.1.1 Exporting Metadata Files to MDS

Use Oracle Enterprise Manager to export metadata files to MDS.

To export metadata XML files to MDS:

1. Login to Oracle Enterprise Manager as the administrator user by navigating to the URL in the following format:

   http://ADMINSTRATION_SERVER/em

   Make sure that the Administrative Server and at least one Oracle Identity Manager Managed Server are running.

2. Navigate to Identity and Access, oim, oim(VERSION). Right-click and navigate to System MBean Browser.

3. Under Application Defined MBeans, navigate to oracle.mds.lcm, Server:oim_server1, Application:oim, MDSAppRuntime, MDSAppRuntime.

4. Export metadata by using the operations. To do so:

   1. In the Operations tab, select and open the first exportMetadata operation in the list.

   2. For toLocation, provide the path to a temporary directory, in which this file is to be exported. This file will be exported to the computer on which Oracle Identity Manager is running. Therefore, make sure that the directory path you specify exist on that computer.

   3. For docs, click the pencil icon, click Add, and in the Element box, provide the full path of the file to be exported. By clicking Add, you can provide the path to multiple docs. Click OK at the bottom after adding the metadata docs to be exported.

   4. Invoke the operation.

24.1.2 Importing Metadata Files from MDS

Use Oracle Enterprise Manager to import metadata files from MDS.

To import metadata XML files from MDS:

1. Login to Oracle Enterprise Manager as the admin user. Make sure that the Administrative Server and at least one Oracle Identity Manager Managed Server are running.

2. Navigate to Identity and Access, oim, oim(VERSION). Right-click and navigate to System MBean Browser.

3. Under Application Defined MBeans, navigate to oracle.mds.lcm, Server:oim_server1, Application:oim, MDSAppRuntime, MDSAppRuntime.

4. Import metadata by using the operations. To do so:

   1. In the Operations tab, select the first importMetadata operation in the list.

   2. For fromLocation, provide the directory path of the Oracle Identity Manager host from where documents are to be imported.

   3. For docs, click the pencil icon, click Add, and in the Element box, provide the full path of the file to be imported. By clicking Add, you can provide the path to multiple docs. If no value is provided, then it imports everything under the fromLocation directory recursively.

   4. Invoke the operation.

24.1.3 Deleting Metadata Files from MDS

Use Oracle Enterprise Manager to delete metadata files form MDS.

To delete metadata XML files from MDS.

1. Navigate to MDSAppRuntime mbeans, as described in step 1 of Exporting Metadata Files to MDS.

2. Delete metadata by using the operations. To do so:

   1. In the Operations tab, select the first deleteMetadata operation in the list.

   2. For docs, click the pencil icon, click Add, and in the Element box, provide the full path of the file to be deleted. By clicking Add, you can provide the path to multiple docs to be deleted.

   3. Invoke the operation.

24.1.4 Creating MDS Backup

You might need to create a backup of the MDS before performing customizations.

To create a backup of the MDS by using Oracle Enterprise Manager:

1. Login to Oracle Enterprise Manager as the administrator.
2. Navigate to Application Deployments, oracle.iam.console.identity.self-service.ear(V2.0). Right-click and navigate to MDS configuration.
3. Under Export, select the Export metadata documents to an archive on the machine where this web browser is running option, and then click Export.

   All the metadata is exported in a ZIP file.

24.1.5 Exporting All MDS Data for Oracle Identity Governance

Some configurations for Oracle Identity Governance are stored in an MDS repository rather than on a file system on the Oracle Identity Governance Server. Troubleshooting configuration issues can sometimes require exporting all MDS data in order to examine it and make corrections if required.

To export all of the Oracle Identity Governance metadata contained in the MDS repository:

1. Setup the environment as a prerequisite:

   1. To perform MDS operations, log in to the Oracle Identity Governance server host with the account used to install and run WebLogic Application Server.

   2. Set you environment variables for the Oracle Identity Governance domain by running the appropriate setDomainEnv script found in the MIDDLEWAR_HOME/user_projects/domains/DOMAIN_NAME/bin/ directory. The command is as shown:

      $ cd MIDDLEWARE_HOME/user_projects/domains/OIMDomain/bin
      $ .setDomainEnv.sh
      

   3. Create a temporary directory, such as /tmp/OIM/MDSData/, which will be used to store the resulting XML files from the database.

   4. Verify that the application server is up and running.

   5. Ensure that you know the WebLogic administrator username and the URL to the Admin Server.

2. Perform the export, as follows:

   1. In the command shell or console window, go to the OIM_ORACLE_HOME/common/bin/ directory.

   2. Run the wlst.sh command, and then run the connect() command, as shown:

      $ ./wlst.sh
      CLASSPATH=/opt/oracle/Middleware/wlserver_10.3/server/ext/jdbc/oracle/11g/ojdbc6dms.jar:...
      ...
      Your environment has been set.
      ...
      Initializing WebLogic Scripting Tool (WLST) ...
       
      Welcome to WebLogic Server Administration Scripting Shell
       
      Type help() for help on available commands
      wls:/offline> connect()
      Please enter your username [weblogic] :
      Please enter your password [PASSWORD] :
      Please enter your server URL [t3://localhost:port] :
      Connecting to t3://localhost:port with userid weblogic ...
      Successfully connected to Admin Server 'AdminServer' that belongs to domain 'OIMDomain'.
       
      Warning: An insecure protocol was used to connect to the server. To ensure on-the-wire security, the SSL port or Admin port should be used instead.
      

   3. Provide the WebLogic administrator username and password and the URL to the Admin Server.

   4. Run the exportMetadata command providing at least the application, server, and toLocation arguments, as shown:

      Note:

      Be sure to pass the argument data in single quotes, such as:

      server='oim_server1'
      

      wls:/OIMDomain/serverConfig> exportMetadata(application='OIMMetadata', server='oim_server1', toLocation='/tmp/OIM/MDSData')
      

   5. A list of the files exported is displayed. At this point, you can run the disconnect() command followed by the exit() command, as shown:

      wls:/OIMDomain/serverConfig> disconnect()
      Disconnected from weblogic server: AdminServer
      wls:/offline> exit()
       
       
      Exiting WebLogic Scripting Tool.
       
      $
      

   6. Go to the /tmp/OIM/MDSData/ directory, and view the db/oim-config.xml file, or the db/form-metadata/FormMetaData.xml file, or any other exported MDS file.

24.1.6 Sample WLST Script

Use the WLST script to export all MDS files, or save the script in a .py file and run it.

The following is an example WLST script for exporting all MDS files:

connect('WEBLOGIC_USERNAME','PASSWORD','t3://localhost:PORT')
exportMetadata(application='OIMMetadata', server='oim_server1', toLocation='/tmp/OIM/MDSData')
disconnect()
exit()

You can save this script in a .py file, for example /tmp/exportOIMMDS.py, which you can run to automatically produce the same results. The following is a sample .py file:

cd MIDDLEWARE_HOME/user_projects/domains/OIMDomain/bin
. setDomainEnv.sh
mkdir -p /tmp/OIM/MDSData
cd $OIM_ORACLE_HOME/common/bin
./wlst.sh /tmp/exportOIMMDS.py

24.2 Migrating JARs and Resource Bundle

When migrating from test to production environment, all the connector artifacts must be migrated to the respective database tables. This can be done by using the Upload JAR, Download JAR, Delete JAR, Download Resource Bundle, and Delete Resource Bundle utilities.

This section contains the following topics:

• Upload JAR Utility

• Download JAR Utility

• Delete JAR Utility

• Upload Resource Bundle Utility

• Download Resource Bundle Utility

• Delete Resource Bundle Utility

Note:

• All the Upload JAR and Resource Bundle utilities must be run from the OIM_HOME/bin/ directory.

• Set APP_SERVER, OIM_ORACLE_HOME, JAVA_HOME, MW_HOME, WL_HOME, and DOMAIN_HOME before running the scripts.

• All the scripts for the JAR files and resource bundles support both interactive mode and command-line mode usage. But it is recommended to use interactive mode because this is secure and the passwords are not echoed on the console.

• For running the scripts in command-line mode, run it with the -help argument. For example:

  sh UploadJars.sh -help
  

  To upload a JAR file in the silent mode:

  UploadJars.sh [-username USERNAME] [-password PASSWORD] [-serverURL <t3://OIM_HOSTNAME:OIM_PORT>] [-ctxFactory <weblogic.jndi.WLInitialContextFactory>] [-JavaTasks LOCATION_OF_JAVA_TASK_JAR]
  

  For information about configuring the utilities to upload/download JAR files and resource bundle over SSL, see Configuring SSL for Oracle Identity Manager Utilities in Administering Oracle Identity Governance.

  To upload multiple JAR files in the silent mode:

  UploadJars.sh [-username USERNAME] [-password PASSWORD] [-serverURL <t3://OIM_HOSTNAME:OIM_PORT>] [-ctxFactory <weblogic.jndi.WLInitialContextFactory>] [-JavaTasks LOCATION_OF_JAVA_TASK_JAR] [-ScheduleTask LOCATION_OF_SCHEDULED_TASK_JAR] [-ThirdParty LOCATION_OF_THIRD_PARTY_JAR] [-ICFBundle LOCATION_OF_ICF_BUNDLE_JAR]
  

• In this document, interactive mode usage of the JAR and Resource Bundle utilities are explained because it is a secure way of running the utilities and is recommended.

  To run the JAR or Resource Bundle utilities in interactive mode, run the scripts without specifying any arguments. For example:

  sh UploadJars.sh
  

• If Oracle Identity Governance is installed on IPv6 Linux host computer, then pass ipv6 as the last input argument to the UploadJars.sh, DownloadJars, DeleteJars, UploadResourceBundles, DownloadResourceBundles, and DeleteResourceBundles sh scripts. For example:

  sh UploadJars.sh ipv6

  If you do not pass the ipv6 input argument, then the script will run in IPv4 mode.

• On Windows environment, do not pass any parameter for IPv6 while running the utilities.

24.2.1 Upload JAR Utility

The UploadJars.sh and UploadJars.bat scripts are available in the OIM_HOME/bin/ directory. Running these scripts upload the JAR files in to the database.

A sample invocation of this utility is as shown:

[Enter Xellerate admin username :]ADMISTRATOR_LOGIN
[Enter the admin password :]ADMINISTRATOR_PASSWORD
[[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic)]:]t3://xyz.com:14000
[[Enter context (Ex. weblogic.jndi.WLInitialContextFactory for weblogic)]:]weblogic.jndi.WLInitialContextFactory
Enter the jar type
 1.JavaTasks
 2.ScheduleTask
 3.ThirdParty
 4.ICFBundle
1
Enter the path/location of jar file :
/tmp/example.jar
Do u want to load more jars [y/n] :n

Note:

14000 is Oracle Identity Manager port.

24.2.2 Download JAR Utility

The DownloadJars.sh and DownloadJars.bat scripts are available in the OIM_HOME/bin/ directory. Running these scripts download the JAR files from the database.

A sample invocation of this utility is as shown:

[Enter Xellerate admin username :]ADMINISTRATOR_LOGIN
[Enter the admin password :]ADMINISTRATOR_PASSWORD
[[Enter serverURL (Ex. t3://oimhostname:oimport for weblogic)]:]t3://localhost:14000
[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic)]:]weblogic.jndi.WLInitialContextFactory
Enter the jar type
1.JavaTasks
2.ScheduleTask
3.ThirdParty
4.ICFBundle
1
Enter the full path of the download directory :
/home/joe/tmp
Enter the name of jar file to be downloaded from DB :
example.jar
Do u want to download more jars [y/n] :n

Note:

• 14000 is Oracle Identity Manager port.

• When you run the DownloadJars.sh utility in an IPv6 enabled setup, the following error is encountered:

  Exception in thread "main" javax.security.auth.login.LoginException:
  java.net.UnknownHostException: exampledomain.com: Name or service not known
  

  To workaround this issue:

  1. Open the DownloadJars.sh script in a text editor.

  2. Modify the following line:

     bash oimClientWrapper.sh $CLIENT_CLASS

     To:

     bash oimClientWrapper.sh $CLIENT_CLASS $*

  3. Save the file.

24.2.3 Delete JAR Utility

The DeleteJars.sh and DeleteJars.bat scripts are available at the OIM_HOME/bin/ directory. Running these scripts delete the JAR files from the database.

A sample invocation of this utility is as shown:

[Enter Xellerate admin username :]ADMINISTRATOR_LOGIN
[Enter the admin password :]ADMINISTRATOR_PASSWORD
[[Enter serverURL (Ex. t3://oimhostname:oimport for weblogic)]:]t3://localhost:14000
[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic)]:]weblogic.jndi.WLInitialContextFactory
Enter the jar type
1.JavaTasks
2.ScheduleTask
3.ThirdParty
4.ICFBundle
1
Enter the name of jar to be deleted from DB :
example.jar
Do u want to delete more jars [y/n] :n 

24.2.4 Upload Resource Bundle Utility

The UploadResourceBundles.sh and UploadResourceBundles.bat scripts are available in the OIM_HOME/server/bin/ directory. Running these scripts upload the connector or custom resources to the database.

A sample invocation of this utility is as shown:

Enter Xellerate admin username :]ADMINISTRATOR_LOGIN
[Enter the admin password :]ADMINISTRATOR_PASSWORD
[[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic)]:]t3://localhost:14000
[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic)]:]weblogic.jndi.WLInitialContextFactory
Enter the resource bundle type
 1.Custom Resource
 2.Connector Resource
 2
Enter the path/location of resource bundle file :
/tmp/example.properties
Do u want to load more resource bundles [y/n] :n

24.2.5 Download Resource Bundle Utility

The DownloadResourceBundles.sh and DownloadResourceBundles.bat scripts are available in the OIM_HOME/bin/ directory. Running these scripts download the resource bundles from the database.

A sample invocation of this utility is as shown:

[Enter Xellerate admin username :]ADMINISTRATOR_LOGIN
[Enter the admin password :]ADMINISTRATOR_PASSWORD
[[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic)]:]t3://localhost:14000
[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic)]:]weblogic.jndi.WLInitialContextFactory
Enter the resource bundle type
1.Custom Resource
2.Connector Resource
2
Enter the full path of the download directory :
/home/joe/tmp
Enter the name of resource bundle file :
example.properties
Do u want to download more resource bundles [y/n] :n

24.2.6 Delete Resource Bundle Utility

The DeleteResourceBundles.sh and DeleteResourceBundles.bat are available in the OIM_HOME/bin/ directory. Running these utilities delete the resource bundles from the database.

A sample invocation of this utility is as shown:

[Enter Xellerate admin username :]ADMINISTRATOR_LOGIN
[Enter the admin password :]ADMINISTRATOR_PASSWORD
[[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic)]:]t3://localhost:14000
[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic)]:]weblogic.jndi.WLInitialContextFactory
Enter the resource bundle type
1.Custom Resource
2.Connector Resource
2
Enter the name of resource bundle file to be deleted from DB:
example.properties
Do u want to delete more resource bundles [y/n] :n

Note:

When you run the DeleteResourceBundles.sh utility in an IPv6 enabled setup, the following error is encountered:

Exception in thread "main" javax.security.auth.login.LoginException:
java.net.UnknownHostException: exampledomain.com: Name or service not known

To workaround this issue:

1. Open the DeleteResourceBundles.sh script in a text editor.

2. Modify the following line:

   bash oimClientWrapper.sh $CLIENT_CLASS

   To:

   bash oimClientWrapper.sh $CLIENT_CLASS $*

3. Save the file.