Thursday, April 9, 2015

Oracle® Enterprise Manager 12c Cloud Control


Make a directory to hold the Middleware installation.
$ mkdir -p /u01/app/oracle/Middleware
Unzip the Cloud Control media, the start the installation by running the "runInstller" script.
$ unzip em12_linux64_disk1of2.zip
$ unzip em12_linux64_disk2of2.zip

$ ./runInstaller
If you wish to receive support information, enter the required details, or uncheck the security updates checkbox and click the "Next" button. Click the "Yes" button the subsequent warning dialog.

If you wish to check for updates, enter the required details, or check the "Skip" option and click the "Next" button.

Press "Next" button.



Select the "Create a new Enterprise Manager System" and "Simple" options, enter the middleware home ("/u01/app/oracle/Middleware") and click the "Next" button.



Enter the administrator password and database repository details, then click the "Next" button.

On the first warning dialog, click the "Yes" button to disable the stats gathering job.



Check the additional warnings, then click the "OK" button to continue.

If you are happy with the review information, click the "Install" button.

Wait while the installation and configuration take place.

When prompted, run the root scripts, then click the "OK" button.

Make note of the URLs, then click the "Close" button to exit the installer. A copy of this information is available in the "/u01/app/oracle/Middleware/oms/install/setupinfo.txt" file.

The login screen is available from a browser using the URL provided in the previous screen ("https://localhost:7803/em"). Log in with the username "sysman" and the password you specified during your installation.

Once logged in, you are presented with a with the "License Agreement" screen. Click the "I Agree" button and you are presented with the homepage selector screen. Select the desired homepage (I chose Summary) and click the "Preview" button.

You are presented with the selected screen as the console homepage.

Startup/Shutdown
Use the following commands to turn on all components installed by this article.
#!/bin/bash
export ORACLE_HOME=/u01/app/oracle/product/11.2.0/db_1
export OMS_HOME=/u01/app/oracle/Middleware/oms
export AGENT_HOME=/u01/app/oracle/Middleware/agent/core/12.1.0.1.0

# Start everything
$ORACLE_HOME/bin/dbstart $ORACLE_HOME

$OMS_HOME/bin/emctl start oms

$AGENT_HOME/bin/emctl start agent
Use the following commands to turn off all components installed by this article.

#!/bin/bash
export ORACLE_HOME=/u01/app/oracle/product/11.2.0/db_1
export OMS_HOME=/u01/app/oracle/Middleware/oms
export AGENT_HOME=/u01/app/oracle/Middleware/agent/core/12.1.0.1.0

# Stop everything
$OMS_HOME/bin/emctl stop oms -all

$AGENT_HOME/bin/emctl stop agent

$ORACLE_HOME/bin/dbshut $ORACLE_HOME

Wednesday, April 8, 2015

SOA 11.1.1.7 Garbage Collection

  1. # WLST script which calls GC.
  2. from java.util import *
  3. from javax.management import *
  4. import javax.management.Attribute
  5. print 'starting the script .... '
  6. # please replace userid and password with your AdminServer userid and password
  7. # plz change the IP adresss and port number accordingly
  8. connect('userid','password',url='t3://localhost:port')
  9. state('AdminServer')
  10. # For Force GC ....
  11. domainRuntime()
  12. cd('/ServerRuntimes/AdminServer/JVMRuntime/AdminServer')
  13. print ' Performing Force GC...'
  14. cmo.runGC()
  15. disconnect()
  16. print 'End of script ...'
  17. exit()

Sunday, April 5, 2015

Oracle® Virtual directory OVD: Controlling the Maximum Heap Size

The -Xmx parameter in the opmn.xml file controls the maximum heap size allocated to the Oracle Virtual Directory server. The default value is -Xmx256m. Edit this parameter as needed to increase or decrease the maximum heap size allocated to the Oracle Virtual Directory server. The opmn.xml file is located in the ORACLE_INSTANCE/config/OPMN/opmn/ directory.

The following example shows the -Xmx parameter set to -Xmx2048m, which allocates 2 GB of heap size to the Oracle Virtual Directory Server:
<ias-component id="OVD_COMPONENT_NAME">
            <process-type id="OVD" module-id="OVD">
               <module-data>
                  <category id="start-options">
                     <data id="java-options" value="-server -Xms512m -Xmx2048m                               
-Doracle.security.jps.config=$ORACLE_INSTANCE/config/JPS/jps-config-jse.xml 
-Dvde.soTimeoutBackend=120"/>
                     <data id="java-classpath" value="$ORACLE_
HOME/ovd/jlib/vde.jar$:$ORACLE_HOME/jdbc/lib/ojdbc6.jar"/>
                  </category>
               </module-data>
               <stop timeout="120"/>
            </process-type>
         </ias-component>

Tuesday, March 31, 2015

Oracle® Virtual directory OVD 11g Basic Setup This shows how to create a simple OVD

Oracle® Virtual directory OVD 11g  Basic Setup

This shows how to create a simple OVD setup - 2 LDAP adapters. One is AD and the other is OUD (though could be any other LDAP)

The first step is to create a Local Store Adapter (LSA). A LSA is created so that we have a "root" or "tree-top" entry because the other adapters will be branches because that's typically easier to organize with. But a root entry is needed because many application expect a valid entry to be there.

To simplify creating the root entry - the OVD wizard will pre-populate the entry.

Choose domain if using dc= as the DN attribute.

Click finish

Next we will create the AD adapter.

Connect to the AD server. If you have multiple AD servers for this domain - then enter them here. It can be a service account - it does not have to be AD admin.

This screen verifies we connect correctly.

Map to the proper branches here. Note OVD exposes a different namespace to OVD clients.

Click finish.

Next create LDAP adapter for OUD.

Enter OUD connection information.

Verify settings were correct.

Map to the OUD DIT.

Click finish

Because we have both AD and OUD - they have different LDAP schema. AD has its own (in particular the username is stored in samaccountname instead of uid by default). We will use the VirtualAttribute plug-in to map samaccountname to uid.

Select the VirtualAttributePlugin

Add the mapping.

Click apply

Now when you look at the entry - you see both samaccountname and uid. If you want only uid - use ReplaceAttribute instead of AddAttribute.

Oracle® Virtual directory OVD 11g - Setup a Join with AD and OUD

Oracle® Virtual directory OVD 11g - Setup a Join with AD and OUD

This simple how-to shows how to configure a basic OVD join adapter setup. The join adapter is used when an application requires data from 2 or more adapters appear as the same single entry. For example John's name, email and username comes from Active Directory while his phone number comes from the telephone database. It is not for the use case where data from different sources contain different entries. For example if employees are in 1 LDAP and customers in another, then the basic OVD setup should be used. Note that this setup will only show the default configuration where only data in the primary adapter can be searched. If data in the second adapter needs to be searched - this requires the ForkJoin adapter and will be covered in a different how-to.

The first step to do is go to the primary adapter and set its visibility to "Internal". This makes it only visible to the Join adapter (and plug-ins).


Repeat the same for the second adapter.

Now create the Join adapter

The join adapter can have the primary and bind adapters be different. For example have OUD be the data directory but use AD (Windows) passwords for authentication.

The join rules are set after you create the entry

This is the most common join rule - link 2 different adapters based on values in attributes. The attributes do not need to be the same, as long as the values are the same.

Make sure to apply the rules.

This shows a simple search. The simplest way to verify the join occured is to look for the "vdejoindn" attribute - this is a OVD proprietary virtual attribute that indicates the DN of the joined source entry. And of course you will see any attributes from the secondary source. Note - if the primary and secondary source share the same attribute and values, only a single value will be shown.

Thursday, February 12, 2015

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) - Steps to Setup Auditing for OES

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) - Steps to Setup Auditing for OES


1Create an Oracle database for Audit purposes

2Run ./rcu to load the OES Audit schema, in database created in step number 1 Make sure to Select "AS Common Schema -> Audit Services for OES" set prefix -> AUDIT (important for next step)

3-Start APM domain and open weblogic console -> http://host:7001/console Create a JDBC connection, setting values according to your database Under JDBC, click the Data Sources link Create new jdbc Data Source JNDI Name -> jdbc/AuditDB user is the prefix set in RCU process + _IAUOES -> AUDIT_IAUOES  

password set during RCU -> welcome1
Make sure "Test Connection" is successful

4-Stop APM domain

5-Edit Oracle/Middleware/user-projects/domains/APM/config/fmwconfig/jps-config.xml,
Set Audit properties as follows

<serviceInstance name="audit" provider="audit.provider"> 
<property name="audit.filterPreset" value="All"/> 
<property name="audit.maxDirSize" value ="500000"/> 
<property name="audit.maxFileSize" value ="50000"/> 
<property name="audit.loader.jndi" value="jdbc/AuditDB"/>
 <property name="audit.loader.interval" value="15" /> 
<property name="audit.loader.repositoryType" value="Db" /> 
</serviceInstance>

6-Start APM Domain

7-Go to your Audit schema, and check the information stored Connect based your user info, for example -> ./sqlplus audit_iauoes/welcome1 run a sql to test, 


SELECT * FROM IAU_BASE WHERE ROWNUM<2, 

to check a couple of records where the information was stored


For more information on Audit schema refer to the  following documentation link in Oracle Fusion Middleware Application Security Guide (12.5 Advanced Management of Database Store):

8.) Ensure that your jps-config.xml is configured accurately as follows

<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" 
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
 xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" 
 schema-major-version="11" schema-minor-version="1">

    <serviceProviders>
     <serviceProvider name="audit.provider" type="AUDIT" class="oracle.security.jps.internal.audit.AuditProvider">
     </serviceProvider>
    </serviceProviders>

  <serviceInstances>
   <serviceInstance name="audit" provider="audit.provider">
      <property name="audit.filterPreset" value="Low"/>
      <property name="audit.specialUsers" value ="admin, fmwadmin" />
      <property name="audit.customEvents" value ="JPS:CheckAuthorization, CreateCredential; OIF:UserLogin"/>
      <property name="audit.loader.jndi" value="jdbc/AuditDB"/>
      <property name="audit.loader.interval" value="15" />
      <property name="audit.maxDirSize" value="102400" />
      <property name="audit.maxFileSize" value="10240" />      
      <property name=" audit.loader.repositoryType " value="Db" />      
   </serviceInstance>
  </serviceInstances>
    <jpsContexts default="default">
        <jpsContext name="default">
            <serviceInstanceRef ref="audit"/>
        </jpsContext>
    </jpsContexts>
</jpsConfig>


Sunday, February 8, 2015

Oracle® Virtual Directory Servers: Using syncovdconfig synchronizing for data centers

You can use the syncovdconfig command to copy the following Oracle Virtual Directory configuration files between multiple Oracle Virtual Directory components:

  • server.os_xml
  • adapters.os_xml
  • acls.os_xml
  • schema.user.xml
The syncovdconfig command (.pl for UNIX/Linux and.bat for Windows) is located in the $ORACLE_HOME/ovd/bin/ directory. The following is the syntax for syncovdconfig:
syncovdconfig -srcHost source_host_name -srcPort source_port_number
-srcUserName source_user_name -dstHost destination_host_name
-dstPort destination_port_number -dstUserName destination_user_name
-configFile name_of_configuration_file -adapterName name_of_adapter
-isSrcAdminSSL [true |false] -isDstAdminSSL [true |false]
Notes:
  • You are prompted for the password for both the source and destination users.
  • Set the Oracle Home variable before using the syncovdconfig command.

9.7.1 Options

The following is a list of the options for syncovdconfig:
srcHost
Required. String format. The host name of the source Oracle Virtual Directory server—that is, the Oracle Virtual Directory server that contains the configuration files you want to copy to a different Oracle Virtual Directory server.
srcPort
Required. Integer format. The listening port number of the source Oracle Virtual Directory server—that is, the Oracle Virtual Directory server that contains the configuration files you want to copy to a different Oracle Virtual Directory server.
srcUserName
Optional. String format. The user who has Oracle Directory Services Manager Administrator access to the source Oracle Virtual Directory server—that is, the Oracle Virtual Directory server that contains the configuration files you want to copy to a different Oracle Virtual Directory server. If the srcUserName option is not specified, the default value of cn=orcladmin is used.
dstHost
Required. String format. The host name of the destination Oracle Virtual Directory server—that is, the Oracle Virtual Directory server where you want to copy the configuration files to.
dstPort
Required. Integer format. The listening port number of the destination Oracle Virtual Directory server—that is, the Oracle Virtual Directory server where you want to copy the configuration files to.
dstUserName
Optional. String format. The user with Oracle Directory Services Manager Administrator access to the destination Oracle Virtual Directory server—that is, the Oracle Virtual Directory server where you want to copy the configuration files to. If the dstUserName option is not specified, the default value of cn=orcladmin is used.
configFile
Optional. String format. The name of the configuration file on the source Oracle Virtual Directory server to copy to the destination Oracle Virtual Directory server. You can use the configFile option multiple times in the same command to copy multiple configuration files.
If you do not include the configFile option, the server.os_xml, adapters.os_xml, acls.os_xml, and schema.user.xml files on the source Oracle Virtual Directory server are copied to the destination Oracle Virtual Directory server.
adapterName
Optional. String format. The name of the adapter on the source Oracle Virtual Directory server to copy to the destination Oracle Virtual Directory server. You can use the adapterName option multiple times in the same command to copy multiple adapters.
If you do not include the adapterName option—but you include the configFile option and specify an adapters.os.xml file, you overwrite the adapters.os.xml file on the destination Oracle Virtual Directory server.
Surround adapter names that contain space characters with quotation marks ("). For example:
ORACLE_HOME/ovd/bin/syncovdconfig.pl -srcHost sales.west.com -srcPort 8888 \
-dstHost sales.east.com -dstPort 8899 -configFile adapters.os_xml \
-adapterName "Sales Organizations"
isSrcAdminSSL
Optional. Boolean format. Indicates whether the administrative Listener on the source Oracle Virtual Directory component is SSL enabled. Supported values are true and false. If the isSrcAdminSSL option is not specified, the default value of true is used.
isDstAdminSSL
Optional. Boolean format. Indicates whether the administrative Listener on the destination Oracle Virtual Directory component is SSL enabled. Supported values are true and false. If the isDstAdminSSL option is not specified, the default value of true is used.

Tuesday, December 23, 2014

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) - Secure the XACML Authorization Web Service

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) - Secure the XACML Authorization Web Service 


To associate a WS-Policy file with a Web service:
  • If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit  
  • In the left pane of the Administration Console, select Deployments.
  • In the right pane, navigate within the Deployments table until you find the Web service for which you want to configure a WS-Policy file.Note: Web services are deployed as part of an Enterprise application, Web application, or EJB. To understand how Web services are displayed in the Administration Console.
  • In the Deployments table, click the name of the Web service.




  • Select Configuration -> WS-Policy.The table lists the WS-Policy files that are currently associated with the Web service. The top level lists all the ports of the Web service. Click the + next to a Web service port to see its operations and associated WS-Policy files.


  • To associate a WS-Policy file with an entire Web service endpoint (port):
    • Click the name of the Web service port. A page appears which includes two columns: one labelled Available Endpoint Policies that lists the names of the WS-Policy files that you can attach to a Web service endpoint and one labelled Chosen Endpoint Policies that lists the WS-Policy files that are currently configured for this endpoint.
    • Use the arrows to move WS-Policy files between the available and chosen columns. The WS-Policy files that are in the Chosen column are attached to the Web service endpoint.
    • Click OK.If your Web service already has a deployment plan associated to it, then the newly attached WS-Policy files are displayed in the Policies column in the table.
      If the J2EE module of which the Web service is a part does not currently have a deployment plan associated with it, the assistant asks you for the directory that should contain the deployment plan. Use the navigation tree to specify a directory, then click Finish.


  • To associate a WS-Policy file with a Web service operation:
    • Click the name of the operation. A page appears which includes two columns: one labeled Available Message Policies that lists the names of the WS-Policy files that are available to attach to the inbound (request) and outbound (response) SOAP message of the operation invoke and one labeled Chosen Message Policies that lists the WS-Policy files that are currently attached to the inbound and outbound SOAP message of the operation invoke.
    • Use the arrows to move WS-Policy files between the available and chosen columns. The WS-Policy files that are in the Chosen column are the ones that are attached to the inbound and outbound SOAP message when this operation is invoked by a client application.
    • Click Next.
    • A page appears which includes two columns: one labeled Available Inbound Message Policies that lists the names of the WS-Policy files that are available to attach to the inbound (request) SOAP message of the operation invoke and one labeled Chosen Outbound Message Policies that lists the WS-Policy files that are currently attached to the inbound SOAP message of the operation invoke.
    • Use the arrows to move WS-Policy files between the available and chosen columns. The WS-Policy files that are in the Chosen column are the ones that are attached to the inbound (request) SOAP message when this operation is invoked by a client application.
    • Click Next.
    • A page appears which includes two columns: one labeled Available Outbound Message Policies that lists the names of the WS-Policy files that are available to attach to the outbound (response) SOAP message of the operation invoke and one labeled Chosen Outbound Message Policies that lists the WS-Policy files that are currently attached to the outbound SOAP message of the operation invoke.
    • Use the arrows to move WS-Policy files between the available and chosen columns. The WS-Policy files that are in the Chosen column are the ones that are attached to the outbound (response) SOAP message when this operation is invoked by a client application.
    • Click Finish.If your Web service already has a deployment plan associated with it, the attached WS-Policy files are displayed in the Policies column in the table.
      If the J2EE module of which the Web service is a part does not currently have a deployment plan associated with it, the assistant asks you for the directory that should contain the deployment plan. Use the navigation tree to specify a directory, then click Finish.

  • To activate these changes, in the Change Center of the Administration Console, click Activate Changes.




Friday, December 19, 2014

Oracle® Fusion Middleware SOA-11g Release 2 (11.1.1.7.0) XML Gateway Integration (Inbound) Part 2. Steps to build Oracle Apps Adapter connection from JDeveloper

Oracle® Fusion Middleware SOA-11g  XML Gateway Integration (Inbound) Part  2. Steps to build Oracle Apps Adapter connection from JDeveloper


  • Open JDeveloper and create a new SOA Project




























  • On the composite design screen, click on Oracle Applications. This will bring up the Adapter Configuration Screen. Click Next.


  • Enter the Service Name and press Next.


  • Enter the DB Connection Name and the JNDI Connection Name that was created using Post  http://oraclesoaandoim.blogspot.com/2014/12/oracle-fusion-middleware-soa-11g.html
  • Press Next



  • Navigate to Other Interfaces Custom Objects and Choose XML Gateway as an option and select the desired Map in XML Gateway




  • Choose the specific schema tied to XML Gateway.

  • This creates Oracle Apps Adapter for the use within the composite.
  • Please ensure that the following header properties are set from withing Invoke of BPEL process 

    <invoke name="InvokeWriteToECXQueue"
                  inputVariable="InvokeWriteToECXQueue_Enqueue_InputVariable"
                  partnerLink="WriteToECXQueue" portType="ns7:Enqueue_ptt"
                  operation="Enqueue" bpelx:invokeAsDetail="no">
            <bpelx:inputProperty name="jca.apps.ecx.TransactionType"
                                 expression='"MINDTELLIGENT"'/>
            <bpelx:inputProperty name="jca.apps.ecx.TransactionSubtype"
                                 expression='"MINDTELLIGENT_RECV"'/>
            <bpelx:inputProperty name="jca.apps.ecx.PartySiteId"
                                 expression='"112233"'/>
            <bpelx:inputProperty name="jca.apps.ecx.MessageType"
                                 expression='"XML"'/>
            <bpelx:inputProperty name="jca.apps.ecx.MessageStandard"
                                 expression='"OAG"'/>
            <bpelx:inputProperty name="jca.apps.ecx.DocumentNumber"
                                 expression='"1234"'/>
          </invoke>
        </sequence>