Weblogic User password change in Clustered Environment (HA)

Prerequisite:

-          Take the backup for the domain, config.xml, data (ldap)/tmp/cache, boot.properties

-          Created a new user for the OIM team

o   username : OIM_Team

o   Password : xxxxxxx

Instruction Steps:

-          Log in to the console

-          Lock and Edit

-          Change the password for the AdminServer from the console

-          Release configuration from the console

-          Re login to the console with the new (changed) password

-          Verified : This is working fine

-          Stopped the Admin Server

-          Edited the boot.properties file (passing the username and password in the clear text)

-          Started the AdminServer

-          Logged in the Admin Console with the new user

-          Logged in AdminServer console.

-          Stopped the services on node 2 server’s (SOA,MS,OIM)

-          Removed the boot.properties for soa_servers2

-          Started the soa server2 with the startManaged.sh script (provided the credentials at runtime)

-          Once Started the soa_server2 stopped it again ctrl+c (reason behind this; it will generate ldap data for new credentials.)

-          Started the soa_server2 with the help of scripts after updating the boot.properties file (started from custom script)

-          SOA_Server2 got in ADMIN Mode, we resumed it.

-          updated the boot.proprties with the new credentials and started oms2 with the custom script(startMS.sh)

-          updated the boot.proprties with the new credentials and started oim_server2 with the custom script(startOIM.sh)

ONCE CONFIRMED ALL THE SERVICES ARE UP AND RUNNING ON NODE 2; WE CAN PROCEED TO NODE 1.

-          Logged in AdminServer console.

-          updated the boot.propeties file with the new credentials on soa_server1

-          Started server with custom start file

-          Resumed the Soa Server1 as it had gone to the ADMIN Mode (this is normal behaviour)

-          Starting the oim_server1 and oms1 using the custom script, after updating the boot.properties file.

-          All servers are up and running fine.

-          Password changed for the weblogic user in OIMDomain.

AFTER CHANGING THE PASSWORD TO ALL CONSOLES, change the user password in OID if user is present in OID.

PLEASE VERIFY ON ALL THE CONSOLES (EM,OIM,OAM,SOA)

NOTE: Password should be same for OIM, OAM, OID Admins console, as WEBLOGIC is the only user who is logging in to adminserver’s.

OID Replication Issue

There are however issues when using a replicated OID deployment. OIM uses a process called LDAPSync which is used to keep the entries inside its internal database in sync with the entries in LDAP. 

To prevent the process having to process every entry in LDAP each time, it uses a changelog which allocates a change number to every transaction in the directory. If you have an OID replicated environment, then the change numbers
in each OID cluster are different. 

 

This causes issues for failover. You can alleviate this by:

1. Ensuring LDAPSync (OIM reconciliation jobs) only run against a single OID cluster.
2. If you do need to failover to a second OID cluster, then you will need to:
a. Disable the incremental OIM reconciliation tasks.
b. Run a full Reconciliation against the new OID cluster.
c. Update the OIM change number to reflect that of the new OID cluster.
d. Re-enable incremental OIM reconciliation tasks.
This is not necessary for OUD based solutions which use a cookie based changelog.

How to Download Plugin.zip file from OIM Database

How to Download Plugin.zip file from Database
 

select * from plugins;
Note down the zip id of the scheduler zip you want to download
select * from plugin_zip;
find the ZIP ID and select pencil icon on the BLOB column
Download the file on your desktop

Generic Interview Questions - OID

1. What is ldapsync?
2. What is OID?
3. Why OID is used at enterprise level?
4. ldapsync postinstallation high level steps?
5. Default SSL /Non SSL port ?
6. What is OID Replication ?
7. How does replication works in OID?
8. What is Data Migration?
9. How does data is Migrated from OIM to OID or OID server to server ?
10. How does password Management works in OID?
11. What are the groups, containers and object classes in OID ?
12. What are the Dangling entries in OID and how do we find Dangling entries?
13. Can we create users in OID Directly ? How do we do that?
14. How to import/export the policies in OID?
15. What kind of Utilies does OID offers?
16. How to start/stop the OID services?
17. logs location for OID? 
18. what does dispatcher logs says in OID?
19. How do we get the diagnostics data in OID?
20. How does Garbage collection works in OID?

Generic Interview Questions - OAM

1. What are different versions of OAM?
2. How you will find version of OAM?
3. What are differences between  OAM 11g R1 and OAM 11g R2 PSx?
4. What is Single Sign-On and how it works?
5. Explain in detail what happens when you access a protected page? Cookies? Persistent Cookies?
6. What are differences between 10g 
7. cookie and 11g cookie?
8. How will you protect a resource? Explain configuration in detail
9. What is difference between unprotected resource and excluded resource?
10. What are different types of security level in OAM for webgate?
11. What are different artifacts generated when webgate are registered?
12. What are different ways of registering webgate?
13. What is default port and protocol on which webgate communicate with OAM Server?
14. What is ECC and DCC? Which is recommended and why?
15. What is assertion? How will you enable SSO for weblogic console?
16. Kerberos? Windows native authentication?
17. What are different authentication schemes available in OAM?
18. What is difference between authentication scheme and authentication module?
19. What applications you have enabled for SSO? Sieble? BIP? Weblogic  based? Tomcat based? Any other?
20. What changes are required in application and application server to make it SSO certified? Weblogic based and other application server changes?
21. How will you suppress login page of application?
22. What is authorization?
23. Which authorization OAM supports, coarse grain or fine grain?
24. How will you configure authorization in OAM?
25. Have you developed custom plug-in? Give steps?
26. How will you use third party jars inside custom plug-in?
27. Any experience in custom provider or assertor? Steps? 
28. How will you configure custom login page?
29. How will you pass custom attribute in header?
30. What is identity store? How to configure multiple identity store?
31. What is difference between default store and system store?
32. How password policy works in OAM? 
33. What are different attributes used for OAM Password Management?
34. How will you change password or reset password without OIM?
35. How will you integrate OIM and OAM? Explain in detail
36. How will you integrate OAM and OAAM?
37. Any experience in upgrade ? Steps?
38. How will you troubleshoot SSO related issues?
39. What tools you will use to debug or troubleshoot? Give some troubleshooting/debugging example
40. What is OHS? What is its role in SSO?
41. What is major difference in installation/configuration of webgate of OHS 11g and OHS 12c? Any experience?
42. How will you protect rest services?
43. OAuth? SAML?
44. OTP? SMS? Biometric Authentication?
45. Access Portal?
46. How will you deploy code/configuration from test/dev to production?
47. What are dfferent reports available OOTB for OAM?
48. How will you do session management in OAM? Session related parameters and configuration? manage user or session inactivity and policies with configurable screen locks and messages, application logout policies, graceful logoff from one or all applications etc.

Generic Interview Questions - OIM

1. What are different versions of OIM?
2. How you will find version of OIM?
3. What are differences between  OIM 11g R1 and OIM 11g R2 ?
4. What are differences between  OIM 11g R2 PS2 and OIM 11g R2 PS3 ?
5. What are new features in R2?
6. What are new features in R3?
7. What are event handler?
8. What are different types of event handler? 
9. How do you register/unregister an event handler?
10. How will you troubleshoot event handler?
11. What is Orchestration ?
12. What are different stages of orchestration?
13. How many types of adapter are there in OIM?
14. How adapters are trigerred?
15. How entity adapter are used in OIM 11g R1/R2?
16. How attribute changes from user profile is propagated to target system?
17. What are different types of reconciliation?
18. How will you do trusted reconciliation from multiple trusted system?
19. What are different stages of reconciliation event?
20. What are different reconciliation rules for Trusted and Target Reconciliation?
21. How will you do transformation of data during reconciliation? e.g.  Status is present in source system as A but need to change to Active in OIM
22. How will you implement custom scheduler?
23. What are major differences between 10g scheduler and 11g scheduler?
24. Explain in detail different component of connector?
25. What will be approach for designing the connector? 
26. What questions you will ask to application owner?
27. What all connector you have worked on?
28. How will you extend OOTB connector?
29. What are ICF Connector?
30. What is connector Server? 
31. What are different types of connector server?
32. How will you uninstall connector?
33. What is connector cloning and how will you clone a connector?
34. How many types of approval policy are there in R2?
35. Have you worked on custom approval/soa composite?
36. What is ldapsync? 
37. How will you place user in different directories/container based on organization/employee type? e.g. all Employees to cn=Users container where as all contractors to cn=people container
38. How will you change logo/Branding? Steps?
39. What is sandbox?
40. How will you recover after publishing sandbox system crashes?
41. How will you add new attribute/UDF?
42. Steps for UDF Creation?
43. How will you add new attributes to Create/Modify and View pages
44. Which OIM Api have you used?
45. What is difference between calling oim api from command line and calling it from oim scheduler or adapters?
46. What are major differences between 10g api and 11g api?
47. What is application instance?
48. What is difference between application instance of trusted and target system?
49. What are entitlement?
50. Where entitlement are stored? 
51. How will you identity entitlements from configuration?
52. How will you populate entitlement?
53. Have you worked on any upgrade project?
54. What are major challenges of an upgrade?
55. Explain in detail process of upgrade
56. Name different tables in OIM?
57. Custom Reports?
58. How will you deploy code/configuration from test/dev to production?
59. What is access policies?
60. What is retrofit access policies in OIM?
61. What is MDS and what is its role in IdM?
62. what is purging and why it is required? Give one example where purging is required?
63. What is command to purge?
64. How do you take backup ?
65. How do you bulk load users in OIM? Steps?
66. What is disconnected resource provisioning?
67. Is Eventhandler contains any plugin point ?
68. what is hashtable
69. what is the difference between string buffer and string builder ?
70. To deploy a custom connector, is there any dependencies while deployment ?
71. How does user flow from OIM to Target ?
72. How will you rectify reconciliation related issues?
73. Steps for Migration from PS1 to PS2 or PS2 to PS3 ?
74. How does custom udf is created in Target system and how does data flows from OIM to Target considering the custom UDF is mandatory field?
75. How does web services calls works?
76. How does web services connector deployed in OIM?

Deploy the OOTB SOA Composites in 11gR2PS2

Deploy the OOTB SOA Composites in 11gR2PS2

 

NOTE:  This step has been automated as part of the environment build scripts.

 

The OOTB SOA composites need to be deployed.  This can be done using the Enterprise Manager application.

 

·         Login to Enterprise Manager (EM) as weblogic.

·         Expand the Farm_idmàSOA folder

·         Expand soa_infra for (soa_server1 or soa_server2)

o   This will display the “default” partition.  This is where our deployed composites will be listed/displayed.  Initially, this will be empty.

·         Right click on the default partition and a popup menu will appear 

·         Select SOA Deployment ...Deploy to this Partition…

·         In the Archive or Exploded Directory section, select the Archive on the server where Enterprise Manager is running option.

·         Specify the path for one of the following SOA composites that needs to be deployed.

o    /oracle/admin/idmdomain/aserver/idm/soa/autodeploy/sca_AutoApproval_rev1.0.jar

o    /oracle/admin/idmdomain/aserver/idm/soa/autodeploy/sca_BeneficiaryManagerApproval_rev1.0.jar

o    /oracle/admin/idmdomain/aserver/idm/soa/autodeploy/sca_CertificationProcess_rev2.0.jar

o    /oracle/admin/idmdomain/aserver/idm/soa/autodeploy/sca_CertificationOverseerProcess_rev1.0.jar

o    /oracle/admin/idmdomain/aserver/idm/soa/autodeploy/sca_DefaultOperationalApproval_rev3.0.jar

o    /oracle/admin/idmdomain/aserver/idm/soa/autodeploy/sca_DefaultRequestApproval_rev3.0.jar

o    /oracle/admin/idmdomain/aserver/idm/soa/autodeploy/sca_DefaultRoleApproval_rev1.0.jar

o    /oracle/admin/idmdomain/aserver/idm/soa/autodeploy/sca_DefaultSODApproval_rev1.0.jar

o    /oracle/admin/idmdomain/aserver/idm/soa/autodeploy/sca_DisconnectedProvisioning_rev1.0.jar

o    /oracle/admin/idmdomain/aserver/idm/soa/autodeploy/sca_OAACGRoleAssignSODCheck_rev1.0.jar

o    /oracle/admin/idmdomain/aserver/idm/soa/autodeploy/sca_ProvideInformation_rev1.0.jar

o    /oracle/admin/idmdomain/aserver/idm/soa/autodeploy/sca_RequesterManagerApproval_rev1.0.jar

·         Click the Next button 

·         Click the Deploy button

·         Wait while the composite is deployed

·         Once it is deployed, the progress window will close automatically

 

Your composite will now be displayed in the default partition.  Repeat this process to deploy the remaining SOA composites.