Provisioning Failed after recent deployment in ConnectorDefaultDirectory

< Return Value is of Type 'String'. Please Check CatalogAM.xml.xml in MDS Dump Which May Be Missing Refferences.>

Running UPDATE

Target Class = oracle.iam.connectors.icfcommon.prov.ICProvisioningManager

<Dec 11, 2020 10:20:38 PM EST> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER> <BEA-000000> <oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : updateAttributeValue : Error in updateAttributeValue

java.lang.NullPointerException

        at org.identityconnectors.framework.impl.api.local.ConnectorBundleManifestParser.getAttributes(ConnectorBundleManifestParser.java:55)

        at org.identityconnectors.framework.impl.api.local.ConnectorBundleManifestParser.<init>(ConnectorBundleManifestParser.java:50)

Solution:

1) This error will cause issues for all the connectors/plugins or deployments in ConnectorDefaultDirectory

2) Since the code processes these information in an orderly manner, fix the Manifest file to have the following order and contents

Manifest-Version: 1.0

Ant-Version: Apache Ant 1.7.1

Created-By: 1.5.0_19-rev-b03 (Sun Microsystems Inc.)

ConnectorBundle-FrameworkVersion: 1.1

ConnectorBundle-Name: org.identityconnectors.genericrest

ConnectorBundle-Version: 1.0.1115

Build-Label: OIMCP_11.1.1.5.0_GENERIC_160524.0731

Build-Transaction: NONE

Recreate the bundle jar with new Manifest file and use this jar with your connector.

3) Still the above thing does not work then check the jdk version of your deployed jar and jdk version of your OIM.

OPatch failed with error code 255

Error while running opatch lsinventory

OPatch could not find OUI based inventory in the Oracle Home. But, OUI location is provided using 'oui_loc' option. Please check the inventory of the Oracle Home and run OPatch again.

OPatch failed with error code 255

SOlution:

export ORACLE_HOME =\<ORACLE_HOME_LOC

try the command again it works.

Could not find file /u01/app/oracle/server/client/oimclient.jar to copy

 Error:

[oracle@oimdevapp1 client]$ cd /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener
[oracle@oimdevapp1 listener]$ ant setup-listener
Buildfile: build.xml
Trying to override old definition of datatype wldeploy
check-wl-home:
check-oracle-common:
check-oracle-home:
check-env-vars:
setup-archive:
   [delete] Deleting directory /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive
    [mkdir] Created dir: /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive
     [copy] Copying 4 files to /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive
     [copy] Copied 5 empty directories to 1 empty directory under /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive
BUILD FAILED
/u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/build.xml:77: Warning: Could not find file /u01/app/oracle/server/client/oimclient.jar to copy.
Total time: 0 seconds

Solution:

1) cd /u01/app/oracle/server/client/

2) Give permissions on oimclient.jar

chmod 777 oimclient.jar

3) run the ant setup-listener again.

ant setup-listener build failed with taskdef class weblogic.ant.taskdefs.management.WLDeploy cannot be found

Error:

ant setup-listener
and got the following error:
---------------------------------------------------------------------------------------------------------------------------
Buildfile: /app/idm/products/R3/identity/idm/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/build.xml
BUILD FAILED
/app/idm/products/R3/identity/idm/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/build.xml:41: taskdef class weblogic.ant.taskdefs.management.WLDeploy cannot be found
using the classloader AntClassLoader[/app/idm/products/R3/identity/idm/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/lib/deploytool.jar:/app/idm/products/R3/identity/oracle_common/modules/oracle.jps/jps-mbeans.jar:/app/idm/products/R3/identity/oracle_common/modules/oracle.jps/jps-api.jar:/app/idm/products/R3/identity/oracle_common/modules/oracle.jps/jps-unsupported-api.jar]

Solution:

export ANT_HOME=/u01/app/oracle/middleware/modules/org.apache.ant_1.7.1

export PATH=$PATH:$ANT_HOME/bin

export ORACLE_HOME=

export APP_SERVER=weblogic

export JAVA_HOME=

export MW_HOME=

export WL_HOME=

export DOMAIN_HOME=

export ORACLE_COMMON=

after setting all env variable run the scipt again.

[oracle@oimdevapp1 listener]$ ant setup-listener
Buildfile: build.xml
Trying to override old definition of datatype wldeploy
check-wl-home:
check-oracle-common:
check-oracle-home:
check-env-vars:
setup-archive:
   [delete] Deleting directory /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive
    [mkdir] Created dir: /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive
     [copy] Copying 4 files to /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive
     [copy] Copied 5 empty directories to 1 empty directory under /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive
     [copy] Copying 1 file to /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF/lib
     [copy] Copying 1 file to /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF/lib
     [copy] Copying 1 file to /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF/lib
     [echo] Updating deployment descriptor (web.xml)
deploy:
     [echo] Deploying the listener
[passwdreader] Enter weblogic admin password:
 [wldeploy] weblogic.Deployer -debug -verbose -noexit -name PeopleSoftOIMListener -source /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive/PeopleSoftOIMListener.ear -targets oim_server1 -adminurl t3://localhost:7005 -user weblogic -password ******** -deploy
 [wldeploy] weblogic.Deployer invoked with options:  -debug -verbose -noexit -name PeopleSoftOIMListener -source /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive/PeopleSoftOIMListener.ear -targets oim_server1 -adminurl t3://localhost:7005 -user weblogic -deploy
 [wldeploy] [WebLogicDeploymentManagerImpl.<init>():115] : Constructing DeploymentManager for J2EE version V1_4 deployments
 [wldeploy] [WebLogicDeploymentManagerImpl.getNewConnection():158] : Connecting to admin server at localhost:7005, as user weblogic
 [wldeploy] [ServerConnectionImpl.getEnvironment():286] : setting environment
 [wldeploy] [ServerConnectionImpl.getEnvironment():289] : getting context using t3://localhost:7005
 [wldeploy] [ServerConnectionImpl.getMBeanServer():237] : Connecting to MBeanServer at service:jmx:t3://localhost:7005/jndi/weblogic.management.mbeanservers.domainruntime
 [wldeploy] [ServerConnectionImpl.getMBeanServer():237] : Connecting to MBeanServer at service:jmx:t3://localhost:7005/jndi/weblogic.management.mbeanservers.runtime
 [wldeploy] [DomainManager.resetDomain():36] : Getting new domain
 [wldeploy] [DomainManager.resetDomain():39] : Using pending domain: true
 [wldeploy] [MBeanCache.addNotificationListener():96] : Adding notification listener for weblogic.deploy.api.spi.deploy.mbeans.TargetCache@3af0a9da
 [wldeploy] [MBeanCache.addNotificationListener():103] : Added notification listener for weblogic.deploy.api.spi.deploy.mbeans.TargetCache@3af0a9da
 [wldeploy] [MBeanCache.addNotificationListener():96] : Adding notification listener for weblogic.deploy.api.spi.deploy.mbeans.ModuleCache@49c66ade
 [wldeploy] [MBeanCache.addNotificationListener():103] : Added notification listener for weblogic.deploy.api.spi.deploy.mbeans.ModuleCache@49c66ade
 [wldeploy] [ServerConnectionImpl.initialize():169] : Connected to WLS domain: base_domain
 [wldeploy] [ServerConnectionImpl.init():159] : Initializing ServerConnection : weblogic.deploy.api.spi.deploy.internal.ServerConnectionImpl@31ff43be
 [wldeploy] [BasicOperation.dumpTmids():713] : Incoming tmids:
 [wldeploy] [BasicOperation.dumpTmids():715] :   {Target=oim_server1, WebLogicTargetType=server, Name=PeopleSoftOIMListener}, targeted=true
 [wldeploy] [BasicOperation.deriveAppName():141] : appname established as: PeopleSoftOIMListener
 [wldeploy] <Dec 8, 2020 4:39:31 PM EST> <Info> <J2EE Deployment SPI> <BEA-260121> <Initiating deploy operation for application, PeopleSoftOIMListener [archive: /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive/PeopleSoftOIMListener.ear], to oim_server1 .>
 [wldeploy] [BasicOperation.dumpTmids():713] : Incoming tmids:
 [wldeploy] [BasicOperation.dumpTmids():715] :   {Target=oim_server1, WebLogicTargetType=server, Name=PeopleSoftOIMListener}, targeted=true
 [wldeploy] [BasicOperation.loadGeneralOptions():628] : Delete Files:false
 [wldeploy] Timeout :3600000
 [wldeploy] Targets:
 [wldeploy] oim_server1
 [wldeploy] ModuleTargets={}
 [wldeploy] SubModuleTargets={}
 [wldeploy] }
 [wldeploy] Files:
 [wldeploy] null
 [wldeploy] Deployment Plan: null
 [wldeploy] App root: /tmp/oracle/./config/deployments/PeopleSoftOIMListener
 [wldeploy] App config: /tmp/oracle/./config/deployments/PeopleSoftOIMListener/plan
 [wldeploy] Deployment Options: {isRetireGracefully=true,isGracefulProductionToAdmin=false,isGracefulIgnoreSessions=false,rmiGracePeriod=-1,retireTimeoutSecs=-1,undeployAllVersions=false,archiveVersion=null,planVersion=null,isLibrary=false,libSpecVersion=null,libImplVersion=null,stageMode=null,clusterTimeout=3600000,altDD=null,altWlsDD=null,name=PeopleSoftOIMListener,securityModel=null,securityValidationEnabled=false,versionIdentifier=null,isTestMode=false,forceUndeployTimeout=0,defaultSubmoduleTargets=true,timeout=0,deploymentPrincipalName=null,useExpiredLock=false}
 [wldeploy]
 [wldeploy] [BasicOperation.execute():445] : Initiating deploy operation for app, PeopleSoftOIMListener, on targets:
 [wldeploy] [BasicOperation.execute():447] :    oim_server1
 [wldeploy] Task 0 initiated: [Deployer:149026]deploy application PeopleSoftOIMListener on oim_server1.
 [wldeploy] Task 0 completed: [Deployer:149026]deploy application PeopleSoftOIMListener on oim_server1.
 [wldeploy] Target state: deploy completed on Server oim_server1
 [wldeploy]
 [wldeploy] Target Assignments:
 [wldeploy] + PeopleSoftOIMListener  oim_server1
 [wldeploy] [ServerConnectionImpl.close():332] : Closing DM connection
 [wldeploy] [ServerConnectionImpl.close():352] : Unregistered all listeners
 [wldeploy] [ServerConnectionImpl.closeJMX():372] : Closed JMX connection
 [wldeploy] [ServerConnectionImpl.closeJMX():384] : Closed Runtime JMX connection
 [wldeploy] [ServerConnectionImpl.closeJMX():396] : Closed Edit JMX connection
grant-keystore-permissions:
     [echo] Granting keystore access permissions to the listener.
[passwdreader] Enter weblogic admin password:
     [java] Dec 08, 2020 4:39:52 PM oracle.iam.connectors.psft.common.deploy.PermissionsHandler main
     [java] INFO: Connecting to admin server t3://localhost:7005 with user weblogic
     [java] Dec 08, 2020 4:39:52 PM oracle.iam.connectors.psft.common.deploy.PermissionsHandler main
     [java] INFO: Starting the keystore grant for /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF/lib/-
     [java] Dec 08, 2020 4:39:52 PM oracle.iam.connectors.psft.common.deploy.PermissionsHandler initDomainRuntimeServerConnection
     [java] INFO: Connecting to admin server..
     [java] Dec 08, 2020 4:39:52 PM oracle.iam.connectors.psft.common.deploy.PermissionsHandler initDomainRuntimeServerConnection
     [java] INFO: Connection initialized
     [java] Dec 08, 2020 4:39:52 PM oracle.iam.connectors.psft.common.deploy.PermissionsHandler main
     [java] INFO: Granting keystore permissions to PSFT archive libraries..
     [java] Dec 08, 2020 4:39:53 PM oracle.iam.connectors.psft.common.deploy.PermissionsHandler grantRWPermissionsToJar
     [java] WARNING: URL /u01/app/oracle/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/PSFT_UM-11.1.1.6.0/listener/deployable-archive/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF/lib/- already has access to RW keystores. Skipping the grant operation
     [java] Dec 08, 2020 4:39:53 PM oracle.iam.connectors.psft.common.deploy.PermissionsHandler main
     [java] INFO: Granting keystore permissions to cached archive..
     [java] Dec 08, 2020 4:39:53 PM oracle.iam.connectors.psft.common.deploy.PermissionsHandler grantRWPermissionsToJar
     [java] WARNING: URL ${domain.home}/servers/${weblogic.Name}/stage/PeopleSoftOIMListener/PeopleSoftOIMListener.ear/PeopleSoftOIMListener.war/WEB-INF/lib/- already has access to RW keystores. Skipping the grant operation
     [java] Dec 08, 2020 4:39:53 PM oracle.iam.connectors.psft.common.deploy.PermissionsHandler main
     [java] INFO: Grant finished
     [java] Dec 08, 2020 4:39:53 PM oracle.iam.connectors.psft.common.deploy.PermissionsHandler closeConnection
     [java] INFO: Connection to admin server closed
setup-listener:
BUILD SUCCESSFUL

oim server not starting up/ Failed to restart

 Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Info: Data source is: opss-DBDS

[EL Severe]: 2020-12-09 10:42:15.495--ServerSession(1444996261)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException

Internal Exception: java.sql.SQLRecoverableException: IO Error: Socket read timed out

Error Code: 17002

Dec 09, 2020 10:42:15 AM oracle.security.jps.internal.common.config.AbstractSecurityStore getSecurityStoreVersion

WARNING: Unable to get the Version from Store returning the default. Reason: oracle.net.ns.NetException: Socket read timed out.

[EL Severe]: 2020-12-09 10:44:15.946--ServerSession(45873964)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException

Internal Exception: java.sql.SQLRecoverableException: IO Error: Socket read timed out

Error Code: 17002

Dec 09, 2020 10:44:15 AM oracle.security.jps.internal.credstore.ldap.LdapCredentialStore init

WARNING: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-00027: There was an internal error: oracle.net.ns.NetException: Socket read timed out

JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-00027: There was an internal error: oracle.net.ns.NetException: Socket read timed out

Error: Diagnostics data was not saved to the credential store.

Error: Validate operation has failed.

Need to do the security configuration first!

<Dec 9, 2020 10:44:16 AM> <FINEST> <NodeManager> <Waiting for the process to die: 19898>

<Dec 9, 2020 10:44:16 AM> <INFO> <NodeManager> <Server failed during startup so will not be restarted>

<Dec 9, 2020 10:44:16 AM> <FINEST> <NodeManager> <runMonitor returned, setting finished=true and notifying waiters>

Solution:

Check with DBA Team on DEV_OPSS Schema Password expiration.

Incase you have sys as sysdba credentials or access then perform the following query.

If you know DEV_OPSS Previous password Keep it as same like previous one.

alter user DEV_OPSS identified by Welcome1;

commit;

Restart the servers.

Peoplesoft Provisioning is failing after Peoplesoft tools Upgrade

[ERROR] [] [ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: jlibich] [ecid: e3db7ea4eadae3c1:4b76075a:17630e56b2d:-8000-000000000001e537,0] [APP: oim#11.1.2.0.0] [DSID: 0000NOtWHNpDKeMpQKl3id1Vmjgy000009] oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : updateAttributeValue : Error in updateAttributeValue[[
org.identityconnectors.framework.common.exceptions.ConnectorException: Cannot connect to peoplesoft : PeopleTools release (8.55.27) for web server/ Application Designer '' is not the same as Application Server PeopleTools release (8.57.12).  Access denied.
  
Solution:

1) You should have latest version of psjoa.jar and psmanagement.jar from PeopleSoft team. These are located in PEOPLESOFT_HOME/web/psjoa directory.

2) select * from OIMHOME_JARS;

Identify ICFBundle --> org.identityconnectors.peoplesoftintfc-1.0.5963.jar

3) following environment variables need to be set if not done before

APP_SERVER is weblogic

OIM_ORACLE_HOME is /u01/app/oracle/product/middleware/Oracle_IDM1/

JAVA_HOME is /java/jdk1.7.0_80/

MW_HOME is /u01/app/oracle/product/middleware/

WL_HOME is /u01/app/oracle/product/middleware/wlserver_10.3/

DOMAIN_HOME is / u01/app/oracle/middleware/user_projects/domains/oim_domain/

4) Take Backup of jar

locate the server location for this bundle and take a backup in your local/server host.

or

Navigate to below path and run Downloadjars.sh utility

/u01/app/oracle/product/middleware/IAM/server/bin

./DownloadJars.sh

For running the Utilities the following environment variables need to be set

APP_SERVER is weblogic
OIM_ORACLE_HOME is /u01/app/oracle/product/middleware/Oracle_IDM1/
JAVA_HOME is /java/jdk1.7.0_80/
MW_HOME is /u01/app/oracle/product/middleware/
WL_HOME is /u01/app/oracle/product/middleware/wlserver_10.3/
DOMAIN_HOME is / u01/app/oracle/middleware/user_projects/domains/oim_domain/

Executing oracle.iam.platformservice.utils.JarDownloadUtility in IPv4 mode

[Enter Xellerate admin username :]xelsysadm

[Enter the admin password :]

[[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic or corbaloc:iiop:localhost:2801 for websphere)]:]t3://oimoamlib.test.com:14005

[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic or com.ibm.websphere.naming.WsnInitialContextFactory for websphere)]:]weblogic.jndi.WLInitialContextFactory

Logging configuration class "oracle.core.ojdl.logging.LoggingConfiguration" failed

java.lang.ClassNotFoundException: oracle.core.ojdl.logging.LoggingConfiguration

log4j:WARN No appenders could be found for logger (org.springframework.jndi.JndiTemplate).

log4j:WARN Please initialize the log4j system properly.

Enter the jar type

 1.JavaTasks

 2.ScheduleTask

 3.ThirdParty

 4.ICFBundle

4

Enter the full path of the download directory :

/u01/bundle/PSFTJar/prod_backup

Enter the name of jar file to be downloaded from DB :

org.identityconnectors.peoplesoftintfc-1.0.5963.jar

Do u want to download more jars [y/n] :n

Download jar executed successfully

5) Delete  jar

./DeleteJars.sh

For running the Utilities the following environment variables need to be set

APP_SERVER is weblogic
OIM_ORACLE_HOME is /u01/app/oracle/product/middleware/Oracle_IDM1/
JAVA_HOME is /java/jdk1.7.0_80/
MW_HOME is /u01/app/oracle/product/middleware/
WL_HOME is /u01/app/oracle/product/middleware/wlserver_10.3/
DOMAIN_HOME is / u01/app/oracle/middleware/user_projects/domains/oim_domain/

Executing oracle.iam.platformservice.utils.JarDeleteUtility in IPv4 mode

[Enter Xellerate admin username :]xelsysadm

[Enter the admin password :]

[[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic or corbaloc:iiop:localhost:2801 for websphere)]:]t3://oimoamlib.test.com:14005

[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic or com.ibm.websphere.naming.WsnInitialContextFactory for websphere)]:]weblogic.jndi.WLInitialContextFactory

Logging configuration class "oracle.core.ojdl.logging.LoggingConfiguration" failed

java.lang.ClassNotFoundException: oracle.core.ojdl.logging.LoggingConfiguration

log4j:WARN No appenders could be found for logger (org.springframework.jndi.JndiTemplate).

log4j:WARN Please initialize the log4j system properly.

Enter the jar type

 1.JavaTasks

 2.ScheduleTask

 3.ThirdParty

 4.ICFBundle

4

Enter the name of jar to be deleted from DB :

org.identityconnectors.peoplesoftintfc-1.0.5963.jar

Do u want to delete more jars [y/n] :n

Delete jar executed successfully

This jar contains psjoa.jar file in lib directory of older version. Extract bundle and file and replace with upgraded version of psjoa.jar and rebuild org.identityconnectors.peoplesoftintfc-1.0.5963.jar file.

6) Upload upgraded bundle jar

1.   ./UploadJars.s

      For running the Utilities the following environment variables need to be set

APP_SERVER is weblogic
OIM_ORACLE_HOME is /u01/app/oracle/product/middleware/Oracle_IDM1/
JAVA_HOME is /java/jdk1.7.0_80/
MW_HOME is /u01/app/oracle/product/middleware/
WL_HOME is /u01/app/oracle/product/middleware/wlserver_10.3/
DOMAIN_HOME is / u01/app/oracle/middleware/user_projects/domains/oim_domain/

Executing oracle.iam.platformservice.utils.JarUploadUtility in IPv4 mode

[Enter Xellerate admin username :]xelsysadm

[Enter the admin password :]

[[Enter serverURL (Ex. t3://oimhostname:oimportno for weblogic or corbaloc:iiop:localhost:2801 for websphere)]:]t3://oimoamlib.test.com:14005

[[Enter context (i.e.: weblogic.jndi.WLInitialContextFactory for weblogic or com.ibm.websphere.naming.WsnInitialContextFactory for websphere)]:]weblogic.jndi.WLInitialContextFactory

Logging configuration class "oracle.core.ojdl.logging.LoggingConfiguration" failed

java.lang.ClassNotFoundException: oracle.core.ojdl.logging.LoggingConfiguration

log4j:WARN No appenders could be found for logger (org.springframework.jndi.JndiTemplate).

log4j:WARN Please initialize the log4j system properly.

Enter the jar type

 1.JavaTasks

 2.ScheduleTask

 3.ThirdParty

 4.ICFBundle

4

Enter the path/location of jar file :

/tmp/Sanjivani/org.identityconnectors.peoplesoftintfc-1.0.5963.jar

Do u want to load more jars [y/n] :n

Upload jar executed successfully

7) Replace psjoa.jar with upgraded version

Navigate to below location and replace psjoa.jar file with upgraded version.

cp /tmp/Sanjivani/psjoa.jar /u01/app/oracle/product/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/targetsystems-lib/PSFT_UM-11.1.1.6.0

NOTE: If you are using PeopleTools 8.54, PeopleTools 8.55, PeopleTools 8.56, or PeopleTools 8.57, you must also copy the psmanagement.jar file from PEOPLESOFT_HOME/client-tools/class to the directory created in ConnectorDefaultDirectory/targetsystems-lib/PSFT_UM-11.1.1.6.0

cp /tmp/Sanjivani/psmanagement.jar /u01/app/oracle/product/middleware/Oracle_IDM1/server/ConnectorDefaultDirectory/targetsystems-lib/PSFT_UM-11.1.1.6.0

8) Restart oim servers

9) Test Peoplesoft Provisioning/Update attribute/Disable/Delete Operation from OIM on Peoplesoft Test account.
you should not see the error in log.

Find size limitation for all attributes in user objects in Active Directory

1) Login to Active Directory connector server
2) Open the powershell and run the below mentioned command.

dsquery * "cn=Schema,cn=Configuration,dc=YOURDOMAIN,dc=COM" -Filter "(objectClass=attributeSchema)" -Attr LDAPDisplayName rangeUpper -Limit 0 >  C:\Users\oimadsvc\Downloads\Report.txt

your Report.txt will be saved in location C:\Users\oimadsvc\Downloads will be having the required information of size limits of all the attributes.

AD Connector Post Upgrade Steps

 - Delete the UD_ADUSRCLS child form

- Forms, tasks, Lookups, recon rules

ResourceObject;AD User

FormName;UD_ADUSER

FromVersion;SPECIFY_THE_VERSION_OF_THE_FORM_USED_BY_USER_ACCOUNTS_CREATED_BY_USING_THE_SOURCE_CONNECTOR

ToVersion;SPECIFY_THE_VERSION_OF_FORM_THAT_IS_IN_THE_ACTIVE_STATUS_AFTER_THE_UPGRADE

ParentParent;UD_ADUSER_AD;UD_ADUSER_SERVER

ResourceObject;AD Group

FormName;UD_ADGRP

FromVersion;SPECIFY_THE_VERSION_OF_THE_FORM_USED_BY_USER_ACCOUNTS_CREATED_BY_USING_THE_SOURCE_CONNECTOR

ToVersion;SPECIFY_THE_VERSION_OF_FORM_THAT_IS_IN_THE_ACTIVE_STATUS_AFTER_THE_UPGRADE

ParentParent;UD_ADGRP_ADSERVER;UD_ADGRP_SERVER

ResourceObject;AD Organizational Unit

FormName;UD_OU

FromVersion;SPECIFY_THE_VERSION_OF_THE_FORM_USED_BY_USER_ACCOUNTS_CREATED_BY_USING_THE_SOURCE_CONNECTOR

ToVersion;SPECIFY_THE_VERSION_OF_FORM_THAT_IS_IN_THE_ACTIVE_STATUS_AFTER_THE_UPGRADE

ParentParent;UD_OU_AD;UD_OU_SERVER

The following scheduled jobs contain the Latest Token attribute:

Active Directory User Target Recon

Active Directory User Trusted Recon

Active Directory Group Recon

Active Directory Organization Recon

The following scheduled jobs contain the Sync Token attribute:

Active Directory User Target Delete Recon

Active Directory User Trusted Delete Recon

Active Directory Group Delete Recon

Verifying If the Correct Process Form is Associated With the Resource Object

1.Log in to the Design Console.

2.Expand Process Management and then double-click Process Definition.

3.Search for and open the process form associated with the resource object.

4.In the Form Assignment region, note down the value of the Table Name field. This value is name of the process form that is linked to the process definition and resource object.

In the Lookup.ActiveDirectory.GM.Configuration lookup definition, search for and replace the Lookup.ActiveDirectory.GM.ProvAttrMap and Lookup.ActiveDirectory.GM.ReconAttrMap decode values with Lookup.ActiveDirectoryLDS.GM.ProvAttrMap and Lookup.ActiveDirectoryLDS.GM.ReconAttrMap, respectively.

java.net.BindException: Address already in use: JVM_Bind

While Starting the Connector Server Seeing below mentioned error:

C:\connector_server_java-1.5.0\bin>ConnectorServer.bat /run
Exception in thread "main" org.identityconnectors.framework.common.exceptions.ConnectorException: java.net.BindException: Address already in use: JVM_Bind
        at org.identityconnectors.framework.common.exceptions.ConnectorException.wrap(ConnectorException.java:101)
        at org.identityconnectors.framework.server.impl.ConnectorServerImpl.createServerSocket(ConnectorServerImpl.java:103)
        at org.identityconnectors.framework.server.impl.ConnectorServerImpl.start(ConnectorServerImpl.java:71)
        at org.identityconnectors.framework.server.Main.run(Main.java:206)
        at org.identityconnectors.framework.server.Main.main(Main.java:110)
Caused by: java.net.BindException: Address already in use: JVM_Bind
        at java.net.DualStackPlainSocketImpl.bind0(Native Method)
        at java.net.DualStackPlainSocketImpl.socketBind(DualStackPlainSocketImpl.java:102)
        at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:513)
        at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:180)
        at java.net.ServerSocket.bind(ServerSocket.java:375)
        at java.net.ServerSocket.<init>(ServerSocket.java:237)
        at java.net.ServerSocket.<init>(ServerSocket.java:181)
        at javax.net.DefaultServerSocketFactory.createServerSocket(ServerSocketFactory.java:224)
        at org.identityconnectors.framework.server.impl.ConnectorServerImpl.createServerSocket(ConnectorServerImpl.java:89)

Solution:

1) Go to ConnectorServer.properties and check the port

2) there must be something running on the same port.

OR

3) your connector server is up and running

4) kill the process and restart the connector server.

bash: ant: command not found...

 bash: ant: command not found...

Build Successful Yet plugin did not registered

Go to ant.properties

set the environment variables and re-register the plugin

after changes in ant.properties it will look like:

Now re-register the plugin, the task will appear in plugins column.

Actions and Events in OCI

ACTIONS

Event Rules must also specify an action to trigger when the filter finds a matching event. Actions are

responses you define for event matches. You set up select Oracle Cloud Infrastructure services that the

Events service has established as actions. The resources for these services act as destinations for matching

events. When the filter in the rule finds a match, the Events service delivers the matching event to one or

more of the destinations you identified in the rule. The destination service that receives the event then

processes the event in whatever manner you defined. This delivery provides the automation in your

environment.

You can only deliver events to certain Oracle Cloud Infrastructure services with a rule. Use the following

services to create actions:

Notifications

Streaming

Functions

EVENTS

Oracle Cloud Infrastructure Events enables you to create automation based on the state changes of resources throughout your tenancy. Use Events to allow your development teams to automatically respond when a resource changes its state. Here are some examples of how you might use Events: Send a notification to a DevOps team when a database backup completes. Convert files of one format to another when files are uploaded to an Object Storage bucket. 

You can only deliver events to certain Oracle Cloud Infrastructure services with a rule. Use the following

services to create actions:

Notifications

Streaming

Functions

Components of Resource Manager in OCI

Following are brief descriptions of key concepts and the main components of Resource Manager.

1)  CONFIGURATION 

Information to codify your infrastructure. A Terraform configuration can be either a solution or a file that you write and upload. 

2) JOB 

Instructions to perform the actions defined in your configuration. Only one job at a time can run on a given stack; further, you can have only one set of Oracle Cloud Infrastructure resources on a given stack. To provision a different set of resources, you must create a separate stack and use a different configuration. Resource Manager provides the following job types: 

i) Plan: Parses your Terraform configuration and creates an execution plan for the associated stack. The execution plan lists the sequence of specific actions planned to provision your Oracle Cloud Infrastructure resources. The execution plan is handed off to the apply job, which then executes the instructions. 

ii) Apply. Applies the execution plan to the associated stack to create (or modify) your Oracle Cloud Infrastructure resources. Depending on the number and type of resources specified, a given apply job can take some time. You can check status while the job runs. 

iii) Destroy. Releases resources associated with a stack. Released resources are not deleted. For example, terminates a Compute instance controlled by a stack. The stack's job history and state remain after running a destroy job. You can monitor the status and review the results of a destroy job by inspecting the stack's log files. 

iv) Import State. Sets the provided Terraform state file as the current state of the stack. Use this job to migrate local Terraform environments to Resource Manager.

3) STACK 

The collection of Oracle Cloud Infrastructure resources corresponding to a given Terraform configuration. Each stack resides in the compartment you specify, in a single region; however, resources on a given stack can be deployed across multiple regions. An OCID is assigned to each stack.

Steps to enable OCI Container Engine for OKE Cluster Access from kubectl CLI

Steps to enable Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE)

cluster access from the kubectl CLI?

Setting Up Local Access to Clusters

To set up a kubeconfig file to enable access to a cluster using a local installation of kubectl and the

Kubernetes Dashboard:

Step 1: Generate an API signing key pair

Step 2: Upload the public key of the API signing key pair

Step 3: Install and configure the Oracle Cloud Infrastructure CLI

Step 4: Set up the kubeconfig file

Step 5: Verify that kubectl can access the cluster

Deploying the custom jar into the OIM placeholder library

Deploying the custom jar into the OIM placeholder library

The placeholder library is the file oracle.iam.ui.custom-dev-starter-pack.war. This file is available along with the other OIM application packages (EARs and WARs) at $OIM_ORACLE_HOME/server/apps folder.

Before doing any modification to this file, create a backup of it.

Using a ZIP tool, like 7-Zip, the steps are:

1.       Open the oracle.iam.ui.custom-dev-starter-pack.war

2.       Add the custom jar file to the 'WEB-INF/lib' folder. If the 'lib' folder does not exist, create it

3.       Save the oracle.iam.ui.custom-dev-starter-pack.war file.

4.       Copy the oracle.iam.ui.custom-dev-starter-pack.war file back to its original location under $OIM_ORACLE_HOME/server/apps

5.       Stop OIM managed server

6.       In WebLogic administration console, update the 'oracle.iam.ui.custom' library deployment and activate the changes

7.       Start OIM managed server.

Deprecated API's in 12C OIM

Below is the reference URL to check the deprecated list of API's, Interfaces, Classes etc.

https://docs.oracle.com/en/middleware/idm/identity-governance/12.2.1.3/omjav/deprecated-list.html

https://docs.oracle.com/cd/E52734_01/oim/OMJAV/deprecated-list.html#field

GTC Recon Process

Oracle Identity Manager 11g R2 PS2 Flat File GTC Recon Process

 

Description:

This post covers the process of GTC flat file configuration in Oracle Identity Manager 11g R2 PS2.

 

Process:

1.       Create Feed directory and Archive directory 

Mkdir /app/Sanjivani

Mkdir /app/Sanjivani/archive

2.       Create flat file as .CSV with attributes and user information. Refer the screen shot for example entry.

Cd /app/Sanjivani/

Cat test.csv

#GTC Trusted Source

globalid,firstname,lastname,email,organization,department,managerid,manager

oig01,arihant1,jain,abc@oracle.com,Xellerate Users,IAM,abc,HRUser

oig02,arihant2,jain,def@oracle.com,Xellerate Users,IAM, def,HRUser

oig03,arihant3,jain,ghi@oracle.com,Xellerate Users,IAM, ghi,HRUser

3.       Login to the SYSADMIN console.

4.       Click on the Generic Connector.

5.       Provide the Name of the GTC. Check the Reconciliation and Trusted Source  Reconciliation. Select Shared Drive in Transport provider and select CSV in Formate provider.

6.       Provide the required parameters as shown in the below screen.

7.       Map the attribute from Reconciliation Staging to OIM.

8.       Create two new attributes userType and EmployeeType in Reconciliation staging and map the attributes from Reconciliation staging to OIM.

9.       Click on Scheduler and search and select for GTC recon which we have just created and click on Run Now.

10.   Click on Refresh and check the status of the job success or failed.

11.   Click on Event Management in the same window and click on search. I will display the list of users created and status of user creation.

12.   Login to the OIM Identity Console and click on Users. Click on search it will display the users list.

 

 

 

UI Customization - Configure Page Flows in EM Console

Problem Statement : ADF Project(created new tile in Identity Self Service console) deployed but the changes are not visible or reflecting.

Solution : Configure the custom created Page Flow in EM Console.

1) Login to EM console

Weblogic Domain --> d_oimdomain --> Security --> Application Policies

2) Select Application Policies

3)

Create  resource to give page definition permissions to the region

Permission Class: oracle.adf.share.security.authorization.RegionPermission

Resource Name: <Page Definition Name>

Permission Actions: View

Create another Resource to give task flow permissions

TASKFLOWURL : "/WEB-INF/PageFlowDefintion-tf-definition.xml"

TASKFLOWID : "PageFlowDefintion-tf-definition"

Permission Actions : View

4) Restart the Servers

SQL Queries useful for OIM Operations

1.       To get the user list/details provisioned with particular entitlement 

Select usr_login,USR_DISPLAY_NAME,USR_UDF_EMPLOYEEID,ENT_CODE,ENT_Value,ENT_ASSIGN_UPDATE

from usr inner join ent_assign

on ent_assign.usr_key=usr.usr_key

inner join ent_list

on ent_list.ent_list_key=ent_assign.ent_list_key

where lower(ent_code) like '%=<ent code>%'

and usr_status = 'Active'

and obj_key=<Resource Object key>

order by usr_login;

 

2.       To get the list of entitlements provisioned to the user associated with Enabled/Provisioned accounts:

select * from ent_assign, usr ,catalog, oiu, ost, orc where ent_assign.ent_list_key=catalog.entity_key and Ent_assign.usr_key=usr.usr_key and ent_assign.oiu_key=oiu.oiu_key and ost.ost_key=oiu.ost_key and oiu.orc_key=orc.orc_key and usr.usr_login=<User Login>;

 

 

3.       To get the request details on the basis of request status

 

select IDENTIFICATIONKEY "Request ID",usr_login "Requestor ID",usr_display_name "Requestor’s Name",

REQUEST_CREATION_DATE "Requested Date",rbe_entity_type, rbe_entity_name,

ASSIGNEES "Approver ID",ASSIGNEESDISPLAYNAME "Approver’s Name",ASSIGNEDDATE "Assigned Date",REQUEST_STATUS "Request Status",EXPIRATIONDATE "Expiry Date"

from WFTASK

inner join request on request_id=IDENTIFICATIONKEY

inner join usr on REQUESTER_KEY=usr_key

inner join request_beneficiary_entities on request_key=rbe_request_key

where assigneddate between to_date('01-10-2019','DD-MM-YYYY') and to_date('31-12-2019','DD-MM-YYYY')

and request_status in ('Request Rejected','Request Withdrawn')

and ASSIGNEES not in ('xelsysadm,user','SYSTEM ADMINISTRATORS,group')

order by ASSIGNEDDATE DESC;

 

4.       To get the rejected tasks count for the resource object in particular time period

select  count(*),MIL.MIL_NAME,obj_name

FROM OSI

inner join SCH on SCH.SCH_KEY=OSI.SCH_KEY

inner join STA on STA.STA_STATUS=SCH.SCH_STATUS

inner join MIL on OSI.MIL_KEY=MIL.MIL_KEY

inner join TOS on MIL.TOS_KEY=TOS.TOS_KEY

inner join PKG on TOS.PKG_KEY=PKG.PKG_KEY

inner join OIU on OSI.ORC_KEY=OIU.ORC_KEY

inner join USR on OIU.USR_KEY=USR.USR_KEY

inner join OST on oiu.ost_key = ost.ost_key

inner join OBJ on OST.OBJ_KEY=OBJ.OBJ_KEY

inner join ORC on orc.orc_key = oiu.orc_key

WHERE to_date(to_char(sch_actual_start,'DD-MM-YYYY'),'DD-MM-YYYY')

between to_date('01-01-2018','DD-MM-YYYY') and to_date('01-01-2019','DD-MM-YYYY')

and usr_status='Active'

and obj_name= '<Resource Object Name>'

and ost_status in ('Provisioned','Enabled','Disabled')

and sta_bucket ='Rejected'

group by MIL.MIL_NAME,obj_name;

 

5.       To get list of all the rejected tasks

Select * from osi, sch, mil , orc,usr, oiu where orc.orc_key=osi.orc_key and sch.sch_key=osi.sch_key and oiu.orc_key=orc.orc_key and oiu.usr_key=usr.usr_key

and osi.mil_key=mil.mil_key and sch.sch_status='R';

 

6.       To get all entitlements attached to policies linked to a role

 

select * from pol, ugp,pog, poc where pol.pol_key=pog.pol_key

and poc.pol_key=pol.pol_key and pog.ugp_key=ugp.ugp_key and

ugp.ugp_name like '<Role Name>';

 

 7.      To get List of role names against associated application instances evaluated through access         policies

select ugp.ugp_name, app_instance.app_instance_display_name from pol,ugp, pog , pof,obj,svr,app_instance

where pol.pol_key=pog.pol_key and

pog.ugp_key=ugp.ugp_key and pof.pol_key=pol.pol_key and obj.obj_key=pof.obj_key

and app_instance.itresource_key=svr.svr_key and

to_char(svr.svr_key)=pof.POF_FIELD_VALUE ;

                       

8. To get list of users associated with role and evaluated with access policy attached to it.

select  usr.usr_login, ugp.ugp_name,ent_list.ent_display_name,pol.pol_name from poc,ent_list,ent_assign,pol,pog,ugp,usr where poc.poc_field_value=ent_list.ent_code and poc.pol_key=pol.pol_key

and ent_assign.ent_list_key=ent_list.ent_list_key and pog.ugp_key=ugp.ugp_key and pog.pol_key=pol.pol_key

and ent_assign.usr_key=usr.usr_key

and  ugp.ugp_key in (select ugp.ugp_key from pol,ugp, pog , pof,obj,svr,app_instance

where pol.pol_key=pog.pol_key and

pog.ugp_key=ugp.ugp_key and pof.pol_key=pol.pol_key and obj.obj_key=pof.obj_key

and app_instance.itresource_key=svr.svr_key and

to_char(svr.svr_key)=pof.POF_FIELD_VALUE and app_instance_display_name=<Application instance display name>)

and  usr.usr_status='Active';

 

9.       To  get all the Users having specific account provisioned.

    SELECT USR.USR_LOGIN, USR.USR_FIRST_NAME, USR.USR_LAST_NAME

FROM OBJ, OBI, OIU, OST, USR

WHERE OBJ.OBJ_KEY = OBI.OBJ_KEY

AND OBI.OBI_KEY = OIU.OBI_KEY

AND OIU.USR_KEY = USR.USR_KEY

AND OIU.OST_KEY = OST.OST_KEY

AND OST.OBJ_KEY = OBJ.OBJ_KEY

AND OST.OST_STATUS IN ('Enabled','Provisioned')

AND OBJ.OBJ_NAME = '<Resource Object Name>';

 

 

10     To get all the User's provisioned/enabled accounts.

SELECT OBJ.OBJ_NAME, OST_STATUS

FROM OBJ, OBI, OIU, OST, USR

WHERE OBJ.OBJ_KEY = OBI.OBJ_KEY

AND OBI.OBI_KEY = OIU.OBI_KEY

AND OIU.USR_KEY = USR.USR_KEY

AND OIU.OST_KEY = OST.OST_KEY

AND OST.OBJ_KEY = OBJ.OBJ_KEY

AND OST.OST_STATUS IN ('Enabled','Provisioned')

AND USR.USR_LOGIN = '<User_Login>';

To get all the list of users provisioned to application between the dates

select distinct usr_login, usr_email, usr_status, ost_status, sch_actual_start, mil_name

FROM OSI 
inner join SCH on SCH.SCH_KEY=OSI.SCH_KEY 
inner join STA on STA.STA_STATUS=SCH.SCH_STATUS 
inner join MIL on OSI.MIL_KEY=MIL.MIL_KEY 
inner join TOS on MIL.TOS_KEY=TOS.TOS_KEY 
inner join PKG on TOS.PKG_KEY=PKG.PKG_KEY 
inner join OIU on OSI.ORC_KEY=OIU.ORC_KEY 
inner join USR on OIU.USR_KEY=USR.USR_KEY 
inner join OST on oiu.ost_key = ost.ost_key 
inner join OBJ on OST.OBJ_KEY=OBJ.OBJ_KEY 
inner join ORC on orc.orc_key = oiu.orc_key 
WHERE to_date(to_char(sch_actual_start,'DD-MM-YYYY'),'DD-MM-YYYY') between to_date('01-01-2018','DD-MM-YYYY') and to_date('01-07-2018','DD-MM-YYYY')
and 
ost_status in ('Provisioned','Enabled','Disabled')
and sta_bucket ='Completed'
and MIl_name ='Create User'

and upper(obj_name) like '%AD%';