Default Session Timeout in OIM

 1) As per section "5.1.21 Default Session Timeout" in OIG Admin Guide, the default session timeout value (10 minutes) is defined in "WEB-INF/web.xml" in "identity" & "sysadmin" ear files. Changing it directly in "WEB-INF/web.xml" file is not supported.

5.1.21 Default Session Timeout:
https://docs.oracle.com/en/middleware/idm/suite/12.2.1.4/idmrn/oracle-identity-governance.html#GUID-145185AE-2290-4A7B-B9AB-C4BD107117D2

2) You need to follow the steps provided below, but for "session-timeout".

B.9.8 Updating Identity Self Service, System Administration, and FacadeWebApp to Change the Session Cookie
https://docs.oracle.com/en/middleware/idm/identity-governance/12.2.1.4/omadm/configuring-sso-providers-oracle-identity-manager.html#GUID-9C2A306E-7C2E-4608-A5FD-A170DF7C2EF2

3) For your reference I will attaching the deployment plans (SampleDeploymentPlans.zip) I used in my environment.

4) Before you do anything, please take backup of the following files.

$OIM_HOME/server/apps/oracle.iam.console.identity.self-service.ear
$OIM_HOME/server/apps/oracle.iam.console.identity.sysadmin.ear
$OIM_HOME/server/apps/oim.ear

ORA-00001: unique constraint (IDM_OIM.PK_USR) violated at line number 1308

Issue - ORA-00001: unique constraint (IDM_OIM.PK_USR) violated at line number 1308
Problem Summary - Bulk Load Failed due to users already present with the usr_key, so find out the failed users from table
select * from USR_11G_FROM_PROD_EX1;
Update the usr_key and bulk load the failed users.
Solution - Onboard the failed users with different usr_key

Issue - BULK LOAD UTILITY FAILS WITH "ORA-00907: MISSING RIGHT PARENTHESIS"
Problem Summary - Bulk Load fails when used CSV File as a input in Kubernetes environment.

Solution - Oracle is having a patch on this issue
Patch 33997963: BULK LOAD UTILITY FAILS WITH "ORA-00907: MISSING RIGHT PARENTHESIS"

 

Note: Before applying any patch to your environment, please confirm it on Oracle Support.

Customize resource history page in oim accounts

Customize resource history page by adding extra number of rows to see more tasks on the page as default number of tasks to display is only 5

1) shut down OIM
2) 'cd' to $OIM_HOME/server/apps/oim.ear
3) make a backup copy of the OIGUI.war file
4) extract the js/ui/reshistroy/pages/reshist.tmpl.html and web/js/ui/reshistroy/pages/reshist.tmpl.html files from the OIGUI.war file and change the following:
data-bind="ojComponent: {component: 'ojPagingControl',data: resHistroyPagingDatasource, pageSize: 5}"></div>
to:
data-bind="ojComponent: {component: 'ojPagingControl',data: resHistroyPagingDatasource, pageSize: 15}"></div>
5) save the updated reshist.tmpl.html files back to OIGUI.war but do not update the manifest
6) start up OIM
7) log into the WLS Admin console and select "Lock and Edit" in the upper left corner
8) navigate to "Deployments" -> "Configuration" tab and select the checkbox next to "oim"
9) select "Update" at the top, use the default values and click "Finish"
10) click on "Activate Changes" in the upper left corner (I got an error but ignored it - see below that I had to restart the server)
11) click on "Control" tab at the top, scroll down to "oim", click the checkbox to the left of it then scroll back up and click "Start" -> "Servicing all requests"
NOTE: if the "oim" deployed application doesn't start properly then just shut down the OIM server and start it back up
12) go into "Resource History" and confirm if you see 5 or 15 rows now.

How to set the Session Timeout for Identity and Sysadmin Console in OIM 12c

How to set the Session Timeout for Identity and Sysadmin Console in OIM 12c

PART – 1 Prepare the xml files for the Session timeout changes for the respective deployments.

 

identityPlan.xml

<?xml version='1.0' encoding='UTF-8'?>

<deployment-plan xmlns="http://xmlns.oracle.com/weblogic/deployment-plan" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/deployment-plan http://xmlns.oracle.com/weblogic/deployment-plan/1.0/deployment-plan.xsd">

  <application-name>oracle.iam.console.identity.self-service.ear#V2.0</application-name>

  <variable-definition>

    <variable>

      <name>NewTimeOut</name>

      <value>60</value>

    </variable>

  </variable-definition>

  <module-override>

    <module-name>oracle.iam.console.identity.self-service.war</module-name>

    <module-type>war</module-type>

    <module-descriptor external="false">

      <root-element>web-app</root-element>

      <uri>WEB-INF/web.xml</uri>

      <variable-assignment>

             <name>NewTimeOut</name>

             <xpath>/web-app/session-config/session-timeout</xpath>

    </variable-assignment>

    </module-descriptor>

  </module-override>

</deployment-plan>

 

sysadminPlan.xml

<?xml version='1.0' encoding='UTF-8'?>

<deployment-plan xmlns="http://xmlns.oracle.com/weblogic/deployment-plan" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/deployment-plan http://xmlns.oracle.com/weblogic/deployment-plan/1.0/deployment-plan.xsd">

  <application-name>oracle.iam.console.identity.sysadmin.ear#V2.0</application-name>

  <variable-definition>

    <variable>

      <name>NewTimeOut</name>

      <value>60</value>

    </variable>

  </variable-definition>

  <module-override>

    <module-name>oracle.iam.console.identity.sysadmin.war</module-name>

    <module-type>war</module-type>

    <module-descriptor external="false">

      <root-element>web-app</root-element>

      <uri>WEB-INF/web.xml</uri>

      <variable-assignment>

             <name>NewTimeOut</name>

             <xpath>/web-app/session-config/session-timeout</xpath>

    </variable-assignment>

    </module-descriptor>

  </module-override>

</deployment-plan>

 

 

oimPlan.xml

<?xml version='1.0' encoding='UTF-8'?>

<deployment-plan xmlns="http://xmlns.oracle.com/weblogic/deployment-plan" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/deployment-plan http://xmlns.oracle.com/weblogic/deployment-plan/1.0/deployment-plan.xsd">

  <application-name>oim</application-name>

  <variable-definition>

    <variable>

      <name>NewTimeOut</name>

      <value>60</value>

    </variable>

  </variable-definition>

  <module-override>

    <module-name>iam-consoles-faces.war</module-name>

    <module-type>war</module-type>

    <module-descriptor external="false">

      <root-element>web-app</root-element>

      <uri>WEB-INF/web.xml</uri>

      <variable-assignment>

             <name>NewTimeOut</name>

             <xpath>/web-app/session-config/session-timeout</xpath>

    </variable-assignment>

    </module-descriptor>

  </module-override>

  <module-override>

    <module-name>FacadeWebApp.war</module-name>

    <module-type>war</module-type>

    <module-descriptor external="false">

      <root-element>web-app</root-element>

      <uri>WEB-INF/web.xml</uri>

      <variable-assignment>

             <name>NewTimeOut</name>

             <xpath>/web-app/session-config/session-timeout</xpath>

    </variable-assignment>

    </module-descriptor>

  </module-override>

</deployment-plan>

 

Part – 2 Deploy the ear files have changes been made in web.xml

 
1.      Login to WebLogic console as an Administrator.
2.      Select Deployments under Domain Structure
3.      Select oracle.iam.console.identity.self-service.ear(V2.0) and Update
4.      Click on Change Path on Deployment Plan Path
5.      Select the file location IdentityPlan.xml
6.      Select the Update this application in place with new deployment plan changes option.
Note:
You can ignore the following errors while updating the plan:
'weblogic.management.DeploymentException:  The application oracle.iam.console.identity.self-service.ear#V2.0 cannot have the resource WEB-INF/weblogic.xml updated dynamically. Either:
7.      Click Finish to complete the deployment plan configuration
8.      Activate changes if required
9.      Changes are activated then restart the servers after doing all the changes.
 
Deployment Plan Changes on oracle.iam.console.identity.sysadmin.ear
 
10.  Search for oracle.iam.console.identity.sysadmin.ear (V2.0)
11.  Select and Update
12.  Click on Change Path on Deployment Plan Path
13.  Select SysadminPlan.xml from persistent volume location.
14.  Select the Update this application in place with new deployment plan changes option.
15.  Click Finish to complete the deployment plan configuration
16.  Activate Changes
17.  Changes are made, restart the servers.
 
Deployment Plan Changes on oim.ear
 
18.  Look for oim.ear
19.  Select and Update oim
20.  Click on Change Path on Deployment Plan Path
21.  Select oimPlan.xml from persistent volume location.
22.  Select the Update this application in place with new deployment plan changes option.
23.  Click Finish to complete the deployment plan configuration
24.  Activate Changes
25.  Ignore the errors while activation of the deployment.
26.  Changes are made, restart the servers.
 

List of jars required to connect to OIM using Java

Issue: I am trying to create a Java project to connect to OIM to fetch some details using OIM Api's and I am facing the below error in Jdev project.

Error:

Exception in thread "main" java.lang.NoClassDefFoundError: oracle/idm/diagnostics/client/ContextSensitiveLogger
    at oimclient/oracle.iam.platform.auth.client._.<clinit>(_.java:39)
    at oimclient/Thor.API.Security.LoginHandler.weblogicLoginHandler.login(weblogicLoginHandler.java:60)
    at oimclient/oracle.iam.platform.OIMClient.login(OIMClient.java:213)
    at oimclient/oracle.iam.platform.OIMClient.login(OIMClient.java:184)
    at RMSEnrolmentPOC/oim.poc.ADConnectionWrite.oimClient(ADConnectionWrite.java:28)
    at RMSEnrolmentPOC/oim.poc.ADConnectionWrite.main(ADConnectionWrite.java:85)
Caused by: java.lang.ClassNotFoundException: oracle.idm.diagnostics.client.ContextSensitiveLogger
    at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
    at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
    at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)

 

SOLUTION:

List of jars required to connect to OIG 12.2.1.4.0 server using APIs through JDeveloper 12.2.1.4.0 are,

$MW_HOME/oracle_common/modules/oracle.jrf/jrf-api.jar
$MW_HOME/oracle_common/modules/org.apache.commons.logging_1.2.jar

$MW_HOME/oracle_common/modules/thirdparty/spring-core-4.3.20.RELEASE.jar
$MW_HOME/oracle_common/modules/thirdparty/spring-context-4.3.20.RELEASE.jar

$MW_HOME/wlserver/server/lib/wlthint3client.jar

$MW_HOME/idm/designconsole/lib/oimclient.jar

$MW_HOME/idm/server/idmdf/idmdf-common.jar
$MW_HOME/idm/server/idmdf/event-recording-client.jar
$MW_HOME/idm/server/idmdf/idmdf-notification-engine.jar