maandag 16 december 2013

ADF: annoying warnings

Fact

In the logging of your application server, you see often the following warning :

<SimpleSelectOneRenderer><_getSelectedIndex> Could not find selected item matching value "0" in RichSelectOneChoice[UIXEditableFacesBeanImpl, id=value70]

Problem

You are probably using a component which generates fields dynamically, like the query-component.  If you have defined a LOV for one of the fields this component needs to show and you have specified that it needs a "No Selection" item in the UI Hints of the LOV, then this warning will popup.

The warning you are getting is just saying that he tries to map a selected value "0" to the list he recieves, in which case he did not find it.  The id is pointing to the field in the query component in this case.  The fields are numberd from value00, value10, value20 to valueXX.

Solution

The solution is to remove the selection of the "No Selection"-item, but this will probably add another problem to your list.  To solve this problem you can do the following depending on the type of the view-component of your LOV.

  • View based on static values.
    In this case just add an empty row and put it on top.  The order for these kind of views is determined by the order in the list.

  • View based on a query.
    In this case just add an union-clause and add an empty row through the dual-table.  Also add an order by-clause to put the null-row first.

donderdag 3 oktober 2013

Simple tuning principles for ADF

Hello everyone,

Most of the time when people are talking about tuning, it starts to get quickly quite ugly technical.
I had the opportunity to do some tuning for a customer myself, I didn't pushed the pedal to the metal, but found some simple rules I could follow.


  • BC View Tuning
    • as-needed = iterator range size
    • fetch size batches = rows displayed + 1
    • max fetch size = -1
  • AM
    • jbo.ampool.initpoolsize=10% more then concurrent users
    • jbo.recycletreshold = nbr concurrent users
    • jbo.ampool.monitorsleepinterval= 14400000 = 4uur
    • jbo.dofailover=true
    • jbo.locking.mode=optimistic
    • jbo.doconnectionpooling=false
  • Pagedefinition
    • Iterator Rangesize = number of rows displayed
    • Iterator RowCountTreshold = -1
  • Taskflows
    • activation = defer
Everything else is common sense :-).

Hopes this gets you started.

F

Unconventional Overview of OOW13

Hello everyone,

Due to the huge amount of readers of my last year’s blogs on OOW, I restrict myself this year to the overall conclusion I made on OOW13.
The idea’s and opinions expressed in this blog are my own.  So if you want copy or use them, please send a donation to charity ☺.

@https://www.facebook.com/OracleOpenWorld
As aspected this year's Oracle Open World focused on Cloud, Big Data, Social, Customer Experience, M2M(IoT) and Mobile.
No surprises here, until you look further.  Until you start looking further then the sessions being given, further then buzzwords, even further then keynote speeches.

First major change, it is not about mobile, it is about mobile-first.  No longer the desktop browser is king in the land of the developer, according to Oracle, but the mobile devices are.  They control the development of frameworks, architectures and solutions.   They define how application will be made in the future and how they will look like.
We came from a couple of years of developing desktop web browser applications and making the mobile brothers alike for them, to making mobile applications and given their big brother applications the look&feel they need.
While this seems a small shift, it will totally change your view on application development.
Does this mean you need to throw all your current projects away and start over again, no.
Remember that it is Oracle's vision that is presented at Open World, giving you a year or two to react upon.

Another change is in the Cloud proposal, but this change we all expected: more, bigger and more social. The solutions presented covering the cloud offering of Oracle, were numerous.  I was impressed in the total package of Oracle, extra features on the existing offerings, new offerings in the IAAS, PAAS and SAAS area. While I'm not an Oracle applications guy, the list of offerings in the SAAS area overwhelmed me. Off course, their SAAS-cloud offering doesn't cover all the functionalities delivered by their mature sisters like PeopleSoft, Siebel, EBusiness Suite or JD Edwards.  Nor is that the purpose.  How many times did you hear that the cloud would change the way you do business?
When there wouldn't be any difference between those solutions, where would the change in doing business be?
But this isn't change this is evolution. The change lies in opening of their cloud offering.
How do you open a cloud offering you might ask?  It is not only Oracle's cloud that gives you your favorite products at your fingertips, also Microsoft's Azure-cloud solution will enable you to run your business in the cloud on Oracle software.
Who said that Oracle isn't a cloud company?
Small remark on the side: MS was putting a lot of focus on the fact that you could run the Oracle database, WebLogic Server and Java in their cloud.  While the first two make sense, the last one is a bit strange. Since it's slogan is "Develop once, run anywhere".

Finally, big data or should I say smart data. While last year big data was al about capturing, this year it is all about integrating and delivering solutions for the business.  The examples given during such a conference are breath taking.
Coming from a very small country myself, I was wondering what could mean big/smart data for the Belgium market. And in essence it is not about the absolute size of data that need to be handled, but the relative portion of that data that resides above the normal expected working parameters of your business. Since Oracle always looks at the big players in all market segments, the hardware solutions they put forward are equally big. So it is far more opportune to not look at the hardware side of things, but the architecture side of it.  Perhaps your business doesn't need the power of treating billions of rows of data a day, but it might well be that it is interested in the same insights.
Insights into your business, insights into your way of working, insights into your customers, insights into the business of your customers and perhaps the most business interruptive power of them all: social media.
Big/smart data is not about data; it is about thinking differently about building solutions based on data. Now it all comes together, network, hardware, software, maturity and social allowing for a new final frontier of analytics.

@https://www.facebook.com/OracleOpenWorld
Let’s not forget the new kid on the block, M2M.  It is hardly new; it was already presented the year before, but then only on JavaOne. While you need to go to J1 for the dirty technical details about it, you can now join OOW for the business side of things.  What M2M appeals to me is that it, like big data, let’s you rethink solutions for the business.  Now it is a lot easier to not only build a solution based on software, but also include a hardware portion.  We are not confined anymore to expense and unique in the market devices, probably vendor locked-in also, but we get now this breath taken possibilities of cheap and commodity hardware that we can shape to our needs.  The fact that this topic got his own keynote means that Oracle thinks that their customers are ready to embrace this technology, which probably result in a boost of projects being started.

@https://www.facebook.com/OracleOpenWorld
If you think I covered all the major topics by now, cloud/mobile/big data/m2m/social, you are in for a surprise.
At last year's conference, we had a couple of talks about the way Oracle tries to deliver applications that are end-user friendly.  They even had planned a short trip to HQ, to convince us about the effort they put into it.
Who could ever thought, that this topic would be the biggest one of them all the year after? I'm not counting the number of sessions nor the seats in the rooms of those sessions; instead I'm looking at impact of it on all previously discussed topics.
"Customer Experience", it seems so easy and logical. It is the reason why there are so many conventions around the world. It is the reason why companies invest in development, marketing and sales.  Frankly, it is probably the outcome of customer experience that drives companies or better-put "people".
Once you start talking about customer experience, you are dealing with a totally different set of KPI’s.  It is no longer about bits and bytes, no longer about how fast and well we can treat information, it is not about how much money we put into IT, what the hell it is not about IT.
It is about ... you, the customer, partner, employee and family and how we can make our business more suited for you.
Finally, once a department starts thinking about the service it can deliver, instead of the great wonderful technical things they can do, that's the day that it becomes the corner stone of a company.


Here are a few examples to illustrate the power of it.

@http://kentgraziano.com/
  • I already tweeted about it, so I'll start with the event itself. Not only was the event bigger in size, it was also bigger in the overall experience for the visitor. For me it is not so much about the big, too cold air-conditioned session rooms (they were there last year also ☺), it is about the fact that the company Oracle is more then just a supplier of hard- and software, it delivers now also entertainment, passion and vision outside of the IT-landscape.

    Walking around on the Oracle plaza, which was on Howard Street (between North and South Moscone), gave you a sense of the power of Oracle in the Bay area. This year there was no closed tent hiding Howard Street. This year it was an open, inviting and socially appealing place to linger. Coming out of a keynote, hearing fantastic music, feeling the sun warming your body and only seeing smiling people, pushes you into the only possible conclusion: Life @/with Oracle is great.  On top of that, add the suspense of the America's Cup, and you know there is more to live then IT even @Oracle.

    Short remark on the side concerning Larry Ellison ditching his cloud keynote in favor of the boat race, so what?  Larry has the fortune to have now 2 boats (metaphorically speaking). One is a very big one, with still a lot of potential but more importantly 5 great captains. This boat is not ready, nor willing, to lose. It has a great history of good and bad moments, but always came out strong. The other one is fairly new, has only 1 captain and a smaller crew. It has equally great potential, but still need guidance, hence their victory in the America's Cup.Larry didn't stand up 60.000 people, there would never be 60.000 people looking at the keynote. So many of them were also looking at the boat race or having lunch with customers or partners. Isn't it great to see that the team behind Larry is capable of standing by their captain?
  • Another example is the testimony of Lego. What a great inside into their company's marketing vision. How else can you do a campaign for 100$? Admitting that Lego already had a good brand name, so it can more easily make use of crowd sourcing, but nevertheless a good example how small and simple things can bring great results (trying to avoid saying big here).
    It is all about finding the social needs of your customers and using that to open new worlds for them and yourself.

  • Now for the last example, a more of a personal note. First a warning: all characters appearing in this story are fictitious. Any resemblance to real persons, living or dead, is purely coincidental.

    So I was wondering around finding my way to Moscone North for the keynote of JavaOne. Assuming a lot of people would take the direct route through the Moscone North entry, I took my changes via Moscone South. As a few of you know, there is a direct passage from South to North. Still standing in South and looking on to the passage of North, I see a sea of people waiting to go to the keynote. So a bit uneasy I put myself back in line ready for a long period of queuing.  Still not sure I'm really in the right lane, I ask a person next to me whether this is really the queue for the keynote.
    Naturally she could answer, "Off course, what else would all those people be queuing for?" and probably thinking "Again a foreigner, probably from a small country like Belgium where they've never seen such an interest in a keynote".
    Strangely enough she didn't, instead she said, "Yes, it is". A bit surprised by the calmness of her answer and given my capability of not stopping speaking, I asked a couple of more questions. Strangely enough, she didn't figure out that I was a foreigner right away and so she kept on answering my curiosity. Suddenly the roles got inverted. She was now starting to ask questions and I was more then willing to reply. After 10 minutes going back and forth like this, something changed.  We stopped with asking and started telling stories about things that happened or would be happening in the near future. We watched the keynote together and gave our very personal opinion on every topic. More often then not, we were thinking in the same direction. After the keynote, we exchanged numbers and fought our way through JavaOne for her and Open World for me.

    Now what has this to do with customer experience? Well read the story again and replace "me" with yourself, "she" with your partner, customer and the "keynote" with social media. Now tell me, is this not how you make the first contact with new customers/partners?


The final thoughts I want you to take with you are that all the fancy buzzwords like cloud, mobile, big data should be enablers for your business and not a goal in itself. When looking beyond IT and seeing the bigger picture, will allow you to do bigger and longer projects that stand the test of time and will be better appreciated and used by the business.

Hoped you enjoyed the reading.

F

dinsdag 28 mei 2013

ADF BC: JBO-25014: Another user has changed the row with primary key

Challenge

You receive the error mentioned in the title, but you are quite sure this is not the case and nothing has changed in the database due to triggers or pl/sql-code.

Context

Jdeveloper: 11gR1

Solution

There are already quite a few blogs on this error within ADF.  They all talk about the fact that something has changed in the database, without BC knowing about it.  This can be done through another user, a batch-script, a trigger or any other pl/sql-code.
But what if you are 100% sure this is not the case, then read on.

There is also another reason why this happen: the comparison of the different attributes didn't go well.  Although the documentation clearly state that the oracle.jbo.domain-classes should solve this issue, we still have found ourselves multiple times in this situation and mostly due to Date-attributes.
There are 2 ways to handle this:
  1. You can identify an attribute in your entity as a “Change Indicator”.  Once you have identified such an attribute in your entity, the BC-code will no longer compare all attributes, instead it will only compare those with the “Change Indicator” activated.

    To set this indicator on an attribute, just open the editor of the attribute to see the “Change Indicator” property.
  2. You can remove the attribute that is causing the problem from the comparison.  This is easier said than done, because you need to know which attribute is causing the problem.

    To find this out, just activate the JBO-diagnostic logging, you can do this by adding the following “-Djbo.debugoutput=console” to the Java-options of your run-configuration.
    Now run the application again and simulate the problem.  You should find something like this:
    <EntityImpl><compare> [508] Entity compare failed for attribute HireDate
    <EntityImpl><compare> [509] Original value :19-06-1987
    <EntityImpl><compare> [510] Target value :19-06-1987
    
    Now you know it is the HireDate-Attribute.  Now add the following code to the Impl-class of your entity:
    @Override
    protected boolean compare(SparseArray sparseArray) {
       // Removing the HIREDATE attribute from the array
       if (sparseArray != null && !sparseArray.isEmpty()) {
           for (int i=0; i<sparseArray.length(); i++) {
               Object value = sparseArray.get(i);
               if (value != null) {
                   if (i == HIREDATE) sparseArray.clear(i);
               }
           }
       }
       // Calling the standard compare method
       return super.compare(sparseArray);
    }
    
    You can do this for as many attributes as you need, just add them to the 3th if-statement.

dinsdag 7 mei 2013

JDeveloper 11.1.2.4 on Mac Lion


Challenge

Installing JDeveloper 11.1.2.4 on a MAC Lion

Context

Mac: 10.7.5
Jdeveloper: 11.1.2.4.0
Java: 1.7.0_17


Solution

I encountered 2 problems during installation:

  1. In the Installation wizard, when you use Custom instead of Typical, you need to find the correct Java version yourself.  If you use Typical, the default Java is set per default.
  2. When trying to run the WebLogic Server for the first time, I receive the following output:
    [Waiting for the domain to finish building...]
    
    [03:54:51 PM] Creating Integrated Weblogic domain...
    
    [03:55:21 PM] Extending Integrated Weblogic domain...
    
    [03:55:29 PM] Integrated Weblogic domain processing completed successfully.
    
    *** Using HTTP port 7101 ***
    
    *** Using SSL port 7102 ***
    
    /Users/filiphuysmans/.jdeveloper/system11.1.2.4.39.64.36/DefaultDomain/bin/startWebLogic.sh
    
    [waiting for the server to complete its initialization...]
    .
    .
    JAVA Memory arguments: -Xms256m -Xmx512m
    .
    Unrecognized option: -jrockit
    
    Error: Could not create the Java Virtual Machine.
    
    Error: A fatal exception has occurred. Program will exit.
    
    WLS Start Mode=Development
    .
    
    CLASSPATH=/Users/filiphuysmans/programs/JDev111240/oracle_common/modules/oracle.jdbc_11.1.1/ojdbc6dms.jar:/Users/filiphuysmans/programs/JDev111240/patch_wls1035/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/Users/filiphuysmans/programs/JDev111240/patch_jdev1112/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/Library/Java/JavaVirtualMachines/jdk1.7.0_17.jdk/Contents/Home/lib/tools.jar:/Users/filiphuysmans/programs/JDev111240/wlserver_10.3/server/lib/weblogic_sp.jar:/Users/filiphuysmans/programs/JDev111240/wlserver_10.3/server/lib/weblogic.jar:/Users/filiphuysmans/programs/JDev111240/modules/features/weblogic.server.modules_10.3.5.0.jar:/Users/filiphuysmans/programs/JDev111240/wlserver_10.3/server/lib/webservices.jar:/Users/filiphuysmans/programs/JDev111240/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/Users/filiphuysmans/programs/JDev111240/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/Users/filiphuysmans/programs/JDev111240/oracle_common/modules/oracle.jrf_11.1.1/jrf.jar:/Users/filiphuysmans/programs/JDev111240/wlserver_10.3/common/derby/lib/derbyclient.jar:/Users/filiphuysmans/programs/JDev111240/wlserver_10.3/server/lib/xqrl.jar
    .
    PATH=/Users/filiphuysmans/programs/JDev111240/wlserver_10.3/server/bin:/Users/filiphuysmans/programs/JDev111240/modules/org.apache.ant_1.7.1/bin:/Library/Java/JavaVirtualMachines/jdk1.7.0_17.jdk/Contents/Home/jre/bin:/Library/Java/JavaVirtualMachines/jdk1.7.0_17.jdk/Contents/Home/bin:/usr/bin:/bin:/usr/sbin:/sbin
    .
    ***************************************************
    *  To start WebLogic Server, use a username and   *
    *  password assigned to an admin-level user.  For *
    *  server administration, use the WebLogic Server *
    *  console at http://hostname:port/console        *
    ***************************************************
    starting weblogic with Java version:
    Starting WLS with line:
    /Library/Java/JavaVirtualMachines/jdk1.7.0_17.jdk/Contents/Home/bin/java -jrockit   -Xms256m -Xmx512m -Dweblogic.Name=DefaultServer -Djava.security.policy=/Users/filiphuysmans/programs/JDev111240/wlserver_10.3/server/lib/weblogic.policy -Djavax.net.ssl.trustStore=/var/tmp/trustStore875832875455889226.jks -Dhttp.proxyHost=proxy.iconos.be -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts=local|*.local|169.254/16|*.169.254/16|127.0.0.1|localhost|*.localhost|localhost.localdomain|::1|10.99.9.23|Filips-MacBook-Pro-2.local -Dhttps.proxyHost=proxy.iconos.be -Dhttps.proxyPort=8080 -Doracle.jdeveloper.adrs=true -Dweblogic.nodemanager.ServiceEnabled=true  -Xverify:none  -da -Dplatform.home=/Users/filiphuysmans/programs/JDev111240/wlserver_10.3 -Dwls.home=/Users/filiphuysmans/programs/JDev111240/wlserver_10.3/server -Dweblogic.home=/Users/filiphuysmans/programs/JDev111240/wlserver_10.3/server  -Djps.app.credential.overwrite.allowed=true -Dcommon.components.home=/Users/filiphuysmans/programs/JDev111240/oracle_common -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/Users/filiphuysmans/.jdeveloper/system11.1.2.4.39.64.36/DefaultDomain -Djrockit.optfile=/Users/filiphuysmans/programs/JDev111240/oracle_common/modules/oracle.jrf_11.1.1/jrocket_optfile.txt -Doracle.server.config.dir=/Users/filiphuysmans/.jdeveloper/system11.1.2.4.39.64.36/DefaultDomain/config/fmwconfig/servers/DefaultServer -Doracle.domain.config.dir=/Users/filiphuysmans/.jdeveloper/system11.1.2.4.39.64.36/DefaultDomain/config/fmwconfig  -Digf.arisidbeans.carmlloc=/Users/filiphuysmans/.jdeveloper/system11.1.2.4.39.64.36/DefaultDomain/config/fmwconfig/carml  -Digf.arisidstack.home=/Users/filiphuysmans/.jdeveloper/system11.1.2.4.39.64.36/DefaultDomain/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/Users/filiphuysmans/.jdeveloper/system11.1.2.4.39.64.36/DefaultDomain/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/Users/filiphuysmans/.jdeveloper/system11.1.2.4.39.64.36/DefaultDomain/servers/DefaultServer/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/Users/filiphuysmans/programs/JDev111240/oracle_common/modules/oracle.ossoiap_11.1.1,/Users/filiphuysmans/programs/JDev111240/oracle_common/modules/oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol  -Dweblogic.jdbc.remoteEnabled=false -Dwsm.repository.path=/Users/filiphuysmans/.jdeveloper/system11.1.2.4.39.64.36/DefaultDomain/oracle/store/gmds   -Dweblogic.management.discover=true  -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=/Users/filiphuysmans/programs/JDev111240/patch_wls1035/profiles/default/sysext_manifest_classpath:/Users/filiphuysmans/programs/JDev111240/patch_jdev1112/profiles/default/sysext_manifest_classpath  weblogic.Server
    
    Unrecognized option: -jrockit
    Error: Could not create the Java Virtual Machine.
    Error: A fatal exception has occurred. Program will exit.
    Process exited.
    
2 things go wrong here:
  • He tries to use the -jrockit VM-type.
  • There is no setting for the PermGenSpace
To solve this problem, perform the following steps:
  • Go to the domain directory to find the setDomainEnv.sh file.
    This file can be found in <your home directory>/.jdeveloper/system11.1.2.4.39.64.36/DefaultDomain/bin
  • Find the line with 'SUN_JAVA_HOME=""' and change/modify it to
      • SUN_JAVA_HOME=$BEA_JAVA_HOME
      • JAVA_VENDOR=Sun
      • export SUN_JAVA_HOME JAVA_VENDOR
  • Save the file and try to start the WLS Server

vrijdag 12 april 2013

Submitted Sessions for Oracle Open World and JavaOne 2013

It is again this time of year, were everyone is searching for their best English and write a small piece of text to convince a group of people.  Also we did the same exercise and handed over our papers for Oracle Open World and JavaOne.

Here is our, Contributes, list of papers for 2013:


 ID  Proposed Session Title  Type
TUT4879  Building your stock management solution for no more then $299  Tutorial
CON4907  Making Open-Source & Oracle security best friends. The Mazda story.  Conference Session
CON4872  No SOA without Service Orchestration  Conference Session
CON4901  Score with the right Oracle technology for the right audience. The RBFA story.  Conference Session
CON1846  Taking You from Forms to ADF Mobile: a Journey  User Group Forum (Sunday Only)


I would advice everyone else to do the same, but .... on different topics preferably ;-).

Thanks to everyone who helped building up this list and everyone who is going help to get some talks accepted.

Very much appreciated.

Filip

dinsdag 9 april 2013

Installing HTTP_Server with WebGate

Challenge

Installing an HTTP Server and configure it to be used as entry point for OAM.

Context

OAM 11.1.2 running on WLS 10.3.6.0

Solution

Installing the HTTP_Server
  • Unzipping the HTTP_Server software
    • cd /opt/install/oam
    • mkdir patch6
    • unzip WebTier_11Patch6.zip -d patch6
    • cp patch6/Disk1/stage/Response/WebTierInstallAndConfigure.rsp ./WebTierInstallAndConfigurePatch6.rsp
    • cp patch6/Disk1/stage/Response/staticports.ini .
    • mv staticports.ini webtier_staticport.ini
    • Adapt the WebTierInstallAndConfigurePatch6.rsp
      [ENGINE]
      
      #DO NOT CHANGE THIS.
      Response File Version=1.0.0.0.0
      
      [GENERIC]
      
      #Set this to true if you wish to specify a directory where latest updates are downloaded. This option would use the software updates from the specified directory
      SPECIFY_DOWNLOAD_LOCATION=false
      
      #
      SKIP_SOFTWARE_UPDATES=true
      
      #If the Software updates are already downloaded and available on your local system, then specify the path to the directory where these patches are available and set SPECIFY_DOWNLOAD_LOCATION to true
      SOFTWARE_UPDATES_DOWNLOAD_LOCATION=
      
      #Set this to true if installation and configuration need to be done, all other required variables need to be provided. Variable "INSTALL AND CONFIGURE LATER TYPE" must be set to false if this is set to true as the variables are mutually exclusive
      INSTALL AND CONFIGURE TYPE=true
      
      #Set this to true if only Software only installation need to be done. If this is set to true then variable "INSTALL AND CONFIGURE TYPE" must be set to false, since the variables are mutually exclusive.
      INSTALL AND CONFIGURE LATER TYPE=false
      
      #Provide the Oracle Home location. The Oracle Home directory name may only contain alphanumeric , hyphen (-) , dot (.) and underscore (_) characters, and it must begin with an alphanumeric character. The total length has to be less than or equal to 128 characters. The location has to be an empty directory or a valid WebTier Oracle Home.
      ORACLE_HOME=/u01/app/oam/product/webtier/OHS
      
      #Provide existing Middleware Home location.
      MIDDLEWARE_HOME=/u01/app/oam/product/webtier
      
      #The name of the Oracle Instance. Instance name must begin with an alphabetic character, may only contain alphanumeric characters, or the underscore (_) or hyphen (-) characters and are 4 to 30 characters long.
      INSTANCE_HOME=/u01/app/oam/product/webtier/instances/instance1
      
      #Provide the Oracle Instance location. The Oracle Instance directory name may only contain alphanumeric , hyphen (-) , dot (.) and underscore (_) characters, and it must begin with an alphanumeric character. The total length has to be less than or equal to 128 characters. The location has to be an empty or non existing directory.
      INSTANCE_NAME=instance1
      
      #If set to true, installer will auto assign ports
      AUTOMATIC_PORT_DETECT=false
      
      #This is required if "AUTOMATIC_PORT_DETECT" variable is set to false, absolute path of a staticports file location need to be provided with values for ports.\nThe template for staticports.ini can be found from Disk1/staget/Response directory of the shiphome.
      STATICPORT INI FILE LOCATION=/opt/install/oam/webtier_staticport.ini
      
      #Provide the My Oracle Support Username. If you wish to ignore Oracle Configuration Manager configuration provide empty string for user name.
      MYORACLESUPPORT_USERNAME=
      
      #Provide the My Oracle Support Password
      MYORACLESUPPORT_PASSWORD=
      
      #Set this to true if you wish to decline the security updates. Setting this to true and providing empty string for My Oracle Support username will ignore the Oracle Configuration Manager configuration
      DECLINE_SECURITY_UPDATES=true
      
      #Set this to true if My Oracle Support Password is specified
      SECURITY_UPDATES_VIA_MYORACLESUPPORT=false
      
      #Provide the Proxy Host
      PROXY_HOST=
      
      #Provide the Proxy Port
      PROXY_PORT=
      
      #Provide the Proxy Username
      PROXY_USER=
      
      #Provide the Proxy Password
      PROXY_PWD=
      
      
      [SYSTEM]
      
      #Set true to configure Oracle HTTP Server, else skip Oracle HTTP Server configuration
      CONFIGURE_OHS=true
      
      #Set true to configure Oracle Web Cache, else skip Oracle Web Cache configuration
      CONFIGURE_WEBCACHE=false
      
      #The Oracle HTTP Server (OHS) component name (required only if CONFIGURE_OHS is set to true). OHS component name must begin with an alphabetic character, may only contain alphanumeric characters, or the underscore (_) or hyphen (-) characters and are 4 to 30 characters long.
      OHS_COMPONENT_NAME=ohs1
      
      #The Web Cache component name (required only if CONFIGURE_WEBCACHE is set to true). Web Cache component name must begin with an alphabetic character, may only contain alphanumeric characters, or the underscore (_) or hyphen (-) characters and are 4 to 30 characters long.
      WEBCACHE_COMPONENT_NAME=
      
      #Valid passwords are 5 to 30 characters long, must begin with an alphabetic character, use only alphanumeric, underscore (_), dollar ($) or pound (#) characters and include at least one number.
      WEBCACHE_ADMINISTRATOR_PASSWORD=
      
      #The confirmation password for Web Cache administrator.
      WEBCACHE_ADMINISTRATOR_PASSWORD_CONFIRM=
      
      
      [APPLICATIONS]
      
      
      [RELATIONSHIPS]
      
      #If set to true, the instance and components will be registered with an existing weblogic server
      ASSOCIATE_WEBTIER_WITH_DOMAIN=false
      
      #Provide an existing domain host name. Required only if ASSOCIATE_WEBTIER_WITH_DOMAIN is set to true
      DOMAIN_HOST_NAME=
      
      #Provide the existing domain port number. Required only if ASSOCIATE_WEBTIER_WITH_DOMAIN is set to true
      DOMAIN_PORT_NO=
      
      #Provide the domain user name. Required only if ASSOCIATE_WEBTIER_WITH_DOMAIN is set to true
      DOMAIN_USER_NAME=
      
      #The domain user password. Required only if ASSOCIATE_WEBTIER_WITH_DOMAIN is set to true
      DOMAIN_USER_PASSWORD=
      
    • Adapt the webtier_staticport.ini file
      #######################################################################################
      #This file is a template file for staticports.ini
      #This file must be edited to provide the ports which required to be set
      #Those ports which are not provided explicitly in this file will be assigned automatically
      #The ports should be specified as a single port
      #Keep in mind to uncomment the port no
      #######################################################################################
      
      ########################Begin section for OPMN Port No################################
      ######################################################################################
      
      [OPMN]
      
      #This port indicates the OPMN Local Port
      OPMN Local Port = 6700
      
      #This port indicates the OPMN Local Port
      OPMN Remote Port = 6701
      
      ########################Begin section for ohs component################################
      #This port nos will be considered only if OHS is selected for configuration
      #######################################################################################
      
      [OHS]
      
      #The http_main port for ohs component
      OHS Port = 8888
      
      #This port indicates the OHS Proxy Port
      OHS Proxy Port = 8889
      
      #This port indicates the OHS SSL Port
      OHS SSL Port = 4443
      
      ########################Begin section for Web Cache component################################
      #This port nos will be considered only if Web Cache is selected for configuration
      #######################################################################################
      
      [WEBCACHE]
      
      #The port indicates the Web Cache Listen Port
      #Web Cache Listen Port = 7777
      
      #The port indicates the Web Cache Admin Port
      #Web Cache Admin Port = 7778
      
      #The port indicates the Web Cache Statistics Port
      #Web Cache Statistics Port = 7779
      
      #The port indicates the Web Cache Invalidation Port
      #Web Cache Invalidation Port = 7780
      
      #The port indicates the Web Cache SSL Port
      #Web Cache SSL Port = 7781
      
    I
  • Installing the HTTP_Server software
    • patch6/Disk1/runInstaller -silent -responseFile /opt/install/oam/WebTierInstallAndConfigurePatch6.rsp
    • Result:
      Starting Oracle Universal Installer...
      Checking Temp space: must be greater than 400 MB.   Actual 2380 MB    Passed
      Checking swap space: must be greater than 500 MB.   Actual 16383 MB    Passed
      Preparing  to launch Oracle Universal Installer from  /tmp/OraInstall2013-02-28_10-04-05AM. Please wait ...[oam@oamhost  oam]$ Log:  /u01/app/oracle/product/oraInventory/logs/install2013-02-28_10-04-05AM.log
      Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
      Reading response file..
      Expected  result: One of  oracle-6,oracle-5.6,enterprise-5.4,enterprise-4,enterprise-5,redhat-5.4,redhat-4,redhat-5,SuSE-10,SuSE-11
      Actual Result: redhat-Red
      Check complete. The overall result of this check is: Failed <<<<
      Problem: This Oracle software is not certified on the current operating system.
      Recommendation: Make sure you are installing the software on the correct platform.
      Warning: Check:CertifiedVersions failed.
      Expected result: 1024MB
      Actual Result: 15948MB
      Check complete. The overall result of this check is: Passed
      TotalMemory Check: Success.
      Expected result: LD_ASSUME_KERNEL environment variable should not be set in the environment.
      Actual Result: Variable Not set.
      Check complete. The overall result of this check is: Passed
      Check Env Variable Check: Success.
      Verifying data......
      Copying Files...
      -----------20%----------40%----------60%----------80%--------100%
      [oam@oamhost oam]$ [CONFIG] Launching Config Actions....
      Started Configuration:Web Tier Configuration
      [CONFIG]:Create and Start AS Instance (instance1)
      [CONFIG] [Web Tier Configuration] [Create and Start AS Instance (instance1)]:Creating Oracle Instance directories...
      [CONFIG] [Web Tier Configuration] [Create and Start AS Instance (instance1)]:Recording OPMN ports reservations...
      [CONFIG] [Web Tier Configuration] [Create and Start AS Instance (instance1)]:Bootstrapping OPMN configuration files...
      [CONFIG] [Web Tier Configuration] [Create and Start AS Instance (instance1)]:Instantiating opmnctl for direct usage...
      [CONFIG] [Web Tier Configuration] [Create and Start AS Instance (instance1)]:Skipping instance registration
      [CONFIG] SUCCESS:Create and Start AS Instance (instance1)
      [CONFIG]:Create and Start OHS Component (ohs1)
      [CONFIG] [Web Tier Configuration] [Create and Start OHS Component (ohs1)]:Creating empty component directories...
      [CONFIG] [Web Tier Configuration] [Create and Start OHS Component (ohs1)]:Provisioning OHS files for ohs1
      [CONFIG]  [Web Tier Configuration] [Create and Start OHS Component  (ohs1)]:Copying OHS files from ORACLE_HOME to ORACLE_INSTANCE locations
      [CONFIG] [Web Tier Configuration] [Create and Start OHS Component (ohs1)]:Customizing httpd.conf
      [CONFIG] [Web Tier Configuration] [Create and Start OHS Component (ohs1)]:Adding component's process control to OPMN...
      [CONFIG] [Web Tier Configuration] [Create and Start OHS Component (ohs1)]:Skipping ohs1 component registration.
      [CONFIG] [Web Tier Configuration] [Create and Start OHS Component (ohs1)]:Invoking opmn reload...
      [CONFIG] SUCCESS:Create and Start OHS Component (ohs1)
      Configuration:Web Tier Configuration completed successfully
      The installation of Oracle AS Common Toplevel Component, Oracle WebTier and Utilities CD completed successfully.
      
  • Testing the installation: ok
  • Creating start/stop scripts in the /home/oam directory
Installing the WebGate component
  • unzipping software
    • cd /opt/install/oam
    • mkdir webgates
    • unzip AccessManagerWebGates_111200.zip -d webgates
    • cd webgates/Disk1/stage/Response
    • cp WebgateSampleResponse.rsp ../../../../Webgate.rsp
    • Adapt Webgate.rsp
      [ENGINE]
      
      #DO NOT CHANGE THIS.
      Response File Version=1.0.0.0.0
      
      [GENERIC]
      
      #Provide the Oracle Home location. The location has to be the immediate child under the specified Middleware Home location. The Oracle Home directory name may only contain alphanumeric , hyphen (-) , dot (.) and underscore (_) characters, and it must begin with an alphanumeric character. The total length has to be less than or equal to 128 characters.
      ORACLE_HOME=/u01/app/oam/product/webtier/WebGate
      
      #Provide existing Middleware Home location.
      MIDDLEWARE_HOME=/u01/app/oam/product/webtier
      
      #Provide Location of GCC Library.
      GCC_LIBRARY_LOCATION=/usr/lib
      
      [SYSTEM]
      
      
      [APPLICATIONS]
      
      
      [RELATIONSHIPS]
  • Installing the webgate
    • webgates/Disk1/runInstaller -silent -responseFile /opt/install/oam/Webgate.rsp -jreLoc /u01/app/oam/product/jdk1.6.0_39/jre
    • Result
      Starting Oracle Universal Installer...
      Checking if CPU speed is above 300 MHz.    Actual 2933 MHz    Passed
      Checking Temp space: must be greater than 150 MB.   Actual 2380 MB    Passed
      Checking swap space: must be greater than 512 MB.   Actual 16383 MB    Passed
      Preparing  to launch Oracle Universal Installer from  /tmp/OraInstall2013-02-28_10-45-08AM. Please wait ...[oam@oamhost  oam]$ Log:  /u01/app/oracle/product/oraInventory/logs/install2013-02-28_10-45-08AM.log
      Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
      Reading response file..
      Expected  result: One of  oracle-6,oracle-5.6,enterprise-5.4,enterprise-4,enterprise-5,redhat-6.1,redhat-6,redhat-5.4,redhat-4,redhat-5,SuSE-10,SuSE-11
      Actual Result: redhat-Red
      Check complete. The overall result of this check is: Failed <<<<
      Problem: This Oracle software is not certified on the current operating system.
      Recommendation: Make sure you are installing the software on the correct platform.
      Warning: Check:CertifiedVersions failed.
      Expected result: 1024MB
      Actual Result: 15948MB
      Check complete. The overall result of this check is: Passed
      TotalMemory Check: Success.
      Verifying data......
      Copying Files...
      -----------20%----------40%----------60%----------80%--------100%
      The installation of oracle.as.webgate.top completed successfully.
      
  • Performing post installation tasks
    • cd /u01/app/oam/product/webtier/WebGate/webgate/ohs/tools/deployWebGate/
    • ./deployWebGateInstance.sh -w /u01/app/oam/product/webtier/instances/instance1/config/OHS/ohs1 -oh /u01/app/oam/product/webtier/WebGate
      Copying files from WebGate Oracle Home to WebGate Instancedir
    • export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/u01/app/oam/product/webtier/OHS/lib:/u01/app/oam/product/webtier/WebGate/webgate/ohs/lib
    • pwd
      /u01/app/oam/product/webtier/WebGate/webgate/ohs/tools/deployWebGate
    • cd ../setup/InstallTools/
    • ./EditHttpConf -w /u01/app/oam/product/webtier/instances/instance1/config/OHS/ohs1 -oh /u01/app/oam/product/webtier/WebGate -o webgate.conf
      The web server configuration file was successfully updated
      /u01/app/oam/product/webtier/instances/instance1/config/OHS/ohs1/httpd.conf has been backed up as /u01/app/oam/product/webtier/instances/instance1/config/OHS/ohs1/httpd.conf.ORIG
  • Registering the new webgate agent
    • Setting up the rreg tool
      • cd /u01/app/oam/product/middleware_home/OAM/oam/server/rreg/client
      • gunzip RREG.tar.gz
      • tar -xvf RREG.tar
      • cd rreg/bin
      • vi oamreg.sh   => setting the java_home directly
    • Updating the /u01/app/oam/product/middleware_home/OAM/oam/server/rreg/client/rreg/input/OAM11gRequest.xml File
      
      
      
      
      
      
          http://oamhost.contribute.be:7001
          RREG_HostId11G
          TestWebTier_WebGateAgent
          http://oamhost.contribute.be:8888
          false
          RREG_OAM11G
          false
          100000
          1800
          3600
          1
          24
          1
          -1
          60
          false
          open
          1
          false
          false
          false
          false
          no-cache
          no-cache
          0
          
             10.11.11.11
             10.11.11.12
             10.11.11.13
          
          
              /logout1.html
              /logout2.html
          
          /oam_logout_success
          end_url
          
      	/**
          
          
              /public/index.html
          
          
              /excluded/index.html
          
          
          
              
                  TestName
                  testValue1
                  testValue2
                  testValue3
              
          	
                  MaxPostDataLength
                  750000
              
          	
                  maxSessionTimeUnits
                  hours
              
              
                  RetainDownstreamPostData
                  false
              
              
                  useIISBuiltinAuthentication
                  false
                  
              
                  URLInUTF8Format
                  true
              
              
                  inactiveReconfigPeriod
                  10
              
              
                  WaitForFailover
                  -1
              
              
                  proxySSLHeaderVar
                  IS_SSL
              
              
                  client_request_retry_attempts
                  1
              
              
                  ContentLengthFor401Response
                  0
               
              
                  SUN61HttpProtocolVersion
                  1.0
               
              
                  impersonationCredentials
                  cred
              
              
                  UseWebGateExtForPassthrough
                  false
               
              
                  syncOperationMode
                  false
              
              
                  filterOAMAuthnCookie
                  true
                                              
          
      
      
      
      
    • ./oamreg.sh inband /u01/app/oam/product/middleware_home/OAM/oam/server/rreg/client/rreg/input/OAM11GRequest.xml
    • Result:
      JAVA_HOME=/u01/app/oam/product/jdk1.6.0_39
      CLASSPATH=./../lib/rreg.jar:./../lib:./../lib/RequestResponse.jar:./../lib/commons-codec-1.3.jar:./../lib/commons-httpclient-3.1.jar:./../lib/commons-logging-1.1.1.jar:./../lib/ojmisc.jar:./../lib/jps-api.jar:./../lib/jps-internal.jar:./../lib/jps-common.jar:./../lib/identitystore.jar:./../lib/identityutils.jar:./../lib/ldapjclnt11.jar:./../lib/dms.jar:./../lib/fmw_audit.jar:./../lib/ojdl.jar:./../lib/oraclepki.jar:./../lib/osdt_cert.jar:./../lib/osdt_core.jar:./../lib/osdt_jce.jar:./../lib/osdt_saml.jar:./../lib/osdt_xmlsec.jar:./../lib/xmlparserv2.jar:./../lib/jps-unsupported-api.jar:./../lib/nap-api.jar:./../lib/utilities.jar:./../lib/jps-ee.jar:.
      OAM_REG_HOME=./..
      ------------------------------------------------
      Welcome to OAM Remote Registration Tool!
      Parameters passed to the registration tool are: 
      Mode: inband
      Filename: /u01/app/oam/product/middleware_home/OAM/oam/server/rreg/client/rreg/input/OAM11GRequest.xml
      Enter admin username:weblogic
      Username: weblogic
      Enter admin password:         
      Do you want to enter a Webgate password?(y/n):
      y
      Enter webgate password:         
      Enter webgate password again:         
      Password accepted. Proceeding to register..
      Feb 28, 2013 1:56:35 PM oracle.security.am.engines.rreg.client.handlers.request.OAM11GRequestHandler getWebgatePassword
      INFO: Passwords matched and accepted.
      
      ----------------------------------------
      Request summary:
      OAM11G Agent Name:TestWebTier_WebGateAgent
      Base URL:http://oamhost.contribute.be:8888
      URL String:RREG_HostId11G
      Registering in Mode:inband
      Your registration request is being sent to the Admin server at:http://oamhost.contribute.be:7001
      ----------------------------------------
      
      Feb 28, 2013 1:56:39 PM oracle.security.jps.util.JpsUtil disableAudit
      INFO: JpsUtil: isAuditDisabled set to true
      Inband registration process completed successfully! Output artifacts are created in the output folder.
      
    • Copying the result to the instance directory of the webgate
      • cd /u01/app/oam/product/middleware_home/OAM/oam/server/rreg/client/rreg/output/TestWebTier_WebGateAgent
      • cp * /u01/app/oam/product/webtier/instances/instance1/config/OHS/ohs1/webgate/config/.
    • Starting the oam_server1
    • Restarting the webtier

 

Configuring OBIEE to use OAM

Challenge

Configuring OBIEE to use OAM as an SSO-solution.

Context

OBIEE 11.1.1.6.0 running on WLS 10.3.5
OAM 11.1.2 running on WLS 10.3.6.0
Both solutions are running on different machines or at lease different images of a virtualization solution.

Solution

After setting up a common ldap provider, like explained in my previous blog, you are ready to connect OBIEE with your OAM environment.
Here are the steps we performed:

Configuring the HTTP_Server to redirect the url's

We are going to make use of the Oracle HTTP_Server to redirect the users to the OAM for authentication and authorization.
  • Installing an HTTP_Server with WebGate.  See this blog for more info.
  • Adapt the /u01/app/oam/product/webtier/instances/instance1/config/OHS/ohs1/mod_wl_ohs.conf to
    # NOTE : This is a template to configure mod_weblogic. 
    
    LoadModule weblogic_module   "${ORACLE_HOME}/ohs/modules/mod_wl_ohs.so"
    
    #  This empty block is needed to save mod_wl related configuration from EM  to this file when changes are made at the Base Virtual Host Level
    <IfModule weblogic_module>
          WebLogicHost oamhost.contribute.be
          WebLogicPort 7001
          Debug ON
          WLLogFile /tmp/weblogic.log
    #      MatchExpression *.jsp
    </IfModule>
    
    # <Location /weblogic>
    #      SetHandler weblogic-handler
    #      PathTrim /weblogic
    #      ErrorPage  http:/WEBLOGIC_HOME:WEBLOGIC_PORT/
    #  </Location>
    
     <Location /analytics>
        SetHandler weblogic-handler
        WebLogicHost obieehost.contribute.be
        WebLogicPort 9704
     </Location>
    
     <Location /mapviewer>
        SetHandler weblogic-handler
        WebLogicHost obieehost.contribute.be
        WebLogicPort 9704
     </Location>
    
     <Location /xmlpserver>
        SetHandler weblogic-handler
        WebLogicHost obieehost.contribute.be
        WebLogicPort 9704
     </Location>
    
  • Restart the HTTP_Server

Configure the OBIEE components to use SSO:

  • Adding a new identity asserter
    • Go to the WLS console : http://obieehost.contribute.be:7001/console
    • Login and go to Security Realms -> MyRealm -> Providers(tab)
    • Create a new provider with
      • Name: OAMProvider
      • Type: OAMIdentityAsserter
    • Edit the newly created provider and set the control flag to SUFFICIENT and make sure that Active Type is set to "OAM_REMOTE_USER"
    • Reorder the providers to the list : OVDAuthenticator - OAMProvider - DefaultAuthenticator - DefaultIdentityAsserter
    • Restart the entire BI-domain
  • Enabling SSO
    • Go to the EM : http://obieehost.contribute.be:7001/em
    • Go to the Business Intelligence (folder on the left) -> coreapplication -> Security (tab) -> Single Sign-On (tab)
    • Enable SSO and set Oracle Access Manager as SSO Provider

    • Restart all OBIEE components

    While using the url's of the HTTP_Server, you should be authenticated through OAM.

    Good luck.

    dinsdag 2 april 2013

    Configuring OBIEE to use OVD as authenticator

    Challenge

    Configuring OBIEE to use OVD as an authenticator, allowing user accounts coming from OVD to login into OBIEE.
    Most of the blogs you find are talking about integrating OID or AD.

    Context

    OBIEE 11.1.1.6.0 running on WLS 10.3.5
    OVD 11.1.1.6.0 running on WLS 10.3.6.0
    Both solutions are running on different machines or at lease different images of a virtualization solution.

    Solution

    Before starting with the technical implementation, we need to clarify something.
    There is no concept of multiple authenticators, the documentation is clearly speaking of "Using Alternative Authentication Providers".  This means that you have 2 choices :
    1. Use the default authenticator: this is the situation ootb.  This means that all users are coming from this default authenticator.  Also the BISystemUser and the OracleSystemUser are stored in this authenticator.  No other authenticators are in place.
    2. Use a different authenticator: being it an OID-authenticator, an AD-authenticator or OVD-authenticator or even a SQL-authenticator.  In this scenario, your new authenticator needs to be the prime one (first in the list of providers in the WLS console) and needs to have all the users and the BISystemUser.  The OracleSystemUser may still reside in the default authenticator.
    While the documentation seems to allow you the option to have both providing user information at the same time, be aware this isn't the case.  Bug 16568236 has been raised for this (this is a documentation bug!).

    Now that we have clarified that fact, we know that when we want to use another authentication provider that we need to go all the way, not just adding the provider to list.  The latter just works for any j2ee application, but not for OBIEE and I believe neither for WebCenter.

    Here are the steps to perform if you want to use OVD as an "Alternative" authentication provider:
    • Configure OVD as a new authenticator in the OBIEE WLS domain.  Clearly identify the attributes you want to use as unique identifier for your entity.  At the customer we used the sn for the readable name of the groups, while the cn has the unique identifier of the group.  OBIEE looks at the name of the group to know which group it is and not the unique identifier.  So make sure that you have the right configuration there.
    • Here is a part of the realm we used :
      <realm>
            <sec:authentication-provider xsi:type="wls:oracle-virtual-directory-authenticatorType">
              <sec:name>OVDAuthenticator</sec:name>
              <sec:control-flag>SUFFICIENT</sec:control-flag>
              <wls:host>ovd.contribute.be</wls:host>
              <wls:port>6501</wls:port>
              <wls:user-object-class>inetOrgPerson</wls:user-object-class>
              <wls:principal>cn=orclAdmin</wls:principal>
              <wls:user-base-dn>ou=users, dc=contribute, dc=be</wls:user-base-dn>
              <wls:group-base-dn>ou=groups, dc=contribute, dc=be</wls:group-base-dn>
              <wls:group-search-scope>onelevel</wls:group-search-scope>
              <wls:group-from-name-filter>(&amp;(sn=%g)(objectclass=groupofUniqueNames))</wls:group-from-name-filter>
              <wls:all-groups-filter>(&amp;(sn=*)(|(objectclass=groupofUniqueNames)(objectclass=groupofurls)))</wls:all-groups-filter>
              <wls:static-group-name-attribute>sn</wls:static-group-name-attribute>
              <wls:dynamic-group-name-attribute>sn</wls:dynamic-group-name-attribute>
              <wls:group-membership-searching>limited</wls:group-membership-searching>
            </sec:authentication-provider>
           
    • Remark: in the config.xml file you only see the attributes that do not correspond to the default value.  That's why not all attributes are mentioned in here. 
    • Restart the entire bi-domain
    • Make sure that you can see your users and the groups.  Also make sure that you can see the group information per user in the WLS-console.  It is normal that you can not change the information of the user, nor the group, nor the group-information of the user.  These are all read-only information.
    • To be able to use users from this authenticator, you need to put all others also on 'SUFFICIENT' and put this authenticator first.
    • Identify the BISystemUser. 
      This user is used for internal communication between the OBIEE components.  This user must reside in the Authenticator that is first in the list of WLS.  The name of this special user may be anything you want.
      • Identify a user in the new OVDAuthenticator.  This user doesn't need any role.  We call this user's username from now on 'bisystemuser'
      • Go to the WLS console
        • Go to Security Realms -> myrealm -> Users and Groups -> Users
          Verify that the bisystemuser appears in the list.
        • Now go to Roles and Policies -> Realm Roles -> Global Roles -> Roles.  Click on the 'View Role Conditions'-link of the Admin role.
        • Now add the bisystemuser as a condition to the list, by clicking on the 'Add Conditions' button. 
          In the following screen select 'User' as predicate list and click on 'Next'. Type 'bisystemuser' in the first field and click the 'Add' button.  Now click on 'Finish'.
          Now the bisystemuser should be added to the condition list.
        • Click on the 'Save'-button
        • Let's do the same thing for the jms module.
          In the WLS console, go to Services -> Messaging -> JMS Modules
        • Click on the BipJmsResource-link.  Go to the Security-tab and then the Policies tab.
        • Now, like with the global roles, add the bisystemuser to the condition list.
        • Make sure that there are no pending changes in the WLS console, otherwise activate them.
      • Perform the following actions in the FMW console
        • Under the WebLogic Domain folder, find the BI-Domain and select it.
        • From the drop down menu, select Security->Credentials
          Now we are going to define which user and his password to use, to communicate with OWSM.
          • Select the record 'system.user', under the 'oracle.bi.system'-folder and click on the 'Edit'-link.
          • Now enter the username and password from the bisystemuser.
        • Now we are going to put this user in the correct application roles.
          • Back on the drop down menu from the BI-domain, select Security->Application Roles
          • In the field 'Application Stripe', select 'obi' and then click on the search image.  Then select the BISystem application role and click on the 'Edit'-link.
          • Now click on the 'Add'-link to add the bisystemuser. 
        • The last step is to specify which attributes from OVD, OBIEE should use.
          • Back on the drop down menu from the BI-domain, select Security->Security Provider Configuration
          • Under the Security Stores, click on the +-sign for Identity Store Provider.  Then click on the Configure-button.
          • Use the Add-link to add the following properties:
            • user.login.attr = cn
            • username.attr = cn
            • virtualize = true
            • PROPERTY_ATTRIBUTE_MAPPING = GUID=sn
              Not sure this does actually anything, it is just that in our stable situation we had this configured.
          • Click on the 'Ok'-button.
      • Stop the entire BI-environment and restart it.
      • When the bi_server1 server is starting, pay attention to the end.  If you see an error, saying that something is wrong with the identity store or the connection to it, then you need to repeat the steps previously mentioned.
    • Move existing users to the new authenticator.
      At this point, you should be able to log-on with the users coming from your OVDAuthenticator.  The following steps are needed, when you already had some users logged-on to the OBIEE server before and you moved them to the OVDAuthenticator. The information for these users in the catalog need to be updated.  This can be done by the following steps:
      • Make a backup of the catalog
        • cd /opt/bi/install/middleware/instances/instance1/bifoundation/OracleBIPresentationServicesComponent/coreapplication_obips1/catalog
        • cp -r <catalog-name> /tmp/<catalog-name>_backup
          You may put the copy anywhere you want, as long as you do not put it under the catalog directory, because refreshing the GUID's will be called for all catalogs under this directory, so also your backup.
      • Make a backup of the repository file(s)
        • cd /opt/bi/install/middleware/instances/instance1/bifoundation/OracleBIServerComponent/coreapplication_obis1
        • cp -r repository /tmp/repository_backup
      • Refresh GUID's: since you moved the users to another authenticator, the users will have different GUID's (Global User ID's).  To sync the information from the catalog with the new users GUID, you need to perform the following steps.  Make sure all users exist in the new authenticator.
        Create a script with the following content
        #!/bin/bash
        export OPMNCTL_HOME=/opt/bi/install/middleware/instances/instance1/bin
        export NQSCONFIG_HOME=/opt/bi/install/middleware/instances/instance1/config/OracleBIServerComponent/coreapplication_obis1
        export   INSTANCECONFIG_HOME=/opt/bi/install/middleware/instances/instance1/config/OracleBIPresentationServicesComponent/coreapplication_obips1
        echo --- STOPPING PRESENTATION SERVICE ---
        $OPMNCTL_HOME/opmnctl stopproc ias-component=coreapplication_obips1
        sleep 1
        echo --- STOPPING BISERVER SERVICE ---
        $OPMNCTL_HOME/opmnctl stopproc ias-component=coreapplication_obis1
        sleep 1
        echo ---  SET FMW_UPDATE_ROLE_AND_USER_REF_GUIDS = YES IN NQSCONFIG ---
        perl  -pi -e 's/FMW_UPDATE_ROLE_AND_USER_REF_GUIDS =  NO/FMW_UPDATE_ROLE_AND_USER_REF_GUIDS = YES/g'  /opt/bi/install/middleware/instances/instance1/config/OracleBIServerComponent/coreapplication_obis1/NQSConfig.INI
        echo ---  SET UpdateAndExit IN instanceconfig ---
        perl  -pi -e  's/UpdateAccountGUIDs>none/UpdateAccountGUIDs>UpdateAndExit/g'  /opt/bi/install/middleware/instances/instance1/config/OracleBIPresentationServicesComponent/coreapplication_obips1/instanceconfig.xml
        echo --- STARTING BISERVER SERVICE ---
        $OPMNCTL_HOME/opmnctl startproc ias-component=coreapplication_obis1
        sleep 5
        echo --- STARTING PRESENTATION SERVICE ---
        $OPMNCTL_HOME/opmnctl startproc ias-component=coreapplication_obips1
        sleep 1
        echo ---  SET FMW_UPDATE_ROLE_AND_USER_REF_GUIDS = NO IN NQSCONFIG ---
        perl  -pi -e 's/FMW_UPDATE_ROLE_AND_USER_REF_GUIDS =  YES/FMW_UPDATE_ROLE_AND_USER_REF_GUIDS = NO/g'  /opt/bi/install/middleware/instances/instance1/config/OracleBIServerComponent/coreapplication_obis1/NQSConfig.INI
        echo ---  SET none IN instanceconfig ---
        perl  -pi -e  's/UpdateAccountGUIDs>UpdateAndExit/UpdateAccountGUIDs>none/g'  /opt/bi/install/middleware/instances/instance1/config/OracleBIPresentationServicesComponent/coreapplication_obips1/instanceconfig.xml
        echo --- stopping all services ---
        $OPMNCTL_HOME/opmnctl stopall
        sleep 10
        echo --- starting all services ---
        $OPMNCTL_HOME/opmnctl startall
        
      • Run the script
      • Restart the entire bi-domain
    • Clean up existing users from the DefaultAuthenticator
      • When you moved your users to the OVDAuthenticator and checked that everything is still working, you can then remove the users from the DefaultAuthenticator.
      • Try this out with a couple of users, before performing the big clean-up
      • Leave the BISystemUser and the OracleSystemUser in place
      • If your users also have weblogic roles, you need to add them to the OVDAuthenticator also.  Just ad a role for a user by his name, for example : adding the "Administrators" role to a user.
      • There is also an option to completely remove the DefaultAuthenticator.  We didn't perform this action.

    Lessons learned

    • If you do not want to move the BISystemUser, then
      • the DefaultAuthenticator and the DefaultIdentityAsserter should be the first in the list
      • All providers should be set on SUFFICIENT
      • Your ProviderAuthenticator should be put last
      • It only works when the users are also in the DefaultAuthenticator
        • They don't have to have roles in this authenticator, this can be left in your custom authenticator
        • The password is also the one from your authenticator
        • They just need an entry in the DefaultAuthenticator
      • Conclusion: if you do not want to use provisioning, then this is an unworkable scenario
    • If you do move the BISystemUser, then
      • your authentication provider should be put first
      • all providers should be on SUFFICIENT
      • all users need to exists in your provider, also the system ones, so BISystemUser
      • No need to have the users in the DefaultAuthenticator
      • You need to move the BISystemUser => you need to refresh the GUID's => take care of the catalog and rpd information => backup !!
      • Before refreshing GUID's, make sure all users exist in the new authenticator


      

    Stopping all WLS-servers with force=true

    Challenge

    You want to stop your weblogic-servers with the option force='true'.  This would drastically reduce the time to stop a WLS-server.

    Solution

    You could change your scripts and add the parameter, but perhaps you don't have control on those scripts.
    There is a place where you can add this option, so it will always be taken into account.
    In the stopWebLogic.sh-file, located in the bin-directory of your domain (typically user_projects/domains/<domain_name>/bin), replace the following line
    echo "shutdown('${SERVER_NAME}','Server', ignoreSessions='true')" >>"shutdown.py"
    
    by
    echo "shutdown('${SERVER_NAME}','Server', force='true', ignoreSessions='true')" >>"shutdown.py"
    

    Perl Exception

    Challenge

    When running perl-scripts, like the oracle opmn command, you receive the following error:
    perl: warning: Setting locale failed.
    perl: warning: Please check that your locale settings:
        LANGUAGE = (unset),
        LC_ALL = (unset),
        LC_CTYPE = "UTF-8",
        LANG = "en_US.UTF-8"
        are supported and installed on your system.
    perl: warning: Falling back to the standard locale ("C").
    

    Solution

    Add the following lines to your script or your profile (like .bash_profile):
    export LC_CTYPE=en_US.UTF-8
    export LC_ALL=en_US.UTF-8