OIM 11G R2 Server Performance Tuning

In this post, I will list some of the server tuning parameter that can be used to tune oim managed server.

JVM Memory

For Hotspot JVM

Min Heap Size(Xms) = 4GB, Max Heap Size(Xmx) = 8GB, PermSize(-X:PermSize) = 500m and PermGen size (-XX:MaxPermSize) = 1 GB.

For JRockit JVM

Min Heap Size(Xms) = 4GB, Max Heap Size(Xmx) = 8GB, PermSize(-X:PermSize) = N/A and PermGen size (-XX:MaxPermSize) = N/A


To change the JVM memory setting:
1. If your OIM version is 11.1.2.1.0 or above, use DOMAIN_HOME/bin/setOIMDomainEnv.sh
(Unix) or setOIMDomainEnv.cmd (Windows). If not, continue to use
DOMAIN_HOME/bin/setDomainEnv.sh (Unix) or setDomainEnv.cmd (Windows) to
change the heap size settings.
2. Change the value of DEFAULT_MEM_ARGS and PORT_MEM_ARGS from the default value and
save.
3. Restart OIM Server

OIM 11G R2 PS2 (11.1.2.2.X) Submit Buttion Action Listener Sample Code

In this post , I will be sharing some sample code related to submit action listener that gets invoked every time you hit the submit button on the request page.

---------------------------------------------------------------------------------------------------------------------

package deepak.dubey.com; import java.text.SimpleDateFormat; import java.util.Date; import javax.el.MethodExpression; import javax.faces.application.FacesMessage; import javax.faces.component.UIComponent; import javax.faces.context.FacesContext; import javax.faces.event.ActionEvent; public class CustomReqBean {     public CustomReqBean() {         super();     }               private UIComponent startDateID;     private UIComponent endDateID;           public void setStartDateID(UIComponent startDateID) {         this.startDateID = startDateID;     }           public UIComponent getStartDateID() {         return startDateID;     }           public void setEndDateID(UIComponent endDateID) {         this.endDateID = endDateID;     }           public UIComponent getEndDateID() {         return endDateID;     }          private static final String START_DATE_END_DATE_VALIDATION_MSG = "Start Date - End Date interval cannot exceed 180 days for Contractors.";         private static final String START_DATE_AFTER_END_DATE_VALIDATION_MSG = "Start Date cannot be before Today's Date.";               private static final String USER_TYPE_ATTRIBUTE = "usr_emp_type__c";         private static final String START_DATE_ATTRIBUTE = "usr_start_date__c";         private static final String END_DATE_ATTRIBUTE = "usr_end_date__c";     private static final String STATUS_ATTRIBUTE = "usr_status";                                public void submitButtonActionListener(ActionEvent e){         int integer = 0;         try{             String cs3 = FacesUtils.getValueFromELExpression("#{backingBeanScope.catReqBean.cartItemSize}", String.class);             integer = Integer.parseInt(cs3);                      }catch(Exception e1){             e1.printStackTrace();         }                  String edateStr = "";         try{             edateStr = FacesUtils.getValueFromELExpression("#{bindings.executionDate}", String.class);                      }catch(Exception e2){             e2.printStackTrace();         }                  Date d = new Date();         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");         String todaysString = sdf.format(d);         if(integer > 1){             FacesMessage fm = new FacesMessage();             fm.setSeverity(FacesMessage.SEVERITY_ERROR);             fm.setSummary("More than 1 role");             FacesUtils.showFacesMessage(fm);         }else if(!(edateStr.equalsIgnoreCase(todaysString))){             FacesMessage fm = new FacesMessage();             fm.setSeverity(FacesMessage.SEVERITY_ERROR);             fm.setSummary("Effective Date == today date");             FacesUtils.showFacesMessage(fm);         }else{             MethodExpression originalActionListener = FacesUtils.getMethodExpressionFromEL("#{backingBeanScope.cartReqBean.submitActionListener",                                                                                             null,new Class[]{ActionEvent.class});             originalActionListener.invoke(FacesUtils.getELContext(), new Object[]{e});         }                  }         public void validator(FacesContext facesContext, UIComponent uiComponent, Object object) {             if (uiComponent.equals(startDateID)) {                 // get value of End Date through binding                 oracle.jbo.domain.Date jboEndDate = FacesUtils.getAttributeBindingValue(END_DATE_ATTRIBUTE, oracle.jbo.domain.Date.class);                 // only validate if both Start Date and End Date are set                 if (jboEndDate != null) {                     // value of Start Date is passed to validator                     Date startDate = ((oracle.jbo.domain.Date)object).getValue();                     Date endDate = jboEndDate.getValue();                     validateStartDateEndDate(facesContext, uiComponent, startDate, endDate);                 }             }               //            else if (uiComponent.equals(endDateID)) { //                // get value of Start Date through binding //                oracle.jbo.domain.Date jboStartDate = FacesUtils.getAttributeBindingValue(START_DATE_ATTRIBUTE, oracle.jbo.domain.Date.class); //                // only validate if both Start Date and End Date are set //                if (jboStartDate != null) { //                    Date startDate = jboStartDate.getValue(); //                    // value of End Date is passed to validator //                    Date endDate = ((oracle.jbo.domain.Date)object).getValue(); //                    validateStartDateEndDate(facesContext, uiComponent, startDate, endDate); //                } //            }         }               private void validateStartDateEndDate(FacesContext facesContext, UIComponent uiComponent, Date startDate, Date endDate) {             Date startDatePlus180Days = new Date(startDate.getTime() + 180L * 24 * 60 * 60 * 1000);             java.util.Date todaysDate = new Date();                          if (!("Active".equalsIgnoreCase(FacesUtils.getListBindingValue(STATUS_ATTRIBUTE, String.class)))){                 if(startDate.before(todaysDate)){                     facesContext.addMessage(uiComponent.getClientId(facesContext),                                             new FacesMessage(FacesMessage.SEVERITY_ERROR, START_DATE_AFTER_END_DATE_VALIDATION_MSG, null));                                                                                }             }else if("Active".equalsIgnoreCase(FacesUtils.getListBindingValue(STATUS_ATTRIBUTE, String.class))){                 facesContext.addMessage(uiComponent.getClientId(facesContext),                                         new FacesMessage(FacesMessage.SEVERITY_ERROR, "Start Date cannot be modified for Active Users", null));             }else  {                 // re-render -- in case there was an error message in queue for any of the two components it will be released                 FacesUtils.partialRender(startDateID);                 FacesUtils.partialRender(endDateID);             }                               //            if (startDate.after(endDate)) { //                // queue error message for the component which is being validated (either Start Date or End Date) //                facesContext.addMessage(uiComponent.getClientId(facesContext), //                                        new FacesMessage(FacesMessage.SEVERITY_ERROR, START_DATE_AFTER_END_DATE_VALIDATION_MSG, null)); //            } else if (isContractorUserTypeSelected() && startDatePlus180Days.before(endDate)) { //                // queue error message for the component which is being validated (either Start Date or End Date) //                facesContext.addMessage(uiComponent.getClientId(facesContext), //                                        new FacesMessage(FacesMessage.SEVERITY_ERROR, START_DATE_END_DATE_VALIDATION_MSG, null)); //            } else { //                // re-render -- in case there was an error message in queue for any of the two components it will be released //                FacesUtils.partialRender(startDateID); //                FacesUtils.partialRender(endDateID); //            }         }               public boolean isContractorUserTypeSelected() {             // return true if value of "usr_emp_type__c" binding attribute equals to "Contractor"             // "usr_emp_type__c" binding attribute is used to display value of User Type in the User Type drop-down             return "Contractor".equals(FacesUtils.getListBindingValue(USER_TYPE_ATTRIBUTE, String.class));         } } Code Formatted by ToGoTutor

OIM and OIA SSL Setup and keytool and orapki commands

keytool -importcert -alias youranyaliasname -trustcacerts -file /tmp/deepak/dubey/filename.pem -keystore /tmp/deepak/dubey/mycustomkeystore.jks

on oim admin console
hostname verification to none

update xlconfig.xml to t3s and ssl port

copy 3 jar files
webservices+ssl.jar
jcryptoj.jar

change the keystores in OIA weblogic from the demo keystores to OIM's custom keystores

OHS to OIM mod_wl_ohs.conf

<Location /identity>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicHost deepak.dubey.com
WebLogicPort 14001
Debug ALL
SecureProxy ON
WlSSLWallet "/tmp/deepak/dubey/wallets/ohs_proxy_ssl_wallet"
WLIOTimeoutSecs 600
Idempotent OFF
WLSRequest ON
WLProxySSL ON
WLProxySSLPassThrough ON
</Location>


change ssl.conf

SSLWallet "/tmp/deepak/dubey/wallets/ohswallet"

./orapki wallet create -wallet /tmp/deepak/dubey/wallets/ohswallet -auto_login_only

./orapki wallet add -wallet /tmp/deepak/dubey/wallets/ohswallet -dn CN=hostname -keysize 2048 -self_signed -validity 3650 -auto_login_only

./orapki wallet create -wallet /tmp/deepak/dubey/wallets/ohs_proxy_ssl_wallet -auto_login_only

./orapki wallet add -wallet /tmp/deepak/dubey/wallets/ohs_proxy_ssl_wallet -trusted_cert -cert RootCA.txt -auto_login_only

./orapki wallet add -wallet /tmp/deepak/dubey/wallets/ohs_proxy_ssl_wallet -trusted_cert -cert HostNameSelfSigned.txt -auto_login_only


keytool -importcert -alias OHS -file OIM-Server.cert -keystore /tmp/deepak/dubey/config/keystores/appTrustKeyStore-hostname.jks

keytool -export -alias myAliasName -file /tmp/deepak/dubey/myAliasName.txt -keystore /tmp/deepak/dubey/config/KeyStores/appIdentityKeyStore.jks -rfc


keytool -export -alias RootCA -file /tmp/deepak/dubey/RootCA.txt -keystore /tmp/deepak/dubey/config/KeyStores/appTrustKeyStore-hostname.jks -rfc

OIM OIA 11G R2 PS2 Integration Issue

If you have integrated OIM and OIA and they are in the different domain then you will encounter the issue while running the import jobs.

We need to establish trust between the 2 domains as below .

Navigate to Home > Domain > Security, and check Cross Domain Security is Enabled.


Click Advanced, enter the desired password in the Credential and Confirm Credential fields, and click Save.


Repeat this configuration change for both domains using the same password value.


Restart both Oracle WebLogic Servers.

OIA Web Application Deploy Issue

In this post I will talk about the peculiar issue that you will encounter if you deploy the OIA war file on the weblogic server and there is a failure in deployment of the war file.


To fix this issue, you have to enable "Archived Real Path Enabled" Setting on the weblogic domain.

Restart the Weblogic Admin and managed servers.

Sample OIM Nested Query

select RBE_REQUEST_KEY from REQUEST_BENEFICIARY_ENTITIES where ( RBE_ENTITY_NAME = 'My_Role_Name' AND RBE_OPERATION = 'ASSIGNROLES' AND RBE_REQUEST_KEY IN ( select REQUEST_KEY from REQUEST where ( REQUEST_STATUS = 'Obtaining Operation Approval' AND REQUEST_MODEL_NAME = 'Assign Roles' AND REQUESTER_KEY = '1368' )))

FaceUtils Sample Class

In this post, I will be sharing some sample code related to FaceUtils class




import java.io.IOException;
 
import java.util.Map;
import java.util.ResourceBundle;
 
import javax.el.ELContext;
import javax.el.ExpressionFactory;
import javax.el.MethodExpression;
import javax.el.ValueExpression;
 
import javax.faces.application.Application;
import javax.faces.application.FacesMessage;
import javax.faces.component.UIComponent;
import javax.faces.context.FacesContext;

//import oracle.adf.controller.internal.util.TaskFlowUtils;
import oracle.adf.model.BindingContext;
import oracle.adf.model.binding.DCBindingContainer;
import oracle.adf.model.binding.DCBindingContainerChangeAdapter;
import oracle.adf.model.binding.DCControlBinding;
import oracle.adf.view.rich.context.AdfFacesContext;
 
import oracle.binding.AttributeBinding;
import oracle.binding.ControlBinding;
 
import oracle.iam.ui.platform.utils.TaskFlowUtils;
 
import oracle.jbo.uicli.binding.JUCtrlActionBinding;
import oracle.jbo.uicli.binding.JUCtrlListBinding;
import oracle.jbo.uicli.binding.JUEventBinding;
import oracle.jbo.uicli.binding.JUEventBindingDef;


public class FacesUtils {
 
    public FacesUtils() {
        // do not instantiate
        throw new AssertionError();
    }
 
    /*
     * Re-render the component.
     */
    public static void partialRender(UIComponent component) {
        if (component != null) {
            AdfFacesContext.getCurrentInstance().addPartialTarget(component);
        }
    }
 
    /*
     * Sets attribute value through attribute binding.
     */
    public static void setAttributeBindingValue(String attributeName,
                                                Object value) {
        AttributeBinding binding = getAttributeBinding(attributeName);
        if (binding != null) {
            binding.setInputValue(value);
        } else {
            throw new IllegalArgumentException("Binding " + attributeName +
                                               " does not exist.");
        }
    }
 
    /*
     * Gets attribute value using attribute binding.
     */
    public static <T> T getAttributeBindingValue(String attributeName,
                                                 Class<T> clazz) {
        AttributeBinding binding = getAttributeBinding(attributeName);
        if (binding != null) {
            return (T)binding.getInputValue();
        } else {
            throw new IllegalArgumentException("Binding " + attributeName +
                                               " does not exist.");
        }
    }
 
    /*
     * Gets attribute value using list binding.
     */
    public static <T> T getListBindingValue(String attributeName,
                                            Class<T> clazz) {
        ControlBinding ctrlBinding = getControlBinding(attributeName);
        if (ctrlBinding instanceof JUCtrlListBinding) {
            JUCtrlListBinding listBinding = (JUCtrlListBinding)ctrlBinding;
            return (T)listBinding.getAttributeValue();
        } else {
            throw new IllegalArgumentException("Binding " + attributeName +
                                               " is not list binding.");
        }
    }
 
    public static ControlBinding getControlBinding(String name) {
        ControlBinding crtlBinding = getBindings().getControlBinding(name);
        if (crtlBinding == null) {
            throw new IllegalArgumentException("Control Binding '" + name +
                                               "' not found");
        }
        return crtlBinding;
    }
 
    public static AttributeBinding getAttributeBinding(String name) {
        ControlBinding ctrlBinding = getControlBinding(name);
        AttributeBinding attributeBinding = null;
        if (ctrlBinding != null) {
            if (ctrlBinding instanceof AttributeBinding) {
                attributeBinding = (AttributeBinding)ctrlBinding;
            }
        }
        return attributeBinding;
    }
 
    public static DCBindingContainer getBindings() {
        FacesContext fc = FacesContext.getCurrentInstance();
        ExpressionFactory exprfactory =
            fc.getApplication().getExpressionFactory();
        ELContext elctx = fc.getELContext();
 
        ValueExpression valueExpression =
            exprfactory.createValueExpression(elctx, "#{bindings}",
                                              Object.class);
 
        DCBindingContainer dcbinding =
            (DCBindingContainer)valueExpression.getValue(elctx);
 
        return dcbinding;
    }
 
    /*
     * Evaluates EL expression and returns value.
     */
    public static <T> T getValueFromELExpression(String expression,
                                                 Class<T> clazz) {
        FacesContext facesContext = FacesContext.getCurrentInstance();
        Application app = facesContext.getApplication();
        ExpressionFactory elFactory = app.getExpressionFactory();
        ELContext elContext = facesContext.getELContext();
        ValueExpression valueExp =
            elFactory.createValueExpression(elContext, expression, clazz);
        return (T)valueExp.getValue(elContext);
    }
 
    /*
     * Gets MethodExpression based on the EL expression. MethodExpression can then be used to invoke the method.
     */
    public static MethodExpression getMethodExpressionFromEL(String expression,
                                                             Class<?> returnType,
                                                             Class[] paramTypes) {
        FacesContext facesContext = FacesContext.getCurrentInstance();
        Application app = facesContext.getApplication();
        ExpressionFactory elFactory = app.getExpressionFactory();
        ELContext elContext = facesContext.getELContext();
        MethodExpression methodExp =
            elFactory.createMethodExpression(elContext, expression, returnType,
                                             paramTypes);
        return methodExp;
    }
 
    public static ELContext getELContext() {
        return FacesContext.getCurrentInstance().getELContext();
    }
 
    /*
     * Shows FacesMessage. The message will not be bound to any component.
     */
    public static void showFacesMessage(FacesMessage fm) {
        FacesContext.getCurrentInstance().addMessage(null, fm);
    }
 
    /*
     * Launch bounded taskFlow based on provided parameters.
     */
    public  void launchTaskFlow(String id, String taskFlowId,
                                      String name, String icon,
                                      String description, String helpTopicId,
                                      boolean inDialog,
                                      Map<String, Object> params) {
        // create JSON payload for the contextual event
        String jsonPayLoad =
            TaskFlowUtils.createContextualEventPayLoad(id, taskFlowId,
                                                       name, icon, description,
                                                       helpTopicId, inDialog,
                                                       params);
        
        // create and enqueue contextual event
        DCBindingContainer bc =
            (DCBindingContainer)BindingContext.getCurrent().getCurrentBindingsEntry();
        DCControlBinding ctrlBinding = bc.findCtrlBinding(TaskFlowUtils.RAISE_TASK_FLOW_LAUNCH_EVENT);        
        // support both bindings - using eventBinding as well as methodAction
        if (ctrlBinding instanceof JUEventBinding) {
            JUEventBinding eventProducer = (JUEventBinding) ctrlBinding;
            bc.getEventDispatcher().queueEvent(eventProducer, jsonPayLoad);
        } else if (ctrlBinding instanceof JUCtrlActionBinding) {
            JUCtrlActionBinding actionBinding = (JUCtrlActionBinding) ctrlBinding;
            bc.getEventDispatcher().queueEvent(actionBinding.getEventProducer(), jsonPayLoad);
        } else {
            throw new IllegalArgumentException("Incorrect binding for " + TaskFlowUtils.RAISE_TASK_FLOW_LAUNCH_EVENT);
        }
        bc.getEventDispatcher().processContextualEvents();
    }
 
    /*
     * Redirect to a provided url.
     */
    public static void redirect(String url) {
        try {
            FacesContext fctx = FacesContext.getCurrentInstance();
            fctx.getExternalContext().redirect(url);
            fctx.responseComplete();
        } catch (IOException ex) {
            throw new RuntimeException(ex);
        }
    }
    
//    
//    public void launchTaskFlow(String id,String taskFlowId, String name , String icon, String description, String helpTopicId, boolean inDialog, Map<String, Object > params){
//        String jsonPayLoad = TaskFlowUtils.createContextualEventPayLoad(id, null, taskFlowId, name, icon, description, helpTopicId, inDialog, params);
//    DCBindingContainer bc = (DCBindingContainer) BindingContext.getCurrent().getCurrentBindingsEntry();
//    DCControlBinding ctrlBinding = bc.findCtrlBinding(TaskFlowUtils.RAISE_TASK_FLOW_LAUNCH_EVENT);
//    if(ctrlBinding instanceof JUEventBinding){
//        JUEventBinding eventProducer = (JUEventBinding) ctrlBinding;
//        bc.getEventDispatcher().queueEvent(eventProducer, jsonPayLoad);
//    }else if (ctrlBinding instanceof JUCtrlActionBinding){
//        JUCtrlActionBinding actionBinding = (JUCtrlActionBinding) ctrlBinding;
//        bc.getEventDispatcher().queueEvent(actionBinding.getEventProducer(), jsonPayLoad);
//    }else{
//        throw new IllegalArgumentException ("Incorrect binding for "+TaskFlowUtils.RAISE_TASK_FLOW_LAUNCH_EVENT);
//    }
//    bc.getEventDispatcher().processContextualEvents();
//    
//    }
}

OIM and Java Connector Server SSL Establishment

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048


keytool -export -alias selfsigned -file selfsigned.cer -keystore keystore.jks


Once keystore is created and certficate file is exported

Re-register the Java Connector service with 

ConnectorServer.exe /uninstall

ConnectorServer.exe /install -Djavax.use.ssl=true -Djavax.ssl.keystore=keystore.jks

Restart the Java Connector Server.

Copy the selfsigned.cer and import the certificate to cacerts, demo-trust and hostname-truststore.jks (oim)



keytool -import -trustcacerts -alias selfsigned -file selfsigned.cer -keystore cacerts