Create Weblogic Domain Silently

In this post, I will talk about silently creating a weblogic domain after the weblogic install.
You will need existing wlst.sh and the python script to do so.

/u01/Oracle/Middleware/Oracle_IDM1/common/bin/wlst.sh /u01/tmp/create_domain.py > /u01/logs/create_domain.log

---------------------------------SAMPLE--CREATE-DOMAIN-SCRIPT--------------------------

#!/usr/bin/python

import os, sys
# Replace MW_HOME with Middleware Home Path
readTemplate(r'/u01/oracle/Middleware/wlserver_10.3/common/templates/domains/wls.jar')
cd(r'/Security/base_domain/User/weblogic')
# Enter Password for Weblogic Admin User
cmo.setPassword('password')
cd(r'/Server/AdminServer')
cmo.setName('AdminServer')
# Enter Weblogic Listen Port No.
cmo.setListenPort(14000)
# Enter HostName
cmo.setListenAddress('localhost')
create('AdminServer','SSL')
cd('SSL/AdminServer')
cmo.setEnabled(true)
# Enter Weblogic SSL Listen Port No.
cmo.setListenPort(14001)
cmo.setHostnameVerificationIgnored(true)
cmo.setHostnameVerifier(None)
cmo.setTwoWaySSLEnabled(false)
cd('/')
cmo.setProductionModeEnabled(true)
# Enter the DOMAIN_HOME PATH
writeDomain(r'/u01/oracle/Middleware/user_projects/IAMDomain')
closeTemplate()
exit()


---------------------------------SAMPLE--CREATE-DOMAIN-SCRIPT--------------------------

Weblogic 10.3.6 Silent Install

In this post, I will talk about weblogic silent install using a response file and console mode.

By default if UI is not available then weblogic installer will switch to command line mode and you can provide the inputs interactively else you can provide the reponse file as below for completely silent install.

java -jar wls_generic10.3.6.jar -Djava.io.tmpDir=/path/to/custom/tmp/dir -mode=silent -silent_xml=path_to_silent.xml

-------------------------------SILENT.XML--------------------------------------------------------

<bea-installer>

<input-fields>

<data-value name="BEAHOME" value="/u01/Oracle/Middleware"/>

<data-value name="USER_INSTALL_DIR" value="/u01/Oracle/Middleware/wlserver_10.3"/>

<data-value name="WLS_INSTALL_DIR" value="/u01/Oracle/Middleware/wlserver_10.3"/>

<data-value name="COMPONENT_PATHS" value="WebLogic Server|Oracle Coherence"/>

<data-value name="JAVA_HOME" value="/u01/Oracle/jdk1.6_45"/>

<data-value name="WLS_JAVA_HOME" value="/u01/Oracle/jdk1.6_45"/>

</input-fields>

</bea-installer>

-------------------------------SILENT.XML--------------------------------------------------------

OIM Exchange Connector

In this post, I will briefly talk about the OIM's Exchange Connector which is certified with 2007 and 2010 versions, required components and process flow.

Well the process flows is something like below.

1. Exchange Adapters invokes the Exchange Connector Bundle.
2. Connector Bundle is installed on a .NET Connector Bundle. So you will have to install a connector bundle on a windows box which is joined to AD Exchange Domain.
3. Exchange Connector bundle via Remote Shell invokes the Windows Power Shell 2.0 which is again on the Connector Server.
4. Power Shell invokes Windows Remote Management (WinRM) 2.0.
5. WinRM executes provisioning powershell cmdlets.
6. This finally invokes MS exchange server for create and other operations.

From the above, the required components are :-

• .NET Connector Server
• PowerShell 2.0
• WinRM 2.0
• 
  

IAM - Custom Connector Development Questions

In this post, I will be listing a few questions that will be help in designing, building and estimating a custom connector for an IAM solution.

These questions are quite generic and can be used in a variety of situations

1. Provisioning/Reconciliation/or Both: Generally provisioning is assumed by default as that is the whole point of connector development but we should keep the reconciliation estimate also in mind if that is required. If both are required then estimates obviously go higher and with much longer development cycle.
2. Is Authoritative Source (Yes/No) ? : If the end system is an authoritative source of data for user,role or organization information then a slightly different design is required for connector development with more checks and balances in place.
3. Provisioning Functions (CRUD) ? Which all provisioning functions should be considered for connector development. It is most likely all but in some situations delete or update of all attributes are not required so that will save some time and effort for a tailored solution.
4. Reconciliation Features (Agent less or Agent based) ? Most connector should work without actually installing anything on end systems (i.e. Agent less) there by reducing time, effort and complexity involved but in situations where an Agent based connector is required , two components are developed, one on end system and one on IAM system. This requires more testing and fault tolerance.
5. Is Password or any other secure attribute part of connector development ?
6. What will be connectivity channel requirement for the connector like SSL/TLS or any other protocol ?
7. What type of User Accounts this connector should support  (Regular Users/ Service Accounts/ Any Other  ) ?
8. How many number of Attributes that this connector should support ?  This can greatly affect the time and effort as this more attributes require some generic design which can make the connector more flexible but with initial effort early on.
9. Group/Role/Entitlement/Org or any other Entity management part of the connector solution.
10. Any other additional capabilities that this connector should support ?

IAM - Application Integration Questionnaire

In this post, I have come up with a list of questions that can be asked to integrate any standard or custom third party applications with the IdM product.
This questions will be specially helpful if the number of Apps are large enough.

1.       App Name

2.       App Description

3.       No. of Users

4.       Types of Users

5.       Type of App (online/thick client/legacy/cloud/any other) : Please mention

6.       No. of App Instances

7.       Type of Connectivity available (JDBC/Web Service/Directory/Messaging system/File system/any other)

8.       Database used by the App (Proprietary/Standard)

9.       Mention database name if known

10.   Is it Authoritative source of data for Users/Role/Org or any other entity?

11.   Does this App depend on any other App?

12.   If yes, mention the other App Name

13.   Network zone this app resides in (public/subnet/intranet/firewalled/limited etc.)

14.   Any web services exposed by this App.

15.   Is SSO a requirement for App ?

16.   Is provisioning a requirement for this App ?

17.   Is reconciliation a requirement for this App ?

18.   Is password sync a requirement for this App ?

19.   Does this App require any special treatment from performance, security or high availability perspective?

20.   What does this App store? Put a tick (Users/Groups/Roles/Entitlement/Org Structure)