Wednesday, December 19, 2018

What is Privileged Access Management?

A privileged user/account is a user/account who holds the "key to the kingdom" i.e. the user/account has administrative access to the systems. They can carry out system wide configuration changes, lock/unlock other users, define and enforce system policies, install software, apply patches, access sensitive information etc. For instance, the individual who can set up and delete email accounts on a Microsoft Exchange Server is a privileged user.

“Privileged Account Management(PAM)” or “Privileged Session Management(PSM)” are generally interchangeable.

As is clear from the description of a privileged account, this access needs to be controlled, monitored and audited. Most cyber attacks target these privilege accounts to gain access to resources in any organization. PAM keeps your organization safe from accidental or deliberate misuse of privileged access. Most organizations have 3 times as many privileged users as employees.

PAM allows you the following high level capabilities:

  • Grant privileges to users only for systems on which they are authorized.
  • Grant access only when it’s needed and revoke access when the need expires.
  • Avoid the need for privileged users to have or need local/direct system passwords.
  • Centrally and quickly manage access over a disparate set of heterogeneous systems.
  • Create an unalterable audit trail for any privileged operation.

Thursday, December 13, 2018

What is Access control

Access control is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.

Monday, August 27, 2018

Deploy Single HTML in Apache tomcat server


  1. Create a folder in webapps folder e.g. 'CustomApp'
  2. Put your html in this folder e.g. first.html
  3. Start tomcat and point your browser to url "http://localhost:8080/CustomApp/first.html"
Note:
  1. If the name of your html file is 'index.html', it can be simply opened by the url:http://localhost:8080/CustomApp

Installing and Running Apache Tomcat Server


  1. Download apache server from https://tomcat.apache.org/
  2. If the you have downloaded the zip, unzip at the location of your choice.
  3. Create the following three environment variables
    • CATALINA_HOME point to the unzipped apache tomcat location where the bin and conf folders are located.
    • JAVA_HOME
    • JRE_HOME
  4. Execute 'startup.bat' from CATALINA_HOME/bin.
  5. Open the link http://localhost:8080 to check if server is running

Friday, August 17, 2018

Eclipse: JAR v/s Runnable JAR

Both the types standard and runnable contains the Manifest file and java class files. The difference is in the content of Manifest file.

The Manifest file for runnable jar has an entry for main class:
Main-Class: com.kpmg.rohit.appraisalStrory.StoryTeller
That means runnable jar specifically specifies the entry point of jar. 

So if you just want to bundle your project in a library to be used by any application, any type of jar will suffice. But, say, you want to execute by command line, the difference will be clear

So, I have two jars for same project, one exported as runnable and other as standard jar





Let me try to run both of them via command prompt:












The runnable jar is executed but standard jar throws an error, because java does not the entry point to this jar.

We can explicitly specify the class with main method to execute the standard jar as well
That is it, hope you get it.


Friday, June 1, 2018

OIM: Query to get the request data

The following queries will serve as a good starting point to fetch the request data in OIM:

1. To get the request form data

select * from REQUEST_BENEFICIARY_ENTITYDATA where rbed_rbe_key IN
(select RBE_KEY from REQUEST_BENEFICIARY_ENTITIES WHERE AND RBE_REQUEST_KEY = '<RequestId>' ) ORDER BY RBED_RBE_KEY DESC;


2. To get child table data

select * from REQUEST_BENEFICIARY_ENTITYDATA where RBED_PARENT_KEY = '<RBED_>' AND RBED_PARENT_KEY IS NOT NULL;

RBED_PARENT_KEY is returned from the first query.


1.       

Friday, May 25, 2018

Thursday, May 24, 2018

OIM-SOA: Populating wftask table with custom attributes

Many a times, for reporting or other purposes, we need to populate the data the wftask table(directly mapped to human task in composite) with some custom data.
This custom data can be data from the payload or any other data that is present in the composite.

Updating the wftask table with the composite data can avoid writing bpel apis and a query suffices in this case.

How to do it, is probability what you are interested in. This is done by a simple assignment in the human task.
  1. Expand your human task in the composite. You should see a construct like 'taskName_AssignTAskAttributes'


    2. This is where you need to assign the variables. You can do it in design editor, or can copy the following lines in BPEL file.
<copy> 
      <from variable="inputVariable" part="payload" 
        query="/client:process/client:EntityKey"/> 
      <to variable="initiateTaskInput" part="payload" 
       query="/taskservice:initiateTask/task:task/task:customAttributes/task:customAttributeString1"/> 
</copy> 
<copy> 
  <from variable="inputVariable" part="payload" 
   query="/client:process/client:BeneficiaryLogin"/> 
  <to variable="initiateTaskInput" part="payload" 
   query="/taskservice:initiateTask/task:task/task:customAttributes/task:customAttributeString2"/> 
</copy>

You might want to edit the data in from and to depending on your exact requirement.

3. Now, once you deploy and test the composite. You will see the two columns 'customAttributeString1' and 'customAttributeString2' populated in your wftask table.




Friday, May 11, 2018

Tuesday, May 8, 2018

Java: Comma Separated String to List

    ArrayList<String> convertCommaSprtdStrToList(String commaSprtdStr) {
        ArrayList<String> list = new ArrayList<String>();
       
        if(commaSprtdStr == null || commaSprtdStr.isEmpty())
            return list;
       
        String[] strArr = commaSprtdStr.split(",");
       
        if(commaSprtdStr != null && !commaSprtdStr.isEmpty()) {
            for(String str : strArr) {
                list.add(str.trim());
            }
        }
       
        return list;
    }

Friday, March 16, 2018

Unable to open kernel device '\\.\Global\vmx86': The system cannot find the file specified. Did you reboot after installing VMware Workstation

If you got this error, you are already working with VMWare, so no point in replicating the error.
Solution however is simple and effective, just restart the 'VMWare Authorization Service' from the services console and retry.

Friday, January 12, 2018

OIM: Create and deploy scheduled task

The following posts covers all aspects of developing and deploying a scheduled task in OIM and creating a scheduled job.

The post will cover the following tasks in detail:
>> How to create a scheduled task ?
>> How to package a scheduled task ?
>> How to deploy a scheduled task ? 
>> How to create a scheduled job ?

How to create a scheduled task
This includes the following items:
> Developing java class and creating jar file
> Creating plugin file
> Creating metadata file


Developing java class and jar files:
1. Create a java project in IDE of your choice
2. Import the following jars in your project class path:
common-logging.jar
eclipselink.jar
jrf-api.jar
oimclient.jar
spring.jar
wlfullclient.jar
3. Create a java class and extend the class oracle.iam.scheduler.vo.TaskSupport
4. You will have to implement the abstract methods of this class: execute, getAttributes and setAttributes
5. Don't worry about getAttributes and setAttributes. Remember, we are learning the basics and trying to get out first scheduled job up and running.
6. Execute method is what is called when the scheduled job is executed.
7. This method has an input argument as a HashMap, this map contains the value provided by you on the schedule job UI (The UI parameters are configured in an xml file, that we will see lator).
8. Implement your custom logic in this method:
      How to get the data from UI
String lookupName = (String) hashMap.get("Lookup Name");
      How to initializa API and write custom logic
       UserManager userManager = Platform.getService(UserManager.class);

       How to add custom logger
 Create LOGGER
 Add in logging.xml

  9. Create the jar file using IDE.

Creating plugin file: Always call it plugin.xml for ease of use
Create an xml file and change the bold parameters only, this file is self-explanatory. 

<?xml version="1.0" encoding="UTF-8"?>
  <oimplugins xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<plugins pluginpoint="oracle.iam.scheduler.vo.TaskSupport">
<plugin pluginclass= "com.rohit.st.demo.SchedulerDemo" version="1.0" name="SchedulerDemo"/>
</plugins>
   </oimplugins>

Creating metadata file: This goes in MDS datastore, so provide a business friendly name
Create an xml file and change the bold parameters only, this file is self-explanatory. 
<scheduledTasks xmlns="http://xmlns.oracle.com/oim/scheduler">
<task>
<name>SchedulerDemo</name>
<class>com.rohit.st.demo.SchedulerDemo</class>
<description>SchedulerDemo</description>
<retry>5</retry>
<parameters>
<string-param required="true" encrypted="false" helpText="Lookup Name">Lookup Name</string-param>
<string-param required="true" encrypted="false" helpText="First Name">First Name</string-param>
<string-param required="true" encrypted="false" helpText="Last Name">Last Name</string-param>
</parameters>
</task>
</scheduledTasks>

How to package a scheduled task
1. Create a directory (let us call is SchedulerDemo directory, call anything)
2. Create the following directories inside the SchedulerDemo directory.
       lib - place your jar file in this directory
       config
       resources
3. Also place plugin.xml directly inside SchedulerDemo directory.
4. Create the zip file.
5. Place the zip file on the OIM server in the environment where you want to deploy it.

How to deploy a scheduled task
Deploying plugin:
6. Next you need to register the plugin(This zip file that you created will be deployed in OIM as a plugin).
7. Set ANT_HOME environment variable.
    export ANT_HOME=/apps/oracle/middleware/modules/org.apache.ant_1.7.1 (env specific)
8. Update PATH environment variable.
     export PATH=$JAVA_HOME/bin:$ANT_HOME/bin:$PATH

9. Navigate to $OIM_HOME/server/plugin_utility
10. Edit/Check ant.properties and set the following values:
    wls.home
    oim.home
    mw.home
11. Execute the following command:
    ant -f pluginregistration.xml register
12. In a new environment, sometimes an error is encountered:
     /pluginregistration.xml:72: Class not found: oracle.iam.platform.utils.ant.PasswordInputHandler
In which case, cross check your ant.properties and if the error persists, navigate to the location $WLS_HOME/server/lib
and run: java -jar wljarbuilder.jar
13. Once this is done, navigate back to $OIM_HOME/server/plugin_utility and execute ant -f pluginregistration.xml register
14. You will need to provide the following values to the script
    User name: xelsysadm
    Password: xelsysadm's password (enc specific)
    URL:  t3://OIM_HOST:OIM_PORT (env specific). like t3://rohitdemo:14000
15. Checkpoint: Once the script run successfully, query the plugins table to see that the plugin was deployed.

Registering Metadata:
Now you need to import the metadata file that you created inside the MDS data store. We will use weblogicImportMetadata utility to do the same.

16. Place the metadata file on the server.
17. Navigate to  $OIM_HOME/server/bin
18. Take a backup of weblogic.properties file
19. Edit weblogic.properties file 
20. Set the value of 'metadata_to_loc'
21. Set OIM_ORACLE_HOME same as OIM_HOME
22. Execute command:
 ./weblogicImportMetadata.sh
Provide the following values:
weblogic (NOT xelsysadm)
weblogic's password
t3://OIM_HOST:OIM_POST (NOT weblogic port but OIM's port)

How to create a scheduled job 
1. Create from sysadmin console
2. Search for task name configured in metadata file