Project Management Plan – GlobWeb Information Solutions (GWIS)

Here is a sample scheduling plan I created for the Project Management Principles and Tools course. Following are the details of the baseline schedule prior to applying schedule compression techniques such as crashing or fast tracking.

Baseline Schedule:

Project Schedule Snapshot

 

Milestones:

Workshop creation – points to remember

Recently I have delivered technology workshops on IdM products to mixed audiences. Technology workshops are simulations of popular usecases on prebuilt platforms. Participants are given documents with clear set of steps to build a predefined scenario. When they correctly follow the instructions and listen to the presenter, participants achieve the scenario that closely resembles a business case.

Objective:

There is a difference between a traditional demo and a workshop. A demo is the one when you perform the configurations to show your audience (mostly prospective clients) the capability of the asset (product, service, or hardware) you are presenting. You are deemed most successful if you are able to convince your audience about the asset and pursue them to do certain things.

For a workshop the goal is a little different than above. A technology workshop is designed to inform, engage, and woo (or may be to educate) your audience to perform tasks as per agreed upon scenarios. Here the level of participation (not only verbal but hands on) is critical for the success of a workshop. When they achieve the predefined set of objectives with your assistance and materials, as an instructor you feel content.

Though the goal of a successful workshop is to inspire the audience to perform tasks and implement scenarios and eventually be interested about the product, you may steer this interest and excitement to meet some business need eventually.

Keeping the factors above in mind, you may use the checklist when you design your workshop :

Agile PLM and Oracle Identity Management integration

Oracle Agile PLM enables alignment of People, Processes, and Technology to best manage the Products throughout the product life cycle – from idea inception to retirement. It is one of the prominent offering in Oracle Applications portfolio.

I was investigating its integrations opportunities with Oracle Identity Management solution. The recommended configuration for Agile PLM suggests Database as the repository, but it can be integrated with a range of LDAP directories.

Agile PLM supports LDAP authentication through the Agile Directory Server Integration Module. You can integrate Agile with your existing directory server to manage your users in one place. This approach can be fully integrated into Agile PLM, for these supported directory servers:

• Oracle Internet Directory Server
• Microsoft Active Directory Server
• Sun Java System Directory Server
• Microsoft Active Directory Lightweight Directory Services Server
• Oracle Virtual Directory Server

If you chose to manage your user accounts through a directory server (instead of the database) during installation, then all new users are added, and certain user attributes are configured, only through the directory server.

With SSO configured and enabled for your PLM system, a user that has signed in to the system once (for instance, through the corporate portal) is not prompted again by a “login” dialog in such cases as:

• Launching Web Client
• Clicking on a URL for an email notification
• When a customer’s supplier launches the Microsoft Excel-based Solution from a Declaration
• When Web Client times out.

Oracle Access Manager (OAM) ensures authentication and strict authorization policies are applied to your applications and services such as:

• Controlled access to web applications, Enterprise Java Beans (EJB) applications, J2EE resources, and common packaged enterprise applications.
• Web SSO for secure access to multiple applications with one authentication step.
• Flexible authentication support.

Agile PLM 9.3.2 is certified with OAM (11g) suite of products.

For more please refer to:

Agile Product Lifecycle Management Documentation Library v9.3.2

http://docs.oracle.com/cd/E28664_02/otn/docset.html

ClassCastException error during OIM-Siebel provisioning

Problem Description

OIM connector for Siebel was apparently installed successfully. But, provisioning to the Siebel resource did not go through. A careful inspection of logs reveals the notorious “ClassCastException”.

Environment: OIM 11g 11.1.1.5.0 (PS1), Siebel 8.1.1, Oracle DB 11.2.0.1, Siebel User Management Release 11.1.1, Oracle Enterprise Linux 5.6 (64 bit), WLS 10.3.5

Stacktrace

java.lang.ClassCastException: java.lang.NoClassDefFoundError cannot be cast to org.identityconnectors.framework.common.objects.ConnectorObject

Other variants:

java.lang.NoClassDefFoundError

Investigation

This problem occurs if the required third party JARs (as noted in the connector documentation) were not successfully bundled within the connector during connector installation.

The documentation instructs one to copy siebel.jar and siebelji_enu.jar from SIEBEL_INSTALLATION_DIRECTORY/siebsrvr/CLASSES directory location and place in OIM_HOME/ConnectorDefaultDirectory/targetsystems-lib/siebel-RELEASE_NUMBER. But the downloaded third party jars size showed ridiculous 133KB (where healthy Siebel.jar ->1,295KB, SiebelJI_enu.jar -> 42KB).

Verification

1. $OIM_HOME/server/bin/DownloadJars.sh

[Enter Xellerate admin username :]xelsysadm
[Enter the admin password :]
[Enter serverURL :[ t3://localhost:7001 ]]t3://localhost:14000
[Enter context Factory :[ weblogic.jndi.WLInitialContextFactory ]]
Enter the jar type
1.JavaTasks
2.ScheduleTask
3.ThirdParty
4.ICFBundle
4 <——————————— Choose 4 for SiebelConnectorBundle here
Enter the full path of the download directory :
/tmp
Enter the name of jar file to be downloaded from DB :
org.identityconnectors.siebel-1.0.1.jar <—————– The name of the SiebelApps bundle
Do u want to download more jars [y/n] :n
Download jar executed successfully

2. Unzip the downloaded org.identityconnectors.siebel-1.0.1.jar file and check for the four required third-party JAR files which will not be present.

Solution

1. In the directory where the downloaded org.identityconnectors.siebel-1.0.1.jar was unzipped (ie. so you’re in the structure of the archive itself) create a sub-directory within this called: lib

2. Copy the four required Siebel third-party JAR files into this new lib directory.

3. Re-jar the files which now contain the third-party files in the new lib directory (the following command assumes you’re in the same directory where the original jar was unzipped in to and you’ve moved the original JAR file from this directory so it doesn’t end up in the new archive):

jar cvfm org.identityconnectors.siebel-1.0.1.jar META-INF/MANIFEST.MF *

(note the use of the existing MANIFEST.MF file as OIM will check for this)

4. Upload this new updated JAR file back into the database:

$OIM_HOME/server/bin/UploadJars.sh

[Enter Xellerate admin username :]
[Enter Xellerate admin username :]xelsysadm
[Enter the admin password :]
[Enter serverURL :[ t3://localhost:7001 ]]t3://localhost:14000
[Enter context Factory :[ weblogic.jndi.WLInitialContextFactory ]]
Enter the jar type
1.JavaTasks
2.ScheduleTask
3.ThirdParty
4.ICFBundle
4 <———————— again choose option 4 here for the SiebelConnectorBundle
Enter the path/location of jar file :
/tmp/jars/ org.identityconnectors.siebel-1.0.1.jar <—————– The name of the SiebelApps bundle
Do u want to load more jars [y/n] :n
Upload jar executed successfully

5. Restart OIM and retest provisioning and monitor logs.

OIM LDAP Sync

LDAP sync (LDAP Synchronization) is the bidirectional process of exposing the security principals (users, user groups, and roles). This process copies OIM user changes (add, modify, delete) to Oracle Internet Directory (OID) via Oracle Virtual Directory (OVD). LDAP sync runs behind the scene and uses scheduled jobs or reconciliation engine to pull changes from LDAP and event handlers to push data to LDAP.

Is OVD a mandatory element?

It Depends on OIM version.

• OIM 11.1.1.3.x version requires external OVD server for LDAP Sync.
• OIM 11.1.1.5 (PS1) versions support both external OVD server as well as inbuilt libOVD (OVD plugin part of OIM ). This means that OVD is an optional component here.

LDAP Sync Vs LDAP connector:

As some of you might be wondering what the difference is, let me make this clear to you that there are some overlap in functionalities between these options and that you have to consciously choose the appropriate one. Here are some of the deciders:

•  LDAP sync becomes a mandatory element for OIM-OAM integration in the 11g world. In the integrated scenario LDAP sync provides complete password lifecycle management.
•  LDAP sync is a feature that allows bidirectional synchronization between LDAP and OIM. Don’t expect OIM to manage the LDAP as a resource or target system.
•  LDAP connector adds the LDAP instance as a resource or target system in OIM. There are a number of actions you can attach around your target systems such as: Workflows, provisioning operations, approvals, requests etc.
•  LDAP sync does not synchronize Organizations. Users and Roles are the main elements.
•  Additional features such as Audit, Reporting can only be done with LDAP connector.
•  Having said all those, I may assert that there can be such requirements that both LDAP sync and LDAP connector might be required for a typical implementation. So brainstorm on your requirement and weigh fine differences of the scenarios before arriving at a decision.

LDAP sync can be setup while installation of Oracle Identity Manager as well as later.
How to Setup LDAP Sync After Install in OIM 11g?

Click here.

How to disable LDAP sync in 11.1.1.3.0?

Click here.

Some Important links related to this topic:

Setting Up LDAP Synchronization

OIM 11g LDAP Sync Features

OIM 11g & LDAP Synchronization

Access Manager SEVERE error while registering Webgate

Full stacktrace:

Nov 30, 2011 11:16:44 PM oracle.security.am.engines.rreg.client.RegController processRegistration

SEVERE: Server side error occurred. Specific error messages are:User does not belong to the group that is authorized to perform registration. Registration failed. Try again after verifying the users group.

The remote registration process did not succeed! Please find the specific error message below.

Error message passed from server is:User does not belong to the group that is authorized to perform registration. Registration failed. Try again after verifying the users group.

Nov 30, 2011 11:16:44 PM oracle.security.am.engines.rreg.client.RegClient main

SEVERE: Exception encountered: RemoteAgentRegistrationException. Specific exception:Error message passed from server is:User does not belong to the group that is authorized to perform registration. Registration failed. Try again after verifying the users group.oracle.security.am.engines.rreg.common.RemoteAgentRegistrationException: Error message passed from server is:User does not belong to the group that is authorized to perform registration. Registration failed. Try again after verifying the users group.

Environment:

OAM version 11.1.1.5 with OHS and Webgate version 11.1.1.2 on OEL 5.4 64 bit OS. This error was seen in the OAM setup integrated with OIM.

Resolution:

Add the OAM admin user in the Identity primary (default) identity store as Access System Administrators. Also, add the group OAMAdministrators here.

Screenshot:

User Identity Store Configurations

Oracle Access Manager – A comparative study between 11gr1 and 10gr3

Oracle Access Manager centralizes access control services to provide an integrated solution that delivers authentication, authorization, web single sign-on, policy administration, enforcement agent management, session control, systems monitoring, reporting, logging, and auditing. Oracle Access Manager excels in complex, heterogeneous enterprise environments and integrates out-of-the with market leading directory servers, application servers, web servers, and enterprise applications. The key difference between OAM 10gr3 and 11gr1 are put here. OAM 11g is a major upgrade and rewrite of the 10g version.

1. Developed language: 11g version of OAM is a major shift because it is Java EE application deployed on Oracle WebLogic Server. 10g was written in C++.
2. Administration Console: OAM Administration Console User Interface (UI) based
   on Application Development Framework (ADF) for 11g. OAM server is deployed as Weblogic managed server where as the admin console as Weblogic admin server.
3. Authentication LDAP: There is a major shift here. 10g times you had LDAP tied system wide where as not it is authentication scheme specific in 11g.
4. Session Management: 10g times OAM used stateless sessions in a cookie while 11g OAM exploits Stateful sessions at a centralized server that leverages Coherence for distributed caching.
5. Config data: 10g used LDAP servers. 11g uses oam-config.xml under WebLogic domain.
6. Policy data: LDAP servers in case of 10g systems. In 11g system it is Database only.
7. Policy Model: In 10g by default resources were Open and you had to protect it using policies where as the model is just reverse now. In 11g you have to create policies to make a resource open by default it is closed.
8. Identity Management: 10g OAM Identity Server. 11g is said to be Identity agnostic meaning it uses OIM 11g underneath with restricted use.

OAM 11g Architecture

Identity Connector Framework (ICF)

ICF sits as a layer between OIM server and the target system and removes dependencies between those two systems. ICF provides a container that separates a connector bundle from the application. The framework offers many features that the developers would otherwise need to implement.  ICF Connectors allow OIM to carry out user provisioning or reconciliation operations on target systems.

In the past Oracle Identity Manager (OIM) and Oracle Waveset (OW, formerly Sun Identity Manager) had four connector families.  Adapter Factory based connectors and GTC-framework based connectors were for OIM whereas, OW contained Legacy Resource Adapters and Identity Connector Framework based connectors. Such OIM connectors have a few drawbacks from operation standpoint such as these.

1. These connectors were strongly dependent on OIM server. So connector cannot be developed or tested in isolation.
2. Same connector does not work with different versions of OIM.

So, post OW acquisition, Connector families of both OIM and OW are getting converged into a single, widely acceptable framework, Identity Connector Framework. This framework will provide common connectors for OIM and OW, certify common tracks, give feature parity and simplify deployment and integration.

Connector Convergence

Features of ICF

1. Independent – of the Server, in fact works in isolation
2. Lightweight – less resource centric
3. Declares API and SPI – applications call API (uniformly for every target); SPI is implemented by developers (specific for each target)
4. Backward compatibility – any connectors work with any version of framework and connector release cycles do not depend on Server release cycles.

ICF Architecture

The identity connector framework is separated into two parts:

• API Layer – Applications use the API to call connectors
• SPI Layer – Developers can create connectors using the SPI

Connector SPI

The connector SPI is made up of several interfaces so that the connector developer only has to implement the interfaces that the target application or system supports. The connector API will still provide a consistent view regardless of the interfaces the connector developer chooses to implement. The SPI is broken up into required interfaces, feature-based interfaces, and operation interfaces (create, update, delete, search, and so on).

Connector API

The connector API is responsible for presenting a consistent view of a connector regardless of the operations it has implemented. For the convenience of the SPI developer, there are several common features that are provided right out of the box. For most of these features there is no need for the API developer to handle them, only configure them. Following is a list of API features and their explanation.

Oracle Unified Directory (OUD)

Oracle Unified Directory is Oracle next generation directory with focus of investment and innovation. It is believed to be the convergence of ODSEE and OVD. However OUD is fully compatible with ODSEE and provides significant improvement over ODSEE. Oracle encourages upgrade from ODSEE to OUD.

Licensing:

OUD fills the fourth quadrant of ODSPlus that already comes along with ODSEE, OVD and OID. This makes ODSPlus offering more comprehensive and makes Oracle strongest and most competitive directory services provider after acquisition of SUN. So, new ODSPlus customers, existing ODSPlus customers and IAM suite customers get OUD.

Key features of OUD:

1. Unified Directory Services:  “Unified” means it combines the services of a virtual directory, meta directory and data storage capability. OUD is pure Java based all-in-one directory solution for multiple platform support.
2. Carrier Grade Scalability: Carrier grade systems are extremely reliable, well tested, proven, highly available and provides very fast fault recovery. OUD provides carrier grade performance on read and write. It also supports authentication of billons of subscribers.
3. Integrated Solution:  OUD follows many standards so OUD allows integration to most of the available system easily. It’s ready for in-cloud and on-premise applications and integrated with FMW platform.
4. OUD is a J2SE application that runs in JVM and does not require J2EE container.
5. Elastic Scalability: Adding multi-million entries to the existing base is as simple as including a configuration entry and the system distributes the additional entries automatically. Global indexing capability routes the requests to servers that is physically holding the entry.
6. Advanced Replication:  Fractional, Priority and Assured replication.
7. Flexible Load balancing: Proxy load balancing (proportional, saturation, failover and optimal algorithms) and proxy data distribution or partition (numeric, lexicographic, DN pattern, capability based).
8. Certified identity store for  IDM products as well as OPSS.

OUD Vs OID:

1. Architecture is different; OUD uses embedded Berkley DB and OID external Oracle DB.
2. Scaling approach – horizontal data partition (e.g. on commodity hardware) vs. vertical monolithic DIT
3. In future OUD will be certified as an option which requires OID today.

OUD Vs ODSEE:

OUD and ODSEE differ only qualitatively at the moment. ODSEE has many features that come in “better” or “enhanced” flavour in OUD. Some of the distinctions are:

1. Better Performance:  Read, write, mix-mode and authentication operation are much faster in OUD.  These features are built keeping in mind today’s business need esp. to cater to mobile devices, social media and cloud services.
2. Enhanced Scalability: Dynamic and elastic data distribution for unmatched horizontal scalability.
3. Better availability: Built-in directory proxy server.
4. Seamless Java Environment with OFMW and Fusion Apps

A quick word on maturity standpoint – Though OUD is brand-new, the core functionalities provided are developed by professionals having more than fifteen years of experience. Best of functionalities of multiple directories are combined to create a unified solution that is compatible and robust.

Hello world!

Welcome to WordPress.com. After you read this, you should delete and write your own post, with a new title above. Or hit Add New on the left (of the admin dashboard) to start a fresh post.

Here are some suggestions for your first post.

1. You can find new ideas for what to blog about by reading the Daily Post.
2. Add PressThis to your browser. It creates a new blog post for you about any interesting  page you read on the web.
3. Make some changes to this page, and then hit preview on the right. You can alway preview any post or edit you before you share it to the world.