Thursday, June 26, 2014

OBIEE 11gR1 Security Explained : Working with the Default Security Configuration with AD ALSO

http://www.rittmanmead.com/2010/10/obiee-11gr1-security-explained-working-with-the-default-security-configuration/ http://www.rittmanmead.com/2010/11/01/oracle-bi-ee-11g-security-integration-with-microsoft-active-directory/
Posted by at No comments:

WNA configuration in Oracle Access Manager 11g R2 PS2

http://findiamsolution.blogspot.com/2014/04/wna-configuration-in-oracle-access.html
Posted by at No comments:

OAM 11g(integrated with OAAM 11g) user not able to login to a protected resource intermittently

Hi All, Recently I came across a weird intermittent login issue in OAM 11g protected resource when it's integrated with OAAM 11g. As far as I know there is only one place(OAM Admin console >> System configuration >> common settings) where we can change the max session timeout. By default, Max session value will be 480 min. I got requirement to change the max session timeout from 8 hrs to 12 hrs. So I just changed the setting accordingly and bounced the services. After increasing the max timeout setting user is not able to login all of sudden. After so much struggle i found the pattern of the issue. User will not be able to login starting from 8th hour of user last login and before 12th hour(Essentially, user will not be able to login for period of 4 hrs). Once clock hits 12th hour user can login as usual. Then finally after discussing with Oracle support there they provided a fix for this issue. Here is the solution: 1. On the Admin Server, take a backup of the $DOMAIN_HOME/config/fmwconfig/oam-config.xml 2. Edit the oam-config.xml file, searching for CredentialValidityInterval (this defaults to 480 minutes, or 8 hours) 3. Change this field to match the configured OAM session timeout 4. Find the Version field, eg: 20000 120 and increment the version value: 20000 121 Then, Bounce OAM services and test the scenario. http://findiamsolution.blogspot.com/2014/02/oam-11g-intermittent-login-issue.html
Posted by at No comments:

OBIEE 11g 11.1.1.7.1 New Features

http://www.clearpeaks.com/blog/oracle-bi-ee-11g/top-5-new-features-obiee-11-1-1-7-1
Posted by at No comments:

Security in OBIA 11.1.1.7.1

http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/sso.htm http://docs.oracle.com/cd/E38317_01/doc.11117/e37986/security.htm#CJAICGCF http://www.rittmanmead.com/2012/03/obiee-11g-security-week-connecting-to-active-directory-and-obtaining-group-membership-from-database-tables/ 1343143.1 http://onlineappsdba.com/index.php/2011/12/05/integrate-obiee-11g-with-oam-11g-for-single-sign-on-in-13-steps/
Posted by at No comments:

How to change the logo in the OBIEE11G Reports

How to change the logo in the OBIEE11G Reports Place the customized logo n the below locations :\Oracle\Middleware\Oracle_BI1\bifoundation\web\app\res\s_blafp\images :\Oracle\Middleware\user_projects\domains\bifoundation_domain\servers\AdminServer\tmp\.appmergegen_1291264099332\analytics.ear\ukjjdc\res\s_blafp\images :\Oracle\Middleware\user_projects\domains\bifoundation_domain\servers\bi_server1\tmp\_WL_user\analytics_11.1.1\7dezjl\war\res\s_blafp\images After placing the image restart the BI Services. In Logo of Title View the format is like:- fmap:Images/image.jpg
Posted by at No comments:

Monday, June 23, 2014

Hyperion 11.1.2.3 Issues

http://hyperionvirtuoso.blogspot.com/ http://hyperion-appu.blogspot.com/2014/05/in-epm-version-11123-after-installing.html http://john-goodwin.blogspot.com/2013_05_01_archive.html http://www.mpowersolutions.com.au/news-events/news/11123-a-technical-summary-what-you-need-to-know
Posted by at No comments:

RAC Commands

http://satya-racdba.blogspot.in/2009/12/srvctl-commands.html srvctl commands in Oracle RAC SRVCTL: (Server Control utility) srvctl command target [options] commands: enable|disable|start|stop|relocate|status|add|remove|modify|getenv|setenv|unsetenv|config targets: database/db|instance/inst|service/serv|nodeapps|asm|listener targets: database/db|instance/inst|service/serv|nodeapps|asm|listener |diskgroup|home|ons|eons|filesystem|gns|oc4j|scan|scan_listener |srvpool|server|VIP -- From Oracle 11g R2 srvctl -help or srvctl -v srvctl -V -- prints version srvctl version: 10.2.0.0.0 (or) srvctl version: 11.2.0.1.0 srvctl -h -- print usage srvctl status service –h Database: -------------------------------------------------------------------------------- srvctl add database -d db_name -o ORACLE_HOME [-m domain_name][-p spfile] [-A name|ip/netmask] [-r {PRIMARY|PHYSICAL_STANDBY|LOGICAL_STANDBY|SNAPSHOT_STANDBY}] [-s start_options] [-n db_name] [-y {AUTOMATIC|MANUAL}] srvctl add database -d prod -o /u01/oracle/product/102/prod srvctl remove database -d db_name [-f] srvctl remove database -d prod srvctl start database -d db_name [-o start_options] [-c connect_str|-q] srvctl start database -d db_name [-o open] srvctl start database -d db_name -o nomount srvctl start database -d db_name -o mount srvctl start db -d prod srvctl start database -d apps -o open srvctl stop database -d db_name [-o stop_options] [-c connect_str|-q] srvctl stop database -d db_name [-o normal] srvctl stop database -d db_name -o transactional srvctl stop database -d db_name -o immediate srvctl stop database -d db_name -o abort srvctl stop db -d crm -o immediate srvctl status database -d db_name [-f] [-v] [-S level] srvctl status database -d db_name -v service_name srvctl status database -d hrms srvctl enable database -d db_name srvctl enable database -d vis srvctl disable database -d db_name srvctl disable db -d vis srvctl config database srvctl config database -d db_name [-a] [-t] srvctl config database srvctl config database -d HYD -a srvctl modify database -d db_name [-n db_name] [-o ORACLE_HOME] [-m domain_name] [-p spfile] [-r {PRIMARY|PHYSICAL_STANDBY|LOGICAL_STANDBY|SNAPSHOT_STANDBY}] [-s start_options] [-y {AUTOMATIC|MANUAL}] srvctl modify database -d hrms -r physical_standby srvctl modify db -d RAC -p /u03/oradata/RAC/spfileRAC.ora -- moves p file srvctl modify database –d HYD –o /u01/app/oracle/product/11.1/db –s open srvctl getenv database -d db_name [-t name_list] srvctl getenv database -d prod srvctl setenv database -d db_name {-t name=val[,name=val,...]|-T name=val} srvctl setenv database –d HYD –t “TNS_ADMIN=/u01/app/oracle/product/11.1/asm/network/admin” srvctl setenv db -d prod -t LANG=en srvctl unsetenv database -d db_name [-t name_list] srvctl unsetenv database -d prod -t CLASSPATH In 11g Release 2, some command's syntax has been changed: srvctl add database -d db_unique_name -o ORACLE_HOME [-x node_name] [-m domain_name] [-p spfile] [-r {PRIMARY|PHYSICAL_STANDBY|LOGICAL_STANDBY|SNAPSHOT_STANDBY}] [-s start_options] [-t stop_options] [-n db_name] [-y {AUTOMATIC|MANUAL}] [-g server_pool_list] [-a "diskgroup_list"] srvctl add database -d prod -o /u01/oracle/product/112/prod -m foo.com -p +dg1/prod/spfileprod.ora -r PRIMARY -s open -t normal -n db2 -y AUTOMATIC -g svrpool1,svrpool2 -a "dg1,dg2" srvctl remove database -d db_unique_name [-f] [-y] [-v] srvctl remove database -d prod -y srvctl stop database -d db_unique_name [-o stop_options] [-f] srvctl stop database -d dev -f srvctl status database -d db_unique_name [-f] [-v] srvctl status db -d sat -v srvctl enable database -d db_unique_name [-n node_name] srvctl enable database -d vis -n lnx01 srvctl disable database -d db_unique_name [-n node_name] srvctl disable db -d vis -n lnx03 srvctl config database [-d db_unique_name [-a]] srvctl config db -d db_erp -a srvctl modify database -d db_unique_name [-n db_name] [-o ORACLE_HOME] [-u oracle_user] [-m domain] [-p spfile] [-r {PRIMARY|PHYSICAL_STANDBY|LOGICAL_STANDBY|SNAPSHOT_STANDBY}] [-s start_options] [-t stop_options] [-y {AUTOMATIC|MANUAL}] [-g "server_pool_list"] [-a "diskgroup_list"|-z] srvctl modify db -d prod -r logical_standby srvctl modify database -d racTest -a "SYSFILES,LOGS,OLTP" srvctl modify database -d ronedb -e rac1,rac2 srvctl relocate database -d db_unique_name {[-n target_node] [-w timeout] | -a [-r]} [-v] srvctl relocate database -d rontest -n node2 srvctl relocate database -d rone2db -n lnxrac2 -w 120 -v srvctl convert database -d .... srvctl convert database -d ronedb -c RAC -n rac1 srvctl convert database -d ronedb -c RACONENODE -i RoneDB Instance: -------------------------------------------------------------------------------- srvctl add instance –d db_name –i inst_name -n node_name srvctl add instance -d prod -i prod01 -n linux01 srvctl remove instance –d db_name –i inst_name [-f] srvctl remove instance -d prod -i prod01 srvctl start instance -d db_name -i inst_names [-o start_options] [-c connect_str|-q] srvctl start instance –d db_name –i inst_names [-o open] srvctl start instance –d db_name –i inst_names -o nomount srvctl start instance –d db_name –i inst_names -o mount srvctl start instance –d dev -i dev2 srvctl stop instance -d db_name -i inst_names [-o stop_options] [-c connect_str|-q] srvctl stop instance –d db_name –i inst_names [-o normal] srvctl stop instance –d db_name –i inst_names -o transactional srvctl stop instance –d db_name –i inst_names -o immediate srvctl stop instance –d db_name –i inst_names -o abort srvctl stop inst –d vis -i vis srvctl status instance –d db_name –i inst_names [-f] [-v] [-S level] srvctl status inst –d racdb -i racdb2 srvctl enable instance –d db_name –i inst_names srvctl enable instance -d prod -i "prod1,prod2" srvctl disable instance –d db_name –i inst_names srvctl disable inst -d prod -i "prod1,prod3" srvctl modify instance -d db_name -i inst_name {-s asm_inst_name|-r} -- set dependency of instance to ASM srvctl modify instance -d db_name -i inst_name -n node_name -- move the instance srvctl modify instance -d db_name -i inst_name -r -- remove the instance srvctl getenv instance –d db_name –i inst_name [-t name_list] srvctl setenv instance –d db_name [–i inst_name] {-t "name=val[,name=val,...]" | -T "name=val"} srvctl unsetenv instance –d db_name [–i inst_name] [-t name_list] In 11g Release 2, some command's syntax has been changed: srvctl start instance -d db_unique_name {-n node_name -i "instance_name_list"} [-o start_options] srvctl start instance -d prod -n node2 srvctl start inst -d prod -i "prod2,prod3" srvctl stop instance -d db_unique_name {[-n node_name]|[-i "instance_name_list"]} [-o stop_options] [-f] srvctl stop inst -d prod -n node1 srvctl stop instance -d prod -i prod1 srvctl status instance -d db_unique_name {-n node_name | -i "instance_name_list"} [-f] [-v] srvctl status instance -d prod -i "prod1,prod2" -v srvctl modify instance -d db_unique_name -i instance_name {-n node_name|-z} srvctl modify instance -d prod -i prod1 -n mynode srvctl modify inst -d prod -i prod1 -z Service: -------------------------------------------------------------------------------- srvctl add service -d db_name -s service_name -r pref_insts [-a avail_insts] [-P TAF_policy] srvctl add service -d db_name -s service_name -u {-r "new_pref_inst" | -a "new_avail_inst"} srvctl add service -d RAC -s PRD -r RAC01,RAC02 -a RAC03,RAC04 srvctl add serv -d CRM -s CRM -r CRM1 -a CRM3 -P basic srvctl remove service -d db_name -s service_name [-i inst_name] [-f] srvctl remove serv -d dev -s sales srvctl remove service -d dev -s sales -i dev01,dev02 srvctl start service -d db_name [-s service_names [-i inst_name]] [-o start_options] srvctl start service -d db_name -s service_names [-o open] srvctl start service -d db_name -s service_names -o nomount srvctl start service -d db_name -s service_names -o mount srvctl start serv -d dwh -s dwh srvctl stop service -d db_name [-s service_names [-i inst_name]] [-f] srvctl stop serv -d dwh -s dwh srvctl status service -d db_name [-s service_names] [-f] [-v] [-S level] srvctl status service -d dev -s dev srvctl enable service -d db_name -s service_names [–i inst_name] srvctl enable service -d apps -s apps1 srvctl disable service -d db_name -s service_names [–i inst_name] srvctl disable serv -d dev -s dev -i dev1 srvctl config service -d db_name [-s service_name] [-a] [-S level] srvctl config service -d db_name -a -- -a shows TAF configuration srvctl config service -d TEST -s test PREF:TST1 AVAIL:TST2 srvctl modify service -d db_name -s service_name -i old_inst_name -t new_inst_name [-f] srvctl modify service -d db_name -s service_name -i avail_inst_name -r [-f] srvctl modify service -d db_name -s service_name -n -i preferred_list [-a available_list] [-f] srvctl modify service -d db_name -s service_name -i old_inst_name -a avail_inst -P TAF_policy srvctl modify serv -d PROD -s DWH -n -i I1,I2,I3,I4 -a I5,I6 srvctl relocate service -d db_name -s service_name –i old_inst_name -t target_inst [-f] srvctl getenv service -d db_name -s service_name -t name_list srvctl setenv service -d db_name [-s service_name] {-t "name=val[,name=val,...]" | -T "name=val"} srvctl unsetenv service -d db_name -s service_name -t name_list In 11g Release 2, some command's syntax has been changed: srvctl add service -d db_unique_name -s service_name [-l [PRIMARY][,PHYSICAL_STANDBY][,LOGICAL_STANDBY][,SNAPSHOT_STANDBY]] [-y {AUTOMATIC|MANUAL}] [-q {true|false}] [-j {SHORT|LONG}] [-B {NONE|SERVICE_TIME|THROUGHPUT}][-e {NONE|SESSION|SELECT}] [-m {NONE|BASIC}][-z failover_retries] [-w failover_delay] srvctl add service -d rac -s rac1 -q TRUE -m BASIC -e SELECT -z 180 -w 5 -j LONG srvctl add service -d db_unique_name -s service_name -u {-r preferred_list | -a available_list} srvctl add service -d db_unique_name -s service_name -g server_pool [-c {UNIFORM|SINGLETON}] [-k network_number] [-l [PRIMARY|PHYSICAL_STANDBY|LOGICAL_STANDBY|SNAPSHOT_STANDBY] [-y {AUTOMATIC|MANUAL}] [-q {TRUE|FALSE}] [-j {SHORT|LONG}] [-B {NONE|SERVICE_TIME|THROUGHPUT}] [-e {NONE|SESSION|SELECT}] [-m {NONE|BASIC}] [-P {BASIC|NONE|PRECONNECT}] [-x {TRUE|FALSE}] [-z failover_retries] [-w failover_delay] srvctl add service -d db_unique_name -s service_name -r preferred_list [-a available_list] [-P {BASIC|NONE|PRECONNECT}] [-l [PRIMARY|PHYSICAL_STANDBY|LOGICAL_STANDBY|SNAPSHOT_STANDBY] [-y {AUTOMATIC|MANUAL}] [-q {TRUE|FALSE}] [-j {SHORT|LONG}] [-B {NONE|SERVICE_TIME|THROUGHPUT}] [-e {NONE|SESSION|SELECT}] [-m {NONE|BASIC}] [-x {TRUE|FALSE}] [-z failover_retries] [-w failover_delay] srvctl add serv -d dev -s sales -r dev01,dev02 -a dev03 -P PRECONNECT srvctl start service -d db_unique_name [-s "service_name_list" [-n node_name | -i instance_name]] [-o start_options] srvctl start serv -d dev -s dev srvctl start service -d dev -s dev -i dev2 srvctl stop service -d db_unique_name [-s "service_name_list"] [-n node_name | -i instance_name] [-f] srvctl stop service -d dev -s dev srvctl stop serv -d dev -s dev -i dev2 srvctl status service -d db_unique_name [-s "service_name_list"] [-f] [-v] srvctl status service -d dev -s dev -v srvctl enable service -d db_unique_name -s "service_name_list" [-i instance_name | -n node_name] srvctl enable service -d dev -s dev srvctl enable serv -d dev -s dev -i dev1 srvctl disable service -d db_unique_name -s "service_name_list" [-i instance_name | -n node_name] srvctl disable service -d dev -s "dev,marketing" srvctl disable serv -d dev -s dev -i dev1 srvctl config service -d db_unique_name [-s service_name] [-a] srvctl config service -d dev -s dev srvctl modify service -d db_unique_name -s service_name [-c {UNIFORM|SINGLETON}] [-P {BASIC|PRECONNECT|NONE}] [-l {[PRIMARY]|[PHYSICAL_STANDBY]|[LOGICAL_STANDBY]|[SNAPSHOT_STANDBY]} [-q {TRUE|FALSE}] [-x {TRUE|FALSE}] [-j {SHORT|LONG}] [-B {NONE|SERVICE_TIME|THROUGHPUT}] [-e {NONE|SESSION|SELECT}] [-m {NONE|BASIC}] [-z failover_retries] [-w failover_delay] [-y {AUTOMATIC|MANUAL}] srvctl modify service -d db_unique_name -s service_name -i old_instance_name -t new_instance_name [-f] srvctl modify service -d db_unique_name -s service_name -i avail_inst_name -r [-f] srvctl modify service -d db_unique_name -s service_name -n -i preferred_list [-a available_list] [-f] srvctl modify service -d dev -s dev -i dev1 -t dev2 srvctl modify serv -d dev -s dev -i dev1 -r srvctl modify service -d dev -s dev -n -i dev1 -a dev2 srvctl relocate service -d db_unique_name -s service_name {-c source_node -n target_node|-i old_instance_name -t new_instance_name} [-f] srvctl relocate service -d dev -s dev -i dev1 -t dev3 Nodeapps: -------------------------------------------------------------------------------- #srvctl add nodeapps -n node_name -o ORACLE_HOME -A name|ip/netmask[/if1[|if2|...]] #srvctl add nodeapps -n lnx02 -o $ORACLE_HOME -A 192.168.0.151/255.255.0.0/eth0 #srvctl remove nodeapps -n node_names [-f] #srvctl start nodeapps -n node_name -- Starts GSD, VIP, listener & ONS #srvctl stop nodeapps -n node_name [-r] -- Stops GSD, VIP, listener & ONS #srvctl status nodeapps -n node_name #srvctl config nodeapps -n node_name [-a] [-g] [-o] [-s] [-l] -a Display VIP configuration -g Display GSD configuration -s Display ONS daemon configuration -l Display listener configuration #srvctl modify nodeapps -n node_name [-A new_vip_address] #srvctl modify nodeapps -n lnx06 -A 10.50.99.43/255.255.252.0/eth0 #srvctl getenv nodeapps -n node_name [-t name_list] #srvctl setenv nodeapps -n node_name {-t "name=val[,name=val,...]"|-T "name=val"} #srvctl setenv nodeapps –n adcracdbq3 –t “TNS_ADMIN=/u01/app/oracle/product/11.1/asm/network/admin” #srvctl unsetenv nodeapps -n node_name [-t name_list] In 11g Release 2, some command's syntax has been changed: srvctl add nodeapps -n node_name -A {name|ip}/netmask[/if1[|if2|...]] [-m multicast_ip_address] [-p multicast_port_number] [-l ons_local_port] [-r ons_remote-port] [-t host[:port][,host[:port],...]] [-v] srvctl add nodeapps -S subnet/netmask[/if1[|if2|...]] [-d dhcp_server_type] [-m multicast_ip_address] [-p multicast_port_number] [-l ons_local_port] [-r ons_remote-port] [-t host[:port][,host[:port],...]] [-v] #srvctl add nodeapps -n devnode1 -A 1.2.3.4/255.255.255.0 srvctl remove nodeapps [-f] [-y] [-v] srvctl remove nodeapps srvctl start nodeapps [-n node_name] [-v] srvctl start nodeapps srvctl stop nodeapps [-n node_name] [-r] [-v] srvctl stop nodeapps srvctl status nodeapps srvctl enable nodeapps [-g] [-v] srvctl enable nodeapps -g -v srvctl disable nodeapps [-g] [-v] srvctl disable nodeapps -g -v srvctl config nodeapps [-a] [-g] [-s] [-e] srvctl config nodeapps -a -g -s -e srvctl modify nodeapps [-n node_name -A new_vip_address] [-S subnet/netmask[/if1[|if2|...]] [-m multicast_ip_address] [-p multicast_port_number] [-e eons_listen_port] [-l ons_local_port] [-r ons_remote_port] [-t host[:port][,host:port,...]] [-v] srvctl modify nodeapps -n mynode1 -A 100.200.300.40/255.255.255.0/eth0 srvctl getenv nodeapps [-a] [-g] [-s] [-e] [-t "name_list"] [-v] srvctl getenv nodeapps -a srvctl setenv nodeapps {-t "name=val[,name=val][...]" | -T "name=val"} [-v] srvctl setenv nodeapps -T "CLASSPATH=/usr/local/jdk/jre/rt.jar" -v srvctl unsetenv nodeapps -t "name_list" [-v] srvctl unsetenv nodeapps -t "test_var1,test_var2" ASM: -------------------------------------------------------------------------------- srvctl add asm -n node_name -i asminstance -o ORACLE_HOME [-p spfile] srvctl remove asm -n node_name [-i asminstance] [-f] srvctl remove asm -n db6 srvctl start asm -n node_name [-i asminstance] [-o start_options] [-c connect_str|-q] srvctl start asm -n node_name [-i asminstance] [-o open] srvctl start asm -n node_name [-i asminstance] -o nomount srvctl start asm -n node_name [-i asminstance] -o mount srvctl start asm -n linux01 srvctl stop asm -n node_name [-i asminstance] [-o stop_options] [-c connect_str|-q] srvctl stop asm -n node_name [-i asminstance] [-o normal] srvctl stop asm -n node_name [-i asminstance] -o transactional srvctl stop asm -n node_name [-i asminstance] -o immediate srvctl stop asm -n node_name [-i asminstance]-o abort srvctl stop asm -n racnode1 srvctl stop asm -n devnode1 -i +asm1 srvctl status asm -n node_name srvctl status asm -n racnode1 srvctl enable asm -n node_name [-i asminstance] srvctl enable asm -n lnx03 -i +asm3 srvctl disable asm -n node_name [-i asminstance] srvctl disable asm -n lnx02 -i +asm2 srvctl config asm -n node_name srvctl config asm -n lnx08 srvctl modify asm -n node_name -i asminstance [-o ORACLE_HOME] [-p spfile] srvctl modify asm –n rac6 -i +asm6 –o /u01/app/oracle/product/11.1/asm In 11g Release 2, some command's syntax has been changed: srvctl add asm [-l lsnr_name] [-p spfile] [-d asm_diskstring] srvctl add asm srvctl add asm -l LISTENERASM -p +dg_data/spfile.ora srvctl remove asm [-f] srvctl remove asm -f srvctl start asm [-n node_name] [-o start_options] srvctl start asm -n devnode1 srvctl stop asm [-n node_name] [-o stop_options] [-f] srvctl stop asm -n devnode1 -f srvctl status asm [-n node_name] [-a] srvctl status asm -n devnode1 -a srvctl enable asm [-n node_name] srvctl enable asm -n devnode1 srvctl disable asm [-n node_name] srvctl disable asm -n devnode1 srvctl config asm [-a] srvctl config asm -a srvctl modify asm [-l lsnr_name] [-p spfile] [-d asm_diskstring] srvctl modify asm [-n node_name] [-l listener_name] [-d asm_diskstring] [-p spfile_path_name] srvctl modify asm -l lsnr1 srvctl getenv asm [-t name[, ...]] srvctl getenv asm srvctl setenv asm {-t "name=val [,...]" | -T "name=value"} srvctl setenv asm -t LANG=en srvctl unsetenv asm -t "name[, ...]" srvctl unsetenv asm -t CLASSPATH Listener: -------------------------------------------------------------------------------- srvctl add listener -n node_name -o ORACLE_HOME [-l listener_name] -- 11g R1 command srvctl remove listener -n node_name [-l listener_name] -- 11g R1 command srvctl start listener -n node_name [-l listener_names] srvctl start listener -n node1 srvctl stop listener -n node_name [-l listener_names] srvctl stop listener -n node1 srvctl status listener [-n node_name] [-l listener_names] -- 11g R1 command srvctl status listener -n node2 srvctl config listener -n node_name srvctl modify listener -n node_name [-l listener_names] -o ORACLE_HOME -- 11g R1 command srvctl modify listener -n racdb4 -o /u01/app/oracle/product/11.1/asm -l "LISTENER_RACDB4" In 11g Release 2, some command's syntax has been changed: srvctl add listener [-l lsnr_name] [-s] [-p "[TCP:]port[, ...][/IPC:key][/NMP:pipe_name][/TCPS:s_port] [/SDP:port]"] [-k network_number] [-o ORACLE_HOME] srvctl add listener -l LISTENERASM -p "TCP:1522" -o $ORACLE_HOME srvctl add listener -l listener112 -p 1341 -o /ora/ora112 srvctl remove listener [-l lsnr_name|-a] [-f] srvctl remove listener -l lsnr01 srvctl stop listener [-n node_name] [-l lsnr_name] [-f] srvctl enable listener [-l lsnr_name] [-n node_name] srvctl enable listener -l listener_dev -n node5 srvctl disable listener [-l lsnr_name] [-n node_name] srvctl disable listener -l listener_dev -n node5 srvctl config listener [-l lsnr_name] [-a] srvctl config listener srvctl modify listener [-l listener_name] [-o oracle_home] [-u user_name] [-p "[TCP:]port_list[/IPC:key][/NMP:pipe_name][/TCPS:s_port][/SDP:port]"] [-k network_number] srvctl modify listener -n node1 -p "TCP:1521,1522" srvctl getenv listener [-l lsnr_name] [-t name[, ...]] srvctl getenv listener srvctl setenv listener [-l lsnr_name] {-t "name=val [,...]" | -T "name=value"} srvctl setenv listener -t LANG=en srvctl unsetenv listener [-l lsnr_name] -t "name[, ...]" srvctl unsetenv listener -t "TNS_ADMIN" New srvctl commands in 11g Release 2 Diskgroup: -------------------------------------------------------------------------------- srvctl remove diskgroup -g diskgroup_name [-n node_list] [-f] srvctl remove diskgroup -g DG1 -f srvctl start diskgroup -g diskgroup_name [-n node_list] srvctl start diskgroup -g diskgroup1 -n node1,node2 srvctl stop diskgroup -g diskgroup_name [-n node_list] [-f] srvctl stop diskgroup -g ASM_FRA_DG srvctl stop diskgroup -g dg1 -n node1,node2 -f srvctl status diskgroup -g diskgroup_name [-n node_list] [-a] srvctl status diskgroup -g dg_data -n node1,node2 -a srvctl enable diskgroup -g diskgroup_name [-n node_list] srvctl enable diskgroup -g diskgroup1 -n node1,node2 srvctl disable diskgroup -g diskgroup_name [-n node_list] srvctl disable diskgroup -g dg_fra -n node1, node2 Home: -------------------------------------------------------------------------------- srvctl start home -o ORACLE_HOME -s state_file [-n node_name] srvctl start home -o /u01/app/oracle/product/11.2.0/db_1 -s ~/state.txt srvctl stop home -o ORACLE_HOME -s state_file [-t stop_options] [-n node_name] [-f] srvctl stop home -o /u01/app/oracle/product/11.2.0/db_1 -s ~/state.txt srvctl status home -o ORACLE_HOME -s state_file [-n node_name] srvctl status home -o /u01/app/oracle/product/11.2.0/db_1 -s ~/state.txt ONS (Oracle Notification Service): -------------------------------------------------------------------------------- srvctl add ons [-l ons-local-port] [-r ons-remote-port] [-t host[:port][,host[:port]...]] [-v] srvctl add ons -l 6200 srvctl remove ons [-f] [-v] srvctl remove ons -f srvctl start ons [-v] srvctl start ons -v srvctl stop ons [-v] srvctl stop ons -v srvctl status ons srvctl enable ons [-v] srvctl enable ons srvctl disable ons [-v] srvctl disable ons srvctl config ons srvctl modify ons [-l ons-local-port] [-r ons-remote-port] [-t host[:port][,host[:port]...]] [-v] srvctl modify ons EONS (E Oracle Notification Service): -------------------------------------------------------------------------------- srvctl add eons [-p portnum] [-m multicast-ip-address] [-e eons-listen-port] [-v] #srvctl add eons -p 2018 srvctl remove eons [-f] [-v] srvctl remove eons -f srvctl start eons [-v] srvctl start eons srvctl stop eons [-f] [-v] srvctl stop eons -f srvctl status eons srvctl enable eons [-v] srvctl enable eons srvctl disable eons [-v] srvctl disable eons srvctl config eons srvctl modify eons [-m multicast_ip_address] [-p multicast_port_number] [-e eons_listen_port] [-v] srvctl modify eons -p 2018 FileSystem: -------------------------------------------------------------------------------- srvctl add filesystem -d volume_device -v volume_name -g diskgroup_name [-m mountpoint_path] [-u user_name] srvctl add filesystem -d /dev/asm/d1volume1 -v VOLUME1 -d RAC_DATA -m /oracle/cluster1/acfs1 srvctl remove filesystem -d volume_device_name [-f] srvctl remove filesystem -d /dev/asm/racvol1 srvctl start filesystem -d volume_device_name [-n node_name] srvctl start filesystem -d /dev/asm/racvol3 srvctl stop filesystem -d volume_device_name [-n node_name] [-f] srvctl stop filesystem -d /dev/asm/racvol1 -f srvctl status filesystem -d volume_device_name srvctl status filesystem -d /dev/asm/racvol2 srvctl enable filesystem -d volume_device_name srvctl enable filesystem -d /dev/asm/racvol9 srvctl disable filesystem -d volume_device_name srvctl disable filesystem -d /dev/asm/racvol1 srvctl config filesystem -d volume_device_path srvctl modify filesystem -d volume_device_name -u user_name srvctl modify filesystem -d /dev/asm/racvol1 -u sysadmin SrvPool (Server Pool): -------------------------------------------------------------------------------- srvctl add srvpool -g server_pool [-i importance] [-l min_size] [-u max_size] [-n node_list] [-f] srvctl add srvpool -g SP1 -i 1 -l 3 -u 7 -n node1,node2 srvctl remove srvpool -g server_pool srvctl remove srvpool -g srvpool1 srvctl status srvpool [-g server_pool] [-a] srvctl status srvpool -g srvpool2 -a srvctl config srvpool [-g server_pool] srvctl config srvpool -g dbpool srvctl modify srvpool -g server_pool [-i importance] [-l min_size] [-u max_size] [-n node_name_list] [-f] srvctl modify srvpool -g srvpool4 -i 0 -l 2 -u 4 -n node3, node4 Server: -------------------------------------------------------------------------------- srvctl status server -n "server_name_list" [-a] srvctl status server -n server11 -a srvctl relocate server -n "server_name_list" -g server_pool_name [-f] srvctl relocate server -n "linux1, linux2" -g sp2 Scan (Single Client Access Name): -------------------------------------------------------------------------------- srvctl add scan -n scan_name [-k network_number] [-S subnet/netmask[/if1[|if2|...]]] #srvctl add scan -n scan.mycluster.example.com srvctl remove scan [-f] srvctl remove scan srvctl remove scan -f srvctl start scan [-i ordinal_number] [-n node_name] srvctl start scan srvctl start scan -i 1 -n node1 srvctl stop scan [-i ordinal_number] [-f] srvctl stop scan srvctl stop scan -i 1 srvctl status scan [-i ordinal_number] srvctl status scan srvctl status scan -i 1 srvctl enable scan [-i ordinal_number] srvctl enable scan srvctl enable scan -i 1 srvctl disable scan [-i ordinal_number] srvctl disable scan srvctl disable scan -i 3 srvctl config scan [-i ordinal_number] srvctl config scan srvctl config scan -i 2 srvctl modify scan -n scan_name srvctl modify scan srvctl modify scan -n scan1 srvctl relocate scan -i ordinal_number [-n node_name] srvctl relocate scan -i 2 -n node2 ordinal_number=1,2,3 Scan_listener: -------------------------------------------------------------------------------- srvctl add scan_listener [-l lsnr_name_prefix] [-s] [-p "[TCP:]port_list[/IPC:key][/NMP:pipe_name][/TCPS:s_port] [/SDP:port]"] #srvctl add scan_listener -l myscanlistener srvctl remove scan_listener [-f] srvctl remove scan_listener srvctl remove scan_listener -f srvctl start scan_listener [-n node_name] [-i ordinal_number] srvctl start scan_listener srvctl start scan_listener -i 1 srvctl stop scan_listener [-i ordinal_number] [-f] srvctl stop scan_listener -i 3 srvctl status scan_listener [-i ordinal_number] srvctl status scan_listener srvctl status scan_listener -i 1 srvctl enable scan_listener [-i ordinal_number] srvctl enable scan_listener srvctl enable scan_listener -i 2 srvctl disable scan_listener [-i ordinal_number] srvctl disable scan_listener srvctl disable scan_listener -i 1 srvctl config scan_listener [-i ordinal_number] srvctl config scan_listener srvctl config scan_listener -i 3 srvctl modify scan_listener {-p [TCP:]port[/IPC:key][/NMP:pipe_name] [/TCPS:s_port][/SDP:port] | -u } srvctl modify scan_listener -u srvctl relocate scan_listener -i ordinal_number [-n node_name] srvctl relocate scan_listener -i 1 ordinal_number=1,2,3 GNS (Grid Naming Service): -------------------------------------------------------------------------------- srvctl add gns -i ip_address -d domain srvctl add gns -i 192.124.16.96 -d cluster.mycompany.com srvctl remove gns [-f] srvctl remove gns srvctl start gns [-l log_level] [-n node_name] srvctl start gns srvctl stop gns [-n node_name [-v] [-f] srvctl stop gns srvctl status gns [-n node_name] srvctl status gns srvctl enable gns [-n node_name] srvctl enable gns srvctl disable gns [-n node_name] srvctl disable gns -n devnode2 srvctl config gns [-a] [-d] [-k] [-m] [-n node_name] [-p] [-s] [-V] [-q name] [-l] [-v] srvctl config gns -n lnx03 srvctl modify gns [-i ip_address] [-d domain] srvctl modify gns -i 192.000.000.007 srvctl relocate gns [-n node_name] srvctl relocate gns -n node2 VIP (Virtual Internet Protocol): -------------------------------------------------------------------------------- srvctl add vip -n node_name -A {name|ip}/netmask[/if1[if2|...]] [-k network_number] [-v] #srvctl add vip -n node96 -A 192.124.16.96/255.255.255.0 -k 2 srvctl remove vip -i "vip_name_list" [-f] [-y] [-v] srvctl remove vip -i "vip1,vip2,vip3" -f -y -v srvctl start vip {-n node_name|-i vip_name} [-v] srvctl start vip -i dev1-vip -v srvctl stop vip {-n node_name|-i vip_name} [-r] [-v] srvctl stop vip -n node1 -v srvctl status vip {-n node_name|-i vip_name} srvctl status vip -i node1-vip srvctl enable vip -i vip_name [-v] srvctl enable vip -i prod-vip -v srvctl disable vip -i vip_name [-v] srvctl disable vip -i vip3 -v srvctl config vip {-n node_name|-i vip_name} srvctl config vip -n devnode2 srvctl getenv vip -i vip_name [-t "name_list"] [-v] srvctl getenv vip -i node1-vip srvctl setenv vip -i vip_name {-t "name=val[,name=val,...]" | -T "name=val"} srvctl setenv vip -i dev1-vip -t LANG=en srvctl unsetenv vip -i vip_name -t "name_list" [-v] srvctl unsetenv vip -i myvip -t CLASSPATH OC4J (Oracle Container for Java): -------------------------------------------------------------------------------- srvctl add oc4j [-v] srvctl add oc4j srvctl remove oc4j [-f] [-v] srvctl remove oc4j srvctl start ocj4 [-v] srvctl start ocj4 -v srvctl stop oc4j [-f] [-v] srvctl stop oc4j -f -v srvctl status oc4j [-n node_name] srvctl status oc4j -n lnx01 srvctl enable oc4j [-n node_name] [-v] srvctl enable oc4j -n dev3 srvctl disable oc4j [-n node_name] [-v] srvctl disable oc4j -n dev1 srvctl config oc4j srvctl modify oc4j -p oc4j_rmi_port [-v] srvctl modify oc4j -p 5385 srvctl relocate oc4j [-n node_name] [-v] srvctl relocate oc4j -n lxn06 -v
Posted by at No comments:

Wednesday, June 18, 2014

Oracle_EBS_Integration_OAM11g_OID11g

http://onlineappsdba.com/ebook/Oracle_EBS_Integration_OAM11g_OID11g_sample_chapter.pdf
Posted by at No comments:

OAM 11g Single Sign-On and OAM 11g Cookies

http://fusionsecurity.blogspot.com/2011/04/oam-11g-single-sign-on-and-oam-11g.html
Posted by at No comments:

How SSO works in OAM 11g

How SSO works in OAM 11g Here at Oracle, the access management PM team gets asked a lot of questions about how Oracle Access Manager 11g works, especially about the overall SSO model, what cookies are created and what they do, and processing flows between components, and how specific component interactions work to achieve authentication and SSO. In this post, we will explore the OAM 11g SSO model. It’s quite a bit different from the OAM 10g model, especially since we now support things like server side credential collection, server-based session management, and application scoped sessions. Before we get started, it’s worth noting that OAM 11g supports the use of both OAM 10g and 11g Webgates as well as mod_osso plug-ins for Oracle HTTP Server (OHS). We support this through what we call the Protocol Compatibility Framework, which lets the OAM server communicate with and interpret protocol messages from the webtier agents mentioned above. This is an extensible framework so has the potential to support other clients or agents in the future. OAM 11g uses a combination of host cookies or domain cookies (depending on the version of Webgate you use), a server cookie, and an in-memory session store (based on Oracle Coherence technology) to maintain and correlate user session information. Since OAM 11g supports different Webgate versions and mod_osso, you will see different cookies depending on the version of Webgate being used, you will either see the ObSSOCookie (for 10g) or OAMAuthnCookie_host:port (for 11g). However in both cases, the contents of the cookies are: Authenticated User Identity (User DN) Authentication Level IP Address SessionID (Reference to Server side session – OAM11g Only) Session Validity (Start Time, Refresh Time) Session InActivity Timeouts (Global Inactivity, Max Inactivity) Validation Hash These cookies are updated periodically using an algorithm of 1/4 of idle session timeout. There are two main differences between the 10g and 11g cookies: The 10g ObSSOCookie is domain scoped and cookie encryption uses a shared key for all 10g Webgates. The 11g OAMAuthnCookie is hosted scoped and different host cookies may be issued for each resource accessed that is protected by a different 11g Webgate. Cookie encryption for each 11g Webgate is unique to that Webgate. The values of the cookies will change over the life of a user's session, however you'll notice that the Session ID that is present is a reference to the server side session object, which remains the same across the life of a session. In the typical deployment topology, you’ll have one or more Webgates deployed on web servers in the Web Tier, a variety of components deployed in the App Tier including an OAM admin server running on the Weblogic domain’s admin server, one or more OAM runtime servers deployed on Weblogic managed servers, a database to support the OAM policies, an LDAP directory against which you will authenticate users, an optional auditing database, and an optional BI Publisher instance for reporting. Using an OAM 11g Webgate in the flow, let’s recap how this works: 1) An OAM 11g Webgate intercepts the incoming request for a resource, determines whether the resource is protected, and – if it is – the OAM 11g server constructs and returns a response back to the Webgate. That response contains the authentication scheme required to authenticate the user. 2) Next the Webgate sets a cookie (called OAM_REQ) to keep track of the target/requested URL and then redirects to the OAM 11g server, which routes the request to the credential collector. The credential collector serves up the login page, which captures credentials and posts the credentials to the OAM server. The credentials are validated against the ID store configured for this particular authentication scheme. Once the credentials are validated, the OAM server creates an authentication token, the session in Coherence, and creates a server side session cookie called the OAM_ID cookie, which has details about the user, the time the session was created, the idle timeout, and session identifier to the coherence session. 3) Then the OAM server constructs a response which is encrypted with the Webgate's key and redirects to the Webgate. The Webgate decrypts the response, extracts the authentication token and the session identifier, and uses that information to set OAMAuthnCookie, which is set as a host cookie: OAMAuthnCookie_. (In this step if you are using an OAM 10g webgate, the response from the server will contain the information required to set ObSSOCookie, if you are using mod_osso, the response will contain the information required to set the OHS host cookie.) 4) When subsequent requests are made from that Webgate, the authentication token is passed by the Webgate to the OAM server, which validates the authentication token, checks the validity of the OAM_ID cookie and session timeout, and does the appropriate authorization checks. As the result of authorization checks, additional attributes may be added to HTTP Headers and passed to downstream applications. This is especially useful when asserting user identity and group or role information to downstream applications such as those running on Oracle WebLogic Server and Oracle Fusion Middleware. 5) When requesting a resource protected by a second Webgate, the request flow will be similar to the above. Webgate2 will check if the resource is protected, and get the authn scheme details from the OAM server. From there WG2 redirects to the OAM server, the OAM server checks the OAM_ID cookie, and then generates a new authentication token for WG2, creates an encrypted response using the key for WG2, and redirects to WG2. WG2 decrypts the response, extracts the authentication token and session identifiers and sets an OAMAuthnCookie as a host cookie for W courtsey : http://oracleaccessmanagement.blogspot.com/2011/03/here-at-oracle-access-management-pm.html
Posted by at 1 comment:
Subscribe to: Posts (Atom)