No X11 DISPLAY variable was set, but this program performed an operation which requires itNo X11 DISPLAY variable was set, but this program performed an operation which requires it

Error,
No X11 DISPLAY variable was set, but this program performed an operation which requires itNo X11 DISPLAY variable was set, but this program performed an operation which requires it

Reason
you are getting this because your Linux or Solaris system dont support graphic images and you are trying to open an image that have graphical representation and you are connected to this server using putty.

Solution
on internet you will search a lot of solution but if you dont want to waste your time, the easiest solution is just install MobaXterm professional version ( version 7 is better , higher version have limitation on how many servers you can save)  and open your server using Mobaxterm instead of using Putty.

windows XP Mode Cisco VPN connect error "vpn establishment capability from a remote desktop is disabled. a vpn connection will not be established"

once you  have installed Cisco VPN at Windows XP Mode and trying to connect and got this error
"vpn establishment capability from a remote desktop is disabled. a vpn connection will not be established"

Solution:
click on Tools
select first option Disable Integration Features
it will ask you username and password(use same username and password that you used when installing Windows XP Mode).

each time you connect to VPN you have to disable it.
 

creating OUD IT Resouce in OIM, configuration lookup value of OUD

IT Resource => trustedOUDITRes
 
   baseContexts   : "dc=orasystems,dc=com"
   Configuration Lookup : Lookup.LDAP.OUD.Configuration.Trusted
   Connector Server Name :
   credentials    : Password
   failover    :
   host     : orasystemsusa.com
   port     : 1389
   principal    : cn=Directory Manager
   ssl      : false
 

OID bulk password update, complete steps for beginners

steps to follow in order to bulk update users password in OID( i have explained these steps for beginner who have to run this task.

1. create a file for all the users using below format

dn: cn=test1,cn=Users,dc=mycompany,dc=com
changetype: modify
replace: userPassword
userPassword: new_password

dn: cn=test2,cn=Users,dc=mycompany,dc=com
changetype: modify
replace: userPassword
userPassword: new_password

dc=mycompany,dc=com( is as per your environment)

things to consider while creating above file.

a) get correct dn from OID. go to OID select any users (users already exists in OID), right click on the users account and get dn, for example if it shows below

cn=scott,cn=Users,dn=mycompany,dn=com

it means you need to get append cn=users,cn=mycompany,cn=com at the end of each record, for example users is test1 that you want to update the password you need to write the command like above i mentioned in step1.

if users dn is

uid=scott,con=users,dn=mycompany,dn=com

than users you will create file like

dn: uid=test1,cn=Users,dc=mycompany,dc=com
changetype: modify
replace: userPassword
userPassword: new_password

dn: uid=test2,cn=Users,dc=mycompany,dc=com
changetype: modify
replace: userPassword
userPassword: new_password

b) there is a space between each record(empty line). if there is no space you will get error

c) make sure userPassword attribute exists in OID(it is default attribute) if it is changed in your environment please make sure to get correct attribute.

d) save file in .csv formate because sometimes extra spaces cause issues while running command

2. load above file at OID server and run following ldapmodify command

$ORACLE_HOME/bin/ldapmodify -h hostName -p port -D “cn=orcladmin” -w password -f usersPassword.ldif  > passwordusers.out

c) Test if user password is updated successfully

$ORACLE_HOME/bin/ldapbind -h [oid_hostName] -p [oid_port] -D “uid=test1,cn=Users,dc=mycompany,dc=com” -w new_Password

You should get message “bind successful”

troubleshooting bind issues with OID, OVD and OTD

LDAP binds can be tested against OID, OVD, and OTD to eliminate possible areas for which authentication errors are occurring. The following commands can be run from the OID box for the respective directories:

* OID: ldapbind -p 3060 -D <RDN of user> -q
* OVD: ldapbind -p 6051 -D <RDN of user> -q
* OTD: ldapbind -h <OTD hostname> -p 7012 -D <RDN of user> -q 

oam 11gR2 Validating Oracle Identity Federation

Validate the configuration of Oracle Identity Federation on IDMHOST1 and IDMHOST2 by accessing the SP metatadata on each host.

On IDMHOST1, access the SP metadata by going to:

http://IDMHOST1.mycompany.com:7499/fed/sp/metadata



On IDMHOST2, access the SP metadata by going to:

http://IDMHOST2.mycompany.com:7499/fed/sp/metadata



If the configuration is correct, you can access the following URL from a web browser:

https://SSO.mycompany.com/fed/sp/metadata



You should see metadata.

OIM 11.1.2.2.0 customization of display message at password screen

I have implemented the requirement where I have to change message that is displayed once user reset their password. current message is "Answer the challenge questions below with the answers you set during registration" I have to change it a message "Answer the challenge questions below with the answers you set during registration only 3 correct answers will let you reset the password"

here is how I implemented this requirement.



1. Create and activate Sandbox.
2. open another browser and enter url like servername:port/identity/faces/forgotpassword
3. Enter customization mode at first page
4. Fill out change password info, but don't submit
5. View source and hide the element
6. Navigate back to home
7. Deactivate and export sandbox
8. Navigate in the zipped sandbox to the file firstlogin.jspx.xml
9. Extract the file and make changes
10. Repackage the file in the archive
11. Import sandbox
12. Publish sandbox

Registering Webgate with RREG utility

registering Webgate thru RREG

Using RREG Tool.

cd /<IAM_HOME>/oam/server/rreg
INPUT :
cd <IAM_HOME>/oam/server/rreg/input
vi OAM11GRequest.xml

<serverAddress>http://servername.com:7001</serverAddress>
<hostIdentifier>RREGHost</hostIdentifier>
<agentName>RREGAgent</agentName>
<agentBaseUrl>http://servername.com:port</agentBaseUrl>

<applicationDomain>RREGDomain</applicationDomain>

COMMAND :
cd <IAM_HOME>/oam/server/rreg/bin

export JAVA_HOME=/u01/jdk1.6.0_35/
export PATH=$JAVA_HOME/bin:$PATH

chmod -R 777 oamreg.sh

./oamreg.sh inband <IAM_HOME>oam/server/rreg/input/OAM11GRequest.xml



OUTPUT :

cd <IAM_HOME>/oam/server/rreg/output/RREG_OAM11GAgent
ls                                                                                        
cwallet.sso  ObAccessClient.xml    

cp -r cwallet.sso ObAccessClient.xml <OHS_HOME>/instances/WebgateRREG/config/OHS/ohs2_EM/webgate/config/  

Verify : restart webserver and verify integratation.

OID 11g how to start OVD without starting all the components

./opmnctl status -l
to see all the port OID is running

./opmnctl stopproc ias-component=ovd1

./opmnctl startproc ias-component=ovd1

export import of OAM 11g policies difference between exportPolicy and exportPartner command

These commands 
exportPolicy(pathTempOAMPolicyFile='/eidm/oracle/policies/oam_policies_292015.xml') 
importPolicy(pathTempOAMPolicyFile='/eidm/oracle/policies/oam_policies_292015.xml') 
These commands do not create webgate profiles in target system. As you know these policy input file do not have the webgate profiles details. 


For export/import of webgates/Partners you can user "exportPartner/importPartner" commands. 


Refer http://docs.oracle.com/cd/E28271_01/core.1111/e10105/testprod.htm#ASADM11693 
Section "Task 5 Move Oracle Access Manager 11g to a New Target Environment" 

OAM 11g R2 PS2 how to manually purge session table if it is not truncated automatically

PS2 have a bug where it will not truncate users session table automatically once user is logged off  and once any users tries to access the application, system will go thru whole table in order to find any active session. that can consume a lot of resources. here is how to truncate this table manually for once and than it needs to be monitor to see if this table is updated automatically or  not.


Shutdown all OAM servers
Back up the table OAM tables EIDM_OAM. OAM_SESSION_ATTRIBUTES, EIDM_OAM. OAM_SESSION  using data pump.

alter table EIDM_OAM.OAM_SESSION_SP_LIST disable constraint OAM_SESSION_SP_LIST_FK1;

alter table EIDM_OAM.OAM_SESSION_ATTRIBUTES disable  constraint OAM_SESSION_ATTRIBUTES_FK1;

TRUNCATE TABLE EIDM_OAM.OAM_SESSION_ATTRIBUTES;
TRUNCATE TABLE EIDM_OAM.OAM_SESSION;

alter table EIDM_OAM.OAM_SESSION_SP_LIST enable constraint OAM_SESSION_SP_LIST_FK1;

alter table EIDM_OAM.OAM_SESSION_ATTRIBUTES enable  constraint OAM_SESSION_ATTRIBUTES_FK1;

Start OAM servers

IPV6 compatibility version with OAM 11g r2

versions 11.1.2.2 (OAM)  11g R2 PS2 and 11.1.1.6 (OHS) are certified with IPv6.

11.1.2.1 (OAM) 11g R2 PS1 does not support IPv6

how to change ODS user running query schedule in OID to improve performance at high availability environment

Database statistics are updated automatically, OIDMON runs oidstats.sql for every configured number of updates to the database. By default, for every 5000 entries added OIDMON runs the oidstats.sql. This frequency can be changed using ldapmodify commad as shown below 

$ORACLE_HOME/bin/ldapmodify -p <oidPort> -h <oidHost> -D cn=orcladmin -w <adminPassword> << eof 
dn: cn=configset,cn=oidmon,cn=subconfigsubentry 
changetype: modify 
replace: orclstatsperiodicity 
orclstatsperiodicity: <desired_number> 




So to ensure that statistics will not be gathered except during a defined period (maintenance windows and the 3am oidstats), you should disable the supplemental oidmon statstics gathering and rely only on the once-daily oidstats database job and the autotask job. This is accomplished with ldapmodify to set the orclstatsperiodicity to 0: 

Example ldif to modify orclstatsperiodicity using ldapmodify: 
- - - 
dn: cn=configset,cn=oidmon,cn=subconfigsubentry 
changetype: modify 
replace: orclstatsperiodicity 
orclstatsperiodicity: 0 

switching off diagnostics data off

if you are seeing your diagnostics are growing very large you can disable them in order to decrease the load on server. WLS server 9.2 and 10.0 have com.bea.wlw.netui.disableInstrumentation is false by default.

here are 2 ways of disabling this setting.

Detailed steps for permanently switching off the diagnostics data collecting are as follows:

1. Shutdown your WebLogic server.
2. Clear the <SERVER`>/data/store/diagnostics directories.
3. 
   
4. Apply the startup parameter, e.g, in setDomainEnv.sh, modify 

1. JAVA_OPTIONS:JAVA_OPTIONS="${JAVA_OPTIONS} -D_Offline_FileDataArchive=true -Dcom.bea.wlw.netui.disableInstrumentation=true -Dweblogic.connector.ConnectionPoolProfilingEnabled=false"export JAVA_OPTIONS
2. 
   
3.  Restart your WebLogic server.

DMS

The Dynamic Monitoring Service is a facility in FMw (JRF to be more precise) that collects runtime data on the components deployed to WebLogic. Each component is responsible for how much or how little they use the service and SOA collects a fair amount of information. To view what is collected on any running server you can use the following URL, http://host:port/dms/Spy and login with admin credentials. 


DMS is essentially always running and collecting this information in the runtime and to protect against loss of this data it also runs automatic backups, by default at the 3 hour interval mentioned above. Most of the management options for DMS are exposed through WLST but these settings are not so we must open the dms_config.xml file which can be found in DOMAIN_HOME/config/fmwconfig/servers/<server_name>/dms_config.xml. 


The contents are fairly short and at the bottom you will find the following entry: 

<dumpConfiguration> 
    <dump intervalSeconds="10800" maxSizeMBytes="75" enabled="true"/> 
</dumpConfiguration> 

The interval of 10800 seconds corresponds to the 3 hours and the maximum size is 75MB. The file is written as an archive to DOMAIN_HOME/servers/<server_name>/logs/metrics. This archive contains the dump in XML format. 


You can disable the dumps all together by simply setting the 'enabled' value to 'false' or of course you could modify the other parameters to suit your needs. Disabling the dumps will NOT impact DMS collections or display at runtime. It will only eliminate these periodic backups.