How to Configure Oracle Identity Manager to use Unicast

As of version 11gR2PS1 (11.1.2.1.0), OIM relies on JGROUPS to implement cache coordination among all it’s cluster nodes.  Out of the box OIM is configured to use Multicast (one to many) for JGroups for cluster messaging.  This could be a showstopper when deploying OIM in datacenter where Multicast is blocked or unsupported, which is the case in many cloud IaaS environments.

OIM 11gR2 PS1 and onwards can be easily configured to use unicast for caching as follows:

 

1. In EM Console (https://host:port/em) expand Identity and Access->OIMright click on oim(11.1.2.0), and select System MBean Browser.  Then expand oracle.iam->Server:oim->Application:oim->XMLConfig->Config->XMLConfig.CacheConfig.  Click on Cache and make sure attribute Clustered is set to true.

 

2. Now, expand  XMLConfig.CacheConfig.XLCacheProvider->XLCacheProvider

 

3.  Add the following JGroups configuration to the attribute MulticastConfig:

TCP(bind_port=7800;loopback=true):TCPPING(timeout=3000;initial_hosts=OIMHostA.demo.com[7800],OIMHostB.demo.com[7800];port_range=5;num_initial_members=2):pbcast.NAKACK(use_mcast_xmit=false;gc_lag=20;retransmit_timeout=1000):pbcast.GMS(print_local_addr=true;join_timeout=3000)

Verifying the values for the following configurations:

bind_port: TCP Port for binding.  The default is 7800, but any other available port is allowed.  The attribute port_range tells it to try 5 subsequent ports in case the initial is in use.  For example it would try 7008 up to 7012.

initial_hosts:  List of hostnames or IP Address for all OIM nodes in the cluster.  The example shows two nodes OIMHostA and OIMHostB, replace with respective hostname or IP Address.  In case of more nodes, just add the extra node(s)+port and modify num_initial_members to the number of oim nodes.  Example with 3 nodes:

TCP(bind_port=7800;loopback=true):TCPPING(timeout=3000;initial_hosts=OIMHostA.demo.com[7800],OIMHostB.demo.com[7800],OIMHostC.demo.com[7800];port_range=5;num_initial_members=3):pbcast.NAKACK(use_mcast_xmit=false;gc_lag=20;retransmit_timeout=1000):pbcast.GMS(print_local_addr=true;join_timeout=3000)

More detail on configuration parameters can be found here.

 

4. Click Apply and restart all OIM Managed Servers.

5. Verify that the listener was successfully started by finding entries similar to the following on each node’s <oim_server>.out log file:

INFO: Starting a new JavaGroups broadcasting listener with properties=TCP(bind_port=7800;loopback=true):TCPPING(timeout=3000;initial_hosts=oimhostA.demo.com[7800],oimhostB.demo.com[7800];port_range=5;num_initial_members=2):pbcast.NAKACK(use_mcast_xmit=false;gc_lag=20;retransmit_timeout=1000):pbcast.GMS(print_local_addr=true;join_timeout=3000)
INFO: JGroups version: 2.7.0.GA
———————————————————
GMS: address is 192.168.56.101:7800 (cluster=OSCacheBus)
———————————————————
INFO: JavaGroups clustering support started successfully

 

6. The following is an example of an error message when there’s a problem with a property value (ie. hostname can’t be resolved):

SEVERE: Could not initialize listener ‘com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener’. Listener ignored.
com.opensymphony.oscache.base.InitializationException: Initialization failed: org.jgroups.ChannelException: failed to start protocol stack
at com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener.initialize(JavaGroupsBroadcastingListener.java:119)
at com.opensymphony.oscache.base.AbstractCacheAdministrator.configureStandardListeners(AbstractCacheAdministrator.java:328)
at com.opensymphony.oscache.general.GeneralCacheAdministrator.createCache(GeneralCacheAdministrator.java:305)
at com.opensymphony.oscache.general.GeneralCacheAdministrator.<init>(GeneralCacheAdministrator.java:99)
at oracle.iam.platform.utils.cache.OSCacheProvider.initialize(OSCacheProvider.java:197)
at oracle.iam.platform.utils.cache.CacheFactory.getCacheProvider(CacheFactory.java:72)
at oracle.iam.platform.utils.cache.Cache.<init>(Cache.java:154)
at oracle.iam.platform.utils.cache.Cache.<clinit>(Cache.java:190)

 

7. You can also verify if cache coordination is working by directly connecting to sysadmin console in one oim host (bypassing the LB), modifying a system property value, and then seeing the new value when directly connecting to another oim host sysadmin console.  This is illustrated in Support’s Doc ID 2387392.1.

 

Add Your Comment